From d98f7e048a396e24ae64ddd378bc54773464aaaa Mon Sep 17 00:00:00 2001 From: henning Date: Tue, 22 Apr 2014 14:47:23 +0000 Subject: [PATCH] this commit is really florian@'s, since he's the one who made removal of our forked apache possible by his work on nginx and slowcgi, but he doesn't want it - so it is my pleasure to tedu it. I spent so much work on chroot in it 10 years ago - and am very happy to see it go now, nginx is a far better choice today. Bye bye, Apache, won't miss you. --- usr.sbin/httpd/ABOUT_APACHE | 275 - usr.sbin/httpd/Announcement | 108 - usr.sbin/httpd/CHANGES | 128 - usr.sbin/httpd/INSTALL | 547 - usr.sbin/httpd/INSTALL.SSL | 561 - usr.sbin/httpd/LICENSE | 58 - usr.sbin/httpd/LICENSE.SSL | 69 - usr.sbin/httpd/Makefile.bsd-wrapper | 787 -- usr.sbin/httpd/Makefile.tmpl | 801 -- usr.sbin/httpd/README | 64 - usr.sbin/httpd/README.IPv6 | 128 - usr.sbin/httpd/README.SSL | 148 - usr.sbin/httpd/README.configure | 288 - usr.sbin/httpd/cgi-bin/printenv | 13 - usr.sbin/httpd/cgi-bin/test-cgi | 31 - usr.sbin/httpd/conf/httpd.conf | 1121 -- usr.sbin/httpd/conf/httpd.conf-dist | 1204 --- usr.sbin/httpd/conf/magic | 382 - usr.sbin/httpd/conf/mime.types | 616 -- usr.sbin/httpd/conf/ssl.crl/Makefile | 54 - usr.sbin/httpd/conf/ssl.crl/README.CRL | 11 - usr.sbin/httpd/conf/ssl.crt/Makefile | 53 - usr.sbin/httpd/conf/ssl.crt/README.CRT | 33 - usr.sbin/httpd/conf/ssl.crt/ca-bundle.crt | 4445 -------- usr.sbin/httpd/conf/ssl.crt/server.crt | 11 - .../httpd/conf/ssl.crt/snakeoil-ca-dsa.crt | 24 - .../httpd/conf/ssl.crt/snakeoil-ca-rsa.crt | 20 - usr.sbin/httpd/conf/ssl.crt/snakeoil-dsa.crt | 24 - usr.sbin/httpd/conf/ssl.crt/snakeoil-rsa.crt | 20 - usr.sbin/httpd/conf/ssl.csr/README.CSR | 23 - usr.sbin/httpd/conf/ssl.csr/server.csr | 1 - usr.sbin/httpd/conf/ssl.key/README.KEY | 28 - usr.sbin/httpd/conf/ssl.key/server.key | 15 - .../httpd/conf/ssl.key/snakeoil-ca-dsa.key | 12 - .../httpd/conf/ssl.key/snakeoil-ca-rsa.key | 15 - usr.sbin/httpd/conf/ssl.key/snakeoil-dsa.key | 12 - usr.sbin/httpd/conf/ssl.key/snakeoil-rsa.key | 15 - usr.sbin/httpd/conf/ssl.prm/README.PRM | 18 - .../httpd/conf/ssl.prm/snakeoil-ca-dsa.prm | 9 - usr.sbin/httpd/conf/ssl.prm/snakeoil-dsa.prm | 9 - usr.sbin/httpd/config.layout | 306 - usr.sbin/httpd/configure | 1637 --- usr.sbin/httpd/htdocs/apache_pb.gif | Bin 2326 -> 0 bytes usr.sbin/httpd/htdocs/blowfish.jpg | Bin 41318 -> 0 bytes usr.sbin/httpd/htdocs/bsd_small.gif | Bin 4090 -> 0 bytes usr.sbin/httpd/htdocs/index.html | 66 - usr.sbin/httpd/htdocs/lock.gif | Bin 5417 -> 0 bytes usr.sbin/httpd/htdocs/logo23.jpg | Bin 46246 -> 0 bytes usr.sbin/httpd/htdocs/logo24.jpg | Bin 35570 -> 0 bytes usr.sbin/httpd/htdocs/manual/LICENSE | 58 - usr.sbin/httpd/htdocs/manual/TODO | 4 - usr.sbin/httpd/htdocs/manual/bind.html | 144 - usr.sbin/httpd/htdocs/manual/configuring.html | 265 - .../htdocs/manual/content-negotiation.html | 678 -- .../httpd/htdocs/manual/custom-error.html | 196 - usr.sbin/httpd/htdocs/manual/dns-caveats.html | 231 - usr.sbin/httpd/htdocs/manual/dso.html | 523 - usr.sbin/httpd/htdocs/manual/env.html | 361 - usr.sbin/httpd/htdocs/manual/handler.html | 179 - usr.sbin/httpd/htdocs/manual/howto/auth.html | 1197 --- usr.sbin/httpd/htdocs/manual/howto/cgi.html | 567 - .../httpd/htdocs/manual/howto/htaccess.html | 422 - usr.sbin/httpd/htdocs/manual/howto/ssi.html | 558 - .../htdocs/manual/images/apache_header.gif | Bin 4084 -> 0 bytes .../httpd/htdocs/manual/images/apache_pb.gif | Bin 1806 -> 0 bytes .../htdocs/manual/images/custom_errordocs.gif | Bin 23291 -> 0 bytes .../httpd/htdocs/manual/images/feather.jpg | Bin 7108 -> 0 bytes usr.sbin/httpd/htdocs/manual/images/home.gif | Bin 1465 -> 0 bytes usr.sbin/httpd/htdocs/manual/images/index.gif | Bin 1540 -> 0 bytes .../htdocs/manual/images/mod_rewrite_fig1.fig | 60 - .../htdocs/manual/images/mod_rewrite_fig1.gif | Bin 3525 -> 0 bytes .../htdocs/manual/images/mod_rewrite_fig2.fig | 50 - .../htdocs/manual/images/mod_rewrite_fig2.gif | Bin 2553 -> 0 bytes .../httpd/htdocs/manual/images/mod_ssl_sb.gif | Bin 2007 -> 0 bytes .../htdocs/manual/images/openssl_ics.gif | Bin 2063 -> 0 bytes usr.sbin/httpd/htdocs/manual/images/pixel.gif | Bin 61 -> 0 bytes usr.sbin/httpd/htdocs/manual/images/sub.gif | Bin 6083 -> 0 bytes usr.sbin/httpd/htdocs/manual/index.html | 289 - usr.sbin/httpd/htdocs/manual/invoking.html | 148 - usr.sbin/httpd/htdocs/manual/ipv6.html | 231 - usr.sbin/httpd/htdocs/manual/keepalive.html | 107 - usr.sbin/httpd/htdocs/manual/location.html | 75 - usr.sbin/httpd/htdocs/manual/logs.html | 660 -- usr.sbin/httpd/htdocs/manual/misc/API.html | 1253 --- usr.sbin/httpd/htdocs/manual/misc/FAQ.html | 3953 ------- .../htdocs/manual/misc/custom_errordocs.html | 493 - .../httpd/htdocs/manual/misc/descriptors.html | 218 - .../httpd/htdocs/manual/misc/fin_wait_2.html | 398 - usr.sbin/httpd/htdocs/manual/misc/howto.html | 239 - usr.sbin/httpd/htdocs/manual/misc/index.html | 104 - .../manual/misc/known_client_problems.html | 356 - .../httpd/htdocs/manual/misc/perf-bsd44.html | 281 - .../httpd/htdocs/manual/misc/perf-tuning.html | 1066 -- usr.sbin/httpd/htdocs/manual/misc/perf.html | 150 - .../htdocs/manual/misc/rewriteguide.html | 2342 ----- .../htdocs/manual/misc/security_tips.html | 312 - .../httpd/htdocs/manual/misc/tutorials.html | 178 - usr.sbin/httpd/htdocs/manual/mod/core.html | 4223 -------- .../htdocs/manual/mod/directive-dict.html | 318 - .../httpd/htdocs/manual/mod/directives.html | 597 -- .../httpd/htdocs/manual/mod/index-bytype.html | 276 - usr.sbin/httpd/htdocs/manual/mod/index.html | 230 - .../httpd/htdocs/manual/mod/mod_access.html | 354 - .../httpd/htdocs/manual/mod/mod_actions.html | 167 - .../httpd/htdocs/manual/mod/mod_alias.html | 399 - .../httpd/htdocs/manual/mod/mod_asis.html | 107 - .../httpd/htdocs/manual/mod/mod_auth.html | 326 - .../htdocs/manual/mod/mod_auth_anon.html | 296 - .../httpd/htdocs/manual/mod/mod_auth_db.html | 248 - .../httpd/htdocs/manual/mod/mod_auth_dbm.html | 235 - .../htdocs/manual/mod/mod_auth_digest.html | 406 - .../htdocs/manual/mod/mod_auth_msql.html | 488 - .../htdocs/manual/mod/mod_autoindex.html | 959 -- .../htdocs/manual/mod/mod_cern_meta.html | 148 - usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html | 232 - .../httpd/htdocs/manual/mod/mod_define.html | 140 - .../httpd/htdocs/manual/mod/mod_digest.html | 111 - usr.sbin/httpd/htdocs/manual/mod/mod_dir.html | 129 - usr.sbin/httpd/htdocs/manual/mod/mod_env.html | 146 - .../httpd/htdocs/manual/mod/mod_expires.html | 264 - .../httpd/htdocs/manual/mod/mod_headers.html | 204 - .../httpd/htdocs/manual/mod/mod_imap.html | 373 - .../httpd/htdocs/manual/mod/mod_include.html | 603 -- .../httpd/htdocs/manual/mod/mod_info.html | 125 - .../htdocs/manual/mod/mod_log_agent.html | 116 - .../htdocs/manual/mod/mod_log_common.html | 154 - .../htdocs/manual/mod/mod_log_config.html | 420 - .../htdocs/manual/mod/mod_log_referer.html | 148 - .../httpd/htdocs/manual/mod/mod_mime.html | 691 -- .../htdocs/manual/mod/mod_mime_magic.html | 326 - .../htdocs/manual/mod/mod_mmap_static.html | 139 - .../htdocs/manual/mod/mod_negotiation.html | 234 - .../httpd/htdocs/manual/mod/mod_proxy.html | 1338 --- .../httpd/htdocs/manual/mod/mod_rewrite.html | 2107 ---- .../httpd/htdocs/manual/mod/mod_setenvif.html | 341 - usr.sbin/httpd/htdocs/manual/mod/mod_so.html | 205 - .../httpd/htdocs/manual/mod/mod_speling.html | 137 - .../htdocs/manual/mod/mod_ssl/index.html | 223 - .../mod/mod_ssl/ssl_compat.gfont000.gif | Bin 170 -> 0 bytes .../htdocs/manual/mod/mod_ssl/ssl_compat.html | 551 - .../manual/mod/mod_ssl/ssl_cover_logo.jpg | Bin 20724 -> 0 bytes .../manual/mod/mod_ssl/ssl_cover_title.jpg | Bin 6055 -> 0 bytes .../manual/mod/mod_ssl/ssl_faq.gfont000.gif | Bin 148 -> 0 bytes .../htdocs/manual/mod/mod_ssl/ssl_faq.html | 1643 --- .../manual/mod/mod_ssl/ssl_glossary.html | 413 - .../manual/mod/mod_ssl/ssl_howto.gfont000.gif | Bin 170 -> 0 bytes .../htdocs/manual/mod/mod_ssl/ssl_howto.html | 929 -- .../manual/mod/mod_ssl/ssl_intro.gfont000.gif | Bin 156 -> 0 bytes .../htdocs/manual/mod/mod_ssl/ssl_intro.html | 919 -- .../manual/mod/mod_ssl/ssl_intro_fig1.gif | Bin 5738 -> 0 bytes .../manual/mod/mod_ssl/ssl_intro_fig2.gif | Bin 2700 -> 0 bytes .../manual/mod/mod_ssl/ssl_intro_fig3.gif | Bin 4020 -> 0 bytes .../mod/mod_ssl/ssl_overview.gfont000.gif | Bin 148 -> 0 bytes .../manual/mod/mod_ssl/ssl_overview.html | 476 - .../manual/mod/mod_ssl/ssl_overview_fig1.gif | Bin 7782 -> 0 bytes .../mod/mod_ssl/ssl_reference.gfont000.gif | Bin 148 -> 0 bytes .../manual/mod/mod_ssl/ssl_reference.html | 2655 ----- .../mod/mod_ssl/ssl_template.head-chapter.gif | Bin 1094 -> 0 bytes .../mod/mod_ssl/ssl_template.head-num-1.gif | Bin 366 -> 0 bytes .../mod/mod_ssl/ssl_template.head-num-2.gif | Bin 580 -> 0 bytes .../mod/mod_ssl/ssl_template.head-num-3.gif | Bin 610 -> 0 bytes .../mod/mod_ssl/ssl_template.head-num-4.gif | Bin 507 -> 0 bytes .../mod/mod_ssl/ssl_template.head-num-5.gif | Bin 592 -> 0 bytes .../mod/mod_ssl/ssl_template.head-num-6.gif | Bin 627 -> 0 bytes .../mod/mod_ssl/ssl_template.head-num-7.gif | Bin 483 -> 0 bytes .../ssl_template.imgdot-1x1-000000.gif | Bin 35 -> 0 bytes .../ssl_template.imgdot-1x1-transp.gif | Bin 43 -> 0 bytes .../mod_ssl/ssl_template.navbut-next-n.gif | Bin 303 -> 0 bytes .../mod_ssl/ssl_template.navbut-next-s.gif | Bin 330 -> 0 bytes .../mod_ssl/ssl_template.navbut-prev-n.gif | Bin 306 -> 0 bytes .../mod_ssl/ssl_template.navbut-prev-s.gif | Bin 331 -> 0 bytes .../mod_ssl/ssl_template.title-abstract.gif | Bin 1419 -> 0 bytes .../mod/mod_ssl/ssl_template.title-compat.gif | Bin 2014 -> 0 bytes .../mod/mod_ssl/ssl_template.title-faq.gif | Bin 1393 -> 0 bytes .../mod/mod_ssl/ssl_template.title-gloss.gif | Bin 1445 -> 0 bytes .../mod/mod_ssl/ssl_template.title-howto.gif | Bin 1192 -> 0 bytes .../mod/mod_ssl/ssl_template.title-intro.gif | Bin 1769 -> 0 bytes .../mod/mod_ssl/ssl_template.title-over.gif | Bin 1473 -> 0 bytes .../mod_ssl/ssl_template.title-preface.gif | Bin 1123 -> 0 bytes .../mod/mod_ssl/ssl_template.title-ref.gif | Bin 1539 -> 0 bytes .../mod/mod_ssl/ssl_template.title-toc.gif | Bin 2274 -> 0 bytes .../mod/mod_ssl/ssl_template.title-tutor.gif | Bin 1256 -> 0 bytes .../httpd/htdocs/manual/mod/mod_status.html | 168 - .../htdocs/manual/mod/mod_unique_id.html | 220 - .../httpd/htdocs/manual/mod/mod_userdir.html | 154 - .../htdocs/manual/mod/mod_usertrack.html | 306 - .../htdocs/manual/mod/mod_vhost_alias.html | 335 - .../httpd/htdocs/manual/mod/module-dict.html | 129 - usr.sbin/httpd/htdocs/manual/multilogs.html | 123 - .../httpd/htdocs/manual/process-model.html | 81 - usr.sbin/httpd/htdocs/manual/programs/ab.html | 158 - .../htdocs/manual/programs/apachectl.html | 110 - .../httpd/htdocs/manual/programs/apxs.html | 291 - .../htdocs/manual/programs/dbmmanage.html | 126 - .../htdocs/manual/programs/htdigest.html | 74 - .../htdocs/manual/programs/htpasswd.html | 189 - .../httpd/htdocs/manual/programs/httpd.html | 145 - .../httpd/htdocs/manual/programs/index.html | 86 - .../htdocs/manual/programs/logresolve.html | 59 - .../httpd/htdocs/manual/programs/other.html | 57 - .../htdocs/manual/programs/rotatelogs.html | 65 - .../httpd/htdocs/manual/programs/suexec.html | 56 - usr.sbin/httpd/htdocs/manual/sections.html | 169 - usr.sbin/httpd/htdocs/manual/server-wide.html | 293 - usr.sbin/httpd/htdocs/manual/sitemap.html | 161 - usr.sbin/httpd/htdocs/manual/stopping.html | 207 - usr.sbin/httpd/htdocs/manual/suexec.html | 613 -- usr.sbin/httpd/htdocs/manual/urlmapping.html | 307 - .../httpd/htdocs/manual/vhosts/details.html | 407 - .../httpd/htdocs/manual/vhosts/examples.html | 706 -- .../httpd/htdocs/manual/vhosts/fd-limits.html | 87 - usr.sbin/httpd/htdocs/manual/vhosts/host.html | 183 - .../httpd/htdocs/manual/vhosts/index.html | 98 - .../httpd/htdocs/manual/vhosts/ip-based.html | 149 - usr.sbin/httpd/htdocs/manual/vhosts/mass.html | 452 - .../htdocs/manual/vhosts/name-based.html | 254 - .../htdocs/manual/vhosts/vhosts-in-depth.html | 396 - .../htdocs/manual/vhosts/virtual-host.html | 253 - usr.sbin/httpd/htdocs/mod_ssl_sb.gif | Bin 2007 -> 0 bytes usr.sbin/httpd/htdocs/openbsd_pb.gif | Bin 3361 -> 0 bytes usr.sbin/httpd/htdocs/openbsdpower.gif | Bin 3334 -> 0 bytes usr.sbin/httpd/htdocs/openssl_ics.gif | Bin 2063 -> 0 bytes usr.sbin/httpd/htdocs/smalltitle.gif | Bin 2220 -> 0 bytes usr.sbin/httpd/httpd.8 | 306 - usr.sbin/httpd/icons/README | 158 - usr.sbin/httpd/icons/a.gif | Bin 246 -> 0 bytes usr.sbin/httpd/icons/a.png | Bin 293 -> 0 bytes usr.sbin/httpd/icons/alert.black.gif | Bin 242 -> 0 bytes usr.sbin/httpd/icons/alert.black.png | Bin 279 -> 0 bytes usr.sbin/httpd/icons/alert.red.gif | Bin 247 -> 0 bytes usr.sbin/httpd/icons/alert.red.png | Bin 298 -> 0 bytes usr.sbin/httpd/icons/apache_pb.gif | Bin 2326 -> 0 bytes usr.sbin/httpd/icons/apache_pb.png | Bin 1385 -> 0 bytes usr.sbin/httpd/icons/back.gif | Bin 216 -> 0 bytes usr.sbin/httpd/icons/back.png | Bin 284 -> 0 bytes usr.sbin/httpd/icons/ball.gray.gif | Bin 233 -> 0 bytes usr.sbin/httpd/icons/ball.gray.png | Bin 277 -> 0 bytes usr.sbin/httpd/icons/ball.red.gif | Bin 205 -> 0 bytes usr.sbin/httpd/icons/ball.red.png | Bin 265 -> 0 bytes usr.sbin/httpd/icons/binary.gif | Bin 246 -> 0 bytes usr.sbin/httpd/icons/binary.png | Bin 296 -> 0 bytes usr.sbin/httpd/icons/binhex.gif | Bin 246 -> 0 bytes usr.sbin/httpd/icons/binhex.png | Bin 304 -> 0 bytes usr.sbin/httpd/icons/blank.gif | Bin 148 -> 0 bytes usr.sbin/httpd/icons/blank.png | Bin 195 -> 0 bytes usr.sbin/httpd/icons/bomb.gif | Bin 308 -> 0 bytes usr.sbin/httpd/icons/bomb.png | Bin 356 -> 0 bytes usr.sbin/httpd/icons/box1.gif | Bin 251 -> 0 bytes usr.sbin/httpd/icons/box1.png | Bin 308 -> 0 bytes usr.sbin/httpd/icons/box2.gif | Bin 268 -> 0 bytes usr.sbin/httpd/icons/box2.png | Bin 322 -> 0 bytes usr.sbin/httpd/icons/broken.gif | Bin 247 -> 0 bytes usr.sbin/httpd/icons/broken.png | Bin 305 -> 0 bytes usr.sbin/httpd/icons/burst.gif | Bin 235 -> 0 bytes usr.sbin/httpd/icons/burst.png | Bin 314 -> 0 bytes usr.sbin/httpd/icons/c.gif | Bin 242 -> 0 bytes usr.sbin/httpd/icons/c.png | Bin 285 -> 0 bytes usr.sbin/httpd/icons/comp.blue.gif | Bin 251 -> 0 bytes usr.sbin/httpd/icons/comp.blue.png | Bin 313 -> 0 bytes usr.sbin/httpd/icons/comp.gray.gif | Bin 246 -> 0 bytes usr.sbin/httpd/icons/comp.gray.png | Bin 304 -> 0 bytes usr.sbin/httpd/icons/compressed.gif | Bin 1038 -> 0 bytes usr.sbin/httpd/icons/compressed.png | Bin 315 -> 0 bytes usr.sbin/httpd/icons/continued.gif | Bin 214 -> 0 bytes usr.sbin/httpd/icons/continued.png | Bin 272 -> 0 bytes usr.sbin/httpd/icons/dir.gif | Bin 225 -> 0 bytes usr.sbin/httpd/icons/dir.png | Bin 272 -> 0 bytes usr.sbin/httpd/icons/diskimg.gif | Bin 167 -> 0 bytes usr.sbin/httpd/icons/diskimg.png | Bin 202 -> 0 bytes usr.sbin/httpd/icons/down.gif | Bin 163 -> 0 bytes usr.sbin/httpd/icons/down.png | Bin 232 -> 0 bytes usr.sbin/httpd/icons/dvi.gif | Bin 238 -> 0 bytes usr.sbin/httpd/icons/dvi.png | Bin 290 -> 0 bytes usr.sbin/httpd/icons/f.gif | Bin 236 -> 0 bytes usr.sbin/httpd/icons/f.png | Bin 282 -> 0 bytes usr.sbin/httpd/icons/folder.gif | Bin 225 -> 0 bytes usr.sbin/httpd/icons/folder.open.gif | Bin 242 -> 0 bytes usr.sbin/httpd/icons/folder.open.png | Bin 305 -> 0 bytes usr.sbin/httpd/icons/folder.png | Bin 272 -> 0 bytes usr.sbin/httpd/icons/folder.sec.gif | Bin 243 -> 0 bytes usr.sbin/httpd/icons/folder.sec.png | Bin 290 -> 0 bytes usr.sbin/httpd/icons/forward.gif | Bin 219 -> 0 bytes usr.sbin/httpd/icons/forward.png | Bin 284 -> 0 bytes usr.sbin/httpd/icons/generic.gif | Bin 221 -> 0 bytes usr.sbin/httpd/icons/generic.png | Bin 260 -> 0 bytes usr.sbin/httpd/icons/generic.red.gif | Bin 220 -> 0 bytes usr.sbin/httpd/icons/generic.red.png | Bin 262 -> 0 bytes usr.sbin/httpd/icons/generic.sec.gif | Bin 249 -> 0 bytes usr.sbin/httpd/icons/generic.sec.png | Bin 279 -> 0 bytes usr.sbin/httpd/icons/hand.right.gif | Bin 217 -> 0 bytes usr.sbin/httpd/icons/hand.right.png | Bin 280 -> 0 bytes usr.sbin/httpd/icons/hand.up.gif | Bin 223 -> 0 bytes usr.sbin/httpd/icons/hand.up.png | Bin 280 -> 0 bytes usr.sbin/httpd/icons/icon.sheet.gif | Bin 11977 -> 0 bytes usr.sbin/httpd/icons/icon.sheet.png | Bin 8898 -> 0 bytes usr.sbin/httpd/icons/image1.gif | Bin 274 -> 0 bytes usr.sbin/httpd/icons/image1.png | Bin 307 -> 0 bytes usr.sbin/httpd/icons/image2.gif | Bin 309 -> 0 bytes usr.sbin/httpd/icons/image2.png | Bin 355 -> 0 bytes usr.sbin/httpd/icons/image3.gif | Bin 286 -> 0 bytes usr.sbin/httpd/icons/image3.png | Bin 323 -> 0 bytes usr.sbin/httpd/icons/index.gif | Bin 268 -> 0 bytes usr.sbin/httpd/icons/index.png | Bin 316 -> 0 bytes usr.sbin/httpd/icons/layout.gif | Bin 276 -> 0 bytes usr.sbin/httpd/icons/layout.png | Bin 306 -> 0 bytes usr.sbin/httpd/icons/left.gif | Bin 172 -> 0 bytes usr.sbin/httpd/icons/left.png | Bin 235 -> 0 bytes usr.sbin/httpd/icons/link.gif | Bin 249 -> 0 bytes usr.sbin/httpd/icons/link.png | Bin 297 -> 0 bytes usr.sbin/httpd/icons/movie.gif | Bin 243 -> 0 bytes usr.sbin/httpd/icons/movie.png | Bin 258 -> 0 bytes usr.sbin/httpd/icons/p.gif | Bin 237 -> 0 bytes usr.sbin/httpd/icons/p.png | Bin 284 -> 0 bytes usr.sbin/httpd/icons/patch.gif | Bin 251 -> 0 bytes usr.sbin/httpd/icons/patch.png | Bin 295 -> 0 bytes usr.sbin/httpd/icons/pdf.gif | Bin 249 -> 0 bytes usr.sbin/httpd/icons/pdf.png | Bin 289 -> 0 bytes usr.sbin/httpd/icons/pie0.gif | Bin 188 -> 0 bytes usr.sbin/httpd/icons/pie0.png | Bin 242 -> 0 bytes usr.sbin/httpd/icons/pie1.gif | Bin 198 -> 0 bytes usr.sbin/httpd/icons/pie1.png | Bin 261 -> 0 bytes usr.sbin/httpd/icons/pie2.gif | Bin 198 -> 0 bytes usr.sbin/httpd/icons/pie2.png | Bin 253 -> 0 bytes usr.sbin/httpd/icons/pie3.gif | Bin 191 -> 0 bytes usr.sbin/httpd/icons/pie3.png | Bin 256 -> 0 bytes usr.sbin/httpd/icons/pie4.gif | Bin 193 -> 0 bytes usr.sbin/httpd/icons/pie4.png | Bin 239 -> 0 bytes usr.sbin/httpd/icons/pie5.gif | Bin 189 -> 0 bytes usr.sbin/httpd/icons/pie5.png | Bin 258 -> 0 bytes usr.sbin/httpd/icons/pie6.gif | Bin 186 -> 0 bytes usr.sbin/httpd/icons/pie6.png | Bin 253 -> 0 bytes usr.sbin/httpd/icons/pie7.gif | Bin 185 -> 0 bytes usr.sbin/httpd/icons/pie7.png | Bin 258 -> 0 bytes usr.sbin/httpd/icons/pie8.gif | Bin 173 -> 0 bytes usr.sbin/httpd/icons/pie8.png | Bin 233 -> 0 bytes usr.sbin/httpd/icons/portal.gif | Bin 254 -> 0 bytes usr.sbin/httpd/icons/portal.png | Bin 303 -> 0 bytes usr.sbin/httpd/icons/ps.gif | Bin 244 -> 0 bytes usr.sbin/httpd/icons/ps.png | Bin 287 -> 0 bytes usr.sbin/httpd/icons/quill.gif | Bin 267 -> 0 bytes usr.sbin/httpd/icons/quill.png | Bin 315 -> 0 bytes usr.sbin/httpd/icons/right.gif | Bin 172 -> 0 bytes usr.sbin/httpd/icons/right.png | Bin 233 -> 0 bytes usr.sbin/httpd/icons/screw1.gif | Bin 258 -> 0 bytes usr.sbin/httpd/icons/screw1.png | Bin 312 -> 0 bytes usr.sbin/httpd/icons/screw2.gif | Bin 263 -> 0 bytes usr.sbin/httpd/icons/screw2.png | Bin 318 -> 0 bytes usr.sbin/httpd/icons/script.gif | Bin 242 -> 0 bytes usr.sbin/httpd/icons/script.png | Bin 275 -> 0 bytes usr.sbin/httpd/icons/small/README.txt | 6 - usr.sbin/httpd/icons/small/back.gif | Bin 129 -> 0 bytes usr.sbin/httpd/icons/small/back.png | Bin 238 -> 0 bytes usr.sbin/httpd/icons/small/binary.gif | Bin 134 -> 0 bytes usr.sbin/httpd/icons/small/binary.png | Bin 242 -> 0 bytes usr.sbin/httpd/icons/small/binhex.gif | Bin 131 -> 0 bytes usr.sbin/httpd/icons/small/binhex.png | Bin 248 -> 0 bytes usr.sbin/httpd/icons/small/blank.gif | Bin 55 -> 0 bytes usr.sbin/httpd/icons/small/blank.png | Bin 90 -> 0 bytes usr.sbin/httpd/icons/small/broken.gif | Bin 139 -> 0 bytes usr.sbin/httpd/icons/small/broken.png | Bin 254 -> 0 bytes usr.sbin/httpd/icons/small/burst.gif | Bin 128 -> 0 bytes usr.sbin/httpd/icons/small/burst.png | Bin 194 -> 0 bytes usr.sbin/httpd/icons/small/comp1.gif | Bin 130 -> 0 bytes usr.sbin/httpd/icons/small/comp1.png | Bin 197 -> 0 bytes usr.sbin/httpd/icons/small/comp2.gif | Bin 131 -> 0 bytes usr.sbin/httpd/icons/small/comp2.png | Bin 194 -> 0 bytes usr.sbin/httpd/icons/small/compressed.gif | Bin 128 -> 0 bytes usr.sbin/httpd/icons/small/compressed.png | Bin 189 -> 0 bytes usr.sbin/httpd/icons/small/continued.gif | Bin 114 -> 0 bytes usr.sbin/httpd/icons/small/continued.png | Bin 214 -> 0 bytes usr.sbin/httpd/icons/small/dir.gif | Bin 132 -> 0 bytes usr.sbin/httpd/icons/small/dir.png | Bin 175 -> 0 bytes usr.sbin/httpd/icons/small/dir2.gif | Bin 122 -> 0 bytes usr.sbin/httpd/icons/small/dir2.png | Bin 161 -> 0 bytes usr.sbin/httpd/icons/small/doc.gif | Bin 191 -> 0 bytes usr.sbin/httpd/icons/small/doc.png | Bin 269 -> 0 bytes usr.sbin/httpd/icons/small/forward.gif | Bin 125 -> 0 bytes usr.sbin/httpd/icons/small/forward.png | Bin 244 -> 0 bytes usr.sbin/httpd/icons/small/generic.gif | Bin 116 -> 0 bytes usr.sbin/httpd/icons/small/generic.png | Bin 182 -> 0 bytes usr.sbin/httpd/icons/small/generic2.gif | Bin 127 -> 0 bytes usr.sbin/httpd/icons/small/generic2.png | Bin 158 -> 0 bytes usr.sbin/httpd/icons/small/generic3.gif | Bin 113 -> 0 bytes usr.sbin/httpd/icons/small/generic3.png | Bin 147 -> 0 bytes usr.sbin/httpd/icons/small/image.gif | Bin 126 -> 0 bytes usr.sbin/httpd/icons/small/image.png | Bin 178 -> 0 bytes usr.sbin/httpd/icons/small/image2.gif | Bin 138 -> 0 bytes usr.sbin/httpd/icons/small/image2.png | Bin 186 -> 0 bytes usr.sbin/httpd/icons/small/index.gif | Bin 145 -> 0 bytes usr.sbin/httpd/icons/small/index.png | Bin 206 -> 0 bytes usr.sbin/httpd/icons/small/key.gif | Bin 187 -> 0 bytes usr.sbin/httpd/icons/small/key.png | Bin 254 -> 0 bytes usr.sbin/httpd/icons/small/movie.gif | Bin 134 -> 0 bytes usr.sbin/httpd/icons/small/movie.png | Bin 202 -> 0 bytes usr.sbin/httpd/icons/small/patch.gif | Bin 182 -> 0 bytes usr.sbin/httpd/icons/small/patch.png | Bin 250 -> 0 bytes usr.sbin/httpd/icons/small/ps.gif | Bin 184 -> 0 bytes usr.sbin/httpd/icons/small/ps.png | Bin 254 -> 0 bytes usr.sbin/httpd/icons/small/rainbow.gif | Bin 3811 -> 0 bytes usr.sbin/httpd/icons/small/rainbow.png | Bin 2418 -> 0 bytes usr.sbin/httpd/icons/small/sound.gif | Bin 130 -> 0 bytes usr.sbin/httpd/icons/small/sound.png | Bin 176 -> 0 bytes usr.sbin/httpd/icons/small/sound2.gif | Bin 119 -> 0 bytes usr.sbin/httpd/icons/small/sound2.png | Bin 236 -> 0 bytes usr.sbin/httpd/icons/small/tar.gif | Bin 132 -> 0 bytes usr.sbin/httpd/icons/small/tar.png | Bin 227 -> 0 bytes usr.sbin/httpd/icons/small/text.gif | Bin 128 -> 0 bytes usr.sbin/httpd/icons/small/text.png | Bin 202 -> 0 bytes usr.sbin/httpd/icons/small/transfer.gif | Bin 124 -> 0 bytes usr.sbin/httpd/icons/small/transfer.png | Bin 186 -> 0 bytes usr.sbin/httpd/icons/small/unknown.gif | Bin 131 -> 0 bytes usr.sbin/httpd/icons/small/unknown.png | Bin 226 -> 0 bytes usr.sbin/httpd/icons/small/uu.gif | Bin 125 -> 0 bytes usr.sbin/httpd/icons/small/uu.png | Bin 217 -> 0 bytes usr.sbin/httpd/icons/sound1.gif | Bin 248 -> 0 bytes usr.sbin/httpd/icons/sound1.png | Bin 310 -> 0 bytes usr.sbin/httpd/icons/sound2.gif | Bin 221 -> 0 bytes usr.sbin/httpd/icons/sound2.png | Bin 297 -> 0 bytes usr.sbin/httpd/icons/sphere1.gif | Bin 285 -> 0 bytes usr.sbin/httpd/icons/sphere1.png | Bin 326 -> 0 bytes usr.sbin/httpd/icons/sphere2.gif | Bin 264 -> 0 bytes usr.sbin/httpd/icons/sphere2.png | Bin 322 -> 0 bytes usr.sbin/httpd/icons/tar.gif | Bin 219 -> 0 bytes usr.sbin/httpd/icons/tar.png | Bin 261 -> 0 bytes usr.sbin/httpd/icons/tex.gif | Bin 251 -> 0 bytes usr.sbin/httpd/icons/tex.png | Bin 295 -> 0 bytes usr.sbin/httpd/icons/text.gif | Bin 229 -> 0 bytes usr.sbin/httpd/icons/text.png | Bin 273 -> 0 bytes usr.sbin/httpd/icons/transfer.gif | Bin 242 -> 0 bytes usr.sbin/httpd/icons/transfer.png | Bin 319 -> 0 bytes usr.sbin/httpd/icons/unknown.gif | Bin 245 -> 0 bytes usr.sbin/httpd/icons/unknown.png | Bin 291 -> 0 bytes usr.sbin/httpd/icons/up.gif | Bin 164 -> 0 bytes usr.sbin/httpd/icons/up.png | Bin 234 -> 0 bytes usr.sbin/httpd/icons/uu.gif | Bin 236 -> 0 bytes usr.sbin/httpd/icons/uu.png | Bin 280 -> 0 bytes usr.sbin/httpd/icons/uuencoded.gif | Bin 236 -> 0 bytes usr.sbin/httpd/icons/uuencoded.png | Bin 280 -> 0 bytes usr.sbin/httpd/icons/world1.gif | Bin 228 -> 0 bytes usr.sbin/httpd/icons/world1.png | Bin 315 -> 0 bytes usr.sbin/httpd/icons/world2.gif | Bin 261 -> 0 bytes usr.sbin/httpd/icons/world2.png | Bin 339 -> 0 bytes usr.sbin/httpd/src/.gdbinit | 28 - usr.sbin/httpd/src/.indent.pro | 1 - usr.sbin/httpd/src/BUILD.NOTES | 39 - usr.sbin/httpd/src/CHANGES | 9230 ----------------- usr.sbin/httpd/src/CHANGES.SSL | 3878 ------- usr.sbin/httpd/src/Configuration | 453 - usr.sbin/httpd/src/Configuration.tmpl | 528 - usr.sbin/httpd/src/Configure | 2649 ----- usr.sbin/httpd/src/INSTALL | 169 - usr.sbin/httpd/src/Makefile.bsd-wrapper | 48 - usr.sbin/httpd/src/Makefile.tmpl | 147 - usr.sbin/httpd/src/PORTING | 387 - usr.sbin/httpd/src/README | 147 - usr.sbin/httpd/src/README.EAPI | 340 - usr.sbin/httpd/src/ap/.indent.pro | 54 - usr.sbin/httpd/src/ap/Makefile.tmpl | 84 - usr.sbin/httpd/src/ap/ap_base64.c | 215 - usr.sbin/httpd/src/ap/ap_checkpass.c | 102 - usr.sbin/httpd/src/ap/ap_cpystrn.c | 95 - usr.sbin/httpd/src/ap/ap_ctx.c | 159 - usr.sbin/httpd/src/ap/ap_ebcdic.c | 61 - usr.sbin/httpd/src/ap/ap_execve.c | 100 - usr.sbin/httpd/src/ap/ap_fnmatch.c | 236 - usr.sbin/httpd/src/ap/ap_getpass.c | 104 - usr.sbin/httpd/src/ap/ap_hook.c | 817 -- usr.sbin/httpd/src/ap/ap_md5c.c | 297 - usr.sbin/httpd/src/ap/ap_mm.c | 178 - usr.sbin/httpd/src/ap/ap_sha1.c | 154 - usr.sbin/httpd/src/ap/ap_signal.c | 79 - usr.sbin/httpd/src/ap/ap_slack.c | 99 - usr.sbin/httpd/src/ap/ap_snprintf.c | 1231 --- usr.sbin/httpd/src/ap/ap_strtol.c | 205 - usr.sbin/httpd/src/buildmark.c | 65 - usr.sbin/httpd/src/helpers/CutRule | 8 - usr.sbin/httpd/src/helpers/GuessCodeset | 15 - usr.sbin/httpd/src/helpers/GuessOS | 366 - usr.sbin/httpd/src/helpers/MakeEtags | 39 - usr.sbin/httpd/src/helpers/MakeLint | 31 - usr.sbin/httpd/src/helpers/PrintPath | 105 - usr.sbin/httpd/src/helpers/TestCompile | 281 - usr.sbin/httpd/src/helpers/binbuild.sh | 301 - usr.sbin/httpd/src/helpers/buildinfo.sh | 160 - usr.sbin/httpd/src/helpers/checkheader.sh | 35 - usr.sbin/httpd/src/helpers/cvstodsp5.pl | 43 - usr.sbin/httpd/src/helpers/dsp5tocvs.pl | 40 - usr.sbin/httpd/src/helpers/dummy.c | 12 - usr.sbin/httpd/src/helpers/find-dbm-lib | 74 - usr.sbin/httpd/src/helpers/findcpp.sh | 73 - usr.sbin/httpd/src/helpers/fixwin32mak.pl | 47 - usr.sbin/httpd/src/helpers/fmn.sh | 49 - usr.sbin/httpd/src/helpers/fp2rp | 13 - usr.sbin/httpd/src/helpers/getuid.sh | 65 - usr.sbin/httpd/src/helpers/install.sh | 120 - usr.sbin/httpd/src/helpers/mfhead | 8 - usr.sbin/httpd/src/helpers/mkdir.sh | 35 - usr.sbin/httpd/src/helpers/mkshadow.sh | 110 - usr.sbin/httpd/src/helpers/ppl.sh | 55 - usr.sbin/httpd/src/helpers/slo.sh | 178 - usr.sbin/httpd/src/include/.indent.pro | 54 - usr.sbin/httpd/src/include/ap.h | 200 - usr.sbin/httpd/src/include/ap_alloc.h | 421 - usr.sbin/httpd/src/include/ap_compat.h | 431 - usr.sbin/httpd/src/include/ap_config.h | 356 - usr.sbin/httpd/src/include/ap_config_auto.h | 99 - usr.sbin/httpd/src/include/ap_ctx.h | 108 - usr.sbin/httpd/src/include/ap_ctype.h | 93 - usr.sbin/httpd/src/include/ap_ebcdic.h | 67 - usr.sbin/httpd/src/include/ap_hook.h | 712 -- usr.sbin/httpd/src/include/ap_md5.h | 96 - usr.sbin/httpd/src/include/ap_mm.h | 129 - usr.sbin/httpd/src/include/ap_mmn.h | 289 - usr.sbin/httpd/src/include/ap_sha1.h | 104 - usr.sbin/httpd/src/include/buff.h | 193 - usr.sbin/httpd/src/include/compat.h | 11 - usr.sbin/httpd/src/include/conf.h | 11 - usr.sbin/httpd/src/include/explain.h | 45 - usr.sbin/httpd/src/include/fdcache.h | 34 - usr.sbin/httpd/src/include/fnmatch.h | 62 - .../httpd/src/include/http_conf_globals.h | 132 - usr.sbin/httpd/src/include/http_config.h | 469 - usr.sbin/httpd/src/include/http_core.h | 356 - usr.sbin/httpd/src/include/http_log.h | 135 - usr.sbin/httpd/src/include/http_main.h | 183 - usr.sbin/httpd/src/include/http_protocol.h | 233 - usr.sbin/httpd/src/include/http_request.h | 120 - usr.sbin/httpd/src/include/http_vhost.h | 100 - usr.sbin/httpd/src/include/httpd.h | 1178 --- usr.sbin/httpd/src/include/multithread.h | 36 - usr.sbin/httpd/src/include/rfc1413.h | 74 - usr.sbin/httpd/src/include/scoreboard.h | 184 - usr.sbin/httpd/src/include/util_date.h | 84 - usr.sbin/httpd/src/include/util_md5.h | 79 - usr.sbin/httpd/src/include/util_script.h | 96 - usr.sbin/httpd/src/include/util_uri.h | 146 - usr.sbin/httpd/src/lib/expat-lite/CHANGES | 65 - .../httpd/src/lib/expat-lite/Makefile.tmpl | 26 - usr.sbin/httpd/src/lib/expat-lite/asciitab.h | 62 - usr.sbin/httpd/src/lib/expat-lite/dllmain.c | 40 - usr.sbin/httpd/src/lib/expat-lite/expat.html | 73 - usr.sbin/httpd/src/lib/expat-lite/hashtable.c | 151 - usr.sbin/httpd/src/lib/expat-lite/hashtable.h | 69 - usr.sbin/httpd/src/lib/expat-lite/iasciitab.h | 63 - usr.sbin/httpd/src/lib/expat-lite/latin1tab.h | 62 - usr.sbin/httpd/src/lib/expat-lite/nametab.h | 150 - usr.sbin/httpd/src/lib/expat-lite/utf8tab.h | 63 - usr.sbin/httpd/src/lib/expat-lite/xmldef.h | 54 - usr.sbin/httpd/src/lib/expat-lite/xmlparse.c | 3209 ------ .../httpd/src/lib/expat-lite/xmlparse.def | 41 - usr.sbin/httpd/src/lib/expat-lite/xmlparse.h | 482 - .../httpd/src/lib/expat-lite/xmlparse.imp | 34 - .../httpd/src/lib/expat-lite/xmlparsenw.def | 2 - usr.sbin/httpd/src/lib/expat-lite/xmlrole.c | 1093 -- usr.sbin/httpd/src/lib/expat-lite/xmlrole.h | 111 - usr.sbin/httpd/src/lib/expat-lite/xmltok.c | 1384 --- usr.sbin/httpd/src/lib/expat-lite/xmltok.def | 15 - usr.sbin/httpd/src/lib/expat-lite/xmltok.h | 307 - usr.sbin/httpd/src/lib/expat-lite/xmltok.imp | 9 - .../httpd/src/lib/expat-lite/xmltok_impl.c | 1746 ---- .../httpd/src/lib/expat-lite/xmltok_impl.h | 71 - usr.sbin/httpd/src/lib/expat-lite/xmltok_ns.c | 96 - .../httpd/src/lib/expat-lite/xmltoknw.def | 1 - usr.sbin/httpd/src/main/.indent.pro | 54 - usr.sbin/httpd/src/main/Makefile.tmpl | 166 - usr.sbin/httpd/src/main/alloc.c | 2681 ----- usr.sbin/httpd/src/main/buff.c | 1246 --- usr.sbin/httpd/src/main/fdcache.c | 86 - usr.sbin/httpd/src/main/gen_test_char.c | 80 - usr.sbin/httpd/src/main/gen_uri_delims.c | 34 - usr.sbin/httpd/src/main/http_config.c | 1885 ---- usr.sbin/httpd/src/main/http_core.c | 3545 ------- usr.sbin/httpd/src/main/http_log.c | 585 -- usr.sbin/httpd/src/main/http_main.c | 3465 ------- usr.sbin/httpd/src/main/http_protocol.c | 3182 ------ usr.sbin/httpd/src/main/http_request.c | 1384 --- usr.sbin/httpd/src/main/http_vhost.c | 1228 --- usr.sbin/httpd/src/main/rfc1413.c | 271 - usr.sbin/httpd/src/main/util.c | 2224 ---- usr.sbin/httpd/src/main/util_date.c | 326 - usr.sbin/httpd/src/main/util_md5.c | 210 - usr.sbin/httpd/src/main/util_script.c | 802 -- usr.sbin/httpd/src/main/util_uri.c | 507 - usr.sbin/httpd/src/modules/README | 34 - .../httpd/src/modules/example/.indent.pro | 54 - usr.sbin/httpd/src/modules/example/Makefile | 107 - .../httpd/src/modules/example/Makefile.tmpl | 15 - usr.sbin/httpd/src/modules/example/README | 53 - .../httpd/src/modules/example/mod_example.c | 1152 -- .../src/modules/experimental/.indent.pro | 54 - .../src/modules/experimental/Makefile.tmpl | 23 - .../modules/experimental/mod_auth_digest.c | 1534 --- .../modules/experimental/mod_mmap_static.c | 397 - usr.sbin/httpd/src/modules/extra/.indent.pro | 54 - .../httpd/src/modules/extra/Makefile.tmpl | 6 - usr.sbin/httpd/src/modules/extra/mod_define.c | 413 - .../httpd/src/modules/keynote/Makefile.tmpl | 14 - .../httpd/src/modules/keynote/mod_keynote.c | 905 -- .../src/modules/keynote/mod_keynote.module | 4 - usr.sbin/httpd/src/modules/proxy/.indent.pro | 64 - .../httpd/src/modules/proxy/Makefile.libdir | 4 - .../httpd/src/modules/proxy/Makefile.tmpl | 121 - usr.sbin/httpd/src/modules/proxy/mod_proxy.c | 1102 -- usr.sbin/httpd/src/modules/proxy/mod_proxy.h | 348 - .../httpd/src/modules/proxy/proxy_cache.c | 1670 --- .../httpd/src/modules/proxy/proxy_connect.c | 333 - usr.sbin/httpd/src/modules/proxy/proxy_ftp.c | 1479 --- usr.sbin/httpd/src/modules/proxy/proxy_http.c | 721 -- usr.sbin/httpd/src/modules/proxy/proxy_util.c | 1577 --- .../httpd/src/modules/ssl/Makefile.libdir | 15 - usr.sbin/httpd/src/modules/ssl/Makefile.tmpl | 537 - usr.sbin/httpd/src/modules/ssl/README | 163 - .../httpd/src/modules/ssl/README.dsov.fig | 346 - usr.sbin/httpd/src/modules/ssl/README.dsov.ps | 1138 -- usr.sbin/httpd/src/modules/ssl/libssl.module | 495 - usr.sbin/httpd/src/modules/ssl/libssl.version | 1 - usr.sbin/httpd/src/modules/ssl/mod_ssl.c | 257 - usr.sbin/httpd/src/modules/ssl/mod_ssl.h | 787 -- .../httpd/src/modules/ssl/ssl_engine_compat.c | 512 - .../httpd/src/modules/ssl/ssl_engine_config.c | 1125 -- .../httpd/src/modules/ssl/ssl_engine_dh.c | 251 - .../httpd/src/modules/ssl/ssl_engine_ds.c | 195 - .../httpd/src/modules/ssl/ssl_engine_ext.c | 812 -- .../httpd/src/modules/ssl/ssl_engine_init.c | 1138 -- .../httpd/src/modules/ssl/ssl_engine_io.c | 545 - .../httpd/src/modules/ssl/ssl_engine_kernel.c | 1966 ---- .../httpd/src/modules/ssl/ssl_engine_log.c | 330 - .../httpd/src/modules/ssl/ssl_engine_mutex.c | 356 - .../src/modules/ssl/ssl_engine_pphrase.c | 540 - .../httpd/src/modules/ssl/ssl_engine_rand.c | 206 - .../httpd/src/modules/ssl/ssl_engine_vars.c | 622 -- usr.sbin/httpd/src/modules/ssl/ssl_expr.c | 119 - usr.sbin/httpd/src/modules/ssl/ssl_expr.h | 139 - .../httpd/src/modules/ssl/ssl_expr_eval.c | 282 - .../httpd/src/modules/ssl/ssl_expr_parse.y | 186 - .../httpd/src/modules/ssl/ssl_expr_scan.l | 261 - usr.sbin/httpd/src/modules/ssl/ssl_scache.c | 204 - .../httpd/src/modules/ssl/ssl_scache_dbm.c | 446 - .../httpd/src/modules/ssl/ssl_scache_shmcb.c | 1310 --- .../httpd/src/modules/ssl/ssl_scache_shmht.c | 349 - usr.sbin/httpd/src/modules/ssl/ssl_util.c | 344 - usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.c | 511 - usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.h | 122 - .../httpd/src/modules/ssl/ssl_util_table.c | 2864 ----- .../httpd/src/modules/ssl/ssl_util_table.h | 189 - .../httpd/src/modules/standard/.indent.pro | 54 - .../httpd/src/modules/standard/Makefile.tmpl | 258 - .../httpd/src/modules/standard/mod_access.c | 595 -- .../httpd/src/modules/standard/mod_actions.c | 291 - .../httpd/src/modules/standard/mod_alias.c | 451 - .../httpd/src/modules/standard/mod_asis.c | 146 - .../httpd/src/modules/standard/mod_auth.c | 431 - .../src/modules/standard/mod_auth_anon.c | 316 - .../httpd/src/modules/standard/mod_auth_db.c | 364 - .../src/modules/standard/mod_auth_db.module | 47 - .../httpd/src/modules/standard/mod_auth_dbm.c | 331 - .../src/modules/standard/mod_autoindex.c | 1836 ---- .../src/modules/standard/mod_cern_meta.c | 397 - usr.sbin/httpd/src/modules/standard/mod_cgi.c | 548 - .../httpd/src/modules/standard/mod_digest.c | 477 - usr.sbin/httpd/src/modules/standard/mod_dir.c | 248 - usr.sbin/httpd/src/modules/standard/mod_env.c | 280 - .../httpd/src/modules/standard/mod_expires.c | 515 - .../httpd/src/modules/standard/mod_headers.c | 313 - .../httpd/src/modules/standard/mod_imap.c | 918 -- .../httpd/src/modules/standard/mod_include.c | 2523 ----- .../httpd/src/modules/standard/mod_info.c | 774 -- .../src/modules/standard/mod_log_agent.c | 193 - .../src/modules/standard/mod_log_config.c | 1223 --- .../src/modules/standard/mod_log_referer.c | 234 - .../httpd/src/modules/standard/mod_mime.c | 804 -- .../src/modules/standard/mod_mime_magic.c | 2423 ----- .../src/modules/standard/mod_negotiation.c | 2835 ----- .../httpd/src/modules/standard/mod_rewrite.c | 4396 -------- .../httpd/src/modules/standard/mod_rewrite.h | 496 - .../httpd/src/modules/standard/mod_setenvif.c | 483 - usr.sbin/httpd/src/modules/standard/mod_so.c | 364 - .../httpd/src/modules/standard/mod_speling.c | 561 - .../httpd/src/modules/standard/mod_status.c | 736 -- .../src/modules/standard/mod_unique_id.c | 448 - .../httpd/src/modules/standard/mod_userdir.c | 381 - .../src/modules/standard/mod_usertrack.c | 577 -- .../src/modules/standard/mod_vhost_alias.c | 489 - usr.sbin/httpd/src/os/unix/Makefile.tmpl | 47 - usr.sbin/httpd/src/os/unix/os-inline.c | 34 - usr.sbin/httpd/src/os/unix/os.c | 56 - usr.sbin/httpd/src/os/unix/os.h | 126 - usr.sbin/httpd/src/support/.indent.pro | 54 - usr.sbin/httpd/src/support/Makefile.tmpl | 76 - usr.sbin/httpd/src/support/README | 72 - usr.sbin/httpd/src/support/SHA1/README.sha1 | 34 - .../httpd/src/support/SHA1/convert-sha1.pl | 36 - .../httpd/src/support/SHA1/htpasswd-sha1.pl | 22 - .../httpd/src/support/SHA1/ldif-sha1.example | 19 - usr.sbin/httpd/src/support/apachectl | 253 - usr.sbin/httpd/src/support/apachectl.8 | 185 - usr.sbin/httpd/src/support/apxs.8 | 433 - usr.sbin/httpd/src/support/apxs.pl | 805 -- usr.sbin/httpd/src/support/checkgid.c | 131 - usr.sbin/httpd/src/support/dbmmanage | 356 - usr.sbin/httpd/src/support/dbmmanage.1 | 198 - usr.sbin/httpd/src/support/htdigest.1 | 120 - usr.sbin/httpd/src/support/htdigest.c | 268 - usr.sbin/httpd/src/support/htpasswd.1 | 292 - usr.sbin/httpd/src/support/htpasswd.c | 567 - usr.sbin/httpd/src/support/httpd.exp | 491 - usr.sbin/httpd/src/support/log_server_status | 121 - usr.sbin/httpd/src/support/logresolve.8 | 100 - usr.sbin/httpd/src/support/logresolve.c | 357 - usr.sbin/httpd/src/support/logresolve.pl | 267 - usr.sbin/httpd/src/support/mkcert.sh | 855 -- usr.sbin/httpd/src/support/phf_abuse_log.cgi | 21 - usr.sbin/httpd/src/support/rotatelogs.8 | 113 - usr.sbin/httpd/src/support/rotatelogs.c | 128 - usr.sbin/httpd/src/support/split-logfile | 111 - usr.sbin/httpd/src/support/suexec.8 | 111 - usr.sbin/httpd/src/support/suexec.c | 576 - usr.sbin/httpd/src/support/suexec.h | 146 - 718 files changed, 200382 deletions(-) delete mode 100644 usr.sbin/httpd/ABOUT_APACHE delete mode 100644 usr.sbin/httpd/Announcement delete mode 100644 usr.sbin/httpd/CHANGES delete mode 100644 usr.sbin/httpd/INSTALL delete mode 100644 usr.sbin/httpd/INSTALL.SSL delete mode 100644 usr.sbin/httpd/LICENSE delete mode 100644 usr.sbin/httpd/LICENSE.SSL delete mode 100644 usr.sbin/httpd/Makefile.bsd-wrapper delete mode 100644 usr.sbin/httpd/Makefile.tmpl delete mode 100644 usr.sbin/httpd/README delete mode 100644 usr.sbin/httpd/README.IPv6 delete mode 100644 usr.sbin/httpd/README.SSL delete mode 100644 usr.sbin/httpd/README.configure delete mode 100644 usr.sbin/httpd/cgi-bin/printenv delete mode 100644 usr.sbin/httpd/cgi-bin/test-cgi delete mode 100644 usr.sbin/httpd/conf/httpd.conf delete mode 100644 usr.sbin/httpd/conf/httpd.conf-dist delete mode 100644 usr.sbin/httpd/conf/magic delete mode 100644 usr.sbin/httpd/conf/mime.types delete mode 100644 usr.sbin/httpd/conf/ssl.crl/Makefile delete mode 100644 usr.sbin/httpd/conf/ssl.crl/README.CRL delete mode 100644 usr.sbin/httpd/conf/ssl.crt/Makefile delete mode 100644 usr.sbin/httpd/conf/ssl.crt/README.CRT delete mode 100644 usr.sbin/httpd/conf/ssl.crt/ca-bundle.crt delete mode 100644 usr.sbin/httpd/conf/ssl.crt/server.crt delete mode 100644 usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-dsa.crt delete mode 100644 usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-rsa.crt delete mode 100644 usr.sbin/httpd/conf/ssl.crt/snakeoil-dsa.crt delete mode 100644 usr.sbin/httpd/conf/ssl.crt/snakeoil-rsa.crt delete mode 100644 usr.sbin/httpd/conf/ssl.csr/README.CSR delete mode 100644 usr.sbin/httpd/conf/ssl.csr/server.csr delete mode 100644 usr.sbin/httpd/conf/ssl.key/README.KEY delete mode 100644 usr.sbin/httpd/conf/ssl.key/server.key delete mode 100644 usr.sbin/httpd/conf/ssl.key/snakeoil-ca-dsa.key delete mode 100644 usr.sbin/httpd/conf/ssl.key/snakeoil-ca-rsa.key delete mode 100644 usr.sbin/httpd/conf/ssl.key/snakeoil-dsa.key delete mode 100644 usr.sbin/httpd/conf/ssl.key/snakeoil-rsa.key delete mode 100644 usr.sbin/httpd/conf/ssl.prm/README.PRM delete mode 100644 usr.sbin/httpd/conf/ssl.prm/snakeoil-ca-dsa.prm delete mode 100644 usr.sbin/httpd/conf/ssl.prm/snakeoil-dsa.prm delete mode 100644 usr.sbin/httpd/config.layout delete mode 100644 usr.sbin/httpd/configure delete mode 100644 usr.sbin/httpd/htdocs/apache_pb.gif delete mode 100644 usr.sbin/httpd/htdocs/blowfish.jpg delete mode 100644 usr.sbin/httpd/htdocs/bsd_small.gif delete mode 100644 usr.sbin/httpd/htdocs/index.html delete mode 100644 usr.sbin/httpd/htdocs/lock.gif delete mode 100644 usr.sbin/httpd/htdocs/logo23.jpg delete mode 100644 usr.sbin/httpd/htdocs/logo24.jpg delete mode 100644 usr.sbin/httpd/htdocs/manual/LICENSE delete mode 100644 usr.sbin/httpd/htdocs/manual/TODO delete mode 100644 usr.sbin/httpd/htdocs/manual/bind.html delete mode 100644 usr.sbin/httpd/htdocs/manual/configuring.html delete mode 100644 usr.sbin/httpd/htdocs/manual/content-negotiation.html delete mode 100644 usr.sbin/httpd/htdocs/manual/custom-error.html delete mode 100644 usr.sbin/httpd/htdocs/manual/dns-caveats.html delete mode 100644 usr.sbin/httpd/htdocs/manual/dso.html delete mode 100644 usr.sbin/httpd/htdocs/manual/env.html delete mode 100644 usr.sbin/httpd/htdocs/manual/handler.html delete mode 100644 usr.sbin/httpd/htdocs/manual/howto/auth.html delete mode 100644 usr.sbin/httpd/htdocs/manual/howto/cgi.html delete mode 100644 usr.sbin/httpd/htdocs/manual/howto/htaccess.html delete mode 100644 usr.sbin/httpd/htdocs/manual/howto/ssi.html delete mode 100644 usr.sbin/httpd/htdocs/manual/images/apache_header.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/apache_pb.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/custom_errordocs.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/feather.jpg delete mode 100644 usr.sbin/httpd/htdocs/manual/images/home.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/index.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.fig delete mode 100644 usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.fig delete mode 100644 usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/mod_ssl_sb.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/openssl_ics.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/pixel.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/images/sub.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/index.html delete mode 100644 usr.sbin/httpd/htdocs/manual/invoking.html delete mode 100644 usr.sbin/httpd/htdocs/manual/ipv6.html delete mode 100644 usr.sbin/httpd/htdocs/manual/keepalive.html delete mode 100644 usr.sbin/httpd/htdocs/manual/location.html delete mode 100644 usr.sbin/httpd/htdocs/manual/logs.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/API.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/FAQ.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/descriptors.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/howto.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/index.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/perf.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/security_tips.html delete mode 100644 usr.sbin/httpd/htdocs/manual/misc/tutorials.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/core.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/directive-dict.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/directives.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/index-bytype.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/index.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_access.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_actions.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_alias.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_asis.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_auth.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_define.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_digest.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_dir.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_env.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_expires.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_headers.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_imap.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_include.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_info.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_log_agent.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_mime.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_so.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_speling.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.gfont000.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_logo.jpg delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_title.jpg delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.gfont000.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.gfont000.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig1.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig2.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig3.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.gfont000.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview_fig1.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.gfont000.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-chapter.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-1.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-2.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-3.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-4.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-5.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-6.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-7.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-000000.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-transp.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-n.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-s.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-n.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-s.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-abstract.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-compat.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-faq.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-gloss.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-howto.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-intro.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-over.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-preface.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-ref.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-toc.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-tutor.gif delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_status.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_unique_id.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html delete mode 100644 usr.sbin/httpd/htdocs/manual/mod/module-dict.html delete mode 100644 usr.sbin/httpd/htdocs/manual/multilogs.html delete mode 100644 usr.sbin/httpd/htdocs/manual/process-model.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/ab.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/apachectl.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/apxs.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/dbmmanage.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/htdigest.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/htpasswd.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/httpd.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/index.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/logresolve.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/other.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/rotatelogs.html delete mode 100644 usr.sbin/httpd/htdocs/manual/programs/suexec.html delete mode 100644 usr.sbin/httpd/htdocs/manual/sections.html delete mode 100644 usr.sbin/httpd/htdocs/manual/server-wide.html delete mode 100644 usr.sbin/httpd/htdocs/manual/sitemap.html delete mode 100644 usr.sbin/httpd/htdocs/manual/stopping.html delete mode 100644 usr.sbin/httpd/htdocs/manual/suexec.html delete mode 100644 usr.sbin/httpd/htdocs/manual/urlmapping.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/details.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/examples.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/fd-limits.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/host.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/index.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/ip-based.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/mass.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/name-based.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html delete mode 100644 usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html delete mode 100644 usr.sbin/httpd/htdocs/mod_ssl_sb.gif delete mode 100644 usr.sbin/httpd/htdocs/openbsd_pb.gif delete mode 100644 usr.sbin/httpd/htdocs/openbsdpower.gif delete mode 100644 usr.sbin/httpd/htdocs/openssl_ics.gif delete mode 100644 usr.sbin/httpd/htdocs/smalltitle.gif delete mode 100644 usr.sbin/httpd/httpd.8 delete mode 100644 usr.sbin/httpd/icons/README delete mode 100644 usr.sbin/httpd/icons/a.gif delete mode 100644 usr.sbin/httpd/icons/a.png delete mode 100644 usr.sbin/httpd/icons/alert.black.gif delete mode 100644 usr.sbin/httpd/icons/alert.black.png delete mode 100644 usr.sbin/httpd/icons/alert.red.gif delete mode 100644 usr.sbin/httpd/icons/alert.red.png delete mode 100644 usr.sbin/httpd/icons/apache_pb.gif delete mode 100644 usr.sbin/httpd/icons/apache_pb.png delete mode 100644 usr.sbin/httpd/icons/back.gif delete mode 100644 usr.sbin/httpd/icons/back.png delete mode 100644 usr.sbin/httpd/icons/ball.gray.gif delete mode 100644 usr.sbin/httpd/icons/ball.gray.png delete mode 100644 usr.sbin/httpd/icons/ball.red.gif delete mode 100644 usr.sbin/httpd/icons/ball.red.png delete mode 100644 usr.sbin/httpd/icons/binary.gif delete mode 100644 usr.sbin/httpd/icons/binary.png delete mode 100644 usr.sbin/httpd/icons/binhex.gif delete mode 100644 usr.sbin/httpd/icons/binhex.png delete mode 100644 usr.sbin/httpd/icons/blank.gif delete mode 100644 usr.sbin/httpd/icons/blank.png delete mode 100644 usr.sbin/httpd/icons/bomb.gif delete mode 100644 usr.sbin/httpd/icons/bomb.png delete mode 100644 usr.sbin/httpd/icons/box1.gif delete mode 100644 usr.sbin/httpd/icons/box1.png delete mode 100644 usr.sbin/httpd/icons/box2.gif delete mode 100644 usr.sbin/httpd/icons/box2.png delete mode 100644 usr.sbin/httpd/icons/broken.gif delete mode 100644 usr.sbin/httpd/icons/broken.png delete mode 100644 usr.sbin/httpd/icons/burst.gif delete mode 100644 usr.sbin/httpd/icons/burst.png delete mode 100644 usr.sbin/httpd/icons/c.gif delete mode 100644 usr.sbin/httpd/icons/c.png delete mode 100644 usr.sbin/httpd/icons/comp.blue.gif delete mode 100644 usr.sbin/httpd/icons/comp.blue.png delete mode 100644 usr.sbin/httpd/icons/comp.gray.gif delete mode 100644 usr.sbin/httpd/icons/comp.gray.png delete mode 100644 usr.sbin/httpd/icons/compressed.gif delete mode 100644 usr.sbin/httpd/icons/compressed.png delete mode 100644 usr.sbin/httpd/icons/continued.gif delete mode 100644 usr.sbin/httpd/icons/continued.png delete mode 100644 usr.sbin/httpd/icons/dir.gif delete mode 100644 usr.sbin/httpd/icons/dir.png delete mode 100644 usr.sbin/httpd/icons/diskimg.gif delete mode 100644 usr.sbin/httpd/icons/diskimg.png delete mode 100644 usr.sbin/httpd/icons/down.gif delete mode 100644 usr.sbin/httpd/icons/down.png delete mode 100644 usr.sbin/httpd/icons/dvi.gif delete mode 100644 usr.sbin/httpd/icons/dvi.png delete mode 100644 usr.sbin/httpd/icons/f.gif delete mode 100644 usr.sbin/httpd/icons/f.png delete mode 100644 usr.sbin/httpd/icons/folder.gif delete mode 100644 usr.sbin/httpd/icons/folder.open.gif delete mode 100644 usr.sbin/httpd/icons/folder.open.png delete mode 100644 usr.sbin/httpd/icons/folder.png delete mode 100644 usr.sbin/httpd/icons/folder.sec.gif delete mode 100644 usr.sbin/httpd/icons/folder.sec.png delete mode 100644 usr.sbin/httpd/icons/forward.gif delete mode 100644 usr.sbin/httpd/icons/forward.png delete mode 100644 usr.sbin/httpd/icons/generic.gif delete mode 100644 usr.sbin/httpd/icons/generic.png delete mode 100644 usr.sbin/httpd/icons/generic.red.gif delete mode 100644 usr.sbin/httpd/icons/generic.red.png delete mode 100644 usr.sbin/httpd/icons/generic.sec.gif delete mode 100644 usr.sbin/httpd/icons/generic.sec.png delete mode 100644 usr.sbin/httpd/icons/hand.right.gif delete mode 100644 usr.sbin/httpd/icons/hand.right.png delete mode 100644 usr.sbin/httpd/icons/hand.up.gif delete mode 100644 usr.sbin/httpd/icons/hand.up.png delete mode 100644 usr.sbin/httpd/icons/icon.sheet.gif delete mode 100644 usr.sbin/httpd/icons/icon.sheet.png delete mode 100644 usr.sbin/httpd/icons/image1.gif delete mode 100644 usr.sbin/httpd/icons/image1.png delete mode 100644 usr.sbin/httpd/icons/image2.gif delete mode 100644 usr.sbin/httpd/icons/image2.png delete mode 100644 usr.sbin/httpd/icons/image3.gif delete mode 100644 usr.sbin/httpd/icons/image3.png delete mode 100644 usr.sbin/httpd/icons/index.gif delete mode 100644 usr.sbin/httpd/icons/index.png delete mode 100644 usr.sbin/httpd/icons/layout.gif delete mode 100644 usr.sbin/httpd/icons/layout.png delete mode 100644 usr.sbin/httpd/icons/left.gif delete mode 100644 usr.sbin/httpd/icons/left.png delete mode 100644 usr.sbin/httpd/icons/link.gif delete mode 100644 usr.sbin/httpd/icons/link.png delete mode 100644 usr.sbin/httpd/icons/movie.gif delete mode 100644 usr.sbin/httpd/icons/movie.png delete mode 100644 usr.sbin/httpd/icons/p.gif delete mode 100644 usr.sbin/httpd/icons/p.png delete mode 100644 usr.sbin/httpd/icons/patch.gif delete mode 100644 usr.sbin/httpd/icons/patch.png delete mode 100644 usr.sbin/httpd/icons/pdf.gif delete mode 100644 usr.sbin/httpd/icons/pdf.png delete mode 100644 usr.sbin/httpd/icons/pie0.gif delete mode 100644 usr.sbin/httpd/icons/pie0.png delete mode 100644 usr.sbin/httpd/icons/pie1.gif delete mode 100644 usr.sbin/httpd/icons/pie1.png delete mode 100644 usr.sbin/httpd/icons/pie2.gif delete mode 100644 usr.sbin/httpd/icons/pie2.png delete mode 100644 usr.sbin/httpd/icons/pie3.gif delete mode 100644 usr.sbin/httpd/icons/pie3.png delete mode 100644 usr.sbin/httpd/icons/pie4.gif delete mode 100644 usr.sbin/httpd/icons/pie4.png delete mode 100644 usr.sbin/httpd/icons/pie5.gif delete mode 100644 usr.sbin/httpd/icons/pie5.png delete mode 100644 usr.sbin/httpd/icons/pie6.gif delete mode 100644 usr.sbin/httpd/icons/pie6.png delete mode 100644 usr.sbin/httpd/icons/pie7.gif delete mode 100644 usr.sbin/httpd/icons/pie7.png delete mode 100644 usr.sbin/httpd/icons/pie8.gif delete mode 100644 usr.sbin/httpd/icons/pie8.png delete mode 100644 usr.sbin/httpd/icons/portal.gif delete mode 100644 usr.sbin/httpd/icons/portal.png delete mode 100644 usr.sbin/httpd/icons/ps.gif delete mode 100644 usr.sbin/httpd/icons/ps.png delete mode 100644 usr.sbin/httpd/icons/quill.gif delete mode 100644 usr.sbin/httpd/icons/quill.png delete mode 100644 usr.sbin/httpd/icons/right.gif delete mode 100644 usr.sbin/httpd/icons/right.png delete mode 100644 usr.sbin/httpd/icons/screw1.gif delete mode 100644 usr.sbin/httpd/icons/screw1.png delete mode 100644 usr.sbin/httpd/icons/screw2.gif delete mode 100644 usr.sbin/httpd/icons/screw2.png delete mode 100644 usr.sbin/httpd/icons/script.gif delete mode 100644 usr.sbin/httpd/icons/script.png delete mode 100644 usr.sbin/httpd/icons/small/README.txt delete mode 100644 usr.sbin/httpd/icons/small/back.gif delete mode 100644 usr.sbin/httpd/icons/small/back.png delete mode 100644 usr.sbin/httpd/icons/small/binary.gif delete mode 100644 usr.sbin/httpd/icons/small/binary.png delete mode 100644 usr.sbin/httpd/icons/small/binhex.gif delete mode 100644 usr.sbin/httpd/icons/small/binhex.png delete mode 100644 usr.sbin/httpd/icons/small/blank.gif delete mode 100644 usr.sbin/httpd/icons/small/blank.png delete mode 100644 usr.sbin/httpd/icons/small/broken.gif delete mode 100644 usr.sbin/httpd/icons/small/broken.png delete mode 100644 usr.sbin/httpd/icons/small/burst.gif delete mode 100644 usr.sbin/httpd/icons/small/burst.png delete mode 100644 usr.sbin/httpd/icons/small/comp1.gif delete mode 100644 usr.sbin/httpd/icons/small/comp1.png delete mode 100644 usr.sbin/httpd/icons/small/comp2.gif delete mode 100644 usr.sbin/httpd/icons/small/comp2.png delete mode 100644 usr.sbin/httpd/icons/small/compressed.gif delete mode 100644 usr.sbin/httpd/icons/small/compressed.png delete mode 100644 usr.sbin/httpd/icons/small/continued.gif delete mode 100644 usr.sbin/httpd/icons/small/continued.png delete mode 100644 usr.sbin/httpd/icons/small/dir.gif delete mode 100644 usr.sbin/httpd/icons/small/dir.png delete mode 100644 usr.sbin/httpd/icons/small/dir2.gif delete mode 100644 usr.sbin/httpd/icons/small/dir2.png delete mode 100644 usr.sbin/httpd/icons/small/doc.gif delete mode 100644 usr.sbin/httpd/icons/small/doc.png delete mode 100644 usr.sbin/httpd/icons/small/forward.gif delete mode 100644 usr.sbin/httpd/icons/small/forward.png delete mode 100644 usr.sbin/httpd/icons/small/generic.gif delete mode 100644 usr.sbin/httpd/icons/small/generic.png delete mode 100644 usr.sbin/httpd/icons/small/generic2.gif delete mode 100644 usr.sbin/httpd/icons/small/generic2.png delete mode 100644 usr.sbin/httpd/icons/small/generic3.gif delete mode 100644 usr.sbin/httpd/icons/small/generic3.png delete mode 100644 usr.sbin/httpd/icons/small/image.gif delete mode 100644 usr.sbin/httpd/icons/small/image.png delete mode 100644 usr.sbin/httpd/icons/small/image2.gif delete mode 100644 usr.sbin/httpd/icons/small/image2.png delete mode 100644 usr.sbin/httpd/icons/small/index.gif delete mode 100644 usr.sbin/httpd/icons/small/index.png delete mode 100644 usr.sbin/httpd/icons/small/key.gif delete mode 100644 usr.sbin/httpd/icons/small/key.png delete mode 100644 usr.sbin/httpd/icons/small/movie.gif delete mode 100644 usr.sbin/httpd/icons/small/movie.png delete mode 100644 usr.sbin/httpd/icons/small/patch.gif delete mode 100644 usr.sbin/httpd/icons/small/patch.png delete mode 100644 usr.sbin/httpd/icons/small/ps.gif delete mode 100644 usr.sbin/httpd/icons/small/ps.png delete mode 100644 usr.sbin/httpd/icons/small/rainbow.gif delete mode 100644 usr.sbin/httpd/icons/small/rainbow.png delete mode 100644 usr.sbin/httpd/icons/small/sound.gif delete mode 100644 usr.sbin/httpd/icons/small/sound.png delete mode 100644 usr.sbin/httpd/icons/small/sound2.gif delete mode 100644 usr.sbin/httpd/icons/small/sound2.png delete mode 100644 usr.sbin/httpd/icons/small/tar.gif delete mode 100644 usr.sbin/httpd/icons/small/tar.png delete mode 100644 usr.sbin/httpd/icons/small/text.gif delete mode 100644 usr.sbin/httpd/icons/small/text.png delete mode 100644 usr.sbin/httpd/icons/small/transfer.gif delete mode 100644 usr.sbin/httpd/icons/small/transfer.png delete mode 100644 usr.sbin/httpd/icons/small/unknown.gif delete mode 100644 usr.sbin/httpd/icons/small/unknown.png delete mode 100644 usr.sbin/httpd/icons/small/uu.gif delete mode 100644 usr.sbin/httpd/icons/small/uu.png delete mode 100644 usr.sbin/httpd/icons/sound1.gif delete mode 100644 usr.sbin/httpd/icons/sound1.png delete mode 100644 usr.sbin/httpd/icons/sound2.gif delete mode 100644 usr.sbin/httpd/icons/sound2.png delete mode 100644 usr.sbin/httpd/icons/sphere1.gif delete mode 100644 usr.sbin/httpd/icons/sphere1.png delete mode 100644 usr.sbin/httpd/icons/sphere2.gif delete mode 100644 usr.sbin/httpd/icons/sphere2.png delete mode 100644 usr.sbin/httpd/icons/tar.gif delete mode 100644 usr.sbin/httpd/icons/tar.png delete mode 100644 usr.sbin/httpd/icons/tex.gif delete mode 100644 usr.sbin/httpd/icons/tex.png delete mode 100644 usr.sbin/httpd/icons/text.gif delete mode 100644 usr.sbin/httpd/icons/text.png delete mode 100644 usr.sbin/httpd/icons/transfer.gif delete mode 100644 usr.sbin/httpd/icons/transfer.png delete mode 100644 usr.sbin/httpd/icons/unknown.gif delete mode 100644 usr.sbin/httpd/icons/unknown.png delete mode 100644 usr.sbin/httpd/icons/up.gif delete mode 100644 usr.sbin/httpd/icons/up.png delete mode 100644 usr.sbin/httpd/icons/uu.gif delete mode 100644 usr.sbin/httpd/icons/uu.png delete mode 100644 usr.sbin/httpd/icons/uuencoded.gif delete mode 100644 usr.sbin/httpd/icons/uuencoded.png delete mode 100644 usr.sbin/httpd/icons/world1.gif delete mode 100644 usr.sbin/httpd/icons/world1.png delete mode 100644 usr.sbin/httpd/icons/world2.gif delete mode 100644 usr.sbin/httpd/icons/world2.png delete mode 100644 usr.sbin/httpd/src/.gdbinit delete mode 100644 usr.sbin/httpd/src/.indent.pro delete mode 100644 usr.sbin/httpd/src/BUILD.NOTES delete mode 100644 usr.sbin/httpd/src/CHANGES delete mode 100644 usr.sbin/httpd/src/CHANGES.SSL delete mode 100644 usr.sbin/httpd/src/Configuration delete mode 100644 usr.sbin/httpd/src/Configuration.tmpl delete mode 100644 usr.sbin/httpd/src/Configure delete mode 100644 usr.sbin/httpd/src/INSTALL delete mode 100644 usr.sbin/httpd/src/Makefile.bsd-wrapper delete mode 100644 usr.sbin/httpd/src/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/PORTING delete mode 100644 usr.sbin/httpd/src/README delete mode 100644 usr.sbin/httpd/src/README.EAPI delete mode 100644 usr.sbin/httpd/src/ap/.indent.pro delete mode 100644 usr.sbin/httpd/src/ap/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/ap/ap_base64.c delete mode 100644 usr.sbin/httpd/src/ap/ap_checkpass.c delete mode 100644 usr.sbin/httpd/src/ap/ap_cpystrn.c delete mode 100644 usr.sbin/httpd/src/ap/ap_ctx.c delete mode 100644 usr.sbin/httpd/src/ap/ap_ebcdic.c delete mode 100644 usr.sbin/httpd/src/ap/ap_execve.c delete mode 100644 usr.sbin/httpd/src/ap/ap_fnmatch.c delete mode 100644 usr.sbin/httpd/src/ap/ap_getpass.c delete mode 100644 usr.sbin/httpd/src/ap/ap_hook.c delete mode 100644 usr.sbin/httpd/src/ap/ap_md5c.c delete mode 100644 usr.sbin/httpd/src/ap/ap_mm.c delete mode 100644 usr.sbin/httpd/src/ap/ap_sha1.c delete mode 100644 usr.sbin/httpd/src/ap/ap_signal.c delete mode 100644 usr.sbin/httpd/src/ap/ap_slack.c delete mode 100644 usr.sbin/httpd/src/ap/ap_snprintf.c delete mode 100644 usr.sbin/httpd/src/ap/ap_strtol.c delete mode 100644 usr.sbin/httpd/src/buildmark.c delete mode 100644 usr.sbin/httpd/src/helpers/CutRule delete mode 100644 usr.sbin/httpd/src/helpers/GuessCodeset delete mode 100644 usr.sbin/httpd/src/helpers/GuessOS delete mode 100644 usr.sbin/httpd/src/helpers/MakeEtags delete mode 100644 usr.sbin/httpd/src/helpers/MakeLint delete mode 100644 usr.sbin/httpd/src/helpers/PrintPath delete mode 100644 usr.sbin/httpd/src/helpers/TestCompile delete mode 100644 usr.sbin/httpd/src/helpers/binbuild.sh delete mode 100644 usr.sbin/httpd/src/helpers/buildinfo.sh delete mode 100644 usr.sbin/httpd/src/helpers/checkheader.sh delete mode 100644 usr.sbin/httpd/src/helpers/cvstodsp5.pl delete mode 100644 usr.sbin/httpd/src/helpers/dsp5tocvs.pl delete mode 100644 usr.sbin/httpd/src/helpers/dummy.c delete mode 100644 usr.sbin/httpd/src/helpers/find-dbm-lib delete mode 100644 usr.sbin/httpd/src/helpers/findcpp.sh delete mode 100644 usr.sbin/httpd/src/helpers/fixwin32mak.pl delete mode 100644 usr.sbin/httpd/src/helpers/fmn.sh delete mode 100644 usr.sbin/httpd/src/helpers/fp2rp delete mode 100644 usr.sbin/httpd/src/helpers/getuid.sh delete mode 100644 usr.sbin/httpd/src/helpers/install.sh delete mode 100644 usr.sbin/httpd/src/helpers/mfhead delete mode 100644 usr.sbin/httpd/src/helpers/mkdir.sh delete mode 100644 usr.sbin/httpd/src/helpers/mkshadow.sh delete mode 100644 usr.sbin/httpd/src/helpers/ppl.sh delete mode 100644 usr.sbin/httpd/src/helpers/slo.sh delete mode 100644 usr.sbin/httpd/src/include/.indent.pro delete mode 100644 usr.sbin/httpd/src/include/ap.h delete mode 100644 usr.sbin/httpd/src/include/ap_alloc.h delete mode 100644 usr.sbin/httpd/src/include/ap_compat.h delete mode 100644 usr.sbin/httpd/src/include/ap_config.h delete mode 100644 usr.sbin/httpd/src/include/ap_config_auto.h delete mode 100644 usr.sbin/httpd/src/include/ap_ctx.h delete mode 100644 usr.sbin/httpd/src/include/ap_ctype.h delete mode 100644 usr.sbin/httpd/src/include/ap_ebcdic.h delete mode 100644 usr.sbin/httpd/src/include/ap_hook.h delete mode 100644 usr.sbin/httpd/src/include/ap_md5.h delete mode 100644 usr.sbin/httpd/src/include/ap_mm.h delete mode 100644 usr.sbin/httpd/src/include/ap_mmn.h delete mode 100644 usr.sbin/httpd/src/include/ap_sha1.h delete mode 100644 usr.sbin/httpd/src/include/buff.h delete mode 100644 usr.sbin/httpd/src/include/compat.h delete mode 100644 usr.sbin/httpd/src/include/conf.h delete mode 100644 usr.sbin/httpd/src/include/explain.h delete mode 100644 usr.sbin/httpd/src/include/fdcache.h delete mode 100644 usr.sbin/httpd/src/include/fnmatch.h delete mode 100644 usr.sbin/httpd/src/include/http_conf_globals.h delete mode 100644 usr.sbin/httpd/src/include/http_config.h delete mode 100644 usr.sbin/httpd/src/include/http_core.h delete mode 100644 usr.sbin/httpd/src/include/http_log.h delete mode 100644 usr.sbin/httpd/src/include/http_main.h delete mode 100644 usr.sbin/httpd/src/include/http_protocol.h delete mode 100644 usr.sbin/httpd/src/include/http_request.h delete mode 100644 usr.sbin/httpd/src/include/http_vhost.h delete mode 100644 usr.sbin/httpd/src/include/httpd.h delete mode 100644 usr.sbin/httpd/src/include/multithread.h delete mode 100644 usr.sbin/httpd/src/include/rfc1413.h delete mode 100644 usr.sbin/httpd/src/include/scoreboard.h delete mode 100644 usr.sbin/httpd/src/include/util_date.h delete mode 100644 usr.sbin/httpd/src/include/util_md5.h delete mode 100644 usr.sbin/httpd/src/include/util_script.h delete mode 100644 usr.sbin/httpd/src/include/util_uri.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/CHANGES delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/asciitab.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/dllmain.c delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/expat.html delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/hashtable.c delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/hashtable.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/iasciitab.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/latin1tab.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/nametab.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/utf8tab.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmldef.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmlparse.c delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmlparse.def delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmlparse.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmlparse.imp delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmlparsenw.def delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmlrole.c delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmlrole.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmltok.c delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmltok.def delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmltok.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmltok.imp delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.c delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.h delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmltok_ns.c delete mode 100644 usr.sbin/httpd/src/lib/expat-lite/xmltoknw.def delete mode 100644 usr.sbin/httpd/src/main/.indent.pro delete mode 100644 usr.sbin/httpd/src/main/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/main/alloc.c delete mode 100644 usr.sbin/httpd/src/main/buff.c delete mode 100644 usr.sbin/httpd/src/main/fdcache.c delete mode 100644 usr.sbin/httpd/src/main/gen_test_char.c delete mode 100644 usr.sbin/httpd/src/main/gen_uri_delims.c delete mode 100644 usr.sbin/httpd/src/main/http_config.c delete mode 100644 usr.sbin/httpd/src/main/http_core.c delete mode 100644 usr.sbin/httpd/src/main/http_log.c delete mode 100644 usr.sbin/httpd/src/main/http_main.c delete mode 100644 usr.sbin/httpd/src/main/http_protocol.c delete mode 100644 usr.sbin/httpd/src/main/http_request.c delete mode 100644 usr.sbin/httpd/src/main/http_vhost.c delete mode 100644 usr.sbin/httpd/src/main/rfc1413.c delete mode 100644 usr.sbin/httpd/src/main/util.c delete mode 100644 usr.sbin/httpd/src/main/util_date.c delete mode 100644 usr.sbin/httpd/src/main/util_md5.c delete mode 100644 usr.sbin/httpd/src/main/util_script.c delete mode 100644 usr.sbin/httpd/src/main/util_uri.c delete mode 100644 usr.sbin/httpd/src/modules/README delete mode 100644 usr.sbin/httpd/src/modules/example/.indent.pro delete mode 100644 usr.sbin/httpd/src/modules/example/Makefile delete mode 100644 usr.sbin/httpd/src/modules/example/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/modules/example/README delete mode 100644 usr.sbin/httpd/src/modules/example/mod_example.c delete mode 100644 usr.sbin/httpd/src/modules/experimental/.indent.pro delete mode 100644 usr.sbin/httpd/src/modules/experimental/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/modules/experimental/mod_auth_digest.c delete mode 100644 usr.sbin/httpd/src/modules/experimental/mod_mmap_static.c delete mode 100644 usr.sbin/httpd/src/modules/extra/.indent.pro delete mode 100644 usr.sbin/httpd/src/modules/extra/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/modules/extra/mod_define.c delete mode 100644 usr.sbin/httpd/src/modules/keynote/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/modules/keynote/mod_keynote.c delete mode 100644 usr.sbin/httpd/src/modules/keynote/mod_keynote.module delete mode 100644 usr.sbin/httpd/src/modules/proxy/.indent.pro delete mode 100644 usr.sbin/httpd/src/modules/proxy/Makefile.libdir delete mode 100644 usr.sbin/httpd/src/modules/proxy/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/modules/proxy/mod_proxy.c delete mode 100644 usr.sbin/httpd/src/modules/proxy/mod_proxy.h delete mode 100644 usr.sbin/httpd/src/modules/proxy/proxy_cache.c delete mode 100644 usr.sbin/httpd/src/modules/proxy/proxy_connect.c delete mode 100644 usr.sbin/httpd/src/modules/proxy/proxy_ftp.c delete mode 100644 usr.sbin/httpd/src/modules/proxy/proxy_http.c delete mode 100644 usr.sbin/httpd/src/modules/proxy/proxy_util.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/Makefile.libdir delete mode 100644 usr.sbin/httpd/src/modules/ssl/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/modules/ssl/README delete mode 100644 usr.sbin/httpd/src/modules/ssl/README.dsov.fig delete mode 100644 usr.sbin/httpd/src/modules/ssl/README.dsov.ps delete mode 100644 usr.sbin/httpd/src/modules/ssl/libssl.module delete mode 100644 usr.sbin/httpd/src/modules/ssl/libssl.version delete mode 100644 usr.sbin/httpd/src/modules/ssl/mod_ssl.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/mod_ssl.h delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_compat.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_dh.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_ds.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_log.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_mutex.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_expr.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_expr.h delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_expr_eval.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_expr_parse.y delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_expr_scan.l delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_scache.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_scache_shmcb.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_scache_shmht.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_util.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.h delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_util_table.c delete mode 100644 usr.sbin/httpd/src/modules/ssl/ssl_util_table.h delete mode 100644 usr.sbin/httpd/src/modules/standard/.indent.pro delete mode 100644 usr.sbin/httpd/src/modules/standard/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_access.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_actions.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_alias.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_asis.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_auth.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_auth_anon.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_auth_db.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_auth_db.module delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_autoindex.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_cern_meta.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_cgi.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_digest.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_dir.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_env.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_expires.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_headers.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_imap.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_include.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_info.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_log_agent.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_log_config.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_log_referer.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_mime.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_mime_magic.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_negotiation.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_rewrite.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_rewrite.h delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_setenvif.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_so.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_speling.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_status.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_unique_id.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_userdir.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_usertrack.c delete mode 100644 usr.sbin/httpd/src/modules/standard/mod_vhost_alias.c delete mode 100644 usr.sbin/httpd/src/os/unix/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/os/unix/os-inline.c delete mode 100644 usr.sbin/httpd/src/os/unix/os.c delete mode 100644 usr.sbin/httpd/src/os/unix/os.h delete mode 100644 usr.sbin/httpd/src/support/.indent.pro delete mode 100644 usr.sbin/httpd/src/support/Makefile.tmpl delete mode 100644 usr.sbin/httpd/src/support/README delete mode 100644 usr.sbin/httpd/src/support/SHA1/README.sha1 delete mode 100644 usr.sbin/httpd/src/support/SHA1/convert-sha1.pl delete mode 100644 usr.sbin/httpd/src/support/SHA1/htpasswd-sha1.pl delete mode 100644 usr.sbin/httpd/src/support/SHA1/ldif-sha1.example delete mode 100644 usr.sbin/httpd/src/support/apachectl delete mode 100644 usr.sbin/httpd/src/support/apachectl.8 delete mode 100644 usr.sbin/httpd/src/support/apxs.8 delete mode 100644 usr.sbin/httpd/src/support/apxs.pl delete mode 100644 usr.sbin/httpd/src/support/checkgid.c delete mode 100644 usr.sbin/httpd/src/support/dbmmanage delete mode 100644 usr.sbin/httpd/src/support/dbmmanage.1 delete mode 100644 usr.sbin/httpd/src/support/htdigest.1 delete mode 100644 usr.sbin/httpd/src/support/htdigest.c delete mode 100644 usr.sbin/httpd/src/support/htpasswd.1 delete mode 100644 usr.sbin/httpd/src/support/htpasswd.c delete mode 100644 usr.sbin/httpd/src/support/httpd.exp delete mode 100644 usr.sbin/httpd/src/support/log_server_status delete mode 100644 usr.sbin/httpd/src/support/logresolve.8 delete mode 100644 usr.sbin/httpd/src/support/logresolve.c delete mode 100644 usr.sbin/httpd/src/support/logresolve.pl delete mode 100644 usr.sbin/httpd/src/support/mkcert.sh delete mode 100644 usr.sbin/httpd/src/support/phf_abuse_log.cgi delete mode 100644 usr.sbin/httpd/src/support/rotatelogs.8 delete mode 100644 usr.sbin/httpd/src/support/rotatelogs.c delete mode 100644 usr.sbin/httpd/src/support/split-logfile delete mode 100644 usr.sbin/httpd/src/support/suexec.8 delete mode 100644 usr.sbin/httpd/src/support/suexec.c delete mode 100644 usr.sbin/httpd/src/support/suexec.h diff --git a/usr.sbin/httpd/ABOUT_APACHE b/usr.sbin/httpd/ABOUT_APACHE deleted file mode 100644 index 4a9ff02cb4e..00000000000 --- a/usr.sbin/httpd/ABOUT_APACHE +++ /dev/null @@ -1,275 +0,0 @@ - - The Apache HTTP Server Project - - http://httpd.apache.org/ - - February 2002 - -The Apache Project is a collaborative software development effort aimed -at creating a robust, commercial-grade, featureful, and freely-available -source code implementation of an HTTP (Web) server. The project is -jointly managed by a group of volunteers located around the world, using -the Internet and the Web to communicate, plan, and develop the server and -its related documentation. These volunteers are known as the Apache Group. -In addition, hundreds of users have contributed ideas, code, and -documentation to the project. This file is intended to briefly describe -the history of the Apache Group, recognize the many contributors, and -explain how you can join the fun too. - -In February of 1995, the most popular server software on the Web was the -public domain HTTP daemon developed by Rob McCool at the National Center -for Supercomputing Applications, University of Illinois, Urbana-Champaign. -However, development of that httpd had stalled after Rob left NCSA in -mid-1994, and many webmasters had developed their own extensions and bug -fixes that were in need of a common distribution. A small group of these -webmasters, contacted via private e-mail, gathered together for the purpose -of coordinating their changes (in the form of "patches"). Brian Behlendorf -and Cliff Skolnick put together a mailing list, shared information space, -and logins for the core developers on a machine in the California Bay Area, -with bandwidth and diskspace donated by HotWired and Organic Online. -By the end of February, eight core contributors formed the foundation -of the original Apache Group: - - Brian Behlendorf Roy T. Fielding Rob Hartill - David Robinson Cliff Skolnick Randy Terbush - Robert S. Thau Andrew Wilson - -with additional contributions from - - Eric Hagberg Frank Peters Nicolas Pioch - -Using NCSA httpd 1.3 as a base, we added all of the published bug fixes -and worthwhile enhancements we could find, tested the result on our own -servers, and made the first official public release (0.6.2) of the Apache -server in April 1995. By coincidence, NCSA restarted their own development -during the same period, and Brandon Long and Beth Frank of the NCSA Server -Development Team joined the list in March as honorary members so that the -two projects could share ideas and fixes. - -The early Apache server was a big hit, but we all knew that the codebase -needed a general overhaul and redesign. During May-June 1995, while -Rob Hartill and the rest of the group focused on implementing new features -for 0.7.x (like pre-forked child processes) and supporting the rapidly growing -Apache user community, Robert Thau designed a new server architecture -(code-named Shambhala) which included a modular structure and API for better -extensibility, pool-based memory allocation, and an adaptive pre-forking -process model. The group switched to this new server base in July and added -the features from 0.7.x, resulting in Apache 0.8.8 (and its brethren) -in August. - -After extensive beta testing, many ports to obscure platforms, a new set -of documentation (by David Robinson), and the addition of many features -in the form of our standard modules, Apache 1.0 was released on -December 1, 1995. - -Less than a year after the group was formed, the Apache server passed -NCSA's httpd as the #1 server on the Internet. - -The survey by Netcraft (http://www.netcraft.com/survey/) shows that Apache -is today more widely used than all other web servers combined. - - ============================================================================ - -Current Apache Group in alphabetical order as of 18 December 2001: - - Greg Ames IBM Corporation, Research Triangle Park, NC, USA - Aaron Bannert California - Brian Behlendorf Collab.Net, California - Ken Coar IBM Corporation, Research Triangle Park, NC, USA - Mark J. Cox Red Hat, UK - Lars Eilebrecht Freelance Consultant, Munich, Germany - Ralf S. Engelschall Cable & Wireless Deutschland, Munich, Germany - Justin Erenkrantz University of California, Irvine - Roy T. Fielding Day Software, California - Tony Finch Covalent Technologies, California - Dean Gaudet Transmeta Corporation, California - Dirk-Willem van Gulik Covalent Technologies, California - Brian Havard Australia - Ian Holsman CNET, California - Ben Hyde Gensym, Massachusetts - Jim Jagielski jaguNET Access Services, Maryland - Manoj Kasichainula Collab.Net, California - Alexei Kosut Stanford University, California - Martin Kraemer Munich, Germany - Ben Laurie Freelance Consultant, UK - Rasmus Lerdorf Yahoo!, California - Daniel Lopez Ridruejo Covalent Technologies, California - Doug MacEachern Covalent Technologies, California - Aram W. Mirzadeh CableVision, New York - Chuck Murcko The Topsail Group, Pennsylvania - Sameer Parekh California - David Reid UK - William A. Rowe, Jr. Covalent, Illinois - Wilfredo Sanchez Apple Computer, California - Cliff Skolnick California - Marc Slemko Canada - Joshua Slive Canada - Greg Stein California - Bill Stoddard IBM Corporation, Research Triangle Park, NC - Paul Sutton Seattle - Randy Terbush Covalent Technologies, California - Jeff Trawick IBM Corporation, Research Triangle Park, NC - Cliff Woolley University of Virginia - -Apache Emeritus (old group members now off doing other things) - - Ryan Bloom California - Rob Hartill Internet Movie DB, UK - David Robinson Cambridge University, UK - Robert S. Thau MIT, Massachusetts - Andrew Wilson Freelance Consultant, UK - -Other major contributors - - Howard Fear (mod_include), Florent Guillaume (language negotiation), - Koen Holtman (rewrite of mod_negotiation), - Kevin Hughes (creator of all those nifty icons), - Brandon Long and Beth Frank (NCSA Server Development Team, post-1.3), - Ambarish Malpani (Beginning of the NT port), - Rob McCool (original author of the NCSA httpd 1.3), - Paul Richards (convinced the group to use remote CVS after 1.0), - Garey Smiley (OS/2 port), Henry Spencer (author of the regex library). - -Many 3rd-party modules, frequently used and recommended, are also -freely-available and linked from the related projects page: -, and their authors frequently -contribute ideas, patches, and testing. - -Hundreds of people have made individual contributions to the Apache -project. Patch contributors are listed in the src/CHANGES file. -Frequent contributors have included Petr Lampa, Tom Tromey, James H. -Cloos Jr., Ed Korthof, Nathan Neulinger, Jason S. Clary, Jason A. Dour, -Michael Douglass, Tony Sanders, Brian Tao, Michael Smith, Adam Sussman, -Nathan Schrenk, Matthew Gray, and John Heidemann. - - ============================================================================ - -How to become involved in the Apache project - -There are several levels of contributing. If you just want to send -in an occasional suggestion/fix, then you can just use the bug reporting -form at . You can also subscribe -to the announcements mailing list (announce-subscribe@httpd.apache.org) which -we use to broadcast information about new releases, bugfixes, and upcoming -events. There's a lot of information about the development process (much of -it in serious need of updating) to be found at . - -If you'd like to become an active contributor to the Apache project (the -group of volunteers who vote on changes to the distributed server), then -you need to start by subscribing to the dev@httpd.apache.org mailing list. -One warning though: traffic is high, 1000 to 1500 messages/month. -To subscribe, send an email to dev-subscribe@httpd.apache.org. We -recommend reading the list for a while before trying to jump in to -development. - - NOTE: The developer mailing list (dev@httpd.apache.org) is not - a user support forum; it is for people actively working on development - of the server code and documentation, and for planning future - directions. If you have user/configuration questions, send them - to users list or to the USENET - newsgroup "comp.infosystems.www.servers.unix".or for windows users, - the newsgroup "comp.infosystems.www.servers.ms-windows". - -There is a core group of contributors (informally called the "core") -which was formed from the project founders and is augmented from time -to time when core members nominate outstanding contributors and the -rest of the core members agree. The core group focus is more on -"business" issues and limited-circulation things like security problems -than on mainstream code development. The term "The Apache Group" -technically refers to this core of project contributors. - -The Apache project is a meritocracy -- the more work you have done, the more -you are allowed to do. The group founders set the original rules, but -they can be changed by vote of the active members. There is a group -of people who have logins on our server (apache.org) and access to the -CVS repository. Everyone has access to the CVS snapshots. Changes to -the code are proposed on the mailing list and usually voted on by active -members -- three +1 (yes votes) and no -1 (no votes, or vetoes) are needed -to commit a code change during a release cycle; docs are usually committed -first and then changed as needed, with conflicts resolved by majority vote. - -Our primary method of communication is our mailing list. Approximately 40 -messages a day flow over the list, and are typically very conversational in -tone. We discuss new features to add, bug fixes, user problems, developments -in the web server community, release dates, etc. The actual code development -takes place on the developers' local machines, with proposed changes -communicated using a patch (output of a unified "diff -u oldfile newfile" -command), and committed to the source repository by one of the core -developers using remote CVS. Anyone on the mailing list can vote on a -particular issue, but we only count those made by active members or people -who are known to be experts on that part of the server. Vetoes must be -accompanied by a convincing explanation. - -New members of the Apache Group are added when a frequent contributor is -nominated by one member and unanimously approved by the voting members. -In most cases, this "new" member has been actively contributing to the -group's work for over six months, so it's usually an easy decision. - -The above describes our past and current (as of July 2000) guidelines, -which will probably change over time as the membership of the group -changes and our development/coordination tools improve. - - ============================================================================ - -The Apache Software Foundation (www.apache.org) - -The Apache Software Foundation exists to provide organizational, legal, -and financial support for the Apache open-source software projects. -Founded in June 1999 by the Apache Group, the Foundation has been -incorporated as a membership-based, not-for-profit corporation in order -to ensure that the Apache projects continue to exist beyond the participation -of individual volunteers, to enable contributions of intellectual property -and funds on a sound basis, and to provide a vehicle for limiting legal -exposure while participating in open-source software projects. - -You are invited to participate in The Apache Software Foundation. We welcome -contributions in many forms. Our membership consists of those individuals -who have demonstrated a commitment to collaborative open-source software -development through sustained participation and contributions within the -Foundation's projects. Many people and companies have contributed towards -the success of the Apache projects. - - ============================================================================ - -Why Apache Is Free - -Apache exists to provide a robust and commercial-grade reference -implementation of the HTTP protocol. It must remain a platform upon which -individuals and institutions can build reliable systems, both for -experimental purposes and for mission-critical purposes. We believe the -tools of online publishing should be in the hands of everyone, and -software companies should make their money providing value-added services -such as specialized modules and support, amongst other things. We realize -that it is often seen as an economic advantage for one company to "own" a -market - in the software industry that means to control tightly a -particular conduit such that all others must pay. This is typically done -by "owning" the protocols through which companies conduct business, at the -expense of all those other companies. To the extent that the protocols of -the World Wide Web remain "unowned" by a single company, the Web will -remain a level playing field for companies large and small. Thus, -"ownership" of the protocol must be prevented, and the existence of a -robust reference implementation of the protocol, available absolutely for -free to all companies, is a tremendously good thing. - -Furthermore, Apache is an organic entity; those who benefit from it -by using it often contribute back to it by providing feature enhancements, -bug fixes, and support for others in public newsgroups. The amount of -effort expended by any particular individual is usually fairly light, but -the resulting product is made very strong. This kind of community can -only happen with freeware -- when someone pays for software, they usually -aren't willing to fix its bugs. One can argue, then, that Apache's -strength comes from the fact that it's free, and if it were made "not -free" it would suffer tremendously, even if that money were spent on a -real development team. - -We want to see Apache used very widely -- by large companies, small -companies, research institutions, schools, individuals, in the intranet -environment, everywhere -- even though this may mean that companies who -could afford commercial software, and would pay for it without blinking, -might get a "free ride" by using Apache. We would even be happy if some -commercial software companies completely dropped their own HTTP server -development plans and used Apache as a base, with the proper attributions -as described in the LICENSE file. - -Thanks for using Apache! - diff --git a/usr.sbin/httpd/Announcement b/usr.sbin/httpd/Announcement deleted file mode 100644 index 08a4435f588..00000000000 --- a/usr.sbin/httpd/Announcement +++ /dev/null @@ -1,108 +0,0 @@ - - Apache HTTP Server 1.3.29 Released - - The Apache Software Foundation and The Apache HTTP Server Project are - pleased to announce the release of version 1.3.29 of the Apache HTTP - Server ("Apache"). This Announcement notes the significant changes - in 1.3.29 as compared to 1.3.28. The Announcement is also available - in German from http://www.apache.org/dist/httpd/Announcement.html.de. - - This version of Apache is principally a bug and security fix release. - A partial summary of the bug fixes is given at the end of this document. - A full listing of changes can be found in the CHANGES file. Of - particular note is that 1.3.29 addresses and fixes 1 potential - security issue: - - o CAN-2003-0542 (cve.mitre.org) - Fix buffer overflows in mod_alias and mod_rewrite which occurred if - one configured a regular expression with more than 9 captures. - - We consider Apache 1.3.29 to be the best version of Apache 1.3 available - and we strongly recommend that users of older versions, especially of - the 1.1.x and 1.2.x family, upgrade as soon as possible. No further - releases will be made in the 1.2.x family. - - Apache 1.3.29 is available for download from: - - http://httpd.apache.org/download.cgi - - This service utilizes the network of mirrors listed at: - - http://www.apache.org/mirrors/ - - Please consult the CHANGES_1.3 file for a full list of changes. - - As of Apache 1.3.12 binary distributions contain all standard Apache - modules as shared objects (if supported by the platform) and include - full source code. Installation is easily done by executing the - included install script. See the README.bindist and INSTALL.bindist - files for a complete explanation. Please note that the binary - distributions are only provided for your convenience and current - distributions for specific platforms are not always available. Win32 - binary distributions are based on the Microsoft Installer (.MSI) - technology. While development continues to make this installation method - more robust, questions should be directed to the - news:comp.infosystems.www.servers.ms-windows newsgroup. - - For an overview of new features introduced after 1.2 please see - - http://httpd.apache.org/docs/new_features_1_3.html - - In general, Apache 1.3 offers several substantial improvements over - version 1.2, including better performance, reliability and a wider - range of supported platforms, including Windows NT and 2000 (which - fall under the "Win32" label), OS2, Netware, and TPF threaded - platforms. - - Apache is the most popular web server in the known universe; over half - of the servers on the Internet are running Apache or one of its - variants. - - IMPORTANT NOTE FOR APACHE USERS: Apache 1.3 was designed for Unix OS - variants. While the ports to non-Unix platforms (such as Win32, Netware - or OS2) are of an acceptable quality, Apache 1.3 is not optimized for - these platforms. Security, stability, or performance issues on these - non-Unix ports do not generally apply to the Unix version, due to - software's Unix origin. - - Apache 2.0 has been structured for multiple operating systems from its - inception, by introducing the Apache Portability Library and MPM modules. - Users on non-Unix platforms are strongly encouraged to move up to - Apache 2.0 for better performance, stability and security on their - platforms. - - Apache 1.3.29 Major changes - - Security vulnerabilities - - * CAN-2003-0542 (cve.mitre.org) - Fix buffer overflows in mod_alias and mod_rewrite which occurred if - one configured a regular expression with more than 9 captures. - - New features - - New features that relate to specific platforms: - - * Enabled RFC1413 ident functionality for both Win32 and - NetWare platforms. This also included an alternate thread safe - implementation of the socket timout functionality when querying - the identd daemon. - - Bugs fixed - - The following noteworthy bugs were found in Apache 1.3.28 (or earlier) - and have been fixed in Apache 1.3.29: - - * Within ap_bclose(), ap_pclosesocket() is now called consistently - for sockets and ap_pclosef() for files. Also, closesocket() - is used consistenly to close socket fd's. The previous - confusion between socket and file fd's would cause problems - with some applications now that we proactively close fd's to - prevent leakage. PR 22805. - - * Fixed mod_usertrack to not get false positive matches on the - user-tracking cookie's name. PR 16661. - - * Prevent creation of subprocess Zombies when using CGI wrappers - such as suEXEC and cgiwrap. PR 21737. - diff --git a/usr.sbin/httpd/CHANGES b/usr.sbin/httpd/CHANGES deleted file mode 100644 index 4f36295a07b..00000000000 --- a/usr.sbin/httpd/CHANGES +++ /dev/null @@ -1,128 +0,0 @@ - OVERVIEW OF NEW FEATURES IN APACHE 1.2 - -New features with this release, as extensions of the Apache functionality -For more information, see the documentation included with this release -(htdocs/manual/) or http://www.apache.org/docs/ - -In addition to a number of bug fixes and internal performance -enhancements, Apache 1.2 has the following specific new user -features: - - - *) HTTP/1.1 Compliance - Aside from the optional proxy module (which operates as HTTP/1.0), - Apache is conditionally compliant with the HTTP/1.1 proposed standard, - as approved by the IESG and the IETF HTTP working group. - HTTP/1.1 provides a much-improved protocol, and should allow for - greater performance and efficiency when transferring files. Apache - does, however, still work great with HTTP/1.0 browsers. We are very - close to being unconditionally compliant; if you note any deviance - from the proposed standard, please report it as a bug. - - *) eXtended Server Side Includes (XSSI) - A new set of server-side include directives allows the user to - better create WWW pages. This includes number of powerful new - features, such as the ability to set variables and use conditional - HTML. - - *) File-based and Regex-enabled Directive Sections - The new section allows directives to be enabled based on - full filename, not just directory and URL. In addition, - sections can appear in .htaccess files. , along with - and , can also now be based on regular - expressions, not just simple prefix matching. - - *) Browser-based Environment Variables - Environment variables can now be set based on the User-Agent - string of the browser. Combined with XSSI, this allows you to - write browser-based conditional HTML documents. - - *) SetUID CGI Execution - Apache now supports the execution of CGI scripts as users other - than the server user. A number of security checks are built in to - try and make this as safe as possible. - - *) URL Rewriting Module - The optional mod_rewrite module is now included. This module can - provide powerful URL mapping, using regular expressions. There's - nothing this module can't do! - - *) Enhanced, Configurable Logging - The optional mod_log_config included with earlier versions of - Apache is now standard, and has been enhanced to allow logging of - much more detail about the transaction, and can be used to open - more than one log at once (each of which can have a different log - format). - - *) User Tracking (Cookies) Revisions - The mod_cookies included with previous versions of Apache has been - renamed mod_usertrack, to more accurately reflect its function - (some people inadvertently thought it enabled cookie support in - Apache, which is not true - Apache supports the use of cookies - directly). It is also now possible to disable the generation of - cookies, even when the cookie module is compiled in. Also, an - expiry time can be set on the cookies. - - *) Multiple IPs in - The directive can now take more than one IP address - or hostname. This lets a single vhost handles requests for - multiple IPs or hostnames. - - *) CGI Debugging Environment - ScriptLog allows you to now set up a log that records all input - and output to failed CGI scripts. This includes environment - variables, input headers, POST data, output, and more. This makes - CGI scripts much easier to debug. - - *) Resource Limits for CGI Scripts - New directives allow the limiting of resources used by CGI scripts - (e.g. max CPU time). This is helpful in preventing 'runaway' CGI - processes. - - *) Redirect Directive Can Return Alternate Status - The Redirect directive can return permanent or temporary redirects, - "Gone" or "See Other" HTTP status. For NCSA-compatibility, - RedirectTemp and RedirectPermanent are also implemented. - - *) Graceful Restarts - Apache can re-read the config files and re-open log files without - terminating transactions in progress. - - *) Simplified Compilation - The process of configuring Apache for compilation has been - simplified. - - *) Add or Remove Options - The Options directive can now add or remove options from those - currently in force, rather than always replacing them. - - *) Command-line Help - The -h command-line option now lists all the available directives. - - *) Optional Headers Module to Set or Remove HTTP Headers - The optional mod_headers module can be used to set custom headers - in the HTTP response. It can append to existing headers, replace - them, or remove headers from the response. - - *) Conditional Config Directives - A new section allows directives to be enabled only if a - given module is loaded into the server. - - *) Authorization Directives Now Use NCSA-style Syntax - The AuthUserFile, AuthGroupFile and AuthDigestFile commands now - have a syntax compatible with the NCSA server. - - *) Optional Proxy Module - An improved FTP, HTTP, and CONNECT mode SSL proxy is included with - Apache 1.2. Some of the changes visible to users: - - - Improved FTP proxy supporting PASV mode - - CONNECT mode ports are configurable from a list - - NoCache * directive for disabling proxy caching - - Numerous bug fixes - - *) Optional Example Module - An example module that demonstrates many of the aspects of the - API is now included with Apache as of version 1.2. It can be - used as a base for those who wish to write their own Apache - modules. diff --git a/usr.sbin/httpd/INSTALL b/usr.sbin/httpd/INSTALL deleted file mode 100644 index 767a0df3f07..00000000000 --- a/usr.sbin/httpd/INSTALL +++ /dev/null @@ -1,547 +0,0 @@ - - APACHE INSTALLATION - - NOTE: Windows users please read the documents README-WIN.txt and - http://httpd.apache.org/docs/windows.html, (or the - htdocs/manual/windows.html file included with Apache). - The following applies only to Unix users. - - Introduction - ============ - - Like all good things, there are two ways to configure, compile, and install - Apache. You can go for the 3-minute installation process using the APACI - process described below; or, you can opt for the same mechanism used in - previous versions of Apache, as described in the file 'src/INSTALL'. Each - mechanism has its benefits and drawbacks - APACI is newer and a little more - raw, but it gets you up and running the least amount of time, whereas the - "Configuration.tmpl" mechanism may be more familiar and give you some more - flexibility to the power user. We'd be very interested in your comments and - feedback regarding each approach. - - - Installing the Apache 1.3 HTTP server with APACI - ================================================ - - 1. Overview for the impatient - -------------------------- - - $ ./configure --prefix=PREFIX - $ make - $ make install - $ PREFIX/bin/apachectl start - - NOTE: PREFIX is not the string "PREFIX". Instead use the Unix - filesystem path under which Apache should be installed. For - instance use "/usr/local/apache" for PREFIX above. - - 2. Requirements - ------------ - - The following requirements exist for building Apache: - - o Disk Space: - - Make sure you have approximately 12 MB of temporary free disk space - available. After installation Apache occupies approximately 3 MB of - disk space (the actual required disk space depends on the amount of - compiled in third party modules, etc). - - o ANSI-C Compiler: - - Make sure you have an ANSI-C compiler installed. The GNU C compiler - (GCC) from the Free Software Foundation (FSF) is recommended (version - 2.7.2 is fine). If you don't have GCC then at least make sure your - vendors compiler is ANSI compliant. You can find the homepage of GNU - at http://www.gnu.org/ and the GCC distribution under - http://www.gnu.org/order/ftp.html . - - o Perl 5 Interpreter [OPTIONAL]: - - For some of the support scripts like `apxs' or `dbmmanage' (which are - written in Perl) the Perl 5 interpreter is required (versions 5.003 - and 5.004 are fine). If no such interpreter is found by APACI's - `configure' script this is no harm. Of course, you still can build - and install Apache 1.3. Only those support scripts cannot be used. If - you have multiple Perl interpreters installed (perhaps a Perl 4 from - the vendor and a Perl 5 from your own), then it is recommended to use - the --with-perl option (see below) to make sure the correct one is - selected by APACI. - - o Dynamic Shared Object (DSO) support [OPTIONAL]: - - To provide maximum flexibility Apache now is able to load modules - under runtime via the DSO mechanism by using the pragmatic - dlopen()/dlsym() system calls. These system calls are not available - under all operating systems therefore you cannot use the DSO mechanism - on all platforms. And Apache currently has only limited built-in - knowledge on how to compile shared objects because this is heavily - platform-dependent. The current state is this: - - o Out-of-the-box supported platforms are: - - Linux - SunOS - UnixWare - Darwin/Mac OS - - FreeBSD - Solaris - AIX - OpenStep/Mach - - OpenBSD - IRIX - SCO - DYNIX/ptx - - NetBSD - HPUX - ReliantUNIX - - BSDI - Digital Unix - DGUX - - o Entirely unsupported platforms are: - - Ultrix - - If your system is not on these lists but has the dlopen-style - interface, you either have to provide the appropriate compiler and - linker flags (see CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT - below) manually or at least make sure a Perl 5 interpreter is - installed from which Apache can guess the options. - - For more in-depth information about DSO support in Apache 1.3 please - read the document htdocs/manual/dso.html carefully. Especially the - section entitled "Advantages & Disadvantages" because using the DSO - mechanism can have strange side-effects if you are not careful. BE - WARNED! - - 3. Configuring the source tree - --------------------------- - - NOTE: Although we'll often advise you to read the src/Configuration.tmpl - file parts to better understand the various options in this - section, there is _AT NO TIME_ any need to _EDIT_ this file. The - _COMPLETE_ configuration takes place via command line arguments and - local shell variables for the ./configure script. The - src/Configuration.tmpl file is just a _READ-ONLY_ resource, here. - - Introduction: - - The next step is to configure the Apache source tree for your particular - platform and personal requirements. The most important setup here is the - location prefix where Apache is to be installed later, because Apache has - to be configured for this location to work correctly. But there are a lot - of other options available for your pleasure. - - For a short impression of what possibilities you have, here is a typical - example which compiles Apache for the installation tree /sw/pkg/apache - with a particular compiler and flags plus the two additional modules - mod_rewrite and mod_proxy for later loading through the DSO mechanism: - - $ CC="pgcc" OPTIM="-O2" \ - ./configure --prefix=/sw/pkg/apache \ - --enable-module=rewrite --enable-shared=rewrite \ - --enable-module=proxy --enable-shared=proxy - - The complete reference of all configuration possibilities follows. For - more real-life configuration examples please check out the file - README.configure. - - Reference: - - $ [CC=...] [CFLAGS_SHLIB=...] [TARGET=...] - [OPTIM=...] [LD_SHLIB=...] - [CFLAGS=...] [LDFLAGS_SHLIB=...] - [INCLUDES=...] [LDFLAGS_SHLIB_EXPORT=...] - [LDFLAGS=...] [RANLIB=...] - [LIBS=...] [DEPS=...] - ./configure - [--quiet] [--prefix=DIR] [--enable-rule=NAME] - [--verbose] [--exec-prefix=PREFIX] [--disable-rule=NAME] - [--shadow[=DIR]] [--bindir=EPREFIX] [--add-module=FILE] - [--show-layout] [--sbindir=DIR] [--activate-module=FILE] - [--help] [--libexecdir=DIR] [--enable-module=NAME] - [--mandir=DIR] [--disable-module=NAME] - [--sysconfdir=DIR] [--enable-shared=NAME] - [--datadir=DIR] [--disable-shared=NAME] - [--includedir=DIR] [--permute-module=N1:N2] - [--localstatedir=DIR] - [--runtimedir=DIR] [--enable-suexec] - [--logfiledir=DIR] [--suexec-caller=UID] - [--proxycachedir=DIR] [--suexec-docroot=DIR] - [--with-layout=[FILE:]ID] [--suexec-logfile=FILE] - [--suexec-userdir=DIR] - [--with-perl=FILE] [--suexec-uidmin=UID] - [--without-support] [--suexec-gidmin=GID] - [--without-confadjust] [--suexec-safepath=PATH] - [--without-execstrip] - [--server-uid=UID] - [--server-gid=GID] - - Use the CC, OPTIM, CFLAGS, INCLUDES, LDFLAGS, LIBS, CFLAGS_SHLIB, - LD_SHLIB, LDFLAGS_SHLIB, LDFLAGS_SHLIB_EXPORT, RANLIB, DEPS and TARGET - environment variables to override the corresponding default entries in - the src/Configuration.tmpl file (see there for more information about - their usage). - - Note: The syntax ``KEY=VALUE ./configure ...'' (one single line!) is - the GNU Autoconf compatible way of specifying defines and can - be used with Bourne shell compatible shells only (sh, bash, - ksh). If you use a different type of shell either use ``env - KEY=VALUE ./configure ...'' when the `env' command is available - on your system or use ``setenv KEY VALUE; ./configure ...'' if - you use one of the C-shell variants (csh, tcsh). - - Note: The above parameter names are the canonical ones used in - Autoconf-style interfaces. But because src/Configuration.tmpl - uses the prefix EXTRA_ for some variables (e.g. EXTRA_CFLAGS) - these variants are accepted for backward-compatibility reasons, - too. But please use the canonical Autoconf-style names and - don't rely on this. - - Use the --prefix=PREFIX and --exec-prefix=EPREFIX options to configure - Apache to use a particular installation prefix. The default is - PREFIX=/usr/local/apache and EPREFIX=PREFIX. - - Use the --bindir=DIR, --sbindir=DIR, --libexecdir=DIR, --mandir=DIR, - --sysconfdir=DIR, --datadir=DIR, --includedir=DIR, --localstatedir=DIR, - --runtimedir=DIR, --logfiledir=DIR and proxycachedir=DIR option to change - the paths for particular subdirectories of the installation tree. - Defaults are bindir=EPREFIX/bin, sbindir=EPREFIX/sbin, - libexecdir=EPREFIX/libexec, mandir=PREFIX/man, sysconfdir=PREFIX/etc, - datadir=PREFIX/share, includedir=PREFIX/include, - localstatedir=PREFIX/var, runtimedir=PREFIX/var/run, - logfiledir=PREFIX/var/log and proxycachedir=PREFIX/var/proxy. - - Note: To reduce the pollution of shared installation locations - (like /usr/local/ or /etc) with Apache files to a minimum the - string ``/apache'' is automatically appended to 'libexecdir', - 'sysconfdir', 'datadir', 'localstatedir' and 'includedir' if - (and only if) the following points apply for each path - individually: - - 1. the path doesn't already contain the word ``apache'' - 2. the path was not directly customized by the user - - Keep in mind that per default these paths are derived from - 'prefix' and 'exec-prefix', so usually its only a matter - whether these paths contain ``apache'' or not. Although the - defaults were defined with experience in mind you always should - make sure the paths fit your situation by checking the finally - chosen paths via the --show-layout option. - - Use the --with-layout=[F:]ID option to select a particular installation - path base-layout. There are many layouts pre-defined in the file - config.layout. Except on MacOS(X) configure defaults to the `Apache' - classical path layout. You can get an overview of the existing layouts - by using the command: - - grep "^..." section to config.layout and - use --with-layout=FOO or place it into your own file, say config.mypaths, - and use --with-layout=config.mypaths:FOO. - - Use the --show-layout option to check the final installation path layout - while fiddling with the options above. - - Use the --enable-rule=NAME and --disable-rule=NAME options to enable or - disable a particular Rule from the Apache src/Configuration.tmpl file. The - defaults (yes=enabled, no=disabled) can either be seen when running - `./configure --help' or manually looked up in the src/Configuration.tmpl - file. - - Use the --add-module=FILE option to copy a module source file to the - Apache src/modules/extra/ directory and on-the-fly add an entry for it in - the configuration file. FILE has to be a valid path to a C source file - outside the Apache source tree, for instance /path/to/mod_foo.c, or a - path to an already existing C source code file in src/modules/extra/, such - as src/modules/extra/mod_foo.c, in which case no copying will be done. - The added module is automatically activated and enabled. Use this option - to automatically include a simple third-party module to the Apache build - process. - - Use the --activate-module=FILE option to add an entry for an existing - module object or library file into the configuration file on-the-fly. - FILE has to be a valid path beginning with "src/modules/", and the - corresponding file has to have been copied to this location in the Apache - source tree before running configure. The module is automatically - enabled. Use this option to automatically include a complex third-party - module to the Apache build process where, for instance a module like - mod_perl or mod_php3 consisting of more than one file which are created - by a third-party configuration scheme. - - Use the --enable-module=NAME and --disable-module=NAME options to enable - or disable a particular already distributed module from the Apache - src/Configuration.tmpl file. The correct module names (no `mod_' prefix!) - and defaults (yes=enabled, no=disabled) can be seen when running - `./configure --help'. There are two special NAME variants: `all' for - enabling or disabling all modules and `most' for enabling or disabling - only these modules which are useable on all platforms (currently this is - `all' minus the modules `auth_db', `log_agent', `log_referer', `example', - `so' and `mmap_static'). For a compact overview of available modules see - the following list (remove the `mod_' prefix to get the NAME). - - _________________________________________________________________________ - LIST OF AVAILABLE MODULES - - Environment creation - (+) mod_env .......... Set environment variables for CGI/SSI scripts - (+) mod_setenvif ..... Set environment variables based on HTTP headers - (-) mod_unique_id .... Generate unique identifiers for request - Content type decisions - (+) mod_mime ......... Content type/encoding determination (configured) - (-) mod_mime_magic ... Content type/encoding determination (automatic) - (+) mod_negotiation .. Content selection based on the HTTP Accept* headers - URL mapping - (+) mod_alias ........ Simple URL translation and redirection - (-) mod_rewrite ...... Advanced URL translation and redirection - (+) mod_userdir ...... Selection of resource directories by username - (-) mod_speling ...... Correction of misspelled URLs - Directory Handling - (+) mod_dir .......... Directory and directory default file handling - (+) mod_autoindex .... Automated directory index file generation - Access Control - (+) mod_access ....... Access Control (user, host, network) - (+) mod_auth ......... HTTP Basic Authentication (user, passwd) - (-) mod_auth_dbm ..... HTTP Basic Authentication via Unix NDBM files - (-) mod_auth_db ...... HTTP Basic Authentication via Berkeley-DB files - (-) mod_auth_anon .... HTTP Basic Authentication for Anonymous-style users - (-) mod_digest ....... HTTP Digest Authentication - HTTP response - (-) mod_headers ...... Arbitrary HTTP response headers (configured) - (-) mod_cern_meta .... Arbitrary HTTP response headers (CERN-style files) - (-) mod_expires ...... Expires HTTP responses - (+) mod_asis ......... Raw HTTP responses - Scripting - (+) mod_include ...... Server Side Includes (SSI) support - (+) mod_cgi .......... Common Gateway Interface (CGI) support - (+) mod_actions ...... Map CGI scripts to act as internal `handlers' - Internal Content Handlers - (+) mod_status ....... Content handler for server run-time status - (-) mod_info ......... Content handler for server configuration summary - Request Logging - (+) mod_log_config ... Customizable logging of requests - (-) mod_log_agent .... Specialized HTTP User-Agent logging (deprecated) - (-) mod_log_referer .. Specialized HTTP Referrer logging (deprecated) - (-) mod_usertrack .... Logging of user click-trails via HTTP Cookies - Miscellaneous - (+) mod_imap ......... Server-side Image Map support - (-) mod_proxy ........ Caching Proxy Module (HTTP, HTTPS, FTP) - (-) mod_so ........... Dynamic Shared Object (DSO) bootstrapping - Experimental - (-) mod_mmap_static .. Caching of frequently served pages via mmap() - Development - (-) mod_example ...... Apache API demonstration (developers only) - _________________________________________________________________________ - (+) = enabled per default [disable with --disable-module] - (-) = disabled per default [enable with --enable-module ] - - - Use the --enable-shared=NAME and --disable-shared=NAME options to enable - or disable the shared object support for a particular module from the - Apache src/Configuration.tmpl file. The defaults (yes=enabled, - no=disabled) can be seen when running `./configure --help'. There are two - special NAME variants: `max' for enabling or disabling DSO on all modules - except the bootstrapping `so' module and `remain' for enabling or - disabling DSO for only those modules which are still not enabled (which - this way implicitly enables them itself). - - Note 1: The --enable-shared option DOES NOT AUTOMATICALLY enable the - module because there are variants like `--enable-shared=max' - which should not imply `--enable-module=all'. - - Note 2: Per default the DSO mechanism is globally disabled, i.e. no - modules are build as shared objects. - - Note 3: The usage of any --enable-shared option automatically implies - a --enable-module=so option because the bootstrapping module - mod_so is always needed for DSO support. - - Note 4: When you later want to extend your Apache installation via - third-party modules through the DSO+APXS mechanism make sure - that you at least compile with mod_so included, even when no - distributed modules are build as shared objects. This can be - achieved by explicitly using --enable-module=so. - - Note 5: Some platforms require --enable-rule=SHARED_CORE for - the DSO mechanism to work, i.e. when you want to use - --enable-shared for some modules on these platforms you also - have to enable the SHARED_CORE rule. For more details please - read the document `htdocs/manual/dso.html'. - - Use the --permute-module=N1:N2 option to permutate the AddModule lines of - modules mod_N1 and mod_N2 in the Configuration file. This way one can - give modules different priorities. Two special and important variants - are supported for the option argument: first BEGIN:N which permutes - module mod_N with the begin of the module list, i.e. it `moves' the - module to the begin of the list (gives it lowest priority). And second - N:END which permutes mod_N with the end of the module list, i.e. it - `moves' the module to the end of the list (gives it highest priority). - - Use the --with-perl=FILE option to select a particular Perl interpreter - executable to be used with Apache. Per default APACI tries to find it - automatically. But if multiple Perl instances exist on your system you - have to select the correct one manually. - - Use the --without-support option to explicitly disable the build and - installation of support tools from the src/support/ area. This can be - useful when you have compilation problems with one or more of these not - programs on your platform or if you just don't need them. - - Use the --without-confadjust option to explicitly disable some built - user/situation dependent adjustments to the config files (Group, Port, - ServerAdmin, ServerName, etc.). This is usually only interesting for - vendor package maintainers who wants to force the keeping of defaults. - - Use the --without-execstrip option to disable the stripping of - executables on installation. This can be important on some platforms in - combination with --enable-rule=SHARED_CORE or when Apache was built with - debugging symbols which shouldn't be lost. - - Use the --enable-suexec option to enable the suEXEC feature by building - and installing the "suexec" support program. Use --suexec-caller=UID to - set the allowed caller user id, --suexec-userdir=DIR to set the user - subdirectory, --suexec-docroot=DIR to set the suexec root directory, - --suexec-uidmin=UID/--suexec-gidmin=GID to set the minimal allowed - UID/GID, --suexec-logfile=FILE to set the logfile and - --suexec-safepath=PATH to set the safe shell PATH for the suEXEC - feature. At least one --suexec-xxxxx option has to be provided together - with the --enable-suexec option to let APACI accept your request for - using the suEXEC feature. - - CAUTION: FOR DETAILS ABOUT THE SUEXEC FEATURE WE HIGHLY RECOMMEND YOU TO - FIRST READ THE DOCUMENT htdocs/manual/suexec.html BEFORE USING - THE ABOVE OPTIONS. - - USING THE SUEXEC FEATURE PROPERLY CAN REDUCE CONSIDERABLY THE - SECURITY RISKS INVOLVED WITH ALLOWING USERS TO DEVELOP AND RUN - PRIVATE CGI OR SSI PROGRAMS. HOWEVER, IF SUEXEC IS IMPROPERLY - CONFIGURED, IT CAN CAUSE ANY NUMBER OF PROBLEMS AND POSSIBLY - CREATE NEW HOLES IN YOUR COMPUTER'S SECURITY. IF YOU AREN'T - FAMILIAR WITH MANAGING SETUID ROOT PROGRAMS AND THE SECURITY - ISSUES THEY PRESENT, WE HIGHLY RECOMMEND THAT YOU NOT CONSIDER - USING SUEXEC AND KEEP AWAY FROM THESE OPTIONS! - - Use the --shadow option to let APACI create a shadow source tree of the - sources for building. This is useful when you want to build for different - platforms in parallel (usually through a NFS, AFS or DFS mounted - filesystem). You may specify a directory to the --shadow option into - which the shadow tree will be created. - - Use the --quiet option to disable all configuration verbose messages. - - Use the --verbose option to enable additional verbose messages. - - Use the --server-uid option to specify the user ID you want the server to run - as. If not specified the server will run as user nobody. If the user ID - specified is different than the ID of the user starting the server, you need to - start the server as root. - - Use the --server-gid option to specify the group ID you want the server user ID to - be a member of. If not specified, the group ID will be #-1. - - 4. Building the package - -------------------- - - Now you can build the various parts which form the Apache package by - simply running the command - - $ make - - Please be patient here, this takes approximately 2 minutes to complete - under a Pentium-166/FreeBSD-2.2 system, dependend on the amount of - modules you have enabled. - - 5. Installing the package - ---------------------- - - Now its time to install the package under the configured installation - PREFIX (see --prefix option above) by running: - - $ make install - - For the paranoid hackers under us: The above command really installs under - prefix _only_, i.e. no other stuff from your system is touched. Even if - you upgrade an existing installation your configuration files in - PREFIX/etc/ are preserved. - - Note for package authors: - - To simplify rolling a package tarball from the installed files APACI - provides a way to override the installation root for the install step. - Additionally you can get rid of the user message at the end of the - installation process by using the `install-quiet' target. Example: - - $ make install-quiet root=/tmp/apache-root - - Notes for specific platforms: - - NOTE: Please note that for re-installing Apache on AIX you should use the - command `slibclean' before using `make install' to really unload - any old versions of the DSO's that might still be cached by the - dynamic loader. - - 6. Testing the package - ------------------- - - Now you can fire up your Apache HTTP server by immediately running - - $ PREFIX/bin/apachectl start - - and then you should be able to request your first document via URL - http://localhost/ (when you built and installed Apache as root or at - least used the --without-confadjust option) or http://localhost:8080/ - (when you built and installed Apache as a regular user). Then stop the - server again by running: - - $ PREFIX/bin/apachectl stop - - 7. Customizing the package - ----------------------- - - Finally you can customize your Apache HTTP server by editing the - configuration files under PREFIX/etc/. - - $ vi PREFIX/etc/httpd.conf - $ vi PREFIX/etc/access.conf - $ vi PREFIX/etc/srm.conf - - Have a look at the Apache manual under htdocs/manual/ or - http://www.apache.org/docs/ for a complete reference of available - configuration directives. - - 8. Preparing the system - -------------------- - - Proper operation of a public HTTP server requires at least the following: - - 1. A correctly working TCP/IP layer, since HTTP is implemented on top of - TCP/IP. Although modern Unix platforms have good networking layers, - always make sure you have all official vendor patches referring to the - network layer applied. - - 2. Accurate time keeping, since elements of the HTTP protocol are - expressed as the time of day. So, it's time to investigate setting - some time synchronization facility on your system. Usually the ntpdate - or xntpd programs are used for this purpose which are based on the - Network Time Protocol (NTP). See the Usenet newsgroup - comp.protocols.time.ntp and the NTP homepage at - http://www.eecis.udel.edu/~ntp/ for more details about NTP software - and public time servers. - - 9. Contacts - -------- - - o If you want to be informed about new code releases, bug fixes, - security fixes, general news and information about the Apache server - subscribe to the announcements mailing list as described under - http://httpd.apache.org/lists.html#http-announce - - o If you want freely available support for running Apache please join the - Apache user community by subscribing at least to the following USENET - newsgroup: - comp.infosystems.www.servers.unix - - o If you want commercial support for running Apache please contact - one of the companies and contractors which are listed at - http://www.apache.org/info/support.cgi - - o If you have a concrete bug report for Apache please go to the - Apache Group Bug Database and submit your report: - http://httpd.apache.org/bug_report.html - - o If you want to participate in actively developing Apache please - subscribe to the `dev@httpd.apache.org' mailing list as described at - http://dev.apache.org/mailing-lists - - Thanks for running Apache. - The Apache Group - http://www.apache.org/ - diff --git a/usr.sbin/httpd/INSTALL.SSL b/usr.sbin/httpd/INSTALL.SSL deleted file mode 100644 index 1b25cd23312..00000000000 --- a/usr.sbin/httpd/INSTALL.SSL +++ /dev/null @@ -1,561 +0,0 @@ - _ _ - _ __ ___ ___ __| | ___ ___| | mod_ssl - | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org - |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org - |_____| - _____________________________________________________________________________ - - ``The world does not really need - Apache-SSL easier to install.'' - -- Ben Laurie, Apache-SSL author - INSTALLATION (Unix) - - Introduction - ____________ - - Because mod_ssl is a complex package there are a lot of installation - variants and options. For this different documents exists which explain - special things: Read this document when you want to install Apache+mod_ssl - under Unix. Read the INSTALL.Win32 document when you want to install it - under the Win32 (Windows 95/98/NT) platform. - - Prerequisites - _____________ - - To use mod_ssl you need the following packages: - - o Package: Apache - Version: 1.3.x - Description: The Apache Group HTTP Server - Reason: The webserver base package on which all is based - Homepage: http://www.apache.org/ - Distribution: http://www.apache.org/dist/ - Tarball: apache_1.3.x.tar.gz - Location: SF, USA - Author(s): The Apache Group - Type: MANDATORY - - o Package: mod_ssl - Version: 2.8.x - Description: The Apache Interface to OpenSSL - Reason: The interface module for Apache - Homepage: http://www.modssl.org/ - Distribution: ftp://ftp.modssl.org/source/ - Tarball: mod_ssl-2.8.x-1.3.x.tar.gz - Location: Zurich, Switzerland, Europe - Author(s): Ralf S. Engelschall - Type: MANDATORY - - o Package: OpenSSL - Version: 0.9.x - Description: The Open Source Toolkit for SSL/TLS - Reason: The library which implements SSL/TLS - Homepage: http://www.openssl.org/ - Distribution: ftp://ftp.openssl.org/source/ - Tarball: openssl-0.9.x.tar.gz - Location: Zurich, Switzerland, Europe - Author(s): The OpenSSL Project - Type: MANDATORY - - o Package: MM - Version: 1.1.x - Description: Shared Memory Library - Reason: The portable library for shared memory in Apache/EAPI - Homepage: http://www.engelschall.com/sw/mm/ - Distribution: http://www.engelschall.com/sw/mm/ - Tarball: mm-1.1.x.tar.gz - Location: Zurich, Switzerland, Europe - Author(s): Ralf S. Engelschall - Type: OPTIONAL - - o Package: GZip - Version: 1.2.4 - Description: The compression utility - Reason: To unpack the above tarballs - Homepage: http://www.gnu.org/ - Distribution: ftp://ftp.gnu.org/pub/gnu/ - Tarball: gzip-1.2.4.tar.Z - Location: USA - Author(s): Free Software Foundation (FSF) - Type: MANDATORY - - o Package: Perl - Version: 5.6.0 - Description: The Practical Extraction and Reporting Language - Reason: To configure OpenSSL and for APXS tool in Apache - Homepage: http://www.perl.com/ - Distribution: http://www.cpan.org/src/5.0/ - Tarball: perl-5.6.0.tar.gz - Location: USA - Author(s): Larry Wall - Type: MANDATORY - - Installation - ____________ - - The following is a step-by-step list on how to install an SSL-aware Apache. - The actual steps you have to perform depend on the location where _YOU_ and - your webserver stay. So the commands are marked at the right-side with the - following tags: - - EU ........ Command has to be run by citizens of a European state ONLY - ALL ....... Command has to be run by ANYONE, independent of location - OPTIONAL .. Command is optional and not really needed - - Now follow these steps: - (the syntax is for a Bourne-Shell style shell, when you're using a C-Shell - style shell you've to adjust the commands according to your shell's manual) - - 1. Make sure GZip and Perl are already installed and available through the - commands `gzip' and `perl'. They are needed for unpacking the tarballs - and for configuring OpenSSL. When you've these packages still not - installed, do this first. - - 2. Extract the required packages: - - $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - ALL - $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - ALL - $ gzip -d -c openssl-0.9.x.tar.gz | tar xvf - ALL - $ gzip -d -c mm-1.1.x.tar.gz | tar xvf - OPTIONAL - - 3. Configure and build the OpenSSL library: - - $ cd openssl-0.9.x ALL - $ sh config \ ALL - no-idea \ EU - no-threads \ OPTIONAL - -fPIC OPTIONAL - $ make ALL - $ make test OPTIONAL - $ cd .. ALL - - NOTE: OpenSSL understands a lot more options on the `config' - command line. For instance you can add some command line - options (like `-DSSL_FORBID_ENULL' for not allowing Null - encryptions, or adding `-DSSL_ALLOW_ADH' for allowing - Anonymous Diffie-Hellman ciphers, etc) to adjust the OpenSSL - internals (see OpenSSL's top-level Makefile for details). - - NOTE: When your system already has OpenSSL installed (for instance some - Linux distributions ship with OpenSSL installed out-of-the-box) in - system locations you can ignore the OpenSSL steps above, too. Then - use `SSL_BASE=SYSTEM' instead of `SSL_BASE=../openssl-0.9.x' below - and mod_ssl will search for OpenSSL's binary, header and library - files in $PATH and system locations. - - NOTE: The -fPIC option builds OpenSSL with Position Independent Code - (PIC) which is only important when building mod_ssl as a - Dynamic Shared Object (DSO). Please notice, that you really - have to use -fPIC and not -fpic, as the latter will usually - cause the build to fail. See below for more details. - - NOTE: The optional `no-threads' keyword above is to increase - performance inside OpenSSL, because Apache 1.3 does not - use threads anyway. However, OpenSSL, if built without - `no-threads', by default builds with multi-threading support. - This multi-threading support involves using locking around a - lot of internal object manipulation (esp. reference counts). - The fact that it is not possible in Apache 1.3 to have - threads racing on any kind of object internal to OpenSSL - means that any overhead (memory and/or time) relating to - these locking mechanisms is wasted by default. - - 4. Optionally you now can build the MM Shared Memory library when you want - shared memory support in Apache/EAPI. For instance this allows mod_ssl to - use a high-performance RAM-based session cache instead of a disk-based - one. - - $ cd mm-1.1.x OPTIONAL - $ ./configure --disable-shared OPTIONAL - $ make OPTIONAL - $ cd .. OPTIONAL - - NOTE: When your system already has MM installed in system locations - you can ignore the steps above and then use `EAPI_MM=SYSTEM' - instead of `EAPI_MM=../mm-1.1.x' below. - - NOTE: Do not forget the --disable-shared option above. Else you've - to establish an explicit LD_LIBRARY_PATH which includes the - /path/to/mm-1.1.x/.libs/ directory or the compilation of Apache - will fail because the shared library cannot be found. - - 5. Now apply the mod_ssl source extension and source patches to the Apache - source tree, configure the Apache sources and build Apache with mod_ssl - and OpenSSL. - - Actually here you have three options: - (dependent on your situation and personal skill ;-) - - a) The All-In-One mod_ssl+APACI way [FOR JOE AVERAGE]: - - You configure Apache semi-automatically from within mod_ssl's - `configure' script. You don't have to fiddle with the SSL_BASE - variable but get no intermediate chance to add more third-party - Apache modules (e.g. mod_perl, PHP3, etc). - - $ cd mod_ssl-2.8.x-1.3.x ALL - $ ./configure \ ALL - --with-apache=../apache_1.3.x \ ALL - --with-ssl=../openssl-0.9.x \ ALL - --with-mm=../mm-1.1.x \ OPTIONAL - --with-crt=/path/to/your/server.crt \ OPTIONAL - --with-key=/path/to/your/server.key \ OPTIONAL - --prefix=/path/to/apache \ ALL - [--enable-shared=ssl] \ OPTIONAL - [--disable-rule=SSL_COMPAT] \ OPTIONAL - [--enable-rule=SSL_EXPERIMENTAL] \ OPTIONAL - [--enable-rule=SSL_VENDOR] \ OPTIONAL - [...more APACI options...] OPTIONAL - $ cd .. ALL - $ cd apache_1.3.x ALL - $ make ALL - $ make certificate OPTIONAL - $ make install ALL - $ cd .. ALL - - NOTE: The --enable-shared=ssl option enables the building of mod_ssl - as a DSO `libssl.so'. Read the INSTALL and - htdocs/manual/dso.html documents in the Apache source tree for - more information about DSO support in Apache. We strongly advise - ISPs and package maintainers to use the DSO facility for maximum - flexibility with mod_ssl. But notice that DSO is not supported - by Apache on all platforms. - - Additionally OpenSSL has problems under DSO situations on some - platforms. For instance under smart ix86 platforms like Linux - and FreeBSD when you compile a the standard OpenSSL - libcrypto.a/libssl.a libraries and link those to a mod_ssl DSO - libssl.so all works fine. While on other platforms like Solaris - 2.6 on a SPARC OpenSSL's code will dump core under run-time. - When this is the case for you, then try to recompile OpenSSL - with Position Independent Code (PIC) by adding a `-fPIC' (for - GCC) or `-KPIC' (for SVR4-style compilers) to the platform - configuration line in OpenSSL's `Configure' script. The - -fPIC option above when you build OpenSSL. - - NOTE: The --disable-rule=SSL_COMPAT option disables the building of - SSL compatibility code for older mod_ssl versions and other - Apache SSL solutions like Apache-SSL, Sioux, Stronghold, etc. - - NOTE: The --enable-rule=SSL_EXPERIMENTAL and --enable-rule=SSL_VENDOR - options enable various experimental and vendor extension code. - Please read the src/Configuration.tmpl file inside the Apache - source tree for more details. - - NOTE: You either use `--with-crt'/`--with-key' or `make certificate' - above - but never both. The `--with-crt'/`--with-key' options is - used only when you already have a real server certificate and - private key at hand while `make certificate' is to create a test - server test certificate. Read the message box which occurs after - the `make' command when building Apache for details. - - b) The flexible APACI-only way [FOR REAL HACKERS]: - - You configure Apache manually and have the chance to configure - and add third-party Apache modules like mod_perl, mod_php, - mod_frontpage, mod_dav, etc. But you have to provide the - SSL_BASE and EAPI_MM variables manually and either copy your - existing certificate manually to conf/ssl.crt/server.crt or use - `make certificate': - - $ cd mod_ssl-2.8.x-1.3.x ALL - $ ./configure \ ALL - --with-apache=../apache_1.3.x \ ALL - --with-crt=/path/to/your/server.crt \ OPTIONAL - --with-key=/path/to/your/server.key OPTIONAL - $ cd .. ALL - - [...Now add more Apache modules to the Apache source tree...] OPTIONAL - - $ cd apache_1.3.x ALL - $ SSL_BASE=../openssl-0.9.x \ ALL - EAPI_MM=../mm-1.1.x \ OPTIONAL - ./configure \ ALL - --enable-module=ssl \ ALL - --prefix=/path/to/apache \ ALL - [--enable-shared=ssl] \ OPTIONAL - [--disable-rule=SSL_COMPAT] \ OPTIONAL - [--enable-rule=SSL_EXPERIMENTAL] \ OPTIONAL - [--enable-rule=SSL_VENDOR] \ OPTIONAL - [...more APACI options...] OPTIONAL - $ make ALL - $ make certificate OPTIONAL - $ make install OPTIONAL - $ cd .. ALL - - NOTE: The optional --enable-shared=ssl option enables the building - of mod_ssl as a DSO `libssl.so'. Read the INSTALL and - htdocs/manual/dso.html documents in the Apache source tree for - more information about DSO support in Apache. We strongly advise - ISPs and package maintainers to use the DSO facility for maximum - flexibility with mod_ssl. But notice that DSO is not supported - by Apache on all platforms. - - Additionally OpenSSL has problems under DSO situations on some - platforms. For instance under smart ix86 platforms like Linux - and FreeBSD when you compile a the standard OpenSSL - libcrypto.a/libssl.a libraries and link those to a mod_ssl DSO - libssl.so all works fine. While on other platforms like Solaris - 2.6 on a SPARC OpenSSL's code will dump core under run-time. - When this is the case for you, then try to recompile OpenSSL - with Position Independent Code (PIC) by adding a `-fPIC' (for - GCC) or `-KPIC' (for SVR4-style compilers) to the platform - configuration line in OpenSSL's `Configure' script. The - -fPIC option above when you build OpenSSL. - - NOTE: The --disable-rule=SSL_COMPAT option disables the building of - SSL compatibility code for older mod_ssl versions and other - Apache SSL solutions like Apache-SSL, Sioux, Stronghold, etc. - - NOTE: The --enable-rule=SSL_EXPERIMENTAL and --enable-rule=SSL_VENDOR - options enable various experimental and vendor extension code. - Please read the src/Configuration.tmpl file inside the Apache - source tree for more details. - - c) The poor mans way known from Apache 1.2 [FOR COMPATIBILITY]: - - You configure Apache manually by editing the src/Configuration - file and running the deep-level src/Configure script. The - advantage here is that this directly follows the steps you might - be familiar with from Apache 1.2 and additionally you also have - a chance to add more third-party Apache modules like mod_perl or - mod_php because anything is done manually. But you have to edit - the SSL_BASE and EAPI_MM variables manually and more important: - you have to install the Apache package manually, too. But feel - free to be masochistic ;-) - - $ cd mod_ssl-2.8.x-1.3.x ALL - $ ./configure \ ALL - --with-apache=../apache_1.3.x \ ALL - --with-crt=/path/to/your/server.crt \ OPTIONAL - --with-key=/path/to/your/server.key OPTIONAL - $ cd .. ALL - - [...Add more Apache modules to the Apache source tree...] OPTIONAL - - $ cd apache_1.3.x/src ALL - $ cp Configuration.tmpl Configuration ALL - $ vi Configuration ALL - [...edit the SSL_BASE variable...] ALL - [...edit the EAPI_MM variable...] OPTIONAL - [...edit the `AddModule' line of libssl.a...] ALL - $ ./Configure ALL - $ make ALL - $ make certificate OPTIONAL - - Up to this point it can be acceptable, yeah? But now the friendly - world stops. The remaining installation steps have to be done manually - by coping the various files to /path/to/apache, including your - certificate, etc. That's the price for staying with the good old - days... - - 6. Try out Apache without SSL (only HTTP protocol possible): - - $ /path/to/apache/bin/apachectl start ALL - $ netscape http:/// ALL - $ /path/to/apache/bin/apachectl stop ALL - - 7. Try out Apache with SSL (both HTTP and HTTPS protocol possible): - - $ /path/to/apache/bin/apachectl startssl ALL - $ netscape http:/// ALL - $ netscape https:/// ALL - $ /path/to/apache/bin/apachectl stop ALL - - NOTE: Replace the `' with the official name of your - host. Do not enter `localhost' here, because this name has to match - the Common Name (CN) of the Subject's Distinguished Name (DN) - inside your server certificate. - - NOTE: If you have built and installed under root (uid 0), - leave out the the `' and `' strings above. - If you have built and installed under a different user than root, - replace `' with `:8080' and `' with `:8443' - above. The reason just is that Apache pre-configures the installed - configuration file for direct use (at least as long the APACI - option --without-confadjust is not used). For using the official - ports (80 for HTTP and 443 for HTTPS) root privileges are required - under run-time, so APACI assumes that it has to use alternate ports - (8080 for HTTP and 8443 for HTTPS) if the built and installation is - done under non-root users. - - NOTE: When the above tests (steps 6 and 7) fail for some reasons - you are _STRONGLY ADVISED_ to look into the Apache error logfile - before you ask someone other for help. In the error logfile there - should be a hint where to find the reason for the failure. - - NOTE: When you *re*install Apache many times, make sure you restart your - browsers between the tests if you created test or custom - certificates. Else connections might fail because the browser - cached the certificate details of the previous installation. - - 8. Finally you're advised to do the following: - - o Read the mod_ssl user manual very carefully to - understand the SSL-part of your Apache configuration: - - $ netscape http://www.modssl.org/docs/2.8/ (official) - $ netscape http://localhost/manual/mod/mod_ssl/ (local copy) - - o Adjust your Apache configuration to your personal requirements. - The configuration is already pre-configured for SSL, but usually it has - to be tweaked a little bit more to fit the local situation. When you - had already a httpd.conf file, this one is preserved. Then look inside - /path/to/apache/etc/httpd.conf.default for the pre-configured SSL - configuration and take it over manually into httpd.conf. - - $ vi /path/to/apache/etc/httpd.conf - - o Subscribe to the modssl-users@modssl.org support mailing list - with the provided web interface: - - $ netscape http://www.modssl.org/news/list.html - - 8. Bask in the glow ;-) - - Upgrading with APXS (EXPERTS ONLY) - __________________________________ - - Once you've built and installed Apache with mod_ssl as a DSO (libssl.so) you - can easily upgrade this libssl.so file with a stand-alone built procedure as - long as the Extended API (EAPI) didn't change and you've OpenSSL installed - somewhere. For this you can use the following procedure: - - $ cd mod_ssl-2.8.x-1.3.x ALL - $ ./configure \ ALL - --with-apxs[=/path/to/apache/bin/apxs] \ ALL - --with-ssl=/path/to/openssl ALL - $ make ALL - $ make install ALL - $ make distclean ALL - - This will build mod_ssl locally inside the pkg.modssl/ directory and then - upgrades your existing libssl.so file. This approach is also interesting for - package vendors. Because those can create an Apache+EAPI package (with the - use of --with-eapi-only) and a APXS-based mod_ssl package (with the use of - --with-apxs). - - Examples - ________ - - As you noticed above there are a lot of possibilities, variants and options - for installing mod_ssl. So, in the following we provide some step-by-step - examples where you can see how to build mod_ssl with other third-party - modules to form your SSL-aware Apache. For simplification we assume some - prerequisites for each example. If these don't fit your situation you have - to adjust the steps with the help of the above detailed instructions, of - course. - - o Apache + mod_ssl/OpenSSL + mod_perl/Perl - --------------------------------------- - - Prerequisites: - - o Apache should be installed to /path/to/apache - o Perl is installed and `perl' is in $PATH - o OpenSSL is installed under /path/to/openssl - - Steps: - - # extract the packages - $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - - $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - - $ gzip -d -c mod_perl-1.xx.tar.gz | tar xvf - - - # apply mod_ssl to Apache source tree - $ cd mod_ssl-2.8.x-1.3.x - $ ./configure \ - --with-apache=../apache_1.3.x - $ cd .. - - # apply mod_perl to Apache source tree - # and build/install the Perl-side of mod_perl - $ cd mod_perl-1.xx - $ perl Makefile.PL \ - EVERYTHING=1 \ - APACHE_SRC=../apache_1.3.x/src \ - USE_APACI=1 \ - PREP_HTTPD=1 \ - DO_HTTPD=1 - $ make - $ make install - $ cd .. - - # build/install Apache with mod_ssl and mod_perl - $ cd apache_1.3.x - $ SSL_BASE=/path/to/openssl \ - ./configure \ - --prefix=/path/to/apache \ - --enable-module=ssl \ - --activate-module=src/modules/perl/libperl.a \ - --enable-module=perl - $ make - $ make certificate - $ make install - $ cd .. - - # cleanup after work - $ rm -rf mod_perl-1.xx - $ rm -rf mod_ssl-2.8.x-1.3.x - $ rm -rf apache_1.3.x - - o Apache + mod_ssl/OpenSSL + PHP3/MySQL - ------------------------------------- - - Prerequisites: - - o Apache should be installed to /path/to/apache - o MySQL is installed under /path/to/mysql - o OpenSSL is installed under /path/to/openssl - o GNU Make is available as `gmake' in $PATH - - Steps: - - # extract the packages - $ gzip -d -c apache_1.3.x.tar.gz | tar xvf - - $ gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - - $ gzip -d -c php-3.0.x.tar.gz | tar xvf - - - # apply mod_ssl to Apache source tree - $ cd /mod_ssl-2.8.x-1.3.x - $ ./configure \ - --with-apache=../apache_1.3.x - $ cd .. - - # pre-configure Apache for PHP3's configure step - $ cd apache_1.3.x - $ ./configure \ - --prefix=/path/to/apache - $ cd .. - - # configure PHP3 and apply it to the Apache source tree - $ cd ../php-3.0.x - $ CFLAGS='-O2 -I/path/to/openssl/include' \ - ./configure \ - --with-apache=../apache_1.3.x \ - --with-mysql=/path/to/mysql \ - --enable-memory-limit=yes \ - --enable-debug=no - $ gmake - $ gmake install - $ cd .. - - # build/install Apache with mod_ssl and PHP3 - $ cd apache_1.3.x - $ SSL_BASE=/path/to/openssl \ - ./configure \ - --prefix=/path/to/apache \ - --enable-module=ssl \ - --activate-module=src/modules/php3/libphp3.a \ - --enable-module=php3 - $ make - $ make certificate - $ make install - $ cd .. - - # cleanup after work - $ rm -rf php-3.0.x - $ rm -rf mod_ssl-2.8.x-1.3.x - $ rm -rf apache_1.3.x - diff --git a/usr.sbin/httpd/LICENSE b/usr.sbin/httpd/LICENSE deleted file mode 100644 index 886dacf5191..00000000000 --- a/usr.sbin/httpd/LICENSE +++ /dev/null @@ -1,58 +0,0 @@ -/* ==================================================================== - * The Apache Software License, Version 1.1 - * - * Copyright (c) 2000-2003 The Apache Software Foundation. All rights - * reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The end-user documentation included with the redistribution, - * if any, must include the following acknowledgment: - * "This product includes software developed by the - * Apache Software Foundation (http://www.apache.org/)." - * Alternately, this acknowledgment may appear in the software itself, - * if and wherever such third-party acknowledgments normally appear. - * - * 4. The names "Apache" and "Apache Software Foundation" must - * not be used to endorse or promote products derived from this - * software without prior written permission. For written - * permission, please contact apache@apache.org. - * - * 5. Products derived from this software may not be called "Apache", - * nor may "Apache" appear in their name, without prior written - * permission of the Apache Software Foundation. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED - * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF - * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT - * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * ==================================================================== - * - * This software consists of voluntary contributions made by many - * individuals on behalf of the Apache Software Foundation. For more - * information on the Apache Software Foundation, please see - * . - * - * Portions of this software are based upon public domain software - * originally written at the National Center for Supercomputing Applications, - * University of Illinois, Urbana-Champaign. - */ - diff --git a/usr.sbin/httpd/LICENSE.SSL b/usr.sbin/httpd/LICENSE.SSL deleted file mode 100644 index cd0c991dce4..00000000000 --- a/usr.sbin/httpd/LICENSE.SSL +++ /dev/null @@ -1,69 +0,0 @@ - _ _ - _ __ ___ ___ __| | ___ ___| | mod_ssl - | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org - |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org - |_____| - _____________________________________________________________________________ - - ``Ian Fleming was a UNIX fan! - How do I know? Well, James Bond - had the (license to kill) number 007, - i.e. he could execute anyone.'' - -- Unknown - LICENSE - - The mod_ssl package falls under the Open-Source Software label - because it's distributed under a BSD-style license. The - detailed license information follows. - - ==================================================================== - Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - - 3. All advertising materials mentioning features or use of this - software must display the following acknowledgment: - "This product includes software developed by - Ralf S. Engelschall for use in the - mod_ssl project (http://www.modssl.org/)." - - 4. The names "mod_ssl" must not be used to endorse or promote - products derived from this software without prior written - permission. For written permission, please contact - rse@engelschall.com. - - 5. Products derived from this software may not be called "mod_ssl" - nor may "mod_ssl" appear in their names without prior - written permission of Ralf S. Engelschall. - - 6. Redistributions of any form whatsoever must retain the following - acknowledgment: - "This product includes software developed by - Ralf S. Engelschall for use in the - mod_ssl project (http://www.modssl.org/)." - - THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY - EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR - HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - ==================================================================== - diff --git a/usr.sbin/httpd/Makefile.bsd-wrapper b/usr.sbin/httpd/Makefile.bsd-wrapper deleted file mode 100644 index f14709266c7..00000000000 --- a/usr.sbin/httpd/Makefile.bsd-wrapper +++ /dev/null @@ -1,787 +0,0 @@ -# Build wrapper for Apache -# $OpenBSD: Makefile.bsd-wrapper,v 1.74 2014/04/15 20:55:42 miod Exp $ - -# Our lndir is hacked; specify a full path to avoid potential conflicts -# with the one installed with X11. -LNDIR= /usr/bin/lndir - -.include - -# OpenBSD Layout -# -# prefix: /var/www -# exec_prefix: /usr -# bindir: $exec_prefix/bin -# sbindir: $exec_prefix/sbin -# libexecdir: $exec_prefix/lib/apache/modules -# mandir: $exec_prefix/share/man -# sysconfdir: $prefix/conf -# datadir: $prefix -# iconsdir: $prefix/icons -# htdocsdir: $prefix/htdocs -# manualdir: $exec_prefix/share/doc/html/httpd -# cgidir: $prefix/cgi-bin -# includedir: $exec_prefix/lib/apache/include -# localstatedir: $prefix -# runtimedir: $prefix/logs -# logfiledir: $prefix/logs -# proxycachedir: $prefix/proxy -# - -HTTPD_PREFIX= /var/www -HTTPD_EXEC_PREFIX= /usr -HTTPD_BINDIR= ${HTTPD_EXEC_PREFIX}/bin -HTTPD_SBINDIR= ${HTTPD_EXEC_PREFIX}/sbin -HTTPD_LIBEXECDIR= ${HTTPD_EXEC_PREFIX}/lib/apache/modules -HTTPD_SYSCONFDIR= ${HTTPD_PREFIX}/conf -HTTPD_ICONSDIR= ${HTTPD_PREFIX}/icons -HTTPD_HTDOCSDIR= ${HTTPD_PREFIX}/htdocs -HTTPD_MANUALDIR= ${HTTPD_EXEC_PREFIX}/share/doc/html/httpd -HTTPD_INCLUDEDIR= ${HTTPD_EXEC_PREFIX}/lib/apache/include -HTTPD_RUNDIR= ${HTTPD_PREFIX}/logs -HTTPD_LOGDIR= ${HTTPD_PREFIX}/logs - -CONFIG_ARGS= --with-layout="OpenBSD" --enable-module="ssl" \ - --enable-module="keynote" \ - --enable-suexec --suexec-caller="www" \ - --suexec-docroot="${HTTPD_HTDOCSDIR}" \ - --suexec-logfile="/var/log/suexec_log" --suexec-userdir="public_html" \ - --suexec-uidmin="1000" --suexec-gidmin="1000" \ - --suexec-safepath="/usr/bin:/bin:/usr/local/bin" \ - --disable-rule=EXPAT --server-uid="www" --server-gid="www" - -# This is stupid - to build a DSO module for Apache you not only need to -# --enable-shared, you need to --enable-module or --enable-shared doesn't -# do anything. - -DSO_MODULE_ARGS= \ - --enable-module=so \ - --enable-module=auth_anon \ - --enable-shared=auth_anon \ - --enable-module=expires \ - --enable-shared=expires \ - --enable-module=headers \ - --enable-shared=headers \ - --enable-module=auth_db \ - --enable-shared=auth_db \ - --enable-module=auth_dbm \ - --enable-shared=auth_dbm \ - --enable-module=auth_digest \ - --enable-shared=auth_digest \ - --enable-module=cern_meta \ - --enable-shared=cern_meta \ - --enable-module=define \ - --enable-shared=define \ - --enable-module=digest \ - --enable-shared=digest \ - --enable-module=info \ - --enable-shared=info \ - --enable-module=log_agent \ - --enable-shared=log_agent \ - --enable-module=log_referer \ - --enable-shared=log_referer \ - --enable-module=mime_magic \ - --enable-shared=mime_magic \ - --enable-module=mmap_static \ - --enable-shared=mmap_static \ - --enable-module=proxy \ - --enable-shared=proxy \ - --enable-module=rewrite \ - --enable-shared=rewrite \ - --enable-module=speling \ - --enable-shared=speling \ - --enable-module=unique_id \ - --enable-shared=unique_id \ - --enable-module=usertrack \ - --enable-shared=usertrack \ - --enable-module=vhost_alias \ - --enable-shared=vhost_alias \ - --enable-rule=INET6 - -INSTALL_MODULES= - -# If you support dynamic loading, enable the so module, and build all the -# modules that come with Apache. - -.if !defined(NOPIC) -CONFIG_ARGS+= ${DSO_MODULE_ARGS} -INSTALL_MODULES= \ - src/modules/experimental/mod_mmap_static.so \ - src/modules/experimental/mod_auth_digest.so \ - src/modules/extra/mod_define.so \ - src/modules/proxy/libproxy.so \ - src/modules/standard/mod_vhost_alias.so \ - src/modules/standard/mod_log_agent.so \ - src/modules/standard/mod_info.so \ - src/modules/standard/mod_log_referer.so \ - src/modules/standard/mod_mime_magic.so \ - src/modules/standard/mod_speling.so \ - src/modules/standard/mod_rewrite.so \ - src/modules/standard/mod_auth_dbm.so \ - src/modules/standard/mod_auth_anon.so \ - src/modules/standard/mod_auth_db.so \ - src/modules/standard/mod_digest.so \ - src/modules/standard/mod_cern_meta.so \ - src/modules/standard/mod_usertrack.so \ - src/modules/standard/mod_unique_id.so \ - src/modules/standard/mod_expires.so \ - src/modules/standard/mod_headers.so -.endif - -PERLPATH= /usr/bin/perl - -MUNGEDFILES = ${.OBJDIR}/src/ap/Makefile \ - ${.OBJDIR}/src/include/ap_config_auto.h.new \ - ${.OBJDIR}/src/lib/expat-lite/Makefile \ - ${.OBJDIR}/src/lib/Makefile \ - ${.OBJDIR}/src/main/Makefile \ - ${.OBJDIR}/src/modules/experimental/Makefile \ - ${.OBJDIR}/src/modules/extra/Makefile \ - ${.OBJDIR}/src/modules/proxy/Makefile \ - ${.OBJDIR}/src/modules/standard/Makefile \ - ${.OBJDIR}/src/modules/keynote/Makefile \ - ${.OBJDIR}/src/modules/ssl/Makefile \ - ${.OBJDIR}/src/modules/ssl/ssl_expr_parse.c \ - ${.OBJDIR}/src/modules/ssl/ssl_expr_parse.h \ - ${.OBJDIR}/src/modules/ssl/ssl_expr_scan.c \ - ${.OBJDIR}/src/modules/Makefile \ - ${.OBJDIR}/src/os/unix/Makefile \ - ${.OBJDIR}/src/regex/Makefile \ - ${.OBJDIR}/src/support/Makefile \ - ${.OBJDIR}/src/apaci \ - ${.OBJDIR}/src/Makefile \ - ${.OBJDIR}/src/Makefile.config \ - ${.OBJDIR}/src/modules.c \ - ${.OBJDIR}/src/Configuration.apaci \ - ${.OBJDIR}/Makefile \ - ${.OBJDIR}/config.status - -BINFILES= src/support/htdigest src/support/htpasswd - -SBINFILES= \ - src/httpd \ - src/support/logresolve src/support/rotatelogs src/support/suexec - -MAN+= src/support/dbmmanage.1 src/support/htdigest.1 src/support/htpasswd.1 \ - src/support/apachectl.8 src/support/logresolve.8 \ - httpd.8 src/support/rotatelogs.8 src/support/apxs.8 \ - src/support/suexec.8 - -INCFILES= \ - src/include/ap.h \ - src/include/ap_alloc.h \ - src/include/ap_compat.h \ - src/include/ap_config.h \ - src/include/ap_config_auto.h \ - src/include/ap_ctx.h \ - src/include/ap_ctype.h \ - src/include/ap_hook.h \ - src/include/ap_md5.h \ - src/include/ap_mm.h \ - src/include/ap_mmn.h \ - src/include/ap_sha1.h \ - src/include/buff.h \ - src/include/compat.h \ - src/include/conf.h \ - src/include/explain.h \ - src/include/fnmatch.h \ - src/include/fdcache.h \ - src/include/http_conf_globals.h \ - src/include/http_config.h \ - src/include/http_core.h \ - src/include/http_log.h \ - src/include/http_main.h \ - src/include/http_protocol.h \ - src/include/http_request.h \ - src/include/http_vhost.h \ - src/include/httpd.h \ - src/include/multithread.h \ - src/include/rfc1413.h \ - src/include/scoreboard.h \ - src/include/util_date.h \ - src/include/util_md5.h \ - src/include/util_script.h \ - src/include/util_uri.h \ - src/os/unix/os-inline.c \ - src/os/unix/os.h \ - src/modules/ssl/mod_ssl.h \ - src/modules/ssl/ssl_expr.h \ - src/modules/ssl/ssl_util_ssl.h \ - src/modules/ssl/ssl_util_table.h - -XMLFILES= \ - src/lib/expat-lite/asciitab.h \ - src/lib/expat-lite/hashtable.h \ - src/lib/expat-lite/iasciitab.h \ - src/lib/expat-lite/latin1tab.h \ - src/lib/expat-lite/nametab.h \ - src/lib/expat-lite/utf8tab.h \ - src/lib/expat-lite/xmldef.h \ - src/lib/expat-lite/xmlparse.h \ - src/lib/expat-lite/xmlrole.h \ - src/lib/expat-lite/xmltok.h \ - src/lib/expat-lite/xmltok_impl.h - -MODCONFDIR= \ - modules \ - modules.sample - -CONFFILES= \ - conf/httpd.conf conf/mime.types conf/magic - -HTDOCS= \ - htdocs/apache_pb.gif htdocs/index.html htdocs/openbsdpower.gif \ - htdocs/blowfish.jpg htdocs/bsd_small.gif htdocs/lock.gif \ - htdocs/logo23.jpg htdocs/logo24.jpg htdocs/smalltitle.gif \ - htdocs/openbsd_pb.gif htdocs/mod_ssl_sb.gif htdocs/openssl_ics.gif - -CGIFILES= cgi-bin/printenv cgi-bin/test-cgi - -MANUALFILES= \ - manual/howto/auth.html \ - manual/howto/htaccess.html \ - manual/howto/cgi.html \ - manual/howto/ssi.html \ - manual/LICENSE \ - manual/bind.html \ - manual/configuring.html \ - manual/content-negotiation.html \ - manual/custom-error.html \ - manual/dns-caveats.html \ - manual/dso.html \ - manual/env.html \ - manual/handler.html \ - manual/index.html \ - manual/invoking.html \ - manual/ipv6.html \ - manual/keepalive.html \ - manual/location.html \ - manual/logs.html \ - manual/images/apache_header.gif \ - manual/images/apache_pb.gif \ - manual/images/custom_errordocs.gif \ - manual/images/feather.jpg \ - manual/images/home.gif \ - manual/images/index.gif \ - manual/images/mod_rewrite_fig1.fig \ - manual/images/mod_rewrite_fig1.gif \ - manual/images/mod_rewrite_fig2.fig \ - manual/images/mod_rewrite_fig2.gif \ - manual/images/mod_ssl_sb.gif \ - manual/images/openssl_ics.gif \ - manual/images/pixel.gif \ - manual/images/sub.gif \ - manual/multilogs.html \ - manual/process-model.html \ - manual/misc/API.html \ - manual/misc/FAQ.html \ - manual/misc/custom_errordocs.html \ - manual/misc/descriptors.html \ - manual/misc/fin_wait_2.html \ - manual/misc/howto.html \ - manual/misc/index.html \ - manual/misc/known_client_problems.html \ - manual/misc/perf-bsd44.html \ - manual/misc/perf-tuning.html \ - manual/misc/perf.html \ - manual/misc/rewriteguide.html \ - manual/misc/security_tips.html \ - manual/misc/tutorials.html \ - manual/sections.html \ - manual/server-wide.html \ - manual/sitemap.html \ - manual/stopping.html \ - manual/suexec.html \ - manual/mod/mod_ssl/index.html \ - manual/mod/mod_ssl/ssl_compat.gfont000.gif \ - manual/mod/mod_ssl/ssl_compat.html \ - manual/mod/mod_ssl/ssl_cover_logo.jpg \ - manual/mod/mod_ssl/ssl_cover_title.jpg \ - manual/mod/mod_ssl/ssl_faq.gfont000.gif \ - manual/mod/mod_ssl/ssl_faq.html \ - manual/mod/mod_ssl/ssl_glossary.html \ - manual/mod/mod_ssl/ssl_howto.gfont000.gif \ - manual/mod/mod_ssl/ssl_howto.html \ - manual/mod/mod_ssl/ssl_intro.gfont000.gif \ - manual/mod/mod_ssl/ssl_intro.html \ - manual/mod/mod_ssl/ssl_intro_fig1.gif \ - manual/mod/mod_ssl/ssl_intro_fig2.gif \ - manual/mod/mod_ssl/ssl_intro_fig3.gif \ - manual/mod/mod_ssl/ssl_overview.gfont000.gif \ - manual/mod/mod_ssl/ssl_overview.html \ - manual/mod/mod_ssl/ssl_overview_fig1.gif \ - manual/mod/mod_ssl/ssl_reference.gfont000.gif \ - manual/mod/mod_ssl/ssl_reference.html \ - manual/mod/mod_ssl/ssl_template.head-chapter.gif \ - manual/mod/mod_ssl/ssl_template.head-num-1.gif \ - manual/mod/mod_ssl/ssl_template.head-num-2.gif \ - manual/mod/mod_ssl/ssl_template.head-num-3.gif \ - manual/mod/mod_ssl/ssl_template.head-num-4.gif \ - manual/mod/mod_ssl/ssl_template.head-num-5.gif \ - manual/mod/mod_ssl/ssl_template.head-num-6.gif \ - manual/mod/mod_ssl/ssl_template.head-num-7.gif \ - manual/mod/mod_ssl/ssl_template.imgdot-1x1-000000.gif \ - manual/mod/mod_ssl/ssl_template.imgdot-1x1-transp.gif \ - manual/mod/mod_ssl/ssl_template.navbut-next-n.gif \ - manual/mod/mod_ssl/ssl_template.navbut-next-s.gif \ - manual/mod/mod_ssl/ssl_template.navbut-prev-n.gif \ - manual/mod/mod_ssl/ssl_template.navbut-prev-s.gif \ - manual/mod/mod_ssl/ssl_template.title-abstract.gif \ - manual/mod/mod_ssl/ssl_template.title-compat.gif \ - manual/mod/mod_ssl/ssl_template.title-faq.gif \ - manual/mod/mod_ssl/ssl_template.title-gloss.gif \ - manual/mod/mod_ssl/ssl_template.title-howto.gif \ - manual/mod/mod_ssl/ssl_template.title-intro.gif \ - manual/mod/mod_ssl/ssl_template.title-over.gif \ - manual/mod/mod_ssl/ssl_template.title-preface.gif \ - manual/mod/mod_ssl/ssl_template.title-ref.gif \ - manual/mod/mod_ssl/ssl_template.title-toc.gif \ - manual/mod/mod_ssl/ssl_template.title-tutor.gif \ - manual/mod/core.html \ - manual/mod/directive-dict.html \ - manual/mod/directives.html \ - manual/mod/index-bytype.html \ - manual/mod/index.html \ - manual/mod/mod_access.html \ - manual/mod/mod_actions.html \ - manual/mod/mod_alias.html \ - manual/mod/mod_asis.html \ - manual/mod/mod_auth.html \ - manual/mod/mod_auth_anon.html \ - manual/mod/mod_auth_db.html \ - manual/mod/mod_auth_dbm.html \ - manual/mod/mod_auth_digest.html \ - manual/mod/mod_autoindex.html \ - manual/mod/mod_cern_meta.html \ - manual/mod/mod_cgi.html \ - manual/mod/mod_define.html \ - manual/mod/mod_digest.html \ - manual/mod/mod_dir.html \ - manual/mod/mod_env.html \ - manual/mod/mod_expires.html \ - manual/mod/mod_headers.html \ - manual/mod/mod_imap.html \ - manual/mod/mod_include.html \ - manual/mod/mod_info.html \ - manual/mod/mod_log_agent.html \ - manual/mod/mod_log_common.html \ - manual/mod/mod_log_config.html \ - manual/mod/mod_log_referer.html \ - manual/mod/mod_mime.html \ - manual/mod/mod_mime_magic.html \ - manual/mod/mod_mmap_static.html \ - manual/mod/mod_negotiation.html \ - manual/mod/mod_proxy.html \ - manual/mod/mod_rewrite.html \ - manual/mod/mod_setenvif.html \ - manual/mod/mod_so.html \ - manual/mod/mod_speling.html \ - manual/mod/mod_status.html \ - manual/mod/mod_unique_id.html \ - manual/mod/mod_userdir.html \ - manual/mod/mod_usertrack.html \ - manual/mod/mod_vhost_alias.html \ - manual/mod/module-dict.html \ - manual/urlmapping.html \ - manual/programs/ab.html \ - manual/programs/apachectl.html \ - manual/programs/apxs.html \ - manual/programs/dbmmanage.html \ - manual/programs/htdigest.html \ - manual/programs/htpasswd.html \ - manual/programs/httpd.html \ - manual/programs/index.html \ - manual/programs/logresolve.html \ - manual/programs/other.html \ - manual/programs/rotatelogs.html \ - manual/programs/suexec.html \ - manual/vhosts/details.html \ - manual/vhosts/examples.html \ - manual/vhosts/fd-limits.html \ - manual/vhosts/host.html \ - manual/vhosts/index.html \ - manual/vhosts/ip-based.html \ - manual/vhosts/mass.html \ - manual/vhosts/name-based.html \ - manual/vhosts/vhosts-in-depth.html \ - manual/vhosts/virtual-host.html - -ICONFILES= \ - icons/back.gif \ - icons/README \ - icons/a.gif \ - icons/a.png \ - icons/small/README.txt \ - icons/small/back.gif \ - icons/small/back.png \ - icons/small/binary.gif \ - icons/small/binary.png \ - icons/small/binhex.gif \ - icons/small/binhex.png \ - icons/small/blank.gif \ - icons/small/blank.png \ - icons/small/broken.gif \ - icons/small/broken.png \ - icons/small/burst.gif \ - icons/small/burst.png \ - icons/small/comp1.gif \ - icons/small/comp1.png \ - icons/small/comp2.gif \ - icons/small/comp2.png \ - icons/small/compressed.gif \ - icons/small/compressed.png \ - icons/small/continued.gif \ - icons/small/continued.png \ - icons/small/dir.gif \ - icons/small/dir.png \ - icons/small/dir2.gif \ - icons/small/dir2.png \ - icons/small/doc.gif \ - icons/small/doc.png \ - icons/small/forward.gif \ - icons/small/forward.png \ - icons/small/generic.gif \ - icons/small/generic.png \ - icons/small/generic2.gif \ - icons/small/generic2.png \ - icons/small/generic3.gif \ - icons/small/generic3.png \ - icons/small/image.gif \ - icons/small/image.png \ - icons/small/image2.gif \ - icons/small/image2.png \ - icons/small/index.gif \ - icons/small/index.png \ - icons/small/key.gif \ - icons/small/key.png \ - icons/small/movie.gif \ - icons/small/movie.png \ - icons/small/patch.gif \ - icons/small/patch.png \ - icons/small/ps.gif \ - icons/small/ps.png \ - icons/small/rainbow.gif \ - icons/small/rainbow.png \ - icons/small/sound.gif \ - icons/small/sound.png \ - icons/small/sound2.gif \ - icons/small/sound2.png \ - icons/small/tar.gif \ - icons/small/tar.png \ - icons/small/text.gif \ - icons/small/text.png \ - icons/small/transfer.gif \ - icons/small/transfer.png \ - icons/small/unknown.gif \ - icons/small/unknown.png \ - icons/small/uu.gif \ - icons/small/uu.png \ - icons/alert.black.gif \ - icons/alert.black.png \ - icons/alert.red.gif \ - icons/alert.red.png \ - icons/apache_pb.gif \ - icons/apache_pb.png \ - icons/back.png \ - icons/ball.gray.gif \ - icons/ball.gray.png \ - icons/ball.red.gif \ - icons/ball.red.png \ - icons/binary.gif \ - icons/binary.png \ - icons/binhex.gif \ - icons/binhex.png \ - icons/blank.gif \ - icons/blank.png \ - icons/bomb.gif \ - icons/bomb.png \ - icons/box1.gif \ - icons/box1.png \ - icons/box2.gif \ - icons/box2.png \ - icons/broken.gif \ - icons/broken.png \ - icons/burst.gif \ - icons/burst.png \ - icons/c.gif \ - icons/c.png \ - icons/comp.blue.gif \ - icons/comp.blue.png \ - icons/comp.gray.gif \ - icons/comp.gray.png \ - icons/compressed.gif \ - icons/compressed.png \ - icons/continued.gif \ - icons/continued.png \ - icons/dir.gif \ - icons/dir.png \ - icons/diskimg.gif \ - icons/diskimg.png \ - icons/dvi.gif \ - icons/down.gif \ - icons/down.png \ - icons/dvi.png \ - icons/f.gif \ - icons/f.png \ - icons/folder.gif \ - icons/folder.open.gif \ - icons/folder.open.png \ - icons/folder.png \ - icons/folder.sec.gif \ - icons/folder.sec.png \ - icons/forward.gif \ - icons/forward.png \ - icons/generic.gif \ - icons/generic.png \ - icons/generic.red.gif \ - icons/generic.red.png \ - icons/generic.sec.gif \ - icons/generic.sec.png \ - icons/hand.right.gif \ - icons/hand.right.png \ - icons/hand.up.gif \ - icons/hand.up.png \ - icons/icon.sheet.gif \ - icons/icon.sheet.png \ - icons/image1.gif \ - icons/image1.png \ - icons/image2.gif \ - icons/image2.png \ - icons/image3.gif \ - icons/image3.png \ - icons/index.gif \ - icons/index.png \ - icons/layout.gif \ - icons/layout.png \ - icons/left.gif \ - icons/left.png \ - icons/link.gif \ - icons/link.png \ - icons/movie.gif \ - icons/movie.png \ - icons/p.gif \ - icons/p.png \ - icons/patch.gif \ - icons/patch.png \ - icons/pdf.gif \ - icons/pdf.png \ - icons/pie0.gif \ - icons/pie0.png \ - icons/pie1.gif \ - icons/pie1.png \ - icons/pie2.gif \ - icons/pie2.png \ - icons/pie3.gif \ - icons/pie3.png \ - icons/pie4.gif \ - icons/pie4.png \ - icons/pie5.gif \ - icons/pie5.png \ - icons/pie6.gif \ - icons/pie6.png \ - icons/pie7.gif \ - icons/pie7.png \ - icons/pie8.gif \ - icons/pie8.png \ - icons/portal.gif \ - icons/portal.png \ - icons/ps.gif \ - icons/ps.png \ - icons/quill.gif \ - icons/quill.png \ - icons/right.gif \ - icons/right.png \ - icons/screw1.gif \ - icons/screw1.png \ - icons/screw2.gif \ - icons/screw2.png \ - icons/script.gif \ - icons/script.png \ - icons/sound1.gif \ - icons/sound1.png \ - icons/sound2.gif \ - icons/sound2.png \ - icons/sphere1.gif \ - icons/sphere1.png \ - icons/sphere2.gif \ - icons/sphere2.png \ - icons/tar.gif \ - icons/tar.png \ - icons/tex.gif \ - icons/tex.png \ - icons/text.gif \ - icons/text.png \ - icons/transfer.gif \ - icons/transfer.png \ - icons/unknown.gif \ - icons/unknown.png \ - icons/up.gif \ - icons/up.png \ - icons/uu.gif \ - icons/uu.png \ - icons/uuencoded.gif \ - icons/uuencoded.png \ - icons/world1.gif \ - icons/world1.png \ - icons/world2.gif \ - icons/world2.png - -.include - -all: ${.OBJDIR}/config.status - @cd ${.OBJDIR} && ${MAKE} - -BEFOREMAN=${.OBJDIR}/config.status - -EXTRA_LDFLAGS=-lpthread - -${.OBJDIR}/config.status : ${.OBJDIR}/config.layout - @cd ${.OBJDIR} && CC="${CC}" LD_SHLIB="${CC}" \ - EXTRA_LDFLAGS="${EXTRA_LDFLAGS}" OPTIM="${CFLAGS} ${COPTS}" \ - PATH="/sbin:/usr/sbin:/bin:/usr/bin" \ - sh configure ${CONFIG_ARGS} - diff -u ${.CURDIR}/src/include/ap_config_auto.h ${.OBJDIR}/src/include/ap_config_auto.h.new - -.if !exists(${.OBJDIR}/config.layout) -${.OBJDIR}/config.layout: ${.CURDIR}/config.layout - ${LNDIR} -s -e obj -e obj.${MACHINE_ARCH} -e Makefile.bsd-wrapper ${.CURDIR} -.endif - - -includes: - @-for i in ${INCFILES}; do \ - j=`basename $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_INCLUDEDIR}/$$j"; \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.CURDIR}/$$i ${DESTDIR}${HTTPD_INCLUDEDIR}; \ - done - @-for i in ${XMLFILES}; do \ - j=`basename $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_INCLUDEDIR}/xml/$$j"; \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.CURDIR}/$$i ${DESTDIR}${HTTPD_INCLUDEDIR}/xml; \ - done - -install: maninstall htmlinstall - @-for i in ${BINFILES}; do \ - j=`basename $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_BINDIR}/$$j"; \ - ${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP} -g ${BINGRP} \ - -m 555 ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_BINDIR}; \ - done - @-for i in ${SBINFILES}; do \ - j=`basename $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_SBINDIR}/$$j"; \ - ${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP} -g ${BINGRP} \ - -m 555 ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_SBINDIR}; \ - done - @-for i in ${INSTALL_MODULES}; do \ - j=`basename $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_LIBEXECDIR}/$$j"; \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_LIBEXECDIR}; \ - done - @d=`mktemp -d /tmp/httpdXXXXXXXXXX`; \ - echo "Installing ${DESTDIR}${HTTPD_SBINDIR}/apxs"; \ - j="sed -e 's;^#!/.*;#!${PERLPATH};' \ - -e 's;\@prefix\@;${HTTPD_PREFIX};' \ - -e 's;\@sbindir\@;${HTTPD_SBINDIR};' \ - -e 's;\@libexecdir\@;${HTTPD_LIBEXECDIR};' \ - -e 's;\@includedir\@;${HTTPD_INCLUDEDIR};' \ - -e 's;\@sysconfdir\@;${HTTPD_SYSCONFDIR};' \ - < ${.OBJDIR}/src/support/apxs > $$d/apxs && \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 555 \ - $$d/apxs ${DESTDIR}${HTTPD_SBINDIR}"; \ - echo $$j; \ - eval $$j; \ - echo "Installing ${DESTDIR}${HTTPD_SBINDIR}/apachectl"; \ - j="sed -e 's;PIDFILE=.*;PIDFILE=${HTTPD_RUNDIR}/httpd.pid;' \ - -e 's;HTTPD=.*;HTTPD=${HTTPD_SBINDIR}/httpd;' \ - < ${.OBJDIR}/src/support/apachectl > $$d/apachectl && \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 555 \ - $$d/apachectl ${DESTDIR}${HTTPD_SBINDIR}"; \ - echo $$j; \ - eval $$j; \ - echo "Installing ${DESTDIR}${HTTPD_BINDIR}/dbmmanage"; \ - j="sed -e 's;^#!/.*;#!${PERLPATH};' \ - < ${.OBJDIR}/src/support/dbmmanage > $$d/dbmmanage && \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 555 \ - $$d/dbmmanage ${DESTDIR}${HTTPD_BINDIR}"; \ - echo $$j; \ - eval $$j; \ - rm -rf $$d - -.if ${.OBJDIR} == ${.CURDIR} -clean: - -@cd ${.OBJDIR} && rm -f ${MUNGEDFILES} && ${MAKE} clean -.else -clean: - @cd ${.OBJDIR} && find . \! -type d -print0 | xargs -0r rm -.endif - -cleandir: clean - -prereq: -# nothing left - -test: - # Nothing here so far... - -depend: - # Nothing here so far... - -lint: - # Nothing here so far... - -tags: - # Nothing here so far... - -.ifdef NOMAN -maninstall: - @echo NOMAN is set -.endif - -htmlinstall: - @-for i in ${MANUALFILES}; do \ - j=`dirname $$i | sed 's;^manual/*;;'`; \ - k=`basename $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_MANUALDIR}/$$j/$$k"; \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.OBJDIR}/htdocs/$$i ${DESTDIR}${HTTPD_MANUALDIR}/$$j/; \ - done - -distribution: - @-for i in ${MODCONFDIR}; do \ - echo "Installing ${DESTDIR}${HTTPD_SYSCONFDIR}/$$i"; \ - ${INSTALL} -d -m 755 ${DESTDIR}${HTTPD_SYSCONFDIR}/$$i; \ - done - @-for i in ${CONFFILES}; do \ - j=`dirname $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_PREFIX}/$$i"; \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_PREFIX}/$$j/; \ - done - @-for i in ${HTDOCS}; do \ - j=`dirname $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_PREFIX}/$$i"; \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_PREFIX}/$$j/; \ - done - @-for i in ${CGIFILES}; do \ - j=`dirname $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_PREFIX}/$$i"; \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 000 \ - ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_PREFIX}/$$j/; \ - done - @-for i in ${ICONFILES}; do \ - j=`dirname $$i`; \ - echo "Installing ${DESTDIR}${HTTPD_PREFIX}/$$i"; \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.OBJDIR}/$$i ${DESTDIR}${HTTPD_PREFIX}/$$j/; \ - done - -.include -.include -.ifndef NOMAN -.include -.endif diff --git a/usr.sbin/httpd/Makefile.tmpl b/usr.sbin/httpd/Makefile.tmpl deleted file mode 100644 index dd8cbbb2b9c..00000000000 --- a/usr.sbin/httpd/Makefile.tmpl +++ /dev/null @@ -1,801 +0,0 @@ -## ==================================================================== -## The Apache Software License, Version 1.1 -## -## Copyright (c) 2000-2003 The Apache Software Foundation. All rights -## reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted provided that the following conditions -## are met: -## -## 1. Redistributions of source code must retain the above copyright -## notice, this list of conditions and the following disclaimer. -## -## 2. Redistributions in binary form must reproduce the above copyright -## notice, this list of conditions and the following disclaimer in -## the documentation and/or other materials provided with the -## distribution. -## -## 3. The end-user documentation included with the redistribution, -## if any, must include the following acknowledgment: -## "This product includes software developed by the -## Apache Software Foundation (http://www.apache.org/)." -## Alternately, this acknowledgment may appear in the software itself, -## if and wherever such third-party acknowledgments normally appear. -## -## 4. The names "Apache" and "Apache Software Foundation" must -## not be used to endorse or promote products derived from this -## software without prior written permission. For written -## permission, please contact apache@apache.org. -## -## 5. Products derived from this software may not be called "Apache", -## nor may "Apache" appear in their name, without prior written -## permission of the Apache Software Foundation. -## -## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED -## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -## DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR -## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF -## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT -## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -## SUCH DAMAGE. -## ==================================================================== -## -## This software consists of voluntary contributions made by many -## individuals on behalf of the Apache Software Foundation. For more -## information on the Apache Software Foundation, please see -## . -## -## Portions of this software are based upon public domain software -## originally written at the National Center for Supercomputing Applications, -## University of Illinois, Urbana-Champaign. -## -## - -## -## Makefile -- Apache Autoconf-style Interface (APACI) -## top-level control Makefile for out-of-the-box -## build and installation procedure. -## -## Written by Ralf S. Engelschall -## - -## ================================================================== -## Options -## ================================================================== - -# safe environment -SHELL = @SHELL@ - -# what platform are we on -PLATFORM = @PLATFORM@ - -# paths to the source tree parts -TOP = . -SRC = @SRC@ -MKF = @MKF@ -AUX = @AUX@ - -# build tools -CP = cp -LN = ln -RM = rm -f -MKDIR = $(SHELL) $(TOP)/$(AUX)/mkdir.sh -INSTALL = $(SHELL) $(TOP)/$(AUX)/install.sh -c -IFLAGS_PROGRAM = @IFLAGS_PROGRAM@ -IFLAGS_CORE = @IFLAGS_CORE@ -IFLAGS_DSO = @IFLAGS_DSO@ -IFLAGS_SCRIPT = @IFLAGS_SCRIPT@ -IFLAGS_DATA = @IFLAGS_DATA@ -INSTALL_PROGRAM = $(INSTALL) $(IFLAGS_PROGRAM) -INSTALL_CORE = $(INSTALL) $(IFLAGS_CORE) -INSTALL_DSO = $(INSTALL) $(IFLAGS_DSO) -INSTALL_SCRIPT = $(INSTALL) $(IFLAGS_SCRIPT) -INSTALL_DATA = $(INSTALL) $(IFLAGS_DATA) -PERL = @PERL@ -TAR = @TAR@ -TAROPT = @TAROPT@ - -# installation name of Apache webserver -TARGET = @TARGET@ - -# installation root -# (overrideable by package maintainers for -# rolling packages without bristling the system) -root = - -# installation paths -prefix = @prefix@ -exec_prefix = @exec_prefix@ -bindir = @bindir@ -sbindir = @sbindir@ -libexecdir = @libexecdir@ -mandir = @mandir@ -sysconfdir = @sysconfdir@ -datadir = @datadir@ -iconsdir = @iconsdir@ -htdocsdir = @htdocsdir@ -manualdir = @manualdir@ -cgidir = @cgidir@ -includedir = @includedir@ -localstatedir = @localstatedir@ -runtimedir = @runtimedir@ -logfiledir = @logfiledir@ -proxycachedir = @proxycachedir@ - -libexecdir_relative = @libexecdir_relative@ - -# suexec details (optional) -suexec = @suexec@ -suexec_caller = @suexec_caller@ -suexec_docroot = @suexec_docroot@ -suexec_logexec = @suexec_logexec@ -suexec_userdir = @suexec_userdir@ -suexec_uidmin = @suexec_uidmin@ -suexec_gidmin = @suexec_gidmin@ -suexec_safepath = @suexec_safepath@ -suexec_umask = @suexec_umask@ - -# SSL (optional) -ssl = @ssl@ - -# some substituted configuration parameters -conf_user = @conf_user@ -conf_group = @conf_group@ -conf_port = @conf_port@ -conf_port_ssl = @conf_port_ssl@ -conf_serveradmin = @conf_serveradmin@ -conf_servername = @conf_servername@ - -# usage of src/support stuff -build-support = @build_support@ -install-support = @install_support@ -clean-support = @clean_support@ -distclean-support = @distclean_support@ - -# `make certificate' parameters -TYPE = -ALGO = -CRT = -KEY = -VIEW = - -# forwarding arguments -MFWD = root=$(root) - -## ================================================================== -## Targets -## ================================================================== - -# default target -all: build - -## ------------------------------------------------------------------ -## Build Target -## ------------------------------------------------------------------ - -# build the package -build: - @echo "===> $(SRC)" - @$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) build-std - @if [ "x$(build-support)" != "x" ]; then \ - $(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) $(build-support); \ - fi - @$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) build-certificate - @touch $(TOP)/$(SRC)/.apaci.build.ok - @echo "<=== $(SRC)" - -# the non-verbose variant for package maintainers -build-quiet: - @$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) QUIET=1 build - -# build the standard stuff -build-std: - @case "x$(PLATFORM)" in \ - x*390*) _C89_STEPS="0xffffffff"; export _C89_STEPS;; \ - esac; \ - cd $(TOP)/$(SRC); $(MAKE) $(MFLAGS) SDP=$(SRC)/ all - -# build the additional support stuff -build-support: - @echo "===> $(SRC)/support"; \ - case "x$(PLATFORM)" in \ - x*390*) _C89_STEPS="0xffffffff"; export _C89_STEPS;; \ - esac; \ - cd $(TOP)/$(SRC)/support; $(MAKE) $(MFLAGS) all || exit 1; \ - if [ ".$(suexec)" = .1 ]; then \ - $(MAKE) $(MFLAGS) \ - EXTRA_CFLAGS='\ - $(suexec_umask) \ - -DHTTPD_USER=\"$(suexec_caller)\" \ - -DUID_MIN=$(suexec_uidmin) \ - -DGID_MIN=$(suexec_gidmin) \ - -DUSERDIR_SUFFIX=\"$(suexec_userdir)\" \ - -DLOG_EXEC=\"$(suexec_logexec)\" \ - -DDOC_ROOT=\"$(suexec_docroot)\" \ - -DSAFE_PATH=\"$(suexec_safepath)\"' \ - suexec; \ - fi - @echo "<=== $(SRC)/support" - -# SSL certificate generation -build-certificate: - -@if [ ".$(ssl)" = .1 ]; then \ - if [ ".`grep '(SKIPME)' $(TOP)/conf/ssl.crt/server.crt`" != . ]; then \ - if [ ".$(QUIET)" != .1 ]; then \ - echo "+---------------------------------------------------------------------+"; \ - echo "| Before you install the package you now should prepare the SSL |"; \ - echo "| certificate system by running the 'make certificate' command. |"; \ - echo "| For different situations the following variants are provided: |"; \ - echo "| |"; \ - echo "| % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) |"; \ - echo "| % make certificate TYPE=test (test cert signed by Snake Oil CA) |"; \ - echo "| % make certificate TYPE=custom (custom cert signed by own CA) |"; \ - echo "| % make certificate TYPE=existing (existing cert) |"; \ - echo "| CRT=/path/to/your.crt [KEY=/path/to/your.key] |"; \ - echo "| |"; \ - echo "| Use TYPE=dummy when you're a vendor package maintainer, |"; \ - echo "| the TYPE=test when you're an admin but want to do tests only, |"; \ - echo "| the TYPE=custom when you're an admin willing to run a real server |"; \ - echo "| and TYPE=existing when you're an admin who upgrades a server. |"; \ - echo "| (The default is TYPE=test) |"; \ - echo "| |"; \ - echo "| Additionally add ALGO=RSA (default) or ALGO=DSA to select |"; \ - echo "| the signature algorithm used for the generated certificate. |"; \ - echo "| |"; \ - echo "| Use 'make certificate VIEW=1' to display the generated data. |"; \ - echo "| |"; \ - echo "| Thanks for using Apache & mod_ssl. Ralf S. Engelschall |"; \ - echo "| rse@engelschall.com |"; \ - echo "| www.engelschall.com |"; \ - echo "+---------------------------------------------------------------------+"; \ - fi \ - fi \ - fi - -certificate: - @cd $(TOP)/$(SRC); $(MAKE) $(MFLAGS) certificate TYPE="$(TYPE)" ALGO="$(ALGO)" CRT="$(CRT)" KEY="$(KEY)" VIEW="$(VIEW)" - -## ------------------------------------------------------------------ -## Installation Targets -## ------------------------------------------------------------------ - -# indirection step to avoid conflict with INSTALL document -# on case-insenstive filesystems, for instance on OS/2 -install: install-all - -# the install target for installing the complete Apache -# package. This is implemented by running subtargets for the -# separate parts of the installation process. -install-all: - @if [ ! -f $(TOP)/$(SRC)/.apaci.build.ok ]; then \ - $(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) build; \ - else \ - :; \ - fi - @$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) \ - install-mktree install-programs $(install-support) \ - install-include install-data install-config - -@$(RM) $(SRC)/.apaci.install.tmp - -@$(RM) $(SRC)/.apaci.install.conf - -@if [ ".$(QUIET)" != .1 ]; then \ - if [ ".$(TARGET)" = .httpd ]; then \ - apachectl='apachectl'; \ - else \ - apachectl="$(TARGET)ctl"; \ - fi; \ - echo "+--------------------------------------------------------+"; \ - echo "| You now have successfully built and installed the |"; \ - echo "| Apache 1.3 HTTP server. To verify that Apache actually |"; \ - echo "| works correctly you now should first check the |"; \ - echo "| (initially created or preserved) configuration files |"; \ - echo "| |"; \ - echo "| $(sysconfdir)/$(TARGET).conf"; \ - echo "| |"; \ - echo "| and then you should be able to immediately fire up |"; \ - echo "| Apache the first time by running: |"; \ - echo "| |"; \ - echo "| $(sbindir)/$${apachectl} start"; \ - echo "| |"; \ - echo "| Or when you want to run it with SSL enabled use: |"; \ - echo "| |"; \ - echo "| $(sbindir)/$${apachectl} startssl"; \ - echo "| |"; \ - echo "| Thanks for using Apache. The Apache Group |"; \ - echo "| http://www.apache.org/ |"; \ - echo "+--------------------------------------------------------+"; \ - fi - -# the non-verbose variant for package maintainers -install-quiet: - @$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) QUIET=1 install-all - -# create the installation tree -install-mktree: - @echo "===> [mktree: Creating Apache installation tree]" - $(MKDIR) $(root)$(bindir) - $(MKDIR) $(root)$(sbindir) - $(MKDIR) $(root)$(libexecdir) - $(MKDIR) $(root)$(mandir)/man1 - $(MKDIR) $(root)$(mandir)/man8 - $(MKDIR) $(root)$(sysconfdir) - $(MKDIR) $(root)$(sysconfdir)/ssl.crt - $(MKDIR) $(root)$(sysconfdir)/ssl.crl - $(MKDIR) $(root)$(sysconfdir)/ssl.csr - $(MKDIR) $(root)$(sysconfdir)/ssl.key - $(MKDIR) $(root)$(sysconfdir)/ssl.prm - $(MKDIR) $(root)$(htdocsdir) - $(MKDIR) $(root)$(manualdir) - $(MKDIR) $(root)$(iconsdir) - $(MKDIR) $(root)$(cgidir) - $(MKDIR) $(root)$(includedir) - $(MKDIR) $(root)$(includedir)/xml - $(MKDIR) $(root)$(runtimedir) - $(MKDIR) $(root)$(logfiledir) - $(MKDIR) $(root)$(proxycachedir) - -@if [ "x`$(SHELL) $(AUX)/getuid.sh`" = "x0" ]; then \ - echo "chown $(conf_user) $(root)$(proxycachedir)"; \ - chown $(conf_user) $(root)$(proxycachedir); \ - echo "chgrp $(conf_group) $(root)$(proxycachedir)"; \ - chgrp "$(conf_group)" $(root)$(proxycachedir); \ - fi - @echo "<=== [mktree]" - -# install the server program and optionally corresponding -# shared object files. -install-programs: - @echo "===> [programs: Installing Apache $(TARGET) program and shared objects]" - -@if [ ".`grep '^[ ]*AddModule.*mod_so\.o' $(TOP)/$(SRC)/Configuration.apaci`" != . ]; then \ - echo "$(INSTALL_CORE) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET)"; \ - $(INSTALL_CORE) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET); \ - SHLIB_EXPORT_FILES="`grep '^SHLIB_EXPORT_FILES=' $(TOP)/$(SRC)/Makefile | sed -e 's:^.*=::'`"; \ - if [ ".$${SHLIB_EXPORT_FILES}" != . ]; then \ - $(CP) $(TOP)/$(SRC)/support/httpd.exp $(root)$(libexecdir)/; \ - chmod 644 $(root)$(libexecdir)/httpd.exp; \ - fi; \ - else \ - echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET)"; \ - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/$(TARGET) $(root)$(sbindir)/$(TARGET); \ - fi - -@if [ ".`grep 'SUBTARGET=target_shared' $(TOP)/$(SRC)/Makefile`" != . ]; then \ - SHLIB_SUFFIX_NAME="`grep '^SHLIB_SUFFIX_NAME=' $(TOP)/$(SRC)/Makefile | sed -e 's:^.*=::'`"; \ - SHLIB_SUFFIX_LIST="`grep '^SHLIB_SUFFIX_LIST=' $(TOP)/$(SRC)/Makefile | sed -e 's:^.*=::'`"; \ - echo "$(INSTALL_CORE) $(TOP)/$(SRC)/lib$(TARGET).ep $(root)$(libexecdir)/lib$(TARGET).ep"; \ - $(INSTALL_CORE) $(TOP)/$(SRC)/lib$(TARGET).ep $(root)$(libexecdir)/lib$(TARGET).ep; \ - echo "$(INSTALL_DSO) $(TOP)/$(SRC)/lib$(TARGET).$${SHLIB_SUFFIX_NAME} $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}"; \ - $(INSTALL_DSO) $(TOP)/$(SRC)/lib$(TARGET).$${SHLIB_SUFFIX_NAME} $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}; \ - if [ ".$${SHLIB_SUFFIX_LIST}" != . ]; then \ - echo "$(RM) $(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}.*"; \ - $(RM) $(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}.*; \ - for suffix in $${SHLIB_SUFFIX_LIST} ""; do \ - [ ".$${suffix}" = . ] && continue; \ - echo "$(LN) $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME} $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}.$${suffix}"; \ - $(LN) $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME} $(root)$(libexecdir)/lib$(TARGET).$${SHLIB_SUFFIX_NAME}.$${suffix}; \ - done; \ - fi; \ - fi - $(INSTALL_DATA) $(TOP)/$(SRC)/support/httpd.8 $(root)$(mandir)/man8/$(TARGET).8 - -@$(RM) $(SRC)/.apaci.install.conf; touch $(SRC)/.apaci.install.conf - -@if [ ".`grep '^[ ]*SharedModule' $(TOP)/$(SRC)/Configuration.apaci`" != . ]; then \ - for mod in `egrep '^[ ]*SharedModule' $(TOP)/$(SRC)/Configuration.apaci |\ - sed -e 's/^[ ]*SharedModule[ ]*//'`; do \ - file=`echo $${mod} | sed -e 's;^.*/\([^/]*\);\1;'`; \ - echo "$(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}"; \ - $(INSTALL_DSO) $(TOP)/$(SRC)/$${mod} $(root)$(libexecdir)/$${file}; \ - name=`$(SHELL) $(TOP)/$(AUX)/fmn.sh $(TOP)/$(SRC)/$${mod}`; \ - if [ ".$$name" = .ssl_module ]; then \ - echo "" >>$(SRC)/.apaci.install.conf; \ - fi; \ - echo dummy | awk '{ printf("LoadModule %-18s %s\n", modname, modpath); }' \ - modname="$${name}" modpath="$(libexecdir_relative)$${file}" >>$(SRC)/.apaci.install.conf; \ - if [ ".$$name" = .ssl_module ]; then \ - echo "" >>$(SRC)/.apaci.install.conf; \ - fi; \ - done; \ - echo "" >>$(SRC)/.apaci.install.conf; \ - echo "# Reconstruction of the complete module list from all available modules" >>$(SRC)/.apaci.install.conf; \ - echo "# (static and shared ones) to achieve correct module execution order." >>$(SRC)/.apaci.install.conf; \ - echo "# [WHENEVER YOU CHANGE THE LOADMODULE SECTION ABOVE UPDATE THIS, TOO]" >>$(SRC)/.apaci.install.conf; \ - echo "ClearModuleList" >>$(SRC)/.apaci.install.conf; \ - for mod in `egrep "^[ ]*(Add|Shared)Module" $(SRC)/Configuration.apaci |\ - sed -e 's:[ ]*SharedModule::' \ - -e 's:[ ]*AddModule::' \ - -e 's:modules/[^/]*/::' \ - -e 's:[ ]lib: mod_:' \ - -e 's:\.[soam]*$$:.c:'`; do \ - if [ ".$$mod" = .mod_ssl.c ]; then \ - echo "" >>$(SRC)/.apaci.install.conf; \ - fi; \ - echo "AddModule $$mod" >>$(SRC)/.apaci.install.conf; \ - if [ ".$$mod" = .mod_ssl.c ]; then \ - echo "" >>$(SRC)/.apaci.install.conf; \ - fi; \ - done; \ - fi - @echo "<=== [programs]" - -# install the support programs and scripts -install-support: - @echo "===> [support: Installing Apache support programs and scripts]" - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/ab $(root)$(sbindir)/ab - $(INSTALL_DATA) $(TOP)/$(SRC)/support/ab.8 $(root)$(mandir)/man8/ab.8 - @if [ ".$(TARGET)" = .httpd ]; then \ - apachectl='apachectl'; \ - else \ - apachectl="$(TARGET)ctl"; \ - fi; \ - echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apachectl[*] $(root)$(sbindir)/$${apachectl}"; \ - sed -e 's;PIDFILE=.*;PIDFILE=$(runtimedir)/$(TARGET).pid;' \ - -e 's;HTTPD=.*;HTTPD=$(sbindir)/$(TARGET);' \ - < $(TOP)/$(SRC)/support/apachectl > $(TOP)/$(SRC)/.apaci.install.tmp && \ - $(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sbindir)/$${apachectl}; \ - echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/apachectl.8 $(root)$(mandir)/man8/$${apachectl}.8"; \ - $(INSTALL_DATA) $(TOP)/$(SRC)/support/apachectl.8 $(root)$(mandir)/man8/$${apachectl}.8 - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/checkgid $(root)$(bindir)/checkgid - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/htpasswd $(root)$(bindir)/htpasswd - $(INSTALL_DATA) $(TOP)/$(SRC)/support/htpasswd.1 $(root)$(mandir)/man1/htpasswd.1 - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/htdigest $(root)$(bindir)/htdigest - $(INSTALL_DATA) $(TOP)/$(SRC)/support/htdigest.1 $(root)$(mandir)/man1/htdigest.1 - @echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/dbmmanage[*] $(root)$(bindir)/dbmmanage"; \ - sed -e 's;^#!/.*;#!$(PERL);' \ - < $(TOP)/$(SRC)/support/dbmmanage > $(TOP)/$(SRC)/.apaci.install.tmp && \ - $(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(bindir)/dbmmanage - $(INSTALL_DATA) $(TOP)/$(SRC)/support/dbmmanage.1 $(root)$(mandir)/man1/dbmmanage.1 - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/logresolve $(root)$(sbindir)/logresolve - $(INSTALL_DATA) $(TOP)/$(SRC)/support/logresolve.8 $(root)$(mandir)/man8/logresolve.8 - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/rotatelogs $(root)$(sbindir)/rotatelogs - $(INSTALL_DATA) $(TOP)/$(SRC)/support/rotatelogs.8 $(root)$(mandir)/man8/rotatelogs.8 - @echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apxs[*] $(root)$(sbindir)/apxs"; \ - sed -e 's;^#!/.*;#!$(PERL);' \ - -e 's;\@prefix\@;$(prefix);' \ - -e 's;\@sbindir\@;$(sbindir);' \ - -e 's;\@libexecdir\@;$(libexecdir);' \ - -e 's;\@includedir\@;$(includedir);' \ - -e 's;\@sysconfdir\@;$(sysconfdir);' \ - < $(TOP)/$(SRC)/support/apxs > $(TOP)/$(SRC)/.apaci.install.tmp && \ - $(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sbindir)/apxs - $(INSTALL_DATA) $(TOP)/$(SRC)/support/apxs.8 $(root)$(mandir)/man8/apxs.8 - -@if [ ".$(suexec)" = .1 ]; then \ - echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \ - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \ - echo "chown root $(root)$(sbindir)/suexec"; \ - chown root $(root)$(sbindir)/suexec; \ - echo "chmod 4711 $(root)$(sbindir)/suexec"; \ - chmod 4711 $(root)$(sbindir)/suexec; \ - echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \ - $(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \ - fi - @echo "<=== [support]" - -# install the support programs and scripts for binary distribution -install-binsupport: - @echo "===> [support: Installing Apache support programs and scripts for binary distribution]" - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/ab $(root)$(sbindir)/ab - $(INSTALL_DATA) $(TOP)/$(SRC)/support/ab.8 $(root)$(mandir)/man8/ab.8 - @if [ ".$(TARGET)" = .httpd ]; then \ - apachectl='apachectl'; \ - else \ - apachectl="$(TARGET)ctl"; \ - fi; \ - echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apachectl[*] $(root)$(sbindir)/$${apachectl}"; \ - sed -e 's;PIDFILE=.*;PIDFILE=$(runtimedir)/$(TARGET).pid;' \ - -e 's;HTTPD=.*;HTTPD=$(sbindir)/$(TARGET);' \ - < $(TOP)/$(SRC)/support/apachectl > $(TOP)/$(SRC)/.apaci.install.tmp && \ - $(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sbindir)/$${apachectl}; \ - echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/apachectl.8 $(root)$(mandir)/man8/$${apachectl}.8"; \ - $(INSTALL_DATA) $(TOP)/$(SRC)/support/apachectl.8 $(root)$(mandir)/man8/$${apachectl}.8 - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/checkgid $(root)$(bindir)/checkgid - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/htpasswd $(root)$(bindir)/htpasswd - $(INSTALL_DATA) $(TOP)/$(SRC)/support/htpasswd.1 $(root)$(mandir)/man1/htpasswd.1 - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/htdigest $(root)$(bindir)/htdigest - $(INSTALL_DATA) $(TOP)/$(SRC)/support/htdigest.1 $(root)$(mandir)/man1/htdigest.1 - @echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/dbmmanage[*] $(root)$(bindir)/dbmmanage"; \ - $(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/dbmmanage $(root)$(bindir)/dbmmanage - $(INSTALL_DATA) $(TOP)/$(SRC)/support/dbmmanage.1 $(root)$(mandir)/man1/dbmmanage.1 - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/logresolve $(root)$(sbindir)/logresolve - $(INSTALL_DATA) $(TOP)/$(SRC)/support/logresolve.8 $(root)$(mandir)/man8/logresolve.8 - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/rotatelogs $(root)$(sbindir)/rotatelogs - $(INSTALL_DATA) $(TOP)/$(SRC)/support/rotatelogs.8 $(root)$(mandir)/man8/rotatelogs.8 - @echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apxs[*] $(root)$(sbindir)/apxs"; \ - $(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apxs $(root)$(sbindir)/apxs - $(INSTALL_DATA) $(TOP)/$(SRC)/support/apxs.8 $(root)$(mandir)/man8/apxs.8 - -@if [ ".$(suexec)" = .1 ]; then \ - echo "$(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec"; \ - $(INSTALL_PROGRAM) $(TOP)/$(SRC)/support/suexec $(root)$(sbindir)/suexec; \ - echo "chown root $(root)$(sbindir)/suexec"; \ - chown root $(root)$(sbindir)/suexec; \ - echo "chmod 4711 $(root)$(sbindir)/suexec"; \ - chmod 4711 $(root)$(sbindir)/suexec; \ - echo "$(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8"; \ - $(INSTALL_DATA) $(TOP)/$(SRC)/support/suexec.8 $(root)$(mandir)/man8/suexec.8; \ - fi - @echo "<=== [support]" - -# install the Apache C header files -install-include: - @echo "===> [include: Installing Apache C header files]" - $(CP) $(TOP)/$(SRC)/include/*.h $(root)$(includedir)/ - $(CP) $(TOP)/$(SRC)/lib/expat-lite/*.h $(root)$(includedir)/xml/ - @osdir=`grep '^OSDIR=' $(TOP)/$(SRC)/Makefile.config | sed -e 's:^OSDIR=.*/os/:os/:'`; \ - echo "$(CP) $(TOP)/$(SRC)/$${osdir}/os.h $(root)$(includedir)/"; \ - $(CP) $(TOP)/$(SRC)/$${osdir}/os.h $(root)$(includedir)/; \ - echo "$(CP) $(TOP)/$(SRC)/$${osdir}/os-inline.c $(root)$(includedir)/"; \ - $(CP) $(TOP)/$(SRC)/$${osdir}/os-inline.c $(root)$(includedir)/ - chmod 644 $(root)$(includedir)/*.h $(root)$(includedir)/xml/*.h - @echo "<=== [include]" - -# create an initial document root containing the Apache manual, -# icons and distributed CGI scripts. -install-data: - @echo "===> [data: Installing initial data files]" - -@if [ -f $(root)$(htdocsdir)/index.html ] || [ -f $(root)$(htdocsdir)/index.html.en ]; then \ - echo "[PRESERVING EXISTING DATA SUBDIR: $(root)$(htdocsdir)/]"; \ - else \ - echo "Copying tree $(TOP)/htdocs/ -> $(root)$(htdocsdir)/"; \ - (cd $(TOP)/htdocs/ && $(TAR) $(TAROPT) - index* apache_pb.* ) |\ - (cd $(root)$(htdocsdir)/ && $(TAR) -xf -); \ - find $(root)$(htdocsdir)/ -type d -exec chmod a+rx {} \; ; \ - find $(root)$(htdocsdir)/ -type f -print | xargs chmod a+r ; \ - fi - -@if [ -d $(TOP)/htdocs/manual ]; then \ - echo "Copying tree $(TOP)/htdocs/manual -> $(root)/$(manualdir)/"; \ - (cd $(TOP)/htdocs/manual/ && $(TAR) $(TAROPT) - *) |\ - (cd $(root)$(manualdir)/ && $(TAR) -xf -); \ - find $(root)$(manualdir)/ -type d -exec chmod a+rx {} \; ; \ - find $(root)$(manualdir)/ -type f -print | xargs chmod a+r ; \ - fi - -@if [ -f $(root)$(cgidir)/printenv ]; then \ - echo "[PRESERVING EXISTING CGI SUBDIR: $(root)$(cgidir)/]"; \ - else \ - for script in printenv test-cgi; do \ - cat $(TOP)/cgi-bin/$${script} |\ - sed -e 's;^#!/.*perl;#!$(PERL);' \ - > $(TOP)/$(SRC)/.apaci.install.tmp; \ - echo "$(INSTALL_DATA) $(TOP)/conf/$${script}[*] $(root)$(cgidir)/$${script}"; \ - $(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(cgidir)/$${script}; \ - done; \ - fi - @echo "Copying tree $(TOP)/icons/ -> $(root)$(iconsdir)/"; \ - (cd $(TOP)/icons/ && $(TAR) $(TAROPT) - *) |\ - (cd $(root)$(iconsdir)/ && $(TAR) -xf -); \ - find $(root)$(iconsdir)/ -type d -exec chmod a+rx {} \; ;\ - find $(root)$(iconsdir)/ -type f -exec chmod a+r {} \; - @echo "<=== [data]" - -# create the initial configuration by providing default files -# and initial config files while preserving existing ones. -install-config: - @echo "===> [config: Installing Apache configuration files]" - -@for conf in httpd.conf access.conf srm.conf; do \ - if [ .$$conf = .httpd.conf ]; then \ - target_conf="$(TARGET).conf"; \ - else \ - target_conf="$$conf"; \ - fi; \ - if [ ".$(TARGET)" = .httpd ]; then \ - target_prefix=""; \ - else \ - target_prefix="$(TARGET)_"; \ - fi; \ - (echo "##"; \ - echo "## $${target_conf} -- Apache HTTP server configuration file"; \ - echo "##"; \ - echo ""; \ - cat $(TOP)/conf/$${conf}-dist ) |\ - sed -e '/# LoadModule/r $(TOP)/$(SRC)/.apaci.install.conf' \ - -e "s;logs/ssl_mutex;$(runtimedir)/$${target_prefix}ssl_mutex;" \ - -e "s;logs/ssl_scache;$(runtimedir)/$${target_prefix}ssl_scache;" \ - -e "s;logs/ssl_engine_log;$(logfiledir)/$${target_prefix}ssl_engine_log;" \ - -e "s;logs/ssl_request_log;$(logfiledir)/$${target_prefix}ssl_request_log;" \ - -e 's;@@ServerRoot@@/conf/ssl.crt;$(sysconfdir)/ssl.crt;' \ - -e 's;@@ServerRoot@@/conf/ssl.crl;$(sysconfdir)/ssl.crl;' \ - -e 's;@@ServerRoot@@/conf/ssl.csr;$(sysconfdir)/ssl.csr;' \ - -e 's;@@ServerRoot@@/conf/ssl.key;$(sysconfdir)/ssl.key;' \ - -e 's;@@ServerRoot@@/conf/ssl.prm;$(sysconfdir)/ssl.prm;' \ - -e 's;@@ServerRoot@@/htdocs/manual;$(manualdir);' \ - -e 's;@@ServerRoot@@/htdocs;$(htdocsdir);' \ - -e 's;@@ServerRoot@@/icons;$(iconsdir);' \ - -e 's;@@ServerRoot@@/cgi-bin;$(cgidir);' \ - -e 's;@@ServerRoot@@/proxy;$(proxycachedir);' \ - -e 's;@@ServerRoot@@;$(prefix);g' \ - -e 's;httpd\.conf;$(TARGET).conf;' \ - -e 's;logs/accept\.lock;$(runtimedir)/$(TARGET).lock;' \ - -e 's;logs/apache_runtime_status;$(runtimedir)/$(TARGET).scoreboard;' \ - -e 's;logs/httpd\.pid;$(runtimedir)/$(TARGET).pid;' \ - -e "s;logs/access_log;$(logfiledir)/$${target_prefix}access_log;" \ - -e "s;logs/error_log;$(logfiledir)/$${target_prefix}error_log;" \ - -e "s;logs/referer_log;$(logfiledir)/$${target_prefix}referer_log;" \ - -e "s;logs/agent_log;$(logfiledir)/$${target_prefix}agent_log;" \ - -e 's;conf/magic;$(sysconfdir)/magic;' \ - -e 's;conf/srm.conf;$(sysconfdir)/srm.conf;' \ - -e 's;conf/access.conf;$(sysconfdir)/access.conf;' \ - -e 's;conf/mime\.types;$(sysconfdir)/mime.types;' \ - -e 's;User nobody;User $(conf_user);' \ - -e 's;Group #-1;Group $(conf_group);' \ - -e 's;^Group "#-1";Group $(conf_group);' \ - -e 's;Port 80;Port $(conf_port);' \ - -e 's;Listen 80;Listen $(conf_port);' \ - -e 's;Listen 443;Listen $(conf_port_ssl);' \ - -e 's;ServerAdmin you@your.address;ServerAdmin $(conf_serveradmin);' \ - -e 's;ServerName new.host.name;ServerName $(conf_servername);' \ - -e 's;VirtualHost _default_:443;VirtualHost _default_:$(conf_port_ssl);' \ - > $(TOP)/$(SRC)/.apaci.install.tmp && \ - echo "$(INSTALL_DATA) $(TOP)/conf/$${conf}-dist[*] $(root)$(sysconfdir)/$${target_conf}.default"; \ - $(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sysconfdir)/$${target_conf}.default; \ - if [ ! -f "$(root)$(sysconfdir)/$${target_conf}" ]; then \ - echo "$(INSTALL_DATA) $(TOP)/conf/$${conf}-dist[*] $(root)$(sysconfdir)/$${target_conf}"; \ - $(INSTALL_DATA) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sysconfdir)/$${target_conf}; \ - else \ - echo "[PRESERVING EXISTING CONFIG FILE: $(root)$(sysconfdir)/$${target_conf}]"; \ - fi; \ - done - -@for conf in mime.types magic; do \ - echo "$(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}.default"; \ - $(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}.default; \ - if [ ! -f "$(root)$(sysconfdir)/$${conf}" ]; then \ - echo "$(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}"; \ - $(INSTALL_DATA) $(TOP)/conf/$${conf} $(root)$(sysconfdir)/$${conf}; \ - else \ - echo "[PRESERVING EXISTING CONFIG FILE: $(root)$(sysconfdir)/$${conf}]"; \ - fi; \ - done - -@if [ ".$(ssl)" = .1 ]; then \ - echo "chmod 755 $(root)$(sysconfdir)/ssl.crt"; \ - chmod 755 $(root)$(sysconfdir)/ssl.crt; \ - echo "chmod 755 $(root)$(sysconfdir)/ssl.crl"; \ - chmod 755 $(root)$(sysconfdir)/ssl.crl; \ - echo "chmod 755 $(root)$(sysconfdir)/ssl.csr"; \ - chmod 755 $(root)$(sysconfdir)/ssl.csr; \ - echo "chmod 700 $(root)$(sysconfdir)/ssl.key"; \ - chmod 700 $(root)$(sysconfdir)/ssl.key; \ - echo "chmod 755 $(root)$(sysconfdir)/ssl.prm"; \ - chmod 755 $(root)$(sysconfdir)/ssl.prm; \ - if [ ! -f "$(root)$(sysconfdir)/ssl.crt/README.CRT" ]; then \ - echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crt/README.CRT $(root)$(sysconfdir)/ssl.crt/README.CRT"; \ - $(INSTALL) $(TOP)/conf/ssl.crt/README.CRT $(root)$(sysconfdir)/ssl.crt/README.CRT; \ - echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crt/Makefile $(root)$(sysconfdir)/ssl.crt/Makefile"; \ - $(INSTALL) $(TOP)/conf/ssl.crt/Makefile $(root)$(sysconfdir)/ssl.crt/Makefile; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/ca-bundle.crt $(root)$(sysconfdir)/ssl.crt/ca-bundle.crt"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.crt/ca-bundle.crt $(root)$(sysconfdir)/ssl.crt/ca-bundle.crt; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-rsa.crt"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-rsa.crt; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-dsa.crt"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-ca-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-ca-dsa.crt; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-rsa.crt"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-rsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-rsa.crt; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/snakeoil-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-dsa.crt"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.crt/snakeoil-dsa.crt $(root)$(sysconfdir)/ssl.crt/snakeoil-dsa.crt; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/server.crt $(root)$(sysconfdir)/ssl.crt/server.crt"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.crt/server.crt $(root)$(sysconfdir)/ssl.crt/server.crt; \ - if [ -f "$(TOP)/conf/ssl.crt/ca.crt" ]; then \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.crt/ca.crt $(root)$(sysconfdir)/ssl.crt/ca.crt"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.crt/ca.crt $(root)$(sysconfdir)/ssl.crt/ca.crt; \ - fi; \ - else \ - echo "[PRESERVING EXISTING CERTIFICATE FILES: $(root)$(sysconfdir)/ssl.crt/*]"; \ - fi; \ - echo "Updating hash symlinks in $(root)$(sysconfdir)/ssl.crt/:"; \ - SSL_PROGRAM="`grep '^SSL_PROGRAM=' $(TOP)/$(SRC)/Makefile.config | sed -e 's:^.*=::'`"; \ - (cd $(root)$(sysconfdir)/ssl.crt/ && $(MAKE) $(MFLAGS) SSL_PROGRAM=$$SSL_PROGRAM); \ - if [ ! -f "$(root)$(sysconfdir)/ssl.csr/README.CSR" ]; then \ - echo "$(INSTALL_DATA) $(TOP)/conf/ssl.csr/README.CSR $(root)$(sysconfdir)/ssl.csr/README.CSR"; \ - $(INSTALL) $(TOP)/conf/ssl.csr/README.CSR $(root)$(sysconfdir)/ssl.csr/README.CSR; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.csr/server.csr $(root)$(sysconfdir)/ssl.csr/server.csr"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.csr/server.csr $(root)$(sysconfdir)/ssl.csr/server.csr; \ - else \ - echo "[PRESERVING EXISTING CSR FILES: $(root)$(sysconfdir)/ssl.csr/*]"; \ - fi; \ - if [ ! -f "$(root)$(sysconfdir)/ssl.crl/README.CRL" ]; then \ - echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crl/README.CRL $(root)$(sysconfdir)/ssl.crl/README.CRL"; \ - $(INSTALL) $(TOP)/conf/ssl.crl/README.CRL $(root)$(sysconfdir)/ssl.crl/README.CRL; \ - echo "$(INSTALL_DATA) $(TOP)/conf/ssl.crl/Makefile $(root)$(sysconfdir)/ssl.crl/Makefile"; \ - $(INSTALL) $(TOP)/conf/ssl.crl/Makefile $(root)$(sysconfdir)/ssl.crl/Makefile; \ - else \ - echo "[PRESERVING EXISTING CRL FILES: $(root)$(sysconfdir)/ssl.crl/*]"; \ - fi; \ - if [ ! -f "$(root)$(sysconfdir)/ssl.key/README.KEY" ]; then \ - echo "$(INSTALL_DATA) $(TOP)/conf/ssl.key/README.KEY $(root)$(sysconfdir)/ssl.key/README.KEY"; \ - $(INSTALL) $(TOP)/conf/ssl.key/README.KEY $(root)$(sysconfdir)/ssl.key/README.KEY; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-rsa.key"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-rsa.key; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-dsa.key"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-ca-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-ca-dsa.key; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-rsa.key"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-rsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-rsa.key; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/snakeoil-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-dsa.key"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.key/snakeoil-dsa.key $(root)$(sysconfdir)/ssl.key/snakeoil-dsa.key; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/server.key $(root)$(sysconfdir)/ssl.key/server.key"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.key/server.key $(root)$(sysconfdir)/ssl.key/server.key; \ - if [ -f "$(TOP)/conf/ssl.key/ca.key" ]; then \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.key/ca.key $(root)$(sysconfdir)/ssl.key/ca.key"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.key/ca.key $(root)$(sysconfdir)/ssl.key/ca.key; \ - fi; \ - else \ - echo "[PRESERVING EXISTING KEY FILES: $(root)$(sysconfdir)/ssl.key/*]"; \ - fi; \ - if [ ! -f "$(root)$(sysconfdir)/ssl.prm/README.PRM" ]; then \ - echo "$(INSTALL_DATA) $(TOP)/conf/ssl.prm/README.PRM $(root)$(sysconfdir)/ssl.prm/README.PRM"; \ - $(INSTALL) $(TOP)/conf/ssl.prm/README.PRM $(root)$(sysconfdir)/ssl.prm/README.PRM; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.prm/snakeoil-ca-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-ca-dsa.prm"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.prm/snakeoil-ca-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-ca-dsa.prm; \ - echo "$(INSTALL_DATA) -m 400 $(TOP)/conf/ssl.prm/snakeoil-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-dsa.prm"; \ - $(INSTALL) -m 400 $(TOP)/conf/ssl.prm/snakeoil-dsa.prm $(root)$(sysconfdir)/ssl.prm/snakeoil-dsa.prm; \ - else \ - echo "[PRESERVING EXISTING PRM FILES: $(root)$(sysconfdir)/ssl.prm/*]"; \ - fi; \ - fi - @echo "<=== [config]" - - -## ------------------------------------------------------------------ -## Cleanup Targets -## ------------------------------------------------------------------ - -# cleanup the source tree by removing anything which was -# created by the build target -clean: - @echo "===> $(SRC)" - @$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) clean-std $(clean-support) - @echo "<=== $(SRC)" - @$(RM) $(TOP)/$(SRC)/.apaci.build.ok - -# clean the standard stuff -clean-std: - @cd $(TOP)/$(SRC); $(MAKE) $(MFLAGS) SDP=$(SRC)/ clean - -# clean additional support stuff -clean-support: - @echo "===> $(SRC)/support"; \ - cd $(TOP)/$(SRC)/support; $(MAKE) $(MFLAGS) clean; \ - if [ ".$(suexec)" = .1 ]; then \ - echo "$(RM) suexec"; \ - $(RM) suexec; \ - fi; \ - echo "<=== $(SRC)/support" - -# cleanup the source tree by removing anything which was -# created by the configure step and the build target. -# When --shadow is used we just remove the complete shadow tree. -distclean: - @if [ ".$(SRC)" = .src ]; then \ - $(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) distclean-normal; \ - else \ - $(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) distclean-shadow; \ - fi - -distclean-normal: - @echo "===> $(SRC)" - @$(MAKE) -f $(TOP)/$(MKF) $(MFLAGS) $(MFWD) distclean-std $(distclean-support) - @echo "<=== $(SRC)" - -$(RM) $(SRC)/Configuration.apaci - -$(RM) $(SRC)/apaci - @$(RM) $(SRC)/.apaci.build.ok - -$(RM) Makefile - -$(RM) config.status - -# clean the standard stuff -distclean-std: - @cd $(TOP)/$(SRC); $(MAKE) $(MFLAGS) SDP=$(SRC)/ distclean - -distclean-support: - @echo "===> $(SRC)/support"; \ - cd $(TOP)/$(SRC)/support; $(MAKE) $(MFLAGS) distclean; \ - if [ ".$(suexec)" = .1 ]; then \ - echo "$(RM) suexec"; \ - $(RM) suexec; \ - fi; \ - echo "<=== $(SRC)/support" - -distclean-shadow: - $(RM) -r $(SRC) - $(RM) $(TOP)/$(MKF) - -@if [ ".`ls $(TOP)/src.* 2>/dev/null`" = . ]; then \ - echo "$(RM) Makefile"; \ - $(RM) Makefile; \ - fi - diff --git a/usr.sbin/httpd/README b/usr.sbin/httpd/README deleted file mode 100644 index 26e7527e9ce..00000000000 --- a/usr.sbin/httpd/README +++ /dev/null @@ -1,64 +0,0 @@ - - Apache - Version 1.3 (and up) - - What is it? - ----------- - - Apache is an HTTP server designed as a plug-in replacement for - the NCSA server version 1.3 (or 1.4). It fixes numerous bugs in - the NCSA server and includes many frequently requested new - features, and has an API which allows it to be extended to meet - users' needs more easily. - - The Latest Version - ------------------ - - Details of the latest version can be found on the Apache HTTP - server project page under http://httpd.apache.org/. - - Documentation - ------------- - - The documentation available as of the date of this release is - also included, in HTML format, in the htdocs/manual/ directory. - For the most up-to-date documentation can be found on - http://httpd.apache.org/docs/. - - Installation - ------------ - - From Apache version 1.3 and up you have two possibilities to - build and install the Apache package: The old commonly known - but manual way from Apache 1.2 and below and the new - out-of-the-box way through the new Apache Autoconf-style - Interface (APACI). For detailed instructions see the file - INSTALL in this directory. - - Licensing - --------- - - Please see the file called LICENSE. - - Acknowledgments - ---------------- - - We wish to acknowledge the following copyrighted works that - make up portions of the Apache software: - - Portions of this software were developed at the National Center - for Supercomputing Applications (NCSA) at the University of - Illinois at Urbana-Champaign. - - This software contains code derived from the RSA Data Security - Inc. MD5 Message-Digest Algorithm, including various - modifications by Spyglass Inc., Carnegie Mellon University, and - Bell Communications Research, Inc (Bellcore). - - This package contains a modified version of software written and - copyrighted by Henry Spencer. Please see the file called - src/regex/COPYRIGHT. - - The NT port was started with code provided to the Apache Group - by Ambarish Malpani of ValiCert, Inc. (http://www.valicert.com/). - diff --git a/usr.sbin/httpd/README.IPv6 b/usr.sbin/httpd/README.IPv6 deleted file mode 100644 index 449559e2eef..00000000000 --- a/usr.sbin/httpd/README.IPv6 +++ /dev/null @@ -1,128 +0,0 @@ -$OpenBSD: README.IPv6,v 1.3 2008/12/03 15:43:17 sthen Exp $ - -IPv6 support for the OpenBSD httpd(8) - -To support IPv6 the apache module API/ABI had to be changed, to avoid -IPv4-dependent structure member variables (like use of u_long to hold -an IPv4 address, or whatever). Keep this in mind when writing new -modules or adding modules to the ports collection. - -Basically you can write IPv6 address where IPv4 address fits. - -extra command-line argument: - -4 Assume IPv4 address on ambiguous directives (default) - -6 Assume IPv6 address on ambiguous directives - -U Don't assume a specific address family on ambiguous - directives - - The above options can be used, for example, to disambiguate - "BindAddress *". - -base commands: - Listen - Listen is expanded to take one or two arguments. - Listen port - Listen address:port - Listen address port - This is to let you specify "Listen :: 80", since "Listen :::80" - won't work. - -mod_access: - deny from - allow from - "deny from" and "allow from" supports IPv6 addresses, under the - following forms: - {deny,allow} from v6addr - {deny,allow} from v6addr/v6mask - {deny,allow} from v6addr/prefixlen - Also, wildcard ("*") and string hostname matches IPv6 hosts as well. - -mod_proxy: - ProxyRequests on - http/ftp proxying for both IPv4 and IPv6 is possible. - Access control functions (NoProxy) are not updated yet. - - NOTE: for security reasons, we recommend you to filter out - outsider's access to your proxy, by directives like below: - - order deny,allow - deny from all - allow from 10.0.0.0/8 - allow from 3ffe:9999:8888:7777::/64 - - -virtual host: - If you would like to this feature, you must describe 'Listen' - part on configuration file explicitly. like below: - Listen :: 80 - Listen 0.0.0.0 80 - - NameVirtualHost - NameVirtualHost is expanded to take one more two arguments. - NameVirtualHost address - NameVirtualHost address:port - NameVirtualHost address port - This is to let you specify IPv6 address into address part. - - Note that, if a colon is found in the specified address string, - the code will to resolve the address in the following way: - 1. try to resolve as address:port (most of IPv6 address fails) - 2. if (1) is failed, try to resolve as address only - If there's ambiguity, i.e. 3ffe:0501::1:2, the address may not be - parsed as you expect (3ffe:0501::1 with port 2, or 3ffe:0501::1:2 - with default port). To get the right effect you are encouraged - to specify it without ambiguity. In IPv6 case "address port" - (specify address and port separated by a space) is the safest way. - - - If you would like to specify IPv6 numeric address in host part, - use bracketed format like below: - - Note: Now we DO NOT handle old non-bracketed format, - - so configuration file must be updated. - Note: The following is bad example to specify host ::1 port 80. - This will treated as host ::1:80. - - -logresolve (src/support) - error statistics in nameserver cache code is omitted. - -mod_unique_id - Originally mod_unique_id used IPv4 address as a seed for UNIQUE_ID, - and took IPv4 address registered onto DNS for the hostname (UNIX - hostname taken by gethostname(3)). Therefore, this does not work - for IPv6-only hosts as they do not have IPv4 address for them. - - Now, UNIQUE_ID can be generated using IPv6 address. IPv6 address can - be used as the seed for UNIQUE_ID. - Because of this, UNIQUE_ID will be longer than normal apache. This - may cause problem with some of the CGI scripts. - The preference of the addresses is based on the order returned - by getaddrinfo(). If your getaddrinfo() returns IPv4 address, IPv4 - adderss will be used as a seed. - Note that some of IPv6 addresses are "scoped"; If you happened to use - link-local or site-local address as a seed, the UNIQUE_ID may not be - worldwide unique. - - If longer UNIQUE_ID causes a problem, define SHORT_UNIQUE_ID in - mod_unique_id.c. In this case, length of UNIQUE_ID will be kept the - same. However, for IPv6 addresses mod_unique_id.c will use the last - 32bit (not the whole 128bit) as the seed. Therefore, there can be - collision in UNIQUE_ID. - - The behavior should be improved in the near future; we welcome your - inputs. - -configuration file - We do not support IPv4 mapped addresses (IPv6 address format like - ::ffff:10.1.1.1) in configuration file. - -Credit: - -This file is derived from the README.v6 file that accompanied the -original patchkit for Apache 1.3.9 from the KAME project. It was -written by Jun-ichiro itojun Hagino. - - http://www.kame.net/ - mailto:core@kame.net diff --git a/usr.sbin/httpd/README.SSL b/usr.sbin/httpd/README.SSL deleted file mode 100644 index 1256b4ea734..00000000000 --- a/usr.sbin/httpd/README.SSL +++ /dev/null @@ -1,148 +0,0 @@ - _ _ - _ __ ___ ___ __| | ___ ___| | mod_ssl - | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org - |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org - |_____| - _____________________________________________________________________________ - - ``All the good things you want - to do in your life have to be - started in the next few hours, - days or weeks.'' - -- Tom DeMarco - - ``The best SSL solution for - Apache money can't buy.'' - OVERVIEW - - Description - ___________ - - This Apache module provides strong cryptography for the Apache 1.3 webserver - via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS - v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL which - is based on SSLeay from Eric A. Young and Tim J. Hudson. - - The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was - originally derived from software developed by Ben Laurie for use in the - Apache-SSL HTTP server project. Additionally it uses a tool developed by - Larry Wall and David MacKenzie for use in the GNU project of the FSF. - - Features - ________ - - The mod_ssl package provides the following features: - - o Open-Source software (BSD-style license) - o Useable for both commercial and non-commercial use - o Available for both Unix and Win32 (Windows 95/98/NT) platforms - o 128-bit strong cryptography world-wide - o Support for SSLv2, SSLv3 and TLSv1 protocols - o Support for both RSA and Diffie-Hellman ciphers - o Clean reviewable ANSI C source code - o Clean Apache module architecture - o Integrates seamlessly into Apache through an Extended API (EAPI) - o Full Dynamic Shared Object (DSO) support - o Advanced pass-phrase handling for private keys - o X.509 certificate based authentication for both client and server - o X.509 certificate revocation list (CRL) support - o Support for per-URL renegotiation of SSL handshake parameters - o Support for explicit seeding of the PRNG from external sources - o Additional boolean-expression based access control facility - o Backward compatibility to other Apache SSL solutions - o Inter-process SSL session cache (DBM or Shared Memory based) - o Powerful dedicated SSL engine logging facility - o Simple and robust application to Apache source trees - o Fully integrated into the Apache 1.3 configuration mechanism - o Additional integration into the Apache Autoconf-style Interface (APACI) - o Assistance in X.509v3 certificate generation (both RSA and DSA) - o Experimental support for external Crypto Devices (OpenSSL ENGINE) - - Disclaimer - __________ - - But the price you have to pay for getting a free SSL implementation for - Apache is the following: - - THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY EXPRESSED - OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN - NO EVENT SHALL RALF S. ENGELSCHALL OR THEIR CONTRIBUTORS BE LIABLE FOR ANY - DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - Restrictions - ____________ - - Additionally you have to accept the following restriction: - - Please REMEMBER that export/import and/or use of cryptography software or - even just providing cryptography hooks is illegal in some parts of the - world. When you re-distribute this package or even email - patches/suggestions to the authors or other people PLEASE PAY CLOSE - ATTENTION TO ANY APPLICABLE EXPORT/IMPORT LAWS. The author of mod_ssl is not - liable for any violations you make here. So be carefully yourself. - - Security Concerns - _________________ - - You should be very sensible when using cryptography software, because just - running an SSL server _DOES NOT_ mean your system is then secure! This is - for a number of reasons. The following questions illustrate some of the - problems. - - o SSL itself may not be secure. People think it is, do you? - o Does this code implement SSL correctly? - o Have the authors of the various components put in back doors? - o Does the code take appropriate measures to keep private keys private? - To what extent is your cooperation in this process required? - o Is your system physically secure? - o Is your system appropriately secured from intrusion over the network? - o Whom do you trust? Do you understand the trust relationship involved - in SSL certificates? Do your system administrators? - o Are your keys, and keys you trust, generated careful enough to - avoid reverse engineering of the private keys? - o How do you obtain certificates, keys, and the like, securely? - o Can you trust your users to safeguard their private keys? - o Can you trust your browser to safeguard its generated private key? - - If you can't answer these questions to your personal satisfaction, then you - usually have a problem. Even if you can, you may still _NOT_ be secure. - Don't blame the authors if it all goes horribly wrong. Use it at your own - risk! - - Installation - ____________ - - For installing mod_ssl under Unix please read the document INSTALL, - for installing under Win32 read the document INSTALL.Win32. - - Compatibility - _____________ - - This module was developed and tested with Netscape Communicator 4.x, - Lynx 2.x and cURL 7.x under FreeBSD 2.2.x, 3.x and 4.x as the clients - only. But it should work with other Navigator/Communicator variants, - too. Even Internet Explorer users should be able to use this software. - - Resources - _________ - - For a large list of resources visit the web location - http://www.modssl.org/related/ There you can find a lot of hyperlinks to all - SSL-related things. - - Credits - _______ - - Special thanks to The Apache Group and the NCSA for Apache, to the OpenSSL - project for the SSL/TLS toolkit and especially to Eric A. Young and Tim J. - Hudson for SSLeay on which OpenSSL is based. And thanks also go to Ben - Laurie for the original Apache-SSL on which mod_ssl was originally based. - Without the effort of these people mod_ssl would not be possible. - diff --git a/usr.sbin/httpd/README.configure b/usr.sbin/httpd/README.configure deleted file mode 100644 index 3b512554c78..00000000000 --- a/usr.sbin/httpd/README.configure +++ /dev/null @@ -1,288 +0,0 @@ - - APACHE CONFIGURATION - - Apache 1.3 Autoconf-style Interface (APACI) - =========================================== - - APACI is an Autoconf-style interface for the Unix side of the Apache 1.3 - HTTP server source distribution. It is actually not GNU Autoconf-based, i.e. - the GNU Autoconf package itself is not used. Instead APACI just provides a - similar batch configuration interface and a corresponding out-of-the-box - build and installation procedure. - - The basic goal is to provide the following commonly known and expected - procedure for out-of-the-box building and installing a package like Apache: - - $ gunzip plus corresponding Makefile. and then - performs the complete build process inside this shadow tree. - - Dynamic Shared Object (DSO) support - ----------------------------------- - - Apache 1.3 supports building modules as shared objects on all major Unix - platforms (see section "Supported Platforms" in document - htdocs/manual/dso.html for details). APACI has a nice way of enabling the - building of DSO-based modules and automatically installing them: - - $ ./configure --prefix=/path/to/apache \ - --enable-module=rewrite \ - --enable-shared=rewrite - $ make - $ make install - - This builds and installs Apache with the default configuration except that - it adds the mod_rewrite module and automatically builds and installs it as a - DSO, so it is optionally available for loading under runtime. To make your - life even more easy APACI additionally inserts a corresponding `LoadModule' - line into the httpd.conf file in the installation phase. - - APACI also supports a variant of the --enable-shared option: - - $ ./configure --prefix=/path/to/apache \ - --enable-shared=max - $ make - $ make install - - This enables shared object building for the maximum of modules, i.e. all - enabled modules (--enable-module or the default set) except for mod_so - itself (the bootstrapping module for DSO support). So, to build a - full-powered Apache with maximum flexibility by building and installing most - of the modules, you can use: - - $ ./configure --prefix=/path/to/apache \ - --enable-module=most \ - --enable-shared=max - $ make - $ make install - - This first enables most of the modules (all modules except some problematic - ones like mod_auth_db which needs third party libraries not available on - every platform or mod_log_agent and mod_log_referer which are deprecated) - and then enables DSO support for all of them. This way you get all these - modules installed and you then can decide under runtime (via the - `LoadModule') directives which ones are actually used. This is especially - useful for vendor package maintainers to provide a flexible Apache package. - - On-the-fly added additional/private module - ------------------------------------------ - - For Apache there are a lot of modules flying around on the net which solve - particular problems. For a good reference see the Apache Module Registory at - http://modules.apache.org/ and the Apache Group's contribution directory at - http://www.apache.org/dist/contrib/modules/. These modules usually come in a - file named mod_foo.c. APACI supports adding these sources on-the-fly to the - build process: - - $ ./configure --prefix=/path/to/apache \ - --add-module=/path/to/mod_foo.c - $ make - $ make install - - This automatically copies mod_foo.c to src/modules/extra/, activates it in - the configuration and builds Apache with it. A very useful way is to combine - this with the DSO support: - - $ ./configure --prefix=/path/to/apache \ - --add-module=/path/to/mod_foo.c \ - --enable-shared=foo - $ make - $ make install - - This builds and installs Apache with the default set of modules, but - additionally builds mod_foo as a DSO and adds a `LoadModule' line to the - httpd.conf file to activate it for loading under runtime. - - Apache and mod_perl - ------------------- - - The Apache/Perl integration project (http://perl.apache.org/) from Doug - MacEachern is a very powerful approach to integrate - a Perl 5 interpreter into the Apache HTTP server both for running Perl - programs and for programming Apache modules in Perl. The distribution - mod_perl-1.XX.tar.gz can be found on http://perl.apache.org/src/. Here is - how you can build and install Apache with mod_perl: - - $ gunzip for detailed information about -# the directives. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# After this file is processed, the server will look for and process -# /var/www/conf/srm.conf and then /var/www/conf/access.conf -# unless you have overridden these with ResourceConfig and/or -# AccessConfig directives here. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/usr/local/apache" will be interpreted by the -# server as "/usr/local/apache/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# ServerType is either inetd, or standalone. Inetd mode is only supported on -# Unix platforms. -# -ServerType standalone - -# -# ServerTokens is either Full, OS, Minimal, or ProductOnly. -# The values define what version information is returned in the -# Server header in HTTP responses. -# -# ServerTokens ProductOnly - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at ); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "/var/www" - -# -# The LockFile directive sets the path to the lockfile used when Apache -# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or -# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at -# its default value. The main reason for changing it is if the logs -# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL -# DISK. The PID of the main server process is automatically appended to -# the filename. -# -#LockFile logs/accept.lock - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -PidFile logs/httpd.pid -# -# ScoreBoardFile: File used to store internal server process information. -# Not all architectures require this. But if yours does (you'll know because -# this file will be created when you run Apache) then you *must* ensure that -# no two invocations of Apache share the same scoreboard file. -# -ScoreBoardFile logs/apache_runtime_status - -# -# In the standard configuration, the server will process httpd.conf, -# srm.conf, and access.conf in that order. The latter two files are -# now deprecated and not installed any more, as it is recommended that -# all directives be kept in a single file for simplicity. -# -#ResourceConfig conf/srm.conf -#AccessConfig conf/access.conf - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 15 - -# -# Server-pool size regulation. Rather than making you guess how many -# server processes you need, Apache dynamically adapts to the load it -# sees --- that is, it tries to maintain enough server processes to -# handle the current load, plus a few spare servers to handle transient -# load spikes (e.g., multiple simultaneous requests from a single -# Netscape browser). -# -# It does this by periodically checking how many servers are waiting -# for a request. If there are fewer than MinSpareServers, it creates -# a new spare. If there are more than MaxSpareServers, some of the -# spares die off. The default values in httpd.conf-dist are probably OK -# for most sites. -# -MinSpareServers 5 -MaxSpareServers 10 - -# -# Number of servers to start initially --- should be a reasonable ballpark -# figure. -# -StartServers 5 - -# -# Limit on total number of servers running, i.e., limit on the number -# of clients who can simultaneously connect --- if this limit is ever -# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. -# It is intended mainly as a brake to keep a runaway server from taking -# the system with it as it spirals down... -# -MaxClients 150 - -# -# MaxRequestsPerChild: the number of requests each child process is -# allowed to process before the child dies. The child will exit so -# as to avoid problems after prolonged use when Apache (and maybe the -# libraries it uses) leak memory or other resources. On most systems, this -# isn't really needed, but a few (such as Solaris) do have notable leaks -# in the libraries. -# -MaxRequestsPerChild 0 - -# -# MaxFOOPerChild: these directives set the current and hard rlimits for -# the child processes. Attempts to exceed them will cause the OS to -# take appropriate action. See the setrlimit(2) and signal(3). -# -MaxCPUPerChild 0 -MaxDATAPerChild 0 -MaxNOFILEPerChild 0 -MaxRSSPerChild 0 -MaxSTACKPerChild 0 - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, in addition to the default. See also the -# directive. -# -#Listen 3000 -#Listen 12.34.56.78:80 - -# -# BindAddress: You can support virtual hosts with this option. This directive -# is used to tell the server which IP address to listen to. It can either -# contain "*", an IP address, or a fully qualified Internet domain name. -# See also the and Listen directives. -# -#BindAddress * - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Please read the file README.DSO in the Apache 1.3 distribution for more -# details about the DSO mechanism and run `httpd -l' for the list of already -# built-in (statically linked and thus always available) modules in your httpd -# binary. -# -# Note: The order is which modules are loaded is important. Don't change -# the order below without expert advice. -# -# Example: -# LoadModule foo_module libexec/mod_foo.so - -# "anonymous" user access to authenticated areas -# LoadModule anon_auth_module /usr/lib/apache/modules/mod_auth_anon.so - -# user authentication using Berkeley DB files -# LoadModule db_auth_module /usr/lib/apache/modules/mod_auth_db.so - -# user authentication using DBM files -# LoadModule dbm_auth_module /usr/lib/apache/modules/mod_auth_dbm.so - -# authentication using new-style MD5 Digest Authentication (experimental) -# LoadModule digest_auth_module /usr/lib/apache/modules/mod_auth_digest.so - -# CERN httpd metafile semantics -# LoadModule cern_meta_module /usr/lib/apache/modules/mod_cern_meta.so - -# configuration defines ($xxx) -# LoadModule define_module /usr/lib/apache/modules/mod_define.so - -# user authentication using old-style MD5 Digest Authentication -# LoadModule digest_module /usr/lib/apache/modules/mod_digest.so - -# generation of Expires HTTP headers according to user-specified criteria -# LoadModule expires_module /usr/lib/apache/modules/mod_expires.so - -# customization of HTTP response headers -# LoadModule headers_module /usr/lib/apache/modules/mod_headers.so - -# comprehensive overview of the server configuration -# LoadModule info_module /usr/lib/apache/modules/mod_info.so - -# logging of the client user agents (deprecated in favor of mod_log_config) -# LoadModule agent_log_module /usr/lib/apache/modules/mod_log_agent.so - -# logging of referers (deprecated in favor of mod_log_config) -# LoadModule referer_log_module /usr/lib/apache/modules/mod_log_referer.so - -# determining the MIME type of a file by looking at a few bytes of its contents -# LoadModule mime_magic_module /usr/lib/apache/modules/mod_mime_magic.so - -# mmap()ing of a statically configured list of frequently requested but -# not changed files (experimental) -# LoadModule mmap_static_module /usr/lib/apache/modules/mod_mmap_static.so - -# rule-based rewriting engine to rewrite requested URLs on the fly -# LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so - -# attempt to correct misspellings of URLs that users might have entered -# LoadModule speling_module /usr/lib/apache/modules/mod_speling.so - -# provides an environment variable with a unique identifier for each request -# LoadModule unique_id_module /usr/lib/apache/modules/mod_unique_id.so - -# uses cookies to provide for a clickstream log of user activity on a site -# LoadModule usertrack_module /usr/lib/apache/modules/mod_usertrack.so - -# dynamically configured mass virtual hosting -# LoadModule vhost_alias_module /usr/lib/apache/modules/mod_vhost_alias.so - -# caching proxy -# LoadModule proxy_module /usr/lib/apache/modules/libproxy.so - -# -# Include extra module configuration files -# -Include /var/www/conf/modules/*.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# If your ServerType directive (set earlier in the 'Global Environment' -# section) is set to "inetd", the next few directives don't have any -# effect since their settings are defined by the inetd configuration. -# Skip ahead to the ServerAdmin directive. -# - -# -# Port: The port to which the standalone server listens. For -# ports < 1023, you will need httpd to be run as root initially. -# -Port 80 - -## -## SSL Support -## -## When we also provide SSL we have to listen to the -## standard HTTP port (see above) and to the HTTPS port -## - -Listen 80 -Listen 443 - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# On OpenBSD, use user www, group www. -# -User www -Group www - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. -# -ServerAdmin you@your.address - -# -# ServerName allows you to set a host name which is sent back to clients for -# your server if it's different than the one the program would get (i.e., use -# "www" instead of the host's real name). -# -# Note: You cannot just invent host names and hope they work. The name you -# define here must be a valid DNS name for your host. If you don't understand -# this, ask your network administrator. -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address (e.g., http://123.45.67.89/) -# anyway, and this will make redirections work in a sensible way. -# -#ServerName new.host.name - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/htdocs" - -# -# Each directory to which Apache has access, can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# permissions. -# - - Options FollowSymLinks - AllowOverride None - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# - - -# -# This may also be "None", "All", or any combination of "Indexes", -# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# - Options Indexes FollowSymLinks - -# -# This controls which options the .htaccess files in directories can -# override. Can also be "All", or any combination of "Options", "FileInfo", -# "AuthConfig", and "Limit" -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Order allow,deny - Allow from all - - -# -# UserDir: The directory which is prepended onto a users username, within -# which a users's web pages are looked for if a ~user request is received. -# Relative paths are relative to the user's home directory. -# -# "disabled" turns this feature off. -# -# Since httpd will chroot(2) to the ServerRoot path by default, -# you should use -# UserDir /var/www/users -# and create per user directories in /var/www/users/ -# - -UserDir disabled - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only and -# are located under /users/ -# You will need to change this to match your site's home directories. -# -# -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# -# Order allow,deny -# Allow from all -# -# -# Order deny,allow -# Deny from all -# -# - -# -# DirectoryIndex: Name of the file or files to use as a pre-written HTML -# directory index. Separate multiple entries with spaces. -# -DirectoryIndex index.html - -# -# AccessFileName: The name of the file to look for in each directory -# for access control information. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess files from being viewed by -# Web clients. Since .htaccess files often contain authorization -# information, access is disallowed for security reasons. Comment -# these lines out if you want Web visitors to see the contents of -# .htaccess files. If you change the AccessFileName directive above, -# be sure to make the corresponding changes here. -# - - Order allow,deny - Deny from all - - -# -# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each -# document that was negotiated on the basis of content. This asks proxy -# servers not to cache the document. Uncommenting the following line disables -# this behavior, and proxies will be allowed to cache the documents. -# -#CacheNegotiatedDocs - -# -# UseCanonicalName: (new for 1.3) With this setting turned on, whenever -# Apache needs to construct a self-referencing URL (a URL that refers back -# to the server the response is coming from) it will use ServerName and -# Port to form a "canonical" name. With this setting off, Apache will -# use the hostname:port that the client supplied, when possible. This -# also affects SERVER_NAME and SERVER_PORT in CGI scripts. -# -UseCanonicalName On - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig conf/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# mod_mime_magic is not part of the default server (you have to add -# it yourself with a LoadModule [see the DSO paragraph in the 'Global -# Environment' section], or recompile the server and include mod_mime_magic -# as part of the configuration), so it's enclosed in an container. -# This means that the MIMEMagicFile directive will only be processed if the -# module is part of the server. -# - - MIMEMagicFile conf/magic - - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# Either a filename or the text "syslog:" followed by a facility -# name may be specified here. -# -#ErrorLog syslog:daemon -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a -# container, they will be logged here. Contrariwise, if you *do* -# define per- access logfiles, transactions will be -# logged therein and *not* in this file. -# -CustomLog logs/access_log common - -# -# If you would like to have agent and referer logfiles, uncomment the -# following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# If you prefer a single logfile with access, agent, and referer information -# (Combined Logfile Format) you can use the following directive. -# -#CustomLog logs/access_log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (error documents, FTP directory listings, -# mod_status and mod_info output etc., but not CGI generated documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -# ServerSignature Off - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/".. -# -Alias /icons/ "/var/www/icons/" - - - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all - - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Order allow,deny - Allow from all - - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Format: Redirect old-URI new-URL -# - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# FancyIndexing is whether you want fancy directory indexing or standard -# -IndexOptions FancyIndexing - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -# -# The server will first look for name.html and include it if found. -# If name.html doesn't exist, the server will then look for name.txt -# and include it as plaintext if found. -# -ReadmeName README -HeaderName HEADER - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -AddEncoding x-compress Z -AddEncoding x-gzip gz - -# -# AddLanguage allows you to specify the language of a document. You can -# then use content negotiation to give a browser a file in a language -# it can understand. Note that the suffix does not have to be the same -# as the language keyword --- those with documents in Polish (whose -# net-standard language code is pl) may wish to use "AddLanguage pl .po" -# to avoid the ambiguity with the common suffix for perl scripts. -# -AddLanguage en .en -AddLanguage fr .fr -AddLanguage de .de -AddLanguage da .da -AddLanguage el .el -AddLanguage it .it - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# Just list the languages in decreasing order of preference. -# -LanguagePriority en fr de - -# -# AddType allows you to tweak mime.types without actually editing it, or to -# make certain files to be certain types. -# -# For example, the PHP module (not part of the Apache distribution) -# will typically use: -# -#AddType application/x-httpd-php .php - -# -# AddHandler allows you to map certain file extensions to "handlers", -# actions unrelated to filetype. These can be either built into the server -# or added with the Action command (see below) -# -# If you want to use server side includes, or CGI outside -# ScriptAliased directories, uncomment the following lines. -# -# To use CGI scripts: -# -#AddHandler cgi-script .cgi - -# -# To use server-parsed HTML files -# -#AddType text/html .shtml -#AddHandler server-parsed .shtml - -# -# Uncomment the following line to enable Apache's send-asis HTTP file -# feature -# -#AddHandler send-as-is asis - -# -# If you wish to use server-parsed imagemap files, use -# -#AddHandler imap-file map - -# -# To enable type maps, you might want to use -# -#AddHandler type-map var - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# MetaDir: specifies the name of the directory in which Apache can find -# meta information files. These files contain additional HTTP headers -# to include when sending the document -# -#MetaDir .web - -# -# MetaSuffix: specifies the file name suffix for the file containing the -# meta information. -# -#MetaSuffix .meta - -# -# Customizable error response (Apache style) -# these come in three flavors -# -# 1) plain text -#ErrorDocument 500 "The server made a boo boo. -# n.b. the (") marks it as text, it does not get output -# -# 2) local redirects -#ErrorDocument 404 /missing.html -# to redirect to local URL /missing.html -#ErrorDocument 404 /cgi-bin/missing_handler.pl -# N.B.: You can redirect to a script or a document using server-side-includes. -# -# 3) external redirects -#ErrorDocument 402 http://some.other_server.com/subscription_info.html -# N.B.: Many of the environment variables associated with the original -# request will *not* be available to such a script. - -# -# The following directives modify normal HTTP response behavior. -# The first directive disables keepalive for Netscape 2.x and browsers that -# spoof it. There are known problems with these browser implementations. -# The second directive is for Microsoft Internet Explorer 4.0b2 -# which has a broken HTTP/1.1 implementation and does not properly -# support keepalive when it is used on 301 or 302 (redirect) responses. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 - -# -# The following directive disables HTTP/1.1 responses to browsers which -# are in violation of the HTTP/1.0 spec by not being able to grok a -# basic 1.1 response. -# -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# Allow server status reports, with the URL of http://servername/server-status -# Change the ".your_domain.com" to match your domain to enable. By default we -# allow server-status requests from 127.0.0.1 to make apachectl's status and -# fullstatus commands work. -# - - SetHandler server-status - Order deny,allow - Deny from all - Allow from 127.0.0.1 -# Allow from .your_domain.com - - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".your_domain.com" to match your domain to enable. -# -# -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .your_domain.com -# - -# -# There have been reports of people trying to abuse an old bug from pre-1.1 -# days. This bug involved a CGI script distributed as a part of Apache. -# By uncommenting these lines you can redirect these attacks to a logging -# script on phf.apache.org. Or, you can record them yourself, using the script -# support/phf_abuse_log.cgi. -# -# -# Deny from all -# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi -# - -# -# Proxy Server directives. Uncomment the following lines to -# enable the proxy server: -# -# -#ProxyRequests On -# -# -# Order deny,allow -# Deny from all -# Allow from .your_domain.com -# - -# -# Enable/disable the handling of HTTP/1.1 "Via:" headers. -# ("Full" adds the server version; "Block" removes all outgoing Via: headers) -# Set to one of: Off | On | Full | Block -# -#ProxyVia On - -# -# To enable the cache as well, edit and uncomment the following lines: -# (no cacheing without CacheRoot) -# -#CacheRoot "/var/www/proxy" -#CacheSize 5 -#CacheGcInterval 4 -#CacheMaxExpire 24 -#CacheLastModifiedFactor 0.1 -#CacheDefaultExpire 1 -#NoCache a_domain.com another_domain.edu joes.garage_sale.com - -# -# End of proxy directives. - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. -# Please see the documentation at -# for further details before you try to setup virtual hosts. -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# If you want to use name-based virtual hosts you need to define at -# least one IP address (and port number) for them. -# -#NameVirtualHost 12.34.56.78:80 -#NameVirtualHost 12.34.56.78 - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# -# -# ServerAdmin webmaster@host.some_domain.com -# DocumentRoot /www/docs/host.some_domain.com -# ServerName host.some_domain.com -# ErrorLog logs/host.some_domain.com-error_log -# CustomLog logs/host.some_domain.com-access_log common -# - -# -# - - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# - -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - - - - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First either `none' -# or `dbm:/path/to/file' for the mechanism to use and -# second the expiring timeout (in seconds). -SSLSessionCache dbm:logs/ssl_scache -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex sem - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 -SSLRandomSeed startup file:/dev/arandom 512 - -# Logging: -# The home of the dedicated SSL protocol logfile. Errors are -# additionally duplicated in the general error log file. Put -# this somewhere where it cannot be used for symlink attacks on -# a real server (i.e. somewhere where only root can write). -# Log levels are (ascending order: higher ones include lower ones): -# none, error, warn, info, trace, debug. -SSLLog logs/ssl_engine_log -SSLLogLevel info - - - - - -## -## SSL Virtual Host Context -## - - - -# General setup for the virtual host -DocumentRoot /var/www/htdocs -ServerName new.host.name -ServerAdmin you@your.address -ErrorLog logs/error_log -TransferLog logs/access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -#SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP - -# SSL ECDH Curve: -# Named curve to use when generating ephemeral EC keys for an -# ECDHE-based cipher suite, or `none' to disable. -SSLECDHCurve prime256v1 - -# SSL Honor Cipher Order: -# If on, use server's order of preference for ciphers. -#SSLHonorCipherOrder on - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A test -# certificate can be generated with `make certificate' under -# built time. -SSLCertificateFile /etc/ssl/server.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. -SSLCertificateKeyFile /etc/ssl/private/server.key - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -# Note: Inside SSLCACertificatePath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCACertificatePath /var/www/conf/ssl.crt -#SSLCACertificateFile /var/www/conf/ssl.crt/ca-bundle.crt - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -# -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -# - -# SSL Engine Options: -# Set various options for the SSL engine. -# FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# CompatEnvVars: -# This exports obsolete environment variables for backward compatibility -# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this -# to provide compatibility to existing CGI scripts. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog logs/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - - diff --git a/usr.sbin/httpd/conf/httpd.conf-dist b/usr.sbin/httpd/conf/httpd.conf-dist deleted file mode 100644 index b5a4c2e0aaa..00000000000 --- a/usr.sbin/httpd/conf/httpd.conf-dist +++ /dev/null @@ -1,1204 +0,0 @@ -# -# Based upon the NCSA server configuration files originally by Rob McCool. -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information about -# the directives. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# After this file is processed, the server will look for and process -# conf/srm.conf and then conf/access.conf -# unless you have overridden these with ResourceConfig and/or -# AccessConfig directives here. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/usr/local/apache" will be interpreted by the -# server as "/usr/local/apache/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# ServerType is either inetd, or standalone. Inetd mode is only supported on -# Unix platforms. -# -ServerType standalone - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at ); -# you will save yourself a lot of trouble. -# -ServerRoot "@@ServerRoot@@" - -# -# The LockFile directive sets the path to the lockfile used when Apache -# is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or -# USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be left at -# its default value. The main reason for changing it is if the logs -# directory is NFS mounted, since the lockfile MUST BE STORED ON A LOCAL -# DISK. The PID of the main server process is automatically appended to -# the filename. -# -#LockFile logs/accept.lock - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -PidFile logs/httpd.pid - -# -# ScoreBoardFile: File used to store internal server process information. -# Not all architectures require this. But if yours does (you'll know because -# this file will be created when you run Apache) then you *must* ensure that -# no two invocations of Apache share the same scoreboard file. -# -ScoreBoardFile logs/apache_runtime_status - -# -# In the standard configuration, the server will process httpd.conf (this -# file, specified by the -f command line option), srm.conf, and access.conf -# in that order. The latter two files are now distributed empty, as it is -# recommended that all directives be kept in a single file for simplicity. -# The commented-out values below are the built-in defaults. You can have the -# server ignore these files altogether by using "/dev/null" (for Unix) or -# "nul" (for Win32) for the arguments to the directives. -# -#ResourceConfig conf/srm.conf -#AccessConfig conf/access.conf - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 15 - -# -# Server-pool size regulation. Rather than making you guess how many -# server processes you need, Apache dynamically adapts to the load it -# sees --- that is, it tries to maintain enough server processes to -# handle the current load, plus a few spare servers to handle transient -# load spikes (e.g., multiple simultaneous requests from a single -# Netscape browser). -# -# It does this by periodically checking how many servers are waiting -# for a request. If there are fewer than MinSpareServers, it creates -# a new spare. If there are more than MaxSpareServers, some of the -# spares die off. The default values are probably OK for most sites. -# -MinSpareServers 5 -MaxSpareServers 10 - -# -# Number of servers to start initially --- should be a reasonable ballpark -# figure. -# -StartServers 5 - -# -# Limit on total number of servers running, i.e., limit on the number -# of clients who can simultaneously connect --- if this limit is ever -# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. -# It is intended mainly as a brake to keep a runaway server from taking -# the system with it as it spirals down... -# -MaxClients 150 - -# -# MaxRequestsPerChild: the number of requests each child process is -# allowed to process before the child dies. The child will exit so -# as to avoid problems after prolonged use when Apache (and maybe the -# libraries it uses) leak memory or other resources. On most systems, this -# isn't really needed, but a few (such as Solaris) do have notable leaks -# in the libraries. For these platforms, set to something like 10000 -# or so; a setting of 0 means unlimited. -# -# NOTE: This value does not include keepalive requests after the initial -# request per connection. For example, if a child process handles -# an initial request and 10 subsequent "keptalive" requests, it -# would only count as 1 request towards this limit. -# -MaxRequestsPerChild 0 - -# -# MaxFOOPerChild: these directives set the current and hard rlimits for -# the child processes. Attempts to exceed them will cause the OS to -# take appropriate action. See the setrlimit(2) and signal(3). -# -MaxCPUPerChild 0 -MaxDATAPerChild 0 -MaxNOFILEPerChild 0 -MaxRSSPerChild 0 -MaxSTACKPerChild 0 - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -#Listen 3000 -#Listen 12.34.56.78:80 - -# Listen can take two arguments. -# (this is an extension for supporting IPv6 addresses) -#Listen :: 80 -#Listen 0.0.0.0 80 - -# -# BindAddress: You can support virtual hosts with this option. This directive -# is used to tell the server which IP address to listen to. It can either -# contain "*", an IP address, or a fully qualified Internet domain name. -# See also the and Listen directives. -# -#BindAddress * - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Please read the file http://httpd.apache.org/docs/dso.html for more -# details about the DSO mechanism and run `httpd -l' for the list of already -# built-in (statically linked and thus always available) modules in your httpd -# binary. -# -# Note: The order in which modules are loaded is important. Don't change -# the order below without expert advice. -# -# Example: -# LoadModule foo_module libexec/mod_foo.so - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# If your ServerType directive (set earlier in the 'Global Environment' -# section) is set to "inetd", the next few directives don't have any -# effect since their settings are defined by the inetd configuration. -# Skip ahead to the ServerAdmin directive. -# - -# -# Port: The port to which the standalone server listens. For -# ports < 1023, you will need httpd to be run as root initially. -# -Port 80 - -## -## SSL Support -## -## When we also provide SSL we have to listen to the -## standard HTTP port (see above) and to the HTTPS port -## - -Listen 80 -Listen 443 - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group "#-1" on these systems! -# -User nobody -Group "#-1" - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. -# -ServerAdmin you@your.address - -# -# ServerName allows you to set a host name which is sent back to clients for -# your server if it's different than the one the program would get (i.e., use -# "www" instead of the host's real name). -# -# Note: You cannot just invent host names and hope they work. The name you -# define here must be a valid DNS name for your host. If you don't understand -# this, ask your network administrator. -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address (e.g., http://123.45.67.89/) -# anyway, and this will make redirections work in a sensible way. -# -# 127.0.0.1 is the TCP/IP local loop-back address, often named localhost. Your -# machine always knows itself by this address. If you use Apache strictly for -# local testing and development, you may use 127.0.0.1 as the server name. -# -#ServerName www.example.com - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "@@ServerRoot@@/htdocs" - -# -# Each directory to which Apache has access, can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# permissions. -# - - Options FollowSymLinks - AllowOverride None - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# - - -# -# This may also be "None", "All", or any combination of "Indexes", -# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# - Options Indexes FollowSymLinks MultiViews - -# -# This controls which options the .htaccess files in directories can -# override. Can also be "All", or any combination of "Options", "FileInfo", -# "AuthConfig", and "Limit" -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Order allow,deny - Allow from all - - -# -# UserDir: The name of the directory which is appended onto a user's home -# directory if a ~user request is received. -# - - UserDir public_html - - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -# -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# -# Order allow,deny -# Allow from all -# -# -# Order deny,allow -# Deny from all -# -# - -# -# DirectoryIndex: Name of the file or files to use as a pre-written HTML -# directory index. Separate multiple entries with spaces. -# - - DirectoryIndex index.html - - -# -# AccessFileName: The name of the file to look for in each directory -# for access control information. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess files from being viewed by -# Web clients. Since .htaccess files often contain authorization -# information, access is disallowed for security reasons. Comment -# these lines out if you want Web visitors to see the contents of -# .htaccess files. If you change the AccessFileName directive above, -# be sure to make the corresponding changes here. -# -# Also, folks tend to use names such as .htpasswd for password -# files, so this will protect those as well. -# - - Order allow,deny - Deny from all - Satisfy All - - -# -# CacheNegotiatedDocs: By default, Apache sends "Pragma: no-cache" with each -# document that was negotiated on the basis of content. This asks proxy -# servers not to cache the document. Uncommenting the following line disables -# this behavior, and proxies will be allowed to cache the documents. -# -#CacheNegotiatedDocs - -# -# UseCanonicalName: (new for 1.3) With this setting turned on, whenever -# Apache needs to construct a self-referencing URL (a URL that refers back -# to the server the response is coming from) it will use ServerName and -# Port to form a "canonical" name. With this setting off, Apache will -# use the hostname:port that the client supplied, when possible. This -# also affects SERVER_NAME and SERVER_PORT in CGI scripts. -# -UseCanonicalName On - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# - - TypesConfig conf/mime.types - - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# mod_mime_magic is not part of the default server (you have to add -# it yourself with a LoadModule [see the DSO paragraph in the 'Global -# Environment' section], or recompile the server and include mod_mime_magic -# as part of the configuration), so it's enclosed in an container. -# This means that the MIMEMagicFile directive will only be processed if the -# module is part of the server. -# - - MIMEMagicFile conf/magic - - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a -# container, they will be logged here. Contrariwise, if you *do* -# define per- access logfiles, transactions will be -# logged therein and *not* in this file. -# -CustomLog logs/access_log common - -# -# If you would like to have agent and referer logfiles, uncomment the -# following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# If you prefer a single logfile with access, agent, and referer information -# (Combined Logfile Format) you can use the following directive. -# -#CustomLog logs/access_log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (error documents, FTP directory listings, -# mod_status and mod_info output etc., but not CGI generated documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# EBCDIC configuration: -# (only for mainframes using the EBCDIC codeset, currently one of: -# Fujitsu-Siemens' BS2000/OSD, IBM's OS/390 and IBM's TPF)!! -# The following default configuration assumes that "text files" -# are stored in EBCDIC (so that you can operate on them using the -# normal POSIX tools like grep and sort) while "binary files" are -# stored with identical octets as on an ASCII machine. -# -# The directives are evaluated in configuration file order, with -# the EBCDICConvert directives applied before EBCDICConvertByType. -# -# If you want to have ASCII HTML documents and EBCDIC HTML documents -# at the same time, you can use the file extension to force -# conversion off for the ASCII documents: -# > AddType text/html .ahtml -# > EBCDICConvert Off=InOut .ahtml -# -# EBCDICConvertByType On=InOut text/* message/* multipart/* -# EBCDICConvertByType On=In application/x-www-form-urlencoded -# EBCDICConvertByType On=InOut application/postscript model/vrml -# EBCDICConvertByType Off=InOut */* - - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# - - - # - # Note that if you include a trailing / on fakename then the server will - # require it to be present in the URL. So "/icons" isn't aliased in this - # example, only "/icons/". If the fakename is slash-terminated, then the - # realname must also be slash terminated, and if the fakename omits the - # trailing slash, the realname must also omit it. - # - Alias /icons/ "@@ServerRoot@@/icons/" - - - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all - - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the realname directory are treated as applications and - # run by the server when requested rather than as documents sent to the client. - # The same rules about trailing "/" apply to ScriptAlias directives as to - # Alias. - # - ScriptAlias /cgi-bin/ "@@ServerRoot@@/cgi-bin/" - - # - # "@@ServerRoot@@/cgi-bin" should be changed to whatever your ScriptAliased - # CGI directory exists, if you have that configured. - # - - AllowOverride None - Options None - Order allow,deny - Allow from all - - - -# End of aliases. - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Format: Redirect old-URI new-URL -# - -# -# Directives controlling the display of server-generated directory listings. -# - - - # - # FancyIndexing is whether you want fancy directory indexing or standard - # - IndexOptions FancyIndexing - - # - # AddIcon* directives tell the server which icon to show for different - # files or filename extensions. These are only displayed for - # FancyIndexed directories. - # - AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - - AddIconByType (TXT,/icons/text.gif) text/* - AddIconByType (IMG,/icons/image2.gif) image/* - AddIconByType (SND,/icons/sound2.gif) audio/* - AddIconByType (VID,/icons/movie.gif) video/* - - AddIcon /icons/binary.gif .bin .exe - AddIcon /icons/binhex.gif .hqx - AddIcon /icons/tar.gif .tar - AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv - AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip - AddIcon /icons/a.gif .ps .ai .eps - AddIcon /icons/layout.gif .html .shtml .htm .pdf - AddIcon /icons/text.gif .txt - AddIcon /icons/c.gif .c - AddIcon /icons/p.gif .pl .py - AddIcon /icons/f.gif .for - AddIcon /icons/dvi.gif .dvi - AddIcon /icons/uuencoded.gif .uu - AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl - AddIcon /icons/tex.gif .tex - AddIcon /icons/bomb.gif core - - AddIcon /icons/back.gif .. - AddIcon /icons/hand.right.gif README - AddIcon /icons/folder.gif ^^DIRECTORY^^ - AddIcon /icons/blank.gif ^^BLANKICON^^ - - # - # DefaultIcon is which icon to show for files which do not have an icon - # explicitly set. - # - DefaultIcon /icons/unknown.gif - - # - # AddDescription allows you to place a short description after a file in - # server-generated indexes. These are only displayed for FancyIndexed - # directories. - # Format: AddDescription "description" filename - # - #AddDescription "GZIP compressed document" .gz - #AddDescription "tar archive" .tar - #AddDescription "GZIP compressed tar archive" .tgz - - # - # ReadmeName is the name of the README file the server will look for by - # default, and append to directory listings. - # - # HeaderName is the name of a file which should be prepended to - # directory indexes. - # - ReadmeName README - HeaderName HEADER - - # - # IndexIgnore is a set of filenames which directory indexing should ignore - # and not include in the listing. Shell-style wildcarding is permitted. - # - IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - - -# End of indexing directives. - -# -# Document types. -# - - - # - # AddLanguage allows you to specify the language of a document. You can - # then use content negotiation to give a browser a file in a language - # it can understand. - # - # Note 1: The suffix does not have to be the same as the language - # keyword --- those with documents in Polish (whose net-standard - # language code is pl) may wish to use "AddLanguage pl .po" to - # avoid the ambiguity with the common suffix for perl scripts. - # - # Note 2: The example entries below illustrate that in quite - # some cases the two character 'Language' abbreviation is not - # identical to the two character 'Country' code for its country, - # E.g. 'Danmark/dk' versus 'Danish/da'. - # - # Note 3: In the case of 'ltz' we violate the RFC by using a three char - # specifier. But there is 'work in progress' to fix this and get - # the reference data for rfc1766 cleaned up. - # - # Danish (da) - Dutch (nl) - English (en) - Estonian (ee) - # French (fr) - German (de) - Greek-Modern (el) - # Italian (it) - Korean (kr) - Norwegian (no) - Norwegian Nynorsk (nn) - # Portugese (pt) - Luxembourgeois* (ltz) - # Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cs) - # Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja) - # Russian (ru) - # - AddLanguage da .dk - AddLanguage nl .nl - AddLanguage en .en - AddLanguage et .ee - AddLanguage fr .fr - AddLanguage de .de - AddLanguage el .el - AddLanguage he .he - AddCharset ISO-8859-8 .iso8859-8 - AddLanguage it .it - AddLanguage ja .ja - AddCharset ISO-2022-JP .jis - AddLanguage kr .kr - AddCharset ISO-2022-KR .iso-kr - AddLanguage nn .nn - AddLanguage no .no - AddLanguage pl .po - AddCharset ISO-8859-2 .iso-pl - AddLanguage pt .pt - AddLanguage pt-br .pt-br - AddLanguage ltz .lu - AddLanguage ca .ca - AddLanguage es .es - AddLanguage sv .sv - AddLanguage cs .cz .cs - AddLanguage ru .ru - AddLanguage zh-TW .zh-tw - AddCharset Big5 .Big5 .big5 - AddCharset WINDOWS-1251 .cp-1251 - AddCharset CP866 .cp866 - AddCharset ISO-8859-5 .iso-ru - AddCharset KOI8-R .koi8-r - AddCharset UCS-2 .ucs2 - AddCharset UCS-4 .ucs4 - AddCharset UTF-8 .utf8 - - # LanguagePriority allows you to give precedence to some languages - # in case of a tie during content negotiation. - # - # Just list the languages in decreasing order of preference. We have - # more or less alphabetized them here. You probably want to change this. - # - - LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw - - - # - # AddType allows you to tweak mime.types without actually editing it, or to - # make certain files to be certain types. - # - AddType application/x-tar .tgz - - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # Despite the name similarity, the following Add* directives have nothing - # to do with the FancyIndexing customization directives above. - # - AddEncoding x-compress .Z - AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - #AddType application/x-compress .Z - #AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers", - # actions unrelated to filetype. These can be either built into the server - # or added with the Action command (see below) - # - # If you want to use server side includes, or CGI outside - # ScriptAliased directories, uncomment the following lines. - # - # To use CGI scripts: - # - #AddHandler cgi-script .cgi - - # - # To use server-parsed HTML files - # - #AddType text/html .shtml - #AddHandler server-parsed .shtml - - # - # Uncomment the following line to enable Apache's send-asis HTTP file - # feature - # - #AddHandler send-as-is asis - - # - # If you wish to use server-parsed imagemap files, use - # - #AddHandler imap-file map - - # - # To enable type maps, you might want to use - # - #AddHandler type-map var - - -# End of document types. - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# MetaDir: specifies the name of the directory in which Apache can find -# meta information files. These files contain additional HTTP headers -# to include when sending the document -# -#MetaDir .web - -# -# MetaSuffix: specifies the file name suffix for the file containing the -# meta information. -# -#MetaSuffix .meta - -# -# Customizable error response (Apache style) -# these come in three flavors -# -# 1) plain text -#ErrorDocument 500 "The server made a boo boo. -# n.b. the single leading (") marks it as text, it does not get output -# -# 2) local redirects -#ErrorDocument 404 /missing.html -# to redirect to local URL /missing.html -#ErrorDocument 404 /cgi-bin/missing_handler.pl -# N.B.: You can redirect to a script or a document using server-side-includes. -# -# 3) external redirects -#ErrorDocument 402 http://www.example.com/subscription_info.html -# N.B.: Many of the environment variables associated with the original -# request will *not* be available to such a script. - -# -# Customize behaviour based on the browser -# - - - # - # The following directives modify normal HTTP response behavior. - # The first directive disables keepalive for Netscape 2.x and browsers that - # spoof it. There are known problems with these browser implementations. - # The second directive is for Microsoft Internet Explorer 4.0b2 - # which has a broken HTTP/1.1 implementation and does not properly - # support keepalive when it is used on 301 or 302 (redirect) responses. - # - BrowserMatch "Mozilla/2" nokeepalive - BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 - - # - # The following directive disables HTTP/1.1 responses to browsers which - # are in violation of the HTTP/1.0 spec by not being able to grok a - # basic 1.1 response. - # - BrowserMatch "RealPlayer 4\.0" force-response-1.0 - BrowserMatch "Java/1\.0" force-response-1.0 - BrowserMatch "JDK/1\.0" force-response-1.0 - - -# End of browser customization directives - -# -# Allow server status reports, with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# There have been reports of people trying to abuse an old bug from pre-1.1 -# days. This bug involved a CGI script distributed as a part of Apache. -# By uncommenting these lines you can redirect these attacks to a logging -# script on phf.apache.org. Or, you can record them yourself, using the script -# support/phf_abuse_log.cgi. -# -# -# Deny from all -# ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi -# - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost 0.0.0.0:80 - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -# -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -# - -# -# - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# - -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - - - - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -#SSLSessionCache none -#SSLSessionCache shmht:logs/ssl_scache(512000) -#SSLSessionCache shmcb:logs/ssl_scache(512000) -SSLSessionCache dbm:logs/ssl_scache -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex file:logs/ssl_mutex - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# Logging: -# The home of the dedicated SSL protocol logfile. Errors are -# additionally duplicated in the general error log file. Put -# this somewhere where it cannot be used for symlink attacks on -# a real server (i.e. somewhere where only root can write). -# Log levels are (ascending order: higher ones include lower ones): -# none, error, warn, info, trace, debug. -SSLLog logs/ssl_engine_log -SSLLogLevel info - - - - - -## -## SSL Virtual Host Context -## - - - -# General setup for the virtual host -DocumentRoot "@@ServerRoot@@/htdocs" -ServerName new.host.name -ServerAdmin you@your.address -ErrorLog logs/error_log -TransferLog logs/access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - -# SSL ECDH Curve: -# Named curve to use when generating ephemeral EC keys for an -# ECDHE-based cipher suite, or `none' to disable. -SSLECDHCurve prime256v1 - -# SSL Honor Cipher Order: -# If on, use server's order of preference for ciphers. -#SSLHonorCipherOrder on - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A test -# certificate can be generated with `make certificate' under -# built time. Keep in mind that if you've both a RSA and a DSA -# certificate you can configure both in parallel (to also allow -# the use of DSA ciphers, etc.) -SSLCertificateFile @@ServerRoot@@/conf/ssl.crt/server.crt -#SSLCertificateFile @@ServerRoot@@/conf/ssl.crt/server-dsa.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile @@ServerRoot@@/conf/ssl.key/server.key -#SSLCertificateKeyFile @@ServerRoot@@/conf/ssl.key/server-dsa.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -#SSLCertificateChainFile @@ServerRoot@@/conf/ssl.crt/ca.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -# Note: Inside SSLCACertificatePath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCACertificatePath @@ServerRoot@@/conf/ssl.crt -#SSLCACertificateFile @@ServerRoot@@/conf/ssl.crt/ca-bundle.crt - -# Certificate Revocation Lists (CRL): -# Set the CA revocation path where to find CA CRLs for client -# authentication or alternatively one huge file containing all -# of them (file must be PEM encoded) -# Note: Inside SSLCARevocationPath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCARevocationPath @@ServerRoot@@/conf/ssl.crl -#SSLCARevocationFile @@ServerRoot@@/conf/ssl.crl/ca-bundle.crl - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -# -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -# - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o CompatEnvVars: -# This exports obsolete environment variables for backward compatibility -# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this -# to provide compatibility to existing CGI scripts. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -SetEnvIf User-Agent ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog logs/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - - - diff --git a/usr.sbin/httpd/conf/magic b/usr.sbin/httpd/conf/magic deleted file mode 100644 index 809ce30ec1f..00000000000 --- a/usr.sbin/httpd/conf/magic +++ /dev/null @@ -1,382 +0,0 @@ -# Magic data for mod_mime_magic Apache module (originally for file(1) command) -# The module is described in htdocs/manual/mod/mod_mime_magic.html -# -# The format is 4-5 columns: -# Column #1: byte number to begin checking from, ">" indicates continuation -# Column #2: type of data to match -# Column #3: contents of data to match -# Column #4: MIME type of result -# Column #5: MIME encoding of result (optional) - -#------------------------------------------------------------------------------ -# Localstuff: file(1) magic for locally observed files -# Add any locally observed files here. - -#------------------------------------------------------------------------------ -# end local stuff -#------------------------------------------------------------------------------ - -#------------------------------------------------------------------------------ -# Java - -0 short 0xcafe ->2 short 0xbabe application/java - -#------------------------------------------------------------------------------ -# audio: file(1) magic for sound formats -# -# from Jan Nicolai Langfeldt , -# - -# Sun/NeXT audio data -0 string .snd ->12 belong 1 audio/basic ->12 belong 2 audio/basic ->12 belong 3 audio/basic ->12 belong 4 audio/basic ->12 belong 5 audio/basic ->12 belong 6 audio/basic ->12 belong 7 audio/basic - ->12 belong 23 audio/x-adpcm - -# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format -# that uses little-endian encoding and has a different magic number -# (0x0064732E in little-endian encoding). -0 lelong 0x0064732E ->12 lelong 1 audio/x-dec-basic ->12 lelong 2 audio/x-dec-basic ->12 lelong 3 audio/x-dec-basic ->12 lelong 4 audio/x-dec-basic ->12 lelong 5 audio/x-dec-basic ->12 lelong 6 audio/x-dec-basic ->12 lelong 7 audio/x-dec-basic -# compressed (G.721 ADPCM) ->12 lelong 23 audio/x-dec-adpcm - -# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" -# AIFF audio data -8 string AIFF audio/x-aiff -# AIFF-C audio data -8 string AIFC audio/x-aiff -# IFF/8SVX audio data -8 string 8SVX audio/x-aiff - -# Creative Labs AUDIO stuff -# Standard MIDI data -0 string MThd audio/unknown -#>9 byte >0 (format %d) -#>11 byte >1 using %d channels -# Creative Music (CMF) data -0 string CTMF audio/unknown -# SoundBlaster instrument data -0 string SBI audio/unknown -# Creative Labs voice data -0 string Creative\ Voice\ File audio/unknown -## is this next line right? it came this way... -#>19 byte 0x1A -#>23 byte >0 - version %d -#>22 byte >0 \b.%d - -# [GRR 950115: is this also Creative Labs? Guessing that first line -# should be string instead of unknown-endian long...] -#0 long 0x4e54524b MultiTrack sound data -#0 string NTRK MultiTrack sound data -#>4 long x - version %ld - -# Microsoft WAVE format (*.wav) -# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] -# Microsoft RIFF -0 string RIFF audio/unknown -# - WAVE format ->8 string WAVE audio/x-wav -# MPEG audio. -0 beshort&0xfff0 0xfff0 audio/mpeg -# C64 SID Music files, from Linus Walleij -0 string PSID audio/prs.sid - -#------------------------------------------------------------------------------ -# c-lang: file(1) magic for C programs or various scripts -# - -# XPM icons (Greg Roelofs, newt@uchicago.edu) -# ideally should go into "images", but entries below would tag XPM as C source -0 string /*\ XPM image/x-xbm 7bit - -# this first will upset you if you're a PL/1 shop... (are there any left?) -# in which case rm it; ascmagic will catch real C programs -# C or REXX program text -0 string /* text/plain -# C++ program text -0 string // text/plain - -#------------------------------------------------------------------------------ -# compress: file(1) magic for pure-compression formats (no archives) -# -# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. -# -# Formats for various forms of compressed data -# Formats for "compress" proper have been moved into "compress.c", -# because it tries to uncompress it to figure out what's inside. - -# standard unix compress -0 string \037\235 application/octet-stream x-compress - -# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) -0 string \037\213 application/octet-stream x-gzip - -# According to gzip.h, this is the correct byte order for packed data. -0 string \037\036 application/octet-stream -# -# This magic number is byte-order-independent. -# -0 short 017437 application/octet-stream - -# XXX - why *two* entries for "compacted data", one of which is -# byte-order independent, and one of which is byte-order dependent? -# -# compacted data -0 short 0x1fff application/octet-stream -0 string \377\037 application/octet-stream -# huf output -0 short 0145405 application/octet-stream - -# Squeeze and Crunch... -# These numbers were gleaned from the Unix versions of the programs to -# handle these formats. Note that I can only uncrunch, not crunch, and -# I didn't have a crunched file handy, so the crunch number is untested. -# Keith Waclena -#0 leshort 0x76FF squeezed data (CP/M, DOS) -#0 leshort 0x76FE crunched data (CP/M, DOS) - -# Freeze -#0 string \037\237 Frozen file 2.1 -#0 string \037\236 Frozen file 1.0 (or gzip 0.5) - -# lzh? -#0 string \037\240 LZH compressed data - -#------------------------------------------------------------------------------ -# frame: file(1) magic for FrameMaker files -# -# This stuff came on a FrameMaker demo tape, most of which is -# copyright, but this file is "published" as witness the following: -# -0 string \ -# and Anna Shergold -# -0 string \ -0 string \14 byte 12 (OS/2 1.x format) -#>14 byte 64 (OS/2 2.x format) -#>14 byte 40 (Windows 3.x format) -#0 string IC icon -#0 string PI pointer -#0 string CI color icon -#0 string CP color pointer -#0 string BA bitmap array - - -#------------------------------------------------------------------------------ -# lisp: file(1) magic for lisp programs -# -# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) -0 string ;; text/plain 8bit -# Emacs 18 - this is always correct, but not very magical. -0 string \012( application/x-elc -# Emacs 19 -0 string ;ELC\023\000\000\000 application/x-elc - -#------------------------------------------------------------------------------ -# mail.news: file(1) magic for mail and news -# -# There are tests to ascmagic.c to cope with mail and news. -0 string Relay-Version: message/rfc822 7bit -0 string #!\ rnews message/rfc822 7bit -0 string N#!\ rnews message/rfc822 7bit -0 string Forward\ to message/rfc822 7bit -0 string Pipe\ to message/rfc822 7bit -0 string Return-Path: message/rfc822 7bit -0 string Path: message/news 8bit -0 string Xref: message/news 8bit -0 string From: message/rfc822 7bit -0 string Article message/news 8bit -#------------------------------------------------------------------------------ -# msword: file(1) magic for MS Word files -# -# Contributor claims: -# Reversed-engineered MS Word magic numbers -# - -0 string \376\067\0\043 application/msword -0 string \333\245-\0\0\0 application/msword - -# disable this one because it applies also to other -# Office/OLE documents for which msword is not correct. See PR#2608. -#0 string \320\317\021\340\241\261 application/msword - - - -#------------------------------------------------------------------------------ -# printer: file(1) magic for printer-formatted files -# - -# PostScript -0 string %! application/postscript -0 string \004%! application/postscript - -# Acrobat -# (due to clamen@cs.cmu.edu) -0 string %PDF- application/pdf - -#------------------------------------------------------------------------------ -# sc: file(1) magic for "sc" spreadsheet -# -38 string Spreadsheet application/x-sc - -#------------------------------------------------------------------------------ -# tex: file(1) magic for TeX files -# -# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) -# -# From - -# Although we may know the offset of certain text fields in TeX DVI -# and font files, we can't use them reliably because they are not -# zero terminated. [but we do anyway, christos] -0 string \367\002 application/x-dvi -#0 string \367\203 TeX generic font data -#0 string \367\131 TeX packed font data -#0 string \367\312 TeX virtual font data -#0 string This\ is\ TeX, TeX transcript text -#0 string This\ is\ METAFONT, METAFONT transcript text - -# There is no way to detect TeX Font Metric (*.tfm) files without -# breaking them apart and reading the data. The following patterns -# match most *.tfm files generated by METAFONT or afm2tfm. -#2 string \000\021 TeX font metric data -#2 string \000\022 TeX font metric data -#>34 string >\0 (%s) - -# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) -#0 string \\input\ texinfo Texinfo source text -#0 string This\ is\ Info\ file GNU Info text - -# correct TeX magic for Linux (and maybe more) -# from Peter Tobias (tobias@server.et-inf.fho-emden.de) -# -0 leshort 0x02f7 application/x-dvi - -# RTF - Rich Text Format -0 string {\\rtf application/rtf - -#------------------------------------------------------------------------------ -# animation: file(1) magic for animation/movie formats -# -# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) -# MPEG file -0 string \000\000\001\263 video/mpeg -# -# The contributor claims: -# I couldn't find a real magic number for these, however, this -# -appears- to work. Note that it might catch other files, too, -# so BE CAREFUL! -# -# Note that title and author appear in the two 20-byte chunks -# at decimal offsets 2 and 22, respectively, but they are XOR'ed with -# 255 (hex FF)! DL format SUCKS BIG ROCKS. -# -# DL file version 1 , medium format (160x100, 4 images/screen) -0 byte 1 video/unknown -0 byte 2 video/unknown -# Quicktime video, from Linus Walleij -# from Apple quicktime file format documentation. -4 string moov video/quicktime -4 string mdat video/quicktime - diff --git a/usr.sbin/httpd/conf/mime.types b/usr.sbin/httpd/conf/mime.types deleted file mode 100644 index e5cd0235918..00000000000 --- a/usr.sbin/httpd/conf/mime.types +++ /dev/null @@ -1,616 +0,0 @@ -# This is a comment. I love comments. - -# This file controls what Internet media types are sent to the client for -# given file extension(s). Sending the correct media type to the client -# is important so they know how to handle the content of the file. -# Extra types can either be added here or by using an AddType directive -# in your config files. For more information about Internet media types, -# please read RFC 2045, 2046, 2047, 2048, and 2077. The Internet media type -# registry is at . - -# MIME type Extensions -application/activemessage -application/andrew-inset ez -application/applefile -application/atomicmail -application/atom+xml atom -application/batch-smtp -application/beep+xml -application/cals-1840 -application/cnrp+xml -application/commonground -application/cpl+xml -application/cybercash -application/dca-rft -application/dec-dx -application/dvcs -application/edi-consent -application/edifact -application/edi-x12 -application/eshop -application/font-tdpfr -application/http -application/hyperstudio -application/iges -application/index -application/index.cmd -application/index.obj -application/index.response -application/index.vnd -application/iotp -application/ipp -application/isup -application/mac-binhex40 hqx -application/mac-compactpro cpt -application/macwriteii -application/marc -application/mathematica -application/mathml+xml mathml -application/msword doc -application/news-message-id -application/news-transmission -application/ocsp-request -application/ocsp-response -application/octet-stream bin dms lha lzh exe class so dll -application/oda oda -application/ogg ogx oggx -application/parityfec -application/pdf pdf -application/pgp-encrypted -application/pgp-keys -application/pgp-signature -application/pkcs10 -application/pkcs7-mime -application/pkcs7-signature -application/pkix-cert -application/pkix-crl -application/pkixcmp -application/postscript ai eps ps -application/prs.alvestrand.titrax-sheet -application/prs.cww -application/prs.nprend -application/prs.plucker -application/qsig -application/rdf+xml rdf -application/reginfo+xml -application/remote-printing -application/riscos -application/rss+xml rss -application/rtf -application/sdp -application/set-payment -application/set-payment-initiation -application/set-registration -application/set-registration-initiation -application/sgml -application/sgml-open-catalog -application/sieve -application/slate -application/smil smi smil -application/srgs gram -application/srgs+xml grxml -application/timestamp-query -application/timestamp-reply -application/tve-trigger -application/vemmi -application/vnd.3gpp.pic-bw-large -application/vnd.3gpp.pic-bw-small -application/vnd.3gpp.pic-bw-var -application/vnd.3gpp.sms -application/vnd.3m.post-it-notes -application/vnd.accpac.simply.aso -application/vnd.accpac.simply.imp -application/vnd.acucobol -application/vnd.acucorp -application/vnd.adobe.xfdf -application/vnd.aether.imp -application/vnd.amiga.ami -application/vnd.anser-web-certificate-issue-initiation -application/vnd.anser-web-funds-transfer-initiation -application/vnd.audiograph -application/vnd.blueice.multipass -application/vnd.bmi -application/vnd.businessobjects -application/vnd.canon-cpdl -application/vnd.canon-lips -application/vnd.cinderella -application/vnd.claymore -application/vnd.commerce-battelle -application/vnd.commonspace -application/vnd.contact.cmsg -application/vnd.cosmocaller -application/vnd.criticaltools.wbs+xml -application/vnd.ctc-posml -application/vnd.cups-postscript -application/vnd.cups-raster -application/vnd.cups-raw -application/vnd.curl -application/vnd.cybank -application/vnd.data-vision.rdz -application/vnd.dna -application/vnd.dpgraph -application/vnd.dreamfactory -application/vnd.dxr -application/vnd.ecdis-update -application/vnd.ecowin.chart -application/vnd.ecowin.filerequest -application/vnd.ecowin.fileupdate -application/vnd.ecowin.series -application/vnd.ecowin.seriesrequest -application/vnd.ecowin.seriesupdate -application/vnd.enliven -application/vnd.epson.esf -application/vnd.epson.msf -application/vnd.epson.quickanime -application/vnd.epson.salt -application/vnd.epson.ssf -application/vnd.ericsson.quickcall -application/vnd.eudora.data -application/vnd.fdf -application/vnd.ffsns -application/vnd.fints -application/vnd.flographit -application/vnd.framemaker -application/vnd.fsc.weblaunch -application/vnd.fujitsu.oasys -application/vnd.fujitsu.oasys2 -application/vnd.fujitsu.oasys3 -application/vnd.fujitsu.oasysgp -application/vnd.fujitsu.oasysprs -application/vnd.fujixerox.ddd -application/vnd.fujixerox.docuworks -application/vnd.fujixerox.docuworks.binder -application/vnd.fut-misnet -application/vnd.google-earth.kml+xml kml -application/vnd.google-earth.kmz kmz -application/vnd.grafeq -application/vnd.groove-account -application/vnd.groove-help -application/vnd.groove-identity-message -application/vnd.groove-injector -application/vnd.groove-tool-message -application/vnd.groove-tool-template -application/vnd.groove-vcard -application/vnd.hbci -application/vnd.hhe.lesson-player -application/vnd.hp-hpgl -application/vnd.hp-hpid -application/vnd.hp-hps -application/vnd.hp-pcl -application/vnd.hp-pclxl -application/vnd.httphone -application/vnd.hzn-3d-crossword -application/vnd.ibm.afplinedata -application/vnd.ibm.electronic-media -application/vnd.ibm.minipay -application/vnd.ibm.modcap -application/vnd.ibm.rights-management -application/vnd.ibm.secure-container -application/vnd.informix-visionary -application/vnd.intercon.formnet -application/vnd.intertrust.digibox -application/vnd.intertrust.nncp -application/vnd.intu.qbo -application/vnd.intu.qfx -application/vnd.irepository.package+xml -application/vnd.is-xpr -application/vnd.japannet-directory-service -application/vnd.japannet-jpnstore-wakeup -application/vnd.japannet-payment-wakeup -application/vnd.japannet-registration -application/vnd.japannet-registration-wakeup -application/vnd.japannet-setstore-wakeup -application/vnd.japannet-verification -application/vnd.japannet-verification-wakeup -application/vnd.jisp -application/vnd.kde.karbon -application/vnd.kde.kchart -application/vnd.kde.kformula -application/vnd.kde.kivio -application/vnd.kde.kontour -application/vnd.kde.kpresenter -application/vnd.kde.kspread -application/vnd.kde.kword -application/vnd.kenameaapp -application/vnd.koan -application/vnd.liberty-request+xml -application/vnd.llamagraphics.life-balance.desktop -application/vnd.llamagraphics.life-balance.exchange+xml -application/vnd.lotus-1-2-3 -application/vnd.lotus-approach -application/vnd.lotus-freelance -application/vnd.lotus-notes -application/vnd.lotus-organizer -application/vnd.lotus-screencam -application/vnd.lotus-wordpro -application/vnd.mcd -application/vnd.mediastation.cdkey -application/vnd.meridian-slingshot -application/vnd.micrografx.flo -application/vnd.micrografx.igx -application/vnd.mif mif -application/vnd.minisoft-hp3000-save -application/vnd.mitsubishi.misty-guard.trustweb -application/vnd.mobius.daf -application/vnd.mobius.dis -application/vnd.mobius.mbk -application/vnd.mobius.mqy -application/vnd.mobius.msl -application/vnd.mobius.plc -application/vnd.mobius.txf -application/vnd.mophun.application -application/vnd.mophun.certificate -application/vnd.motorola.flexsuite -application/vnd.motorola.flexsuite.adsi -application/vnd.motorola.flexsuite.fis -application/vnd.motorola.flexsuite.gotap -application/vnd.motorola.flexsuite.kmr -application/vnd.motorola.flexsuite.ttc -application/vnd.motorola.flexsuite.wem -application/vnd.mozilla.xul+xml xul -application/vnd.ms-artgalry -application/vnd.ms-asf -application/vnd.ms-excel xls -application/vnd.ms-lrm -application/vnd.ms-powerpoint ppt -application/vnd.ms-project -application/vnd.ms-tnef -application/vnd.ms-works -application/vnd.ms-wpl -application/vnd.mseq -application/vnd.msign -application/vnd.music-niff -application/vnd.musician -application/vnd.netfpx -application/vnd.noblenet-directory -application/vnd.noblenet-sealer -application/vnd.noblenet-web -application/vnd.novadigm.edm -application/vnd.novadigm.edx -application/vnd.novadigm.ext -application/vnd.oasis.opendocument.chart odc -application/vnd.oasis.opendocument.chart-template otc -application/vnd.oasis.opendocument.database odb -application/vnd.oasis.opendocument.formula odf -application/vnd.oasis.opendocument.formula-template otf -application/vnd.oasis.opendocument.graphics odg -application/vnd.oasis.opendocument.graphics-template otg -application/vnd.oasis.opendocument.image odi -application/vnd.oasis.opendocument.image-template oti -application/vnd.oasis.opendocument.presentation odp -application/vnd.oasis.opendocument.presentation-template otp -application/vnd.oasis.opendocument.spreadsheet ods -application/vnd.oasis.opendocument.spreadsheet-template ots -application/vnd.oasis.opendocument.text odt -application/vnd.oasis.opendocument.text-master odm -application/vnd.oasis.opendocument.text-template ott -application/vnd.oasis.opendocument.text-web oth -application/vnd.obn -application/vnd.osa.netdeploy -application/vnd.palm -application/vnd.pg.format -application/vnd.pg.osasli -application/vnd.powerbuilder6 -application/vnd.powerbuilder6-s -application/vnd.powerbuilder7 -application/vnd.powerbuilder7-s -application/vnd.powerbuilder75 -application/vnd.powerbuilder75-s -application/vnd.previewsystems.box -application/vnd.publishare-delta-tree -application/vnd.pvi.ptid1 -application/vnd.pwg-multiplexed -application/vnd.pwg-xhtml-print+xml -application/vnd.quark.quarkxpress -application/vnd.rapid -application/vnd.s3sms -application/vnd.sealed.net -application/vnd.seemail -application/vnd.shana.informed.formdata -application/vnd.shana.informed.formtemplate -application/vnd.shana.informed.interchange -application/vnd.shana.informed.package -application/vnd.smaf -application/vnd.sss-cod -application/vnd.sss-dtf -application/vnd.sss-ntf -application/vnd.street-stream -application/vnd.svd -application/vnd.swiftview-ics -application/vnd.triscape.mxs -application/vnd.trueapp -application/vnd.truedoc -application/vnd.ufdl -application/vnd.uplanet.alert -application/vnd.uplanet.alert-wbxml -application/vnd.uplanet.bearer-choice -application/vnd.uplanet.bearer-choice-wbxml -application/vnd.uplanet.cacheop -application/vnd.uplanet.cacheop-wbxml -application/vnd.uplanet.channel -application/vnd.uplanet.channel-wbxml -application/vnd.uplanet.list -application/vnd.uplanet.list-wbxml -application/vnd.uplanet.listcmd -application/vnd.uplanet.listcmd-wbxml -application/vnd.uplanet.signal -application/vnd.vcx -application/vnd.vectorworks -application/vnd.vidsoft.vidconference -application/vnd.visio -application/vnd.visionary -application/vnd.vividence.scriptfile -application/vnd.vsf -application/vnd.wap.sic -application/vnd.wap.slc -application/vnd.wap.wbxml wbxml -application/vnd.wap.wmlc wmlc -application/vnd.wap.wmlscriptc wmlsc -application/vnd.webturbo -application/vnd.wrq-hp3000-labelled -application/vnd.wt.stf -application/vnd.wv.csp+wbxml -application/vnd.xara -application/vnd.xfdl -application/vnd.yamaha.hv-dic -application/vnd.yamaha.hv-script -application/vnd.yamaha.hv-voice -application/vnd.yellowriver-custom-menu -application/voicexml+xml vxml -application/watcherinfo+xml -application/whoispp-query -application/whoispp-response -application/wita -application/wordperfect5.1 -application/x-bcpio bcpio -application/x-bittorrent torrent -application/x-cdlink vcd -application/x-chess-pgn pgn -application/x-compress -application/x-cpio cpio -application/x-csh csh -application/x-director dcr dir dxr -application/x-dvi dvi -application/x-futuresplash spl -application/x-gtar gtar -application/x-gzip -application/x-hdf hdf -application/x-javascript js -application/x-koan skp skd skt skm -application/x-latex latex -application/x-netcdf nc cdf -application/x-sh sh -application/x-shar shar -application/x-shockwave-flash swf -application/x-stuffit sit -application/x-sv4cpio sv4cpio -application/x-sv4crc sv4crc -application/x-tar tar tgz -application/x-tcl tcl -application/x-tex tex -application/x-texinfo texinfo texi -application/x-troff t tr roff -application/x-troff-man man -application/x-troff-me me -application/x-troff-ms ms -application/x-ustar ustar -application/x-wais-source src -application/x400-bp -application/xhtml+xml xhtml xht -application/xslt+xml xslt -application/xml xml xsl -application/xml-dtd dtd -application/xml-external-parsed-entity -application/zip zip -audio/32kadpcm -audio/amr -audio/amr-wb -audio/basic au snd -audio/cn -audio/dat12 -audio/dsr-es201108 -audio/dvi4 -audio/evrc -audio/evrc0 -audio/g722 -audio/g.722.1 -audio/g723 -audio/g726-16 -audio/g726-24 -audio/g726-32 -audio/g726-40 -audio/g728 -audio/g729 -audio/g729D -audio/g729E -audio/gsm -audio/gsm-efr -audio/l8 -audio/l16 -audio/l20 -audio/l24 -audio/lpc -audio/midi mid midi kar -audio/mpa -audio/mpa-robust -audio/mp4a-latm -audio/mpeg mpga mp2 mp3 -audio/ogg oga ogga spx -audio/parityfec -audio/pcma -audio/pcmu -audio/prs.sid -audio/qcelp -audio/red -audio/smv -audio/smv0 -audio/telephone-event -audio/tone -audio/vdvi -audio/vnd.3gpp.iufp -audio/vnd.cisco.nse -audio/vnd.cns.anp1 -audio/vnd.cns.inf1 -audio/vnd.digital-winds -audio/vnd.everad.plj -audio/vnd.lucent.voice -audio/vnd.nortel.vbk -audio/vnd.nuera.ecelp4800 -audio/vnd.nuera.ecelp7470 -audio/vnd.nuera.ecelp9600 -audio/vnd.octel.sbc -audio/vnd.qcelp -audio/vnd.rhetorex.32kadpcm -audio/vnd.vmx.cvsd -audio/x-aiff aif aiff aifc -audio/x-alaw-basic -audio/x-mpegurl m3u -audio/x-pn-realaudio ram rm -audio/x-pn-realaudio-plugin rpm -audio/x-realaudio ra -audio/x-wav wav -audio/x-vorbis ogg -chemical/x-pdb pdb -chemical/x-xyz xyz -image/bmp bmp -image/cgm cgm -image/g3fax -image/gif gif -image/ief ief -image/jpeg jpeg jpg jpe -image/naplps -image/png png -image/prs.btif -image/prs.pti -image/svg+xml svg -image/t38 -image/tiff tiff tif -image/tiff-fx -image/vnd.cns.inf2 -image/vnd.djvu djvu djv -image/vnd.dwg -image/vnd.dxf -image/vnd.fastbidsheet -image/vnd.fpx -image/vnd.fst -image/vnd.fujixerox.edmics-mmr -image/vnd.fujixerox.edmics-rlc -image/vnd.globalgraphics.pgb -image/vnd.mix -image/vnd.ms-modi -image/vnd.net-fpx -image/vnd.svf -image/vnd.wap.wbmp wbmp -image/vnd.xiff -image/x-cmu-raster ras -image/x-icon ico -image/x-portable-anymap pnm -image/x-portable-bitmap pbm -image/x-portable-graymap pgm -image/x-portable-pixmap ppm -image/x-rgb rgb -image/x-xbitmap xbm -image/x-xpixmap xpm -image/x-xwindowdump xwd -message/delivery-status -message/disposition-notification -message/external-body -message/http -message/news -message/partial -message/rfc822 -message/s-http -message/sip -message/sipfrag -model/iges igs iges -model/mesh msh mesh silo -model/vnd.dwf -model/vnd.flatland.3dml -model/vnd.gdl -model/vnd.gs-gdl -model/vnd.gtw -model/vnd.mts -model/vnd.parasolid.transmit.binary -model/vnd.parasolid.transmit.text -model/vnd.vtu -model/vrml wrl vrml -multipart/alternative -multipart/appledouble -multipart/byteranges -multipart/digest -multipart/encrypted -multipart/form-data -multipart/header-set -multipart/mixed -multipart/parallel -multipart/related -multipart/report -multipart/signed -multipart/voice-message -text/calendar ics ifb -text/css css -text/directory -text/enriched -text/html html htm -text/parityfec -text/plain asc txt -text/prs.lines.tag -text/rfc822-headers -text/richtext rtx -text/rtf rtf -text/sgml sgml sgm -text/t140 -text/tab-separated-values tsv -text/uri-list -text/vnd.abc -text/vnd.curl -text/vnd.dmclientscript -text/vnd.fly -text/vnd.fmi.flexstor -text/vnd.in3d.3dml -text/vnd.in3d.spot -text/vnd.iptc.nitf -text/vnd.iptc.newsml -text/vnd.latex-z -text/vnd.motorola.reflex -text/vnd.ms-mediapackage -text/vnd.net2phone.commcenter.command -text/vnd.sun.j2me.app-descriptor -text/vnd.wap.si -text/vnd.wap.sl -text/vnd.wap.wml wml -text/vnd.wap.wmlscript wmls -text/x-setext etx -text/xml -text/xml-external-parsed-entity -video/bmpeg -video/bt656 -video/celb -video/dv -video/h261 -video/h263 -video/h263-1998 -video/h263-2000 -video/jpeg -video/mp1s -video/mp2p -video/mp2t -video/mp4v-es -video/mpv -video/mpeg mpeg mpg mpe -video/nv -video/ogg ogv oggv -video/parityfec -video/pointer -video/quicktime qt mov -video/smpte292m -video/vnd.fvt -video/vnd.motorola.video -video/vnd.motorola.videop -video/vnd.mpegurl mxu -video/vnd.nokia.interleaved-multimedia -video/vnd.objectvideo -video/vnd.vivo -video/x-msvideo avi -video/x-sgi-movie movie -x-conference/x-cooltalk ice diff --git a/usr.sbin/httpd/conf/ssl.crl/Makefile b/usr.sbin/httpd/conf/ssl.crl/Makefile deleted file mode 100644 index 0f8f2a20a29..00000000000 --- a/usr.sbin/httpd/conf/ssl.crl/Makefile +++ /dev/null @@ -1,54 +0,0 @@ -## -## Makefile to keep the hash symlinks in SSLCARevocationPath up to date -## Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. -## - -SSL_PROGRAM= - -update: clean - -@ssl_program="$(SSL_PROGRAM)"; \ - if [ ".$$ssl_program" = . ]; then \ - for dir in . `echo $$PATH | sed -e 's/:/ /g'`; do \ - for program in openssl ssleay; do \ - if [ -f "$$dir/$$program" ]; then \ - if [ -x "$$dir/$$program" ]; then \ - ssl_program="$$dir/$$program"; \ - break; \ - fi; \ - fi; \ - done; \ - if [ ".$$ssl_program" != . ]; then \ - break; \ - fi; \ - done; \ - fi; \ - if [ ".$$ssl_program" = . ]; then \ - echo "Error: neither 'openssl' nor 'ssleay' program found" 1>&2; \ - exit 1; \ - fi; \ - for file in *.crl; do \ - [ "x$$file" = "x*.crl" ] && continue; \ - if [ ".`grep SKIPME $$file`" != . ]; then \ - echo dummy |\ - awk '{ printf("%-15s ... Skipped\n", file); }' \ - "file=$$file"; \ - else \ - n=0; \ - while [ 1 ]; do \ - hash="`$$ssl_program crl -noout -hash <$$file`"; \ - if [ -r "$$hash.r$$n" ]; then \ - n=`expr $$n + 1`; \ - else \ - echo dummy |\ - awk '{ printf("%-15s ... %s\n", file, hash); }' \ - "file=$$file" "hash=$$hash.r$$n"; \ - ln -s $$file $$hash.r$$n; \ - break; \ - fi; \ - done; \ - fi; \ - done - -clean: - -@rm -f [0-9a-fA-F]*.r[0-9]* - diff --git a/usr.sbin/httpd/conf/ssl.crl/README.CRL b/usr.sbin/httpd/conf/ssl.crl/README.CRL deleted file mode 100644 index d2d9aa646d9..00000000000 --- a/usr.sbin/httpd/conf/ssl.crl/README.CRL +++ /dev/null @@ -1,11 +0,0 @@ - - This is the ssl.crl/ directory of Apache/mod_ssl where - PEM-encoded X.509 Certificate Revocation Lists (CRL) for SSL are stored. - - Per default this directory contains no CRLs. - - You can view the ingredients of a particular CRL file in plain text - by running the command: - - $ openssl crl -noout -text -in .crl - diff --git a/usr.sbin/httpd/conf/ssl.crt/Makefile b/usr.sbin/httpd/conf/ssl.crt/Makefile deleted file mode 100644 index 333eff4d53d..00000000000 --- a/usr.sbin/httpd/conf/ssl.crt/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -## -## Makefile to keep the hash symlinks in SSLCACertificatePath up to date -## Copyright (c) 1998-2001 Ralf S. Engelschall, All Rights Reserved. -## - -SSL_PROGRAM= - -update: clean - -@ssl_program="$(SSL_PROGRAM)"; \ - if [ ".$$ssl_program" = . ]; then \ - for dir in . `echo $$PATH | sed -e 's/:/ /g'`; do \ - for program in openssl ssleay; do \ - if [ -f "$$dir/$$program" ]; then \ - if [ -x "$$dir/$$program" ]; then \ - ssl_program="$$dir/$$program"; \ - break; \ - fi; \ - fi; \ - done; \ - if [ ".$$ssl_program" != . ]; then \ - break; \ - fi; \ - done; \ - fi; \ - if [ ".$$ssl_program" = . ]; then \ - echo "Error: neither 'openssl' nor 'ssleay' program found" 1>&2; \ - exit 1; \ - fi; \ - for file in *.crt; do \ - if [ ".`grep SKIPME $$file`" != . ]; then \ - echo dummy |\ - awk '{ printf("%-15s ... Skipped\n", file); }' \ - "file=$$file"; \ - else \ - n=0; \ - while [ 1 ]; do \ - hash="`$$ssl_program x509 -noout -hash <$$file`"; \ - if [ -r "$$hash.$$n" ]; then \ - n=`expr $$n + 1`; \ - else \ - echo dummy |\ - awk '{ printf("%-15s ... %s\n", file, hash); }' \ - "file=$$file" "hash=$$hash.$$n"; \ - ln -s $$file $$hash.$$n; \ - break; \ - fi; \ - done; \ - fi; \ - done - -clean: - -@rm -f [0-9a-fA-F]*.[0-9]* - diff --git a/usr.sbin/httpd/conf/ssl.crt/README.CRT b/usr.sbin/httpd/conf/ssl.crt/README.CRT deleted file mode 100644 index 9bf07a58a13..00000000000 --- a/usr.sbin/httpd/conf/ssl.crt/README.CRT +++ /dev/null @@ -1,33 +0,0 @@ - - This is the ssl.crt/ directory of Apache/mod_ssl - where PEM-encoded X.509 Certificates for SSL are stored. - - Per default the following two files are provided: - - o server.crt: - This is the server certificate for Apache/mod_ssl, configured with the - SSLCertificateFile directive. Per default this is a dummy file, but may be - overwritten by the `make certificate' target under built-time. - - o snakeoil.crt: - This is the _DEMONSTRATION ONLY_ `Snake Oil' dummy server certificate. - NEVER USE THIS FOR REAL LIFE! INSTEAD USE A REAL CERTIFICATE! - - o snakeoil-ca.crt: - This is the certificate of the _DEMONSTRATION ONLY_ `Snake Oil' Certificate - Authority. This CA is used to sign the server.crt on `make certificate' - because self-signed server certificates are not accepted by all browsers. - NEVER USE THIS CA YOURSELF FOR REAL LIFE! INSTEAD EITHER USE A PUBLICALLY - KNOWN CA OR CREATE YOUR OWN CA! - - o ca-bundle.crt: - This is a bundle of CA root certificate for Apache/mod_ssl, configurable - with the SSLCACertificateFile directive. Per default it's disabled but can - be enabled for client authentication when the clients use certificates - signed by one of the commonly known public Certificate Authorities. - - You can view the ingredients of a particular certificate file in plain text - by running the command: - - $ openssl x509 -noout -text -in .crt - diff --git a/usr.sbin/httpd/conf/ssl.crt/ca-bundle.crt b/usr.sbin/httpd/conf/ssl.crt/ca-bundle.crt deleted file mode 100644 index 839857a4433..00000000000 --- a/usr.sbin/httpd/conf/ssl.crt/ca-bundle.crt +++ /dev/null @@ -1,4445 +0,0 @@ -## -## ca-bundle.crt -- Bundle of CA Root Certificates -## Last Modified: Thu Mar 2 09:32:46 CET 2000 -## -## This is a bundle of X.509 certificates of public -## Certificate Authorities (CA). These were automatically -## extracted from Netscape Communicator 4.72's certificate database -## (the file `cert7.db'). It contains the certificates in both -## plain text and PEM format and therefore can be directly used -## with an Apache+mod_ssl webserver for SSL client authentication. -## Just configure this file as the SSLCACertificateFile. -## -## (SKIPME) -## - -ABAecom (sub., Am. Bankers Assn.) Root CA -========================================= -MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92 -PEM Data: ------BEGIN CERTIFICATE----- -MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw -gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh -a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy -dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe -Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN -MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT -D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ -KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24 -4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp -mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb -QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5 -0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v -xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB -/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O -BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP -Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5 -m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS -YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN -u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD -Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr -wo3CbezcE9NGxXl8 ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: - d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com - Validity - Not Before: Jul 14 16:14:18 1999 GMT - Not After : Jul 11 16:14:18 2009 GMT - Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c: - 8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97: - 61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3: - ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c: - d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2: - 29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5: - 6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25: - 7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e: - db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18: - a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6: - 1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c: - db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0: - 42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28: - bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8: - e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b: - 0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6: - ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c: - ee:71 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Authority Key Identifier: - keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 - - X509v3 Subject Key Identifier: - 08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77 - Signature Algorithm: sha1WithRSAEncryption - 5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b: - 9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec: - d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48: - b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c: - 18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30: - 82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94: - 90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2: - 52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60: - e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97: - 16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22: - 5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af: - 60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed: - 5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3: - 9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3: - 46:c5:79:7c - -ANX Network CA by DST -===================== -MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D -PEM Data: ------BEGIN CERTIFICATE----- -MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV -UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL -ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx -NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy -ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G -CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI -IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce -InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04 -JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr -MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0 -dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL -BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw -OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz -ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD -AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB -AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK -UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY -gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 913220207 (0x366ea26f) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA - Validity - Not Before: Dec 9 15:46:48 1998 GMT - Not After : Dec 9 16:16:48 2018 GMT - Subject: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b4:48:11:80:58:a0:d5:a5:99:0f:f6:37:2c:44: - b6:6e:d1:7c:f3:2a:6b:9e:11:b6:88:23:04:5c:71: - 25:9e:6a:12:77:11:6e:bf:68:39:65:a8:f6:b2:f6: - a2:18:b2:89:15:a0:67:b7:7a:8c:22:48:6b:f6:84: - 34:1f:b6:ca:f7:1b:72:cb:f2:5b:48:d3:87:1e:22: - 76:13:04:b4:ac:6c:96:7f:e7:0e:08:c9:32:51:30: - 2d:d5:80:e8:21:67:ba:f3:5e:08:24:2c:07:59:9d: - 90:1a:ee:46:c9:b5:a4:1e:96:b4:41:91:d4:7f:d2: - 8d:38:26:b0:6f:43:6e:09:7d - Exponent: 3 (0x3) - X509v3 extensions: - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - X509v3 CRL Distribution Points: - DirName:/C=US/O=Digital Signature Trust Co./OU=DST (ANX Network) CA/CN=CRL1 - - X509v3 Private Key Usage Period: - Not Before: Dec 9 15:46:48 1998 GMT, Not After: Dec 9 15:46:48 2018 GMT - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: - keyid:8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36 - - X509v3 Subject Key Identifier: - 8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36 - X509v3 Basic Constraints: - CA:TRUE - 1.2.840.113533.7.65.0: - 0 -..V4.0.... - Signature Algorithm: sha1WithRSAEncryption - 49:25:c9:60:b1:0c:5f:a9:39:10:d3:c5:34:55:7d:cf:79:c3: - 29:eb:de:f9:c2:40:f9:e8:56:c5:f0:2f:ec:f4:d9:ec:48:51: - b8:63:38:5e:93:6e:18:96:85:b9:ca:50:9c:a4:b8:ea:66:26: - 68:93:85:6f:6f:4c:71:d0:be:7a:0b:3c:31:b9:f7:be:69:9e: - 10:d7:d1:40:e8:ac:16:71:ab:ae:ab:38:e1:70:b1:ca:92:16: - e0:5d:85:a6:18:80:06:00:9c:e1:a6:18:42:51:a7:68:68:59: - ef:26:94:5f:ad:31:0c:fe:29:1e:17:01:84:37:5b:e8:12:32: - a3:5d - -American Express CA -=================== -MD5 Fingerprint: 1C:D5:8E:82:BE:70:55:8E:39:61:DF:AD:51:DB:6B:A0 -PEM Data: ------BEGIN CERTIFICATE----- -MIICkDCCAfkCAgCNMA0GCSqGSIb3DQEBBAUAMIGPMQswCQYDVQQGEwJVUzEnMCUG -A1UEChMeQW1lcmljYW4gRXhwcmVzcyBDb21wYW55LCBJbmMuMSYwJAYDVQQLEx1B -bWVyaWNhbiBFeHByZXNzIFRlY2hub2xvZ2llczEvMC0GA1UEAxMmQW1lcmljYW4g -RXhwcmVzcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgwODE0MjIwMTAwWhcN -MDYwODE0MjM1OTAwWjCBjzELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHkFtZXJpY2Fu -IEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1lcmljYW4gRXhwcmVz -cyBUZWNobm9sb2dpZXMxLzAtBgNVBAMTJkFtZXJpY2FuIEV4cHJlc3MgQ2VydGlm -aWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ8kmS -hcr9FSm1BrZE7PyIo/KGzv8UTyQckvnCI8HOQ99dNMi4FOzVKnCRSZXXVs2U8amT -0Ggi3E19oApyKkfqJfCFAF82VGHPC/k3Wmed6R/pZD9wlWGn0DAC3iYopGYDBOkw -+48zB/lvYYeictvzaHhjZlmpybdm4RWySDYs+QIDAQABMA0GCSqGSIb3DQEBBAUA -A4GBAGgXYrhzi0xs60qlPqvlnS7SzYoHV/PGWZd2Fxf4Uo4nk9hY2Chs9KIEeorC -diSxArTfKPL386infiNIYYj0EWiuJl32oUtTJWrYKhQCDuCHIG6eGVxzkAsj4jGX -Iz/VIqLTBnvaN/XXtUFEF3pFAtmFRWbWjsfwegyZYiJpW+3S ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 141 (0x8d) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority - Validity - Not Before: Aug 14 22:01:00 1998 GMT - Not After : Aug 14 23:59:00 2006 GMT - Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:c9:f2:49:92:85:ca:fd:15:29:b5:06:b6:44:ec: - fc:88:a3:f2:86:ce:ff:14:4f:24:1c:92:f9:c2:23: - c1:ce:43:df:5d:34:c8:b8:14:ec:d5:2a:70:91:49: - 95:d7:56:cd:94:f1:a9:93:d0:68:22:dc:4d:7d:a0: - 0a:72:2a:47:ea:25:f0:85:00:5f:36:54:61:cf:0b: - f9:37:5a:67:9d:e9:1f:e9:64:3f:70:95:61:a7:d0: - 30:02:de:26:28:a4:66:03:04:e9:30:fb:8f:33:07: - f9:6f:61:87:a2:72:db:f3:68:78:63:66:59:a9:c9: - b7:66:e1:15:b2:48:36:2c:f9 - Exponent: 65537 (0x10001) - Signature Algorithm: md5WithRSAEncryption - 68:17:62:b8:73:8b:4c:6c:eb:4a:a5:3e:ab:e5:9d:2e:d2:cd: - 8a:07:57:f3:c6:59:97:76:17:17:f8:52:8e:27:93:d8:58:d8: - 28:6c:f4:a2:04:7a:8a:c2:76:24:b1:02:b4:df:28:f2:f7:f3: - a8:a7:7e:23:48:61:88:f4:11:68:ae:26:5d:f6:a1:4b:53:25: - 6a:d8:2a:14:02:0e:e0:87:20:6e:9e:19:5c:73:90:0b:23:e2: - 31:97:23:3f:d5:22:a2:d3:06:7b:da:37:f5:d7:b5:41:44:17: - 7a:45:02:d9:85:45:66:d6:8e:c7:f0:7a:0c:99:62:22:69:5b: - ed:d2 - -American Express Global CA -========================== -MD5 Fingerprint: 63:1B:66:93:8C:F3:66:CB:3C:79:57:DC:05:49:EA:DB -PEM Data: ------BEGIN CERTIFICATE----- -MIIEBDCCAuygAwIBAgICAIUwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAlVT -MScwJQYDVQQKEx5BbWVyaWNhbiBFeHByZXNzIENvbXBhbnksIEluYy4xJjAkBgNV -BAsTHUFtZXJpY2FuIEV4cHJlc3MgVGVjaG5vbG9naWVzMTYwNAYDVQQDEy1BbWVy -aWNhbiBFeHByZXNzIEdsb2JhbCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgw -ODE0MTkwNjAwWhcNMTMwODE0MjM1OTAwWjCBljELMAkGA1UEBhMCVVMxJzAlBgNV -BAoTHkFtZXJpY2FuIEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1l -cmljYW4gRXhwcmVzcyBUZWNobm9sb2dpZXMxNjA0BgNVBAMTLUFtZXJpY2FuIEV4 -cHJlc3MgR2xvYmFsIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAPAkJmYu++tKc3FTiUfLJjxTkpRMysKFtQ34w1e9 -Lyofahi3V68MABb6oLaQpvcaoS5mJsdoo4qTaWa1RlYtHYLqkAwKIsKJUI0F89Sr -c0HwzxKsKLRvFJSWWUuekHWG3+JH6+HpT0N+h8onGGaetcFAZX38YW+tm3LPqV7Y -8/nabpEQ+ky16n4g3qk5L/WI5IpvNcYgnCuGRjMK/DFVpWusFkDpzTVZbzIEw3u1 -D3t3cPNIuypSgs6vKW3xEW9t5gcAAe+a8yYNpnkTZ6/4qxx1rJG1a75AsN6cDLFp -hRlxkRNFyt/R/eayypaDedvFuKpbepALeFY+xteflEgR9a0CAwEAAaNaMFgwEgYD -VR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgoq -hkiG+Q8KAQUBMBkGA1UdDgQSBBBXRzV7NicRqAj8L0Yl6yRpMA0GCSqGSIb3DQEB -BQUAA4IBAQDHYUWoinG5vjTpIXshzVYTmNUwY+kYqkuSFb8LHbvskmnFLsNhi+gw -RcsQRsFzOFyLGdIr80DrfHKzLh4n43WVihybLsSVBYZy0FX0oZJSeVzb9Pjc5dcS -sUDHPIbkMWVKyjfG3nZXGWlMRmn8Kq0WN3qTrPchSy3766lQy8HRQAjaA2mHpzde -VcHF7cTjjgwml5tcV0ty4/IDBdACOyYDQJCevgtbSQx48dVMVSng9v1MA6lUAjLR -V1qFrEPtWzsWX6C/NdtLnnvo/+cNPDuom0lBRvVzTv+SZSGDE1Vx60k8f4gawhIo -JaFGS0E3l3/sjvHUoZbCILZerakcHhGg ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 133 (0x85) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority - Validity - Not Before: Aug 14 19:06:00 1998 GMT - Not After : Aug 14 23:59:00 2013 GMT - Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:f0:24:26:66:2e:fb:eb:4a:73:71:53:89:47:cb: - 26:3c:53:92:94:4c:ca:c2:85:b5:0d:f8:c3:57:bd: - 2f:2a:1f:6a:18:b7:57:af:0c:00:16:fa:a0:b6:90: - a6:f7:1a:a1:2e:66:26:c7:68:a3:8a:93:69:66:b5: - 46:56:2d:1d:82:ea:90:0c:0a:22:c2:89:50:8d:05: - f3:d4:ab:73:41:f0:cf:12:ac:28:b4:6f:14:94:96: - 59:4b:9e:90:75:86:df:e2:47:eb:e1:e9:4f:43:7e: - 87:ca:27:18:66:9e:b5:c1:40:65:7d:fc:61:6f:ad: - 9b:72:cf:a9:5e:d8:f3:f9:da:6e:91:10:fa:4c:b5: - ea:7e:20:de:a9:39:2f:f5:88:e4:8a:6f:35:c6:20: - 9c:2b:86:46:33:0a:fc:31:55:a5:6b:ac:16:40:e9: - cd:35:59:6f:32:04:c3:7b:b5:0f:7b:77:70:f3:48: - bb:2a:52:82:ce:af:29:6d:f1:11:6f:6d:e6:07:00: - 01:ef:9a:f3:26:0d:a6:79:13:67:af:f8:ab:1c:75: - ac:91:b5:6b:be:40:b0:de:9c:0c:b1:69:85:19:71: - 91:13:45:ca:df:d1:fd:e6:b2:ca:96:83:79:db:c5: - b8:aa:5b:7a:90:0b:78:56:3e:c6:d7:9f:94:48:11: - f5:ad - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE, pathlen:5 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Certificate Policies: - Policy: 1.2.840.113807.10.1.5.1 - - X509v3 Subject Key Identifier: - 57:47:35:7B:36:27:11:A8:08:FC:2F:46:25:EB:24:69 - Signature Algorithm: sha1WithRSAEncryption - c7:61:45:a8:8a:71:b9:be:34:e9:21:7b:21:cd:56:13:98:d5: - 30:63:e9:18:aa:4b:92:15:bf:0b:1d:bb:ec:92:69:c5:2e:c3: - 61:8b:e8:30:45:cb:10:46:c1:73:38:5c:8b:19:d2:2b:f3:40: - eb:7c:72:b3:2e:1e:27:e3:75:95:8a:1c:9b:2e:c4:95:05:86: - 72:d0:55:f4:a1:92:52:79:5c:db:f4:f8:dc:e5:d7:12:b1:40: - c7:3c:86:e4:31:65:4a:ca:37:c6:de:76:57:19:69:4c:46:69: - fc:2a:ad:16:37:7a:93:ac:f7:21:4b:2d:fb:eb:a9:50:cb:c1: - d1:40:08:da:03:69:87:a7:37:5e:55:c1:c5:ed:c4:e3:8e:0c: - 26:97:9b:5c:57:4b:72:e3:f2:03:05:d0:02:3b:26:03:40:90: - 9e:be:0b:5b:49:0c:78:f1:d5:4c:55:29:e0:f6:fd:4c:03:a9: - 54:02:32:d1:57:5a:85:ac:43:ed:5b:3b:16:5f:a0:bf:35:db: - 4b:9e:7b:e8:ff:e7:0d:3c:3b:a8:9b:49:41:46:f5:73:4e:ff: - 92:65:21:83:13:55:71:eb:49:3c:7f:88:1a:c2:12:28:25:a1: - 46:4b:41:37:97:7f:ec:8e:f1:d4:a1:96:c2:20:b6:5e:ad:a9: - 1c:1e:11:a0 - -BelSign Object Publishing CA -============================ -MD5 Fingerprint: 8A:02:F8:DF:B8:E1:84:9F:5A:C2:60:24:65:D1:73:FB -PEM Data: ------BEGIN CERTIFICATE----- -MIIDAzCCAmygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBuzELMAkGA1UEBhMCQkUx -ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQL -Ey9CZWxTaWduIE9iamVjdCBQdWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0 -eTElMCMGA1UEAxMcQmVsU2lnbiBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqG -SIb3DQEJARYUd2VibWFzdGVyQGJlbHNpZ24uYmUwHhcNOTcwOTE5MjIwMzAwWhcN -MDcwOTE5MjIwMzAwWjCBuzELMAkGA1UEBhMCQkUxETAPBgNVBAcTCEJydXNzZWxz -MRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQLEy9CZWxTaWduIE9iamVjdCBQ -dWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGA1UEAxMcQmVsU2ln -biBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVy -QGJlbHNpZ24uYmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQuH7a/7oJA -3fm3LkHVngWxWtAmfGJVA5v8y2HeS+/+6Jn+h7mIz5DaDwk8dt8Xl7bLPyVF/bS8 -WAC+sFq2FIeP7mdkrR2Ig7tnn2VhAFgIgFCfgMkx9iqQHC33SmwQ9iNDXTgJYIhX -As0WbBj8zfuSKnfQnpOjXYhk0Mj4XVRRAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE -AwIABzANBgkqhkiG9w0BAQQFAAOBgQBjdhd8lvBTpV0BHFPOKcJ+daxMDaIIc7Rq -Mf0CBhSZ3FQEpL/IloafMUMyJVf2hfYluze+oXkjyVcGJXFrRU/49AJAFoIir1Tq -Mij2De6ZuksIUQ9uhiMhTC0liIHELg7xEyw4ipUCJMM6lWPkk45IuwhHcl+u5jpa -R9Zxxp6aUg== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be - Validity - Not Before: Sep 19 22:03:00 1997 GMT - Not After : Sep 19 22:03:00 2007 GMT - Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:c4:2e:1f:b6:bf:ee:82:40:dd:f9:b7:2e:41:d5: - 9e:05:b1:5a:d0:26:7c:62:55:03:9b:fc:cb:61:de: - 4b:ef:fe:e8:99:fe:87:b9:88:cf:90:da:0f:09:3c: - 76:df:17:97:b6:cb:3f:25:45:fd:b4:bc:58:00:be: - b0:5a:b6:14:87:8f:ee:67:64:ad:1d:88:83:bb:67: - 9f:65:61:00:58:08:80:50:9f:80:c9:31:f6:2a:90: - 1c:2d:f7:4a:6c:10:f6:23:43:5d:38:09:60:88:57: - 02:cd:16:6c:18:fc:cd:fb:92:2a:77:d0:9e:93:a3: - 5d:88:64:d0:c8:f8:5d:54:51 - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - Signature Algorithm: md5WithRSAEncryption - 63:76:17:7c:96:f0:53:a5:5d:01:1c:53:ce:29:c2:7e:75:ac: - 4c:0d:a2:08:73:b4:6a:31:fd:02:06:14:99:dc:54:04:a4:bf: - c8:96:86:9f:31:43:32:25:57:f6:85:f6:25:bb:37:be:a1:79: - 23:c9:57:06:25:71:6b:45:4f:f8:f4:02:40:16:82:22:af:54: - ea:32:28:f6:0d:ee:99:ba:4b:08:51:0f:6e:86:23:21:4c:2d: - 25:88:81:c4:2e:0e:f1:13:2c:38:8a:95:02:24:c3:3a:95:63: - e4:93:8e:48:bb:08:47:72:5f:ae:e6:3a:5a:47:d6:71:c6:9e: - 9a:52 - -BelSign Secure Server CA -======================== -MD5 Fingerprint: 3D:5E:82:C6:D9:AD:D9:8B:93:6B:0C:10:B9:49:0A:B1 -PEM Data: ------BEGIN CERTIFICATE----- -MIIC8zCCAlygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBszELMAkGA1UEBhMCQkUx -ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTQwMgYDVQQL -EytCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEw -HwYDVQQDExhCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ0ExIzAhBgkqhkiG9w0BCQEW -FHdlYm1hc3RlckBiZWxzaWduLmJlMB4XDTk3MDcxNjIyMDA1NFoXDTA3MDcxNjIy -MDA1NFowgbMxCzAJBgNVBAYTAkJFMREwDwYDVQQHEwhCcnVzc2VsczETMBEGA1UE -ChMKQmVsU2lnbiBOVjE0MDIGA1UECxMrQmVsU2lnbiBTZWN1cmUgU2VydmVyIENl -cnRpZmljYXRlIEF1dGhvcml0eTEhMB8GA1UEAxMYQmVsU2lnbiBTZWN1cmUgU2Vy -dmVyIENBMSMwIQYJKoZIhvcNAQkBFhR3ZWJtYXN0ZXJAYmVsc2lnbi5iZTCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gESeJL4BEJ/yccig/x8R3AwK0kLPjZA -kCjaIXODU/LE0RZAwFP/rqbGJLMnbaWzPTl3XagG9ubpvGMRTgZlcAqdk/miQIt/ -SoQOjRax1swIZBIM4ChLyKWEkBf7EUYu1qeFGMsYrmOasFgG9ADP+MQJGjUMofnu -Sv1t3v4mpTsCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgCgMA0GCSqGSIb3DQEB -BAUAA4GBAGw9mcMF4h3K5S2qaIWLQDEgZhNo5lg6idCNdbLFYth9go/32TKBd/Y1 -W4UpzmeyubwrGXjP84f9RvGVdbIJVwMwwXrNckdxgMp9ncllPEcRIn36BwsoeKGT -6AVFSOIyMko96FMcELfHc4wHUOH5yStTQfWDjeUJOUqOA2KqQGOL ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Secure Server Certificate Authority, CN=BelSign Secure Server CA/Email=webmaster@belsign.be - Validity - Not Before: Jul 16 22:00:54 1997 GMT - Not After : Jul 16 22:00:54 2007 GMT - Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Secure Server Certificate Authority, CN=BelSign Secure Server CA/Email=webmaster@belsign.be - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d6:01:12:78:92:f8:04:42:7f:c9:c7:22:83:fc: - 7c:47:70:30:2b:49:0b:3e:36:40:90:28:da:21:73: - 83:53:f2:c4:d1:16:40:c0:53:ff:ae:a6:c6:24:b3: - 27:6d:a5:b3:3d:39:77:5d:a8:06:f6:e6:e9:bc:63: - 11:4e:06:65:70:0a:9d:93:f9:a2:40:8b:7f:4a:84: - 0e:8d:16:b1:d6:cc:08:64:12:0c:e0:28:4b:c8:a5: - 84:90:17:fb:11:46:2e:d6:a7:85:18:cb:18:ae:63: - 9a:b0:58:06:f4:00:cf:f8:c4:09:1a:35:0c:a1:f9: - ee:4a:fd:6d:de:fe:26:a5:3b - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Cert Type: - SSL Client, S/MIME - Signature Algorithm: md5WithRSAEncryption - 6c:3d:99:c3:05:e2:1d:ca:e5:2d:aa:68:85:8b:40:31:20:66: - 13:68:e6:58:3a:89:d0:8d:75:b2:c5:62:d8:7d:82:8f:f7:d9: - 32:81:77:f6:35:5b:85:29:ce:67:b2:b9:bc:2b:19:78:cf:f3: - 87:fd:46:f1:95:75:b2:09:57:03:30:c1:7a:cd:72:47:71:80: - ca:7d:9d:c9:65:3c:47:11:22:7d:fa:07:0b:28:78:a1:93:e8: - 05:45:48:e2:32:32:4a:3d:e8:53:1c:10:b7:c7:73:8c:07:50: - e1:f9:c9:2b:53:41:f5:83:8d:e5:09:39:4a:8e:03:62:aa:40: - 63:8b - -Deutsche Telekom AG Root CA -=========================== -MD5 Fingerprint: 77:DE:04:94:77:D0:0C:5F:A7:B1:F4:30:18:87:FB:55 -PEM Data: ------BEGIN CERTIFICATE----- -MIICjjCCAfegAwIBAgIBBjANBgkqhkiG9w0BAQQFADBtMQswCQYDVQQGEwJERTEc -MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEdMBsGA1UECxMUVGVsZVNlYyBU -cnVzdCBDZW50ZXIxITAfBgNVBAMTGERldXRzY2hlIFRlbGVrb20gUm9vdCBDQTAe -Fw05ODEyMDkwOTExMDBaFw0wNDEyMDkyMzU5MDBaMG0xCzAJBgNVBAYTAkRFMRww -GgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMR0wGwYDVQQLExRUZWxlU2VjIFRy -dXN0IENlbnRlcjEhMB8GA1UEAxMYRGV1dHNjaGUgVGVsZWtvbSBSb290IENBMIGf -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdBSz5BbO5EtdpcffqVjAIVxRDe7sa -nG0vV2HX4vVEa+42QZb2ZM7hwbK5pBQEmFDocPiONZp9ScFhHVmu2gYYlX2tzuyp -vtEYD0CRdiqj5f3+iRX0V/fgVdp1rQD0LME1zLRDJlViRC4BJZyKW/DB0AA1eP41 -3pRAZHiDocw5iQIDAQABoz4wPDAPBgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQE -AwIBBjAZBgNVHQ4EEgQQLIdZH4sTgLL5hp0+En5YljANBgkqhkiG9w0BAQQFAAOB -gQAP/nO1B4hvoAuJ6spQH5TelCsLJ15P9RyVJtqMllStGZE3Q12ryYuzzW+YOT3t -3TXjcbftE5OD6IblKTMTE7w1e/0oL3BZ1dO0jSgTWTvI1XT5RcIHYKq4GFT5pWj/ -1wXVj7YFMS5BSvQQH2BHGguLGU2SVyDS71AZ6M3QcLy8Ng== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 6 (0x6) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=DE, O=Deutsche Telekom AG, OU=TeleSec Trust Center, CN=Deutsche Telekom Root CA - Validity - Not Before: Dec 9 09:11:00 1998 GMT - Not After : Dec 9 23:59:00 2004 GMT - Subject: C=DE, O=Deutsche Telekom AG, OU=TeleSec Trust Center, CN=Deutsche Telekom Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:dd:05:2c:f9:05:b3:b9:12:d7:69:71:f7:ea:56: - 30:08:57:14:43:7b:bb:1a:9c:6d:2f:57:61:d7:e2: - f5:44:6b:ee:36:41:96:f6:64:ce:e1:c1:b2:b9:a4: - 14:04:98:50:e8:70:f8:8e:35:9a:7d:49:c1:61:1d: - 59:ae:da:06:18:95:7d:ad:ce:ec:a9:be:d1:18:0f: - 40:91:76:2a:a3:e5:fd:fe:89:15:f4:57:f7:e0:55: - da:75:ad:00:f4:2c:c1:35:cc:b4:43:26:55:62:44: - 2e:01:25:9c:8a:5b:f0:c1:d0:00:35:78:fe:35:de: - 94:40:64:78:83:a1:cc:39:89 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE, pathlen:5 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: - 2C:87:59:1F:8B:13:80:B2:F9:86:9D:3E:12:7E:58:96 - Signature Algorithm: md5WithRSAEncryption - 0f:fe:73:b5:07:88:6f:a0:0b:89:ea:ca:50:1f:94:de:94:2b: - 0b:27:5e:4f:f5:1c:95:26:da:8c:96:54:ad:19:91:37:43:5d: - ab:c9:8b:b3:cd:6f:98:39:3d:ed:dd:35:e3:71:b7:ed:13:93: - 83:e8:86:e5:29:33:13:13:bc:35:7b:fd:28:2f:70:59:d5:d3: - b4:8d:28:13:59:3b:c8:d5:74:f9:45:c2:07:60:aa:b8:18:54: - f9:a5:68:ff:d7:05:d5:8f:b6:05:31:2e:41:4a:f4:10:1f:60: - 47:1a:0b:8b:19:4d:92:57:20:d2:ef:50:19:e8:cd:d0:70:bc: - bc:36 - -Digital Signature Trust Co. Global CA 1 -======================================= -MD5 Fingerprint: 25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD -PEM Data: ------BEGIN CERTIFICATE----- -MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV -UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL -EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ -BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x -ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg -bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ -j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV -Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG -SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx -JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI -RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw -MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5 -fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i -+DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG -SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN -QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+ -gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 913315222 (0x36701596) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E1 - Validity - Not Before: Dec 10 18:10:23 1998 GMT - Not After : Dec 10 18:40:23 2018 GMT - Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E1 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:a0:6c:81:a9:cf:34:1e:24:dd:fe:86:28:cc:de: - 83:2f:f9:5e:d4:42:d2:e8:74:60:66:13:98:06:1c: - a9:51:12:69:6f:31:55:b9:49:72:00:08:7e:d3:a5: - 62:44:37:24:99:8f:d9:83:48:8f:99:6d:95:13:bb: - 43:3b:2e:49:4e:88:37:c1:bb:58:7f:fe:e1:bd:f8: - bb:61:cd:f3:47:c0:99:a6:f1:f3:91:e8:78:7c:00: - cb:61:c9:44:27:71:69:55:4a:7e:49:4d:ed:a2:a3: - be:02:4c:00:ca:02:a8:ee:01:02:31:64:0f:52:2d: - 13:74:76:36:b5:7a:b4:2d:71 - Exponent: 3 (0x3) - X509v3 extensions: - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - X509v3 CRL Distribution Points: - DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E1/CN=CRL1 - - X509v3 Private Key Usage Period: - Not Before: Dec 10 18:10:23 1998 GMT, Not After: Dec 10 18:10:23 2018 GMT - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: - keyid:6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8 - - X509v3 Subject Key Identifier: - 6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8 - X509v3 Basic Constraints: - CA:TRUE - 1.2.840.113533.7.65.0: - 0 -..V4.0.... - Signature Algorithm: sha1WithRSAEncryption - 22:12:d8:7a:1d:dc:81:06:b6:09:65:b2:87:c8:1f:5e:b4:2f: - e9:c4:1e:f2:3c:c1:bb:04:90:11:4a:83:4e:7e:93:b9:4d:42: - c7:92:26:a0:5c:34:9a:38:72:f8:fd:6b:16:3e:20:ee:82:8b: - 31:2a:93:36:85:23:88:8a:3c:03:68:d3:c9:09:0f:4d:fc:6c: - a4:da:28:72:93:0e:89:80:b0:7d:fe:80:6f:65:6d:18:33:97: - 8b:c2:6b:89:ee:60:3d:c8:9b:ef:7f:2b:32:62:73:93:cb:3c: - e3:7b:e2:76:78:45:bc:a1:93:04:bb:86:9f:3a:5b:43:7a:c3: - 8a:65 - -Digital Signature Trust Co. Global CA 2 -======================================= -MD5 Fingerprint: 6C:C9:A7:6E:47:F1:0C:E3:53:3B:78:4C:4D:C2:6A:C5 -PEM Data: ------BEGIN CERTIFICATE----- -MIID2DCCAsACEQDQHkCLAAACfAAAAAIAAAABMA0GCSqGSIb3DQEBBQUAMIGpMQsw -CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp -dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE -CxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDExITAfBgkqhkiG9w0B -CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODEyMDExODE4NTVaFw0wODExMjgx -ODE4NTVaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO -U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0 -IENvLjERMA8GA1UECxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDEx -ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBANLGJrbnpT3BxGjVUG9TxW9JEwm4ryxIjRRqoxdf -WvnTLnUv2Chi0ZMv/E3Uq4flCMeZ55I/db3rJbQVwZsZPdJEjdd0IG03Ao9pk1uK -xBmd9LIO/BZsubEFkoPRhSxglD5FVaDZqwgh5mDoO3TymVBRaNADLbGAvqPYUrBE -zUNKcI5YhZXhTizWLUFv1oTnyJhEykfbLCSlaSbPa7gnYsP0yXqSI+0TZ4KuRS5F -5X5yP4WdlGIQ5jyRoa13AOAV7POEgHJ6jm5gl8ckWRA0g1vhpaRptlc1HHhZxtMv -OnNn7pTKBBMFYgZwI7P0fO5F2WQLW0mqpEPOJsREEmy43XkCAwEAATANBgkqhkiG -9w0BAQUFAAOCAQEAojeyP2n714Z5VEkxlTMr89EJFEliYIalsBHiUMIdBlc+Legz -ZL6bqq1fG03UmZWii5rJYnK1aerZWKs17RWiQ9a2vAd5ZWRzfdd5ynvVWlHG4VME -lo04z6MXrDlxawHDi1M8Y+nuecDkvpIyZHqzH5eUYr3qsiAVlfuX8ngvYzZAOONG -Dx3drJXK50uQe7FLqdTF65raqtWjlBRGjS0f8zrWkzr2Pnn86Oawde3uPclwx12q -gUtGJRzHbBXjlU4PqjI3lAoXJJIThFjSY28r9+ZbYgsTF7ANUkz+/m9c4pFuHf2k -Ytdo+o56T9II2pPc8JIRetDccpMMc5NihWjQ9A== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - d0:1e:40:8b:00:00:02:7c:00:00:00:02:00:00:00:01 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/Email=ca@digsigtrust.com - Validity - Not Before: Dec 1 18:18:55 1998 GMT - Not After : Nov 28 18:18:55 2008 GMT - Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/Email=ca@digsigtrust.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:d2:c6:26:b6:e7:a5:3d:c1:c4:68:d5:50:6f:53: - c5:6f:49:13:09:b8:af:2c:48:8d:14:6a:a3:17:5f: - 5a:f9:d3:2e:75:2f:d8:28:62:d1:93:2f:fc:4d:d4: - ab:87:e5:08:c7:99:e7:92:3f:75:bd:eb:25:b4:15: - c1:9b:19:3d:d2:44:8d:d7:74:20:6d:37:02:8f:69: - 93:5b:8a:c4:19:9d:f4:b2:0e:fc:16:6c:b9:b1:05: - 92:83:d1:85:2c:60:94:3e:45:55:a0:d9:ab:08:21: - e6:60:e8:3b:74:f2:99:50:51:68:d0:03:2d:b1:80: - be:a3:d8:52:b0:44:cd:43:4a:70:8e:58:85:95:e1: - 4e:2c:d6:2d:41:6f:d6:84:e7:c8:98:44:ca:47:db: - 2c:24:a5:69:26:cf:6b:b8:27:62:c3:f4:c9:7a:92: - 23:ed:13:67:82:ae:45:2e:45:e5:7e:72:3f:85:9d: - 94:62:10:e6:3c:91:a1:ad:77:00:e0:15:ec:f3:84: - 80:72:7a:8e:6e:60:97:c7:24:59:10:34:83:5b:e1: - a5:a4:69:b6:57:35:1c:78:59:c6:d3:2f:3a:73:67: - ee:94:ca:04:13:05:62:06:70:23:b3:f4:7c:ee:45: - d9:64:0b:5b:49:aa:a4:43:ce:26:c4:44:12:6c:b8: - dd:79 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - a2:37:b2:3f:69:fb:d7:86:79:54:49:31:95:33:2b:f3:d1:09: - 14:49:62:60:86:a5:b0:11:e2:50:c2:1d:06:57:3e:2d:e8:33: - 64:be:9b:aa:ad:5f:1b:4d:d4:99:95:a2:8b:9a:c9:62:72:b5: - 69:ea:d9:58:ab:35:ed:15:a2:43:d6:b6:bc:07:79:65:64:73: - 7d:d7:79:ca:7b:d5:5a:51:c6:e1:53:04:96:8d:38:cf:a3:17: - ac:39:71:6b:01:c3:8b:53:3c:63:e9:ee:79:c0:e4:be:92:32: - 64:7a:b3:1f:97:94:62:bd:ea:b2:20:15:95:fb:97:f2:78:2f: - 63:36:40:38:e3:46:0f:1d:dd:ac:95:ca:e7:4b:90:7b:b1:4b: - a9:d4:c5:eb:9a:da:aa:d5:a3:94:14:46:8d:2d:1f:f3:3a:d6: - 93:3a:f6:3e:79:fc:e8:e6:b0:75:ed:ee:3d:c9:70:c7:5d:aa: - 81:4b:46:25:1c:c7:6c:15:e3:95:4e:0f:aa:32:37:94:0a:17: - 24:92:13:84:58:d2:63:6f:2b:f7:e6:5b:62:0b:13:17:b0:0d: - 52:4c:fe:fe:6f:5c:e2:91:6e:1d:fd:a4:62:d7:68:fa:8e:7a: - 4f:d2:08:da:93:dc:f0:92:11:7a:d0:dc:72:93:0c:73:93:62: - 85:68:d0:f4 - -Digital Signature Trust Co. Global CA 3 -======================================= -MD5 Fingerprint: 93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A -PEM Data: ------BEGIN CERTIFICATE----- -MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV -UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL -EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ -BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x -ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/ -k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso -LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o -TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG -SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx -JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI -RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3 -MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C -TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5 -WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG -SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR -xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL -B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 913232846 (0x366ed3ce) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E2 - Validity - Not Before: Dec 9 19:17:26 1998 GMT - Not After : Dec 9 19:47:26 2018 GMT - Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E2 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:bf:93:8f:17:92:ef:33:13:18:eb:10:7f:4e:16: - bf:ff:06:8f:2a:85:bc:5e:f9:24:a6:24:88:b6:03: - b7:c1:c3:5f:03:5b:d1:6f:ae:7e:42:ea:66:23:b8: - 63:83:56:fb:28:2d:e1:38:8b:b4:ee:a8:01:e1:ce: - 1c:b6:88:2a:22:46:85:fb:9f:a7:70:a9:47:14:3f: - ce:de:65:f0:a8:71:f7:4f:26:6c:8c:bc:c6:b5:ef: - de:49:27:ff:48:2a:7d:e8:4d:03:cc:c7:b2:52:c6: - 17:31:13:3b:b5:4d:db:c8:c4:f6:c3:0f:24:2a:da: - 0c:9d:e7:91:5b:80:cd:94:9d - Exponent: 3 (0x3) - X509v3 extensions: - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - X509v3 CRL Distribution Points: - DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E2/CN=CRL1 - - X509v3 Private Key Usage Period: - Not Before: Dec 9 19:17:26 1998 GMT, Not After: Dec 9 19:17:26 2018 GMT - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: - keyid:1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B - - X509v3 Subject Key Identifier: - 1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B - X509v3 Basic Constraints: - CA:TRUE - 1.2.840.113533.7.65.0: - 0 -..V4.0.... - Signature Algorithm: sha1WithRSAEncryption - 47:8d:83:ad:62:f2:db:b0:9e:45:22:05:b9:a2:d6:03:0e:38: - 72:e7:9e:fc:7b:e6:93:b6:9a:a5:a2:94:c8:34:1d:91:d1:c5: - d7:f4:0a:25:0f:3d:78:81:9e:0f:b1:67:c4:90:4c:63:dd:5e: - a7:e2:ba:9f:f5:f7:4d:a5:31:7b:9c:29:2d:4c:fe:64:3e:ec: - b6:53:fe:ea:9b:ed:82:db:74:75:4b:07:79:6e:1e:d8:19:83: - 73:de:f5:3e:d0:b5:de:e7:4b:68:7d:43:2e:2a:20:e1:7e:a0: - 78:44:9e:08:f5:98:f9:c7:7f:1b:1b:d6:06:20:02:58:a1:c3: - a2:03 - -Digital Signature Trust Co. Global CA 4 -======================================= -MD5 Fingerprint: CD:3B:3D:62:5B:09:B8:09:36:87:9E:12:2F:71:64:BA -PEM Data: ------BEGIN CERTIFICATE----- -MIID2DCCAsACEQDQHkCLAAB3bQAAAAEAAAAEMA0GCSqGSIb3DQEBBQUAMIGpMQsw -CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp -dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE -CxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIxITAfBgkqhkiG9w0B -CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODExMzAyMjQ2MTZaFw0wODExMjcy -MjQ2MTZaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO -U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0 -IENvLjERMA8GA1UECxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIx -ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBANx18IzAdZaawGIfJvfE4Zrq4FZzW5nNAUSoCLbV -p9oaBBg5kkp4o4HC9Xd6ULRw/5qrxsfKboNPQpj7Jgva3G3WqZlVUmfpKAOS3OWw -BZoPFflrWXJW8vo5/Kpo7g8fEIMv/J36F5bdguPmRX3AS4BEH+0s4IT9kVySVGkl -5WJp3OXuAFK9MwutdQKFp2RQLcUZGTDAJtvJ0/0uma1ZtQtN1EGuhUhDWdy3qOKi -3sOP17ihYqZoUFLkzzGnlIXan0YyF1bl8utmPRL/Q9uY73fPy4GNNLHGUEom0eQ+ -QVCvbK4iNC7Va26Dunm4dmVI2gkpZGMiuftHdoWMhkTLCdsCAwEAATANBgkqhkiG -9w0BAQUFAAOCAQEAtTYOXeFhKFoRZcA/gwN5Tb4opgsHAlKFzfiR0BBstWogWxyQ -2TA8xkieil5k+aFxd+8EJx8H6+Qm93N0yUQYGmbT4EOvkTvRyyzYdFQ6HE3K1GjN -I3wdEJ5F6fYAbqbNGf9PLCmPV03Ed5K+4EwJ+11EhmYhqLkyolbV6YyDfFk/xPEL -553snr2cGA4+wjl5KLcDDQjLxufZATdQEOzMYRZA1K8xdHv8PzGn0EdzMzkbzE5q -10mDEQb+64JYMzJM8FasHpwvVpp7wUocpf1VNs78lk30sPDst2yC7S8xmUJMqbIN -uBVd8d+6ybVK1GSYsyapMMj9puyrliGtf8J4tg== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - d0:1e:40:8b:00:00:77:6d:00:00:00:01:00:00:00:04 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/Email=ca@digsigtrust.com - Validity - Not Before: Nov 30 22:46:16 1998 GMT - Not After : Nov 27 22:46:16 2008 GMT - Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/Email=ca@digsigtrust.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:dc:75:f0:8c:c0:75:96:9a:c0:62:1f:26:f7:c4: - e1:9a:ea:e0:56:73:5b:99:cd:01:44:a8:08:b6:d5: - a7:da:1a:04:18:39:92:4a:78:a3:81:c2:f5:77:7a: - 50:b4:70:ff:9a:ab:c6:c7:ca:6e:83:4f:42:98:fb: - 26:0b:da:dc:6d:d6:a9:99:55:52:67:e9:28:03:92: - dc:e5:b0:05:9a:0f:15:f9:6b:59:72:56:f2:fa:39: - fc:aa:68:ee:0f:1f:10:83:2f:fc:9d:fa:17:96:dd: - 82:e3:e6:45:7d:c0:4b:80:44:1f:ed:2c:e0:84:fd: - 91:5c:92:54:69:25:e5:62:69:dc:e5:ee:00:52:bd: - 33:0b:ad:75:02:85:a7:64:50:2d:c5:19:19:30:c0: - 26:db:c9:d3:fd:2e:99:ad:59:b5:0b:4d:d4:41:ae: - 85:48:43:59:dc:b7:a8:e2:a2:de:c3:8f:d7:b8:a1: - 62:a6:68:50:52:e4:cf:31:a7:94:85:da:9f:46:32: - 17:56:e5:f2:eb:66:3d:12:ff:43:db:98:ef:77:cf: - cb:81:8d:34:b1:c6:50:4a:26:d1:e4:3e:41:50:af: - 6c:ae:22:34:2e:d5:6b:6e:83:ba:79:b8:76:65:48: - da:09:29:64:63:22:b9:fb:47:76:85:8c:86:44:cb: - 09:db - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - b5:36:0e:5d:e1:61:28:5a:11:65:c0:3f:83:03:79:4d:be:28: - a6:0b:07:02:52:85:cd:f8:91:d0:10:6c:b5:6a:20:5b:1c:90: - d9:30:3c:c6:48:9e:8a:5e:64:f9:a1:71:77:ef:04:27:1f:07: - eb:e4:26:f7:73:74:c9:44:18:1a:66:d3:e0:43:af:91:3b:d1: - cb:2c:d8:74:54:3a:1c:4d:ca:d4:68:cd:23:7c:1d:10:9e:45: - e9:f6:00:6e:a6:cd:19:ff:4f:2c:29:8f:57:4d:c4:77:92:be: - e0:4c:09:fb:5d:44:86:66:21:a8:b9:32:a2:56:d5:e9:8c:83: - 7c:59:3f:c4:f1:0b:e7:9d:ec:9e:bd:9c:18:0e:3e:c2:39:79: - 28:b7:03:0d:08:cb:c6:e7:d9:01:37:50:10:ec:cc:61:16:40: - d4:af:31:74:7b:fc:3f:31:a7:d0:47:73:33:39:1b:cc:4e:6a: - d7:49:83:11:06:fe:eb:82:58:33:32:4c:f0:56:ac:1e:9c:2f: - 56:9a:7b:c1:4a:1c:a5:fd:55:36:ce:fc:96:4d:f4:b0:f0:ec: - b7:6c:82:ed:2f:31:99:42:4c:a9:b2:0d:b8:15:5d:f1:df:ba: - c9:b5:4a:d4:64:98:b3:26:a9:30:c8:fd:a6:ec:ab:96:21:ad: - 7f:c2:78:b6 - -Entrust Worldwide by DST -======================== -MD5 Fingerprint: B4:65:22:0A:7C:AD:DF:41:B7:D5:44:D5:AD:FA:9A:75 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDRzCCArCgAwIBAgIENm3FGDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJV -UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRswGQYDVQQL -ExJEU1QtRW50cnVzdCBHVEkgQ0EwHhcNOTgxMjA5MDAwMjI0WhcNMTgxMjA5MDAz -MjI0WjBQMQswCQYDVQQGEwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUg -VHJ1c3QgQ28uMRswGQYDVQQLExJEU1QtRW50cnVzdCBHVEkgQ0EwgZ0wDQYJKoZI -hvcNAQEBBQADgYsAMIGHAoGBALYd90uNDxPjEvUJ/gYyDq9MQfV91Ec9KgrfgwXe -3n3mAxb2UTrLRxpKrX7E/R20vnSKeN0Lg460hBPE+/htKa6h4Q8PQ+O1XmBp+oOU -/Hnm3Hbt0UQrjv0Su/4XdxcMie2n71F9xO04wzujevviTaBgtfL9E2XTxuw/vjWc -PSLvAgEDo4IBLjCCASowEQYJYIZIAYb4QgEBBAQDAgAHMHIGA1UdHwRrMGkwZ6Bl -oGOkYTBfMQswCQYDVQQGEwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUg -VHJ1c3QgQ28uMRswGQYDVQQLExJEU1QtRW50cnVzdCBHVEkgQ0ExDTALBgNVBAMT -BENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkwMDAyMjRagQ8yMDE4MTIwOTAwMDIy -NFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFJOaRMrQeFOAKUkE38evMz+ZdV+u -MB0GA1UdDgQWBBSTmkTK0HhTgClJBN/HrzM/mXVfrjAMBgNVHRMEBTADAQH/MBkG -CSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GBAGSJzAOn -3AryWCDn/RegKHLNh7DNmLUkR2MzMRAQsu+KV3KuTAPgZ5+sYEOEIsGpo+Wxp94J -1M8NeEYjW49Je/4TIpeU6nJI4SwgeJbpZkUZywllY2E/0UmYsXYQVdVjSmZLpAdr -3nt/ueaTWxoCW4AO3Y0Y1Iqjwmjxo+AY0U5M ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 913163544 (0x366dc518) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Digital Signature Trust Co., OU=DST-Entrust GTI CA - Validity - Not Before: Dec 9 00:02:24 1998 GMT - Not After : Dec 9 00:32:24 2018 GMT - Subject: C=US, O=Digital Signature Trust Co., OU=DST-Entrust GTI CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b6:1d:f7:4b:8d:0f:13:e3:12:f5:09:fe:06:32: - 0e:af:4c:41:f5:7d:d4:47:3d:2a:0a:df:83:05:de: - de:7d:e6:03:16:f6:51:3a:cb:47:1a:4a:ad:7e:c4: - fd:1d:b4:be:74:8a:78:dd:0b:83:8e:b4:84:13:c4: - fb:f8:6d:29:ae:a1:e1:0f:0f:43:e3:b5:5e:60:69: - fa:83:94:fc:79:e6:dc:76:ed:d1:44:2b:8e:fd:12: - bb:fe:17:77:17:0c:89:ed:a7:ef:51:7d:c4:ed:38: - c3:3b:a3:7a:fb:e2:4d:a0:60:b5:f2:fd:13:65:d3: - c6:ec:3f:be:35:9c:3d:22:ef - Exponent: 3 (0x3) - X509v3 extensions: - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - X509v3 CRL Distribution Points: - DirName:/C=US/O=Digital Signature Trust Co./OU=DST-Entrust GTI CA/CN=CRL1 - - X509v3 Private Key Usage Period: - Not Before: Dec 9 00:02:24 1998 GMT, Not After: Dec 9 00:02:24 2018 GMT - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: - keyid:93:9A:44:CA:D0:78:53:80:29:49:04:DF:C7:AF:33:3F:99:75:5F:AE - - X509v3 Subject Key Identifier: - 93:9A:44:CA:D0:78:53:80:29:49:04:DF:C7:AF:33:3F:99:75:5F:AE - X509v3 Basic Constraints: - CA:TRUE - 1.2.840.113533.7.65.0: - 0 -..V4.0.... - Signature Algorithm: sha1WithRSAEncryption - 64:89:cc:03:a7:dc:0a:f2:58:20:e7:fd:17:a0:28:72:cd:87: - b0:cd:98:b5:24:47:63:33:31:10:10:b2:ef:8a:57:72:ae:4c: - 03:e0:67:9f:ac:60:43:84:22:c1:a9:a3:e5:b1:a7:de:09:d4: - cf:0d:78:46:23:5b:8f:49:7b:fe:13:22:97:94:ea:72:48:e1: - 2c:20:78:96:e9:66:45:19:cb:09:65:63:61:3f:d1:49:98:b1: - 76:10:55:d5:63:4a:66:4b:a4:07:6b:de:7b:7f:b9:e6:93:5b: - 1a:02:5b:80:0e:dd:8d:18:d4:8a:a3:c2:68:f1:a3:e0:18:d1: - 4e:4c - -Entrust.net Premium 2048 Secure Server CA -========================================= -MD5 Fingerprint: BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC -PEM Data: ------BEGIN CERTIFICATE----- -MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML -RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp -bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 -IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy -MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 -LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp -YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG -A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq -K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe -sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX -MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT -XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ -HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH -4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA -vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G -CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA -WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo -oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ -h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18 -f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN -B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy -vUxFnmG6v4SBkgPR0ml8xQ== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 946059622 (0x3863b966) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) - Validity - Not Before: Dec 24 17:50:51 1999 GMT - Not After : Dec 24 18:20:51 2019 GMT - Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64: - 2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7: - 78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76: - 98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf: - e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1: - 02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29: - b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64: - ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c: - e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89: - a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90: - 76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2: - cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a: - fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55: - 60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86: - 5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26: - 93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e: - 4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0: - 07:e1 - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - X509v3 Authority Key Identifier: - keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 - - X509v3 Subject Key Identifier: - 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 - 1.2.840.113533.7.65.0: - 0...V5.0:4.0.... - Signature Algorithm: sha1WithRSAEncryption - 59:47:ac:21:84:8a:17:c9:9c:89:53:1e:ba:80:85:1a:c6:3c: - 4e:3e:b1:9c:b6:7c:c6:92:5d:18:64:02:e3:d3:06:08:11:61: - 7c:63:e3:2b:9d:31:03:70:76:d2:a3:28:a0:f4:bb:9a:63:73: - ed:6d:e5:2a:db:ed:14:a9:2b:c6:36:11:d0:2b:eb:07:8b:a5: - da:9e:5c:19:9d:56:12:f5:54:29:c8:05:ed:b2:12:2a:8d:f4: - 03:1b:ff:e7:92:10:87:b0:3a:b5:c3:9d:05:37:12:a3:c7:f4: - 15:b9:d5:a4:39:16:9b:53:3a:23:91:f1:a8:82:a2:6a:88:68: - c1:79:02:22:bc:aa:a6:d6:ae:df:b0:14:5f:b8:87:d0:dd:7c: - 7f:7b:ff:af:1c:cf:e6:db:07:ad:5e:db:85:9d:d0:2b:0d:33: - db:04:d1:e6:49:40:13:2b:76:fb:3e:e9:9c:89:0f:15:ce:18: - b0:85:78:21:4f:6b:4f:0e:fa:36:67:cd:07:f2:ff:08:d0:e2: - de:d9:bf:2a:af:b8:87:86:21:3c:04:ca:b7:94:68:7f:cf:3c: - e9:98:d7:38:ff:ec:c0:d9:50:f0:2e:4b:58:ae:46:6f:d0:2e: - c3:60:da:72:55:72:bd:4c:45:9e:61:ba:bf:84:81:92:03:d1: - d2:69:7c:c5 - -Entrust.net Secure Personal CA -============================== -MD5 Fingerprint: 0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4 -PEM Data: ------BEGIN CERTIFICATE----- -MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMC -VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50cnVzdC5u -ZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBsaW1pdHMgbGlh -Yi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV -BAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe -Fw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBaMIHJMQswCQYDVQQGEwJVUzEU -MBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9D -bGllbnRfQ0FfSW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjEl -MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMq -RW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0G -CSqGSIb3DQEBAQUAA4GLADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo -6oT9n3V5z8GKUZSvx1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux -5zDeg7K6PvHViTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zm -AqTmT173iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSC -ARkwggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50 -cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5m -by9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMp -IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQg -Q2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCyg -KqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9DbGllbnQxLmNybDArBgNV -HRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkxMDEyMTkyNDMwWjALBgNVHQ8E -BAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW/O5bs8qZdIuV6kwwHQYDVR0OBBYE -FMT7nCl7l81MlvzuW7PKmXSLlepMMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA -BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7 -pFuPeJoSSJn59DXeDDYHAmsQOokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzz -wy5E97BnRqqS5TvaHBkUODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/a -EkP/TOYGJqibGapEPHayXOw= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 939758062 (0x380391ee) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority - Validity - Not Before: Oct 12 19:24:30 1999 GMT - Not After : Oct 12 19:54:30 2019 GMT - Subject: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:c8:3a:99:5e:31:17:df:ac:27:6f:90:7b:e4:19: - ff:45:a3:34:c2:db:c1:a8:4f:f0:68:ea:84:fd:9f: - 75:79:cf:c1:8a:51:94:af:c7:57:03:47:64:9e:ad: - 82:1b:5a:da:7f:37:78:47:bb:37:98:12:96:ce:c6: - 13:7d:ef:d2:0c:30:51:a9:39:9e:55:f8:fb:b1:e7: - 30:de:83:b2:ba:3e:f1:d5:89:3b:3b:85:ba:aa:74: - 2c:fe:3f:31:6e:af:91:95:6e:06:d4:07:4d:4b:2c: - 56:47:18:04:52:da:0e:10:93:bf:63:90:9b:e1:df: - 8c:e6:02:a4:e6:4f:5e:f7:8b - Exponent: 3 (0x3) - X509v3 extensions: - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - X509v3 CRL Distribution Points: - DirName:/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client Certification Authority/CN=CRL1 - URI:http://www.entrust.net/CRL/Client1.crl - - X509v3 Private Key Usage Period: - Not Before: Oct 12 19:24:30 1999 GMT, Not After: Oct 12 19:24:30 2019 GMT - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: - keyid:C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C - - X509v3 Subject Key Identifier: - C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C - X509v3 Basic Constraints: - CA:TRUE - 1.2.840.113533.7.65.0: - 0 -..V4.0.... - Signature Algorithm: md5WithRSAEncryption - 3f:ae:8a:f1:d7:66:03:05:9e:3e:fa:ea:1c:46:bb:a4:5b:8f: - 78:9a:12:48:99:f9:f4:35:de:0c:36:07:02:6b:10:3a:89:14: - 81:9c:31:a6:7c:b2:41:b2:6a:e7:07:01:a1:4b:f9:9f:25:3b: - 96:ca:99:c3:3e:a1:51:1c:f3:c3:2e:44:f7:b0:67:46:aa:92: - e5:3b:da:1c:19:14:38:30:d5:e2:a2:31:25:2e:f1:ec:45:38: - ed:f8:06:58:03:73:62:b0:10:31:8f:40:bf:64:e0:5c:3e:c5: - 4f:1f:da:12:43:ff:4c:e6:06:26:a8:9b:19:aa:44:3c:76:b2: - 5c:ec - -Entrust.net Secure Server CA -============================ -MD5 Fingerprint: DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE -PEM Data: ------BEGIN CERTIFICATE----- -MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC -VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u -ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc -KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u -ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1 -MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE -ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j -b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF -bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg -U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA -A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/ -I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3 -wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC -AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb -oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5 -BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p -dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk -MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp -b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu -dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0 -MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi -E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa -MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI -hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN -95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd -2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 927650371 (0x374ad243) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority - Validity - Not Before: May 25 16:09:40 1999 GMT - Not After : May 25 16:39:40 2019 GMT - Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff: - af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1: - 0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81: - 26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71: - d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24: - da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29: - 92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8: - ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81: - b1:16:19:61:b9:54:b6:e6:43 - Exponent: 3 (0x3) - X509v3 extensions: - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - X509v3 CRL Distribution Points: - DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1 - URI:http://www.entrust.net/CRL/net1.crl - - X509v3 Private Key Usage Period: - Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: - keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A - - X509v3 Subject Key Identifier: - F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A - X509v3 Basic Constraints: - CA:TRUE - 1.2.840.113533.7.65.0: - 0 -..V4.0.... - Signature Algorithm: sha1WithRSAEncryption - 90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb: - 47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d: - f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31: - c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb: - a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58: - 0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54: - 73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06: - f9:b2 - -Equifax Premium CA -================== -MD5 Fingerprint: A9:E9:A8:9D:0E:73:E3:B1:2F:37:0D:E8:48:3F:86:ED -PEM Data: ------BEGIN CERTIFICATE----- -MIIDIzCCAoygAwIBAgIENeHvHjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJV -UzEQMA4GA1UEChMHRXF1aWZheDEuMCwGA1UECxMlRXF1aWZheCBQcmVtaXVtIENl -cnRpZmljYXRlIEF1dGhvcml0eTAeFw05ODA4MjQyMjU0MjNaFw0xODA4MjQyMjU0 -MjNaME8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS4wLAYDVQQLEyVF -cXVpZmF4IFByZW1pdW0gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3 -DQEBAQUAA4GNADCBiQKBgQDOoQaOBswIC8GGqN4g1Q0O0Q3En+pq2bPCMkdAb4qI -pAm9OCwd5svmpPM269rrvPxkswf2Lbyqzp8ZSGhK/PWiRX4JEPWPs0lcIwY56hOL -uAvNkR12X9k3oUT7X5DyZ7PNGJlDH3YSawLylYM4Q8L2YjTKyXhdX9LYupr/vhBg -WwIDAQABo4IBCjCCAQYwcQYDVR0fBGowaDBmoGSgYqRgMF4xCzAJBgNVBAYTAlVT -MRAwDgYDVQQKEwdFcXVpZmF4MS4wLAYDVQQLEyVFcXVpZmF4IFByZW1pdW0gQ2Vy -dGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIw -MTgwODI0MjI1NDIzWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUFe6yKFmrbuX4 -z4uB9CThrj91G5gwHQYDVR0OBBYEFBXusihZq27l+M+LgfQk4a4/dRuYMAwGA1Ud -EwQFMAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEB -BQUAA4GBAL0LnCepA9so3JipS9DRjqeoGlqR4Jzx9xh8LiKeNh/JqLXNRkpu+jUH -G4YI65/iqPmdQS06rlxctl80BOv8KmCw+3TkhellOJbuFcfGd2MSvYpoH6tsfdrK -XBPO6snrCVzFc+cSAdXZUwee4A+W8Iu0u0VIn4bFGVWgy5bFA/xI ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 903999262 (0x35e1ef1e) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Equifax, OU=Equifax Premium Certificate Authority - Validity - Not Before: Aug 24 22:54:23 1998 GMT - Not After : Aug 24 22:54:23 2018 GMT - Subject: C=US, O=Equifax, OU=Equifax Premium Certificate Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:ce:a1:06:8e:06:cc:08:0b:c1:86:a8:de:20:d5: - 0d:0e:d1:0d:c4:9f:ea:6a:d9:b3:c2:32:47:40:6f: - 8a:88:a4:09:bd:38:2c:1d:e6:cb:e6:a4:f3:36:eb: - da:eb:bc:fc:64:b3:07:f6:2d:bc:aa:ce:9f:19:48: - 68:4a:fc:f5:a2:45:7e:09:10:f5:8f:b3:49:5c:23: - 06:39:ea:13:8b:b8:0b:cd:91:1d:76:5f:d9:37:a1: - 44:fb:5f:90:f2:67:b3:cd:18:99:43:1f:76:12:6b: - 02:f2:95:83:38:43:c2:f6:62:34:ca:c9:78:5d:5f: - d2:d8:ba:9a:ff:be:10:60:5b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 CRL Distribution Points: - DirName:/C=US/O=Equifax/OU=Equifax Premium Certificate Authority/CN=CRL1 - - X509v3 Private Key Usage Period: - Not After: Aug 24 22:54:23 2018 GMT - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: - keyid:15:EE:B2:28:59:AB:6E:E5:F8:CF:8B:81:F4:24:E1:AE:3F:75:1B:98 - - X509v3 Subject Key Identifier: - 15:EE:B2:28:59:AB:6E:E5:F8:CF:8B:81:F4:24:E1:AE:3F:75:1B:98 - X509v3 Basic Constraints: - CA:TRUE - 1.2.840.113533.7.65.0: - 0...V3.0c.... - Signature Algorithm: sha1WithRSAEncryption - bd:0b:9c:27:a9:03:db:28:dc:98:a9:4b:d0:d1:8e:a7:a8:1a: - 5a:91:e0:9c:f1:f7:18:7c:2e:22:9e:36:1f:c9:a8:b5:cd:46: - 4a:6e:fa:35:07:1b:86:08:eb:9f:e2:a8:f9:9d:41:2d:3a:ae: - 5c:5c:b6:5f:34:04:eb:fc:2a:60:b0:fb:74:e4:85:e9:65:38: - 96:ee:15:c7:c6:77:63:12:bd:8a:68:1f:ab:6c:7d:da:ca:5c: - 13:ce:ea:c9:eb:09:5c:c5:73:e7:12:01:d5:d9:53:07:9e:e0: - 0f:96:f0:8b:b4:bb:45:48:9f:86:c5:19:55:a0:cb:96:c5:03: - fc:48 - -Equifax Secure CA -================= -MD5 Fingerprint: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV -UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy -dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 -MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx -dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B -AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f -BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A -cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC -AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ -MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm -aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw -ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj -IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF -MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA -A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y -7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh -1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 903804111 (0x35def4cf) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority - Validity - Not Before: Aug 22 16:41:51 1998 GMT - Not After : Aug 22 16:41:51 2018 GMT - Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:c1:5d:b1:58:67:08:62:ee:a0:9a:2d:1f:08:6d: - 91:14:68:98:0a:1e:fe:da:04:6f:13:84:62:21:c3: - d1:7c:ce:9f:05:e0:b8:01:f0:4e:34:ec:e2:8a:95: - 04:64:ac:f1:6b:53:5f:05:b3:cb:67:80:bf:42:02: - 8e:fe:dd:01:09:ec:e1:00:14:4f:fc:fb:f0:0c:dd: - 43:ba:5b:2b:e1:1f:80:70:99:15:57:93:16:f1:0f: - 97:6a:b7:c2:68:23:1c:cc:4d:59:30:ac:51:1e:3b: - af:2b:d6:ee:63:45:7b:c5:d9:5f:50:d2:e3:50:0f: - 3a:88:e7:bf:14:fd:e0:c7:b9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 CRL Distribution Points: - DirName:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority/CN=CRL1 - - X509v3 Private Key Usage Period: - Not After: Aug 22 16:41:51 2018 GMT - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Authority Key Identifier: - keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4 - - X509v3 Subject Key Identifier: - 48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4 - X509v3 Basic Constraints: - CA:TRUE - 1.2.840.113533.7.65.0: - 0...V3.0c.... - Signature Algorithm: sha1WithRSAEncryption - 58:ce:29:ea:fc:f7:de:b5:ce:02:b9:17:b5:85:d1:b9:e3:e0: - 95:cc:25:31:0d:00:a6:92:6e:7f:b6:92:63:9e:50:95:d1:9a: - 6f:e4:11:de:63:85:6e:98:ee:a8:ff:5a:c8:d3:55:b2:66:71: - 57:de:c0:21:eb:3d:2a:a7:23:49:01:04:86:42:7b:fc:ee:7f: - a2:16:52:b5:67:67:d3:40:db:3b:26:58:b2:28:77:3d:ae:14: - 77:61:d6:fa:2a:66:27:a0:0d:fa:a7:73:5c:ea:70:f1:94:21: - 65:44:5f:fa:fc:ef:29:68:a9:a2:87:79:ef:79:ef:4f:ac:07: - 77:38 - -GTE CyberTrust Global Root -========================== -MD5 Fingerprint: CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB -PEM Data: ------BEGIN CERTIFICATE----- -MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD -VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv -bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv -b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV -UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU -cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds -b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH -iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS -r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4 -04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r -GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9 -3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P -lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 421 (0x1a5) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root - Validity - Not Before: Aug 13 00:29:00 1998 GMT - Not After : Aug 13 23:59:00 2018 GMT - Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:95:0f:a0:b6:f0:50:9c:e8:7a:c7:88:cd:dd:17: - 0e:2e:b0:94:d0:1b:3d:0e:f6:94:c0:8a:94:c7:06: - c8:90:97:c8:b8:64:1a:7a:7e:6c:3c:53:e1:37:28: - 73:60:7f:b2:97:53:07:9f:53:f9:6d:58:94:d2:af: - 8d:6d:88:67:80:e6:ed:b2:95:cf:72:31:ca:a5:1c: - 72:ba:5c:02:e7:64:42:e7:f9:a9:2c:d6:3a:0d:ac: - 8d:42:aa:24:01:39:e6:9c:3f:01:85:57:0d:58:87: - 45:f8:d3:85:aa:93:69:26:85:70:48:80:3f:12:15: - c7:79:b4:1f:05:2f:3b:62:99 - Exponent: 65537 (0x10001) - Signature Algorithm: md5WithRSAEncryption - 6d:eb:1b:09:e9:5e:d9:51:db:67:22:61:a4:2a:3c:48:77:e3: - a0:7c:a6:de:73:a2:14:03:85:3d:fb:ab:0e:30:c5:83:16:33: - 81:13:08:9e:7b:34:4e:df:40:c8:74:d7:b9:7d:dc:f4:76:55: - 7d:9b:63:54:18:e9:f0:ea:f3:5c:b1:d9:8b:42:1e:b9:c0:95: - 4e:ba:fa:d5:e2:7c:f5:68:61:bf:8e:ec:05:97:5f:5b:b0:d7: - a3:85:34:c4:24:a7:0d:0f:95:93:ef:cb:94:d8:9e:1f:9d:5c: - 85:6d:c7:aa:ae:4f:1f:22:b5:cd:95:ad:ba:a7:cc:f9:ab:0b: - 7a:7f - -GTE CyberTrust Japan Root CA -============================ -MD5 Fingerprint: DE:AB:FF:43:2A:65:37:06:9B:28:B5:7A:E8:84:D3:8E -PEM Data: ------BEGIN CERTIFICATE----- -MIICETCCAXoCAU4wDQYJKoZIhvcNAQEEBQAwUTELMAkGA1UEBhMCSlAxHzAdBgNV -BAoTFkN5YmVyVHJ1c3QgSmFwYW4sIEluYy4xITAfBgNVBAMTGEN5YmVyVHJ1c3Qg -SkFQQU4gUm9vdCBDQTAeFw05ODA4MDQwNzU3MDBaFw0wMzA4MDQyMzU5MDBaMFEx -CzAJBgNVBAYTAkpQMR8wHQYDVQQKExZDeWJlclRydXN0IEphcGFuLCBJbmMuMSEw -HwYDVQQDExhDeWJlclRydXN0IEpBUEFOIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEB -BQADgY0AMIGJAoGBALet/MpHEHaJ/Wes5HMGfIFLHda1fA5Hr+ymVHWoxP1lr+fI -sbFsNDWN97lkVygLIVredP7ceC6GRhJMfxEf3JO9X75mmIa4t+xtSdOQ2eF5AFZo -uq1sHyw7H8ksjEOwBELqgXOmzjN1RQ2KRXIvqldV5AfDQ+J1Og+8PNCEzrrvAgMB -AAEwDQYJKoZIhvcNAQEEBQADgYEAt6ZkowyAPBzE2O5BO+WGpJ5gXdYBMqhqZC0g -cEC6ck5m+gdlTgOOC/1W4K07IKcy+rISHoDfHuN6GMxX2+bJNGDvdesQFtCkLnDY -JCO4pXdzQvkHOt0BbAiTBzUmECVgKf8J5WSfabkWSfNc3SRjRpMNsFM2dbxIILsZ -to/QIv0= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 78 (0x4e) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Root CA - Validity - Not Before: Aug 4 07:57:00 1998 GMT - Not After : Aug 4 23:59:00 2003 GMT - Subject: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b7:ad:fc:ca:47:10:76:89:fd:67:ac:e4:73:06: - 7c:81:4b:1d:d6:b5:7c:0e:47:af:ec:a6:54:75:a8: - c4:fd:65:af:e7:c8:b1:b1:6c:34:35:8d:f7:b9:64: - 57:28:0b:21:5a:de:74:fe:dc:78:2e:86:46:12:4c: - 7f:11:1f:dc:93:bd:5f:be:66:98:86:b8:b7:ec:6d: - 49:d3:90:d9:e1:79:00:56:68:ba:ad:6c:1f:2c:3b: - 1f:c9:2c:8c:43:b0:04:42:ea:81:73:a6:ce:33:75: - 45:0d:8a:45:72:2f:aa:57:55:e4:07:c3:43:e2:75: - 3a:0f:bc:3c:d0:84:ce:ba:ef - Exponent: 65537 (0x10001) - Signature Algorithm: md5WithRSAEncryption - b7:a6:64:a3:0c:80:3c:1c:c4:d8:ee:41:3b:e5:86:a4:9e:60: - 5d:d6:01:32:a8:6a:64:2d:20:70:40:ba:72:4e:66:fa:07:65: - 4e:03:8e:0b:fd:56:e0:ad:3b:20:a7:32:fa:b2:12:1e:80:df: - 1e:e3:7a:18:cc:57:db:e6:c9:34:60:ef:75:eb:10:16:d0:a4: - 2e:70:d8:24:23:b8:a5:77:73:42:f9:07:3a:dd:01:6c:08:93: - 07:35:26:10:25:60:29:ff:09:e5:64:9f:69:b9:16:49:f3:5c: - dd:24:63:46:93:0d:b0:53:36:75:bc:48:20:bb:19:b6:8f:d0: - 22:fd - -GTE CyberTrust Japan Secure Server CA -===================================== -MD5 Fingerprint: DD:0D:0D:B4:78:4B:7D:CE:30:0A:A6:35:C6:AB:4C:88 -PEM Data: ------BEGIN CERTIFICATE----- -MIICIzCCAYwCAU8wDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCSlAxHzAdBgNV -BAoTFkN5YmVyVHJ1c3QgSmFwYW4sIEluYy4xKjAoBgNVBAMTIUN5YmVyVHJ1c3Qg -SkFQQU4gU2VjdXJlIFNlcnZlciBDQTAeFw05ODA4MDQwODA2MzJaFw0wMzA4MDQy -MzU5MDBaMFoxCzAJBgNVBAYTAkpQMR8wHQYDVQQKExZDeWJlclRydXN0IEphcGFu -LCBJbmMuMSowKAYDVQQDEyFDeWJlclRydXN0IEpBUEFOIFNlY3VyZSBTZXJ2ZXIg -Q0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKwmo6G4b2rALBL52zEFkuf9 -+tSBtLjVKtWQ+vBDZfwSFcrs27lh3jNjN0+vADx/kjcbGHPlnzyI8RoTRP558sMm -lQ8L8J4UByFsV8Jdw+JRsM2LX81fhjj4eZc57Oi/Ui6xXqqprozt7tfIty4xi7Q5 -kjt8gScHGgFEL0lzILbJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAaB17Eu5aeSkx -ygGsi1CpJ5ksAPw4Ghz/wtXwE/4bpzn1gBTrUfrAjXuEG1musTVRbqE+1xvsoJ7f -4KWCluOxP9io8ct5gI738ESZfhT1I6MR42hLBTZuiOOrhqo4UwNCO9O5+eC/BenT -X8NKp7b9t12QSfiasq1mpoIAk65g/yA= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 79 (0x4f) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Secure Server CA - Validity - Not Before: Aug 4 08:06:32 1998 GMT - Not After : Aug 4 23:59:00 2003 GMT - Subject: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Secure Server CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:ac:26:a3:a1:b8:6f:6a:c0:2c:12:f9:db:31:05: - 92:e7:fd:fa:d4:81:b4:b8:d5:2a:d5:90:fa:f0:43: - 65:fc:12:15:ca:ec:db:b9:61:de:33:63:37:4f:af: - 00:3c:7f:92:37:1b:18:73:e5:9f:3c:88:f1:1a:13: - 44:fe:79:f2:c3:26:95:0f:0b:f0:9e:14:07:21:6c: - 57:c2:5d:c3:e2:51:b0:cd:8b:5f:cd:5f:86:38:f8: - 79:97:39:ec:e8:bf:52:2e:b1:5e:aa:a9:ae:8c:ed: - ee:d7:c8:b7:2e:31:8b:b4:39:92:3b:7c:81:27:07: - 1a:01:44:2f:49:73:20:b6:c9 - Exponent: 65537 (0x10001) - Signature Algorithm: md5WithRSAEncryption - 68:1d:7b:12:ee:5a:79:29:31:ca:01:ac:8b:50:a9:27:99:2c: - 00:fc:38:1a:1c:ff:c2:d5:f0:13:fe:1b:a7:39:f5:80:14:eb: - 51:fa:c0:8d:7b:84:1b:59:ae:b1:35:51:6e:a1:3e:d7:1b:ec: - a0:9e:df:e0:a5:82:96:e3:b1:3f:d8:a8:f1:cb:79:80:8e:f7: - f0:44:99:7e:14:f5:23:a3:11:e3:68:4b:05:36:6e:88:e3:ab: - 86:aa:38:53:03:42:3b:d3:b9:f9:e0:bf:05:e9:d3:5f:c3:4a: - a7:b6:fd:b7:5d:90:49:f8:9a:b2:ad:66:a6:82:00:93:ae:60: - ff:20 - -GTE CyberTrust Root 2 -===================== -MD5 Fingerprint: BA:ED:17:57:9A:4B:FF:7C:F9:C9:1F:A2:CD:1A:D6:87 -PEM Data: ------BEGIN CERTIFICATE----- -MIICUDCCAbkCAgGbMA0GCSqGSIb3DQEBBAUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD -VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv -bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCAyMB4X -DTk4MDgxMTExMzUwN1oXDTA4MDgxMTExMjIxNlowcDELMAkGA1UEBhMCVVMxGDAW -BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg -U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDIw -gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANksTE4vaRoj41a6886EwAnAefFE -XzMfFZF/iogouCRFzI8YzR900bWPcUzWMfZzloSUQMWpg2Akfa9vNLdLTMIJgDtF -BJ7EPMQndXsADKFkR7UUXYJLUTpYu0RMPdPlBjjoYVyYeLuAs5zacoJioN+cX+v5 -T3fCzGAYAGs0giWzAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAo2SRbxDt526iQkCU -eM74FAjR+kOF60bNkhTQ7y4tNjkY2brJJ4gp6UgXb/jBqshhbS39QC11QzCXOfgU -ZL1v72OoK0LfsloNJex7N9jOkSmCFvnoYqLhdsQCfd0li5jh9g1gjPZZkEBRRNHC -+xkkHhc5a3QhFTPWVdeCHnAsJ6g= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 411 (0x19b) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 2 - Validity - Not Before: Aug 11 11:35:07 1998 GMT - Not After : Aug 11 11:22:16 2008 GMT - Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 2 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d9:2c:4c:4e:2f:69:1a:23:e3:56:ba:f3:ce:84: - c0:09:c0:79:f1:44:5f:33:1f:15:91:7f:8a:88:28: - b8:24:45:cc:8f:18:cd:1f:74:d1:b5:8f:71:4c:d6: - 31:f6:73:96:84:94:40:c5:a9:83:60:24:7d:af:6f: - 34:b7:4b:4c:c2:09:80:3b:45:04:9e:c4:3c:c4:27: - 75:7b:00:0c:a1:64:47:b5:14:5d:82:4b:51:3a:58: - bb:44:4c:3d:d3:e5:06:38:e8:61:5c:98:78:bb:80: - b3:9c:da:72:82:62:a0:df:9c:5f:eb:f9:4f:77:c2: - cc:60:18:00:6b:34:82:25:b3 - Exponent: 65537 (0x10001) - Signature Algorithm: md5WithRSAEncryption - a3:64:91:6f:10:ed:e7:6e:a2:42:40:94:78:ce:f8:14:08:d1: - fa:43:85:eb:46:cd:92:14:d0:ef:2e:2d:36:39:18:d9:ba:c9: - 27:88:29:e9:48:17:6f:f8:c1:aa:c8:61:6d:2d:fd:40:2d:75: - 43:30:97:39:f8:14:64:bd:6f:ef:63:a8:2b:42:df:b2:5a:0d: - 25:ec:7b:37:d8:ce:91:29:82:16:f9:e8:62:a2:e1:76:c4:02: - 7d:dd:25:8b:98:e1:f6:0d:60:8c:f6:59:90:40:51:44:d1:c2: - fb:19:24:1e:17:39:6b:74:21:15:33:d6:55:d7:82:1e:70:2c: - 27:a8 - -GTE CyberTrust Root 3 -===================== -MD5 Fingerprint: DB:81:96:57:AE:64:61:EF:77:A7:83:C4:51:24:3C:87 -PEM Data: ------BEGIN CERTIFICATE----- -MIICUDCCAbkCAgGXMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD -VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv -bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCAzMB4X -DTk4MDgxMDE5NTkwOFoXDTA4MDgxMDE5MzYzOVowcDELMAkGA1UEBhMCVVMxGDAW -BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg -U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDMw -gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHzsSsLztwU2TSXYlASVmOETFP6 -wIXP+sHdD955E39T+6oOYN3iYr/G7k6ZNKpoQzWZ+KP982O9AVRqnrI6lix7eCjG -WrWNGhUY/eOMLqJQCVtx1g21GB8ZjgQpk5N4q18U53NC8gMMV6IbUDsLu1ngoDoD -7icbWky5sAjKuRqJAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAheutlCAG6bKiazvy -ZuvjS7gSJgXl9JGo3IfcmPSUwfRhvdWcbFFzlV7QvdfmRdw8z0aE1ee57ORnY24A -KHdxXUoF6bl8hszCRLveKUja6t29F58dUQGo6BResVf3/9qPzpX+Le0yEnf/fGph -la4xcgYI8PnzDY7i76hTXZEDg94= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 407 (0x197) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 3 - Validity - Not Before: Aug 10 19:59:08 1998 GMT - Not After : Aug 10 19:36:39 2008 GMT - Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 3 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:e1:f3:b1:2b:0b:ce:dc:14:d9:34:97:62:50:12: - 56:63:84:4c:53:fa:c0:85:cf:fa:c1:dd:0f:de:79: - 13:7f:53:fb:aa:0e:60:dd:e2:62:bf:c6:ee:4e:99: - 34:aa:68:43:35:99:f8:a3:fd:f3:63:bd:01:54:6a: - 9e:b2:3a:96:2c:7b:78:28:c6:5a:b5:8d:1a:15:18: - fd:e3:8c:2e:a2:50:09:5b:71:d6:0d:b5:18:1f:19: - 8e:04:29:93:93:78:ab:5f:14:e7:73:42:f2:03:0c: - 57:a2:1b:50:3b:0b:bb:59:e0:a0:3a:03:ee:27:1b: - 5a:4c:b9:b0:08:ca:b9:1a:89 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 85:eb:ad:94:20:06:e9:b2:a2:6b:3b:f2:66:eb:e3:4b:b8:12: - 26:05:e5:f4:91:a8:dc:87:dc:98:f4:94:c1:f4:61:bd:d5:9c: - 6c:51:73:95:5e:d0:bd:d7:e6:45:dc:3c:cf:46:84:d5:e7:b9: - ec:e4:67:63:6e:00:28:77:71:5d:4a:05:e9:b9:7c:86:cc:c2: - 44:bb:de:29:48:da:ea:dd:bd:17:9f:1d:51:01:a8:e8:14:5e: - b1:57:f7:ff:da:8f:ce:95:fe:2d:ed:32:12:77:ff:7c:6a:61: - 95:ae:31:72:06:08:f0:f9:f3:0d:8e:e2:ef:a8:53:5d:91:03: - 83:de - -GTE CyberTrust Root 4 -===================== -MD5 Fingerprint: 33:43:02:B1:B9:E0:73:B1:B1:20:CA:CB:C7:84:03:50 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDVTCCAj0CAgGoMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD -VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv -bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCA0MB4X -DTk4MDgxMzEzNTEwMFoXDTEzMDgxMzIzNTkwMFowcDELMAkGA1UEBhMCVVMxGDAW -BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg -U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDQw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6nSJuf9pmPDlCsaMqb9P3 -vK6sMVrXEZBHuZ0ZLvnzGyKgw+GnusT8XgqUS5haSybkH/Tc8/6OiNxsLXx3hyZQ -wF5OqCih6hdpT03GAQ7amg0GViYVtqRdejWvje14Uob5OKuzAdPaBZaxtlCrwKGu -F1P6QzkgcWUj223Etu2YRYPX0vbiqWv7+XXM78WrcZY16N+OkZuoEHUft84Tjmuz -lneXGpEvxyxpmfAPKmgAmHZEG4wo0uuO9IO0f6QlXmw72cZo1WG41F4xB7VbkDVS -V3sXIO0tuB6OiDk+Usvf8FyxZbulErSQY79xnTLB2r9QSpW+BjrEK+vNmHZETQvl -AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEOvHIfJSbpliTRJPOoHO0eiedSgO5Bs -3n+oVMPoTEAyvMjsHOXZrEC6/Iw/wnOc9GTq36ntTlvIAWDuOW1DJ/N/qgjS/k5v -FDJNfeQ0gKU1xNZGULQ7oC1lH09lfjQoLcCndn0xyQ0zFvYgGSARULsDzHBtlrfv -TKfaNhXPu03UltyITWyY7blz/ihXoO1k+AqBKXP29pcyhzm0ge/ZTRoHNPe6QjXe -V9xc1vfF6wonDIGmwtBoTv2SW0iD9haKjzZb7TFsP0F6cfeSPzGkCkBM84biYcE8 -SYEtpbjvupcPvCsdm4ny0o4eTYbywqv2LZnAGyoNobZP+SxYTT19Nwo= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 424 (0x1a8) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 4 - Validity - Not Before: Aug 13 13:51:00 1998 GMT - Not After : Aug 13 23:59:00 2013 GMT - Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 4 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:ba:9d:22:6e:7f:da:66:3c:39:42:b1:a3:2a:6f: - d3:f7:bc:ae:ac:31:5a:d7:11:90:47:b9:9d:19:2e: - f9:f3:1b:22:a0:c3:e1:a7:ba:c4:fc:5e:0a:94:4b: - 98:5a:4b:26:e4:1f:f4:dc:f3:fe:8e:88:dc:6c:2d: - 7c:77:87:26:50:c0:5e:4e:a8:28:a1:ea:17:69:4f: - 4d:c6:01:0e:da:9a:0d:06:56:26:15:b6:a4:5d:7a: - 35:af:8d:ed:78:52:86:f9:38:ab:b3:01:d3:da:05: - 96:b1:b6:50:ab:c0:a1:ae:17:53:fa:43:39:20:71: - 65:23:db:6d:c4:b6:ed:98:45:83:d7:d2:f6:e2:a9: - 6b:fb:f9:75:cc:ef:c5:ab:71:96:35:e8:df:8e:91: - 9b:a8:10:75:1f:b7:ce:13:8e:6b:b3:96:77:97:1a: - 91:2f:c7:2c:69:99:f0:0f:2a:68:00:98:76:44:1b: - 8c:28:d2:eb:8e:f4:83:b4:7f:a4:25:5e:6c:3b:d9: - c6:68:d5:61:b8:d4:5e:31:07:b5:5b:90:35:52:57: - 7b:17:20:ed:2d:b8:1e:8e:88:39:3e:52:cb:df:f0: - 5c:b1:65:bb:a5:12:b4:90:63:bf:71:9d:32:c1:da: - bf:50:4a:95:be:06:3a:c4:2b:eb:cd:98:76:44:4d: - 0b:e5 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 43:af:1c:87:c9:49:ba:65:89:34:49:3c:ea:07:3b:47:a2:79: - d4:a0:3b:90:6c:de:7f:a8:54:c3:e8:4c:40:32:bc:c8:ec:1c: - e5:d9:ac:40:ba:fc:8c:3f:c2:73:9c:f4:64:ea:df:a9:ed:4e: - 5b:c8:01:60:ee:39:6d:43:27:f3:7f:aa:08:d2:fe:4e:6f:14: - 32:4d:7d:e4:34:80:a5:35:c4:d6:46:50:b4:3b:a0:2d:65:1f: - 4f:65:7e:34:28:2d:c0:a7:76:7d:31:c9:0d:33:16:f6:20:19: - 20:11:50:bb:03:cc:70:6d:96:b7:ef:4c:a7:da:36:15:cf:bb: - 4d:d4:96:dc:88:4d:6c:98:ed:b9:73:fe:28:57:a0:ed:64:f8: - 0a:81:29:73:f6:f6:97:32:87:39:b4:81:ef:d9:4d:1a:07:34: - f7:ba:42:35:de:57:dc:5c:d6:f7:c5:eb:0a:27:0c:81:a6:c2: - d0:68:4e:fd:92:5b:48:83:f6:16:8a:8f:36:5b:ed:31:6c:3f: - 41:7a:71:f7:92:3f:31:a4:0a:40:4c:f3:86:e2:61:c1:3c:49: - 81:2d:a5:b8:ef:ba:97:0f:bc:2b:1d:9b:89:f2:d2:8e:1e:4d: - 86:f2:c2:ab:f6:2d:99:c0:1b:2a:0d:a1:b6:4f:f9:2c:58:4d: - 3d:7d:37:0a - -GTE CyberTrust Root 5 -===================== -MD5 Fingerprint: 7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E -PEM Data: ------BEGIN CERTIFICATE----- -MIIDtjCCAp6gAwIBAgICAbYwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1 -c3QgU29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290 -IDUwHhcNOTgwODE0MTQ1MDAwWhcNMTMwODE0MjM1OTAwWjBwMQswCQYDVQQGEwJV -UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU -cnVzdCBTb2x1dGlvbnMsIEluYy4xHjAcBgNVBAMTFUdURSBDeWJlclRydXN0IFJv -b3QgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALwSbj+KfHqXAewe -uzlaAvR4RKJIG457SVJ6uHtHs6+Um2+7lvoramVcuByUc76/iQoigO5X/IwFu3Cf -lzkE2qOHXKjlyq/AM5rVN1xLrOSA0KYjYPv9ci6UncfOwgQy73hgXe2thw9FZR48 -mgqavl0dmezn8tHGehfZrZtUln/EfGC/haoVNR1A2hG87FQhKC0joajwzy3N3fx+ -D17hZQdWywe00lboXjHMGGPEhtIthc+Tkqtt/mg5+95zvYb45EZ66p8My/QZ/mO8 -0Sx7iDM29uThnAxTgWAc2i6rlqkWiBNQmbK9Vd8VMH7o5Zj7cH5stQf8/Ea30O03 -ln4y/iECAwEAAaNaMFgwEgYDVR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMC -AQYwFwYDVR0gBBAwDjAMBgoqhkiG+GMBAgEDMBkGA1UdDgQSBBB2CkkhOEyf3vjE -ScdxcZGdMA0GCSqGSIb3DQEBBQUAA4IBAQBBOtQYW9q43iEc4Y4J5fFoNP/elvQH -9ac886xKsZv6kvqb7eYyIapKdsXcTzjl39WG5NXIdn2Y17HNj021kSNsi4rr6nzv -FJTExvAfSi0ycWMrY5EmAgm2gB3t4sy4f9uHY8jh0GwmsTUdQGYQG82VVBgzYewT -T9oT95mvPtDPjqZyorPDBZrJJ32SzH5SjbOrcG2eiZ9N6xp1wpiq1QIW1wyKvyXk -6y28mOlYOBl8uTf+2+KZCHMGx5eDan0QAS8yuRcFSmXmL86+XlOmgumaUwqEdC2D -ysiUFnZflGEo8IWnObvXi9moshMdVAk0JH0ggX1mfqKQdFwQxr3sqxvC ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 438 (0x1b6) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 5 - Validity - Not Before: Aug 14 14:50:00 1998 GMT - Not After : Aug 14 23:59:00 2013 GMT - Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 5 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:bc:12:6e:3f:8a:7c:7a:97:01:ec:1e:bb:39:5a: - 02:f4:78:44:a2:48:1b:8e:7b:49:52:7a:b8:7b:47: - b3:af:94:9b:6f:bb:96:fa:2b:6a:65:5c:b8:1c:94: - 73:be:bf:89:0a:22:80:ee:57:fc:8c:05:bb:70:9f: - 97:39:04:da:a3:87:5c:a8:e5:ca:af:c0:33:9a:d5: - 37:5c:4b:ac:e4:80:d0:a6:23:60:fb:fd:72:2e:94: - 9d:c7:ce:c2:04:32:ef:78:60:5d:ed:ad:87:0f:45: - 65:1e:3c:9a:0a:9a:be:5d:1d:99:ec:e7:f2:d1:c6: - 7a:17:d9:ad:9b:54:96:7f:c4:7c:60:bf:85:aa:15: - 35:1d:40:da:11:bc:ec:54:21:28:2d:23:a1:a8:f0: - cf:2d:cd:dd:fc:7e:0f:5e:e1:65:07:56:cb:07:b4: - d2:56:e8:5e:31:cc:18:63:c4:86:d2:2d:85:cf:93: - 92:ab:6d:fe:68:39:fb:de:73:bd:86:f8:e4:46:7a: - ea:9f:0c:cb:f4:19:fe:63:bc:d1:2c:7b:88:33:36: - f6:e4:e1:9c:0c:53:81:60:1c:da:2e:ab:96:a9:16: - 88:13:50:99:b2:bd:55:df:15:30:7e:e8:e5:98:fb: - 70:7e:6c:b5:07:fc:fc:46:b7:d0:ed:37:96:7e:32: - fe:21 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE, pathlen:5 - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Certificate Policies: - Policy: 1.2.840.113763.1.2.1.3 - - X509v3 Subject Key Identifier: - 76:0A:49:21:38:4C:9F:DE:F8:C4:49:C7:71:71:91:9D - Signature Algorithm: sha1WithRSAEncryption - 41:3a:d4:18:5b:da:b8:de:21:1c:e1:8e:09:e5:f1:68:34:ff: - de:96:f4:07:f5:a7:3c:f3:ac:4a:b1:9b:fa:92:fa:9b:ed:e6: - 32:21:aa:4a:76:c5:dc:4f:38:e5:df:d5:86:e4:d5:c8:76:7d: - 98:d7:b1:cd:8f:4d:b5:91:23:6c:8b:8a:eb:ea:7c:ef:14:94: - c4:c6:f0:1f:4a:2d:32:71:63:2b:63:91:26:02:09:b6:80:1d: - ed:e2:cc:b8:7f:db:87:63:c8:e1:d0:6c:26:b1:35:1d:40:66: - 10:1b:cd:95:54:18:33:61:ec:13:4f:da:13:f7:99:af:3e:d0: - cf:8e:a6:72:a2:b3:c3:05:9a:c9:27:7d:92:cc:7e:52:8d:b3: - ab:70:6d:9e:89:9f:4d:eb:1a:75:c2:98:aa:d5:02:16:d7:0c: - 8a:bf:25:e4:eb:2d:bc:98:e9:58:38:19:7c:b9:37:fe:db:e2: - 99:08:73:06:c7:97:83:6a:7d:10:01:2f:32:b9:17:05:4a:65: - e6:2f:ce:be:5e:53:a6:82:e9:9a:53:0a:84:74:2d:83:ca:c8: - 94:16:76:5f:94:61:28:f0:85:a7:39:bb:d7:8b:d9:a8:b2:13: - 1d:54:09:34:24:7d:20:81:7d:66:7e:a2:90:74:5c:10:c6:bd: - ec:ab:1b:c2 - -GTE CyberTrust Root CA -====================== -MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58 -PEM Data: ------BEGIN CERTIFICATE----- -MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD -VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv -b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV -UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU -cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv -RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M -ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5 -1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz -dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl -IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy -bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 419 (0x1a3) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, O=GTE Corporation, CN=GTE CyberTrust Root - Validity - Not Before: Feb 23 23:01:00 1996 GMT - Not After : Feb 23 23:59:00 2006 GMT - Subject: C=US, O=GTE Corporation, CN=GTE CyberTrust Root - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b8:e6:4f:ba:db:98:7c:71:7c:af:44:b7:d3:0f: - 46:d9:64:e5:93:c1:42:8e:c7:ba:49:8d:35:2d:7a: - e7:8b:bd:e5:05:31:59:c6:b1:2f:0a:0c:fb:9f:a7: - 3f:a2:09:66:84:56:1e:37:29:1b:87:e9:7e:0c:ca: - 9a:9f:a5:7f:f5:15:94:a3:d5:a2:46:82:d8:68:4c: - d1:37:15:06:68:af:bd:f8:b0:b3:f0:29:f5:95:5a: - 09:16:61:77:0a:22:25:d4:4f:45:aa:c7:bd:e5:96: - df:f9:d4:a8:8e:42:cc:24:c0:1e:91:27:4a:b5:6d: - 06:80:63:39:c4:a2:5e:38:03 - Exponent: 65537 (0x10001) - Signature Algorithm: md5WithRSAEncryption - 12:b3:75:c6:5f:1d:e1:61:55:80:00:d4:81:4b:7b:31:0f:23: - 63:e7:3d:f3:03:f9:f4:36:a8:bb:d9:e3:a5:97:4d:ea:2b:29: - e0:d6:6a:73:81:e6:c0:89:a3:d3:f1:e0:a5:a5:22:37:9a:63: - c2:48:20:b4:db:72:e3:c8:f6:d9:7c:be:b1:af:53:da:14:b4: - 21:b8:d6:d5:96:e3:fe:4e:0c:59:62:b6:9a:4a:f9:42:dd:8c: - 6f:81:a9:71:ff:f4:0a:72:6d:6d:44:0e:9d:f3:74:74:a8:d5: - 34:49:e9:5e:9e:e9:b4:7a:e1:e5:5a:1f:84:30:9c:d3:9f:a5: - 25:d8 - -GlobalSign Partners CA -====================== -MD5 Fingerprint: 3C:75:CD:4C:BD:A9:D0:8A:79:4F:50:16:37:84:F4:2B -PEM Data: ------BEGIN CERTIFICATE----- -MIIDnjCCAoagAwIBAgILAgAAAAAA1ni50a8wDQYJKoZIhvcNAQEEBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw -MDBaFw0wOTAxMjgxMjAwMDBaMF8xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMRQwEgYDVQQLEwtQYXJ0bmVycyBDQTEfMB0GA1UEAxMWR2xv -YmFsU2lnbiBQYXJ0bmVycyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBANIs+DKsShJ6N8gpkaWujG4eDsA0M4jlM3EWHHiEaMMYNFAuFj6xlIJPsZqf -APjGETXGaXuYAq0ABohs50wzKACIJ0Yfh7NxdWO8MruI3mYYDlAGk7T2vBQ3MD0i -3z3/dX7ZChrFn7P80KyzCHqJ0wHoAFznSgs9TXsmordiBovaRt2TFz8/WwJLC7aI -IBGSAK27xy7U40Wu9YlafI2krYVkMsAnjMbyioCShiRWWY10aKKDQrOePVBBhm8g -bvb9ztMZ4zLMj+2aXm0fKPVSrG4YXvg90ZLlumwBiEsK8i3eZTMFQqBMqjF2vv2/ -gXj5cRxGXi0VlS0wWY5MQdFiqz0CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgAGMB0G -A1UdDgQWBBRDJI1wFQhiVZxPDEAXXYZeD6JM+zAfBgNVHSMEGDAWgBRge2YaRQ2X -yolQL30EzTSo//z9SzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IB -AQBm7bSIaRGZgiGDrKFti5uErQ8tyB6Mynt+rarUjt4H1p5Fx6W4nAc5YCVVGsBP -GeXPFylJiRg1ZuXrKEBOV8mvs+S4IAWjO5VQkUmUKX0s5YhBpUWIXp2CJ/fS71u1 -T5++/jVlLFVkn+FR2iJhd7pYTo/GeVlZbjCAok+QbiELrdBoOZAQm+0iZW8eETjm -f4zS8zltR9Uh6Op1OkHRrfYWnV0LIb3zH2MGJR3BHzVxLOsgGdXBsOw95W/tAgc/ -E3tmktZEwZj3X1CLelvCb22w0fjldKBAN6MlD+Q9ymQxk5BcMHu5OTGaXkzNuUFP -UOQ9OK7IZtnHO11RR6ybq/Kt ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: - 02:00:00:00:00:00:d6:78:b9:d1:af - Signature Algorithm: md5WithRSAEncryption - Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA - Validity - Not Before: Jan 28 12:00:00 1999 GMT - Not After : Jan 28 12:00:00 2009 GMT - Subject: C=BE, O=GlobalSign nv-sa, OU=Partners CA, CN=GlobalSign Partners CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:d2:2c:f8:32:ac:4a:12:7a:37:c8:29:91:a5:ae: - 8c:6e:1e:0e:c0:34:33:88:e5:33:71:16:1c:78:84: - 68:c3:18:34:50:2e:16:3e:b1:94:82:4f:b1:9a:9f: - 00:f8:c6:11:35:c6:69:7b:98:02:ad:00:06:88:6c: - e7:4c:33:28:00:88:27:46:1f:87:b3:71:75:63:bc: - 32:bb:88:de:66:18:0e:50:06:93:b4:f6:bc:14:37: - 30:3d:22:df:3d:ff:75:7e:d9:0a:1a:c5:9f:b3:fc: - d0:ac:b3:08:7a:89:d3:01:e8:00:5c:e7:4a:0b:3d: - 4d:7b:26:a2:b7:62:06:8b:da:46:dd:93:17:3f:3f: - 5b:02:4b:0b:b6:88:20:11:92:00:ad:bb:c7:2e:d4: - e3:45:ae:f5:89:5a:7c:8d:a4:ad:85:64:32:c0:27: - 8c:c6:f2:8a:80:92:86:24:56:59:8d:74:68:a2:83: - 42:b3:9e:3d:50:41:86:6f:20:6e:f6:fd:ce:d3:19: - e3:32:cc:8f:ed:9a:5e:6d:1f:28:f5:52:ac:6e:18: - 5e:f8:3d:d1:92:e5:ba:6c:01:88:4b:0a:f2:2d:de: - 65:33:05:42:a0:4c:aa:31:76:be:fd:bf:81:78:f9: - 71:1c:46:5e:2d:15:95:2d:30:59:8e:4c:41:d1:62: - ab:3d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: - 43:24:8D:70:15:08:62:55:9C:4F:0C:40:17:5D:86:5E:0F:A2:4C:FB - X509v3 Authority Key Identifier: - keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B - - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 66:ed:b4:88:69:11:99:82:21:83:ac:a1:6d:8b:9b:84:ad:0f: - 2d:c8:1e:8c:ca:7b:7e:ad:aa:d4:8e:de:07:d6:9e:45:c7:a5: - b8:9c:07:39:60:25:55:1a:c0:4f:19:e5:cf:17:29:49:89:18: - 35:66:e5:eb:28:40:4e:57:c9:af:b3:e4:b8:20:05:a3:3b:95: - 50:91:49:94:29:7d:2c:e5:88:41:a5:45:88:5e:9d:82:27:f7: - d2:ef:5b:b5:4f:9f:be:fe:35:65:2c:55:64:9f:e1:51:da:22: - 61:77:ba:58:4e:8f:c6:79:59:59:6e:30:80:a2:4f:90:6e:21: - 0b:ad:d0:68:39:90:10:9b:ed:22:65:6f:1e:11:38:e6:7f:8c: - d2:f3:39:6d:47:d5:21:e8:ea:75:3a:41:d1:ad:f6:16:9d:5d: - 0b:21:bd:f3:1f:63:06:25:1d:c1:1f:35:71:2c:eb:20:19:d5: - c1:b0:ec:3d:e5:6f:ed:02:07:3f:13:7b:66:92:d6:44:c1:98: - f7:5f:50:8b:7a:5b:c2:6f:6d:b0:d1:f8:e5:74:a0:40:37:a3: - 25:0f:e4:3d:ca:64:31:93:90:5c:30:7b:b9:39:31:9a:5e:4c: - cd:b9:41:4f:50:e4:3d:38:ae:c8:66:d9:c7:3b:5d:51:47:ac: - 9b:ab:f2:ad - -GlobalSign Primary Class 1 CA -============================= -MD5 Fingerprint: 5C:AC:59:01:A4:86:53:CB:10:66:B5:D6:D6:71:FF:01 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDrDCCApSgAwIBAgILAgAAAAAA1ni4N88wDQYJKoZIhvcNAQEEBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MTUxMjAw -MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDEgQ0ExJjAkBgNV -BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAxIENBMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAvSA1R9Eo1gijEjkjRw29cCFSDlcxlaY0V2vsfkN5 -wwZSSM28taGZvdgfMrzP125ybS53IpCCTkuPmgwBQprZcFm2nR/mY9EMrR1O+IWB -+a7vn6ZSYUR5GnVF4GFWRW1CjD1yy6akErea9dZg0GBQs46mpuy09BLNf6jO77Ph -hTD+csTm53eznlhB1lGDiAfGtmlPNt7RC0g/vdafIXRkbycGPkv9Dqabv6RIV4yQ -7okYCwKBGL5n/lNgiCe6o3M0S1pWtN5zBe2Yll3sSudA/EsJYuvQ4zFPhdF6q1ln -K/uID+uqg701/WEn7GYOQlf3acIM7/xqwm5J2o9BOK5IqQIDAQABo2MwYTAOBgNV -HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFPzgZvZaNZnrQB7SuB5DvJiOH4rDMB8GA1Ud -IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ -KoZIhvcNAQEEBQADggEBAJujCETO8pCdcfMyswVqterPKZjeVT6gFn0GekTWr9L6 -E1iM+BzHqx20G+9paJhcCDmP4Pf7SMwh57gz2wWqNCRsSuXpe2Deg7MfCr5BdfzM -MEi3wSYdBDOqtnjtKsu6VpcybvcxlS5G8hTuJ8f3Yom5XFrTOIpk9Te08bM0ctXV -IT1L13iT1zFmNR6j2EdJbxyt4YB/+JgkbHOsDsIadwKjJge3x2tdvILVKkgdY89Q -Mqb7HBhHFQpbDFw4JJoEmKgISF98NIdjqy2NTAB3lBt2uvUWGKMVry+U9ikAdsEV -F9PpN0121MtLKVkkrNpKoOpj3l9Usfrz0UXLxWS0cyE= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: - 02:00:00:00:00:00:d6:78:b8:37:cf - Signature Algorithm: md5WithRSAEncryption - Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA - Validity - Not Before: Sep 15 12:00:00 1998 GMT - Not After : Jan 28 12:00:00 2009 GMT - Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 1 CA, CN=GlobalSign Primary Class 1 CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:bd:20:35:47:d1:28:d6:08:a3:12:39:23:47:0d: - bd:70:21:52:0e:57:31:95:a6:34:57:6b:ec:7e:43: - 79:c3:06:52:48:cd:bc:b5:a1:99:bd:d8:1f:32:bc: - cf:d7:6e:72:6d:2e:77:22:90:82:4e:4b:8f:9a:0c: - 01:42:9a:d9:70:59:b6:9d:1f:e6:63:d1:0c:ad:1d: - 4e:f8:85:81:f9:ae:ef:9f:a6:52:61:44:79:1a:75: - 45:e0:61:56:45:6d:42:8c:3d:72:cb:a6:a4:12:b7: - 9a:f5:d6:60:d0:60:50:b3:8e:a6:a6:ec:b4:f4:12: - cd:7f:a8:ce:ef:b3:e1:85:30:fe:72:c4:e6:e7:77: - b3:9e:58:41:d6:51:83:88:07:c6:b6:69:4f:36:de: - d1:0b:48:3f:bd:d6:9f:21:74:64:6f:27:06:3e:4b: - fd:0e:a6:9b:bf:a4:48:57:8c:90:ee:89:18:0b:02: - 81:18:be:67:fe:53:60:88:27:ba:a3:73:34:4b:5a: - 56:b4:de:73:05:ed:98:96:5d:ec:4a:e7:40:fc:4b: - 09:62:eb:d0:e3:31:4f:85:d1:7a:ab:59:67:2b:fb: - 88:0f:eb:aa:83:bd:35:fd:61:27:ec:66:0e:42:57: - f7:69:c2:0c:ef:fc:6a:c2:6e:49:da:8f:41:38:ae: - 48:a9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: - FC:E0:66:F6:5A:35:99:EB:40:1E:D2:B8:1E:43:BC:98:8E:1F:8A:C3 - X509v3 Authority Key Identifier: - keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B - - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 9b:a3:08:44:ce:f2:90:9d:71:f3:32:b3:05:6a:b5:ea:cf:29: - 98:de:55:3e:a0:16:7d:06:7a:44:d6:af:d2:fa:13:58:8c:f8: - 1c:c7:ab:1d:b4:1b:ef:69:68:98:5c:08:39:8f:e0:f7:fb:48: - cc:21:e7:b8:33:db:05:aa:34:24:6c:4a:e5:e9:7b:60:de:83: - b3:1f:0a:be:41:75:fc:cc:30:48:b7:c1:26:1d:04:33:aa:b6: - 78:ed:2a:cb:ba:56:97:32:6e:f7:31:95:2e:46:f2:14:ee:27: - c7:f7:62:89:b9:5c:5a:d3:38:8a:64:f5:37:b4:f1:b3:34:72: - d5:d5:21:3d:4b:d7:78:93:d7:31:66:35:1e:a3:d8:47:49:6f: - 1c:ad:e1:80:7f:f8:98:24:6c:73:ac:0e:c2:1a:77:02:a3:26: - 07:b7:c7:6b:5d:bc:82:d5:2a:48:1d:63:cf:50:32:a6:fb:1c: - 18:47:15:0a:5b:0c:5c:38:24:9a:04:98:a8:08:48:5f:7c:34: - 87:63:ab:2d:8d:4c:00:77:94:1b:76:ba:f5:16:18:a3:15:af: - 2f:94:f6:29:00:76:c1:15:17:d3:e9:37:4d:76:d4:cb:4b:29: - 59:24:ac:da:4a:a0:ea:63:de:5f:54:b1:fa:f3:d1:45:cb:c5: - 64:b4:73:21 - -GlobalSign Primary Class 2 CA -============================= -MD5 Fingerprint: A9:A9:42:59:7E:BE:5A:94:E4:2C:C6:8B:1C:2A:44:B6 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDrDCCApSgAwIBAgILAgAAAAAA1ni4jY0wDQYJKoZIhvcNAQEEBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw -MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDIgQ0ExJjAkBgNV -BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAyIENBMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAkoz+7/RFjhdBbvzYvyFvqwadUsEsAJ0/joW4f0qP -vaBjKspJJ65agvR04lWS/8LRqnmitvrVnYIET8ayxl5jpzq62O7rim+ftrsoQcAi -+05IGgaS17/Xz7nZvThPOw1EblVB/vwJ29i/844h8egStfYTpdPGTJMisAL/7h0M -xKhrT3VoVujcKBJQ96gknS4kOfsJBd7lo2RJIdBofnEwkbFg4Dn0UPh6TZgAa3x5 -uk7OSuK6Nh23xTYVlZxkQupfxLr1QAW+4TpZvYSnGbjeTVNQzgfR0lHT7w2BbObn -bctdfD98zOxPgycl/3BQ9oNZdYQGZlgs3omNAKZJ+aVDdwIDAQABo2MwYTAOBgNV -HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFHznsrEs3rGna+l2DOGj/U5sx7n2MB8GA1Ud -IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ -KoZIhvcNAQEEBQADggEBAGPdWc6KeaqYnU7FiWQ3foqTZy8Q6m8nw413bfJcVpQZ -GmlgMEZdj/JtRTyONZd8L7hR4uiJvYjPJxwINFyIwWgk25GF5M/7+0ON6CUBG8QO -9wBCSIYfJAhYWoyN8mtHLGiRsWlC/Q2NySbmkoamZG6Sxc4+PH1x4yOkq8fVqKnf -gqc76IbVw08Y40TQ4NzzxWgu/qUvBYTIfkdCU2uHSv4y/14+cIy3qBXMF8L/RuzQ -7C20bhIoqflA6evUZpdTqWlVwKmqsi7N0Wn0vvi7fGnuVKbbnvtapj7+mu+UUUt1 -7tjU4ZrxAlYTiQ6nQouWi4UMG4W+Jq6rppm8IvFz30I= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: - 02:00:00:00:00:00:d6:78:b8:8d:8d - Signature Algorithm: md5WithRSAEncryption - Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA - Validity - Not Before: Jan 28 12:00:00 1999 GMT - Not After : Jan 28 12:00:00 2009 GMT - Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 2 CA, CN=GlobalSign Primary Class 2 CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:92:8c:fe:ef:f4:45:8e:17:41:6e:fc:d8:bf:21: - 6f:ab:06:9d:52:c1:2c:00:9d:3f:8e:85:b8:7f:4a: - 8f:bd:a0:63:2a:ca:49:27:ae:5a:82:f4:74:e2:55: - 92:ff:c2:d1:aa:79:a2:b6:fa:d5:9d:82:04:4f:c6: - b2:c6:5e:63:a7:3a:ba:d8:ee:eb:8a:6f:9f:b6:bb: - 28:41:c0:22:fb:4e:48:1a:06:92:d7:bf:d7:cf:b9: - d9:bd:38:4f:3b:0d:44:6e:55:41:fe:fc:09:db:d8: - bf:f3:8e:21:f1:e8:12:b5:f6:13:a5:d3:c6:4c:93: - 22:b0:02:ff:ee:1d:0c:c4:a8:6b:4f:75:68:56:e8: - dc:28:12:50:f7:a8:24:9d:2e:24:39:fb:09:05:de: - e5:a3:64:49:21:d0:68:7e:71:30:91:b1:60:e0:39: - f4:50:f8:7a:4d:98:00:6b:7c:79:ba:4e:ce:4a:e2: - ba:36:1d:b7:c5:36:15:95:9c:64:42:ea:5f:c4:ba: - f5:40:05:be:e1:3a:59:bd:84:a7:19:b8:de:4d:53: - 50:ce:07:d1:d2:51:d3:ef:0d:81:6c:e6:e7:6d:cb: - 5d:7c:3f:7c:cc:ec:4f:83:27:25:ff:70:50:f6:83: - 59:75:84:06:66:58:2c:de:89:8d:00:a6:49:f9:a5: - 43:77 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: - 7C:E7:B2:B1:2C:DE:B1:A7:6B:E9:76:0C:E1:A3:FD:4E:6C:C7:B9:F6 - X509v3 Authority Key Identifier: - keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B - - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 63:dd:59:ce:8a:79:aa:98:9d:4e:c5:89:64:37:7e:8a:93:67: - 2f:10:ea:6f:27:c3:8d:77:6d:f2:5c:56:94:19:1a:69:60:30: - 46:5d:8f:f2:6d:45:3c:8e:35:97:7c:2f:b8:51:e2:e8:89:bd: - 88:cf:27:1c:08:34:5c:88:c1:68:24:db:91:85:e4:cf:fb:fb: - 43:8d:e8:25:01:1b:c4:0e:f7:00:42:48:86:1f:24:08:58:5a: - 8c:8d:f2:6b:47:2c:68:91:b1:69:42:fd:0d:8d:c9:26:e6:92: - 86:a6:64:6e:92:c5:ce:3e:3c:7d:71:e3:23:a4:ab:c7:d5:a8: - a9:df:82:a7:3b:e8:86:d5:c3:4f:18:e3:44:d0:e0:dc:f3:c5: - 68:2e:fe:a5:2f:05:84:c8:7e:47:42:53:6b:87:4a:fe:32:ff: - 5e:3e:70:8c:b7:a8:15:cc:17:c2:ff:46:ec:d0:ec:2d:b4:6e: - 12:28:a9:f9:40:e9:eb:d4:66:97:53:a9:69:55:c0:a9:aa:b2: - 2e:cd:d1:69:f4:be:f8:bb:7c:69:ee:54:a6:db:9e:fb:5a:a6: - 3e:fe:9a:ef:94:51:4b:75:ee:d8:d4:e1:9a:f1:02:56:13:89: - 0e:a7:42:8b:96:8b:85:0c:1b:85:be:26:ae:ab:a6:99:bc:22: - f1:73:df:42 - -GlobalSign Primary Class 3 CA -============================= -MD5 Fingerprint: 98:12:A3:4B:95:A9:96:64:94:E7:50:8C:3E:E1:83:5A -PEM Data: ------BEGIN CERTIFICATE----- -MIIDrDCCApSgAwIBAgILAgAAAAAA1ni41sMwDQYJKoZIhvcNAQEEBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw -MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDMgQ0ExJjAkBgNV -BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAzIENBMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAkV5WZdbAwAScv0fEXHt6MQH5WJaZ4xyEL9xWj631 -WYHVQ2ZdWpOMdcqp5xHBURAUYMks1HuvxneGq3onrm+VuQvKtkb7fhr0DRRt0slO -sq7wVPZcQEw2SHToVIxlZhCnvSu3II0FSa14fdIkI1Dj8LR5mwE5/6870y3u4UmN -jS88akFFL5vjPeES5JF1ns+gPjySgW+KLhjc4PKMjP2H2Qf0QJTJTk9D32dWb70D -UHyZZ6S5PJFsAm6E1vxG98xvGD4X8O8LZBZX5qyG8UiqQ8HJJ3hzREXihX26/7Ph -+xsFpEs7mRIlAVAUaq9d6sgM7uTa7EuLXGgTldzDtTA61wIDAQABo2MwYTAOBgNV -HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFMw2zBe0RZEv7c87MEh3+7UUmb7jMB8GA1Ud -IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ -KoZIhvcNAQEEBQADggEBAFeyVMy9lRdkYIm2U5EMRZLDPahsw8yyGPV4QXTYfaMn -r3cNWT6UHWn6idMMvRoB9D/o4Hcagiha5mLXt+M2yQ6feuPC08xZiQzvFovwNnci -yqS2t8FCZwFAY8znOGSHWxSWZnstFO69SW3/d9DiTlvTgMJND8q4nYGXpzRux+Oc -SOW0qkX19mVMSPISwtKTjMIVJPMrUv/jCK64btYsEs85yxIq56l7X5g9o+HMpmOJ -XH0xdfnV1l3y0NQ9355xqA7c5CCXeOZ/U6QNUU+OOwOuow1aTcN55zVYcELJXqFe -tNkio0RTNaTQz3OAxc+fVph2+RRMd4eCydx+XTTVNnU= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: - 02:00:00:00:00:00:d6:78:b8:d6:c3 - Signature Algorithm: md5WithRSAEncryption - Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA - Validity - Not Before: Jan 28 12:00:00 1999 GMT - Not After : Jan 28 12:00:00 2009 GMT - Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 3 CA, CN=GlobalSign Primary Class 3 CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:91:5e:56:65:d6:c0:c0:04:9c:bf:47:c4:5c:7b: - 7a:31:01:f9:58:96:99:e3:1c:84:2f:dc:56:8f:ad: - f5:59:81:d5:43:66:5d:5a:93:8c:75:ca:a9:e7:11: - c1:51:10:14:60:c9:2c:d4:7b:af:c6:77:86:ab:7a: - 27:ae:6f:95:b9:0b:ca:b6:46:fb:7e:1a:f4:0d:14: - 6d:d2:c9:4e:b2:ae:f0:54:f6:5c:40:4c:36:48:74: - e8:54:8c:65:66:10:a7:bd:2b:b7:20:8d:05:49:ad: - 78:7d:d2:24:23:50:e3:f0:b4:79:9b:01:39:ff:af: - 3b:d3:2d:ee:e1:49:8d:8d:2f:3c:6a:41:45:2f:9b: - e3:3d:e1:12:e4:91:75:9e:cf:a0:3e:3c:92:81:6f: - 8a:2e:18:dc:e0:f2:8c:8c:fd:87:d9:07:f4:40:94: - c9:4e:4f:43:df:67:56:6f:bd:03:50:7c:99:67:a4: - b9:3c:91:6c:02:6e:84:d6:fc:46:f7:cc:6f:18:3e: - 17:f0:ef:0b:64:16:57:e6:ac:86:f1:48:aa:43:c1: - c9:27:78:73:44:45:e2:85:7d:ba:ff:b3:e1:fb:1b: - 05:a4:4b:3b:99:12:25:01:50:14:6a:af:5d:ea:c8: - 0c:ee:e4:da:ec:4b:8b:5c:68:13:95:dc:c3:b5:30: - 3a:d7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: - CC:36:CC:17:B4:45:91:2F:ED:CF:3B:30:48:77:FB:B5:14:99:BE:E3 - X509v3 Authority Key Identifier: - keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B - - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 57:b2:54:cc:bd:95:17:64:60:89:b6:53:91:0c:45:92:c3:3d: - a8:6c:c3:cc:b2:18:f5:78:41:74:d8:7d:a3:27:af:77:0d:59: - 3e:94:1d:69:fa:89:d3:0c:bd:1a:01:f4:3f:e8:e0:77:1a:82: - 28:5a:e6:62:d7:b7:e3:36:c9:0e:9f:7a:e3:c2:d3:cc:59:89: - 0c:ef:16:8b:f0:36:77:22:ca:a4:b6:b7:c1:42:67:01:40:63: - cc:e7:38:64:87:5b:14:96:66:7b:2d:14:ee:bd:49:6d:ff:77: - d0:e2:4e:5b:d3:80:c2:4d:0f:ca:b8:9d:81:97:a7:34:6e:c7: - e3:9c:48:e5:b4:aa:45:f5:f6:65:4c:48:f2:12:c2:d2:93:8c: - c2:15:24:f3:2b:52:ff:e3:08:ae:b8:6e:d6:2c:12:cf:39:cb: - 12:2a:e7:a9:7b:5f:98:3d:a3:e1:cc:a6:63:89:5c:7d:31:75: - f9:d5:d6:5d:f2:d0:d4:3d:df:9e:71:a8:0e:dc:e4:20:97:78: - e6:7f:53:a4:0d:51:4f:8e:3b:03:ae:a3:0d:5a:4d:c3:79:e7: - 35:58:70:42:c9:5e:a1:5e:b4:d9:22:a3:44:53:35:a4:d0:cf: - 73:80:c5:cf:9f:56:98:76:f9:14:4c:77:87:82:c9:dc:7e:5d: - 34:d5:36:75 - -GlobalSign Root CA -================== -MD5 Fingerprint: AB:BF:EA:E3:6B:29:A6:CC:A6:78:35:99:EF:AD:2B:80 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw -MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT -aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ -jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp -xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp -1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG -snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ -U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 -9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU -YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B -AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7 -5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q -gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR -rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7 -ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o -Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: - 02:00:00:00:00:00:d6:78:b7:94:05 - Signature Algorithm: md5WithRSAEncryption - Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA - Validity - Not Before: Sep 1 12:00:00 1998 GMT - Not After : Jan 28 12:00:00 2014 GMT - Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b: - 83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0: - 63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89: - 8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c: - 70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50: - 15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0: - 6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2: - 89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7: - 54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c: - 92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2: - 75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9: - c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b: - bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91: - ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51: - 63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa: - 48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a: - 07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93: - 90:cf - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Certificate Sign, CRL Sign - X509v3 Subject Key Identifier: - 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - ae:aa:9f:fc:b7:d2:cb:1f:5f:39:29:28:18:9e:34:c9:6c:4f: - 6f:1a:f0:64:a2:70:4a:4f:13:86:9b:60:28:9e:e8:81:49:98: - 7d:0a:bb:e5:b0:9d:3d:36:db:8f:05:51:ff:09:31:2a:1f:dd: - 89:77:9e:0f:2e:6c:95:04:ed:86:cb:b4:00:3f:84:02:4d:80: - 6a:2a:2d:78:0b:ae:6f:2b:a2:83:44:83:1f:cd:50:82:4c:24: - af:bd:f7:a5:b4:c8:5a:0f:f4:e7:47:5e:49:8e:37:96:fe:9a: - 88:05:3a:d9:c0:db:29:87:e6:19:96:47:a7:3a:a6:8c:8b:3c: - 77:fe:46:63:a7:53:da:21:d1:ac:7e:49:a2:4b:e6:c3:67:59: - 2f:b3:8a:0e:bb:2c:bd:a9:aa:42:7c:35:c1:d8:7f:d5:a7:31: - 3a:4e:63:43:39:af:08:b0:61:34:8c:d3:98:a9:43:34:f6:0f: - 87:29:3b:9d:c2:56:58:98:77:c3:f7:1b:ac:f6:9d:f8:3e:aa: - a7:54:45:f0:f5:f9:d5:31:65:fe:6b:58:9c:71:b3:1e:d7:52: - ea:32:17:fc:40:60:1d:c9:79:24:b2:f6:6c:fd:a8:66:0e:82: - dd:98:cb:da:c2:44:4f:2e:a0:7b:f2:f7:6b:2c:76:11:84:46: - 8a:78:a3:e3 - -National Retail Federation by DST -================================= -MD5 Fingerprint: AD:8E:0F:9E:01:6B:A0:C5:74:D5:0C:D3:68:65:4F:1E -PEM Data: ------BEGIN CERTIFICATE----- -MIIEAjCCAuoCEQDQHkCKAAACfAAAAAMAAAABMA0GCSqGSIb3DQEBBQUAMIG+MQsw -CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp -dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEjMCEGA1UE -CxMaTmF0aW9uYWwgUmV0YWlsIEZlZGVyYXRpb24xGTAXBgNVBAMTEERTVCAoTlJG -KSBSb290Q0ExITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05 -ODEyMTExNjE0MTZaFw0wODEyMDgxNjE0MTZaMIG+MQswCQYDVQQGEwJ1czENMAsG -A1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0Rp -Z2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEjMCEGA1UECxMaTmF0aW9uYWwgUmV0 -YWlsIEZlZGVyYXRpb24xGTAXBgNVBAMTEERTVCAoTlJGKSBSb290Q0ExITAfBgkq -hkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBANmsm3f6UNPM3LlArLlyagCHI/wPliHQJq/k4rVf+tOmfSEw -LswXgo+YdPxnpKbfiJeiQin1p9sRk/teIzDCqrwi50Eb5e0l3sg/295XRXhARoOy -1Ro93w9FbdVjAnXYL8Zuq5WRdDcNy00JXNHUWzra3Q7Ia5nY1TnM34VVxJJTAqPh -94DJcKPa3DPEf6JHCBw1lh+hAxwwg/TEzP+Yw7BGRKLAv63b0oH2TJgsp14k84bK -Y9W6ffCawErQG1ju7Klnz2kCbCLAYCws0cgg6sgt+92cu8tRTNznVwQ7VJsRpTJ0 -7HQB85AVWy98LJNluWZntIGINeWekRh/gahByMsCAwEAATANBgkqhkiG9w0BAQUF -AAOCAQEAhF4LO+ygjRyb0DwdcWnkGn9kvoFlYcWMatd8AHTgemJV7SR84GHj8t0U -5hFugw7h6qmegK2aIL/gV37V0LWEYy3ZGOS9GzUsXq5hdqpnhTs44TGBHzF/5tf4 -W9K7Y3mGxIzF3gqu19H8AXT/trYNYoFnHLsm+CSA4Fxe2KSKOo99y/+So/18qTJp -B1hYYUKZUgOxOD3GcW9s8uh9BqrBfFPLGi2IT8mpp6xpb/ekH9h0gfVKv7FVt9N3 -OKdvwkrI4nOJ01dy4UMvcjz2H7f4BEpuwemUF+SXF/QOE4ZvjavoXy20/2zWorQf -7LmUaqoSTxrd9Xe1JYzyigrx/FJbWA== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - d0:1e:40:8a:00:00:02:7c:00:00:00:03:00:00:00:01 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=National Retail Federation, CN=DST (NRF) RootCA/Email=ca@digsigtrust.com - Validity - Not Before: Dec 11 16:14:16 1998 GMT - Not After : Dec 8 16:14:16 2008 GMT - Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=National Retail Federation, CN=DST (NRF) RootCA/Email=ca@digsigtrust.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:d9:ac:9b:77:fa:50:d3:cc:dc:b9:40:ac:b9:72: - 6a:00:87:23:fc:0f:96:21:d0:26:af:e4:e2:b5:5f: - fa:d3:a6:7d:21:30:2e:cc:17:82:8f:98:74:fc:67: - a4:a6:df:88:97:a2:42:29:f5:a7:db:11:93:fb:5e: - 23:30:c2:aa:bc:22:e7:41:1b:e5:ed:25:de:c8:3f: - db:de:57:45:78:40:46:83:b2:d5:1a:3d:df:0f:45: - 6d:d5:63:02:75:d8:2f:c6:6e:ab:95:91:74:37:0d: - cb:4d:09:5c:d1:d4:5b:3a:da:dd:0e:c8:6b:99:d8: - d5:39:cc:df:85:55:c4:92:53:02:a3:e1:f7:80:c9: - 70:a3:da:dc:33:c4:7f:a2:47:08:1c:35:96:1f:a1: - 03:1c:30:83:f4:c4:cc:ff:98:c3:b0:46:44:a2:c0: - bf:ad:db:d2:81:f6:4c:98:2c:a7:5e:24:f3:86:ca: - 63:d5:ba:7d:f0:9a:c0:4a:d0:1b:58:ee:ec:a9:67: - cf:69:02:6c:22:c0:60:2c:2c:d1:c8:20:ea:c8:2d: - fb:dd:9c:bb:cb:51:4c:dc:e7:57:04:3b:54:9b:11: - a5:32:74:ec:74:01:f3:90:15:5b:2f:7c:2c:93:65: - b9:66:67:b4:81:88:35:e5:9e:91:18:7f:81:a8:41: - c8:cb - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 84:5e:0b:3b:ec:a0:8d:1c:9b:d0:3c:1d:71:69:e4:1a:7f:64: - be:81:65:61:c5:8c:6a:d7:7c:00:74:e0:7a:62:55:ed:24:7c: - e0:61:e3:f2:dd:14:e6:11:6e:83:0e:e1:ea:a9:9e:80:ad:9a: - 20:bf:e0:57:7e:d5:d0:b5:84:63:2d:d9:18:e4:bd:1b:35:2c: - 5e:ae:61:76:aa:67:85:3b:38:e1:31:81:1f:31:7f:e6:d7:f8: - 5b:d2:bb:63:79:86:c4:8c:c5:de:0a:ae:d7:d1:fc:01:74:ff: - b6:b6:0d:62:81:67:1c:bb:26:f8:24:80:e0:5c:5e:d8:a4:8a: - 3a:8f:7d:cb:ff:92:a3:fd:7c:a9:32:69:07:58:58:61:42:99: - 52:03:b1:38:3d:c6:71:6f:6c:f2:e8:7d:06:aa:c1:7c:53:cb: - 1a:2d:88:4f:c9:a9:a7:ac:69:6f:f7:a4:1f:d8:74:81:f5:4a: - bf:b1:55:b7:d3:77:38:a7:6f:c2:4a:c8:e2:73:89:d3:57:72: - e1:43:2f:72:3c:f6:1f:b7:f8:04:4a:6e:c1:e9:94:17:e4:97: - 17:f4:0e:13:86:6f:8d:ab:e8:5f:2d:b4:ff:6c:d6:a2:b4:1f: - ec:b9:94:6a:aa:12:4f:1a:dd:f5:77:b5:25:8c:f2:8a:0a:f1: - fc:52:5b:58 - -TC TrustCenter, Germany, Class 0 CA -=================================== -MD5 Fingerprint: 35:85:49:8E:6E:57:FE:BD:97:F1:C9:46:23:3A:B6:7D -PEM Data: ------BEGIN CERTIFICATE----- -MIIENTCCA56gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx -EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD -IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx -IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDAgQ0ExKTAnBgkqhkiG9w0B -CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTQ0OFoX -DTA1MTIzMTEzNTQ0OFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn -MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig -U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz -dENlbnRlciBDbGFzcyAwIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0 -cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA333mvr/V -8C9tTg7R4I0LfztU6IrisJ8oxYrGubMzJ/UnyhpMVBJrtLJGsx1Ls/QhC0sCLqHC -NJyFoMR4EdvbaycrCSoYTkDMn3EZZ5l0onw/wdiLI8hjO4ohq1zeHvSN3LQYwwVz -9Gq0ofoBCCsBD203W6o4hmc51+Vf+uR+zKMCAwEAAaOCAUMwggE/MEAGCWCGSAGG -+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr -LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl -ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw -czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI -AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p -bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAw -IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQBNB39fCTAZ -kqoFR3qUdVQqrs/82AxC4UU4KySVssqHynnEw5eQXmIYxsk4YUxoNdNMFBHrxM2h -qdjFnmgnMgc1RQT4XyGgYB4cAEgEWNLFy65tMm49d5WMhcflrlCddUp7/wsneepN -pFn/7FrqJqU5g6TReM6nqX683SvKEpMDSg== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 0 CA/Email=certificate@trustcenter.de - Validity - Not Before: Mar 9 13:54:48 1998 GMT - Not After : Dec 31 13:54:48 2005 GMT - Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 0 CA/Email=certificate@trustcenter.de - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:df:7d:e6:be:bf:d5:f0:2f:6d:4e:0e:d1:e0:8d: - 0b:7f:3b:54:e8:8a:e2:b0:9f:28:c5:8a:c6:b9:b3: - 33:27:f5:27:ca:1a:4c:54:12:6b:b4:b2:46:b3:1d: - 4b:b3:f4:21:0b:4b:02:2e:a1:c2:34:9c:85:a0:c4: - 78:11:db:db:6b:27:2b:09:2a:18:4e:40:cc:9f:71: - 19:67:99:74:a2:7c:3f:c1:d8:8b:23:c8:63:3b:8a: - 21:ab:5c:de:1e:f4:8d:dc:b4:18:c3:05:73:f4:6a: - b4:a1:fa:01:08:2b:01:0f:6d:37:5b:aa:38:86:67: - 39:d7:e5:5f:fa:e4:7e:cc:a3 - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape CA Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape Renewal Url: - https://www.trustcenter.de/cgi-bin/Renew.cgi? - Netscape CA Policy Url: - http://www.trustcenter.de/guidelines/index.html - Netscape Comment: - TC TrustCenter Class 0 CA - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - Signature Algorithm: md5WithRSAEncryption - 4d:07:7f:5f:09:30:19:92:aa:05:47:7a:94:75:54:2a:ae:cf: - fc:d8:0c:42:e1:45:38:2b:24:95:b2:ca:87:ca:79:c4:c3:97: - 90:5e:62:18:c6:c9:38:61:4c:68:35:d3:4c:14:11:eb:c4:cd: - a1:a9:d8:c5:9e:68:27:32:07:35:45:04:f8:5f:21:a0:60:1e: - 1c:00:48:04:58:d2:c5:cb:ae:6d:32:6e:3d:77:95:8c:85:c7: - e5:ae:50:9d:75:4a:7b:ff:0b:27:79:ea:4d:a4:59:ff:ec:5a: - ea:26:a5:39:83:a4:d1:78:ce:a7:a9:7e:bc:dd:2b:ca:12:93: - 03:4a - -TC TrustCenter, Germany, Class 1 CA -=================================== -MD5 Fingerprint: 64:3F:F8:3E:52:14:4A:59:BA:93:56:04:0B:23:02:D1 -PEM Data: ------BEGIN CERTIFICATE----- -MIIENTCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx -EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD -IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx -IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0ExKTAnBgkqhkiG9w0B -CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTYzM1oX -DTA1MTIzMTEzNTYzM1owgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn -MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig -U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz -dENlbnRlciBDbGFzcyAxIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0 -cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCnrtHaz -rte2W7Re573jsZxJBFdboavZfxMb/bphq9jncd8tAJRdUUh9I+91YoSQPAofWRF0 -L46Apf0wAj0pUs1yGkkhnLzLUo5IoWOWyBCFMGlXdEXAWobG1T3gaFd9MWokjUWX -PjF+aGYybiRt7DI2yUHK8DFEyKNhyhugNh8CAwEAAaOCAUMwggE/MEAGCWCGSAGG -+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr -LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl -ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw -czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI -AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p -bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAx -IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQAFQlImpAwn -AUSsXCUowkRCVAi5HcU+bFlmxLNOUKf4+JZ1oZZ16BY4oM1dbvp5pxt7HR7DALlm -vlrWYg/n8nu470zgwD9Zrjm3hAmeq/GpLmtp4q3M8up4CQUgOEJxGH7Hspfm1QIF -BlajX/GqwsRP/vfvFg+d7KqFzz0pJPEEzQ== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate@trustcenter.de - Validity - Not Before: Mar 9 13:56:33 1998 GMT - Not After : Dec 31 13:56:33 2005 GMT - Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate@trustcenter.de - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b0:29:eb:b4:76:b3:ae:d7:b6:5b:b4:5e:e7:bd: - e3:b1:9c:49:04:57:5b:a1:ab:d9:7f:13:1b:fd:ba: - 61:ab:d8:e7:71:df:2d:00:94:5d:51:48:7d:23:ef: - 75:62:84:90:3c:0a:1f:59:11:74:2f:8e:80:a5:fd: - 30:02:3d:29:52:cd:72:1a:49:21:9c:bc:cb:52:8e: - 48:a1:63:96:c8:10:85:30:69:57:74:45:c0:5a:86: - c6:d5:3d:e0:68:57:7d:31:6a:24:8d:45:97:3e:31: - 7e:68:66:32:6e:24:6d:ec:32:36:c9:41:ca:f0:31: - 44:c8:a3:61:ca:1b:a0:36:1f - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape CA Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape Renewal Url: - https://www.trustcenter.de/cgi-bin/Renew.cgi? - Netscape CA Policy Url: - http://www.trustcenter.de/guidelines/index.html - Netscape Comment: - TC TrustCenter Class 1 CA - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - Signature Algorithm: md5WithRSAEncryption - 05:42:52:26:a4:0c:27:01:44:ac:5c:25:28:c2:44:42:54:08: - b9:1d:c5:3e:6c:59:66:c4:b3:4e:50:a7:f8:f8:96:75:a1:96: - 75:e8:16:38:a0:cd:5d:6e:fa:79:a7:1b:7b:1d:1e:c3:00:b9: - 66:be:5a:d6:62:0f:e7:f2:7b:b8:ef:4c:e0:c0:3f:59:ae:39: - b7:84:09:9e:ab:f1:a9:2e:6b:69:e2:ad:cc:f2:ea:78:09:05: - 20:38:42:71:18:7e:c7:b2:97:e6:d5:02:05:06:56:a3:5f:f1: - aa:c2:c4:4f:fe:f7:ef:16:0f:9d:ec:aa:85:cf:3d:29:24:f1: - 04:cd - -TC TrustCenter, Germany, Class 2 CA -=================================== -MD5 Fingerprint: E1:E9:96:53:77:E1:F0:38:A0:02:AB:94:C6:95:7B:FC -PEM Data: ------BEGIN CERTIFICATE----- -MIIENTCCA56gAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx -EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD -IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx -IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExKTAnBgkqhkiG9w0B -CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTc0NFoX -DTA1MTIzMTEzNTc0NFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn -MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig -U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz -dENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0 -cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2jjo7TIA -KXGDAQ2/jAHc2satOaSpii/Vi1xoX1DGYvVmvcqRIuyqHVHXPbNRsoNOXctJsPBM -VeVrLceFCzAckk6C1MoC7fdvvtzg4xS4BVPymvRWi1qehZPRtIJWrk27qEtXFrz+ -+Fie+CmNsHvNeMlPrItnDPGc+/xXm1dcTw0CAwEAAaOCAUMwggE/MEAGCWCGSAGG -+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr -LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl -ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw -czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI -AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p -bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAy -IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCJG/Tv6Tji -bAz2zW9JzinM+6YP+Y0+lUbW/EcyibLIBmF60ucNEwKUC9mLVkf0u+fFX3v0Y0yu -fDTqDaKpsyyF8+P+J1QQkrCPksGYQhhwSNtOLOsNJGjk0fe+Cakph7vo2tw+o4hC -MfXR43+u2I4AWnSYsE/G/yN7XHMAeMnbTg== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 3 (0x3) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate@trustcenter.de - Validity - Not Before: Mar 9 13:57:44 1998 GMT - Not After : Dec 31 13:57:44 2005 GMT - Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate@trustcenter.de - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:da:38:e8:ed:32:00:29:71:83:01:0d:bf:8c:01: - dc:da:c6:ad:39:a4:a9:8a:2f:d5:8b:5c:68:5f:50: - c6:62:f5:66:bd:ca:91:22:ec:aa:1d:51:d7:3d:b3: - 51:b2:83:4e:5d:cb:49:b0:f0:4c:55:e5:6b:2d:c7: - 85:0b:30:1c:92:4e:82:d4:ca:02:ed:f7:6f:be:dc: - e0:e3:14:b8:05:53:f2:9a:f4:56:8b:5a:9e:85:93: - d1:b4:82:56:ae:4d:bb:a8:4b:57:16:bc:fe:f8:58: - 9e:f8:29:8d:b0:7b:cd:78:c9:4f:ac:8b:67:0c:f1: - 9c:fb:fc:57:9b:57:5c:4f:0d - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape CA Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape Renewal Url: - https://www.trustcenter.de/cgi-bin/Renew.cgi? - Netscape CA Policy Url: - http://www.trustcenter.de/guidelines/index.html - Netscape Comment: - TC TrustCenter Class 2 CA - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - Signature Algorithm: md5WithRSAEncryption - 89:1b:f4:ef:e9:38:e2:6c:0c:f6:cd:6f:49:ce:29:cc:fb:a6: - 0f:f9:8d:3e:95:46:d6:fc:47:32:89:b2:c8:06:61:7a:d2:e7: - 0d:13:02:94:0b:d9:8b:56:47:f4:bb:e7:c5:5f:7b:f4:63:4c: - ae:7c:34:ea:0d:a2:a9:b3:2c:85:f3:e3:fe:27:54:10:92:b0: - 8f:92:c1:98:42:18:70:48:db:4e:2c:eb:0d:24:68:e4:d1:f7: - be:09:a9:29:87:bb:e8:da:dc:3e:a3:88:42:31:f5:d1:e3:7f: - ae:d8:8e:00:5a:74:98:b0:4f:c6:ff:23:7b:5c:73:00:78:c9: - db:4e - -TC TrustCenter, Germany, Class 3 CA -=================================== -MD5 Fingerprint: 62:AB:B6:15:4A:B4:B0:16:77:FF:AE:CF:16:16:2B:8C -PEM Data: ------BEGIN CERTIFICATE----- -MIIENTCCA56gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx -EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD -IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx -IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0B -CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTg0OVoX -DTA1MTIzMTEzNTg0OVowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn -MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig -U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz -dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0 -cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtrTBNQUu -DY3soEBqHA4nplCSa1AbB94u53bM4Nr8hKhejGNqK03ZTgJ2EcEL8o15ygC28bAO -1/ukFz2vq2l6lie/rzOhmipZqsS1NwjyEqUxtkP1MpZxKCirjSiG37vu4wx9MNbD -UquPXSeca8Cj5wVrV0lEs27qZM/SjnpQd3cCAwEAAaOCAUMwggE/MEAGCWCGSAGG -+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr -LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl -ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw -czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI -AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p -bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAz -IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCEhlBieaAn -4SW6CbE0DxMJ7S3Ko+aV+TCszRelzj2Xnex8jyZ/wGHKIveR3Tw2WZqbdfe85Mjt -7AK2IqfzLPHIknhttu7FKOyAIE+5awjnL6eGHn2xCJ9UuQA3PKDYGsiWHPQyFJw5 -lbfu8ENJwl7oy3lvU7/7SYos2EvZVfIScA== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 4 (0x4) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate@trustcenter.de - Validity - Not Before: Mar 9 13:58:49 1998 GMT - Not After : Dec 31 13:58:49 2005 GMT - Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate@trustcenter.de - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b6:b4:c1:35:05:2e:0d:8d:ec:a0:40:6a:1c:0e: - 27:a6:50:92:6b:50:1b:07:de:2e:e7:76:cc:e0:da: - fc:84:a8:5e:8c:63:6a:2b:4d:d9:4e:02:76:11:c1: - 0b:f2:8d:79:ca:00:b6:f1:b0:0e:d7:fb:a4:17:3d: - af:ab:69:7a:96:27:bf:af:33:a1:9a:2a:59:aa:c4: - b5:37:08:f2:12:a5:31:b6:43:f5:32:96:71:28:28: - ab:8d:28:86:df:bb:ee:e3:0c:7d:30:d6:c3:52:ab: - 8f:5d:27:9c:6b:c0:a3:e7:05:6b:57:49:44:b3:6e: - ea:64:cf:d2:8e:7a:50:77:77 - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape CA Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape Renewal Url: - https://www.trustcenter.de/cgi-bin/Renew.cgi? - Netscape CA Policy Url: - http://www.trustcenter.de/guidelines/index.html - Netscape Comment: - TC TrustCenter Class 3 CA - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - Signature Algorithm: md5WithRSAEncryption - 84:86:50:62:79:a0:27:e1:25:ba:09:b1:34:0f:13:09:ed:2d: - ca:a3:e6:95:f9:30:ac:cd:17:a5:ce:3d:97:9d:ec:7c:8f:26: - 7f:c0:61:ca:22:f7:91:dd:3c:36:59:9a:9b:75:f7:bc:e4:c8: - ed:ec:02:b6:22:a7:f3:2c:f1:c8:92:78:6d:b6:ee:c5:28:ec: - 80:20:4f:b9:6b:08:e7:2f:a7:86:1e:7d:b1:08:9f:54:b9:00: - 37:3c:a0:d8:1a:c8:96:1c:f4:32:14:9c:39:95:b7:ee:f0:43: - 49:c2:5e:e8:cb:79:6f:53:bf:fb:49:8a:2c:d8:4b:d9:55:f2: - 12:70 - -TC TrustCenter, Germany, Class 4 CA -=================================== -MD5 Fingerprint: BF:AF:EC:C4:DA:F9:30:F9:CA:35:CA:25:E4:3F:8D:89 -PEM Data: ------BEGIN CERTIFICATE----- -MIIENTCCA56gAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx -EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD -IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx -IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDQgQ0ExKTAnBgkqhkiG9w0B -CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTE0MDAyMFoX -DTA1MTIzMTE0MDAyMFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn -MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig -U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz -dENlbnRlciBDbGFzcyA0IENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0 -cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvy9j1jZ7 -sg3TVfVkbOYlXca0yBS6JTiD61ZipVWpZaP0I5nCS7nQzVRnpqOgo6kzK3bkva13 -su1cEnTDxbYPUppyk0OQYmYVD0Wl3eDduG9AblfBeXKjYKq6dh0SiVNa/AK+4QkT -xUov3D2LGa3XiyRF+0z0zVw1HSlMUfPybFUCAwEAAaOCAUMwggE/MEAGCWCGSAGG -+EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr -LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl -ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw -czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI -AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p -bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyA0 -IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCUaBQbJZ4p -mbGyI9JEs5Wf0Z5VBN3jL4IzVZZ3GZ0rnmUc+orjx48l/LEeVUYPj/9PNy+kdlmm -ZOvVFnC93ZUzDKQNJOtkULRDEfJDvg1xmCLsAa/s98dcccN1kVgZ6N2g9LTxvBBK -85O0Bkm7H2bSvXRH4Zr569erbR+64R0s2g== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 5 (0x5) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate@trustcenter.de - Validity - Not Before: Mar 9 14:00:20 1998 GMT - Not After : Dec 31 14:00:20 2005 GMT - Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate@trustcenter.de - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:bf:2f:63:d6:36:7b:b2:0d:d3:55:f5:64:6c:e6: - 25:5d:c6:b4:c8:14:ba:25:38:83:eb:56:62:a5:55: - a9:65:a3:f4:23:99:c2:4b:b9:d0:cd:54:67:a6:a3: - a0:a3:a9:33:2b:76:e4:bd:ad:77:b2:ed:5c:12:74: - c3:c5:b6:0f:52:9a:72:93:43:90:62:66:15:0f:45: - a5:dd:e0:dd:b8:6f:40:6e:57:c1:79:72:a3:60:aa: - ba:76:1d:12:89:53:5a:fc:02:be:e1:09:13:c5:4a: - 2f:dc:3d:8b:19:ad:d7:8b:24:45:fb:4c:f4:cd:5c: - 35:1d:29:4c:51:f3:f2:6c:55 - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape CA Revocation Url: - https://www.trustcenter.de/cgi-bin/check-rev.cgi? - Netscape Renewal Url: - https://www.trustcenter.de/cgi-bin/Renew.cgi? - Netscape CA Policy Url: - http://www.trustcenter.de/guidelines/index.html - Netscape Comment: - TC TrustCenter Class 4 CA - Netscape Cert Type: - SSL CA, S/MIME CA, Object Signing CA - Signature Algorithm: md5WithRSAEncryption - 94:68:14:1b:25:9e:29:99:b1:b2:23:d2:44:b3:95:9f:d1:9e: - 55:04:dd:e3:2f:82:33:55:96:77:19:9d:2b:9e:65:1c:fa:8a: - e3:c7:8f:25:fc:b1:1e:55:46:0f:8f:ff:4f:37:2f:a4:76:59: - a6:64:eb:d5:16:70:bd:dd:95:33:0c:a4:0d:24:eb:64:50:b4: - 43:11:f2:43:be:0d:71:98:22:ec:01:af:ec:f7:c7:5c:71:c3: - 75:91:58:19:e8:dd:a0:f4:b4:f1:bc:10:4a:f3:93:b4:06:49: - bb:1f:66:d2:bd:74:47:e1:9a:f9:eb:d7:ab:6d:1f:ba:e1:1d: - 2c:da - -Thawte Personal Basic CA -======================== -MD5 Fingerprint: E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx -FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD -VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT -ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj -IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X -DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw -EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE -ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy -dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD -QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53 -dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK -wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7 -G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF -AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7 -c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P -9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/Email=personal-basic@thawte.com - Validity - Not Before: Jan 1 00:00:00 1996 GMT - Not After : Dec 31 23:59:59 2020 GMT - Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/Email=personal-basic@thawte.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:bc:bc:93:53:6d:c0:50:4f:82:15:e6:48:94:35: - a6:5a:be:6f:42:fa:0f:47:ee:77:75:72:dd:8d:49: - 9b:96:57:a0:78:d4:ca:3f:51:b3:69:0b:91:76:17: - 22:07:97:6a:c4:51:93:4b:e0:8d:ef:37:95:a1:0c: - 4d:da:34:90:1d:17:89:97:e0:35:38:57:4a:c0:f4: - 08:70:e9:3c:44:7b:50:7e:61:9a:90:e3:23:d3:88: - 11:46:27:f5:0b:07:0e:bb:dd:d1:7f:20:0a:88:b9: - 56:0b:2e:1c:80:da:f1:e3:9e:29:ef:14:bd:0a:44: - fb:1b:5b:18:d1:bf:23:93:21 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 2d:e2:99:6b:b0:3d:7a:89:d7:59:a2:94:01:1f:2b:dd:12:4b: - 53:c2:ad:7f:aa:a7:00:5c:91:40:57:25:4a:38:aa:84:70:b9: - d9:80:0f:a5:7b:5c:fb:73:c6:bd:d7:8a:61:5c:03:e3:2d:27: - a8:17:e0:84:85:42:dc:5e:9b:c6:b7:b2:6d:bb:74:af:e4:3f: - cb:a7:b7:b0:e0:5d:be:78:83:25:94:d2:db:81:0f:79:07:6d: - 4f:f4:39:15:5a:52:01:7b:de:32:d6:4d:38:f6:12:5c:06:50: - df:05:5b:bd:14:4b:a1:df:29:ba:3b:41:8d:f7:63:56:a1:df: - 22:b1 - -Thawte Personal Freemail CA -=========================== -MD5 Fingerprint: 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkEx -FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD -VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT -ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt -YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu -Y29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYT -AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa -MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp -b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG -cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhh -d3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfY -DFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E -rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVq -uzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN -BgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP -MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa -/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRznei -gQ== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/Email=personal-freemail@thawte.com - Validity - Not Before: Jan 1 00:00:00 1996 GMT - Not After : Dec 31 23:59:59 2020 GMT - Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/Email=personal-freemail@thawte.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d4:69:d7:d4:b0:94:64:5b:71:e9:47:d8:0c:51: - b6:ea:72:91:b0:84:5e:7d:2d:0d:8f:7b:12:df:85: - 25:75:28:74:3a:42:2c:63:27:9f:95:7b:4b:ef:7e: - 19:87:1d:86:ea:a3:dd:b9:ce:96:64:1a:c2:14:6e: - 44:ac:7c:e6:8f:e8:4d:0f:71:1f:40:38:a6:00:a3: - 87:78:f6:f9:94:86:5e:ad:ea:c0:5e:76:eb:d9:14: - a3:5d:6e:7a:7c:0c:a5:4b:55:7f:06:19:29:7f:9e: - 9a:26:d5:6a:bb:38:24:08:6a:98:c7:b1:da:a3:98: - 91:fd:79:db:e5:5a:c4:1c:b9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - c7:ec:92:7e:4e:f8:f5:96:a5:67:62:2a:a4:f0:4d:11:60:d0: - 6f:8d:60:58:61:ac:26:bb:52:35:5c:08:cf:30:fb:a8:4a:96: - 8a:1f:62:42:23:8c:17:0f:f4:ba:64:9c:17:ac:47:29:df:9d: - 98:5e:d2:6c:60:71:5c:a2:ac:dc:79:e3:e7:6e:00:47:1f:b5: - 0d:28:e8:02:9d:e4:9a:fd:13:f4:a6:d9:7c:b1:f8:dc:5f:23: - 26:09:91:80:73:d0:14:1b:de:43:a9:83:25:f2:e6:9c:2f:15: - ca:fe:a6:ab:8a:07:75:8b:0c:dd:51:84:6b:e4:f8:d1:ce:77: - a2:81 - -Thawte Personal Premium CA -========================== -MD5 Fingerprint: 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D -PEM Data: ------BEGIN CERTIFICATE----- -MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMCWkEx -FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD -VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT -ZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBlcnNvbmFsIFByZW1p -dW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXByZW1pdW1AdGhhd3RlLmNv -bTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJa -QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY -BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u -IFNlcnZpY2VzIERpdmlzaW9uMSMwIQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJl -bWl1bSBDQTEqMCgGCSqGSIb3DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUu -Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0Vs -Bd/eJxZRNkERbGw77f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWI -Et12TfIa/G8jHnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYD -ZicRFTuqW/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG -SIb3DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH -b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVxeTBh -KXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1KzGJ ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/Email=personal-premium@thawte.com - Validity - Not Before: Jan 1 00:00:00 1996 GMT - Not After : Dec 31 23:59:59 2020 GMT - Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/Email=personal-premium@thawte.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:c9:66:d9:f8:07:44:cf:b9:8c:2e:f0:a1:ef:13: - 45:6c:05:df:de:27:16:51:36:41:11:6c:6c:3b:ed: - fe:10:7d:12:9e:e5:9b:42:9a:fe:60:31:c3:66:b7: - 73:3a:48:ae:4e:d0:32:37:94:88:b5:0d:b6:d9:f3: - f2:44:d9:d5:88:12:dd:76:4d:f2:1a:fc:6f:23:1e: - 7a:f1:d8:98:45:4e:07:10:ef:16:42:d0:43:75:6d: - 4a:de:e2:aa:c9:31:ff:1f:00:70:7c:66:cf:10:25: - 08:ba:fa:ee:00:e9:46:03:66:27:11:15:3b:aa:5b: - f2:98:dd:36:42:b2:da:88:75 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 69:36:89:f7:34:2a:33:72:2f:6d:3b:d4:22:b2:b8:6f:9a:c5: - 36:66:0e:1b:3c:a1:b1:75:5a:e6:fd:35:d3:f8:a8:f2:07:6f: - 85:67:8e:de:2b:b9:e2:17:b0:3a:a0:f0:0e:a2:00:9a:df:f3: - 14:15:6e:bb:c8:85:5a:98:80:f9:ff:be:74:1d:3d:f3:fe:30: - 25:d1:37:34:67:fa:a5:71:79:30:61:29:72:c0:e0:2c:4c:fb: - 56:e4:3a:a8:6f:e5:32:59:52:db:75:28:50:59:0c:f8:0b:19: - e4:ac:d9:af:96:8d:2f:50:db:07:c3:ea:1f:ab:33:e0:f5:2b: - 31:89 - -Thawte Premium Server CA -======================== -MD5 Fingerprint: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A -PEM Data: ------BEGIN CERTIFICATE----- -MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx -FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD -VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv -biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy -dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t -MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB -MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG -A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp -b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl -cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv -bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE -VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ -ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR -uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG -9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI -hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM -pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/Email=premium-server@thawte.com - Validity - Not Before: Aug 1 00:00:00 1996 GMT - Not After : Dec 31 23:59:59 2020 GMT - Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/Email=premium-server@thawte.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f: - 38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18: - 48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af: - 86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2: - 21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93: - cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44: - 6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73: - b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07: - 8d:f4:42:4d:e7:40:9d:1c:37 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 26:48:2c:16:c2:58:fa:e8:16:74:0c:aa:aa:5f:54:3f:f2:d7: - c9:78:60:5e:5e:6e:37:63:22:77:36:7e:b2:17:c4:34:b9:f5: - 08:85:fc:c9:01:38:ff:4d:be:f2:16:42:43:e7:bb:5a:46:fb: - c1:c6:11:1f:f1:4a:b0:28:46:c9:c3:c4:42:7d:bc:fa:ab:59: - 6e:d5:b7:51:88:11:e3:a4:85:19:6b:82:4c:a4:0c:12:ad:e9: - a4:ae:3f:f1:c3:49:65:9a:8c:c5:c8:3e:25:b7:94:99:bb:92: - 32:71:07:f0:86:5e:ed:50:27:a6:0d:a6:23:f9:bb:cb:a6:07: - 14:42 - -Thawte Server CA -================ -MD5 Fingerprint: C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D -PEM Data: ------BEGIN CERTIFICATE----- -MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx -FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD -VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv -biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm -MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx -MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT -DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3 -dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl -cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3 -DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD -gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91 -yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX -L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj -EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG -7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e -QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ -qdq5snUb9kLy78fyGPmJvKP/iiMucEc= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 3 (0x2) - Serial Number: 1 (0x1) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/Email=server-certs@thawte.com - Validity - Not Before: Aug 1 00:00:00 1996 GMT - Not After : Dec 31 23:59:59 2020 GMT - Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/Email=server-certs@thawte.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c: - 68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da: - 85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06: - 6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2: - 6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b: - 29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90: - 6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f: - 5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36: - 3a:c2:b5:66:22:12:d6:87:0d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:TRUE - Signature Algorithm: md5WithRSAEncryption - 07:fa:4c:69:5c:fb:95:cc:46:ee:85:83:4d:21:30:8e:ca:d9: - a8:6f:49:1a:e6:da:51:e3:60:70:6c:84:61:11:a1:1a:c8:48: - 3e:59:43:7d:4f:95:3d:a1:8b:b7:0b:62:98:7a:75:8a:dd:88: - 4e:4e:9e:40:db:a8:cc:32:74:b9:6f:0d:c6:e3:b3:44:0b:d9: - 8a:6f:9a:29:9b:99:18:28:3b:d1:e3:40:28:9a:5a:3c:d5:b5: - e7:20:1b:8b:ca:a4:ab:8d:e9:51:d9:e2:4c:2c:59:a9:da:b9: - b2:75:1b:f6:42:f2:ef:c7:f2:18:f9:89:bc:a3:ff:8a:23:2e: - 70:47 - -Thawte Universal CA Root -======================== -MD5 Fingerprint: 17:AF:71:16:52:7B:73:65:22:05:29:28:84:71:9D:13 -PEM Data: ------BEGIN CERTIFICATE----- -MIIRIjCCCQoCAQAwDQYJKoZIhvcNAQEFBQAwVzEPMA0GA1UEChMGVGhhd3RlMSEw -HwYDVQQLExhUaGF3dGUgVW5pdmVyc2FsIENBIFJvb3QxITAfBgNVBAMTGFRoYXd0 -ZSBVbml2ZXJzYWwgQ0EgUm9vdDAeFw05OTEyMDUxMzU2MDVaFw0zNzA0MDMxMzU2 -MDVaMFcxDzANBgNVBAoTBlRoYXd0ZTEhMB8GA1UECxMYVGhhd3RlIFVuaXZlcnNh -bCBDQSBSb290MSEwHwYDVQQDExhUaGF3dGUgVW5pdmVyc2FsIENBIFJvb3Qwgggi -MA0GCSqGSIb3DQEBAQUAA4IIDwAwgggKAoIIAQDiiQVtw3+tpok6/7vHzZ03seHS -IR6bYSoV53tXT1U80Lv52T0+przstK1TmhYC6wty/Yryj0QFxevT5b22RDnm+0e/ -ap4KlRjiaOLWltYhrYj99Rf109pCpZDtKZWWdTrah6HU9dOH3gVipuNmdJLPpby7 -32j/cXVWQVk16zNaZlHy0qMKwYzOc1wRby2MlYyRsf3P5a1WlcyFkoOQVUHJwnft -+aN0QgpoCPPQ0WX9Zyw0/yR/53nIBzslV92kDJg9vuDMGWXb8lSir0LUneKuhCMl -CTMStWoedsSL2UkAbF66H/Ib2mfKJ6qjRCMbg4LO8qsz7VSk3MmrWWXROA7BPhtn -j9Z1AeBVIt12d+yO3fTPeSJtuVcD9ZkIpzw+NPvEF64jWM0k8yPKagIolAGBNLRs -a66LGsOj0gk8FlT1Nl8k459KoeJkxhbDpoF6JDZHjsFeDvv5FXgE1g5Z2Z1YZmLS -lCkyMsh4uWb2tVbhbMYUS5ZSWZECJGpVR9c/tiMaYHeXLuJAr54EV56tEcXJQ3Dv -SLRerBxpLi6C1VuLvoK+GRRe5w0ix1Eb/x6b8TCPcTEGszQnj196ZoJPii0Tq0LP -IVael45mNg+Wm+Ur9AKpKmqMLMTDuHAsLSkeP1B3Hm0qVORVCpE4ocW1ZqJ2Wu4P -v7Rn4ShuD+E2oYLRv9R34cRnMpN4yOdUU/4jeeZozCaQ9hBjXSpvkS2kczJRIfK7 -Fd+qJAhIBt6hnia/uoO/fKTIoIy90v+8hGknEyQYxEUYIyZeGBTKLoiHYqNT5iG3 -uIV7moW7FSZy+Ln3anQPST+SvqkFt5knv78JF0uZTK0REHzfdDH2jyZfqoiuOFfI -VS3T+9gbUZm+JRs6usB9G+3O0km5z/PFfYmQgdhpSCAQo/jvklEYMosRGMA/G4VW -zlfJ8oJkxt8CCS5KES+xJ203UvDwFmHxZ43fh3Kvh9rP+1CUbtSUheuKLOoh9ZZK -RNXgzmp0RE3QBdOHFe020KSLZlVwk+5HBsF+LqUYeWfzKIXxcPcOg6R+VJ5adjLL -ZRu4zfvIKAPSVJHRp8WFQwgXdqXmL2cI2KGigi0M+MGvY9RQd21rRkpBhdWQX3kt -xOzXEYdAiuFo4mT4VTL7b5Ms2nfZIcEX5TYsTn6Qf6yUKzJnvjhQdriuQbnXIcUJ -TGDIo1HENJtXN9/LyTNXi+v7dp8ZTcVqHypFrivtL42npQDLBPolYi50SBvKKoy6 -27Z+9rsCfKnD21h4ob/w/hoQVRHO6GlOlmXGFwPWB2iMVIKuHCJVP/H0CZcowEb3 -TgslHfcH1wkdOhhXODvoMwbnj3hGHlv1BrbsuKYN8boTS9YYIN1pM0ozFa64yJiK -JyyTvC377jO/ZuZNurabBlVgl0u8RM1+9KHYqi/AAighFmJ42whU8vz0NOPGjxxD -V86QGkvcLjsokYk/eto1HY4s7kns9DOtyVOojJ8EUz4kHFLJEvliV6O87izrQHwg -I3ArlflzF4rRwRxpprc4mmf3cB16WgxAz2IPhTzCAk5+tfbFKimEsx83KuGqckLE -7Wsaj5IcXb7R8lvyq6qp0vW4pEErK5FuEkjKmNg3jcjtADC1tgROfpzahOzA+nvl -HYikU0awlORcG6ElLA9IUneXCWzsWxgzgwLlgn7NhSEwEf0nT8/kHuw/pVds6Sow -GSqI5cNpOKtvOXF/hOFBw+HMKokgUi6DD2w5P0stFqwt8CSsAHP0m7MGPwW4FIUf -q55cPJ5inQ5tO4AJ/ALqopd0ysf541bhw8qlpprAkOAkElPSwovavu0CQ15n4YmY -ee7LqsrDG9znpUalfGsWh7ZaKNfbJzxepb22Ud0fQ887Jsg6jSVhwUn0PBvJROqv -HMIrlAEqDjDRW4srR+XD0QQDmw45LNYn1OZwWtl1zyrYyQAF5BOI7MM5+4dhMDZD -A8ienKIGwi/F/PCAY7FUBKBMqS7G9XZ62NDk1JQR5RW1eAbcuICPmakgMz0QhUxl -Cco+WF5gk5qqYl3AUQYcXWCgDZxLQ/anFiGkh6rywS7ukjC4nt/fEAGLhglw2Gyo -t1AeFpa092f9NTohkCoyxwB7TQcQCbkvc9gYfmeZBE8G/FDHhZudQJ2zljf6pdyy -ck7vTgks/ZH9Tfe7pqE+q3uiA0CmqVUn4vr5Gc6HdarxdTbz87iR+JHDi3UTjkxl -mhY5auU06HqWWX81sAD9W2n8Qyb69Shu/ofZfiT7tKCCblSi/66/YrT0cgHCy5hH -mOFMtReAgM6PpijuHkVq+9/xHfxaO9bq9GwdYklXO4qPhurwUwTOnBZo/7q5/IgP -R/cCRHJAuMo7LVOd3DxWjFl7aBosjXG7bADHGs5vQJKxoy8P2UTyo3Aunu4OrjLQ -Oz6LB+rmebNcKeJ9a6he+Vox6AiWoowDmEbxuH2QVCbtdmL+numabl7JScdcNFMp -VNns5EbhgDt12d/7edWH8bqe6xnOTFJz5luHriVPOXnMxrj5EHvs8JtxpAWg0ynT -Tn8f9C0oeMxVlXsekS/MVhhzi7LbvGkH5tDYT+2i/1iFo23gSlO3Z32NDFxbe3co -AjVEegTTKEPIazAXXTK4KTW6dto7FEp2GFik+JI8nk0zb0ZrCNkxSGjd9PskVjSy -z2lmvkjSimYizfJpzcJTE0UpQSLWXZgftqSyo8LuAi9RG9yDpOxwJajUCGEyb+Sh -gS58Y3L6KWW8cETPXQIDAQABMA0GCSqGSIb3DQEBBQUAA4IIAQBVmjRqIgZpCUUz -x66pXMcJTpuGvEGQ1JRS9s0jKZRLIs3ovf6dzVLyve2rh8mrq0YEtL2iPyIwR1DA -S4x2DwP1ktKxLcR6NZzJc4frpp/eD3ON03+Z2LqPb8Tzvhqui6KUNpDi5euNBfT8 -Zd+V8cSUTRdW1588j1A853e/lYYmZPtq/8ba6YyuQrtp5TPG2OkNxlUhScEMtKP5 -m0tc3oNPQQPOKnloOH3wVEkg9bYQ/wjcM2aWm/8G3gCe185WQ5pR/HDN9vBRo7fN -tFyFYs1xt8YrIyvdw25AQvo3/zcc9npXlIeFI9fUycdfwU0vyQ3XXOycJe6eMIKR -lnK4dR34CWhXl7ItS+4l7HokKe5y1JwT26vcAwrYShTJCFdEXaG1U4A08hSXz1Le -og6KEOkU79BgvmGh8SVd1RhzP5MQypbus0DS26NVz1dapQ5PdUff6veQmm31cC4d -FBw3ZARZULDccoZvnDc9XSivc1Xv0u4kdHQT79zbMUn7P2P10wg+M6XnnQreUyxR -jmfbm0FlQVC91KSWbIe8EuCUx9PA5MtzWACD4awnhdadU51cvQo+A0OcDJH1bXv4 -QHJ1qxF2kSvhxqofcGl2cBUJ/pPQ1i23FWqbZ1y0aZ8lpn2K+30iqXHyzk6MuCEt -3v5BcQ3/nexzprsHT4gOWEcufqnCx3jdunqeTuAwTmNvhdQgQen6/kNF5/uverLO -pAUdIppYht/kzkyp/tgWpW/72M5We/XWIO/kR81jJP+5vvFIo8EBcua9wK3tJg3K -NJ/8Ai0gTwUgriE9DMIgPD/wBITcz4n9uSWRjtBD5rMgq1wt1UCeoEvY9LLMffFY -Co6H7YisNpbkVqARivKa0LNXozS7Gas44XRrIsQxzgHVGzbjHjhMM5PfQONZV06s -bnseWj3FHVusyBCCNQIisvx16BCRjcR9eJNHnhydrGtiAliM1hwj1q94woCcpKok -VBS1FJjG+CsaJMtxMgrimw5pa91+jGTRLmPvDn+xPohMnVXlyW4XBLdB/72KQcsl -MW9Edz9HsfyBiAeOBUkgtxHZaQMqA525M4Sa399640Zzo9iijFMZiFVMdLj2RIQr -0RQtTjkukmj/afyFYhvrVU/vJYRiRZnW2E5vP1MIfR0GlYGAf09OdDaYteKHcJjc -1/XcUhXmxtZ5ljl/j5XPq4BTrRsLRUAO1Bi9LN6Kd3b98kRHxiHQ5HTw2BgFyHww -csff8bv8AjCp9EImWQ2TBYKhc+005ThdzVCQ/pT8E7y9/KiiiKdzxLKo0V2IxAKi -evEEyf6MdMnvHWRBn6welmdkrKsoQced98CYG24HwmR9WoNmVig2nOf7HHcOKKDE -92t5OQQghMdXk7wboOq860LlqBH+/KxlzP34KIj0pZrlc1HgqJsNA3dO5eCYs4ja -febGnnwUZsEuU0qSBzegfuk9CeQVfM/9uEGl755mncReBx2H+EGt6ucv0kFjGDf5 -FONN0OX3Q/0V4/k2cwYm3wFPqcNO3iBGd5i0eiQrO3UrTliNm12kxxagvDKIP6GD -8wDI+NhY6WNdTCu18HJB2Kt3N9ZydK62NpzIpoNJS+DJVgspvgAwy93WyEKKANns -FdE0cfJbZIf2J9K364awkL8p2yGeNozjIC+VI1FsG8Kk1ebYAkNnoP6bUANEf7vk -ctXR5NqPkhRk+10UEBJKlQbJZQgpyiGjJjgRySffcGcE/cpIMn9jskV0MVBPh9kg -cNIhcLHWEJ0zXXiDkW1Vguza5GJjx4FG1xllcipDGZC41yNNTBzgRKlmZ6zucXkn -Jnhtcg71XUsjtXx8ZekXxjoLDd1eHlHDhrjsf8cnSqVG6GotGcGHo8uZk4dkolUU -TLdDpZPX59JOeUDKZZlGPT96gHqIaswe5WszRvRQwNUfCbjNii6hJ+tdc6foawrl -V4IqsPziVFJW8KupEsYjlgcknOC8RqW0IATaCZNj5dQuwn7FMe21FXSGF7mz8yaK -HQJq2ho/6LrxBG2UUVTiWrRZgx1g0C1zzAe1Joz518aIke+Az10PoWDLRdRCItGx -cB390LcwkDrGSG1n5TLaj9vjqOMdICWiHOFMuaT2xj9cWA27xrJ3ARaRnxcGDbdA -PsyPjpxL4J1+mx4Fq4gi+tMoG1cUZEo+JCw4TSFpAHMu0FUtdPIV6JRDPkAqxsa5 -alveoswYUFRdTiqFbPaSiykZfufqSuAiKyW892bPd5pBdPI8FA10afVQg83NLyHb -IkaK0PdRGpVX8gWLGhntO0XoNsJufvtXIgAfBlOprpPGj3EqMUWS545t5pkiwIP8 -79xXZndPojYx+6ETjeXKo5V9AQxkcDtTQmiAx7udqAA1aZgMqGfYQ+Wqz5XgUZWk -Fz9CnbgEztN5ecjTihYykuDXou7XN0wvrLh7vkX28RgznHs3piTZvECrAOnDN4ur -2LbzXoFOsBRrBz4f7ML2RCKVu7Pmb9b5cGW6CoNlqg4TL4MTI1OLQBb6zi/8TQT4 -69isxTbCFVdIOOxVs7Qeuq3SQgYXDXPIV6a+lk2p8sD7eiEc9clwqYKQtfEM1HkQ -voGm6VxhnHd5mqTDNyZXN8lSLPoI/9BfxmHA9Ha+/N5Oz6tRmXHH33701s8GVhkT -UwttdFlIGZtTBS2dMlTT5SxTi2Q+1GR744AJFMz+FkZja3Fp+PnLJ/aIVLxFs84C -yJTuQFv5QgLC/7DYLOsof17JJgGZpw== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: O=Thawte, OU=Thawte Universal CA Root, CN=Thawte Universal CA Root - Validity - Not Before: Dec 5 13:56:05 1999 GMT - Not After : Apr 3 13:56:05 2037 GMT - Subject: O=Thawte, OU=Thawte Universal CA Root, CN=Thawte Universal CA Root - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (16384 bit) - Modulus (16384 bit): - 00:e2:89:05:6d:c3:7f:ad:a6:89:3a:ff:bb:c7:cd: - 9d:37:b1:e1:d2:21:1e:9b:61:2a:15:e7:7b:57:4f: - 55:3c:d0:bb:f9:d9:3d:3e:a6:bc:ec:b4:ad:53:9a: - 16:02:eb:0b:72:fd:8a:f2:8f:44:05:c5:eb:d3:e5: - bd:b6:44:39:e6:fb:47:bf:6a:9e:0a:95:18:e2:68: - e2:d6:96:d6:21:ad:88:fd:f5:17:f5:d3:da:42:a5: - 90:ed:29:95:96:75:3a:da:87:a1:d4:f5:d3:87:de: - 05:62:a6:e3:66:74:92:cf:a5:bc:bb:df:68:ff:71: - 75:56:41:59:35:eb:33:5a:66:51:f2:d2:a3:0a:c1: - 8c:ce:73:5c:11:6f:2d:8c:95:8c:91:b1:fd:cf:e5: - ad:56:95:cc:85:92:83:90:55:41:c9:c2:77:ed:f9: - a3:74:42:0a:68:08:f3:d0:d1:65:fd:67:2c:34:ff: - 24:7f:e7:79:c8:07:3b:25:57:dd:a4:0c:98:3d:be: - e0:cc:19:65:db:f2:54:a2:af:42:d4:9d:e2:ae:84: - 23:25:09:33:12:b5:6a:1e:76:c4:8b:d9:49:00:6c: - 5e:ba:1f:f2:1b:da:67:ca:27:aa:a3:44:23:1b:83: - 82:ce:f2:ab:33:ed:54:a4:dc:c9:ab:59:65:d1:38: - 0e:c1:3e:1b:67:8f:d6:75:01:e0:55:22:dd:76:77: - ec:8e:dd:f4:cf:79:22:6d:b9:57:03:f5:99:08:a7: - 3c:3e:34:fb:c4:17:ae:23:58:cd:24:f3:23:ca:6a: - 02:28:94:01:81:34:b4:6c:6b:ae:8b:1a:c3:a3:d2: - 09:3c:16:54:f5:36:5f:24:e3:9f:4a:a1:e2:64:c6: - 16:c3:a6:81:7a:24:36:47:8e:c1:5e:0e:fb:f9:15: - 78:04:d6:0e:59:d9:9d:58:66:62:d2:94:29:32:32: - c8:78:b9:66:f6:b5:56:e1:6c:c6:14:4b:96:52:59: - 91:02:24:6a:55:47:d7:3f:b6:23:1a:60:77:97:2e: - e2:40:af:9e:04:57:9e:ad:11:c5:c9:43:70:ef:48: - b4:5e:ac:1c:69:2e:2e:82:d5:5b:8b:be:82:be:19: - 14:5e:e7:0d:22:c7:51:1b:ff:1e:9b:f1:30:8f:71: - 31:06:b3:34:27:8f:5f:7a:66:82:4f:8a:2d:13:ab: - 42:cf:21:56:9e:97:8e:66:36:0f:96:9b:e5:2b:f4: - 02:a9:2a:6a:8c:2c:c4:c3:b8:70:2c:2d:29:1e:3f: - 50:77:1e:6d:2a:54:e4:55:0a:91:38:a1:c5:b5:66: - a2:76:5a:ee:0f:bf:b4:67:e1:28:6e:0f:e1:36:a1: - 82:d1:bf:d4:77:e1:c4:67:32:93:78:c8:e7:54:53: - fe:23:79:e6:68:cc:26:90:f6:10:63:5d:2a:6f:91: - 2d:a4:73:32:51:21:f2:bb:15:df:aa:24:08:48:06: - de:a1:9e:26:bf:ba:83:bf:7c:a4:c8:a0:8c:bd:d2: - ff:bc:84:69:27:13:24:18:c4:45:18:23:26:5e:18: - 14:ca:2e:88:87:62:a3:53:e6:21:b7:b8:85:7b:9a: - 85:bb:15:26:72:f8:b9:f7:6a:74:0f:49:3f:92:be: - a9:05:b7:99:27:bf:bf:09:17:4b:99:4c:ad:11:10: - 7c:df:74:31:f6:8f:26:5f:aa:88:ae:38:57:c8:55: - 2d:d3:fb:d8:1b:51:99:be:25:1b:3a:ba:c0:7d:1b: - ed:ce:d2:49:b9:cf:f3:c5:7d:89:90:81:d8:69:48: - 20:10:a3:f8:ef:92:51:18:32:8b:11:18:c0:3f:1b: - 85:56:ce:57:c9:f2:82:64:c6:df:02:09:2e:4a:11: - 2f:b1:27:6d:37:52:f0:f0:16:61:f1:67:8d:df:87: - 72:af:87:da:cf:fb:50:94:6e:d4:94:85:eb:8a:2c: - ea:21:f5:96:4a:44:d5:e0:ce:6a:74:44:4d:d0:05: - d3:87:15:ed:36:d0:a4:8b:66:55:70:93:ee:47:06: - c1:7e:2e:a5:18:79:67:f3:28:85:f1:70:f7:0e:83: - a4:7e:54:9e:5a:76:32:cb:65:1b:b8:cd:fb:c8:28: - 03:d2:54:91:d1:a7:c5:85:43:08:17:76:a5:e6:2f: - 67:08:d8:a1:a2:82:2d:0c:f8:c1:af:63:d4:50:77: - 6d:6b:46:4a:41:85:d5:90:5f:79:2d:c4:ec:d7:11: - 87:40:8a:e1:68:e2:64:f8:55:32:fb:6f:93:2c:da: - 77:d9:21:c1:17:e5:36:2c:4e:7e:90:7f:ac:94:2b: - 32:67:be:38:50:76:b8:ae:41:b9:d7:21:c5:09:4c: - 60:c8:a3:51:c4:34:9b:57:37:df:cb:c9:33:57:8b: - eb:fb:76:9f:19:4d:c5:6a:1f:2a:45:ae:2b:ed:2f: - 8d:a7:a5:00:cb:04:fa:25:62:2e:74:48:1b:ca:2a: - 8c:ba:db:b6:7e:f6:bb:02:7c:a9:c3:db:58:78:a1: - bf:f0:fe:1a:10:55:11:ce:e8:69:4e:96:65:c6:17: - 03:d6:07:68:8c:54:82:ae:1c:22:55:3f:f1:f4:09: - 97:28:c0:46:f7:4e:0b:25:1d:f7:07:d7:09:1d:3a: - 18:57:38:3b:e8:33:06:e7:8f:78:46:1e:5b:f5:06: - b6:ec:b8:a6:0d:f1:ba:13:4b:d6:18:20:dd:69:33: - 4a:33:15:ae:b8:c8:98:8a:27:2c:93:bc:2d:fb:ee: - 33:bf:66:e6:4d:ba:b6:9b:06:55:60:97:4b:bc:44: - cd:7e:f4:a1:d8:aa:2f:c0:02:28:21:16:62:78:db: - 08:54:f2:fc:f4:34:e3:c6:8f:1c:43:57:ce:90:1a: - 4b:dc:2e:3b:28:91:89:3f:7a:da:35:1d:8e:2c:ee: - 49:ec:f4:33:ad:c9:53:a8:8c:9f:04:53:3e:24:1c: - 52:c9:12:f9:62:57:a3:bc:ee:2c:eb:40:7c:20:23: - 70:2b:95:f9:73:17:8a:d1:c1:1c:69:a6:b7:38:9a: - 67:f7:70:1d:7a:5a:0c:40:cf:62:0f:85:3c:c2:02: - 4e:7e:b5:f6:c5:2a:29:84:b3:1f:37:2a:e1:aa:72: - 42:c4:ed:6b:1a:8f:92:1c:5d:be:d1:f2:5b:f2:ab: - aa:a9:d2:f5:b8:a4:41:2b:2b:91:6e:12:48:ca:98: - d8:37:8d:c8:ed:00:30:b5:b6:04:4e:7e:9c:da:84: - ec:c0:fa:7b:e5:1d:88:a4:53:46:b0:94:e4:5c:1b: - a1:25:2c:0f:48:52:77:97:09:6c:ec:5b:18:33:83: - 02:e5:82:7e:cd:85:21:30:11:fd:27:4f:cf:e4:1e: - ec:3f:a5:57:6c:e9:2a:30:19:2a:88:e5:c3:69:38: - ab:6f:39:71:7f:84:e1:41:c3:e1:cc:2a:89:20:52: - 2e:83:0f:6c:39:3f:4b:2d:16:ac:2d:f0:24:ac:00: - 73:f4:9b:b3:06:3f:05:b8:14:85:1f:ab:9e:5c:3c: - 9e:62:9d:0e:6d:3b:80:09:fc:02:ea:a2:97:74:ca: - c7:f9:e3:56:e1:c3:ca:a5:a6:9a:c0:90:e0:24:12: - 53:d2:c2:8b:da:be:ed:02:43:5e:67:e1:89:98:79: - ee:cb:aa:ca:c3:1b:dc:e7:a5:46:a5:7c:6b:16:87: - b6:5a:28:d7:db:27:3c:5e:a5:bd:b6:51:dd:1f:43: - cf:3b:26:c8:3a:8d:25:61:c1:49:f4:3c:1b:c9:44: - ea:af:1c:c2:2b:94:01:2a:0e:30:d1:5b:8b:2b:47: - e5:c3:d1:04:03:9b:0e:39:2c:d6:27:d4:e6:70:5a: - d9:75:cf:2a:d8:c9:00:05:e4:13:88:ec:c3:39:fb: - 87:61:30:36:43:03:c8:9e:9c:a2:06:c2:2f:c5:fc: - f0:80:63:b1:54:04:a0:4c:a9:2e:c6:f5:76:7a:d8: - d0:e4:d4:94:11:e5:15:b5:78:06:dc:b8:80:8f:99: - a9:20:33:3d:10:85:4c:65:09:ca:3e:58:5e:60:93: - 9a:aa:62:5d:c0:51:06:1c:5d:60:a0:0d:9c:4b:43: - f6:a7:16:21:a4:87:aa:f2:c1:2e:ee:92:30:b8:9e: - df:df:10:01:8b:86:09:70:d8:6c:a8:b7:50:1e:16: - 96:b4:f7:67:fd:35:3a:21:90:2a:32:c7:00:7b:4d: - 07:10:09:b9:2f:73:d8:18:7e:67:99:04:4f:06:fc: - 50:c7:85:9b:9d:40:9d:b3:96:37:fa:a5:dc:b2:72: - 4e:ef:4e:09:2c:fd:91:fd:4d:f7:bb:a6:a1:3e:ab: - 7b:a2:03:40:a6:a9:55:27:e2:fa:f9:19:ce:87:75: - aa:f1:75:36:f3:f3:b8:91:f8:91:c3:8b:75:13:8e: - 4c:65:9a:16:39:6a:e5:34:e8:7a:96:59:7f:35:b0: - 00:fd:5b:69:fc:43:26:fa:f5:28:6e:fe:87:d9:7e: - 24:fb:b4:a0:82:6e:54:a2:ff:ae:bf:62:b4:f4:72: - 01:c2:cb:98:47:98:e1:4c:b5:17:80:80:ce:8f:a6: - 28:ee:1e:45:6a:fb:df:f1:1d:fc:5a:3b:d6:ea:f4: - 6c:1d:62:49:57:3b:8a:8f:86:ea:f0:53:04:ce:9c: - 16:68:ff:ba:b9:fc:88:0f:47:f7:02:44:72:40:b8: - ca:3b:2d:53:9d:dc:3c:56:8c:59:7b:68:1a:2c:8d: - 71:bb:6c:00:c7:1a:ce:6f:40:92:b1:a3:2f:0f:d9: - 44:f2:a3:70:2e:9e:ee:0e:ae:32:d0:3b:3e:8b:07: - ea:e6:79:b3:5c:29:e2:7d:6b:a8:5e:f9:5a:31:e8: - 08:96:a2:8c:03:98:46:f1:b8:7d:90:54:26:ed:76: - 62:fe:9e:e9:9a:6e:5e:c9:49:c7:5c:34:53:29:54: - d9:ec:e4:46:e1:80:3b:75:d9:df:fb:79:d5:87:f1: - ba:9e:eb:19:ce:4c:52:73:e6:5b:87:ae:25:4f:39: - 79:cc:c6:b8:f9:10:7b:ec:f0:9b:71:a4:05:a0:d3: - 29:d3:4e:7f:1f:f4:2d:28:78:cc:55:95:7b:1e:91: - 2f:cc:56:18:73:8b:b2:db:bc:69:07:e6:d0:d8:4f: - ed:a2:ff:58:85:a3:6d:e0:4a:53:b7:67:7d:8d:0c: - 5c:5b:7b:77:28:02:35:44:7a:04:d3:28:43:c8:6b: - 30:17:5d:32:b8:29:35:ba:76:da:3b:14:4a:76:18: - 58:a4:f8:92:3c:9e:4d:33:6f:46:6b:08:d9:31:48: - 68:dd:f4:fb:24:56:34:b2:cf:69:66:be:48:d2:8a: - 66:22:cd:f2:69:cd:c2:53:13:45:29:41:22:d6:5d: - 98:1f:b6:a4:b2:a3:c2:ee:02:2f:51:1b:dc:83:a4: - ec:70:25:a8:d4:08:61:32:6f:e4:a1:81:2e:7c:63: - 72:fa:29:65:bc:70:44:cf:5d - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 55:9a:34:6a:22:06:69:09:45:33:c7:ae:a9:5c:c7:09:4e:9b: - 86:bc:41:90:d4:94:52:f6:cd:23:29:94:4b:22:cd:e8:bd:fe: - 9d:cd:52:f2:bd:ed:ab:87:c9:ab:ab:46:04:b4:bd:a2:3f:22: - 30:47:50:c0:4b:8c:76:0f:03:f5:92:d2:b1:2d:c4:7a:35:9c: - c9:73:87:eb:a6:9f:de:0f:73:8d:d3:7f:99:d8:ba:8f:6f:c4: - f3:be:1a:ae:8b:a2:94:36:90:e2:e5:eb:8d:05:f4:fc:65:df: - 95:f1:c4:94:4d:17:56:d7:9f:3c:8f:50:3c:e7:77:bf:95:86: - 26:64:fb:6a:ff:c6:da:e9:8c:ae:42:bb:69:e5:33:c6:d8:e9: - 0d:c6:55:21:49:c1:0c:b4:a3:f9:9b:4b:5c:de:83:4f:41:03: - ce:2a:79:68:38:7d:f0:54:49:20:f5:b6:10:ff:08:dc:33:66: - 96:9b:ff:06:de:00:9e:d7:ce:56:43:9a:51:fc:70:cd:f6:f0: - 51:a3:b7:cd:b4:5c:85:62:cd:71:b7:c6:2b:23:2b:dd:c3:6e: - 40:42:fa:37:ff:37:1c:f6:7a:57:94:87:85:23:d7:d4:c9:c7: - 5f:c1:4d:2f:c9:0d:d7:5c:ec:9c:25:ee:9e:30:82:91:96:72: - b8:75:1d:f8:09:68:57:97:b2:2d:4b:ee:25:ec:7a:24:29:ee: - 72:d4:9c:13:db:ab:dc:03:0a:d8:4a:14:c9:08:57:44:5d:a1: - b5:53:80:34:f2:14:97:cf:52:de:a2:0e:8a:10:e9:14:ef:d0: - 60:be:61:a1:f1:25:5d:d5:18:73:3f:93:10:ca:96:ee:b3:40: - d2:db:a3:55:cf:57:5a:a5:0e:4f:75:47:df:ea:f7:90:9a:6d: - f5:70:2e:1d:14:1c:37:64:04:59:50:b0:dc:72:86:6f:9c:37: - 3d:5d:28:af:73:55:ef:d2:ee:24:74:74:13:ef:dc:db:31:49: - fb:3f:63:f5:d3:08:3e:33:a5:e7:9d:0a:de:53:2c:51:8e:67: - db:9b:41:65:41:50:bd:d4:a4:96:6c:87:bc:12:e0:94:c7:d3: - c0:e4:cb:73:58:00:83:e1:ac:27:85:d6:9d:53:9d:5c:bd:0a: - 3e:03:43:9c:0c:91:f5:6d:7b:f8:40:72:75:ab:11:76:91:2b: - e1:c6:aa:1f:70:69:76:70:15:09:fe:93:d0:d6:2d:b7:15:6a: - 9b:67:5c:b4:69:9f:25:a6:7d:8a:fb:7d:22:a9:71:f2:ce:4e: - 8c:b8:21:2d:de:fe:41:71:0d:ff:9d:ec:73:a6:bb:07:4f:88: - 0e:58:47:2e:7e:a9:c2:c7:78:dd:ba:7a:9e:4e:e0:30:4e:63: - 6f:85:d4:20:41:e9:fa:fe:43:45:e7:fb:af:7a:b2:ce:a4:05: - 1d:22:9a:58:86:df:e4:ce:4c:a9:fe:d8:16:a5:6f:fb:d8:ce: - 56:7b:f5:d6:20:ef:e4:47:cd:63:24:ff:b9:be:f1:48:a3:c1: - 01:72:e6:bd:c0:ad:ed:26:0d:ca:34:9f:fc:02:2d:20:4f:05: - 20:ae:21:3d:0c:c2:20:3c:3f:f0:04:84:dc:cf:89:fd:b9:25: - 91:8e:d0:43:e6:b3:20:ab:5c:2d:d5:40:9e:a0:4b:d8:f4:b2: - cc:7d:f1:58:0a:8e:87:ed:88:ac:36:96:e4:56:a0:11:8a:f2: - 9a:d0:b3:57:a3:34:bb:19:ab:38:e1:74:6b:22:c4:31:ce:01: - d5:1b:36:e3:1e:38:4c:33:93:df:40:e3:59:57:4e:ac:6e:7b: - 1e:5a:3d:c5:1d:5b:ac:c8:10:82:35:02:22:b2:fc:75:e8:10: - 91:8d:c4:7d:78:93:47:9e:1c:9d:ac:6b:62:02:58:8c:d6:1c: - 23:d6:af:78:c2:80:9c:a4:aa:24:54:14:b5:14:98:c6:f8:2b: - 1a:24:cb:71:32:0a:e2:9b:0e:69:6b:dd:7e:8c:64:d1:2e:63: - ef:0e:7f:b1:3e:88:4c:9d:55:e5:c9:6e:17:04:b7:41:ff:bd: - 8a:41:cb:25:31:6f:44:77:3f:47:b1:fc:81:88:07:8e:05:49: - 20:b7:11:d9:69:03:2a:03:9d:b9:33:84:9a:df:df:7a:e3:46: - 73:a3:d8:a2:8c:53:19:88:55:4c:74:b8:f6:44:84:2b:d1:14: - 2d:4e:39:2e:92:68:ff:69:fc:85:62:1b:eb:55:4f:ef:25:84: - 62:45:99:d6:d8:4e:6f:3f:53:08:7d:1d:06:95:81:80:7f:4f: - 4e:74:36:98:b5:e2:87:70:98:dc:d7:f5:dc:52:15:e6:c6:d6: - 79:96:39:7f:8f:95:cf:ab:80:53:ad:1b:0b:45:40:0e:d4:18: - bd:2c:de:8a:77:76:fd:f2:44:47:c6:21:d0:e4:74:f0:d8:18: - 05:c8:7c:30:72:c7:df:f1:bb:fc:02:30:a9:f4:42:26:59:0d: - 93:05:82:a1:73:ed:34:e5:38:5d:cd:50:90:fe:94:fc:13:bc: - bd:fc:a8:a2:88:a7:73:c4:b2:a8:d1:5d:88:c4:02:a2:7a:f1: - 04:c9:fe:8c:74:c9:ef:1d:64:41:9f:ac:1e:96:67:64:ac:ab: - 28:41:c7:9d:f7:c0:98:1b:6e:07:c2:64:7d:5a:83:66:56:28: - 36:9c:e7:fb:1c:77:0e:28:a0:c4:f7:6b:79:39:04:20:84:c7: - 57:93:bc:1b:a0:ea:bc:eb:42:e5:a8:11:fe:fc:ac:65:cc:fd: - f8:28:88:f4:a5:9a:e5:73:51:e0:a8:9b:0d:03:77:4e:e5:e0: - 98:b3:88:da:7d:e6:c6:9e:7c:14:66:c1:2e:53:4a:92:07:37: - a0:7e:e9:3d:09:e4:15:7c:cf:fd:b8:41:a5:ef:9e:66:9d:c4: - 5e:07:1d:87:f8:41:ad:ea:e7:2f:d2:41:63:18:37:f9:14:e3: - 4d:d0:e5:f7:43:fd:15:e3:f9:36:73:06:26:df:01:4f:a9:c3: - 4e:de:20:46:77:98:b4:7a:24:2b:3b:75:2b:4e:58:8d:9b:5d: - a4:c7:16:a0:bc:32:88:3f:a1:83:f3:00:c8:f8:d8:58:e9:63: - 5d:4c:2b:b5:f0:72:41:d8:ab:77:37:d6:72:74:ae:b6:36:9c: - c8:a6:83:49:4b:e0:c9:56:0b:29:be:00:30:cb:dd:d6:c8:42: - 8a:00:d9:ec:15:d1:34:71:f2:5b:64:87:f6:27:d2:b7:eb:86: - b0:90:bf:29:db:21:9e:36:8c:e3:20:2f:95:23:51:6c:1b:c2: - a4:d5:e6:d8:02:43:67:a0:fe:9b:50:03:44:7f:bb:e4:72:d5: - d1:e4:da:8f:92:14:64:fb:5d:14:10:12:4a:95:06:c9:65:08: - 29:ca:21:a3:26:38:11:c9:27:df:70:67:04:fd:ca:48:32:7f: - 63:b2:45:74:31:50:4f:87:d9:20:70:d2:21:70:b1:d6:10:9d: - 33:5d:78:83:91:6d:55:82:ec:da:e4:62:63:c7:81:46:d7:19: - 65:72:2a:43:19:90:b8:d7:23:4d:4c:1c:e0:44:a9:66:67:ac: - ee:71:79:27:26:78:6d:72:0e:f5:5d:4b:23:b5:7c:7c:65:e9: - 17:c6:3a:0b:0d:dd:5e:1e:51:c3:86:b8:ec:7f:c7:27:4a:a5: - 46:e8:6a:2d:19:c1:87:a3:cb:99:93:87:64:a2:55:14:4c:b7: - 43:a5:93:d7:e7:d2:4e:79:40:ca:65:99:46:3d:3f:7a:80:7a: - 88:6a:cc:1e:e5:6b:33:46:f4:50:c0:d5:1f:09:b8:cd:8a:2e: - a1:27:eb:5d:73:a7:e8:6b:0a:e5:57:82:2a:b0:fc:e2:54:52: - 56:f0:ab:a9:12:c6:23:96:07:24:9c:e0:bc:46:a5:b4:20:04: - da:09:93:63:e5:d4:2e:c2:7e:c5:31:ed:b5:15:74:86:17:b9: - b3:f3:26:8a:1d:02:6a:da:1a:3f:e8:ba:f1:04:6d:94:51:54: - e2:5a:b4:59:83:1d:60:d0:2d:73:cc:07:b5:26:8c:f9:d7:c6: - 88:91:ef:80:cf:5d:0f:a1:60:cb:45:d4:42:22:d1:b1:70:1d: - fd:d0:b7:30:90:3a:c6:48:6d:67:e5:32:da:8f:db:e3:a8:e3: - 1d:20:25:a2:1c:e1:4c:b9:a4:f6:c6:3f:5c:58:0d:bb:c6:b2: - 77:01:16:91:9f:17:06:0d:b7:40:3e:cc:8f:8e:9c:4b:e0:9d: - 7e:9b:1e:05:ab:88:22:fa:d3:28:1b:57:14:64:4a:3e:24:2c: - 38:4d:21:69:00:73:2e:d0:55:2d:74:f2:15:e8:94:43:3e:40: - 2a:c6:c6:b9:6a:5b:de:a2:cc:18:50:54:5d:4e:2a:85:6c:f6: - 92:8b:29:19:7e:e7:ea:4a:e0:22:2b:25:bc:f7:66:cf:77:9a: - 41:74:f2:3c:14:0d:74:69:f5:50:83:cd:cd:2f:21:db:22:46: - 8a:d0:f7:51:1a:95:57:f2:05:8b:1a:19:ed:3b:45:e8:36:c2: - 6e:7e:fb:57:22:00:1f:06:53:a9:ae:93:c6:8f:71:2a:31:45: - 92:e7:8e:6d:e6:99:22:c0:83:fc:ef:dc:57:66:77:4f:a2:36: - 31:fb:a1:13:8d:e5:ca:a3:95:7d:01:0c:64:70:3b:53:42:68: - 80:c7:bb:9d:a8:00:35:69:98:0c:a8:67:d8:43:e5:aa:cf:95: - e0:51:95:a4:17:3f:42:9d:b8:04:ce:d3:79:79:c8:d3:8a:16: - 32:92:e0:d7:a2:ee:d7:37:4c:2f:ac:b8:7b:be:45:f6:f1:18: - 33:9c:7b:37:a6:24:d9:bc:40:ab:00:e9:c3:37:8b:ab:d8:b6: - f3:5e:81:4e:b0:14:6b:07:3e:1f:ec:c2:f6:44:22:95:bb:b3: - e6:6f:d6:f9:70:65:ba:0a:83:65:aa:0e:13:2f:83:13:23:53: - 8b:40:16:fa:ce:2f:fc:4d:04:f8:eb:d8:ac:c5:36:c2:15:57: - 48:38:ec:55:b3:b4:1e:ba:ad:d2:42:06:17:0d:73:c8:57:a6: - be:96:4d:a9:f2:c0:fb:7a:21:1c:f5:c9:70:a9:82:90:b5:f1: - 0c:d4:79:10:be:81:a6:e9:5c:61:9c:77:79:9a:a4:c3:37:26: - 57:37:c9:52:2c:fa:08:ff:d0:5f:c6:61:c0:f4:76:be:fc:de: - 4e:cf:ab:51:99:71:c7:df:7e:f4:d6:cf:06:56:19:13:53:0b: - 6d:74:59:48:19:9b:53:05:2d:9d:32:54:d3:e5:2c:53:8b:64: - 3e:d4:64:7b:e3:80:09:14:cc:fe:16:46:63:6b:71:69:f8:f9: - cb:27:f6:88:54:bc:45:b3:ce:02:c8:94:ee:40:5b:f9:42:02: - c2:ff:b0:d8:2c:eb:28:7f:5e:c9:26:01:99:a7 - -UPS Document Exchange by DST -============================ -MD5 Fingerprint: 78:A5:FB:10:4B:E4:63:2E:D2:6B:FB:F2:B6:C2:4B:8E -PEM Data: ------BEGIN CERTIFICATE----- -MIID+DCCAuACEQDQHkCLAAACfAAAAAcAAAABMA0GCSqGSIb3DQEBBQUAMIG5MQsw -CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp -dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEeMBwGA1UE -CxMVVW5pdGVkIFBhcmNlbCBTZXJ2aWNlMRkwFwYDVQQDExBEU1QgKFVQUykgUm9v -dENBMSEwHwYJKoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wHhcNOTgxMjEw -MDAyNTQ2WhcNMDgxMjA3MDAyNTQ2WjCBuTELMAkGA1UEBhMCdXMxDTALBgNVBAgT -BFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MSQwIgYDVQQKExtEaWdpdGFs -IFNpZ25hdHVyZSBUcnVzdCBDby4xHjAcBgNVBAsTFVVuaXRlZCBQYXJjZWwgU2Vy -dmljZTEZMBcGA1UEAxMQRFNUIChVUFMpIFJvb3RDQTEhMB8GCSqGSIb3DQEJARYS -Y2FAZGlnc2lndHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEA7xfsrynm2SsnwNt7JJ9m9ASjwq0KyrDNhCuqN/OAoWDvQo/lXXdfV0JU3Svb -YbJxXpN7b1/rJCvnpPLr8XOzC431Wdcy36yQjk4xuiVNtgym8eWvDOHlb1IDFcHf -vn5KpqYYRnA/76dNqNz1dNlhekA8oZQo6sKUiMs3FQUZPJViuhwt+yiM0ciekjxb -EVQ7eNlHO5stSuY+e2vf9PYFzyj2upg2AJ48N4UKnN63pIXFY/23YhRtFx7MioCF -QjIRsCHinXfJgBZBnuvlFIl/t8O8T8Gfh5uW7GP2+ZBWDpWjIwqMZNqbuxx3sExd -5sjo9X15LVckP8zjPSyYzxKfFwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQC7OI4E -IiZYDiFEVsy9WXwpaMtcD8iGVD+BeKetj8xG9xxUuHktW3IFaugh0OwdHf6kNFG+ -7u3OzJwWaOJddXMIQzGRahArEMJLafjJrZio/bjv9qvwXyHvy4VrCe0vSGa1YHLA -6KDHmNsO9xtzjTQICnvFd2KqMCObsB6LgJhU3AWHs6liWfyLtxWarETszzUa9w8u -XZJLAch77qA37eQdgg2ZQUMXrdTVyuP5fReiAdAwD0C53LkEgmmDtvkP+gaS96j0 -1hcc8F5/xCnI5uHi/zZoIVGu/6m6hJKtinsz2JDSwXltMzM5dKwbOHGfLAeQ6h3g -04lfy+8UjSdUpb1G ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - d0:1e:40:8b:00:00:02:7c:00:00:00:07:00:00:00:01 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=United Parcel Service, CN=DST (UPS) RootCA/Email=ca@digsigtrust.com - Validity - Not Before: Dec 10 00:25:46 1998 GMT - Not After : Dec 7 00:25:46 2008 GMT - Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=United Parcel Service, CN=DST (UPS) RootCA/Email=ca@digsigtrust.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:ef:17:ec:af:29:e6:d9:2b:27:c0:db:7b:24:9f: - 66:f4:04:a3:c2:ad:0a:ca:b0:cd:84:2b:aa:37:f3: - 80:a1:60:ef:42:8f:e5:5d:77:5f:57:42:54:dd:2b: - db:61:b2:71:5e:93:7b:6f:5f:eb:24:2b:e7:a4:f2: - eb:f1:73:b3:0b:8d:f5:59:d7:32:df:ac:90:8e:4e: - 31:ba:25:4d:b6:0c:a6:f1:e5:af:0c:e1:e5:6f:52: - 03:15:c1:df:be:7e:4a:a6:a6:18:46:70:3f:ef:a7: - 4d:a8:dc:f5:74:d9:61:7a:40:3c:a1:94:28:ea:c2: - 94:88:cb:37:15:05:19:3c:95:62:ba:1c:2d:fb:28: - 8c:d1:c8:9e:92:3c:5b:11:54:3b:78:d9:47:3b:9b: - 2d:4a:e6:3e:7b:6b:df:f4:f6:05:cf:28:f6:ba:98: - 36:00:9e:3c:37:85:0a:9c:de:b7:a4:85:c5:63:fd: - b7:62:14:6d:17:1e:cc:8a:80:85:42:32:11:b0:21: - e2:9d:77:c9:80:16:41:9e:eb:e5:14:89:7f:b7:c3: - bc:4f:c1:9f:87:9b:96:ec:63:f6:f9:90:56:0e:95: - a3:23:0a:8c:64:da:9b:bb:1c:77:b0:4c:5d:e6:c8: - e8:f5:7d:79:2d:57:24:3f:cc:e3:3d:2c:98:cf:12: - 9f:17 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - bb:38:8e:04:22:26:58:0e:21:44:56:cc:bd:59:7c:29:68:cb: - 5c:0f:c8:86:54:3f:81:78:a7:ad:8f:cc:46:f7:1c:54:b8:79: - 2d:5b:72:05:6a:e8:21:d0:ec:1d:1d:fe:a4:34:51:be:ee:ed: - ce:cc:9c:16:68:e2:5d:75:73:08:43:31:91:6a:10:2b:10:c2: - 4b:69:f8:c9:ad:98:a8:fd:b8:ef:f6:ab:f0:5f:21:ef:cb:85: - 6b:09:ed:2f:48:66:b5:60:72:c0:e8:a0:c7:98:db:0e:f7:1b: - 73:8d:34:08:0a:7b:c5:77:62:aa:30:23:9b:b0:1e:8b:80:98: - 54:dc:05:87:b3:a9:62:59:fc:8b:b7:15:9a:ac:44:ec:cf:35: - 1a:f7:0f:2e:5d:92:4b:01:c8:7b:ee:a0:37:ed:e4:1d:82:0d: - 99:41:43:17:ad:d4:d5:ca:e3:f9:7d:17:a2:01:d0:30:0f:40: - b9:dc:b9:04:82:69:83:b6:f9:0f:fa:06:92:f7:a8:f4:d6:17: - 1c:f0:5e:7f:c4:29:c8:e6:e1:e2:ff:36:68:21:51:ae:ff:a9: - ba:84:92:ad:8a:7b:33:d8:90:d2:c1:79:6d:33:33:39:74:ac: - 1b:38:71:9f:2c:07:90:ea:1d:e0:d3:89:5f:cb:ef:14:8d:27: - 54:a5:bd:46 - -ValiCert Class 1 VA -=================== -MD5 Fingerprint: 65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB -PEM Data: ------BEGIN CERTIFICATE----- -MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 -IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz -BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y -aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG -9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy -NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y -azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs -YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw -Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl -cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y -LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+ -TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y -TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0 -LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW -I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw -nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com - Validity - Not Before: Jun 25 22:23:48 1999 GMT - Not After : Jun 25 22:23:48 2019 GMT - Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d8:59:82:7a:89:b8:96:ba:a6:2f:68:6f:58:2e: - a7:54:1c:06:6e:f4:ea:8d:48:bc:31:94:17:f0:f3: - 4e:bc:b2:b8:35:92:76:b0:d0:a5:a5:01:d7:00:03: - 12:22:19:08:f8:ff:11:23:9b:ce:07:f5:bf:69:1a: - 26:fe:4e:e9:d1:7f:9d:2c:40:1d:59:68:6e:a6:f8: - 58:b0:9d:1a:8f:d3:3f:f1:dc:19:06:81:a8:0e:e0: - 3a:dd:c8:53:45:09:06:e6:0f:70:c3:fa:40:a6:0e: - e2:56:05:0f:18:4d:fc:20:82:d1:73:55:74:8d:76: - 72:a0:1d:9d:1d:c0:dd:3f:71 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 50:68:3d:49:f4:2c:1c:06:94:df:95:60:7f:96:7b:17:fe:4f: - 71:ad:64:c8:dd:77:d2:ef:59:55:e8:3f:e8:8e:05:2a:21:f2: - 07:d2:b5:a7:52:fe:9c:b1:b6:e2:5b:77:17:40:ea:72:d6:23: - cb:28:81:32:c3:00:79:18:ec:59:17:89:c9:c6:6a:1e:71:c9: - fd:b7:74:a5:25:45:69:c5:48:ab:19:e1:45:8a:25:6b:19:ee: - e5:bb:12:f5:7f:f7:a6:8d:51:c3:f0:9d:74:b7:a9:3e:a0:a5: - ff:b6:49:03:13:da:22:cc:ed:71:82:2b:99:cf:3a:b7:f5:2d: - 72:c8 - -ValiCert Class 2 VA -=================== -MD5 Fingerprint: A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87 -PEM Data: ------BEGIN CERTIFICATE----- -MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 -IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz -BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y -aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG -9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy -NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y -azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs -YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw -Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl -cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY -dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9 -WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS -v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v -UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu -IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC -W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com - Validity - Not Before: Jun 26 00:19:54 1999 GMT - Not After : Jun 26 00:19:54 2019 GMT - Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:ce:3a:71:ca:e5:ab:c8:59:92:55:d7:ab:d8:74: - 0e:f9:ee:d9:f6:55:47:59:65:47:0e:05:55:dc:eb: - 98:36:3c:5c:53:5d:d3:30:cf:38:ec:bd:41:89:ed: - 25:42:09:24:6b:0a:5e:b3:7c:dd:52:2d:4c:e6:d4: - d6:7d:5a:59:a9:65:d4:49:13:2d:24:4d:1c:50:6f: - b5:c1:85:54:3b:fe:71:e4:d3:5c:42:f9:80:e0:91: - 1a:0a:5b:39:36:67:f3:3f:55:7c:1b:3f:b4:5f:64: - 73:34:e3:b4:12:bf:87:64:f8:da:12:ff:37:27:c1: - b3:43:bb:ef:7b:6e:2e:69:f7 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 3b:7f:50:6f:6f:50:94:99:49:62:38:38:1f:4b:f8:a5:c8:3e: - a7:82:81:f6:2b:c7:e8:c5:ce:e8:3a:10:82:cb:18:00:8e:4d: - bd:a8:58:7f:a1:79:00:b5:bb:e9:8d:af:41:d9:0f:34:ee:21: - 81:19:a0:32:49:28:f4:c4:8e:56:d5:52:33:fd:50:d5:7e:99: - 6c:03:e4:c9:4c:fc:cb:6c:ab:66:b3:4a:21:8c:e5:b5:0c:32: - 3e:10:b2:cc:6c:a1:dc:9a:98:4c:02:5b:f3:ce:b9:9e:a5:72: - 0e:4a:b7:3f:3c:e6:16:68:f8:be:ed:74:4c:bc:5b:d5:62:1f: - 43:dd - -ValiCert Class 3 VA -=================== -MD5 Fingerprint: A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72 -PEM Data: ------BEGIN CERTIFICATE----- -MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 -IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz -BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y -aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG -9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy -NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y -azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs -YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw -Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl -cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD -cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs -2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY -JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE -Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ -n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A -PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption - Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com - Validity - Not Before: Jun 26 00:22:33 1999 GMT - Not After : Jun 26 00:22:33 2019 GMT - Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:e3:98:51:96:1c:e8:d5:b1:06:81:6a:57:c3:72: - 75:93:ab:cf:9e:a6:fc:f3:16:52:d6:2d:4d:9f:35: - 44:a8:2e:04:4d:07:49:8a:38:29:f5:77:37:e7:b7: - ab:5d:df:36:71:14:99:8f:dc:c2:92:f1:e7:60:92: - 97:ec:d8:48:dc:bf:c1:02:20:c6:24:a4:28:4c:30: - 5a:76:6d:b1:5c:f3:dd:de:9e:10:71:a1:88:c7:5b: - 9b:41:6d:ca:b0:b8:8e:15:ee:ad:33:2b:cf:47:04: - 5c:75:71:0a:98:24:98:29:a7:49:59:a5:dd:f8:b7: - 43:62:61:f3:d3:e2:d0:55:3f - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 56:bb:02:58:84:67:08:2c:df:1f:db:7b:49:33:f5:d3:67:9d: - f4:b4:0a:10:b3:c9:c5:2c:e2:92:6a:71:78:27:f2:70:83:42: - d3:3e:cf:a9:54:f4:f1:d8:92:16:8c:d1:04:cb:4b:ab:c9:9f: - 45:ae:3c:8a:a9:b0:71:33:5d:c8:c5:57:df:af:a8:35:b3:7f: - 89:87:e9:e8:25:92:b8:7f:85:7a:ae:d6:bc:1e:37:58:2a:67: - c9:91:cf:2a:81:3e:ed:c6:39:df:c0:3e:19:9c:19:cc:13:4d: - 82:41:b5:8c:de:e0:3d:60:08:20:0f:45:7e:6b:a2:7f:a3:8c: - 15:ee - -VeriSign Class 4 Primary CA -=========================== -MD5 Fingerprint: 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10 -PEM Data: ------BEGIN CERTIFICATE----- -MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw -FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg -UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa -Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln -biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1 -9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj -IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd -O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF -AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ -g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am -yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 02:a6:00:00:01 - Signature Algorithm: md2WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - Validity - Not Before: Jan 29 00:00:00 1996 GMT - Not After : Dec 31 23:59:59 1999 GMT - Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:d0:b2:75:f6:78:d0:ae:5a:50:f4:e9:50:a9:9f: - 8c:d7:ef:91:94:70:e8:d2:24:90:76:89:85:d6:df: - ac:e6:01:17:32:80:f0:9d:93:47:bc:9a:65:9d:1f: - 97:ae:bf:e9:86:75:63:20:89:bd:80:58:9d:04:0c: - 9d:a8:c1:24:e9:0b:e5:31:78:bd:fc:2d:0c:37:6a: - 9e:78:80:e9:46:75:f9:ed:a3:fb:13:7b:c8:c1:4c: - d2:a3:ef:f5:3c:b0:62:8f:4a:5d:3b:dd:95:67:8f: - 13:b9:c1:3c:d6:a7:26:9b:ec:c3:3b:7a:d9:4d:bc: - 6d:9b:e8:15:01:e3:f0:47:a9 - Exponent: 65537 (0x10001) - Signature Algorithm: md2WithRSAEncryption - 53:dd:d3:f0:9c:24:7e:40:aa:e2:fc:00:1a:d7:da:0c:fc:32: - 61:b8:15:0d:96:f3:fa:57:1b:7f:33:7c:af:e9:98:9a:61:c8: - 7a:b3:b7:ff:b1:dc:99:83:dc:ac:12:fc:70:c9:1f:38:42:ed: - 44:f6:80:2e:5b:6b:33:69:ac:9c:d3:5c:e7:5f:5a:18:c7:b1: - 2d:79:04:96:41:91:99:41:b1:3c:0d:ba:84:39:c6:3b:97:f0: - 26:c9:8e:ee:bd:cc:42:95:ff:1e:c7:02:3f:54:0c:78:f5:bc: - aa:60:7c:02:69:e8:dc:ac:e2:02:76:61:c4:3e:03:ea:d2:8a: - 24:d1 - -Verisign Class 1 Public Primary Certification Authority -======================================================= -MD5 Fingerprint: 97:60:E8:57:5F:D3:50:47:E5:43:0C:94:36:8A:B0:62 -PEM Data: ------BEGIN CERTIFICATE----- -MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ -BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh -c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05 -NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD -VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp -bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB -jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0N -H8xlbgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR -4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATAN -BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZo -EWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5 -FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0ANACY89Fx -lA== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - cd:ba:7f:56:f0:df:e4:bc:54:fe:22:ac:b3:72:aa:55 - Signature Algorithm: md2WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - Validity - Not Before: Jan 29 00:00:00 1996 GMT - Not After : Aug 1 23:59:59 2028 GMT - Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:e5:19:bf:6d:a3:56:61:2d:99:48:71:f6:67:de: - b9:8d:eb:b7:9e:86:80:0a:91:0e:fa:38:25:af:46: - 88:82:e5:73:a8:a0:9b:24:5d:0d:1f:cc:65:6e:0c: - b0:d0:56:84:18:87:9a:06:9b:10:a1:73:df:b4:58: - 39:6b:6e:c1:f6:15:d5:a8:a8:3f:aa:12:06:8d:31: - ac:7f:b0:34:d7:8f:34:67:88:09:cd:14:11:e2:4e: - 45:56:69:1f:78:02:80:da:dc:47:91:29:bb:36:c9: - 63:5c:c5:e0:d7:2d:87:7b:a1:b7:32:b0:7b:30:ba: - 2a:2f:31:aa:ee:a3:67:da:db - Exponent: 65537 (0x10001) - Signature Algorithm: md2WithRSAEncryption - 4c:3f:b8:8b:c6:68:df:ee:43:33:0e:5d:e9:a6:cb:07:84:4d: - 7a:33:ff:92:1b:f4:36:ad:d8:95:22:36:68:11:6c:7c:42:cc: - f3:9c:2e:c4:07:3f:14:b0:0f:4f:ff:90:92:76:f9:e2:bc:4a: - e9:8f:cd:a0:80:0a:f7:c5:29:f1:82:22:5d:b8:b1:dd:81:23: - a3:7b:25:15:46:30:79:16:f8:ea:05:4b:94:7f:1d:c2:1c:c8: - e3:b7:f4:10:40:3c:13:c3:5f:1f:53:e8:48:e4:86:b4:7b:a1: - 35:b0:7b:25:ba:b8:d3:8e:ab:3f:38:9d:00:34:00:98:f3:d1: - 71:94 - -Verisign Class 1 Public Primary Certification Authority - G2 -============================================================ -MD5 Fingerprint: F2:7D:E9:54:E4:A3:22:0D:76:9F:E7:0B:BB:B3:24:2B -PEM Data: ------BEGIN CERTIFICATE----- -MIIDAjCCAmsCEDnKVIn+UCIy/jLZ2/sbhBkwDQYJKoZIhvcNAQEFBQAwgcExCzAJ -BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh -c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy -MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp -emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X -DTk4MDUxODAwMDAwMFoXDTE4MDUxODIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw -FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg -UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo -YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 -MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB -AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK -VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm -Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID -AQABMA0GCSqGSIb3DQEBBQUAA4GBAIv3GhDOdlwHq4OZ3BeAbzQ5XZg+a3Is4cei -e0ApuXiIukzFo2penm574/ICQQxmvq37rqIUzpLzojSLtLK2JPLl1eDI5WJthHvL -vrsDi3xXyvA3qZCviu4Dvh0onNkmdqDNxJ1O8K4HFtW+r1cIatCgQkJCHvQgzKV4 -gpUmOIpH ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 39:ca:54:89:fe:50:22:32:fe:32:d9:db:fb:1b:84:19 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network - Validity - Not Before: May 18 00:00:00 1998 GMT - Not After : May 18 23:59:59 2018 GMT - Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:aa:d0:ba:be:16:2d:b8:83:d4:ca:d2:0f:bc:76: - 31:ca:94:d8:1d:93:8c:56:02:bc:d9:6f:1a:6f:52: - 36:6e:75:56:0a:55:d3:df:43:87:21:11:65:8a:7e: - 8f:bd:21:de:6b:32:3f:1b:84:34:95:05:9d:41:35: - eb:92:eb:96:dd:aa:59:3f:01:53:6d:99:4f:ed:e5: - e2:2a:5a:90:c1:b9:c4:a6:15:cf:c8:45:eb:a6:5d: - 8e:9c:3e:f0:64:24:76:a5:cd:ab:1a:6f:b6:d8:7b: - 51:61:6e:a6:7f:87:c8:e2:b7:e5:34:dc:41:88:ea: - 09:40:be:73:92:3d:6b:e7:75 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 8b:f7:1a:10:ce:76:5c:07:ab:83:99:dc:17:80:6f:34:39:5d: - 98:3e:6b:72:2c:e1:c7:a2:7b:40:29:b9:78:88:ba:4c:c5:a3: - 6a:5e:9e:6e:7b:e3:f2:02:41:0c:66:be:ad:fb:ae:a2:14:ce: - 92:f3:a2:34:8b:b4:b2:b6:24:f2:e5:d5:e0:c8:e5:62:6d:84: - 7b:cb:be:bb:03:8b:7c:57:ca:f0:37:a9:90:af:8a:ee:03:be: - 1d:28:9c:d9:26:76:a0:cd:c4:9d:4e:f0:ae:07:16:d5:be:af: - 57:08:6a:d0:a0:42:42:42:1e:f4:20:cc:a5:78:82:95:26:38: - 8a:47 - -Verisign Class 1 Public Primary Certification Authority - G3 -============================================================ -MD5 Fingerprint: B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73 -PEM Data: ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl -cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu -LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT -aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD -VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT -aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ -bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu -IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 -nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO -8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV -ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb -PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 -6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr -n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a -qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 -wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 -ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs -pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 -E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3 - Validity - Not Before: Oct 1 00:00:00 1999 GMT - Not After : Jul 16 23:59:59 2036 GMT - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:dd:84:d4:b9:b4:f9:a7:d8:f3:04:78:9c:de:3d: - dc:6c:13:16:d9:7a:dd:24:51:66:c0:c7:26:59:0d: - ac:06:08:c2:94:d1:33:1f:f0:83:35:1f:6e:1b:c8: - de:aa:6e:15:4e:54:27:ef:c4:6d:1a:ec:0b:e3:0e: - f0:44:a5:57:c7:40:58:1e:a3:47:1f:71:ec:60:f6: - 6d:94:c8:18:39:ed:fe:42:18:56:df:e4:4c:49:10: - 78:4e:01:76:35:63:12:36:dd:66:bc:01:04:36:a3: - 55:68:d5:a2:36:09:ac:ab:21:26:54:06:ad:3f:ca: - 14:e0:ac:ca:ad:06:1d:95:e2:f8:9d:f1:e0:60:ff: - c2:7f:75:2b:4c:cc:da:fe:87:99:21:ea:ba:fe:3e: - 54:d7:d2:59:78:db:3c:6e:cf:a0:13:00:1a:b8:27: - a1:e4:be:67:96:ca:a0:c5:b3:9c:dd:c9:75:9e:eb: - 30:9a:5f:a3:cd:d9:ae:78:19:3f:23:e9:5c:db:29: - bd:ad:55:c8:1b:54:8c:63:f6:e8:a6:ea:c7:37:12: - 5c:a3:29:1e:02:d9:db:1f:3b:b4:d7:0f:56:47:81: - 15:04:4a:af:83:27:d1:c5:58:88:c1:dd:f6:aa:a7: - a3:18:da:68:aa:6d:11:51:e1:bf:65:6b:9f:96:76: - d1:3d - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - ab:66:8d:d7:b3:ba:c7:9a:b6:e6:55:d0:05:f1:9f:31:8d:5a: - aa:d9:aa:46:26:0f:71:ed:a5:ad:53:56:62:01:47:2a:44:e9: - fe:3f:74:0b:13:9b:b9:f4:4d:1b:b2:d1:5f:b2:b6:d2:88:5c: - b3:9f:cd:cb:d4:a7:d9:60:95:84:3a:f8:c1:37:1d:61:ca:e7: - b0:c5:e5:91:da:54:a6:ac:31:81:ae:97:de:cd:08:ac:b8:c0: - 97:80:7f:6e:72:a4:e7:69:13:95:65:1f:c4:93:3c:fd:79:8f: - 04:d4:3e:4f:ea:f7:9e:ce:cd:67:7c:4f:65:02:ff:91:85:54: - 73:c7:ff:36:f7:86:2d:ec:d0:5e:4f:ff:11:9f:72:06:d6:b8: - 1a:f1:4c:0d:26:65:e2:44:80:1e:c7:9f:e3:dd:e8:0a:da:ec: - a5:20:80:69:68:a1:4f:7e:e1:6b:cf:07:41:fa:83:8e:bc:38: - dd:b0:2e:11:b1:6b:b2:42:cc:9a:bc:f9:48:22:79:4a:19:0f: - b2:1c:3e:20:74:d9:6a:c3:be:f2:28:78:13:56:79:4f:6d:50: - ea:1b:b0:b5:57:b1:37:66:58:23:f3:dc:0f:df:0a:87:c4:ef: - 86:05:d5:38:14:60:99:a3:4b:de:06:96:71:2c:f2:db:b6:1f: - a4:ef:3f:ee - -Verisign Class 2 Public Primary Certification Authority -======================================================= -MD5 Fingerprint: B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E -PEM Data: ------BEGIN CERTIFICATE----- -MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyh -YGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7 -FYCTXOvnzAhsPz6zSvz/S2wj1VCCJkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0G -CSqGSIb3DQEBAgUAA4GBAIobK/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxg -J8pFUs4W7z8GZOeUaHxgMxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Nc -r6Pc5iaAIzy4RHT3Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 2d:1b:fc:4a:17:8d:a3:91:eb:e7:ff:f5:8b:45:be:0b - Signature Algorithm: md2WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - Validity - Not Before: Jan 29 00:00:00 1996 GMT - Not After : Aug 1 23:59:59 2028 GMT - Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:b6:5a:8b:a3:0d:6a:23:83:80:6b:cf:39:87:f4: - 21:13:33:06:4c:25:a2:ed:55:12:97:c5:a7:80:b9: - fa:83:c1:20:a0:fa:2f:15:0d:7c:a1:60:6b:7e:79: - 2c:fa:06:0f:3a:ae:f6:1b:6f:b1:d2:ff:2f:28:52: - 5f:83:7d:4b:c4:7a:b7:f8:66:1f:80:54:fc:b7:c2: - 8e:59:4a:14:57:46:d1:9a:93:be:41:91:03:bb:15: - 80:93:5c:eb:e7:cc:08:6c:3f:3e:b3:4a:fc:ff:4b: - 6c:23:d5:50:82:26:44:19:8e:23:c3:71:ea:19:24: - 47:04:9e:75:bf:c8:a6:00:1f - Exponent: 65537 (0x10001) - Signature Algorithm: md2WithRSAEncryption - 8a:1b:2b:fa:39:c1:74:d7:5e:d8:19:64:a2:58:4a:2d:37:e0: - 33:47:0f:ac:ed:f7:aa:db:1e:e4:8b:06:5c:60:27:ca:45:52: - ce:16:ef:3f:06:64:e7:94:68:7c:60:33:15:11:69:af:9d:62: - 8d:a3:03:54:6b:a6:be:e5:ee:05:18:60:04:bf:42:80:fd:d0: - a8:a8:1e:01:3b:f7:a3:5c:af:a3:dc:e6:26:80:23:3c:b8:44: - 74:f7:0a:ae:49:8b:61:78:cc:24:bf:88:8a:a7:0e:ea:73:19: - 41:fd:4d:03:f0:88:d1:e5:78:8d:a5:2a:4f:f6:97:0d:17:77: - ca:d8 - -Verisign Class 2 Public Primary Certification Authority - G2 -============================================================ -MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns -YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH -MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y -aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe -Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX -MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj -IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx -KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s -eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B -AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM -HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw -DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC -AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji -nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX -rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn -jBJ7xUS0rg== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network - Validity - Not Before: May 18 00:00:00 1998 GMT - Not After : Aug 1 23:59:59 2028 GMT - Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:a7:88:01:21:74:2c:e7:1a:03:f0:98:e1:97:3c: - 0f:21:08:f1:9c:db:97:e9:9a:fc:c2:04:06:13:be: - 5f:52:c8:cc:1e:2c:12:56:2c:b8:01:69:2c:cc:99: - 1f:ad:b0:96:ae:79:04:f2:13:39:c1:7b:98:ba:08: - 2c:e8:c2:84:13:2c:aa:69:e9:09:f4:c7:a9:02:a4: - 42:c2:23:4f:4a:d8:f0:0e:a2:fb:31:6c:c9:e6:6f: - 99:27:07:f5:e6:f4:4c:78:9e:6d:eb:46:86:fa:b9: - 86:c9:54:f2:b2:c4:af:d4:46:1c:5a:c9:15:30:ff: - 0d:6c:f5:2d:0e:6d:ce:7f:77 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 72:2e:f9:7f:d1:f1:71:fb:c4:9e:f6:c5:5e:51:8a:40:98:b8: - 68:f8:9b:1c:83:d8:e2:9d:bd:ff:ed:a1:e6:66:ea:2f:09:f4: - ca:d7:ea:a5:2b:95:f6:24:60:86:4d:44:2e:83:a5:c4:2d:a0: - d3:ae:78:69:6f:72:da:6c:ae:08:f0:63:92:37:e6:bb:c4:30: - 17:ad:77:cc:49:35:aa:cf:d8:8f:d1:be:b7:18:96:47:73:6a: - 54:22:34:64:2d:b6:16:9b:59:5b:b4:51:59:3a:b3:0b:14:f4: - 12:df:67:a0:f4:ad:32:64:5e:b1:46:72:27:8c:12:7b:c5:44: - b4:ae - -Verisign Class 2 Public Primary Certification Authority - G3 -============================================================ -MD5 Fingerprint: F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6 -PEM Data: ------BEGIN CERTIFICATE----- -MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ -BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy -aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s -IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp -Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV -BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp -Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu -Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g -Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt -IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU -J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO -JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY -wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o -koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN -qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E -Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe -xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u -7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU -sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI -sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP -cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3 - Validity - Not Before: Oct 1 00:00:00 1999 GMT - Not After : Jul 16 23:59:59 2036 GMT - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:af:0a:0d:c2:d5:2c:db:67:b9:2d:e5:94:27:dd: - a5:be:e0:b0:4d:8f:b3:61:56:3c:d6:7c:c3:f4:cd: - 3e:86:cb:a2:88:e2:e1:d8:a4:69:c5:b5:e2:bf:c1: - a6:47:50:5e:46:39:8b:d5:96:ba:b5:6f:14:bf:10: - ce:27:13:9e:05:47:9b:31:7a:13:d8:1f:d9:d3:02: - 37:8b:ad:2c:47:f0:8e:81:06:a7:0d:30:0c:eb:f7: - 3c:0f:20:1d:dc:72:46:ee:a5:02:c8:5b:c3:c9:56: - 69:4c:c5:18:c1:91:7b:0b:d5:13:00:9b:bc:ef:c3: - 48:3e:46:60:20:85:2a:d5:90:b6:cd:8b:a0:cc:32: - dd:b7:fd:40:55:b2:50:1c:56:ae:cc:8d:77:4d:c7: - 20:4d:a7:31:76:ef:68:92:8a:90:1e:08:81:56:b2: - ad:69:a3:52:d0:cb:1c:c4:23:3d:1f:99:fe:4c:e8: - 16:63:8e:c6:08:8e:f6:31:f6:d2:fa:e5:76:dd:b5: - 1c:92:a3:49:cd:cd:01:cd:68:cd:a9:69:ba:a3:eb: - 1d:0d:9c:a4:20:a6:c1:a0:c5:d1:46:4c:17:6d:d2: - ac:66:3f:96:8c:e0:84:d4:36:ff:22:59:c5:f9:11: - 60:a8:5f:04:7d:f2:1a:f6:25:42:61:0f:c4:4a:b8: - 3e:89 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 34:26:15:3c:c0:8d:4d:43:49:1d:bd:e9:21:92:d7:66:9c:b7: - de:c5:b8:d0:e4:5d:5f:76:22:c0:26:f9:84:3a:3a:f9:8c:b5: - fb:ec:60:f1:e8:ce:04:b0:c8:dd:a7:03:8f:30:f3:98:df:a4: - e6:a4:31:df:d3:1c:0b:46:dc:72:20:3f:ae:ee:05:3c:a4:33: - 3f:0b:39:ac:70:78:73:4b:99:2b:df:30:c2:54:b0:a8:3b:55: - a1:fe:16:28:cd:42:bd:74:6e:80:db:27:44:a7:ce:44:5d:d4: - 1b:90:98:0d:1e:42:94:b1:00:2c:04:d0:74:a3:02:05:22:63: - 63:cd:83:b5:fb:c1:6d:62:6b:69:75:fd:5d:70:41:b9:f5:bf: - 7c:df:be:c1:32:73:22:21:8b:58:81:7b:15:91:7a:ba:e3:64: - 48:b0:7f:fb:36:25:da:95:d0:f1:24:14:17:dd:18:80:6b:46: - 23:39:54:f5:8e:62:09:04:1d:94:90:a6:9b:e6:25:e2:42:45: - aa:b8:90:ad:be:08:8f:a9:0b:42:18:94:cf:72:39:e1:b1:43: - e0:28:cf:b7:e7:5a:6c:13:6b:49:b3:ff:e3:18:7c:89:8b:33: - 5d:ac:33:d7:a7:f9:da:3a:55:c9:58:10:f9:aa:ef:5a:b6:cf: - 4b:4b:df:2a - -Verisign Class 3 Public Primary Certification Authority -======================================================= -MD5 Fingerprint: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67 -PEM Data: ------BEGIN CERTIFICATE----- -MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE -BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is -I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G -CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do -lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc -AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf - Signature Algorithm: md2WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - Validity - Not Before: Jan 29 00:00:00 1996 GMT - Not After : Aug 1 23:59:59 2028 GMT - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40: - db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9: - 11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03: - 1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2: - 63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f: - 42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23: - 5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85: - e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2: - 71:64:4c:65:2e:81:68:45:a7 - Exponent: 65537 (0x10001) - Signature Algorithm: md2WithRSAEncryption - bb:4c:12:2b:cf:2c:26:00:4f:14:13:dd:a6:fb:fc:0a:11:84: - 8c:f3:28:1c:67:92:2f:7c:b6:c5:fa:df:f0:e8:95:bc:1d:8f: - 6c:2c:a8:51:cc:73:d8:a4:c0:53:f0:4e:d6:26:c0:76:01:57: - 81:92:5e:21:f1:d1:b1:ff:e7:d0:21:58:cd:69:17:e3:44:1c: - 9c:19:44:39:89:5c:dc:9c:00:0f:56:8d:02:99:ed:a2:90:45: - 4c:e4:bb:10:a4:3d:f0:32:03:0e:f1:ce:f8:e8:c9:51:8c:e6: - 62:9f:e6:9f:c0:7d:b7:72:9c:c9:36:3a:6b:9f:4e:a8:ff:64: - 0d:64 - -Verisign Class 3 Public Primary Certification Authority - G2 -============================================================ -MD5 Fingerprint: A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ -BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh -c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy -MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp -emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X -DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw -FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg -UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo -YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 -MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB -AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4 -pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0 -13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID -AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk -U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i -F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY -oJ2daZH9 ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network - Validity - Not Before: May 18 00:00:00 1998 GMT - Not After : Aug 1 23:59:59 2028 GMT - Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:cc:5e:d1:11:5d:5c:69:d0:ab:d3:b9:6a:4c:99: - 1f:59:98:30:8e:16:85:20:46:6d:47:3f:d4:85:20: - 84:e1:6d:b3:f8:a4:ed:0c:f1:17:0f:3b:f9:a7:f9: - 25:d7:c1:cf:84:63:f2:7c:63:cf:a2:47:f2:c6:5b: - 33:8e:64:40:04:68:c1:80:b9:64:1c:45:77:c7:d8: - 6e:f5:95:29:3c:50:e8:34:d7:78:1f:a8:ba:6d:43: - 91:95:8f:45:57:5e:7e:c5:fb:ca:a4:04:eb:ea:97: - 37:54:30:6f:bb:01:47:32:33:cd:dc:57:9b:64:69: - 61:f8:9b:1d:1c:89:4f:5c:67 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 51:4d:cd:be:5c:cb:98:19:9c:15:b2:01:39:78:2e:4d:0f:67: - 70:70:99:c6:10:5a:94:a4:53:4d:54:6d:2b:af:0d:5d:40:8b: - 64:d3:d7:ee:de:56:61:92:5f:a6:c4:1d:10:61:36:d3:2c:27: - 3c:e8:29:09:b9:11:64:74:cc:b5:73:9f:1c:48:a9:bc:61:01: - ee:e2:17:a6:0c:e3:40:08:3b:0e:e7:eb:44:73:2a:9a:f1:69: - 92:ef:71:14:c3:39:ac:71:a7:91:09:6f:e4:71:06:b3:ba:59: - 57:26:79:00:f6:f8:0d:a2:33:30:28:d4:aa:58:a0:9d:9d:69: - 91:fd - -Verisign Class 3 Public Primary Certification Authority - G3 -============================================================ -MD5 Fingerprint: CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09 -PEM Data: ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl -cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu -LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT -aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD -VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT -aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ -bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu -IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b -N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t -KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu -kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm -CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ -Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu -imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te -2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe -DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC -/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p -F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt -TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 - Validity - Not Before: Oct 1 00:00:00 1999 GMT - Not After : Jul 16 23:59:59 2036 GMT - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:cb:ba:9c:52:fc:78:1f:1a:1e:6f:1b:37:73:bd: - f8:c9:6b:94:12:30:4f:f0:36:47:f5:d0:91:0a:f5: - 17:c8:a5:61:c1:16:40:4d:fb:8a:61:90:e5:76:20: - c1:11:06:7d:ab:2c:6e:a6:f5:11:41:8e:fa:2d:ad: - 2a:61:59:a4:67:26:4c:d0:e8:bc:52:5b:70:20:04: - 58:d1:7a:c9:a4:69:bc:83:17:64:ad:05:8b:bc:d0: - 58:ce:8d:8c:f5:eb:f0:42:49:0b:9d:97:27:67:32: - 6e:e1:ae:93:15:1c:70:bc:20:4d:2f:18:de:92:88: - e8:6c:85:57:11:1a:e9:7e:e3:26:11:54:a2:45:96: - 55:83:ca:30:89:e8:dc:d8:a3:ed:2a:80:3f:7f:79: - 65:57:3e:15:20:66:08:2f:95:93:bf:aa:47:2f:a8: - 46:97:f0:12:e2:fe:c2:0a:2b:51:e6:76:e6:b7:46: - b7:e2:0d:a6:cc:a8:c3:4c:59:55:89:e6:e8:53:5c: - 1c:ea:9d:f0:62:16:0b:a7:c9:5f:0c:f0:de:c2:76: - ce:af:f7:6a:f2:fa:41:a6:a2:33:14:c9:e5:7a:63: - d3:9e:62:37:d5:85:65:9e:0e:e6:53:24:74:1b:5e: - 1d:12:53:5b:c7:2c:e7:83:49:3b:15:ae:8a:68:b9: - 57:97 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 11:14:96:c1:ab:92:08:f7:3f:2f:c9:b2:fe:e4:5a:9f:64:de: - db:21:4f:86:99:34:76:36:57:dd:d0:15:2f:c5:ad:7f:15:1f: - 37:62:73:3e:d4:e7:5f:ce:17:03:db:35:fa:2b:db:ae:60:09: - 5f:1e:5f:8f:6e:bb:0b:3d:ea:5a:13:1e:0c:60:6f:b5:c0:b5: - 23:22:2e:07:0b:cb:a9:74:cb:47:bb:1d:c1:d7:a5:6b:cc:2f: - d2:42:fd:49:dd:a7:89:cf:53:ba:da:00:5a:28:bf:82:df:f8: - ba:13:1d:50:86:82:fd:8e:30:8f:29:46:b0:1e:3d:35:da:38: - 62:16:18:4a:ad:e6:b6:51:6c:de:af:62:eb:01:d0:1e:24:fe: - 7a:8f:12:1a:12:68:b8:fb:66:99:14:14:45:5c:ae:e7:ae:69: - 17:81:2b:5a:37:c9:5e:2a:f4:c6:e2:a1:5c:54:9b:a6:54:00: - cf:f0:f1:c1:c7:98:30:1a:3b:36:16:db:a3:6e:ea:fd:ad:b2: - c2:da:ef:02:47:13:8a:c0:f1:b3:31:ad:4f:1c:e1:4f:9c:af: - 0f:0c:9d:f7:78:0d:d8:f4:35:56:80:da:b7:6d:17:8f:9d:1e: - 81:64:e1:fe:c5:45:ba:ad:6b:b9:0a:7a:4e:4f:4b:84:ee:4b: - f1:7d:dd:11 - -Verisign Class 4 Public Primary Certification Authority - G2 -============================================================ -MD5 Fingerprint: 26:6D:2C:19:98:B6:70:68:38:50:54:19:EC:90:34:60 -PEM Data: ------BEGIN CERTIFICATE----- -MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ -BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh -c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy -MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp -emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X -DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw -FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg -UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo -YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 -MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB -AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM -HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK -qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID -AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj -cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y -cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP -T8qAkbYp ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 32:88:8e:9a:d2:f5:eb:13:47:f8:7f:c4:20:37:25:f8 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network - Validity - Not Before: May 18 00:00:00 1998 GMT - Not After : Aug 1 23:59:59 2028 GMT - Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:ba:f0:e4:cf:f9:c4:ae:85:54:b9:07:57:f9:8f: - c5:7f:68:11:f8:c4:17:b0:44:dc:e3:30:73:d5:2a: - 62:2a:b8:d0:cc:1c:ed:28:5b:7e:bd:6a:dc:b3:91: - 24:ca:41:62:3c:fc:02:01:bf:1c:16:31:94:05:97: - 76:6e:a2:ad:bd:61:17:6c:4e:30:86:f0:51:37:2a: - 50:c7:a8:62:81:dc:5b:4a:aa:c1:a0:b4:6e:eb:2f: - e5:57:c5:b1:2b:40:70:db:5a:4d:a1:8e:1f:bd:03: - 1f:d8:03:d4:8f:4c:99:71:bc:e2:82:cc:58:e8:98: - 3a:86:d3:86:38:f3:00:29:1f - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 85:8c:12:c1:a7:b9:50:15:7a:cb:3e:ac:b8:43:8a:dc:aa:dd: - 14:ba:89:81:7e:01:3c:23:71:21:88:2f:82:dc:63:fa:02:45: - ac:45:59:d7:2a:58:44:5b:b7:9f:81:3b:92:68:3d:e2:37:24: - f5:7b:6c:8f:76:35:96:09:a8:59:9d:b9:ce:23:ab:74:d6:83: - fd:32:73:27:d8:69:3e:43:74:f6:ae:c5:89:9a:e7:53:7c:e9: - 7b:f6:4b:f3:c1:65:83:de:8d:8a:9c:3c:88:8d:39:59:fc:aa: - 3f:22:8d:a1:c1:66:50:81:72:4c:ed:22:64:4f:4f:ca:80:91: - b6:29 - -Verisign Class 4 Public Primary Certification Authority - G3 -============================================================ -MD5 Fingerprint: DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF -PEM Data: ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl -cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu -LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT -aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD -VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT -aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ -bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu -IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1 -GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ -+mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd -U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm -NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY -ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/ -ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1 -CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq -g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm -fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c -2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/ -bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3 - Validity - Not Before: Oct 1 00:00:00 1999 GMT - Not After : Jul 16 23:59:59 2036 GMT - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:ad:cb:a5:11:69:c6:59:ab:f1:8f:b5:19:0f:56: - ce:cc:b5:1f:20:e4:9e:26:25:4b:e0:73:65:89:59: - de:d0:83:e4:f5:0f:b5:bb:ad:f1:7c:e8:21:fc:e4: - e8:0c:ee:7c:45:22:19:76:92:b4:13:b7:20:5b:09: - fa:61:ae:a8:f2:a5:8d:85:c2:2a:d6:de:66:36:d2: - 9b:02:f4:a8:92:60:7c:9c:69:b4:8f:24:1e:d0:86: - 52:f6:32:9c:41:58:1e:22:bd:cd:45:62:95:08:6e: - d0:66:dd:53:a2:cc:f0:10:dc:54:73:8b:04:a1:46: - 33:33:5c:17:40:b9:9e:4d:d3:f3:be:55:83:e8:b1: - 89:8e:5a:7c:9a:96:22:90:3b:88:25:f2:d2:53:88: - 02:0c:0b:78:f2:e6:37:17:4b:30:46:07:e4:80:6d: - a6:d8:96:2e:e8:2c:f8:11:b3:38:0d:66:a6:9b:ea: - c9:23:5b:db:8e:e2:f3:13:8e:1a:59:2d:aa:02:f0: - ec:a4:87:66:dc:c1:3f:f5:d8:b9:f4:ec:82:c6:d2: - 3d:95:1d:e5:c0:4f:84:c9:d9:a3:44:28:06:6a:d7: - 45:ac:f0:6b:6a:ef:4e:5f:f8:11:82:1e:38:63:34: - 66:50:d4:3e:93:73:fa:30:c3:66:ad:ff:93:2d:97: - ef:03 - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 8f:fa:25:6b:4f:5b:e4:a4:4e:27:55:ab:22:15:59:3c:ca:b5: - 0a:d4:4a:db:ab:dd:a1:5f:53:c5:a0:57:39:c2:ce:47:2b:be: - 3a:c8:56:bf:c2:d9:27:10:3a:b1:05:3c:c0:77:31:bb:3a:d3: - 05:7b:6d:9a:1c:30:8c:80:cb:93:93:2a:83:ab:05:51:82:02: - 00:11:67:6b:f3:88:61:47:5f:03:93:d5:5b:0d:e0:f1:d4:a1: - 32:35:85:b2:3a:db:b0:82:ab:d1:cb:0a:bc:4f:8c:5b:c5:4b: - 00:3b:1f:2a:82:a6:7e:36:85:dc:7e:3c:67:00:b5:e4:3b:52: - e0:a8:eb:5d:15:f9:c6:6d:f0:ad:1d:0e:85:b7:a9:9a:73:14: - 5a:5b:8f:41:28:c0:d5:e8:2d:4d:a4:5e:cd:aa:d9:ed:ce:dc: - d8:d5:3c:42:1d:17:c1:12:5d:45:38:c3:38:f3:fc:85:2e:83: - 46:48:b2:d7:20:5f:92:36:8f:e7:79:0f:98:5e:99:e8:f0:d0: - a4:bb:f5:53:bd:2a:ce:59:b0:af:6e:7f:6c:bb:d2:1e:00:b0: - 21:ed:f8:41:62:82:b9:d8:b2:c4:bb:46:50:f3:31:c5:8f:01: - a8:74:eb:f5:78:27:da:e7:f7:66:43:f3:9e:83:3e:20:aa:c3: - 35:60:91:ce - -Verisign/RSA Commercial CA -========================== -MD5 Fingerprint: 5A:0B:DD:42:9E:B2:B4:62:97:32:7F:7F:0A:AA:9A:39 -PEM Data: ------BEGIN CERTIFICATE----- -MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw -HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy -Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05 -OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT -ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o -975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/ -touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE -7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j -9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI -0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb -MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU= ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 02:41:00:00:16 - Signature Algorithm: md2WithRSAEncryption - Issuer: C=US, O=RSA Data Security, Inc., OU=Commercial Certification Authority - Validity - Not Before: Nov 4 18:58:34 1994 GMT - Not After : Nov 3 18:58:34 1999 GMT - Subject: C=US, O=RSA Data Security, Inc., OU=Commercial Certification Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1000 bit) - Modulus (1000 bit): - 00:a4:fb:81:62:7b:ce:10:27:dd:e8:f7:be:6c:6e: - c6:70:99:db:b8:d5:05:03:69:28:82:9c:72:7f:96: - 3f:8e:ec:ac:29:92:3f:8a:14:f8:42:76:be:bd:5d: - 03:b9:90:d4:d0:bc:06:b2:51:33:5f:c4:c2:bf:b6: - 8b:8f:99:b6:62:22:60:dd:db:df:20:82:b4:ca:a2: - 2f:2d:50:ed:94:32:de:e0:55:8d:d4:68:e2:e0:4c: - d2:cd:05:16:2e:95:66:5c:61:52:38:1e:51:a8:82: - a1:c4:ef:25:e9:0a:e6:8b:2b:8e:31:66:d9:f8:d9: - fd:bd:3b:69:d9:eb - Exponent: 65537 (0x10001) - Signature Algorithm: md2WithRSAEncryption - 76:b5:b6:10:fe:23:f7:f7:59:62:4b:b0:5f:9c:c1:68:bc:49: - bb:b3:49:6f:21:47:5d:2b:9d:54:c4:00:28:3f:98:b9:f2:8a: - 83:9b:60:7f:eb:50:c7:ab:05:10:2d:3d:ed:38:02:c1:a5:48: - d2:fe:65:a0:c0:bc:ea:a6:23:16:66:6c:1b:24:a9:f3:ec:79: - 35:18:4f:26:c8:e3:af:50:4a:c7:a7:31:6b:d0:7c:18:9d:50: - bf:a9:26:fa:26:2b:46:9c:14:a9:bb:5b:30:98:42:28:b5:4b: - 53:bb:43:09:92:40:ba:a8:aa:5a:a4:c6:b6:8b:57:4d:c5 - -Verisign/RSA Secure Server CA -============================= -MD5 Fingerprint: 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93 -PEM Data: ------BEGIN CERTIFICATE----- -MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG -A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD -VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0 -MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV -BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy -dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ -ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII -0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI -uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI -hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3 -YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc -1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA== ------END CERTIFICATE----- -Certificate Ingredients: - Data: - Version: 1 (0x0) - Serial Number: - 02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0 - Signature Algorithm: md2WithRSAEncryption - Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority - Validity - Not Before: Nov 9 00:00:00 1994 GMT - Not After : Jan 7 23:59:59 2010 GMT - Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1000 bit) - Modulus (1000 bit): - 00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25: - 01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03: - e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86: - 37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9: - 4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07: - 65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48: - b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49: - 54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5: - dd:2d:d6:c8:1e:7b - Exponent: 65537 (0x10001) - Signature Algorithm: md2WithRSAEncryption - 65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3: - c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5: - b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49: - c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b: - 4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39: - 16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04: - f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50 diff --git a/usr.sbin/httpd/conf/ssl.crt/server.crt b/usr.sbin/httpd/conf/ssl.crt/server.crt deleted file mode 100644 index d50516d82ff..00000000000 --- a/usr.sbin/httpd/conf/ssl.crt/server.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBqzCCARQCAQAwDQYJKoZIhvcNAQEEBQAwHjELMAkGA1UEBhMCQ0ExDzANBgNV -BAgTBkNhbmFkYTAeFw0wMjAyMTExOTM5MzVaFw0wMzAyMTExOTM5MzVaMB4xCzAJ -BgNVBAYTAkNBMQ8wDQYDVQQIEwZDYW5hZGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0A -MIGJAoGBAPOttmU7QXSzgW3wgS8TE1srfBWrodZSW3BQ0qj4QhFVkxwfnc2Nvj6E -zczBW3sei4I+dkW5iFOny2x2KxCIwZNuJHRp3eP5iULizL6oCdFVD8Q0LxM7gaBU -0AezcOVpu/Olvcjz6r7lxA4t2zTtlcvldsYNepmNbxF/oTacnBNbAgMBAAEwDQYJ -KoZIhvcNAQEEBQADgYEAblihB4VcdozNq22Gi9NpSnKSD0YVE+cJsCHEcL+mbVf+ -bintXEsm6VMh/XXHsF+liBGiqrXOqmKhfsCo3TIovc7I199v7SUwRBL9cQUrA/ns -8t0MOcvZoWWf7srN6Qoet5a0BSfg6kfGH3k0SvAM8MaPqAeM5bFy76aORvQXTLE= ------END CERTIFICATE----- diff --git a/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-dsa.crt b/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-dsa.crt deleted file mode 100644 index 4f4aaf63084..00000000000 --- a/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-dsa.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEEzCCA8+gAwIBAgIBADALBgcqhkjOOAQDBQAwga8xCzAJBgNVBAYTAlhZMRUw -EwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcTClNuYWtlIFRvd24xFzAVBgNV -BAoTDlNuYWtlIE9pbCwgTHRkMSQwIgYDVQQLExtDZXJ0aWZpY2F0ZSBBdXRob3Jp -dHkgKERTQSkxFTATBgNVBAMTDFNuYWtlIE9pbCBDQTEeMBwGCSqGSIb3DQEJARYP -Y2FAc25ha2VvaWwuZG9tMB4XDTk5MTAyMTE4MjkzN1oXDTAxMTAyMDE4MjkzN1ow -ga8xCzAJBgNVBAYTAlhZMRUwEwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcT -ClNuYWtlIFRvd24xFzAVBgNVBAoTDlNuYWtlIE9pbCwgTHRkMSQwIgYDVQQLExtD -ZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKERTQSkxFTATBgNVBAMTDFNuYWtlIE9pbCBD -QTEeMBwGCSqGSIb3DQEJARYPY2FAc25ha2VvaWwuZG9tMIIBtjCCASsGByqGSM44 -BAEwggEeAoGBAIufVdfx9oweG3NK2n3BjoFVM+4RT1ukyaGtvq+Bo1nLh1N7pVLz -invAZ6mrkJCN84vgeN1r6DXbHO2jy7EGQIM73xeD2rzoJjjkdmT6robIY4tlI4Px -xAfCHWhQ/rmzlPPTXw4UHOkjdsfF87pph6VZjOIOIUqnUGtR25r6krhJAhUA8sdJ -X0VLPxnsgc6DVmvkfzahA6UCgYBZI9bJ9Vc8AXyHYYNv5x/3uTjhWQdn5HGl7waC -GV8Gf0vcRJZRk04kx8MuWfLt1K1hT3xVNU16SJ1i5oGy/ISQWufLs0JSaK5pKdfh -SO0UOQ2Ff2PlhsJEYuaxzzrkBPngpG7fU7b90ocujo2AU+KuKMfL30cngtFj1n0e -RdXOzAOBhAACgYAsjVZYJl5pyLiRK+FfLF6dMI1BCRzyz3/EK4CLh1XjZ5IZCi6b -dua9YTVwum4w8buOE86P2zC/9Z9tpEpn1Joqf68jgjmzPKNpaO2AiQQC5UkzGzpx -EVagyIzL0FP+WIM0ABLodiyoDkmPydPpllQjnG/O9na5o4gkrgxsqNKQLKN6MHgw -GgYDVR0RBBMwEYEPY2FAc25ha2VvaWwuZG9tMA8GA1UdEwQIMAYBAf8CAQAwNgYJ -YIZIAYb4QgENBCkWJ21vZF9zc2wgZ2VuZXJhdGVkIGN1c3RvbSBDQSBjZXJ0aWZp -Y2F0ZTARBglghkgBhvhCAQEEBAMCAgQwCwYHKoZIzjgEAwUAAzEAMC4CFQC/d4P2 -0mWRROo+DKuNJDnnjQ9NmQIVAKs5D8EhoYBwBm4IwOsuvd3YWoVa ------END CERTIFICATE----- diff --git a/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-rsa.crt b/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-rsa.crt deleted file mode 100644 index cc473b3fc9e..00000000000 --- a/usr.sbin/httpd/conf/ssl.crt/snakeoil-ca-rsa.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDRDCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx -FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG -A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv -cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz -bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTQ2WhcNMDExMDIwMTgyMTQ2WjCBqTEL -MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h -a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRp -ZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZI -hvcNAQkBFg9jYUBzbmFrZW9pbC5kb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ -AoGBANiTGAmWoiB2Qx3SbwFXwjbqU9ZwnfBE5Er1h1kNh487D782I8mcT/CzxmsH -evK3heBKTEno+jB0y5p4+QShxryaMUUbRoOGfrlrVwc/dbwJQz7UNyqDlWnvnW4p -TfdVd+8JlCpYFB23Z7bmpUV1Xy6VFKBahzIhzITaux1vvEPLAgMBAAGjejB4MBoG -A1UdEQQTMBGBD2NhQHNuYWtlb2lsLmRvbTAPBgNVHRMECDAGAQH/AgEAMDYGCWCG -SAGG+EIBDQQpFidtb2Rfc3NsIGdlbmVyYXRlZCBjdXN0b20gQ0EgY2VydGlmaWNh -dGUwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBBAUAA4GBAImhzPY4PBRt -PQbAQBAmHIBRcb69iTbFC+dghnVJQ3F549rZapY420kQDKQ6aCybPFmxJ/Rf27gY -FuAuo+B8EEVX0lU8VUSEhYQedODnQ3skwcT02g4b33GkzH7ED2N9kaa6U65UUrcE -KXJgz7tmAQHnTc9K1g2qIApIjnr3FrrJ ------END CERTIFICATE----- diff --git a/usr.sbin/httpd/conf/ssl.crt/snakeoil-dsa.crt b/usr.sbin/httpd/conf/ssl.crt/snakeoil-dsa.crt deleted file mode 100644 index 4b7b90ef0e7..00000000000 --- a/usr.sbin/httpd/conf/ssl.crt/snakeoil-dsa.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEAzCCA8GgAwIBAgIBATALBgcqhkjOOAQDBQAwga8xCzAJBgNVBAYTAlhZMRUw -EwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcTClNuYWtlIFRvd24xFzAVBgNV -BAoTDlNuYWtlIE9pbCwgTHRkMSQwIgYDVQQLExtDZXJ0aWZpY2F0ZSBBdXRob3Jp -dHkgKERTQSkxFTATBgNVBAMTDFNuYWtlIE9pbCBDQTEeMBwGCSqGSIb3DQEJARYP -Y2FAc25ha2VvaWwuZG9tMB4XDTk5MTAyMTE4Mjk1MFoXDTAxMTAyMDE4Mjk1MFow -ga0xCzAJBgNVBAYTAlhZMRUwEwYDVQQIEwxTbmFrZSBEZXNlcnQxEzARBgNVBAcT -ClNuYWtlIFRvd24xFzAVBgNVBAoTDlNuYWtlIE9pbCwgTHRkMR0wGwYDVQQLExRX -ZWJzZXJ2ZXIgVGVhbSAoRFNBKTEZMBcGA1UEAxMQd3d3LnNuYWtlb2lsLmRvbTEf -MB0GCSqGSIb3DQEJARYQd3d3QHNuYWtlb2lsLmRvbTCCAbYwggErBgcqhkjOOAQB -MIIBHgKBgQCLn1XX8faMHhtzStp9wY6BVTPuEU9bpMmhrb6vgaNZy4dTe6VS84p7 -wGepq5CQjfOL4Hjda+g12xzto8uxBkCDO98Xg9q86CY45HZk+q6GyGOLZSOD8cQH -wh1oUP65s5Tz018OFBzpI3bHxfO6aYelWYziDiFKp1BrUdua+pK4SQIVAPLHSV9F -Sz8Z7IHOg1Zr5H82oQOlAoGAWSPWyfVXPAF8h2GDb+cf97k44VkHZ+Rxpe8Gghlf -Bn9L3ESWUZNOJMfDLlny7dStYU98VTVNekidYuaBsvyEkFrny7NCUmiuaSnX4Ujt -FDkNhX9j5YbCRGLmsc865AT54KRu31O2/dKHLo6NgFPirijHy99HJ4LRY9Z9HkXV -zswDgYQAAoGAcARR9kHyvPAuiSlt2ofunB0OA3qIpbcYutu1jeR3EC8JDxp/lrWE -mYxubcOLaqqIJifiD9hf+RuhSNg0D+0A7yjXgFPI13Loo7lqNu0trG4ULV4GUU2b -zoxp/PQQtJiB4B0DJCO789+ZsdUpJN1Tat3ocIRgryZb6Hor9ifF9iGjbjBsMBsG -A1UdEQQUMBKBEHd3d0BzbmFrZW9pbC5kb20wOgYJYIZIAYb4QgENBC0WK21vZF9z -c2wgZ2VuZXJhdGVkIGN1c3RvbSBzZXJ2ZXIgY2VydGlmaWNhdGUwEQYJYIZIAYb4 -QgEBBAQDAgZAMAsGByqGSM44BAMFAAMvADAsAhRXQ6Pm1pLo0Du/A7Lg1ILzncj5 -3gIUBHvNEBKuqJERC8Zt7LECsjmrVMM= ------END CERTIFICATE----- diff --git a/usr.sbin/httpd/conf/ssl.crt/snakeoil-rsa.crt b/usr.sbin/httpd/conf/ssl.crt/snakeoil-rsa.crt deleted file mode 100644 index 18747b9732a..00000000000 --- a/usr.sbin/httpd/conf/ssl.crt/snakeoil-rsa.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDNjCCAp+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx -FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG -A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv -cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz -bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTUxWhcNMDExMDIwMTgyMTUxWjCBpzEL -MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h -a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl -cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN -AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB -gQC554Ro+VH0dJONqljPBW+C72MDNGNy9eXnzejXrczsHs3Pc92Vaat6CpIEEGue -yG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9ziYon8jWsbK2aE -+L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImW+Zds8YEFiAwIDAQABo24wbDAbBgNV -HREEFDASgRB3d3dAc25ha2VvaWwuZG9tMDoGCWCGSAGG+EIBDQQtFittb2Rfc3Ns -IGdlbmVyYXRlZCBjdXN0b20gc2VydmVyIGNlcnRpZmljYXRlMBEGCWCGSAGG+EIB -AQQEAwIGQDANBgkqhkiG9w0BAQQFAAOBgQB6MRsYGTXUR53/nTkRDQlBdgCcnhy3 -hErfmPNl/Or5jWOmuufeIXqCvM6dK7kW/KBboui4pffIKUVafLUMdARVV6BpIGMI -5LmVFK3sgwuJ01v/90hCt4kTWoT8YHbBLtQh7PzWgJoBAY7MJmjSguYCRt91sU4K -s0dfWsdItkw4uQ== ------END CERTIFICATE----- diff --git a/usr.sbin/httpd/conf/ssl.csr/README.CSR b/usr.sbin/httpd/conf/ssl.csr/README.CSR deleted file mode 100644 index f04815f71da..00000000000 --- a/usr.sbin/httpd/conf/ssl.csr/README.CSR +++ /dev/null @@ -1,23 +0,0 @@ - - This is the ssl.csr/ directory of Apache/mod_ssl - where PEM-encoded X.509 Certificate Signing Requests for SSL are stored. - - Per default the following file is provided: - - o server.csr: - This is the server certificate signing request for Apache/mod_ssl - corresponding to the ../ssl.crt/server.crt file. Per default this is a - dummy file, but may be overwritten by the `make certificate' target under - built-time. Then it contains the CSR which you can send to a public - Certification Authority (CA) for requesting a real signed certificate - (which then can replace the ../ssl.crt/server.crt file). - - You can also use this directory for temporarily storing CSRs from within your - (CGI-) scripts when you want to perform client authentication with your own - CA instance. - - You can view the ingredients of a particular CSR file in plain text - by running the command: - - $ openssl req -noout -text -in .csr - diff --git a/usr.sbin/httpd/conf/ssl.csr/server.csr b/usr.sbin/httpd/conf/ssl.csr/server.csr deleted file mode 100644 index 756b9c0e1cd..00000000000 --- a/usr.sbin/httpd/conf/ssl.csr/server.csr +++ /dev/null @@ -1 +0,0 @@ -THIS FILE HAS TO BE REPLACED BY A REAL SERVER CERTIFICATE SIGNING REQUEST! (SKIPME) diff --git a/usr.sbin/httpd/conf/ssl.key/README.KEY b/usr.sbin/httpd/conf/ssl.key/README.KEY deleted file mode 100644 index 58d657e2680..00000000000 --- a/usr.sbin/httpd/conf/ssl.key/README.KEY +++ /dev/null @@ -1,28 +0,0 @@ - - This is the ssl.key/ directory of Apache/mod_ssl - where PEM-encoded RSA Private Keys for SSL are stored. - - Per default the following files are provided: - - o server.key: - This is the server private key for Apache/mod_ssl, configured with the - SSLCertificateKeyFile directive. Per default this is a dummy file, but may - be overwritten by the `make certificate' target under built-time. - - o snakeoil.key: - This is the private key of the _DEMONSTRATION ONLY_ `Snake Oil' Server. It - corresponds to the dummy server certificate ../ssl.crt/snakeoil.crt. NEVER - USE THIS PRIVATE KEY YOURSELF FOR REAL LIFE! INSTEAD USE A REAL SERVER KEY! - - o snakeoil-ca.key: - This is the private key of the _DEMONSTRATION ONLY_ `Snake Oil' Certificate - Authority. It is used to sign the ../ssl.crt/server.crt on `make - certificate' because self-signed server certificates are not accepted by - all browsers. NEVER USE THIS PRIVATE KEY YOURSELF FOR REAL LIFE! INSTEAD - EITHER USE A PUBLICALLY KNOWN CA OR CREATE YOUR OWN CA! - - You can view the ingredients of a particular private key file in plain text - by running the command (a pass phrase may be queried): - - $ openssl rsa -noout -text -in .key - diff --git a/usr.sbin/httpd/conf/ssl.key/server.key b/usr.sbin/httpd/conf/ssl.key/server.key deleted file mode 100644 index e4578c8530d..00000000000 --- a/usr.sbin/httpd/conf/ssl.key/server.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDzrbZlO0F0s4Ft8IEvExNbK3wVq6HWUltwUNKo+EIRVZMcH53N -jb4+hM3MwVt7HouCPnZFuYhTp8tsdisQiMGTbiR0ad3j+YlC4sy+qAnRVQ/ENC8T -O4GgVNAHs3Dlabvzpb3I8+q+5cQOLds07ZXL5XbGDXqZjW8Rf6E2nJwTWwIDAQAB -AoGBANMgOR3wfz/rn0Jv1J3Cu0yMmo/0Ct40sQDZJgw8PJHkQPdm9UR5gNGOIvk6 -tlYwGtOX5sV2gIVqpjetEpbaxkuTnnqAwO+b1Evql9hw4p7HxiWV8jszd9WzSSBE -JsOSPhfzPcYv14lL+6KFVDU/+p43lm3M58UH6ciNe0t7p4OBAkEA+qbeIaK4JIpl -+ARxjX7RT/ZcF+8vX7T20xUGDYVn2r86bUXmdx1Sa3T51iWiloLpFZuwMxD5irND -mgkGvsBsewJBAPjgwTu6J7nRpOZdfagYXDUVTo5QkPVLca/UlJwIXSyWOiE5T0mk -PPzaHAL95ycTwn6JwVvA6MmwUtiQ0NeBbqECQBY5g4qx9efviZkTM8pbC04uxv2s -TKQM1LHktFOwl4PS3uhfgU7gf7VdeuWdEqyL0QUEd/wfLjE5Me5PjJSPVU8CQQCl -BmMa95Tf4eM13Ug07fI2QKqWM1XrUNtRe+QOkn0102c4IIgyjHTkNLveP/3GK5QL -08wiyweQtRo5/8x7GZgBAkBv2kMIsCUb8ggr+/DsilxEfNty5RyNeNnviRXbLG8B -qFrgJwBemLrvpbAguYLvaZHgrXQN/aptKV0VgGSniYXb ------END RSA PRIVATE KEY----- diff --git a/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-dsa.key b/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-dsa.key deleted file mode 100644 index 89169da7ba7..00000000000 --- a/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-dsa.key +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBuwIBAAKBgQCLn1XX8faMHhtzStp9wY6BVTPuEU9bpMmhrb6vgaNZy4dTe6VS -84p7wGepq5CQjfOL4Hjda+g12xzto8uxBkCDO98Xg9q86CY45HZk+q6GyGOLZSOD -8cQHwh1oUP65s5Tz018OFBzpI3bHxfO6aYelWYziDiFKp1BrUdua+pK4SQIVAPLH -SV9FSz8Z7IHOg1Zr5H82oQOlAoGAWSPWyfVXPAF8h2GDb+cf97k44VkHZ+Rxpe8G -ghlfBn9L3ESWUZNOJMfDLlny7dStYU98VTVNekidYuaBsvyEkFrny7NCUmiuaSnX -4UjtFDkNhX9j5YbCRGLmsc865AT54KRu31O2/dKHLo6NgFPirijHy99HJ4LRY9Z9 -HkXVzswCgYAsjVZYJl5pyLiRK+FfLF6dMI1BCRzyz3/EK4CLh1XjZ5IZCi6bdua9 -YTVwum4w8buOE86P2zC/9Z9tpEpn1Joqf68jgjmzPKNpaO2AiQQC5UkzGzpxEVag -yIzL0FP+WIM0ABLodiyoDkmPydPpllQjnG/O9na5o4gkrgxsqNKQLAIVANDb2WME -cYQBeW7FgeCXtSBf75d/ ------END DSA PRIVATE KEY----- diff --git a/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-rsa.key b/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-rsa.key deleted file mode 100644 index e224be4ebe4..00000000000 --- a/usr.sbin/httpd/conf/ssl.key/snakeoil-ca-rsa.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDYkxgJlqIgdkMd0m8BV8I26lPWcJ3wRORK9YdZDYePOw+/NiPJ -nE/ws8ZrB3ryt4XgSkxJ6PowdMuaePkEoca8mjFFG0aDhn65a1cHP3W8CUM+1Dcq -g5Vp751uKU33VXfvCZQqWBQdt2e25qVFdV8ulRSgWocyIcyE2rsdb7xDywIDAQAB -AoGAEIvUZ08h3dcLM6kTIAgjZ2ypsRVzi5rH0k5F4/DbrX62qkYpn8qYdOxXOXAd -3ZNV4BftEiyBiNgzgf7CD6+IblZUqkc1dUc96AJH16CUXM/favAHhIoSdyhrnAH8 -O9UN1KxlzUpvLDOelbOdL4/4sQ0XXqd9DJcZkeKc4zCi35kCQQD43SlsTDBeO7ae -Ig5qnJ/g2V2V4bPh1xTH7LjxthsksOqPUEt3DgRmRVq+qeDyyxN49V9uFYf8oXDl -1FchPranAkEA3sjny2sxBNIBGtPVLGFl+aukBRkNOdmssVcBudsnigOEL0lbd4Wu -07ok0zeCuAu+yHRYJKY4eqWVGQJ/DtUSPQJBAIqxVuCQJXSe+stuV3J7D28UNN/P -BZ0bbO1utDOhNcdhAZgVO7mCClmk1UnlCwTEwHls5l5HiZ31qyGrEVPpy4kCQDfR -VmIdBTcT9rrmAC8SaB5Z5spwMGQiKaZ1CjWqtwlZQDEozAXyNI9PwBI7gkDikHZg -0AS+sL/p5KVTfsoUkHECQQDWCSgpZ8k7EajS1RWIGH/GcFT/GaKX8yiMIP2S3Atc -nl7yMj8yw+1N503FF0aRwimryXQt/VHVYjtYsSAgNU/i ------END RSA PRIVATE KEY----- diff --git a/usr.sbin/httpd/conf/ssl.key/snakeoil-dsa.key b/usr.sbin/httpd/conf/ssl.key/snakeoil-dsa.key deleted file mode 100644 index 0f78bd0fd57..00000000000 --- a/usr.sbin/httpd/conf/ssl.key/snakeoil-dsa.key +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBuwIBAAKBgQCLn1XX8faMHhtzStp9wY6BVTPuEU9bpMmhrb6vgaNZy4dTe6VS -84p7wGepq5CQjfOL4Hjda+g12xzto8uxBkCDO98Xg9q86CY45HZk+q6GyGOLZSOD -8cQHwh1oUP65s5Tz018OFBzpI3bHxfO6aYelWYziDiFKp1BrUdua+pK4SQIVAPLH -SV9FSz8Z7IHOg1Zr5H82oQOlAoGAWSPWyfVXPAF8h2GDb+cf97k44VkHZ+Rxpe8G -ghlfBn9L3ESWUZNOJMfDLlny7dStYU98VTVNekidYuaBsvyEkFrny7NCUmiuaSnX -4UjtFDkNhX9j5YbCRGLmsc865AT54KRu31O2/dKHLo6NgFPirijHy99HJ4LRY9Z9 -HkXVzswCgYBwBFH2QfK88C6JKW3ah+6cHQ4Deoiltxi627WN5HcQLwkPGn+WtYSZ -jG5tw4tqqogmJ+IP2F/5G6FI2DQP7QDvKNeAU8jXcuijuWo27S2sbhQtXgZRTZvO -jGn89BC0mIHgHQMkI7vz35mx1Skk3VNq3ehwhGCvJlvoeiv2J8X2IQIVAOTRp7zp -En7QlXnXw1s7xXbbuKP0 ------END DSA PRIVATE KEY----- diff --git a/usr.sbin/httpd/conf/ssl.key/snakeoil-rsa.key b/usr.sbin/httpd/conf/ssl.key/snakeoil-rsa.key deleted file mode 100644 index 6e3cbd90485..00000000000 --- a/usr.sbin/httpd/conf/ssl.key/snakeoil-rsa.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQC554Ro+VH0dJONqljPBW+C72MDNGNy9eXnzejXrczsHs3Pc92V -aat6CpIEEGueyG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9zi -Yon8jWsbK2aE+L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImW+Zds8YEFiAwIDAQAB -AoGBAKTvnFGKSkUJnNQGe66I0wunGgCA3W7kbarAzEF2qKYhGlZhJQnn68RmVnAW -pXUFvB+vmtu/+4J9OmWBJsGHFvC9xH32a0PWNr7APjAKrjAD8GWS7Z6BjuxN8QhD -WlFMmpYhYIjT1jt7RNfs2gJGS2Ryu3zutUQGwtUB9Pou03dJAkEA6yttwVINFqQP -utgUZ1JUHrN/rE73FzYsF/CwJp5d3rLHenZzLT0iW+kNDLUw/VpzYxK7bF2Qrt/3 -QIUWwm2InQJBAMpe+jhNMJeLDLc3tG3zeithT0mFkuzWWmT2PJgQ0V78UWhw/fSn -Qqnq7KBY/DNjlfhezrozLDD73/ccmha0Ax8CQQCBaBlyOtNm9QqO116K6HvPlRiZ -Wa6QQEgNOG3GInknFZu9ILcKWsywZNLAfmgh0gcSqnkmDWqTQD0PbOz0Ok/lAkEA -g24JrfUbwOASww9PhDUju/a36rTwhhZ0oKt3EP+jKsBOErmHhZP3bKlhQoZoTOu5 -Y5QXSMChS7LZcwDFZkdE2wJATRgMbhErif+ZRwt9XJRdCo5Sx6ewyGyxjc5gvUyK -KegHcgru/ZC3pGlujRD2LqxgJNAn5QTdW4LK8xVPFySTYg== ------END RSA PRIVATE KEY----- diff --git a/usr.sbin/httpd/conf/ssl.prm/README.PRM b/usr.sbin/httpd/conf/ssl.prm/README.PRM deleted file mode 100644 index af88235122e..00000000000 --- a/usr.sbin/httpd/conf/ssl.prm/README.PRM +++ /dev/null @@ -1,18 +0,0 @@ - - This is the ssl.prm/ directory of Apache/mod_ssl - where public DSA Parameter Files for SSL are stored. - - Per default the following files are provided: - - o snakeoil-ca-dsa.prm: - This is the DSA parameter file of the _DEMONSTRATION ONLY_ `Snake Oil' CA. - - o snakeoil-dsa.prm: - This is the DSA parameter file of the _DEMONSTRATION ONLY_ `Snake Oil' - server. - - You can view the ingredients of a particular parameter file in plain text - by running the command: - - $ openssl dsaparam -noout -text -in .prm - diff --git a/usr.sbin/httpd/conf/ssl.prm/snakeoil-ca-dsa.prm b/usr.sbin/httpd/conf/ssl.prm/snakeoil-ca-dsa.prm deleted file mode 100644 index b498b16a0c7..00000000000 --- a/usr.sbin/httpd/conf/ssl.prm/snakeoil-ca-dsa.prm +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN DSA PARAMETERS----- -MIIBHgKBgQDqP04Jh4QoUWqPJZftxsgLdO54hGmvEYr2o2nqMjO/DbVuujr8QDnV -WNRveEuVdrx6AftCchgIvdJS4LTqfvgOmIwsGYylADmycIRlBVHd5q1ocGldkeEB -iY+cS5yv8ro1x4DRCd0axmhBvTu2BRbippaK7PNALw5xs8eQch0KLQIVAJ8rT8F7 -NqIRASUjy1Bwx701zSIfAoGAT5RMEmjJ4HXOJ0GyIKAesFQhOy3gXXUfV4zXTpSM -z8cQWfTqxLgVjkvZCt6SYcNmpaRnJyrmUdGD2uSwBcMkXj3G/NI/7n1C6ZuBTt1x -6TCQA72nYh0xQaj/kbmhT2wNyONMx/sZO/WPUr0qvu/012FS2YlKtq3wRM4+XHz7 -jY0= ------END DSA PARAMETERS----- diff --git a/usr.sbin/httpd/conf/ssl.prm/snakeoil-dsa.prm b/usr.sbin/httpd/conf/ssl.prm/snakeoil-dsa.prm deleted file mode 100644 index b498b16a0c7..00000000000 --- a/usr.sbin/httpd/conf/ssl.prm/snakeoil-dsa.prm +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN DSA PARAMETERS----- -MIIBHgKBgQDqP04Jh4QoUWqPJZftxsgLdO54hGmvEYr2o2nqMjO/DbVuujr8QDnV -WNRveEuVdrx6AftCchgIvdJS4LTqfvgOmIwsGYylADmycIRlBVHd5q1ocGldkeEB -iY+cS5yv8ro1x4DRCd0axmhBvTu2BRbippaK7PNALw5xs8eQch0KLQIVAJ8rT8F7 -NqIRASUjy1Bwx701zSIfAoGAT5RMEmjJ4HXOJ0GyIKAesFQhOy3gXXUfV4zXTpSM -z8cQWfTqxLgVjkvZCt6SYcNmpaRnJyrmUdGD2uSwBcMkXj3G/NI/7n1C6ZuBTt1x -6TCQA72nYh0xQaj/kbmhT2wNyONMx/sZO/WPUr0qvu/012FS2YlKtq3wRM4+XHz7 -jY0= ------END DSA PARAMETERS----- diff --git a/usr.sbin/httpd/config.layout b/usr.sbin/httpd/config.layout deleted file mode 100644 index f2b037fdfea..00000000000 --- a/usr.sbin/httpd/config.layout +++ /dev/null @@ -1,306 +0,0 @@ -## -## config.layout -- APACI Pre-defined Installation Path Layouts -## -## Hints: -## - layouts can be loaded with APACI's --with-layout=ID option -## - when no --with-layout option is given, the default layout is `Apache' -## - a trailing plus character (`+') on paths is replaced with a -## `/' suffix where is the the argument from -## option --target (defaults to `httpd'). -## - -# Classical Apache path layout. - - prefix: /usr/local/apache - exec_prefix: $prefix - bindir: $exec_prefix/bin - sbindir: $exec_prefix/bin - libexecdir: $exec_prefix/libexec - mandir: $prefix/man - sysconfdir: $prefix/conf - datadir: $prefix - iconsdir: $datadir/icons - htdocsdir: $datadir/htdocs - manualdir: $htdocsdir/manual - cgidir: $datadir/cgi-bin - includedir: $prefix/include - localstatedir: $prefix - runtimedir: $localstatedir/logs - logfiledir: $localstatedir/logs - proxycachedir: $localstatedir/proxy - - -# GNU standards conforming path layout. -# See FSF's GNU project `make-stds' document for details. - - prefix: /usr/local - exec_prefix: $prefix - bindir: $exec_prefix/bin - sbindir: $exec_prefix/sbin - libexecdir: $exec_prefix/libexec - mandir: $prefix/man - sysconfdir: $prefix/etc+ - datadir: $prefix/share+ - iconsdir: $datadir/icons - htdocsdir: $datadir/htdocs - manualdir: $htdocsdir/manual - cgidir: $datadir/cgi-bin - includedir: $prefix/include+ - localstatedir: $prefix/var+ - runtimedir: $localstatedir/run - logfiledir: $localstatedir/log - proxycachedir: $localstatedir/proxy - - -# Apache binary distribution path layout - - prefix: /usr/local/apache - exec_prefix: - bindir: bin - sbindir: bin - libexecdir: libexec - mandir: man - sysconfdir: conf - datadir: - iconsdir: icons - htdocsdir: htdocs - manualdir: $htdocsdir/manual - cgidir: cgi-bin - includedir: include - localstatedir: - runtimedir: logs - logfiledir: logs - proxycachedir: proxy - - -# Mac OS X Server (Rhapsody) - - prefix: /Local/Library/WebServer - exec_prefix: /usr - bindir: $exec_prefix/bin - sbindir: $exec_prefix/sbin - libexecdir: /System/Library/Apache/Modules - mandir: $exec_prefix/share/man - sysconfdir: $prefix/Configuration - datadir: $prefix - iconsdir: /System/Library/Apache/Icons - htdocsdir: $datadir/Documents - manualdir: $htdocsdir/manual - cgidir: $datadir/CGI-Executables - includedir: /System/Library/Frameworks/Apache.framework/Versions/1.3/Headers - localstatedir: /var - runtimedir: $prefix/Logs - logfiledir: $prefix/Logs - proxycachedir: $prefix/ProxyCache - - -# Darwin/Mac OS Layout - - prefix: /usr - exec_prefix: $prefix - bindir: $exec_prefix/bin - sbindir: $exec_prefix/sbin - libexecdir: $exec_prefix/libexec+ - mandir: $prefix/share/man - datadir: /Library/WebServer - sysconfdir: /etc+ - iconsdir: $prefix/share/httpd/icons - htdocsdir: $datadir/Documents - manualdir: $htdocsdir/manual - cgidir: $datadir/CGI-Executables - includedir: $prefix/include+ - localstatedir: /var - runtimedir: $localstatedir/run - logfiledir: $localstatedir/log+ - proxycachedir: $runtimedir/proxy - - -# Red Hat Linux 7.x layout - - prefix: /usr - exec_prefix: $prefix - bindir: $prefix/bin - sbindir: $prefix/sbin - libexecdir: $prefix/lib/apache - mandir: $prefix/man - sysconfdir: /etc/httpd/conf - datadir: /var/www - iconsdir: $datadir/icons - htdocsdir: $datadir/html - manualdir: $datadir/manual - cgidir: $datadir/cgi-bin - includedir: $prefix/include/apache - localstatedir: /var - runtimedir: $localstatedir/run - logfiledir: $localstatedir/log/httpd - proxycachedir: $localstatedir/cache/httpd - - -# According to the /opt filesystem conventions - - prefix: /opt/apache - exec_prefix: $prefix - bindir: $exec_prefix/bin - sbindir: $exec_prefix/sbin - libexecdir: $exec_prefix/libexec - mandir: $prefix/man - sysconfdir: /etc$prefix - datadir: $prefix/share - iconsdir: $datadir/icons - htdocsdir: $datadir/htdocs - manualdir: $htdocsdir/manual - cgidir: $datadir/cgi-bin - includedir: $prefix/include - localstatedir: /var$prefix - runtimedir: $localstatedir/run - logfiledir: $localstatedir/logs - proxycachedir: $localstatedir/proxy - - -# BeOS layout... - - prefix: /boot/home/apache - exec_prefix: $prefix - bindir: $exec_prefix/bin - sbindir: $exec_prefix/bin - libexecdir: $exec_prefix/libexec - mandir: $prefix/man - sysconfdir: $prefix/conf - datadir: $prefix - iconsdir: $datadir/icons - htdocsdir: $datadir/htdocs - manualdir: $htdocsdir/manual - cgidir: $datadir/cgi-bin - includedir: $prefix/include - localstatedir: $prefix - runtimedir: $localstatedir/logs - logfiledir: $localstatedir/logs - proxycachedir: $localstatedir/proxy - - -# SuSE 6.x layout - - prefix: /usr - exec_prefix: $prefix - bindir: $prefix/bin - sbindir: $prefix/sbin - libexecdir: $prefix/lib/apache - mandir: $prefix/man - sysconfdir: /etc/httpd - datadir: /usr/local/httpd - iconsdir: $datadir/icons - htdocsdir: $datadir/htdocs - manualdir: $htdocsdir/manual - cgidir: $datadir/cgi-bin - includedir: $prefix/include/apache - localstatedir: /var - runtimedir: $localstatedir/run - logfiledir: $localstatedir/log/httpd - proxycachedir: $localstatedir/cache/httpd - - -# BSD/OS layout - - prefix: /var/www - exec_prefix: /usr/contrib - bindir: $exec_prefix/bin - sbindir: $exec_prefix/bin - libexecdir: $exec_prefix/libexec/apache - mandir: $exec_prefix/man - sysconfdir: $prefix/conf - datadir: $prefix - iconsdir: $datadir/icons - htdocsdir: $datadir/htdocs - manualdir: $htdocsdir/manual - cgidir: $datadir/cgi-bin - includedir: $exec_prefix/include/apache - localstatedir: /var - runtimedir: $localstatedir/run - logfiledir: $localstatedir/log/httpd - proxycachedir: $localstatedir/proxy - - -# Solaris 8 Layout - - prefix: /usr/apache - exec_prefix: $prefix - bindir: $exec_prefix/bin - sbindir: $exec_prefix/bin - libexecdir: $exec_prefix/libexec - mandir: $exec_prefix/man - sysconfdir: /etc/apache - datadir: /var/apache - iconsdir: $datadir/icons - htdocsdir: $datadir/htdocs - manualdir: $htdocsdir/manual - cgidir: $datadir/cgi-bin - includedir: $exec_prefix/include - localstatedir: $prefix - runtimedir: /var/run - logfiledir: $datadir/logs - proxycachedir: $datadir/proxy - - -# FreeBSD layout... - - prefix: /usr/local - exec_prefix: $prefix - bindir: $exec_prefix/bin - sbindir: $exec_prefix/sbin - libexecdir: $exec_prefix/libexec/apache - mandir: $prefix/man - sysconfdir: $prefix/etc/apache - datadir: $prefix/www - iconsdir: $datadir/icons - htdocsdir: $datadir/data - manualdir: $prefix/share/doc/apache - cgidir: $datadir/cgi-bin - includedir: $prefix/include/apache - localstatedir: /var - runtimedir: $localstatedir/run - logfiledir: $localstatedir/log - proxycachedir: $datadir/proxy - - -# OpenBSD Layout - - prefix: /var/www - exec_prefix: /usr - bindir: $exec_prefix/bin - sbindir: $exec_prefix/sbin - libexecdir: $exec_prefix/lib/apache/modules - mandir: $exec_prefix/share/man - sysconfdir: $prefix/conf - datadir: $prefix - iconsdir: $prefix/icons - htdocsdir: $prefix/htdocs - manualdir: $exec_prefix/share/doc/html/httpd - cgidir: $prefix/cgi-bin - includedir: $exec_prefix/lib/apache/include - localstatedir: $prefix - runtimedir: $prefix/logs - logfiledir: $prefix/logs - proxycachedir: $prefix/proxy - - -# Cygwin 1.x layout - - prefix: /usr - exec_prefix: $prefix - bindir: $prefix/bin - sbindir: $prefix/sbin - libexecdir: $prefix/lib/apache - mandir: $prefix/man - sysconfdir: /etc/apache - datadir: /var/www - iconsdir: $datadir/icons - htdocsdir: $datadir/htdocs - manualdir: $htdocsdir/manual - cgidir: $datadir/cgi-bin - includedir: $prefix/include/apache - localstatedir: /var - runtimedir: $localstatedir/run - logfiledir: $localstatedir/log/apache - proxycachedir: $localstatedir/cache/apache - - diff --git a/usr.sbin/httpd/configure b/usr.sbin/httpd/configure deleted file mode 100644 index 07d97301293..00000000000 --- a/usr.sbin/httpd/configure +++ /dev/null @@ -1,1637 +0,0 @@ -#!/bin/sh -## ==================================================================== -## The Apache Software License, Version 1.1 -## -## Copyright (c) 2000-2003 The Apache Software Foundation. All rights -## reserved. -## -## Redistribution and use in source and binary forms, with or without -## modification, are permitted provided that the following conditions -## are met: -## -## 1. Redistributions of source code must retain the above copyright -## notice, this list of conditions and the following disclaimer. -## -## 2. Redistributions in binary form must reproduce the above copyright -## notice, this list of conditions and the following disclaimer in -## the documentation and/or other materials provided with the -## distribution. -## -## 3. The end-user documentation included with the redistribution, -## if any, must include the following acknowledgment: -## "This product includes software developed by the -## Apache Software Foundation (http://www.apache.org/)." -## Alternately, this acknowledgment may appear in the software itself, -## if and wherever such third-party acknowledgments normally appear. -## -## 4. The names "Apache" and "Apache Software Foundation" must -## not be used to endorse or promote products derived from this -## software without prior written permission. For written -## permission, please contact apache@apache.org. -## -## 5. Products derived from this software may not be called "Apache", -## nor may "Apache" appear in their name, without prior written -## permission of the Apache Software Foundation. -## -## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED -## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -## DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR -## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF -## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT -## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -## SUCH DAMAGE. -## ==================================================================== -## -## This software consists of voluntary contributions made by many -## individuals on behalf of the Apache Software Foundation. For more -## information on the Apache Software Foundation, please see -## . -## -## Portions of this software are based upon public domain software -## originally written at the National Center for Supercomputing Applications, -## University of Illinois, Urbana-Champaign. -## - -## -## configure -- Apache Autoconf-style Interface (APACI) -## -## Initially written by Ralf S. Engelschall -## - -## Force SSL_BASE=SYSTEM -SSL_BASE=SYSTEM -export SSL_BASE - -# default input separator chars: -DIFS=' -' - -## -## avoid brain dead shells on Ultrix and friends -## -if [ -f /bin/sh5 ]; then - if [ ".$APACI_SH5_UPGRADE_STEP" != .done ]; then - APACI_SH5_UPGRADE_STEP=done - export APACI_SH5_UPGRADE_STEP - exec /bin/sh5 $0 "$@" - fi -fi - -## -## the paths to the Apache source tree -## -top=. -mkf=Makefile -src=src -aux=src/helpers -sedsubst=src/.apaci.sedsubst -addconf=src/.apaci.addconf -tplconf=src/.apaci.tplconf -pldconf=src/.apaci.pldconf -configlayout=config.layout -configstatus=config.status -shadow='' - -## -## pre-determine runtime modes -## -help=no -quiet=no -verbose=no -case "$*" in - --help|*--help|*--help* ) - help=yes; quiet=yes - echo "[hang on a moment, generating help]" - echo "" - ;; - --quiet|*--quiet|*--quiet* ) - quiet=yes - ;; - --verbose|*--verbose|*--verbose*|-v|*-v|*-v* ) - verbose=yes - ;; - * ) - ;; -esac - -## -## determine platform id -## -PLATFORM="`sh $aux/GuessOS`" - -## -## display version information -## -if [ "x$quiet" = "xno" ]; then - APV=`cat $src/include/httpd.h |\ - grep "#define SERVER_BASEREVISION" |\ - sed -e 's/^[^"]*"//' -e 's/".*$//' -e 's/^\///'` - echo "Configuring for Apache, Version $APV" -fi - -## -## important hint for the first-time users -## -if [ $# -eq 0 ]; then - echo " + Warning: Configuring Apache with default settings." - echo " + This is probably not what you really want." - echo " + Please read the README.configure and INSTALL files" - echo " + first or at least run '$0 --help' for" - echo " + a compact summary of available options." -fi - -## -## -## determine path to (optional) Perl interpreter -## -PERL=no-perl-on-this-system -perlpath="`sh $aux/PrintPath perl5 perl miniperl`" -if [ "x$perlpath" != "x" ]; then - PERL="$perlpath" -fi - -## -## look for deadly broken echo commands which interpret escape -## sequences `\XX' *per default*. For those we first try the -E option -## and if it then is still broken we give a warning message. -## If it works set the `Safe Echo Option' (SEO) variable. -## -SEO='' # CHANGE THIS VARIABLE HERE IF YOU HAVE PROBLEMS WITH ECHO! -bytes=`echo $SEO '\1' | wc -c | awk '{ printf("%s", $1); }'` -if [ "x$bytes" != "x3" ]; then - bytes=`echo -E '\1' | wc -c | awk '{ printf("%s", $1); }'` - if [ "x$bytes" != "x3" ]; then - echo " + Warning: Your 'echo' command is slightly broken." - echo " + It interprets escape sequences per default. We already" - echo " + tried 'echo -E' but had no real success. If errors occur" - echo " + please set the SEO variable in 'configure' manually to" - echo " + the required 'echo' options, i.e. those which force your" - echo " + 'echo' to not interpret escape sequences per default." - else - SEO='-E' - fi -fi - -## -## look for the best Awk we can find because some -## standard Awks are really braindead and cause -## problems for our scripts under some platforms. -## -AWK=awk -awkpath="`sh $aux/PrintPath nawk gawk awk`" -if [ "x$awkpath" != "x" ]; then - AWK="$awkpath" -fi - -## -## Look for a good Tar. If we don't find 'GNU tar' then make -## sure ours can handle the '-h' (don't copy symlink, copy -## the actual data) option. -## -TAR=tar -tarpath="`sh $aux/PrintPath gtar gnutar tar`" -if [ "x$tarpath" != "x" ]; then - TAR="$tarpath" -fi -case "`$TAR -tf /dev/null --version 2>/dev/null`" in - *GNU*) TAROPT="-hcf" ;; - *) if $TAR -hcf - Makefile.tmpl > /dev/null 2>&1 - then - TAROPT="-hcf" - else - TAROPT="-cf" - fi - ;; -esac - -## -## Request USTAR format for tar files on OS/390 -## Request that prelink step be used for 390 -## -case $PLATFORM in - *-IBM-OS390*) - TAROPT="${TAROPT}U" - ;; -esac - -## -## determine path to sh, it's not /bin/sh on ALL systems -## -SHELL=/bin/sh -if [ ! -f "$SHELL" ]; then - SHELL="`sh $aux/PrintPath sh`" - if [ "x$SHELL" = "x" ]; then - echo "configure:Error: Cannot determine path to Bourne-Shell" 1>&2 - exit 1 - fi -fi - -## -## determine default parameters -## - -# default paths -prefix=UNSET - -# layout configuration -with_layout=0 -show_layout=0 - -# suexec defaults -suexec=0 -suexec_ok=0 -suexec_docroot='$datadir/htdocs' -suexec_logexec='$logfiledir/suexec_log' -suexec_caller=www -suexec_userdir=public_html -suexec_uidmin=100 -suexec_gidmin=100 -suexec_safepath="/usr/local/bin:/usr/bin:/bin" -# if the umask is undefined, we don't change it -#suexec_umask=0755 - -# the installation flags -iflags_program="-m 755 -s" -iflags_core="-m 755" -iflags_dso="-m 755" -iflags_script="-m 755" -iflags_data="-m 644" - -# ssl defaults -ssl=0 - -# various other flags -support=1 -confadjust=1 -permute='' - -# determine rules -rules='' -rulelist='' -OIFS="$IFS" -IFS=' -' -for rule in `grep '^Rule' $src/Configuration.tmpl`; do - rule=`echo "$rule" | sed -e 's/^Rule[ ]*//'` - name=`echo "$rule" | sed -e 's/=.*$//'` - namelow=`echo "$name" | tr '[A-Z]' '[a-z]'` - arg=`echo "$rule" | sed -e 's/^.*=//'` - eval "rule_$namelow=$arg" - rules="$rules:$namelow" - rulelist="$rulelist:$name=$arg" -done -IFS="$OIFS" -rules=`echo $rules | sed -e 's/^://'` - -# determine modules -modules='' -modulelist='' -OIFS="$IFS" -IFS=' -' -for module in `egrep '^[# ]*(Add|Shared)Module' $src/Configuration.tmpl`; do - add=yes - share=no - if [ "x`echo $module | grep '^#'`" != "x" ]; then - add=no - fi - if [ "x`echo $module | grep 'SharedModule'`" != "x" ]; then - share=yes - fi - module=`echo "$module" |\ - sed -e 's%^.*/\(.*\)$%\1%' \ - -e 's/\.[oa]$//' \ - -e 's/\.module$//' \ - -e 's/^mod_//' \ - -e 's/^lib//'` - eval "module_$module=$add" - eval "shared_$module=$share" - modules="${modules}:$module" - modulelist="${modulelist}:$module=$add" - if [ "x$share" = "xyes" ]; then - modulelist="${modulelist}*" - fi -done -IFS="$OIFS" -modules=`echo $modules | sed -e 's/^://'` - -# backward compatibility for old src/Configuration.tmpl -# parameter names to the canonical Autoconf-style shell -# variable names. -OIFS="$IFS" -IFS="$DIFS" -for var in CFLAGS LDFLAGS LIBS INCLUDES DEPS; do - eval "val=\$EXTRA_$var" - if [ "x$val" != "x" ]; then - eval "$var=\$val" - eval "EXTRA_$var=\"\"; export EXTRA_$var" - echo " + Hint: please use $var instead of EXTRA_$var next time" - fi -done -IFS="$OIFS" - -## -## Platform-specific defaults -## -case $PLATFORM in - *-apple-rhapsody*) - default_layout="Mac OS X Server" - iflags_core="${iflags_core} -S \"-S\"" - iflags_dso="${iflags_dso} -S \"-S\"" - ;; - *-apple-darwin*) - default_layout="Darwin" - iflags_core="${iflags_core} -S \"-S\"" - iflags_dso="${iflags_dso} -S \"-S\"" - ;; - *OS/2* ) - default_layout="Apache" - iflags_program="${iflags_program} -e .exe" - iflags_core="${iflags_core} -e .exe" - ;; - *MPE/iX* ) - default_layout="Apache" - iflags_program="-m 755" - ;; - *) - default_layout="Apache" - ;; -esac - -## -## support for the default layout -## -case "$*" in - *--with-layout=* ) - ;; - * ) - if [ "x$*" = "x" ]; then - set -- --with-layout="$default_layout" - else - set -- --with-layout="$default_layout" "$@" - fi - ;; -esac - -## -## Initialize server user ID and group ID variables -## -conf_user="" -conf_group="" - -## -## Iterate over the command line options the first time. -## -## This time we pre-process options which need high priority -## on the command line independent of their position, so they -## can be overridden by others. -## -apc_prev='' -OIFS1="$IFS" -IFS="$DIFS" -for apc_option -do - # if previous option needs an argument, assign it. - if [ "x$apc_prev" != "x" ]; then - eval "$apc_prev=\$apc_option" - apc_prev="" - continue - fi - # split out arguments - case "$apc_option" in - -*=*) apc_optarg=`echo "$apc_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) apc_optarg= ;; - esac - # pre-process only a few options now - case "$apc_option" in - --help | -h | -help ) - echo "Usage: configure [options]" - echo "Options: [defaults in brackets after descriptions]" - echo "General options:" - echo " --quiet, --silent do not print messages" - echo " --verbose, -v print even more messages" - echo " --shadow[=DIR] switch to a shadow tree (under DIR) for building" - echo "" - echo "Stand-alone options:" - echo " --help, -h print this message" - echo " --show-layout print installation path layout (check and debug)" - echo "" - echo "Installation layout options:" - echo " --with-layout=[F:]ID use installation path layout ID (from file F)" - echo " --target=TARGET install name-associated files using basename TARGET" - echo " --prefix=PREFIX install architecture-independent files in PREFIX" - echo " --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX" - echo " --bindir=DIR install user executables in DIR" - echo " --sbindir=DIR install sysadmin executables in DIR" - echo " --libexecdir=DIR install program executables in DIR" - echo " --mandir=DIR install manual pages in DIR" - echo " --sysconfdir=DIR install configuration files in DIR" - echo " --datadir=DIR install read-only data files in DIR" - echo " --iconsdir=DIR install read-only icon files in DIR" - echo " --htdocsdir=DIR install read-only welcome pages in DIR" - echo " --manualdir=DIR install read-only on-line documentation in DIR" - echo " --cgidir=DIR install read-only cgi files in DIR" - echo " --includedir=DIR install includes files in DIR" - echo " --localstatedir=DIR install modifiable data files in DIR" - echo " --runtimedir=DIR install runtime data in DIR" - echo " --logfiledir=DIR install logfile data in DIR" - echo " --proxycachedir=DIR install proxy cache data in DIR" - echo "" - echo "Configuration options:" - echo " --enable-rule=NAME enable a particular Rule named 'NAME'" - echo " --disable-rule=NAME disable a particular Rule named 'NAME'" - $aux/ppl.sh $rulelist - echo " --add-module=FILE on-the-fly copy & activate a 3rd-party Module" - echo " --activate-module=FILE on-the-fly activate existing 3rd-party Module" - echo " --permute-module=N1:N2 on-the-fly permute module 'N1' with module 'N2'" - echo " --enable-module=NAME enable a particular Module named 'NAME'" - echo " --disable-module=NAME disable a particular Module named 'NAME'" - $aux/ppl.sh $modulelist - echo " --enable-shared=NAME enable build of Module named 'NAME' as a DSO" - echo " --disable-shared=NAME disable build of Module named 'NAME' as a DSO" - echo " --with-perl=FILE path to the optional Perl interpreter" - echo " --with-port=PORT set the port number for httpd.conf" - echo " --without-support disable the build and installation of support tools" - echo " --without-confadjust disable the user/situation adjustments in config" - echo " --without-execstrip disable the stripping of executables on installation" - echo " --server-uid=UID set the user ID the web server should run as [nobody]" - echo " --server-gid=GID set the group ID the web server UID is a memeber of [#-1]" - echo "" - echo "suEXEC options:" - echo " --enable-suexec enable the suEXEC feature" - echo " --suexec-caller=NAME set the suEXEC username of the allowed caller [$suexec_caller]" - echo " --suexec-docroot=DIR set the suEXEC root directory [PREFIX/share/htdocs]" - echo " --suexec-logfile=FILE set the suEXEC logfile [PREFIX/var/log/suexec_log]" - echo " --suexec-userdir=DIR set the suEXEC user subdirectory [$suexec_userdir]" - echo " --suexec-uidmin=UID set the suEXEC minimal allowed UID [$suexec_uidmin]" - echo " --suexec-gidmin=GID set the suEXEC minimal allowed GID [$suexec_gidmin]" - echo " --suexec-safepath=PATH set the suEXEC safe PATH [$suexec_safepath]" - echo " --suexec-umask=UMASK set the umask for the suEXEC'd script [server's umask]" - echo "" - echo "Deprecated options:" - echo " --layout backward compat only: use --show-layout" - echo " --compat backward compat only: use --with-layout=Apache" - exit 0 - ;; - --with-layout=*|--compat) - if [ "x$apc_option" = "x--compat" ]; then - apc_optarg="Apache" - fi - case $apc_optarg in - *:* ) - file=`echo $apc_optarg | sed -e 's/:.*//'` - name=`echo $apc_optarg | sed -e 's/.*://'` - ;; - * ) - name=$apc_optarg - file=$configlayout - ;; - esac - if [ ! -f "$file" ]; then - echo "configure:Error: Path layout definition file $file not found" 1>&2 - exit 1 - fi - (echo ''; cat $file; echo '') |\ - sed -e "1,/[ ]*<[Ll]ayout[ ]*$name[ ]*>[ ]*/d" \ - -e '/[ ]*<\/Layout>[ ]*/,$d' \ - -e "s/^[ ]*//g" \ - -e "s/:[ ]*/=\'/g" \ - -e "s/[ ]*$/'/g" \ - >$pldconf - . $pldconf - OOIFS="$IFS" # most likely not needed: jmj - IFS="$DIFS" # ditto - for var in prefix exec_prefix bindir sbindir libexecdir mandir \ - sysconfdir datadir iconsdir htdocsdir manualdir cgidir \ - includedir localstatedir runtimedir logfiledir \ - proxycachedir; do - eval "val=\"\$$var\"" - case $val in - *+ ) - val=`echo $val | sed -e 's;\+$;;'` - eval "$var=\"\$val\"" - eval "autosuffix_$var=yes" - ;; - * ) - eval "autosuffix_$var=no" - ;; - esac - done - IFS="$OOIFS" - rm -f $pldconf 2>/dev/null - if [ "x$prefix" = "xUNSET" ]; then - echo "configure:Error: Path layout definition not found or incorrect" 1>&2 - exit 1 - fi - if [ "x$quiet" = "xno" ]; then - echo " + using installation path layout: $name ($file)" - fi - name_layout=$name - with_layout=1 - ;; - *) - ;; - esac -done - -## -## Iterate over the command line options the second time. -## -## This time we parse the standard options. -## -addconf_created=0 -apc_prev='' -for apc_option -do - # if previous option needs an argument, assign it. - if [ "x$apc_prev" != "x" ]; then - eval "$apc_prev=\$apc_option" - apc_prev="" - continue - fi - # split out arguments - case "$apc_option" in - -*=*) apc_optarg=`echo "$apc_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) apc_optarg= ;; - esac - # accept only the most important GNU Autoconf-style options - case "$apc_option" in - --help|-h|-help|--with-layout=*|-compat) - # just ignore already parsed options - ;; - --quiet | --silent) - quiet=yes - ;; - --verbose | -v) - verbose=yes - ;; - --shadow*) - # if we use an external shadow tree, first shadow all of ourself - # to this tree and switch over to to it for internal (=platform) - # shadowing... - case "$apc_option" in - --shadow=*) - shadow="$apc_optarg" - if [ "x$quiet" = "xno" ]; then - echo " + creating external package shadow tree ($shadow)" - fi - rm -rf $shadow 2>/dev/null - $aux/mkshadow.sh . $shadow - for file in $mkf $sedsubst $addconf $tplconf $pldconf $configstatus; do - rm -f $shadow/$file 2>/dev/null - done - if [ "x$quiet" = "xno" ]; then - echo " + switching to external package shadow tree ($shadow)" - fi - cd $shadow - ;; - esac - # determine GNU platform triple - gnutriple=`echo "$PLATFORM" | sed -e 's:/:-:g' | $AWK '{ printf("%s",$1); }'` - # create Makefile wrapper (the first time only) - if [ "x`ls $top/src.* 2>/dev/null`" = "x" ]; then - if [ "x$quiet" = "xno" ]; then - echo " + creating Makefile (shadow wrapper)" - fi - echo "##" > Makefile - echo "## Apache Makefile (shadow wrapper)" >> Makefile - echo "##" >> Makefile - echo "" >> Makefile - if [ "x$shadow" != "x" ]; then - echo "SHADOW=$shadow" >> Makefile - else - echo "SHADOW=." >> Makefile - fi - # (the use of `awk' and not `$AWK' here is correct, because this - # Makefile is for platform bootstrapping, so don't hardcode paths) - echo "GNUTRIPLE=\`$aux/GuessOS | sed -e 's:/:-:g' | awk '{ printf(\"%s\",\$\$1); }'\`" >> Makefile - echo "" >> Makefile - echo "all build install install-quiet clean distclean:" >> Makefile - echo " @cd \$(SHADOW); \$(MAKE) -f Makefile.\$(GNUTRIPLE) \$(MFLAGS) \$@" >> Makefile - echo "" >> Makefile - fi - # set shadow paths - shadowmkf="Makefile.$gnutriple" - shadowsrc="src.$gnutriple" - shadowaux="src.$gnutriple/helpers" - shadowsedsubst="src.$gnutriple/.apaci.sedsubst" - shadowaddconf="src.$gnutriple/.apaci.addconf" - shadowtplconf="src.$gnutriple/.apaci.tplconf" - # (re)create shadow tree - if [ "x$quiet" = "xno" ]; then - echo " + creating internal platform shadow tree ($shadowsrc)" - fi - rm -rf $shadowsrc - $aux/mkshadow.sh $src $shadowsrc - # delegate us to the shadow paths - mkf=$shadowmkf - src=$shadowsrc - aux=$shadowaux - sedsubst=$shadowsedsubst - addconf=$shadowaddconf - tplconf=$shadowtplconf - ;; - --show-layout|--layout) - show_layout=1 - ;; - --target=*) - TARGET="$apc_optarg" - ;; - --prefix=*) - prefix="$apc_optarg" - autosuffix_prefix=no - ;; - --exec-prefix=*) - exec_prefix="$apc_optarg" - autosuffix_exec_prefix=no - ;; - --bindir=*) - bindir="$apc_optarg" - autosuffix_bindir=no - ;; - --sbindir=*) - sbindir="$apc_optarg" - autosuffix_sbindir=no - ;; - --libexecdir=*) - libexecdir="$apc_optarg" - autosuffix_libexecdir=no - ;; - --mandir=*) - mandir="$apc_optarg" - autosuffix_mandir=no - ;; - --sysconfdir=*) - sysconfdir="$apc_optarg" - autosuffix_sysconfdir=no - ;; - --datadir=*) - datadir="$apc_optarg" - autosuffix_datadir=no - ;; - --iconsdir=*) - iconsdir="$apc_optarg" - autosuffix_iconsdir=no - ;; - --htdocsdir=*) - htdocsdir="$apc_optarg" - autosuffix_htdocsdir=no - ;; - --manualdir=*) - manualdir="$apc_optarg" - autosuffix_manualdir=no - ;; - --cgidir=*) - cgidir="$apc_optarg" - autosuffix_cgidir=no - ;; - --includedir=*) - includedir="$apc_optarg" - autosuffix_includedir=no - ;; - --localstatedir=*) - localstatedir="$apc_optarg" - autosuffix_localstatedir=no - ;; - --runtimedir=*) - runtimedir="$apc_optarg" - autosuffix_runtimedir=no - ;; - --logfiledir=*) - logfiledir="$apc_optarg" - autosuffix_logfiledir=no - ;; - --proxycachedir=*) - proxycachedir="$apc_optarg" - autosuffix_proxycachedir=no - ;; - --add-module=*) - file="$apc_optarg" - if [ "x`echo $file | egrep '/?mod_[a-zA-Z0-9][a-zA-Z0-9_]*\.c$'`" = "x" ]; then - echo "configure:Error: Module filename doesn't match '/?mod_[a-zA-Z0-9][a-zA-Z0-9_]*\.c'" 1>&2 - exit 1 - fi - if [ ! -f $file ]; then - echo "configure:Error: Module source $file not found" 1>&2 - exit 1 - fi - modfilec=`echo $file | sed -e 's;^.*/;;'` - modfileo=`echo $file | sed -e 's;^.*/;;' -e 's;\.c$;.o;'` - if [ "x$file" != "x$src/modules/extra/$modfilec" ]; then - cp $file $src/modules/extra/$modfilec - fi - if [ "x$addconf_created" = "x0" ]; then - addconf_created=1 - rm -f $addconf 2>/dev/null - touch $addconf 2>/dev/null - fi - echo "" >>$addconf - echo "## On-the-fly added module" >>$addconf - echo "## (configure --add-module=$file)" >>$addconf - echo "AddModule modules/extra/$modfileo" >>$addconf - module=`echo "$modfileo" |\ - sed -e 's%^.*/\(.*\)$%\1%' \ - -e 's/\.[^.]*$//' \ - -e 's/^mod_//' \ - -e 's/^lib//'` - eval "module_$module=yes" - eval "shared_$module=no" - modules="${modules}:$module" - modulelist="${modulelist}:$module=yes" - if [ "x$quiet" = "xno" ]; then - echo " + on-the-fly added and activated $module module (modules/extra/$modfileo)" - fi - ;; - --activate-module=*) - file="$apc_optarg" - case $file in - src/modules/* ) ;; - *) echo "configure:Error: Module source already has to be below src/modules/ to be activated" 1>&2 - exit 1 - ;; - esac - modfile=`echo $file | sed -e 's;^src/;;'` - if [ "x$addconf_created" = "x0" ]; then - addconf_created=1 - rm -f $addconf 2>/dev/null - touch $addconf 2>/dev/null - fi - echo "" >>$addconf - echo "## On-the-fly activated module" >>$addconf - echo "## (configure --activate-module=$file)" >>$addconf - echo "AddModule $modfile" >>$addconf - module=`echo "$modfile" |\ - sed -e 's%^.*/\(.*\)$%\1%' \ - -e 's/\.[^.]*$//' \ - -e 's/^mod_//' \ - -e 's/^lib//'` - eval "module_$module=yes" - eval "shared_$module=no" - modules="${modules}:$module" - modulelist="${modulelist}:$module=yes" - if [ "x$quiet" = "xno" ]; then - echo " + activated $module module ($modfile)" - fi - ;; - --enable-*) - apc_feature=`echo $apc_option | sed -e 's/-*enable-//' -e 's/=.*//'` - apc_feature=`echo $apc_feature | sed 's/-/_/g'` - case "$apc_option" in - *=*) ;; - *) apc_optarg=yes ;; - esac - case "$apc_feature" in - rule ) - apc_optarg=`echo "$apc_optarg" | tr '[A-Z]' '[a-z]'` - apc_optarg_real=`echo "$apc_optarg" | tr '[a-z]' '[A-Z]'` - eval "exists=\$rule_${apc_optarg}" - if [ "x$exists" = "x" ]; then - echo "configure:Error: No such rule named '${apc_optarg_real}'" 1>&2 - exit 1 - fi - eval "rule_${apc_optarg}=yes" - ;; - module ) - case $apc_optarg in - all ) - OOIFS="$IFS" - IFS=':' - for module in $modules; do - eval "module_${module}=yes" - done - IFS="$OOIFS" - module_auth_digest=no # conflict with mod_digest - ;; - most ) - OOIFS="$IFS" - IFS=':' - for module in $modules; do - eval "module_${module}=yes" - done - IFS="$OOIFS" - module_auth_db=no # not all platforms have -ldb - module_mmap_static=no # not all platforms have mmap() - module_so=no # not all platforms have dlopen() - module_example=no # only for developers - module_auth_digest=no # conflict with mod_digest - module_log_agent=no # deprecated - module_log_referer=no # deprecated - ;; - * ) - eval "exists=\$module_${apc_optarg}" - if [ "x$exists" = "x" ]; then - echo "configure:Error: No such module named '${apc_optarg}'" 1>&2 - exit 1 - fi - eval "module_${apc_optarg}=yes" - ;; - esac - ;; - shared ) - case $apc_optarg in - max ) - OOIFS="$IFS" - IFS=':' - for module in $modules; do - eval "shared_${module}=yes" - done - IFS="$OOIFS" - shared_so=no # because of bootstrapping - ;; - remain ) - OOIFS="$IFS" - IFS=':' - for module in $modules; do - eval "add=\$module_${module}" - if [ "x$add" = "xno" ]; then - eval "module_${module}=yes" - eval "shared_${module}=yes" - fi - done - IFS="$OOIFS" - shared_so=no - ;; - * ) - eval "exists=\$module_${apc_optarg}" - if [ "x$exists" = "x" ]; then - echo "configure:Error: No such module named '${apc_optarg}'" 1>&2 - exit 1 - fi - eval "shared_${apc_optarg}=yes" - ;; - esac - ;; - suexec ) - suexec=1 - ;; - * ) - echo "configure:Error: invalid option '$apc_option'" 1>&2 - exit 1 - ;; - esac - ;; - --disable-*) - apc_feature=`echo $apc_option | sed -e 's/-*disable-//' -e 's/=.*//'` - apc_feature=`echo $apc_feature| sed 's/-/_/g'` - case "$apc_option" in - *=*) ;; - *) apc_optarg=yes ;; - esac - case "$apc_feature" in - rule ) - apc_optarg=`echo "$apc_optarg" | tr '[A-Z]' '[a-z]'` - apc_optarg_real=`echo "$apc_optarg" | tr '[a-z]' '[A-Z]'` - eval "exists=\$rule_${apc_optarg}" - if [ "x$exists" = "x" ]; then - echo "configure:Error: No such rule named '${apc_optarg_real}'" 1>&2 - exit 1 - fi - eval "rule_${apc_optarg}=no" - ;; - module ) - case $apc_optarg in - all ) - OOIFS="$IFS" - IFS=':' - for module in $modules; do - eval "module_${module}=no" - done - IFS="$OOIFS" - ;; - * ) - eval "exists=\$module_${apc_optarg}" - if [ "x$exists" = "x" ]; then - echo "configure:Error: No such module named '${apc_optarg}'" 1>&2 - exit 1 - fi - eval "module_${apc_optarg}=no" - ;; - esac - ;; - shared ) - case $apc_optarg in - all ) - OOIFS="$IFS" - IFS=':' - for module in $modules; do - eval "shared_${module}=no" - done - IFS="$OOIFS" - ;; - * ) - eval "exists=\$module_${apc_optarg}" - if [ "x$exists" = "x" ]; then - echo "configure:Error: No such module named '${apc_optarg}'" 1>&2 - exit 1 - fi - eval "shared_${apc_optarg}=no" - ;; - esac - ;; - * ) - echo "configure:Error: invalid option '$apc_option'" 1>&2 - exit 1 - ;; - esac - ;; - --permute-module=*:*) - mod1=`echo $apc_optarg | sed -e 's/:.*//'` - mod2=`echo $apc_optarg | sed -e 's/.*://'` - for mod in $mod1 $mod2; do - case $mod in - BEGIN|END) - ;; - *) eval "exists=\$module_${mod}" - if [ "x$exists" = "x" ]; then - echo "configure:Error: No such module named '${mod}'" 1>&2 - exit 1 - fi - ;; - esac - done - case $mod1:$mod2 in - BEGIN:END|*:BEGIN|END:*) - echo "configure:Error: Invalid combination of pseudo module identifiers" 1>&2 - exit 1 - ;; - esac - permute="${permute},${mod1}:${mod2}" - ;; - --with-perl=*) - PERL="$apc_optarg" - ;; - --with-port=*) - port="$apc_optarg" - ;; - --without-support) - support=0 - ;; - --without-confadjust) - confadjust=0 - ;; - --without-execstrip) - iflags_program=`echo "$iflags_program" | sed -e 's/-s//'` - ;; - --suexec-caller=*) - suexec_caller="$apc_optarg" - suexec_ok=1 - ;; - --suexec-docroot=*) - suexec_docroot="$apc_optarg" - suexec_ok=1 - ;; - --suexec-logfile=*) - suexec_logexec="$apc_optarg" - suexec_ok=1 - ;; - --suexec-userdir=*) - suexec_userdir="$apc_optarg" - suexec_ok=1 - ;; - --suexec-uidmin=*) - suexec_uidmin="$apc_optarg" - suexec_ok=1 - ;; - --suexec-gidmin=*) - suexec_gidmin="$apc_optarg" - suexec_ok=1 - ;; - --suexec-safepath=*) - suexec_safepath="$apc_optarg" - suexec_ok=1 - ;; - --suexec-umask=*) - suexec_umask_val="$apc_optarg" - suexec_umask="-DSUEXEC_UMASK=0$apc_optarg" - suexec_ok=1 - ;; - --server-uid=*) - conf_user="$apc_optarg" - # protect the '#' against interpretation as comment - case x"${conf_user}" in - "#"*) conf_user="\\\\${conf_user}";; - "\\#"*)conf_user="\\${conf_user}";; - esac - ;; - --server-gid=*) - conf_group="$apc_optarg" - # protect the '#' against interpretation as comment - case x"${conf_group}" in - "#"*) conf_group="\\\\${conf_group}";; - "\\#"*)conf_group="\\${conf_group}";; - esac - ;; - * ) - echo "configure:Error: invalid option '$apc_option'" 1>&2 - exit 1 - ;; - esac -done -IFS="$OIFS1" -if [ "x$apc_prev" != "x" ]; then - echo "configure:Error: missing argument to --`echo $apc_prev | sed 's/_/-/g'`" 1>&2 - exit 1 -fi -if [ "x$addconf_created" = "x0" ]; then - rm -f $addconf 2>/dev/null - touch $addconf 2>/dev/null -fi - -## -## create a config status script for restoring -## the configuration via a simple shell script -## -rm -f $configstatus 2>/dev/null -echo "#!/bin/sh" >$configstatus -echo "##" >>$configstatus -echo "## $configstatus -- APACI auto-generated configuration restore script" >>$configstatus -echo "##" >>$configstatus -echo "## Use this shell script to re-run the APACI configure script for" >>$configstatus -echo "## restoring your configuration. Additional parameters can be supplied." >>$configstatus -echo "##" >>$configstatus -echo "" >>$configstatus -for var in CC CPP OPTIM CFLAGS CFLAGS_SHLIB LDFLAGS LD_SHLIB LDFLAGS_SHLIB \ - LDFLAGS_SHLIB_EXPORT LIBS INCLUDES RANLIB DEPS TARGET EAPI_MM SSL_BASE; do - eval "val=\"\$$var\"" - if [ "x$val" != "x" ]; then - echo "$var=$val" |\ - sed -e 's:\(["$\\]\):\\\1:g' \ - -e 's:\([A-Z]*=\):\1":' \ - -e 's:$:" \\:' >>$configstatus - fi -done -echo $SEO "${SHELL} ./configure \\" >>$configstatus -for arg -do - echo "$arg" |\ - sed -e 's:\(["$\\]\):\\\1:g' \ - -e 's:^:":' \ - -e 's:$:" \\:' >>$configstatus -done -echo '"$@"' >>$configstatus -echo '' >>$configstatus -chmod a+x $configstatus - -## -## a few errors and warnings -## -if [ "x$suexec" = "x1" ]; then - if [ "x$suexec_ok" = "x0" ]; then - echo "configure:Error: You enabled the suEXEC feature via --enable-suexec but" - echo " without explicitly configuring it via at least one" - echo " --suexec-xxxxx option. Seems like you are still not" - echo " familiar with the suEXEC risks. Please read the INSTALL" - echo " and htdocs/manual/suexec.html documents first." - exit 1 - fi - if [ "x`${SHELL} $aux/getuid.sh`" != "x0" ]; then - echo " + Warning: You have enabled the suEXEC feature. Be aware that you need" 1>&2 - echo " + root privileges to complete the final installation step." 1>&2 - fi -fi -if [ "x$PERL" = "xno-perl-on-this-system" ]; then - if [ "x$quiet" = "xno" ]; then - echo " + Warning: no Perl interpreter detected for support scripts." - echo " + Perhaps you need to specify one with --with-perl=FILE." - fi -fi - -## -## SSL support -## -if [ ".$module_ssl" = .yes ]; then - ssl=1 -fi - -## -## target name -## -if [ "x$TARGET" != "x" ]; then - thetarget="$TARGET" -else - thetarget=httpd -fi - -## -## expand path variables and make sure -## they do not end in a backslash -## -OIFS="$IFS" -IFS="$DIFS" -for var in prefix exec_prefix bindir sbindir libexecdir mandir \ - sysconfdir datadir iconsdir htdocsdir manualdir cgidir \ - includedir localstatedir runtimedir logfiledir \ - proxycachedir suexec_docroot suexec_logexec ; do - eval "val=\"\$$var\""; - val=`echo $val | sed -e 's:\(.\)/*$:\1:'` - eval "$var=\"$val\"" - # expand value - eval "val=\$$var" - # automatically add target suffix to path when it's - # requested (path has a trailing plus in config.layout) and - # looks reasonable (i.e. when "apache" or target-name - # still not part of path) - eval "autosuffix=\$autosuffix_$var" - if [ "x$autosuffix" = "xyes" ]; then - addtarget=no - if [ "x`echo $val | grep apache`" = "x" ]; then - if [ "x`echo $val | grep $thetarget`" = "x" ]; then - addtarget=yes - fi - fi - if [ "x$addtarget" = "xyes" ]; then - eval "$var=\"\$$var/$thetarget\"" - fi - fi -done -IFS="$OIFS" - -## -## determine special configurable Makefile targets -## -if [ "x$support" = "x1" ]; then - build_support='build-support' - if [ "x$name_layout" = "xBinaryDistribution" ]; then - install_support='install-binsupport' - else - install_support='install-support' - fi - clean_support='clean-support' - distclean_support='distclean-support' -else - build_support='' - install_support='' - clean_support='' - distclean_support='' -fi - -## -## determine special configuration parameters -## -## The checks via /etc/passwd and /etc/group will obviously fail -## on platforms using NIS. But then you propably do not want a -## UID/GID as production oriented as a web server in NIS anyway. -## -if [ "x$port" != "x" ]; then - conf_port=$port -else - conf_port="80" -fi -conf_port_ssl="443" -conf_serveradmin="you@your.address" -conf_servername="new.host.name" -if [ "x$confadjust" = "x1" ]; then - if [ -f /etc/passwd ]; then - if [ "x$conf_user" = "x" ]; then - for uid in nobody www daemon demon http httpd; do - if [ "x`egrep \^${uid}: /etc/passwd`" != "x" ]; then - conf_user="$uid" - break - fi - done - fi - if [ "x$conf_group" = "x" ]; then - for gid in nobody nogroup www daemon demon http httpd; do - if [ "x`egrep \^${gid}: /etc/group`" != "x" ]; then - conf_group="$gid" - break - fi - done - fi - fi - if [ "x`${SHELL} $aux/getuid.sh`" != "x0" -a "x$port" = "x" ]; then - conf_port="8080" - conf_port_ssl="8443" - fi - conf_serveradmin="`${SHELL} $aux/buildinfo.sh -n %u@%h%d`" - conf_servername="`${SHELL} $aux/buildinfo.sh -n %h%d`" -fi - -## -## Default server user id and group id if not specified on configure invocation and none -## of the ids in /etc/passwd or /etc/group worked. -## -if [ "x$conf_user" = "x" ]; then - conf_user="nobody" -fi -if [ "x$conf_group" = "x" ]; then - conf_group="\\\\#-1" -fi - -## -## determine prefix-relative paths for directories -## because Apache supports them for the -d and -f -## options, the LoadModule directive, etc. -## -## [we have to make sure that it ends with a slash -## or we cannot support the case where the relative -## path is just the emtpy one, i.e. ""] -## -runtimedir_relative=`echo $runtimedir | sed -e "s:^$prefix/*::" -e 's:\(.\)$:\1/:'` -logfiledir_relative=`echo $logfiledir | sed -e "s:^$prefix/*::" -e 's:\(.\)$:\1/:'` -sysconfdir_relative=`echo $sysconfdir | sed -e "s:^$prefix/*::" -e 's:\(.\)$:\1/:'` -libexecdir_relative=`echo $libexecdir | sed -e "s:^$prefix/*::" -e 's:\(.\)$:\1/:'` - -## -## check and debug -## -if [ "x$show_layout" = "x1" ]; then - echo "" - echo "Installation paths:" - echo " prefix: $prefix" - echo " exec_prefix: $exec_prefix" - echo " bindir: $bindir" - echo " sbindir: $sbindir" - echo " libexecdir: $libexecdir" - echo " mandir: $mandir" - echo " sysconfdir: $sysconfdir" - echo " datadir: $datadir" - echo " iconsdir: $iconsdir" - echo " htdocsdir: $htdocsdir" - echo " manualdir: $manualdir" - echo " cgidir: $cgidir" - echo " includedir: $includedir" - echo " localstatedir: $localstatedir" - echo " runtimedir: $runtimedir" - echo " logfiledir: $logfiledir" - echo " proxycachedir: $proxycachedir" - echo "" - echo "Compilation paths:" - echo " HTTPD_ROOT: $prefix" - echo " SHARED_CORE_DIR: $libexecdir" - echo " DEFAULT_PIDLOG: ${runtimedir_relative}${thetarget}.pid" - echo " DEFAULT_SCOREBOARD: ${runtimedir_relative}${thetarget}.scoreboard" - echo " DEFAULT_LOCKFILE: ${runtimedir_relative}${thetarget}.lock" - echo " DEFAULT_ERRORLOG: ${logfiledir_relative}error_log" - echo " TYPES_CONFIG_FILE: ${sysconfdir_relative}mime.types" - echo " SERVER_CONFIG_FILE: ${sysconfdir_relative}${thetarget}.conf" - echo " ACCESS_CONFIG_FILE: ${sysconfdir_relative}access.conf" - echo " RESOURCE_CONFIG_FILE: ${sysconfdir_relative}srm.conf" - echo " SSL_CERTIFICATE_FILE: ${sysconfdir_relative}ssl.crt/server.crt" - echo "" - if [ "x$suexec" = "x1" ]; then - echo "suEXEC setup:" - echo " suexec binary: $sbindir/suexec" - echo " document root: $suexec_docroot" - echo " userdir suffix: $suexec_userdir" - echo " logfile: $suexec_logexec" - echo " safe path: $suexec_safepath" - echo " caller ID: $suexec_caller" - echo " minimum user ID: $suexec_uidmin" - echo " minimum group ID: $suexec_gidmin" - if [ "x$suexec_umask" != "x" ]; then - echo " umask: $suexec_umask_val" - else - echo " umask: running server's" - fi - echo "" - fi - exit 0 -fi - -## -## create Makefile from Makefile.tmpl -## -if [ "x$quiet" = "xno" ]; then - echo "Creating $mkf" -fi -sed $mkf \ --e "s%@PLATFORM@%$PLATFORM%g" \ --e "s%@PERL@%$PERL%g" \ --e "s%@TAR@%$TAR%g" \ --e "s%@TAROPT@%$TAROPT%g" \ --e "s%@SRC@%$src%g" \ --e "s%@MKF@%$mkf%g" \ --e "s%@AUX@%$aux%g" \ --e "s%@TARGET@%$thetarget%g" \ --e "s%@IFLAGS_PROGRAM@%$iflags_program%g" \ --e "s%@IFLAGS_CORE@%$iflags_core%g" \ --e "s%@IFLAGS_DSO@%$iflags_dso%g" \ --e "s%@IFLAGS_SCRIPT@%$iflags_script%g" \ --e "s%@IFLAGS_DATA@%$iflags_data%g" \ --e "s%@prefix@%$prefix%g" \ --e "s%@exec_prefix@%$exec_prefix%g" \ --e "s%@bindir@%$bindir%g" \ --e "s%@sbindir@%$sbindir%g" \ --e "s%@libexecdir@%$libexecdir%g" \ --e "s%@libexecdir_relative@%$libexecdir_relative%g" \ --e "s%@mandir@%$mandir%g" \ --e "s%@sysconfdir@%$sysconfdir%g" \ --e "s%@datadir@%$datadir%g" \ --e "s%@iconsdir@%$iconsdir%g" \ --e "s%@htdocsdir@%$htdocsdir%g" \ --e "s%@manualdir@%$manualdir%g" \ --e "s%@cgidir@%$cgidir%g" \ --e "s%@localstatedir@%$localstatedir%g" \ --e "s%@includedir@%$includedir%g" \ --e "s%@runtimedir@%$runtimedir%g" \ --e "s%@logfiledir@%$logfiledir%g" \ --e "s%@proxycachedir@%$proxycachedir%g" \ --e "s%@suexec@%$suexec%g" \ --e "s%@suexec_caller@%$suexec_caller%g" \ --e "s%@suexec_docroot@%$suexec_docroot%g" \ --e "s%@suexec_logexec@%$suexec_logexec%g" \ --e "s%@suexec_userdir@%$suexec_userdir%g" \ --e "s%@suexec_uidmin@%$suexec_uidmin%g" \ --e "s%@suexec_gidmin@%$suexec_gidmin%g" \ --e "s%@suexec_safepath@%$suexec_safepath%g" \ --e "s%@suexec_umask@%$suexec_umask%g" \ --e "s%@ssl@%$ssl%g" \ --e "s%@conf_user@%$conf_user%g" \ --e "s%@conf_group@%$conf_group%g" \ --e "s%@conf_port@%$conf_port%g" \ --e "s%@conf_port_ssl@%$conf_port_ssl%g" \ --e "s%@conf_serveradmin@%$conf_serveradmin%g" \ --e "s%@conf_servername@%$conf_servername%g" \ --e "s%@build_support@%$build_support%g" \ --e "s%@install_support@%$install_support%g" \ --e "s%@clean_support@%$clean_support%g" \ --e "s%@distclean_support@%$distclean_support%g" \ --e "s%@SHELL@%$SHELL%g" - -## -## override default paths in $src/include/httpd.h -## via command line arguments for the compiler -## supplied by a little shell script named $src/apaci -## -echo "#!/bin/sh" >$src/apaci -echo "## USED AS A COMMAND LINE EXPANDER TO OVERRIDE PATHS" >>$src/apaci -echo "## WITHOUT DISTURBING THE KNOWN MAKE BUILD PROCESS DISPLAY" >>$src/apaci -echo "echo '-DHTTPD_ROOT=\"$prefix\"'" >>$src/apaci -echo "echo '-DSUEXEC_BIN=\"$sbindir/suexec\"'" >>$src/apaci -echo "echo '-DSHARED_CORE_DIR=\"$libexecdir\"'" >>$src/apaci -echo "echo '-DDEFAULT_PIDLOG=\"${runtimedir_relative}${thetarget}.pid\"'" >>$src/apaci -echo "echo '-DDEFAULT_SCOREBOARD=\"${runtimedir_relative}${thetarget}.scoreboard\"'" >>$src/apaci -echo "echo '-DDEFAULT_LOCKFILE=\"${runtimedir_relative}${thetarget}.lock\"'" >>$src/apaci -echo "echo '-DDEFAULT_ERRORLOG=\"${logfiledir_relative}error_log\"'" >>$src/apaci -echo "echo '-DTYPES_CONFIG_FILE=\"${sysconfdir_relative}mime.types\"'" >>$src/apaci -echo "echo '-DSERVER_CONFIG_FILE=\"${sysconfdir_relative}${thetarget}.conf\"'" >>$src/apaci -echo "echo '-DACCESS_CONFIG_FILE=\"${sysconfdir_relative}access.conf\"'" >>$src/apaci -echo "echo '-DRESOURCE_CONFIG_FILE=\"${sysconfdir_relative}srm.conf\"'" >>$src/apaci -echo "echo '-DSSL_CERTIFICATE_FILE=\"${sysconfdir_relative}ssl.crt/server.crt\"'" >>$src/apaci -echo "echo '-DEAPI_MM_CORE_PATH=\"${runtimedir_relative}${thetarget}.mm\"'" >>$src/apaci -chmod a+x $src/apaci -CFLAGS="$CFLAGS \\\`\$(SRCDIR)/apaci\\\`" - -## -## create $src/Configuration.apaci file -## -if [ "x$quiet" = "xno" ]; then - echo "Creating Configuration.apaci in $src" -fi -rm -f $sedsubst 2>/dev/null -touch $sedsubst - -# generate settings from imported environment variables -OIFS="$IFS" -IFS="$DIFS" -for var in CC CPP OPTIM CFLAGS CFLAGS_SHLIB LDFLAGS LD_SHLIB LDFLAGS_SHLIB \ - LDFLAGS_SHLIB_EXPORT LIBS INCLUDES RANLIB DEPS TARGET EAPI_MM SSL_BASE; do - eval "val=\"\$$var\""; - if [ "x$val" != "x" ]; then - case $var in - CFLAGS|LDFLAGS|LIBS|INCLUDES|DEPS) - echo $SEO "s%^#*\\(EXTRA_$var=\\).*%\\1$val%g" >>$sedsubst - ;; - *) - echo $SEO "s%^#*\\($var=\\).*%\\1$val%g" >>$sedsubst - ;; - esac - eval "$var=\"\"; export $var" - fi -done -IFS="$OIFS" - -# generate rule directives -OIFS="$IFS" -IFS=':' -for rule in $rules; do - name="`echo $rule | tr '[a-z]' '[A-Z]'`" - eval "val=\$rule_$rule" - echo $SEO "s%^\\(Rule $name=\\).*%\\1$val%g" >>$sedsubst - if [ "x$verbose" = "xyes" ]; then - echo " + Rule $name=$val" - fi -done -IFS="$OIFS" - -# consistency checks for shared object support -some_shares=0 -OIFS="$IFS" -IFS=':' -for module in $modules; do - eval "share=\$shared_$module" - if [ "x$share" = "xyes" ]; then - some_shares=1 - fi -done -IFS="$OIFS" -if [ "x$some_shares" = "x1" ]; then - if [ "x$module_so" = "xno" ]; then - module_so=yes - if [ "x$quiet" = "xno" ]; then - echo " + enabling mod_so for DSO support" - fi - fi -fi -if [ "x$shared_so" = "xyes" ]; then - shared_so=no - echo "configure:Error: Module mod_so cannot be made a DSO itself" 1>&2 - exit 1 -fi - -# module permutation support -if [ "x$permute" != "x" ]; then - sed -e '/## mod_mmap_static/,$d' $tplconf - OIFS="$IFS" - IFS=' -' - for line in `cat src/Configuration.tmpl $addconf | egrep '^[# ]*(Add|Shared)Module'`; do - name=`echo "$line" |\ - sed -e 's%^.*/\(.*\)$%\1%' \ - -e 's/\.[oa]$//' \ - -e 's/\.module$//' \ - -e 's/^mod_//' \ - -e 's/^lib//'` - echo "${name}:${line}" - done |\ - $AWK -F: ' - BEGIN { - n = 0; - } - { - module_pos[$1] = n; - module_list[n] = $1; - module_line[$1] = $2; - n++; - } - END { - pn = split(permute, perm, ","); - for (p = 1; p <= pn; p++) { - split(perm[p], m, ":") - m1 = m[1]; - m2 = m[2]; - if (m1 == "BEGIN") { - for (i = module_pos[m2]-1; i >= 0; i--) { - n1 = module_list[i]; - n2 = module_list[i+1]; - module_list[i] = n2; - module_list[i+1] = n1; - module_pos[n1] = i+1; - module_pos[n2] = i; - } - } - else if (m2 == "END") { - for (i = module_pos[m1]; i < n-1; i++) { - n1 = module_list[i]; - n2 = module_list[i+1]; - module_list[i] = n2; - module_list[i+1] = n1; - module_pos[n1] = i+1; - module_pos[n2] = i; - } - } - else { - p1 = module_pos[m1]; - p2 = module_pos[m2]; - n1 = module_list[p1]; - n2 = module_list[p2]; - module_list[p1] = n2; - module_list[p2] = n1; - module_pos[m1] = p2; - module_pos[m2] = p1; - } - } - for (i = 0; i < n; i++) { - name = module_list[i]; - printf("%s\n", module_line[name]); - } - } - ' "permute=$permute" >>$tplconf - IFS="$OIFS" -else - cat $src/Configuration.tmpl $addconf >$tplconf -fi - -# generate module directives -# (paths are modules/foo/mod_bar.ext and modules/foo/libbar.ext) -OIFS="$IFS" -IFS=':' -for module in $modules; do - eval "add=\$module_$module" - if [ "x$add" = "xyes" ]; then - echo $SEO "s%^.*\\(AddModule.*mod_$module\\..*\\)%\\1%g" >>$sedsubst - echo $SEO "s%^.*\\(AddModule.*lib$module\\..*\\)%\\1%g" >>$sedsubst - echo $SEO "s%^.*\\(SharedModule.*mod_$module\\..*\\)%\\1%g" >>$sedsubst - echo $SEO "s%^.*\\(SharedModule.*lib$module\\..*\\)%\\1%g" >>$sedsubst - m="yes" - else - echo $SEO "s%^.*\\(AddModule.*mod_$module\\..*\\)%# \\1%g" >>$sedsubst - echo $SEO "s%^.*\\(AddModule.*lib$module\\..*\\)%# \\1%g" >>$sedsubst - echo $SEO "s%^.*\\(SharedModule.*mod_$module\\..*\\)%# \\1%g" >>$sedsubst - echo $SEO "s%^.*\\(SharedModule.*lib$module\\..*\\)%# \\1%g" >>$sedsubst - m=no - fi - eval "share=\$shared_$module" - if [ "x$share" = "xyes" ]; then - echo $SEO "s%^\\(.*\\)AddModule\\(.*mod_$module\\.\\)[oam].*\\(.*\\)%\\1SharedModule\\2so\\3%g" >>$sedsubst - echo $SEO "s%^\\(.*\\)AddModule\\(.*lib$module\\.\\)[oam].*\\(.*\\)%\\1SharedModule\\2so\\3%g" >>$sedsubst - m="$m [shared]" - fi - if [ "x$verbose" = "xyes" ]; then - echo " + Module $module: $m" - fi -done -IFS="$OIFS" - -# translate module names to dll names for OS/2 so that they are no more -# than 8 characters long and have an extension of "dll" instead of "so" -case $PLATFORM in - *OS/2* ) - echo $SEO "s%/mod_\\(.\\{1,8\\}\\).*\\.so%/\\1\\.dll%" >>$sedsubst - echo $SEO "s%/\\(lib.*\\)\\.so$%/\\1.dll%" >>$sedsubst - ;; - *cygwin* ) - echo $SEO "s%/\\(mod_.*\\)\\.so$%/\\1.dll%" >>$sedsubst - echo $SEO "s%/\\(lib.*\\)\\.so$%/\\1.dll%" >>$sedsubst - ;; -esac - -# split sedsubst into chunks of 50 commands -# to workaround limits in braindead seds -files=`$AWK <$sedsubst ' - BEGIN { line=0; cnt=0; } - { - if (line % 50 == 0) { - file = sedsubst "." cnt; - printf("%s\n", file); - cnt++; - } - line++; - print $0 >file; - } -' "sedsubst=$sedsubst"` -OIFS="$IFS" -IFS="$DIFS" -substcmd="" -for file in $files; do - substcmd="${substcmd} sed -f $file |" -done -substcmd="${substcmd} cat" -IFS="$OIFS" - -# and finally translate the config template -# according to our defined configuration -eval "cat $tplconf | $substcmd >$src/Configuration.apaci" - -# cleanup -rm -f $sedsubst $sedsubst.[0-9] 2>/dev/null -rm -f $addconf 2>/dev/null -rm -f $tplconf 2>/dev/null - -## -## create all other Makefiles by running the proprietary -## $src/Configure script with our custom Configuration.apaci file -## -if [ "x$verbose" = "xyes" ]; then - vflag="-v"; -fi -exec 4>&1 -rc=`if [ "x$quiet" = "xyes" ]; then - (cd $src; ${SHELL} ./Configure ${vflag} -file Configuration.apaci >/dev/null; echo $? >&3; ); -else - (cd $src; (${SHELL} ./Configure ${vflag} -file Configuration.apaci; echo $? >&3; ) |\ - sed -e '/^Using config file:.*/d' \ - -e "s:Makefile in :Makefile in $src\\/:" \ - -e "s:Makefile\$:Makefile in $src:" >&4 ) -fi 3>&1` - -## Ugly. So far, we've only used -eq, so just in case, use this -## stupid code unless we're *sure* that -ne is also available -if [ $rc -eq 0 ]; then - : -else - exit 1 -fi - -## -## final hints -## -if [ "x$quiet" = "xno" ]; then - if [ "x$shadow" != "x" ]; then - echo "Hint: You now have to build inside $shadow." - echo "This can be done either by running the canonical commands" - echo " \$ cd $shadow" - echo " \$ make" - echo " \$ make install" - echo "or by running this alternative commands" - echo " \$ make -f $shadow/Makefile" - echo " \$ make -f $shadow/Makefile install" - fi -fi - diff --git a/usr.sbin/httpd/htdocs/apache_pb.gif b/usr.sbin/httpd/htdocs/apache_pb.gif deleted file mode 100644 index 3a1c139fc4247ec7e770fdaab961fb3692c953fb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2326 zcmeH``#aS60)Ri?F~*GRoWb@r$c#H_jN6u#)66_>GY!UILM{ophO`}&oUt=FmBNTY z$`ICVA7j^+h#i;OQDc-ga!qS+8Gc0FW4f z)Bt1yAj_Q32!U{ zRIo-qQptb-t7{uBm(~px;>}n!KArWR1^>`Cf~is&A3~v0s8aF}M#nn9GGt0d7v`yb z*>S>eMWL(I627?MNllQ7BkqHq)M=1k z=&Ky&zXVh2hPE6DHG1$Mj#+!@W<|fAeonA2iB#Un#%N(&&W1dtI~9BfQ#)e2X=lF^XcGT}q=AoZ{H^5&_C+Pv zN&hQZTYONvvH2qVcG~jIh^yqZXMG0jauI~J<^%?yjPC{pb>Ylqd7Qgl5*ph^Ulf=T ztUu|ceZK)dM=IDKg~q~CZoH&Cb~-~Z=;&lvYG{6Kc>2z^;Sv327g?kssFZ=dw}0cH zdw$mEtN!A<`J8^&z3 zt~SwiD6S8)Rjrr!Kx<)&vBl1-$xbOvcBi~nxrDC!TBPace;L%k*DDqrZ4t4XvN(& zu%4H=wkn0>)>bWw*7qy^XgxfL8hEr{3=!aT@x^9eDj^ytk&Chl$kO(lBLUN|dQ6Gs zqR_gQC$$$-23%rt``_I(>C3A7dOXT9Z$frk_k~-Ys+P;@AA_2Pg%%8=^ZRrL+?~|f zW&~d`K5oo!G0s}dw|gtsI8gBY`D(2K(S?RiMa{{iIhO(d)G0SJjuwocN&dl=)Ns$! zkAoL^`msv}wXFIo9^Egsd~xDITuw=a{)ty}PeNiaZ{?=q1Ff-;&+#A?LvlJm+3a2z z0EU`idSaEFK|F|qEq^5hpn?C2d=DQ+H3YkO^OBqUex<5bLo z9(N*aTe0*iA?|UPIVvKLCc?9Ag1I16-HvOfbsA#dH4-dk3 zhnz>*3E(FdLU+yVpuPUsliM=aeNjZUS*@XX3Z53T6iR8-2uO=XFwVs0@AhefEv8q zeI*^7gje{cZVN8?oK%ZT=2#U=<_Ih7M^R~)Ja%@QBEHt-Nj+won-qIvXTfK$!wnkr z2MQ*#TaAN%Ohqz*uQYER7$<|Jgd}A|ZL~mb$%8Fh^ z{1s=ft;T@}n?u#1Sd8|0dAq@XlaA<)Sy)vu-xZB|?3vPJ`3#PxQkI=}-aLquKdtW{ zRsg5o;PBjI;EgPh^zTEWZ?enGho=a|_a2#rB5>2qPOTl5wbu2&n7vp9==HR9wE+S`0^kn* z2VCs&N#1+t9pLT%(A$SkPEs0Bx}|GCgaUrcBY+5>{wW6lgtLTKFV-%;5S|cf6X}p# zB{~BL|J@1@;PcM-g8(2R`dyPim=2GBYyXx9RF1Nh^^-XA0VZ!iCx;h%b#KiWHhl#2`A;)zd5 z|D)Dln!L=ne`{p%76QN;pZ;eV`9B(oe>8v2d5q5kfDgWJ|63vY_S^j5nlAqT*#5Nn zuO9f_R(!h&Z~S%qM}IKmwE*zD&j|jMrT(4ex%4}aKk)wkJ_zmsKr$Y3p9Aaw!Nq?! zV$J~}Z8uLaUyz?$Kmgc_&ncMirn9#bnD6g#RLUnWDSNRG(EiZ_&QI_sB)C`rUI5hO zuE}G2hal;12grov zKTY7BC}4BeGE)cufBD;m|JeiKe_Xhj2dIhuT$2IN05JEHbOl977l-v~+e>Rk5@<gjoz2b~R+*n zaGt=(N^ve-!`QamAftNZhH9Zk>3ZfoE}?35MtT~z+#rF344^N70xPik1u!A$T7@yH zu*$9fxr6F(>}@GfWs}KFt7CxJw`)~>I+f|zOGR)>9RIj(W6{qqr3XA1o=BGH1U03*|8dVT7;hX4*@}hJU-)U+` zz3EQ}E|WyU@(UnTr|O$s(50%E<5roVrLg1bM2{`BDdCYXV%$aDAi|}6A!5%A zDPxVT$2`sUFLcCEiLwW6HY{+w-Z}^$tUz;vz^TfZ3qW@7JpDK%oj-L_hStugr@z$- zStEfuTBox5W@TFGe_k_p__!FGvGTsNc29A2&H{BlhKf+idLMA!I#}($G!-va{iCWg zT&b@Ddo$BWd9x)u)rEJy&C{V4*RtDS5hmW(fR$__|J67ulN3bzHeurX8jks$$(J=2 zsmq6U8dZv=7_YqNak@%4=^3-8tfGW|A1MUuo8D$bSYnp?B-YymR)KD#`yOME;4#nh ziE9S1UUjB_#0QtzHs4%B$HOrG1jVh(B^jsO{_&f02`L_*I?E82qH|Mn%VTp#2*IO` z@G@j`Joo}wvk04z= zG|FuvO;QDdNW>odp+gMTT74|hT=2Mwr>48JX8;FFosvZ5wP$#N?KGy@I+!OmR)!WnzvR03tb5!#}JvGLvF*UY3o6o%qZ;ok)4ed zSiHS_AAXWmIj|M{E-B5H@bbMU2@Fvw5!ojK8ecX1v2n3V>!`$3#(?V6(%KRtZzUcAsY{Z=4EBd3no^ucXM^7E&x*4+U$_ZM>d7w$Fb%PQTp6AJ!~~wAlI7R z$1{qbYsPAwYLOq$L*O$SAJ<`N0kuKqaKTKP@?AZ52((VWO-#K0B-I%yfO)*4om*`^ zHenpjR_1VQ8){B#uKw)i2Mx5t39Klov3{|s!$Kv{!LWE&y?91_+qSP(=4%x=Qa;rx z+fZFIZ+X8qA+>|kLmVe0g}qPRVWe8=^uSR$Wfg=WU3!bXLiKA0(xx>Vq*G$rM)|#c zd`beRxHIE8dA7$|IodMOoPLje_)|kUtS5L#yf(lp`L0IMq-$YVqrm_UB(pLW{_L&W z`3?0C&|8Bt7l6ymj`am#xNCd#VJ^zDX$4fa*Jx!B%%Lp5(ZS2a0}Id53jB(-bSSaV zrdKnANB%s?Xhg4l+k(=;o}E=F*ug>*a zJHG%bpQbb$RoKZ1mqG7(rMl>k@;E{hdJ8Y<%vE=(FD?$J*~`kQ&$t+>v)rFK3=xG3 zEoPMtwD7brLG9DQW(bY#LrMN^^ZJx^43*)blW|SwVXV;g<@s+_9pk1^FCB`&P4+OH zH3IuAmi+pC(%d`Sl~=Bk_NX~jVhro;lvrXVv!fm;C-ghdd2rig+o@-S+C@ThiWFz! zTzBd%u;F>;Y}>P8rUj{+joD)Gu=`cR1<7&KHuqI|1w>nR2a1Pw=Mo(ZyS**|lk)-> zeb}MP7hJ=s=&8YSoEQuXkDSh5E}E$|)G=VX7_w z0=wm0RE=<-4F4}*hBjJu9DBcjuf6w;BwgXWi*bxuB&MYtLz_7%8e~{>xbbyk^3}}r zbR%-7W%5*eAx7rt0(jPUs((Iq2z!X>&_=M)V8+UwH!!SgPGpd8ho&jhH7$@pqk9id z1EqAqW)}OfT{B#P=yuKppt;9BZH2;0VK|k0FK;|#6j<3r@4lf}7~A#P>)a+l1O%Bm z7{H~0f!z8uU`tW}3K z8$V3YONC}j70bciZEu(pgbzu~m4{gGD$Is^=RvHswg4BH*=v@IX zRa#Bow{x&1aGLqpmX%!^+losl>>RYmx^M{V&~p9NUgHAQ{_5gX6YJt^njF8lpP8`* z0ky|j)GiK5_O&%OK^hXq&#Sc%lUOP39tCwo9%p$(mMRStYO($mO0Q$;=%QgH433kp z?_H3tEW#`g;z;*9&Uw+P4o1JOB2|mm-l~|TPe=rAIXNj!_jy+KZo_(eAHdO;X7v@Y zN%)){Zy`)#ea zT&kkUA9>*kJvbFom>wC0EXdl#;6I$-)8??05Ohj~m!j>rlQtWe<9ZAKA^O##V z)S$AmDC=8yKWsAG5aj<;0+KcZ$#pqZ(-;Y9kLy>4V8;@tGAHMzN(-lKl2g4Tg=QKe zIYo=IurG19;B{ad1I)x=DUL4B#Q;Cn@ApB?%o}ivm5yXWL5=$uiEW7` zf4{c#0-u`9Ow{DJwYhY&_9CQ;vZTv(S!Su%2|Bo+6TBA_=qlJ$De95Jmb1bThxupG zqE|yaM@@C(TJnmhg|I^lgNPYhR(V7KR{FeNB{D33za%>$d$P@Lrfn`A7gz6S)mG6W zOt-6qoJnx_wqFbr$C3RSGO7p|tAt>C?A_jDmNO0V_j7e?(x`P#)k3|xBX&1k?WeKz z0kDeU+Fgw?t8Lp4dl6ROPL5C1^otZ3-;GwN6j?66AHa$2v@mH<+pdg{=N?8u3oiau9lVfwSD`%Tdpe?1W*f@4fi@=^$plhh&nueGh#x66$ z1t;WCc81i~r^v4=3%BuHa53xyuP50mUgHY+DFTn!J_v*2k}iO8Y_J9xb|xv`-l`lN z`{-w%fwNRh$+z?LpBKRU0cyWD8sLa;Qab)m80C`)@E_paD*f#x?;t%a%+%6aYfgEu zvgbX50qHVnkQJodaa1-5L&MI!XD)!}HXP=Tt{{h~^oN0RL%ucaTpX31m8Tp*2*{k7 z^YpZA3HAag#<8KqE9r_qpBEV3*imAU9YF;A@^LNp?qjtv#Zf9c1geu@6k^11u3?AX zIJP`<`J=G}zC>Bhhpc)mH#-ucmQLpdcRJ(`>*Lr{TGhj3H=AZt>>vU4rx2X$WCTi$ z7ahY!S6-9zX5I=DT8OJu=r|xiZk~rI&#M0-TD?m_0sD4a-8ye*qa=Cj6Kw3h@l}tr+N7KqW~Am z`)N~s1RcPn2nvLEk6AYwc4I^5r!CBNU|8PT@Va^|n^}I<6OI@g*Ctd$C|?RU6!7d}anRP*Qm;Im%=I!<(Ep)ffK~a93v17enfQj94W7+F%3lEBs&^jz z@DHFydGvZ%9=z$$3_sak%z}mGj?6YzEEt)h($Ud=R^Im-4r&(+xi2TwgEv&e+3s(v zX9qf?cVktgf60avOBEy}?l?LeW`*}1>g|6X+75hxv)<;`kf`Vo&Z}E@u1}Sl^cSnJ znb_?p*+-mZPgUc%9_Jci)y_Nez9AhJs>KHLsXum%zeMMLy8vFa?~eZ(Z=2{d-dPG< zX;5iEx5xM_nX7g!1U_2u*P8BffP^W>7tbJ3`0rgx$0RN_kVNZKB&-?Fq*c(HD$1l4uIHO0$-%rEHBM5>YT8 zPY+ZOv*(~5gv50h%=EV?3}^YAFC-pfQK8bPQ^8Dgl`%tXC#FLXUcwcyoca0!nDQP9 zLpp3n#^KDe72pQvl|1pwS@z(@_93t46_kA{GcOX}y$xcy09^Zb(#%5wS=GD+IHyC~ z>|s+C^~2ziF4w%MxNp_V9Sc6qk%suWm&QXYt{G9sTtXR(pPi97iC( zhX!-}7`7-)@_eXqknPDOXJHax9>5O6;puiyPXcGC%U(=vha?mvf7@8{=deSs8GplN3GZpR4Iy>| zkcY8`dG=;5SqEX6mN+Rg$^Cpg8&NMSAz0SryZPSXkd;%_se!z@1uRUoZxGY*Fg)#O zTD{uHsD%GeZF*@!vTJDQni84$WTF`)zq2j3Xsj#Td^lngM~C9clFE~G$V^M{os@w7JNsk3xBgQ?fjZ*DG8cQ0q-~?Wa54CH!$X2gZc)3qU%n z7(Ze5?cb(>M3%ZLGRa+gHWZ<0XD3y>sgP$svj!D^TY*4(p{qT&q1Zqhhl)zvsu{GI zOEdCyh4d893#-aUHc$*=9SU>r_xF)TeZ*9CKXjw6vme|WSurzc-z8gLFe=EZ9WO8c z8NOgIWUj7tKd!4dzV$rc%2dtpom7Fy%UEzMtHxn=rZNj_?d9U}pgRNLO#Aw~=ZR70 zEXK7v!kQn8htCT#y0V_9Pg&Wh8JP+`ol}%)oC10Kzg_U%=>>86tB=^IX@rU9L}*9c zQPU`gwsQH7yKQTCzHD5S78!z1R;QiEWyJU5-eZ6AnmOcuYIwWT8}2&aaqC6V+wPl0 zUuEHj_&vBD+J9HaF?w#EOKAY_+q!TEAtL#x3M{rd$BbY&+iS4lvUAIW~N$cs~g~FybVYl zEco+F7y7j)Q3ZFMlOSY9Fxhu1<)dv)!FN4v-VEaCe`;uaUhyu*b&Nv7NAPR3iF1gh z?iIAg#T0()^KMe&*O{s zk|h))PKy;QFXDG&dc2IH{F%gmq z*Vzt}BZEDdo5a4fZx>t$(~I(V1!eiGA)6A;{Tf8=ybIzBvL~d(CE0`Ri$>|hFBear z?szmbwO2;e{b&Zar=L;6)b**KatWBw<|J64j4<{qm5&DaJbAyKGkv0tsNh%%K$ok8 zS#qFVXxp)J;zA_^hLThYOE3CrcDx2o4YGD-2Y12IGst)0C74zhxzeqgoU~o*3}5U6 znj>ej*|W#7J992NmC?NxhpjI7UErdMsukBtt+s>R3f}pZ1_fS3Snh64@j6fZ1yJXS z-kLlQTI%q^I254G11hS@z=HWX1!?}AmP<|WFleoCSVHJgNE6GPKl}7~0)F4BVS}q( z+Ub$^llza_BGBV~5?aUu>+20tNZa9qa`P20mPZ;^p0x_YuPZB+Nr!4)W^k~1gBu>W zn0gnO<+|h8w&zl8u#^@KpLd54`KwlMxfc7@O?J~}6i-XvAfzNb>>SnOQGK?gAQpL;wQMxe` zJH%c8a`Vd3{7TU-Hn8K2C8DSn{jg7p8N}6LT^%cii93xfLG_jGgw)nf%pG9VpNZa0 zDwzl=)-dmM373OFSkptaH&tp532p3l!8r$-{8`?47r-}93r5omB*rWY^PJro-IB3i z;HnGK-r6+ZoT&pMvKz+yuPz~`(2~6^=ey>0X@=fNua{FQ&sE~XrRIN%okI|F;FJa% z)Twl3^(^G@0{9rAjP>4XLy2sK*xkqYV!~lQG9u+!KYxAS>nr>`854V`cnK@xXH-uMzo2fmF38}X_F$&jIap6vzG+=)@+;RoKUl|0C4qw{=j+Dbzsb!j9>Tsp>-RbgD6NECo0Z^V2MN_ee&#xT&b^DdniuC^qo&F=X3{Z!4&SjJ zGZ}27s@cbmOc)MnxNfZk%19O!lsKn>`X0V|>C?uJ(4&9!#u24=UNYH3bUBV{Wvl zq%GXr4wwOn^bhn9j0}{ek(wEmdEiw2MBuv-5Bo4b+#3?Ci1H@0r`kU_V6p@l_p>xV z>~!|@3_J~;7Y{dUQf8J5nhQHXyBCdxgB1nSIJNuEAS;LR+TCsBs##X#q<;hE95%K6sq!GWzpV-c z>l)ZrZc|y{O^9i0JP8~>w7%MVO16t%J|>{;gzpWHbq%)R6yMuqg*|>ec*);qAA{Ao)aO2gG{qiabXMii z(D0(OO|QXbub1N@-)2u(%zr^LgDp0lZEv&9`5$c$_;aErQKnc8Lj=~oqy(##e~Gi; zHiZyblxnozql5CyFjFx(n&V7G3^kd_5r%6x&CXt-eUZyBesLNhdMZ;Vlk6H zHd6y1IOTq{^!A})QtrjvpD6KPv2HSa%o`s7B>*nIP+RJ1YC7CAG1At(tMyw2P~W-h z=H*R@k2*uV0{l#LZt+=KS@V&N;`sp-_|2w9ttEI{3k1zBa|09Rf zf1=R9q{N+je0=}t|Bny@$j2|>uh=yp=M44-;qeQ6P0yeJpWpiLc+BkN@f#EVj(;=z z;T^keW?X!jj4As$QPF}2@)6HPq64gloTuK$9a{sjksAL0E3 z08MY7U_Uq4hXH(7K_YxI%F0T7cfdiO;D7*$dyXIvM?YsiO>c;gqgODVbn&OnziR=E zzx$RC-^mIx$_fe+vXc1j|6BgI#=lGb@4@eT`&Wry#((Y^0qgKTx_|2aqw~(kGZ64h z3!*pw=$tYE0Pzw4*ysPzU3m`xbT0s)VeDVp!}@!?JPZi%QIV1g3JQ{R1A`=gcj({p z|61VhlK(UKm+MLXzTV$`$9Eg-;t2H&;QQUFAa74^s2`udk0S`oC-Gkg@&9$je{t(y z{17(*yMX<`UieFy<42jBmn;5udpWxWxOsc=xq1ChcliIZ+Q0bl8~!z}@qnrD9AI{k z1n9?@0iwNOfS8F2AhONDTL}KXZ+9uo0X%C2u;AVLYuw{8-u@^3w}dbOpC$BnbLIQ3 z)-<`#2ZH(q{>J!c;&(y2A~D#0Y<=mzzVPjK)^!) z0{8(zz+>Pk@Ct|l-TLapawtytw1Nx3k(6D0VJ>htO8$w9pF1~2%O^C z9b^PF1WW`R1iS=-1Y!iT1WE+z1X=`l2}}sA2p$l)5_l0n2_6$XCx{_PB6v%XM^Hvk zP0&QpNiaY#PB2HXMt~ytNq{9JBBUl{Cgdg*B9tOjBD_hcPk5iuj?k6RmoS9z1z|j4 z24Oy71z`hWC*cqwl5mx9hY&*q5K$4a67dsB5GfI95*ZO$6S)xi5rq>)6QvR56IBs4 z6ZH{I60H*L5}go}5;GC=5laxO65k;c+;6XaXurxf%Qf)pwgMikBz!4wG;g%r&cV-#O0PAM5Eg(=l2?^C){KBdf{tfK6p zT%`O(MMZU)N}0--%8lv?RR+}us(z|9suOBPYEf!UYFlb3bv$(m^+)PC>R&W8G(t2t zXsl@hXyR$gXu4>YX^v@`XeDWNX`N{!XtQV=XeVg*=_u#~>2A{5(}mEb(bdw8(e2Vx z&Dj7>pPo46zL53ko9!kWm@SH}ifw}Jh@F%D20NHNnjOxLWXE#wacFUPa3pddIF>FEUlP4! zd@1Ns&ZVA9yPV9Ns+=IsXwDkWc`iaOQ7#j%P_6>5VJ-|e54R4t4|gVa7xyj?E6)uc zcb*iUb{-Tj6R$e28*d742k$l?3*SvXPreMkZocpQT>N+Vq5OILqx`3rg)f_3es&pt zc}aj$KuN$wAVuJl!1pV>R}8K^z5=^4FGwM%B=}G;U9eB^NJv=7LMT!QA@og{U07E* zL>MN#c$Ma=##P^|`B$ezNJW%HJVdfZK8q5H%8Nb}%@Q3GBNS5*a}&!J8y6=LR~GjY z&ljJOpq98P5hwwZSd(Oxyes)k5+S)Sbw$crDp9IW>Rei0+EcnvdO?O!Mo;FMOtZ{S zSy5S#Y?kbl9F3f|T!dVs+>dKw*TC0uuFc9b$s5Q=%72o_DJUxVDO4$-6t5^gP<*F2 zqr|LqPbpTZUztStmU4u0tMZA8f=Yl&jmm+lgsO*Xx$3v;!q>sq3$L%MT~>2c%Trrb z=Tm>6{$71mgI~i@BVXgo4S^fZH;Qj;-4wa$ezW4{{w?WSez)px9cij)hG~AhO>|r5 zcJ%F0Ek-Rft+!gs+LyImwPD)db>wwIbw1u9xubt4@y?7cw=PJxO!vEK`^x<<)HOZSBD`QB?WCN;iioMpUeB4hH{ zq|cPe)WNje^zit2w(gdZ0cARfGr#Pd)YTzXBmW!H8lFK(&HP>WU)I*JjX%BbZG~M31{cykIp6h<( zVdPQbap7s<35SqF9zdGB7`;5ay1jY4A9;`ai21zoS@l)%P4)fmr|(znPvCFo-x$D* zpG*xyuR>o!*89_ z!U@8i!aqd_M7)Uj`b6hR=~K$59#2P}Nk2<^hJJ4Gy!i$9izhGEU+TPsy`p{P_i83m zH8S@#@oTr&qfv5EnNjD_&e4N0(lKcf(q3Np`cQYC@uVlW-JbU}_Ei&s?7W^I8 zyQp_Z+0NM$IX7~ua=CM3a!6<;cjDaMs} zm8_PUly;XXmX(!rl_$UmVNe*V!nWdbmGX&8J$W z+NwIix_9+V_0bIk4Z#iH5f2fojaH50O?pkAnpKVYFdPajfyP^5^F9>*MVc8WWw9wqO8A>rN`!9>IVll9NbrZ-$pA1ik@L%3X1>Wn zVJs`)$olk_Z?%b&+!Z$V#Jsg1NmFUUmUtiVbW|b|Qet9K0wNN8HxV)b{6vhzGB-*7 zutC2+P0W)et?s67NOnhDV4zf(C^MpFukuA=l*Oyd6)h)F~w zM>xukP}uAQEb3p)j@Qkq&P233QAe`tUy3&Gak-Tu(a7^~H2h95r&N9Ta(L84YMGtL zy|Y@4P9KHs?2%t8ca>ptd*&v}L5@6xci;Z}zW8v5uWN8E{K<7V?{(jaRO#OrEl|pF zjCP%(_iN=9tQ`6gBm3CHPt?u8;5k3&y6^J${s(cjH=qS1#%6}brbVI#6Da{j+#))9 z#{YoSi_ibw29bcwU6L@V8YEBC#-ok5Zpt}ARzi)#QBzlgWF3_*fc?~bN}|~_7aO)? zM)jMz`n7upCUBUT=(hVw!wl29nc1}T2252s{yD??hyJq0ozX`83g>G1ZN1k~Kifp~ zTw53X#irDYAl!KsZ~=?2(oR$Iu?~Utg2fZd^VCdlW|EuouQ=&uIk!ejk$lScok(dl zIgLy1LaXY9S|yEWEV>`Kzuz64t(0|W?s7rx297l$RQqie5?u%t9<&?NM)Vd^7Tx0= zgmOXl-fi1bk!2`zZ#H$-KJLXf*LS|Tg^YDyE1|Xdd6}yO#P}ph_|fC&vwVyhvUzl& z$kDdt6=lV@CrKnr&wdG@824t&`%=9ZAS4K>ZNV)g^vA{FBhouaNdVb)>j}@25T9EL>sQQNW1`q?1x7uRlK~~KbFkjo<9}kpaEC%OXVb0mibyH%WQFIT=PqT7h3iT z3@F{szf%df9x8vs{>1X*f%IM4N&M=;NEA)@$gj9de`i+*8Da0Udub3WXf9WA)nGAM zDCgAkHd*Xq7FeP$)|%e4@H#3#NtnEBY|KV%Fw0${_Qe5rSi&9+^Z}-dJNevVk7+|Y zP~g>vA~lNrO$U0Jz2N7(DJSbG$0)tp|MDE+pR9}Ve;uDy(70^qZIf&d$4gc0%|n8+ zHt)OcY(#3M-8AT7*!S(CXWmK@ylIqbm{Ku*u7lb9SfgPVBvd*$Lp^(`L@LwH_|bZQ zxA~+%w8S%A$xmhw6#d-mTd?^XCs7o6zQ_oZm8vdCvfrSUZL()NjJA*i+!nHhcdBwc>29*ki#<^;p=DOnqFOSmDA1+3<4EpeR^|e?0r5M~ z&p)n~2)*Ddl@xuZ*OMxDxmg_2t#+8pOyJKipj<`TM z14pf0gSTefeI^JMuH@X-lKrZFv;6}2aMWU-F!}32H>cz}hq#|XyoBi1tv5DSPJ>W* z+EE7V%uayEpx4ahNn|=kmu-I)V&s*M*&&&bE~$-4Ekd?+`C2v%!oP+?-<5v1`L6jO zdlw)rsCm5rc|!g^Uzq#x5gdA+cSK;c#4^#!KyW|V>2uG(Lqz6V;+IcG%6Hsqd+M^8 zgfrJq%=m-8nZE}qxVk$kOB$EL%a*++Dt_p`S^e}<@Tr#0I#D&Zc}wHT&1-b0ty0_p zoZhEYm7a&M%Y8Q|8a$(iPc()$b?)ibJTFYEzEXXqYhb)#bYsc+JMoR<=f@L0PrDW; zq;u_XsqR>s&BLWo=#bHoko)8X5XD!z?YZN@ks`eS86*5K^m<;QgBvyX35wY}GQlM?Tg;q$f5MnkFQ4D=`~%5jOXJaF%obm{>-0I1AewipL0*;9xCkx@ltDC z0Pd+509pFk&IOQu0mPZxXi{=p)rSQQwmqGd`!(GVKU9_7cKGsB0n3AHR2xO*?Dpi{o8eI zr!PV0oL(8xd6bwb49)fzPfHf0-{!*`k3Kjkn7k)~_Od_Ijte0QyK(7E2}9V;ST1!; z7j@L#qmk3*J{&PaBUOG4Wa7Hia~tqARFz9WHK| z>Dwg!gnoeNaT6I;eX7u8>pdF1G5ze3J)sdV*Yd`e;&)=B*!Y}E*F-yJB#tcXP;DBnsfw8ZGByr)o|@X4b6d!IQ|MZ} z_zlt$&%mad4b!+sJQ{^s`)+Rs>cTS-fw^i+N`br{nS5RFwt;E7FCQ~i9BV0F_?9e% z4lHiP6&wHZNlqkiC~gCSI#WK1?yp?`oT%zUC$0J&?pPKv`Lao7x z3_NCL;Y?V}IPQ6*Z|=S=N3EPHs^2Oj&57_K;bn$H>_L^4@WI^H;=g!@?ntC7a$_&OOD3-VVB-SN8JEi&f<&hDA=}25+ z=g0bK@H@++xNs?b$qA?YFkEb%*2e^qBdKww+|=Xk7BX$s&l#ykM|x!&w>J2#3er-Y zj3Oyll9hU?cqb^1?bGJ9W?L2}?^=^`T>aJ{1hwJhYHLnPkTpx_&OK)HQtk}S@*%}9 zh~aA6*^6PORgn0V5{%OZ^=z+c%14^>HH^$lpttaG#w;tpw!G^VYuGEDk%p&VWr}gr za$g7zl3BbC?7%7tuZsHWy+jwYvNb()5_hodBgcz-#Tk=HPTlk@H4|O_UBmq*SzA)e_(^Bo0g=Y+mFwhrqUD$Uk=kPg&MPWkddNqw zcqA5D>t9V4)3{qIK~V`MEmKBlQl@!4o!i@$Vxc^|Q{PR)o7B^V z$w*DgFN520)+<-H+l?B@MTw&|1Q%bw!@!FnimnQkS+T0Gv_-828M`A>AKVWn)nt$< zX3s0$5>jJ$<8H;JoU`*|op-cWVMrG||Kge?LyDtP-6C z@-pJ28zvlaEI)6@|14*Ec56BmV#zdA&1frj`srbrT95mDf!jgS_7h~KL0kAcDR`Q&zI9+hclkzThso| zD~2W^SlcFf3YVbHuSQ7iMr-SMp#7YcKzi{FYyJl&!N&M&QX&QAFUSp4ZhMJXkkB=$ zx1VyuA#T-l4>S%>a^{p4uU7jBySx32F56R&S0EysD%4Jie{{;ln%ZqXqD6yXVSY@^ zAn+9KB&LAaKRYam`0Qn5@{>ELN>;qqro{%D1bM7*e`ecS=`ylHfseQl%IKW${jq$F zQut&+sPCn5;f{mPZirHEkQL#(Du&xpvbWNj=%Zk!)inv*qSSHilS09th3_Qq%?DGa zqI8v6GiPR}wO)Tga57C_pO90SO&r%!6;Edi@9a@d-0Xf3oKElDY*#$vKl1&(Q&@S} zWBq*%1exjZ3Bs#U(M@!JU3*2PfVp?A=#{V%nz4d#L(qaNco4myHvaKFA2N24Akf6? zc6grLr}bP>aDzOnT5DaEw@$oWXH#UN`5l+?FH~`Z#~LSSry{t&h$=nGQPi}VRhO! z&Dy^AtCT<$d9M!tC}qwR2;z}*>JWmzDNt{i=xEY%79*E<(cZaB_Bk>hY1pDR-S3GQ zYet=@@r|X^PY`%|R^k?K%eKpt-5GdAxuF!EVs>l9E=H>IHE8(ClgcmTKM?|pi}n6( z8lIhN^x3OgW@N2MvQ)v_H@7ff%@~w+yjDt*yF){5wrm_Eq|QgCx`s=ADrsd6VA)HF zU9aPweebCK+&TWur){6% z;LCD;rOHcwG}MpI3AZ-*g5HS1cUq_tzS?XVGV9E8hoz@tZZ$_oT}H_Lw0*vd%P*Y2 z>t}N{KfAQD^k<>qRN*WWU9XuLTmsJiS(mp^K_=?ufvlNs+RS!${0R?DM4y?w#0*2} zb4U<_C|?4vC=7jjtBk5v=%YoXxUYPsO>|oA{37bLWXb0CJ1W_{UTLb=gONmh&B~D3 z4ZnGZpYm7vd!8RlWLzy}N_x^xVJ6$%q%dknn?7+U=8L`OlO(Gu_JM;QWy@nW)l=UJ zu3i(!Z9N0{ELY4%t_NLu_U!Zl(o;P3q=~u$`ixqKqxyS`sTu#8!p2w}hxIKHDTOq>O5jgfvSc8Zc0(v#a>j+!700dfRc|Wsj71`xb>DtUW@t&> zqg@@YEG?3|mtoIq5$P<{S!hA+Y}58&%9TR(&c~=+zGr8Cl)5=1i#raUxsK7bD?a$A;ZIZ zJdeZd97Zh1vadaNd6LX)(tN71X|Wl zD2SW;!lu!#oCf6~O~ZJC7b2SN9kT#6#ug#!Wo4THH(vt@S*G?uO_yIM3?I`RT_hd?8FfOyH3=0hlD8 zqf=Yf4*U(H|9|Tj$s$lfxhbZ9iPpGF+8rBE&}V zy(wqBj4ld)oHg+_nsjw8r^H*O)GFK}YQ9s#t~w3@`pQ8fU#KHteb%%m;5DFfyjLLE zbOF4&DoXhJ`L7=xZ8Na2mN(wb`l+3T4Yr=9hp2)Z#&I@=uLiA(eBYe#d@%^%zP7rQ zV5F3mE5cMd{Np;hPnE#PymIOh>HFU2%pZL>Mck2Hfi|ymbYZCs~}l z`h4Bn6j;sG-uX~s&NtNV63gx_AOw5$Re@o7y62Z%E>BA@ND;|&=JqrGJnkfGx?`qn zc6-eN3%CA&{(h{c)bK2a63Q*`hH)5FpYiL;o-%()dj#F8h!#fC>egI%O~_1|rG9R# z%dA1bi(bF^DNmPrY8O@R{&=zX4|lDM-_rZ$8?vyFtJ<;-hnLL+jxG$ZbGmUbi&>9+ zC1xswolvK~vb^$xxGZm88vQ2g4djPfjnpVIBGi>kPJ$cEX`S(^D>eCxz$=B@kf$Tw z{Li+dj#KHn~0->MYh zxSMcIhmPYz_CUUo;;z9Rc3eE5n)>x;tC?B*3QHt)h%Ut6m?fmnzyq0x-h;daHKR=N@a!t?c z?|rxnouyt8Vc6HrrG*I$PJh!lm!9tBOjhuuJ5k)Y)k7N{-vQZI*Q*~)#NyO)6Q-;WCsp~pETk{l+o76$3 zA{BD2p-!enaks7N%wwau_c?+%ze{f0%U}6n*(qu3jMTbs7EYrieVIke_5xU4aZI1^ z5q=F$j@zYT_JdW3JSZ%!wL~dY!kTSi0;`V_7!)#&?`!yOof6%1Q8^XP|FnM?-Z8-V zsX(Rsp};wKSXYL>MWx-$hSEU6-hs2ST~hgf5p@=9QHI^x9=fHwhwhSYY3UfcOIkv@ zySrNf>5icrh8F40A*4$>{Mhe)_woIS`+3${*Lhy+_PdCwqvdo<-?}6CWas;^bmST2 zZyISLOlw!Q5G(=6)}u!0y4(`$R#v7GN!I>-$*^*y(?PLU<}DaKaGo)srIX4bNJWK3 zbDvqlVy80m&lU#kQcFAqGd-2Y773!h!Z%fbR50VZq-*bak#=t+qCf)?D>BJEpq#N~j{6^PQvqStm zG7$@b>5T4YB+rM17U4-P!AiCC#BNI*LPj9upH9`Uz8nu%n;EK?GBy?$dI%nc{8QhG|cPba3p$ z25z-FYG^ijVX!KqDt@a{_S8!8lEk0W{S9=OPzYlmJo|PAIF{v4BMJ<$)z0xAv}9Bh z3&hGRrp1dG{sBx1nh)1t8Qwo;_cdcFO)RcYwt;7er{hkoweNU#sWWXPngUedFT}t{ zPd=9X#GA)&QY^ms*LPT4yRh=Dudv@sT5|p0pw`1&H7#7Ovy$~hbNGvhQKJ{=l|xV? z)ngxF6V&}qicd5Lsy%)BOZD;U2ya65hOncqY=kX$+8LvHHb187zjxEeC~5F*Xy;Se zkW*9>V#_W-FhCcqg{l)>0PEGN)6hP-m)bycwsVw1#a|_|W;W6f+dTRd&;2FzAm08zDnxP_Wwtz_}ap z+ol_?>h)XycT)xO;gXN0#}%s*^%Mtz!1ahg?US6fXrno-Rf$6G%s zjJ&VwdlIhI6y~~-ixA&bD{I^pERsE^OzNnenTV1SQ%q{}YCc3FDEJLFkQwA}J#lr0 zf5c8#u&*SLOv58I{NOA}p3eJ>_GK+>j(YT7;Fwe*uM!wg8Io7l*K>J9+S7jT;aCbp z`-CuW@QG@u)*24qNXZ+ZS0u&jZX_-y3hsC1N1JqEP^Z{fu=DxZZ-9$MAmA&CdED(Vp{R1%e0JXdu_%RGWT@#Xb`DIyglpoY@FSu!hEme-lmFd{BNp zWh*RQ=^cJeU$ivou~8~Q&vTvND)TPUL}_7v*s9k}8a~3tsJ(Rz+~+twFzwx?=ck#YvPwvD^tfeF#tOL{PCUS3HJfD=r3#k{ z`Gr-~EK_=9?g%*96fIJ%`%!Ly*6K)PZzOag{^O-tP+e-X+JfA;O(EUdG+Et(*Q=n( zgZu9@@HTO<$ol~Mpv9Wt1>$e#MO1EaW0S?=Hi+XO9?I)%ZJ*$(!mI0uG*{1w)lF7_ zY&!OF1<0k5IYK5i>xY6C2o7Fry0B6~qA| z48fExG;QdkE=#093rH!mWt9IYZBac1*TKsgrLXFh`C%G&2(|cMv=^jxNZcn0 zmiNI{p3kn}jRAggY?R(X@4LZpkmhr=faIS9y{Om#i?yVy?s93=$WwoJSnI*1+>}Mu z(}*qIHR;F@twmXW@~}?u}xTKmVttV$2#zMNk>eEK37jRGlr0Y6#dS_KCxmLjx6-YLO~geIol-=nyTy z?c<%Btqb$P02@ArUzI(axj?Kk4*{N<`~7s7v@|y8RR@}WVt|2W#zi^Mji_wBxisCn zcsX_3Q#AJg+N#aEJ65=R)-hj^B{{tY7lm5{DY|srZ!kA!u~iFlkXYg(|@Ft~72=-S{YfYR3LdUuG@qtLghVxw~1t5Y1CX$CS~+Hm2osSsse ze0l-sP<-?Em25(Kd1=OwiY3wBff{#sI7AXURkPX8Sx*WYUsCz!zwB5{@4tyt?hG`k z&L=ubqNGO}#;ek69Vysk-WNV0$V%!z?SyzixzNvc(_Skip-j)-L_? zFpUb=R_6Fs20))ag){elZuBPBY1jLl;L(P-pxpJTJqwpV`z$x~vc{%;{jJN^miL{} zW?E}AhO@$N*5*2SNuc$v0bk<|oE-6~W+P0e%aNP32ZBJy$Hkzt|Jxtv{9F3ZL&{8( zk7#pFoX%UjQJGjE3}WOwyztus^IIz8$OslD&|gFu?x;54dp&*oX?j@xR^6OK!?nCQ z@+_Kan@4a@*IX8~$d%a;zciWq!7t}%?wo$q_LEwK5=~g-IF%1ooE;1{{BkorNd{hAebOidKUpd0-POx#SID(@*@MHBnV+HX0zM@^QE0uT9?-cX@eDWlEiMWugh^QEuGeh2sIMUAO^BChLd# zibTpxVtAN}MrwbFQORZILvD^2CqCLydSP}|N&vdoV!v6>^dAx2Ux<9#8>Ns4otPj=|pO-@InPj?x`Mr@7u7fn`i3Q`^})~NWH z5d%9t)>c?8ZKGt0&-E8YUqEiLJR#&J^;P=)^`#o!g zm!e_CCj~2-F5NF9?eP&Devlac&cM;eF8*!H>04dUzF?b)waJrJ@lM-)WLN!A`mx=K zKYl*#kY*%iRgh`vXNQth6mV;tH5$VkUzqg5Eyz$81wQufPT7YZSo;QERl84v4uEG{&= zU$fORaOoMKtCgyz*sQUkrl4YHGgFl@7qZM`F{Vn;XBvqoSZJ?V_*}5MeVKI_pGrCq zm6OFwfiBAxhsG}@2_juvv~Aya@)<@WGFFUu-P|n3!_Bk7%84&{6#~8`lJn@{d>j4; z;IMx=**|6V^F;yd&~9@kr~oj`g_ z@C;gG5TzwTb+_p&jn)7~dy236*nW3M!3&x3fo)a(J(20+d>06IZE$=|1+!t3HMga( ztfN1sV?}&)@^i^~kZ?p0cz7r_iii*-n~?rM3taxA&^)Zdg>XbHb-g3h!;0jN{yR$bQdw`TLSNs;knI zm2BBX>_=M1=J3bt`gZgT+hm-@h-}VA{5*e7zc1I~15GSWJH+%A(-%DP@uyDCoBQjL z1{nF8Csip-Y_*#~)6hX3bMHd$J=>-|v0O1VzeUNvnI$I+PM;4Lq2tW<5oifB@LS=34t+AIKCib6fWMWkv$1A;JC zf@Wwh>eAdTJ=tw^=X&jkXm(<`@^~kithLOKVkOt?;lJiFL#u4Mnl%09{m_WFtd4}B zdB#3?Ty}Qe+j5f2yKxr%dnk&l9G_DPphRK*51@dQFTdev;+O;tpxIG8gOH}~7)RN5 zm6n2C4t(s~2?i@`5I1kYPkL_(k2!#As*jV!{9^eb%%8g$Oqh>0Oc2F;_|b{*#y=46 z5aYW<@w|F{;95QXuC#FO*h!ItxzuM;2bA^|D`l~u}pmi32-cG!>i<6+T7!RiLV7g#1C z*;487Mg209E;tTb_v!EU?}$WHZS@6JDmmd+{|c_)?X-f;jtob~9{JVZjydryGF--G z`ieP)|FUX{Ew=W8|2(lpW;imIta7v1uusWu91n{@v*!oraxh}`hbb;tZXAP*)UV!D zFM#{GrC`&Aj`6%dCr;cV;h9rpP9tp1>F!ht*tkJH3dJEJf#cyLCnE+Mnb_Cg)g<7? zKSrIxsX`yLB?xxEYz6-6=x@4;=~|35w$wmOWf-6RY<|`y-B7(Avi4PM@=F@PuY9E< z_H*|h&@S(eLnU_s(GjBDBmMh`Y+o0PI&EN8rNBy8O18`A_OSn_R4CPpT>NzF2SiqH zJ#q}AZgPb9X1nLOtWA5eaJm`Wu?snyE&r(U&jmW9X2suvylEZeAI@;J{>(=wxFau> zcKxX$v%sx<5rUT2neP0S!LqdIm!T)R;zVX-!;F{2(hP$pCMGnYe?K~e2v-qt@!lIC zd@SDq`OFKdv#Vag_Sn2T6?tJjhoLTb%Dx6bXkw9jsvO*}5N{n);R&+-1_Q$qF8i0c zyFwTW!8mD@#X9iGS>qQ9u8yV50s7jkXwPyK50pY1!jfSxmY@8j-y1uMM^9~cmAWAj zY8H!i&FrFRH$es|4Wr3^mVaPjuwKfqMJ_+b#OSE#ik<3V$oK=tT#AXVwXlaAhh-#r z5wt#?nG^^ z*#=Eut{_}`a#egPxfJU*Q(~Caedq#Tq4DK+hYAj>eHsKsN~YG zr@2op{&gaH+W09a`$LsFB+klp6AhSDp19I}cej+z#4)u=-djO5dAV2HAQZAb#3p$h zYeC<@=qiQ)t2Mr2yna40%)DKnFEkd@6xt2zI6tIITS;L}HAE`hXN_Ijt3Aq~Z#;X< zwH|HJ(`!hqc~RT)v$I`9QQ2zdN&`uKSVVl)R(d9`mo!}_nXSTJQu-{tuagJu##s|h z4jfDC4<1h3E-WXv`x|7X#0~WsC-G>Pr5w@ioNELMheoh64tTzi=lIO>4sQh+vKn&v z^50kvtbs(F3?!r!cF z#}h%BS$j$XdxdNJJ&s&3)MQ{hV;ii6VnTRHq-F^`p~fSBGjUfw#i%0NG@%w;0HI-? z-}NGOBhu`tvHU`@ON(hig)L8jG4{qewi$jMk!o$v?rB>Y|H`{NvX=AV0^TAr^eB_) z2YnO>qd(I%DdkfIV+>YfSD-6eer5i*TN7ozr8^|#1&tGzR)gFe2m4(I8{P!IcbYZn z1L4=bju`fQFkdBf-3Trr#w}SLFd-DH3qev@mXZKtfLV97&G^ znw}|6W z$D+oE5r^`IKrO<63wnatu77|>5=jCLO1kyU2Nr^pw@%661>vF+85HzbqXU_3HBDN04dYEh@unW=@rI&HF5*9c zQ#lvRq4H;53S`g(xjGwlHDDg`XP!{P1R{d=(BAQ$>GPhiAB*~{&Rr(UdeRP*H1V^w zK8HgXPTH-9q>Ker zzA1fC*ld_T{As!$j{_=I>969-V>r1PO zDy~>QtTZvvVsk1^V-6T^1}oVZQz?|`k*xzjp~ZWqasIYr?DOYs<&UsaY_lP$LqLuM zEs-D^wp(&qy7m5kI`+Phsg}|C**#{(WMO8TOCssrl749u{i0q=M8s+n$r$xyT%BFs zs;>j5o{`4KSTUZNewdpPyeQCGqppncPul_~y1O$f3X$tTk#{E6r0w zNJHv2oMo#+-Jqi|=LzM0Qju&aize&edsq9=b-DaJe1Oj7yk*)xV<%a-PzH1oPO730 ze_n!|E@M}PFO`DVD#mEOiX8)8O`O4~Hf1+UGp^^{?tII99?XYWW65~+5ETjJ=EvqV zf1y}})S)E1G7@we_S|?i6sVJU)D8qZfQ~p9f`<=%#!F2zNe~MVi^_LjbF3$0MpTOE zPAOuEUZXN_7yq;)_z!SUc(nMk?5_8HvDs@!5vei9M{KmOY>u|9qShiw8Nxk&NWhy8 zigR-uoi+OmqiORySJGIlyfSv&eZ>8gV{U~%>$k84z0Aw_@9GesJ6qbv+HQ2oS>|cG zK>>j=V1QifqifEUL_lEcTluVs*7D?H_PL@V&z}oZLg>^;V~2wEL;=q~05zDJk0nlo zv3qDtU?$M@cI^+HX^{L&d>5t|bO(e(zu;$Eld9Qv>jc-rq^Eo7Rw6dxGgmrOi%5d@? zm@27hP}W1o{IPw;qG9LpsUYWhqvcE&c|RLR$XX*Nn|`#}5YO)fv;+;bMOR_SSPN1^n7Pp{(l&=YA%Au^MF}@k2Gl&Z2dRkwWf1iyeTkNd{7X zud}N|Ta=jc#vg-R=2@U6nnQTi7VOqle8vxST)LSZ+SyZUMVS?cpwlGDmB2QuRT01? zkTE#|Z$wDW^n#!MFuI-oW$dgbCmO20WOmXWx5$yrMM^ep0cty4XJE4d>cf8_ryTJ= zJ_<=Fwlk+)NtMnk1NP39=XNP3;X4!QLw1KKlK~G2$7^xPE_S7@;Kkkr6$@{)HvC1$ zxyQ2=ZD=TZXT$&J`o#hB&!e(bG4#8e8Nis8Iy^xj8ykv+-n z$h3n`_ji}?-Z>+) z4ZmGm;%oLptDfNP%y06fu#6YYJI!5E0mZGLf2{tv=F}5&qQtj_0bXVP9zyk&uWdb% zOOp@TkxegD7C3s!)T4!~S@?b}lV-9w&BRq1kL=`Cuz3M!RABy|)seObs{BAqNQvbl)sFsK5(Il0|OSqk$UZ~Chlz|Ke# z%;Aq)f^eXla7`CE)iR{}Ct+~t`8`H~+A2!_ce7WkWa_B70o@hxWqP4@LP&-MWZw>f z8NaT0a=#{j5`0d6%8+5rq3u4z>U+*nF?7Dh5RoxezrR^_DOkcCp$^B33oFj9tZ z`o%Ne{^c7>jyW;S1~spZ*LEaFYbF!r>-ME9z+^Z0bYw2*s{s(6SIb(7|{x6;c{dKMmN z@5>#R!~mTo+EkN9N&O904I;Tp;-yczc8qn#JLYwa@-G46<1#f|pf6Vw;D{~HXX+S( z74xl5%halCk~!yw|rwz>FrRB>l zd@0-CO;n8&S-I(@s)Fh{^_c@0h*dP?Q>66GZ@Bn(Wt_sPJwG|3?eu|g{sCetZ~g%& zI?jUgK6%B|{t{VOa+VGY%RJLMwg*U)%rdu4m0&H6eM!HdbyVvSBWwfdybA60?2pTC zWajr`Yv&@|ghI74e{xeR+}>46BaymxuTPtGqa3tdks{<8B@r>ccvSk8QIfgOoPknt zSgueRw&|-Hv2>IBQVkQKs~<;ua{o+ECqC3pR^*xvIW1s2iJSvO4 z7dYXt5Q*E}j3jp6l_ZaQe%H$Zv0sZh3p^iLD14XjcT~N9X|)314h`%{ni}%Pi+QA* zhD-ZLuTY$`G8J;QRN}=tTm(+eMCRB>cx1FeX&@~S{<-vFn%0S~txc@Q{hdyOU9CCv zX=JI|je41wUed;~egb2^lYzA%+eQ2;LC-7sh@+|i`AnEjr{M>p0cE?iw70UHES0f{ zcY)MU0bFw*)NWK!zjp2d8ixO94AT7j>N8au(sY5@mVNBx$)Ijs121mel8QqSanGJ)27WZ)tBnJjt^oFNasj;1O;?+ zuAnNIa3)VQ9VlFJ3KSTIjqz+y#!W7J({HViO0i|ekHoDE_MO&k)C@6Z$CD1T4Mg_*Q zY=s4B&}%^Kh>7xW<6t<0e8K7uhhK;Btj|@}>$~-zK!zxdfb=0ftfQ?C0$*PNo$PqJ zNZbN18EKBCf=w}RiXZa}8@C<6a&Q?@KR3rQrxo@9>V#6=tlb0wY>)(PL4VaAve?Go z_$S|RONvd$`nz6-Ms1P{t#OaerH;W0lBYGj(hm(^oSaJq1r}(!FpB9h{X|v?m!Y(x zCa>MUmr9`?X0Pj|hR2u#FO@_SiW@psU#<7 zdQUj7y~Ntuizu9AJsJ-~xH7LsldHKA*&KI131HI`^O8va@c*rC;MEs~{(z&Ug%5gX zuo?#4Da2nQ9P=htsuy`%B4S2JzmVKk;kV%>q7GSvRvWJ>hHT5@!{*TKsH@YQVS7nu zOCG0Io!tws>v5WS3^R*B$K46wZG9o>+8;!Ds`QWCnHLzGj-o@`76Ql|$wqbp34>Fg=fNM55bR$#+&*tvf1_PaT!sP=KXVJJbA zoJZsvaKy+8AEZ>fmgs}Pa89i=A6i8&KzI#i^G%MPdc@W4b&%A3%z_H5XZu73}2%W@BSxc#y9(dD{zA;yoeS!5k8Df1o{N8a(W`-2Z^E|y3BIZUwL~sJX!#Llc;aUpxdZn7CKbY=Ebh=Zr(YuNi$^CIHF2kYc2!J6XZjr@b;LSV z4!Z*I5mC~jKbN7Q>oIxEu9Ym~9Md}8EHyp}5BYj}L{)Is@TBq?O{_xMRK+X`=omKB zU@Rgm$zIP^nk_r9#!SP$$ww^JM}>g>e}J;|lOoc3v0}AupqIwcsfv|bqA7n97piBY zVav8P0q^I&s)Sx{w^N8irva@N*7bd|+a<8-E#Fntuk>}!nj7Asls1ctB(IuO07CTR z498L1z(`kXFFJ8gbPm$hU(uKkI-Vz|EGZiy8^^%a{Uw^LPmIR)xxq6Q%`?xeRx3xY zFs;y>DTnG+wRX-h%EImOdf!R&qB85W;!THvf9c~gJxVF>dwEF;bvgpsSY4W33{J?P z9QNAB1o%Hgy45|5)xp^EmppxF<0rn7%&@WdZ(kx4N7~4gNOPJR%iIv{B`(`|HP1w# zhjyD%lOL03@RbcN!MnLJRbvjUs0!i$2vq)p@ey6d9Z)hR(hOq8^9K_5-9JWAD*Swc&FFs}(IP3B7 zAQGv1%{>NLJ{#vxRXA;b1yIRDLg=UI1LyHoN&5;!lngd4UAv7gyA5v}d(bPFbC8U9 z5PcY@;{>|pLy!LM%n*%+5BLkJCUi6p;7OV|3&DCmvUiz`Yf;#0aR{|F+XXj&apiZ zQE`3}SWn_|mUwQ%Q)&J>VROx2hU;R%aI5+o^XY1je5v{}c3pM)B>sMW0@WYkX$NR>H35P%8dOxied|8+V zxY4`>BSu1$*0gnJ2TKZWm6knhPQth)P)dKghLrzlLyi$)?jM^?{TkhxojN1quB9xC zMHW@VLm}~$i~5RMkm_Uerz-K|I-yy#N-?66O9Rao7HQrwjwDZ`hc_)(bu#seBM*+S zos**TkO4Mj3LTx6w6ye7osl-QqIj1Uo4f^$Vm)F#gm?&*PxZ_WZGW zetX3asaRC)FW-jQv!Jqa!sD1N7?|uGR~(I8L3ABblE<;88+hRP2JTXgg(FuWDFi`i zu+%Ul+N?aOlQ3CMv>LapUVGTEq&OS)$)2CvK8Pj@ZB_GvsmtooRrR*rLp5V|e#0Ut zNlRYP%4oXZN5QLY_|GyJiQ#q+08P?QP8NP?y_>E7hc2G)4NUne?TT^an0UdanAksh zlV{DabLhny{bAUXrq(pv{Ea5Q997;7rC*B%fp1<-vAqEauM*erncSNz# zEACjzNJIf66TLPve6qz2^YN+}c^8&eJO5&Pw7^H>lC6y@FTg2&exxjt;P6=*aO&<; zEN{ZCVEXH<8r<|FuoZdLHExlmebB@5#+6|1V#gE+eEItKsPg1$%d|US%=&BoMfDu^ zJjHNxy1}Q8F51cL*mi`V+PZw#?|^x$yq9oV5bxorU$K)1pH}ZT{}fLn9-Py$*TtD` zCHQ-v@R6#+2wzO9vu8=1w++M5s_w8Tm9~X?v=y%mVzeBEb*+0O;!Tv0Hg5Cn=XOLIzB^8+?C1$Aol>?DU-%L^<&>pGnQfI#rD%Cc^m@LB0YzP+OV}Ze ztgxg7mU1>X91?}r7~`n*6}o}OPYV5$s&hCYH#^YFl~gq zsew9Qme>Si#{1!{11c$GU%nQl6zh^FPF(3+d&hv9zpf~FWgV!XQl$_@1(3;Y(gBF8 zVUS^%zhh~9S1(;++I8op!Ex#*>)eINnFND)HDyr{Q6b{c$MVY zGCd3(;eXV@LDk!h3k__A_|E|SN2|e9HQwuVF7r>=6_oebZu4iJ#5Yd$UjzZaiFj=D z+JkjX^llZO%p|nmk8onvtaiBOTH0y?*M-dg03|YI`EPiAy~8(9xM=!lz$1-kb%Vx z$e-J7HFvZGjj=(5C%5m3yrn7;l<@1gVM+JxulsuzLvGNAdCz%5rRA3+yLkf^m+4hK zl}yIdeSG~ux*TCChduN(P^OVD>3t6BvFr|26TP9wPrk`UPY7!>TMk<3uDgFED}YvY zB+p}NdxY}kE6U>AM!_Z|zcf!~2X~+F&1B(y`*$%vWLrb4g$7vdc((t&WNbedzL5f*HO32 zE$eTDhBuAX;|^2u!AMtAksxm#tatbun3eW4i5FUy6X8g*rc$1SSoAFewS3l!jH3+2 zVjof9Wn0O&lU~lIy!M*Stcyz|735$UvhmmWuD|{@z;h z0Fr(B^F(PlxWE_N(f5V8IR%b|E!!0!zW}sSz$nK85`RDEtBItRed>|*6>awu$}v8$ z&RA_vtRXhBME^<+Zkc#>?eNDV?~Jy2zSqOor(C6fwXBdmG))vwu#v7BVWHw-NIM3a zdMmNQ!1|*0XZ@zsKhBV;qas}kySh8Ph-$^vHa=Y@nI^A9*Kxr8%{lpoAMfA&()KkS zUEt3wT(P}ne44JYrCUScD6Jgk8O6E4ah-p@G!wndcc9}^XGJ9b4xkexQ& z;Y;^n5aEHG`-%8Bvam51zot3zwSac>9m~mTQr_C8q_{5v{XI>qx;F-#Ou?8**78Vf zQAHoE4Vm2)=Nqk9-5g(%bU9_@{x&h)*wJV_-m*Iclyc6ZSu*Q!MUy%={J0pPO|DS= z5@yS3k#t~(fxDPzzb2a6N@aUg_#_$mG_BI?6G}HgVpmH0vbZ0TEJ&V7Tr8D{ua8&) z_Zbt|Ii9&OqVo^n;DF}vOBvF7t2&pVTlq8NmtNP*G3?t{PISa9tk%b%F%&pe-j-K$<-({GHG@GEjT;?e06MOvhk3rSK$G! z?);00gXQJh8_kxbT735w{b|bT^u5YZ9-3-KjX;DTO{>x{^9fvnPO)1Gbr50g#pwoE z$zRa*%cu56o+d)1d9#`bo}|{ibW!F}!8MvjY-)Hnu1-kT6p5Hl1-GcJhUHr*Ez4|SO+9U#qZaVK479Dt7NT?}4hsDVJFZ)3tH8>ttEIu7 zo#&Brku?$D{6!0JUUh6Nkprtg*XxM&(+|D$ZyC(`RES?EeZTrwG^gSGb{QwE zcXNhz>)h=38(= zQ!VgkgSHyqDyd|&GRIH3U@~8a1j!AU_u&;k5-pR3p(Q=;dZ$>XT2a_LbF!6nbQ?@K zESdV^E;Y6^Wt(UbEUnxHM}AoyzO1KtpIPlZQGtKSvBiC3 z*+C2%=pM98s4Muf;3AsOyB1!YB=F0Sjoy;+vf#p$WP&qRrr;$k5B&J?!^hY490d(% zCqb3=V$WJSr#Wd?^WP?Vzq(&s*gE)Rva7}hj%fRXZOa$DW3lofmOK(v;1HE?a|NR5 zdjgoz{&&hSK}<=maIk4>GGUWEqaExTw?wqq7GY7(4o$QBjI6=YSoR%qJ;qnW8FOH(W4Fj(A<|^R}6sp!pYh221?bVEy!|H0SpodF6PMl0b@FT!N zX}ZCViYCP{l5C3HOCR==a}WptAFpj+sD3by^Ln%IIj;Y{zt_{z=34@Si4&PcJ1Ywfir@0dA@V7AVE%E&0gz$>1!MLoYw%9R$@o0g@5F&k3| zTmz)Bq}#Ze4^0scpdfp2yMiv;8|NsAHs4lBo+*bLd`X#@__jDU%Jpnv?_kbCfUXqW zroQ$P)9H;GQ73{;ykEMZoel~6jnQWrMq|AWRpe}^3UZ<)Cfg=ggK5pHw zjvV*htywS`VO0vH9Jr&{yCZbibciLz8GV)@zPq8eOH+BM>y6LH;*`3dahLBg27Dvj&;pn!%}G zWNQ*y3Oq`5wP{0qA-mE^Y&j&wHA$}d+UGnLl8K{a7LNL+lm61>#&jR^VtyKS79GU} z>$ir{e}zvFXZLR+lZNxv&wdfIcJmLFiR@@N4Pdv~CQ}*!zb`ZSLd@XGKmAopeUq{J ztw!g#y{Fn1uqSO?-sIG+zzQTW3wg^xFA2BSLsGa-=?J1?Q4w*&B}0B;XvD-8Cmk8u zJ#6(6X865UrGEHU7x3pzDoLg7z2fkwQroED%&kW1qF(>A*HmgO_9FgV>T>L|;&>fu zp6au&bH0q*={=lDn)iDpXc;TM2?Mc|SjMNPwW(V%{_(5UwqLOAI7>U@j-0}eQNi01 zm~vO5EmV?=It6tHL{+P6E_Q;`%WKe9E=c3-Cf(YFGVzxWpIX^QEKuN7l6m_+HU#Wn zNUJn!1mZz9kG=a<@P-u(r0c%nyxoGn~qK6D+omCRX} z7g~f+!5+Kzy1rJ0)-ci~h*Vj*_!{Fc%Kn5uHmG9CXN426eP(+;i?1zfaq6jdX9;ju(G%wOBJkf2X;+mreVl} zs$_M8%JPZ&@1A+YdAVnuEWM65 zsPFfVIIqx87LagGYBjxITy&BM5b)FT0fm(sp8QCQk_JphY>HK)J%Fqujw|A|2BeTjv@OLvB~jpduz`TeL{hn`iB6ZYdi zRZFn78tRi}_S@Dm2taPNH<(^S>~TCvcBSsrzXhEb5T>sd;eY?3=(<~?$|fKXS8#in zcT>y&P`7*#>QNQ?vRuiL+g0hD=Nyywa=YTdof^)~r+>Ln$|ljh)B8GP2RCqYQHds-9}^g9MbX8z2D{>X3z8v4=zj-Pz(_OBh-yRKGI4hP$AJDohxxY3e?9 zjtThRUKST_ey&*WU7NPE&Mh$?!g2DtBHMo8aujJk0?PbiAO^_ay{TX16dbfX9eO~s z&nw?82p$%93;Q#6R^N5C#{JX0ORghbAxZH$L@%CHDX#fH2Ogi}ypdy%cm}g*iD;!) z(uPN}m5A#^xkaIC*Wz$$%8^$2cCPu2oU?7qMDE|bs&ecI^oj4-`fB4JraGg+t0S^| zb&RJOh5V#m5?!C>s>ba6S9jH&D=Xns%@CZ-ls+BPy;OD?+V+Ta0~HP#9`5gk+wMGP zHrpL1k>GD{nA);ahYDj&A0bK}#0Uy(c^*5K#AtWUwAivzTJYvmP3{BO0E%69c&(1= z*OP(L6tW^tl@D-?YSok~8H)+<;TSM-ISW)42HExWFKyFI&Dal@6`4(V%1&FlZp#nk zP(sP1c^;QA%WreA(w+xe6V?N0)e08lv|?UC%*E5kg{ZMhH66l8hAUd(N$8wj(M$v*rjc@KMugyJnWynocC>KJ|_|!j7%$$EEEHQkykdh6q zP%EhYdzT8#<~(yiO7h&ubGl*FNELI*YD=($sA~qkPDz6=0Q=({u0pCRu9IY$xb}YrWIGr~bCNDfAD} za_@^U-L`Bh)O7Y2y`5UZ!%>z{fsN?b&)KC==b?!;(boT_wolF92xqK(VIf|N0*SV-(8V=?P7A<<-(N2vjV8=U5TNGd!%E;VL z=Dz=RYu5dj-*{iy9qMUoulFY#d^I6i1nX0MuFLu@HdquB6Xn&%z7)ywztN>6a>vx~=?p|JmZw%;Z) zB*lQwmD>^o>n{;Hqh#eYNi2t4PT9G5`p05k9Kiq+GHjoY z)BCX@VO^KtPkC3nF7t8E$*1y)J-#3ee3T+iE%vq##VrA8c<0;}3;wz@Ej^-C$HX5W zv4g{ri6`s|8Fi}+1tYv?(LIs@chc(*efP8RClCX-Qx73LLUv^fmDzQJE$d-Ht?aS= zJr50s6Pw|E22u}R`wv0NR$icQGGXUdD42ipjWo|*5~E#-zoA4SGB3MW3}tQ6d~iC% z%~Qhq#BLaysgqK1H+0@dt4nOJQc7D-0jIVQz)6#DJ0uuNUT<4MbOuWWXBrg}RVa<8 znt&asB2=|h7JwRq;9R2w1t<9_kMPOK2fxu!<~dt z52GXg0rniEy^RHRy*gs{NdEpo3Q4U9iDk4EH%{W+=z8j!6dC#YU3+NkF6;bs$LUk0 z;v_^Y|Bjt4tfG}bV5C0%Vx;M2oZ*Dgss5=cVD%)Y1(|Ev?Uy~KXQ6;aLTFs^{H$gziwOrMGqW)P3( z;Tg~Jo>6GDTKmkD$Q+%SHo(}k1~)AlL?!ZyZxDZu2?~Mz&R@#VN>+{*SQ6)ST%1uh zi(+96g{(@iCs#oOCt>}NtUUR^Yq{a)l!h%O48g5;>HClRKVXvsHWcLO_3p4zJTmv% zDUV~vsRO#0eY1pi{c?)un4pL5xI1M!J($c)2|Zjw1;zI}0+eKkv$YUe33!&-i!R};U_RE<8pwO0$0apU zu2~~WAVvPYdG9D>JG?wV@BBTjdCM-9ac1WqnUb+xIn&O}Q`-WnjyP+O|Mn;vc-RjX zz(Ih}iZYe0W7EOIxHNHnVxOfbJUcrOeOvIfAR0+!crGwvJGNlJMNA?(vSjY)T9rr= z0C`*x4;_+?l5z0ylP?v3xZf+G=E&xZOttk2s}j~%Bq7z`_mX%+Q|R?oN9Y$tMs|8b z;Y?LVWHh`=Ih|5)r9Y3@1vMK`{y6&w@axqHE`9QJcLokg99q|iVWCx>hZT+@gI$%>we&47(c zD%M#BZr#<7=l}Qd{ttfg|2@OsUz5LYJ{s46A>E#1E-%8S#v - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Setting which addresses and ports Apache - uses

-
- When Apache starts, it connects to some port and address on the - local machine and waits for incoming requests. By default, it - listens to all addresses on the machine, and to the port as - specified by the Port directive in the server - configuration. However, it can be told to listen to more the - one port, or to listen to only selected addresses, or a - combination. This is often combined with the Virtual Host - feature which determines how Apache responds to different IP - addresses, hostnames and ports. - -

There are two directives used to restrict or specify which - addresses and ports Apache listens to.

- -
    -
  • BindAddress is used to - restrict the server to listening to a single address, and can - be used to permit multiple Apache servers on the same machine - listening to different IP addresses.
    • - -
  • Listen can be used to make a single - Apache server listen to more than one address and/or - port.
    • -
- -

BindAddress

- Syntax: BindAddress [ * | - IP-address | hostname ]
- Default: BindAddress - *
- Context: server config
- Status: Core - -

Makes the server bind to just the specified address. If the - argument is * (an asterisk), the server binds to all interfaces - currently marked as up on the server. The port bound to is set - with the Port directive. Only one BindAddress should - be used.

- -

Listen

- Syntax: Listen [ port | - IP-address:port ]
- Default: - none
- Context: server config
- Status: Core - -

Listen can be used instead of BindAddress - and Port. It tells the server to accept incoming - requests (to listen) on the specified port or address-and-port - combination. If the first format is used, with a port number - only, the server listens on the given port on all interfaces - marked as up, instead of the port given by the Port - directive. If an IP address is given as well as a port, the - server will listen on the given port and interface.

- -

Multiple Listen directives may be used to specify a number - of addresses and ports to listen to. The server will respond to - requests from any of the listed addresses and ports.

- -

For example, to make the server accept connections on both - port 80 and port 8000, use:

-
-   Listen 80
-   Listen 8000
-
- To make the server accept connections on two specified - interfaces and port numbers, use -
-   Listen 192.170.2.1:80
-   Listen 192.170.2.5:8000
-
- -

How this works with Virtual Hosts

- BindAddress and Listen do not implement - Virtual Hosts. They tell the main Apache daemon process what - addresses and ports to bind and listen on. If no - <VirtualHost> directives are used, the server will behave - the same for all accepted requests. However, - <VirtualHost> can be used to specify a different behavior - for one or more of the addresses and ports. To implement a - VirtualHost, the server must: - -
    -
  • Be told to Listen to the desired address and - port
    • - -
  • Have a <VirtualHost> section created for the - specified address and port to set the behavior of this - virtual host
    • -
- Note that if the <VirtualHost> is set for an address and - port that the server is not listening to, it cannot be - accessed. - -

See also

- See also the documentation on Virtual - Hosts, BindAddress - directive, Port directive, - DNS Issues and <VirtualHost> - section.
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/configuring.html b/usr.sbin/httpd/htdocs/manual/configuring.html deleted file mode 100644 index f0c65648fcc..00000000000 --- a/usr.sbin/httpd/htdocs/manual/configuring.html +++ /dev/null @@ -1,265 +0,0 @@ - - - - - - - - Configuration Files - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Configuration Files

- - -
- -

Main Configuration Files

- - - - - - - -
Related Modules
-
- mod_mime
- 		Related Directives
-
- AccessConfig
- <IfDefine>
- Include
- ResourceConfig
- TypesConfig
-
- -

Apache is configured by placing directives in plain text - configuration files. The main configuration file is usually - called httpd.conf. The location of this file is - set at compile-time, but may be overridden with the - -f command line flag. Some sites also have - srm.conf and access.conf files for historical - reasons. In addition, other configuration files may be - added using the Include directive. Any - directive may be placed in any of these configuration files. - Changes to the main configuration files are only recognized by - Apache when it is started or restarted.

- -

New with Apache 1.3.13 is a feature where if any - configuration file is actually a directory, Apache will enter - that directory and parse any files (and subdirectories) found - there as configuration files. One possible use for this would - be to add VirtualHosts by creating small configuration files - for each host, and placing them in such a configuration - directory. Thus, you can add or remove VirtualHosts without - editing any files at all, simply adding or deleting them. This - makes automating such processes much easier.

- -

The server also reads a file containing mime document types; - the filename is set by the TypesConfig directive, - and is mime.types by default.

-
- -

Syntax of the Configuration - Files

- -

Apache configuration files contain one directive per line. - The back-slash "\" may be used as the last character on a line - to indicate that the directive continues onto the next line. - There must be no other characters or white space between the - back-slash and the end of the line.

- -

Directives in the configuration files are case-insensitive, - but arguments to directives are often case sensitive. Lines - which begin with the hash character "#" are considered - comments, and are ignored. Comments may not be - included on a line after a configuration directive. Blank lines - and white space occurring before a directive are ignored, so - you may indent directives for clarity.

- -

You can check your configuration files for syntax errors - without starting the server by using apachectl - configtest or the -t command line - option.

-
- -

Modules

- - - - - - - -
Related Modules
-
- mod_so
- 		Related Directives
-
- AddModule
- ClearModuleList
- <IfModule>
- LoadModule
-
- -

Apache is a modular server. This implies that only the most - basic functionality is included in the core server. Extended - features are available through modules which can be loaded - into Apache. By default, a base set of modules is - included in the server at compile-time. If the server is - compiled to use dynamically loaded - modules, then modules can be compiled separately and added at - any time using the LoadModule directive. - Otherwise, Apache must be recompiled to add or remove modules. - Configuration directives may be included conditional on a - presence of a particular module by enclosing them in an <IfModule> block.

- -

To see which modules are currently compiled into the server, - you can use the -l command line option.

-
- -

Scope of Directives

- - - - - -
Related Directives
-
- <Directory>
- <DirectoryMatch>
- <Files>
- <FilesMatch>
- <Location>
- <LocationMatch>
- <VirtualHost>
-
- -

Directives placed in the main configuration files apply to - the entire server. If you wish to change the configuration for - only a part of the server, you can scope your directives by - placing them in <Directory>, <DirectoryMatch>, - <Files>, <FilesMatch>, <Location>, and - <LocationMatch> - sections. These sections limit the application of the - directives which they enclose to particular filesystem - locations or URLs. They can also be nested, allowing for very - fine grained configuration.

- -

Apache has the capability to serve many different websites - simultaneously. This is called Virtual - Hosting. Directives can also be scoped by placing them - inside <VirtualHost> - sections, so that they will only apply to requests for a - particular website.

- -

Although most directives can be placed in any of these - sections, some directives do not make sense in some contexts. - For example, directives controlling process creation can only - be placed in the main server context. To find which directives - can be placed in which sections, check the Context of the - directive. For further information, we provide details on How Directory, Location and Files sections - work.

-
- -

.htaccess Files

- - - - - -
Related Directives
-
- AccessFileName
- AllowOverride
-
- -

Apache allows for decentralized management of configuration - via special files placed inside the web tree. The special files - are usually called .htaccess, but any name can be - specified in the AccessFileName - directive. Directives placed in .htaccess files - apply to the directory where you place the file, and all - sub-directories. The .htaccess files follow the - same syntax as the main configuration files. Since - .htaccess files are read on every request, changes - made in these files take immediate effect.

- -

To find which directives can be placed in - .htaccess files, check the Context of the - directive. The server administrator further controls what - directives may be placed in .htaccess files by - configuring the AllowOverride - directive in the main configuration files.

- -

For more information on .htaccess files, see - Ken Coar's tutorial on - Using .htaccess Files with Apache.

-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/content-negotiation.html b/usr.sbin/httpd/htdocs/manual/content-negotiation.html deleted file mode 100644 index ea541120ab0..00000000000 --- a/usr.sbin/httpd/htdocs/manual/content-negotiation.html +++ /dev/null @@ -1,678 +0,0 @@ - - - - - - - - Apache Content Negotiation - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Content Negotiation

- -

Apache's support for content negotiation has been updated to - meet the HTTP/1.1 specification. It can choose the best - representation of a resource based on the browser-supplied - preferences for media type, languages, character set and - encoding. It is also implements a couple of features to give - more intelligent handling of requests from browsers which send - incomplete negotiation information.

- -

Content negotiation is provided by the mod_negotiation module, - which is compiled in by default.

-
- -

About Content Negotiation

- -

A resource may be available in several different - representations. For example, it might be available in - different languages or different media types, or a combination. - One way of selecting the most appropriate choice is to give the - user an index page, and let them select. However it is often - possible for the server to choose automatically. This works - because browsers can send as part of each request information - about what representations they prefer. For example, a browser - could indicate that it would like to see information in French, - if possible, else English will do. Browsers indicate their - preferences by headers in the request. To request only French - representations, the browser would send

-
-  Accept-Language: fr
-
- -

Note that this preference will only be applied when there is - a choice of representations and they vary by language.

- -

As an example of a more complex request, this browser has - been configured to accept French and English, but prefer - French, and to accept various media types, preferring HTML over - plain text or other text types, and preferring GIF or JPEG over - other media types, but also allowing any other media type as a - last resort:

-
-  Accept-Language: fr; q=1.0, en; q=0.5
-  Accept: text/html; q=1.0, text/*; q=0.8, image/gif; q=0.6,
-        image/jpeg; q=0.6, image/*; q=0.5, */*; q=0.1
-
- Apache 1.2 supports 'server driven' content negotiation, as - defined in the HTTP/1.1 specification. It fully supports the - Accept, Accept-Language, Accept-Charset and Accept-Encoding - request headers. Apache 1.3.4 also supports 'transparent' - content negotiation, which is an experimental negotiation - protocol defined in RFC 2295 and RFC 2296. It does not offer - support for 'feature negotiation' as defined in these RFCs. - -

A resource is a conceptual entity - identified by a URI (RFC 2396). An HTTP server like Apache - provides access to representations of the - resource(s) within its namespace, with each representation in - the form of a sequence of bytes with a defined media type, - character set, encoding, etc. Each resource may be associated - with zero, one, or more than one representation at any given - time. If multiple representations are available, the resource - is referred to as negotiable and each of its - representations is termed a variant. The ways - in which the variants for a negotiable resource vary are called - the dimensions of negotiation.

- -

Negotiation in Apache

- -

In order to negotiate a resource, the server needs to be - given information about each of the variants. This is done in - one of two ways:

- -
    -
  • Using a type map (i.e., a *.var - file) which names the files containing the variants - explicitly, or
    • - -
  • Using a 'MultiViews' search, where the server does an - implicit filename pattern match and chooses from among the - results.
    • -
- -

Using a type-map file

- -

A type map is a document which is associated with the - handler named type-map (or, for - backwards-compatibility with older Apache configurations, the - mime type application/x-type-map). Note that to - use this feature, you must have a handler set in the - configuration that defines a file suffix as - type-map; this is best done with a

-
-  AddHandler type-map .var
-
- in the server configuration file. See the comments in the - sample config file for more details. - -

Type map files have an entry for each available variant; - these entries consist of contiguous HTTP-format header lines. - Entries for different variants are separated by blank lines. - Blank lines are illegal within an entry. It is conventional to - begin a map file with an entry for the combined entity as a - whole (although this is not required, and if present will be - ignored). An example map file is:

-
-  URI: foo
-
-  URI: foo.en.html
-  Content-type: text/html
-  Content-language: en
-
-  URI: foo.fr.de.html
-  Content-type: text/html;charset=iso-8859-2
-  Content-language: fr, de
-
- If the variants have different source qualities, that may be - indicated by the "qs" parameter to the media type, as in this - picture (available as jpeg, gif, or ASCII-art): -
-  URI: foo
-
-  URI: foo.jpeg
-  Content-type: image/jpeg; qs=0.8
-
-  URI: foo.gif
-  Content-type: image/gif; qs=0.5
-
-  URI: foo.txt
-  Content-type: text/plain; qs=0.01
-
- -

qs values can vary in the range 0.000 to 1.000. Note that - any variant with a qs value of 0.000 will never be chosen. - Variants with no 'qs' parameter value are given a qs factor of - 1.0. The qs parameter indicates the relative 'quality' of this - variant compared to the other available variants, independent - of the client's capabilities. For example, a jpeg file is - usually of higher source quality than an ascii file if it is - attempting to represent a photograph. However, if the resource - being represented is an original ascii art, then an ascii - representation would have a higher source quality than a jpeg - representation. A qs value is therefore specific to a given - variant depending on the nature of the resource it - represents.

- -

The full list of headers recognized is:

- -
-
URI:
- -
uri of the file containing the variant (of the given - media type, encoded with the given content encoding). These - are interpreted as URLs relative to the map file; they must - be on the same server (!), and they must refer to files to - which the client would be granted access if they were to be - requested directly.
- -
Content-Type:
- -
media type --- charset, level and "qs" parameters may be - given. These are often referred to as MIME types; typical - media types are image/gif, - text/plain, or - text/html; level=3.
- -
Content-Language:
- -
The languages of the variant, specified as an Internet - standard language tag from RFC 1766 (e.g., - en for English, kr for Korean, - etc.).
- -
Content-Encoding:
- -
If the file is compressed, or otherwise encoded, rather - than containing the actual raw data, this says how that was - done. Apache only recognizes encodings that are defined by an - AddEncoding - directive. This normally includes the encodings - x-compress for compress'd files, and - x-gzip for gzip'd files. The x- - prefix is ignored for encoding comparisons.
- -
Content-Length:
- -
The size of the file. Specifying content lengths in the - type-map allows the server to compare file sizes without - checking the actual files.
- -
Description:
- -
A human-readable textual description of the variant. If - Apache cannot find any appropriate variant to return, it will - return an error response which lists all available variants - instead. Such a variant list will include the human-readable - variant descriptions.
-
- -

Multiviews

- -

MultiViews is a per-directory option, meaning - it can be set with an Options directive within a - <Directory>, <Location> - or <Files> section in - access.conf, or (if AllowOverride is - properly set) in .htaccess files. Note that - Options All does not set MultiViews; - you have to ask for it by name.

- -

The effect of MultiViews is as follows: if the - server receives a request for /some/dir/foo, if - /some/dir has MultiViews enabled, and - /some/dir/foo does not exist, then the - server reads the directory looking for files named foo.*, and - effectively fakes up a type map which names all those files, - assigning them the same media types and content-encodings it - would have if the client had asked for one of them by name. It - then chooses the best match to the client's requirements.

- -

MultiViews may also apply to searches for the - file named by the DirectoryIndex directive, if the - server is trying to index a directory. If the configuration - files specify

-
-  DirectoryIndex index
-
- then the server will arbitrate between index.html - and index.html3 if both are present. If neither - are present, and index.cgi is there, the server - will run it. - -

If one of the files found when reading the directive is a - CGI script, it's not obvious what should happen. The code gives - that case special treatment --- if the request was a POST, or a - GET with QUERY_ARGS or PATH_INFO, the script is given an - extremely high quality rating, and generally invoked; otherwise - it is given an extremely low quality rating, which generally - causes one of the other views (if any) to be retrieved.

- -

The Negotiation Methods

- After Apache has obtained a list of the variants for a given - resource, either from a type-map file or from the filenames in - the directory, it invokes one of two methods to decide on the - 'best' variant to return, if any. It is not necessary to know - any of the details of how negotiation actually takes place in - order to use Apache's content negotiation features. However the - rest of this document explains the methods used for those - interested. - -

There are two negotiation methods:

- -
    -
  1. Server driven negotiation with the Apache - algorithm is used in the normal case. The Apache - algorithm is explained in more detail below. When this - algorithm is used, Apache can sometimes 'fiddle' the quality - factor of a particular dimension to achieve a better result. - The ways Apache can fiddle quality factors is explained in - more detail below.
    2. - -
  2. Transparent content negotiation is used - when the browser specifically requests this through the - mechanism defined in RFC 2295. This negotiation method gives - the browser full control over deciding on the 'best' variant, - the result is therefore dependent on the specific algorithms - used by the browser. As part of the transparent negotiation - process, the browser can ask Apache to run the 'remote - variant selection algorithm' defined in RFC 2296.
    3. -
- -

Dimensions of Negotiation

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DimensionNotes
Media TypeBrowser indicates preferences with the Accept header - field. Each item can have an associated quality factor. - Variant description can also have a quality factor (the - "qs" parameter).
LanguageBrowser indicates preferences with the Accept-Language - header field. Each item can have a quality factor. Variants - can be associated with none, one or more than one - language.
EncodingBrowser indicates preference with the Accept-Encoding - header field. Each item can have a quality factor.
CharsetBrowser indicates preference with the Accept-Charset - header field. Each item can have a quality factor. Variants - can indicate a charset as a parameter of the media - type.
- -

Apache Negotiation Algorithm

- -

Apache can use the following algorithm to select the 'best' - variant (if any) to return to the browser. This algorithm is - not further configurable. It operates as follows:

- -
    -
  1. First, for each dimension of the negotiation, check the - appropriate Accept* header field and assign a - quality to each variant. If the Accept* header for - any dimension implies that this variant is not acceptable, - eliminate it. If no variants remain, go to step 4.
    2. - -
  2. - Select the 'best' variant by a process of elimination. Each - of the following tests is applied in order. Any variants - not selected at each test are eliminated. After each test, - if only one variant remains, select it as the best match - and proceed to step 3. If more than one variant remains, - move on to the next test. - -
      -
    1. Multiply the quality factor from the Accept header - with the quality-of-source factor for this variant's - media type, and select the variants with the highest - value.
      2. - -
    2. Select the variants with the highest language quality - factor.
      3. - -
    3. Select the variants with the best language match, - using either the order of languages in the - Accept-Language header (if present), or else the order of - languages in the LanguagePriority directive - (if present).
      4. - -
    4. Select the variants with the highest 'level' media - parameter (used to give the version of text/html media - types).
      5. - -
    5. Select variants with the best charset media - parameters, as given on the Accept-Charset header line. - Charset ISO-8859-1 is acceptable unless explicitly - excluded. Variants with a text/* media type - but not explicitly associated with a particular charset - are assumed to be in ISO-8859-1.
      6. - -
    6. Select those variants which have associated charset - media parameters that are not ISO-8859-1. If - there are no such variants, select all variants - instead.
      7. - -
    7. Select the variants with the best encoding. If there - are variants with an encoding that is acceptable to the - user-agent, select only these variants. Otherwise if - there is a mix of encoded and non-encoded variants, - select only the unencoded variants. If either all - variants are encoded or all variants are not encoded, - select all variants.
      8. - -
    8. Select the variants with the smallest content - length.
      9. - -
    9. Select the first variant of those remaining. This - will be either the first listed in the type-map file, or - when variants are read from the directory, the one whose - file name comes first when sorted using ASCII code - order.
      10. -
    -
    3. - -
  3. The algorithm has now selected one 'best' variant, so - return it as the response. The HTTP response header Vary is - set to indicate the dimensions of negotiation (browsers and - caches can use this information when caching the resource). - End.
    4. - -

  4. To get here means no variant was selected (because none - are acceptable to the browser). Return a 406 status (meaning - "No acceptable representation") with a response body - consisting of an HTML document listing the available - variants. Also set the HTTP Vary header to indicate the - dimensions of variance.

    - -

    You should be aware that the error message returned by Apache is - necessarily rather terse and might confuse some users (even though it - lists the available alternatives). If you want to avoid users seeing this - error page, you should organize your documents such that a document in a - default language (or with a default encoding etc.) is always returned if a - document is not available in any of the languages, encodings etc. the - browser asked for.

    - -

    In particular, if you want a document in a default language to - be returned if a document is not available in any of the languages - a browser asked for, you should create a document with no language - attribute set. See Variants with no - Language below for details.

    5. -
- -

Fiddling with Quality - Values

- -

Apache sometimes changes the quality values from what would - be expected by a strict interpretation of the Apache - negotiation algorithm above. This is to get a better result - from the algorithm for browsers which do not send full or - accurate information. Some of the most popular browsers send - Accept header information which would otherwise result in the - selection of the wrong variant in many cases. If a browser - sends full and correct information these fiddles will not be - applied.

- -

Media Types and Wildcards

- -

The Accept: request header indicates preferences for media - types. It can also include 'wildcard' media types, such as - "image/*" or "*/*" where the * matches any string. So a request - including:

-
-  Accept: image/*, */*
-
- would indicate that any type starting "image/" is acceptable, - as is any other type (so the first "image/*" is redundant). - Some browsers routinely send wildcards in addition to explicit - types they can handle. For example: -
-  Accept: text/html, text/plain, image/gif, image/jpeg, */*
-
- The intention of this is to indicate that the explicitly listed - types are preferred, but if a different representation is - available, that is ok too. However under the basic algorithm, - as given above, the */* wildcard has exactly equal preference - to all the other types, so they are not being preferred. The - browser should really have sent a request with a lower quality - (preference) value for *.*, such as: -
-  Accept: text/html, text/plain, image/gif, image/jpeg, */*; q=0.01
-
- The explicit types have no quality factor, so they default to a - preference of 1.0 (the highest). The wildcard */* is given a - low preference of 0.01, so other types will only be returned if - no variant matches an explicitly listed type. - -

If the Accept: header contains no q factors at all, - Apache sets the q value of "*/*", if present, to 0.01 to - emulate the desired behaviour. It also sets the q value of - wildcards of the format "type/*" to 0.02 (so these are - preferred over matches against "*/*". If any media type on the - Accept: header contains a q factor, these special values are - not applied, so requests from browsers which send the - correct information to start with work as expected.

- -

Variants with no Language

- -

If some of the variants for a particular resource have a - language attribute, and some do not, those variants with no - language are given a very low language quality factor of - 0.001.

- -

The reason for setting this language quality factor for variant - with no language to a very low value is to allow for a default - variant which can be supplied if none of the other variants match - the browser's language preferences. This allows you to avoid users - seeing a "406" error page if their browser is set to only accept - languages which you do not offer for the resource that was - requested.

- -

For example, consider the situation with Multiviews enabled and - three variants:

- -
    -
  • foo.en.html, language en
    • - -
  • foo.fr.html, language en
    • - -
  • foo.html, no language
    • -
- -

The meaning of a variant with no language is that it is always - acceptable to the browser. If the request is for foo - and the Accept-Language header includes either en or fr (or both) - one of foo.en.html or foo.fr.html will be returned. If the browser - does not list either en or fr as acceptable, foo.html will be - returned instead. If the client requests foo.html - instead, then no negotiation will occur since the exact match - will be returned. To avoid this problem, it is sometimes helpful - to name the "no language" variant foo.html.html to assure - that Multiviews and language negotiation will come into play.

- -

Extensions to Transparent Content Negotiation

- Apache extends the transparent content negotiation protocol - (RFC 2295) as follows. A new {encoding ..} element - is used in variant lists to label variants which are available - with a specific content-encoding only. The implementation of - the RVSA/1.0 algorithm (RFC 2296) is extended to recognize - encoded variants in the list, and to use them as candidate - variants whenever their encodings are acceptable according to - the Accept-Encoding request header. The RVSA/1.0 implementation - does not round computed quality factors to 5 decimal places - before choosing the best variant. - -

Note on hyperlinks and naming conventions

- -

If you are using language negotiation you can choose between - different naming conventions, because files can have more than - one extension, and the order of the extensions is normally - irrelevant (see mod_mime - documentation for details).

- -

A typical file has a MIME-type extension (e.g., - html), maybe an encoding extension (e.g., - gz), and of course a language extension - (e.g., en) when we have different - language variants of this file.

- -

Examples:

- -
    -
  • foo.en.html
    • - -
  • foo.html.en
    • - -
  • foo.en.html.gz
    • -
- -

Here some more examples of filenames together with valid and - invalid hyperlinks:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FilenameValid hyperlinkInvalid hyperlink
foo.html.enfoo
- foo.html		-
foo.en.htmlfoofoo.html
foo.html.en.gzfoo
- foo.html		foo.gz
- foo.html.gz
foo.en.html.gzfoofoo.html
- foo.html.gz
- foo.gz
foo.gz.html.enfoo
- foo.gz
- foo.gz.html		foo.html
foo.html.gz.enfoo
- foo.html
- foo.html.gz		foo.gz
- -

Looking at the table above you will notice that it is always - possible to use the name without any extensions in a hyperlink - (e.g., foo). The advantage is that you - can hide the actual type of a document rsp. file and can change - it later, e.g., from html to - shtml or cgi without changing any - hyperlink references.

- -

If you want to continue to use a MIME-type in your - hyperlinks (e.g. foo.html) the language - extension (including an encoding extension if there is one) - must be on the right hand side of the MIME-type extension - (e.g., foo.html.en).

- -

Note on Caching

- -

When a cache stores a representation, it associates it with - the request URL. The next time that URL is requested, the cache - can use the stored representation. But, if the resource is - negotiable at the server, this might result in only the first - requested variant being cached and subsequent cache hits might - return the wrong response. To prevent this, Apache normally - marks all responses that are returned after content negotiation - as non-cacheable by HTTP/1.0 clients. Apache also supports the - HTTP/1.1 protocol features to allow caching of negotiated - responses.

- -

For requests which come from a HTTP/1.0 compliant client - (either a browser or a cache), the directive - CacheNegotiatedDocs can be used to allow caching of - responses which were subject to negotiation. This directive can - be given in the server config or virtual host, and takes no - arguments. It has no effect on requests from HTTP/1.1 clients. -

- -

Apache HTTP Server

- Index - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/custom-error.html b/usr.sbin/httpd/htdocs/manual/custom-error.html deleted file mode 100644 index bccb11a9a20..00000000000 --- a/usr.sbin/httpd/htdocs/manual/custom-error.html +++ /dev/null @@ -1,196 +0,0 @@ - - - - - - - - Custom error responses - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Custom error responses

- -
-
Purpose
- -
- Additional functionality. Allows webmasters to configure - the response of Apache to some error or problem. - -

Customizable responses can be defined to be activated in - the event of a server detected error or problem.

- -

e.g. if a script crashes and produces a "500 Server - Error" response, then this response can be replaced with - either some friendlier text or by a redirection to another - URL (local or external).

-
- -
Old behavior
- -
NCSA httpd 1.3 would return some boring old error/problem - message which would often be meaningless to the user, and - would provide no means of logging the symptoms which caused - it.
-
- -
New behavior
- -
- The server can be asked to; - -
    -
  1. Display some other text, instead of the NCSA hard - coded messages, or
    2. - -
  2. redirect to a local URL, or
    3. - -
  3. redirect to an external URL.
    4. -
- -

Redirecting to another URL can be useful, but only if - some information can be passed which can then be used to - explain and/or log the error/problem more clearly.

- -

To achieve this, Apache will define new CGI-like - environment variables, e.g.

- -
- REDIRECT_HTTP_ACCEPT=*/*, image/gif, - image/x-xbitmap, image/jpeg
- REDIRECT_HTTP_USER_AGENT=Mozilla/1.1b2 (X11; I; HP-UX - A.09.05 9000/712)
- REDIRECT_PATH=.:/bin:/usr/local/bin:/etc
- REDIRECT_QUERY_STRING=
- REDIRECT_REMOTE_ADDR=121.345.78.123
- REDIRECT_REMOTE_HOST=ooh.ahhh.com
- REDIRECT_SERVER_NAME=crash.bang.edu
- REDIRECT_SERVER_PORT=80
- REDIRECT_SERVER_SOFTWARE=Apache/0.8.15
- REDIRECT_URL=/cgi-bin/buggy.pl
- -
- -

note the REDIRECT_ prefix.

- -

At least REDIRECT_URL and - REDIRECT_QUERY_STRING will be passed to the - new URL (assuming it's a cgi-script or a cgi-include). The - other variables will exist only if they existed prior to - the error/problem. None of these will be - set if your ErrorDocument is an external redirect - (i.e., anything starting with a scheme name like - http:, even if it refers to the same host as - the server).

-
- -
Configuration
- -
- Use of "ErrorDocument" is enabled for .htaccess files when - the "FileInfo" - override is allowed. - -

Here are some examples...

- -
- ErrorDocument 500 /cgi-bin/crash-recover
- ErrorDocument 500 "Sorry, our script crashed. Oh - dear
- ErrorDocument 500 http://xxx/
- ErrorDocument 404 /Lame_excuses/not_found.html
- ErrorDocument 401 - /Subscription/how_to_subscribe.html -
- -

The syntax is,

- -

ErrorDocument - <3-digit-code> action

- -

where the action can be,

- -
    -
  1. Text to be displayed. Prefix the text with a quote - ("). Whatever follows the quote is displayed. Note: - the (") prefix isn't displayed.
    2. - -
  2. An external URL to redirect to.
    3. - -
  3. A local URL to redirect to.
    4. -
-
-
-
- -

Custom error responses and redirects

- -
-
Purpose
- -
Apache's behavior to redirected URLs has been modified so - that additional environment variables are available to a - script/server-include.
- -
Old behavior
- -
Standard CGI vars were made available to a script which - has been redirected to. No indication of where the - redirection came from was provided.
- -
New behavior
- -
A new batch of environment variables will be initialized - for use by a script which has been redirected to. Each new - variable will have the prefix REDIRECT_. - REDIRECT_ environment variables are created from - the CGI environment variables which existed prior to the - redirect, they are renamed with a REDIRECT_ - prefix, i.e., HTTP_USER_AGENT becomes - REDIRECT_HTTP_USER_AGENT. In addition to these - new variables, Apache will define REDIRECT_URL - and REDIRECT_STATUS to help the script trace its - origin. Both the original URL and the URL being redirected to - can be logged in the access log.
-
- -

If the ErrorDocument specifies a local redirect to a CGI - script, the script should include a "Status:" - header field in its output in order to ensure the propagation - all the way back to the client of the error condition that - caused it to be invoked. For instance, a Perl ErrorDocument - script might include the following:

-
-      :
-    print  "Content-type: text/html\n";
-    printf "Status: %s Condition Intercepted\n", $ENV{"REDIRECT_STATUS"};
-      :
-
- -

If the script is dedicated to handling a particular error - condition, such as 404 Not Found, it can - use the specific code and error text instead.

-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/dns-caveats.html b/usr.sbin/httpd/htdocs/manual/dns-caveats.html deleted file mode 100644 index 0d47f605fe0..00000000000 --- a/usr.sbin/httpd/htdocs/manual/dns-caveats.html +++ /dev/null @@ -1,231 +0,0 @@ - - - - - - - - Issues Regarding DNS and Apache - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Issues Regarding DNS and Apache

- -

This page could be summarized with the statement: don't - require Apache to use DNS for any parsing of the configuration - files. If Apache has to use DNS to parse the configuration - files then your server may be subject to reliability problems - (it might not boot), or denial and theft of service attacks - (including users able to steal hits from other users).

- -

A Simple Example

- Consider this configuration snippet: - -
-
-    <VirtualHost www.abc.dom>
-    ServerAdmin webgirl@abc.dom
-    DocumentRoot /www/abc
-    </VirtualHost>
-
-
- -

In order for Apache to function properly it absolutely needs - to have two pieces of information about each virtual host: the - ServerName - and at least one IP address that the server responds to. This - example does not include the IP address, so Apache must use DNS - to find the address of www.abc.dom. If for some - reason DNS is not available at the time your server is parsing - its config file, then this virtual host will not be - configured. It won't be able to respond to any hits to - this virtual host (prior to Apache version 1.2 the server would - not even boot).

- -

Suppose that www.abc.dom has address 10.0.0.1. - Then consider this configuration snippet:

- -
-
-    <VirtualHost 10.0.0.1>
-    ServerAdmin webgirl@abc.dom
-    DocumentRoot /www/abc
-    </VirtualHost>
-
-
- -

Now Apache needs to use reverse DNS to find the - ServerName for this virtualhost. If that reverse - lookup fails then it will partially disable the virtualhost - (prior to Apache version 1.2 the server would not even boot). - If the virtual host is name-based then it will effectively be - totally disabled, but if it is IP-based then it will mostly - work. However if Apache should ever have to generate a full URL - for the server which includes the server name then it will fail - to generate a valid URL.

- -

Here is a snippet that avoids both of these problems.

- -
-
-    <VirtualHost 10.0.0.1>
-    ServerName www.abc.dom
-    ServerAdmin webgirl@abc.dom
-    DocumentRoot /www/abc
-    </VirtualHost>
-
-
- -

Denial of Service

- -

There are (at least) two forms that denial of service can - come in. If you are running a version of Apache prior to - version 1.2 then your server will not even boot if one of the - two DNS lookups mentioned above fails for any of your virtual - hosts. In some cases this DNS lookup may not even be under your - control. For example, if abc.dom is one of your - customers and they control their own DNS then they can force - your (pre-1.2) server to fail while booting simply by deleting - the www.abc.dom record.

- -

Another form is far more insidious. Consider this - configuration snippet:

- -
-
-    <VirtualHost www.abc.dom>
-    ServerAdmin webgirl@abc.dom
-    DocumentRoot /www/abc
-    </VirtualHost>
-
-
- -
-
-    <VirtualHost www.def.dom>
-    ServerAdmin webguy@def.dom
-    DocumentRoot /www/def
-    </VirtualHost>
-
-
- -

Suppose that you've assigned 10.0.0.1 to - www.abc.dom and 10.0.0.2 to - www.def.dom. Furthermore, suppose that - def.com has control of their own DNS. With this - config you have put def.com into a position where - they can steal all traffic destined to abc.com. To - do so, all they have to do is set www.def.dom to - 10.0.0.1. Since they control their own DNS you can't stop them - from pointing the www.def.com record wherever they - wish.

- -

Requests coming in to 10.0.0.1 (including all those where - users typed in URLs of the form - http://www.abc.dom/whatever) will all be served by - the def.com virtual host. To better understand why - this happens requires a more in-depth discussion of how Apache - matches up incoming requests with the virtual host that will - serve it. A rough document describing this is available.

- -

The "main server" Address

- -

The addition of name-based - virtual host support in Apache 1.1 requires Apache to know - the IP address(es) of the host that httpd is running on. To get - this address it uses either the global ServerName - (if present) or calls the C function gethostname - (which should return the same as typing "hostname" at the - command prompt). Then it performs a DNS lookup on this address. - At present there is no way to avoid this lookup.

- -

If you fear that this lookup might fail because your DNS - server is down then you can insert the hostname in - /etc/hosts (where you probably already have it so - that the machine can boot properly). Then ensure that your - machine is configured to use /etc/hosts in the - event that DNS fails. Depending on what OS you are using this - might be accomplished by editing /etc/resolv.conf, - or maybe /etc/nsswitch.conf.

- -

If your server doesn't have to perform DNS for any other - reason then you might be able to get away with running Apache - with the HOSTRESORDER environment variable set to - "local". This all depends on what OS and resolver libraries you - are using. It also affects CGIs unless you use mod_env to control the - environment. It's best to consult the man pages or FAQs for - your OS.

- -

Tips to Avoid these - problems

- -
    -
  • use IP addresses in <VirtualHost>
    • - -
  • use IP addresses in Listen
    • - -
  • use IP addresses in BindAddress
    • - -
  • ensure all virtual hosts have an explicit - ServerName
    • - -
  • create a <VirtualHost _default_:*> - server that has no pages to serve
    • -
- -

Appendix: Future Directions

- -

The situation regarding DNS is highly undesirable. For - Apache 1.2 we've attempted to make the server at least continue - booting in the event of failed DNS, but it might not be the - best we can do. In any event requiring the use of explicit IP - addresses in configuration files is highly undesirable in - today's Internet where renumbering is a necessity.

- -

A possible work around to the theft of service attack - described above would be to perform a reverse DNS lookup on the - IP address returned by the forward lookup and compare the two - names. In the event of a mismatch the virtualhost would be - disabled. This would require reverse DNS to be configured - properly (which is something that most admins are familiar with - because of the common use of "double-reverse" DNS lookups by - FTP servers and TCP wrappers).

- -

In any event it doesn't seem possible to reliably boot a - virtual-hosted web server when DNS has failed unless IP - addresses are used. Partial solutions such as disabling - portions of the configuration might be worse than not booting - at all depending on what the webserver is supposed to - accomplish.

- -

As HTTP/1.1 is deployed and browsers and proxies start - issuing the Host header it will become possible to - avoid the use of IP-based virtual hosts entirely. In this event - a webserver has no requirement to do DNS lookups during - configuration. But as of March 1997 these features have not - been deployed widely enough to be put into use on critical - webservers.

- -

Apache HTTP Server

- Index - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/dso.html b/usr.sbin/httpd/htdocs/manual/dso.html deleted file mode 100644 index 9245d498e93..00000000000 --- a/usr.sbin/httpd/htdocs/manual/dso.html +++ /dev/null @@ -1,523 +0,0 @@ - - - - - - - Apache 1.3 Dynamic Shared Object (DSO) support - - - - -
-
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -
-

Apache 1.3
- Dynamic Shared Object (DSO)
- Support

- -
- Originally written by
- Ralf S. Engelschall <rse@apache.org>, April 1998 -
-
- -

Background

- -

On modern Unix derivatives there exists a nifty mechanism - usually called dynamic linking/loading of Dynamic Shared - Objects (DSO) which provides a way to build a piece of - program code in a special format for loading it at run-time - into the address space of an executable program.

- -

This loading can usually be done in two ways: - Automatically by a system program called ld.so - when an executable program is started or manually from within - the executing program via a programmatic system interface to - the Unix loader through the system calls - dlopen()/dlsym().

- -

In the first way the DSO's are usually called shared - libraries or DSO libraries and named - libfoo.so or libfoo.so.1.2. They - reside in a system directory (usually /usr/lib) - and the link to the executable program is established at - build-time by specifying -lfoo to the linker - command. This hard-codes library references into the - executable program file so that at start-time the Unix loader - is able to locate libfoo.so in - /usr/lib, in paths hard-coded via linker-options - like -R or in paths configured via the - environment variable LD_LIBRARY_PATH. It then - resolves any (yet unresolved) symbols in the executable - program which are available in the DSO.

- -

Symbols in the executable program are usually not - referenced by the DSO (because it's a reusable library of - general code) and hence no further resolving has to be done. - The executable program has no need to do anything on its own - to use the symbols from the DSO because the complete - resolving is done by the Unix loader. (In fact, the code to - invoke ld.so is part of the run-time startup - code which is linked into every executable program which has - been bound non-static). The advantage of dynamic loading of - common library code is obvious: the library code needs to be - stored only once, in a system library like - libc.so, saving disk space for every - program.

- -

In the second way the DSO's are usually called shared - objects or DSO files and can be named with an - arbitrary extension (although the canonical name is - foo.so). These files usually stay inside a - program-specific directory and there is no automatically - established link to the executable program where they are - used. Instead the executable program manually loads the DSO - at run-time into its address space via dlopen(). - At this time no resolving of symbols from the DSO for the - executable program is done. But instead the Unix loader - automatically resolves any (yet unresolved) symbols in the - DSO from the set of symbols exported by the executable - program and its already loaded DSO libraries (especially all - symbols from the ubiquitous libc.so). This way - the DSO gets knowledge of the executable program's symbol set - as if it had been statically linked with it in the first - place.

- -

Finally, to take advantage of the DSO's API the executable - program has to resolve particular symbols from the DSO via - dlsym() for later use inside dispatch tables - etc. In other words: The executable program has to - manually resolve every symbol it needs to be able to use it. - The advantage of such a mechanism is that optional program - parts need not be loaded (and thus do not spend memory) until - they are needed by the program in question. When required, - these program parts can be loaded dynamically to extend the - base program's functionality.

- -

Although this DSO mechanism sounds straightforward there - is at least one difficult step here: The resolving of symbols - from the executable program for the DSO when using a DSO to - extend a program (the second way). Why? Because "reverse - resolving" DSO symbols from the executable program's symbol - set is against the library design (where the library has no - knowledge about the programs it is used by) and is neither - available under all platforms nor standardized. In practice - the executable program's global symbols are often not - re-exported and thus not available for use in a DSO. Finding - a way to force the linker to export all global symbols is the - main problem one has to solve when using DSO for extending a - program at run-time.

- -

Windows and NetWare provide similar facilities, although - they are implemented somewhat differently than the - description of Unix DSO throughout this document. In - particular, DSO modules (DLL's and NLM's, respectively) are - built quite differently than their Unix cousins. This - document does not attempt to explore the topic of building - DSO modules on these platforms. The description of mod_so and - its configuration, however, are similar.

- -

Practical Usage

- -

The shared library approach is the typical one, because it - is what the DSO mechanism was designed for, hence it is used - for nearly all types of libraries the operating system - provides. On the other hand using shared objects for - extending a program is not used by a lot of programs.

- -

As of 1998 there are only a few software packages - available which use the DSO mechanism to actually extend - their functionality at run-time: Perl 5 (via its XS mechanism - and the DynaLoader module), Netscape Server, etc. - Starting with version 1.3, Apache joined the crew, because - Apache already uses a module concept to extend its - functionality and internally uses a dispatch-list-based - approach to link external modules into the Apache core - functionality. So, Apache is really predestined for using DSO - to load its modules at run-time.

- -

As of Apache 1.3, the configuration system supports two - optional features for taking advantage of the modular DSO - approach: compilation of the Apache core program into a DSO - library for shared usage and compilation of the Apache - modules into DSO files for explicit loading at run-time.

- -

Implementation

- -

The DSO support for loading individual Apache modules is - based on a module named mod_so.c which has to - be statically compiled into the Apache core. It is the only - module besides http_core.c which cannot be put - into a DSO itself (bootstrapping!). Practically all other - distributed Apache modules can then be placed into a DSO - by individually enabling the DSO build for them via - configure's --enable-shared option - (see top-level INSTALL file) or by changing the - AddModule command in your - src/Configuration into a - SharedModule command (see - src/INSTALL file). After a module is compiled - into a DSO named mod_foo.so you can use mod_so's LoadModule - command in your httpd.conf file to load this - module at server startup or restart.

- -

To simplify this creation of DSO files for Apache modules - (especially for third-party modules) a new support program - named apxs (APache - eXtenSion) is available. It can be used to build DSO - based modules outside of the Apache source tree. The - idea is simple: When installing Apache the - configure's make install procedure - installs the Apache C header files and puts the - platform-dependent compiler and linker flags for building DSO - files into the apxs program. This way the user - can use apxs to compile his Apache module - sources without the Apache distribution source tree and - without having to fiddle with the platform-dependent compiler - and linker flags for DSO support.

- -

To place the complete Apache core program into a DSO - library (only required on some of the supported platforms to - force the linker to export the apache core symbols -- a - prerequisite for the DSO modularization) the rule - SHARED_CORE has to be enabled via - configure's - --enable-rule=SHARED_CORE option (see top-level - INSTALL file) or by changing the - Rule command in your Configuration - file to Rule SHARED_CORE=yes (see - src/INSTALL file). The Apache core code is then - placed into a DSO library named libhttpd.so. - Because one cannot link a DSO against static libraries on all - platforms, an additional executable program named - libhttpd.ep is created which both binds this - static code and provides a stub for the main() - function. Finally the httpd executable program - itself is replaced by a bootstrapping code which - automatically makes sure the Unix loader is able to load and - start libhttpd.ep by providing the - LD_LIBRARY_PATH to libhttpd.so.

- -

Supported Platforms

- -

Apache's src/Configure script currently has - only limited but adequate built-in knowledge on how to - compile DSO files, because as already mentioned this is - heavily platform-dependent. Nevertheless all major Unix - platforms are supported. The definitive current state (May - 1999) is this:

- -
    -
  • - Out-of-the-box supported platforms:
    - (actually tested versions in parenthesis) -
    -o  FreeBSD            (2.1.5, 2.2.x, 3.x, 4.x)
-o  OpenBSD            (2.x)
-o  NetBSD             (1.3.1)
-o  BSDI               (3.x, 4.x)
-o  Linux              (Debian/1.3.1, RedHat/4.2)
-o  Solaris            (2.4, 2.5, 2.6, 2.7)
-o  SunOS              (4.1.3)
-o  Digital UNIX       (4.0)
-o  IRIX               (5.3, 6.2)
-o  HP/UX              (10.20)
-o  UnixWare           (2.01, 2.1.2)
-o  SCO                (5.0.4)
-o  AIX                (3.2, 4.1.5, 4.2, 4.3)
-o  ReliantUNIX/SINIX  (5.43)
-o  SVR4               (-)
-o  Mac OS X Server    (1.0)
-o  Mac OS             (10.0 preview 1)
-o  OpenStep/Mach      (4.2)
-o  DGUX               (??)
-o  NetWare            (5.1)
-o  Windows            (95, 98, NT 4.0, 2000)
-
    -
    • - -
  • - Explicitly unsupported platforms: -
    -o  Ultrix             (no dlopen-style interface under this platform)
-
    -
    • -
- -

Usage Summary

- -

To give you an overview of the DSO features of Apache 1.3, - here is a short and concise summary:

- -
    -
  1. - Placing the Apache core code (all the stuff which usually - forms the httpd binary) into a DSO - libhttpd.so, an executable program - libhttpd.ep and a bootstrapping executable - program httpd (Notice: this is only required - on some of the supported platforms to force the linker to - export the Apache core symbols, which in turn is a - prerequisite for the DSO modularization): - -
      -
    • - Build and install via configure - (preferred): - - - - - -
      -
      -$ ./configure --prefix=/path/to/install
-              --enable-rule=SHARED_CORE ...
-$ make install
-
      -
      -
      • - -
    • - Build and install manually: - - - - - -
      -
      -- Edit src/Configuration:
-  << Rule SHARED_CORE=default
-  >> Rule SHARED_CORE=yes
-  << EXTRA_CFLAGS= 
-  >> EXTRA_CFLAGS= -DSHARED_CORE_DIR=\"/path/to/install/libexec\"
-$ make 
-$ cp src/libhttpd.so* /path/to/install/libexec/
-$ cp src/libhttpd.ep  /path/to/install/libexec/
-$ cp src/httpd        /path/to/install/bin/
-
      -
      -
      • -
    -
    2. - -
  2. - Build and install a distributed Apache module, - say mod_foo.c, into its own DSO - mod_foo.so: - -
      -
    • - Build and install via configure - (preferred): - - - - - -
      -
      -$ ./configure --prefix=/path/to/install
-        --enable-shared=foo
-$ make install
-
      -
      -
      • - -
    • - Build and install manually: - - - - - -
      -
      -- Edit src/Configuration:
-  << AddModule    modules/xxxx/mod_foo.o
-  >> SharedModule modules/xxxx/mod_foo.so
-$ make
-$ cp src/xxxx/mod_foo.so /path/to/install/libexec
-- Edit /path/to/install/etc/httpd.conf
-  >> LoadModule foo_module /path/to/install/libexec/mod_foo.so
-
      -
      -
      • -
    -
    3. - -
  3. - Build and install a third-party Apache module, - say mod_foo.c, into its own DSO - mod_foo.so - -
      -
    • - Build and install via configure - (preferred): - - - - - -
      -
      -$ ./configure --add-module=/path/to/3rdparty/mod_foo.c 
-        --enable-shared=foo
-$ make install
-
      -
      -
      • - -
    • - Build and install manually: - - - - - -
      -
      -$ cp /path/to/3rdparty/mod_foo.c /path/to/apache-1.3/src/modules/extra/
-- Edit src/Configuration:
-  >> SharedModule modules/extra/mod_foo.so
-$ make
-$ cp src/xxxx/mod_foo.so /path/to/install/libexec
-- Edit /path/to/install/etc/httpd.conf
-  >> LoadModule foo_module /path/to/install/libexec/mod_foo.so
-
      -
      -
      • -
    -
    4. - -
  4. - Build and install a third-party Apache module, - say mod_foo.c, into its own DSO - mod_foo.so outside of the Apache - source tree: - -
      -
    • - Build and install via apxs: - - - - - -
      -
      -$ cd /path/to/3rdparty
-$ apxs -c mod_foo.c
-$ apxs -i -a -n foo mod_foo.so
-
      -
      -
      • -
    -
    5. -
- -

Advantages & Disadvantages

- -

The above DSO based features of Apache 1.3 have the - following advantages:

- -
    -
  • The server package is more flexible at run-time because - the actual server process can be assembled at run-time via - LoadModule - httpd.conf configuration commands instead of - Configuration AddModule commands - at build-time. For instance this way one is able to run - different server instances (standard & SSL version, - minimalistic & powered up version [mod_perl, PHP3], - etc.) with only one Apache installation.
    • - -
  • The server package can be easily extended with - third-party modules even after installation. This is at - least a great benefit for vendor package maintainers who - can create a Apache core package and additional packages - containing extensions like PHP3, mod_perl, mod_fastcgi, - etc.
    • - -
  • Easier Apache module prototyping because with the - DSO/apxs pair you can both work outside the - Apache source tree and only need an apxs -i - command followed by an apachectl restart to - bring a new version of your currently developed module into - the running Apache server.
    • -
- -

DSO has the following disadvantages:

- -
    -
  • The DSO mechanism cannot be used on every platform - because not all operating systems support dynamic loading - of code into the address space of a program.
    • - -
  • The server is approximately 20% slower at startup time - because of the symbol resolving overhead the Unix loader - now has to do.
    • - -
  • The server is approximately 5% slower at execution time - under some platforms because position independent code - (PIC) sometimes needs complicated assembler tricks for - relative addressing which are not necessarily as fast as - absolute addressing.
    • - -
  • Because DSO modules cannot be linked against other - DSO-based libraries (ld -lfoo) on all - platforms (for instance a.out-based platforms usually don't - provide this functionality while ELF-based platforms do) - you cannot use the DSO mechanism for all types of modules. - Or in other words, modules compiled as DSO files are - restricted to only use symbols from the Apache core, from - the C library (libc) and all other dynamic or - static libraries used by the Apache core, or from static - library archives (libfoo.a) containing - position independent code. The only chances to use other - code is to either make sure the Apache core itself already - contains a reference to it, loading the code yourself via - dlopen() or enabling the - SHARED_CHAIN rule while building Apache when - your platform supports linking DSO files against DSO - libraries.
    • - -
  • Under some platforms (many SVR4 systems) there is no - way to force the linker to export all global symbols for - use in DSO's when linking the Apache httpd executable - program. But without the visibility of the Apache core - symbols no standard Apache module could be used as a DSO. - The only chance here is to use the SHARED_CORE - feature because this way the global symbols are forced to - be exported. As a consequence the Apache - src/Configure script automatically enforces - SHARED_CORE on these platforms when DSO - features are used in the Configuration file or - on the configure command line.
    • -
-
- -

Apache HTTP Server

- Index - -
- - - diff --git a/usr.sbin/httpd/htdocs/manual/env.html b/usr.sbin/httpd/htdocs/manual/env.html deleted file mode 100644 index 2b674e345e3..00000000000 --- a/usr.sbin/httpd/htdocs/manual/env.html +++ /dev/null @@ -1,361 +0,0 @@ - - - - - - - - Environment Variables in Apache - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Environment Variables in Apache

- -

The Apache HTTP Server provides a mechanism for storing - information in named variables that are called environment - variables. This information can be used to control various - operations such as logging or access control. The variables are - also used as a mechanism to communicate with external programs - such as CGI scripts. This document discusses different ways to - manipulate and use these variables.

- -

Although these variables are referred to as environment - variables, they are not the same as the environment - variables controlled by the underlying operating system. - Instead, these variables are stored and manipulated in an - internal Apache structure. They only become actual operating - system environment variables when they are provided to CGI - scripts and Server Side Include scripts. If you wish to - manipulate the operating system environment under which the - server itself runs, you must use the standard environment - manipulation mechanisms provided by your operating system - shell.

- - -
- -

Setting Environment - Variables

- - - - - - - -
Related Modules
-
- mod_env
- mod_rewrite
- mod_setenvif
- mod_unique_id
- 		Related Directives
-
- BrowserMatch
- BrowserMatchNoCase
- PassEnv
- RewriteRule
- SetEnv
- SetEnvIf
- SetEnvIfNoCase
- UnsetEnv
-
- -

Basic Environment Manipulation

- -

The most basic way to set an environment variable in Apache - is using the unconditional SetEnv directive. - Variables may also be passed from the environment of the shell - which started the server using the PassEnv - directive.

- -

Conditional Per-Request Settings

- -

For additional flexibility, the directives provided by - mod_setenvif allow environment variables to be set on a - per-request basis, conditional on characteristics of particular - requests. For example, a variable could be set only when a - specific browser (User-Agent) is making a request, or only when - a specific Referer [sic] header is found. Even more flexibility - is available through the mod_rewrite's RewriteRule - which uses the [E=...] option to set environment - variables.

- -

Unique Identifiers

- -

Finally, mod_unique_id sets the environment variable - UNIQUE_ID for each request to a value which is - guaranteed to be unique across "all" requests under very - specific conditions.

- -

Standard CGI Variables

- -

In addition to all environment variables set within the - Apache configuration and passed from the shell, CGI scripts and - SSI pages are provided with a set of environment variables - containing meta-information about the request as required by - the CGI specification.

- -

Some Caveats

- -
    -
  • It is not possible to override or change the standard CGI - variables using the environment manipulation directives.
    • - -
  • When suexec is used to launch - CGI scripts, the environment will be cleaned down to a set of - safe variables before CGI scripts are launched. The - list of safe variables is defined at compile-time in - suexec.c.
    • - -
  • For portability reasons, the names of environment - variables may contain only letters, numbers, and the - underscore character. In addition, the first character may - not be a number. Characters which do not match this - restriction will be replaced by an underscore when passed to - CGI scripts and SSI pages.
    • -
-
- -

Using Environment - Variables

- - - - - - - -
Related Modules
-
- mod_access
- mod_cgi
- mod_include
- mod_log_config
- mod_rewrite
- 		Related Directives
-
- Allow
- CustomLog
- Deny
- LogFormat
- RewriteCond
- RewriteRule
-
- -

CGI Scripts

- -

One of the primary uses of environment variables is to - communicate information to CGI scripts. As discussed above, the - environment passed to CGI scripts includes standard - meta-information about the request in addition to any variables - set within the Apache configuration. For more details, see the - CGI tutorial.

- -

SSI Pages

- -

Server-parsed (SSI) documents processed by mod_include's - server-parsed handler can print environment - variables using the echo element, and can use - environment variables in flow control elements to makes parts - of a page conditional on characteristics of a request. Apache - also provides SSI pages with the standard CGI environment - variables as discussed above. For more details, see the SSI tutorial.

- -

Access Control

- -

Access to the server can be controlled based on the value of - environment variables using the allow from env= - and deny from env= directives. In combination with - SetEnvIf, this allows for flexible control of - access to the server based on characteristics of the client. - For example, you can use these directives to deny access to a - particular browser (User-Agent).

- -

Conditional Logging

- -

Environment variables can be logged in the access log using - the LogFormat option %e. In addition, - the decision on whether or not to log requests can be made - based on the status of environment variables using the - conditional form of the CustomLog directive. In - combination with SetEnvIf this allows for flexible - control of which requests are logged. For example, you can - choose not to log requests for filenames ending in - gif, or you can choose to only log requests from - clients which are outside your subnet.

- -

URL Rewriting

- -

The %{ENV:...} form of TestString in - the RewriteCond allows mod_rewrite's rewrite - engine to make decisions conditional on environment variables. - Note that the variables accessible in mod_rewrite without the - ENV: prefix are not actually environment - variables. Rather, they are variables special to mod_rewrite - which cannot be accessed from other modules.

-
- -

Special Purpose Environment - Variables

- -

Interoperability problems have led to the introduction of - mechanisms to modify the way Apache behaves when talking to - particular clients. To make these mechanisms as flexible as - possible, they are invoked by defining environment variables, - typically with BrowserMatch, - though SetEnv and PassEnv could also be used, - for example.

- -

downgrade-1.0

- -

This forces the request to be treated as a HTTP/1.0 request - even if it was in a later dialect.

- -

force-no-vary

- -

This causes any Vary fields to be removed from - the response header before it is sent back to the client. Some - clients don't interpret this field correctly (see the known client - problems page); setting this variable can work around this - problem. Setting this variable also implies - force-response-1.0.

- -

force-response-1.0

- -

This forces an HTTP/1.0 response when set. It was originally - implemented as a result of a problem with AOL's proxies. Some - clients may not behave correctly when given an HTTP/1.1 - response, and this can be used to interoperate with them.

- -

nokeepalive

- -

This disables KeepAlive when set.

- -

suppress-error-charset

-

Available in versions after 1.3.26 and 2.0.40

-

When Apache issues a redirect in response to a client request, - the response includes some actual text to be displayed in case - the client can't (or doesn't) automatically follow the redirection. - Apache ordinarily labels this text according to the character set - which it uses, which is ISO-8859-1.

-

However, if the redirection is to a page that uses a different - character set, some broken browser versions will try to use the - character set from the redirection text rather than the actual page. - This can result in Greek, for instance, being incorrectly rendered.

-

Setting this environment variable causes Apache to omit the character - set for the redirection text, and these broken browsers will then correctly - use that of the destination page.

-
- -

Examples

- -

Changing protocol behavior with misbehaving clients

- -

We recommend that the following lines be included in - httpd.conf to deal with known client problems.

-
-#
-# The following directives modify normal HTTP response behavior.
-# The first directive disables keepalive for Netscape 2.x and browsers that
-# spoof it. There are known problems with these browser implementations.
-# The second directive is for Microsoft Internet Explorer 4.0b2
-# which has a broken HTTP/1.1 implementation and does not properly
-# support keepalive when it is used on 301 or 302 (redirect) responses.
-#
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-
-#
-# The following directive disables HTTP/1.1 responses to browsers which
-# are in violation of the HTTP/1.0 spec by not being able to grok a
-# basic 1.1 response.
-#
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
-
- -

Do not log requests for images in the access log

- -

This example keeps requests for images from appearing in the - access log. It can be easily modified to prevent logging of - particular directories, or to prevent logging of requests - coming from particular hosts.

-
-    SetEnvIf Request_URI \.gif image-request
-    SetEnvIf Request_URI \.jpg image-request
-    SetEnvIf Request_URI \.png image-request
-    CustomLog logs/access_log env=!image-request
-
- -

Prevent "Image Theft"

- -

This example shows how to keep people not on your server - from using images on your server as inline-images on their - pages. This is not a recommended configuration, but it can work - in limited circumstances. We assume that all your images are in - a directory called /web/images.

-
-    SetEnvIf Referer "^http://www.example.com/" local_referal
-    # Allow browsers that do not send Referer info
-    SetEnvIf Referer "^$" local_referal
-    <Directory /web/images>
-       Order Deny,Allow
-       Deny from all
-       Allow from env=local_referal
-    </Directory>
-
- -

Note: spelling of 'referer' and 'referal' is - intentional.

- -

For more information about this technique, see the - ApacheToday tutorial " - Keeping Your Images from Adorning Other Sites".

-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/handler.html b/usr.sbin/httpd/htdocs/manual/handler.html deleted file mode 100644 index 57a87305145..00000000000 --- a/usr.sbin/httpd/htdocs/manual/handler.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - Apache's Handler Use - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Apache's Handler Use

- - -
- -

What is a - Handler

- - - - - - - -
Related Modules
-
- mod_actions
- mod_asis
- mod_cgi
- mod_imap
- mod_info
- mod_include
- mod_mime
- mod_negotiation
- mod_status
- 		Related Directives
-
- Action
- AddHandler
- RemoveHandler
- SetHandler
-
- -

A "handler" is an internal Apache representation of the - action to be performed when a file is called. Generally, files - have implicit handlers, based on the file type. Normally, all - files are simply served by the server, but certain file types - are "handled" separately.

- -

Apache 1.1 adds the ability to use handlers explicitly. - Based on either filename extensions or on location, handlers - can be specified without relation to file type. This is - advantageous both because it is a more elegant solution, and - because it also allows for both a type and a - handler to be associated with a file. (See also Files with Multiple - Extensions.)

- -

Handlers can either be built into the server or included in - a module, or they can be added with the Action directive. The - built-in handlers in the standard distribution are as - follows:

- -
    -
  • default-handler: Send the file using the - default_handler(), which is the handler used by - default to handle static content. (core)
    • - -
  • send-as-is: Send file with HTTP headers - as is. (mod_asis)
    • - -
  • cgi-script: Treat the file as a CGI - script. (mod_cgi)
    • - -
  • imap-file: Parse as an imagemap rule - file. (mod_imap)
    • - -
  • server-info: Get the server's - configuration information. (mod_info)
    • - -
  • server-parsed: Parse for server-side - includes. (mod_include)
    • - -
  • server-status: Get the server's status - report. (mod_status)
    • - -
  • type-map: Parse as a type map file for - content negotiation. (mod_negotiation)
    • -
-
- -

Examples

- -

Modifying static content using a CGI script

- -

The following directives will cause requests for files with - the html extension to trigger the launch of the - footer.pl CGI script.

-
-     Action add-footer /cgi-bin/footer.pl
-     AddHandler add-footer .html
-
- -

Then the CGI script is responsible for sending the - originally requested document (pointed to by the - PATH_TRANSLATED environment variable) and making - whatever modifications or additions are desired.

- -

Files with HTTP headers

- -

The following directives will enable the - send-as-is handler, which is used for files which - contain their own HTTP headers. All files in the - /web/htdocs/asis/ directory will be processed by - the send-as-is handler, regardless of their - filename extensions.

-
-    <Directory /web/htdocs/asis>
-    SetHandler send-as-is
-    </Directory>
-
-
- -

Programmer's - Note

- -

In order to implement the handler features, an addition has - been made to the Apache API that - you may wish to make use of. Specifically, a new record has - been added to the request_rec structure:

-
-    char *handler
-
- -

If you wish to have your module engage a handler, you need - only to set r->handler to the name of the - handler at any time prior to the invoke_handler - stage of the request. Handlers are implemented as they were - before, albeit using the handler name instead of a content - type. While it is not necessary, the naming convention for - handlers is to use a dash-separated word, with no slashes, so - as to not invade the media type name-space.

-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/howto/auth.html b/usr.sbin/httpd/htdocs/manual/howto/auth.html deleted file mode 100644 index 940d5ff7600..00000000000 --- a/usr.sbin/httpd/htdocs/manual/howto/auth.html +++ /dev/null @@ -1,1197 +0,0 @@ - - - - - Authentication, Authorization, and Access Control - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - - -

Authentication, Authorization, and Access -Control

- - - - - -
- -


- Authentication, Authorization, and Access Control

- -

Introduction

- -

Apache has three distinct ways of dealing with the question - of whether a particular request for a resource will result in - that resource actually be returned. These criteria are called - Authorization, Authentication, and Access - control.

- -

Authentication is any process by which you verify that - someone is who they claim they are. This usually involves a - username and a password, but can include any other method of - demonstrating identity, such as a smart card, retina scan, - voice recognition, or fingerprints. Authentication is - equivalent to showing your drivers license at the ticket - counter at the airport.

- -

Authorization is finding out if the person, once identified, - is permitted to have the resource. This is usually determined - by finding out if that person is a part of a particular group, - if that person has paid admission, or has a particular level of - security clearance. Authorization is equivalent to checking the - guest list at an exclusive party, or checking for your ticket - when you go to the opera.

- -

Finally, access control is a much more general way of - talking about controlling access to a web resource. Access can - be granted or denied based on a wide variety of criteria, such - as the network address of the client, the time of day, the - phase of the moon, or the browser which the visitor is using. - Access control is analogous to locking the gate at closing - time, or only letting people onto the ride who are more than 48 - inches tall - it's controlling entrance by some arbitrary - condition which may or may not have anything to do with the - attributes of the particular visitor.

- -

Because these three techniques are so closely related in - most real applications, it is difficult to talk about them - separate from one another. In particular, authentication and - authorization are, in most actual implementations, - inextricable.

- -

If you have information on your web site that is sensitive, - or intended for only a small group of people, the techniques in - this tutorial will help you make sure that the people that see - those pages are the people that you wanted to see them.

- -

Basic authentication

- -

As the name implies, basic authentication is the simplest - method of authentication, and for a long time was the most - common authentication method used. However, other methods of - authentication have recently passed basic in common usage, due - to usability issues that will be discussed in a minute.

- -


- How basic authentication works

- -

When a particular resource has been protected using basic - authentication, Apache sends a 401 Authentication - Required header with the response to the request, in order - to notify the client that user credentials must be supplied in - order for the resource to be returned as requested.

- -

Upon receiving a 401 response header, the client's - browser, if it supports basic authentication, will ask the user - to supply a username and password to be sent to the server. If - you are using a graphical browser, such as Netscape or Internet - Explorer, what you will see is a box which pops up and gives - you a place to type in your username and password, to be sent - back to the server. If the username is in the approved list, - and if the password supplied is correct, the resource will be - returned to the client.

- -

Because the HTTP protocol is stateless, each request will be - treated in the same way, even though they are from the same - client. That is, every resource which is requested from the - server will have to supply authentication credentials over - again in order to receive the resource.

- -

Fortunately, the browser takes care of the details here, so - that you only have to type in your username and password one - time per browser session - that is, you might have to type it - in again the next time you open up your browser and visit the - same web site.

- -

Along with the 401 response, certain other - information will be passed back to the client. In particular, - it sends a name which is associated with the protected area of - the web site. This is called the realm, or just the - authentication name. The client - browser caches the username and password that you supplied, and - stores it along with the authentication realm, so that if other - resources are requested from the same realm, the same username - and password can be returned to authenticate that request - without requiring the user to type them in again. This caching - is usually just for the current browser session, but some - browsers allow you to store them permanently, so that you never - have to type in your password again.

- -

The authentication name, or realm, will appear in the pop-up - box, in order to identify what the username and password are - being requested for.

- -

- Configuration: Protecting content with basic - authentication

- -

There are two configuration steps which you must complete in - order to protect a resource using basic authentication. Or - three, depending on what you are trying to do.

- -
    -
  1. Create a password file
    2. - -
  2. Set the configuration to use this password file
    3. - -
  3. Optionally, create a group file
    4. -
- -


- Create a password file

- -

In order to determine whether a particular username/password - combination is valid, the username and password supplied by the - user will need to be compared to some authoritative listing of - usernames and password. This is the password file, which you - will need to create on the server side, and populate with valid - users and their passwords.

- -

Because this file contains sensitive information, it should - be stored outside of the document directory. Although, as you - will see in a moment, the passwords are encrypted in the file, - if a cracker were to gain access to the file, it would be an - aid in their attempt to figure out the passwords. And, because - people tend to be sloppy with the passwords that they choose, - and use the same password for web site authentication as for - their bank account, this potentially be a very serious breach - of security, even if the content on your web site is not - particularly sensitive.

- -

Caution: Encourage your users to use a different - password for your web site than for other more essential - things. For example, many people tend to use two passwords - - one for all of their extremely important things, such as the - login to their desktop computer, and for their bank account, - and another for less sensitive things, the compromise of which - would be less serious.

- -

To create the password file, use the htpasswd - utility that came with Apache. This will be located in the - bin directory of wherever you installed Apache. For - example, it will probably be located at - /usr/local/apache/bin/htpasswd if you installed Apache - from source.

- -

To create the file, type:

-
-htpasswd -c /usr/local/apache/passwd/passwords username
-
- -

htpasswd will ask you for the password, and then - ask you to type it again to confirm it:

-
-# htpasswd -c /usr/local/apache/passwd/passwords rbowen
-New password: mypassword
-Re-type new password: mypassword
-Adding password for user rbowen
-
- -

Note that in the example shown, a password file is being - created containing a user called rbowen, and this - password file is being placed in the location - /usr/local/apache/passwd/passwords. You will - substitute the location, and the username, which you want to - use to start your password file.

- -

If htpasswd is not in your path, you will have to - type the full path to the file to get it to run. That is, in - the example above, you would replace htpasswd with - /usr/local/apache/bin/htpasswd

- -

The -c flag is used only when you are creating a - new file. After the first time, you will omit the -c - flag, when you are adding new users to an already-existing - password file.

-
-htpasswd /usr/local/apache/passwd/passwords sungo
-
- -

The example just shown will add a user named sungo - to a password file which has already been created earlier. As - before, you will be asked for the password at the command line, - and then will be asked to confirm the password by typing it - again.

- -

Caution: Be very careful when you add new users to an - existing password file that you don't use the -c flag - by mistake. Using the -c flag will create a new - password file, even if you already have an existing file of - that name. That is, it will remove the contents of the file - that is there, and replace it with a new file containing only - the one username which you were adding.

- -

The password is stored in the password file in encrypted - form, so that users on the system will not be able to read the - file and immediately determine the passwords of all the users. - Nevertheless, you should store the file in as secure a location - as possible, with whatever minimum permissions on the file so - that the web server itself can read the file. For example, if - your server is configured to run as user nobody and - group nogroup, then you should set permissions on the - file so that only the webserver can read the file and only - root can write to it:

-
-chown root.nogroup /usr/local/apache/passwd/passwords
-chmod 640 /usr/local/apache/passwd/passwords
-
- -

On Windows, a similar precaution should be taken, changing - the ownership of the password file to the web server user, so - that other users cannot read the file.

- -


- Set the configuration to use this password file

- -

Once you have created the password file, you need to tell - Apache about it, and tell Apache to use this file in order to - require user credentials for admission. This configuration is - done with the following directives:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AuthTypeAuthentication - type being used. In this case, it will be set to - Basic
AuthNameThe - authentication realm or name
AuthUserFileThe location of - the password file
AuthGroupFileThe location of - the group file, if any
RequireThe - requirement(s) which must be satisfied in order to grant - admission
- -

These directives may be placed in a .htaccess file - in the particular directory being protected, or may go in the - main server configuration file, in a <Directory> - section, or other scope container.

- -

The example shown below defines an authentication realm - called ``By Invitation Only''. The password file located at - /usr/local/apache/passwd/passwords will be used to - verify the user's identity. Only users named rbowen or - sungo will be granted access, and even then only if - they provide a password which matches the password stored in - the password file.

-
-AuthType Basic
-AuthName "By Invitation Only"
-AuthUserFile /usr/local/apache/passwd/passwords
-Require user rbowen sungo
-
- -

The phrase ``By Invitation Only'' will be displayed in the - password pop-up box, where the user will have to type their - credentials.

- -

You will need to restart your Apache server in order for the - new configuration to take effect, if these directives were put - in the main server configuration file. Directives placed in - .htaccess files take effect immediately, since - .htaccess files are parsed each time files are - served.

- -

The next time that you load a file from that directory, you - will see the familiar username/password dialog box pop up, - requiring that you type the username and password before you - are permitted to proceed.

- -

Note that in addition to specifically listing the users to - whom you want to grant access, you can specify that any valid - user should be let in. This is done with the - valid-user keyword:

-
-Require valid-user
-
- -


- Optionally, create a group file

- -

Most of the time, you will want more than one, or two, or - even a dozen, people to have access to a resource. You want to - be able to define a group of people that have access to that - resource, and be able to manage that group of people, adding - and removing members, without having to edit the server - configuration file, and restart Apache, each time.

- -

This is handled using authentication groups. An - authentication group is, as you would expect, a group name - associated with a list of members. This list is stored in a - group file, which should be stored in the same location as the - password file, so that you are able to keep track of these - things.

- -

The format of the group file is exceedingly simple. A group - name appears first on a line, followed by a colon, and then a - list of the members of the group, separated by spaces. For - example:

-
-authors: rich daniel allan
-
- -

Once this file has been created, you can Require - that someone be in a particular group in order to get the - requested resource. This is done with the - AuthGroupFile directive, as shown in the following - example.

-
-AuthType Basic
-AuthName "Apache Admin Guide Authors"
-AuthUserFile /usr/local/apache/passwd/passwords
-AuthGroupFile /usr/local/apache/passwd/groups
-Require group authors
-
- -

The authentication process is now one step more involved. - When a request is received, and the requested username and - password are supplied, the group file is first checked to see - if the supplied username is even in the required group. If it - is, then the password file will be checked to see if the - username is in there, and if the supplied password matches the - password stored in that file. If any of these steps fail, - access will be forbidden.

- -


- Frequently asked questions about basic auth

- -

The following questions tend to get asked very frequently - with regard to basic authentication. It should be understood - that basic authentication is very basic, and so is limited to - the set of features that has been presented above. Most of the - more interesting things that people tend to want, need to be - implemented using some alternate authentication scheme.

- -


- How do I log out?

- -

Since browsers first started implementing basic - authentication, website administrators have wanted to know how - to let the user log out. Since the browser caches the username - and password with the authentication realm, as described - earlier in this tutorial, this is not a function of the server - configuration, but is a question of getting the browser to - forget the credential information, so that the next time the - resource is requested, the username and password must be - supplied again. There are numerous situations in which this is - desirable, such as when using a browser in a public location, - and not wishing to leave the browser logged in, so that the - next person can get into your bank account.

- -

However, although this is perhaps the most frequently asked - question about basic authentication, thus far none of the major - browser manufacturers have seen this as being a desirable - feature to put into their products.

- -

Consequently, the answer to this question is, you can't. - Sorry.

- -


- How can I change what the password box looks like?

- -

The dialog that pops up for the user to enter their username - and password is ugly. It contains text that you did not - indicate that you wanted in there. It looks different in - Internet Explorer and Netscape, and contains different text. - And it asks for fields that the user might not understand - - for example, Netscape asks the user to type in their ``User - ID'', and they might not know what that means. Or, you might - want to provide additional explanatory text so that the user - has a better idea what is going on.

- -

Unfortunately, these things are features of the browser, and - cannot be controlled from the server side. If you want the - login to look different, then you will need to implement your - own authentication scheme. There is no way to change what this - login box looks like if you are using basic authentication.

- -


- How to I make it not ask me for my password the next - time?

- -

Because most browsers store your password information only - for the current browser session, when you close your browser it - forgets your username and password. So, when you visit the same - web site again, you will need to re-enter your username and - password.

- -

There is nothing that can be done about this on the server - side.

- -

However, the most recent versions of the major browsers - contain the ability to remember your password forever, so that - you never have to log in again. While it is debatable whether - this is a good idea, since it effectively overrides the entire - point of having security in the first place, it is certainly - convenient for the user, and simplifies the user - experience.

- -


- Why does it sometimes ask me for my password twice?

- -

When entering a password-protected web site for the first - time, you will occasionally notice that you are asked for your - password twice. This may happen immediately after you entered - the password the first time, or it may happen when you click on - the first link after authenticating the first time.

- -

This happens for a very simple, but nonetheless confusing, - reason, again having to do with the way that the browser caches - the login information.

- -

Login information is stored on the browser based on the - authentication realm, specified by the AuthName - directive, and by the server name. In this way, the browser can - distinguish between the Private authentication realm - on one site and on another. So, if you go to a site using one - name for the server, and internal links on the server refer to - that server by a different name, the browser has no way to know - that they are in fact the same server.

- -

For example, if you were to visit the URL - http://example.com/private/, which required - authentication, your browser would remember the supplied - username and password, associated with the hostname - example.com. If, by virtue of an internal redirect, or - fully-qualified HTML links in pages, you are then sent to the - URL http://www.example.com/private/, even though this - is really exactly the same URL, the browser does not know this - for sure, and is forced to request the authentication - information again, since example.com and - www.example.com are not exactly the same hostname. - Your browser has no particular way to know that these are the - same web site.

- -


- Security caveat

- -

Basic authentication should not be considered secure for any - particularly rigorous definition of secure.

- -

Although the password is stored on the server in encrypted - format, it is passed from the client to the server in plain - text across the network. Anyone listening with any variety of - packet sniffer will be able to read the username and password - in the clear as it goes across.

- -

Not only that, but remember that the username and password - are passed with every request, not just when the user first - types them in. So the packet sniffer need not be listening at a - particularly strategic time, but just for long enough to see - any single request come across the wire.

- -

And, in addition to that, the content itself is also going - across the network in the clear, and so if the web site - contains sensitive information, the same packet sniffer would - have access to that information as it went past, even if the - username and password were not used to gain direct access to - the web site.

- -

Don't use basic authentication for anything that requires - real security. It is a detriment for most users, since very few - people will take the trouble, or have the necessary software - and/or equipment, to find out passwords. However, if someone - had a desire to get in, it would take very little for them to - do so.

- -

Digest authentication

- -

Addressing one of the security caveats of basic - authentication, digest authentication provides an alternate - method for protecting your web content. However, it to has a - few caveats.

- -

How digest auth works

- -

Digest authentication is implemented by the module - mod_auth_digest. There is an older module, - mod_digest, which implemented an older version of the - digest authentication specification, but which will probably - not work with newer browsers.

- -

Using digest authentication, your password is never sent - across the network in the clear, but is always transmitted as - an MD5 digest of the user's password. In this way, the password - cannot be determined by sniffing network traffic.

- -

The full specification of digest authentication can be seen - in the internet standards document RFC 2617, which you can see - at http://www1.ics.uci.edu/pub/ietf/http/rfc2617.txt. - Additional information and resources about MD5 can be found at - http://userpages.umbc.edu/ mabzug1/cs/md5/md5.html

- -

Configuration: - Protecting content with digest authentication

- -

The steps for configuring your server for digest - authentication are very similar for those for basic - authentication.

- -
    -
  1. Create the password file
    2. - -
  2. Set the configuration to use this password file
    3. - -
  3. Optionally, create a group file
    4. -
- -

Creating a password file

- -

As with basic authentication, a simple utility is provided - to create and maintain the password file which will be used to - determine whether a particular user's name and password are - valid. This utility is called htdigest, and will be - located in the bin directory of wherever you installed - Apache. If you installed Apache from some variety of package - manager, htdigest is likely to have been placed - somewhere in your path.

- -

To create a new digest password file, type:

-
-htdigest -c /usr/local/apache/passwd/digest realm username
-
- -

htdigest will ask you for the desired password, and - then ask you to type it again to confirm it.

- -

Note that the realm for which the authentication will be - required is part of the argument list.

- -

Once again, as with basic authentication, you are encouraged - to place the generated file somewhere outside of the document - directory.

- -

And, as with the htpasswd utility, the -c - flag creates a new file, or, if a file of that name already - exists, deletes the contents of that file and generates a new - file in its place. Omit the -c flag in order to add - new user information to an existing password file.

- -

Set the configuration - to use this password file

- -

Once you have created a password file, you need to tell - Apache about it in order to start using it as a source of - authenticated user information. This configuration is done with - the following directives:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AuthTypeAuthentication - type being used. In this case, it will be set to - Digest
AuthNameThe - authentication realm or name
AuthDigestFileThe location of - the password file
AuthDigestGroupFileLocation of the - group file, if any
RequireThe - requirement(s) which must be satisfied in order to grant - admission
- -

These directives may be placed in a .htaccess file - in the particular directory being protected, or may go in the - main server configuration file, in a <Directory> - section, or another scope container.

- -

The following example defines an authentication realm called - "Private". The password file located at - /usr/local/apache/passwd/digest will be used to verify - the user's identity. Only users named drbacchus or - dorfl will be granted access, if they provide a - password that patches the password stored in the password - file.

-
-AuthType Digest
-AuthName "Private"
-AuthDigestFile /usr/local/apache/passwd/digest
-Require user drbacchus dorfl
-
- -

The phrase "Private" will be displayed in the password - pop-up box, where the user will have to type their - credentials.

- -

Optionally, create a group file

- -

As you have observed, there are not many differences between - this configuration process and that required by basic - authentication, described in the previous section. This is true - also of group functionality. The group file used for digest - authentication is exactly the same as that used for basic - authentication. That is to say, lines in the group file consist - the name of the group, a colon, and a list of the members of - that group. For example:

-
-admins: jim roy ed anne
-
- -

Once this file has been created, you can Require - that someone be in a particular group in order to get the - requested resource. This is done with the - AuthDigestGroupFile directive, as shown in the - following example.

-
-AuthType Digest
-AuthName "Private"
-AuthDigestFile /usr/local/apache/passwd/digest
-AuthDigestGroupFile /usr/local/apache/passwd/digest.groups
-Require group admins
-
- -

The authentication process is the same as that used by basic - authentication. It is first verified that the user is in the - required group, and, if this is true, then the password is - verified.

- -

Caveats

- -

Before you leap into using digest authentication instead of - basic authentication, there are a few things that you should - know about.

- -

Most importantly, you need to know that, although digest - authentication has this great advantage that you don't send - your password across the network in the clear, it is not - supported by all major browsers in use today, and so you should - not use it on a web site on which you cannot control the - browsers that people will be using, such as on your intranet - site. In particular, Opera 4.0 or later, Microsoft Internet - Explorer 5.0 or later, Mozilla 1.0.1 and Netscape 7 or later - as well as Amaya support digest authentication, while various - other browsers do not.

- -

Next, with regard to security considerations, you should - understand two things. Although your password is not passed in - the clear, all of your data is, and so this is a rather small - measure of security. And, although your password is not really - sent at all, but a digest form of it, someone very familiar - with the workings of HTTP could use that information - just - your digested password - and use that to gain access to the - content, since that digested password is really all the - information required to access the web site.

- -

The moral of this is that if you have content that really - needs to be kept secure, use SSL.

- -

Database authentication - modules

- -

Basic authentication and digest authentication both suffer - from the same major flaw. They use text files to store the - authentication information. The problem with this is that - looking something up in a text file is very slow. It's rather - like trying to find something in a book that has no index. You - have to start at the beginning, and work through it one page at - a time until you find what you are looking for. Now imagine - that the next time you need to find the same thing, you don't - remember where it was before, so you have to start at the - beginning again, and work through one page at a time until you - find it again. And the next time. And the time after that.

- -

Since HTTP is stateless, authentication has to be verified - every time that content is requested. And so every time a - document is accessed which is secured with basic or digest - authentication, Apache has to open up those text password files - and look through them one line at a time, until it finds the - user that is trying to log in, and verifies their password. In - the worst case, if the username supplied is not in there at - all, every line in the file will need to be checked. On - average, half of the file will need to be read before the user - is found. This is very slow.

- -

While this is not a big problem for small sets of users, - when you get into larger numbers of users (where "larger" means - a few hundred) this becomes prohibitively slow. In many cases, - in fact, valid username/password combinations will get rejected - because the authentication module just had to spend so much - time looking for the username in the file that Apache will just - get tired of waiting and return a failed authentication.

- -

In these cases, you need an alternative, and that - alternative is to use some variety of database. Databases are - optimized for looking for a particular piece of information in - a very large data set. It builds indexes in order to rapidly - locate a particular record, and they have query languages for - swiftly locating records that match particular criteria.

- -

There are numerous modules available for Apache to - authenticate using a variety of different databases. In this - section, we'll just look at two modules which ship with Apache. -

- -

mod_auth_db and mod_auth_dbm

- -

mod_auth_db and mod_auth_dbm are modules - which lets you keep your usernames and passwords in DB or DBM - files. There are few practical differences between DB files and - DBM files. And, on some operating systems, such as various - BSDs, and Linux, they are exactly the same thing. You should - pick whichever of the two modules makes the most sense on your - particular platform of choice. If you do not have DB support on - your platform, you may need to install it. You download an - implementation of DB at http://www.sleepycat.com/. - -

Berkeley DB files

- -

DB files, also known as Berkeley database files, are the - simplest form of database, and are rather ideally suited for - the sort of data that needs to be stored for HTTP - authentication. DB files store key/value pairs. That is, the - name of a variable, and the value of that variable. While other - databases allow the storage of many fields in a given record, a - DB file allows only this pairing of key and value.1 This is ideal for - authentication, which requires only the pair of a username and - password.

- -

Installing mod_auth_db

- -

For the purposes of this tutorial, we'll talk about - installing and configuring mod_auth_db. However, - everything that is said here can be directly applied to - mod_auth_dbm by simply replacing 'db' with 'dbm' and - 'DB' with 'DBM' in the various commands, file names, and - directives.

- -

Since mod_auth_db is not compiled in by default, - you will need to rebuild Apache in order to get the - functionality, unless you built in everything when we started. - Note that if you installed Apache with shared object - support, you may be able to just build the module and load it - in to Apache.

- -

To build Apache from scratch with mod_auth_db built - in, use the following ./configure line in your apache - source code directory.

-
-./configure --enable-module=auth_db
-
- -

Or, if you had a more complex configure command - line, you can just add the -enable-module=auth_db - option to that command line, and you'll get - mod_auth_db built into your server.

- -

Protecting a directory with - mod_auth_db

- -

Once you have compiled the mod_auth_db module, and - loaded it into your web server, you'll find that there's very - little difference between using regular authentication and - using mod_auth_db authentication. The procedure is the - same as that we went through with basic and digest - authentication:

- -
    -
  1. Create the user file.
    2. - -
  2. Configure Apache to use that file for - authentication.
    3. - -
  3. Optionally, create a group file.
    4. -
- -

Create the user file

- -

The user file for authentication is, this time, not a flat - text file, but is a DB file2. Fortunately, once again, - Apache provides us with a simple utility for the purpose of - managing this user file. This time, the utility is called - dbmmanage, and will be located in the bin - subdirectory of wherever you installed Apache.

- -

dbmmanage is somewhat more complicated to use than - htpasswd or htdigest, but it is still fairly - simple. The syntax which you will usually be using is as - follows:

-
-dbmmanage passwords.dat adduser montressor
-
- -

As with htpasswd, you will at this point be - prompted for a password, and then asked to confirm that - password by typing it again. The main difference here is that - rather than a text file being created, you are creating a - binary file containing the information that you have - supplied.

- -

Type dbmmanage with no arguments to get the full - list of options available with this utility.

- -

Creating your user file with - Perl

- -

Note that, if you are so inclined, you can manage your user - file with Perl, or any other language which has a DB-file - module, for interfacing with this type of database. This covers - a number of popular programming languages.

- -

The following Perl code, for example, will add a user - 'rbowen', with password 'mypassword', to your password - file:

-
-use DB_File;
-tie %database, 'DB_File', "passwords.dat"
-    or die "Can't initialize database: $!\n";
-
-$username = 'rbowen';
-$password = 'mypassword';
-@chars=(0..9,'a'..'z');
-$salt = $chars[int rand @chars] . $chars[int rand @chars];
-
-$crypt = crypt($password, $salt);
-$database{$username} = $crypt;
-
-untie %database;
-
- -

As you can imagine, this makes it very simple to write tools - to manage the user and password information stored in these - files.

- -

Passwords are stored in Unix crypt format, just as - they were in the "regular" password files. The 'salt' that is - created in the middle there is part of the process, generating - a random starting point for that encryption. The technique - being used is called a 'tied hash'. The idea is to tie a - built-in data structure to the contents of the file, such that - when the data structure is changed, the file is automatically - modified at the same time.

- -

Configuring Apache - to use this password file

- -

Once you have created the password file, you need to tell - Apache about it, and tell Apache to use this file to verify - user credentials. This configuration will look almost the same - as that for basic authentication. This configuration can go in - a .htaccess file in the directory to be protected, or - can go in the main server configuration, in a - <Directory> section, or other scope container - directive.

- -

The configuration will look something like the - following:

-
-AuthName "Members Only"
-AuthType Basic
-AuthDBUserFile /usr/local/apache/passwd/passwords.dat
-require user rbowen
-
- -

Now, users accessing the directory will be required to - authenticate against the list of valid users who are in - /usr/local/apache/passwd/passwords.dat.

- -


- Optionally, create a group file

- -

As mentioned earlier, DB files store a key/value pair. In - the case of group files, the key is the name of the user, and - the value is a comma-separated list of the groups to which the - user belongs.

- -

While this is the opposite of the way that group files are - stored elsewhere, note that we will primarily be looking up - records based on the username, so it is more efficient to index - the file by username, rather than by the group name.

- -

Groups can be added to your group file using - dbmmanage and the add command:

-
-dbmmanage add groupfile rbowen one,two,three
-
- -

In the above example, groupfile is the literal name - of the group file, rbowen is the user being added, and - one, two, and three are names of - three groups to which this user belongs.

- -

Once you have your groups in the file, you can require a - group in the regular way:

-
-AuthName "Members Only"
-AuthType Basic
-AuthDBUserFile /usr/local/apache/passwd/passwords.dat
-AuthDBGroupFile /usr/local/apache/passwd/groups.dat
-require group three
-
- -

Note that if you want to use the same file for both password - and group information, you can do so, but this is a little more - complicated to manage, as you have to encrypt the password - yourself before you feed it to the dbmmanage - utility.

- -

Access control

- -

Authentication by username and password is only part of the - story. Frequently you want to let people in based on something - other than who they are. Something such as where they are - coming from. Restricting access based on something other than - the identity of the user is generally referred to as Access - Control.

- -

Allow and Deny

- -

The Allow and Deny directives let you - allow and deny access based on the host name, or host address, - of the machine requesting a document. The directive goes - hand-in-hand with these is the Order directive, which - tells Apache in which order to apply the filters.

- -

The usage of these directives is:

-
-allow from address
-
- -

where address is an IP address (or a partial IP - address) or a fully qualified domain name (or a partial domain - name); you may provide multiple addresses or domain names, if - desired.

- -

For example, if you have someone spamming your message - board, and you want to keep them out, you could do the - following:

-
-deny from 11.22.33.44
-
- -

Visitors coming from that address will not be able to see - the content behind this directive. If, instead, you have a - machine name, rather than an IP address, you can use that. -

-
-deny from hostname.example.com
-
- -

And, if you'd like to block access from an entire domain, - or even from an entire tld (top level domain, such as .com or .gov) - you can specify just part of an address or domain name:

-
-deny from 192.101.205
-deny from exampleone.com exampletwo.com
-deny from tld
-
- -

Using Order will let you be sure that you are - actually restricting things to the group that you want to let - in, by combining a deny and an allow - directive:

-
-Order Deny,Allow
-Deny from all
-Allow from hostname.example.com
-
- -

Listing just the allow directive would not do what - you want, because it will let users from that host in, in - addition to letting everyone in. What you want is to let in - only users from that host.

- -

Satisfy

- -

The Satisfy directive can be used to specify that - several criteria may be considered when trying to decide if a - particular user will be granted admission. Satisfy can - take as an argument one of two options - all or - any. By default, it is assumed that the value is - all. This means that if several criteria are - specified, then all of them must be met in order for someone to - get in. However, if set to any, then several criteria - may be specified, but if the user satisfies any of these, then - they will be granted entrance.

- -

A very good example of this is using access control to - assure that, although a resource is password protected from - outside your network, all hosts inside the network will be - given free access to the resource. This would be accomplished - by using the Satisfy directive, as shown below.

-
-<Directory /usr/local/apache/htdocs/sekrit>
-  AuthType Basic
-  AuthName intranet
-  AuthUserFile /www/passwd/users
-  AuthGroupFile /www/passwd/groups
-  Require group customers
-  Order allow,deny
-  Allow from internal.com
-  Satisfy any
-</Directory>
-
- -

In this scenario, users will be let in if they either have a - password, or if they are in the internal network.

- -

Summary

- -

The various authentication modules provide a number of ways - to restrict access to your host based on the identity of the - user. They offer a somewhat standard interface to this - functionality, but provide different back-end mechanisms for - actually authenticating the user.

- -

And the access control mechanism allows you to restrict - access based on criteria unrelated to the identity of the - user.
-

-
- -

Footnotes

- -
-
... value.1
- -
There are actually a number of implementations that get - around this limitation. MLDBM is one of them, for example. - However, for the purposes of this discussion, we'll just deal - with standard Berkeley DB, which is likely to have shipped - with whatever operating system you are already running.
- -
... file2
- -
Or, if you are using mod_auth_dbm, a DBM file.
-
-
- - - diff --git a/usr.sbin/httpd/htdocs/manual/howto/cgi.html b/usr.sbin/httpd/htdocs/manual/howto/cgi.html deleted file mode 100644 index 9efd6e4ce88..00000000000 --- a/usr.sbin/httpd/htdocs/manual/howto/cgi.html +++ /dev/null @@ -1,567 +0,0 @@ - - - - - - - - Apache Tutorial: Dynamic Content with CGI - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - - -

Dynamic Content with CGI

- - - - - -
- -

Dynamic Content with CGI

- - - - - - - -
Related Modules
-
- mod_alias
- mod_cgi
- 		Related Directives
-
- AddHandler
- Options
- ScriptAlias
-
- -

The CGI (Common Gateway Interface) defines a way for a web - server to interact with external content-generating programs, - which are often referred to as CGI programs or CGI scripts. It - is the simplest, and most common, way to put dynamic content on - your web site. This document will be an introduction to setting - up CGI on your Apache web server, and getting started writing - CGI programs.

-
- -

Configuring Apache to - permit CGI

- -

In order to get your CGI programs to work properly, you'll - need to have Apache configured to permit CGI execution. There - are several ways to do this.

- -

ScriptAlias

- -

The ScriptAlias directive tells Apache that a - particular directory is set aside for CGI programs. Apache will - assume that every file in this directory is a CGI program, and - will attempt to execute it, when that particular resource is - requested by a client.

- -

The ScriptAlias directive looks like:

-
-        ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/
-
- -

The example shown is from your default - httpd.conf configuration file, if you installed - Apache in the default location. The ScriptAlias - directive is much like the Alias directive, which - defines a URL prefix that is to mapped to a particular - directory. Alias and ScriptAlias are - usually used for directories that are outside of the - DocumentRoot directory. The difference between - Alias and ScriptAlias is that - ScriptAlias has the added meaning that everything - under that URL prefix will be considered a CGI program. So, the - example above tells Apache that any request for a resource - beginning with /cgi-bin/ should be served from the - directory /usr/local/apache/cgi-bin/, and should - be treated as a CGI program.

- -

For example, if the URL - http://www.example.com/cgi-bin/test.pl is - requested, Apache will attempt to execute the file - /usr/local/apache/cgi-bin/test.pl and return the - output. Of course, the file will have to exist, and be - executable, and return output in a particular way, or Apache - will return an error message.

- -

CGI outside of - ScriptAlias directories

- -

CGI programs are often restricted to - ScriptAlias'ed directories for security reasons. - In this way, administrators can tightly control who is allowed - to use CGI programs. However, if the proper security - precautions are taken, there is no reason why CGI programs - cannot be run from arbitrary directories. For example, you may - wish to let users have web content in their home directories - with the UserDir directive. If they want to have - their own CGI programs, but don't have access to the main - cgi-bin directory, they will need to be able to - run CGI programs elsewhere.

- -

Explicitly - using Options to permit CGI execution

- -

You could explicitly use the Options directive, - inside your main server configuration file, to specify that CGI - execution was permitted in a particular directory:

-
-        <Directory /usr/local/apache/htdocs/somedir>
-                Options +ExecCGI
-        </Directory>
-
- -

The above directive tells Apache to permit the execution of - CGI files. You will also need to tell the server what files are - CGI files. The following AddHandler directive - tells the server to treat all files with the cgi - or pl extension as CGI programs:

-
-     AddHandler cgi-script cgi pl
-
- -

.htaccess - files

- -

A .htaccess file is a way to set configuration - directives on a per-directory basis. When Apache serves a - resource, it looks in the directory from which it is serving a - file for a file called .htaccess, and, if it finds - it, it will apply directives found therein. - .htaccess files can be permitted with the - AllowOverride directive, which specifies what - types of directives can appear in these files, or if they are - not allowed at all. To permit the directive we will need for - this purpose, the following configuration will be needed in - your main server configuration:

-
-        AllowOverride Options
-
- -

In the .htaccess file, you'll need the - following directive:

-
-        Options +ExecCGI
-
- -

which tells Apache that execution of CGI programs is - permitted in this directory.

-
- -

Writing a CGI program

- -

There are two main differences between ``regular'' - programming, and CGI programming.

- -

First, all output from your CGI program must be preceded by - a MIME-type header. This is HTTP header that tells the client - what sort of content it is receiving. Most of the time, this - will look like:

-
-        Content-type: text/html
-
- -

Secondly, your output needs to be in HTML, or some other - format that a browser will be able to display. Most of the - time, this will be HTML, but occasionally you might write a CGI - program that outputs a gif image, or other non-HTML - content.

- -

Apart from those two things, writing a CGI program will look - a lot like any other program that you might write.

- -

Your - first CGI program

- -

The following is an example CGI program that prints one line - to your browser. Type in the following, save it to a file - called first.pl, and put it in your - cgi-bin directory.

-
-        #!/usr/bin/perl
-        print "Content-type: text/html\r\n\r\n";
-        print "Hello, World.";
-
- -

Even if you are not familiar with Perl, you should be able - to see what is happening here. The first line tells Apache (or - whatever shell you happen to be running under) that this - program can be executed by feeding the file to the interpreter - found at the location /usr/bin/perl. The second - line prints the content-type declaration we talked about, - followed by two carriage-return newline pairs. This puts a - blank line after the header, to indicate the end of the HTTP - headers, and the beginning of the body. The third line prints - the string ``Hello, World.'' And that's the end of it.

- -

If you open your favorite browser and tell it to get the - address

-
-        http://www.example.com/cgi-bin/first.pl
-
- -

or wherever you put your file, you will see the one line - Hello, World. appear in your browser window. It's - not very exciting, but once you get that working, you'll have a - good chance of getting just about anything working.

-
- -

But it's still not - working!

- -

There are four basic things that you may see in your browser - when you try to access your CGI program from the web:

- -
-
The output of your CGI program
- -
Great! That means everything worked fine.
-
-
- -
The source code of your CGI program or a "POST Method Not - Allowed" message
- -
That means that you have not properly configured Apache - to process your CGI program. Reread the section on configuring Apache - and try to find what you missed.
-
-
- -
A message starting with "Forbidden"
- -
That means that there is a permissions problem. Check the - Apache error log and the section - below on file - permissions.
-
-
- -
A message saying "Internal Server Error"
- -
If you check the Apache error - log, you will probably find that it says "Premature end - of script headers", possibly along with an error message - generated by your CGI program. In this case, you will want to - check each of the below sections to see what might be - preventing your CGI program from emitting the proper HTTP - headers.
-
- -

File - permissions

- -

Remember that the server does not run as you. That is, when - the server starts up, it is running with the permissions of an - unprivileged user - usually ``nobody'', or ``www'' - and so it - will need extra permissions to execute files that are owned by - you. Usually, the way to give a file sufficient permissions to - be executed by ``nobody'' is to give everyone execute - permission on the file:

-
-        chmod a+x first.pl
-
- -

Also, if your program reads from, or writes to, any other - files, those files will need to have the correct permissions to - permit this.

- -

The exception to this is when the server is configured to - use suexec. This program allows - CGI programs to be run under different user permissions, - depending on which virtual host or user home directory they are - located in. Suexec has very strict permission checking, and any - failure in that checking will result in your CGI programs - failing with an "Internal Server Error". In this case, you will - need to check the suexec log file to see what specific security - check is failing.

- -

Path - information

- -

When you run a program from your command line, you have - certain information that is passed to the shell without you - thinking about it. For example, you have a path, which tells - the shell where it can look for files that you reference.

- -

When a program runs through the web server as a CGI program, - it does not have that path. Any programs that you invoke in - your CGI program (like 'sendmail', for example) will need to be - specified by a full path, so that the shell can find them when - it attempts to execute your CGI program.

- -

A common manifestation of this is the path to the script - interpreter (often perl) indicated in the first - line of your CGI program, which will look something like:

-
-     #!/usr/bin/perl
-
- -

Make sure that this is in fact the path to the - interpreter.

- -

Syntax - errors

- -

Most of the time when a CGI program fails, it's because of a - problem with the program itself. This is particularly true once - you get the hang of this CGI stuff, and no longer make the - above two mistakes. Always attempt to run your program from the - command line before you test if via a browser. This will - eliminate most of your problems.

- -

Error logs

- -

The error logs are your friend. Anything that goes wrong - generates message in the error log. You should always look - there first. If the place where you are hosting your web site - does not permit you access to the error log, you should - probably host your site somewhere else. Learn to read the error - logs, and you'll find that almost all of your problems are - quickly identified, and quickly solved.

-
- -

What's going on behind the - scenes?

- -

As you become more advanced in CGI programming, it will - become useful to understand more about what's happening behind - the scenes. Specifically, how the browser and server - communicate with one another. Because although it's all very - well to write a program that prints ``Hello, World.'', it's not - particularly useful.

- -

Environment variables

- -

Environment variables are values that float around you as - you use your computer. They are useful things like your path - (where the computer searches for a the actual file implementing - a command when you type it), your username, your terminal type, - and so on. For a full list of your normal, every day - environment variables, type env at a command - prompt.

- -

During the CGI transaction, the server and the browser also - set environment variables, so that they can communicate with - one another. These are things like the browser type (Netscape, - IE, Lynx), the server type (Apache, IIS, WebSite), the name of - the CGI program that is being run, and so on.

- -

These variables are available to the CGI programmer, and are - half of the story of the client-server communication. The - complete list of required variables is at http://hoohoo.ncsa.uiuc.edu/cgi/env.html

- -

This simple Perl CGI program will display all of the - environment variables that are being passed around. Two similar - programs are included in the cgi-bin directory of - the Apache distribution. Note that some variables are required, - while others are optional, so you may see some variables listed - that were not in the official list. In addition, Apache - provides many different ways for you to add your own environment variables to - the basic ones provided by default.

-
-     #!/usr/bin/perl
-     print "Content-type: text/html\n\n";
-     foreach $key (keys %ENV) {
-          print "$key --> $ENV{$key}<br>";
-     }
-
- -

STDIN and - STDOUT

- -

Other communication between the server and the client - happens over standard input (STDIN) and standard - output (STDOUT). In normal everyday context, - STDIN means the keyboard, or a file that a program - is given to act on, and STDOUT usually means the - console or screen.

- -

When you POST a web form to a CGI program, the - data in that form is bundled up into a special format and gets - delivered to your CGI program over STDIN. The - program then can process that data as though it was coming in - from the keyboard, or from a file

- -

The ``special format'' is very simple. A field name and its - value are joined together with an equals (=) sign, and pairs of - values are joined together with an ampersand (&). - Inconvenient characters like spaces, ampersands, and equals - signs, are converted into their hex equivalent so that they - don't gum up the works. The whole data string might look - something like:

-
-     name=Rich%20Bowen&city=Lexington&state=KY&sidekick=Squirrel%20Monkey
-
- -

You'll sometimes also see this type of string appended to - the a URL. When that is done, the server puts that string into - the environment variable called QUERY_STRING. - That's called a GET request. Your HTML form - specifies whether a GET or a POST is - used to deliver the data, by setting the METHOD - attribute in the FORM tag.

- -

Your program is then responsible for splitting that string - up into useful information. Fortunately, there are libraries - and modules available to help you process this data, as well as - handle other of the aspects of your CGI program.

-
- -

CGI - modules/libraries

- -

When you write CGI programs, you should consider using a - code library, or module, to do most of the grunt work for you. - This leads to fewer errors, and faster development.

- -

If you're writing CGI programs in Perl, modules are - available on CPAN. The most - popular module for this purpose is CGI.pm. You might also - consider CGI::Lite, which implements a minimal set of - functionality, which is all you need in most programs.

- -

If you're writing CGI programs in C, there are a variety of - options. One of these is the CGIC library, from http://www.boutell.com/cgic/

-
- -

For - more information

- -

There are a large number of CGI resources on the web. You - can discuss CGI problems with other users on the Usenet group - comp.infosystems.www.authoring.cgi. And the -servers mailing - list from the HTML Writers Guild is a great source of answers - to your questions. You can find out more at http://www.hwg.org/lists/hwg-servers/

- -

And, of course, you should probably read the CGI - specification, which has all the details on the operation of - CGI programs. You can find the original version at the NCSA - and there is an updated draft at the Common Gateway Interface - RFC project.

- -

When you post a question about a CGI problem that you're - having, whether to a mailing list, or to a newsgroup, make sure - you provide enough information about what happened, what you - expected to happen, and how what actually happened was - different, what server you're running, what language your CGI - program was in, and, if possible, the offending code. This will - make finding your problem much simpler.

- -

Note that questions about CGI problems should - never be posted to the Apache bug database - unless you are sure you have found a problem in the Apache - source code.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/howto/htaccess.html b/usr.sbin/httpd/htdocs/manual/howto/htaccess.html deleted file mode 100644 index 9f5312f5e56..00000000000 --- a/usr.sbin/httpd/htdocs/manual/howto/htaccess.html +++ /dev/null @@ -1,422 +0,0 @@ - - - - - - - Apache Tutorial: .htaccess files - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - - -

.htaccess files

- - - - - - - - - - - -
Related Modules
-
- core
- mod_auth
- mod_cgi
- mod_include
- mod_mine
- 		Related Directives
-
- AccessFileName
- AllowOverride
- Options
- AddHandler
- SetHandler
- AuthType
- AuthName
- AuthUserFile
- AuthGroupFile
- Require
-
-
- -

What they are/How to use them

- -

.htaccess files (or "distributed configuration files") - provide a way to make configuration changes on a per-directory basis. A - file, containing one or more configuration directives, is placed in a - particular document directory, and the directives apply to that - directory, and all subdirectories thereof.

- -

Note: If you want to call your .htaccess file something - else, you can change the name of the file using the AccessFileName - directive. For example, if you would rather call the file - .config then you can put the following in your server - configuration file:

- -
- - - - -
AccessFileName .config
-
- -

What you can put in these files is determined by the AllowOverride - directive. This directive specifies, in categories, what directives - will be honored if they are found in a .htaccess file. If - a directive is permitted in a .htaccess file, the - documentation for that directive will contain an Override section, - specifying what value must be in AllowOverride in order - for that directive to be permitted.

- -

For example, if you look at the documentation for the AddDefaultCharset - directive, you will find that it is permitted in .htaccess - files. (See the Context line in the directive summary.) The Override line reads - "FileInfo". Thus, you must have at least - "AllowOverride FileInfo" in order for this directive to be - honored in .htaccess files.

- -

Example:

- -
- - - - - - - - - - - - -
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
-
- -

If you are unsure whether a particular directive is permitted in a - .htaccess file, look at the documentation for that - directive, and check the Context line for ".htaccess."

- -

When (not) to use .htaccess files

- -

In general, you should never use .htaccess files unless - you don't have access to the main server configuration file. There is, - for example, a prevailing misconception that user authentication should - always be done in .htaccess files. This is simply not the - case. You can put user authentication configurations in the main server - configuration, and this is, in fact, the preferred way to do - things.

- -

.htaccess files should be used in a case where the - content providers need to make configuration changes to the server on a - per-directory basis, but do not have root access on the server system. - In the event that the server administrator is not willing to make - frequent configuration changes, it might be desirable to permit - individual users to make these changes in .htaccess files - for themselves. This is particularly true, for example, in cases where - ISPs are hosting multiple user sites on a single machine, and want - their users to be able to alter their configuration.

- -

However, in general, use of .htaccess files should be - avoided when possible. Any configuration that you would consider - putting in a .htaccess file, can just as effectively be - made in a <Directory> - section in your main server configuration file.

- -

There are two main reasons to avoid the use of - .htaccess files.

- -

The first of these is performance. When AllowOverride - is set to allow the use of .htaccess files, Apache will - look in every directory for .htaccess files. Thus, - permitting .htaccess files causes a performance hit, - whether or not you actually even use them! Also, the - .htaccess file is loaded every time a document is - requested.

- -

Further note that Apache must look for .htaccess files - in all higher-level directories, in order to have a full complement of - directives that it must apply. (See section on how - directives are applied.) Thus, if a file is requested out of a - directory /www/htdocs/example, Apache must look for the - following files:

- -
- - - - -
/.htaccess
- /www/.htaccess
- /www/htdocs/.htaccess
- /www/htdocs/example/.htaccess
-
- -

And so, for each file access out of that directory, there are 4 - additional file-system accesses, even if none of those files are - present. (Note that this would only be the case if .htaccess files were - enabled for /, which is not usually the case.)

- -

The second consideration is one of security. You are permitting - users to modify server configuration, which may result in changes over - which you have no control. Carefully consider whether you want to give - your users this privilege.

- -

Note that it is completely equivalent to put a .htaccess file in a - directory /www/htdocs/example containing a directive, and - to put that same directive in a Directory section <Directory - /www/htdocs/example> in your main server configuration:

- -

.htaccess file in /www/htdocs/example:

- -
- - - - -
AddType text/example .exm -
-
- -

httpd.conf

- -
- - - - -
<Directory - /www/htdocs/example>
- AddType text/example .exm
- </Directory>
-
- -

However, putting this configuration in your server configuration - file will result in less of a performance hit, as the configuration is - loaded once when Apache starts, rather than every time a file is - requested.

- -

The use of .htaccess files can be disabled completely - by setting the AllowOverride directive to "none"

- -
- - - - -
AllowOverride None
-
- -

How directives are applied

- -

The configuration directives found in a .htaccess file - are applied to the directory in which the .htaccess file - is found, and to all subdirectories thereof. However, it is important - to also remember that there may have been .htaccess files - in directories higher up. Directives are applied in the order that they - are found. Therefore, a .htaccess file in a particular - directory may override directives found in .htaccess files - found higher up in the directory tree. And those, in turn, may have - overridden directives found yet higher up, or in the main server - configuration file itself.

- -

Example:

- -

In the directory /www/htdocs/example1 we have a - .htaccess file containing the following:

- -
- - - - -
Options +ExecCGI
-
- -

(Note: you must have "AllowOverride Options" in effect - to permit the use of the "Options" directive in - .htaccess files.)

- -

In the directory /www/htdocs/example1/example2 we have - a .htaccess file containing:

- -
- - - - -
Options Includes
-
- -

Because of this second .htaccess file, in the directory - /www/htdocs/example1/example2, CGI execution is not - permitted, as only Options Includes is in effect, which - completely overrides any earlier setting that may have been in - place.

- -

Authentication example

- -

If you jumped directly to this part of the document to find out how - to do authentication, it is important to note one thing. There is a - common misconception that you are required to use - .htaccess files in order to implement password - authentication. This is not the case. Putting authentication directives - in a <Directory> section, in your main server - configuration file, is the preferred way to implement this, and - .htaccess files should be used only if you don't have - access to the main server configuration file. See above for a - discussion of when you should and should not use .htaccess - files.

- -

Having said that, if you still think you need to use a - .htaccess file, you may find that a configuration such as - what follows may work for you.

- -

You must have "AllowOverride AuthConfig" in effect for - these directives to be honored.

- -

.htaccess file contents:

- -
- - - - -
AuthType Basic
- AuthName "Password Required"
- AuthUserFile /www/passwords/password.file
- AuthGroupFile /www/passwords/group.file
- Require Group admins
-
- -

Note that AllowOverride AuthConfig must be in effect - for these directives to have any effect.

- -

Please see the authentication tutorial for a - more complete discussion of authentication and authorization.

- -

Server side includes example

- -

Another common use of .htaccess files is to enable - Server Side Includes for a particular directory. This may be done with - the following configuration directives, placed in a - .htaccess file in the desired directory:

- -
- - - - -
Options +Includes
- AddType text/html shtml
- AddHandler server-parsed shtml
-
- -

Note that AllowOverride Options and AllowOverride - FileInfo must both be in effect for these directives to have any - effect.

- -

Please see the SSI tutorial for a more - complete discussion of server-side includes.

- -

CGI example

- -

Finally, you may wish to use a .htaccess file to permit - the execution of CGI programs in a particular directory. This may be - implemented with the following configuration:

- -
- - - - -
Options +ExecCGI
- AddHandler cgi-script cgi pl
-
- -

Alternately, if you wish to have all files in the given directory be - considered to be CGI programs, this may be done with the following - configuration:

- -
- - - - -
Options +ExecCGI
- SetHandler cgi-script
-
- -

Note that AllowOverride Options must be in effect for - these directives to have any effect.

- -

Please see the CGI tutorial for a more - complete discussion of CGI programming and configuration.

- -

Troubleshooting

- -

When you put configuration directives in a .htaccess - file, and you don't get the desired effect, there are a number of - things that may be going wrong.

- -

Most commonly, the problem is that AllowOverride is not - set such that your configuration directives are being honored. Make - sure that you don't have a AllowOverride None in effect - for the file scope in question. A good test for this is to put garbage - in your .htaccess file and reload. If a server error is - not generated, then you almost certainly have AllowOverride - None in effect.

- -

If, on the other hand, you are getting server errors when trying to - access documents, check your Apache error log. It will likely tell you - that the directive used in your .htaccess file is not permitted. - Alternately, it may tell you that you had a syntax error, which you - will then need to fix.

- - - diff --git a/usr.sbin/httpd/htdocs/manual/howto/ssi.html b/usr.sbin/httpd/htdocs/manual/howto/ssi.html deleted file mode 100644 index 2da0dab0dfe..00000000000 --- a/usr.sbin/httpd/htdocs/manual/howto/ssi.html +++ /dev/null @@ -1,558 +0,0 @@ - - - - - - - - Apache Tutorial: Introduction to Server Side - Includes - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - - -

Apache Tutorial: Introduction to Server Side - Includes

- - - - - -
- -

Apache - Tutorial: Introduction to Server Side Includes

- - - - - - - -
Related Modules
-
- mod_include
- mod_cgi
- mod_expires
- 		Related Directives
-
- Options
- XBitHack
- AddType
- AddHandler
- BrowserMatchNoCase
-
- -

This article deals with Server Side Includes, usually called - simply SSI. In this article, I'll talk about configuring your - server to permit SSI, and introduce some basic SSI techniques - for adding dynamic content to your existing HTML pages.

- -

In the latter part of the article, we'll talk about some of - the somewhat more advanced things that can be done with SSI, - such as conditional statements in your SSI directives.

-
- -

What are SSI?

- -

SSI (Server Side Includes) are directives that are placed in - HTML pages, and evaluated on the server while the pages are - being served. They let you add dynamically generated content to - an existing HTML page, without having to serve the entire page - via a CGI program, or other dynamic technology.

- -

The decision of when to use SSI, and when to have your page - entirely generated by some program, is usually a matter of how - much of the page is static, and how much needs to be - recalculated every time the page is served. SSI is a great way - to add small pieces of information, such as the current time. - But if a majority of your page is being generated at the time - that it is served, you need to look for some other - solution.

-
- -

Configuring your server - to permit SSI

- -

To permit SSI on your server, you must have mod_include installed and - enabled. Additionally, you must have the following - directive either in your httpd.conf file, or in a - .htaccess file:

-
-        Options +Includes
-
- -

This tells Apache that you want to permit files to be parsed - for SSI directives. Note that most configurations contain - multiple Options directives - that can override each other. You will probably need to apply the - Options to the specific directory where you want SSI - enabled in order to assure that it gets evaluated last.

- -

Not just any file is parsed for SSI directives. You have to - tell Apache which files should be parsed. There are two ways to - do this. You can tell Apache to parse any file with a - particular file extension, such as .shtml, with - the following directives:

-
-        AddType text/html .shtml
-        AddHandler server-parsed .shtml
-
- -

One disadvantage to this approach is that if you wanted to - add SSI directives to an existing page, you would have to - change the name of that page, and all links to that page, in - order to give it a .shtml extension, so that those - directives would be executed.

- -

The other method is to use the XBitHack - directive:

-
-        XBitHack on
-
- -

XBitHack tells Apache to parse files for SSI - directives if they have the execute bit set. So, to add SSI - directives to an existing page, rather than having to change - the file name, you would just need to make the file executable - using chmod.

-
-        chmod +x pagename.html
-
- -

A brief comment about what not to do. You'll occasionally - see people recommending that you just tell Apache to parse all - .html files for SSI, so that you don't have to - mess with .shtml file names. These folks have - perhaps not heard about XBitHack. The thing to - keep in mind is that, by doing this, you're requiring that - Apache read through every single file that it sends out to - clients, even if they don't contain any SSI directives. This - can slow things down quite a bit, and is not a good idea.

- -

Of course, on Windows, there is no such thing as an execute - bit to set, so that limits your options a little.

- -

In its default configuration, Apache does not send the last - modified date or content length HTTP headers on SSI pages, - because these values are difficult to calculate for dynamic - content. This can prevent your document from being cached, and - result in slower perceived client performance. There are two - ways to solve this:

- -
    -
  1. Use the XBitHack Full configuration. This - tells Apache to determine the last modified date by looking - only at the date of the originally requested file, ignoring - the modification date of any included files.
    2. - -
  2. Use the directives provided by mod_expires to set an - explicit expiration time on your files, thereby letting - browsers and proxies know that it is acceptable to cache - them.
    3. -
-
- -

Basic - SSI directives

- -

SSI directives have the following syntax:

-
-        <!--#element attribute=value attribute=value ... -->
-
- -

It is formatted like an HTML comment, so if you don't have - SSI correctly enabled, the browser will ignore it, but it will - still be visible in the HTML source. If you have SSI correctly - configured, the directive will be replaced with its - results.

- -

The element can be one of a number of things, and we'll talk - some more about most of these in the next installment of this - series. For now, here are some examples of what you can do with - SSI

- -

Today's - date

-
-        <!--#echo var="DATE_LOCAL" -->
-
- -

The echo element just spits out the value of a - variable. There are a number of standard variables, which - include the whole set of environment variables that are - available to CGI programs. Also, you can define your own - variables with the set element.

- -

If you don't like the format in which the date gets printed, - you can use the config element, with a - timefmt attribute, to modify that formatting.

-
-        <!--#config timefmt="%A %B %d, %Y" -->
-        Today is <!--#echo var="DATE_LOCAL" -->
-
- -

Modification date of the - file

-
-        This document last modified <!--#flastmod file="index.html" -->
-
- -

This element is also subject to timefmt format - configurations.

- -

Including the results - of a CGI program

- -

This is one of the more common uses of SSI - to output the - results of a CGI program, such as everybody's favorite, a ``hit - counter.''

-
-        <!--#include virtual="/cgi-bin/counter.pl" -->
-
-
- -

Additional examples

- -

Following are some specific examples of things you can do in - your HTML documents with SSI.

-
- -

When was this document - modified?

- -

Earlier, we mentioned that you could use SSI to inform the - user when the document was most recently modified. However, the - actual method for doing that was left somewhat in question. The - following code, placed in your HTML document, will put such a - time stamp on your page. Of course, you will have to have SSI - correctly enabled, as discussed above.

-
-        <!--#config timefmt="%A %B %d, %Y" -->
-        This file last modified <!--#flastmod file="ssi.shtml" -->
-
- -

Of course, you will need to replace the - ssi.shtml with the actual name of the file that - you're referring to. This can be inconvenient if you're just - looking for a generic piece of code that you can paste into any - file, so you probably want to use the - LAST_MODIFIED variable instead:

-
-        <!--#config timefmt="%D" -->
-        This file last modified <!--#echo var="LAST_MODIFIED" -->
-
- -

For more details on the timefmt format, go to - your favorite search site and look for strftime(). The - syntax is the same.

-
- -

Including a standard - footer

- -

If you are managing any site that is more than a few pages, - you may find that making changes to all those pages can be a - real pain, particularly if you are trying to maintain some kind - of standard look across all those pages.

- -

Using an include file for a header and/or a footer can - reduce the burden of these updates. You just have to make one - footer file, and then include it into each page with the - include SSI command. The include - element can determine what file to include with either the - file attribute, or the virtual - attribute. The file attribute is a file path, - relative to the current directory. That means that it - cannot be an absolute file path (starting with /), nor can it - contain ../ as part of that path. The virtual - attribute is probably more useful, and should specify a URL - relative to the document being served. It can start with a /, - but must be on the same server as the file being served.

-
-        <!--#include virtual="/footer.html" -->
-
- -

I'll frequently combine the last two things, putting a - LAST_MODIFIED directive inside a footer file to be - included. SSI directives can be contained in the included file, - and includes can be nested - that is, the included file can - include another file, and so on.

-
- -

What - else can I config?

- -

In addition to being able to config the time - format, you can also config two other things.

- -

Usually, when something goes wrong with your SSI directive, - you get the message

-
-        [an error occurred while processing this directive]
-
- -

If you want to change that message to something else, you - can do so with the errmsg attribute to the - config element:

-
-        <!--#config errmsg="[It appears that you don't know how to use SSI]" -->
-
- -

Hopefully, end users will never see this message, because - you will have resolved all the problems with your SSI - directives before your site goes live. (Right?)

- -

And you can config the format in which file - sizes are returned with the sizefmt attribute. You - can specify bytes for a full count in bytes, or - abbrev for an abbreviated number in Kb or Mb, as - appropriate.

-
- -

Executing commands

- -

I expect that I'll have an article some time in the coming - months about using SSI with small CGI programs. For now, here's - something else that you can do with the exec - element. You can actually have SSI execute a command using the - shell (/bin/sh, to be precise - or the DOS shell, - if you're on Win32). The following, for example, will give you - a directory listing.

-
-        <pre>
-        <!--#exec cmd="ls" -->
-        </pre>
-
- -

or, on Windows

-
-        <pre>
-        <!--#exec cmd="dir" -->
-        </pre>
-
- -

You might notice some strange formatting with this directive - on Windows, because the output from dir contains - the string ``<dir>'' in it, which confuses - browsers.

- -

Note that this feature is exceedingly dangerous, as it will - execute whatever code happens to be embedded in the - exec tag. If you have any situation where users - can edit content on your web pages, such as with a - ``guestbook'', for example, make sure that you have this - feature disabled. You can allow SSI, but not the - exec feature, with the IncludesNOEXEC - argument to the Options directive.

-
- -

Advanced SSI techniques

- -

In addition to spitting out content, Apache SSI gives you - the option of setting variables, and using those variables in - comparisons and conditionals.

- -

Caveat

- -

Most of the features discussed in this article are only - available to you if you are running Apache 1.2 or later. Of - course, if you are not running Apache 1.2 or later, you need to - upgrade immediately, if not sooner. Go on. Do it now. We'll - wait.

-
- -

Setting - variables

- -

Using the set directive, you can set variables - for later use. We'll need this later in the discussion, so - we'll talk about it here. The syntax of this is as follows:

-
-        <!--#set var="name" value="Rich" -->
-
- -

In addition to merely setting values literally like that, - you can use any other variable, including, for example, - environment variables, or some of the variables we discussed in - the last article (like LAST_MODIFIED, for example) - to give values to your variables. You will specify that - something is a variable, rather than a literal string, by using - the dollar sign ($) before the name of the variable.

-
-        <!--#set var="modified" value="$LAST_MODIFIED" -->
-
- -

To put a literal dollar sign into the value of your - variable, you need to escape the dollar sign with a - backslash.

-
-        <!--#set var="cost" value="\$100" -->
-
- -

Finally, if you want to put a variable in the midst of a - longer string, and there's a chance that the name of the - variable will run up against some other characters, and thus be - confused with those characters, you can place the name of the - variable in braces, to remove this confusion. (It's hard to - come up with a really good example of this, but hopefully - you'll get the point.)

-
-        <!--#set var="date" value="${DATE_LOCAL}_${DATE_GMT}" -->
-
-
- -

Conditional expressions

- -

Now that we have variables, and are able to set and compare - their values, we can use them to express conditionals. This - lets SSI be a tiny programming language of sorts. - mod_include provides an if, - elif, else, endif - structure for building conditional statements. This allows you - to effectively generate multiple logical pages out of one - actual page.

- -

The structure of this conditional construct is:

-
-        <!--#if expr="test_condition" -->
-    <!--#elif expr="test_condition" -->
-    <!--#else -->
-    <!--#endif -->
-
- -

A test_condition can be any sort of logical - comparison - either comparing values to one another, or testing - the ``truth'' of a particular value. (A given string is true if - it is nonempty.) For a full list of the comparison operators - available to you, see the mod_include - documentation. Here are some examples of how one might use this - construct.

- -

In your configuration file, you could put the following - line:

-
-        BrowserMatchNoCase macintosh Mac
-        BrowserMatchNoCase MSIE InternetExplorer
-
- -

This will set environment variables ``Mac'' and - ``InternetExplorer'' to true, if the client is running Internet - Explorer on a Macintosh.

- -

Then, in your SSI-enabled document, you might do the - following:

-
-        <!--#if expr="${Mac} && ${InternetExplorer}" -->
-        Apologetic text goes here
-        <!--#else -->
-        Cool JavaScript code goes here
-        <!--#endif -->
-
- -

Not that I have anything against IE on Macs - I just - struggled for a few hours last week trying to get some - JavaScript working on IE on a Mac, when it was working - everywhere else. The above was the interim workaround.

- -

Any other variable (either ones that you define, or normal - environment variables) can be used in conditional statements. - With Apache's ability to set environment variables with the - SetEnvIf directives, and other related directives, - this functionality can let you do some pretty involved dynamic - stuff without ever resorting to CGI.

-
- -

Conclusion

- -

SSI is certainly not a replacement for CGI, or other - technologies used for generating dynamic web pages. But it is a - great way to add small amounts of dynamic content to pages, - without doing a lot of extra work.

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/images/apache_header.gif b/usr.sbin/httpd/htdocs/manual/images/apache_header.gif deleted file mode 100644 index 260e421bf4ad3f012db1746809cf4d2fdd5d8cc6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4084 zcmW+(X*ksT`~G~tvzTFw!C-8eLAF#gwy`%xA*GN`k~EB%kfyThbiS5^C|hM24A~MH zYuX28$zGAD&X82M6yV1I-oQ8!(89ezI2XreGf2SO9k?d~_izyI?d{FwauX91 zt8pNU0qz6FA`VDNKnf_m#z0B~QX7!UB{g!v{X{Uy22w5%0JapcCqcLrgbT7L(o`UA z2cJiP^vy2~1>T_G*PSN!v`Wv|pDypiovgZng>=KCV5JYzD*qsVMM#JOYzW#wHJ5|Z#CY;Vw0!3d3 zFKeQQ+dhJ=yr1Nu0(FCjgUc)LKYR>#P*8wg>g!Qt)HJoU)bW~{a$DlY#QlA!l+*-< zyV8)Bb}UKHUEp@o4RcU-gD2IqaRU~uXHT#fBPn=gb$7lsgL5R~(4SUcpKNbPuRBG= z?0+@TT01Irt(?P9smZBci72J?dEu=1!S8bJLY5b|3s06a+ils_->r4zc2=;N;fI;g zR^GFE%aj2CsciD;-w(X!AId=%9|rl7`R9;f*mG+yjwn^b#&msbt%0ooTe;?9I5Cay z1`Ey26LW+;=|nZ65#6M*2a(%*fY{H0!|`1ya`XMoTx_=cr#xz9Xg!@{* zyzSo4Bb5n@D_VP9B>F4JdpM$z(4qW(>wyo|`A;($9P!6+!g5&4FBLfiGuzc^s z2hAQh96?O|n1aR1EVV1RZ*(}y_7Od{nnB>OS5QGX2*BlhgRr&BJ2M_+3GSF9K!ZqNpA`JWtY5|o*@!D(HXL0X|4#W=Q2KaXy?f$k+9_Z8xosV4RjyxW;SMC zE_EpVSXE^KEUzu&Sr(JH^LCpFixsM0@&WOm6qSImy+`S+B!h&#dzW>?hPk5YKdsfQJs%8X)`k;;rpGZKdD7T3P?zo5CpLwa;^ z9moP3AW79*y2oPH%pBwmW!(2TAOOW zo%P@hP4#~nP@AlmeV(frz6kC3!hf@HFX}2P>Uem0>-Yd6N(t+`gKksU1=Ed^p8amf zu_zG}Vyu|cwqP`Xj~PT>xldZZ(S`7}--V!9Cl@?wEy+(v5t>JAehkTREZ!RTstKVqm zq}-5i?KGZxqTa$43XpUh8xY3YTBcS3c(xrYS~p}6i$!8^&NMeEg;64Dxd8gur-bz|p*JMZ2q>LI5}~AxslCG zxe}KioYGgb9C2lc!x6om)F=`gdwvnikXHNdPRF><30X2(@er1PfX^oCM^?YoT^Dem zL2u>v>^0wFFCJ`rVdewTWh5nV(}{%lrtbSzx_`E3xY-xJCE6EVR~i$#VmhUJFqq($ z&KRKvrSARl#qdg-99<026MTJyelQ9RX7*V=iy6bZ@O$w)#~W8Z+jH#OwN^6x%qOzi9x+?c;T(H7d4cx|%eE)~FdXjWG?Ci#KqHGLx8?*VQ z{qYrYZWIfZ5Vm3!+Ec6TY#P+ndHJ*qX(wEjlmsX{Acv9Gvi}Y(I{y4ViV)j`GWSCv zlKMk=9+2}JOD5ZkAtx)uaH8!FF7D}VTv>y_pVK&OYkgNSfD1{n0BpU$54kp6o;Em? z^7{lSM0+7OkkjKwrvF`}{|1qX`C3U_${Z6DJ4EL_J_Kq0oa)=+hdTQTR<)2o7b3f4 zHwbyIsK^#ZI#MvO)b0IdPqyVk%ewpP4mc_*gmN|~r+-oVKLZwxLz$rA(ys6+w=k0? z6=fN}76q(7OXJ{*_|R(Bhh)ul32tv^x7tOnuB+YC%*byjmUv0Ej`MOjMr^wrY`3MP zp!a3=DKt#&KI;^1uUOxfW}Y5`9d>~ihpAkdR)qUf6fpj%y0K5cMrvPu>*Rgb1s~7Q zWb^eUx4n0sULE;cTa$`mm#xW~l)>=s`xsq1g7XzglU4e4$3JHI8CmPK`{zr} zwoa6mMAdDVJ!V+dX~JpsgJ*steP6JXejmH^PnNudPl_9Y5`+H9Pcs)Z z8Qu)Tf>%DxZY5gaQ=7G~SYE75+aTP$Z}pR6U}3fK^b0D?>-{6ym#uQ^(}TK>8VCu6 z;W*f+OQTE17PYEiyOGo~VOc|ycQO23O7=}sjZ5+f-9$u`(IfzKfIJC!%0v^zJb~JA z=Si4~m^Z4aw0fy9)HMG#JTbq|Sf?X6=DE+-U!fa7A_J&t+@b2Ul1Ctn=cU4(yF4mV ziI2&0Vx*KNKja*m_7oyq`<+sF&ad;FKP4jFIi4tjshntIAsAoa4c7qji-^4kq8V46 zXfgiZl3`QD({!fhLA0ikr;o_VHo4h%Jj&miN?B_;ZNP_+W(AK5HAl4rYo2EwVMqbp z;Q`7ZJxBxaHz$~B5iP~Yv0_G7Huk9&o|M||M<-(Fhx5>k?O*8 z>ixQDn;MCb4%X3BKQnj;rGcUX;W$H^bM8+{u98hId8cYl+7SgLzIF*vg`n~@ti(}q z@r8F+rB|G!^giA`nXi!-jBw0UjKT>9`9P$k6P;9BBx#u5`RU? z`=0M$tc8)l7!lYJ4Y~of8|*lR2e~Z(#Zgh09IAz=P!81l2ncV1GMUs)A9!n;e@4bG zHBb1GdXauSIJ^<4@r%;a?I00@_7_cXn?WNLSK1VNGLw$Q7uRK65x5vO`GC%A-rCQt z%&9KHHOJ=}=AUFNP8fNG+o&Vs4zKkLy04$m;$IE^RfAR)2#6hO6>@QcDXX+jUA5s|hB z0O0z`XYvJ_A_41}U{t-dn^Af?mxoOdW?04hPL&d-g=M~nt5wUSHwO%7^=Xy2HVab2 zbj*P0%5Q*`*wVTAuMC)_yfw3v-Crd5=k{h0Muu(G(e*IV_L_x8?z8GWv+598*6>|M znWM&0u1Y|6SA|vwSP+K9SXAhkRZ4uXm_90h9J*U$Ovh(h2Qn$0FfP^=RUZl~w)|1e zSvfOtik&~Zr*d9@-XTBts!@KW&ofGc zC^e~mbr+d6t@(Ac@%lRKvJ?6xIY0FBifyNj_SHtig~iv;VKkLQRbsrwL5S)RFIZRC zh*>^Rms!6)TTAyVJ^xpI)18bo+Z%1R5iR+3t*v#lHYn+dC)Z|a+`~R+SD6j?%EJ7U zwP%7Vf70u_b1I(<2u7AGecemj{Te6l@MG9a156l(1YY|AI@&JZtKy+7H)J7F$OMbm zZ(jQiJoDMtCoA}`P1E=5(9Z#6(-XtZvZc>V)HL^5g27xWRYc@BViQG)Y3w_CH*WsD z=Ts2!SVF~?n1HXTs4w5+f7Wi+!wS}{1l`L@|NYS*Rc~DXQHz9?CQnDJoEMqSv@pMM z6tG;!Fyb6Gp~Zv%36D>I3xW{;sYeY!(&`v~b^ETiAJbaHNp|q+A=kDmXhhLdv)%iB z^_D~Jza_T&mbClbZTFvP5BS;6(d-Da>j*y7p%{|b!7J$qyW0^l(-C>0*a-l;{{yo0 B(}n;5 diff --git a/usr.sbin/httpd/htdocs/manual/images/apache_pb.gif b/usr.sbin/httpd/htdocs/manual/images/apache_pb.gif deleted file mode 100644 index 6fd80e2db86f3b2a299152cf959a54dbe5afa5f8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1806 zcmW+x30PBC7JlyqLK3z>SR)f25EwQg5Y&LgNdUt#l)bD`K{R58mO?~=)FuQFB$XhD z#6bvxvWNv-kOI;d&G{sR=luUU|2g*thw@myX#&6# zcm!x|Yimn^8K4jVTLKIM+Dw7b7^Q^*3^4%(iZKAj3AO+f)jC#XZfRYC$xv;B0Gom` z1t=3mnV19>00I<66{tcX5Nv5R*ct(fNtn#PhccO%1Umvug5^v=TLQ3D05ApGz(ldd z7{Xe#ymlfM6j<%=mt&XRrbTcl501@B%Mr$=)|1LM}L2NfA@SZcXy~u)am6V9w(he8UZtTad z9!Tv4MZD20@AYE(vfO4_J1CTAX8P9Q8z-IYt$pk!0D8@XZaY&;-{el@MALsHB(v~3 zaW??riMT!E`L*E-+!CW$KUtN-gCN~GSLeE@wBdj0)9ixE5Ja^J;0YEDLG3r%s;yW8 zVMAG)}R6w;n6I`!)y~?>m5| zFTcK)C?cMGZuNK(m?ED3=;})qh{qg$*Q$}oWO1)i_3GxZbZ6f-BU zufh9acRUgXUA-xyrs0uzh(Hgi1LtQAsD)L{Hc6H5!%tBsW0YY{Pzu3x@b=TJ-i7li zINGdSAqbF915s>4^5b;tQ2;0$`A0&W@%GIqu@njqou+cghhT0wYw!QKpYHMHAOPX{ ze^s)jXJzWlK`TZ%w|sY62~ePuX`U`3ZuX`s_jPDgk;#r7bHSO4 zqoD3ac(-wEkoox$keVUqbm`5&kF(B|d~j*1dpwhB>f!Sjx5<`&WiHQ%&=-%Vdnl`j zB!n?ZVsDfb;T=|!zwO#Wj4pNx_)CvEFW8Q1K-?tHrRlOiPdSzByI>|i_;ER1yvvO* z4($8-Md~ZiKO>uC;QU;TBNe^SKvl~YByNo@EdD(>zWqV-=-Fs-Y;XlwpYwGD(cLIk z@2BaQdrVK6bi`RhP70|^6064HG^94qF-)#f%b8uGo}YL0~%x_DB}pIIBUH;@%EPp}!p^KiPG`e*B7brMXc*&lI$mbr%QCJcH`y zhnJGREcJd!Gai_}t6vjYNDdk{6bACVPc6w_f&iY~rbF(pDi6PfK-ru2I%nH7gz@VA zYn>N#sNcd8V*cqyVJ;5H9Lw{3sk&c80L;yziGCtvpkN*fi;2NIwltd^=13sn+iI|W z{~9T=80QMeDLrxHaUwB;#O1X?m$S&6pq(^sn2B6$%9n@!>QyOHpKMs=j|S7D)Lco$asEk$+T$4nUyOx*IR>#)X9?GIHd#o T6))>Y^%oyjTRG?TfZhKGtsM2k diff --git a/usr.sbin/httpd/htdocs/manual/images/custom_errordocs.gif b/usr.sbin/httpd/htdocs/manual/images/custom_errordocs.gif deleted file mode 100644 index d566c5d891e5c574267fe715fc10706c5702b790..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 23291 zcmbq(Wl$VV7w+PVyM`nLcMC2FL4pK#54N}mx4`0yJ1i31-95OwySoS1Gk!sySv-L!2t{gJ3BioDLsL`yXJ0O0)1{Ox-4`A@tRfY-PCO=AZE*gL9gRbz&MnB z9Qq&JH|ufe>znELIQ!eXH|5Q5eEfC%Kdf)%+i>5IgI)p9*SC2559lj9=#?G%%KrNL zA5hRM2>J?oeH-u_rdKHF^(_Q%2>!nl^M5V;_bmV@Fkg7Ee?VYRa7ZX5EIcAIDmo@M zE)S?=?}zb)E%hI>JG-Cl1Y=Q%I*y#`E0o|P?ggkMS+R6MMs}I7)P&C ztUFkpH=M+7Jd`$Qzf}m!8Sm(Zo%Ig?{cEp*YQX3Ke_WfFC64K?8B*?hxuuUf)0Id$Yvu3H*A^@G zeF~Ta*;W^%2L*}Ng2=LZ~8wWJhbLJF;c9sT7yr0YEr;}bi!=XPniz&@kaAiguXiDmr2`@ zf)pFrz;=csICvt~X6|>m$kfGxkFIn@+*t0$ znYD9dE15i<+qu6&WSSPUC%Kp6bLZ+Lm@{Z0DXXQGM2k8lzNkRWs5&^{PMr(5*t&Qz zqp_?e6N0wiP@ibUYSQSKf1E|c+P~5=VJM}U6xB7mnd*UjSd_nFd2Ce2q%33BKDWnU zn-)U&OqpUd1Y!C6jmPt>hXAIrOXw)iGiVzy#?Nn=1qgF|@xNH8Iv~ubt4+qm9RNRruf@{%jA5#~AbbWfa{+k%- ze#6K0JKv^Cur4>8o$-nC>ab`JN$>Wd&BJaqcX`tu%(|R3hxc3L!$EG6t-yjR_Eg7F zX~Ws$ab-X2(@E{T?bB)Fe)-c`>)qMYc?SyH^F19X2oZ3a^UVwkn^f$;RI`95m8cx1o|4j zL=Kdry~qS(3m~EVxd+l+4q5QEQsB9|iA#LT4pN9WBI+&dWs;eMXr3$}(-HKcnZbWr*Lu&`IlKA4b-ijZ_x$otLL8FtC&o-{C&(d;4$Mw7fn*RH z3oqJXB$t*2X4oUpRTAVTYe2lrC-qG|#v+3&mkP~d@T;j(jD_qDBeB+yc5`*CsTYXC zYH(QY@iHmJjf_U;q3i6>A;~Iti`muUhfH)#3}NdoaTEQp*wkg>0=X%xnzW>aHeT`u z#y;2E4=wY7GM_mikdRx2s7A{8mB@JXhr6X2r0FIG+(nt8F|D3XgP zRxKcdwHH9+i#11!)ioA?g|;^(2ACy6t&DTk(3{d_3MTFOp}Be=(K6eJ65ahHpcB?c zx!Y)o{@u`g`{PZ8FJ`F$%8!LEvfIiKxl$wI;e|ed+p6e@QWLr#i$mJC)ybo!KU?-& z$2@LpGBL}{C4VeUL2qjd<;pA_T-5^dl=F+1wM7?tkLGxH({3B zbMyOck=->8NR(6Hq4@#D0UtWvmpc`Nb?s=+HxF|&AhzP^9eLcfz>jnw_E@c8ge0}@ zzCTB-4*Q}+J6W$lmc`9bHLpAp6?92+AhG$-ZLyOS*QuKC({vb`aO>Lf`G%5KsyGzZ zinZ0gCTxf7;kowjmI$8ElG zKhrB~H9nI|$&^ntSNLOX47rStt{|vP*?uzNns>_hM#KKqqIi#ZKQ`RO>&j<#z%+Dh zS}`?-fm&$Am+>e6uufuG)M%KWDq>0lsd;S-9R?gVRVAE$5m!P=nyHOEXQ9xTLsnhu z;jTwTefF8-wWF7Y{5W62ub_O0l81C6R3-0hrLa6_1SsxOn+58 zrNsd^aSNa`IgvJY5i91Z2EJ3oz>dIBS&*^iV`tjg9;$TlhU5X^O8#2ywM*+6Vur_R z2~%C`zaKIns;f*!7PD`!7Aop%?=m~p4=M~!CqWJD0adKODqhNl0@m^I1N%5zr-irN z#|h!TV>#x$dk=so;a?`{)sBZe@|@^`p?Fw(wS?)Wl7R~=Ypm%3e@loG--!T>v4(C^qLN#bIJ$AJq+**L=K z=on~8vPdLuTi8+OQwAMersOm)vqkA=t?J*@hUD_1ZihAod1wQ)yG%Dc5a ztsXwNnlJr|I5E@SYFDun9PQRquQKk~j-_>EWR12N_FS35Bj{)tg>8a8m-4d8JzRgS z*fcA^hRS(7HVtj;#ctEqxzG65T%#1y5On7JuuTP>EAIOczRuP0dhV!=pDh?|9BCw7 zUp2s1hJS8cW=3VjPPW-IA`9ffo!bkP2wlxvEe>C;IgX}|?0>#AG*%0wqj8v@?wRUMQBmgNYneFk^H2<^sP{iNYAaoFMb8=VpD z-ANW~PHBX5P{2%@0oxPcYYBJrS%3ZzxGi5eh0prJ3x3p^j^Et^*L?$|lXak3{`!Ud zswBc68+|l2gLZNP%y#*^5Ch&Niik-CnUVxM(qmgDf3r?D0UHGVY7F+03U=1~cEA;6 zz7QOs88Ukj?0aBy4hjih2wCwB`75g9e-IL{8M;6bnwT64<->C6)xa&#$|Qkg^FeYo zA^C2Q!emHsBcyZzf<+WiLKs%f7gnnoR__+pm>kyZrd`(Sygbi-55@kQ=vM((*q9wbMi zO{fjH8RA^%43TJz6h>ZaM%}ta-6uyqHby-!M8Py8RXQSF-7K>Abted;&b!^y=&-K_ zFt8q?aY$qE_+tpPVu;*hRB)n|gTld;dhL9uaFzPIInlTs(W7oL^eM57O|i_2v8)fV z#nCbFp`q~xew5O{Gbv#_04B9XELtWhJ88Tqf4sO>{CBMw&ZZayQjaZ-xN%;%V&Aw{ zHDNpo0Gfq~e|8|oEf6!56YDU+-XVSvkk}xS*kh1rl#*yk8qX;$C?e(f@c~HY=0|KF z_nu$oR>Px)2zA02purD^sF*-kmy|dGOGy5gPzFdeNg*xiNUkS^b{(u%knm!SlHpKv)I7~?8PoE7% z&pk}3+(_GShwf-)6c)vB-5Ut@#n|zE!@I~(N(nw^021HF_a-TO?8&Upe1An@3sFq) zDT-bW1pGx!>$`JmL3ZvBO&l3S$6QKZDoRUPOvbZJ-(*N9gk+IwC;qKWClJWkBh99? zM3+v<$h}R}$P4zr$Y3T*V1dab)h$|82mfFPStW2ud;kIAd;vctV};0aP!il;^F3K> zGesCu5<|(Q7@=WJSwxmu*u`1np()aj$;uG!G_5R>Z5~OP^dFEs14yo}KzfdJo)Tj| z74$8~I~HW9*T-|rK+6ZSon#8gG?Q>Cl2Pk_qc+>Ux~QTx#I-f0B5G%jAi8by*w-}t zLf1|=W6Ur-%8Px>HD5~C(9Sc4=E*;%3`(bbgrvzG<)x8jDQFYqG8SP#v!aXhOD&<+ z(2UTa>~HiQVdg+*j}jtt6TNw7f5}`}ku~J8#8(CgUdq9@hocDvh>+#-dw8H&0wZM7 zqaKUWWy<0hi(wRKc~h2o8QNtUkTR8}vOLC=WtpNS%c3I2@*j`sWlQDkgZVaOCDlto zM>*L{9wjctC8M)Crh6s6w^jqLgSr)=M{EEOPjK~aAQse00&XN7bHk10Rmvl%qJ&7e5cs+$eW62*k6Fx9Ue1eoER>YVSGUSn z8P25^%$J7Ntqj(wE+q#aCaWG7>4nvYFV-h7r5O&_TMd`9=rquyR+P+HpJGJcz0%%QqZT8I8c2q*N#lDB3wLRpF5yDC7VD%qnE_#%?Se1!$Bqp^qC51KMCW(`$ z1UpCr-L;$X44Rja8#l!Oqcm`Bp*7K|3OTlp2AdjFTbgyCZo@%#WFh|Sju$tL z1v;(cgmAqQUl7^h&QX)AQ?W3cTBZcsW`?WVJmo!)wZrY3qmFgkQIlJdnzm|MW6;~^ zwAv0*+mBij=a&t$JZbEuN)ad8&hJ}wxT8o@{yw(+eO~?xd-@9??|>KTK-BF(_UZtp zb)dC&V61dtJ$K-ccj5_k5(vea5Vz(^>WxTslCN}rcI0iXS-nEfOWK%EAY8iLJYL;=Y25;8S_2Cje;T_*$a_SEdc<{mzI*jZd1+2`17x4! zWk&$=2D30~a!vpV z;UacvLxpLBPUOSw&%+&QeKjk-xzD{tUL!%JgJtYUD%S9-CnNIYBU3`7u$j{QXpE8^ zuVIbY;X!Nowdc{Xk)elo0L7D05|zH$w6UYsF$wq4qwTRDt-}M>@CssY`z>SR&!bSk zv6Gc?*z-6+Q$MW-s9twSUuhsIZT!(|{7!Zp%Vz8r1MrM7L7+ED#DW1Y{EhVecvAR; zitgA3#^_!+Ic>+73>p+;sE8i3VR?}c%cErqeL7UDg;09h%wn3@8@=qd+aqrjC1S!} zw^yxn$nF`Qs*IGTZH!Z{+|;U=aWyUeVMeJeo$n=Cxh&DiYF4XlCfRdZw;4k>eY$4C z^7rnvzx_~g_>iMDd}!%kICdnoh#A_|sT`Tv`JyQe%vrhgSr0i_hPzFR&dWTx=k$l+ z`4*fxqxa}p7z6Rv6aLY|EwX*0a=m4(Xd~7$80n<=dZQX`b-H0wZZGK#VGEya7TBbh zdU56oy%)g37$xZorIpjRi~0dxBW#M}>((=9n3KsdGe^v`bm>K1ZS&C#OIfQ+a;NhZ zEEu|avmKQy?SR$F_ke0lLBe_c=+z!2@=21b35?T;Ht+FYZBxI{8%&31_RD57^_KcE z>rJfI4Bo9@3eTSF6=@+X1)kRRmeoDT&FXl}cgWSzv25JfOslo5BeAYlwNCFlt=ecV zr|9;MJx^e_EjOHwZoi-HmfLWNSW6mAQ5ap9Kdn1VU-5>?mCHPG(YDtgTW)Q-*LR+7 zIu1{9lrOQ5Z5;^LQ)A7(p006!Xb}3a4I9~bzqgUtI#j~E7{@Xrn-;_IF!w^f^iF^6 z=jo)@oY<0Zr3<+*ATX;qMwq}G;eUWPO`jbg*72Q zW^Kv>G*90V9i4kd-zCU(+7jv;12mj01DD*%R*apWkwIIXv(p|fs8b{v**nD=sM zvbBIF^Ww{w z)mQnmMAnPy@_*N-r-rs0XdnNfV_&_q``3?k*2lUa+CDP?yCA_nXT<(@vhwflYylj7 zj{Bv5_R9sA-64L(wOqv+iNf^x*cG4f4dTx$IG-z%j2occh0ypJ()!Kkzhk17OrZv+dnt-rRig z$+sPZM{j%e8FR}qay>y{59F~O%6b-neHD*=b2@gX_Iv%Z{X|E5&+Yei zPuZQz+R2CCx8KM2rLZ5mGIn)-t~A&_ww&)dEZ?21t#|#sWIkOpe$5;Bb4B^(Id<)_ z?#F#^`AJ{Y^B3&>UWJ#?^^K2FBbKAXRM^V{r?b(2mRi5U3bbxreRk|iZxw}Lo99dU zHn5tr>r1x8gTMFsaF^mNz3b~o=dUZi0054Nrny^4a$)1Z!ofX|l!0Gbiy_2KtEg#k z@$dna3{8N2VuHdK$|zz9)do=DL=VA4p1KS?byBUYn2w&%$yey5n60JKEJ|BPR!Wm) zfu}-pdN#t^9>tKMVwMZC)S(}#KiXST`JA7OF1yag>{-4l{IvTW_0d;1ZTDhuth+ss(gEB6 z$%bIE;Y~|%7L26}c|MX4isWay2uo$F2I7&6!Zi~l{<@pk8xB(`T6+%VE}1LSZ4rfD z!qHY?)6#>5po~RB0nEePWxY(rVuhliDHjmlinTVc^I1Zs1F_a9bJTj#Jg2$k#51z) z&nWY>)h*skI_=^7H93C)U9ht_%S7W%H6+{$!ilM};jNOYI1E;lHq#XZ{;3W+~Lu)=IGAsDzO}rWkdh0a%*regljxZ!U%> zR@nbR`Gm%0h5uL+QB#d0f__@{B|XFl@&e*bbm0i}#ibFJE$qe-pw2?T#b#96#**GB z6c3aEgl-xx6Evt=Vw52eI;mnxt;;gXOM?B`L)WNc_Pm%?W!z_|v;$uywpg%saqS+rUaEf3v8bJL!n`riEL|pDUDdQAg ztWMe#!Y!$yRD>9!eT$+x5S?m;Tn}Aleg?!+p4Hr1V_Zf4vu3w znhSRLE|^_6s?XZdD?ay#yaSuKY)-t_;*ja`Z4`(u0%NjZtib!TF4&8q3SP*VHrabn z6;wLoJ&Csb(+_v(gQ0@MPy>;Zl`@ps-;RaY(ctx|!(1|Hab_@XFF{gk*x3MF+fQi@YHSi0rlJ0@fm;}%>|rX~{9$FL8eu8jxBaMB#z#SA+xv|X)AUfGYpaJ5iXcvCPzGVAimxT}D<_MuaG7gooro{hq&_gfk z08uWbB&;y+Wj1mM(>|dj{(I2N4t5APVx}S;H}B)hc8IXFrh2!2@SR2) zfRJbwnxb!4R6cukLy@&47a9DO4;OoDFSB#Wa%Rj2Q=A@W8_n&DUJ99zLD@$HZ-6;m z>SduQ;VlPRrWY7f96<3+H7w|>5os#D1nuY9OoI`@T;%tLeDkZ}A$toMP8k2vV2>Du zo>1m|j+dDCgcyU7ZUlJ*nE)9f(N3h#*5WHJ*Yq^^2a>@@CU~j<_|93*kmivOxZ9LT zF2D#?qRkPuDAaMcp&V4ey%K5WLx5+ba#Wt`H}04_nZ1Z(WEP4bCN+^}38T>%yCVbs z#VKxWgCcRRPzb_q=w!ISHp*SizVH(bu3Zbw5&#K!k< zYBTDu3x9V8K=hwKO?q=?PiCSKk_c1GU|tmUo0eB%m{xA%=z_Si6b+R`9*Ln&)L`}I z4M~{OF3Y=^;nZ^K?2B)7-eg_1S;fv}X(E46b=d0FcMjrhpe=iin13Dv#U zm~;#9uOb&&n#b z`5)kGI5wJo99;aGcLy>W93sr6DM6Lzy8_%}<-|O|M*Q&qpb4ik~dLk}MTsP5RxO`X`4NsNSe*6p4jq_OeAf+&D57IB^7U%NIkempiuWi^B^v3K7V4q9I zPM4Mki=f$`iA?2A1U!>b3J18c&%!K2b`FPHc$RdcGEw*#zjlsSZ09wTt0XFsl1-Mf z($c|2`vY1R`H4I~69(W5o#7cL$k`rJ`t2wbbIkR&P;$$|dF#899RDq|bpiY^K@tU` z;HsQ;ZrzX4 zZLFCdz!f%}707ocmXz0aKqTKVW8}qOsZ6WCL~mIq(9c8SE@naQzdZ77{#}`@aFa-@ zQgWTHCZBd7b3{7eWh(lAdYJ6(`(U&sKT7TT!)xzrPM66R$Em2MCoVtl@TnUDKoyS) zw6;b_MQY*io1%=uN_%UrV{0tq7`3N*w-)=&+A7zgb)q;!G*-_kbEnS!#8Pw@MO!iG z9XpRRZLml8_=A1Fs`puh3g_9J`{{)0yJS3EZEX6>*jTs@t&{1d(9idJ?{K=~6!~bv zzw%oKip6%a+CkVrl6NDo;VngT{O-2tcGkzMlduZZ@P2l9|7^C)4F!^KoyabA9*H`A zo8Gx%gHN{wh|R>%bMHPr3wYJb4rUT;2TGA~=Zge4{@VtM4XpHSS!}5S@joagw6jIvrgIu+)b%K)0)B3+VwkVss5(_WSOiaw2q_Y1U zMuGg2c6e2QZ^ZBuu`)?Ba3a2LUPOHCxR%lek{d|sTeAX&z70p{q66zD;07C16cDGLb#J-^AztFPHnAZg#{Er*e~=$UoE*V z&u&HF_mCh9zJNHz0F{6MhelK(2~rw2hn=Kf)3m;edx9B;Y}D$wnD=fQ)oOBgnsmI{ zKB~XNs?ZN}50;~^E#TJ4b2SQ`nDMfDFZ*EOZHv{fX9qeumT&he6 zHzhg5tgV$5Yj*kuYU%X%nIY_SVGl?r&S4DFu?f=Wf*^2O4S#y%IuHcZR;EBWj?KmhJ`3iMVE zzoIoHwb4@I_&9|JHY8oBBk@!Gn?drou5?L(T4{b3$rMqKnz16=F|-dsk9-O8MX}F7 zFkk}lbBc3BkjZtBNevGY9XF*vJlt16B>#gRry;$$t79E~Jh5gB>48BzQfQSDepg)( z{a}1DPAoNQl&^FY*gb*KJ#sS9##1x8Ch>#dXQVzc`Yuy=*$s$wu+$V-K zien^3p91f_NJ!}2LF8}PVr0Kmvg%+`U{P!l&?leIXVVO*GMf+>lnQ5nBq5gA!;XNc z?!V+rpRMBPf|$fBW&D(5`=Ww=g=_e;USGH#_>Cla0GRNU4V`_6nUzj29}GRbgA?S9 z_N4Un2RBa-q{Jbj>Y(p&v1d|swB!`N+V=YB?Cqds+>}I4K}keeZS0hcO?Q}% z1OZBL6I@pDX91&g2Qt070szUszTSnB#0ZtSDF~w4Gj5R9x*^8|ryblXo_~vM?*XZ8 zf^I*3#Nx>8HP2+zHjkUcGPLm7x5&xUw6T^>v@nKeS%CbRiD;7+aCJ%}H1`xE<%p~G z1P7tp^wE*iv%xHZIe`zBsE?T$cLArAVA=z6&VL+WBVyqVqcZwGU$b3C!MyCIX>N!? z`9!YS*_QpBdA}ZU58@QzDc^gz0Z~LF;87FFQS!w;xe06AGNBmfQv;bgINfJ_E>W|; zL;M}3;{_XYhi-G7AVpLhh!eGdIT z`141aVHvp~?TPpjp#j@WhH`{s>}v^sd>|D%83d0p?kzyd25E{SdZ?Q4Sv`nyD8_EN zh%UKqBw6rj+PP?^eou#G1<2TlVb%AUx^-k_X#$91odtKMR_=`s<)1V_6t+{Mh?zYI zwpA7@kSldKs^YA>U8%cXMNXJnUW$+D7?1?B@(aFFUBDIOuBxJ`&Y zi1m(y#=ca_as}*t?vk&?p0v%iHp3XI6i9japP8SO>ILe1D!qRTSk2eF;=xrtnB?#xhwpLA->_2TQUuh-Yu(U_NY!4mu93Q z)@fZg(SlCs{lkguqmSk>0z$sL9p>9$xU~M~YOJ_&Ql~BI$D8aSRX1uO$ zld{>@YCeh<%?S)-|E|ok4B;B6_@}K?y(AmOSS`s|q=hWF)7Y~9qa#iPY5zy75z`;) zK-I@$`n=)1?O-lt#ZUW!+MUZ4J31QZ;UPZaiiOkFd3j|o?~15Pa;sE27?@Gz)atXT z+i<1*-Qp2NgFgx;1=oe-ir$+vq#ZSX9a6~9>9J($XcrGM<&%Xmp0qjl zHa|F(Od-}S79;p6HSvwK(@wxIDI@nWXhcH(fQDriqs5L7;a|w)GMJj2w?c3`iBtKzYIVA zlI@q#5pYgb812zjvmO9ZAPs2PY)RraA`^i{27u%-qq&1_X^3#joHXnjpH3@s)U%RQS(XkG36;$e7!{G!3QP@6we;^>m4GS{C^Hf6bKP?5{*GY` zegMaq)`gL$V1J+(`+x)3kp*stkL`z#ZKVPC$WhOPP)}CIj&#R%F<|2zX&;AYBp=0d z4aj9wbxWju5pIJVe8>QD6RGE(l^INbWOfVlazsGrNan!`;_S-qGkv?}TG3T8e}9a=}Th=ENVpfmGg8G;Op0Mo<|}rx;k~ z*wf#=r|=849#O-nV4@Zdp2|In)+hq{B^iy#>~`auBfs;kV1);KC2y)oFD}PprRSiBB86#V~^hz8TiV16ri70ZFE=^@q1bMbJ46An2 z<#&fk3S{!S)$pzs!n3|jqZ?f$EDKbY@vxMzgZofg(G^PJv51I`pWah*FDo-;i>PM{ zv!fdm-Wvc%AZOe2&t;&J&F$`>onYz@GtFsW_HniuO ztg_|6*`NP`n406~aW>i7HqgFoCcUhTyx$3-*umFdh0WV+LOGE5*d5WkIPZ9VRU?=}|W(pSD` zY~abSUhD3NoNeHI+4*7n{;MxLM(i4=3RPgFqA(hQ{18xN0+Akv9gmZ#%n3mVAd7+1 z-DB00XQGiwu+S{*t|XU4i(Vj!Tn<@X9C&|VWV1iavO0iyJZv*13OgDVUIm{KjxHNk z3IA-vI{CY1xN;8$v_QBa5h&kz_X;H`Q(fwgTO zrf>lrWj~vN0A{6+?7{Wc{8eMfYiE7$H&OIqn^$LN$YU#q%;$uxi^t64{bk2GpOElk zMbw<76uzrCrf%Npu@8>%GEUS?9Qy+AG@}X-X?=NvGA>v)PE*GwDqgmp15}&Z$|xaz z{5PLYMBmFq?zd-NzOE6=!6^9gcJZ^DzvBI15ogGYa~fK^m0>MIhTO)=}w z1T&K2&8Fgw*8>v$r7d8(I0TD*{dWa3Yhagcs5l)MBbSjv+Eza2j)>_EQYd%|q%|}W z69Y3PRIf%yF~r+l;r+;yvgN4mNny5eOrU7sL6mB^n?6stDKA8LQi0bb$&3V2x z`pYKd-g2DD8Nn$VVNal=^c5K>EiD5M^j8QBP?Qb;Z8-u0CMJAcJ$zM7J<=Nkw;rRD4WqlKubXYKyJBQ?Y<%MX<=U=q zY;OI>wS`rv2=N5)NT15E001=p0y4MK|1N`q1fTE1NN8j(r4^~9LeTW#0}rR^RMK%| zxM&z>@ey;_m4_vc)mb82JYI?enUmS$Xnx4^_y1qAt#nQPXzJ`#Qw?uGI-2`+eC<2V zf$yQXEN2XITM83cGC@EkFe46x^m`(`Gag7iqnd=$JCO4=u$qYNXNNq| z5BG4Au@<+hqt)StiuJz>g@r2B{)L#oS-y~G}Gj}a&8Fj`|q5fP^RKJptxat zyn2$PZcP)7vaa*$_j%49n!*h*2G4=PPjK0l zF3f*wr1tRs(KJo3-ll!1+uQyPc%<`aiJSWhpD?99TsE; zF-FFQGXyR|25+bbAkhrSBF2nEIq4L$xH~j}w5F8&Qf%ifD~YSg``HK(D)bMdc_&e( zHH1?;%&&<9kdY6NWjc(Tcj+%GTyZ%*ZOAZMTo4dHtt3@6*B_vzd_Q!xQp>_zE#{mQ z9b7__-bkT<9?k4XRP~RW3nE5P< z_$d=ROrRvqWd=?@i4Q-cnB_)BN~LaohYGQ+)_EU}yIEo;cJ-e5z_OSk6O}d?M!e%Y zK1NuU^TWu4rJh8?tgByD!{%mohlFmx_?Eu2Sd}Hs6RG*RSwlQ}qK!%1#3dtNZc=oC zEBV5=`$o3)YEWg)vNVoZ%``-n#*E1T>idW&B(ual@Kch(XNumZk@mWf3N(^cbl`U; z<#Y<5F+M#tv#l^s1&M{rZVg?i^XKE2MD`_0cEFQGe-rpditD5ZMo#QNq_j6cmCuC7 zmzto*4amf@Ht0mQ493|AHTc3z55`i)M*HrtabhXXE)Amyb3yi8ACIMpSXhX1y}#14 z)fZubNI;}}TNaYAq%hq7K#b;9v;%tA`yRnvif1PEhyYh96ARnchX~j{?p8 z!C8@!yUBJt!30vdwH2p%@`rR7B_Vx+(X!v;(`H^;&m01)wJ5+rMM!lhOxi%$1G z;Ij{PMBwzMU;HF>m=<%0Pr~Hl-3Y_)j*GcT6HWe*66R)Rlw(K*bmBV`}bl~42c=DSc*Uf2`}9gdU7J$ zh$wBm*L&h{nL1H7XY!rTxhYa8xHF`G}0{fe5F#X&IW@Fhp2LiyZyuqDgs z|H1k?hhp|%i+N}gVmkw*{ltLJ+N_Ms{wWbuhsn}3aXNxQuQ@l<=%9nanNfM4o7TNk_tw9=_##t3X|e8{vtA|MGklJaO6hEaR__g1Wn`^G)*+ zw$A6!)r~I=jlIHFu1TJH9cZr2`+?;ygC#3_<-|=>H)kHbo@@6I;_CZ0X~m!XGoJ=8 zNuG|^`L=%OpS_WTd(tbwi^Hpa9)z9e5%!LxPjeMR4Xu#2ZKldF!<)$YcAR#0x6^m} z*yudv7+5Es{3BaE^?ZNX^9Oy7LzlmQvuc3H$gOjGl|4>lWM348Y=SWHIAj;Y?Aw0I#82DnoIzO& z$7IsPCT`0wgbgDfT~mf#(mB1iSJo6hFIMS#b9j|m9UbNiw2mf}#~rp>YD9UoSKB%T z*tMsdJ(3U4YNH%|?$_2oTT8RsBtlBS!EB$qPj7^=Sho;SxK_m|`i` zs4-XbetsNAulMn2cYVKa`RuE2{VVLgqH*yd%w@S$ceHj!t2XI3qNeX-0lS&2L$<52 zB#ptXnJ*5BpD%}xPQzEs5GPM3HDOas>F>XABn-!UjDIIede35F?fTt*m+hj(qCYT@ zMz)ld&|3mH;%VZa2lD}vF-Y!px=qczcl-dp+a zIOx+lN|N|&Y|-joBw7Od>=s;pcFY-Y&{>U1XdL6kG>vSj57Q2cJamq%Nd_M;*d8_7 z9(_0C*pIvz&?Kslq)?AWTm-N2VL2zey7EP;@kH1)MkqE$As>RoUCjTQ#&|o05^F_~ z!5AzXzel{Mw~(j@nG}YFnFjdpnT$0W`~_N{(NjfF>wsyT?IZHkqei~W)k|5Z97`Znm3MZ6o2(LdUR9jQ2thTmL4jw#5$Q;}nY zLrgN%6FtE9!uF#Cc1}>Xxt^!xjXRXZA!t@XokB{7$%Ep;kjDDj< z&W|SW)di~c^O@MtEJUd^IjY}mI9>n(?#-esYHe?x6#G$L2A`xqjT+gkGT!76_ha`z zD-CXJ9y#ns31+6~uWCMZJ7Nb(?oBhCi#5w#2Sud);5zKStn>}#JeiK+~$vx(( zH+xDwdJ6FQ^1J8hleyEO84%y+nRs|_slZ0Q0w zw0xT(YZBKub2J-wvO+)Nyi}fSQohg;lMuxPGg|s!PIE9Ny*=6kUffX>mqwAVU(tuk zqSDHu4>;s$5X=lRz#jpcWHN}KDwxHgc)_4RGBB9gEdhuW9MM>aoe=X=DgfCf2o6+I z<6+h=lh`GLnYUEbtyDUTQ=Da4ye8r=ei$U+j%D}=i5&#nXqEinGp`~m1(BrHH3zL| z$4D{+$`tW&Uo5LmOK69hwpv zcDZL;>|vH)WEVFOWmH%Bnwa<#sj^Yp@>$bzIUymB&oG}q6$PeKdB#(9;!!^Iwy`Eq zTxL*BGh99_Q%pNteR@>XyHw5kgvR7qJ#MY<{s zWd33rMkENXTd37}0Evav3`48aWvbnN6w{?PFdsK~JvDGFH&9xY`n_w+D=z00Yy^8Y zhW==z32S@=#&!3`yFS!wd4_9R)#El*Bp=twhxtAi_%=(FRcV3`O)Wp|#oG_Z|9CL` zL>v6wDl*C?y)h9Iq*Zs>XokWcotPRa{t#1#ZgnVC1KXErjJ0YEL9ZDKE9bRpWIt|= z9&Y{pgyH(5?Gt+2f=(kAPwd}R{UV(@h6AHOYDXT5#woqF?ATYbzGAqaXvJ6zBBXlrx#o*$l2$D zm-!95PCsXm-An!JGuTzy(&7B@*J-ioFEpy{pv#NY^gg5nwA`Vx(yaKl;(v}G5%2sE z-bzm1HF(_UYSl)(g2A2I2C-_TDQ)HP>@gdJRfv=KOD5OJK9|}acYG$V7}@xPgokl# z!2+e@c(e$3Dvk|wAK=7j4z@@Ne@Fx$cJ(&Kg^|@B1P+8V+i*4|$_Ylqd-X=T^(*XE zI1coBSamKfH+Vj^QhIeUwsiVG_4*1{7lwDP3^$kyHCd%bg?ZI$rVZm3B_pNvC#NR0 zhDX5j{)sts#zTY#uk-{~mM@0BOHHVChalgk_ViZCt@uq!*+kT(xE-b>G^Khs zrlb^(mRO7~p^f4T+BR8830c*IrdE6Cj0=`jQ>Qk}>(qP>8^4zw4oj^uldVB~Ujqxb zB}Pv>)=k~P&jUf(Paq|2-Wg>)+M_J`EXjbp+;~ky*K74&eMTleR}K$KhDzdmi0tuf33}4MVT{y@2G_-veZA~V3K3; zem+iPhCj*qpQq~AB{wF4T*uYtL%9t zvu!sEi4oR@mVVFEc}c5_l86f(`-|C_i`h>J&Jp(74S|jVOQmg6nV2qR@0ZKpFDfK; zYcno4>WPPznKrF1BV8{|A1=eXSon>+DP{#$1|qn9y)gz?S2V;5V+I$;gjdtSxk8ew z3pU=hHuIC5i6azV*XYZO!fU8qQ*h1Qw)@?_l4~a{t8YG3vhUvChMazlZ4wK22kPnc;

NJBr8l*+>3!pZ>`f<1VQh5z!dWX991Pqv^fncj8Lo^}`!@J!yPhY&c=(sd8HIpRb z>i+~18tvtVj=h{+=4IfsuIpCz>!>+ymbrrWnCiyGVAuNV;#Na)KG}b2zr$WY-t1k* zT!rbL?%HKo&}eMl4()Df?9{esiCS;TsFZcPXVQ+z(U9Y}UG4^?S7U3o5lzMF#<{3F zz+%g5fp%a~mZ*{J?-BkhXKu!*m^ra~Eay?nbIBm^8rqJO1Ki{e^81DLLS5~{AREI8B_a865wN>F+B94`7c-U zfA*Ua|A6oU05CN;6@ZwixX9S(_y`#(IZ0V*d5M{+xyjk-`KdTC(9j@YdMY4FdRhP= z5ODg!Aj>dYTT46p@?vs0_3OK9GCVkF0*aihyv(f0Fj4|@xcd^IMWeO#qLr2PvVpb1 z#Z|`D#RVi%3?RZ#2v98uFgy5BvJNCa0x}p7GFWShpc3`~m|y@ffV@Qu1E^c@j$gHA z6f0W1{)jQ7#*K?ql|p68BP&<1Ox==2YnLu+)DA70GRuU)brU(-yopm2Om*<)F-Vbu zMv7}$Xk^i%C7e=lTzI++@GhRAcktvLlgFgT4+a5biby1=9g~2AUI^@`Xdyy)3X46> z2{*3XxpZxc1et2oM**!~#j+-F!97MkxbEpB<^@3;)g;GNhDnjp7NkyCgB1Y zg|)E+B`rE4;!BZM!sQN2)&NDBiQK(F!V5ytu*Fc=q~J{!OaTxhIc1b%&RZP4L*SKm z-ifCtM~0-=NJ_{c4B2DjJesF-E;#^IN!ur z&N)A9l*R`&DT->Uss^xUUaOdL+$qX2`6NqK%DHN;%-p)^7FleOVhWQv#~uD zrjRU9zak}GH*K01+PIt;%K;^q4NP#s1*c(cBxwji2E&z1VFVgWP0a5GXe9iS7h;Iv zg%pxVG0r$1Gh&7rXOw(0$|akuvKdU23v(!a;?=FJ;0{`=SuyYY2~6f~dK9o)1W~3? zB|5hqypjS%ri#gS#u+#1mf81`Pam6aIE)*8poYvBe~9 zX?H1Z0W9S-yr`y9qUDeU7l}J!?9wD)t?;wnwNZ7iM&4_v6pb>Gz zV=yuN7-M+BubgX-vw_=@paFLyXViV86ii65g!R~4AI0@&EUqo!uL}O>tT%?}R5=P0Pk*I7yAc?1BY&dtxF|=|CiMX=xmU zr7R7mMO^A`pZnY;BRmKRG-wQtj2L0afQJU+B{T~DXxJVd<(4-lTu-9hI~_Hxv`q39 zQbM_a=8rB4QYuYhTI9&)QsRe&^1J{GkmE)rIYYkz9_3!ta-tKLScaa|B8{o*4wsD8 z9m?Et5n{Z|P%oiIekv7TU+CRZA|Zwlmhps;U;+>lLM)XV-u!eEx-Qt2tUoBB91^X!&(9f zVT&DL{~AZY0u~Kn8^a`6o2o(3(D`GYwl4CEjS*}pbMPGG>r zi^Lel9l+pCl0P}*C`)+xI#lOC3wqGMx$}|58YKyx9K1gm}XYG%Z`F|$5Utu-?1 zTHiXT!a&4^n^dlBKDgu2ZgiFJ$n+ube(yCD(le2=@{x2r)eZjF|@Q^KG9S+BI)E%>iEWeGh!-{Qh^#18#AO)7;?WPWsPv zj`VvQ9p^HqcfUU#^qt2%*GB&~(Pf@>a`_s~PP#NNICLQ|3t|`(zxd2Q?sm7&yyQg3 zI>Cc}cazgy;8CAD-1{!{tZUojSob%;Pmc7AuN>ug2fMBf4)3Q|T<%Ms{MNzVc)KsY z>MK9G$}4~Ox6i%j`G)+^3vceyU!CeEN4?LlEq7|mJ5{4bG|mzoO(s_pQ4>FU+(qyA z%f~+F!VmlKHGl4?D?RL^Cw}CK-*e2vyy;r6e&c_RZjWQX>%iZB@-q*5>T}-J(06{} z#eZ{^>z(}S55D#OlP-JA8=vY2AD>spS6f3OnI*k26mJ)oaf+vO(?@y#wtkiOdeJ9( zT<3eM2Ym1cbUr74E;n@{cX&-#dhgbE+XjJ_ka`4Yc%J8YomYG)H-LmEdE-Zd0(f!> z7Ggr7EbM2Hb%mt$oo zE=-scNhpO2LWNZ*Y6!;8L)(p$HiY&(wte8x0 z$Y0R33>CPGJokC9D2m8Hiy1+R!nkp`c7#WGg|C=?@#c)1P>e`;jP8bS$!LsbQ8THYk)xjU%WG%UB8RR*t}kjIH>KrFf3PIF7#PfzPN3%t(ywSdIBOfyrQx zexnN82#^X_KF@TAjL47ew}W4IgGG0YR=0%lmx&3vcupsKGAM#9D1p!Cc`T@ks@H%! zn2eeDff8wpmnU$^XM-3hbuIXjBDirJ>5-fFa^%K=F$sTl$C59Zk*cSPF?f=&=#d2% zlm0&GbT$WhGe}LM-~da>luhXX-MCSQR**ZU3&S>S(!_oysdz5Ad^sp|jCXiJ$&g!T zf+snE)0c88c!D=~gJtQHCV7!yDSd7!d~}I#@V1p}>4MEDi(|=>c}b3YnQdc9mKkZ5 z!zY*&NSN>EfQH9?>Iar>>6Izhk1?Z^PU)0TX)}@-6H1mLOr|5931yl%e>FIn7WtSx zX_QxomVfz^1lXD{n1B!Yf)@Fejt85kc$=&FbaJViys2~Ex0kPpo6%>0vALUr*_f$G zoWi-4Y5AO5cbu#jn84X?$f=lHb(xsSl$vQ0dBy-*W*TT`m7Jz(&WL(U=bY4;{(}zr za`C5?>M4UF2cOJ2evyfgODL1%hFNp`qEY;5*sYt|fr_?8iga~!&JkNKPM zh@HO(g6s*SYDtR%sEq2Ef?3&oY>9pN2&DK}qx<-yDX5=zIgB$ZoLc#!YU!i9hM(v+ zZ4X*~SL%XGilnzV03q6)BWh&e$x+OqWPa9YmH3h%_U?*aoq%VU zaLSgII;o9mejB-g6}m_u%AMXBRvndQP?BSdMht06n)1hVIm&V_dZ9Q-gMpcW8LF!j zYMOwFtGB6;r?{ZFS*syOo4HD=%Brj~I;&Ypt15Yk3dwatxude#ke1r34{56_*>w&X zZWb7VFG`WS3YQ^es+ftYm1ao7;0v0jAzKz{`WcUpn2L{xC+V7*V!D|?SZZK+YG?Ol z^Gc)+TA70wjrb}g`r4H1`fD8(Y<*UqDta38T9R_Au%noN=W^hW(^l?Z5AC| zW^5aavMHOdUkauo`mu!bu#1=>7m{{-wswxDvN@}>9@4Q(iK_nlwTQSE5KmDhli&eI ziwH;S0T!XOO4|uYo3xJrwG=V6nXt5tP_>JYwOWg`P8$GT%LrTR2w4lZ7NHyEcCb79 zp)3og4y&p`+kgJYdz)~zUz-tiYqy+$w~(;6%+R->@VAK&xPnW#g*&#Du(x8%x12DP zl#sS+TdHguqCZQJ|2l+#8?|?<2!m_1l)$;j@VT16xuILPrMtL@Yr3JUwTx?x`UtsF z*0V0lOx{?cDj|f+aJ6^~wYgimOWV6&>$F{Kx`qq9T#L27o3y%%ym`C3#Y?urTfBnX zyj$zF&>Ov*yS&LOwPb6!%DcIF8wtysz1qvW<@>u)tNys?_@+gfmPq-!*eJQD%C9h_ zh+n8P%22kMo4e%8yVnc7y$iO@>%57pz546B`&+pE3%=6pyan991Ps1iOT5ghz<-Ot z-J8G&9K4bsz7c%D`rEx1%(>ypzI_Ru?^}p1E4vyMAxDOW0E@p148qKtz!^Nlb_>A* zyuia7!8LrtJnX28^{*i^E5(!=$^!M@+*+jKnhRqs~d6(}}{mT{yQtBhP!p#z!W^iQOv_Ye8+JN$4%VH zR4m7$tjC{R%65FZ#_PXxT*|Br%GWEzefzoLs*}anrHqWOUuu7OvBLTHwjQ+$mF&kK zjJ`O`$I%vw3&Ik7%zXUJ$BfJ~49&&7#G{IONIjz(FJI&KQ?bAOE)IlxOLrv60ZPYxy(o(pctFYAb z3n<^HXcThNHI%35>@GASQ*xB?beAf z)@8lbhvp=n`I(0zn(Fk{d(GFT8oxgap5n=7Qjo#_4-s{cY?G4=Bz1gPl5dlfx09hRMjo{0+aV6+>^^45(AmQr04icQc>6br;$u96Q zFY_}`>3?$R{s&L&5`X{_KmePb?IZu&vF_*HPVqn=+$b*r0)X)WK<-SR0Rh1Az+LGA z0Pi}Q@VQ&F>4)25R?=cVaGq3h*zwAsc=7Mh*duAOR0h_Abxw zY0vhX&-rNn>}swgnBMc7p7T3D0h^BP*-qTCe)XEZ_k5q{6X5s0{p(HN^igl<5}^CK zAMU}8_*T#O0ATeXAMcP4<7VI8lP>`k!2HZF?3Zus0U#^2k859bX3 z=@2mf=exiAzYXz<(B0jK4ZwkRb{8V4|TW|clp5>Dd z2muy@gbx4$hyo3Xhy#p|kdcy;l$Dm3my3yxn4O-VprN9pq@|{(sHv)}tfHETuZR$g zoRS0x0uu#&X9+ZFcq4-tonu>!TN00GAO7qFngg9sBUT*$DYr&x>PC5lIo5rK8M z5bfGUAOeAp#60~9MzUmtW(24SSjSQTH(90#SU_M-z`1gi+9i6olHWWC+6WQS$Ef~a zMTbZq4NS_ksne%Wqe_hg5vIghM-i=?U_loIW)Tof_&6+NCzEJTLP%LDZLn^qEC{lY z5|_G4IuY@dsL4@;uhN*611FEx)TB!fD_+dFv17$m8Nu~OX{-bZVm%_VEDD-uXq`Sg zQ}w{Y18)#;Udk(AuTRRIj6P17c((1^xO3~a6j@T%-G^DbF8rJ7qvF6_8BWf;x%1}= zd$WVCSU9}b$dw+aUaB_t@8H9WFHC;=_@>r-5^uo1z5Dm)Q3FIM;e-@cXyJtzW~kwY9Cqm8hZN4E*SU4&ooC{S zD5j|5iqyG7q9QEDDC3MY)@UOuE~=*ph&=Y_NG7S|l1w(~0+ zo_zM{=bwNED(Iku7Ha6Bh$gD&qKr1`=%bMOS`m}aW!rkr-_>8GHED(a}D cmTKy$sHUpws;su^>Z`EED(kGYni>cIJO8`nHUIzs diff --git a/usr.sbin/httpd/htdocs/manual/images/feather.jpg b/usr.sbin/httpd/htdocs/manual/images/feather.jpg deleted file mode 100644 index 68cdaf8b58bd83cca9a88291c843c65bad297445..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7108 zcmeHMXH-+$y4{hEO3|P}K!hNW(5sY$ri9)>ssa)b0wSFQ2m*>|#L!y~B0>V8L}?)u zIf8{=LvLPsZw62)%459u?)&q`xSad{uC@NHHP)JY?z!goeS05`98CdShA0CR00IF3 z=(qz%iii*MDFkV3^St)VZtKu;6qekE~D+mWV1bJ`+N1p+~Dt# z^$!dV4UdeDP0!5E%`Yr2Ew6l|Z}04W|M7Eg|7Z+g1$h8~Ca_(6_zwgB!$9$h zZTZMpRYk=+*PMj{>LYo^fTWsxjCTnCmPQK96n$^dI-4v|21?C;HV+5YxZQBBY#uM0 z*f>>hE(`4ZTe}h5*@>A^K$~cdAQ-c-|45jZEtXRkA@`d?`@_-Li0^7@3EP6Xqi@sY zL8>m;;%^Nerq9h6Eju!MEY&Y%%1YF5p%m~>$7Z_#Sq;48n(Zu>N|1R@V_L4?c3Z;zcC>qlIY7vLDAD= z34U#hJmm#hc&=^k7};WV_O@@Le^na}eQybB;-}s{0#=9Fpj8zYgC*De4d(Eh2x!3z zM@ssakrZWNNAs$2hjG{nN}HZV8<8f=B=(Xk6gaTH!1t1{ z$aj+G9}(0IxDksa^6HNL+Q{Ri_@_KrrwT=H|Eb8xo%AHB4&C!bXr%RlP1hrv1d}Ql z*I5~@2H>4Wj=l6%8KH@_2#MmYw@=8`^wqOC3na2D_-``Bqi6Hi1wSBDp32U;yy-OY zL&4A>*;WL6*;Qg|Mff9^iIr=Z zYe&Gn#}?%is#AT8@4)RVdL!3ma4gL z87&^UnOKXED zyWJih4=$8;>)*KDaMcBUsEkmfAUVKxKb0D9{V*|beDW{KYlnX&Vj5d|-5kvK*J4YbANERYy$w6`K>GG+_W&dl}fY+-I^y@Hnv{vB& zfGpOZF^zrZ0_?>)J{?V};D}&Ta))KH-VSYKw zhLC>1+!lAnm$SjdlT{UUN5rBzjC5X&FDeNbY}m{KtUZv@uBbqfNX7V0g$YX^ zM)YM^JVst0`oPT4XRC3)-%N=yg>?WoTY!0dZZoA#$$w}dVi{%TYU>8MU$|9tTe%T^ z(9w;=poJ3og9OeBCx*b*SC?IiSo#YBur=)v*C^;a#i|p7L>p1xDlm>=Z;1I_ z;13}SKD5hRf-@QYs_|P4taK`9c2(cx#-V=$Mkyt1pL-z8%Ag>rTaWooO$~QEha-(t zsZebuGPr7Fe3l+*6D*XSU<$W_Kqvf>#W&`e!*K&ibEgQ40`T3~6em-Va|Zt+t&U*+ zj7JOb1&AlHCSE)|+&fxu_d({4_Q0^JAIS_6`^uJAg?CBa#x`wy(EYk@y#{if6#DU}|-Y+G%jj=4hG7$?KmsuP_ao;J9pW67`Z0~s6e zL!a)1z)hv}f8ep8$}pVWG?7YZXeuc0ad4+Mn4&z~e~?5r^qd!sw=cTS_^K}yIXQ*K zu_b=!&clkPPU~H!6fzpI3h5!+HqBg>QLF?sNq!Y+}tbRBT!wlPn%6|wGY{Zr= zbuY^!;a@5g=KZ472kX5e-Ztq)7E&;Fqnne$HK%*svWK$eo@D^Z;VEV(y>0l*t|glw zi*8vql|!%B>5Po&ce+D+Ofi-480D1cO=F>_VVB~|G=GJ;(`#6gOr?^NXm27zH*G{~ z$5@>kR;{yMoHMhs8h6ZsTx@mdYt;Q14>DtbDiZzAnqp`G=L);LgJa;puxZ?GKw@BgcQ(3_4H)8=K3|}VM#6ux?eF%U0ZpqRcFnkAmg7sM4O%m3j%i0KZxjJLWLU*67 zJ>#gI8?vTlIaR)D8R(an8^Slregbs$UJ_Dgk@Z$jvIMU&T551w*u0)s5le6=QEDfB zq+_y^72_5(W7SwMSvAfMRY}d*^}0Nq?6P|nxr@>hE>(LOht-1h?X)x)Z^?gIkcF}k zmBkN7EfMD+Q?s->4{$5b9j&sr%zjPZdHy(a<^&PwuaRo+0Hv$1EV#e7baR~Mwxd@5 zDvqEVn#!MIh=S(>lTXhwa%vm9aAMrhfrv0`cO4bie~^`Mx{6(84;SaZnAg_Hqd6|p zN&velf6O|iz_-U1s#OaB3S)$qYKubzhBNQ2iAFHs9#)s1y`OgfVK0q4IvbrZZ?#f< z!;|rf!ugb_fSXlh)jK-dc^NKhIISJBmaMGW3BZl<+F|U zIrL!W@H}|ygXXlE#rCCi@%N(^x|q|hU{2AmJYHhCM*#a$)z2IWMg6`PR1vCxmyWm& z;CSX&H{9W0n<@O&FS^4U&CoiR;Qe7_c!bDQocmr~yc?Fp>$h%@7=V2lwL_xYR6u?! zhPM2Sn>SdH;P~(gwU+B60$R0puTzn@thHO*cmd&$SyO%_z5EDXM^fGbc;wHJh*~J^ z-NM+tZQMZqW{$eeFJU365vlAe-AvAdqIW*HQ+4Q?P8>jyVwcE`8&nlfb+O|j;L^|u zmKEbSRQc{5uYF$pla{Y;za%c(o6iL_t>{@<6H?EG{(=!=)GxhEb?aX?_Wq8rmi!#V zvQ?0NnF8)7xD7VIpHwKmOzAHxy1(vl+i~7`(RMnPJA(mVW}D!UD#QFlP<$p`u1RC3 zq(kly)>m|A4FyaII!yGD*@aSNIwzQsat_~`%W-Ny6!-r%tuTQYn7axCzPWxNMH3MP zo3{z=xVd)dEj1tNPF0|ynHi>jYs$`#BYoMEgZ@|lv&o^vt8ENDh5Pe8&(R`?}g&z zyAHd&m-ij=WbnBmPyrJ!0BD>#L8ZFd$O&0!C6!g)SHY>fB-}5oCeVZ2Hm%vPTRLPcgYA4j+@>&QOz+2N zQ0%LXT7k#Q=E$1g7YZ;8kI_(*+>Z$ zJ(rW#yQ~&2qF%^n#Glq8w(8KtW2zI~tY+DFQW14rVy9mLO$^9*``U}e zZkFNMw|{(nyS#5+eK+L(hH97RiGa=Zfn;AM%UU;y0;uHU;pklwVOzg7!6(ARI!jFT zBRc$2zT!2$?|a^+en~ckFQ*vWiE^u7(3309O%Hxjf7;khrHAls|NKs7U8g~QTWp8n z{ad1~bTUPLgBP4?W~1Pa9@mn`YnFhb4Jh4}AL!~A!{feQz-wU(t0U7I9^9?dl(KH& zkky}hO}s^|!UD=Nrdh|I(@x6H3R-8BIs{!et$lc3ZHp8qy;JE4^VQNmDfv#TBi78U-2&L2Ey-w5_eXr>{1*`yjXY+gP65m5^Cv z@c{R1b_A@m{!hr1`Gm{8l*XbV`J$9YhGfrYgejS?ZeM&H#}F3J@;-I4h~Pj)Z~6w> z7H_GBhJ~~DV?~}TH|MfPoMaTbU~^ND7}33JzI&YL&$9Kn8M(~%{JckkL_9ivA%$C= zgLx)k3DYn+NWo{hXBK>IoJ(1f$jR9@A52K`DNQV&Er$-gHtZ|wb*0b``xi}HMArB8 zXaz$Xjv=G7BGMXetLyfB3Q_62 zLal}ApR@0jZBSq`6D@_!hVKq3h)1u9CT@8WWpxA2-H~rNwRev*n}MnXc01s7P}91B z)JN^}ouAMDuo5r{C=I{veUNewbGH!XSC!R?k6A++>f)!A#W*E%(L7 zMi1FcAg_oivznR79sotj{_Dv7&)Jg6iD!ma+Co$yye$pp&aW5fFCLCgOx*ige0#;~ zF8#ghJc98!>{%TsFYMdR4~)ReTd7v@5nj${U!8N{8-S~p0NhirJ#i{~_ewA^sgEU{ z_40?c1c#;%HI7+vsUPYsVs|xm1I%c*ZO*k$tL|9`>{ zeadi_0FpYcX(7F&r)2~?aI~9yPbW891_p+z%^ll&(t<5Ag69^;X{F~*@5M8lu`?ln zxX#Sjwfw^$1#}#Z$31vT`VWS$8Ef~|X1qy=#Iur@Oy1iabVisQ|G{a5oLKq%p9)BC zh0cqwHO^fsE^8;XLnm5d=4Lf^K3AsJ`HXOfj*lM!!&ZN47_o88u3P@f;``SSX-$w~hoUpz;n{{=|SiGBb8 diff --git a/usr.sbin/httpd/htdocs/manual/images/home.gif b/usr.sbin/httpd/htdocs/manual/images/home.gif deleted file mode 100644 index 11299c1cb7ef6aed8ee4b159d733668de8662f22..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1465 zcmW+#YfO^|6g_P}`hb?UfCU7!Ag=*RMW7WJEwIjlKme;k1}ab&2*DvZXLNHgz%i{n z3mR9Y7$rv8M5m%)l>+jRM?iElgAB@Rn)yW3VbpIQyFYGjZf@>9=j7ZC(Vxqt=^BXf zHG1$6}$N0HhEs1{h#YOn?T0#13OAoUz{88vFO7xf%Wan41F$ zvoRaJcqhiP)8UXvpx2|Nh3elp3tt)yQYqY^Tv(twRYGu5QmA5745xS7sN%vC{1a{s z7U)dSd_*{cTCosH56Iys5@GFHjE+L-f=rMsSmeS?r&Ew%e{enws>#Z~@)j zumIC+#{2h}RD+u0!rk4PIpKyfk1GCY3{@(^k);q8h6kaEb>Y6L*u-j1;`ym>=OC^CNoG6R#aAIEolu&@SI z9v=Ac0S6cyBTka2p5bF0qQfx|3Q>mmvzd7On8E;ZIamZp0a$d3K3w4Ja8uv?CFWrRB8irk+8diujrupK}iE_ zY@kvhGZRJ}+=V#;%wyR63m&$$;pIylg_y*4CvaEMkpMQILV`&FXyJUUgqK*1&`|8& z4XqX(9n`I0u?U_}PU8DO0!mMa1r!Co4}v79^72Aj8b}g!8YPH*Ff8;iKSh|WEf&(C z(cr`h*z&0TZGP~y0-Xco!zw2SazD(^L+%c_8{QP_{DWRay zqPC5P#YK=6AWJE`zSS(Lp2g!qr^CgI6n&x)1_HGAQ2eI7g!#{eSo^<)vRxus?#vc2+eTOvP+lpVZ!Fb7Xp_TZ}$yX4uG^@QEFF zco~b74x4EGT=SW}8s3B1FGN3@i@v=QY0yXi))o{zZvQb?bb3v{QCcKkn~PbjM$u?x|e0@l@=M028tTa{kh%sHFXdxbw5B@+uRf zLbgScD_L2eJ`owZ!g&4K)ATZpTy*VOfl1RSOX@8c7WAxXt?}J{%h}pGk+o6ia{QUz z;^6y7nz0oz_8e)L;bSmo>+=n!&C`_5K9cINoz>#L+btv3(IVtA4pZXeP z!q8hnq9bs->OPIf>C3PZn3}Kuk?}wmQR!vN-Fw$7z)jpE3HFC5=U#FK7LE*K1o zO^7<`VCbX0(zD%WI->b{S@oSgbeEk)Nfv8ob&B(6+z{}>FmH*;fy6SGG!wlpY{R&? zn0xbPdusfD_sLtamKk^=)G&cCj?2j;s*`)?b& z3j5o;9{pY@vT_cz6siQD5uWQ6`Y7wC>hU2@#@F|Lu;Oss%J__+(+aVruBm;cH#rjB L;Md}uqCn_>{mJyz diff --git a/usr.sbin/httpd/htdocs/manual/images/index.gif b/usr.sbin/httpd/htdocs/manual/images/index.gif deleted file mode 100644 index 741c8939d77d2423d67beaaef8fe78aed13a94bb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1540 zcma)5X;V`N6g^2EAqfEj3FHAmLln@6kxfB?HbDhZNdqfbC>Xlu)u%~i4fxr zzJ!Ylva@mP7Gz+zw_{`kMmA>_j_13=(h?F02v~kb=lD2<&y`h?98{sgmB3Y7|P-oTat3#t{+%}_+4$c(KApcmUwEFv-z zQkXL`K&NAD41LL%jpJryk+4|17MCw$Vge?%6%BNmEzZkPk^&wNT69%Zpr?mYaBGFx z2vR77uP>64s45aIBGWK5aSpx$Fc>H=$Fpa6{~i-r;BesXj$ONOAr>|uii*(O3=V;B zkzlgJbM#NBV6>%t*;#=sg?S1Xr!ZkcwKbR;r2Po9pC4}Apa6m=PeAfOa$!ON1AG$j zh6_Pp>QtnrqP`vf&K< z549Tm_oKBHeSMS{HZ?gXC;0n=57HGjc5obzg$HCZNX#%0V4HA7EJjceR;|MJ?a*pr zGEpUL#Eu9-{A4CRBah34rzb)~ariJ2p*5Q+h3BJaS2<8dY$GCY-~e<`mz1EY3jO^k zo)4KA%dtsDf&-efGxow99Ss==$;og-*v*@e5pX8JWMan->TKjp;NwTQ2~o8HCKZGb zSX)z@m74b=E)Fd%P{QvCHZy>6NCiy9$taeK5V8SezeUz8IGcF?-Sq!XUSE)3enHNf z1dSzHqB~u$VezHw^t#eUP4gzxutT0fms>j#+^N5MwsCda9aW;A_roSDIF{W-%W4<< zDe9IJ^V^)Fg%gf#8e7NfD){dmk4$i9+ z3Wpe@J|?#JZ;wr)%O>B3Wy1S4sR1nw$0VqiSa>Ith1sm_{3G2ep^>%Z_c_s9RVi!S zmW3Od3te~hF8^LNW7peLq~NGjR8P){yYT3AUrX8U684qS#d-3=r}mfb77*g~{xdST zq0#5G-!BvwPHC{gXqFHg@^6gU`rXBJ9o@8Pk$e;;{PdNFnVP8OfEo>nO1 z7mXPa z8}g=~3>^KF=R+TS?B~`#ta05FyyLE~Qmb1L%RCyJIDg4-`hx}DK{Q5a-=1j&PDfGN zb=%1CzwbBKK5gk7a(b1((%M*>HcMj|M(wyqZj|MUAev?HAi+p?Ve5Gc-)*d>$N*LF OiPzOh=dG1;1pN#BQV7)m diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.fig b/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.fig deleted file mode 100644 index 7c80fea3f1d..00000000000 --- a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.fig +++ /dev/null @@ -1,60 +0,0 @@ -#FIG 3.2 -Landscape -Center -Inches -Letter -100.00 -Single --2 -1200 2 -0 32 #efefef -0 33 #cfcfef -0 34 #bebebe -2 1 0 4 4 7 0 0 -1 0.000 0 0 -1 1 0 6 - 1 1 2.00 120.00 240.00 - 6675 5250 6900 5250 6900 4650 4950 4650 4950 4050 5475 4050 -2 1 0 4 4 7 0 0 -1 0.000 0 0 -1 1 0 2 - 1 1 2.00 120.00 240.00 - 6900 4050 7650 4050 -2 1 0 4 4 7 0 0 -1 0.000 0 0 -1 1 0 6 - 1 1 2.00 120.00 240.00 - 9375 4050 9900 4050 9900 4650 7200 4650 7200 5250 7650 5250 -2 1 0 4 9 7 0 0 -1 0.000 0 0 -1 1 0 4 - 1 1 2.00 120.00 240.00 - 9300 5250 9900 5250 9900 6300 6975 6300 -2 1 2 4 0 7 0 0 -1 7.500 1 1 -1 0 0 2 - 3900 2100 3900 1500 -2 1 2 4 0 7 0 0 -1 7.500 1 1 -1 0 0 2 - 3900 7950 3900 7350 -2 1 1 4 9 7 0 0 -1 10.000 0 0 -1 1 0 4 - 1 1 2.00 120.00 240.00 - 5625 6300 2700 6300 2700 7050 3225 7050 -2 1 0 4 9 7 0 0 -1 0.000 0 0 -1 1 0 4 - 1 1 2.00 120.00 240.00 - 5550 3000 2700 3000 2700 5250 3225 5250 -2 1 1 4 9 7 0 0 -1 10.000 0 0 -1 1 0 4 - 1 1 2.00 120.00 240.00 - 9225 2325 9900 2325 9900 3000 6975 3000 -2 1 0 4 9 7 0 0 -1 0.000 0 0 -1 1 0 2 - 1 1 2.00 120.00 240.00 - 4800 5250 5550 5250 -2 4 0 2 9 7 0 0 -1 0.000 0 0 7 0 0 5 - 6900 3300 5700 3300 5700 2700 6900 2700 6900 3300 -2 4 0 2 9 7 0 0 -1 0.000 0 0 7 0 0 5 - 6900 6600 5700 6600 5700 6000 6900 6000 6900 6600 -4 0 0 0 0 0 20 0.0000 4 195 1455 3300 5400 RewriteRule\001 -4 0 0 0 0 1 20 0.0000 4 210 1440 7800 4200 CondPattern\001 -4 0 0 0 0 1 20 0.0000 4 270 1110 5625 4200 TestString\001 -4 0 0 0 0 0 20 0.0000 4 195 1905 3300 4200 RewriteCond \001 -4 0 0 0 0 1 20 0.0000 4 210 1320 7800 5400 Substitution\001 -4 0 0 0 0 1 20 0.0000 4 195 825 5700 5400 Pattern\001 -4 0 0 0 0 0 20 0.0000 4 195 1455 3300 7200 RewriteRule\001 -4 0 0 0 0 0 20 0.0000 4 195 1455 3300 2400 RewriteRule\001 -4 0 0 0 0 1 20 0.0000 4 195 825 5700 7200 Pattern\001 -4 0 0 0 0 1 20 0.0000 4 210 1320 7800 7200 Substitution\001 -4 0 0 0 0 1 20 0.0000 4 210 1320 7800 2400 Substitution\001 -4 0 0 0 0 1 20 0.0000 4 195 825 5700 2400 Pattern\001 -4 0 9 0 0 18 12 0.0000 4 135 645 6000 2925 current\001 -4 0 9 0 0 18 12 0.0000 4 135 375 6075 3150 URL\001 -4 0 9 0 0 18 12 0.0000 4 135 825 5925 6225 rewritten\001 -4 0 9 0 0 18 12 0.0000 4 135 375 6075 6450 URL\001 diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.gif b/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig1.gif deleted file mode 100644 index 664ac1e7bb7a186d2c6157878cdadd5bfb7d3466..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3525 zcmV;$4Lb5iNk%v~VXOgx0igf@000000I&Z50RR90EC2ui0IUIl0RRI2oR6u??GK}z zwAzca-n{z{hT=$;=82~2%C_zc$MQ_q_KoNI&iDQg3<`(DqVb4KDwoWr^9hYgr_`$T zip^@b+^+Wv4vWX+viXcotJmzd`wfrF=k&V$j?e4&{J#GW7$`VMSZH{Nn5ekO*y#8O z87VnQS!sERnW?$S+3EQS8ma{VAZi*%daBx%y6XB08!J0YTWfoZJJ_1b`?T8&tn?d9 zTx@)doUFXe+}t>uEKSD7VUw$V!fPAKs7Md zyD+KN9Q=3h;kSZ|nq;i_tyjVj)go#8aj#*#l1DDS3)(Z@%69kyPTY9&V!4&)rtBFx zuj2)w`FT#Zid9C@pqy*6bX(4r!i z`&oEWA8EOQzK;7h-_)wNdu5K?Iehubp{JLgo4RDqgZ`)Y*B;$$)*%+$dHscE#A{gb zR-kbH1*IQZjHxyr2lYAeQhMI0XB~uIWhh>7=EXn_fCXlz9*RV4IG20X@n;)YEyjqV zZzf#W#9BIHb|Q;WnUx=P*|kMtQ@s&q*LfQbkywavf%hMh?0vUnUk~7jP?lP5$z_*b zehFrnVvb2>nP#3T29{_Bqvo2uwCQFpaK?GdoOIS==bf|Usb?&FW&>ZKf(}Y(p@H_f zM*u!3is&7TF4|}vkNz-eq;FK(1E!X;q3H^pF7W53V|Z$>}`s%Bqu>#xc1iDTV{;D&&R{HCsu*yp8vByf1Y%|O9+Ux z-3#mecOiw7a5$cc3$nP<;RJq2<6evY1GyoR!%g|+e`u}&=de^Bx#tvsE~n^zl#IIR zpR0~*Af&ghHS4gSF8l0!yl#8wxx0e|zaD&_XPZ1tY z8sBI|GGg#PLSdr?;8?|v9qvbAnbL=N1Qhdf)ZUCxu8f|=>UjiK^T)Xn(x5qHnABbZJemex0KS7O!VPvHiOI4 zbn-}bfu$R3X+v_v206$;FM3iA0kfKH24|KF;HD2d zbRTN!D4cp3&Ii01OhUGDkjTWQh(1H1vfzgU==9q&4^*N+R+E+Z5vDd*iNt1}U>K-G z&pMFgA1Ap;K(B0NDE{eqOAToel@Xoi2I_gEdqydR`rKkX56Xbri1afU4FN$zN+EY@ z@jpEpr3d^;AbtrDV3 z8zUqoPBzGn7d>jJ2p9ykQema15Nyx@3k1VTK|6)@D+(rP1jQ<4rlFAR*%12!%R-@` zrqJvLAX@~_o=LR-!mJNSTPD-g7gL!zm2Ld9`Fd@01J4)Jd^-|4~*ahD_FpK zeC~oD3}HALIKmXJu!YgsV1Wo0zSMGWW%)}=5SMNs8x}F(JPe8wvkS$aP_Z)f`wAE1 zi^ZOhG0|w;2^${+#;(w@F?hTRA2$uhoDeeDh`b3Sr;WrW=5Qo{tO_Lq1Imq^@QRsi z3tW zla!qSrQ;asOrmg^adiU8P@2#pim{RgHdy&pneohVSpnZih{MM+D4kU zC~y|7O4MBX5~l_oW-smO?RJ@lk_OlKKV>uW6Rk7dx3zRr7OtcT<>%jfRx?lveoX$x z=KQBFdZe_y=I0URQ%D|_d92BZYX8EYstA5?*kuPLdhNN{4a+L37O=#vv&?H`#b)ux_e3j_lTMFt< z^_KH9>jUok*W=*KvL^!VYmc(nJUY4n><{pn|a8_Mtg$NqLd{;{RM z{N`_e3BW)9*f&SBU#$xJw>Fs)fcWPqKwyAMAb^pBGN!PAmeYXhLOF;NEuWQuNAQ4# z<2PoLH=vM#zXJiX5-Y+YEX+oNv~nR12PzWyI3ZXzD0nVp(<>ubfmgzUdgFpWGlF&_ zgC`h+sB(cu@PUH>gy7|aNkcY2$bl;u3PZ>^IruX#h=ep)D{q5bH~0;>6@*3Lgsw9< zOVfo2xP@_`g^1>Cd^0@jMl%9uf-2aCkoJZwvuWnShC1kmb_j=fh$Cf)Gyms@e+Y;s zBLiwkhi9mVokEClh=_Bjh%2**b+~SPScrj0iIo_L6S!J;!-JUP{)l0?J7e=UR%jt$ zn1}r50H7!}qWD?$w_{^ydmZ>JG02Ho=!#!xHFsl#jzfzM2#e^lgq`y^wHSdG&@o7J zhocjWyf}>B;E7ToiOeXBLGX;-(2P+aThZt{*Jz5RvW(l9UkK=pDv(^&_&=7|FyV-f z>8OscK#uF^9Pao9?Ff%BGml*$kM#&%_?QLvh>!fJkN*ge0V$9JNst9;kOygg{y2|$ za*P}W01t_J(ROnXnG_F69uygoS#W6?NrswMhZ1R#i}qO zhk~eW$~I857HZtlcxS*^AZ0@>`960DFwZ8FN0e+N$&o|;bdy2F1t>X`KzVFBDF@%i zX%N{*ocC3Kgpw3#ZVA^?Md=dlc9Ix*l~QSyLbW1Fxp-n3Z&In2V(D>M`4v{_lBIZ1 zZs|}?(jEXsC1@FQwqcepqD#`c!5cEh}o9Zv_B#TP1bahF$H$4 zL70&#cwos;;c-kSS5Ad#m|qEXgoSaU$(J5Sl51d^pmv!vQkgfUP8F`AC znin~4JV#Zl*_wQ}8h*zLE7h0!)_5NUk~TF=BJ^@|_f$%Gl;pv75wce`Wu4R+QyF&$ z&{=w;2~Kato!$v`MFM!8$#_o17KP`UHNsCEr+BO8iFncJ253p2huKnMr9p4WmV}8< zdP$yhX`5B4cR{%WnrV8Y*K~Ht9$^Wa26>6auilG?+ni*OG#mS)} zv7sL-q9aP8CHg%cYNDH&qEHp0E9#;z3ZpSvCMYVSEkL6+8k#t&qdUr@Jvt^g>Z3*( zq!TfuMQWr+`U*gbq-nLJa@C?unwwB6rBh0!RcfVIilteqrCZ9SUFxOoR{#JzTehj$ diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.fig b/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.fig deleted file mode 100644 index facf410fc98..00000000000 --- a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.fig +++ /dev/null @@ -1,50 +0,0 @@ -#FIG 3.2 -Landscape -Center -Inches -Letter -100.00 -Single --2 -1200 2 -0 32 #efefef -0 33 #cfcfef -0 34 #bebebe -2 1 2 4 0 7 0 0 -1 10.000 1 1 -1 0 0 2 - 4050 3750 4050 4425 -2 1 0 2 9 7 0 0 -1 0.000 0 0 -1 1 0 2 - 1 1 2.00 120.00 240.00 - 4950 4800 5550 4800 -2 1 0 2 9 7 0 0 -1 0.000 0 0 -1 1 0 2 - 1 1 2.00 120.00 240.00 - 4950 3600 5550 3600 -2 1 0 2 9 7 0 0 -1 0.000 0 0 -1 1 0 2 - 1 1 2.00 120.00 240.00 - 6600 5700 7725 5700 -2 1 0 2 9 7 0 0 -1 0.000 0 0 -1 1 0 6 - 1 1 2.00 120.00 240.00 - 6600 5550 6900 5550 6900 5100 4950 5100 4950 2850 5550 2850 -2 1 0 2 4 7 0 0 -1 0.000 0 0 -1 1 0 6 - 1 1 2.00 120.00 240.00 - 9525 4800 9750 4800 9750 5100 7200 5100 7200 5550 7725 5550 -2 1 0 2 4 7 0 0 -1 0.000 0 0 -1 1 0 6 - 1 1 2.00 120.00 240.00 - 9450 3000 9750 3000 9750 3225 5100 3225 5100 3450 5550 3450 -2 1 0 2 4 7 0 0 -1 0.000 0 0 -1 1 0 6 - 1 1 2.00 120.00 240.00 - 9450 3600 9750 3600 9750 3825 5100 3825 5100 4050 5550 4050 -2 1 0 2 4 7 0 0 -1 0.000 0 0 -1 1 0 6 - 1 1 2.00 120.00 240.00 - 9450 4200 9750 4200 9750 4425 5100 4425 5100 4650 5550 4650 -4 0 0 0 0 0 20 0.0000 4 195 1905 3300 4800 RewriteCond \001 -4 0 0 0 0 1 20 0.0000 4 210 1620 7800 4800 CondPatternN\001 -4 0 0 0 0 0 20 0.0000 4 195 1905 3300 3600 RewriteCond \001 -4 0 0 0 0 1 20 0.0000 4 210 1575 7800 3600 CondPattern2\001 -4 0 0 0 0 1 20 0.0000 4 270 1290 5625 4800 TestStringN\001 -4 0 0 0 0 1 20 0.0000 4 270 1245 5625 3600 TestString2\001 -4 0 0 0 0 0 20 0.0000 4 195 1905 3300 3000 RewriteCond \001 -4 0 0 0 0 1 20 0.0000 4 270 1245 5625 3000 TestString1\001 -4 0 0 0 0 1 20 0.0000 4 210 1575 7800 3000 CondPattern1\001 -4 0 0 0 0 1 20 0.0000 4 210 1320 7800 5700 Substitution\001 -4 0 0 0 0 1 20 0.0000 4 195 825 5700 5700 Pattern\001 -4 0 0 0 0 0 20 0.0000 4 195 1455 3300 5700 RewriteRule\001 diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.gif b/usr.sbin/httpd/htdocs/manual/images/mod_rewrite_fig2.gif deleted file mode 100644 index 3ea8cb65a3f9f1682c6b52d3911f52d2434ad38f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2553 zcmV*@J5W=b#yB~Kp0=~-bve892N4)}p(pW%2p5sZht~LD zI1%}hx8|otxH2g-xLK0vxppC@5V~NentIoI(rJ0{2OE+}BP-$wx*=Bz983yn zON(iU%aN>EEQsprz_yI0Q)?}KoO*nQ-CZ_4KxX`yc3=u2d>*X_(0`guqzqd@*%#-LfeXh5BVQWpLp z)QG8|NtFn{$$Q4mA4HAe4t}G#aHU6(6t}s=hq0PVmJMrKq`A|k!e|9O8l4z&!W#`S zjZ$>#(5cRsJn6|i1(K`QjsTk`MM>77$!02Ard6pHsnu+78$i8lc7VuF^ky0)tFtHF zr(QWty35d@Uzmf7Y8_lL2S2v}^FhUV^=(jScxmn>5x6qvpoM!Pb&QqLVZdksM=H$I z>f6||`_!fUG4I*j11X7%v6>pY2xh3(3xa*;o zNYwSdUv1ZB&wdX*)_krZ4vewXW?IWbBeN8I)p6nPzS&B?4Ba$!41htm$T)Y{DsLok!AXXP!Iasb`-s^66)wB?2mFp%M~m zXrkQ3=fOx@uY&%$*{vTrQ0I{>pr{8vB)Ijjp5X8oW+QCNZyu6c=x)f=Sie!59OmW78?Uq0#Q z-A_M>*2j0|B3IR1{j3WUtyZmwDmAPb*OzWZ(KlCd!!olPXD?x<)MZ`WCSOCy2xXtD zBJXyVst}vinMV{8xGT+dtvA`ugw^Np$GNUjU414?N3v`l^XJ|U-Mw}&ZPjtd6m(DJ z6=fj;N4r>Zw<*{1t;9aJ(R|1-mS1mQ3*BsPl^rbC)KrgcT-_5(HI>#v|5g>Q3aoBpX0Y3fE=(`y56f!k?an7cM1Y2Z z>89<%9O0m%5>UCP<%ld{q4w}rZ#fjfi|+vUI%bW2f9l`Je*0g%Phpa(w)!Vrq^ zK;-L{1y9HXM4@nnK~NzJU&sR&!f=MpVu1{4I70`L;D$JSp$#5&cs{ zYT@jNOnhJx6M&^AO3?#^;?n*Uuh<3#lnIMmM8^c;)kQ!3a6w;0P#6_8#t_^LgJ*0~ z8bMIOHp($7bF3p3?TE(>#4(Rt+#?@BK)p8k@sBNFBX(pkNJ5^-eBJ6mA{CheLyiju zkA&n2BzXe>G;%|hOadk^RLM@dsDz>{!Y2<^N+X=|L7_|~AW7-UAgr=&FKA^fYs5%I z`f7x{?4>V%3Cv(F(FvN=r3r6Y#~>n;iOO825u52uAwn~nIGiRmXK2l9zA&5GEP^J# zSxjy@;+s@?7XnT-%uMkmW9qbo!NR!*cxJ^gHB45ja8-zDopYBYWED8c87Y7YLT~j< z!9TkN&v44KJU)w6L;elAvYZ*|nCAo|*E}W(wrLbBv>95q?)j~FcCxUUeXSS_qn!ztLk!=+AD_Zz6^so0i)aBZQiC`j+k z*P9!?-z)_r-R~*Ey)V3Rf27Mu^G49eU|?}Kw+G83*MP`hFtU<|l;kJNfXQBPvXr$L z_+~zF2`O9&Z^NR0`=RE7#d1Vx) zpa1;+r88#{$%0-X#R_fcFCrR+hhDS=8|`QXLORm?n>3~6XX#6$FVmXV9;Z87n?$UQ1dKj$WxKWt%&lC&*2KeJ zg|Jc^3%8wSJbJ~>Es5hsvVku&bMOtThffzVrY3bjZp9qQL0cRG3m7&S2lxLF`)k|Z zf?Q-y{q1!w@@ujE{JG!dHe$z|&Vcqbv=aBY>W)J$AvZ9!qFH%?Ma*N^PF&p0-WiVv zzMQNZfxTa!4%O>=-_E_8*b=)>dpCpizhqA8omJk;HIvg6=s4YH_3mYv&UCJ#46a;f zD6N=H-t{KN>tGW*NzbkI=0cs4Ge);y`zlrYMtkMWtfc2gZs#07qC6*Y8&p!K)?pjTI?meG(PwMLdKh&2SzNe>a{NyWt`OI&=^Pdm> P=u3b4)UW=R3jhE+CPVN4 diff --git a/usr.sbin/httpd/htdocs/manual/images/mod_ssl_sb.gif b/usr.sbin/httpd/htdocs/manual/images/mod_ssl_sb.gif deleted file mode 100644 index aecd3c119c67bceda52c31882f170abb52106014..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2007 zcmW+x3sjQX7Ct{eAcP0M-?H1=(_0KYjAi350e%rdb3#0p zofuH<9^Ao#bsc*`&nI_3>nb>45kV5UT@l(=D93jt-l%W9ysOY>-R#i)_&I+C|MMsG z(7s=`77Ggsvx>`pmhP;~%{!KqeIV{gc{N&8+O)YQF+;Wq9Nke?mDh3nL`9vlyRo4? zrT5b1D_0|~-?;gEI2L>B_MN*ov3OF5rvJf1bsv}HP7c)ck+grjd_}?xx(|_7ak1{e z4gccRhkgwCF$s?u_j6}WynkwfnKvQ3$tC5c5duHNWg(egRhx!3vAPO~P zt!$+dEj7PI8=Z_&7w^D^?>DDT2Xpp1ClIV!fu_%j$4h=?^$A_XV6Ewn$P~M;1Pjv< znU@GiO*XXQkL>r!8a~6P`IPp=6-OzFD;8t6v6702&NcfoM58w7E_VmZ#4(4-BCPdo z`d`+TUAl8Z6YQlWPh3V+{9A6IiBlvc@JU~Sy?*Vh#IN|~Dq^m(*Io*;azsZ)`-+z1 z{f@SDM5RMRfeS;6b13>}_h#3~gBy~1Gai$eHx`pbfsqi~lF_V~{?8zeQ`+U#ldi%{ z5L+#B?MGTa+!Z+$A6oX!B|*Fdd%xZ^zORT((44>{B6V8D9d~y-&LLzF{4zZ7 znUXqZT9uF{*w&sJUA9hvV9mJbaCpdqMU&8SG0S4}PN6?yhb^3SiiIdMF~C%$rfQd9 zgI51VIeT`TOnRf++Q8%4#;VBx^?r;g#xYx|IF7G69D@bwZ0;c!E4Dil_mWCuAa?jJ zi@P$O+j>O+FwH6|FBK##kjLyQXJfdrC#pTHZ#u{hdEJ1GntS=Z0k4!`CjHFT;=ag_?2{5C0X~@z3K;xcQ)zsL@BK#cBMN!!;STjdmvr+RoAQ z%OIPj8q)md=C>RLkZp`snof{^mIiJWBnI#tTipi3L$}!-jZF8ETDPT~a8FX6I;U}< zk$O&tX9-48ODkHQ_BE7I912{}+oOZyj?1fT=x@YDJuagq7sZuPKdP@C3sxWa;n}nO z^O}E~L%}Yur+B12Bfi$Yz;vCIc|jpOy-Wr3wkC5W^Ou|O98f6I5h6v4c@E_|8mn|p zx7`tL`Vuk@wUi(EI5%s9$zdKg8<11(2l=x55hRR|;5DqIW1WKeRr$irq5K4)Xv!DWlRSQ?SNs zpq&-i*8D1|lR3S2={Q~8+SjgxUl3YWHaw?D=c7}xh$x(1O=sb5$G>spW@nYayK*kt z&P+8>Gi9#(ge6NS@7OPI6T4${p(hLSxSsgNQoW6b&BR8;OsOln%uqnCu4qp&<3=7O zA~9+2q^AvL{hXp58k1$xT46MZ4k~-Q;{E~5N!T*;x22y%XxIWAz3b$Af*-Yi`x>Cz zuEL)3e_Vxxjp34q?U(S{aWvV{*yRMKCxKJ5dLmb~g%F5i5T5dnZ(F^l`5iHc+*zXu zjdea2cQ)8olk~ixp~K;0h36)&&%-46)K0f09EL-pnfKG*r=N67EZ#?(MM2wg(B$B3#q(pv1CA z(2K_qMp5N_iOTwX-;ehYZNvJu)3hT;GMf|_Rwe>$s4Lza{K+)$U{&KsucIMN5cui; D6NgSH diff --git a/usr.sbin/httpd/htdocs/manual/images/openssl_ics.gif b/usr.sbin/httpd/htdocs/manual/images/openssl_ics.gif deleted file mode 100644 index 3d3c90c9f849929d0b26bed710e00f3f6f4f88cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2063 zcmY*Udt8!f7XH2uL_kzTR8nXVZ>X3kqnV{53OK2G!7*&LBo(!+RmTb&a{zDPWyCZQ ztx+d$>r94IyS6)4sCjFxG1D$?`9r#xW6jps#osg|`!WCR`QG!L=bYy`=e#ffGhWaR zkr?m=766kOjYf?|Gcz-z5yMfe5yOWCCo`rZOu@tq%ot%Th5?+-z>+_si7;g*gJrP9 zXoP!A4u2ZcT(~HPD=;={;0Y!)1F!%w0Epo~yvfwdG6i@aO9KEfHkk%?z~o{UJOobR zO)vvD{hv8++Vel-Q3Xdtg+&6<@vK5>a#o?=Ha`)-FzHOMWTQ6O()=ifWBpWD;dEYb z`)ps)ZwwNWJZANIJ`Uxy`;dA!4u|?~U;b4B77CZ?z8-R_94g&LLMt3VD-isO(5|-=9v}k zJI$L54j`LnxJX2;5T)Rhtf8&$$B$_pzmo;n8?Y`$wOatMHs^V%iNfaGqP^#FD=h+H_4c zI7S>zT5WKhZgh()e5pu~^6Mw^mR!5OSlPVwO=vOJa$io)Y$*HGL@tJ12MSO}JN`*s zXlmUd#86cN8JWDjaIxxBHqOsx1!C7gTS#Hr2tLeR!HM?6|QIRj8JY$`^yC ze?jVRqQJK6@ysXY<5npU>H9T*_Lwhr2E9FbiV^;Tcu}xGD;k}aTkOe1cAP_gBpyQ( zrdB!K!^Ix%zWpas1~X&S^oL^yjHTTr@0kK|(oe*dg!4PML?k632rct*IhHMra?DL+ z$5%+NXI1hq6NJ=6hsB5{DQk1b8R0=i=kl4LBU1@{M~|=9d5+#aQ+#EStCkHFj2~0h z`p>yMfxyQRQg?*iJV0qf10cx9iYh)&kEa5VnSwupGPpIvZz<`~uysMr$nARhmwigP{Ef=?ej2JG6$iTat_0HA@@E}ZH1N%_3D_(}U&UQ%k zG7kQF-Wymfw!ynpA5UVqwE8oT1~wSHBg4?1vr>;Q<<2@#YZ!HMa==M}E!S(`n}K_o z8U0@7Ee$*{*;O|)Zg*HOb>>guM~+*-*R+w9j8F(mA=A&uUUc_MfWzfJ-RRjf@1ATe z!e#!n3;Ki1N4&**s@b-7SJ?<_?X)}P2+v2FCx}jew?H`C`|e({i6G^T$yC$!iS}j4@VMX!($~>XSwxeM`Be(j>Hi5s_7rg zfj-?yPiuUwB;|^Xt@@>q?pGgHI;wsdI=!_=baHiXT1jxTK_|1TdD=8(PTmYzX{@i~ zuWVDNB4a6C$lZ5c%0YC?Ry#-YC^y4+n$5+Nl))d#r?&dJ3}?L(qvuAb*kkr@LpPbf z#)TKL8`bl%cg4d=`9iTqBJ!ypT=TJ?wWDN@4DcEIM=ymBMrko@{ld9nDGnIVu|17* zrm++7 zUP^gM1t}7oS0A_XHc=1tvd5ISX;$CVxmi-0q#);oRN{GqhXvWxVK%Z2d4me-_Uum% zl%jR2+)7nNzd}}-!}SJ<`CRN~Z(ByZ&VOhN+KjxZZOeGOOq$f!Nr+Siji`72$7{%RA&t)K>jXR4o>AwkMWl3=dY(I?3J3l3*dWq-Y#=dTO44?m{(+t{ z47K1+4fX_KW+zmx+Dp8HhoQKHTGy;ji`4G^s=^0VUI$eZL^@DXIA_O{p9e>$ZpJIG z?7`Fn4!kryQn!<i zmiRLbwAHQp(KBq#GuP2bJw~%ppmUK-9^0$G1u!xu|E5A^H!dDB);6erCJJ76` z0hYq4%huS9mR)3AdZs(b)vW+xP(Py6C*@L zL<}GZDo$WT5k&(CqM{Qwz;y!Z;7)MG`HYh<)bIaaSJ$mu{q8&WoO9o+4h;|S79@R! z{J}RPFdB^*hQ-9hBqt|lW@f5Xs=B(m-rimW01N;Q0DJ%h0EhvI2Ot@MGypOI7)5{) z0dBs~z0wh%oa+5J*>tsZ}wSu(NnA8{$BjzT@^96j2&qa&_AU9Ji7GY`0$k=UASb)7PdXQX7zC&=(8>a1lhm-u{$P{?R0!ZqQWJsE zNm7$LVy5yY3~)IhCV7hfWQ{m&%7d6RFqSz*d{TXUJgDOWaSTwg0C&;`)zq%k%Bj`c zbyMK1rYS#C)27M92On^aV1Nra zO;ZK8$3TY>^ooIi16anXyfp?0DnaT1m>dGX6=cQ(ff3Y+05=tgjG!_TOwNSW3(`hG z?${K9$~YBsV*qymq;fFU*i^4fG2j?MS|t!=0=^NX8bPuV#IpeMZOT<_Ux;B?M~%Trt2>0ZRoql~YTTYy~j@iw9UPU_G0H<%$3@HkEM102u(29VeMj zzL;@pl>fhH^6+!M;~@Zyz;&u_>P`re$xA_=8KzNp<{;BtR`hAAyZ2yr;>xh*nw}!o zoRlYh&9#A$bztGl@RsA(%ba6Rt`OW+0H-Lkz6l7|Tf}tpRO#hO*}25eFRrKU`Ec0t zm;NmY5jPe-YJrVJge_GUX2Fnfy1l%vYT55gmls+^oICyS4_Qyl{**d2+irneD~zsz zE>*ug-PoPiRMA?0r+gCk)O5EMEt11#1o1(a*dnilm|U4e?Z4@3-?n?iTju=Lm$rYu z`|{N5doZyf(ao#r?Vu+4X307Q7&LSC@AJ+MbT4MuScH|IU!O2fK3Wx=w&mTyx$B2Y z94UW?Z)jZn=g#pO=G!HWQPu9@#*IN-m0fr~<41Ec>Cc(Io1ba8c8*c~%;g_vG{+w}i0l%c2xq!;8Q2?GMUE z3Y_a3Mhacey&5Uv^*TQCHtR+x?yUw}D(^~Me({_;kvX@#|CHX_D;Qg>gb*904o1_q9U$yg=efLT zIDRnYO=Cm7Pc60piO#`-tc`c<7{21@t7g#?tld=M2UzCT_AX|ae@9rm(BrN&Im+iE z)*ZpuKIx+HFW7e%d)`}ZcY991=Z%H#R~coI?texmM+q9S}PW$NdaKzfY0E zEV)^bu#;dOrvrpTTciP3$WkFpv^cHFCMPzl-*jW4uH#o3%hrzfIMy`x_Wr#6CDCeg zZa=9Y7yogOU5V?ez8kKV@b#NV<7^)~s6Nk&;MQM?DRNs01r{aso)*eS2!gl;*AzyfdnUpv9ih10gIc&+G(DB2VkPjc42_z!|CpYyvCdNqTXI(hDjNil!_!6V zSaSsv6)IfL?gp^z=BJRbF0;~?E;uzjUZKR>G-z=*lmV2b!ffhiy!8ujl1FZIQT!#C zS*{_t8WTGUqn^}Ef0|Wn8^Wm?w-=cd@s``X%FCe2?~fipMrCeE!Krmkjn%Pwhm zdo;=-FH^2s{m07>>U-^1Jb`x(<8YSf7Ku(^y|b0g#WFvf&kZ!xcYwc-Bv;@aB#H6* z-o6l@kNXo3cQFo1vz_{HkS}C+nQU>$wewDz_9gC7!B6{U`hv1seBG z>#3%m5?-6zXIfHMmt$4ENg)cnuov-@La*A0^UfvhB}k-}f2oP{9#xlY^0Z}M1a$>9 z!PP&VZZN-KzTo^KvZv6-hr{H%fL`oU5@oK=Sr@ z?0@LS{rV4S)K%Wyy}i=Blku&laXl$Bg-iGNgAvcAsyaKzJ2gr1d#0Td#?HFizSOg+ zYer9c0zWdvqK3K7Ql|*zN%i(wtX~n4|AQ zr^V-5qHdjDGw0+{N_CVGVj zph8{N`1M-v!HI}X%Fd>*v|7_}zumLK?i4IjcA?RY?-!rpc^|^77eLS%vO5ZKs8A%;jJKbqiS8rU$=wGe{G`e0jJr%Q2-JddgP13|&AW1WYID zp3~k;{HbuShCF2i<|{l7muW$G)~UBhRKOH0)T^esIKi83J?a%Y?$opln`IJ2&lxgCUAQ5LIgla!NcK$!epjuI{yZVFG?j(U z)nutwzZ;3`)qA_eRToC_vUhDV;B4J%_k^p={kQ76*9<6$yo_q<>b`w59`W+{uiArC z;>w(;0VJ2N0onPApif{4$J)67H!9@0}366FzqTJ zyQpscGULzm&}R*yF|1OvbjCI(B#T@=)@fR!#XI{YG1tc7Ec(R+sNc?PMuQ=D)+$qqv~7f0?O#*9_RjjB2cJ&Ax45yk zrF!q$O|_P9FcRlwK-T?-5d@yX)kxW-oA`Ld`0w$In~a%DP26N0sB91}k$=Y9kh4C< zc#D4QR-%#p(aaWgWV4oXj<>zlKiN^Ovj=cKmKw+&gWWW- z&U&6J8~18!ZdiG4qpiIlJA6S4K9-Fau-$ri)XQ?Z!w?-GOn=KZG010M*16r2(}pqb z6Lwe+$K<&N3`*%Aomc9%zgg_->Qnf^lWtY^>khkgZR&@4Sf)Zintci>7_WCjG)nSVBm*YEG_)uZ-)mOOE#fwVXiu;l9HA10f z4)Jb2Q7+lLg6XkVZ&S`fE_EaO414txNUec5!EiWQI9;KO31Pq8-(e?afOsC}LW8l=>{-{Gjv}M(3HAc@#+Oy1?A);D1J$Euw}T z**HhJ-;X5Nho=f!t_o?y36(1Bf-3T%D$3k$){Fx&f&-)^uuOO$?(l*5ZDuR90ZSy_ zHX=}X6?2a^nP@#AJA4pF6g36_7Yw$=U`!8RX@<_X!Y)G0Y8BIJ71;R@!x>g4@(-pg zFVDN+httjT)#G95>e=#XZajFF7P|U{ZYuS8s->++r%`w&A9!^5PCzTPt~HwA6pFcz zbMHDx_dKjPvwU767dM}WpRcp@Wgk{u|B0c4whq&u80drZXm`}K42Ewb=6l&dX_Y3& z={P5&!3_!a^EQj5@rr?MM`ioV-K8=s-io=$Wp-?MuJQh~F%9jZl6F_l*#5$QKx1{* zfYxs!S4hc)(tvU{c_J7z>85-9z4AX(@F4Ff?4!0%0wHX?SOKiD#EO{2j+eWKCG_na z+8scBAzyz_U1d6C)xayMk&>GX_RojOo%gJF8i<*S8aUb(h}G`@)R=b$z?#@u82rP- z#|&fWwMRavf8EApUDG9*dT*-LQ+D66IxQ)gxcA#m%x@D$g6^+c2SQfq2rIuGyF;vv zZ?7Yp&foVO@{>;EVzB->>@0+5N+CL%KE$Iv(1u!sP<`S=dFWZds)!?c=3H+L6F7kRd z2GP~@XL;-I%W3BA)JEV8^3ffu$ow?&0RvK``z=Sf*1#dH#Yl#6qFXO*wD8smQUK z@rHU)PJgw$TB`{9U5_^Lg6cKw5;^kA!BsniNQWay&LjOXJ>=YUBI%oh;|OsbmhqdO zR3;;BRUoAjvYbSDkVm-r<-kp*$Z|Ddu%gNKZTzlqLWlzI!NytZ;haOzRVI`!^Z8p& zlQ=@7##XvsO6$^YXqVC)kmJ2-3f6}fZ9q?G(c^41@`%Xdx}KAA zr&UM>K+MjPjGssfEmEK(Z#F|uu+atsdUEoZY@{eubOR5f@h~C=@X<%pEH53HBZGzW zEwEpo%V~@Z>iaax_SMvG1$7W(SvvZ*saZuy=ztUb zOAKV8#_w~v#PGA+br{cPdokE_3LEFlu43v}_l?i4FQaw6PHT~%$AzcLwe2I(zG}Al z|HOz&xyH~*Oammhb3`ddg0~W-Y>V1)LW+)%peDN35Lf6)>4pV)N@SGd#C*IZ?Y@2U z#mMvW?ekUWj$HafDSbpu|DfM(A~azF*bU&^c%8Cw)%r`t(SQ(GvulGZ-o-!-IB#`Y zkFvd}c>!mub!4pqZL_n^mtVeul6D$}q|WvwZePt4w8VtFo5yF_t&+t{VNMSjZwJooa(gb`*W1dPA7h+(r#*~*UjjIqj?lw*hdT^mciA9 zu%iOU$NK3%bjP!2MeD;w61@LMI}ZuI{2MO9fRjk@!AhI}D~^|#Fdo{jkzX#FDZNT`!)9vQ8%mdy z+OMQOQo7!s#~tycC&cL(de4*_vpE{wd>#%<7+6Ddi7?%7!Bu zc(HUF@`!vAkJc*D!f`ZXVQ4d;v?!2If;9)QK11>LR%KU0-Uif}Q!A(Ve4_N)bIQ~d zvD<@t&D6o{h1X%)%j_KkhMqV2KOO?Q!XfH0n_;E_QDx9b88j1vU3lrv>Nu`W_si4A zmw(tU2fM`vd@vjDD8WZ7aY~Z?(L*?q-cF*%d)wk_HA5#1k(-^U7u2EG^wdEkM!gnF z(elunDzr`M{FFvpoKC%$MY(6Dc)F2xxod+~eW`R6{e?EK2Qqo(X<|_Ntoe7g|M=`R z{{k~PR1Pm9mTTeV0KZ`-!PoX$tQ_xO+W*fWQlFlsHBfEy zX;0+zY|E&ZYTBO?>Q&oE@7y}Rb<7t>5WNOKs{^GrE3 zT>_i3eX>L0S-PC3J%FrBuvQYBdAZDIFBARwUOa-AayV825WfevBqq-^v|(l0GtIsg z>_-oHv@#F+Uvk=eHhok$`;!ntHMDY~iHTx&V-xLp?fl0^$>h&(6k|gyJ@iEnu{4l{ zPPuaD>+-7Q$~OKc1u0!xaA=5BBo*uXkkx-9$9SbxTBJhvrdn#-E~K>FwrW$9*sr2p zmw2{Y(^hWZ0lj}K8V3JPc(%paQk7m_Ny?6ixDNi2K*KxTfA7je@rM)Nm#{Ks#+vN1 z@Yu*BIhZY#teE3qX8kdI>D*fMv@Y zb}8NBaz1Xr-w^q|c>fT;KB-;RK(cGu>-@=p%_diS$751v8lbU**D`B2|{gCwI~ z=GlHh?7purT9gLavtjO)kLsLvdt2Z2e|V=;yW{aIKZW*P-e3O7GO)nU#zP^$yE5A2 ziT6_Xjp*Bk@jq@`otPN!;Vt{Y|7b576LCxg- - - - - - - - Apache HTTP Server Version 1.3 Documentation - - - -

- -
- - - - -
-
- -
-
- - - - - - - - - -
- - - - - - - - -
- Miscellaneous information
Apache License
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Reference Manual
Starting
Stopping or - Restarting
Run-time - Configuration Directives
Modules: By - Type or Alphabetical
Server and Supporting - Programs
Dynamic Shared Object (DSO) - Support
The Apache API -
- - - - - - - - -
- Platform Specific Notes
Support for IPv6 -
- 		- - - - -
.
- 		- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Using - the Apache HTTP Server
Authentication, - Authorization, and Access Control
CGI: Dynamic Content with - CGI
Configuration - Files
Content - negotiation
Environment Variables -
General - Performance hints
Handlers
Log Files
Security - tips
Server Side - Includes
Server-Wide - Configuration
suexec: Using SetUserID Execution - for CGI
URL Mapping: Mapping - URLs to the Filesystem
URL Rewriting - Guide
Virtual Hosts -
- - - - - - - - - - - - - - - - - - - - - -
Other - Topics
Frequently Asked - Questions
SiteMap -
Tutorials -
Other Notes
-
-
-
-
- -

Maintained by the Apache HTTP Server - Documentation Project.

-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/invoking.html b/usr.sbin/httpd/htdocs/manual/invoking.html deleted file mode 100644 index a8967264149..00000000000 --- a/usr.sbin/httpd/htdocs/manual/invoking.html +++ /dev/null @@ -1,148 +0,0 @@ - - - - - - - - Starting Apache - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Starting Apache

- - -
- -

Starting Apache on Unix

- -

On Unix, the httpd program - is run as a daemon which executes continuously in the - background to handle requests. It is possible to have Apache - invoked by the Internet daemon inetd each time a - connection to the HTTP service is made using the ServerType directive, but - this is not recommended.

- -

If the Port specified in - the configuration file is the default of 80 (or any other port - below 1024), then it is necessary to have root privileges in - order to start Apache, so that it can bind to this privileged - port. Once the server has started and completed a few - preliminary activities such as opening its log files, it will - launch several child processes which do the work of - listening for and answering requests from clients. The main - httpd process continues to run as the root user, - but the child processes run as a less privileged user. This is - controlled by Apache's process creation - directives.

- -

The first thing that httpd does when it is - invoked is to locate and read the configuration file - httpd.conf. The location of this file is set at - compile-time, but it is possible to specify its location at run - time using the -f command-line option as in

- -
- /usr/local/apache/bin/httpd -f - /usr/local/apache/conf/httpd.conf -
- -

As an alternative to invoking the httpd binary - directly, a shell script called apachectl is provided which - can be used to control the daemon process with simple commands - such as apachectl start and apachectl - stop.

- -

If all goes well during startup, the server will detach from - the terminal and the command prompt will return almost - immediately. This indicates that the server is up and running. - You can then use your browser to connect to the server and view - the test page in the DocumentRoot directory - and the local copy of the documentation linked from that - page.

- -

Errors During - Start-up

- -

If Apache suffers a fatal problem during startup, it will - write a message describing the problem either to the console or - to the ErrorLog before - exiting. One of the most common error messages is "Unable - to bind to Port ...". This message is usually caused by - either:

- -
    -
  • Trying to start the server on a privileged port when not - logged in as the root user; or
    • - -
  • Trying to start the server when there is another instance - of Apache or some other web server already bound to the same - port.
    • -
- -

For further trouble-shooting instructions, consult the - Apache FAQ.

- -

Starting at Boot-Time

- -

If you want your server to continue running after a system - reboot, you should add a call to httpd or - apachectl to your system startup files (typically - rc.local or a file in an rc.N - directory). This will start Apache as root. Before doing this - ensure that your server is properly configured for security and - access restrictions. The apachectl script is - designed so that it can often be linked directly as an init - script, but be sure to check the exact requirements of your - system.

- -

Additional Information

- -

Additional information about the command-line options of httpd and apachectl as well as other - support programs included with the server is available on the - Server and Supporting Programs page. - There is also documentation on all the modules included with the Apache distribution - and the directives that they - provide.

-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/ipv6.html b/usr.sbin/httpd/htdocs/manual/ipv6.html deleted file mode 100644 index 29503958804..00000000000 --- a/usr.sbin/httpd/htdocs/manual/ipv6.html +++ /dev/null @@ -1,231 +0,0 @@ - - - - - - - IPv6 Support for the OpenBSD Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

IPv6 Support for the OpenBSD Apache HTTP Server

- -

This document explains how OpenBSD Apache makes use of IPv6.

- - -

-To support IPv6 the apache module API/ABI had to be changed, to avoid -IPv4-dependent structure member variables (like use of u_long to hold -an IPv4 address, or whatever). Keep this in mind when writing new -modules or adding modules to the ports collection. -

- -Basically you can write IPv6 address where IPv4 address fits. - -

extra command-line argument

- -
-
-4
Assume IPv4 address on ambiguous directives (default)
-
-6
Assume IPv6 address on ambiguous directives
-
-U
Don't assume a specific address family on ambiguous -directives
-
- -

-The above options can be used to remove ambiguities in directives, -for example "BindAddress *". -

- -

base commands

-

Listen

-

-Listen is expanded to take one or two arguments. -

-
-	Listen port
-	Listen address:port
-	Listen address port
-
-

-This is to let you specify "Listen :: 80", since "Listen :::80" -won't work. -

-

-If you want httpd to listen on port 80 of all IPv4 and IPv6 addresses -simultaneously, you would specify this using the following commands in -your main server configuration: -

-	Listen 0.0.0.0 80
-	Listen :: 80
-
- - -

mod_access

- -deny from
-allow from - -

-"deny from" and "allow from" supports IPv6 addresses, under the -following forms: -

- -
-	{deny,allow} from v6addr
-	{deny,allow} from v6addr/v6mask
-	{deny,allow} from v6addr/prefixlen
-
- -

-Also, wildcard ("*") and string hostname matches IPv6 hosts as well. -

- -

mod_proxy

- -ProxyRequests on
- -

-http/ftp proxying for both IPv4 and IPv6 is possible. -Access control functions (NoProxy) are not updated yet. -

-

-NOTE: for security reasons, we recommend you to filter out -outsider's access to your proxy, by directives like below: -

-
-	
-	order deny,allow
-	deny from all
-	allow from 10.0.0.0/8
-	allow from 3ffe:9999:8888:7777::/64
-	
-
- -

virtual host

-

-If you would like to this feature, you must describe 'Listen' -part on configuration file explicitly. like below: -

-
-	Listen :: 80
-	Listen 0.0.0.0 80
-
- -NameVirtualHost
-

-NameVirtualHost is expanded to take one or two arguments. -

-
-	NameVirtualHost address
-	NameVirtualHost address:port
-	NameVirtualHost address port
-
-

-This is to let you specify IPv6 address into address part. -

-

-Note that, if a colon is found in the specified address string, -the code will try to resolve the address in the following way: -

    -
  1. try to resolve as address:port (most of IPv6 address fails) -
  2. if (1) is failed, try to resolve as address only -
-

-

-If there's ambiguity, i.e. 3ffe:0501::1:2, the address may not be -parsed as you expect (3ffe:0501::1 with port 2, or 3ffe:0501::1:2 -with default port). To get the right effect you are encouraged -to specify it without ambiguity. In IPv6 case "address port" -(specify address and port separated by a space) is the safest way. -

- -
-<VirtualHost host:port [host:port ...]>

-
-

-If you would like to specify IPv6 numeric address in host part, -use bracketed format like below: -

-

-	<VirtualHost [::1]:80>
-
-

-Note: Now we DO NOT handle old non-bracketed format, -

-
-	<VirtualHost 0:0:0:0:0:0:0:1:80>
-
-

-so configuration file must be updated. -

-

-Note: The following is bad example to specify host ::1 port 80. -This will treated as host ::1:80. -

-
-	<VirtualHost ::1:80>
-
- -

logresolve (src/support)

-

-error statistics in nameserver cache code is omitted. -

- -

mod_unique_id

-

-Originally mod_unique_id used IPv4 address as a seed for UNIQUE_ID, -and took IPv4 address registered onto DNS for the hostname (UNIX -hostname taken by gethostname(3)). Therefore, this does not work -for IPv6-only hosts as they do not have IPv4 address for them. -

-

-Now, UNIQUE_ID can be generated using IPv6 address. IPv6 address can -be used as the seed for UNIQUE_ID. -Because of this, UNIQUE_ID will be longer than normal apache. This -may cause problem with some of the CGI scripts. -The preference of the addresses is based on the order returned -by getaddrinfo(). If your getaddrinfo() returns IPv4 address, IPv4 -adderss will be used as a seed. -

-

-Note that some of IPv6 addresses are "scoped"; If you happened to use -link-local or site-local address as a seed, the UNIQUE_ID may not be -worldwide unique. -

-

-If longer UNIQUE_ID causes a problem, define SHORT_UNIQUE_ID in -mod_unique_id.c. In this case, length of UNIQUE_ID will be kept the -same. However, for IPv6 addresses mod_unique_id.c will use the last -32bit (not the whole 128bit) as the seed. Therefore, there can be -collision in UNIQUE_ID. -

-

-The behavior should be improved in the near future; we welcome your -inputs. -

- -

configuration file

-

-We do not support IPv4 mapped addresses (IPv6 address format like -::ffff:10.1.1.1) in configuration file. -

- -
- -

Apache HTTP Server

- Index - - - - diff --git a/usr.sbin/httpd/htdocs/manual/keepalive.html b/usr.sbin/httpd/htdocs/manual/keepalive.html deleted file mode 100644 index c3a3018dcdb..00000000000 --- a/usr.sbin/httpd/htdocs/manual/keepalive.html +++ /dev/null @@ -1,107 +0,0 @@ - - - - - - - - Apache Keep-Alive Support - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Apache Keep-Alive Support

-
- -

What is Keep-Alive?

- The Keep-Alive extension to HTTP, as defined by the - HTTP/1.1 draft, allows persistent connections. - These long-lived HTTP sessions allow multiple requests to be - send over the same TCP connection, and in some cases have been - shown to result in an almost 50% speedup in latency times for - HTML documents with lots of images. - -

Enabling Keep-Alive Support

- Apache 1.1 comes with Keep-Alive support on by default, however - there are some directives you can use to modify Apache's - behavior: - -

Note: Apache 1.2 uses a different syntax - for the KeepAlive - directive.

- -

KeepAlive

- Syntax: KeepAlive - max-requests
- Default: KeepAlive - 5
- Context: server config
- Status: Core - -

This directive enables Keep-Alive support. Set - max-requests to the maximum number of requests you - want Apache to entertain per connection. A limit is imposed to - prevent a client from hogging your server resources. Set this - to 0 to disable support.

- -

KeepAliveTimeout

- Syntax: KeepAliveTimeout - seconds
- Default: KeepAliveTimeout - 15
- Context: server config
- Status: Core - -

The number of seconds Apache will wait for a subsequent - request before closing the connection. Once a request has been - received, the timeout value specified by the Timeout directive - applies.

- -

When Keep-Alive Is Used

- In order for Keep-Alive support to be used, first the browser - must support it. Many current browsers, including Netscape - Navigator 2.0, and Spyglass Mosaic-based browsers (including - Microsoft Internet Explorer) do. Note, however, that some - Windows 95-based browsers misbehave with Keep-Alive-supporting - servers; they may occasionally hang on a connect. This has been - observed with several Windows browsers, and occurs when - connecting to any Keep-Alive server, not just Apache. Netscape - 3.0b5 and later versions are known to work around this problem. - - -

However, Keep-Alive support only is active with files where - the length is known beforehand. This means that most CGI - scripts, server-side included files and directory listings will - not use the Keep-Alive protocol. While this should be - completely transparent to the end user, it is something the - web-master may want to keep in mind.

-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/location.html b/usr.sbin/httpd/htdocs/manual/location.html deleted file mode 100644 index 5d29f24d1d8..00000000000 --- a/usr.sbin/httpd/htdocs/manual/location.html +++ /dev/null @@ -1,75 +0,0 @@ - - - - - - - Access Control by URL - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Access Control by URL

- -

The - <Location> Directive

- Syntax: <Location URL - prefix>
- Context: server config, virtual - host
- Status: core
- - -

The <Location> directive provides for access control - by URL. It is comparable to the <Directory> directive, - and should be matched with a </Location> directive. - Directives that apply to the URL given should be listed between - them. <Location> sections are processed in - the order they appear in the configuration file, after the - <Directory> sections and .htaccess files are - read.

- -

Note that, due to the way HTTP functions, URL - prefix should, save for proxy requests, be of the form - /path/, and should not include the - http://servername. It doesn't necessarily have to - protect a directory (it can be an individual file, or a number - of files), and can include wild-cards. In a wild-card string, - `?' matches any single character, and `*' matches any sequences - of characters.

- -

This functionality is especially useful when combined with - the SetHandler - directive. For example, to enable status requests, but allow - them only from browsers at foo.com, you might use:

-
-    <Location /status>
-    SetHandler server-status
-    Order Deny,Allow
-    Deny from all
-    Allow from .foo.com
-    </Location>
-
-
- -

Apache HTTP Server

- Index - - - - diff --git a/usr.sbin/httpd/htdocs/manual/logs.html b/usr.sbin/httpd/htdocs/manual/logs.html deleted file mode 100644 index 0e3e171fbfc..00000000000 --- a/usr.sbin/httpd/htdocs/manual/logs.html +++ /dev/null @@ -1,660 +0,0 @@ - - - - - - - Log Files - Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Log Files

- -

In order to effectively manage a web server, it is necessary - to get feedback about the activity and performance of the - server as well as any problems that may be occuring. The Apache - HTTP Server provides very comprehensive and flexible logging - capabilities. This document describes how to configure its - logging capabilities, and how to understand what the logs - contain.

- - -
- -

Security Warning

- -

Anyone who can write to the directory where Apache is - writing a log file can almost certainly gain access to the uid - that the server is started as, which is normally root. Do - NOT give people write access to the directory the logs - are stored in without being aware of the consequences; see the - security tips document - for details.

- -

In addition, log files may contain information supplied - directly by the client, without escaping. Therefore, it is - possible for malicious clients to insert control-characters in - the log files, so care must be taken in dealing with raw - logs.

-
- -

Error Log

- - - - - -
Related Directives
-
- ErrorLog
- LogLevel
- -

The server error log, whose name and location is set by the - ErrorLog directive, is the - most important log file. This is the place where Apache httpd - will send diagnostic information and record any errors that it - encounters in processing requests. It is the first place to - look when a problem occurs with starting the server or with the - operation of the server, since it will often contain details of - what went wrong and how to fix it.

- -

The error log is usually written to a file (typically - error_log on unix systems and - error.log on Windows and OS/2). On unix systems it - is also possible to have the server send errors to - syslog or pipe them to a - program.

- -

The format of the error log is relatively free-form and - descriptive. But there is certain information that is contained - in most error log entries. For example, here is a typical - message.

- -
- [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] - client denied by server configuration: - /export/home/live/ap/htdocs/test -
- -

The first item in the log entry is the date and time of the - message. The second entry lists the severity of the error being - reported. The LogLevel - directive is used to control the types of errors that are sent - to the error log by restricting the severity level. The third - entry gives the IP address of the client that generated the - error. Beyond that is the message itself, which in this case - indicates that the server has been configured to deny the - client access. The server reports the file-system path (as - opposed to the web path) of the requested document.

- -

A very wide variety of different messages can appear in the - error log. Most look similar to the example above. The error - log will also contain debugging output from CGI scripts. Any - information written to stderr by a CGI script will - be copied directly to the error log.

- -

It is not possible to customize the error log by adding or - removing information. However, error log entries dealing with - particular requests have corresponding entries in the access log. For example, the above example - entry corresponds to an access log entry with status code 403. - Since it is possible to customize the access log, you can - obtain more information about error conditions using that log - file.

- -

During testing, it is often useful to continuously monitor - the error log for any problems. On unix systems, you can - accomplish this using:

- -
- tail -f error_log -
-
- -

Access Log

- - - - - - - -
Related Modules
-
- mod_log_config
- 		Related Directives
-
- CustomLog
- LogFormat
- SetEnvIf -
- -

The server access log records all requests processed by the - server. The location and content of the access log are - controlled by the CustomLog - directive. The LogFormat - directive can be used to simplify the selection of the contents - of the logs. This section describes how to configure the server - to record information in the access log.

- -

Of course, storing the information in the access log is only - the start of log management. The next step is to analyze this - information to produce useful statistics. Log analysis in - general is beyond the scope of this document, and not really - part of the job of the web server itself. For more information - about this topic, and for applications which perform log - analysis, check the - Open Directory or - Yahoo.

- -

Various versions of Apache httpd have used other modules and - directives to control access logging, including - mod_log_referer, mod_log_agent, and the - TransferLog directive. The CustomLog - directive now subsumes the functionality of all the older - directives.

- -

The format of the access log is highly configurable. The - format is specified using a format string that - looks much like a C-style printf(1) format string. Some - examples are presented in the next sections. For a complete - list of the possible contents of the format string, see the mod_log_config - documentation.

- -

Common Log Format

- -

A typical configuration for the access log might look as - follows.

- -
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
- CustomLog logs/access_log common -
- -

This defines the nickname common and - associates it with a particular log format string. The format - string consists of percent directives, each of which tell the - server to log a particular piece of information. Literal - characters may also be placed in the format string and will be - copied directly into the log output. The quote character - (") must be escaped by placing a back-slash before - it to prevent it from being interpreted as the end of the - format string. The format string may also contain the special - control characters "\n" for new-line and - "\t" for tab.

- -

The CustomLog directive sets up a new log file - using the defined nickname. The filename for the - access log is relative to the ServerRoot unless it begins - with a slash.

- -

The above configuration will write log entries in a format - known as the Common Log Format (CLF). This standard format can - be produced by many different web servers and read by many log - analysis programs. The log file entries produced in CLF will - look something like this:

- -
- 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET - /apache_pb.gif HTTP/1.0" 200 2326 -
- -

Each part of this log entry is described below.

- -
-
127.0.0.1 (%h)
- -
This is the IP address of the client (remote host) which - made the request to the server. If HostnameLookups is - set to On, then the server will try to determine - the hostname and log it in place of the IP address. However, - this configuration is not recommended since it can - significantly slow the server. Instead, it is best to use a - log post-processor such as logresolve to determine - the hostnames. The IP address reported here is not - necessarily the address of the machine at which the user is - sitting. If a proxy server exists between the user and the - server, this address will be the address of the proxy, rather - than the originating machine.
- -
- (%l)
- -
The "hyphen" in the output indicates that the requested - piece of information is not available. In this case, the - information that is not available is the RFC 1413 identity of - the client determined by identd on the clients - machine. This information is highly unreliable and should - almost never be used except on tightly controlled internal - networks. Apache httpd will not even attempt to determine - this information unless IdentityCheck is set - to On.
- -
frank (%u)
- -
This is the userid of the person requesting the document - as determined by HTTP authentication. The same value is - typically provided to CGI scripts in the - REMOTE_USER environment variable. If the status - code for the request (see below) is 401, then this value - should not be trusted because the user is not yet - authenticated. If the document is not password protected, - this entry will be "-" just like the previous - one.
- -
[10/Oct/2000:13:55:36 -0700] - (%t)
- -
- The time that the server finished processing the request. - The format is: - -
- [day/month/year:hour:minute:second zone]
- day = 2*digit
- month = 3*letter
- year = 4*digit
- hour = 2*digit
- minute = 2*digit
- second = 2*digit
- zone = (`+' | `-') 4*digit -
- It is possible to have the time displayed in another format - by specifying %{format}t in the log format - string, where format is as in - strftime(3) from the C standard library. -
- -
"GET /apache_pb.gif HTTP/1.0" - (\"%r\")
- -
The request line from the client is given in double - quotes. The request line contains a great deal of useful - information. First, the method used by the client is - GET. Second, the client requested the resource - /apache_pb.gif, and third, the client used the - protocol HTTP/1.0. It is also possible to log - one or more parts of the request line independently. For - example, the format string "%m %U%q %H" will log - the method, path, query-string, and protocol, resulting in - exactly the same output as "%r".
- -
200 (%>s)
- -
This is the status code that the server sends back to the - client. This information is very valuable, because it reveals - whether the request resulted in a successful response (codes - beginning in 2), a redirection (codes beginning in 3), an - error caused by the client (codes beginning in 4), or an - error in the server (codes beginning in 5). The full list of - possible status codes can be found in the HTTP - specification (RFC2616 section 10).
- -
2326 (%b)
- -
The last entry indicates the size of the object returned - to the client, not including the response headers. If no - content was returned to the client, this value will be - "-". To log "0" for no content, use - %B instead.
-
- -

Combined Log - Format

- -

Another commonly used format string is called the Combined - Log Format. It can be used as follows.

- -
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" - \"%{User-agent}i\"" combined
- CustomLog log/acces_log combined -
- -

This format is exactly the same as the Common Log Format, - with the addition of two more fields. Each of the additional - fields uses the percent-directive - %{header}i, where header can be - any HTTP request header. The access log under this format will - look like:

- -
- 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET - /apache_pb.gif HTTP/1.0" 200 2326 - "http://www.example.com/start.html" "Mozilla/4.08 [en] - (Win98; I ;Nav)" -
- -

The additional fields are:

- -
-
"http://www.example.com/start.html" - (\"%{Referer}i\")
- -
The "Referer" (sic) HTTP request header. This gives the - site that the client reports having been referred from. (This - should be the page that links to or includes - /apache_pb.gif).
- -
"Mozilla/4.08 [en] (Win98; I ;Nav)" - (\"%{User-agent}i\")
- -
The User-Agent HTTP request header. This is the - identifying information that the client browser reports about - itself.
-
- -

Multiple Access - Logs

- -

Multiple access logs can be created simply by specifying - multiple CustomLog directives in the configuration - file. For example, the following directives will create three - access logs. The first contains the basic CLF information, - while the second and third contain referer and browser - information. The last two CustomLog lines show how - to mimic the effects of the ReferLog and - AgentLog directives.

- -
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
- CustomLog logs/access_log common
- CustomLog logs/referer_log "%{Referer}i -> %U"
- CustomLog logs/agent_log "%{User-agent}i" -
- -

This example also shows that it is not necessary to define a - nickname with the LogFormat directive. Instead, - the log format can be specified directly in the - CustomLog directive.

- -

Conditional - Logging

- -

There are times when it is convenient to exclude certain - entries from the access logs based on characteristics of the - client request. This is easily accomplished with the help of environment variables. First, an - environment variable must be set to indicate that the request - meets certain conditions. This is usually accomplished with SetEnvIf. Then the - env= clause of the CustomLog - directive is used to include or exclude requests where the - environment variable is set. Some examples:

- -
- # Mark requests from the loop-back interface
- SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
- # Mark requests for the robots.txt file
- SetEnvIf Request_URI "^/robots\.txt$" dontlog
- # Log what remains
- CustomLog logs/access_log common env=!dontlog -
- -

As another example, consider logging requests from - english-speakers to one log file, and non-english speakers to a - different log file.

- -
- SetEnvIf Accept-Language "en" english
- CustomLog logs/english_log common env=english
- CustomLog logs/non_english_log common env=!english -
- -

Although we have just shown that conditional logging is very - powerful and flexibly, it is not the only way to control the - contents of the logs. Log files are more useful when they - contain a complete record of server activity. It is often - easier to simply post-process the log files to remove requests - that you do not want to consider.

-
- -

Log Rotation

- -

On even a moderately busy server, the quantity of - information stored in the log files is very large. The access - log file typically grows 1 MB or more per 10,000 requests. It - will consequently be necessary to periodically rotate the log - files by moving or deleting the existing logs. This cannot be - done while the server is running, because Apache will continue - writing to the old log file as long as it holds the file open. - Instead, the server must be restarted after the log files are - moved or deleted so that it will open new log files.

- -

By using a graceful restart, the server can be - instructed to open new log files without losing any existing or - pending connections from clients. However, in order to - accomplish this, the server must continue to write to the old - log files while it finishes serving old requests. It is - therefore necessary to wait for some time after the restart - before doing any processing on the log files. A typical - scenario that simply rotates the logs and compresses the old - logs to save space is:

- -
- mv access_log access_log.old
- mv error_log error_log.old
- apachectl graceful
- sleep 600
- gzip access_log.old error_log.old -
- -

Another way to perform log rotation is using piped logs as discussed in the next - section.

-
- -

Piped Logs

- -

Apache httpd is capable of writing error and access log - files through a pipe to another process, rather than directly - to a file. This capability dramatically increases the - flexibility of logging, without adding code to the main server. - In order to write logs to a pipe, simply replace the filename - with the pipe character "|", followed by the name - of the executable which should accept log entries on its - standard input. Apache will start the piped-log process when - the server starts, and will restart it if it crashes while the - server is running. (This last feature is why we can refer to - this technique as "reliable piped logging".)

- -

Piped log processes are spawned by the parent Apache httpd - process, and inherit the userid of that process. This means - that piped log programs usually run as root. It is therefore - very important to keep the programs simple and secure.

- -

One important use of piped logs is to allow log rotation - without having to restart the server. The Apache HTTP Server - includes a simple program called rotatelogs for this - purpose. For example, to rotate the logs every 24 hours, you - can use:

- -
- CustomLog "|/usr/local/apache/bin/rotatelogs - /var/log/access_log 86400" common -
- -

A similar, but much more flexible log rotation program - called cronolog - is available at an external site.

- -

As with conditional logging, piped logs are a very powerful - tool, but they should not be used where a simpler solution like - off-line post-processing is available.

-
- -

Virtual - Hosts

- -

When running a server with many virtual - hosts, there are several options for dealing with log - files. First, it is possible to use logs exactly as in a - single-host server. Simply by placing the logging directives - outside the <VirtualHost> sections in the - main server context, it is possible to log all requests in the - same access log and error log. This technique does not allow - for easy collection of statistics on individual virtual - hosts.

- -

If CustomLog or ErrorLog - directives are placed inside a <VirtualHost> - section, all requests or errors for that virtual host will be - logged only to the specified file. Any virtual host which does - not have logging directives will still have its requests sent - to the main server logs. This technique is very useful for a - small number of virtual hosts, but if the number of hosts is - very large, it can be complicated to manage. In addition, it - can often create problems with insufficient file - descriptors.

- -

For the access log, there is a very good compromise. By - adding information on the virtual host to the log format - string, it is possible to log all hosts to the same log, and - later split the log into individual files. For example, - consider the following directives.

- -
- LogFormat "%v %l %u %t \"%r\" %>s %b" - comonvhost
- CustomLog logs/access_log comonvhost -
- -

The %v is used to log the name of the virtual - host that is serving the request. Then a program like split-logfile can be used to - post-process the access log in order to split it into one file - per virtual host.

- -

Unfortunately, no similar technique is available for the - error log, so you must choose between mixing all virtual hosts - in the same error log and using one error log per virtual - host.

-
- -

Other Log Files

- - - - - - - -
Related Modules
-
- mod_cgi
- mod_rewrite 		Related Directives
-
- PidFile
- RewriteLog
- RewriteLogLevel
- ScriptLog
- ScriptLogLength
- ScriptLogBuffer -
- -

PID File

- -

On startup, Apache httpd saves the process id of the parent - httpd process to the file logs/httpd.pid. This - filename can be changed with the PidFile directive. The - process-id is for use by the administrator in restarting and - terminating the daemon by sending signals to the parent - process; on Windows, use the -k command line option instead. - For more information see the Stopping - and Restarting page.

- -

Script Log

- -

In order to aid in debugging, the ScriptLog directive - allows you to record the input to and output from CGI scripts. - This should only be used in testing - not for live servers. - More information is available in the mod_cgi documentation.

- -

Rewrite Log

- -

When using the powerful and complex features of mod_rewrite, it is almost - always necessary to use the RewriteLog to help - in debugging. This log file produces a detailed analysis of how - the rewriting engine transforms requests. The level of detail - is controlled by the RewriteLogLevel - directive.

-
- -

Apache HTTP Server

- Index - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/API.html b/usr.sbin/httpd/htdocs/manual/misc/API.html deleted file mode 100644 index 15ed67c12ba..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/API.html +++ /dev/null @@ -1,1253 +0,0 @@ - - - - - - - Apache API notes - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache API notes

- These are some notes on the Apache API and the data structures - you have to deal with, etc. They are not yet nearly - complete, but hopefully, they will help you get your bearings. - Keep in mind that the API is still subject to change as we gain - experience with it. (See the TODO file for what might - be coming). However, it will be easy to adapt modules to any - changes that are made. (We have more modules to adapt than you - do). - -

A few notes on general pedagogical style here. In the - interest of conciseness, all structure declarations here are - incomplete --- the real ones have more slots that I'm not - telling you about. For the most part, these are reserved to one - component of the server core or another, and should be altered - by modules with caution. However, in some cases, they really - are things I just haven't gotten around to yet. Welcome to the - bleeding edge.

- -

Finally, here's an outline, to give you some bare idea of - what's coming up, and in what order:

- - - -

Basic concepts.

- We begin with an overview of the basic concepts behind the API, - and how they are manifested in the code. - -

Handlers, Modules, and - Requests

- Apache breaks down request handling into a series of steps, - more or less the same way the Netscape server API does - (although this API has a few more stages than NetSite does, as - hooks for stuff I thought might be useful in the future). These - are: - -
    -
  • URI -> Filename translation
    • - -
  • Auth ID checking [is the user who they say they - are?]
    • - -
  • Auth access checking [is the user authorized - here?]
    • - -
  • Access checking other than auth
    • - -
  • Determining MIME type of the object requested
    • - -
  • `Fixups' --- there aren't any of these yet, but the phase - is intended as a hook for possible extensions like - SetEnv, which don't really fit well - elsewhere.
    • - -
  • Actually sending a response back to the client.
    • - -
  • Logging the request
    • -
- These phases are handled by looking at each of a succession of - modules, looking to see if each of them has a handler - for the phase, and attempting invoking it if so. The handler - can typically do one of three things: - -
    -
  • Handle the request, and indicate that it has - done so by returning the magic constant OK.
    • - -
  • Decline to handle the request, by returning the - magic integer constant DECLINED. In this case, - the server behaves in all respects as if the handler simply - hadn't been there.
    • - -
  • Signal an error, by returning one of the HTTP error - codes. This terminates normal handling of the request, - although an ErrorDocument may be invoked to try to mop up, - and it will be logged in any case.
    • -
- Most phases are terminated by the first module that handles - them; however, for logging, `fixups', and non-access - authentication checking, all handlers always run (barring an - error). Also, the response phase is unique in that modules may - declare multiple handlers for it, via a dispatch table keyed on - the MIME type of the requested object. Modules may declare a - response-phase handler which can handle any request, - by giving it the key */* (i.e., a - wildcard MIME type specification). However, wildcard handlers - are only invoked if the server has already tried and failed to - find a more specific response handler for the MIME type of the - requested object (either none existed, or they all declined). - -

The handlers themselves are functions of one argument (a - request_rec structure. vide infra), which returns - an integer, as above.

- -

A brief tour of a - module

- At this point, we need to explain the structure of a module. - Our candidate will be one of the messier ones, the CGI module - --- this handles both CGI scripts and the - ScriptAlias config file command. It's actually a - great deal more complicated than most modules, but if we're - going to have only one example, it might as well be the one - with its fingers in every place. - -

Let's begin with handlers. In order to handle the CGI - scripts, the module declares a response handler for them. - Because of ScriptAlias, it also has handlers for - the name translation phase (to recognize - ScriptAliased URIs), the type-checking phase (any - ScriptAliased request is typed as a CGI - script).

- -

The module needs to maintain some per (virtual) server - information, namely, the ScriptAliases in effect; - the module structure therefore contains pointers to a functions - which builds these structures, and to another which combines - two of them (in case the main server and a virtual server both - have ScriptAliases declared).

- -

Finally, this module contains code to handle the - ScriptAlias command itself. This particular module - only declares one command, but there could be more, so modules - have command tables which declare their commands, and - describe where they are permitted, and how they are to be - invoked.

- -

A final note on the declared types of the arguments of some - of these commands: a pool is a pointer to a - resource pool structure; these are used by the server - to keep track of the memory which has been allocated, files - opened, etc., either to service a particular request, - or to handle the process of configuring itself. That way, when - the request is over (or, for the configuration pool, when the - server is restarting), the memory can be freed, and the files - closed, en masse, without anyone having to write - explicit code to track them all down and dispose of them. Also, - a cmd_parms structure contains various information - about the config file being read, and other status information, - which is sometimes of use to the function which processes a - config-file command (such as ScriptAlias). With no - further ado, the module itself:

-
-/* Declarations of handlers. */
-
-int translate_scriptalias (request_rec *);
-int type_scriptalias (request_rec *);
-int cgi_handler (request_rec *);
-
-/* Subsidiary dispatch table for response-phase handlers, by MIME type */
-
-handler_rec cgi_handlers[] = {
-{ "application/x-httpd-cgi", cgi_handler },
-{ NULL }
-};
-
-/* Declarations of routines to manipulate the module's configuration
- * info.  Note that these are returned, and passed in, as void *'s;
- * the server core keeps track of them, but it doesn't, and can't,
- * know their internal structure.
- */
-
-void *make_cgi_server_config (pool *);
-void *merge_cgi_server_config (pool *, void *, void *);
-
-/* Declarations of routines to handle config-file commands */
-
-extern char *script_alias(cmd_parms *, void *per_dir_config, char *fake,
-                          char *real);
-
-command_rec cgi_cmds[] = {
-{ "ScriptAlias", script_alias, NULL, RSRC_CONF, TAKE2,
-    "a fakename and a realname"},
-{ NULL }
-};
-
-module cgi_module = {
-   STANDARD_MODULE_STUFF,
-   NULL,                     /* initializer */
-   NULL,                     /* dir config creator */
-   NULL,                     /* dir merger --- default is to override */
-   make_cgi_server_config,   /* server config */
-   merge_cgi_server_config,  /* merge server config */
-   cgi_cmds,                 /* command table */
-   cgi_handlers,             /* handlers */
-   translate_scriptalias,    /* filename translation */
-   NULL,                     /* check_user_id */
-   NULL,                     /* check auth */
-   NULL,                     /* check access */
-   type_scriptalias,         /* type_checker */
-   NULL,                     /* fixups */
-   NULL,                     /* logger */
-   NULL                      /* header parser */
-};
-
- -

How handlers work

- The sole argument to handlers is a request_rec - structure. This structure describes a particular request which - has been made to the server, on behalf of a client. In most - cases, each connection to the client generates only one - request_rec structure. - -

A brief tour of the - request_rec

- The request_rec contains pointers to a resource - pool which will be cleared when the server is finished handling - the request; to structures containing per-server and - per-connection information, and most importantly, information - on the request itself. - -

The most important such information is a small set of - character strings describing attributes of the object being - requested, including its URI, filename, content-type and - content-encoding (these being filled in by the translation and - type-check handlers which handle the request, - respectively).

- -

Other commonly used data items are tables giving the MIME - headers on the client's original request, MIME headers to be - sent back with the response (which modules can add to at will), - and environment variables for any subprocesses which are - spawned off in the course of servicing the request. These - tables are manipulated using the ap_table_get and - ap_table_set routines.

- -
- Note that the Content-type header value - cannot be set by module content-handlers using the - ap_table_*() routines. Rather, it is set by - pointing the content_type field in the - request_rec structure to an appropriate string. - E.g., -
-  r->content_type = "text/html";
-
-
- Finally, there are pointers to two data structures which, in - turn, point to per-module configuration structures. - Specifically, these hold pointers to the data structures which - the module has built to describe the way it has been configured - to operate in a given directory (via .htaccess - files or <Directory> sections), for private - data it has built in the course of servicing the request (so - modules' handlers for one phase can pass `notes' to their - handlers for other phases). There is another such configuration - vector in the server_rec data structure pointed to - by the request_rec, which contains per (virtual) - server configuration data. - -

Here is an abridged declaration, giving the fields most - commonly used:

-
-struct request_rec {
-
-  pool *pool;
-  conn_rec *connection;
-  server_rec *server;
-
-  /* What object is being requested */
-
-  char *uri;
-  char *filename;
-  char *path_info;
-  char *args;           /* QUERY_ARGS, if any */
-  struct stat finfo;    /* Set by server core;
-                         * st_mode set to zero if no such file */
-
-  char *content_type;
-  char *content_encoding;
-
-  /* MIME header environments, in and out.  Also, an array containing
-   * environment variables to be passed to subprocesses, so people can
-   * write modules to add to that environment.
-   *
-   * The difference between headers_out and err_headers_out is that
-   * the latter are printed even on error, and persist across internal
-   * redirects (so the headers printed for ErrorDocument handlers will
-   * have them).
-   */
-
-  table *headers_in;
-  table *headers_out;
-  table *err_headers_out;
-  table *subprocess_env;
-
-  /* Info about the request itself... */
-
-  int header_only;     /* HEAD request, as opposed to GET */
-  char *protocol;      /* Protocol, as given to us, or HTTP/0.9 */
-  char *method;        /* GET, HEAD, POST, etc. */
-  int method_number;   /* M_GET, M_POST, etc. */
-
-  /* Info for logging */
-
-  char *the_request;
-  int bytes_sent;
-
-  /* A flag which modules can set, to indicate that the data being
-   * returned is volatile, and clients should be told not to cache it.
-   */
-
-  int no_cache;
-
-  /* Various other config info which may change with .htaccess files
-   * These are config vectors, with one void* pointer for each module
-   * (the thing pointed to being the module's business).
-   */
-
-  void *per_dir_config;   /* Options set in config files, etc. */
-  void *request_config;   /* Notes on *this* request */
-
-};
-
-
- -

Where request_rec - structures come from

- Most request_rec structures are built by reading - an HTTP request from a client, and filling in the fields. - However, there are a few exceptions: - -
    -
  • If the request is to an imagemap, a type map - (i.e., a *.var file), or a CGI script - which returned a local `Location:', then the resource which - the user requested is going to be ultimately located by some - URI other than what the client originally supplied. In this - case, the server does an internal redirect, - constructing a new request_rec for the new URI, - and processing it almost exactly as if the client had - requested the new URI directly.
    • - -
  • If some handler signaled an error, and an - ErrorDocument is in scope, the same internal - redirect machinery comes into play.
    • - -
  • - Finally, a handler occasionally needs to investigate `what - would happen if' some other request were run. For instance, - the directory indexing module needs to know what MIME type - would be assigned to a request for each directory entry, in - order to figure out what icon to use. - -

    Such handlers can construct a sub-request, - using the functions ap_sub_req_lookup_file, - ap_sub_req_lookup_uri, and - ap_sub_req_method_uri; these construct a new - request_rec structure and processes it as you - would expect, up to but not including the point of actually - sending a response. (These functions skip over the access - checks if the sub-request is for a file in the same - directory as the original request).

    - -

    (Server-side includes work by building sub-requests and - then actually invoking the response handler for them, via - the function ap_run_sub_req).

    -
    • -
- -

Handling requests, - declining, and returning error codes

- As discussed above, each handler, when invoked to handle a - particular request_rec, has to return an - int to indicate what happened. That can either be - -
    -
  • OK --- the request was handled successfully. This may or - may not terminate the phase.
    • - -
  • DECLINED --- no erroneous condition exists, but the - module declines to handle the phase; the server tries to find - another.
    • - -
  • an HTTP error code, which aborts handling of the - request.
    • -
- Note that if the error code returned is REDIRECT, - then the module should put a Location in the - request's headers_out, to indicate where the - client should be redirected to. - -

Special - considerations for response handlers

- Handlers for most phases do their work by simply setting a few - fields in the request_rec structure (or, in the - case of access checkers, simply by returning the correct error - code). However, response handlers have to actually send a - request back to the client. - -

They should begin by sending an HTTP response header, using - the function ap_send_http_header. (You don't have - to do anything special to skip sending the header for HTTP/0.9 - requests; the function figures out on its own that it shouldn't - do anything). If the request is marked - header_only, that's all they should do; they - should return after that, without attempting any further - output.

- -

Otherwise, they should produce a request body which responds - to the client as appropriate. The primitives for this are - ap_rputc and ap_rprintf, for - internally generated output, and ap_send_fd, to - copy the contents of some FILE * straight to the - client.

- -

At this point, you should more or less understand the - following piece of code, which is the handler which handles - GET requests which have no more specific handler; - it also shows how conditional GETs can be handled, - if it's desirable to do so in a particular response handler --- - ap_set_last_modified checks against the - If-modified-since value supplied by the client, if - any, and returns an appropriate code (which will, if nonzero, - be USE_LOCAL_COPY). No similar considerations apply for - ap_set_content_length, but it returns an error - code for symmetry.

-
-int default_handler (request_rec *r)
-{
-    int errstatus;
-    FILE *f;
-
-    if (r->method_number != M_GET) return DECLINED;
-    if (r->finfo.st_mode == 0) return NOT_FOUND;
-
-    if ((errstatus = ap_set_content_length (r, r->finfo.st_size))) {
-        return errstatus;
-    }
-
-    r->mtime = r->finfo.st_mtime;
-    ap_set_last_modified (r);
-
-    f = ap_pfopen (r->pool, r->filename, "r");
-
-    if (f == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-             "file permissions deny server access: %s", r->filename);
-        return FORBIDDEN;
-    }
-
-    ap_soft_timeout ("send", r);
-    ap_send_http_header (r);
-
-    if (!r->header_only) ap_send_fd (f, r);
-    ap_pfclose (r->pool, f);
-
-    ap_kill_timeout (r);
-    return OK;
-}
-
- Finally, if all of this is too much of a challenge, there are a - few ways out of it. First off, as shown above, a response - handler which has not yet produced any output can simply return - an error code, in which case the server will automatically - produce an error response. Secondly, it can punt to some other - handler by invoking ap_internal_redirect, which is - how the internal redirection machinery discussed above is - invoked. A response handler which has internally redirected - should always return OK. - -

(Invoking ap_internal_redirect from handlers - which are not response handlers will lead to serious - confusion).

- -

Special - considerations for authentication handlers

- Stuff that should be discussed here in detail: - -
    -
  • Authentication-phase handlers not invoked unless auth is - configured for the directory.
    • - -
  • Common auth configuration stored in the core per-dir - configuration; it has accessors ap_auth_type, - ap_auth_name, and ap_requires.
    • - -
  • Common routines, to handle the protocol end of things, at - least for HTTP basic authentication - (ap_get_basic_auth_pw, which sets the - connection->user structure field - automatically, and ap_note_basic_auth_failure, - which arranges for the proper WWW-Authenticate: - header to be sent back).
    • -
- -

Special - considerations for logging handlers

- When a request has internally redirected, there is the question - of what to log. Apache handles this by bundling the entire - chain of redirects into a list of request_rec - structures which are threaded through the - r->prev and r->next pointers. - The request_rec which is passed to the logging - handlers in such cases is the one which was originally built - for the initial request from the client; note that the - bytes_sent field will only be correct in the last request in - the chain (the one for which a response was actually sent). - -

Resource allocation and resource - pools

- -

One of the problems of writing and designing a server-pool - server is that of preventing leakage, that is, allocating - resources (memory, open files, etc.), without - subsequently releasing them. The resource pool machinery is - designed to make it easy to prevent this from happening, by - allowing resource to be allocated in such a way that they are - automatically released when the server is done with - them.

- -

The way this works is as follows: the memory which is - allocated, file opened, etc., to deal with a - particular request are tied to a resource pool which - is allocated for the request. The pool is a data structure - which itself tracks the resources in question.

- -

When the request has been processed, the pool is - cleared. At that point, all the memory associated with - it is released for reuse, all files associated with it are - closed, and any other clean-up functions which are associated - with the pool are run. When this is over, we can be confident - that all the resource tied to the pool have been released, and - that none of them have leaked.

- -

Server restarts, and allocation of memory and resources for - per-server configuration, are handled in a similar way. There - is a configuration pool, which keeps track of - resources which were allocated while reading the server - configuration files, and handling the commands therein (for - instance, the memory that was allocated for per-server module - configuration, log files and other files that were opened, and - so forth). When the server restarts, and has to reread the - configuration files, the configuration pool is cleared, and so - the memory and file descriptors which were taken up by reading - them the last time are made available for reuse.

- -

It should be noted that use of the pool machinery isn't - generally obligatory, except for situations like logging - handlers, where you really need to register cleanups to make - sure that the log file gets closed when the server restarts - (this is most easily done by using the function ap_pfopen, which also arranges - for the underlying file descriptor to be closed before any - child processes, such as for CGI scripts, are - execed), or in case you are using the timeout - machinery (which isn't yet even documented here). However, - there are two benefits to using it: resources allocated to a - pool never leak (even if you allocate a scratch string, and - just forget about it); also, for memory allocation, - ap_palloc is generally faster than - malloc.

- -

We begin here by describing how memory is allocated to - pools, and then discuss how other resources are tracked by the - resource pool machinery.

- -

Allocation of memory in pools

- -

Memory is allocated to pools by calling the function - ap_palloc, which takes two arguments, one being a - pointer to a resource pool structure, and the other being the - amount of memory to allocate (in chars). Within - handlers for handling requests, the most common way of getting - a resource pool structure is by looking at the - pool slot of the relevant - request_rec; hence the repeated appearance of the - following idiom in module code:

-
-int my_handler(request_rec *r)
-{
-    struct my_structure *foo;
-    ...
-
-    foo = (foo *)ap_palloc (r->pool, sizeof(my_structure));
-}
-
- -

Note that there is no ap_pfree --- - ap_palloced memory is freed only when the - associated resource pool is cleared. This means that - ap_palloc does not have to do as much accounting - as malloc(); all it does in the typical case is to - round up the size, bump a pointer, and do a range check.

- -

(It also raises the possibility that heavy use of - ap_palloc could cause a server process to grow - excessively large. There are two ways to deal with this, which - are dealt with below; briefly, you can use malloc, - and try to be sure that all of the memory gets explicitly - freed, or you can allocate a sub-pool of the main - pool, allocate your memory in the sub-pool, and clear it out - periodically. The latter technique is discussed in the section - on sub-pools below, and is used in the directory-indexing code, - in order to avoid excessive storage allocation when listing - directories with thousands of files).

- -

Allocating initialized memory

- -

There are functions which allocate initialized memory, and - are frequently useful. The function ap_pcalloc has - the same interface as ap_palloc, but clears out - the memory it allocates before it returns it. The function - ap_pstrdup takes a resource pool and a char - * as arguments, and allocates memory for a copy of the - string the pointer points to, returning a pointer to the copy. - Finally ap_pstrcat is a varargs-style function, - which takes a pointer to a resource pool, and at least two - char * arguments, the last of which must be - NULL. It allocates enough memory to fit copies of - each of the strings, as a unit; for instance:

-
-     ap_pstrcat (r->pool, "foo", "/", "bar", NULL);
-
- -

returns a pointer to 8 bytes worth of memory, initialized to - "foo/bar".

- -

Commonly-used pools in - the Apache Web server

- -

A pool is really defined by its lifetime more than anything - else. There are some static pools in http_main which are passed - to various non-http_main functions as arguments at opportune - times. Here they are:

- -
-
permanent_pool
- -
-
    -
  • never passed to anything else, this is the ancestor - of all pools
    • -
-
- -
pconf
- -
-
    -
  • subpool of permanent_pool
    • - -
  • created at the beginning of a config "cycle"; exists - until the server is terminated or restarts; passed to all - config-time routines, either via cmd->pool, or as the - "pool *p" argument on those which don't take pools
    • - -
  • passed to the module init() functions
    • -
-
- -
ptemp
- -
-
    -
  • sorry I lie, this pool isn't called this currently in - 1.3, I renamed it this in my pthreads development. I'm - referring to the use of ptrans in the parent... contrast - this with the later definition of ptrans in the - child.
    • - -
  • subpool of permanent_pool
    • - -
  • created at the beginning of a config "cycle"; exists - until the end of config parsing; passed to config-time - routines via cmd->temp_pool. Somewhat of a - "bastard child" because it isn't available everywhere. - Used for temporary scratch space which may be needed by - some config routines but which is deleted at the end of - config.
    • -
-
- -
pchild
- -
-
    -
  • subpool of permanent_pool
    • - -
  • created when a child is spawned (or a thread is - created); lives until that child (thread) is - destroyed
    • - -
  • passed to the module child_init functions
    • - -
  • destruction happens right after the child_exit - functions are called... (which may explain why I think - child_exit is redundant and unneeded)
    • -
-
- -
ptrans
- -
-
    -
  • should be a subpool of pchild, but currently is a - subpool of permanent_pool, see above
    • - -
  • cleared by the child before going into the accept() - loop to receive a connection
    • - -
  • used as connection->pool
    • -
-
- -
r->pool
- -
-
    -
  • for the main request this is a subpool of - connection->pool; for subrequests it is a subpool of - the parent request's pool.
    • - -
  • exists until the end of the request (i.e., - ap_destroy_sub_req, or in child_main after - process_request has finished)
    • - -
  • note that r itself is allocated from r->pool; - i.e., r->pool is first created and then r is - the first thing palloc()d from it
    • -
-
-
- -

For almost everything folks do, r->pool is the pool to - use. But you can see how other lifetimes, such as pchild, are - useful to some modules... such as modules that need to open a - database connection once per child, and wish to clean it up - when the child dies.

- -

You can also see how some bugs have manifested themself, - such as setting connection->user to a value from r->pool - -- in this case connection exists for the lifetime of ptrans, - which is longer than r->pool (especially if r->pool is a - subrequest!). So the correct thing to do is to allocate from - connection->pool.

- -

And there was another interesting bug in - mod_include/mod_cgi. You'll see in those that they do this test - to decide if they should use r->pool or r->main->pool. - In this case the resource that they are registering for cleanup - is a child process. If it were registered in r->pool, then - the code would wait() for the child when the subrequest - finishes. With mod_include this could be any old #include, and - the delay can be up to 3 seconds... and happened quite - frequently. Instead the subprocess is registered in - r->main->pool which causes it to be cleaned up when the - entire request is done -- i.e., after the output has - been sent to the client and logging has happened.

- -

Tracking open files, - etc.

- -

As indicated above, resource pools are also used to track - other sorts of resources besides memory. The most common are - open files. The routine which is typically used for this is - ap_pfopen, which takes a resource pool and two - strings as arguments; the strings are the same as the typical - arguments to fopen, e.g.,

-
-     ...
-     FILE *f = ap_pfopen (r->pool, r->filename, "r");
-
-     if (f == NULL) { ... } else { ... }
-
- -

There is also a ap_popenf routine, which - parallels the lower-level open system call. Both - of these routines arrange for the file to be closed when the - resource pool in question is cleared.

- -

Unlike the case for memory, there are functions to - close files allocated with ap_pfopen, and - ap_popenf, namely ap_pfclose and - ap_pclosef. (This is because, on many systems, the - number of files which a single process can have open is quite - limited). It is important to use these functions to close files - allocated with ap_pfopen and - ap_popenf, since to do otherwise could cause fatal - errors on systems such as Linux, which react badly if the same - FILE* is closed more than once.

- -

(Using the close functions is not mandatory, - since the file will eventually be closed regardless, but you - should consider it in cases where your module is opening, or - could open, a lot of files).

- -

Other sorts of resources --- cleanup functions

- -
- More text goes here. Describe the the cleanup primitives in - terms of which the file stuff is implemented; also, - spawn_process. -
- -

Pool cleanups live until clear_pool() is called: - clear_pool(a) recursively calls destroy_pool() on all subpools - of a; then calls all the cleanups for a; then releases all the - memory for a. destroy_pool(a) calls clear_pool(a) and then - releases the pool structure itself. i.e., - clear_pool(a) doesn't delete a, it just frees up all the - resources and you can start using it again immediately.

- -

Fine control --- creating and dealing with sub-pools, with - a note on sub-requests

- On rare occasions, too-free use of ap_palloc() and - the associated primitives may result in undesirably profligate - resource allocation. You can deal with such a case by creating - a sub-pool, allocating within the sub-pool rather than - the main pool, and clearing or destroying the sub-pool, which - releases the resources which were associated with it. (This - really is a rare situation; the only case in which it - comes up in the standard module set is in case of listing - directories, and then only with very large - directories. Unnecessary use of the primitives discussed here - can hair up your code quite a bit, with very little gain). - -

The primitive for creating a sub-pool is - ap_make_sub_pool, which takes another pool (the - parent pool) as an argument. When the main pool is cleared, the - sub-pool will be destroyed. The sub-pool may also be cleared or - destroyed at any time, by calling the functions - ap_clear_pool and ap_destroy_pool, - respectively. (The difference is that - ap_clear_pool frees resources associated with the - pool, while ap_destroy_pool also deallocates the - pool itself. In the former case, you can allocate new resources - within the pool, and clear it again, and so forth; in the - latter case, it is simply gone).

- -

One final note --- sub-requests have their own resource - pools, which are sub-pools of the resource pool for the main - request. The polite way to reclaim the resources associated - with a sub request which you have allocated (using the - ap_sub_req_... functions) is - ap_destroy_sub_req, which frees the resource pool. - Before calling this function, be sure to copy anything that you - care about which might be allocated in the sub-request's - resource pool into someplace a little less volatile (for - instance, the filename in its request_rec - structure).

- -

(Again, under most circumstances, you shouldn't feel obliged - to call this function; only 2K of memory or so are allocated - for a typical sub request, and it will be freed anyway when the - main request pool is cleared. It is only when you are - allocating many, many sub-requests for a single main request - that you should seriously consider the - ap_destroy_... functions).

- -

Configuration, commands and - the like

- One of the design goals for this server was to maintain - external compatibility with the NCSA 1.3 server --- that is, to - read the same configuration files, to process all the - directives therein correctly, and in general to be a drop-in - replacement for NCSA. On the other hand, another design goal - was to move as much of the server's functionality into modules - which have as little as possible to do with the monolithic - server core. The only way to reconcile these goals is to move - the handling of most commands from the central server into the - modules. - -

However, just giving the modules command tables is not - enough to divorce them completely from the server core. The - server has to remember the commands in order to act on them - later. That involves maintaining data which is private to the - modules, and which can be either per-server, or per-directory. - Most things are per-directory, including in particular access - control and authorization information, but also information on - how to determine file types from suffixes, which can be - modified by AddType and DefaultType - directives, and so forth. In general, the governing philosophy - is that anything which can be made configurable by - directory should be; per-server information is generally used - in the standard set of modules for information like - Aliases and Redirects which come into - play before the request is tied to a particular place in the - underlying file system.

- -

Another requirement for emulating the NCSA server is being - able to handle the per-directory configuration files, generally - called .htaccess files, though even in the NCSA - server they can contain directives which have nothing at all to - do with access control. Accordingly, after URI -> filename - translation, but before performing any other phase, the server - walks down the directory hierarchy of the underlying - filesystem, following the translated pathname, to read any - .htaccess files which might be present. The - information which is read in then has to be merged - with the applicable information from the server's own config - files (either from the <Directory> sections - in access.conf, or from defaults in - srm.conf, which actually behaves for most purposes - almost exactly like <Directory />).

- -

Finally, after having served a request which involved - reading .htaccess files, we need to discard the - storage allocated for handling them. That is solved the same - way it is solved wherever else similar problems come up, by - tying those structures to the per-transaction resource - pool.

- -

Per-directory configuration - structures

- Let's look out how all of this plays out in - mod_mime.c, which defines the file typing handler - which emulates the NCSA server's behavior of determining file - types from suffixes. What we'll be looking at, here, is the - code which implements the AddType and - AddEncoding commands. These commands can appear in - .htaccess files, so they must be handled in the - module's private per-directory data, which in fact, consists of - two separate tables for MIME types and encoding - information, and is declared as follows: -
-typedef struct {
-    table *forced_types;      /* Additional AddTyped stuff */
-    table *encoding_types;    /* Added with AddEncoding... */
-} mime_dir_config;
-
- When the server is reading a configuration file, or - <Directory> section, which includes one of - the MIME module's commands, it needs to create a - mime_dir_config structure, so those commands have - something to act on. It does this by invoking the function it - finds in the module's `create per-dir config slot', with two - arguments: the name of the directory to which this - configuration information applies (or NULL for - srm.conf), and a pointer to a resource pool in - which the allocation should happen. - -

(If we are reading a .htaccess file, that - resource pool is the per-request resource pool for the request; - otherwise it is a resource pool which is used for configuration - data, and cleared on restarts. Either way, it is important for - the structure being created to vanish when the pool is cleared, - by registering a cleanup on the pool if necessary).

- -

For the MIME module, the per-dir config creation function - just ap_pallocs the structure above, and a creates - a couple of tables to fill it. That looks like - this:

-
-void *create_mime_dir_config (pool *p, char *dummy)
-{
-    mime_dir_config *new =
-      (mime_dir_config *) ap_palloc (p, sizeof(mime_dir_config));
-
-    new->forced_types = ap_make_table (p, 4);
-    new->encoding_types = ap_make_table (p, 4);
-
-    return new;
-}
-
- Now, suppose we've just read in a .htaccess file. - We already have the per-directory configuration structure for - the next directory up in the hierarchy. If the - .htaccess file we just read in didn't have any - AddType or AddEncoding commands, its - per-directory config structure for the MIME module is still - valid, and we can just use it. Otherwise, we need to merge the - two structures somehow. - -

To do that, the server invokes the module's per-directory - config merge function, if one is present. That function takes - three arguments: the two structures being merged, and a - resource pool in which to allocate the result. For the MIME - module, all that needs to be done is overlay the tables from - the new per-directory config structure with those from the - parent:

-
-void *merge_mime_dir_configs (pool *p, void *parent_dirv, void *subdirv)
-{
-    mime_dir_config *parent_dir = (mime_dir_config *)parent_dirv;
-    mime_dir_config *subdir = (mime_dir_config *)subdirv;
-    mime_dir_config *new =
-      (mime_dir_config *)ap_palloc (p, sizeof(mime_dir_config));
-
-    new->forced_types = ap_overlay_tables (p, subdir->forced_types,
-                                        parent_dir->forced_types);
-    new->encoding_types = ap_overlay_tables (p, subdir->encoding_types,
-                                          parent_dir->encoding_types);
-
-    return new;
-}
-
- As a note --- if there is no per-directory merge function - present, the server will just use the subdirectory's - configuration info, and ignore the parent's. For some modules, - that works just fine (e.g., for the includes module, - whose per-directory configuration information consists solely - of the state of the XBITHACK), and for those - modules, you can just not declare one, and leave the - corresponding structure slot in the module itself - NULL. - -

Command handling

- Now that we have these structures, we need to be able to figure - out how to fill them. That involves processing the actual - AddType and AddEncoding commands. To - find commands, the server looks in the module's command - table. That table contains information on how many - arguments the commands take, and in what formats, where it is - permitted, and so forth. That information is sufficient to - allow the server to invoke most command-handling functions with - pre-parsed arguments. Without further ado, let's look at the - AddType command handler, which looks like this - (the AddEncoding command looks basically the same, - and won't be shown here): -
-char *add_type(cmd_parms *cmd, mime_dir_config *m, char *ct, char *ext)
-{
-    if (*ext == '.') ++ext;
-    ap_table_set (m->forced_types, ext, ct);
-    return NULL;
-}
-
- This command handler is unusually simple. As you can see, it - takes four arguments, two of which are pre-parsed arguments, - the third being the per-directory configuration structure for - the module in question, and the fourth being a pointer to a - cmd_parms structure. That structure contains a - bunch of arguments which are frequently of use to some, but not - all, commands, including a resource pool (from which memory can - be allocated, and to which cleanups should be tied), and the - (virtual) server being configured, from which the module's - per-server configuration data can be obtained if required. - -

Another way in which this particular command handler is - unusually simple is that there are no error conditions which it - can encounter. If there were, it could return an error message - instead of NULL; this causes an error to be - printed out on the server's stderr, followed by a - quick exit, if it is in the main config files; for a - .htaccess file, the syntax error is logged in the - server error log (along with an indication of where it came - from), and the request is bounced with a server error response - (HTTP error status, code 500).

- -

The MIME module's command table has entries for these - commands, which look like this:

-
-command_rec mime_cmds[] = {
-{ "AddType", add_type, NULL, OR_FILEINFO, TAKE2,
-    "a mime type followed by a file extension" },
-{ "AddEncoding", add_encoding, NULL, OR_FILEINFO, TAKE2,
-    "an encoding (e.g., gzip), followed by a file extension" },
-{ NULL }
-};
-
- The entries in these tables are: - -
    -
  • The name of the command
    • - -
  • The function which handles it
    • - -
  • a (void *) pointer, which is passed in the - cmd_parms structure to the command handler --- - this is useful in case many similar commands are handled by - the same function.
    • - -
  • A bit mask indicating where the command may appear. There - are mask bits corresponding to each - AllowOverride option, and an additional mask - bit, RSRC_CONF, indicating that the command may - appear in the server's own config files, but not in - any .htaccess file.
    • - -
  • A flag indicating how many arguments the command handler - wants pre-parsed, and how they should be passed in. - TAKE2 indicates two pre-parsed arguments. Other - options are TAKE1, which indicates one - pre-parsed argument, FLAG, which indicates that - the argument should be On or Off, - and is passed in as a boolean flag, RAW_ARGS, - which causes the server to give the command the raw, unparsed - arguments (everything but the command name itself). There is - also ITERATE, which means that the handler looks - the same as TAKE1, but that if multiple - arguments are present, it should be called multiple times, - and finally ITERATE2, which indicates that the - command handler looks like a TAKE2, but if more - arguments are present, then it should be called multiple - times, holding the first argument constant.
    • - -
  • Finally, we have a string which describes the arguments - that should be present. If the arguments in the actual config - file are not as required, this string will be used to help - give a more specific error message. (You can safely leave - this NULL).
    • -
- Finally, having set this all up, we have to use it. This is - ultimately done in the module's handlers, specifically for its - file-typing handler, which looks more or less like this; note - that the per-directory configuration structure is extracted - from the request_rec's per-directory configuration - vector by using the ap_get_module_config function. - -
-int find_ct(request_rec *r)
-{
-    int i;
-    char *fn = ap_pstrdup (r->pool, r->filename);
-    mime_dir_config *conf = (mime_dir_config *)
-             ap_get_module_config(r->per_dir_config, &mime_module);
-    char *type;
-
-    if (S_ISDIR(r->finfo.st_mode)) {
-        r->content_type = DIR_MAGIC_TYPE;
-        return OK;
-    }
-
-    if((i=ap_rind(fn,'.')) < 0) return DECLINED;
-    ++i;
-
-    if ((type = ap_table_get (conf->encoding_types, &fn[i])))
-    {
-        r->content_encoding = type;
-
-        /* go back to previous extension to try to use it as a type */
-
-        fn[i-1] = '\0';
-        if((i=ap_rind(fn,'.')) < 0) return OK;
-        ++i;
-    }
-
-    if ((type = ap_table_get (conf->forced_types, &fn[i])))
-    {
-        r->content_type = type;
-    }
-
-    return OK;
-}
-
-
- -

Side notes --- per-server - configuration, virtual servers, etc.

- The basic ideas behind per-server module configuration are - basically the same as those for per-directory configuration; - there is a creation function and a merge function, the latter - being invoked where a virtual server has partially overridden - the base server configuration, and a combined structure must be - computed. (As with per-directory configuration, the default if - no merge function is specified, and a module is configured in - some virtual server, is that the base configuration is simply - ignored). - -

The only substantial difference is that when a command needs - to configure the per-server private module data, it needs to go - to the cmd_parms data to get at it. Here's an - example, from the alias module, which also indicates how a - syntax error can be returned (note that the per-directory - configuration argument to the command handler is declared as a - dummy, since the module doesn't actually have per-directory - config data):

-
-char *add_redirect(cmd_parms *cmd, void *dummy, char *f, char *url)
-{
-    server_rec *s = cmd->server;
-    alias_server_conf *conf = (alias_server_conf *)
-            ap_get_module_config(s->module_config,&alias_module);
-    alias_entry *new = ap_push_array (conf->redirects);
-
-    if (!ap_is_url (url)) return "Redirect to non-URL";
-
-    new->fake = f; new->real = url;
-    return NULL;
-}
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html b/usr.sbin/httpd/htdocs/manual/misc/FAQ.html deleted file mode 100644 index 16508214293..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/FAQ.html +++ /dev/null @@ -1,3953 +0,0 @@ - - - - - - - Apache Server Frequently Asked Questions - - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache Server Frequently Asked - Questions

- -

The latest version of this FAQ is always available from the - main Apache web site, at <http://httpd.apache.org/docs/misc/FAQ.html>.

- - - - - - - - - - - - - - - - -

If you are reading a text-only version of this FAQ, you may - find numbers enclosed in brackets (such as "[12]"). These refer - to the list of reference URLs to be found at the end of the - document. These references do not appear, and are not needed, - for the hypertext version.

- -

The Questions

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - - - - - - - - -
  1. - Background - -
      -
    1. What is Apache?
      2. - -
    2. How and why was Apache - created?
      3. - -
    3. Why the name "Apache"?
      4. - -
    4. OK, so how does Apache compare to - other servers?
      5. - -
    5. How thoroughly tested is - Apache?
      6. - -
    6. What are the future plans for - Apache?
      7. - -
    7. Whom do I contact for - support?
      8. - -
    8. Is there any more information on - Apache?
      9. - -
    9. Where can I get Apache?
      10. - -
    10. May I use the Apache logo on my - product or Web site?
      11. -
    -
    2. - - - - - - - - - - - - - - - - - - - -
  2. - General Technical Questions - -
      -
    1. "Why can't I ...? Why won't ... - work?" What to do in case of problems
      2. - -
    2. How compatible is Apache with - my existing NCSA 1.3 setup?
      3. - -
    3. Is Apache Year 2000 - compliant?
      4. - -
    4. How do I submit a patch to - the Apache Group?
      5. - -
    5. Why has Apache stolen my - favourite site's Internet address?
      6. - -
    6. Why am I getting spam mail from the - Apache site?
      7. - -
    7. May I include the Apache software - on a CD or other package I'm distributing?
      8. - -
    8. What's the best hardware/operating - system/... How do I get the most out of my Apache Web - server?
      9. - -
    9. What are "regular - expressions"?
      10. - -
    10. Why isn't there a binary for my - platform?
      11. -
    -
    3. - - - - - - - - - - - - - - - - - - - -
  3. - Building Apache - -
      -
    1. Why do I get an error about an - undefined reference to "__inet_ntoa" or - other __inet_* symbols?
      2. - -
    2. Why won't Apache compile with my - system's cc?
      3. - -
    3. Why do I get complaints about - redefinition of "struct iovec" when - compiling under Linux?
      4. - -
    4. I'm using gcc and I get some - compilation errors, what is wrong?
      5. - -
    5. I'm using RedHat Linux 5.0, or - some other glibc-based Linux system, and I - get errors with the crypt function when I - attempt to build Apache 1.2.
      6. -
    -
    4. - - - - - - - - - - - - - - - - - - - -
  4. - Error Log Messages and Problems Starting - Apache - -
      -
    1. Why do I get "setgid: Invalid - argument" at startup?
      2. - -
    2. Why am I getting "httpd: - could not set socket option TCP_NODELAY" in my - error log?
      3. - -
    3. Why am I getting - "connection reset by peer" in my error - log?
      4. - -
    4. The errorlog says Apache - dumped core, but where's the dump file?
      5. - -
    5. When I run it under Linux I - get "shmget: function not found", what should I - do?
      6. - -
    6. Server hangs, or fails to - start, and/or error log fills with "fcntl: - F_SETLKW: No record locks available" or similar - messages
      7. - -
    7. Why am I getting "Expected - </Directory> but saw </Directory>" - when I try to start Apache?
      8. - -
    8. I'm using RedHat Linux and I have - problems with httpd dying randomly or not restarting - properly
      9. - -
    9. I upgraded from an Apache version - earlier than 1.2.0 and suddenly I have problems with - Apache dying randomly or not restarting properly
      10. - -
    10. When I try to start Apache - from a DOS window, I get a message like "Cannot - determine host name. Use ServerName directive to set it - manually." What does this mean?
      11. - -
    11. When I try to start Apache for - Windows, I get a message like "Unable To Locate - WS2_32.DLL...". What should I do?
      12. - -
    12. Apache for Windows does - not start. Error log contains this message "[crit] - (10045) The attempted operation is not supported for the - type of object referenced: Parent: WSADuplicateSocket - failed for socket ###". What does this - mean?
      13. - -
    13. When I try to start Apache on - Windows, I get a message like "System error 1067 - has occurred. The process terminated - unexpectedly." What does this mean?
      14. - -
    14. On a SuSE Linux system, I try and - configure access control using basic authentication. - Although I follow the example exactly, authentication - fails, and an error message "admin: not a valid - FDN: ...." is logged.
      15. - -
    15. Why do I have weird entries in my - logs asking for default.ida and - cmd.exe?
      16. - -
    16. Why am I getting server restart - messages periodically, when I did not restart the - server?
      17. - -
    17. Why am I getting "module - module-name is not compatible with this version of - Apache" messages in my error log?
      18. - -
    -
    5. - - - - - - - - - - - - - - - - - - - -
  5. - Configuration Questions - -
      -
    1. Why can't I run more than - <n> virtual hosts?
      2. - -
    2. Can I increase - FD_SETSIZE on FreeBSD?
      3. - -
    3. Why doesn't my - ErrorDocument 401 work?
      4. - -
    4. Why does Apache send a cookie on - every response?
      5. - -
    5. Why do my Java app[let]s - give me plain text when I request an URL from an Apache - server?
      6. - -
    6. How do I get Apache to send a MIDI - file so the browser can play it?
      7. - -
    7. How do I add browsers and referrers - to my logs?
      8. - -
    8. Why does accessing - directories only work when I include the trailing "/" - (e.g.http://foo.domain.com/~user/) - but not when I omit it - (e.g.http://foo.domain.com/~user)?
      9. - -
    9. Why doesn't mod_info - list any directives?
      10. - -
    10. I upgraded to Apache 1.3 and now - my virtual hosts don't work!
      11. - -
    11. I'm using RedHat Linux and my - .htm files are showing up as HTML source rather than - being formatted!
      12. - -
    12. My .htaccess - files are being ignored.
      13. - -
    13. Why do I get a - "Forbidden" message whenever I try to access - a particular directory?
      14. - -
    14. Why do I get a - "Forbidden/You don't have permission to access / on - this server" message whenever I try to access my - server?
      15. - -
    15. Why do my files appear - correctly in Internet Explorer, but show up as source or - trigger a save window with Netscape; or, Why doesn't - Internet Explorer render my text/plain document - correctly?
      16. - -
    16. My site is accessible - under many different hostnames; how do I redirect clients - so that they see only a single name?
      17. - -
    17. Why can I access my website from the - server or from my local network, but I can't access it from - elsewhere on the Internet?
      18. - -
    18. How do I turn automatic directory listings - on or off?
      19. - -
    19. Why do my Options directives not have - the desired effect?
      20. - -
    20. How can I change the information - that Apache returns about itself in the headers?
      21. - -
    21. Why do I see requests for other sites - appearing in my log files?
      22. - -
    -
    6. - - - - - - - - - - - - - - - - - - - -
  6. - Dynamic Content (CGI and SSI) - -
      -
    1. How do I enable CGI - execution in directories other than the - ScriptAlias?
      2. - -
    2. What does it mean - when my CGIs fail with "Premature end of script - headers"?
      3. - -
    3. Why do I keep getting - "Method Not Allowed" for form POST requests?
      4. - -
    4. How can I get my script's - output without Apache buffering it? Why doesn't my server - push work?
      5. - -
    5. Where can I find the "CGI - specification"?
      6. - -
    6. Why isn't FastCGI included with - Apache any more?
      7. - -
    7. How do I enable SSI (parsed - HTML)?
      8. - -
    8. Why don't my parsed files get - cached?
      9. - -
    9. How can I have my script - output parsed?
      10. - -
    10. SSIs don't work for - VirtualHosts and/or user home directories
      11. - -
    11. How can I use - ErrorDocument and SSI to simplify customized - error messages?
      12. - -
    12. Why is the environment - variable REMOTE_USER not set?
      13. - -
    13. How do I allow each of my user - directories to have a cgi-bin directory?
      14. -
    -
    7. - - - - - - - - - - - - - - - - - - - -
  7. - Authentication and Access Restrictions - -
      -
    1. Why isn't restricting access by - host or domain name working correctly?
      2. - -
    2. How do I set up Apache - to require a username and password to access certain - documents?
      3. - -
    3. How do I set up Apache to - allow access to certain documents only if a site is - either a local site or the user supplies a - password and username?
      4. - -
    4. Why does my - authentication give me a server error?
      5. - -
    5. Do I have to keep the - (mSQL) authentication information on the same - machine?
      6. - -
    6. Why is my mSQL authentication - terribly slow?
      7. - -
    7. Can I use my - /etc/passwd file for Web page - authentication?
      8. - -
    8. Why does Apache ask for my - password twice before serving a file?
      9. - -
    9. How can I prevent people from - "stealing" the images from my web site?
      10. - -
    -
    8. - - - - - - - - - - - - - - - - - - - -
  8. - URL Rewriting - -
      -
    1. Where can I find - mod_rewrite rulesets which already solve particular - URL-related problems?
      2. - -
    2. Where can I find any - published information about URL-manipulations and - mod_rewrite?
      3. - -
    3. Why is mod_rewrite so - difficult to learn and seems so complicated?
      4. - -
    4. What can I do if my - RewriteRules don't work as expected?
      5. - -
    5. Why don't some of my - URLs get prefixed with DocumentRoot when using - mod_rewrite?
      6. - -
    6. How can I make all my URLs - case-insensitive with mod_rewrite?
      7. - -
    7. Why are RewriteRules in - my VirtualHost parts ignored?
      8. - -
    8. How can I use - strings with whitespaces in RewriteRule's ENV - flag?
      9. -
    -
    9. - - - - - - - - - - - - - - - - - - - -
  9. - Features - -
      -
    1. Does or will Apache act as a Proxy - server?
      2. - -
    2. What are "multiviews"?
      3. - -
    3. Why can't I publish to my - Apache server using PUT on Netscape Gold and other - programs?
      4. - -
    4. Why doesn't Apache include - SSL?
      5. - -
    5. How can I attach a footer to my - documents without using SSI?
      6. - -
    6. Does Apache include a search - engine?
      7. - -
    7. How can I rotate my log - files?
      8. - -
    8. How do I keep certain - requests from appearing in my logs?
      9. - -
    9. Does Apache include any sort of - database integration?
      10. - -
    10. Can I use Active Server Pages (ASP) - with Apache?
      11. - -
    11. Does Apache come with Java - support?
      12. -
    -
    10. - - - - - - - - -
-
- -

The Answers

- - - - - - - - - - - - - -

A. Background

- -
    -
  1. - What is - Apache? - -

    The Apache httpd server

    - -
      -
    • is a powerful, flexible, HTTP/1.1 compliant web - server
      • - -
    • implements the latest protocols, including HTTP/1.1 - (RFC2616)
      • - -
    • is highly configurable and extensible with - third-party modules
      • - -
    • can be customised by writing 'modules' using the - Apache module API
      • - -
    • provides full source code and comes with an - unrestrictive license
      • - -
    • runs on Windows NT/9x, Netware 5.x and above, OS/2, and most - versions of Unix, as well as several other operating - systems
      • - -
    • is actively being developed
      • - -
    • encourages user feedback through new ideas, bug - reports and patches
      • - -
    • - implements many frequently requested features, - including:
      -
      - - -
      -
      DBM databases for authentication
      - -
      allows you to easily set up password-protected - pages with enormous numbers of authorized users, - without bogging down the server.
      - -
      Customized responses to errors and problems
      - -
      Allows you to set up files, or even CGI scripts, - which are returned by the server in response to - errors and problems, e.g. setup a script to intercept - 500 Server Errors and perform - on-the-fly diagnostics for both users and - yourself.
      - -
      Multiple DirectoryIndex directives
      - -
      Allows you to say DirectoryIndex index.html - index.cgi, which instructs the server to - either send back index.html or run - index.cgi when a directory URL is - requested, whichever it finds in the directory.
      - -
      Unlimited flexible URL rewriting and - aliasing
      - -
      Apache has no fixed limit on the numbers of - Aliases and Redirects which may be declared in the - config files. In addition, a powerful rewriting - engine can be used to solve most URL manipulation - problems.
      - -
      Content negotiation
      - -
      i.e. the ability to automatically serve clients - of varying sophistication and HTML level compliance, - with documents which offer the best representation of - information that the client is capable of - accepting.
      - -
      Virtual Hosts
      - -
      A much requested feature, sometimes known as - multi-homed servers. This allows the server to - distinguish between requests made to different IP - addresses or names (mapped to the same machine). - Apache also offers dynamically configurable - mass-virtual hosting.
      - -
      Configurable Reliable Piped Logs
      - -
      You can configure Apache to generate logs in the - format that you want. In addition, on most Unix - architectures, Apache can send log files to a pipe, - allowing for log rotation, hit filtering, real-time - splitting of multiple vhosts into separate logs, and - asynchronous DNS resolving on the fly.
      -
      -
      • -
    -
    -
    2. - -
  2. - How and why was Apache - created? - -

    The About - Apache document explains how the Apache project evolved - from its beginnings as an outgrowth of the NCSA httpd - project to its current status as one of the fastest, most - efficient, and most functional web servers in - existence.

    -
    -
    3. - -
  3. - Why the name - "Apache"? - -

    The name 'Apache' was chosen from respect for - the Native American Indian tribe of Apache (Indé), - well-known - for their superior skills in warfare strategy and their - inexhaustible endurance. For more information on the - Apache Nation, we suggest searching - Google, - Northernlight, or - AllTheWeb.

    - -

    Secondarily, and more popularly (though incorrectly) accepted, - it's a considered cute name which stuck. Apache is "A - PAtCHy server". It was based on - some existing code and a series of "patch files".

    - -
    -
    4. - -
  4. - OK, so how does - Apache compare to other servers? - -

    For an independent assessment, see Web - Compare.

    - -

    Apache has been shown to be substantially faster, more - stable, and more feature-full than many other web servers. - Although certain commercial servers have claimed to surpass - Apache's speed (it has not been demonstrated that any of - these "benchmarks" are a good way of measuring WWW server - speed at any rate), we feel that it is better to have a - mostly-fast free server than an extremely-fast server that - costs thousands of dollars. Apache is run on sites that get - millions of hits per day, and they have experienced no - performance difficulties.

    -
    -
    5. - -
  5. - How thoroughly tested - is Apache? - -

    Apache is run on over 6 million Internet servers (as of - February 2000). It has been tested thoroughly by both - developers and users. The Apache Group maintains rigorous - standards before releasing new versions of their server, - and our server runs without a hitch on over one half of all - WWW servers available on the Internet. When bugs do show - up, we release patches and new versions as soon as they are - available.

    -
    -
    6. - -
  6. - What are the future - plans for Apache? - -
      -
    • to continue to be an "open source" no-charge-for-use - HTTP server,
      • - -
    • to keep up with advances in HTTP protocol and web - developments in general,
      • - -
    • to collect suggestions for fixes/improvements from - its users,
      • - -
    • to respond to needs of large volume providers as well - as occasional users.
      • -
    -
    -
    7. - -
  7. - Whom do I contact - for support? - -

    There is no official support for Apache. None of the - developers want to be swamped by a flood of trivial - questions that can be resolved elsewhere. Bug reports and - suggestions should be sent via the bug - report page. Other questions should be directed to the - Apache HTTP - Server Users List or the - comp.infosystems.www.servers.unix - or comp.infosystems.www.servers.ms-windows - newsgroup (as appropriate for the platform you use), where - some of the Apache team lurk, in the company of many other - httpd gurus who should be able to help.

    - -

    Commercial support for Apache is, however, available - from a number of third parties.

    -
    -
    8. - -
  8. - Is there any more - information available on Apache? - -

    Indeed there is. See the main Apache web site. There - is also a regular electronic publication called Apache - Week available. Links to relevant Apache - Week articles are included below where appropriate. - There are also some Apache-specific - books available.

    -
    -
    9. - -
  9. - Where can I get - Apache? - -

    You can find out how to download the source for Apache - at the project's main - web page.

    -
    -
    10. - -
  10. - - -

    You may NOT use any original artwork from the - Apache Software Foundation, nor make or use modified - versions of such artwork, except under the following - conditions:

    - -
      -
    • You may use the 'Powered by Apache' - graphic on a Web site that is being served by the - Apache HTTP server software.
      • - -
    • You may use the aforementioned 'Powered by Apache' - graphic or the - Apache Software Foundation logo in product - description and promotional material IF and ONLY - IF such use can in no way be interpreted as anything - other than an attribution. Using the Apache name and - artwork in a manner that implies endorsement of a product - or service is strictly forbidden.
      • -
    -
    -
    11. -
- - - - - - - - - - - - - - - - - - - -

B. General Technical Questions

- -
    -
  1. - "Why can't I ...? - Why won't ... work?" What to do in case of - problems - -

    If you are having trouble with your Apache server - software, you should take the following steps:

    - -
      -
    1. - Check the errorlog! - -

      Apache tries to be helpful when it encounters a - problem. In many cases, it will provide some details by - writing one or messages to the server error log. - Sometimes this is enough for you to diagnose & fix - the problem yourself (such as file permissions or the - like). The default location of the error log is - /usr/local/apache/logs/error_log, but see - the ErrorLog - directive in your config files for the location on your - server.

      -
      2. - -
    2. - Check the FAQ! - - -

      The latest version of the Apache Frequently-Asked - Questions list can always be found at the main Apache - web site.

      -
      3. - -
    3. - Check the Apache bug database - -

      Most problems that get reported to The Apache Group - are recorded in the bug database. - Please check the existing reports, - open and closed, before adding - one. If you find that your issue has already been - reported, please don't add a "me, too" report. - If the original report isn't closed yet, we suggest - that you check it periodically. You might also consider - contacting the original submitter, because there may be - an email exchange going on about the issue that isn't - getting recorded in the database.

      -
      4. - -
    4. - Ask in a user support group. - -

      A lot of common problems never make it to the bug - database because there's already high Q&A traffic - about them in the Users - mailing list or comp.infosystems.www.servers.unix - and related newsgroups. These newsgroups are also - available via - Google. Many Apache users, and some of the developers, - can be found roaming their virtual halls, so it is suggested - that you seek wisdom there. The chances are good that - you'll get a faster answer there than from the bug - database, even if you don't see your question - already posted.

      -
      5. - -
    5. - If all else fails, report the problem in the - bug database - -

      If you've gone through those steps above that are - appropriate and have obtained no relief, then please - do let The Apache Group know about the problem - by logging - a bug report.

      - -

      If your problem involves the server crashing and - generating a core dump, please include a backtrace (if - possible). As an example,

      - -
      -
      # cd ServerRoot
      - # dbx httpd core
      - (dbx) where
      -
      - -

      (Substitute the appropriate locations for your - ServerRoot and your httpd and - core files. You may have to use - gdb instead of dbx.)

      -
      6. -
    -
    -
    2. - -
  2. - How compatible - is Apache with my existing NCSA 1.3 setup? - -

    Apache attempts to offer all the features and - configuration options of NCSA httpd 1.3, as well as many of - the additional features found in NCSA httpd 1.4 and NCSA - httpd 1.5.

    - -

    NCSA httpd appears to be moving toward adding - experimental features which are not generally required at - the moment. Some of the experiments will succeed while - others will inevitably be dropped. The Apache philosophy is - to add what's needed as and when it is needed.

    - -

    Friendly interaction between Apache and NCSA developers - should ensure that fundamental feature enhancements stay - consistent between the two servers for the foreseeable - future.

    -
    -
    3. - -
  3. - Is Apache Year - 2000 compliant? - -

    Yes, Apache is Year 2000 compliant.

    - -

    Apache internally never stores years as two digits. On - the HTTP protocol level RFC1123-style addresses are - generated which is the only format a HTTP/1.1-compliant - server should generate. To be compatible with older - applications Apache recognizes ANSI C's - asctime() and RFC850-/RFC1036-style date - formats, too. The asctime() format uses - four-digit years, but the RFC850 and RFC1036 date formats - only define a two-digit year. If Apache sees such a date - with a value less than 70 it assumes that the century is - 20 rather than 19.

    - -

    Although Apache is Year 2000 compliant, you may still - get problems if the underlying OS has problems with dates - past year 2000 (e.g., OS calls which accept or - return year numbers). Most (UNIX) systems store dates - internally as signed 32-bit integers which contain the - number of seconds since 1st January 1970, so the - magic boundary to worry about is the year 2038 and not - 2000. But modern operating systems shouldn't cause any - trouble at all.

    - -

    The Apache HTTP Server project is an open-source - software product of the Apache Software Foundation. The - project and the Foundation cannot offer legal - assurances regarding any suitability of the software for - your application. There are several commercial Apache - support organizations and derivative server products - available that may be able to stand behind the software and - provide you with any assurances you may require. You may - find links to some of these vendors at <http://www.apache.org/info/support.cgi>.

    - -

    The Apache HTTP server software is distributed with the - following disclaimer, found in the software license:

    -
    -   THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
-   EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-   PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
-   ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-   NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-   STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-   ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-   OF THE POSSIBILITY OF SUCH DAMAGE.
- 
-
    -
    -
    4. - -
  4. - How do I - submit a patch to the Apache Group? - -

    The Apache Group encourages patches from outside - developers. There are 2 main "types" of patches: small - bugfixes and general improvements. Bugfixes should be - submitting using the Apache bug report - page. Improvements, modifications, and additions should - follow the instructions below.

    - -

    In general, the first course of action is to be a member - of the dev@httpd.apache.org mailing list. This - indicates to the Group that you are closely following the - latest Apache developments. Your patch file should be - generated using either 'diff -c' or - 'diff -u' against the latest CVS tree. To - submit your patch, send email to - dev@httpd.apache.org with a - Subject: line that starts with - [PATCH] and includes a general description of - the patch. In the body of the message, the patch should be - clearly described and then included at the end of the - message. If the patch-file is long, you can note a URL to - the file instead of the file itself. Use of MIME - enclosures/attachments should be avoided.

    - -

    Be prepared to respond to any questions about your - patches and possibly defend your code. If your patch - results in a lot of discussion, you may be asked to submit - an updated patch that incorporates all changes and - suggestions.

    -
    -
    5. - -
  5. - Why has Apache - stolen my favourite site's Internet address? - -

    The simple answer is: "It hasn't." This misconception is - usually caused by the site in question having migrated to - the Apache Web server software, but not having migrated the - site's content yet. When Apache is installed, the default - page that gets installed tells the Webmaster the - installation was successful. The expectation is that this - default page will be replaced with the site's real content. - If it doesn't, complain to the Webmaster, not to the Apache - project -- we just make the software and aren't responsible - for what people do (or don't do) with it.

    -
    -
    6. - -
  6. - Why am I getting spam - mail from the Apache site? - -

    The short answer is: "You aren't." Usually when someone - thinks the Apache site is originating spam, it's because - they've traced the spam to a Web site, and the Web site - says it's using Apache. See the previous FAQ entry for more details - on this phenomenon.

    - -

    No marketing spam originates from the Apache site. The - only mail that comes from the site goes only to addresses - that have been requested to receive the mail.

    -
    -
    7. - -
  7. - May I include the - Apache software on a CD or other package I'm - distributing? - -

    The detailed answer to this question can be found in the - Apache license, which is included in the Apache - distribution in the file LICENSE. You can also - find it on the Web at <http://www.apache.org/LICENSE.txt>.

    -
    -
    8. - -
  8. - What's the best - hardware/operating system/... How do I get the most out of - my Apache Web server? - -

    Check out Dean Gaudet's performance tuning page.

    -
    -
    9. - -
  9. - What are "regular - expressions"? - -

    Regular expressions are a way of describing a pattern - - for example, "all the words that begin with the letter A" - or "every 10-digit phone number" or even "Every sentence - with two commas in it, and no capital letter Q". Regular - expressions (aka "regex"s) are useful in Apache because - they let you apply certain attributes against collections - of files or resources in very flexible ways - for example, - all .gif and .jpg files under any "images" directory could - be written as /\/images\/.*(jpg|gif)$/.

    - -

    The best overview around is probably the one which comes - with Perl. We implement a simple subset of Perl's regex - support, but it's still a good way to learn what they mean. - You can start by going to the CPAN - page on regular expressions, and branching out from - there.

    -
    10. - -
  10. - Why isn't there a - binary for my platform? - -

    The developers make sure that the software builds and - works correctly on the platforms available to them; this - does not necessarily mean that your platform - is one of them. In addition, the Apache HTTP server project - is primarily source oriented, meaning that distributing - valid and buildable source code is the purpose of a - release, not making sure that there is a binary package for - all of the supported platforms.

    - -

    If you don't see a kit for your platform listed in the - binary distribution area (<URL:http://httpd.apache.org/dist/httpd/binaries/>), - it means either that the platform isn't available to any of - the developers, or that they just haven't gotten around to - preparing a binary for it. As this is a voluntary project, - they are under no obligation to do so. Users are encouraged - and expected to build the software themselves.

    - -

    The sole exception to these practices is the Windows - package. Unlike most Unix and Unix-like platforms, Windows - systems do not come with a bundled software development - environment, so we do prepare binary kits for - Windows when we make a release. Again, however, it's a - voluntary thing and only a limited number of the developers - have the capability to build the InstallShield package, so - the Windows release may lag somewhat behind the source - release. This lag should be no more than a few days at - most.

    -
    -
    11. -
- - - - - - - - - - - - - - - - - - - -

C. Building Apache

- -
    -
  1. - Why do I get an - error about an undefined reference to - "__inet_ntoa" or other __inet_* - symbols? - -

    If you have installed BIND-8 then this is - normally due to a conflict between your include files and - your libraries. BIND-8 installs its include files and - libraries /usr/local/include/ and - /usr/local/lib/, while the resolver that comes - with your system is probably installed in - /usr/include/ and /usr/lib/. If - your system uses the header files in - /usr/local/include/ before those in - /usr/include/ but you do not use the new - resolver library, then the two versions will conflict.

    - -

    To resolve this, you can either make sure you use the - include files and libraries that came with your system or - make sure to use the new include files and libraries. - Adding -lbind to the - EXTRA_LDFLAGS line in your - Configuration file, then re-running - Configure, should resolve the problem. (Apache - versions 1.2.* and earlier use EXTRA_LFLAGS - instead.)

    - -

    Note:As of BIND 8.1.1, the bind - libraries and files are installed under - /usr/local/bind by default, so you should not - run into this problem. Should you want to use the bind - resolvers you'll have to add the following to the - respective lines:

    - -
    -
    EXTRA_CFLAGS=-I/usr/local/bind/include
    - EXTRA_LDFLAGS=-L/usr/local/bind/lib
    - EXTRA_LIBS=-lbind
    -
    -
    -
    2. - -
  2. - Why won't Apache - compile with my system's cc? - -

    If the server won't compile on your system, it is - probably due to one of the following causes:

    - -
      -
    • The Configure script doesn't - recognize your system environment.
      - This might be either because it's completely unknown or - because the specific environment (include files, OS - version, et cetera) isn't explicitly handled. If - this happens, you may need to port the server to your OS - yourself.
      • - -
    • Your system's C compiler is - garbage.
      - Some operating systems include a default C compiler that - is either not ANSI C-compliant or suffers from other - deficiencies. The usual recommendation in cases like this - is to acquire, install, and use gcc.
      • - -
    • Your include files may be - confused.
      - In some cases, we have found that a compiler - installation or system upgrade has left the C header - files in an inconsistent state. Make sure that your - include directory tree is in sync with the compiler and - the operating system.
      • - -
    • Your operating system or compiler may be out - of revision.
      - Software vendors (including those that develop operating - systems) issue new releases for a reason; sometimes to - add functionality, but more often to fix bugs that have - been discovered. Try upgrading your compiler and/or your - operating system.
      • -
    - -

    The Apache Group tests the ability to build the server - on many different platforms. Unfortunately, we can't test - all of the OS platforms there are. If you have verified - that none of the above issues is the cause of your problem, - and it hasn't been reported before, please submit a problem - report. Be sure to include complete details, - such as the compiler & OS versions and exact error - messages.

    -
    -
    3. - -
  3. - Why do I get - complaints about redefinition of "struct - iovec" when compiling under Linux? - -

    This is a conflict between your C library includes and - your kernel includes. You need to make sure that the - versions of both are matched properly. There are two - workarounds, either one will solve the problem:

    - -
      -
    • Remove the definition of struct iovec - from your C library includes. It is located in - /usr/include/sys/uio.h. - Or,
      • - -
    • Add -DNO_WRITEV to the - EXTRA_CFLAGS line in your - Configuration and reconfigure/rebuild. This - hurts performance and should only be used as a last - resort.
      • -
    -
    -
    4. - -
  4. - I'm using gcc - and I get some compilation errors, what is - wrong? - -

    GCC parses your system header files and produces a - modified subset which it uses for compiling. This behavior - ties GCC tightly to the version of your operating system. - So, for example, if you were running IRIX 5.3 when you - built GCC and then upgrade to IRIX 6.2 later, you will have - to rebuild GCC. Similarly for Solaris 2.4, 2.5, or 2.5.1 - when you upgrade to 2.6. Sometimes you can type "gcc -v" - and it will tell you the version of the operating system it - was built against.

    - -

    If you fail to do this, then it is very likely that - Apache will fail to build. One of the most common errors is - with readv, writev, or - uio.h. This is not a bug with - Apache. You will need to re-install GCC.

    -
    -
    5. - -
  5. - I'm using - RedHat Linux 5.0, or some other glibc-based - Linux system, and I get errors with the crypt - function when I attempt to build Apache 1.2. - -

    glibc puts the crypt function - into a separate library. Edit your - src/Configuration file and set this:

    - -
    -
    EXTRA_LIBS=-lcrypt
    -
    - -

    Then re-run src/Configure and re-execute - the make.

    -
    -
    6. -
- - - - - - - - - - - - - - - - - - - -

D. Error Log Messages and Problems Starting Apache

- -
    -
  1. - Why do I get - "setgid: Invalid argument" at - startup? - -

    Your Group - directive (probably in conf/httpd.conf) needs - to name a group that actually exists in the - /etc/group file (or your system's equivalent). - This problem is also frequently seen when a negative number - is used in the Group directive (e.g., - "Group #-1"). Using a group name -- not - group number -- found in your system's group database - should solve this problem in all cases.

    -
    -
    2. - -
  2. - Why am I getting - "httpd: could not set socket option - TCP_NODELAY" in my error log? - -

    This message almost always indicates that the client - disconnected before Apache reached the point of calling - setsockopt() for the connection. It shouldn't - occur for more than about 1% of the requests your server - handles, and it's advisory only in any case.

    -
    -
    3. - -
  3. - Why am I getting - "connection reset by peer" in my error - log? - -

    This is a normal message and nothing about which to be - alarmed. It simply means that the client canceled the - connection before it had been completely set up - such as - by the end-user pressing the "Stop" button. People's - patience being what it is, sites with response-time - problems or slow network links may experience this more - than high capacity ones or those with large pipes to the - network.

    -
    -
    4. - -
  4. - The - errorlog says Apache dumped core, but where's the dump - file? - -

    In Apache version 1.2, the error log message about - dumped core includes the directory where the dump file - should be located. However, many Unixes do not allow a - process that has called setuid() to dump core - for security reasons; the typical Apache setup has the - server started as root to bind to port 80, after which it - changes UIDs to a non-privileged user to serve - requests.

    - -

    Dealing with this is extremely operating - system-specific, and may require rebuilding your system - kernel. Consult your operating system documentation or - vendor for more information about whether your system does - this and how to bypass it. If there is a - documented way of bypassing it, it is recommended that you - bypass it only for the httpd server process if - possible.

    - -

    The canonical location for Apache's core-dump files is - the ServerRoot - directory. As of Apache version 1.3, the location can be - set via the CoreDumpDirectory - directive to a different directory. Make sure that this - directory is writable by the user the server runs as (as - opposed to the user the server is started as).

    -
    -
    5. - -
  5. - When I run - it under Linux I get "shmget: function not found", what - should I do? - -

    Your kernel has been built without SysV IPC support. You - will have to rebuild the kernel with that support enabled - (it's under the "General Setup" submenu). Documentation for - kernel building is beyond the scope of this FAQ; you should - consult the - Kernel HOWTO, or the documentation provided with your - distribution, or a - Linux newsgroup/mailing list. As a last-resort - workaround, you can comment out the - #define USE_SHMGET_SCOREBOARD definition - in the LINUX section of - src/conf.h and rebuild the server (prior to - 1.3b4, simply removing - #define HAVE_SHMGET would have sufficed). - This will produce a server which is slower and less - reliable.

    -
    -
    6. - -
  6. - Server hangs, - or fails to start, and/or error log fills with - "fcntl: F_SETLKW: No record locks available" - or similar messages - -

    These are symptoms of a fine locking problem, which - usually means that the server is trying to use a - synchronization file on an NFS filesystem.

    - -

    Because of its parallel-operation model, the Apache Web - server needs to provide some form of synchronization when - accessing certain resources. One of these synchronization - methods involves taking out locks on a file, which means - that the filesystem whereon the lockfile resides must - support locking. In many cases this means it can't - be kept on an NFS-mounted filesystem.

    - -

    To cause the Web server to work around the NFS locking - limitations, include a line such as the following in your - server configuration files:

    - -
    -
    LockFile /var/run/apache-lock
    -
    - -

    The directory should not be generally writable - (e.g., don't use /var/tmp). See the - LockFile - documentation for more information.

    -
    -
    7. - -
  7. - Why am I getting - "Expected </Directory> but saw - </Directory>" when I try to start - Apache? - -

    This is a known problem with certain versions of the AIX - C compiler. IBM are working on a solution, and the issue is - being tracked by problem - report #2312.

    -
    -
    8. - -
  8. - I'm using RedHat Linux - and I have problems with httpd dying randomly or not - restarting properly - -

    RedHat Linux versions 4.x (and possibly earlier) RPMs - contain various nasty scripts which do not stop or restart - Apache properly. These can affect you even if you're not - running the RedHat supplied RPMs.

    - -

    If you're using the default install then you're probably - running Apache 1.1.3, which is outdated. From RedHat's ftp - site you can pick up a more recent RPM for Apache 1.2.x. - This will solve one of the problems.

    - -

    If you're using a custom built Apache rather than the - RedHat RPMs then you should rpm -e apache. In - particular you want the mildly broken - /etc/logrotate.d/apache script to be removed, - and you want the broken /etc/rc.d/init.d/httpd - (or httpd.init) script to be removed. The - latter is actually fixed by the apache-1.2.5 RPMs but if - you're building your own Apache then you probably don't - want the RedHat files.

    - -

    We can't stress enough how important it is for folks, - especially vendors to follow the stopping Apache directions - given in our documentation. In RedHat's defense, the broken - scripts were necessary with Apache 1.1.x because the Linux - support in 1.1.x was very poor, and there were various race - conditions on all platforms. None of this should be - necessary with Apache 1.2 and later.

    -
    -
    9. - -
  9. - I upgraded from an - Apache version earlier than 1.2.0 and suddenly I have - problems with Apache dying randomly or not restarting - properly - -

    You should read the previous note - about problems with RedHat installations. It is entirely - likely that your installation has start/stop/restart - scripts which were built for an earlier version of Apache. - Versions earlier than 1.2.0 had various race conditions - that made it necessary to use kill -9 at times - to take out all the httpd servers. But that should not be - necessary any longer. You should follow the directions on how to stop and - restart Apache.

    - -

    As of Apache 1.3 there is a script - src/support/apachectl which, after a bit of - customization, is suitable for starting, stopping, and - restarting your server.

    -
    -
    10. - -
  10. - When I try to - start Apache from a DOS window, I get a message like - "Cannot determine host name. Use ServerName directive - to set it manually." What does this mean? - -

    It means what it says; the Apache software can't - determine the hostname of your system. Edit your - conf\httpd.conf file, look for the string - "ServerName", and make sure there's an uncommented - directive such as

    - -
    -
    ServerName localhost
    -
    - -

    or

    - -
    -
    ServerName www.foo.com
    -
    - -

    in the file. Correct it if there one there with wrong - information, or add one if you don't already have one.

    - -

    Also, make sure that your Windows system has DNS - enabled. See the TCP/IP setup component of the Networking - or Internet Options control panel.

    - -

    After verifying that DNS is enabled and that you have a - valid hostname in your ServerName directive, - try to start the server again.

    -
    -
    11. - -
  11. - When I try to start - Apache for Windows, I get a message like "Unable To - Locate WS2_32.DLL...". What should I do? - -

    Short answer: You need to install Winsock 2, available - from http://www.microsoft.com/windows95/downloads/

    - -

    Detailed answer: Prior to version 1.3.9, Apache for - Windows used Winsock 1.1. Beginning with version 1.3.9, - Apache began using Winsock 2 features (specifically, - WSADuplicateSocket()). WS2_32.DLL implements the Winsock 2 - API. Winsock 2 ships with Windows NT 4.0 and Windows 98. - Some of the earlier releases of Windows 95 did not include - Winsock 2.

    -
    -
    12. - -
  12. - Apache for Windows does not - start. Error log contains this message: "[crit] - (10045) The attempted operation is not supported for the - type of object referenced: Parent: WSADuplicateSocket - failed for socket ###". What does this mean? - - -

    We have seen this problem when Apache is run on systems - along with Virtual Private Networking clients like Aventail - Connect. Aventail Connect is a Layered Service Provider - (LSP) that inserts itself, as a "shim," between the Winsock - 2 API and Window's native Winsock 2 implementation. The - Aventail Connect shim does not implement - WSADuplicateSocket, which is the cause of the failure.

    - -

    The shim is not unloaded when Aventail Connect is shut - down. Once observed, the problem persists until the shim is - either explicitly unloaded or the machine is rebooted. - Another potential solution (not tested) is to add - apache.exe to the Aventail "Connect Exclusion - List".

    - -

    Apache is affected in a similar way by any - firewall program that isn't correctly configured. Assure - you exclude your Apache server ports (usually port 80) from - the list of ports to block. Refer to your firewall - program's documentation for the how-to.

    -
    -
    13. - -
  13. - When I try to start - Apache on Windows, I get a message like "System error - 1067 has occurred. The process terminated - unexpectedly." What does this mean? - -

    This message means that the Web server was unable to - start correctly for one reason or another. To find out why, - execute the following commands in a DOS window:

    -
    -    c:
-    cd "\Program Files\Apache Group\Apache"
-    apache
- 
-
    - -

    (If you don't get the prompt back, hit Control-C to - cause Apache to exit.)

    - -

    The error you see will probably be one of those - preceding this question in the FAQ.

    - -

    As of Apache 1.3.14, first check the Windows NT Event - Log for Application errors using the Windows NT/2000 Event - Viewer program. Any errors that occur prior to opening the - Apache error log will be stored here, if Apache is run as a - Service on NT or 2000. As with any error, also check your - Apache error log.

    -
    -
    14. - -
  14. On a SuSE Linux system, I try and - configure access control using basic authentication. - Although I follow the example exactly, authentication - fails, and an error message "admin: not a valid - FDN: ...." is logged. - -

    - In the SuSE distribution, additional 3rd party authentication - modules have been added and activated by default. These modules - interfere with the Apache standard modules and cause Basic - authentication to fail. Our recommendation is to comment all - those modules in /etc/httpd/suse_addmodule.conf - and /etc/httpd/suse_loadmodule.conf which are not - actually required for running your server. -

    -
    15. - -
  15. Why do I have weird entries in my - logs asking for default.ida and - cmd.exe? - -

    The host requesting pages from your website and creating - those entries is a Windows machine running IIS that has been - infected by an Internet worm such as Nimda or Code Red. You - can safely ignore these error messages as they do not affect - Apache. ApacheWeek has an article - with more information.

    -
    16. - -
  16. Why am I getting server restart - messages periodically, when I did not restart the server? - -

    Problem: You are noticing restart messages in your error log, - periodically, when you know you did not restart the server - yourself:

    - -
    -[Thu Jun  6 04:02:01 2002] [notice] SIGHUP received.  Attempting to restart
-[Thu Jun  6 04:02:02 2002] [notice] Apache configured -- resuming normal operations
-
    - -

    Check your cron jobs to see when/if your server logs are being - rotated. Compare the time of rotation to the error message time. - If they are the same, you can somewhat safely assume that the - restart is due to your server logs being rotated.

    -
    17. - -
  17. Why am I getting - "module module-name is not compatible with this version - of Apache" messages in my error log? - -

    Module Magic Number (MMN) is a constant defined in Apache - source that is associated with binary compatibility of - modules. It is changed when internal Apache structures, - function calls and other significant parts of API change in - such a way that binary compatibility cannot be guaranteed any - more. On MMN change, all third party modules have to be at - least recompiled, sometimes even slightly changed in order - to work with the new version of Apache.

    - -

    If you're getting the above error messages, contact the - vendor of the module for the new binary, or compile it if - you have access to the source code.

    -
    18. - -
- - - - - - - - - - - - - - - - - - - -

E. Configuration Questions

- -
    -
  1. - Why can't I run more - than <n> virtual hosts? - -

    You are probably running into resource limitations in - your operating system. The most common limitation is the - per-process limit on file - descriptors, which is almost always the cause of - problems seen when adding virtual hosts. Apache often does - not give an intuitive error message because it is normally - some library routine (such as gethostbyname()) - which needs file descriptors and doesn't complain - intelligibly when it can't get them.

    - -

    Each log file requires a file descriptor, which means - that if you are using separate access and error logs for - each virtual host, each virtual host needs two file - descriptors. Each Listen - directive also needs a file descriptor.

    - -

    Typical values for <n> that we've seen - are in the neighborhood of 128 or 250. When the server - bumps into the file descriptor limit, it may dump core with - a SIGSEGV, it might just hang, or it may limp along and - you'll see (possibly meaningful) errors in the error log. - One common problem that occurs when you run into a file - descriptor limit is that CGI scripts stop being executed - properly.

    - -

    As to what you can do about this:

    - -
      -
    1. Reduce the number of Listen - directives. If there are no other servers running on the - machine on the same port then you normally don't need any - Listen directives at all. By default Apache listens to - all addresses on port 80.
      2. - -
    2. Reduce the number of log files. You can use mod_log_config - to log all requests to a single log file while including - the name of the virtual host in the log file. You can - then write a script to split the logfile into separate - files later if necessary. Such a script is provided with - the Apache 1.3 distribution in the - src/support/split-logfile file.
      3. - -
    3. - Increase the number of file descriptors available to - the server (see your system's documentation on the - limit or ulimit commands). - For some systems, information on how to do this is - available in the performance - hints page. There is a specific note for FreeBSD below. - -

      For Windows 95, try modifying your - C:\CONFIG.SYS file to include a line - like

      - -
      -
      FILES=300
      -
      - -

      Remember that you'll need to reboot your Windows 95 - system in order for the new value to take effect.

      -
      4. - -
    4. "Don't do that" - try to run with fewer virtual - hosts
      5. - -
    5. Spread your operation across multiple server - processes (using Listen - for example, but see the first point) and/or ports.
      6. -
    - -

    Since this is an operating-system limitation, there's - not much else available in the way of solutions.

    - -

    As of 1.2.1 we have made attempts to work around various - limitations involving running with many descriptors. More information is - available.

    -
    -
    2. - -
  2. - Can - I increase FD_SETSIZE on FreeBSD? - - -

    On versions of FreeBSD before 3.0, the - FD_SETSIZE define defaults to 256. This means - that you will have trouble usefully using more than 256 - file descriptors in Apache. This can be increased, but - doing so can be tricky.

    - -

    If you are using a version prior to 2.2, you need to - recompile your kernel with a larger - FD_SETSIZE. This can be done by adding a line - such as:

    - -
    -
    options FD_SETSIZE nnn
    -
    - -

    to your kernel config file. Starting at version 2.2, - this is no longer necessary.

    - -

    If you are using a version of 2.1-stable from after - 1997/03/10 or 2.2 or 3.0-current from before 1997/06/28, - there is a limit in the resolver library that prevents it - from using more file descriptors than what - FD_SETSIZE is set to when libc is compiled. To - increase this, you have to recompile libc with a higher - FD_SETSIZE.

    - -

    In FreeBSD 3.0, the default FD_SETSIZE has - been increased to 1024 and the above limitation in the - resolver library has been removed.

    - -

    After you deal with the appropriate changes above, you - can increase the setting of FD_SETSIZE at - Apache compilation time by adding - "-DFD_SETSIZE=nnn" to the - EXTRA_CFLAGS line in your - Configuration file.

    -
    -
    3. - -
  3. - Why doesn't - my ErrorDocument 401 work? - -

    You need to use it with a URL in the form - "/foo/bar" and not one with a method and - hostname such as "http://host/foo/bar". See - the ErrorDocument - documentation for details. This was incorrectly documented - in the past.

    -
    -
    4. - -
  4. - Why does Apache - send a cookie on every response? - -

    Apache does not automatically send a cookie on - every response, unless you have re-compiled it with the mod_usertrack - module, and specifically enabled it with the CookieTracking - directive. This module has been in Apache since version - 1.2. This module may help track users, and uses cookies to - do this. If you are not using the data generated by - mod_usertrack, do not compile it into - Apache.

    -
    -
    5. - -
  5. - Why do my Java app[let]s - give me plain text when I request an URL from an Apache - server? - -

    As of version 1.2, Apache is an HTTP/1.1 (HyperText - Transfer Protocol version 1.1) server. This fact is - reflected in the protocol version that's included in the - response headers sent to a client when processing a - request. Unfortunately, low-level Web access classes - included in the Java Development Kit (JDK) version 1.0.2 - expect to see the version string "HTTP/1.0" and do not - correctly interpret the "HTTP/1.1" value Apache is sending - (this part of the response is a declaration of what the - server can do rather than a declaration of the dialect of - the response). The result is that the JDK methods do not - correctly parse the headers, and include them with the - document content by mistake.

    - -

    This is definitely a bug in the JDK 1.0.2 foundation - classes from Sun, and it has been fixed in version 1.1. - However, the classes in question are part of the virtual - machine environment, which means they're part of the Web - browser (if Java-enabled) or the Java environment on the - client system - so even if you develop your - classes with a recent JDK, the eventual users might - encounter the problem. The classes involved are replaceable - by vendors implementing the Java virtual machine - environment, and so even those that are based upon the - 1.0.2 version may not have this problem.

    - -

    In the meantime, a workaround is to tell Apache to - "fake" an HTTP/1.0 response to requests that come from the - JDK methods; this can be done by including a line such as - the following in your server configuration files:

    - -
    -
    BrowserMatch Java1.0 force-response-1.0
    - BrowserMatch JDK/1.0 force-response-1.0
    -
    - -

    More information about this issue can be found in the Java - and HTTP/1.1 page at the Apache web site.

    -
    -
    6. - -
  6. - How do I get Apache to - send a MIDI file so the browser can play it? - -

    Even though the registered MIME type for MIDI files is - audio/midi, some browsers are not set up to - recognize it as such; instead, they look for - audio/x-midi. There are two things you can do - to address this:

    - -
      -
    1. Configure your browser to treat documents of type - audio/midi correctly. This is the type that - Apache sends by default. This may not be workable, - however, if you have many client installations to change, - or if some or many of the clients are not under your - control.
      2. - -
    2. - Instruct Apache to send a different - Content-type header for these files by - adding the following line to your server's - configuration files: - -
      -
      AddType audio/x-midi .mid .midi - .kar
      -
      - -

      Note that this may break browsers that do - recognize the audio/midi MIME type unless - they're prepared to also handle - audio/x-midi the same way.

      -
      3. -
    -
    -
    7. - -
  7. - How do I add browsers - and referrers to my logs? - -

    Apache provides a couple of different ways of doing - this. The recommended method is to compile the mod_log_config - module into your configuration and use the CustomLog - directive.

    - -

    You can either log the additional information in files - other than your normal transfer log, or you can add them to - the records already being written. For example:

    - -

    - CustomLog logs/access_log "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""

    - -

    This will add the values of the User-agent: - and Referer: headers, which indicate the - client and the referring page, respectively, to the end of - each line in the access log.

    - -

    You may want to check out the Apache Week - article entitled: "Gathering Visitor Information: Customizing - Your Logfiles".

    -
    -
    8. - -
  8. - Why - does accessing directories only work when I include the - trailing "/" - (e.g.http://foo.domain.com/~user/) - but not when I omit it - (e.g.http://foo.domain.com/~user)? - - -

    When you access a directory without a trailing "/", - Apache needs to send what is called a redirect to the - client to tell it to add the trailing slash. If it did not - do so, relative URLs would not work properly. When it sends - the redirect, it needs to know the name of the server so - that it can include it in the redirect. There are two ways - for Apache to find this out; either it can guess, or you - can tell it. If your DNS is configured correctly, it can - normally guess without any problems. If it is not, however, - then you need to tell it.

    - -

    Add a ServerName directive - to the config file to tell it what the domain name of the - server is.

    - -

    The other thing that can occasionally cause this symptom is a - misunderstanding of the Alias directive, - resulting in an alias working with a trailing slash, and not - without one. The Alias directive is very literal, - and aliases what you tell it to. Consider the following - example:

    - - 
    -        Alias /example/ /home/www/example/
-
    - -

    The above directive creates an alias for URLs starting with - /example/, but does not alias URLs - starting with /example. That is to say, a URL such - as http://servername.com/example/ will get the - desired content, but a URL such as - http://servername.com/example will result in a - "file not found" error.

    - -

    The following Alias, on the other hand, will - work for both cases:

    - - 
    -        Alias /example /home/www/example
-
    - -
    -
    9. - -
  9. - Why doesn't mod_info list - any directives? - -

    The mod_info - module allows you to use a Web browser to see how your - server is configured. Among the information it displays is - the list modules and their configuration directives. The - "current" values for the directives are not necessarily - those of the running server; they are extracted from the - configuration files themselves at the time of the request. - If the files have been changed since the server was last - reloaded, the display will not match the values actively in - use. If the files and the path to the files are not - readable by the user as which the server is running (see - the User - directive), then mod_info cannot read them in - order to list their values. An entry will be made - in the error log in this event, however.

    -
    -
    10. - -
  10. - I upgraded to - Apache 1.3 and now my virtual hosts don't - work! - -

    In versions of Apache prior to 1.3b2, there was a lot of - confusion regarding address-based virtual hosts and - (HTTP/1.1) name-based virtual hosts, and the rules - concerning how the server processed - <VirtualHost> definitions were very - complex and not well documented.

    - -

    Apache 1.3b2 introduced a new directive, NameVirtualHost, - which simplifies the rules quite a bit. However, changing - the rules like this means that your existing name-based - <VirtualHost> containers probably won't - work correctly immediately following the upgrade.

    - -

    To correct this problem, add the following line to the - beginning of your server configuration file, before - defining any virtual hosts:

    - -
    -
    NameVirtualHost n.n.n.n
    -
    - -

    Replace the "n.n.n.n" with the IP address - to which the name-based virtual host names resolve; if you - have multiple name-based hosts on multiple addresses, - repeat the directive for each address.

    - -

    Make sure that your name-based - <VirtualHost> blocks contain - ServerName and possibly - ServerAlias directives so Apache can be sure - to tell them apart correctly.

    - -

    Please see the Apache Virtual Host - documentation for further details about - configuration.

    -
    -
    11. - -
  11. - I'm using - RedHat Linux and my .htm files are showing up as HTML - source rather than being formatted! - -

    RedHat messed up and forgot to put a content type for - .htm files into /etc/mime.types. - Edit /etc/mime.types, find the line containing - html and add htm to it. Then - restart your httpd server:

    - -
    -
    kill -HUP `cat /var/run/httpd.pid`
    -
    - -

    Then clear your browsers' caches. (Many - browsers won't re-examine the content type after they've - reloaded a page.)

    -
    -
    12. - -
  12. - My - .htaccess files are being - ignored. - -

    This is almost always due to your AllowOverride - directive being set incorrectly for the directory in - question. If it is set to None then .htaccess - files will not even be looked for. If you do have one that - is set, then be certain it covers the directory you are - trying to use the .htaccess file in. This is normally - accomplished by ensuring it is inside the proper Directory - container.

    -
    -
    13. - -
  13. - Why do I get a - "Forbidden" message whenever I try to access a - particular directory? - -

    This message is generally caused because either

    - -
      -
    • The underlying file system permissions do not allow - the User/Group under which Apache is running to access - the necessary files; or
      • - -
    • The Apache configuration has some access restrictions - in place which forbid access to the files.
      • -
    - -

    You can determine which case applies to your situation - by checking the error log.

    - -

    In the case where file system permission are at fault, - remember that not only must the directory and files in - question be readable, but also all parent directories must - be at least searchable by the web server in order for the - content to be accessible.

    -
    -
    14. - -
  14. - Why do I get a - "Forbidden/You don't have permission to access / on - this server" message whenever I try to access my - server? - -

    Search your conf/httpd.conf file for this - exact string: <Files ~>. If you find it, - that's your problem -- that particular <Files> - container is malformed. Delete it or replace it with - <Files ~ "^\.ht"> and restart your - server and things should work as expected.

    - -

    This error appears to be caused by a problem with the - version of linuxconf distributed with Redhat 6.x. It may - reappear if you use linuxconf again.

    - -

    If you don't find this string, check out the previous question.

    -
    -
    15. - -
  15. - Why - do my files appear correctly in Internet Explorer, but show - up as source or trigger a save window with - Netscape; or, Why doesn't Internet Explorer render - my text/plain document correctly? - -

    MS Internet Explorer (MSIE) and Netscape handle mime type - detection in different ways, and therefore will display the - document differently. In particular, IE sometimes relies on - the file extension or the contents of the file to determine - the mime type. This can happen when the server specifies a - mime type of application/octet-stream or - text/plain. This behavior violates the the HTTP - standard and makes it impossible to deliver plain text - documents to MSIE clients in some cases. More details are - available on MSIE's mime type detection behavior in an - MSDN article and a note - by Alan J. Flavell.

    - -

    The best you can do as a server administrator is to - accurately configure the mime type of your documents by editing - the mime.types file or using an AddType - directive in the Apache configuration files. In some cases, - you may be able to fool MSIE into rendering text/plain documents - correctly by assuring they have a .txt filename - extension, but this will not work if MSIE thinks the content - looks like another file type. -

    -
    16. -
  16. - My site is accessible - under many different hostnames; how do I redirect clients - so that they see only a single name? - -

    Many sites map a variety of hostnames to the same content. - For example, www.example.com, - example.com and www.example.net may - all refer to the same site. It is best to make sure that, - regardless of the name clients use to access the site, they - will be redirected to a single, canonical hostname. This - makes the site easier to maintain and assures that there will - be only one version of the site in proxy caches and search - engines.

    - -

    There are two techniques to implement canonical hostnames:

    - -
      -
    1. Use mod_rewrite - as described in the "Canonical Hostnames" section of the - URL Rewriting Guide.
      2. - -
    2. Use name-based - virtual hosting: - -
      -NameVirtualHost *
      -
      -<VirtualHost *>
      -  ServerName www.example.net
      -  ServerAlias example.com
      -  Redirect permanent / http://www.example.com/
      -</VirtualHost>
      -
      -<VirtualHost *>
      -  ServerName www.example.com
      -  DocumentRoot /usr/local/apache/htdocs
      -</VirtualHost> -
      -
    -
    17. - -
  17. Why can I access my - website from the server or from my local network, but I - can't access it from elsewhere on the Internet? - -

    There are many possible reasons for this, and almost all - of them are related to the configuration of your network, not - the configuration of the Apache HTTP Server. One of the most - common problems is that a firewall blocks access to the - default HTTP port 80. In particular, many consumer ISPs - block access to this port. You can see if this is the case - by changing any Port and Listen - directives in httpd.conf to use port 8000 and - then request your site using - http://yourhost.example.com:8000/. (Of course, - a very restrictive firewall may block this port as well.)

    - -
    18. - -
  18. How do I turn automatic - directory listings on or off? - -

    If a client requests a URL that designates a directory and - the directory does not contain a filename that matches the DirectoryIndex - directive, then mod_autoindex can be - configured to present a listing of the directory contents.

    - -

    To turn on automatic directory indexing, find the - Options directive that - applies to the directory and add the Indexes - keyword. For example:

    - -
    - <Directory /path/to/directory>
    -    Options +Indexes
    - </Directory> -
    - -

    To turn off automatic directory indexing, remove - the Indexes keyword from the appropriate - Options line. To turn off directory listing - for a particular subdirectory, you can use - Options -Indexes. For example:

    - -
    - <Directory /path/to/directory>
    -    Options -Indexes
    - </Directory> -
    - -
    19. - -
  19. Why do my Options - directives not have the desired effect? - -

    Directives placed in the configuration files are applied - in a very particular order, as described by How Directory, Location, and Files - sections work. In addition, each Options directive has the - effect of resetting the options to none before - adding the specified options (unless only "+" and "-" options - are used). The consequence is that Options set - in the main server or virtual host context (outside any - directory, location, or files section) will usually have no - effect, because they are overridden by more specific - Options directives. For example, in the following

    - -
    -<Directory /usr/local/apache/htdocs>
    -    Options Indexes
    -</Directory>
    -Options Includes ExecCGI
    -
    - -

    Includes and ExecCGI will be - off in the /usr/local/apache/htdocs - directory.

    - -

    You can usually avoid problems by either finding the - Options directive that already applies to a - specific directory and changing it, or by putting your - Options directive inside the most specific possible - <Directory> section.

    - -
    20. - - -
  20. How can I change - the information that Apache returns about itself in the - headers? - -

    When a client connects to Apache, part of the information returned in - the headers is the name "Apache" Additional information that can be sent - is the version number, such as "1.3.26", the operating system, and a - list of non-standard modules you have installed.

    - -

    For example:

    - -
    -Server: Apache/1.3.26 (Unix) mod_perl/1.26 -
    - -

    Frequently, people want to remove this information, under the mistaken - understanding that this will make the system more secure. This is - probably not the case, as the same exploits will likely be attempted - regardless of the header information you provide.

    - -

    There are, however, two answers to this question: the correct answer, - and the answer that you are probably looking for.

    - -

    The correct answer to this question is that you should use the - ServerTokens directive to alter the quantity of information which is - passed in the headers. Setting this directive to Prod will - pass the least possible amount of information:

    - -
    -Server: Apache -
    - -

    The answer you are probably looking for is how to make Apache lie - about what what it is, ie send something like:

    - -
    -Server: Bob's Happy HTTPd Server -
    - -

    In order to do this, you will need to modify the Apache source code and - rebuild Apache. This is not advised, as it is almost certain not to - provide you with the added security you think that you are gaining. The - exact method of doing this is left as an exercise for the reader, as we - are not keen on helping you do something that is intrinsically a bad - idea.

    - -
    21. - -
  21. Why do I see requests - for other sites appearing in my log files? - -

    A an access_log entry showing this situation could look - like this:

    - -
    63.251.56.142 - - - [25/Jul/2002:12:48:04 -0700] "GET http://www.yahoo.com/ - HTTP/1.0" 200 1456
    - -

    The question is: why did a request for - www.yahoo.com come to your server instead of - Yahoo's server? And why does the response have a status - code of 200 (success)?

    - -

    This is usually the result of malicious clients trying to - exploit open proxy servers to access a website without - revealing their true location. If you find entries like this - in your log, the first thing to do is to make sure you have - properly configured your server not to proxy for unknown - clients. If you don't need to provide a proxy server at all, - you should simply assure that the ProxyRequests - directive is not set on. - If you do need to run a proxy server, then you must ensure - that you secure your - server properly so that only authorized clients can use - it.

    - -

    If your server is configured properly, then the attempt to - proxy through your server will fail. If you see a status - code of 404 (file not found) in the log, then - you know that the request failed. If you see a status code - of 200 (success), that does not necessarily mean - that the attempt to proxy succeeded. RFC2616 section 5.1.2 - mandates that Apache must accept requests with absolute URLs - in the request-URI, even for non-proxy requests. Since - Apache has no way to know all the different names that your - server may be known under, it cannot simply reject hostnames - it does not recognize. Instead, it will serve requests for - unknown sites locally by stripping off the hostname and using - the default server or virtual host. Therefore you can - compare the size of the file (1456 in the above example) to - the size of the corresponding file in your default server. - If they are the same, then the proxy attempt failed, since a - document from your server was delivered, not a document from - www.yahoo.com.

    - -

    If you wish to prevent this type of request entirely, then - you need to let Apache know what hostnames to accept and what - hostnames to reject. You do this by configuring name-virtual - hosts, where the first listed host is the default host that - will catch and reject unknown hostnames. For example:

    - -
    -
    -NameVirtualHost *
-
-<VirtualHost *>
-  ServerName default.only
-  <Location />
-    Order allow,deny
-    Deny from all
-  </Location>
-</VirtualHost>
-
-<VirtualHost *>
-  ServerName realhost1.example.com
-  ServerAlias alias1.example.com alias2.example.com
-  DocumentRoot /path/to/site1
-</VirtualHost>
-
-...
-
    -
    -
    22. - -
- - - - - - - - - - - - - - - - - - - -

F. Dynamic Content (CGI and SSI)

- -
    -
  1. - How do I enable CGI - execution in directories other than the - ScriptAlias? - -

    Apache recognizes all files in a directory named as a ScriptAlias - as being eligible for execution rather than processing as - normal documents. This applies regardless of the file name, - so scripts in a ScriptAlias directory don't need to be - named "*.cgi" or "*.pl" or - whatever. In other words, all files in a - ScriptAlias directory are scripts, as far as Apache is - concerned.

    - -

    To persuade Apache to execute scripts in other - locations, such as in directories where normal documents - may also live, you must tell it how to recognize them - and - also that it's okay to execute them. For this, you need to - use something like the AddHandler - directive.

    - -
      -
    1. - In an appropriate section of your server configuration - files, add a line such as - -
      -
      AddHandler cgi-script .cgi
      -
      - -

      The server will then recognize that all files in - that location (and its logical descendants) that end in - ".cgi" are script files, not - documents.

      -
      2. - -
    2. Make sure that the directory location is covered by - an Options - declaration that includes the ExecCGI - option.
      3. -
    - -

    In some situations, you might not want to actually allow - all files named "*.cgi" to be executable. - Perhaps all you want is to enable a particular file in a - normal directory to be executable. This can be - alternatively accomplished via mod_rewrite - and the following steps:

    - -
      -
    1. - Locally add to the corresponding .htaccess - file a ruleset similar to this one: - -
      -
      RewriteEngine on
      - RewriteBase /~foo/bar/
      - RewriteRule ^quux\.cgi$ - - [T=application/x-httpd-cgi]
      -
      -
      2. - -
    2. Make sure that the directory location is covered by - an Options - declaration that includes the ExecCGI and - FollowSymLinks option.
      3. -
    -
    -
    2. - -
  2. - What does it mean - when my CGIs fail with "Premature end of script - headers"? - -

    It means just what it says: the server was expecting a - complete set of HTTP headers (one or more followed by a - blank line), and didn't get them.

    - -

    The most common cause of this problem is the script - dying before sending the complete set of headers, or - possibly any at all, to the server. To see if this is the - case, try running the script standalone from an interactive - session, rather than as a script under the server. If you - get error messages, this is almost certainly the cause of - the "premature end of script headers" message. Even if the - CGI runs fine from the command line, remember that the - environment and permissions may be different when running - under the web server. The CGI can only access resources - allowed for the User and Group - specified in your Apache configuration. In addition, the - environment will not be the same as the one provided on the - command line, but it can be adjusted using the directives - provided by mod_env.

    - -

    The second most common cause of this (aside from people - not outputting the required headers at all) is a result of - an interaction with Perl's output buffering. To make Perl - flush its buffers after each output statement, insert the - following statements around the print or - write statements that send your HTTP - headers:

    - -
    -
    {
    -  local ($oldbar) = $|;
    -  $cfh = select (STDOUT);
    -  $| = 1;
    -  #
    -  # print your HTTP headers here
    -  #
    -  $| = $oldbar;
    -  select ($cfh);
    - }
    -
    - -

    This is generally only necessary when you are calling - external programs from your script that send output to - stdout, or if there will be a long delay between the time - the headers are sent and the actual content starts being - emitted. To maximize performance, you should turn - buffer-flushing back off (with $| = 0 - or the equivalent) after the statements that send the - headers, as displayed above.

    - -

    If your script isn't written in Perl, do the equivalent - thing for whatever language you are using - (e.g., for C, call fflush() after - writing the headers).

    - -

    Another cause for the "premature end of script headers" - message are the RLimitCPU and RLimitMEM directives. You may - get the message if the CGI script was killed due to a - resource limit.

    - -

    In addition, a configuration problem in suEXEC, mod_perl, or another - third party module can often interfere with the execution - of your CGI and cause the "premature end of script headers" - message.

    -
    -
    3. - -
  3. - Why do - I keep getting "Method Not Allowed" for form POST - requests? - -

    This is almost always due to Apache not being configured - to treat the file you are trying to POST to as a CGI - script. You can not POST to a normal HTML file; the - operation has no meaning. See the FAQ entry on CGIs outside ScriptAliased - directories for details on how to configure Apache to - treat the file in question as a CGI.

    -
    -
    4. - -
  4. - How can I - get my script's output without Apache buffering it? Why - doesn't my server push work? - -

    As of Apache 1.3, CGI scripts are essentially not - buffered. Every time your script does a "flush" to output - data, that data gets relayed on to the client. Some - scripting languages, for example Perl, have their own - buffering for output - this can be disabled by setting the - $| special variable to 1. Of course this does - increase the overall number of packets being transmitted, - which can result in a sense of slowness for the end - user.

    - -

    Prior to 1.3, you needed to use "nph-" scripts to - accomplish non-buffering. Today, the only difference - between nph scripts and normal scripts is that nph scripts - require the full HTTP headers to be sent.

    -
    -
    5. - -
  5. - Where can I find - the "CGI specification"? - -

    The Common Gateway Interface (CGI) specification can be - found at the original NCSA site < - http://hoohoo.ncsa.uiuc.edu/cgi/interface.html>. - This version hasn't been updated since 1995, and there have - been some efforts to update it.

    - -

    A new draft is being worked on with the intent of making - it an informational RFC; you can find out more about this - project at <http://web.golux.com/coar/cgi/>.

    -
    -
    6. - -
  6. - Why isn't FastCGI - included with Apache any more? - -

    The simple answer is that it was becoming too difficult - to keep the version being included with Apache synchronized - with the master copy at the FastCGI web site. When a - new version of Apache was released, the version of the - FastCGI module included with it would soon be out of - date.

    - -

    You can still obtain the FastCGI module for Apache from - the master FastCGI web site.

    -
    -
    7. - -
  7. - How do I - enable SSI (parsed HTML)? - -

    SSI (an acronym for Server-Side Include) directives - allow static HTML documents to be enhanced at run-time - (e.g., when delivered to a client by Apache). The - format of SSI directives is covered in the mod_include manual; - suffice it to say that Apache supports not only SSI but - xSSI (eXtended SSI) directives.

    - -

    Processing a document at run-time is called - parsing it; hence the term "parsed HTML" sometimes - used for documents that contain SSI instructions. Parsing - tends to be resource-consumptive compared to serving static - files, and is not enabled by default. It can also interfere - with the cachability of your documents, which can put a - further load on your server. (See the next question for more information - about this.)

    - -

    To enable SSI processing, you need to

    - -
      -
    • Build your server with the mod_include - module. This is normally compiled in by default.
      • - -
    • Make sure your server configuration files have an Options - directive which permits Includes.
      • - -
    • - Make sure that the directory where you want the SSI - documents to live is covered by the "server-parsed" - content handler, either explicitly or in some ancestral - location. That can be done with the following AddHandler - directive: - -
      -
      AddHandler server-parsed .shtml
      -
      - -

      This indicates that all files ending in ".shtml" in - that location (or its descendants) should be parsed. - Note that using ".html" will cause all normal HTML - files to be parsed, which may put an inordinate load on - your server.

      -
      • -
    - -

    For additional information, see the Apache - Week article on Using Server Side Includes.

    -
    -
    8. - -
  8. - Why don't my - parsed files get cached? - -

    Since the server is performing run-time processing of - your SSI directives, which may change the content shipped - to the client, it can't know at the time it starts parsing - what the final size of the result will be, or whether the - parsed result will always be the same. This means that it - can't generate Content-Length or - Last-Modified headers. Caches commonly work by - comparing the Last-Modified of what's in the - cache with that being delivered by the server. Since the - server isn't sending that header for a parsed document, - whatever's doing the caching can't tell whether the - document has changed or not - and so fetches it again to be - on the safe side.

    - -

    You can work around this in some cases by causing an - Expires header to be generated. (See the mod_expires documentation for - more details.) Another possibility is to use the XBitHack Full mechanism, which - tells Apache to send (under certain circumstances detailed - in the XBitHack directive description) a - Last-Modified header based upon the last - modification time of the file being parsed. Note that this - may actually be lying to the client if the parsed file - doesn't change but the SSI-inserted content does; if the - included content changes often, this can result in stale - copies being cached.

    -
    -
    9. - -
  9. - How can I - have my script output parsed? - -

    So you want to include SSI directives in the output from - your CGI script, but can't figure out how to do it? The - short answer is "you can't." This is potentially a security - liability and, more importantly, it can not be cleanly - implemented under the current server API. The best - workaround is for your script itself to do what the SSIs - would be doing. After all, it's generating the rest of the - content.

    - -

    This is a feature The Apache Group hopes to add in the - next major release after 1.3.

    -
    -
    10. - -
  10. - SSIs don't - work for VirtualHosts and/or user home - directories. - -

    This is almost always due to having some setting in your - config file that sets "Options Includes" or some other - setting for your DocumentRoot but not for other - directories. If you set it inside a Directory section, then - that setting will only apply to that directory.

    -
    -
    11. - -
  11. - How can I - use ErrorDocument and SSI to simplify - customized error messages? - -

    Have a look at this - document. It shows in example form how you can a - combination of XSSI and negotiation to tailor a set of - ErrorDocuments to your personal taste, and - returning different internationalized error responses based - on the client's native language.

    -
    -
    12. - -
  12. - Why - is the environment variable REMOTE_USER not - set? - -

    This variable is set and thus available in SSI or CGI - scripts if and only if the requested - document was protected by access authentication. For an - explanation on how to implement these restrictions, see Apache - Week's articles on Using - User Authentication or DBM - User Authentication.

    - -

    Hint: When using a CGI script to receive the data of a - HTML FORM notice that protecting the document - containing the FORM is not sufficient to - provide REMOTE_USER to the CGI script. You - have to protect the CGI script, too. Or alternatively only - the CGI script (then authentication happens only after - filling out the form).

    -
    -
    13. - -
  13. - How do I allow - each of my user directories to have a cgi-bin - directory? - -

    Remember that CGI execution does not need to be - restricted only to cgi-bin directories. You can allow CGI script execution in - arbitrary parts of your filesystem.

    - -

    There are many ways to give each user directory a - cgi-bin directory such that anything requested as - http://example.com/~user/cgi-bin/program will - be executed as a CGI script. Two alternatives are:

    - -
      -
    1. - Place the cgi-bin directory next to the public_html - directory: - -
      -
      ScriptAliasMatch ^/~([^/]*)/cgi-bin/(.*) - /home/$1/cgi-bin/$2
      -
      -
      2. - -
    2. - Place the cgi-bin directory underneath the public_html - directory: - -
      -
      <Directory - /home/*/public_html/cgi-bin>
      -     Options ExecCGI
      -     SetHandler cgi-script
      - </Directory>
      -
      -
      3. -
    -

    If you are using suexec, the first technique will not work - because CGI scripts must be stored under the public_html - directory.

    - -
    -
    14. -
- - - - - - - - - - - - - - - - - - - -

G. Authentication and Access Restrictions

- -
    -
  1. - Why isn't - restricting access by host or domain name working - correctly? - -

    Two of the most common causes of this are:

    - -
      -
    1. An error, inconsistency, or unexpected - mapping in the DNS registration
      - This happens frequently: your configuration restricts - access to Host.FooBar.Com, but you can't get - in from that host. The usual reason for this is that - Host.FooBar.Com is actually an alias for - another name, and when Apache performs the - address-to-name lookup it's getting the real - name, not Host.FooBar.Com. You can verify - this by checking the reverse lookup yourself. The easiest - way to work around it is to specify the correct host name - in your configuration.
      2. - -
    2. - Inadequate checking and verification in your - configuration of Apache
      - If you intend to perform access checking and - restriction based upon the client's host or domain - name, you really need to configure Apache to - double-check the origin information it's supplied. You - do this by adding the -DMAXIMUM_DNS clause - to the EXTRA_CFLAGS definition in your - Configuration file. For example: - -
      -
      EXTRA_CFLAGS=-DMAXIMUM_DNS
      -
      - -

      This will cause Apache to be very paranoid about - making sure a particular host address is - really assigned to the name it claims to be. - Note that this can incur a significant - performance penalty, however, because of all the name - resolution requests being sent to a nameserver.

      -
      3. -
    -
    -
    2. - -
  2. - How do I set up Apache - to require a username and password to access certain - documents? - -

    There are several ways to do this; some of the more - popular ones are to use the mod_auth, mod_auth_db, or mod_auth_dbm - modules.

    - -

    For an explanation on how to implement these - restrictions, see Apache - Week's articles on Using - User Authentication or DBM - User Authentication, or see the authentication tutorial in the - Apache documentation.

    -
    -
    3. - -
  3. - How do I set up Apache to - allow access to certain documents only if a site is either - a local site or the user supplies a password and - username? - -

    Use the Satisfy - directive, in particular the Satisfy Any - directive, to require that only one of the access - restrictions be met. For example, adding the following - configuration to a .htaccess or server - configuration file would restrict access to people who - either are accessing the site from a host under domain.com - or who can supply a valid username and password:

    - -
    -
    Deny from all
    - Allow from .domain.com
    - AuthType Basic
    - AuthUserFile /usr/local/apache/conf/htpasswd.users
    - AuthName "special directory"
    - Require valid-user
    - Satisfy any
    -
    - -

    See the user - authentication question and the mod_access module for - details on how the above directives work.

    -
    -
    4. - -
  4. - Why does my authentication - give me a server error? - -

    Under normal circumstances, the Apache access control - modules will pass unrecognized user IDs on to the next - access control module in line. Only if the user ID is - recognized and the password is validated (or not) will it - give the usual success or "authentication failed" - messages.

    - -

    However, if the last access module in line 'declines' - the validation request (because it has never heard of the - user ID or because it is not configured), the - http_request handler will give one of the - following, confusing, errors:

    - -
      -
    • check access
      • - -
    • check user. No user file?
      • - -
    • check access. No groups file?
      • -
    - -

    This does not mean that you have to add an - 'AuthUserFile /dev/null' line as some - magazines suggest!

    - -

    The solution is to ensure that at least the last module - is authoritative and CONFIGURED. By - default, mod_auth is authoritative and will - give an OK/Denied, but only if it is configured with the - proper AuthUserFile. Likewise, if a valid - group is required. (Remember that the modules are processed - in the reverse order from that in which they appear in your - compile-time Configuration file.)

    - -

    A typical situation for this error is when you are using - the mod_auth_dbm, mod_auth_msql, - mod_auth_mysql, mod_auth_anon or - mod_auth_cookie modules on their own. These - are by default not authoritative, and this - will pass the buck on to the (non-existent) next - authentication module when the user ID is not in their - respective database. Just add the appropriate - 'XXXAuthoritative yes' line to the - configuration.

    - -

    In general it is a good idea (though not terribly - efficient) to have the file-based mod_auth a - module of last resort. This allows you to access the web - server with a few special passwords even if the databases - are down or corrupted. This does cost a file - open/seek/close for each request in a protected area.

    -
    -
    5. - -
  5. - Do I have to keep the - (mSQL) authentication information on the same - machine? - -

    Some organizations feel very strongly about keeping the - authentication information on a different machine than the - webserver. With the mod_auth_msql, - mod_auth_mysql, and other SQL modules - connecting to (R)DBMses this is quite possible. Just - configure an explicit host to contact.

    - -

    Be aware that with mSQL and Oracle, opening and closing - these database connections is very expensive and time - consuming. You might want to look at the code in the - auth_* modules and play with the compile time - flags to alleviate this somewhat, if your RDBMS licences - allow for it.

    -
    -
    6. - -
  6. - Why is my mSQL - authentication terribly slow? - -

    You have probably configured the Host by specifying a - FQHN, and thus the libmsql will use a full - blown TCP/IP socket to talk to the database, rather than a - fast internal device. The libmsql, the mSQL - FAQ, and the mod_auth_msql documentation warn - you about this. If you have to use different hosts, check - out the mod_auth_msql code for some compile - time flags which might - or might not - suit you.

    -
    -
    7. - -
  7. - Can I use my - /etc/passwd file for Web page - authentication? - -

    Yes, you can - but it's a very bad - idea. Here are some of the reasons:

    - -
      -
    • The Web technology provides no governors on how often - or how rapidly password (authentication failure) retries - can be made. That means that someone can hammer away at - your system's root password using the Web, - using a dictionary or similar mass attack, just as fast - as the wire and your server can handle the requests. Most - operating systems these days include attack detection - (such as n failed passwords for the same account - within m seconds) and evasion (breaking the - connection, disabling the account under attack, disabling - all logins from that source, et - cetera), but the Web does not.
      • - -
    • An account under attack isn't notified (unless the - server is heavily modified); there's no "You have 19483 - login failures" message when the legitimate owner logs - in.
      • - -
    • Without an exhaustive and error-prone examination of - the server logs, you can't tell whether an account has - been compromised. Detecting that an attack has occurred, - or is in progress, is fairly obvious, though - - if you look at the logs.
      • - -
    • Web authentication passwords (at least for Basic - authentication) generally fly across the wire, and - through intermediate proxy systems, in what amounts to - plain text. "O'er the net we go/Caching all the way;/O - what fun it is to surf/Giving my password away!"
      • - -
    • Since HTTP is stateless, information about the - authentication is transmitted each and every - time a request is made to the server. Essentially, - the client caches it after the first successful access, - and transmits it without asking for all subsequent - requests to the same server.
      • - -
    • It's relatively trivial for someone on your system to - put up a page that will steal the cached password from a - client's cache without them knowing. Can you say - "password grabber"?
      • -
    - -

    If you still want to do this in light of the above - disadvantages, the method is left as an exercise for the - reader. It'll void your Apache warranty, though, and you'll - lose all accumulated UNIX guru points.

    -
    -
    8. - -
  8. - Why - does Apache ask for my password twice before serving a - file? - -

    If the hostname under which you are accessing the server - is different than the hostname specified in the ServerName - directive, then depending on the setting of the UseCanonicalName - directive, Apache will redirect you to a new hostname when - constructing self-referential URLs. This happens, for - example, in the case where you request a directory without - including the trailing slash.

    - -

    When this happens, Apache will ask for authentication - once under the original hostname, perform the redirect, and - then ask again under the new hostname. For security - reasons, the browser must prompt again for the password - when the host name changes.

    - -

    To eliminate this problem you should

    - -
      -
    1. Always use the trailing slash when requesting - directories;
      2. - -
    2. Change the ServerName to match the name - you are using in the URL; and/or
      3. - -
    3. Set UseCanonicalName off.
      4. -
    -
    -
    9. - -
  9. - How can I prevent - people from "stealing" the images from my web site? - -

    The goal here is to prevent people from inlining your images - directly from their web site, but accessing them only if they - appear inline in your pages.

    - -

    This can be accomplished with a combination of SetEnvIf and - the Deny and Allow directives. However, it is important to - understand that any access restriction based on the REFERER - header is intrinsically problematic due to the fact that - browsers can send an incorrect REFERER, either because they - want to circumvent your restriction or simply because they don't - send the right thing (or anything at all).

    - -

    The following configuration will produce the desired effect - if the browser passes correct REFERER headers.

    - -
    -SetEnvIf REFERER "www\.mydomain\.com" linked_from_here
-SetEnvIf REFERER "^$" linked_from_here
-
-<Directory /www/images>
-    Order deny,allow
-    Deny from all
-    Allow from env=linked_from_here
-</Directory>
-
    - -

    Further examples can be found in the Environment Variables documentation.

    - -
    -
    10. - - -
- - - - - - - - - - - - - - - - - - - -

H. URL Rewriting

- -
    -
  1. - Where can I find - mod_rewrite rulesets which already solve particular - URL-related problems? - -

    There is a collection of Practical - Solutions for URL-Manipulation where you can find all - typical solutions the author of mod_rewrite - currently knows of. If you have more interesting rulesets - which solve particular problems not currently covered in - this document, send it to Ralf S. Engelschall for - inclusion. The other webmasters will thank you for avoiding - the reinvention of the wheel.

    -
    -
    2. - -
  2. - Where can I find any - published information about URL-manipulations and - mod_rewrite? - -

    There is an article from Ralf S. Engelschall about - URL-manipulations based on mod_rewrite - in the "iX Multiuser Multitasking Magazin" issue #12/96. - The german (original) version can be read online at <http://www.heise.de/ix/artikel/9612149/>, - the English (translated) version can be found at <http://www.heise.de/ix/artikel/E/9612149/>.

    -
    -
    3. - -
  3. - Why is mod_rewrite so - difficult to learn and seems so complicated? - -

    Hmmm... there are a lot of reasons. First, mod_rewrite - itself is a powerful module which can help you in really - all aspects of URL rewriting, so it can be - no trivial module per definition. To accomplish its hard - job it uses software leverage and makes use of a powerful - regular expression library by Henry Spencer which is an - integral part of Apache since its version 1.2. And regular - expressions itself can be difficult to newbies, while - providing the most flexible power to the advanced - hacker.

    - -

    On the other hand mod_rewrite has to work inside the - Apache API environment and needs to do some tricks to fit - there. For instance the Apache API as of 1.x really was not - designed for URL rewriting at the .htaccess level - of processing. Or the problem of multiple rewrites in - sequence, which is also not handled by the API per design. - To provide this features mod_rewrite has to do some special - (but API compliant!) handling which leads to difficult - processing inside the Apache kernel. While the user usually - doesn't see anything of this processing, it can be - difficult to find problems when some of your RewriteRules - seem not to work.

    -
    -
    4. - -
  4. - What can I do if my - RewriteRules don't work as expected? - -

    Use "RewriteLog somefile" and - "RewriteLogLevel 9" and have a precise look at - the steps the rewriting engine performs. This is really the - only one and best way to debug your rewriting - configuration.

    -
    -
    5. - -
  5. - Why don't some of my - URLs get prefixed with DocumentRoot when using - mod_rewrite? - -

    If the rule starts with /somedir/... make - sure that really no /somedir exists on the - filesystem if you don't want to lead the URL to match this - directory, i.e., there must be no root directory - named somedir on the filesystem. Because if - there is such a directory, the URL will not get prefixed - with DocumentRoot. This behavior looks ugly, but is really - important for some other aspects of URL rewriting.

    -
    -
    6. - -
  6. - How - can I make all my URLs case-insensitive with - mod_rewrite? - -

    You can't! The reasons are: first, that, case - translations for arbitrary length URLs cannot be done - via regex patterns and corresponding - substitutions. One needs a per-character pattern like the - sed/Perl tr|..|..| feature. Second, just - making URLs always upper or lower case does not solve the - whole problem of case-INSENSITIVE URLs, because URLs - actually have to be rewritten to the correct case-variant - for the file residing on the filesystem in order to allow - Apache to access the file. And the Unix filesystem is - always case-SENSITIVE.

    - -

    But there is a module named mod_speling.c in - the Apache distribution. Try this module to help correct - people who use mis-cased URLs.

    -
    -
    7. - -
  7. - Why are RewriteRules in my - VirtualHost parts ignored? - -

    Because you have to enable the engine for every virtual - host explicitly due to security concerns. Just add a - "RewriteEngine on" to your virtual host configuration - parts.

    -
    -
    8. - -
  8. - How can I use strings - with whitespaces in RewriteRule's ENV flag? - -

    There is only one ugly solution: You have to surround - the complete flag argument by quotation marks - ("[E=...]"). Notice: The argument to quote - here is not the argument to the E-flag, it is the argument - of the Apache config file parser, i.e., the third - argument of the RewriteRule here. So you have to write - "[E=any text with whitespaces]".

    -
    -
    9. -
- - - - - - - - - - - - - - - - - - - -

I. Features

- -
    -
  1. - Does or will Apache act - as a Proxy server? - -

    Apache version 1.1 and above comes with a proxy module. If compiled - in, this will make Apache act as a caching-proxy - server.

    -
    -
    2. - -
  2. - What are - "multiviews"? - -

    "Multiviews" is the general name given to the Apache - server's ability to provide language-specific document - variants in response to a request. This is documented quite - thoroughly in the content negotiation description page. In - addition, Apache Week carried an article on - this subject entitled "Content Negotiation - Explained".

    -
    -
    3. - -
  3. - Why can't I - publish to my Apache server using PUT on Netscape Gold and - other programs? - -

    Because you need to install and configure a script to - handle the uploaded files. This script is often called a - "PUT" handler. There are several available, but they may - have security problems. Using FTP uploads may be easier and - more secure, at least for now. For more information, see - the Apache Week article Publishing - Pages with PUT.

    -
    -
    4. - -
  4. - Why doesn't Apache - include SSL? - -

    SSL (Secure Socket Layer) data transport requires - encryption, and many governments have restrictions upon the - import, export, and use of encryption technology. If Apache - included SSL in the base package, its distribution would - involve all sorts of legal and bureaucratic issues, and it - would no longer be freely available. Also, some of the - technology required to talk to current clients using SSL is - patented by RSA Data - Security, who restricts its use without a license.

    - -

    Some SSL implementations of Apache are available, - however; see the "related - projects" page at the main Apache web site.

    - -

    You can find out more about this topic in the - Apache Week article about Apache and Secure - Transactions.

    -
    -
    5. - -
  5. - How can I attach a - footer to my documents without using SSI? - -

    You can make arbitrary changes to static documents by - configuring an Action which - launches a CGI script. The CGI is then responsible for - setting a content-type and delivering the requested - document (the location of which is passed in the - PATH_TRANSLATED environment variable), along - with whatever footer is needed.

    - -

    Busy sites may not want to run a CGI script on every - request, and should consider using an Apache module to add - the footer. There are several third party modules available - through the Apache - Module Registry which will add footers to documents. - These include mod_trailer, PHP - (php3_auto_append_file), mod_layout, and - mod_perl (Apache::Sandwich).

    -
    -
    6. - -
  6. - Does Apache include a - search engine? - -

    Apache does not include a search engine, but there are - many good commercial and free search engines which can be - used easily with Apache. Some of them are listed on the Web Site - Search Tools page. Open source search engines that are - often used with Apache include ht://Dig and SWISH-E.

    -
    -
    7. - -
  7. - How can I rotate my - log files? - -

    The simple answer: by piping the transfer log into an - appropriate log file rotation utility.

    - -

    The longer answer: In the src/support/ directory, you - will find a utility called rotatelogs which can - be used like this:

    -
    -   TransferLog "|/path/to/rotatelogs /path/to/logs/access_log 86400"
-
    - -

    to enable daily rotation of the log files.
    - A more sophisticated solution of a logfile rotation - utility is available under the name cronolog - from Andrew Ford's site at http://www.cronolog.org/. - It can automatically create logfile subdirectories based on - time and date, and can have a constant symlink point to the - rotating logfiles. (As of version 1.6.1, cronolog is - available under the Apache - License). Use it like this:

    -
    -   CustomLog "|/path/to/cronolog --symlink=/usr/local/apache/logs/access_log /usr/local/apache/logs/%Y/%m/access_log" combined
-
    -
    -
    8. - -
  8. - How do I keep certain - requests from appearing in my logs? - -

    The maximum flexibility for removing unwanted - information from log files is obtained by post-processing - the logs, or using piped-logs to feed the logs through a - program which does whatever you want. However, Apache does - offer the ability to prevent requests from ever appearing - in the log files. You can do this by using the SetEnvIf - directive to set an environment variable for certain - requests and then using the conditional - CustomLog syntax to prevent logging when the - environment variable is set.

    -
    -
    9. - -
  9. - Does Apache support any - sort of database integration? - -

    No. Apache is a Web (HTTP) server, not an application - server. The base package does not include any such - functionality. See the PHP - project and the mod_perl project for - examples of modules that allow you to work with databases - from within the Apache environment.

    -
    -
    10. - -
  10. - Can I use Active Server Pages - (ASP) with Apache? - -

    The base Apache Web server package does not include ASP - support. However, there are a couple of after-market - solutions that let you add this functionality; see the related - projects page to find out more.

    -
    -
    11. - -
  11. - Does Apache come with Java - support? - -

    The base Apache Web server package does not include - support for Java, Java Server Pages, Enterprise Java Beans, - or Java servlets. Those features are available as add-ons - from the Apache/Java project site, <URL:http://jakarta.apache.org/>.

    -
    -
    12. -
- - - - - - -
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html b/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html deleted file mode 100644 index 0525ba43614..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/custom_errordocs.html +++ /dev/null @@ -1,493 +0,0 @@ - - - - - - - International Customized Server Error Messages - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Using XSSI and ErrorDocument to - configure customized international server error responses

- -

Index

- - -
- -

Introduction

- -

This document describes an easy way to provide your apache - WWW server with a set of customized error messages which take - advantage of Content - Negotiation and eXtended - Server Side Includes (XSSI) to return error messages - generated by the server in the client's native language.

- -

By using XSSI, all customized messages - can share a homogenous and consistent style and layout, and - maintenance work (changing images, changing links) is kept to a - minimum because all layout information can be kept in a single - file.
- Error documents can be shared across different servers, or - even hosts, because all varying information is inserted at the - time the error document is returned on behalf of a failed - request.

- -

Content Negotiation then selects the appropriate language - version of a particular error message text, honoring the - language preferences passed in the client's request. (Users - usually select their favorite languages in the preferences - options menu of today's browsers). When an error document in - the client's primary language version is unavailable, the - secondary languages are tried or a default (fallback) version - is used.

- -

You have full flexibility in designing your error documents - to your personal taste (or your company's conventions). For - demonstration purposes, we present a simple generic error - document scheme. For this hypothetic server, we assume that all - error messages...

- -
    -
  • possibly are served by different virtual hosts (different - host name, different IP address, or different port) on the - server machine,
    • - -
  • show a predefined company logo in the right top of the - message (selectable by virtual host),
    • - -
  • print the error title first, followed by an explanatory - text and (depending on the error context) help on how to - resolve the error,
    • - -
  • have some kind of standardized background image,
    • - -
  • display an apache logo and a feedback email address at - the bottom of the error message.
    • -
- -

An example of a "document not found" message for a german - client might look like this:
- [Needs graphics capability to display]
- All links in the document as well as links to the server's - administrator mail address, and even the name and port of the - serving virtual host are inserted in the error document at - "run-time", i.e., when the error actually occurs.

- -

Creating an - ErrorDocument directory

- For this concept to work as easily as possible, we must take - advantage of as much server support as we can get: - -
    -
  1. By defining the MultiViews option, we - enable the language selection of the most appropriate - language alternative (content negotiation).
    2. - -
  2. By setting the LanguagePriority - directive we define a set of default fallback languages in - the situation where the client's browser did not express any - preference at all.
    3. - -
  3. By enabling Server Side - Includes (and disallowing execution of cgi scripts for - security reasons), we allow the server to include building - blocks of the error message, and to substitute the value of - certain environment variables into the generated document - (dynamic HTML) or even to conditionally include or omit parts - of the text.
    4. - -
  4. The AddHandler and AddType directives - are useful for automatically XSSI-expanding all files with a - .shtml suffix to text/html.
    5. - -
  5. By using the Alias directive, we - keep the error document directory outside of the document - tree because it can be regarded more as a server part than - part of the document tree.
    6. - -
  6. The <Directory>-Block - restricts these "special" settings to the error document - directory and avoids an impact on any of the settings for the - regular document tree.
    7. - -
  7. For each of the error codes to be handled (see RFC2068 - for an exact description of each error code, or look at - src/main/http_protocol.c if you wish to see - apache's standard messages), an ErrorDocument in - the aliased /errordocs directory is defined. - Note that we only define the basename of the document here - because the MultiViews option will select the best candidate - based on the language suffixes and the client's preferences. - Any error situation with an error code not handled - by a custom document will be dealt with by the server in the - standard way (i.e., a plain error message in - english).
    8. - -
  8. Finally, the AllowOverride - directive tells apache that it is not necessary to look for a - .htaccess file in the /errordocs directory: a minor speed - optimization.
    9. -
- The resulting httpd.conf configuration would then - look similar to this: (Note that you can define your own - error messages using this method for only part of the document - tree, e.g., a /~user/ subtree. In this case, the configuration - could as well be put into the .htaccess file at the root of the - subtree, and the <Directory> and </Directory> - directives -but not the contained directives- must be - omitted.) -
-  LanguagePriority en fr de 
-  Alias  /errordocs  /usr/local/apache/errordocs
-  <Directory /usr/local/apache/errordocs>
-   AllowOverride none
-   Options MultiViews IncludesNoExec FollowSymLinks
-   AddType text/html .shtml
-   AddHandler server-parsed .shtml
-  </Directory>
-  #    "400 Bad Request",
-  ErrorDocument  400  /errordocs/400
-  #    "401 Authorization Required",
-  ErrorDocument  401  /errordocs/401
-  #    "403 Forbidden",
-  ErrorDocument  403  /errordocs/403
-  #    "404 Not Found",
-  ErrorDocument  404  /errordocs/404
-  #    "500 Internal Server Error",
-  ErrorDocument  500  /errordocs/500
-
- The directory for the error messages (here: - /usr/local/apache/errordocs/) must then be created - with the appropriate permissions (readable and executable by - the server uid or gid, only writable for the administrator). - -

Naming the individual - error document files

- By defining the MultiViews option, the server was - told to automatically scan the directory for matching variants - (looking at language and content type suffixes) when a - requested document was not found. In the configuration, we - defined the names for the error documents to be just their - error number (without any suffix). - -

The names of the individual error documents are now - determined like this (I'm using 403 as an example, think of it - as a placeholder for any of the configured error - documents):

- -
    -
  • No file errordocs/403 should exist. Otherwise, it would - be found and served (with the DefaultType, usually - text/plain), all negotiation would be bypassed.
    • - -
  • For each language for which we have an internationalized - version (note that this need not be the same set of languages - for each error code - you can get by with a single language - version until you actually have translated - versions), a document - errordocs/403.shtml.lang is created and - filled with the error text in that language (see below).
    • - -
  • One fallback document called - errordocs/403.shtml is created, usually by - creating a symlink to the default language variant (see below).
    • -
- -

The common header and - footer files

- By putting as much layout information in two special "include - files", the error documents can be reduced to a bare minimum. - -

One of these layout files defines the HTML document header - and a configurable list of paths to the icons to be shown in - the resulting error document. These paths are exported as a set - of XSSI environment variables and are later evaluated by the - "footer" special file. The title of the current error (which is - put into the TITLE tag and an H1 header) is simply passed in - from the main error document in a variable called - title.
- By changing this file, the layout of all generated - error messages can be changed in a second. (By - exploiting the features of XSSI, you can easily define - different layouts based on the current virtual host, or even - based on the client's domain name).

- -

The second layout file describes the footer to be displayed - at the bottom of every error message. In this example, it shows - an apache logo, the current server time, the server version - string and adds a mail reference to the site's webmaster.

- -

For simplicity, the header file is simply called - head.shtml because it contains server-parsed - content but no language specific information. The footer file - exists once for each language translation, plus a symlink for - the default language.

- -

Example: for English, French and German - versions (default english)
- foot.shtml.en,
- foot.shtml.fr,
- foot.shtml.de,
- foot.shtml symlink to - foot.shtml.en

- -

Both files are included into the error document by using the - directives <!--#include virtual="head" --> - and <!--#include virtual="foot" --> - respectively: the rest of the magic occurs in mod_negotiation - and in mod_include.

- -

See the listings below to see an - actual HTML implementation of the discussed example.

- -

Creating - ErrorDocuments in different languages

- After all this preparation work, little remains to be said - about the actual documents. They all share a simple common - structure: -
-<!--#set var="title" value="error description title" -->
-<!--#include virtual="head" -->
-   explanatory error text
-<!--#include virtual="foot" -->
-
- In the listings section, you can see an - example of a [400 Bad Request] error document. Documents as - simple as that certainly cause no problems to translate or - expand. - -

The fallback - language

- Do we need a special handling for languages other than those we - have translations for? We did set the LanguagePriority, didn't - we?! - -

Well, the LanguagePriority directive is for the case where - the client does not express any language priority at all. But - what happens in the situation where the client wants one of the - languages we do not have, and none of those we do have?

- -

Without doing anything, the Apache server will usually - return a [406 no acceptable variant] error, listing the choices - from which the client may select. But we're in an error message - already, and important error information might get lost when - the client had to choose a language representation first.

- -

So, in this situation it appears to be easier to define a - fallback language (by copying or linking, e.g., the - english version to a language-less version). Because the - negotiation algorithm prefers "more specialized" variants over - "more generic" variants, these generic alternatives will only - be chosen when the normal negotiation did not succeed.

- -

A simple shell script to do it (execute within the - errordocs/ dir):

-
-  for f in *.shtml.en
-  do
-     ln -s $f `basename $f .en`
-  done
-
- -

Customizing Proxy Error - Messages

- -

As of Apache-1.3, it is possible to use the - ErrorDocument mechanism for proxy error messages - as well (previous versions always returned fixed predefined - error messages).

- -

Most proxy errors return an error code of [500 Internal - Server Error]. To find out whether a particular error document - was invoked on behalf of a proxy error or because of some other - server error, and what the reason for the failure was, you can - check the contents of the new ERROR_NOTES CGI - environment variable: if invoked for a proxy error, this - variable will contain the actual proxy error message text in - HTML form.

- -

The following excerpt demonstrates how to exploit the - ERROR_NOTES variable within an error document:

-
- <!--#if expr="$REDIRECT_ERROR_NOTES = ''" -->
-  <p>
-   The server encountered an unexpected condition
-   which prevented it from fulfilling the request. 
-  </p>
-  <p>
-   <A HREF="mailto:<!--#echo var="SERVER_ADMIN" -->"
-    SUBJECT="Error message [<!--#echo var="REDIRECT_STATUS" -->] <!--#echo var="title" --> for <!--#echo var="REQUEST_URI" -->">
-   Please forward this error screen to <!--#echo var="SERVER_NAME" -->'s
-   WebMaster</A>; it includes useful debugging information about
-   the Request which caused the error.
-   <pre><!--#printenv --></pre>
-  </p>
- <!--#else -->
-  <!--#echo var="REDIRECT_ERROR_NOTES" -->
- <!--#endif -->
-
- -

HTML listing of the - discussed example

- So, to summarize our example, here's the complete listing of - the 400.shtml.en document. You will notice that it - contains almost nothing but the error text (with conditional - additions). Starting with this example, you will find it easy - to add more error documents, or to translate the error - documents to different languages. -
-
-<!--#set var="title" value="Bad Request"
---><!--#include virtual="head" --><P>
-   Your browser sent a request that this server could not understand:
-   <BLOCKQUOTE>
-     <STRONG><!--#echo var="REQUEST_URI" --></STRONG>
-   </BLOCKQUOTE>
-   The request could not be understood by the server due to malformed
-   syntax. The client should not repeat the request without
-   modifications.
-   </P>
-   <P>
-   <!--#if expr="$HTTP_REFERER != ''" -->
-    Please inform the owner of
-    <A HREF="<!--#echo var="HTTP_REFERER" -->">the referring page</A> about 
-    the malformed link.
-   <!--#else -->
-    Please check your request for typing errors and retry.
-   <!--#endif -->
-   </P>
-<!--#include virtual="foot" -->
-
-
- Here is the complete head.shtml file (the funny - line breaks avoid empty lines in the document after XSSI - processing). Note the configuration section at top. That's - where you configure the images and logos as well as the apache - documentation directory. Look how this file displays two - different logos depending on the content of the virtual host - name ($SERVER_NAME), and that an animated apache logo is shown - if the browser appears to support it (the latter requires - server configuration lines of the form
- BrowserMatch "^Mozilla/[2-4]" anigif
- for browser types which support animated GIFs). -
-
-<!--#if expr="$SERVER_NAME = /.*\.mycompany\.com/" 
---><!--#set var="IMG_CorpLogo"
-            value="http://$SERVER_NAME:$SERVER_PORT/errordocs/CorpLogo.gif" 
---><!--#set var="ALT_CorpLogo" value="Powered by Linux!" 
---><!--#else
---><!--#set var="IMG_CorpLogo"
-            value="http://$SERVER_NAME:$SERVER_PORT/errordocs/PrivLogo.gif" 
---><!--#set var="ALT_CorpLogo" value="Powered by Linux!" 
---><!--#endif
---><!--#set var="IMG_BgImage" value="http://$SERVER_NAME:$SERVER_PORT/errordocs/BgImage.gif" 
---><!--#set var="DOC_Apache" value="http://$SERVER_NAME:$SERVER_PORT/Apache/" 
---><!--#if expr="$anigif" 
---><!--#set var="IMG_Apache" value="http://$SERVER_NAME:$SERVER_PORT/icons/apache_anim.gif" 
---><!--#else
---><!--#set var="IMG_Apache" value="http://$SERVER_NAME:$SERVER_PORT/icons/apache_pb.gif" 
---><!--#endif
---><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
-<HTML>
- <HEAD>
-  <TITLE>
-   [<!--#echo var="REDIRECT_STATUS" -->] <!--#echo var="title" -->
-  </TITLE>
- </HEAD>
- <BODY BGCOLOR="white" BACKGROUND="<!--#echo var="IMG_BgImage" -->"><UL>
-  <H1 ALIGN="center">
-   [<!--#echo var="REDIRECT_STATUS" -->] <!--#echo var="title" -->
-   <IMG SRC="<!--#echo var="IMG_CorpLogo" -->"
-        ALT="<!--#echo var="ALT_CorpLogo" -->" ALIGN=right>
-  </H1>
-  <HR><!-- ======================================================== -->
-  <DIV>
-
-
- and this is the foot.shtml.en file: -
-
-  </DIV>
-  <HR>
-  <DIV ALIGN="right"><SMALL><SUP>Local Server time:
-      <!--#echo var="DATE_LOCAL" -->
-  </SUP></SMALL></DIV>
-  <DIV ALIGN="center">
-    <A HREF="<!--#echo var="DOC_Apache" -->">
-    <IMG SRC="<!--#echo var="IMG_Apache" -->" BORDER=0 ALIGN="bottom"
-         ALT="Powered by <!--#echo var="SERVER_SOFTWARE" -->"></A><BR>
-    <SMALL><SUP><!--#set var="var"
-     value="Powered by $SERVER_SOFTWARE -- File last modified on $LAST_MODIFIED"
-    --><!--#echo var="var" --></SUP></SMALL>
-  </DIV>
-  <ADDRESS>If the indicated error looks like a misconfiguration, please inform
-   <A HREF="mailto:<!--#echo var="SERVER_ADMIN" -->"
-      SUBJECT="Feedback about Error message [<!--#echo var="REDIRECT_STATUS" 
-        -->] <!--#echo var="title" -->, req=<!--#echo var="REQUEST_URI" -->">
-   <!--#echo var="SERVER_NAME" -->'s WebMaster</A>.
-  </ADDRESS>
- </UL></BODY>
-</HTML>
-
-
- -

More welcome!

- If you have tips to contribute, send mail to martin@apache.org -
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/descriptors.html b/usr.sbin/httpd/htdocs/manual/misc/descriptors.html deleted file mode 100644 index 811ef241aeb..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/descriptors.html +++ /dev/null @@ -1,218 +0,0 @@ - - - - - - - Descriptors and Apache - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Descriptors and Apache

- -

A descriptor, also commonly called a file - handle is an object that a program uses to read or write - an open file, or open network socket, or a variety of other - devices. It is represented by an integer, and you may be - familiar with stdin, stdout, and - stderr which are descriptors 0, 1, and 2 - respectively. Apache needs a descriptor for each log file, plus - one for each network socket that it listens on, plus a handful - of others. Libraries that Apache uses may also require - descriptors. Normal programs don't open up many descriptors at - all, and so there are some latent problems that you may - experience should you start running Apache with many - descriptors (i.e., with many virtual hosts).

- -

The operating system enforces a limit on the number of - descriptors that a program can have open at a time. There are - typically three limits involved here. One is a kernel - limitation, depending on your operating system you will either - be able to tune the number of descriptors available to higher - numbers (this is frequently called FD_SETSIZE). Or you - may be stuck with a (relatively) low amount. The second limit - is called the hard resource limit, and it is sometimes - set by root in an obscure operating system file, but frequently - is the same as the kernel limit. The third limit is called the - soft resource limit. The soft limit is always less - than or equal to the hard limit. For example, the hard limit - may be 1024, but the soft limit only 64. Any user can raise - their soft limit up to the hard limit. Root can raise the hard - limit up to the system maximum limit. The soft limit is the - actual limit that is used when enforcing the maximum number of - files a process can have open.

- -

To summarize:

- -
-
-  #open files  <=  soft limit  <=  hard limit  <=  kernel limit
-
-
- -

You control the hard and soft limits using the - limit (csh) or ulimit (sh) - directives. See the respective man pages for more information. - For example you can probably use ulimit -n - unlimited to raise your soft limit up to the hard limit. - You should include this command in a shell script which starts - your webserver.

- -

Unfortunately, it's not always this simple. As mentioned - above, you will probably run into some system limitations that - will need to be worked around somehow. Work was done in version - 1.2.1 to improve the situation somewhat. Here is a partial list - of systems and workarounds (assuming you are using 1.2.1 or - later):

- -
-
BSDI 2.0
- -
Under BSDI 2.0 you can build Apache to support more - descriptors by adding -DFD_SETSIZE=nnn to - EXTRA_CFLAGS (where nnn is the number of - descriptors you wish to support, keep it less than the hard - limit). But it will run into trouble if more than - approximately 240 Listen directives are used. This may be - cured by rebuilding your kernel with a higher - FD_SETSIZE.
- -
FreeBSD 2.2, BSDI 2.1+
- -
Similar to the BSDI 2.0 case, you should define - FD_SETSIZE and rebuild. But the extra Listen - limitation doesn't exist.
- -
Linux
- -
By default Linux has a kernel maximum of 256 open - descriptors per process. There are several patches available - for the 2.0.x series which raise this to 1024 and beyond, and - you can find them in the "unofficial patches" section of the Linux Information HQ. - None of these patches are perfect, and an entirely different - approach is likely to be taken during the 2.1.x development. - Applying these patches will raise the FD_SETSIZE used to - compile all programs, and unless you rebuild all your - libraries you should avoid running any other program with a - soft descriptor limit above 256. As of this writing the - patches available for increasing the number of descriptors do - not take this into account. On a dedicated webserver you - probably won't run into trouble.
- -
Solaris through 2.5.1
- -
Solaris has a kernel hard limit of 1024 (may be lower in - earlier versions). But it has a limitation that files using - the stdio library cannot have a descriptor above 255. Apache - uses the stdio library for the ErrorLog directive. When you - have more than approximately 110 virtual hosts (with an error - log and an access log each) you will need to build Apache - with -DHIGH_SLACK_LINE=256 added to - EXTRA_CFLAGS. You will be limited to - approximately 240 error logs if you do this.
- -
AIX
- -
AIX version 3.2?? appears to have a hard limit of 128 - descriptors. End of story. Version 4.1.5 has a hard limit of - 2000. Version 4.3.3 and 5.1 say - 
-/*
- * Select uses bit masks of file descriptors.
- * These macros manipulate such bit fields.
- * FD_SETSIZE may be defined by the user to the maximum valued file
- * descriptor to be selected; the default here should be == OPEN_MAX
- */
-#ifndef FD_SETSIZE
-#define FD_SETSIZE     32767    /* must be == OPEN_MAX in  */
-#endif
-
- -
SCO OpenServer
- -
Edit the /etc/conf/cf.d/stune file or use - /etc/conf/cf.d/configure choice 7 (User and - Group configuration) and modify the NOFILES - kernel parameter to a suitably higher value. SCO recommends a - number between 60 and 11000, the default is 110. Relink and - reboot, and the new number of descriptors will be - available.
- -
Compaq Tru64 UNIX/Digital UNIX/OSF
- -
-
    -
  1. Raise open_max_soft and - open_max_hard to 4096 in the proc subsystem. - Do a man on sysconfig, sysconfigdb, and - sysconfigtab.
    2. - -
  2. Raise max-vnodes to a large number which - is greater than the number of apache processes * 4096 - (Setting it to 250,000 should be good for most people). - Do a man on sysconfig, sysconfigdb, and - sysconfigtab.
    3. - -
  3. If you are using Tru64 5.0, 5.0A, or 5.1, define - NO_SLACK to work around a bug in the OS. - CFLAGS="-DNO_SLACK" ./configure
    4. -
-
- -
Others
- -
If you have details on another operating system, please - submit it through our Bug Report - Page.
-
- -

In addition to the problems described above there are - problems with many libraries that Apache uses. The most common - example is the bind DNS resolver library that is used by pretty - much every unix, which fails if it ends up with a descriptor - above 256. We suspect there are other libraries that similar - limitations. So the code as of 1.2.1 takes a defensive stance - and tries to save descriptors less than 16 for use while - processing each request. This is called the low slack - line.

- -

Note that this shouldn't waste descriptors. If you really - are pushing the limits and Apache can't get a descriptor above - 16 when it wants it, it will settle for one below 16.

- -

In extreme situations you may want to lower the low slack - line, but you shouldn't ever need to. For example, lowering it - can increase the limits 240 described above under Solaris and - BSDI 2.0. But you'll play a delicate balancing game with the - descriptors needed to serve a request. Should you want to play - this game, the compile time parameter is - LOW_SLACK_LINE and there's a tiny bit of - documentation in the header file httpd.h.

- -

Finally, if you suspect that all this slack stuff is causing - you problems, you can disable it. Add -DNO_SLACK - to EXTRA_CFLAGS and rebuild. But please report it - to our Bug - Report Page so that we can investigate. -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html b/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html deleted file mode 100644 index 5b4b8faa017..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/fin_wait_2.html +++ /dev/null @@ -1,398 +0,0 @@ - - - - - - - Connections in FIN_WAIT_2 and Apache - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Connections in the FIN_WAIT_2 state and - Apache

- -
    -
  1. -

    What is the FIN_WAIT_2 state?

    - Starting with the Apache 1.2 betas, people are reporting - many more connections in the FIN_WAIT_2 state (as reported - by netstat) than they saw using older - versions. When the server closes a TCP connection, it sends - a packet with the FIN bit sent to the client, which then - responds with a packet with the ACK bit set. The client - then sends a packet with the FIN bit set to the server, - which responds with an ACK and the connection is closed. - The state that the connection is in during the period - between when the server gets the ACK from the client and - the server gets the FIN from the client is known as - FIN_WAIT_2. See the TCP RFC for - the technical details of the state transitions. - -

    The FIN_WAIT_2 state is somewhat unusual in that there - is no timeout defined in the standard for it. This means - that on many operating systems, a connection in the - FIN_WAIT_2 state will stay around until the system is - rebooted. If the system does not have a timeout and too - many FIN_WAIT_2 connections build up, it can fill up the - space allocated for storing information about the - connections and crash the kernel. The connections in - FIN_WAIT_2 do not tie up an httpd process.

    -
    2. - -
  2. -

    But why does it happen?

    - There are numerous reasons for it happening, some of them - may not yet be fully clear. What is known follows. - -

    Buggy clients and persistent connections

    - Several clients have a bug which pops up when dealing with - persistent connections (aka - keepalives). When the connection is idle and the server - closes the connection (based on the KeepAliveTimeout), - the client is programmed so that the client does not send - back a FIN and ACK to the server. This means that the - connection stays in the FIN_WAIT_2 state until one of the - following happens: - -
      -
    • The client opens a new connection to the same or a - different site, which causes it to fully close the older - connection on that socket.
      • - -
    • The user exits the client, which on some (most?) - clients causes the OS to fully shutdown the - connection.
      • - -
    • The FIN_WAIT_2 times out, on servers that have a - timeout for this state.
      • -
    - -

    If you are lucky, this means that the buggy client will - fully close the connection and release the resources on - your server. However, there are some cases where the socket - is never fully closed, such as a dialup client - disconnecting from their provider before closing the - client. In addition, a client might sit idle for days - without making another connection, and thus may hold its - end of the socket open for days even though it has no - further use for it. This is a bug in the browser or - in its operating system's TCP implementation.

    - -

    The clients on which this problem has been verified to - exist:

    - -
      -
    • Mozilla/3.01 (X11; I; FreeBSD 2.1.5-RELEASE - i386)
      • - -
    • Mozilla/2.02 (X11; I; FreeBSD 2.1.5-RELEASE - i386)
      • - -
    • Mozilla/3.01Gold (X11; I; SunOS 5.5 sun4m)
      • - -
    • MSIE 3.01 on the Macintosh
      • - -
    • MSIE 3.01 on Windows 95
      • -
    - -

    This does not appear to be a problem on:

    - -
      -
    • Mozilla/3.01 (Win95; I)
      • -
    - -

    It is expected that many other clients have the same - problem. What a client should do is - periodically check its open socket(s) to see if they have - been closed by the server, and close their side of the - connection if the server has closed. This check need only - occur once every few seconds, and may even be detected by a - OS signal on some systems (e.g., Win95 and NT - clients have this capability, but they seem to be ignoring - it).

    - -

    Apache cannot avoid these FIN_WAIT_2 - states unless it disables persistent connections for the - buggy clients, just like we recommend doing for Navigator - 2.x clients due to other bugs. However, non-persistent - connections increase the total number of connections needed - per client and slow retrieval of an image-laden web page. - Since non-persistent connections have their own resource - consumptions and a short waiting period after each closure, - a busy server may need persistence in order to best serve - its clients.

    - -

    As far as we know, the client-caused FIN_WAIT_2 problem - is present for all servers that support persistent - connections, including Apache 1.1.x and 1.2.

    - -

    A necessary bit of code introduced in 1.2

    - While the above bug is a problem, it is not the whole - problem. Some users have observed no FIN_WAIT_2 problems - with Apache 1.1.x, but with 1.2b enough connections build - up in the FIN_WAIT_2 state to crash their server. The most - likely source for additional FIN_WAIT_2 states is a - function called lingering_close() which was - added between 1.1 and 1.2. This function is necessary for - the proper handling of persistent connections and any - request which includes content in the message body - (e.g., PUTs and POSTs). What it does is read any - data sent by the client for a certain time after the server - closes the connection. The exact reasons for doing this are - somewhat complicated, but involve what happens if the - client is making a request at the same time the server - sends a response and closes the connection. Without - lingering, the client might be forced to reset its TCP - input buffer before it has a chance to read the server's - response, and thus understand why the connection has - closed. See the appendix for more - details. - -

    The code in lingering_close() appears to - cause problems for a number of factors, including the - change in traffic patterns that it causes. The code has - been thoroughly reviewed and we are not aware of any bugs - in it. It is possible that there is some problem in the BSD - TCP stack, aside from the lack of a timeout for the - FIN_WAIT_2 state, exposed by the - lingering_close code that causes the observed - problems.

    -
    3. - -
  3. - What can I do about it? There are several possible - workarounds to the problem, some of which work better than - others. - -

    Add a timeout for FIN_WAIT_2

    - The obvious workaround is to simply have a timeout for the - FIN_WAIT_2 state. This is not specified by the RFC, and - could be claimed to be a violation of the RFC, but it is - widely recognized as being necessary. The following systems - are known to have a timeout: - -
      -
    • FreeBSD - versions starting at 2.0 or possibly earlier.
      • - -
    • NetBSD version - 1.2(?)
      • - -
    • OpenBSD all - versions(?)
      • - -
    • BSD/OS 2.1, with - the - K210-027 patch installed.
      • - -
    • Solaris as of - around version 2.2. The timeout can be tuned by using - ndd to modify - tcp_fin_wait_2_flush_interval, but the - default should be appropriate for most servers and - improper tuning can have negative impacts.
      • - -
    • Linux 2.0.x and - earlier(?)
      • - -
    • HP-UX 10.x defaults - to terminating connections in the FIN_WAIT_2 state after - the normal keepalive timeouts. This does not refer to the - persistent connection or HTTP keepalive timeouts, but the - SO_LINGER socket option which is enabled by - Apache. This parameter can be adjusted by using - nettune to modify parameters such as - tcp_keepstart and tcp_keepstop. - In later revisions, there is an explicit timer for - connections in FIN_WAIT_2 that can be modified; contact - HP support for details.
      • - -
    • SGI IRIX can be - patched to support a timeout. For IRIX 5.3, 6.2, and 6.3, - use patches 1654, 1703 and 1778 respectively. If you have - trouble locating these patches, please contact your SGI - support channel for help.
      • - -
    • NCR's MP RAS Unix - 2.xx and 3.xx both have FIN_WAIT_2 timeouts. In 2.xx it - is non-tunable at 600 seconds, while in 3.xx it defaults - to 600 seconds and is calculated based on the tunable - "max keep alive probes" (default of 8) multiplied by the - "keep alive interval" (default 75 seconds).
      • - -
    • Sequent's ptx/TCP/IP - for DYNIX/ptx has had a FIN_WAIT_2 timeout since - around release 4.1 in mid-1994.
      • -
    - -

    The following systems are known to not have a - timeout:

    - -
      -
    • SunOS 4.x does not - and almost certainly never will have one because it as at - the very end of its development cycle for Sun. If you - have kernel source should be easy to patch.
      • -
    - -

    There is a - patch available for adding a timeout to the FIN_WAIT_2 - state; it was originally intended for BSD/OS, but should be - adaptable to most systems using BSD networking code. You - need kernel source code to be able to use it. - -

    Compile without using - lingering_close()

    - It is possible to compile Apache 1.2 without using the - lingering_close() function. This will result - in that section of code being similar to that which was in - 1.1. If you do this, be aware that it can cause problems - with PUTs, POSTs and persistent connections, especially if - the client uses pipelining. That said, it is no worse than - on 1.1, and we understand that keeping your server running - is quite important. - -

    To compile without the lingering_close() - function, add -DNO_LINGCLOSE to the end of the - EXTRA_CFLAGS line in your - Configuration file, rerun - Configure and rebuild the server.

    - -

    Use SO_LINGER as an alternative to - lingering_close()

    - On most systems, there is an option called - SO_LINGER that can be set with - setsockopt(2). It does something very similar - to lingering_close(), except that it is broken - on many systems so that it causes far more problems than - lingering_close. On some systems, it could - possibly work better so it may be worth a try if you have - no other alternatives. - -

    To try it, add -DUSE_SO_LINGER - -DNO_LINGCLOSE to the end of the - EXTRA_CFLAGS line in your - Configuration file, rerun - Configure and rebuild the server.

    - -

    NOTE: Attempting to use - SO_LINGER and lingering_close() - at the same time is very likely to do very bad things, so - don't.

    - -

    Increase the amount of memory used for storing - connection state

    - -
    -
    BSD based networking code:
    - -
    - BSD stores network data, such as connection states, in - something called an mbuf. When you get so many - connections that the kernel does not have enough mbufs - to put them all in, your kernel will likely crash. You - can reduce the effects of the problem by increasing the - number of mbufs that are available; this will not - prevent the problem, it will just make the server go - longer before crashing. - -

    The exact way to increase them may depend on your - OS; look for some reference to the number of "mbufs" or - "mbuf clusters". On many systems, this can be done by - adding the line NMBCLUSTERS="n", where - n is the number of mbuf clusters you want - to your kernel config file and rebuilding your - kernel.

    -
    -
    - -

    Disable KeepAlive

    - -

    If you are unable to do any of the above then you - should, as a last resort, disable KeepAlive. Edit your - httpd.conf and change "KeepAlive On" to "KeepAlive - Off".

    -
    4. - - -
  4. -

    Appendix

    - -

    Below is a message from Roy Fielding, one of the authors - of HTTP/1.1.

    - -

    Why the lingering close functionality is necessary with - HTTP

    - The need for a server to linger on a socket after a close - is noted a couple times in the HTTP specs, but not - explained. This explanation is based on discussions between - myself, Henrik Frystyk, Robert S. Thau, Dave Raggett, and - John C. Mallery in the hallways of MIT while I was at W3C. - -

    If a server closes the input side of the connection - while the client is sending data (or is planning to send - data), then the server's TCP stack will signal an RST - (reset) back to the client. Upon receipt of the RST, the - client will flush its own incoming TCP buffer back to the - un-ACKed packet indicated by the RST packet argument. If - the server has sent a message, usually an error response, - to the client just before the close, and the client - receives the RST packet before its application code has - read the error message from its incoming TCP buffer and - before the server has received the ACK sent by the client - upon receipt of that buffer, then the RST will flush the - error message before the client application has a chance to - see it. The result is that the client is left thinking that - the connection failed for no apparent reason.

    - -

    There are two conditions under which this is likely to - occur:

    - -
      -
    1. sending POST or PUT data without proper - authorization
      2. - -
    2. sending multiple requests before each response - (pipelining) and one of the middle requests resulting in - an error or other break-the-connection result.
      3. -
    - -

    The solution in all cases is to send the response, close - only the write half of the connection (what shutdown is - supposed to do), and continue reading on the socket until - it is either closed by the client (signifying it has - finally read the response) or a timeout occurs. That is - what the kernel is supposed to do if SO_LINGER is set. - Unfortunately, SO_LINGER has no effect on some systems; on - some other systems, it does not have its own timeout and - thus the TCP memory segments just pile-up until the next - reboot (planned or not).

    - -

    Please note that simply removing the linger code will - not solve the problem -- it only moves it to a different - and much harder one to detect.

    -
    5. -
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/howto.html b/usr.sbin/httpd/htdocs/manual/misc/howto.html deleted file mode 100644 index c37b82f933d..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/howto.html +++ /dev/null @@ -1,239 +0,0 @@ - - - - - - - - - Apache HOWTO documentation - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache HOWTO documentation

- How to: - - -
- -

How to redirect an entire - server or directory to a single URL

- -

There are two chief ways to redirect all requests for an - entire server to a single location: one which requires the use - of mod_rewrite, and another which uses a CGI - script.

- -

First: if all you need to do is migrate a server from one - name to another, simply use the Redirect - directive, as supplied by mod_alias:

- -
-
-  Redirect / http://www.apache.org/
-
-
- -

Since Redirect will forward along the complete - path, however, it may not be appropriate - for example, when - the directory structure has changed after the move, and you - simply want to direct people to the home page.

- -

The best option is to use the standard Apache module - mod_rewrite. If that module is compiled in, the - following lines

- -
-
-RewriteEngine On
-RewriteRule /.* http://www.apache.org/ [R]
-
-
- will send an HTTP 302 Redirect back to the client, and no - matter what they gave in the original URL, they'll be sent to - "http://www.apache.org/". - -

The second option is to set up a ScriptAlias - pointing to a CGI script which outputs a 301 - or 302 status and the location of the other server.

- -

By using a CGI script you can intercept - various requests and treat them specially, e.g., you - might want to intercept POST requests, so that - the client isn't redirected to a script on the other server - which expects POST information (a redirect will lose the POST - information.) You might also want to use a CGI script if you - don't want to compile mod_rewrite into your server.

- -

Here's how to redirect all requests to a script... In the - server configuration file,

- -
-
-ScriptAlias / /usr/local/httpd/cgi-bin/redirect_script/
-
-
- and here's a simple perl script to redirect requests: - -
-
-#!/usr/local/bin/perl
-
-print "Status: 302 Moved Temporarily\r\n" .
-      "Location: http://www.some.where.else.com/\r\n" .
-      "\r\n";
-
-
-
-
- -

How to reset your log - files

- -

Sooner or later, you'll want to reset your log files - (access_log and error_log) because they are too big, or full of - old information you don't need.

- -

access.log typically grows by 1Mb for each - 10,000 requests.

- -

Most people's first attempt at replacing the logfile is to - just move the logfile or remove the logfile. This doesn't - work.

- -

Apache will continue writing to the logfile at the same - offset as before the logfile moved. This results in a new - logfile being created which is just as big as the old one, but - it now contains thousands (or millions) of null characters.

- -

The correct procedure is to move the logfile, then signal - Apache to tell it to reopen the logfiles.

- -

Apache is signaled using the SIGHUP (-1) - signal. e.g.

- -
- mv access_log access_log.old
- kill -1 `cat httpd.pid` -
- -

Note: httpd.pid is a file containing the - process id of the Apache - httpd daemon, Apache saves this in the same directory as the - log files.

- -

Many people use this method to replace (and backup) their - logfiles on a nightly or weekly basis.

-
- -

How to stop or restrict - robots

- -

Ever wondered why so many clients are interested in a file - called robots.txt which you don't have, and never - did have?

- -

These clients are called robots (also known - as crawlers, spiders and other cute names) - special automated - clients which wander around the web looking for interesting - resources.

- -

Most robots are used to generate some kind of web - index which is then used by a search engine to - help locate information.

- -

robots.txt provides a means to request that - robots limit their activities at the site, or more often than - not, to leave the site alone.

- -

When the first robots were developed, they had a bad - reputation for sending hundreds/thousands of requests to each - site, often resulting in the site being overloaded. Things have - improved dramatically since then, thanks to - Guidelines for Robot Writers, but even so, some robots may - exhibit unfriendly behavior which the webmaster isn't willing - to tolerate, and will want to stop.

- -

Another reason some webmasters want to block access to - robots, is to stop them indexing dynamic information. Many - search engines will use the data collected from your pages for - months to come - not much use if you're serving stock quotes, - news, weather reports or anything else that will be stale by - the time people find it in a search engine.

- -

If you decide to exclude robots completely, or just limit - the areas in which they can roam, create a - robots.txt file; refer to the - robot information pages provided by Martijn Koster for the - syntax.

-
- -

How to proxy SSL requests - through your non-SSL Apache server
- (submitted by David Sedlock)

- -

SSL uses port 443 for requests for secure pages. If your - browser just sits there for a long time when you attempt to - access a secure page over your Apache proxy, then the proxy may - not be configured to handle SSL. You need to instruct Apache to - listen on port 443 in addition to any of the ports on which it - is already listening:

-
-    Listen 80
-    Listen 443
-
- -

Then set the security proxy in your browser to 443. That - might be it!

- -

If your proxy is sending requests to another proxy, then you - may have to set the directive ProxyRemote differently. Here are - my settings:

-
-    ProxyRemote http://nicklas:80/ http://proxy.mayn.franken.de:8080
-    ProxyRemote http://nicklas:443/ http://proxy.mayn.franken.de:443
-
- -

Requests on port 80 of my proxy nicklas are - forwarded to proxy.mayn.franken.de:8080, while - requests on port 443 are forwarded to - proxy.mayn.franken.de:443. If the remote proxy is - not set up to handle port 443, then the last directive can be - left out. SSL requests will only go over the first proxy.

- -

Note that your Apache does NOT have to be set up to serve - secure pages with SSL. Proxying SSL is a different thing from - using it.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/index.html b/usr.sbin/httpd/htdocs/manual/misc/index.html deleted file mode 100644 index 8415d4f4cc4..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/index.html +++ /dev/null @@ -1,104 +0,0 @@ - - - - - - - Apache Miscellaneous Documentation - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache Miscellaneous Documentation

- -

Below is a list of additional documentation pages that apply - to the Apache web server development project.

- -
-
API
- -
Description of Apache's Application Programming - Interface.
- -
FAQ
- -
Frequently-Asked Questions concerning the Apache project - and server.
- -
How to use XSSI and - Negotiation for custom ErrorDocuments
- -
Describes a solution which uses XSSI and negotiation to - custom-tailor the Apache ErrorDocuments to taste, adding the - advantage of returning internationalized versions of the - error messages depending on the client's language - preferences.
- -
File Descriptor use in - Apache
- -
Describes how Apache uses file descriptors and talks - about various limits imposed on the number of descriptors - available by various operating systems.
- -
FIN_WAIT_2
- -
A description of the causes of Apache processes going - into the FIN_WAIT_2 state, and what you can do - about it.
- -
"How-To"
- -
Instructions about how to accomplish some - commonly-desired server functionality changes.
- -
Known Client - Problems
- -
A list of problems in HTTP clients which can be mitigated - by Apache.
- -
Performance Notes (BSD - 4.4)
- -
Some notes about ways to improve/optimize Apache - performance on BSD 4.4 systems.
- -
Performance Notes (General)
- -
Some generic notes about how to improve the performance - of your machine/OS.
- -
Performance Notes -- Apache - Tuning
- -
Notes about how to (run-time and compile-time) configure - Apache for highest performance. Notes explaining why Apache - does some things, and why it doesn't do other things (which - make it slower/faster).
- -
Security Tips
- -
Some "do"s - and "don't"s - for keeping your Apache web - site secure.
- -
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html b/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html deleted file mode 100644 index 86f55b8f3d3..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/known_client_problems.html +++ /dev/null @@ -1,356 +0,0 @@ - - - - - - - Apache HTTP Server Project - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Known Problems in Clients

- -

Over time the Apache Group has discovered or been notified - of problems with various clients which we have had to work - around, or explain. This document describes these problems and - the workarounds available. It's not arranged in any particular - order. Some familiarity with the standards is assumed, but not - necessary.

- -

For brevity, Navigator will refer to Netscape's - Navigator product (which in later versions was renamed - "Communicator" and various other names), and MSIE will - refer to Microsoft's Internet Explorer product. All trademarks - and copyrights belong to their respective companies. We welcome - input from the various client authors to correct - inconsistencies in this paper, or to provide us with exact - version numbers where things are broken/fixed.

- -

For reference, RFC1945 - defines HTTP/1.0, and RFC2068 - defines HTTP/1.1. Apache as of version 1.2 is an HTTP/1.1 - server (with an optional HTTP/1.0 proxy).

- -

Various of these workarounds are triggered by environment - variables. The admin typically controls which are set, and for - which clients, by using mod_setenvif. Unless - otherwise noted all of these workarounds exist in versions 1.2 - and later.

- -

Trailing CRLF on - POSTs

- -

This is a legacy issue. The CERN webserver required - POST data to have an extra CRLF - following it. Thus many clients send an extra CRLF - that is not included in the Content-Length of the - request. Apache works around this problem by eating any empty - lines which appear before a request.

- -

Broken - keepalive

- -

Various clients have had broken implementations of - keepalive (persistent connections). In particular the - Windows versions of Navigator 2.0 get very confused when the - server times out an idle connection. The workaround is present - in the default config files:

- -
- BrowserMatch Mozilla/2 nokeepalive -
- Note that this matches some earlier versions of MSIE, which - began the practice of calling themselves Mozilla in - their user-agent strings just like Navigator. - -

MSIE 4.0b2, which claims to support HTTP/1.1, does not - properly support keepalive when it is used on 301 or 302 - (redirect) responses. Unfortunately Apache's - nokeepalive code prior to 1.2.2 would not work - with HTTP/1.1 clients. You must apply - this patch to version 1.2.1. Then add this to your - config:

- -
- BrowserMatch "MSIE 4\.0b2;" nokeepalive -
- -

Incorrect interpretation of - HTTP/1.1 in response

- -

To quote from section 3.1 of RFC1945:

- -
- HTTP uses a "<MAJOR>.<MINOR>" numbering scheme to - indicate versions of the protocol. The protocol versioning - policy is intended to allow the sender to indicate the format - of a message and its capacity for understanding further HTTP - communication, rather than the features obtained via that - communication. -
- Since Apache is an HTTP/1.1 server, it indicates so as part of - its response. Many client authors mistakenly treat this part of - the response as an indication of the protocol that the response - is in, and then refuse to accept the response. - -

The first major indication of this problem was with AOL's - proxy servers. When Apache 1.2 went into beta it was the first - wide-spread HTTP/1.1 server. After some discussion, AOL fixed - their proxies. In anticipation of similar problems, the - force-response-1.0 environment variable was added - to Apache. When present Apache will indicate "HTTP/1.0" in - response to an HTTP/1.0 client, but will not in any other way - change the response.

- -

The pre-1.1 Java Development Kit (JDK) that is used in many - clients (including Navigator 3.x and MSIE 3.x) exhibits this - problem. As do some of the early pre-releases of the 1.1 JDK. - We think it is fixed in the 1.1 JDK release. In any event the - workaround:

- -
- BrowserMatch Java/1.0 force-response-1.0
- BrowserMatch JDK/1.0 force-response-1.0 -
- -

RealPlayer 4.0 from Progressive Networks also exhibits this - problem. However they have fixed it in version 4.01 of the - player, but version 4.01 uses the same User-Agent - as version 4.0. The workaround is still:

- -
- BrowserMatch "RealPlayer 4.0" force-response-1.0 -
- -

Requests use HTTP/1.1 - but responses must be in HTTP/1.0

- -

MSIE 4.0b2 has this problem. Its Java VM makes requests in - HTTP/1.1 format but the responses must be in HTTP/1.0 format - (in particular, it does not understand chunked - responses). The workaround is to fool Apache into believing the - request came in HTTP/1.0 format.

- -
- BrowserMatch "MSIE 4\.0b2;" downgrade-1.0 - force-response-1.0 -
- This workaround is available in 1.2.2, and in a - patch against 1.2.1. - -

Boundary problems with - header parsing

- -

All versions of Navigator from 2.0 through 4.0b2 (and - possibly later) have a problem if the trailing CRLF of the - response header starts at offset 256, 257 or 258 of the - response. A BrowserMatch for this would match on nearly every - hit, so the workaround is enabled automatically on all - responses. The workaround implemented detects when this - condition would occur in a response and adds extra padding to - the header to push the trailing CRLF past offset 258 of the - response.

- -

Multipart - responses and Quoted Boundary Strings

- -

On multipart responses some clients will not accept quotes - (") around the boundary string. The MIME standard recommends - that such quotes be used. But the clients were probably written - based on one of the examples in RFC2068, which does not include - quotes. Apache does not include quotes on its boundary strings - to workaround this problem.

- -

Byterange requests

- -

A byterange request is used when the client wishes to - retrieve a portion of an object, not necessarily the entire - object. There was a very old draft which included these - byteranges in the URL. Old clients such as Navigator 2.0b1 and - MSIE 3.0 for the MAC exhibit this behavior, and it will appear - in the servers' access logs as (failed) attempts to retrieve a - URL with a trailing ";xxx-yyy". Apache does not attempt to - implement this at all.

- -

A subsequent draft of this standard defines a header - Request-Range, and a response type - multipart/x-byteranges. The HTTP/1.1 standard - includes this draft with a few fixes, and it defines the header - Range and type - multipart/byteranges.

- -

Navigator (versions 2 and 3) sends both Range - and Request-Range headers (with the same value), - but does not accept a multipart/byteranges - response. The response must be - multipart/x-byteranges. As a workaround, if Apache - receives a Request-Range header it considers it - "higher priority" than a Range header and in - response uses multipart/x-byteranges.

- -

The Adobe Acrobat Reader plugin makes extensive use of - byteranges and prior to version 3.01 supports only the - multipart/x-byterange response. Unfortunately - there is no clue that it is the plugin making the request. If - the plugin is used with Navigator, the above workaround works - fine. But if the plugin is used with MSIE 3 (on Windows) the - workaround won't work because MSIE 3 doesn't give the - Range-Request clue that Navigator does. To - workaround this, Apache special cases "MSIE 3" in the - User-Agent and serves - multipart/x-byteranges. Note that the necessity - for this with MSIE 3 is actually due to the Acrobat plugin, not - due to the browser.

- -

Netscape Communicator appears to not issue the non-standard - Request-Range header. When an Acrobat plugin prior - to version 3.01 is used with it, it will not properly - understand byteranges. The user must upgrade their Acrobat - reader to 3.01.

- -

Set-Cookie header is - unmergeable

- -

The HTTP specifications say that it is legal to merge - headers with duplicate names into one (separated by commas). - Some browsers that support Cookies don't like merged headers - and prefer that each Set-Cookie header is sent - separately. When parsing the headers returned by a CGI, Apache - will explicitly avoid merging any Set-Cookie - headers.

- -

Expires headers and GIF89A - animations

- -

Navigator versions 2 through 4 will erroneously re-request - GIF89A animations on each loop of the animation if the first - response included an Expires header. This happens - regardless of how far in the future the expiry time is set. - There is no workaround supplied with Apache, however there are - hacks for - 1.2 and for - 1.3.

- -

POST without - Content-Length

- -

In certain situations Navigator 3.01 through 3.03 appear to - incorrectly issue a POST without the request body. There is no - known workaround. It has been fixed in Navigator 3.04, - Netscapes provides some information. - There's also - some information about the actual problem.

- -

JDK 1.2 betas lose - parts of responses.

- -

The http client in the JDK1.2beta2 and beta3 will throw away - the first part of the response body when both the headers and - the first part of the body are sent in the same network packet - AND keep-alive's are being used. If either condition is not met - then it works fine.

- -

See also Bug-ID's 4124329 and 4125538 at the java developer - connection.

- -

If you are seeing this bug yourself, you can add the - following BrowserMatch directive to work around it:

- -
- BrowserMatch "Java1\.2beta[23]" nokeepalive -
- -

We don't advocate this though since bending over backwards - for beta software is usually not a good idea; ideally it gets - fixed, new betas or a final release comes out, and no one uses - the broken old software anymore. In theory.

- -

Content-Type - change is not noticed after reload

- -

Navigator (all versions?) will cache the - content-type for an object "forever". Using reload - or shift-reload will not cause Navigator to notice a - content-type change. The only work-around is for - the user to flush their caches (memory and disk). By way of an - example, some folks may be using an old mime.types - file which does not map .htm to - text/html, in this case Apache will default to - sending text/plain. If the user requests the page - and it is served as text/plain. After the admin - fixes the server, the user will have to flush their caches - before the object will be shown with the correct - text/html type.

- -

MSIE Cookie - problem with expiry date in the year 2000

- -

MSIE versions 3.00 and 3.02 (without the Y2K patch) do not - handle cookie expiry dates in the year 2000 properly. Years - after 2000 and before 2000 work fine. This is fixed in IE4.01 - service pack 1, and in the Y2K patch for IE3.02. Users should - avoid using expiry dates in the year 2000.

- -

Lynx incorrectly asking for - transparent content negotiation

- -

The Lynx browser versions 2.7 and 2.8 send a "negotiate: - trans" header in their requests, which is an indication the - browser supports transparent content negotiation (TCN). However - the browser does not support TCN. As of version 1.3.4, Apache - supports TCN, and this causes problems with these versions of - Lynx. As a workaround future versions of Apache will ignore - this header when sent by the Lynx client.

- -

MSIE 4.0 mishandles Vary - response header

- -

MSIE 4.0 does not handle a Vary header properly. The Vary - header is generated by mod_rewrite in apache 1.3. The result is - an error from MSIE saying it cannot download the requested - file. There are more details in PR#4118.

- -

A workaround is to add the following to your server's - configuration files:

-
-    BrowserMatch "MSIE 4\.0" force-no-vary
-
- -

(This workaround is only available with releases - after 1.3.6 of the Apache Web server.)

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html b/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html deleted file mode 100644 index 785f66dad85..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/perf-bsd44.html +++ /dev/null @@ -1,281 +0,0 @@ - - - - - - - Running a High-Performance Web Server for BSD - - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - - -

Running a High-Performance Web Server for - BSD

- -

This document assumes that you have read the appropriate - overview documentation for - FreeBSD, - NetBSD, or - OpenBSD. - In addition, the FreeBSD - tuning - manual page contains lots of wisdom, especially regarding sysctl - options.

- -

Like other OS's, the listen queue is often the first - limit hit. The following are comments from "Aaron - Gifford <agifford@InfoWest.COM>" on how to fix this on - BSDI 1.x, 2.x, and FreeBSD 2.0 (and earlier):

- -

Edit the following two files:

- -
- /usr/include/sys/socket.h
- /usr/src/sys/sys/socket.h -
- In each file, look for the following: -
-    /*
-     * Maximum queue length specifiable by listen.
-     */
-    #define SOMAXCONN       5
-
- Just change the "5" to whatever appears to work. I bumped the - two machines I was having problems with up to 32 and haven't - noticed the problem since. - -

After the edit, recompile the kernel and recompile the - Apache server then reboot.

- -

FreeBSD 2.1 seems to be perfectly happy, with SOMAXCONN set - to 32 already.

- -

Addendum for - very heavily loaded BSD servers
- from Chuck Murcko <chuck@telebase.com>

- -

If you're running a really busy BSD Apache server, the - following are useful things to do if the system is acting - sluggish:

- -
    -
  • Run vmstat to check memory usage, page/swap rates, - etc.
    • - -
  • Run netstat -m to check mbuf usage
    • - -
  • Run fstat to check file descriptor usage
    • -
- These utilities give you an idea what you'll need to tune in - your kernel, and whether it'll help to buy more RAM. Here are - some BSD kernel config parameters (actually BSDI, but pertinent - to FreeBSD and other 4.4-lite derivatives) from a system - getting heavy usage. The tools mentioned above were used, and - the system memory was increased to 48 MB before these tuneups. - Other system parameters remained unchanged. -
-maxusers        256
-
- Maxusers drives a lot of other kernel parameters: - -
    -
  • Maximum # of processes
    • - -
  • Maximum # of processes per user
    • - -
  • System wide open files limit
    • - -
  • Per-process open files limit
    • - -
  • Maximum # of mbuf clusters
    • - -
  • Proc/pgrp hash table size
    • -
- The actual formulae for these derived parameters are in - /usr/src/sys/conf/param.c. These calculated parameters - can also be overridden (in part) by specifying your own values - in the kernel configuration file: -
-# Network options. NMBCLUSTERS defines the number of mbuf clusters and
-# defaults to 256. This machine is a server that handles lots of traffic,
-# so we crank that value.
-options         NMBCLUSTERS=4096        # mbuf clusters at 4096
-
-#
-# Misc. options
-#
-options         CHILD_MAX=512           # maximum number of child processes
-options         OPEN_MAX=512            # maximum fds (breaks RPC svcs)
-
- -

In many cases, NMBCLUSTERS must be set much larger than - would appear necessary at first glance. The reason for this is - that if the browser disconnects in mid-transfer, the socket fd - associated with that particular connection ends up in the - TIME_WAIT state for several minutes, during which time its - mbufs are not yet freed. Another reason is that, on server - timeouts, some connections end up in FIN_WAIT_2 state forever, - because this state doesn't time out on the server, and the - browser never sent a final FIN. For more details see the FIN_WAIT_2 page.

- -

Some more info on mbuf clusters (from sys/mbuf.h):

-
-/*
- * Mbufs are of a single size, MSIZE (machine/machparam.h), which
- * includes overhead.  An mbuf may add a single "mbuf cluster" of size
- * MCLBYTES (also in machine/machparam.h), which has no additional overhead
- * and is used instead of the internal data area; this is done when
- * at least MINCLSIZE of data must be stored.
- */
-
- -

CHILD_MAX and OPEN_MAX are set to allow up to 512 child - processes (different than the maximum value for processes per - user ID) and file descriptors. These values may change for your - particular configuration (a higher OPEN_MAX value if you've got - modules or CGI scripts opening lots of connections or files). - If you've got a lot of other activity besides httpd on the same - machine, you'll have to set NPROC higher still. In this - example, the NPROC value derived from maxusers proved - sufficient for our load.

- -

To increase the size of the listen() queue, you - need to adjust the value of SOMAXCONN. SOMAXCONN is not derived - from maxusers, so you'll always need to increase that yourself. - We use a value guaranteed to be larger than Apache's default - for the listen() of 128, currently. The actual value for - SOMAXCONN is set in sys/socket.h. The best way to - adjust this parameter is run-time, rather than changing it in - this header file and thus hardcoding a value in the kernel and - elsewhere. To do this, edit /etc/rc.local and add - the following line:

-
-    /usr/sbin/sysctl -w kern.somaxconn=256
-
- -

We used 256 but you can tune it for your own - setup. In many cases, however, even the default value of - 128 (for later versions of FreeBSD) is OK.

- -

Caveats

- -

Be aware that your system may not boot with a kernel that is - configured to use more resources than you have available system - RAM. ALWAYS have a known bootable kernel - available when tuning your system this way, and use the system - tools beforehand to learn if you need to buy more memory before - tuning.

- -

RPC services will fail when the value of OPEN_MAX is larger - than 256. This is a function of the original implementations of - the RPC library, which used a byte value for holding file - descriptors. BSDI has partially addressed this limit in its 2.1 - release, but a real fix may well await the redesign of RPC - itself.

- -

Finally, there's the hard limit of child processes - configured in Apache.

- -

For versions of Apache later than 1.0.5 you'll need to - change the definition for HARD_SERVER_LIMIT in - httpd.h and recompile if you need to run more than the - default 150 instances of httpd.

- -

From conf/httpd.conf:

-
-# Limit on total number of servers running, i.e., limit on the number
-# of clients who can simultaneously connect --- if this limit is ever
-# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
-# It is intended mainly as a brake to keep a runaway server from taking
-# Unix with it as it spirals down...
-
-MaxClients 150
-
- Know what you're doing if you bump this value up, and make sure - you've done your system monitoring, RAM expansion, and kernel - tuning beforehand. Then you're ready to service some serious - hits! - -

Thanks to Tony Sanders and Chris Torek at - BSDI for their helpful suggestions and information.

- -

"M. Teterin" <mi@ALDAN.ziplink.net> writes:

- -
- It really does help if your kernel and frequently used - utilities are fully optimized. Rebuilding the FreeBSD kernel - on an AMD-133 (486-class CPU) web-server with
- -m486 -fexpensive-optimizations -fomit-frame-pointer - -O2
- helped reduce the number of "unable" errors, because the CPU - was often maxed out. -
- -

Accept filtering on - FreeBSD

- -

Versions of FreeBSD from August 2000 onwards include a - feature called "accept filters" which delay the return from - accept() until a condition has been met, e.g. an HTTP request - has arrived. This postpones the requirement for a child process - to handle the new connection which therefore increases the - number of connections that a given number of child processes - can handle. It also allows a child process to accomplish more - immediately after accept() returns (because the request is - already available to be read) so there is less context - switching.

- -

Accept filters provide the most benefit on servers that are - already so busy that they are configured with "KeepAlive - Off". HTTP KeepAlive (aka - persistent connections) avoids the cost of setting up a new - connection for every request, but connections that are being - kept alive use up one of the available child processes. Since - there is a limited number of child processes this can - significantly reduce the capacity of the server. The viewers of - a web site will still get a lot of the benefit of persistent - connections even with a very small - KeepAliveTimeout so you should try reducing it - before turning it off altogether.

- -

To enable accept filtering, you must either load the - appropriate accept filter module, e.g. with the command - kldload accf_http, or compile a kernel with - options ACCEPT_FILTER_HTTP. Apache will then - enable filtering when it is restarted.

- -

Accept filters are compiled in if the symbol - SO_ACCEPTFILTER is defined on the machine on which - Apache is built. Additionally there is a directive AcceptFilter to switch - the filters on or off. The default is on; except when apache is - compiled with -D AP_ACCEPTFILTER_ON.

- -

See the manual page - accf_http(9) - for more information.

- -

More welcome!

- If you have tips to contribute, send mail to apache@apache.org -
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html b/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html deleted file mode 100644 index 4cfae4fe37c..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/perf-tuning.html +++ /dev/null @@ -1,1066 +0,0 @@ - - - - - - - Apache Performance Notes - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache Performance Notes

- -

Author: Dean Gaudet

- - -
- -

Introduction

- -

Apache is a general webserver, which is designed to be correct - first, and fast second. Even so, its performance is quite satisfactory. - Most sites have less than 10Mbits of outgoing bandwidth, which Apache - can fill using only a low end Pentium-based webserver. In practice, - sites with more bandwidth require more than one machine to fill the - bandwidth due to other constraints (such as CGI or database transaction - overhead). For these reasons, the development focus has been mostly on - correctness and configurability.

- -

Unfortunately many folks overlook these facts and cite raw - performance numbers as if they are some indication of the quality of a - web server product. There is a bare minimum performance that is - acceptable, beyond that, extra speed only caters to a much smaller - segment of the market. But in order to avoid this hurdle to the - acceptance of Apache in some markets, effort was put into Apache 1.3 to - bring performance up to a point where the difference with other - high-end webservers is minimal.

- -

Finally there are the folks who just want to see how fast something - can go. The author falls into this category. The rest of this document - is dedicated to these folks who want to squeeze every last bit of - performance out of Apache's current model, and want to understand why - it does some things which slow it down.

- -

Note that this is tailored towards Apache 1.3 on Unix. Some of it - applies to Apache on NT. Apache on NT has not been tuned for - performance yet; in fact it probably performs very poorly because NT - performance requires a different programming model.

-
- -

Hardware and Operating System - Issues

- -

The single biggest hardware issue affecting webserver performance is - RAM. A webserver should never ever have to swap, as swapping increases - the latency of each request beyond a point that users consider "fast - enough". This causes users to hit stop and reload, further increasing - the load. You can, and should, control the MaxClients - setting so that your server does not spawn so many children it starts - swapping. The procedure for doing this is simple: determine the size of - your average Apache process, by looking at your process list via a tool - such as top, and divide this into your total available - memory, leaving some room for other processes.

- -

Beyond that the rest is mundane: get a fast enough CPU, a fast - enough network card, and fast enough disks, where "fast enough" is - something that needs to be determined by experimentation.

- -

Operating system choice is largely a matter of local concerns. But a - general guideline is to always apply the latest vendor TCP/IP - patches.

-
- -

Run-Time Configuration - Issues

- -

HostnameLookups and other DNS considerations

- -

Prior to Apache 1.3, HostnameLookups - defaulted to On. This adds latency to every request - because it requires a DNS lookup to complete before the request is - finished. In Apache 1.3 this setting defaults to Off. If - you need to have addresses in your log files resolved to hostnames, use - the logresolve program that - comes with Apache, or one of the numerous log reporting packages which - are available.

- -

It is recommended that you do this sort of postprocessing of your - log files on some machine other than the production web server machine, - in order that this activity not adversely affect server - performance.

- -

If you use any Allow from domain or - Deny from domain - directives (i.e., using a hostname, or a domain name, rather than an IP - address) then you will pay for a double reverse DNS lookup (a reverse, - followed by a forward to make sure that the reverse is not being - spoofed). For best performance, therefore, use IP addresses, rather - than names, when using these directives, if possible.

- -

Note that it's possible to scope the directives, such as within a - <Location /server-status> section. In this case the - DNS lookups are only performed on requests matching the criteria. - Here's an example which disables lookups except for .html and .cgi - files:

- -
-
-HostnameLookups off
-<Files ~ "\.(html|cgi)$">
-    HostnameLookups on
-</Files>
-
-
- -

But even still, if you just need DNS names in some CGIs you could - consider doing the gethostbyname call in the specific CGIs - that need it.

- -

FollowSymLinks and SymLinksIfOwnerMatch

- -

Wherever in your URL-space you do not have an Options - FollowSymLinks, or you do have an Options - SymLinksIfOwnerMatch Apache will have to issue extra system - calls to check up on symlinks. One extra call per filename component. - For example, if you had:

- -
-
-DocumentRoot /www/htdocs
-<Directory />
-    Options SymLinksIfOwnerMatch
-</Directory>
-
-
- -

and a request is made for the URI /index.html. Then - Apache will perform lstat(2) on /www, - /www/htdocs, and /www/htdocs/index.html. The - results of these lstats are never cached, so they will - occur on every single request. If you really desire the symlinks - security checking you can do something like this:

- -
-
-DocumentRoot /www/htdocs
-<Directory />
-    Options FollowSymLinks
-</Directory>
-<Directory /www/htdocs>
-    Options -FollowSymLinks +SymLinksIfOwnerMatch
-</Directory>
-
-
- -

This at least avoids the extra checks for the - DocumentRoot path. Note that you'll need to add similar - sections if you have any Alias or RewriteRule - paths outside of your document root. For highest performance, and no - symlink protection, set FollowSymLinks everywhere, and - never set SymLinksIfOwnerMatch.

- -

AllowOverride

- -

Wherever in your URL-space you allow overrides (typically - .htaccess files) Apache will attempt to open - .htaccess for each filename component. For example,

- -
-
-DocumentRoot /www/htdocs
-<Directory />
-    AllowOverride all
-</Directory>
-
-
- -

and a request is made for the URI /index.html. Then - Apache will attempt to open /.htaccess, - /www/.htaccess, and /www/htdocs/.htaccess. - The solutions are similar to the previous case of Options - FollowSymLinks. For highest performance use AllowOverride - None everywhere in your filesystem.

- -

See also the .htaccess tutorial - for further discussion of this.

- -

Negotiation

- -

If at all possible, avoid content-negotiation if you're really - interested in every last ounce of performance. In practice the benefits - of negotiation outweigh the performance penalties. There's one case - where you can speed up the server. Instead of using a wildcard such - as:

- -
-
-DirectoryIndex index
-
-
- -

Use a complete list of options:

- -
-
-DirectoryIndex index.cgi index.pl index.shtml index.html
-
-
- -

where you list the most common choice first.

- -

If your site needs content negotiation, consider using - type-map files rather than the Options - MultiViews directive to accomplish the negotiation. See the Content Negotiation - documentation for a full discussion of the methods of negotiation, and - instructions for creating type-map files.

- -

Process Creation

- -

Prior to Apache 1.3 the MinSpareServers, - MaxSpareServers, - and StartServers - settings all had drastic effects on benchmark results. In particular, - Apache required a "ramp-up" period in order to reach a number of - children sufficient to serve the load being applied. After the initial - spawning of StartServers children, only one child per - second would be created to satisfy the MinSpareServers - setting. So a server being accessed by 100 simultaneous clients, using - the default StartServers of 5 would take on the order 95 - seconds to spawn enough children to handle the load. This works fine in - practice on real-life servers, because they aren't restarted - frequently. But results in poor performance on benchmarks, which might - only run for ten minutes.

- -

The one-per-second rule was implemented in an effort to avoid - swamping the machine with the startup of new children. If the machine - is busy spawning children it can't service requests. But it has such a - drastic effect on the perceived performance of Apache that it had to be - replaced. As of Apache 1.3, the code will relax the one-per-second - rule. It will spawn one, wait a second, then spawn two, wait a second, - then spawn four, and it will continue exponentially until it is - spawning 32 children per second. It will stop whenever it satisfies the - MinSpareServers setting.

- -

This appears to be responsive enough that it's almost unnecessary to - adjust the MinSpareServers, MaxSpareServers - and StartServers settings. When more than 4 children are - spawned per second, a message will be emitted to the - ErrorLog. If you see a lot of these errors then consider - tuning these settings. Use the mod_status output as a - guide.

- -

In particular, you may need to set MinSpareServers - higher if traffic on your site is extremely bursty - that is, if the - number of connections to your site fluctuates radically in short - periods of time. This may be the case, for example, if traffic to your - site is highly event-driven, such as sites for major sports events, or - other sites where users are encouraged to visit the site at a - particular time.

- -

Related to process creation is process death induced by the - MaxRequestsPerChild setting. By default this is 0, which - means that there is no limit to the number of requests handled per - child. If your configuration currently has this set to some very low - number, such as 30, you may want to bump this up significantly. If you - are running SunOS or an old version of Solaris, limit this to 10000 or - so because of memory leaks.

- -

When keep-alives are in use, children will be kept busy doing - nothing waiting for more requests on the already open connection. The - default KeepAliveTimeout of 15 seconds attempts to - minimize this effect. The tradeoff here is between network bandwidth - and server resources. In no event should you raise this above about 60 - seconds, as - most of the benefits are lost.

- -

Related to process creation is process death induced by the MaxFOOPerChild - setting, where FOO is one of the system resource limits. There are - directives to control the CPU, DATA, NOFILE, RSS and STACK rlimits. - By default, they are set to 0, meaning that the system default values - will be used for the child. On a busy server with script interpreters - and memory caches, these should be set to some appropriate finite - values.

- -

Modules

- -

Since memory usage is such an important consideration in - performance, you should attempt to eliminate modules that you are not - actually using. If you have built the modules as DSOs, eliminating modules is a simple matter of - commenting out the associated AddModule and LoadModule directives for - that module. This allows you to experiment with removing modules, and - seeing if your site still functions in their absence.

- -

If, on the other hand, you have modules statically linked into your - Apache binary, you will need to recompile Apache in order to remove - unwanted modules.

- -

An associated question that arises here is, of course, what modules - you need, and which ones you don't. The answer here will, of course, - vary from one web site to another. However, the minimal list of - modules which you can get by with tends to include mod_mime, mod_dir, and mod_log_config. - mod_log_config is, of course, optional, as you can run a - web site without log files. This is, however, not recommended.

- -

mod_mmap_static

- -

Apache comes with a module, mod_mmap_static, which is not - enabled by default, which allows you to map files into RAM, and - serve them directly from memory rather than from the disc, which - should result in substantial performance improvement for - frequently-requests files. Note that when files are modified, you - will need to restart your server in order to serve the latest - version of the file, so this is not appropriate for files which - change frequently. See the documentation for this module for more - complete details.

- -
- -

Compile-Time Configuration - Issues

- -

mod_status and ExtendedStatus On

- -

If you include mod_status and you also - set ExtendedStatus On when building and running Apache, - then on every request Apache will perform two calls to - gettimeofday(2) (or times(2) depending on - your operating system), and (pre-1.3) several extra calls to - time(2). This is all done so that the status report - contains timing indications. For highest performance, set - ExtendedStatus off (which is the default).

- -

mod_status should probably be configured to allow - access by only a few users, rather than to the general public, so this - will likely have very low impact on your overall performance.

- -

accept Serialization - multiple sockets

- -

This discusses a shortcoming in the Unix socket API. Suppose your - web server uses multiple Listen statements to listen on - either multiple ports or multiple addresses. In order to test each - socket to see if a connection is ready Apache uses - select(2). select(2) indicates that a socket - has zero or at least one connection waiting on it. - Apache's model includes multiple children, and all the idle ones test - for new connections at the same time. A naive implementation looks - something like this (these examples do not match the code, they're - contrived for pedagogical purposes):

- -
-
-    for (;;) {
-    for (;;) {
-        fd_set accept_fds;
-
-        FD_ZERO (&accept_fds);
-        for (i = first_socket; i <= last_socket; ++i) {
-        FD_SET (i, &accept_fds);
-        }
-        rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);
-        if (rc < 1) continue;
-        new_connection = -1;
-        for (i = first_socket; i <= last_socket; ++i) {
-        if (FD_ISSET (i, &accept_fds)) {
-            new_connection = accept (i, NULL, NULL);
-            if (new_connection != -1) break;
-        }
-        }
-        if (new_connection != -1) break;
-    }
-    process the new_connection;
-    }
-
-
- But this naive implementation has a serious starvation problem. Recall - that multiple children execute this loop at the same time, and so - multiple children will block at select when they are in - between requests. All those blocked children will awaken and return - from select when a single request appears on any socket - (the number of children which awaken varies depending on the operating - system and timing issues). They will all then fall down into the loop - and try to accept the connection. But only one will - succeed (assuming there's still only one connection ready), the rest - will be blocked in accept. This effectively locks - those children into serving requests from that one socket and no other - sockets, and they'll be stuck there until enough new requests appear on - that socket to wake them all up. This starvation problem was first - documented in PR#467. There are at - least two solutions. - -

One solution is to make the sockets non-blocking. In this case the - accept won't block the children, and they will be allowed - to continue immediately. But this wastes CPU time. Suppose you have ten - idle children in select, and one connection arrives. Then - nine of those children will wake up, try to accept the - connection, fail, and loop back into select, accomplishing - nothing. Meanwhile none of those children are servicing requests that - occurred on other sockets until they get back up to the - select again. Overall this solution does not seem very - fruitful unless you have as many idle CPUs (in a multiprocessor box) as - you have idle children, not a very likely situation.

- -

Another solution, the one used by Apache, is to serialize entry into - the inner loop. The loop looks like this (differences highlighted):

- -
-
-    for (;;) {
-    accept_mutex_on ();
-    for (;;) {
-        fd_set accept_fds;
-
-        FD_ZERO (&accept_fds);
-        for (i = first_socket; i <= last_socket; ++i) {
-        FD_SET (i, &accept_fds);
-        }
-        rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);
-        if (rc < 1) continue;
-        new_connection = -1;
-        for (i = first_socket; i <= last_socket; ++i) {
-        if (FD_ISSET (i, &accept_fds)) {
-            new_connection = accept (i, NULL, NULL);
-            if (new_connection != -1) break;
-        }
-        }
-        if (new_connection != -1) break;
-    }
-    accept_mutex_off ();
-    process the new_connection;
-    }
-
-
- The functions - accept_mutex_on and accept_mutex_off - implement a mutual exclusion semaphore. Only one child can have the - mutex at any time. There are several choices for implementing these - mutexes. The choice is defined in src/conf.h (pre-1.3) or - src/include/ap_config.h (1.3 or later). Some architectures - do not have any locking choice made, on these architectures it is - unsafe to use multiple Listen directives. - -
-
HAVE_FLOCK_SERIALIZED_ACCEPT
- -
This method uses the flock(2) system call to lock a - lock file (located by the LockFile directive).
- -
HAVE_FCNTL_SERIALIZED_ACCEPT
- -
This method uses the fcntl(2) system call to lock a - lock file (located by the LockFile directive).
- -
HAVE_SYSVSEM_SERIALIZED_ACCEPT
- -
(1.3 or later) This method uses SysV-style semaphores to - implement the mutex. Unfortunately SysV-style semaphores have some - bad side-effects. One is that it's possible Apache will die without - cleaning up the semaphore (see the ipcs(8) man page). - The other is that the semaphore API allows for a denial of service - attack by any CGIs running under the same uid as the webserver - (i.e., all CGIs, unless you use something like suexec or - cgiwrapper). For these reasons this method is not used on any - architecture except IRIX (where the previous two are prohibitively - expensive on most IRIX boxes).
- -
HAVE_USLOCK_SERIALIZED_ACCEPT
- -
(1.3 or later) This method is only available on IRIX, and uses - usconfig(2) to create a mutex. While this method avoids - the hassles of SysV-style semaphores, it is not the default for IRIX. - This is because on single processor IRIX boxes (5.3 or 6.2) the - uslock code is two orders of magnitude slower than the SysV-semaphore - code. On multi-processor IRIX boxes the uslock code is an order of - magnitude faster than the SysV-semaphore code. Kind of a messed up - situation. So if you're using a multiprocessor IRIX box then you - should rebuild your webserver with - -DHAVE_USLOCK_SERIALIZED_ACCEPT on the - EXTRA_CFLAGS.
- -
HAVE_PTHREAD_SERIALIZED_ACCEPT
- -
(1.3 or later) This method uses POSIX mutexes and should work on - any architecture implementing the full POSIX threads specification, - however appears to only work on Solaris (2.5 or later), and even then - only in certain configurations. If you experiment with this you - should watch out for your server hanging and not responding. Static - content only servers may work just fine.
-
- -

If your system has another method of serialization which isn't in - the above list then it may be worthwhile adding code for it (and - submitting a patch back to Apache). The above - HAVE_METHOD_SERIALIZED_ACCEPT defines specify which method - is available and works on the platform (you can have more than one); - USE_METHOD_SERIALIZED_ACCEPT is used to specify the - default method (see the AcceptMutex directive).

- -

Another solution that has been considered but never implemented is - to partially serialize the loop -- that is, let in a certain number of - processes. This would only be of interest on multiprocessor boxes where - it's possible multiple children could run simultaneously, and the - serialization actually doesn't take advantage of the full bandwidth. - This is a possible area of future investigation, but priority remains - low because highly parallel web servers are not the norm.

- -

Ideally you should run servers without multiple Listen - statements if you want the highest performance. But read on.

- -

accept Serialization - single socket

- -

The above is fine and dandy for multiple socket servers, but what - about single socket servers? In theory they shouldn't experience any of - these same problems because all children can just block in - accept(2) until a connection arrives, and no starvation - results. In practice this hides almost the same "spinning" behavior - discussed above in the non-blocking solution. The way that most TCP - stacks are implemented, the kernel actually wakes up all processes - blocked in accept when a single connection arrives. One of - those processes gets the connection and returns to user-space, the rest - spin in the kernel and go back to sleep when they discover there's no - connection for them. This spinning is hidden from the user-land code, - but it's there nonetheless. This can result in the same load-spiking - wasteful behavior that a non-blocking solution to the multiple sockets - case can.

- -

For this reason we have found that many architectures behave more - "nicely" if we serialize even the single socket case. So this is - actually the default in almost all cases. Crude experiments under Linux - (2.0.30 on a dual Pentium pro 166 w/128Mb RAM) have shown that the - serialization of the single socket case causes less than a 3% decrease - in requests per second over unserialized single-socket. But - unserialized single-socket showed an extra 100ms latency on each - request. This latency is probably a wash on long haul lines, and only - an issue on LANs. If you want to override the single socket - serialization you can define - SINGLE_LISTEN_UNSERIALIZED_ACCEPT and then single-socket - servers will not serialize at all.

- -

Lingering Close

- -

As discussed in - draft-ietf-http-connection-00.txt section 8, in order for an HTTP - server to reliably implement the protocol it needs to - shutdown each direction of the communication independently (recall that - a TCP connection is bi-directional, each half is independent of the - other). This fact is often overlooked by other servers, but is - correctly implemented in Apache as of 1.2.

- -

When this feature was added to Apache it caused a flurry of problems - on various versions of Unix because of a shortsightedness. The TCP - specification does not state that the FIN_WAIT_2 state has a timeout, - but it doesn't prohibit it. On systems without the timeout, Apache 1.2 - induces many sockets stuck forever in the FIN_WAIT_2 state. In many - cases this can be avoided by simply upgrading to the latest TCP/IP - patches supplied by the vendor. In cases where the vendor has never - released patches (i.e., SunOS4 -- although folks with a source - license can patch it themselves) we have decided to disable this - feature.

- -

There are two ways of accomplishing this. One is the socket option - SO_LINGER. But as fate would have it, this has never been - implemented properly in most TCP/IP stacks. Even on those stacks with a - proper implementation (i.e., Linux 2.0.31) this method proves - to be more expensive (cputime) than the next solution.

- -

For the most part, Apache implements this in a function called - lingering_close (in http_main.c). The - function looks roughly like this:

- -
-
-    void lingering_close (int s)
-    {
-    char junk_buffer[2048];
-
-    /* shutdown the sending side */
-    shutdown (s, 1);
-
-    signal (SIGALRM, lingering_death);
-    alarm (30);
-
-    for (;;) {
-        select (s for reading, 2 second timeout);
-        if (error) break;
-        if (s is ready for reading) {
-        if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) {
-            break;
-        }
-        /* just toss away whatever is read */
-        }
-    }
-
-    close (s);
-    }
-
-
- This naturally adds some expense at the end of a connection, but it is - required for a reliable implementation. As HTTP/1.1 becomes more - prevalent, and all connections are persistent, this expense will be - amortized over more requests. If you want to play with fire and disable - this feature you can define NO_LINGCLOSE, but this is not - recommended at all. In particular, as HTTP/1.1 pipelined persistent - connections come into use lingering_close is an absolute - necessity (and pipelined - connections are faster, so you want to support them). - -

Scoreboard File

- -

Apache's parent and children communicate with each other through - something called the scoreboard. Ideally this should be implemented in - shared memory. For those operating systems that we either have access - to, or have been given detailed ports for, it typically is implemented - using shared memory. The rest default to using an on-disk file. The - on-disk file is not only slow, but it is unreliable (and less - featured). Peruse the src/main/conf.h file for your - architecture and look for either USE_MMAP_SCOREBOARD or - USE_SHMGET_SCOREBOARD. Defining one of those two (as well - as their companions HAVE_MMAP and HAVE_SHMGET - respectively) enables the supplied shared memory code. If your system - has another type of shared memory, edit the file - src/main/http_main.c and add the hooks necessary to use it - in Apache. (Send us back a patch too please.)

- -

Historical note: The Linux port of Apache didn't start to use shared - memory until version 1.2 of Apache. This oversight resulted in really - poor and unreliable behavior of earlier versions of Apache on - Linux.

- -

DYNAMIC_MODULE_LIMIT

- -

If you have no intention of using dynamically loaded modules (you - probably don't if you're reading this and tuning your server for every - last ounce of performance) then you should add - -DDYNAMIC_MODULE_LIMIT=0 when building your server. This - will save RAM that's allocated only for supporting dynamically loaded - modules.

-
- -

Appendix: Detailed Analysis of a - Trace

- Here is a system call trace of Apache 1.3 running on Linux. The - run-time configuration file is essentially the default plus: - -
-
-<Directory />
-    AllowOverride none
-    Options FollowSymLinks
-</Directory>
-
-
- The file being requested is a static 6K file of no particular content. - Traces of non-static requests or requests with content negotiation look - wildly different (and quite ugly in some cases). First the entire - trace, then we'll examine details. (This was generated by the - strace program, other similar programs include - truss, ktrace, and par.) - -
-
-accept(15, {sin_family=AF_INET, sin_port=htons(22283), sin_addr=inet_addr("127.0.0.1")}, [16]) = 3
-flock(18, LOCK_UN)                      = 0
-sigaction(SIGUSR1, {SIG_IGN}, {0x8059954, [], SA_INTERRUPT}) = 0
-getsockname(3, {sin_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
-setsockopt(3, IPPROTO_TCP1, [1], 4)     = 0
-read(3, "GET /6k HTTP/1.0\r\nUser-Agent: "..., 4096) = 60
-sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0
-time(NULL)                              = 873959960
-gettimeofday({873959960, 404935}, NULL) = 0
-stat("/home/dgaudet/ap/apachen/htdocs/6k", {st_mode=S_IFREG|0644, st_size=6144, ...}) = 0
-open("/home/dgaudet/ap/apachen/htdocs/6k", O_RDONLY) = 4
-mmap(0, 6144, PROT_READ, MAP_PRIVATE, 4, 0) = 0x400ee000
-writev(3, [{"HTTP/1.1 200 OK\r\nDate: Thu, 11"..., 245}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 6144}], 2) = 6389
-close(4)                                = 0
-time(NULL)                              = 873959960
-write(17, "127.0.0.1 - - [10/Sep/1997:23:39"..., 71) = 71
-gettimeofday({873959960, 417742}, NULL) = 0
-times({tms_utime=5, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 446747
-shutdown(3, 1 /* send */)               = 0
-oldselect(4, [3], NULL, [3], {2, 0})    = 1 (in [3], left {2, 0})
-read(3, "", 2048)                       = 0
-close(3)                                = 0
-sigaction(SIGUSR1, {0x8059954, [], SA_INTERRUPT}, {SIG_IGN}) = 0
-munmap(0x400ee000, 6144)                = 0
-flock(18, LOCK_EX)                      = 0
-
-
- -

Notice the accept serialization:

- -
-
-flock(18, LOCK_UN)                      = 0
-...
-flock(18, LOCK_EX)                      = 0
-
-
- These two calls can be removed by defining - SINGLE_LISTEN_UNSERIALIZED_ACCEPT as described earlier. - -

Notice the SIGUSR1 manipulation:

- -
-
-sigaction(SIGUSR1, {SIG_IGN}, {0x8059954, [], SA_INTERRUPT}) = 0
-...
-sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0
-...
-sigaction(SIGUSR1, {0x8059954, [], SA_INTERRUPT}, {SIG_IGN}) = 0
-
-
- This is caused by the implementation of graceful restarts. When the - parent receives a SIGUSR1 it sends a SIGUSR1 - to all of its children (and it also increments a "generation counter" - in shared memory). Any children that are idle (between connections) - will immediately die off when they receive the signal. Any children - that are in keep-alive connections, but are in between requests will - die off immediately. But any children that have a connection and are - still waiting for the first request will not die off immediately. - -

To see why this is necessary, consider how a browser reacts to a - closed connection. If the connection was a keep-alive connection and - the request being serviced was not the first request then the browser - will quietly reissue the request on a new connection. It has to do this - because the server is always free to close a keep-alive connection in - between requests (i.e., due to a timeout or because of a - maximum number of requests). But, if the connection is closed before - the first response has been received the typical browser will display a - "document contains no data" dialogue (or a broken image icon). This is - done on the assumption that the server is broken in some way (or maybe - too overloaded to respond at all). So Apache tries to avoid ever - deliberately closing the connection before it has sent a single - response. This is the cause of those SIGUSR1 - manipulations.

- -

Note that it is theoretically possible to eliminate all three of - these calls. But in rough tests the gain proved to be almost - unnoticeable.

- -

In order to implement virtual hosts, Apache needs to know the local - socket address used to accept the connection:

- -
-
-getsockname(3, {sin_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
-
-
- It is possible to eliminate this call in many situations (such as when - there are no virtual hosts, or when Listen directives are - used which do not have wildcard addresses). But no effort has yet been - made to do these optimizations. - -

Apache turns off the Nagle algorithm:

- -
-
-setsockopt(3, IPPROTO_TCP1, [1], 4)     = 0
-
-
- because of problems described in a paper by - John Heidemann. - -

Notice the two time calls:

- -
-
-time(NULL)                              = 873959960
-...
-time(NULL)                              = 873959960
-
-
- One of these occurs at the beginning of the request, and the other - occurs as a result of writing the log. At least one of these is - required to properly implement the HTTP protocol. The second occurs - because the Common Log Format dictates that the log record include a - timestamp of the end of the request. A custom logging module could - eliminate one of the calls. Or you can use a method which moves the - time into shared memory, see the patches section - below. - -

As described earlier, ExtendedStatus On causes two - gettimeofday calls and a call to times:

- -
-
-gettimeofday({873959960, 404935}, NULL) = 0
-...
-gettimeofday({873959960, 417742}, NULL) = 0
-times({tms_utime=5, tms_stime=0, tms_cutime=0, tms_cstime=0}) = 446747
-
-
- These can be removed by setting ExtendedStatus Off (which - is the default). - -

It might seem odd to call stat:

- -
-
-stat("/home/dgaudet/ap/apachen/htdocs/6k", {st_mode=S_IFREG|0644, st_size=6144, ...}) = 0
-
-
- This is part of the algorithm which calculates the - PATH_INFO for use by CGIs. In fact if the request had been - for the URI /cgi-bin/printenv/foobar then there would be - two calls to stat. The first for - /home/dgaudet/ap/apachen/cgi-bin/printenv/foobar which - does not exist, and the second for - /home/dgaudet/ap/apachen/cgi-bin/printenv, which does - exist. Regardless, at least one stat call is necessary - when serving static files because the file size and modification times - are used to generate HTTP headers (such as Content-Length, - Last-Modified) and implement protocol features (such as - If-Modified-Since). A somewhat more clever server could - avoid the stat when serving non-static files, however - doing so in Apache is very difficult given the modular structure. - -

All static files are served using mmap:

- -
-
-mmap(0, 6144, PROT_READ, MAP_PRIVATE, 4, 0) = 0x400ee000
-...
-munmap(0x400ee000, 6144)                = 0
-
-
- On some architectures it's slower to mmap small files than - it is to simply read them. The define - MMAP_THRESHOLD can be set to the minimum size required - before using mmap. By default it's set to 0 (except on - SunOS4 where experimentation has shown 8192 to be a better value). - Using a tool such as lmbench you can determine - the optimal setting for your environment. - -

You may also wish to experiment with MMAP_SEGMENT_SIZE - (default 32768) which determines the maximum number of bytes that will - be written at a time from mmap()d files. Apache only resets the - client's Timeout in between write()s. So setting this - large may lock out low bandwidth clients unless you also increase the - Timeout.

- -

It may even be the case that mmap isn't used on your - architecture; if so then defining USE_MMAP_FILES and - HAVE_MMAP might work (if it works then report back to - us).

- -

Apache does its best to avoid copying bytes around in memory. The - first write of any request typically is turned into a - writev which combines both the headers and the first hunk - of data:

- -
-
-writev(3, [{"HTTP/1.1 200 OK\r\nDate: Thu, 11"..., 245}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 6144}], 2) = 6389
-
-
- When doing HTTP/1.1 chunked encoding Apache will generate up to four - element writevs. The goal is to push the byte copying into - the kernel, where it typically has to happen anyhow (to assemble - network packets). On testing, various Unixes (BSDI 2.x, Solaris 2.5, - Linux 2.0.31+) properly combine the elements into network packets. - Pre-2.0.31 Linux will not combine, and will create a packet for each - element, so upgrading is a good idea. Defining NO_WRITEV - will disable this combining, but result in very poor chunked encoding - performance. - -

The log write:

- -
-
-write(17, "127.0.0.1 - - [10/Sep/1997:23:39"..., 71) = 71
-
-
- can be deferred by defining BUFFERED_LOGS. In this case up - to PIPE_BUF bytes (a POSIX defined constant) of log - entries are buffered before writing. At no time does it split a log - entry across a PIPE_BUF boundary because those writes may - not be atomic. (i.e., entries from multiple children could - become mixed together). The code does its best to flush this buffer - when a child dies. - -

The lingering close code causes four system calls:

- -
-
-shutdown(3, 1 /* send */)               = 0
-oldselect(4, [3], NULL, [3], {2, 0})    = 1 (in [3], left {2, 0})
-read(3, "", 2048)                       = 0
-close(3)                                = 0
-
-
- which were described earlier. - -

Let's apply some of these optimizations: - -DSINGLE_LISTEN_UNSERIALIZED_ACCEPT -DBUFFERED_LOGS and - ExtendedStatus Off. Here's the final trace:

- -
-
-accept(15, {sin_family=AF_INET, sin_port=htons(22286), sin_addr=inet_addr("127.0.0.1")}, [16]) = 3
-sigaction(SIGUSR1, {SIG_IGN}, {0x8058c98, [], SA_INTERRUPT}) = 0
-getsockname(3, {sin_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
-setsockopt(3, IPPROTO_TCP1, [1], 4)     = 0
-read(3, "GET /6k HTTP/1.0\r\nUser-Agent: "..., 4096) = 60
-sigaction(SIGUSR1, {SIG_IGN}, {SIG_IGN}) = 0
-time(NULL)                              = 873961916
-stat("/home/dgaudet/ap/apachen/htdocs/6k", {st_mode=S_IFREG|0644, st_size=6144, ...}) = 0
-open("/home/dgaudet/ap/apachen/htdocs/6k", O_RDONLY) = 4
-mmap(0, 6144, PROT_READ, MAP_PRIVATE, 4, 0) = 0x400e3000
-writev(3, [{"HTTP/1.1 200 OK\r\nDate: Thu, 11"..., 245}, {"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 6144}], 2) = 6389
-close(4)                                = 0
-time(NULL)                              = 873961916
-shutdown(3, 1 /* send */)               = 0
-oldselect(4, [3], NULL, [3], {2, 0})    = 1 (in [3], left {2, 0})
-read(3, "", 2048)                       = 0
-close(3)                                = 0
-sigaction(SIGUSR1, {0x8058c98, [], SA_INTERRUPT}, {SIG_IGN}) = 0
-munmap(0x400e3000, 6144)                = 0
-
-
- That's 19 system calls, of which 4 remain relatively easy to remove, - but don't seem worth the effort. - -

Appendix: Patches Available

- There are several - performance patches available for 1.3. Although they may not apply - cleanly to the current version, it shouldn't be difficult for someone - with a little C knowledge to update them. In particular: - -
    -
  • A patch - to remove all time(2) system calls.
    • - -
  • A - patch to remove various system calls from - mod_include, these calls are used by few sites but - required for backwards compatibility.
    • - -
  • A patch - which integrates the above two plus a few other speedups at the cost - of removing some functionality.
    • -
- -

Appendix: The Pre-Forking - Model

- -

Apache (on Unix) is a pre-forking model server. The - parent process is responsible only for forking child - processes, it does not serve any requests or service any network - sockets. The child processes actually process connections, they serve - multiple connections (one at a time) before dying. The parent spawns - new or kills off old children in response to changes in the load on the - server (it does so by monitoring a scoreboard which the children keep - up to date).

- -

This model for servers offers a robustness that other models do not. - In particular, the parent code is very simple, and with a high degree - of confidence the parent will continue to do its job without error. The - children are complex, and when you add in third party code via modules, - you risk segmentation faults and other forms of corruption. Even should - such a thing happen, it only affects one connection and the server - continues serving requests. The parent quickly replaces the dead - child.

- -

Pre-forking is also very portable across dialects of Unix. - Historically this has been an important goal for Apache, and it - continues to remain so.

- -

The pre-forking model comes under criticism for various performance - aspects. Of particular concern are the overhead of forking a process, - the overhead of context switches between processes, and the memory - overhead of having multiple processes. Furthermore it does not offer as - many opportunities for data-caching between requests (such as a pool of - mmapped files). Various other models exist and extensive - analysis can be found in the papers of - the JAWS project. In practice all of these costs vary drastically - depending on the operating system.

- -

Apache's core code is already multithread aware, and Apache version - 1.3 is multithreaded on NT. There have been at least two other - experimental implementations of threaded Apache, one using the 1.3 code - base on DCE, and one using a custom user-level threads package and the - 1.0 code base; neither is publicly available. There is also an - experimental port of Apache 1.3 to Netscape's Portable - Run Time, which is available (but - you're encouraged to join the new-httpd mailing list - if you intend to use it). Part of our redesign for version 2.0 of - Apache includes abstractions of the server model so that we can - continue to support the pre-forking model, and also support various - threaded models.

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/perf.html b/usr.sbin/httpd/htdocs/manual/misc/perf.html deleted file mode 100644 index d7d7632439b..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/perf.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - Hints on Running a High-Performance Web Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Hints on Running a High-Performance Web - Server

- Running Apache on a heavily loaded web server, one often - encounters problems related to the machine and OS - configuration. "Heavy" is relative, of course - but if you are - seeing more than a couple hits per second on a sustained basis - you should consult the pointers on this page. In general the - suggestions involve how to tune your kernel for the heavier TCP - load, hardware/software conflicts that arise, etc. - - -
- -

A/UX (Apple's UNIX)

- If you are running Apache on A/UX, a page that gives some - helpful performance hints (concerning the listen() - queue and using virtual hosts) can be found here - -
- -

BSD-based (BSDI, FreeBSD, - etc)

- Quick and detailed performance tuning - hints for BSD-derived systems. Accept filtering on FreeBSD. -
- -

Digital UNIX

- - -
- -

SunOS 4.x

- More information on tuning SOMAXCONN on SunOS can be found at - http://www.islandnet.com/~mark/somaxconn.html. - -
- -

SVR4

- Some SVR4 versions waste three system calls on every - gettimeofday() call. Depending on the syntactic - form of the TZ environment variable, these systems - have several different algorithms to determine the local time - zone (presumably compatible with something). The - following example uses the central european time zone to - demonstrate this: - -
-
TZ=:MET
- -
- This form delegates the knowledge of the time zone - information to an external compiled zoneinfo file (à - la BSD).
- Caveat: Each time the gettimeofday() - function is called, the external zone info is read in again - (at least on some SVR4 systems). That results in three - wasted system calls with every apache request served. -
-     open("/usr/lib/locale/TZ/MET", O_RDONLY) = 3
-     read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 7944) = 778
-     close(3)                                = 0
-
-
- -
- TZ=MET-1MDT,M3.5.0/02:00:00,M10.5.0/03:00:00
- -
This syntax form (à la SYSV) contains all the - knowledge about time zone beginning and ending times in its - external representation. It has to be parsed each time it is - evaluated, resulting in a slight computing overhead, but it - requires no system call. Though the table lookup à la - BSD is the more sophisticated technical solution, the bad - SVR4 implementation makes this the preferred syntax on - systems which otherwise access the external zone info file - repeatedly.
-
- You should use the truss utility on a - single-process apache server (started with the -X - debugging switch) to determine whether your system can profit - from the second form of the TZ environment - variable. If it does, you could integrate the setting of the - preferred TZ syntax into the httpd startup script, - which is usually simply a copy of (or symbolic link to) the - apachectl utility script, or into the system's - /etc/TIMEZONE script. -
- -

More welcome!

- If you have tips to contribute, please submit them to - the Apache Bug - Database. - -
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html b/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html deleted file mode 100644 index bd62b24d778..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/rewriteguide.html +++ /dev/null @@ -1,2342 +0,0 @@ - - - - - - - Apache 1.3 URL Rewriting Guide - - - - -
-
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -
-

Apache 1.3
- URL Rewriting Guide
-

- -
- Originally written by
- Ralf S. Engelschall <rse@apache.org>
- December 1997 -
-
- -

This document supplements the mod_rewrite reference documentation. - It describes how one can use Apache's mod_rewrite to solve - typical URL-based problems webmasters are usually confronted - with in practice. I give detailed descriptions on how to - solve each problem by configuring URL rewriting rulesets.

- -

Introduction to - mod_rewrite

- The Apache module mod_rewrite is a killer one, i.e. it is a - really sophisticated module which provides a powerful way to - do URL manipulations. With it you can nearly do all types of - URL manipulations you ever dreamed about. The price you have - to pay is to accept complexity, because mod_rewrite's major - drawback is that it is not easy to understand and use for the - beginner. And even Apache experts sometimes discover new - aspects where mod_rewrite can help. - -

In other words: With mod_rewrite you either shoot yourself - in the foot the first time and never use it again or love it - for the rest of your life because of its power. This paper - tries to give you a few initial success events to avoid the - first case by presenting already invented solutions to - you.

- -

Practical Solutions

- Here come a lot of practical solutions I've either invented - myself or collected from other peoples solutions in the past. - Feel free to learn the black magic of URL rewriting from - these examples. - - - - - -
ATTENTION: Depending on your server-configuration it - can be necessary to slightly change the examples for your - situation, e.g. adding the [PT] flag when additionally - using mod_alias and mod_userdir, etc. Or rewriting a - ruleset to fit in .htaccess context instead - of per-server context. Always try to understand what a - particular ruleset really does before you use it. It - avoid problems.
- -

URL Layout

- -

Canonical URLs

- -
-
Description:
- -
On some webservers there are more than one URL for a - resource. Usually there are canonical URLs (which should be - actually used and distributed) and those which are just - shortcuts, internal ones, etc. Independent which URL the - user supplied with the request he should finally see the - canonical one only.
- -
Solution:
- -
- We do an external HTTP redirect for all non-canonical - URLs to fix them in the location view of the Browser and - for all subsequent requests. In the example ruleset below - we replace /~user by the canonical - /u/user and fix a missing trailing slash for - /u/user. - - - - - -
-
-RewriteRule   ^/~([^/]+)/?(.*)    /u/$1/$2  [R]
-RewriteRule   ^/([uge])/([^/]+)$  /$1/$2/   [R]
-
-
-
-
- -

Canonical Hostnames

- -
-
Description:
- -
...
- -
Solution:
- -
- - - - -
-
-RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
-RewriteCond %{HTTP_HOST}   !^$
-RewriteCond %{SERVER_PORT} !^80$
-RewriteRule ^/(.*)         http://fully.qualified.domain.name:%{SERVER_PORT}/$1 [L,R]
-RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
-RewriteCond %{HTTP_HOST}   !^$
-RewriteRule ^/(.*)         http://fully.qualified.domain.name/$1 [L,R]
-
-
-
-
- -

Moved DocumentRoot

- -
-
Description:
- -
Usually the DocumentRoot of the webserver directly - relates to the URL ``/''. But often this data - is not really of top-level priority, it is perhaps just one - entity of a lot of data pools. For instance at our Intranet - sites there are /e/www/ (the homepage for - WWW), /e/sww/ (the homepage for the Intranet) - etc. Now because the data of the DocumentRoot stays at - /e/www/ we had to make sure that all inlined - images and other stuff inside this data pool work for - subsequent requests.
- -
Solution:
- -
- We just redirect the URL / to - /e/www/. While is seems trivial it is - actually trivial with mod_rewrite, only. Because the - typical old mechanisms of URL Aliases (as - provides by mod_alias and friends) only used - prefix matching. With this you cannot do such a - redirection because the DocumentRoot is a prefix of all - URLs. With mod_rewrite it is really trivial: - - - - - -
-
-RewriteEngine on
-RewriteRule   ^/$  /e/www/  [R]
-
-
-
-
- -

Trailing Slash Problem

- -
-
Description:
- -
Every webmaster can sing a song about the problem of - the trailing slash on URLs referencing directories. If they - are missing, the server dumps an error, because if you say - /~quux/foo instead of /~quux/foo/ - then the server searches for a file named - foo. And because this file is a directory it - complains. Actually is tries to fix it themself in most of - the cases, but sometimes this mechanism need to be emulated - by you. For instance after you have done a lot of - complicated URL rewritings to CGI scripts etc.
- -
Solution:
- -
- The solution to this subtle problem is to let the server - add the trailing slash automatically. To do this - correctly we have to use an external redirect, so the - browser correctly requests subsequent images etc. If we - only did a internal rewrite, this would only work for the - directory page, but would go wrong when any images are - included into this page with relative URLs, because the - browser would request an in-lined object. For instance, a - request for image.gif in - /~quux/foo/index.html would become - /~quux/image.gif without the external - redirect! - -

So, to do this trick we write:

- - - - - -
-
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^foo$  foo/  [R]
-
-
- -

The crazy and lazy can even do the following in the - top-level .htaccess file of their homedir. - But notice that this creates some processing - overhead.

- - - - - -
-
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteCond    %{REQUEST_FILENAME}  -d
-RewriteRule    ^(.+[^/])$           $1/  [R]
-
-
-
-
- -

Webcluster through Homogeneous URL Layout

- -
-
Description:
- -
We want to create a homogenous and consistent URL - layout over all WWW servers on a Intranet webcluster, i.e. - all URLs (per definition server local and thus server - dependent!) become actually server independed! - What we want is to give the WWW namespace a consistent - server-independend layout: no URL should have to include - any physically correct target server. The cluster itself - should drive us automatically to the physical target - host.
- -
Solution:
- -
- First, the knowledge of the target servers come from - (distributed) external maps which contain information - where our users, groups and entities stay. The have the - form -
-user1  server_of_user1
-user2  server_of_user2
-:      :
-
- -

We put them into files map.xxx-to-host. - Second we need to instruct all servers to redirect URLs - of the forms

-
-/u/user/anypath
-/g/group/anypath
-/e/entity/anypath
-
- -

to

-
-http://physical-host/u/user/anypath
-http://physical-host/g/group/anypath
-http://physical-host/e/entity/anypath
-
- -

when the URL is not locally valid to a server. The - following ruleset does this for us by the help of the map - files (assuming that server0 is a default server which - will be used if a user has no entry in the map):

- - - - - -
-
-RewriteEngine on
-
-RewriteMap      user-to-host   txt:/path/to/map.user-to-host
-RewriteMap     group-to-host   txt:/path/to/map.group-to-host
-RewriteMap    entity-to-host   txt:/path/to/map.entity-to-host
-
-RewriteRule   ^/u/([^/]+)/?(.*)   http://${user-to-host:$1|server0}/u/$1/$2
-RewriteRule   ^/g/([^/]+)/?(.*)  http://${group-to-host:$1|server0}/g/$1/$2
-RewriteRule   ^/e/([^/]+)/?(.*) http://${entity-to-host:$1|server0}/e/$1/$2
-
-RewriteRule   ^/([uge])/([^/]+)/?$          /$1/$2/.www/
-RewriteRule   ^/([uge])/([^/]+)/([^.]+.+)   /$1/$2/.www/$3\
-
-
-
-
- -

Move Homedirs to Different Webserver

- -
-
Description:
- -
A lot of webmaster aksed for a solution to the - following situation: They wanted to redirect just all - homedirs on a webserver to another webserver. They usually - need such things when establishing a newer webserver which - will replace the old one over time.
- -
Solution:
- -
- The solution is trivial with mod_rewrite. On the old - webserver we just redirect all - /~user/anypath URLs to - http://newserver/~user/anypath. - - - - - -
-
-RewriteEngine on
-RewriteRule   ^/~(.+)  http://newserver/~$1  [R,L]
-
-
-
-
- -

Structured Homedirs

- -
-
Description:
- -
Some sites with thousend of users usually use a - structured homedir layout, i.e. each homedir is in a - subdirectory which begins for instance with the first - character of the username. So, /~foo/anypath - is /home/f/foo/.www/anypath - while /~bar/anypath is - /home/b/bar/.www/anypath.
- -
Solution:
- -
- We use the following ruleset to expand the tilde URLs - into exactly the above layout. - - - - - -
-
-RewriteEngine on
-RewriteRule   ^/~(([a-z])[a-z0-9]+)(.*)  /home/$2/$1/.www$3
-
-
-
-
- -

Filesystem Reorganisation

- -
-
Description:
- -
- This really is a hardcore example: a killer application - which heavily uses per-directory - RewriteRules to get a smooth look and feel - on the Web while its data structure is never touched or - adjusted. Background: net.sw is - my archive of freely available Unix software packages, - which I started to collect in 1992. It is both my hobby - and job to to this, because while I'm studying computer - science I have also worked for many years as a system and - network administrator in my spare time. Every week I need - some sort of software so I created a deep hierarchy of - directories where I stored the packages: -
-drwxrwxr-x   2 netsw  users    512 Aug  3 18:39 Audio/
-drwxrwxr-x   2 netsw  users    512 Jul  9 14:37 Benchmark/
-drwxrwxr-x  12 netsw  users    512 Jul  9 00:34 Crypto/
-drwxrwxr-x   5 netsw  users    512 Jul  9 00:41 Database/
-drwxrwxr-x   4 netsw  users    512 Jul 30 19:25 Dicts/
-drwxrwxr-x  10 netsw  users    512 Jul  9 01:54 Graphic/
-drwxrwxr-x   5 netsw  users    512 Jul  9 01:58 Hackers/
-drwxrwxr-x   8 netsw  users    512 Jul  9 03:19 InfoSys/
-drwxrwxr-x   3 netsw  users    512 Jul  9 03:21 Math/
-drwxrwxr-x   3 netsw  users    512 Jul  9 03:24 Misc/
-drwxrwxr-x   9 netsw  users    512 Aug  1 16:33 Network/
-drwxrwxr-x   2 netsw  users    512 Jul  9 05:53 Office/
-drwxrwxr-x   7 netsw  users    512 Jul  9 09:24 SoftEng/
-drwxrwxr-x   7 netsw  users    512 Jul  9 12:17 System/
-drwxrwxr-x  12 netsw  users    512 Aug  3 20:15 Typesetting/
-drwxrwxr-x  10 netsw  users    512 Jul  9 14:08 X11/
-
- -

In July 1996 I decided to make this archive public to - the world via a nice Web interface. "Nice" means that I - wanted to offer an interface where you can browse - directly through the archive hierarchy. And "nice" means - that I didn't wanted to change anything inside this - hierarchy - not even by putting some CGI scripts at the - top of it. Why? Because the above structure should be - later accessible via FTP as well, and I didn't want any - Web or CGI stuff to be there.

-
- -
Solution:
- -
- The solution has two parts: The first is a set of CGI - scripts which create all the pages at all directory - levels on-the-fly. I put them under - /e/netsw/.www/ as follows: -
--rw-r--r--   1 netsw  users    1318 Aug  1 18:10 .wwwacl
-drwxr-xr-x  18 netsw  users     512 Aug  5 15:51 DATA/
--rw-rw-rw-   1 netsw  users  372982 Aug  5 16:35 LOGFILE
--rw-r--r--   1 netsw  users     659 Aug  4 09:27 TODO
--rw-r--r--   1 netsw  users    5697 Aug  1 18:01 netsw-about.html
--rwxr-xr-x   1 netsw  users     579 Aug  2 10:33 netsw-access.pl
--rwxr-xr-x   1 netsw  users    1532 Aug  1 17:35 netsw-changes.cgi
--rwxr-xr-x   1 netsw  users    2866 Aug  5 14:49 netsw-home.cgi
-drwxr-xr-x   2 netsw  users     512 Jul  8 23:47 netsw-img/
--rwxr-xr-x   1 netsw  users   24050 Aug  5 15:49 netsw-lsdir.cgi
--rwxr-xr-x   1 netsw  users    1589 Aug  3 18:43 netsw-search.cgi
--rwxr-xr-x   1 netsw  users    1885 Aug  1 17:41 netsw-tree.cgi
--rw-r--r--   1 netsw  users     234 Jul 30 16:35 netsw-unlimit.lst
-
- -

The DATA/ subdirectory holds the above - directory structure, i.e. the real - net.sw stuff and gets - automatically updated via rdist from time to - time. The second part of the problem remains: how to link - these two structures together into one smooth-looking URL - tree? We want to hide the DATA/ directory - from the user while running the appropriate CGI scripts - for the various URLs. Here is the solution: first I put - the following into the per-directory configuration file - in the Document Root of the server to rewrite the - announced URL /net.sw/ to the internal path - /e/netsw:

- - - - - -
-
-RewriteRule  ^net.sw$       net.sw/        [R]
-RewriteRule  ^net.sw/(.*)$  e/netsw/$1
-
-
- -

The first rule is for requests which miss the trailing - slash! The second rule does the real thing. And then - comes the killer configuration which stays in the - per-directory config file - /e/netsw/.www/.wwwacl:

- - - - - -
-
-Options       ExecCGI FollowSymLinks Includes MultiViews 
-
-RewriteEngine on
-
-#  we are reached via /net.sw/ prefix
-RewriteBase   /net.sw/
-
-#  first we rewrite the root dir to 
-#  the handling cgi script
-RewriteRule   ^$                       netsw-home.cgi     [L]
-RewriteRule   ^index\.html$            netsw-home.cgi     [L]
-
-#  strip out the subdirs when
-#  the browser requests us from perdir pages
-RewriteRule   ^.+/(netsw-[^/]+/.+)$    $1                 [L]
-
-#  and now break the rewriting for local files
-RewriteRule   ^netsw-home\.cgi.*       -                  [L]
-RewriteRule   ^netsw-changes\.cgi.*    -                  [L]
-RewriteRule   ^netsw-search\.cgi.*     -                  [L]
-RewriteRule   ^netsw-tree\.cgi$        -                  [L]
-RewriteRule   ^netsw-about\.html$      -                  [L]
-RewriteRule   ^netsw-img/.*$           -                  [L]
-
-#  anything else is a subdir which gets handled
-#  by another cgi script
-RewriteRule   !^netsw-lsdir\.cgi.*     -                  [C]
-RewriteRule   (.*)                     netsw-lsdir.cgi/$1
-
-
- -

Some hints for interpretation:

- -
    -
  1. Notice the L (last) flag and no substitution field - ('-') in the forth part
    2. - -
  2. Notice the ! (not) character and the C (chain) flag - at the first rule in the last part
    3. - -
  3. Notice the catch-all pattern in the last rule
    4. -
-
-
- -

NCSA imagemap to Apache mod_imap

- -
-
Description:
- -
When switching from the NCSA webserver to the more - modern Apache webserver a lot of people want a smooth - transition. So they want pages which use their old NCSA - imagemap program to work under Apache with the - modern mod_imap. The problem is that there are - a lot of hyperlinks around which reference the - imagemap program via - /cgi-bin/imagemap/path/to/page.map. Under - Apache this has to read just - /path/to/page.map.
- -
Solution:
- -
- We use a global rule to remove the prefix on-the-fly for - all requests: - - - - - -
-
-RewriteEngine  on
-RewriteRule    ^/cgi-bin/imagemap(.*)  $1  [PT]
-
-
-
-
- -

Search pages in more than one directory

- -
-
Description:
- -
Sometimes it is necessary to let the webserver search - for pages in more than one directory. Here MultiViews or - other techniques cannot help.
- -
Solution:
- -
- We program a explicit ruleset which searches for the - files in the directories. - - - - - -
-
-RewriteEngine on
-
-#   first try to find it in custom/...
-#   ...and if found stop and be happy:
-RewriteCond         /your/docroot/dir1/%{REQUEST_FILENAME}  -f
-RewriteRule  ^(.+)  /your/docroot/dir1/$1  [L]
-
-#   second try to find it in pub/...
-#   ...and if found stop and be happy:
-RewriteCond         /your/docroot/dir2/%{REQUEST_FILENAME}  -f
-RewriteRule  ^(.+)  /your/docroot/dir2/$1  [L]
-
-#   else go on for other Alias or ScriptAlias directives,
-#   etc.
-RewriteRule   ^(.+)  -  [PT]
-
-
-
-
- -

Set Environment Variables According To URL Parts

- -
-
Description:
- -
Perhaps you want to keep status information between - requests and use the URL to encode it. But you don't want - to use a CGI wrapper for all pages just to strip out this - information.
- -
Solution:
- -
- We use a rewrite rule to strip out the status information - and remember it via an environment variable which can be - later dereferenced from within XSSI or CGI. This way a - URL /foo/S=java/bar/ gets translated to - /foo/bar/ and the environment variable named - STATUS is set to the value "java". - - - - - -
-
-RewriteEngine on
-RewriteRule   ^(.*)/S=([^/]+)/(.*)    $1/$3 [E=STATUS:$2]
-
-
-
-
- -

Virtual User Hosts

- -
-
Description:
- -
Assume that you want to provide - www.username.host.domain.com - for the homepage of username via just DNS A records to the - same machine and without any virtualhosts on this - machine.
- -
Solution:
- -
- For HTTP/1.0 requests there is no solution, but for - HTTP/1.1 requests which contain a Host: HTTP header we - can use the following ruleset to rewrite - http://www.username.host.com/anypath - internally to /home/username/anypath: - - - - - -
-
-RewriteEngine on
-RewriteCond   %{HTTP_HOST}                 ^www\.[^.]+\.host\.com$
-RewriteRule   ^(.+)                        %{HTTP_HOST}$1          [C]
-RewriteRule   ^www\.([^.]+)\.host\.com(.*) /home/$1$2
-
-
-
-
- -

Redirect Homedirs For Foreigners

- -
-
Description:
- -
We want to redirect homedir URLs to another webserver - www.somewhere.com when the requesting user - does not stay in the local domain - ourdomain.com. This is sometimes used in - virtual host contexts.
- -
Solution:
- -
- Just a rewrite condition: - - - - - -
-
-RewriteEngine on
-RewriteCond   %{REMOTE_HOST}  !^.+\.ourdomain\.com$
-RewriteRule   ^(/~.+)         http://www.somewhere.com/$1 [R,L]
-
-
-
-
- -

Redirect Failing URLs To Other Webserver

- -
-
Description:
- -
A typical FAQ about URL rewriting is how to redirect - failing requests on webserver A to webserver B. Usually - this is done via ErrorDocument CGI-scripts in Perl, but - there is also a mod_rewrite solution. But notice that this - is less performant than using a ErrorDocument - CGI-script!
- -
Solution:
- -
- The first solution has the best performance but less - flexibility and is less error safe: - - - - - -
-
-RewriteEngine on
-RewriteCond   /your/docroot/%{REQUEST_FILENAME} !-f
-RewriteRule   ^(.+)                             http://webserverB.dom/$1
-
-
- -

The problem here is that this will only work for pages - inside the DocumentRoot. While you can add more - Conditions (for instance to also handle homedirs, etc.) - there is better variant:

- - - - - -
-
-RewriteEngine on
-RewriteCond   %{REQUEST_URI} !-U
-RewriteRule   ^(.+)          http://webserverB.dom/$1
-
-
- -

This uses the URL look-ahead feature of mod_rewrite. - The result is that this will work for all types of URLs - and is a safe way. But it does a performance impact on - the webserver, because for every request there is one - more internal subrequest. So, if your webserver runs on a - powerful CPU, use this one. If it is a slow machine, use - the first approach or better a ErrorDocument - CGI-script.

-
-
- -

Extended Redirection

- -
-
Description:
- -
Sometimes we need more control (concerning the - character escaping mechanism) of URLs on redirects. Usually - the Apache kernels URL escape function also escapes - anchors, i.e. URLs like "url#anchor". You cannot use this - directly on redirects with mod_rewrite because the - uri_escape() function of Apache would also escape the hash - character. How can we redirect to such a URL?
- -
Solution:
- -
- We have to use a kludge by the use of a NPH-CGI script - which does the redirect itself. Because here no escaping - is done (NPH=non-parseable headers). First we introduce a - new URL scheme xredirect: by the following - per-server config-line (should be one of the last rewrite - rules): - - - - - -
-
-RewriteRule ^xredirect:(.+) /path/to/nph-xredirect.cgi/$1 \
-            [T=application/x-httpd-cgi,L]
-
-
- -

This forces all URLs prefixed with - xredirect: to be piped through the - nph-xredirect.cgi program. And this program - just looks like:

- - - - - -
-
-#!/path/to/perl
-##
-##  nph-xredirect.cgi -- NPH/CGI script for extended redirects
-##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved. 
-##
-
-$| = 1;
-$url = $ENV{'PATH_INFO'};
-
-print "HTTP/1.0 302 Moved Temporarily\n";
-print "Server: $ENV{'SERVER_SOFTWARE'}\n";
-print "Location: $url\n";
-print "Content-type: text/html\n";
-print "\n";
-print "<html>\n";
-print "<head>\n";
-print "<title>302 Moved Temporarily (EXTENDED)</title>\n";
-print "</head>\n";
-print "<body>\n";
-print "<h1>Moved Temporarily (EXTENDED)</h1>\n";
-print "The document has moved <a HREF=\"$url\">here</a>.<p>\n";
-print "</body>\n";
-print "</html>\n";
-
-##EOF##
-
-
- -

This provides you with the functionality to do - redirects to all URL schemes, i.e. including the one - which are not directly accepted by mod_rewrite. For - instance you can now also redirect to - news:newsgroup via

- - - - - -
-
-RewriteRule ^anyurl  xredirect:news:newsgroup
-
-
- -

Notice: You have not to put [R] or [R,L] to the above - rule because the xredirect: need to be - expanded later by our special "pipe through" rule - above.

-
-
- -

Archive Access Multiplexer

- -
-
Description:
- -
Do you know the great CPAN (Comprehensive Perl Archive - Network) under http://www.perl.com/CPAN? - This does a redirect to one of several FTP servers around - the world which carry a CPAN mirror and is approximately - near the location of the requesting client. Actually this - can be called an FTP access multiplexing service. While - CPAN runs via CGI scripts, how can a similar approach - implemented via mod_rewrite?
- -
Solution:
- -
- First we notice that from version 3.0.0 mod_rewrite can - also use the "ftp:" scheme on redirects. And second, the - location approximation can be done by a rewritemap over - the top-level domain of the client. With a tricky chained - ruleset we can use this top-level domain as a key to our - multiplexing map. - - - - - -
-
-RewriteEngine on
-RewriteMap    multiplex                txt:/path/to/map.cxan
-RewriteRule   ^/CxAN/(.*)              %{REMOTE_HOST}::$1                 [C]
-RewriteRule   ^.+\.([a-zA-Z]+)::(.*)$  ${multiplex:$1|ftp.default.dom}$2  [R,L]
-
-
- - - - - -
-
-##
-##  map.cxan -- Multiplexing Map for CxAN
-##
-
-de        ftp://ftp.cxan.de/CxAN/
-uk        ftp://ftp.cxan.uk/CxAN/
-com       ftp://ftp.cxan.com/CxAN/
- :
-##EOF##
-
-
-
-
- -

Time-Dependend Rewriting

- -
-
Description:
- -
When tricks like time-dependend content should happen a - lot of webmasters still use CGI scripts which do for - instance redirects to specialized pages. How can it be done - via mod_rewrite?
- -
Solution:
- -
- There are a lot of variables named TIME_xxx - for rewrite conditions. In conjunction with the special - lexicographic comparison patterns <STRING, >STRING - and =STRING we can do time-dependend redirects: - - - - - -
-
-RewriteEngine on
-RewriteCond   %{TIME_HOUR}%{TIME_MIN} >0700
-RewriteCond   %{TIME_HOUR}%{TIME_MIN} <1900
-RewriteRule   ^foo\.html$             foo.day.html
-RewriteRule   ^foo\.html$             foo.night.html
-
-
- -

This provides the content of foo.day.html - under the URL foo.html from 07:00-19:00 and - at the remaining time the contents of - foo.night.html. Just a nice feature for a - homepage...

-
-
- -

Backward Compatibility for YYYY to XXXX migration

- -
-
Description:
- -
How can we make URLs backward compatible (still - existing virtually) after migrating document.YYYY to - document.XXXX, e.g. after translating a bunch of .html - files to .phtml?
- -
Solution:
- -
- We just rewrite the name to its basename and test for - existence of the new extension. If it exists, we take - that name, else we rewrite the URL to its original state. - - - - - - -
-
-#   backward compatibility ruleset for 
-#   rewriting document.html to document.phtml
-#   when and only when document.phtml exists
-#   but no longer document.html
-RewriteEngine on
-RewriteBase   /~quux/
-#   parse out basename, but remember the fact
-RewriteRule   ^(.*)\.html$              $1      [C,E=WasHTML:yes]
-#   rewrite to document.phtml if exists
-RewriteCond   %{REQUEST_FILENAME}.phtml -f
-RewriteRule   ^(.*)$ $1.phtml                   [S=1]
-#   else reverse the previous basename cutout
-RewriteCond   %{ENV:WasHTML}            ^yes$
-RewriteRule   ^(.*)$ $1.html
-
-
-
-
- -

Content Handling

- -

From Old to New (intern)

- -
-
Description:
- -
Assume we have recently renamed the page - foo.html to bar.html and now want - to provide the old URL for backward compatibility. Actually - we want that users of the old URL even not recognize that - the pages was renamed.
- -
Solution:
- -
- We rewrite the old URL to the new one internally via the - following rule: - - - - - -
-
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^foo\.html$  bar.html
-
-
-
-
- -

From Old to New (extern)

- -
-
Description:
- -
Assume again that we have recently renamed the page - foo.html to bar.html and now want - to provide the old URL for backward compatibility. But this - time we want that the users of the old URL get hinted to - the new one, i.e. their browsers Location field should - change, too.
- -
Solution:
- -
- We force a HTTP redirect to the new URL which leads to a - change of the browsers and thus the users view: - - - - - -
-
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^foo\.html$  bar.html  [R]
-
-
-
-
- -

Browser Dependend Content

- -
-
Description:
- -
At least for important top-level pages it is sometimes - necesarry to provide the optimum of browser dependend - content, i.e. one has to provide a maximum version for the - latest Netscape variants, a minimum version for the Lynx - browsers and a average feature version for all others.
- -
Solution:
- -
- We cannot use content negotiation because the browsers do - not provide their type in that form. Instead we have to - act on the HTTP header "User-Agent". The following condig - does the following: If the HTTP header "User-Agent" - begins with "Mozilla/3", the page foo.html - is rewritten to foo.NS.html and and the - rewriting stops. If the browser is "Lynx" or "Mozilla" of - version 1 or 2 the URL becomes foo.20.html. - All other browsers receive page foo.32.html. - This is done by the following ruleset: - - - - - -
-
-RewriteCond %{HTTP_USER_AGENT}  ^Mozilla/3.*
-RewriteRule ^foo\.html$         foo.NS.html          [L]
-
-RewriteCond %{HTTP_USER_AGENT}  ^Lynx/.*         [OR]
-RewriteCond %{HTTP_USER_AGENT}  ^Mozilla/[12].*
-RewriteRule ^foo\.html$         foo.20.html          [L]
-
-RewriteRule ^foo\.html$         foo.32.html          [L]
-
-
-
-
- -

Dynamic Mirror

- -
-
Description:
- -
Assume there are nice webpages on remote hosts we want - to bring into our namespace. For FTP servers we would use - the mirror program which actually maintains an - explicit up-to-date copy of the remote data on the local - machine. For a webserver we could use the program - webcopy which acts similar via HTTP. But both - techniques have one major drawback: The local copy is - always just as up-to-date as often we run the program. It - would be much better if the mirror is not a static one we - have to establish explicitly. Instead we want a dynamic - mirror with data which gets updated automatically when - there is need (updated data on the remote host).
- -
Solution:
- -
- To provide this feature we map the remote webpage or even - the complete remote webarea to our namespace by the use - of the Proxy Throughput feature (flag [P]): - - - - - -
-
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^hotsheet/(.*)$  http://www.tstimpreso.com/hotsheet/$1  [P]
-
-
- - - - - -
-
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^usa-news\.html$   http://www.quux-corp.com/news/index.html  [P]
-
-
-
-
- -

Reverse Dynamic Mirror

- -
-
Description:
- -
...
- -
Solution:
- -
- - - - -
-
-RewriteEngine on
-RewriteCond   /mirror/of/remotesite/$1           -U 
-RewriteRule   ^http://www\.remotesite\.com/(.*)$ /mirror/of/remotesite/$1
-
-
-
-
- -

Retrieve Missing Data from Intranet

- -
-
Description:
- -
This is a tricky way of virtually running a corporates - (external) Internet webserver - (www.quux-corp.dom), while actually keeping - and maintaining its data on a (internal) Intranet webserver - (www2.quux-corp.dom) which is protected by a - firewall. The trick is that on the external webserver we - retrieve the requested data on-the-fly from the internal - one.
- -
Solution:
- -
- First, we have to make sure that our firewall still - protects the internal webserver and that only the - external webserver is allowed to retrieve data from it. - For a packet-filtering firewall we could for instance - configure a firewall ruleset like the following: - - - - - -
-
-ALLOW Host www.quux-corp.dom Port >1024 --> Host www2.quux-corp.dom Port 80  
-DENY  Host *                 Port *     --> Host www2.quux-corp.dom Port 80
-
-
- -

Just adjust it to your actual configuration syntax. - Now we can establish the mod_rewrite rules which request - the missing data in the background through the proxy - throughput feature:

- - - - - -
-
-RewriteRule ^/~([^/]+)/?(.*)          /home/$1/.www/$2
-RewriteCond %{REQUEST_FILENAME}       !-f
-RewriteCond %{REQUEST_FILENAME}       !-d
-RewriteRule ^/home/([^/]+)/.www/?(.*) http://www2.quux-corp.dom/~$1/pub/$2 [P]
-
-
-
-
- -

Load Balancing

- -
-
Description:
- -
Suppose we want to load balance the traffic to - www.foo.com over www[0-5].foo.com - (a total of 6 servers). How can this be done?
- -
Solution:
- -
- There are a lot of possible solutions for this problem. - We will discuss first a commonly known DNS-based variant - and then the special one with mod_rewrite: - -
    -
  1. - DNS Round-Robin - -

    The simplest method for load-balancing is to use - the DNS round-robin feature of BIND. Here you just - configure www[0-9].foo.com as usual in - your DNS with A(address) records, e.g.

    - - - - - -
    -
    -www0   IN  A       1.2.3.1
-www1   IN  A       1.2.3.2
-www2   IN  A       1.2.3.3
-www3   IN  A       1.2.3.4
-www4   IN  A       1.2.3.5
-www5   IN  A       1.2.3.6
-
    -
    - -

    Then you additionally add the following entry:

    - - - - - -
    -
    -www    IN  CNAME   www0.foo.com.
-       IN  CNAME   www1.foo.com.
-       IN  CNAME   www2.foo.com.
-       IN  CNAME   www3.foo.com.
-       IN  CNAME   www4.foo.com.
-       IN  CNAME   www5.foo.com.
-       IN  CNAME   www6.foo.com.
-
    -
    - -

    Notice that this seems wrong, but is actually an - intended feature of BIND and can be used in this way. - However, now when www.foo.com gets - resolved, BIND gives out www0-www6 - but - in a slightly permutated/rotated order every time. - This way the clients are spread over the various - servers. But notice that this not a perfect load - balancing scheme, because DNS resolve information - gets cached by the other nameservers on the net, so - once a client has resolved www.foo.com - to a particular wwwN.foo.com, all - subsequent requests also go to this particular name - wwwN.foo.com. But the final result is - ok, because the total sum of the requests are really - spread over the various webservers.

    -
    2. - -
  2. - DNS Load-Balancing - -

    A sophisticated DNS-based method for - load-balancing is to use the program - lbnamed which can be found at - http://www.stanford.edu/~schemers/docs/lbnamed/lbnamed.html. - It is a Perl 5 program in conjunction with auxilliary - tools which provides a real load-balancing for - DNS.

    -
    3. - -
  3. - Proxy Throughput Round-Robin - -

    In this variant we use mod_rewrite and its proxy - throughput feature. First we dedicate - www0.foo.com to be actually - www.foo.com by using a single

    - - - - - -
    -
    -www    IN  CNAME   www0.foo.com.
-
    -
    - -

    entry in the DNS. Then we convert - www0.foo.com to a proxy-only server, - i.e. we configure this machine so all arriving URLs - are just pushed through the internal proxy to one of - the 5 other servers (www1-www5). To - accomplish this we first establish a ruleset which - contacts a load balancing script lb.pl - for all URLs.

    - - - - - -
    -
    -RewriteEngine on
-RewriteMap    lb      prg:/path/to/lb.pl
-RewriteRule   ^/(.+)$ ${lb:$1}           [P,L]
-
    -
    - -

    Then we write lb.pl:

    - - - - - -
    -
    -#!/path/to/perl
-##
-##  lb.pl -- load balancing script
-##
-
-$| = 1;
-
-$name   = "www";     # the hostname base
-$first  = 1;         # the first server (not 0 here, because 0 is myself) 
-$last   = 5;         # the last server in the round-robin
-$domain = "foo.dom"; # the domainname
-
-$cnt = 0;
-while (<STDIN>) {
-    $cnt = (($cnt+1) % ($last+1-$first));
-    $server = sprintf("%s%d.%s", $name, $cnt+$first, $domain);
-    print "http://$server/$_";
-}
-
-##EOF##
-
    -
    - -

    A last notice: Why is this useful? Seems like - www0.foo.com still is overloaded? The - answer is yes, it is overloaded, but with plain proxy - throughput requests, only! All SSI, CGI, ePerl, etc. - processing is completely done on the other machines. - This is the essential point.

    -
    4. - -
  4. - Hardware/TCP Round-Robin - -

    There is a hardware solution available, too. Cisco - has a beast called LocalDirector which does a load - balancing at the TCP/IP level. Actually this is some - sort of a circuit level gateway in front of a - webcluster. If you have enough money and really need - a solution with high performance, use this one.

    -
    5. -
-
-
- -

New MIME-type, New Service

- -
-
Description:
- -
- On the net there are a lot of nifty CGI programs. But - their usage is usually boring, so a lot of webmaster - don't use them. Even Apache's Action handler feature for - MIME-types is only appropriate when the CGI programs - don't need special URLs (actually PATH_INFO and - QUERY_STRINGS) as their input. First, let us configure a - new file type with extension .scgi (for - secure CGI) which will be processed by the popular - cgiwrap program. The problem here is that - for instance we use a Homogeneous URL Layout (see above) - a file inside the user homedirs has the URL - /u/user/foo/bar.scgi. But - cgiwrap needs the URL in the form - /~user/foo/bar.scgi/. The following rule - solves the problem: - - - - - -
-
-RewriteRule ^/[uge]/([^/]+)/\.www/(.+)\.scgi(.*) ...
-... /internal/cgi/user/cgiwrap/~$1/$2.scgi$3  [NS,T=application/x-http-cgi]
-
-
- -

Or assume we have some more nifty programs: - wwwlog (which displays the - access.log for a URL subtree and - wwwidx (which runs Glimpse on a URL - subtree). We have to provide the URL area to these - programs so they know on which area they have to act on. - But usually this ugly, because they are all the times - still requested from that areas, i.e. typically we would - run the swwidx program from within - /u/user/foo/ via hyperlink to

-
-/internal/cgi/user/swwidx?i=/u/user/foo/
-
- -

which is ugly. Because we have to hard-code - both the location of the area - and the location of the CGI inside the - hyperlink. When we have to reorganise or area, we spend a - lot of time changing the various hyperlinks.

-
- -
Solution:
- -
- The solution here is to provide a special new URL format - which automatically leads to the proper CGI invocation. - We configure the following: - - - - - -
-
-RewriteRule   ^/([uge])/([^/]+)(/?.*)/\*  /internal/cgi/user/wwwidx?i=/$1/$2$3/
-RewriteRule   ^/([uge])/([^/]+)(/?.*):log /internal/cgi/user/wwwlog?f=/$1/$2$3
-
-
- -

Now the hyperlink to search at - /u/user/foo/ reads only

-
-HREF="*"
-
- -

which internally gets automatically transformed to

-
-/internal/cgi/user/wwwidx?i=/u/user/foo/
-
- -

The same approach leads to an invocation for the - access log CGI program when the hyperlink - :log gets used.

-
-
- -

From Static to Dynamic

- -
-
Description:
- -
How can we transform a static page - foo.html into a dynamic variant - foo.cgi in a seamless way, i.e. without notice - by the browser/user.
- -
Solution:
- -
- We just rewrite the URL to the CGI-script and force the - correct MIME-type so it gets really run as a CGI-script. - This way a request to /~quux/foo.html - internally leads to the invokation of - /~quux/foo.cgi. - - - - - -
-
-RewriteEngine  on
-RewriteBase    /~quux/
-RewriteRule    ^foo\.html$  foo.cgi  [T=application/x-httpd-cgi]
-
-
-
-
- -

On-the-fly Content-Regeneration

- -
-
Description:
- -
Here comes a really esoteric feature: Dynamically - generated but statically served pages, i.e. pages should be - delivered as pure static pages (read from the filesystem - and just passed through), but they have to be generated - dynamically by the webserver if missing. This way you can - have CGI-generated pages which are statically served unless - one (or a cronjob) removes the static contents. Then the - contents gets refreshed.
- -
Solution:
- -
- This is done via the following ruleset: - - - - - -
-
-RewriteCond %{REQUEST_FILENAME}   !-s
-RewriteRule ^page\.html$          page.cgi   [T=application/x-httpd-cgi,L]
-
-
- -

Here a request to page.html leads to a - internal run of a corresponding page.cgi if - page.html is still missing or has filesize - null. The trick here is that page.cgi is a - usual CGI script which (additionally to its STDOUT) - writes its output to the file page.html. - Once it was run, the server sends out the data of - page.html. When the webmaster wants to force - a refresh the contents, he just removes - page.html (usually done by a cronjob).

-
-
- -

Document With Autorefresh

- -
-
Description:
- -
Wouldn't it be nice while creating a complex webpage if - the webbrowser would automatically refresh the page every - time we write a new version from within our editor? - Impossible?
- -
Solution:
- -
- No! We just combine the MIME multipart feature, the - webserver NPH feature and the URL manipulation power of - mod_rewrite. First, we establish a new URL feature: - Adding just :refresh to any URL causes this - to be refreshed every time it gets updated on the - filesystem. - - - - - -
-
-RewriteRule   ^(/[uge]/[^/]+/?.*):refresh  /internal/cgi/apache/nph-refresh?f=$1
-
-
- -

Now when we reference the URL

-
-/u/foo/bar/page.html:refresh
-
- -

this leads to the internal invocation of the URL

-
-/internal/cgi/apache/nph-refresh?f=/u/foo/bar/page.html
-
- -

The only missing part is the NPH-CGI script. Although - one would usually say "left as an exercise to the reader" - ;-) I will provide this, too.

-
-#!/sw/bin/perl
-##
-##  nph-refresh -- NPH/CGI script for auto refreshing pages
-##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved. 
-##
-$| = 1;
-
-#   split the QUERY_STRING variable
-@pairs = split(/&/, $ENV{'QUERY_STRING'});
-foreach $pair (@pairs) {
-    ($name, $value) = split(/=/, $pair);
-    $name =~ tr/A-Z/a-z/;
-    $name = 'QS_' . $name;
-    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
-    eval "\$$name = \"$value\"";
-}
-$QS_s = 1 if ($QS_s eq '');
-$QS_n = 3600 if ($QS_n eq '');
-if ($QS_f eq '') {
-    print "HTTP/1.0 200 OK\n";
-    print "Content-type: text/html\n\n";
-    print "&lt;b&gt;ERROR&lt;/b&gt;: No file given\n";
-    exit(0);
-}
-if (! -f $QS_f) {
-    print "HTTP/1.0 200 OK\n";
-    print "Content-type: text/html\n\n";
-    print "&lt;b&gt;ERROR&lt;/b&gt;: File $QS_f not found\n";
-    exit(0);
-}
-
-sub print_http_headers_multipart_begin {
-    print "HTTP/1.0 200 OK\n";
-    $bound = "ThisRandomString12345";
-    print "Content-type: multipart/x-mixed-replace;boundary=$bound\n";
-    &print_http_headers_multipart_next;
-}
-
-sub print_http_headers_multipart_next {
-    print "\n--$bound\n";
-}
-
-sub print_http_headers_multipart_end {
-    print "\n--$bound--\n";
-}
-
-sub displayhtml {
-    local($buffer) = @_;
-    $len = length($buffer);
-    print "Content-type: text/html\n";
-    print "Content-length: $len\n\n";
-    print $buffer;
-}
-
-sub readfile {
-    local($file) = @_;
-    local(*FP, $size, $buffer, $bytes);
-    ($x, $x, $x, $x, $x, $x, $x, $size) = stat($file);
-    $size = sprintf("%d", $size);
-    open(FP, "&lt;$file");
-    $bytes = sysread(FP, $buffer, $size);
-    close(FP);
-    return $buffer;
-}
-
-$buffer = &readfile($QS_f);
-&print_http_headers_multipart_begin;
-&displayhtml($buffer);
-
-sub mystat {
-    local($file) = $_[0];
-    local($time);
-
-    ($x, $x, $x, $x, $x, $x, $x, $x, $x, $mtime) = stat($file);
-    return $mtime;
-}
-
-$mtimeL = &mystat($QS_f);
-$mtime = $mtime;
-for ($n = 0; $n &lt; $QS_n; $n++) {
-    while (1) {
-        $mtime = &mystat($QS_f);
-        if ($mtime ne $mtimeL) {
-            $mtimeL = $mtime;
-            sleep(2);
-            $buffer = &readfile($QS_f);
-            &print_http_headers_multipart_next;
-            &displayhtml($buffer);
-            sleep(5);
-            $mtimeL = &mystat($QS_f);
-            last;
-        }
-        sleep($QS_s);
-    }
-}
-
-&print_http_headers_multipart_end;
-
-exit(0);
-
-##EOF##
-
-
-
- -

Mass Virtual Hosting

- -
-
Description:
- -
The <VirtualHost> feature of Apache - is nice and works great when you just have a few dozens - virtual hosts. But when you are an ISP and have hundreds of - virtual hosts to provide this feature is not the best - choice.
- -
Solution:
- -
- To provide this feature we map the remote webpage or even - the complete remote webarea to our namespace by the use - of the Proxy Throughput feature (flag [P]): - - - - - -
-
-##
-##  vhost.map 
-## 
-www.vhost1.dom:80  /path/to/docroot/vhost1
-www.vhost2.dom:80  /path/to/docroot/vhost2
-     :
-www.vhostN.dom:80  /path/to/docroot/vhostN
-
-
- - - - - -
-
-##
-##  httpd.conf
-##
-    :
-#   use the canonical hostname on redirects, etc.
-UseCanonicalName on
-
-    :
-#   add the virtual host in front of the CLF-format
-CustomLog  /path/to/access_log  "%{VHOST}e %h %l %u %t \"%r\" %>s %b"
-    :
-
-#   enable the rewriting engine in the main server
-RewriteEngine on
-
-#   define two maps: one for fixing the URL and one which defines
-#   the available virtual hosts with their corresponding
-#   DocumentRoot.
-RewriteMap    lowercase    int:tolower
-RewriteMap    vhost        txt:/path/to/vhost.map
-
-#   Now do the actual virtual host mapping
-#   via a huge and complicated single rule:
-#
-#   1. make sure we don't map for common locations
-RewriteCond   %{REQUEST_URI}  !^/commonurl1/.*
-RewriteCond   %{REQUEST_URI}  !^/commonurl2/.*
-    :
-RewriteCond   %{REQUEST_URI}  !^/commonurlN/.*
-#
-#   2. make sure we have a Host header, because
-#      currently our approach only supports 
-#      virtual hosting through this header
-RewriteCond   %{HTTP_HOST}  !^$
-#
-#   3. lowercase the hostname
-RewriteCond   ${lowercase:%{HTTP_HOST}|NONE}  ^(.+)$
-#
-#   4. lookup this hostname in vhost.map and
-#      remember it only when it is a path 
-#      (and not "NONE" from above)
-RewriteCond   ${vhost:%1}  ^(/.*)$
-#
-#   5. finally we can map the URL to its docroot location 
-#      and remember the virtual host for logging puposes
-RewriteRule   ^/(.*)$   %1/$1  [E=VHOST:${lowercase:%{HTTP_HOST}}]
-    : 
-
-
-
-
- -

Access Restriction

- -

Blocking of Robots

- -
-
Description:
- -
How can we block a really annoying robot from - retrieving pages of a specific webarea? A - /robots.txt file containing entries of the - "Robot Exclusion Protocol" is typically not enough to get - rid of such a robot.
- -
Solution:
- -
- We use a ruleset which forbids the URLs of the webarea - /~quux/foo/arc/ (perhaps a very deep - directory indexed area where the robot traversal would - create big server load). We have to make sure that we - forbid access only to the particular robot, i.e. just - forbidding the host where the robot runs is not enough. - This would block users from this host, too. We accomplish - this by also matching the User-Agent HTTP header - information. - - - - - -
-
-RewriteCond %{HTTP_USER_AGENT}   ^NameOfBadRobot.*      
-RewriteCond %{REMOTE_ADDR}       ^123\.45\.67\.[8-9]$
-RewriteRule ^/~quux/foo/arc/.+   -   [F]
-
-
-
-
- -

Blocked Inline-Images

- -
-
Description:
- -
Assume we have under http://www.quux-corp.de/~quux/ - some pages with inlined GIF graphics. These graphics are - nice, so others directly incorporate them via hyperlinks to - their pages. We don't like this practice because it adds - useless traffic to our server.
- -
Solution:
- -
- While we cannot 100% protect the images from inclusion, - we can at least restrict the cases where the browser - sends a HTTP Referer header. - - - - - -
-
-RewriteCond %{HTTP_REFERER} !^$                                  
-RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
-RewriteRule .*\.gif$        -                                    [F]
-
-
- - - - - -
-
-RewriteCond %{HTTP_REFERER}         !^$                                  
-RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
-RewriteRule ^inlined-in-foo\.gif$   -                        [F]
-
-
-
-
- -

Host Deny

- -
-
Description:
- -
How can we forbid a list of externally configured hosts - from using our server?
- -
Solution:
- -
- For Apache >= 1.3b6: - - - - - -
-
-RewriteEngine on
-RewriteMap    hosts-deny  txt:/path/to/hosts.deny
-RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
-RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
-RewriteRule   ^/.*  -  [F]
-
-
- -

For Apache <= 1.3b6:

- - - - - -
-
-RewriteEngine on
-RewriteMap    hosts-deny  txt:/path/to/hosts.deny
-RewriteRule   ^/(.*)$ ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}/$1
-RewriteRule   !^NOT-FOUND/.* - [F]
-RewriteRule   ^NOT-FOUND/(.*)$ ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}/$1 
-RewriteRule   !^NOT-FOUND/.* - [F]
-RewriteRule   ^NOT-FOUND/(.*)$ /$1
-
-
- - - - - -
-
-##
-##  hosts.deny 
-##
-##  ATTENTION! This is a map, not a list, even when we treat it as such.
-##             mod_rewrite parses it for key/value pairs, so at least a
-##             dummy value "-" must be present for each entry.
-##
-
-193.102.180.41 -
-bsdti1.sdm.de  -
-192.76.162.40  -
-
-
-
-
- -

URL-Restricted Proxy

- -
-
Description:
- -
How can we restrict the proxy to allow access to a - configurable set of internet sites only? The site list is - extracted from a prepared bookmarks file.
- -
Solution:
- -
- We first have to make sure mod_rewrite is below(!) - mod_proxy in the Configuration file when - compiling the Apache webserver (or in the - AddModule list of httpd.conf in - the case of dynamically loaded modules), as it must get - called _before_ mod_proxy. - -

For simplicity, we generate the site list as a - textfile map (but see the mod_rewrite - documentation for a conversion script to DBM format). - A typical Netscape bookmarks file can be converted to a - list of sites with a shell script like this:

- - - - - -
-
-#!/bin/sh
-cat ${1:-~/.netscape/bookmarks.html} |
-tr -d '\015' | tr '[A-Z]' '[a-z]' | grep href=\" |
-sed -e '/href="file:/d;' -e '/href="news:/d;' \
-    -e 's|^.*href="[^:]*://\([^:/"]*\).*$|\1 OK|;' \
-    -e '/href="/s|^.*href="\([^:/"]*\).*$|\1 OK|;' |
-sort -u
-
-
- -

We redirect the resulting output into a text file - called goodsites.txt. It now looks similar - to this:

- - - - - -
-
-www.apache.org OK
-xml.apache.org OK
-jakarta.apache.org OK
-perl.apache.org OK
-...
-
-
- -

We reference this site file within the configuration - for the VirtualHost which is responsible for - serving as a proxy (often not port 80, but 81, 8080 or - 8008).

- - - - - -
-
-<VirtualHost 0.0.0.0:8008>
-  ...
-  RewriteEngine   On
-  # Either use the (plaintext) allow list from goodsites.txt
-  RewriteMap      ProxyAllow   txt:/usr/local/apache/conf/goodsites.txt
-  # Or, for faster access, convert it to a DBM database:
-  #RewriteMap     ProxyAllow   dbm:/usr/local/apache/conf/goodsites
-  # Match lowercased hostnames
-  RewriteMap      lowercase    int:tolower
-  # Here we go:
-  # 1) first lowercase the site name and strip off a :port suffix
-  RewriteCond  ${lowercase:%{HTTP_HOST}}    ^([^:]*).*$
-  # 2) next look it up in the map file.
-  #    "%1" refers to the previous regex.
-  #    If the result is "OK", proxy access is granted.
-  RewriteCond  ${ProxyAllow:%1|DENY}        !^OK$          [NC]
-  # 3) Disallow proxy requests if the site was _not_ tagged "OK":
-  RewriteRule  ^proxy:                      -              [F]
-  ...
-</VirtualHost>
-
-
-
-
- -

Proxy Deny

- -
-
Description:
- -
How can we forbid a certain host or even a user of a - special host from using the Apache proxy?
- -
Solution:
- -
- We first have to make sure mod_rewrite is below(!) - mod_proxy in the Configuration file when - compiling the Apache webserver. This way it gets called - _before_ mod_proxy. Then we configure the - following for a host-dependend deny... - - - - - -
-
-RewriteCond %{REMOTE_HOST} ^badhost\.mydomain\.com$ 
-RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]
-
-
- -

...and this one for a user@host-dependend deny:

- - - - - -
-
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST}  ^badguy@badhost\.mydomain\.com$
-RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]
-
-
-
-
- -

Special Authentication Variant

- -
-
Description:
- -
Sometimes a very special authentication is needed, for - instance a authentication which checks for a set of - explicitly configured users. Only these should receive - access and without explicit prompting (which would occur - when using the Basic Auth via mod_access).
- -
Solution:
- -
- We use a list of rewrite conditions to exclude all except - our friends: - - - - - -
-
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} !^friend1@client1.quux-corp\.com$ 
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} !^friend2@client2.quux-corp\.com$ 
-RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} !^friend3@client3.quux-corp\.com$ 
-RewriteRule ^/~quux/only-for-friends/      -                                 [F]
-
-
-
-
- -

Referer-based Deflector

- -
-
Description:
- -
How can we program a flexible URL Deflector which acts - on the "Referer" HTTP header and can be configured with as - many referring pages as we like?
- -
Solution:
- -
- Use the following really tricky ruleset... - - - - - -
-
-RewriteMap  deflector txt:/path/to/deflector.map
-
-RewriteCond %{HTTP_REFERER} !=""
-RewriteCond ${deflector:%{HTTP_REFERER}} ^-$
-RewriteRule ^.* %{HTTP_REFERER} [R,L]
-
-RewriteCond %{HTTP_REFERER} !=""
-RewriteCond ${deflector:%{HTTP_REFERER}|NOT-FOUND} !=NOT-FOUND
-RewriteRule ^.* ${deflector:%{HTTP_REFERER}} [R,L]
-
-
- -

... in conjunction with a corresponding rewrite - map:

- - - - - -
-
-##
-##  deflector.map
-##
-
-http://www.badguys.com/bad/index.html    -
-http://www.badguys.com/bad/index2.html   -
-http://www.badguys.com/bad/index3.html   http://somewhere.com/
-
-
- -

This automatically redirects the request back to the - referring page (when "-" is used as the value in the map) - or to a specific URL (when an URL is specified in the map - as the second argument).

-
-
- -

Other

- -

External Rewriting Engine

- -
-
Description:
- -
A FAQ: How can we solve the FOO/BAR/QUUX/etc. problem? - There seems no solution by the use of mod_rewrite...
- -
Solution:
- -
- Use an external rewrite map, i.e. a program which acts - like a rewrite map. It is run once on startup of Apache - receives the requested URLs on STDIN and has to put the - resulting (usually rewritten) URL on STDOUT (same - order!). - - - - - -
-
-RewriteEngine on
-RewriteMap    quux-map       prg:/path/to/map.quux.pl
-RewriteRule   ^/~quux/(.*)$  /~quux/${quux-map:$1}
-
-
- - - - - -
-
-#!/path/to/perl
-
-#   disable buffered I/O which would lead 
-#   to deadloops for the Apache server
-$| = 1;
-
-#   read URLs one per line from stdin and
-#   generate substitution URL on stdout
-while (<>) {
-    s|^foo/|bar/|;
-    print $_;
-}
-
-
- -

This is a demonstration-only example and just rewrites - all URLs /~quux/foo/... to - /~quux/bar/.... Actually you can program - whatever you like. But notice that while such maps can be - used also by an average user, only the - system administrator can define it.

-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - -
- - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/security_tips.html b/usr.sbin/httpd/htdocs/manual/misc/security_tips.html deleted file mode 100644 index 12ff7b27e4a..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/security_tips.html +++ /dev/null @@ -1,312 +0,0 @@ - - - - - - - Apache HTTP Server: Security Tips - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Security Tips for Server Configuration

- - -
- -

Some hints and tips on security issues in setting up a web - server. Some of the suggestions will be general, others - specific to Apache.

-
- -

Permissions on - ServerRoot Directories

- -

In typical operation, Apache is started by the root user, - and it switches to the user defined by the User - directive to serve hits. As is the case with any command that - root executes, you must take care that it is protected from - modification by non-root users. Not only must the files - themselves be writeable only by root, but also the - directories and parents of all directories. For example, if - you choose to place ServerRoot in - /usr/local/apache then it is suggested that you - create that directory as root, with commands like these:

- -
-
-    mkdir /usr/local/apache
-    cd /usr/local/apache
-    mkdir bin conf logs
-    chown 0 . bin conf logs
-    chgrp 0 . bin conf logs
-    chmod 755 . bin conf logs
-
-
- It is assumed that /, /usr, and /usr/local are only modifiable - by root. When you install the httpd executable, you should - ensure that it is similarly protected: - -
-
-    cp httpd /usr/local/apache/bin
-    chown 0 /usr/local/apache/bin/httpd
-    chgrp 0 /usr/local/apache/bin/httpd
-    chmod 511 /usr/local/apache/bin/httpd
-
-
- -

You can create an htdocs subdirectory which is modifiable by - other users -- since root never executes any files out of - there, and shouldn't be creating files in there.

- -

If you allow non-root users to modify any files that root - either executes or writes on then you open your system to root - compromises. For example, someone could replace the httpd - binary so that the next time you start it, it will execute some - arbitrary code. If the logs directory is writeable (by a - non-root user), someone could replace a log file with a symlink - to some other system file, and then root might overwrite that - file with arbitrary data. If the log files themselves are - writeable (by a non-root user), then someone may be able to - overwrite the log itself with bogus data.

-
- -

Server Side Includes

- -

Server Side Includes (SSI) present a server administrator - with several potential security risks.

- -

The first risk is the increased load on the server. All - SSI-enabled files have to be parsed by Apache, whether or not - there are any SSI directives included within the files. While - this load increase is minor, in a shared server environment it - can become significant.

- -

SSI files also pose the same risks that are associated with - CGI scripts in general. Using the "exec cmd" element, - SSI-enabled files can execute any CGI script or program under - the permissions of the user and group Apache runs as, as - configured in httpd.conf. That should definitely give server - administrators pause.

- -

There are ways to enhance the security of SSI files while - still taking advantage of the benefits they provide.

- -

To isolate the damage a wayward SSI file can cause, a server - administrator can enable suexec as described in the CGI in General section.

- -

Enabling SSI for files with .html or .htm extensions can be - dangerous. This is especially true in a shared, or high - traffic, server environment. SSI-enabled files should have a - separate extension, such as the conventional .shtml. This helps - keep server load at a minimum and allows for easier management - of risk.

- -

Another solution is to disable the ability to run scripts - and programs from SSI pages. To do this, replace - Includes with IncludesNOEXEC in the - Options directive. Note - that users may still use <--#include virtual="..." --> to - execute CGI scripts if these scripts are in directories - designated by a ScriptAlias - directive.

-
- -

Non Script Aliased - CGI

- -

Allowing users to execute CGI scripts in - any directory should only be considered if;

- -
    -
  1. You trust your users not to write scripts which will - deliberately or accidentally expose your system to an - attack.
    2. - -
  2. You consider security at your site to be so feeble in - other areas, as to make one more potential hole - irrelevant.
    3. - -
  3. You have no users, and nobody ever visits your - server.
    4. -
-
- -

Script Aliased - CGI

- -

Limiting CGI to special directories gives - the admin control over what goes into those directories. This - is inevitably more secure than non script aliased CGI, but - only if users with write access to the directories are - trusted or the admin is willing to test each new CGI - script/program for potential security holes.

- -

Most sites choose this option over the non script aliased - CGI approach.

-
- -

CGI in General

- -

Always remember that you must trust the writers of the CGI - script/programs or your ability to spot potential security - holes in CGI, whether they were deliberate or accidental.

- -

All the CGI scripts will run as the same user, so they have - potential to conflict (accidentally or deliberately) with other - scripts e.g. User A hates User B, so he writes a - script to trash User B's CGI database. One program which can be - used to allow scripts to run as different users is suEXEC which is included with Apache - as of 1.2 and is called from special hooks in the Apache server - code. Another popular way of doing this is with CGIWrap.

-
- -

Other sources of dynamic - content

- -

Embedded scripting options which run as part of the server itself, such -as mod_php, mod_perl, mod_tcl, and mod_python, run under the identity of -the server itself (see the User -directive), and therefore scripts executed by these engines -potentially can access anything the server user can. Some scripting -engines may provide restrictions, but it is better to be safe and assume -not.

-
- -

Protecting - System Settings

- -

To run a really tight ship, you'll want to stop users from - setting up .htaccess files which can override - security features you've configured. Here's one way to do - it.

- -

In the server configuration file, put

- -
- <Directory />
- AllowOverride None
- </Directory>
- -
- -

This prevents the use of .htaccess files in all - directories apart from those specifically enabled.

-
- -

Protect Server Files by - Default

- -

One aspect of Apache which is occasionally misunderstood is - the feature of default access. That is, unless you take steps - to change it, if the server can find its way to a file through - normal URL mapping rules, it can serve it to clients.

- -

For instance, consider the following example:

- -
    -
  1. # cd /; ln -s / public_html
    2. - -
  2. Accessing http://localhost/~root/
    3. -
- -

This would allow clients to walk through the entire - filesystem. To work around this, add the following block to - your server's configuration:

-
- <Directory />
-     Order Deny,Allow
-     Deny from all
- </Directory>
-
- -

This will forbid default access to filesystem locations. Add - appropriate <Directory> - blocks to allow access only in those areas you wish. For - example,

-
- <Directory /usr/users/*/public_html>
-     Order Deny,Allow
-     Allow from all
- </Directory>
- <Directory /usr/local/httpd>
-     Order Deny,Allow
-     Allow from all
- </Directory>
-
- -

Pay particular attention to the interactions of <Location> - and <Directory> - directives; for instance, even if <Directory - /> denies access, a <Location /> - directive might overturn it.

- -

Also be wary of playing games with the UserDir directive; - setting it to something like "./" would have the - same effect, for root, as the first example above. If you are - using Apache 1.3 or above, we strongly recommend that you - include the following line in your server configuration - files:

- -
-
UserDir disabled root
-
-
- -

Please send any other useful security tips to The Apache - Group by filling out a problem report. If you are - confident you have found a security bug in the Apache source - code itself, please let us - know.

- -

- -

Apache HTTP Server Version 1.3

- Index - Home -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/misc/tutorials.html b/usr.sbin/httpd/htdocs/manual/misc/tutorials.html deleted file mode 100644 index f2938f25957..00000000000 --- a/usr.sbin/httpd/htdocs/manual/misc/tutorials.html +++ /dev/null @@ -1,178 +0,0 @@ - - - - - - - Apache Tutorials - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache Tutorials

- -

The following documents give you step-by-step instructions - on how to accomplish common tasks with the Apache http server. - Many of these documents are located at external sites and are - not the work of the Apache Software Foundation. Copyright to - documents on external sites is owned by the authors or their - assignees. Please consult the official Apache - Server documentation to verify what you read on external - sites.

- -

Installation & Getting Started

- - - -

Basic Configuration

- - - -

Security

- - - -

Logging

- - - -

CGI and SSI

- - - -

Other Features

- - - -

If you have a pointer to an accurate and well-written - tutorial not included here, please let us know by submitting it - to the Apache Bug - Database.

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/core.html b/usr.sbin/httpd/htdocs/manual/mod/core.html deleted file mode 100644 index b27a7c0e35c..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/core.html +++ /dev/null @@ -1,4223 +0,0 @@ - - - - - - - - Apache Core Features - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache Core Features

- -

These configuration parameters control the core Apache - features, and are always available.

- -

Directives

- - -
- -

AcceptFilter - directive

- - Syntax: AcceptFilter - on|off
- Default: AcceptFilter - on
- Context: server configt
- Status: core
- Compatibility: AcceptFilter is - available in Apache 1.3.22 and later - -

AcceptFilter controls a BSD specific filter - optimization. It is compiled in by default - and switched on by - default if your system supports it (setsocketopt() option - SO_ACCEPTFILTER). Currently only FreeBSD supports this.

- -

See the filter section on performance hints for more - information.

- -

The compile time flag AP_ACCEPTFILTER_OFF can - be used to change the default to 'off'. httpd -V - and httpd -L will show compile time defaults and - whether or not SO_ACCEPTFILTER was defined during the - compile.

- -
- -

AcceptMutex - directive

- - Syntax: AcceptMutex - uslock|pthread|sysvsem|fcntl|flock|os2sem|tpfcore|none|default
- Default: AcceptMutex - default
- Context: server config
- Status: core
- Compatibility: AcceptMutex is - available in Apache 1.3.21 and later. - -

AcceptMutex controls which accept() mutex - method Apache will use. Not all methods are available on all - platforms, since the suite of methods is determined at - compile-time. For a list of which methods are available for - your particular build, the httpd -V command line - option will list them out.

- -

The compile time flags -D - HAVE_METHOD_SERIALIZED_ACCEPT can be used to add - different methods to your build, or one can edit the - include/ap_config.h file for your particular - platform.

- -

This directive has no effect on Microsoft Windows.

- -

See the performance tuning - guide for more information.

- -
- -

AccessConfig - directive

- - Syntax: AccessConfig - file-path|directory-path|wildcard-path
- Default: AccessConfig - conf/access.conf
- Context: server config, virtual - host
- Status: core
- Compatibility: The ability to - specify a directory, rather than a file name, is only available in - Apache 1.3.13 and later. This directive will be eliminated in version - 2.0. - -

The server will read this file for more directives after - reading the ResourceConfig file. - File-path is relative to the ServerRoot. This feature can be disabled - using:

- -
- AccessConfig /dev/null -
- Or, on Win32 servers, - -
- AccessConfig nul -
- Historically, this file only contained <Directory> sections; in fact it - can now contain any server directive allowed in the server - config context. However, since Apache version 1.3.4, - the default access.conf file which ships with - Apache contains only comments, and all directives are placed - in the main server configuration file, httpd.conf. - -

If AccessConfig points to a directory, rather than a - file, Apache will read all files in that directory, and any - subdirectory, and parse those as configuration files. -

-

Alternatively you can use a wildcard to limit the scope; i.e - to only *.conf files. -

-

Note that by default any file in the specified - directory will be loaded as a configuration file. -

-

- So make sure that you don't have stray files in - this directory by mistake, such as temporary files created by your - editor, for example.

- -

See also: Include and ResourceConfig.

-
- -

AccessFileName - directive

- - Syntax: AccessFileName - filename [filename] ...
- Default: AccessFileName - .htaccess
- Context: server config, virtual - host
- Status: core
- Compatibility: AccessFileName - can accept more than one filename only in Apache 1.3 and later - -

When returning a document to the client the server looks for - the first existing access control file from this list of names - in every directory of the path to the document, if access - control files are enabled for that directory. For example:

- -
- AccessFileName .acl -
- before returning the document /usr/local/web/index.html, the - server will read /.acl, /usr/.acl, /usr/local/.acl and - /usr/local/web/.acl for directives, unless they have been - disabled with - -
- <Directory />
- AllowOverride None
- </Directory> -
- -

See Also: AllowOverride and Configuration Files

-
- -

AddDefaultCharset directive

- Syntax: AddDefaultCharset - On|Off|charset
- Context: all
- Status: core
- Default: - AddDefaultCharset Off
- Compatibility: - AddDefaultCharset is only available in Apache 1.3.12 and later - -

This directive specifies the name of the character set that - will be added to any response that does not have any parameter - on the content type in the HTTP headers. This will override any - character set specified in the body of the document via a - META tag. A setting of AddDefaultCharset - Off disables this functionality. AddDefaultCharset - On enables Apache's internal default charset of - iso-8859-1 as required by the directive. You can - also specify an alternate charset to be used.

- -

For example:

- -
- AddDefaultCharset utf-8 -
- -

Note: This will not have any effect on the - Content-Type and character set for default Apache-generated - status pages (such as '404 Not Found' or '301 Moved Permanently') - because those have an actual character set (that in which the - hard-coded page content is written) and don't need to have a default - applied.

- -
- -

AddModule - directive

- - Syntax: AddModule - module [module] ...
- Context: server config
- Status: core
- Compatibility: AddModule is - only available in Apache 1.2 and later - -

The server can have modules compiled in which are not - actively in use. This directive can be used to enable the use - of those modules. The server comes with a pre-loaded list of - active modules; this list can be cleared with the ClearModuleList directive.

- -

For example:

- -
- AddModule mod_include.c -
- -

The ordering of AddModule lines is important. - Modules are listed in reverse priority order --- the ones that come - later can override the behavior of those that come earlier. This - can have visible effects; for instance, if UserDir followed Alias, - you couldn't alias out a particular user's home directory. For - more information and a recommended ordering, see - src/Configuration.tmpl in the Apache source - distribution.

- -

See also: ClearModuleList and LoadModule

-
- -

AllowOverride - directive

- - Syntax: AllowOverride - All|None|directive-type [directive-type] - ...
- Default: AllowOverride - All
- Context: directory
- Status: core - -

When the server finds an .htaccess file (as specified by AccessFileName) it needs to know - which directives declared in that file can override earlier - access information.

- -

Note: AllowOverride is only - valid in <Directory> sections, not in <Location> or - <Files> sections, as implied by the Context - section above.

- -

When this directive is set to None, then - .htaccess files are completely ignored. In this case, the - server will not even attempt to read .htaccess files in the - filesystem.

- -

When this directive is set to All, then any - directive which has the .htaccess Context is allowed in - .htaccess files.

- -

The directive-type can be one of the following - groupings of directives.

- -
-
AuthConfig
- -
- - Allow use of the authorization directives (AuthDBMGroupFile, - AuthDBMUserFile, - AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, etc.).
- -
FileInfo
- -
- Allow use of the directives controlling document types (AddEncoding, AddLanguage, AddType, DefaultType, ErrorDocument, LanguagePriority, - etc.).
- -
Indexes
- -
- Allow use of the directives controlling directory indexing - (AddDescription, - AddIcon, AddIconByEncoding, - AddIconByType, - DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, - etc.).
- -
Limit
- -
- Allow use of the directives controlling host access (Allow, - Deny - and Order).
- -
Options
- -
- Allow use of the directives controlling specific directory - features (Options and XBitHack).
-
- -

Example:

-
AllowOverride AuthConfig Indexes
- -

See Also: AccessFileName and Configuration Files

-
- -

AuthName - directive

- - Syntax: AuthName - auth-domain
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: core - -

This directive sets the name of the authorization realm for - a directory. This realm is given to the client so that the user - knows which username and password to send. - AuthName takes a single argument; if the realm - name contains spaces, it must be enclosed in quotation marks. - It must be accompanied by AuthType and - Require directives, and directives such - as AuthUserFile and AuthGroupFile to - work.

- -

For example:

- -
AuthName "Top Secret"
- -

The string provided for the AuthName is what will - appear in the password dialog provided by most browsers.

- -

See also: Authentication, Authorization, and - Access Control

-
- -

AuthType - directive

- - Syntax: AuthType - Basic|Digest
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: core - -

This directive selects the type of user authentication for a - directory. Only Basic and Digest are - currently implemented. - - It must be accompanied by AuthName and - Require directives, and directives such - as AuthUserFile and AuthGroupFile to - work.

- -

See also: Authentication, Authorization, and - Access Control

-
- -

BindAddress - directive

- - Syntax: BindAddress - *|IP-address|domain-name
- Default: BindAddress - *
- Context: server config
- Status: core
- Compatibility: BindAddress is - deprecated and will be eliminated in Apache 2.0. - -

A Unix® http server can either listen for connections to - every IP address of the server machine, or just one IP address - of the server machine. If the argument to this directive is *, - then the server will listen for connections on every IP - address. Otherwise, the server can listen to only a specific - IP-address or a fully-qualified Internet - domain-name.

- -

For example:

- - BindAddress 192.168.15.48
- -

Only one BindAddress directive can be used.

- -

This directive is deprecated and will be eliminated in - Apache 2.0. Equivalent functionality and more control over the - address and ports Apache listens to is available using the - Listen - directive.

- -

BindAddress can be used as an alternative - method for supporting virtual hosts - using multiple independent servers, instead of using <VirtualHost> - sections.

- -

See Also: DNS - Issues
- See Also: Setting - which addresses and ports Apache uses

-
- -

BS2000Account - directive

- - Syntax: BS2000Account - account
- Default: none
- Context: server config
- Status: core
- Compatibility: BS2000Account is - only available for BS2000 machines, as of Apache 1.3 and later. - - -

The BS2000Account directive is available for - BS2000 hosts only. It must be used to define the account number - for the non-privileged apache server user (which was configured - using the User directive). This is required - by the BS2000 POSIX subsystem (to change the underlying BS2000 - task environment by performing a sub-LOGON) to prevent CGI - scripts from accessing resources of the privileged account - which started the server, usually SYSROOT.
- Only one BS2000Account directive can be used.

- -
- -

CGICommandArgs - directive

- - Syntax: CGICommandArgs On|Off
- Default: CGICommandArgs On
- Context: directory, .htaccess
- Override: Options
- Status: core
- Compatibility: Available in Apache - 1.3.24 and later. - -

Way back when the internet was a safer, more naive place, it - was convenient for the server to take a query string that did not - contain an '=' sign and to parse and pass it to a CGI program as - command line args. For example, <IsIndex> - generated searches often work in this way. The default behavior - in Apache is to maintain this behavior for backwards - compatibility, although it is generally regarded as unsafe - practice today. Most CGI programs do not take command line - parameters, but among those that do, many are unaware of this - method of passing arguments and are therefore vulnerable to - malicious clients passing unsafe material in this way. Setting - CGICommandArgs Off is recommended to protect such - scripts with little loss in functionality.

- -
- -

ClearModuleList directive

- - Syntax: ClearModuleList
- Context: server config
- Status: core
- Compatibility: ClearModuleList - is only available in Apache 1.2 and later - -

The server comes with a built-in list of active modules. - This directive clears the list. It is assumed that the list - will then be re-populated using the AddModule directive.

- -

See also: AddModule and LoadModule

- -
- -

ContentDigest - directive

- - Syntax: ContentDigest - on|off
- Default: ContentDigest - off
- Context: server config, virtual - host, directory, .htaccess
- Override: Options
- Status: experimental
- Compatibility: ContentDigest is - only available in Apache 1.1 and later - -

This directive enables the generation of - Content-MD5 headers as defined in RFC1864 - respectively RFC2068.

- -

MD5 is an algorithm for computing a "message digest" - (sometimes called "fingerprint") of arbitrary-length data, with - a high degree of confidence that any alterations in the data - will be reflected in alterations in the message digest.

- -

The Content-MD5 header provides an end-to-end - message integrity check (MIC) of the entity-body. A proxy or - client may check this header for detecting accidental - modification of the entity-body in transit. Example header:

-
-   Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
-
- -

Note that this can cause performance problems on your server - since the message digest is computed on every request (the - values are not cached).

- -

Content-MD5 is only sent for documents served - by the core, and not by any module. For example, SSI documents, - output from CGI scripts, and byte range responses do not have - this header.

-
- -

CoreDumpDirectory directive

- - Syntax: CoreDumpDirectory - directory-path
- Default: the same location as - ServerRoot
- Context: server config
- Status: core - -

This controls the directory to which Apache attempts to - switch before dumping core. The default is in the ServerRoot directory, however since this - should not be writable by the user the server runs as, core - dumps won't normally get written. If you want a core dump for - debugging, you can use this directive to place it in a - different location.

- -

For example:

- -
- CoreDumpDirectory /tmp -
- -
- -

DefaultType - directive

- - Syntax: DefaultType - MIME-type
- Default: DefaultType - text/plain
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: core - -

There will be times when the server is asked to provide a - document whose type cannot be determined by its MIME types - mappings.

- -

The server must inform the client of the content-type of the - document, so in the event of an unknown type it uses the - DefaultType. For example:

- -
- DefaultType image/gif -
- would be appropriate for a directory which contained many gif - images with filenames missing the .gif extension. - -

See also: AddType and TypesConfig.

- -
- -

<Directory> - directive

- - Syntax: <Directory - directory-path|proxy:url-path> - ... </Directory>
- Context: server config, virtual - host
- Status: Core. - -

<Directory> and </Directory> are used to enclose - a group of directives which will apply only to the named - directory and sub-directories of that directory. Any directive - which is allowed in a directory context may be used. - Directory-path is either the full path to a directory, - or a wild-card string. In a wild-card string, `?' matches any - single character, and `*' matches any sequences of characters. - As of Apache 1.3, you may also use `[ ]' character ranges like - in the shell. Also as of Apache 1.3 none of the wildcards match - a `/' character, which more closely mimics the behavior of - Unix shells. Example:

-
-   <Directory /usr/local/httpd/htdocs>
-   Options Indexes FollowSymLinks
-   </Directory>
-
- -

Apache 1.2 and above: Extended regular - expressions can also be used, with the addition of the - ~ character. For example:

-
-   <Directory ~ "^/www/.*/[0-9]{3}">
-
- would match directories in /www/ that consisted of three - numbers. - -

If multiple (non-regular expression) directory sections - match the directory (or its parents) containing a document, - then the directives are applied in the order of shortest match - first, interspersed with the directives from the .htaccess files. For example, - with

- -
- <Directory />
- AllowOverride None
- </Directory>
-
- <Directory /home/*>
- AllowOverride FileInfo
- </Directory> -
- for access to the document /home/web/dir/doc.html - the steps are: - -
    -
  • Apply directive AllowOverride None - (disabling .htaccess files).
    • - -
  • Apply directive AllowOverride FileInfo (for - directory /home/web).
    • - -
  • Apply any FileInfo directives in - /home/web/.htaccess
    • -
- -

Regular expression directory sections are handled slightly - differently by Apache 1.2 and 1.3. In Apache 1.2 they are - interspersed with the normal directory sections and applied in - the order they appear in the configuration file. They are - applied only once, and apply when the shortest match possible - occurs. In Apache 1.3 regular expressions are not considered - until after all of the normal sections have been applied. Then - all of the regular expressions are tested in the order they - appeared in the configuration file. For example, with

- -
- <Directory ~ abc$>
- ... directives here ...
- </Directory>
- -
- Suppose that the filename being accessed is - /home/abc/public_html/abc/index.html. The server - considers each of /, /home, - /home/abc, /home/abc/public_html, and - /home/abc/public_html/abc in that order. In Apache - 1.2, when /home/abc is considered, the regular - expression will match and be applied. In Apache 1.3 the regular - expression isn't considered at all at that point in the tree. - It won't be considered until after all normal - <Directory>s and .htaccess files have been - applied. Then the regular expression will match on - /home/abc/public_html/abc and be applied. - -

Note that the default Apache access for - <Directory /> is Allow from All. This means - that Apache will serve any file mapped from an URL. It is - recommended that you change this with a block such - as

-
- <Directory />
-     Order Deny,Allow
-     Deny from All
- </Directory>
-
- -

and then override this for directories you - want accessible. See the Security Tips page for - more details.

- <Directory> directives cannot nest, and cannot appear in - a <Limit> or <LimitExcept> section. - -

If you have mod_proxy enabled, you - can use the proxy: syntax to apply configuration - directives to proxied content. The syntax for this is to specify the - proxied URLs to which you wish to apply the configuration, or to - specify * to apply to all proxied content:

- -

To apply to all proxied content:

- - 
-   <Directory proxy:*>
-     ... directives here ...
-   </Directory>
-
- -

To apply to just a subset of proxied content:

- - 
-   <Directory proxy:http://www.example.com/>
-     ... directives here ...
-   </Directory>
-
- -

See also: How - Directory, Location and Files sections work for an - explanation of how these different sections are combined when a - request is received

-

See also: DirectoryMatch

-
- -

<DirectoryMatch>

- Syntax: <DirectoryMatch - regex> ... </DirectoryMatch>
- Context: server config, virtual - host
- Status: Core.
- Compatibility: Available in - Apache 1.3 and later - -

<DirectoryMatch> and </DirectoryMatch> are used - to enclose a group of directives which will apply only to the - named directory and sub-directories of that directory, the same - as <Directory>. However, it - takes as an argument a regular expression. For example:

-
-   <DirectoryMatch "^/www/.*/[0-9]{3}">
-
- -

would match directories in /www/ that consisted of three - numbers.

- -

See Also: <Directory> for a description of - how regular expressions are mixed in with normal - <Directory>s.
- See also: How - Directory, Location and Files sections work for an - explanation of how these different sections are combined when a - request is received

-
- -

DocumentRoot - directive

- - Syntax: DocumentRoot - directory-path
- Default: DocumentRoot - /usr/local/apache/htdocs
- Context: server config, virtual - host
- Status: core - -

This directive sets the directory from which httpd will - serve files. Unless matched by a directive like Alias, the - server appends the path from the requested URL to the document - root to make the path to the document. Example:

- -
- DocumentRoot /usr/web -
- then an access to - http://www.my.host.com/index.html refers to - /usr/web/index.html. - -

There appears to be a bug in mod_dir which causes problems - when the DocumentRoot has a trailing slash (i.e., - "DocumentRoot /usr/web/") so please avoid that.

-
- -

EBCDICConvert

- - Syntax: EBCDICConvert - On|Off[=direction] extension - [extension] ...
- Context: server config, virtual - host, directory, .htaccess
- Status: core
- Override: FileInfo
- Compatibility: The configurable - EBCDIC conversion is only available in Apache 1.3.19 and later, - and on EBCDIC based platforms. - -

The EBCDICConvert directive maps the given filename - extensions to the specified conversion setting (On - or Off). File extensions may be specified with or - without a leading dot.

- -

If the optional format On=direction (or - Off=direction) is used, where - direction is one of In, Out or - InOut, then the directive only applies to the - specified transfer direction (In: uploaded content - in a PUT or POST request, Out: returned content in - a GET or POST request, and InOut: conversion in - both directions).
- Otherwise, InOut (conversion in both directions) - is implied.

- -

Conversion configuration based on file extension is tested - prior to configuration based on MIME type, to allow for generic - MIME based rules to be overridden by a more specific file - extension (several file extensions may exist for the same MIME - type).

- -

Example:
- With a configuration like the following, the normal - *.html files contain HTML text in EBCDIC encoding, - while *.ahtml files contain HTML text in ASCII - encoding:

-
-    # *.html and *.ahtml contain HTML text:
-    AddType  text/html  .html .ahtml
-
-    # *.ahtml is not converted (contains ASCII text already):
-    EBCDICConvert       Off .ahtml
-
-    # All other text/html files presumably contain EBCDIC text:
-    EBCDICConvertByType On  text/html
-
-
-
- - -

See also: EBCDICConvertByType

-
- -

EBCDICConvertByType

- - Syntax: EBCDICConvertByType - On|Off[=direction] mimetype - [mimetype] ...
- Context: server config, virtual - host, directory, .htaccess
- Status: core
- Override: FileInfo
- Compatibility: The configurable - EBCDIC conversion is only available in Apache 1.3.19 and later, - and on EBCDIC based platforms. - -

The EBCDICConvertByType directive maps the given MIME type - (optionally containing wildcards) to the specified conversion - setting (On or Off).

- -

If the optional format On=direction (or - Off=direction) is used, where - direction is one of In, Out or - InOut, then the directive only applies to the - specified transfer direction (In: uploaded content - in a PUT or POST request, Out: returned content in - a GET or POST request, and InOut: conversion in - both directions).
- Otherwise, InOut (conversion in both directions) - is implied.

- -

Example:
- A useful standard configuration should at least contain the - following defaults:

-
-    # All text documents are stored as EBCDIC files:
-    EBCDICConvertByType On  text/* message/* multipart/*
-    EBCDICConvertByType On  application/x-www-form-urlencoded \
-                model/vrml application/postscript
-    # All other files are assumed to be binary:
-    EBCDICConvertByType Off */*
-
- If you serve ASCII documents only, for example from an NFS - mounted unix server, use: -
-    # All documents are ASCII already:
-    EBCDICConvertByType Off */*
-
- -

See also: EBCDICConvert

-
- -

EBCDICKludge

- - Syntax: EBCDICKludge - On|Off
- Default: EBCDICKludge - Off
- Context: server config, virtual - host, directory, .htaccess
- Status: core
- Override: FileInfo
- Compatibility: EBCDICKludge is - only available in Apache 1.3.19 and later, and on EBCDIC based - platforms. It is deprecated and will be withdrawn in a future - version.
- - -

The EBCDICKludge is provided for the backward compatible - behavior with apache versions 1.3.0 through 1.3.18. In these - versions, all files with MIME types starting with "text/", - "message/" or "multipart/" or with type - "application/x-www-form-urlencoded" would be converted by - default, all other documents were returned unconverted. Only if - a MIME type "text/x-ascii-subtype" - was configured for a certain document, the document was assumed - to be in ASCII format already, and was not converted again. - Instead, the "x-ascii-" was removed from - the type, resulting in the MIME type - "text/subtype" being returned for the - document.

- -

If the EBCDICKludge directive is set to On, and - if none of the file extensions configured with the EBCDICConvert directive matches in - the current context, then the server tests for a MIME type of - the format - type/x-ascii-subtype. If the - document has such a type, then the - "x-ascii-" substring is removed and the - conversion set to Off. This allows for overriding - the implicit assumption that all text files are stored in - EBCDIC format, for example when serving documents from an NFS - mounted directory with ASCII documents.
- By using the EBCDICKludge, there is no way to force one of the - other MIME types (e.g., model/vrml) to be treated as - an EBCDIC text file. Use of the EBCDICConvertByType directive - mentioned above is the preferred way to configure such a - conversion. (Before Apache version 1.3.19, there was no way at - all to force these binary documents to be treated as EBCDIC - text files.)

- -

See also: EBCDICConvert, EBCDICConvertByType

-
- -

ErrorDocument - directive

- - Syntax: ErrorDocument - error-code document
- Context: server config, virtual - host, directory, .htaccess
- Status: core
- Override: FileInfo
- Compatibility: The directory - and .htaccess contexts are only available in Apache 1.1 and - later. - -

In the event of a problem or error, Apache can be configured - to do one of four things,

- -
    -
  1. output a simple hardcoded error message
    2. - -
  2. output a customized message
    3. - -
  3. redirect to a local URL-path to handle the - problem/error
    4. - -
  4. redirect to an external URL to handle the - problem/error
    5. -
- -

The first option is the default, while options 2-4 are - configured using the ErrorDocument directive, - which is followed by the HTTP response code and a message or - URL.

- -

Messages in this context begin with a single - double-quote character ("), which does not form - part of the message itself. Apache will sometimes offer - additional information regarding the problem/error.

- -

URLs can begin with a slash (/) for local URLs, or be a full - URL which the client can resolve. Examples:

- -
- ErrorDocument 500 - http://foo.example.com/cgi-bin/tester
- ErrorDocument 404 /cgi-bin/bad_urls.pl
- ErrorDocument 401 /subscription_info.html
- ErrorDocument 403 "Sorry can't allow you access today -
- -

Note that when you specify an ErrorDocument - that points to a remote URL (ie. anything with a method such as - "http" in front of it), Apache will send a redirect to the - client to tell it where to find the document, even if the - document ends up being on the same server. This has several - implications, the most important being that the client will not - receive the original error status code, but instead will - receive a redirect status code. This in turn can confuse web - robots and other clients which try to determine if a URL is - valid using the status code. In addition, if you use a remote - URL in an ErrorDocument 401, the client will not - know to prompt the user for a password since it will not - receive the 401 status code. Therefore, if you use an - "ErrorDocument 401" directive then it must refer to a local - document.

- -

See Also: documentation of - customizable responses. See the HTTP - specification for a complete list of the status codes and their - meanings.

-
- -

ErrorLog - directive

- - Syntax: ErrorLog - file-path|syslog[:facility]
- Default: ErrorLog - logs/error_log (Unix)
- Default: ErrorLog - logs/error.log (Windows and OS/2)
- Context: server config, virtual - host
- Status: core - -

The error log directive sets the name of the file to which - the server will log any errors it encounters. If the - file-path does not begin with a slash (/) then it is - assumed to be relative to the ServerRoot. If the file-path - begins with a pipe (|) then it is assumed to be a command to - spawn to handle the error log.

- -

Examples

- -

ErrorLog logs/vhost1.error

- - or - -

ErrorLog |/usr/local/bin/errorlog.pl

- -

Apache 1.3 and above: Using - syslog instead of a filename enables logging via - syslogd(8) if the system supports it. The default is to use - syslog facility local7, but you can override this - by using the syslog:facility syntax where - facility can be one of the names usually documented in - syslog(1).

- -

For example:

- -

ErrorLog syslog

- - or - -

ErrorLog syslog:user

- -

SECURITY: See the security tips - document for details on why your security could be compromised - if the directory where logfiles are stored is writable by - anyone other than the user that starts the server.

- -

See also: LogLevel - and Apache Log Files

-
- -

FileETag directive

- Syntax: FileETag - component ...
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: core
- Compatibility: only available - in Apache 1.3.23 versions and later. - -

- The FileETag directive configures the file attributes that are - used to create the ETag (entity tag) response header field - when the document is based on a file. - (The ETag value is used in cache management to save network - bandwidth.) In Apache 1.3.22 and earlier, the ETag value was - always formed from the file's inode, size, and last-modified - time (mtime). The FileETag directive allows you to choose - which of these -- if any -- should be used. The recognized - keywords are: -

-
-
INode
-
The file's i-node number will be included in the calculation
-
MTime
-
The date and time the file was last modified will be included
-
Size
-
The number of bytes in the file will be included
-
All
-
All available fields will be used (equivalent to - 'FileETag INode MTime Size')
-
None
-
If a document is file-based, no ETag field will be included in the - response
-
-

- The INode, MTime, and Size keywords may be prefixed with either '+' - or '-', which allow changes to be made to the default setting - inherited from a broader scope. Any keyword appearing without - such a prefix immediately and completely cancels the inherited - setting. -

-

- If a directory's configuration includes - 'FileETag INode MTime Size', and a - subdirectory's includes 'FileETag -INode', - the setting for that subdirectory (which will be inherited by - any sub-subdirectories that don't override it) will be equivalent to - 'FileETag MTime Size'. -

-
- -

<Files> directive

- Syntax: <Files - filename> ... </Files>
- Context: server config, virtual - host, .htaccess
- Status: core
- Compatibility: only available - in Apache 1.2 and above. - -

The <Files> directive provides for access control by - filename. It is comparable to the <Directory> directive and <Location> directives. It should be - matched with a </Files> directive. The directives given - within this section will be applied to any object with a - basename (last component of filename) matching the specified - filename. <Files> sections are processed in - the order they appear in the configuration file, after the - <Directory> sections and .htaccess files are - read, but before <Location> sections. Note that - <Files> can be nested inside <Directory> sections - to restrict the portion of the filesystem they apply to.

- -

The filename argument should include a filename, or - a wild-card string, where `?' matches any single character, and - `*' matches any sequences of characters. Extended regular - expressions can also be used, with the addition of the - ~ character. For example:

-
-   <Files ~ "\.(gif|jpe?g|png)$">
-
- would match most common Internet graphics formats. In Apache - 1.3 and later, <FilesMatch> is - preferred, however. - -

Note that unlike <Directory> and <Location> sections, - <Files> sections can be used inside - .htaccess files. This allows users to control access to their - own files, at a file-by-file level. - For example, to password protect a single file within a - particular directory, you might add the following to your - .htaccess file:

- - 
-    <Files admin.cgi>
-    Require group admin
-    </Files>
- -

Remember that directives apply to subdirectories as well, so this - will also protect files called admin.cgi in - subdirectories, unless specifically overridden.

- -

(See Require for details on using the - Require directive)

- -

See also: How - Directory, Location and Files sections work for an - explanation of how these different sections are combined when a - request is received

-
- -

<FilesMatch>

- Syntax: <FilesMatch - regex> ... </FilesMatch>
- Context: server config, virtual - host, .htaccess
- Status: core
- Compatibility: only available - in Apache 1.3 and above. - -

The <FilesMatch> directive provides for access control - by filename, just as the <Files> - directive does. However, it accepts a regular expression. For - example:

-
-   <FilesMatch "\.(gif|jpe?g|png)$">
-
- -

would match most common Internet graphics formats.

- See also: How - Directory, Location and Files sections work for an - explanation of how these different sections are combined when a - request is received -
- -

Group directive

- - Syntax: Group - unix-group
- Default: Group - #-1
- Context: server config, virtual - host
- Status: core - -

The Group directive sets the group under which the server - will answer requests. In order to use this directive, the - stand-alone server must be run initially as root. - Unix-group is one of:

- -
-
A group name
- -
Refers to the given group by name.
- -
# followed by a group number.
- -
Refers to a group by its number.
-
-

It is recommended that you set up a new group specifically for - running the server. Some admins use user nobody, - but this is not always possible or desirable.

- -

Example:

- - Group www-group - -

Note: if you start the server as a non-root user, it will - fail to change to the specified group, and will instead - continue to run as the group of the original user.

- -

Special note: Use of this directive in <VirtualHost> - requires a properly configured suEXEC - wrapper. When used inside a <VirtualHost> in this - manner, only the group that CGIs are run as is affected. - Non-CGI requests are still processed as the group specified in - the main Group directive.

- -

SECURITY: See User for a discussion of - the security considerations.

-
- -

HostnameLookups directive

- - Syntax: HostnameLookups - on|off|double
- Default: HostnameLookups - off
- Context: server config, virtual - host, directory
- Status: core
- Compatibility: - double available only in Apache 1.3 and - above.
- Compatibility: Default was - on prior to Apache 1.3. - -

This directive enables DNS lookups so that host names can be - logged (and passed to CGIs/SSIs in REMOTE_HOST). - The value double refers to doing double-reverse - DNS. That is, after a reverse lookup is performed, a forward - lookup is then performed on that result. At least one of the ip - addresses in the forward lookup must match the original - address. (In "tcpwrappers" terminology this is called - PARANOID.)

- -

Regardless of the setting, when mod_access is used for controlling - access by hostname, a double reverse lookup will be performed. - This is necessary for security. Note that the result of this - double-reverse isn't generally available unless you set - HostnameLookups double. For example, if only - HostnameLookups on and a request is made to an - object that is protected by hostname restrictions, regardless - of whether the double-reverse fails or not, CGIs will still be - passed the single-reverse result in - REMOTE_HOST.

- -

The default for this directive was previously - on in versions of Apache prior to 1.3. It was - changed to off in order to save the network - traffic for those sites that don't truly need the reverse - lookups done. It is also better for the end users because they - don't have to suffer the extra latency that a lookup entails. - Heavily loaded sites should leave this directive - off, since DNS lookups can take considerable - amounts of time. The utility logresolve, provided in - the /support directory, can be used to look up host - names from logged IP addresses offline.

-
- -

IdentityCheck - directive

- - Syntax: IdentityCheck - on|off
- Default: IdentityCheck - off
- Context: server config, virtual - host, directory
- Status: core - -

This directive enables RFC1413-compliant logging of the - remote user name for each connection, where the client machine - runs identd or something similar. This information is logged in - the access log.

- -

The information should not be trusted in any way except for - rudimentary usage tracking.

- -

Note that this can cause serious latency problems accessing - your server since every request requires one of these lookups - to be performed. When firewalls are involved each lookup might - possibly fail and add 30 seconds of latency to each hit. So in - general this is not very useful on public servers accessible - from the Internet.

-
- -

<IfDefine> - directive

- Syntax: <IfDefine - [!]parameter-name> ... - </IfDefine>
- Default: None
- Context: all
- Status: Core
- Compatibility: <IfDefine> - is only available in 1.3.1 and later. - -

The <IfDefine test>...</IfDefine> - section is used to mark directives that are conditional. The - directives within an IfDefine section are only processed if the - test is true. If test is false, everything - between the start and end markers is ignored.

- -

The test in the <IfDefine> section directive - can be one of two forms:

- -
    -
  • parameter-name
    • - -
  • !parameter-name
    • -
- -

In the former case, the directives between the start and end - markers are only processed if the parameter named - parameter-name is defined. The second format reverses - the test, and only processes the directives if - parameter-name is not defined.

- -

The parameter-name argument is a define as given on - the httpd command line via - -Dparameter-, at the time the server was - started.

- -

<IfDefine> sections are nest-able, which can be used - to implement simple multiple-parameter tests. Example:

-
-  $ httpd -DReverseProxy ...
-
-  # httpd.conf
-  <IfDefine ReverseProxy>
-  LoadModule rewrite_module libexec/mod_rewrite.so
-  LoadModule proxy_module   libexec/libproxy.so
-  </IfDefine>
-
-
- -

<IfModule> - directive

- Syntax: <IfModule - [!]module-name> ... - </IfModule>
- Default: None
- Context: all
- Status: Core
- Compatibility: IfModule is only - available in 1.2 and later. - -

The <IfModule test>...</IfModule> - section is used to mark directives that are conditional. The - directives within an IfModule section are only processed if the - test is true. If test is false, everything - between the start and end markers is ignored.

- -

The test in the <IfModule> section directive - can be one of two forms:

- -
    -
  • module name
    • - -
  • !module name
    • -
- -

In the former case, the directives between the start and end - markers are only processed if the module named module - name is included in Apache -- either compiled in or - dynamically loaded using LoadModule. The second format - reverses the test, and only processes the directives if module - name is not included.

- -

The module name argument is the file name of the - module, at the time it was compiled. - For example, mod_rewrite.c.

- -

<IfModule> sections are nest-able, which can be used - to implement simple multiple-module tests.

-
- -

Include directive

- Syntax: Include - file-path|directory-path|wildcard-path
- Context: server config
- Status: Core
- Compatibility: Include is only - available in Apache 1.3 and later. - -

This directive allows inclusion of other configuration files - from within the server configuration files.

- -

The file path specified may be a fully qualified path (i.e. - starting with a slash), or may be relative to the - ServerRoot directory.

- -

New in Apache 1.3.13 is the feature that if - Include points to a directory, rather than a file, - Apache will read all files in that directory, and any - subdirectory, and parse those as configuration files.

-

By using a wildcard this can be further limited to, say, - just the '*.conf' files. -

-

Examples:

-
- Include /usr/local/apache/conf/ssl.conf
- Include /usr/local/apache/conf/vhosts/ - -
- -

Or, providing paths relative to your ServerRoot - directory:

- -
- Include conf/ssl.conf
- Include conf/vhosts/ - -
- -

Make sure that an included directory does not contain any stray - files, such as editor temporary files, for example, as Apache will - attempt to read them in and use the contents as configuration - directives, which may cause the server to fail on start up. - Running apachectl configtest will give you a list of - the files that are being processed during the configuration - check:

- -
-root@host# apachectl configtest
- Processing config directory: /usr/local/apache/conf/vhosts
- Processing config file: /usr/local/apache/conf/vhosts/vhost1
- Processing config file: /usr/local/apache/conf/vhosts/vhost2
-Syntax OK
-
- -

This will help in verifying that you are getting only the files - that you intended as part of your configuration.

- -

See also: apachectl

- -
- -

KeepAlive - directive

- Syntax: (Apache 1.1) KeepAlive - max-requests
- Default: (Apache 1.1) KeepAlive - 5
- Syntax: (Apache 1.2) KeepAlive on|off
- Default: (Apache 1.2) KeepAlive - On
- Context: server config
- Status: Core
- Compatibility: KeepAlive is - only available in Apache 1.1 and later. - -

The Keep-Alive extension to HTTP/1.0 and the persistent - connection feature of HTTP/1.1 provide long-lived HTTP sessions - which allow multiple requests to be sent over the same TCP - connection. In some cases this has been shown to result in an - almost 50% speedup in latency times for HTML documents with - many images. To enable Keep-Alive connections in Apache 1.2 and - later, set KeepAlive On.

- -

For HTTP/1.0 clients, Keep-Alive connections will only be - used if they are specifically requested by a client. In - addition, a Keep-Alive connection with an HTTP/1.0 client can - only be used when the length of the content is known in - advance. This implies that dynamic content such as CGI output, - SSI pages, and server-generated directory listings will - generally not use Keep-Alive connections to HTTP/1.0 clients. - For HTTP/1.1 clients, persistent connections are the default - unless otherwise specified. If the client requests it, chunked - encoding will be used in order to send content of unknown - length over persistent connections.

- -

Apache 1.1 only: Set max-requests - to the maximum number of requests you want Apache to entertain - per connection. A limit is imposed to prevent a client from - hogging your server resources. Set this to 0 to - disable support. In Apache 1.2 and 1.3, this is controlled - through the MaxKeepAliveRequests directive instead.

- -

See also MaxKeepAliveRequests.

-
- -

KeepAliveTimeout directive

- Syntax: KeepAliveTimeout - seconds
- Default: KeepAliveTimeout - 15
- Context: server config
- Status: Core
- Compatibility: KeepAliveTimeout - is only available in Apache 1.1 and later. - -

The number of seconds Apache will wait for a subsequent - request before closing the connection. Once a request has been - received, the timeout value specified by the Timeout directive applies.

- -

Setting KeepAliveTimeout to a high value may - cause performance problems in heavily loaded servers. The - higher the timeout, the more server processes will be kept - occupied waiting on connections with idle clients.

-
- -

<Limit> directive

- - Syntax: <Limit - method [method] ... > ... - </Limit>
- Context: any
- Status: core - -

Access controls are normally effective for - all access methods, and this is the usual - desired behavior. In the general case, access control - directives should not be placed within a - <limit> section.

- -

The purpose of the <Limit> directive is to restrict - the effect of the access controls to the nominated HTTP - methods. For all other methods, the access restrictions that - are enclosed in the <Limit> bracket will have no - effect. The following example applies the access - control only to the methods POST, PUT, and DELETE, leaving all - other methods unprotected:

- -
- <Limit POST PUT DELETE>
- Require valid-user
- </Limit> -
-

The method names listed can be one or more of: GET, POST, PUT, - DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, - MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is - case-sensitive. If GET is used it will also restrict - HEAD requests. The TRACE method cannot be limited.

- -

Warning: A <LimitExcept> section should - always be used in preference to a <Limit> section when restricting access, - since a <LimitExcept> section - provides protection against arbitrary methods.

- -
- -

<LimitExcept> - directive

- - Syntax: <LimitExcept - method [method] ... > ... - </LimitExcept>
- Context: any
- Status: core
- Compatibility: Available in - Apache 1.3.5 and later - -

<LimitExcept> and </LimitExcept> are used to - enclose a group of access control directives which will then - apply to any HTTP access method not listed in - the arguments; i.e., it is the opposite of a <Limit> section and can be used to - control both standard and nonstandard/unrecognized methods. See - the documentation for <Limit> for - more details.

- -

For example:

- - 
-    <LimitExcept POST GET>
-    Require valid-user
-    </LimitExcept>
-
- -
- -

LimitInternalRecursion directive

- - Syntax: LimitInternalRecursion - number [number]
- Default: LimitInternalRecursion - 20
- Context: server config, virtual host
- Status: core
- Compatibility: LimitInternalRecursion - is only available in Apache 1.3.28 and later. - -

An internal redirect happens, for example, when using the Action directive, which internally - redirects the original request to a CGI script. A subrequest is Apache's - mechanism to find out what would happen for some URI if it were requested. - For example, mod_dir uses subrequests to look - for the files listed in the DirectoryIndex - directive.

- -

LimitInternalRecursion prevents the server - from crashing when entering an infinite loop of internal redirects or - subrequests. Such loops are usually caused by misconfigurations.

- -

The directive stores two different limits, which are evaluated on - per-request basis. The first number is the maximum number of - internal redirects, that may follow each other. The second number - determines, how deep subrequests may be nested. If you specify only one - number, it will be assigned to both limits. A value of - 0 means "unlimited".

- -

Example

- 
-    LimitInternalRecursion 5
-
- -
- -

LimitRequestBody directive

- - Syntax: LimitRequestBody - bytes
- Default: LimitRequestBody - 0
- Context: server config, virtual - host, directory, .htaccess
- Status: core
- Compatibility: LimitRequestBody - is only available in Apache 1.3.2 and later. - -

This directive specifies the number of bytes from 0 - (meaning unlimited) to 2147483647 (2GB) that are allowed in a - request body.

- -

The LimitRequestBody directive allows the user to set a - limit on the allowed size of an HTTP request message body - within the context in which the directive is given (server, - per-directory, per-file or per-location). If the client request - exceeds that limit, the server will return an error response - instead of servicing the request. The size of a normal request - message body will vary greatly depending on the nature of the - resource and the methods allowed on that resource. CGI scripts - typically use the message body for passing form information to - the server. Implementations of the PUT method will require a - value at least as large as any representation that the server - wishes to accept for that resource.

- -

This directive gives the server administrator greater - control over abnormal client request behavior, which may be - useful for avoiding some forms of denial-of-service - attacks.

- -

If, for example, you are permitting file upload to a particular - location, and wich to limit the size of the uploaded file to 100K, - you might use the following directive:

- - 
LimitRequestBody 102400
- -
- -

LimitRequestFields directive

- - Syntax: LimitRequestFields - number
- Default: - LimitRequestFields 100
- Context: server config
- Status: core
- Compatibility: - LimitRequestFields is only available in Apache 1.3.2 and later. - - -

Number is an integer from 0 (meaning unlimited) to - 32767. The default value is defined by the compile-time - constant DEFAULT_LIMIT_REQUEST_FIELDS (100 as - distributed).

- -

The LimitRequestFields directive allows the server - administrator to modify the limit on the number of request - header fields allowed in an HTTP request. A server needs this - value to be larger than the number of fields that a normal - client request might include. The number of request header - fields used by a client rarely exceeds 20, but this may vary - among different client implementations, often depending upon - the extent to which a user has configured their browser to - support detailed content negotiation. Optional HTTP extensions - are often expressed using request header fields.

- -

This directive gives the server administrator greater - control over abnormal client request behavior, which may be - useful for avoiding some forms of denial-of-service attacks. - The value should be increased if normal clients see an error - response from the server that indicates too many fields were - sent in the request.

- -

For example:

- - 
LimitRequestFields 50
- -
- -

LimitRequestFieldsize - directive

- - Syntax: LimitRequestFieldsize - bytes
- Default: - LimitRequestFieldsize 8190
- Context: server config
- Status: core
- Compatibility: - LimitRequestFieldsize is only available in Apache 1.3.2 and - later. - -

This directive specifies the number of bytes from 0 - to the value of the compile-time constant - DEFAULT_LIMIT_REQUEST_FIELDSIZE (8190 as - distributed) that will be allowed in an HTTP request - header.

- -

The LimitRequestFieldsize directive allows the server - administrator to reduce the limit on the allowed size of an - HTTP request header field below the normal input buffer size - compiled with the server. A server needs this value to be large - enough to hold any one header field from a normal client - request. The size of a normal request header field will vary - greatly among different client implementations, often depending - upon the extent to which a user has configured their browser to - support detailed content negotiation.

- -

This directive gives the server administrator greater - control over abnormal client request behavior, which may be - useful for avoiding some forms of denial-of-service attacks.

- -

For example:

- - 
LimitRequestFieldSize 16380
- -

Under normal conditions, the value should not be changed from - the default.

-
- -

LimitRequestLine directive

- - Syntax: LimitRequestLine - bytes
- Default: LimitRequestLine - 8190
- Context: server config
- Status: core
- Compatibility: LimitRequestLine - is only available in Apache 1.3.2 and later. - -

This directive sets the number of bytes from 0 to - the value of the compile-time constant - DEFAULT_LIMIT_REQUEST_LINE (8190 as distributed) - that will be allowed on the HTTP request-line.

- -

The LimitRequestLine directive allows the server - administrator to reduce the limit on the allowed size of a - client's HTTP request-line below the normal input buffer size - compiled with the server. Since the request-line consists of - the HTTP method, URI, and protocol version, the - LimitRequestLine directive places a restriction on the length - of a request-URI allowed for a request on the server. A server - needs this value to be large enough to hold any of its resource - names, including any information that might be passed in the - query part of a GET request.

- -

This directive gives the server administrator greater - control over abnormal client request behavior, which may be - useful for avoiding some forms of denial-of-service attacks.

- -

For example:

- - 
LimitRequestLine 16380
- -

Under normal conditions, the value should not be changed from - the default.

-
- -

Listen directive

- Syntax: Listen - [IP-address:]port
- Context: server config
- Status: core
- Compatibility: Listen is only - available in Apache 1.1 and later. - -

The Listen directive instructs Apache to listen to more than - one IP address or port; by default it responds to requests on - all IP interfaces, but only on the port given by the Port directive.

- Listen can be used instead of BindAddress and Port. It - tells the server to accept incoming requests on the specified - port or address-and-port combination. If the first format is - used, with a port number only, the server listens to the given - port on all interfaces, instead of the port given by the - Port directive. If an IP address is given as well as a - port, the server will listen on the given port and interface. - -

Note that you may still require a Port directive so - that URLs that Apache generates that point to your server still - work.

- -

Multiple Listen directives may be used to specify a number - of addresses and ports to listen to. The server will respond to - requests from any of the listed addresses and ports.

- -

For example, to make the server accept connections on both - port 80 and port 8000, use:

-
-   Listen 80
-   Listen 8000
-
- To make the server accept connections on two specified - interfaces and port numbers, use -
-   Listen 192.170.2.1:80
-   Listen 192.170.2.5:8000
-
- -

See Also: DNS - Issues
- See Also: Setting - which addresses and ports Apache uses
-

- -

ListenBacklog - directive

- Syntax: ListenBacklog - backlog
- Default: ListenBacklog - 511
- Context: server config
- Status: Core
- Compatibility: ListenBacklog is - only available in Apache versions after 1.2.0. - -

The maximum length of the queue of pending connections. - Generally no tuning is needed or desired, however on some - systems it is desirable to increase this when under a TCP SYN - flood attack. See the backlog parameter to the - listen(2) system call.

- -

This will often be limited to a smaller number by the - operating system. This varies from OS to OS. Also note that - many OSes do not use exactly what is specified as the backlog, - but use a number based on (but normally larger than) what is - set.

-
- -

<Location> - directive

- Syntax: <Location - URL-path|URL> ... </Location>
- Context: server config, virtual - host
- Status: core
- Compatibility: Location is only - available in Apache 1.1 and later. - -

The <Location> directive provides for access control - by URL. It is similar to the <Directory> directive, and starts a - subsection which is terminated with a </Location> - directive. <Location> sections are processed - in the order they appear in the configuration file, after the - <Directory> sections and .htaccess files are - read, and after the <Files> sections.

- -

Note that URLs do not have to line up with the filesystem at - all, it should be emphasized that <Location> operates - completely outside the filesystem.

- -

For all origin (non-proxy) requests, the URL to be matched - is of the form /path/, and you should not include - any http://servername prefix. For proxy requests, - the URL to be matched is of the form - scheme://servername/path, and you must include the - prefix.

- -

The URL may use wildcards In a wild-card string, `?' matches - any single character, and `*' matches any sequences of - characters.

- -

Apache 1.2 and above: Extended regular - expressions can also be used, with the addition of the - ~ character. For example:

-
-   <Location ~ "/(extra|special)/data">
-
- -

would match URLs that contained the substring "/extra/data" - or "/special/data". In Apache 1.3 and above, a new directive <LocationMatch> exists which - behaves identical to the regex version of - <Location>.

- -

The Location functionality is especially useful - when combined with the SetHandler - directive. For example, to enable status requests, but allow - them only from browsers at foo.com, you might use:

-
-    <Location /status>
-    SetHandler server-status
-    Order Deny,Allow
-    Deny from all
-    Allow from .foo.com
-    </Location>
-
- -

Apache 1.3 and above note about / (slash): - The slash character has special meaning depending on where in a - URL it appears. People may be used to its behavior in the - filesystem where multiple adjacent slashes are frequently - collapsed to a single slash (i.e., - /home///foo is the same as - /home/foo). In URL-space this is not necessarily - true. The <LocationMatch> directive and the - regex version of <Location> require you to - explicitly specify multiple slashes if that is your intention. - For example, <LocationMatch ^/abc> would - match the request URL /abc but not the request URL - //abc. The (non-regex) - <Location> directive behaves similarly when - used for proxy requests. But when (non-regex) - <Location> is used for non-proxy requests it - will implicitly match multiple slashes with a single slash. For - example, if you specify <Location /abc/def> - and the request is to /abc//def then it will - match.

- -

See also: How - Directory, Location and Files sections work for an - explanation of how these different sections are combined when a - request is received

-
- -

<LocationMatch>

- Syntax: <LocationMatch - regex> ... </LocationMatch>
- Context: server config, virtual - host
- Status: core
- Compatibility: LocationMatch is - only available in Apache 1.3 and later. - -

The <LocationMatch> directive provides for access - control by URL, in an identical manner to <Location>. However, it takes a - regular expression as an argument instead of a simple string. - For example:

-
-   <LocationMatch "/(extra|special)/data">
-
- -

would match URLs that contained the substring "/extra/data" - or "/special/data".

- See also: How - Directory, Location and Files sections work for an - explanation of how these different sections are combined when a - request is received -
- -

LockFile - directive

- Syntax: LockFile - file-path
- Default: LockFile - logs/accept.lock
- Context: server config
- Status: core - -

The LockFile directive sets the path to the lockfile used - when Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT - or USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally - be left at its default value. The main reason for changing it - is if the logs directory is NFS mounted, since - the lockfile must be stored on a local disk. - The PID of the main server process is automatically appended to - the filename.

- -

SECURITY: It is best to avoid putting this - file in a world writable directory such as - /var/tmp because someone could create a denial of - service attack and prevent the server from starting by creating - a lockfile with the same name as the one the server will try to - create.

-
- -

LogLevel - directive

- Syntax: LogLevel - level
- Default: LogLevel - warn
- Context: server config, virtual - host
- Status: core
- Compatibility: LogLevel is only - available in 1.3 or later. - -

LogLevel adjusts the verbosity of the messages recorded in - the error logs (see ErrorLog - directive). The following levels are available, in - order of decreasing significance:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Level Description Example
emerg Emergencies - system is unusable."Child cannot open lock file. Exiting"
alert Action must be taken immediately."getpwuid: couldn't determine user name from uid"
crit Critical Conditions."socket: Failed to get a socket, exiting child"
error Error conditions."Premature end of script headers"
warn Warning conditions."child process 1234 did not exit, sending another - SIGHUP"
notice Normal but significant condition."httpd: caught SIGBUS, attempting to dump core in - ..."
info Informational."Server seems busy, (you may need to increase - StartServers, or Min/MaxSpareServers)..."
debug Debug-level messages"Opening config file ..."
- -

When a particular level is specified, messages from all - other levels of higher significance will be reported as well. - E.g., when LogLevel info is specified, - then messages with log levels of notice and - warn will also be posted.

- -

Using a level of at least crit is - recommended.

- -

For example:

- - 
LogLevel notice
- -

NOTE: When logging to a regular file messages - of the level notice cannot be suppressed and thus are - always logged. However, this doesn't apply when logging is done - using syslog.

- -
- -

MaxClients - directive

- - Syntax: MaxClients - number
- Default: MaxClients - 256
- Context: server config
- Status: core - -

The MaxClients directive sets the limit on the number of - simultaneous requests that can be supported; not more than this - number of child server processes will be created. To configure - more than 256 clients, you must edit the HARD_SERVER_LIMIT - entry in httpd.h and recompile.

- -

Any connection attempts over the MaxClients limit will - normally be queued, up to a number based on the ListenBacklog directive. Once a child - process is freed at the end of a different request, the - connection will then be serviced.

-
- -

MaxKeepAliveRequests - directive

- Syntax: MaxKeepAliveRequests - number
- Default: - MaxKeepAliveRequests 100
- Context: server config
- Status: core
- Compatibility: Only available - in Apache 1.2 and later. - -

The MaxKeepAliveRequests directive limits the number of - requests allowed per connection when KeepAlive is on. If it is set to - "0", unlimited requests will be allowed. We - recommend that this setting be kept to a high value for maximum - server performance. In Apache 1.1, this is controlled through - an option to the KeepAlive directive.

- -

For example

- - 
MaxKeepAliveRequests 500
- -
- -

MaxRequestsPerChild - directive

- - Syntax: MaxRequestsPerChild - number
- Default: - MaxRequestsPerChild 0
- Context: server config
- Status: core - -

The MaxRequestsPerChild directive sets the limit on the - number of requests that an individual child server process will - handle. After MaxRequestsPerChild requests, the child process - will die. If MaxRequestsPerChild is 0, then the process will - never expire.

- -

Setting MaxRequestsPerChild to a non-zero limit has two - beneficial effects:

- -
    -
  • it limits the amount of memory that process can consume - by (accidental) memory leakage;
    • - -
  • by giving processes a finite lifetime, it helps reduce - the number of processes when the server load reduces.
    • -
- -

However, on Win32, It is recommended that this be set to 0. - If it is set to a non-zero value, when the request count is - reached, the child process exits, and is respawned, at which - time it re-reads the configuration files. This can lead to - unexpected behavior if you have modified a configuration file, - but are not expecting the changes to be applied yet. See also - ThreadsPerChild.

- -

NOTE: For KeepAlive requests, only - the first request is counted towards this limit. In effect, it - changes the behavior to limit the number of - connections per child.

-
- -

MaxFOOPerChild directive

- - Syntax:
- MaxCPUPerChild number
- MaxDATAPerChild number
- MaxNOFILEPerChild number
- MaxRSSPerChild number
- MaxSTACKPerChild number
- Default: - 0 (no set limit)
- Context: server config
- Status: core - -

The MaxFOOPerChild directives set the soft and hard resource - limits for a child process using setrlimit(2). Each MaxFOOPerChild - limit can be set independently of any other limit, or may be left - unspecified, thereby using the system default value. The kernel will - take appropriate action when a child process exceeds a resource limit - - see the manpages for setrlimit(2) and signal(3) for more information. - Setting resource limits can be very useful when running a busy server - with a script interpreter (say, a webmail machine) as these limits - can prevent swapping, deadlock or kernel panic due to memory or swap - exhaustion.

- -

The name of the limit to be set is capitalized and spelled as - it is found in the setrlimit(2) manpage.

-
- -

MaxSpareServers directive

- - Syntax: MaxSpareServers - number
- Default: MaxSpareServers - 10
- Context: server config
- Status: core - -

The MaxSpareServers directive sets the desired maximum - number of idle child server processes. An idle process - is one which is not handling a request. If there are more than - MaxSpareServers idle, then the parent process will kill off the - excess processes.

- -

Tuning of this parameter should only be necessary on very - busy sites. Setting this parameter to a large number is almost - always a bad idea.

- -

Note that this is the maximum number of spare servers, - not the maximum total number of client requests that can be handled - at one time. If you wish to limit that number, see the MaxClients directive.

- -

This directive has no effect when used with the Apache Web - server on a Microsoft Windows platform.

- -

See also MinSpareServers, - StartServers, and MaxClients.

-
- -

MinSpareServers directive

- - Syntax: MinSpareServers - number
- Default: MinSpareServers - 5
- Context: server config
- Status: core - -

The MinSpareServers directive sets the desired minimum - number of idle child server processes. An idle process - is one which is not handling a request. If there are fewer than - MinSpareServers idle, then the parent process creates new - children at a maximum rate of 1 per second.

- -

Tuning of this parameter should only be necessary on very - busy sites. Setting this parameter to a large number is almost - always a bad idea.

- -

Note that setting this directive to some value m ensures - that you will always have at least n + m httpd - processes running when you have n active client requests.

- -

This directive has no effect on Microsoft Windows.

- -

See also MaxSpareServers, - StartServers, and MaxClients.

-
- -

NameVirtualHost directive

- - Syntax: NameVirtualHost - addr[:port]
- Context: server config
- Status: core
- Compatibility: NameVirtualHost - is only available in Apache 1.3 and later - -

The NameVirtualHost directive is a required directive if you - want to configure name-based virtual - hosts.

- -

Although addr can be hostname it is recommended - that you always use an IP address or wildcard, - e.g.

- -
- NameVirtualHost 111.22.33.44 -
- With the NameVirtualHost directive you specify the IP address - on which the server will receive requests for the name-based - virtual hosts. This will usually be the address to which your - name-based virtual host names resolve. In cases where a - firewall or other proxy receives the requests and forwards them - on a different IP address to the server, you must specify the - IP address of the physical interface on the machine which will - be servicing the requests. If you have multiple name-based - hosts on multiple addresses, repeat the directive for each - address. - -

Note: the "main server" and any _default_ servers will - never be served for a request to a - NameVirtualHost IP Address (unless for some reason you specify - NameVirtualHost but then don't define any VirtualHosts for that - address).

- -

Optionally you can specify a port number on which the - name-based virtual hosts should be used, e.g.

- -
- NameVirtualHost 111.22.33.44:8080 -
- In OpenBSD Apache you can specify a 0.0.0.0(IPv4) - or ::(IPv6) - for the addr. This creates a wildcard NameVirtualHost - which will match connections to any address that isn't - configured with a more specific NameVirtualHost directive or <VirtualHost> section. This is - useful if you want only name-based virtual hosts and you don't - want to hard-code the server's IP address into the - configuration file. - -

See also: Apache - Virtual Host documentation

-
- -

Options directive

- - Syntax: Options - [+|-]option [[+|-]option] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: Options
- Status: core - -

The Options directive controls which server features are - available in a particular directory.

- -

option can be set to None, in which - case none of the extra features are enabled, or one or more of - the following:

- -
-
All
- -
All options except for MultiViews. This is the default - setting.
- -
ExecCGI
- -
- Execution of CGI scripts is permitted.
- -
FollowSymLinks
- -
- - The server will follow symbolic links in this - directory.
- Note: even though the server follows the - symlink it does not change the pathname used to - match against <Directory> sections.
- Note: this option gets ignored if set - inside a <Location> section.
- -
Includes
- -
- Server-side includes are permitted.
- -
IncludesNOEXEC
- -
- - Server-side includes are permitted, but the #exec command and - #exec CGI are disabled. It is still possible to #include - virtual CGI scripts from ScriptAliase'd directories.
- -
Indexes
- -
- If a URL which maps to a directory is requested, and the - there is no DirectoryIndex (e.g., index.html) in - that directory, then the server will return a formatted - listing of the directory.
- -
MultiViews
- -
- Content negotiated - MultiViews are allowed.
- -
SymLinksIfOwnerMatch
- -
- - The server will only follow symbolic links for which the - target file or directory is owned by the same user id as the - link.
- Note: this option gets ignored if set - inside a <Location> section.
-
- Normally, if multiple Options could apply to a - directory, then the most specific one is taken complete; the - options are not merged. However if all the options on - the Options directive are preceded by a + or - - symbol, the options are merged. Any options preceded by a + are - added to the options currently in force, and any options - preceded by a - are removed from the options currently in - force. - -

For example, without any + and - symbols:

- -
- <Directory /web/docs>
- Options Indexes FollowSymLinks
- </Directory>
- <Directory /web/docs/spec>
- Options Includes
- </Directory> -
- then only Includes will be set for the - /web/docs/spec directory. However if the second - Options directive uses the + and - symbols: - -
- <Directory /web/docs>
- Options Indexes FollowSymLinks
- </Directory>
- <Directory /web/docs/spec>
- Options +Includes -Indexes
- </Directory> -
- then the options FollowSymLinks and - Includes are set for the /web/docs/spec directory. - - -

Note: Using -IncludesNOEXEC or - -Includes disables server-side includes completely - regardless of the previous setting.

- -

The default in the absence of any other settings is - All.

-
- -

PidFile directive

- - Syntax: PidFile - file-path
- Default: PidFile - logs/httpd.pid
- Context: server config
- Status: core - -

The PidFile directive sets the file to which the server - records the process id of the daemon. If the filename does not - begin with a slash (/) then it is assumed to be relative to the - ServerRoot. The PidFile is only used - in standalone mode.

- -

It is often useful to be able to send the server a signal, - so that it closes and then reopens its ErrorLog and TransferLog, and re-reads its - configuration files. This is done by sending a SIGHUP (kill -1) - signal to the process id listed in the PidFile.

- -

The PidFile is subject to the same warnings about log file - placement and security.

-
- -

Port directive

- - Syntax: Port - number
- Default: Port - 80
- Context: server config
- Status: core - -

Number is a number from 0 to 65535; some port - numbers (especially below 1024) are reserved for particular - protocols. See /etc/services for a list of some - defined ports; the standard port for the http protocol is - 80.

- -

The Port directive has two behaviors, the first of which is - necessary for NCSA backwards compatibility (and which is - confusing in the context of Apache).

- -
    -
  • In the absence of any Listen or BindAddress directives specifying a - port number, a Port directive given in the "main server" - (i.e., outside any <VirtualHost> section) sets the - network port on which the server listens. If there are any - Listen or BindAddress directives specifying - :number then Port has no effect on what address - the server listens at.
    • - -
  • The Port directive sets the SERVER_PORT - environment variable (for CGI and - SSI), and is used when the - server must generate a URL that refers to itself (for example - when creating an external redirect to itself). This behavior - is modified by UseCanonicalName.
    • -
- The primary behavior of Port should be considered to be - similar to that of the ServerName - directive. The ServerName and Port together specify what you - consider to be the canonical address of the server. - (See also UseCanonicalName.) - -

Port 80 is one of Unix's special ports. All ports numbered - below 1024 are reserved for system use, i.e., regular - (non-root) users cannot make use of them; instead they can only - use higher port numbers. To use port 80, you must start the - server from the root account. After binding to the port and - before accepting requests, Apache will change to a low - privileged user as set by the User - directive.

- -

If you cannot use port 80, choose any other unused port. - Non-root users will have to choose a port number higher than - 1023, such as 8000.

- -

SECURITY: if you do start the server as root, be sure not to - set User to root. If you run the server as - root whilst handling connections, your site may be open to a - major security attack.

-
- -

ProtocolReqCheck - directive

- - Syntax: ProtocolReqCheck - on|off
- Default: ProtocolReqCheck - on
- Context: server config -
- Status: core
- Compatibility: - ProtocolReqCheck is only available in Apache 1.3.27 and later. - -

This directive enables strict checking of the Protocol field - in the Request line. Versions of Apache prior to 1.3.26 would - silently accept bogus Protocols (such as HTTP-1.1) - and assume HTTP/1.0. Instead, now the Protocol field - must be valid. If the pre-1.3.26 behavior is desired or required, - it can be enabled via setting ProtocolReqCheck off. -

- -
- -

Require directive

- - Syntax: Require - entity-name [entity-name] ...
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: core - -

This directive selects which authenticated users can access - a resource. The allowed syntaxes are:

- -
    -
  • - Require user userid [userid] ... - -

    Only the named users can access the resource.

    -
    • - -
  • - Require group group-name [group-name] ... - - -

    Only users in the named groups can access the - resource.

    -
    • - -
  • - Require valid-user - -

    All valid users can access the resource.

    -
    • -
  • file-owner -

    Only the user, whose name matches the system's name for - the file owner, can access the resource.
    - [Available after Apache 1.3.20]

    -
    • -
  • file-group -

    Only the members of the group, whose name matches the - system's name of the file owner group, can access the - resource.
    [Available after Apache 1.3.20]

    -
    • -
- -

Require must be accompanied by AuthName and AuthType directives, and directives such - as AuthUserFile and AuthGroupFile (to define - users and groups) in order to work correctly. Example:

- -
- AuthType Basic
- AuthName "Restricted Directory"
- AuthUserFile /web/users
- AuthGroupFile /web/groups
- Require group admin
- -
- Access controls which are applied in this way are effective for - all methods. This is what is normally - desired. If you wish to apply access controls only to - specific methods, while leaving other methods unprotected, then - place the Require statement into a <Limit> section - -

See also Satisfy and mod_access.

-
- -

ResourceConfig - directive

- - Syntax: ResourceConfig - file-path|directory-path|wildcard-path
- Default: ResourceConfig - conf/srm.conf
- Context: server config, virtual - host
- Status: core
- Compatibility: The ability to - specify a directory, rather than a file name, is only available in - Apache 1.3.13 and later. - -

The server will read this file for more directives after - reading the httpd.conf file. File-path is relative to - the ServerRoot. This feature can be - disabled using:

- -
- ResourceConfig /dev/null -
- Or, on Win32 servers, - -
- ResourceConfig nul -
-

Historically, this file contained most directives except for - server configuration directives and <Directory> sections; in fact it - can now contain any server directive allowed in the server - config context. However, since Apache version 1.3.4, the - default srm.conf file which ships with Apache contains - only comments, and all directives are placed in the main server - configuration file, httpd.conf.

- -

If ResourceConfig points to a directory, rather than - a file, Apache will read all files in that directory, and any - subdirectory, and parse those as configuration files. -

-

Alternatively you can use a wildcard to limit the scope; i.e - to only *.conf files. -

-

Note that by default any file in the specified - directory will be loaded as a configuration file. -

-

So make sure that you don't have stray files in - this directory by mistake, such as temporary files created by your - editor, for example.

- -

See also AccessConfig.

-
- -

RLimitCPU directive

- - Syntax: RLimitCPU - number|max [number|max]
- Default: Unset; uses - operating system defaults
- Context: server config, virtual - host
- Status: core
- Compatibility: RLimitCPU is - only available in Apache 1.2 and later - -

Takes 1 or 2 parameters. The first parameter sets the soft - resource limit for all processes and the second parameter sets - the maximum resource limit. Either parameter can be a number, - or max to indicate to the server that the limit - should be set to the maximum allowed by the operating system - configuration. Raising the maximum resource limit requires that - the server is running as root, or in the initial startup - phase.

- -

This applies to processes forked off from Apache children - servicing requests, not the Apache children themselves. This - includes CGI scripts and SSI exec commands, but not any - processes forked off from the Apache parent such as piped - logs.

- -

CPU resource limits are expressed in seconds per - process.

- -

See also RLimitMEM or RLimitNPROC.

-
- -

RLimitMEM - directive

- - Syntax: RLimitMEM - number|max [number|max]
- Default: Unset; uses - operating system defaults
- Context: server config, virtual - host
- Status: core
- Compatibility: RLimitMEM is - only available in Apache 1.2 and later - -

Takes 1 or 2 parameters. The first parameter sets the soft - resource limit for all processes and the second parameter sets - the maximum resource limit. Either parameter can be a number, - or max to indicate to the server that the limit - should be set to the maximum allowed by the operating system - configuration. Raising the maximum resource limit requires that - the server is running as root, or in the initial startup - phase.

- -

This applies to processes forked off from Apache children - servicing requests, not the Apache children themselves. This - includes CGI scripts and SSI exec commands, but not any - processes forked off from the Apache parent such as piped - logs.

- -

Memory resource limits are expressed in bytes per - process.

- -

See also RLimitCPU or RLimitNPROC.

-
- -

RLimitNPROC - directive

- - Syntax: RLimitNPROC - number|max [number|max]
- Default: Unset; uses - operating system defaults
- Context: server config, virtual - host
- Status: core
- Compatibility: RLimitNPROC is - only available in Apache 1.2 and later - -

Takes 1 or 2 parameters. The first parameter sets the soft - resource limit for all processes and the second parameter sets - the maximum resource limit. Either parameter can be a number, - or max to indicate to the server that the limit - should be set to the maximum allowed by the operating system - configuration. Raising the maximum resource limit requires that - the server is running as root, or in the initial startup - phase.

- -

This applies to processes forked off from Apache children - servicing requests, not the Apache children themselves. This - includes CGI scripts and SSI exec commands, but not any - processes forked off from the Apache parent such as piped - logs.

- -

Process limits control the number of processes per user.

- -

Note: If CGI processes are not running - under userids other than the web server userid, this directive - will limit the number of processes that the server itself can - create. Evidence of this situation will be indicated by - cannot fork messages in the - error_log.

- -

See also RLimitMEM or RLimitCPU.

-
- -

RLimitNOFILE - directive

- - Syntax: RLimitNOFILE - number|max [number|max]
- Default: Unset; uses - operating system defaults
- Context: server config, virtual - host
- Status: core
- Compatibility: RLimitNOFILE is - only available in Apache 1.2 and later - -

Takes 1 or 2 parameters. The first parameter sets the soft - resource limit for all processes and the second parameter sets - the maximum resource limit. Either parameter can be a number, - or max to indicate to the server that the limit - should be set to the maximum allowed by the operating system - configuration. Raising the maximum resource limit requires that - the server is running as root, or in the initial startup - phase.

- -

This applies to processes forked off from Apache children - servicing requests, not the Apache children themselves. This - includes CGI scripts and SSI exec commands, but not any - processes forked off from the Apache parent such as piped - logs.

- -

Process limits control the number of open files per user.

- -

Note: If CGI processes are not running - under userids other than the web server userid, this directive - will limit the number of files that the server itself can - open.

-
- -

Satisfy directive

- - Syntax: Satisfy any|all
- Default: Satisfy all
- Context: directory, - .htaccess
- Status: core
- Compatibility: Satisfy is only - available in Apache 1.2 and later - -

Access policy if both Allow and - Require used. The parameter can be either - 'all' or 'any'. This directive is only useful - if access to a particular area is being restricted by both - username/password and client host address. In this - case the default behavior ("all") is to require that the client - passes the address access restriction and enters a - valid username and password. With the "any" option the client - will be granted access if they either pass the host restriction - or enter a valid username and password. This can be used to - password restrict an area, but to let clients from particular - addresses in without prompting for a password.

- -

See also Require and Allow.

-
- -

ScoreBoardFile - directive

- - Syntax: ScoreBoardFile - file-path
- Default: ScoreBoardFile - logs/apache_status
- Context: server config
- Status: core - -

The ScoreBoardFile directive is required on some - architectures to place a file that the server will use to - communicate between its children and the parent. The easiest - way to find out if your architecture requires a scoreboard file - is to run Apache and see if it creates the file named by the - directive. If your architecture requires it then you must - ensure that this file is not used at the same time by more than - one invocation of Apache.

- -

If you have to use a ScoreBoardFile then you may see - improved speed by placing it on a RAM disk. But be careful that - you heed the same warnings about log file placement and security.

- -

Apache 1.2 and above:

- -

Linux 1.x users might be able to add -DHAVE_SHMGET - -DUSE_SHMGET_SCOREBOARD to the EXTRA_CFLAGS - in your Configuration. This might work with some - 1.x installations, but won't work with all of them. (Prior to - 1.3b4, HAVE_SHMGET would have sufficed.)

- -

SVR4 users should consider adding -DHAVE_SHMGET - -DUSE_SHMGET_SCOREBOARD to the EXTRA_CFLAGS - in your Configuration. This is believed to work, - but we were unable to test it in time for 1.2 release. (Prior - to 1.3b4, HAVE_SHMGET would have sufficed.)

- -

See Also: Stopping and Restarting Apache

-
- -

ScriptInterpreterSource - directive

- - Syntax: ScriptInterpreterSource - registry|script
- Default: - ScriptInterpreterSource script
- Context: directory, - .htaccess
- Status: core (Windows only) - -

This directive is used to control how Apache 1.3.5 and later - finds the interpreter used to run CGI scripts. The default - technique is to use the interpreter pointed to by the #! line - in the script. Setting ScriptInterpreterSource registry will - cause the Windows Registry to be searched using the script file - extension (e.g., .pl) as a search key.

-
- -

SendBufferSize - directive

- - Syntax: SendBufferSize - bytes
- Context: server config
- Status: core - -

The server will set the TCP buffer size to the number of - bytes specified. Very useful to increase past standard OS - defaults on high speed high latency (i.e., 100ms or - so, such as transcontinental fast pipes)

-
- -

ServerAdmin - directive

- - Syntax: ServerAdmin - email-address
- Context: server config, virtual - host
- Status: core - -

The ServerAdmin sets the e-mail address that the server - includes in any error messages it returns to the client.

- -

It may be worth setting up a dedicated address for this, - e.g.

- -
- ServerAdmin www-admin@foo.bar.com -
- as users do not always mention that they are talking about the - server! -
- -

ServerAlias - directive

- Syntax: ServerAlias - hostname [hostname] ...
- Context: virtual host
- Status: core
- Compatibility: ServerAlias is - only available in Apache 1.1 and later. - -

The ServerAlias directive sets the alternate names for a - host, for use with name-based virtual - hosts.

- -

Example:

- - 
-    <VirtualHost *>
-    ServerName server.domain.com
-    ServerAlias server server2.domain.com server2
-    ...
-    </VirtualHost>
-
- -

See also: Apache - Virtual Host documentation

-
- -

ServerName - directive

- - Syntax: ServerName - fully-qualified-domain-name
- Context: server config, virtual - host
- Status: core - -

The ServerName directive sets the hostname of the server; - this is used when creating redirection URLs. If it is not - specified, then the server attempts to deduce it from its own - IP address; however this may not work reliably, or may not - return the preferred hostname. For example:

- -
- ServerName www.example.com -
- would be used if the canonical (main) name of the actual - machine were simple.example.com. - -

If you are using name-based virtual hosts, - the ServerName inside a <VirtualHost> - section specifies what hostname must appear in the request's - Host: header to match this virtual host.

- -

See Also:
- DNS Issues
- Apache virtual host - documentation
- UseCanonicalName
- NameVirtualHost
- ServerAlias
-

-
- -

ServerPath - directive

- Syntax: ServerPath - directory-path
- Context: virtual host
- Status: core
- Compatibility: ServerPath is - only available in Apache 1.1 and later. - -

The ServerPath directive sets the legacy URL pathname for a - host, for use with name-based virtual - hosts.

- -

See also: Apache - Virtual Host documentation

-
- -

ServerRoot - directive

- - Syntax: ServerRoot - directory-path
- Default: ServerRoot - /usr/local/apache
- Context: server config
- Status: core - -

The ServerRoot directive sets the directory in which the - server lives. Typically it will contain the subdirectories - conf/ and logs/. Relative paths for - other configuration files are taken as relative to this - directory.

- -

See also the -d - option to httpd.

- -

See also the - security tips for information on how to properly set - permissions on the ServerRoot.

-
- -

ServerSignature directive

- - Syntax: ServerSignature - On|Off|EMail
- Default: ServerSignature - Off
- Context: server config, virtual - host, directory, .htaccess
- Status: core
- Compatibility: ServerSignature - is only available in Apache 1.3 and later. - -

The ServerSignature directive allows the configuration of a - trailing footer line under server-generated documents (error - messages, mod_proxy ftp directory listings, mod_info output, - ...). The reason why you would want to enable such a footer - line is that in a chain of proxies, the user often has no - possibility to tell which of the chained servers actually - produced a returned error message.
- The Off setting, which is the default, suppresses - the error line (and is therefore compatible with the behavior - of Apache-1.2 and below). The On setting simply - adds a line with the server version number and ServerName of the serving virtual host, - and the EMail setting additionally creates a - "mailto:" reference to the ServerAdmin of the referenced - document.

-
- -

ServerTokens - directive

- - Syntax: ServerTokens - Minimal|ProductOnly|OS|Full
- Default: ServerTokens - ProductOnly
- Context: server config
- Status: core
- Compatibility: ServerTokens is - only available in Apache 1.3 and later; the - ProductOnly keyword is only available in versions - later than 1.3.12 - -

This directive controls whether Server response - header field which is sent back to clients includes a - description of the generic OS-type of the server as well as - information about compiled-in modules.

- -
-
ServerTokens Prod[uctOnly] (or not specified)
- -
Server sends (e.g.): Server: - Apache
- -
ServerTokens Min[imal]
- -
Server sends (e.g.): Server: - Apache/1.3.0
- -
ServerTokens OS
- -
Server sends (e.g.): Server: Apache/1.3.0 - (Unix)
- -
ServerTokens Full
- -
Server sends (e.g.): Server: Apache/1.3.0 - (Unix) PHP/3.0 MyMod/1.2
-
- -

This setting applies to the entire server, and cannot be - enabled or disabled on a virtualhost-by-virtualhost basis.

-
- -

ServerType - directive

- - Syntax: ServerType - type
- Default: ServerType - standalone
- Context: server config
- Status: core - -

The ServerType directive sets how the server is executed by - the system. Type is one of

- -
-
inetd
- -
The server will be run from the system process inetd; the - command to start the server is added to - /etc/inetd.conf
- -
standalone
- -
The server will run as a daemon process; the command to - start the server is added to the system startup scripts. - (/etc/rc.local or - /etc/rc3.d/....)
-
- Inetd is the lesser used of the two options. For each http - connection received, a new copy of the server is started from - scratch; after the connection is complete, this program exits. - There is a high price to pay per connection, but for security - reasons, some admins prefer this option. Inetd mode is no longer recommended and does not - always work properly. Avoid it if at all possible. - -

Standalone is the most common setting for ServerType since - it is far more efficient. The server is started once, and - services all subsequent connections. If you intend running - Apache to serve a busy site, standalone will probably be your - only option.

-
- -

ShmemUIDisUser - directive

- - Syntax: ShmemUIDisUser - on|off
- Default: ShmemUIDisUser - off
- Context: server config
- Status: core
- Compatibility: - ShmemUIDisUser directive is only available in Apache 1.3.27 and later. - -

The ShmemUIDisUser directive controls whether Apache will change - the uid and gid ownership of System V shared memory - based scoreboards to the server settings of User and - Group. Releases of Apache up to 1.3.26 would do - this by default. Since the child processes are already attached to the - shared memory segment, this is not required for normal usage of Apache and - so to prevent possible abuse, Apache will no longer do that. The old - behavior may be required for special cases, however, which can be implemented - by setting this directive to on.

- -

This directive has no effect on non-System V based scoreboards, such as - mmap. -

- -
- -

StartServers - directive

- - Syntax: StartServers - number
- Default: StartServers - 5
- Context: server config
- Status: core - -

The StartServers directive sets the number of child server - processes created on startup. As the number of processes is - dynamically controlled depending on the load, there is usually - little reason to adjust this parameter.

- -

When running under Microsoft Windows, this directive has no - effect. There is always one child which handles all requests. - Within the child requests are handled by separate threads. The - ThreadsPerChild directive - controls the maximum number of child threads handling requests, - which will have a similar effect to the setting of - StartServers on Unix.

- -

See also MinSpareServers and - MaxSpareServers.

-
- -

ThreadsPerChild

- Syntax: ThreadsPerChild - number
- Default: ThreadsPerChild - 50
- Context: server config
- Status: core (Windows, - NetWare)
- Compatibility: Available only with Apache 1.3 - and later with Windows - -

This directive tells the server how many threads it should - use. This is the maximum number of connections the server can - handle at once; be sure and set this number high enough for - your site if you get a lot of hits.

- -

This directive has no effect on Unix systems. Unix users - should look at StartServers and MaxRequestsPerChild.

-
- -

ThreadStackSize

- Syntax: ThreadStackSize - number
- Default: ThreadStackSize - 65536
- Context: server config
- Status: core (NetWare)
- Compatibility: Available only with Apache 1.3 - and later with NetWare - -

This directive tells the server what stack size to use for - each of the running threads. If you ever get a stack overflow - you will need to bump this number to a higher setting.

- -

This directive has no effect on other systems.

-
- -

TimeOut directive

- - Syntax: TimeOut - number
- Default: TimeOut - 300
- Context: server config
- Status: core - -

The TimeOut directive currently defines the amount of time - Apache will wait for three things:

- -
    -
  1. The total amount of time it takes to receive a GET - request.
    2. - -
  2. The amount of time between receipt of TCP packets on a - POST or PUT request.
    3. - -
  3. The amount of time between ACKs on transmissions of TCP - packets in responses.
    4. -
- We plan on making these separately configurable at some point - down the road. The timer used to default to 1200 before 1.2, - but has been lowered to 300 which is still far more than - necessary in most situations. It is not set any lower by - default because there may still be odd places in the code where - the timer is not reset when a packet is sent. -
- -

UseCanonicalName directive

- - Syntax: UseCanonicalName - on|off|dns
- Default: UseCanonicalName - on
- Context: server config, virtual - host, directory
- Override: Options
- Compatibility: UseCanonicalName - is only available in Apache 1.3 and later - -

In many situations Apache has to construct a - self-referential URL. That is, a URL which refers back - to the same server. With UseCanonicalName on (and - in all versions prior to 1.3) Apache will use the ServerName and Port - directives to construct the canonical name for the server. This - name is used in all self-referential URLs, and for the values - of SERVER_NAME and SERVER_PORT in - CGIs.

- -

For example, if ServerName is set to - www.example.com and Port is set to - 9090, then the canonical name of the server is - www.example.com:9090. In the event that - Port has its default value of 80, the - :80 is omitted from the canonical name.

- -

With UseCanonicalName off Apache will form - self-referential URLs using the hostname and port supplied by - the client if any are supplied (otherwise it will use the - canonical name, as defined above). These values are the same - that are used to implement name based virtual hosts, - and are available with the same clients. The CGI variables - SERVER_NAME and SERVER_PORT will be - constructed from the client supplied values as well.

- -

An example where this may be useful is on an intranet server - where you have users connecting to the machine using short - names such as www. You'll notice that if the users - type a shortname, and a URL which is a directory, such as - http://www/splat, without the trailing - slash then Apache will redirect them to - http://www.domain.com/splat/. If you have - authentication enabled, this will cause the user to have to - authenticate twice (once for www and once again - for www.domain.com -- see the FAQ on this subject for - more information). But if UseCanonicalName - is set off, then Apache will redirect to - http://www/splat/.

- -

There is a third option, UseCanonicalName DNS, - which is intended for use with mass IP-based virtual hosting to - support ancient clients that do not provide a - Host: header. With this option Apache does a - reverse DNS lookup on the server IP address that the client - connected to in order to work out self-referential URLs.

- -

Warning: if CGIs make assumptions about the - values of SERVER_NAME they may be broken by this - option. The client is essentially free to give whatever value - they want as a hostname. But if the CGI is only using - SERVER_NAME to construct self-referential URLs - then it should be just fine.

- -

See also: ServerName, Port

-
- -

User directive

- - Syntax: User - unix-userid
- Default: User - #-1
- Context: server config, virtual - host
- Status: core - -

The User directive sets the userid as which the server will - answer requests. In order to use this directive, the standalone - server must be run initially as root. Unix-userid is - one of:

- -
-
A username
- -
Refers to the given user by name.
- -
# followed by a user number.
- -
Refers to a user by their number.
-
- The user should have no privileges which result in it being - able to access files which are not intended to be visible to - the outside world, and similarly, the user should not be able - to execute code which is not meant for httpd requests. It is - recommended that you set up a new user and group specifically - for running the server. Some admins use user - nobody, but this is not always possible or - desirable. For example mod_proxy's cache, when enabled, must be - accessible to this user (see the CacheRoot - directive). - -

Notes: If you start the server as a non-root user, it will - fail to change to the lesser privileged user, and will instead - continue to run as that original user. If you do start the - server as root, then it is normal for the parent process to - remain running as root.

- -

Special note: Use of this directive in <VirtualHost> - requires a properly configured suEXEC - wrapper. When used inside a <VirtualHost> in this - manner, only the user that CGIs are run as is affected. Non-CGI - requests are still processed with the user specified in the - main User directive.

- -

SECURITY: Don't set User (or Group) to - root unless you know exactly what you are doing, - and what the dangers are.

-
- -

<VirtualHost> - directive

- - Syntax: <VirtualHost - addr[:port] [addr[:port]] - ...> ... </VirtualHost>
- Context: server config
- Status: Core.
- Compatibility: Non-IP - address-based Virtual Hosting only available in Apache 1.1 and - later.
- Compatibility: Multiple address - support only available in Apache 1.2 and later. - -

<VirtualHost> and </VirtualHost> are used to - enclose a group of directives which will apply only to a - particular virtual host. Any directive which is allowed in a - virtual host context may be used. When the server receives a - request for a document on a particular virtual host, it uses - the configuration directives enclosed in the - <VirtualHost> section. Addr can be

- -
    -
  • The IP address of the virtual host
    • - -
  • A fully qualified domain name for the IP address of the - virtual host.
    • -
- Example: - -
- <VirtualHost 10.1.2.3>
- ServerAdmin webmaster@host.foo.com
- DocumentRoot /www/docs/host.foo.com
- ServerName host.foo.com
- ErrorLog logs/host.foo.com-error_log
- TransferLog logs/host.foo.com-access_log
- </VirtualHost> -
- Each VirtualHost must correspond to a different IP address, - different port number or a different host name for the server, - in the former case the server machine must be configured to - accept IP packets for multiple addresses. (If the machine does - not have multiple network interfaces, then this can be - accomplished with the ifconfig alias command (if - your OS supports it). - -

You can specify more than one IP address. This is useful if - a machine responds to the same name on two different - interfaces. For example, if you have a VirtualHost that is - available to hosts on an internal (intranet) as well as - external (internet) network. Example:

- -
- <VirtualHost 192.168.1.2 204.255.176.199>
- DocumentRoot /www/docs/host.foo.com
- ServerName host.foo.com
- ServerAlias host
- </VirtualHost> -
- The special name _default_ can be specified in - which case this virtual host will match any IP address that is - not explicitly listed in another virtual host. In the absence - of any _default_ virtual host the "main" server config, - consisting of all those definitions outside any VirtualHost - section, is used when no match occurs. - -

You can specify a :port to change the port that - is matched. If unspecified then it defaults to the same port as - the most recent Port statement - of the main server. You may also specify :* to - match all ports on that address. (This is recommended when used - with _default_.)

- -

SECURITY: See the security tips document - for details on why your security could be compromised if the - directory where logfiles are stored is writable by anyone other - than the user that starts the server.

- -

NOTE: The use of <VirtualHost> does - not affect what addresses Apache listens on. - You may need to ensure that Apache is listening on the correct - addresses using either BindAddress - or Listen.

- -

See also: Apache - Virtual Host documentation
- See also: Warnings about DNS and - Apache
- See also: Setting - which addresses and ports Apache uses
- See also: How - Directory, Location and Files sections work for an - explanation of how these different sections are combined when a - request is received

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/directive-dict.html b/usr.sbin/httpd/htdocs/manual/mod/directive-dict.html deleted file mode 100644 index 28949b7b0d8..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/directive-dict.html +++ /dev/null @@ -1,318 +0,0 @@ - - - - - - - - Definitions of terms used to describe Apache - directives - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Terms Used to Describe Apache - Directives

- -

Each Apache configuration directive is described using a - common format that looks like this:

- -
-
Syntax: - directive-name some args
- Default: - directive-name default-value
- Context: - context-list
- Override: - override
- Status: - status
- Module: - module-name
- Compatibility: - compatibility notes
-
- -

Each of the directive's attributes, complete with possible - values where possible, are described in this document.

- -

Directive Terms

- - -
- -

Syntax

- -

This indicates the format of the directive as it would - appear in a configuration file. This syntax is extremely - directive-specific, and is described in detail in the - directive's definition. Generally, the directive name is - followed by a series of one or more space-separated arguments. - If an argument contains a space, the argument must be enclosed - in double quotes. Optional arguments are enclosed in square - brackets. Where an argument can take on more than one possible - value, the possible values are separated by vertical bars "|". - Literal text is presented in the default font, while - argument-types for which substitution is necessary are - emphasized. Directives which can take a variable - number of arguments will end in "..." indicating that the last - argument is repeated.

- -

Directives use a great number of different argument types. A - few common ones are defined below.

- -
-
URL
- -
A complete Uniform Resource Locator including a scheme, - hostname, and optional pathname as in - http://www.example.com/path/to/file.html
- -
URL-path
- -
The part of a url which follows the scheme and - hostname as in /path/to/file.html. The - url-path represents a web-view of a resource, as - opposed to a file-system view.
- -
file-path
- -
The path to a file in the local file-system beginning - with the root directory as in - /usr/local/apache/htdocs/path/to/file.html. - Unless otherwise specified, a file-path which does - not begin with a slash will be treated as relative to the ServerRoot.
- -
directory-path
- -
The path to a directory in the local file-system - beginning with the root directory as in - /usr/local/apache/htdocs/path/to/.
- -
filename
- -
The name of a file with no accompanying path information - as in file.html.
- -
regex
- -
A regular - expression, which is a way of describing a pattern to - match in text. The directive definition will specify what the - regex is matching against.
- -
extension
- -
In general, this is the part of the filename - which follows the last dot. However, Apache recognizes - multiple filename extensions, so if a filename - contains more than one dot, each dot-separated part of the - filename following the first dot is an extension. - For example, the filename file.html.en - contains two extensions: .html and - .en. For Apache directives, you may specify - extensions with or without the leading dot. In - addition, extensions are not case sensitive.
- -
MIME-type
- -
A method of describing the format of a file which - consists of a major format type and a minor format type, - separated by a slash as in text/html.
- -
env-variable
- -
The name of an environment - variable defined in the Apache configuration process. - Note this is not necessarily the same as an operating system - environment variable. See the environment variable documentation for - more details.
-
-
- -

Default

- -

If the directive has a default value (i.e., if you - omit it from your configuration entirely, the Apache Web server - will behave as though you set it to a particular value), it is - described here. If there is no default value, this section - should say "None". Note that the default listed here - is not necessarily the same as the value the directive takes in - the default httpd.conf distributed with the server.

-
- -

Context

- -

This indicates where in the server's configuration files the - directive is legal. It's a comma-separated list of one or more - of the following values:

- -
-
server config
- -
This means that the directive may be used in the server - configuration files (e.g., httpd.conf, - srm.conf, and access.conf), but - not within any - <VirtualHost> or <Directory> - containers. It is not allowed in .htaccess files - at all.
- -
virtual host
- -
This context means that the directive may appear inside - <VirtualHost> containers in the server - configuration files.
- -
directory
- -
A directive marked as being valid in this context may be - used inside <Directory>, - <Location>, and <Files> - containers in the server configuration files, subject to the - restrictions outlined in How - Directory, Location and Files sections work.
- -
.htaccess
- -
If a directive is valid in this context, it means that it - can appear inside per-directory - .htaccess files. It may not be processed, though - depending upon the overrides currently active.
-
- -

The directive is only allowed within the designated - context; if you try to use it elsewhere, you'll get a - configuration error that will either prevent the server from - handling requests in that context correctly, or will keep the - server from operating at all -- i.e., the server won't - even start.

- -

The valid locations for the directive are actually the - result of a Boolean OR of all of the listed contexts. In other - words, a directive that is marked as being valid in - "server config, .htaccess" can be used in the - httpd.conf file and in .htaccess - files, but not within any <Directory> or - <VirtualHost> containers.

-
- -

Override

- -

This directive attribute indicates which configuration - override must be active in order for the directive to be - processed when it appears in a .htaccess file. If - the directive's context - doesn't permit it to appear in .htaccess files, - this attribute should say "Not applicable".

- -

Overrides are activated by the AllowOverride directive, and apply - to a particular scope (such as a directory) and all - descendants, unless further modified by other - AllowOverride directives at lower levels. The - documentation for that directive also lists the possible - override names available.

-
- -

Status

- -

This indicates how tightly bound into the Apache Web server - the directive is; in other words, you may need to recompile the - server with an enhanced set of modules in order to gain access - to the directive and its functionality. Possible values for - this attribute are:

- -
-
Core
- -
If a directive is listed as having "Core" status, that - means it is part of the innermost portions of the Apache Web - server, and is always available.
- -
Base
- -
A directive labeled as having "Base" status is supported - by one of the standard Apache modules which is compiled into - the server by default, and is therefore normally available - unless you've taken steps to remove the module from your - configuration.
- -
Extension
- -
A directive with "Extension" status is provided by one of - the modules included with the Apache server kit, but the - module isn't normally compiled into the server. To enable the - directive and its functionality, you will need to change the - server build configuration files and re-compile Apache.
- -
Experimental
- -
"Experimental" status indicates that the directive is - available as part of the Apache kit, but you're on your own - if you try to use it. The directive is being documented for - completeness, and is not necessarily supported. The module - which provides the directive may or may not be compiled in by - default; check the top of the page which describes the - directive and its module to see if it remarks on the - availability.
-
-
- -

Module

- -

This quite simply lists the name of the source module which - defines the directive.

-
- -

Compatibility

- -

If the directive wasn't part of the original Apache version - 1 distribution, the version in which it was introduced should - be listed here. If the directive has the same name as one from - the NCSA HTTPd server, any inconsistencies in behavior between - the two should also be mentioned. Otherwise, this attribute - should say "No compatibility issues."

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/directives.html b/usr.sbin/httpd/htdocs/manual/mod/directives.html deleted file mode 100644 index 86bc0d46bd5..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/directives.html +++ /dev/null @@ -1,597 +0,0 @@ - - - - - - - - Apache directives - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache Directives

- -

Each Apache directive available in the standard Apache - distribution is listed here. They are described using a - consistent format, and there is a dictionary of the terms used in their - descriptions available.

- - -
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html b/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html deleted file mode 100644 index 9f4a49f3ac7..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/index-bytype.html +++ /dev/null @@ -1,276 +0,0 @@ - - - - - - - - Apache modules - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache modules

- -

Below is a list of all of the modules that come as part of - the Apache distribution. See also the list of modules sorted alphabetically and the complete - alphabetical list of all Apache - directives. For modules that are not part of the Apache - distribution, please see http://modules.apache.org.

- -

Core

- -
-
Core
- -
Core Apache features
-
- -

Environment Creation

- -
-
mod_env
- -
Passing of environments to CGI scripts
- -
mod_setenvif Apache 1.3 - and up
- -
Set environment variables based on client - information
- -
mod_unique_id Apache 1.3 - and up
- -
Generate unique request identifier for every request
-
- -

Content Type Decisions

- -
-
mod_mime
- -
Determining document types using file extensions
- -
mod_mime_magic
- -
Determining document types using "magic numbers"
- -
mod_negotiation
- -
Content negotiation
-
- -

URL Mapping

- -
-
mod_alias
- -
Mapping different parts of the host filesystem in the - document tree, and URL redirection
- -
mod_rewrite Apache 1.2 and - up
- -
Powerful URI-to-filename mapping using regular - expressions
- -
mod_userdir
- -
User home directories
- -
mod_speling Apache 1.3 and - up
- -
Automatically correct minor typos in URLs
- -
mod_vhost_alias Apache - 1.3.7 and up
- -
Support for dynamically configured mass virtual - hosting
-
- -

Directory Handling

- -
-
mod_dir
- -
Basic directory handling
- -
mod_autoindex
- -
Automatic directory listings
-
- -

Access Control

- -
-
mod_access
- -
Access control based on client hostname or IP - address
- -
mod_auth
- -
User authentication using text files
- -
mod_auth_dbm
- -
User authentication using DBM files
- -
mod_auth_db
- -
User authentication using Berkeley DB files
- -
mod_auth_anon Apache 1.1 - and up
- -
Anonymous user access to authenticated areas
- -
mod_auth_digest Apache - 1.3.8 and up
- -
Experimental MD5 authentication
- -
mod_digest Apache 1.1 and - up
- -
MD5 authentication
-
- -

HTTP Response

- -
-
mod_headers Apache 1.2 and - up
- -
Add arbitrary HTTP headers to resources
- -
mod_cern_meta Apache 1.1 - and up
- -
Support for HTTP header metafiles
- -
mod_expires Apache 1.2 and - up
- -
Apply Expires: headers to resources
- -
mod_asis
- -
Sending files which contain their own HTTP headers
-
- -

Dynamic Content

- -
-
mod_include
- -
Server-parsed documents
- -
mod_cgi
- -
Invoking CGI scripts
- -
mod_actions Apache 1.1 and - up
- -
Executing CGI scripts based on media type or request - method
- -
- -

Internal Content Handlers

- -
-
mod_status Apache 1.1 and - up
- -
Server status display
- -
mod_info Apache 1.1 and - up
- -
Server configuration information
-
- -

Logging

- -
-
mod_log_config
- -
User-configurable logging replacement for - mod_log_common
- -
mod_log_agent
- -
Logging of User Agents
- -
mod_log_referer
- -
Logging of document references
- -
mod_usertrack Apache 1.2 - and up
- -
User tracking using Cookies
-
- -

Miscellaneous

- -
-
mod_imap Apache 1.1 and - up
- -
The imagemap file handler
- -
mod_proxy Apache 1.1 and - up
- -
Caching proxy abilities
- -
mod_so Apache 1.3 and up
- -
Support for loading modules (DLLs on Windows) at - runtime
- -
mod_mmap_static Apache - 1.3 and up
- -
Experimental file caching, mapping files into memory to - improve performace
-
- -

Obsolete

- -
-
mod_log_common up to - Apache 1.1.1
- -
Standard logging in the Common Logfile Format. Replaced - by the mod_log_config module in Apache 1.2 and up
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/index.html b/usr.sbin/httpd/htdocs/manual/mod/index.html deleted file mode 100644 index 8d56c1c1cd3..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/index.html +++ /dev/null @@ -1,230 +0,0 @@ - - - - - - - - Apache modules - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache modules

- -

Below is a list of all of the modules that come as part of - the Apache distribution. See also the list of modules sorted by type and the complete - alphabetical list of all Apache - directives. For Apache modules that are not part of the - Apache distribution, please see http://modules.apache.org

- -
-
Core
- -
Core Apache features
- -
mod_access
- -
Access control based on client hostname or IP - address
- -
mod_actions Apache 1.1 and - up
- -
Executing CGI scripts based on media type or request - method
- -
mod_alias
- -
Mapping different parts of the host filesystem in the - document tree, and URL redirection
- -
mod_asis
- -
Sending files which contain their own HTTP headers
- -
mod_auth
- -
User authentication using text files
- -
mod_auth_anon Apache 1.1 - and up
- -
Anonymous user access to authenticated areas
- -
mod_auth_db Apache 1.1 and - up
- -
User authentication using Berkeley DB files
- -
mod_auth_dbm
- -
User authentication using DBM files
- -
mod_auth_digest Apache - 1.3.8 and up
- -
MD5 authentication
- -
mod_autoindex
- -
Automatic directory listings
- -
mod_cern_meta Apache 1.1 - and up
- -
Support for HTTP header metafiles
- -
mod_cgi
- -
Invoking CGI scripts
- -
mod_digest Apache 1.1 and - up
- -
MD5 authentication (deprecated by mod_auth_digest)
- -
mod_dir
- -
Basic directory handling
- -
mod_env Apache 1.1 and up
- -
Passing of environments to CGI scripts
- -
mod_expires Apache 1.2 and - up
- -
Apply Expires: headers to resources
- -
mod_headers Apache 1.2 and - up
- -
Add arbitrary HTTP headers to resources
- -
mod_imap Apache 1.1 and - up
- -
The imagemap file handler
- -
mod_include
- -
Server-parsed documents
- -
mod_info Apache 1.1 and - up
- -
Server configuration information
- -
mod_log_agent
- -
Logging of User Agents
- -
mod_log_common up to - Apache 1.1.1
- -
Standard logging in the Common Logfile Format. Replaced - by the mod_log_config module in Apache 1.2 and up
- -
mod_log_config
- -
User-configurable logging replacement for - mod_log_common
- -
mod_log_referer
- -
Logging of document references
- -
mod_mime
- -
Determining document types using file extensions
- -
mod_mime_magic
- -
Determining document types using "magic numbers"
- -
mod_mmap_static Apache - 1.3 and up
- -
Experimental file caching, mapping files into memory to - improve performance
- -
mod_negotiation
- -
Content negotiation
- -
mod_proxy Apache 1.1 and - up
- -
Caching proxy abilities
- -
mod_rewrite Apache 1.2 and - up
- -
Powerful URI-to-filename mapping using regular - expressions
- -
mod_setenvif Apache 1.3 - and up
- -
Set environment variables based on client - information
- -
mod_so Apache 1.3 and up
- -
Support for loading modules (.so's on Unix, .dll's on - Win32) at runtime
- -
mod_speling Apache 1.3 and - up
- -
Automatically correct minor typos in URLs
- -
mod_status Apache 1.1 and - up
- -
Server status display
- -
mod_unique_id Apache 1.3 - and up
- -
Generate unique request identifier for every request
- -
mod_userdir
- -
User home directories
- -
mod_usertrack Apache 1.2 - and up
- -
User tracking using Cookies
- -
mod_vhost_alias Apache - 1.3.7 and up
- -
Support for dynamically configured mass virtual - hosting
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html b/usr.sbin/httpd/htdocs/manual/mod/mod_access.html deleted file mode 100644 index 9a5a4eddfac..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_access.html +++ /dev/null @@ -1,354 +0,0 @@ - - - - - - - - Apache module mod_access - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_access

- -

This module provides access control based on client - hostname, IP address, or other characteristics of the client - request.

- -

Status: Base
- Source File: mod_access.c
- Module Identifier: - access_module

- -

Summary

- -

The directives provided by mod_access are used in <Directory>, <Files>, and <Location> sections - as well as .htaccess files to - control access to particular parts of the server. Access can be - controlled based on the client hostname, IP address, or other - characteristics of the client request, as captured in environment variables. The - Allow and Deny directives are used to - specify which clients are or are not allowed access to the - server, while the Order directive sets the default - access state, and configures how the Allow and - Deny directives interact with each other.

- -

Both host-based access restrictions and password-based - authentication may be implemented simultaneously. In that case, - the Satisfy directive is used - to determine how the two sets of restrictions interact.

- -

In general, access restriction directives apply to all - access methods (GET, PUT, - POST, etc). This is the desired behavior in most - cases. However, it is possible to restrict some methods, while - leaving other methods unrestricted, by enclosing the directives - in a <Limit> section.

- -

Directives

- - - -

See also Satisfy and Require.

-
- -

Allow directive

- -

- Syntax: Allow from - all|host|env=env-variable - [host|env=env-variable] ...
- Context: directory, - .htaccess
- Override: Limit
- Status: Base
- Module: mod_access

- -

The Allow directive affects which hosts can - access an area of the server. Access can be controlled by - hostname, IP Address, IP Address range, or by other - characteristics of the client request captured in environment - variables.

- -

The first argument to this directive is always - from. The subsequent arguments can take three - different forms. If Allow from all is specified, - then all hosts are allowed access, subject to the configuration - of the Deny and Order directives as - discussed below. To allow only particular hosts or groups of - hosts to access the server, the host can be specified - in any of the following formats:

- -
-
A (partial) domain-name
- -
Example: Allow from apache.org
- Hosts whose names match, or end in, this string are allowed - access. Only complete components are matched, so the above - example will match foo.apache.org but it will - not match fooapache.org. This configuration will - cause the server to perform a double reverse DNS lookup on the - client IP address, regardless of the setting of the HostnameLookups - directive. It will do a reverse DNS lookup on the IP address to - find the associated hostname, and then do a forward lookup on - the hostname to assure that it matches the original IP address. - Only if the forward and reverse DNS are consistent and the - hostname matches will access be allowed.
- -
A full IP address
- -
Example: Allow from 10.1.2.3
- An IP address of a host allowed access
- -
A partial IP address
- -
Example: Allow from 10.1
- The first 1 to 3 bytes of an IP address, for subnet - restriction.
- -
A network/netmask pair
- -
Example: Allow from - 10.1.0.0/255.255.0.0
- A network a.b.c.d, and a netmask w.x.y.z. For more - fine-grained subnet restriction. (Apache 1.3 and later)
- -
A network/nnn CIDR specification
- -
Example: Allow from 10.1.0.0/16
- Similar to the previous case, except the netmask consists of - nnn high-order 1 bits. (Apache 1.3 and later)
-
- -

Note that the last three examples above match exactly the - same set of hosts.

- -

The third format of the arguments to the Allow - directive allows access to the server to be controlled based on - the existence of an environment - variable. When Allow from - env=env-variable is specified, then the request - is allowed access if the environment variable - env-variable exists. The server provides the ability - to set environment variables in a flexible way based on - characteristics of the client request using the directives - provided by mod_setenvif. - Therefore, this directive can be used to allow access based on - such factors as the clients User-Agent (browser - type), Referer, or other HTTP request header - fields.

- -

Example:

- -
-
-SetEnvIf User-Agent ^KnockKnock/2.0 let_me_in
-<Directory /docroot>
-    Order Deny,Allow
-    Deny from all
-    Allow from env=let_me_in
-</Directory>
-
-
- -

In this case, browsers with a user-agent string beginning - with KnockKnock/2.0 will be allowed access, and all - others will be denied.

- -

See also Deny, Order and SetEnvIf.

-
- -

Deny directive

- -

- Syntax: Deny from - all|host|env=env-variable - [host|env=env-variable] ...
- Context: directory, - .htaccess
- Override: Limit
- Status: Base
- Module: mod_access

- -

This directive allows access to the server to be restricted - based on hostname, IP address, or environment variables. The - arguments for the Deny directive are identical to - the arguments for the Allow directive.

- -

See also Allow, Order and SetEnvIf.

-
- -

Order directive

- -

- Syntax: Order - ordering
- Default: Order - Deny,Allow
- Context: directory, - .htaccess
- Override: Limit
- Status: Base
- Module: mod_access

- -

The Order directive controls the default access - state and the order in which Allow and Deny directives are evaluated. - Ordering is one of

- -
-
Deny,Allow
- -
The Deny directives are evaluated before the - Allow directives. Access is allowed by default. - Any client which does not match a Deny directive - or does match an Allow directive will be allowed - access to the server.
- -
Allow,Deny
- -
The Allow directives are evaluated before - the Deny directives. Access is denied by - default. Any client which does not match an - Allow directive or does match a - Deny directive will be denied access to the - server.
- -
Mutual-failure
- -
Only those hosts which appear on the Allow - list and do not appear on the Deny list are - granted access. This ordering has the same effect as - Order Allow,Deny and is deprecated in favor of - that configuration.
-
- -

Keywords may only be separated by a comma; no whitespace is - allowed between them. Note that in all cases every - Allow and Deny statement is - evaluated.

- -

In the following example, all hosts in the apache.org domain - are allowed access; all other hosts are denied access.

- -
- Order Deny,Allow
- Deny from all
- Allow from apache.org
- -
- -

In the next example, all hosts in the apache.org domain are - allowed access, except for the hosts which are in the - foo.apache.org subdomain, who are denied access. All hosts not - in the apache.org domain are denied access because the default - state is to deny access to the server.

- -
- Order Allow,Deny
- Allow from apache.org
- Deny from foo.apache.org
- -
- -

On the other hand, if the Order in the last - example is changed to Deny,Allow, all hosts will - be allowed access. This happens because, regardless of the - actual ordering of the directives in the configuration file, - the Allow from apache.org will be evaluated last - and will override the Deny from foo.apache.org. - All hosts not in the apache.org domain will also - be allowed access because the default state will change to - allow.

- -

The presence of an Order directive can affect - access to a part of the server even in the absence of - accompanying Allow and Deny - directives because of its effect on the default access state. - For example,

- -
- <Directory /www>
-   Order Allow,Deny
- </Directory> -
- -

will deny all access to the /www directory - because the default access state will be set to - deny.

- -

The Order directive controls the order of - access directive processing only within each phase of the - server's configuration processing. This implies, for example, - that an Allow or Deny directive - occurring in a <Location> section will always be - evaluated after an Allow or Deny - directive occurring in a <Directory> section or - .htaccess file, regardless of the setting of the - Order directive. For details on the merging of - configuration sections, see the documentation on How Directory, Location and Files - sections work.

- -

See also: Deny and Allow.

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html b/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html deleted file mode 100644 index e813007011f..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_actions.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - Module mod_actions - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_actions

- -

This module provides for executing CGI scripts based on - media type or request method.

- -

Status: Base
- Source File: - mod_actions.c
- Module Identifier: - action_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Summary

- -

This module has two directives. The Action directive lets - you run CGI scripts whenever a file of a certain type is - requested. The Script directive lets you run CGI scripts - whenever a particular method is used in a request. This makes - it much easier to execute scripts that process files.

- -

Directives

- - -
- -

Action directive

- -

Syntax: Action action-type - cgi-script
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_actions
- Compatibility: Action is only - available in Apache 1.1 and later

- -

This directive adds an action, which will activate - cgi-script when action-type is triggered by the - request. The cgi-script is the URL-path to a resource that - has been configured as a CGI script using ScriptAlias - or AddHandler. The action-type can be either - a handler or a MIME content type. It - sends the URL and file path of the requested document using the - standard CGI PATH_INFO and PATH_TRANSLATED environment - variables.

- -

Examples:

- 
-    # Requests for files of a particular type:
-    Action image/gif /cgi-bin/images.cgi
-
-    # Files of a particular file extension
-    AddHandler my-file-type .xyz
-    Action my-file-type /cgi-bin/program.cgi
-
- -

In the first example, requests for files with a MIME content - type of image/gif will instead be handled by the - specified cgi script /cgi-bin/images.cgi.

- -

In the second example, requests for files with a file extension of - .xyz are handled instead by the specified cgi script - /cgi-bin/program.cgi.

- -

See also: AddHandler

- -
- -

Script directive

- -

Syntax: Script method - cgi-script
- Context: server config, virtual - host, directory
- Status: Base
- Module: mod_actions
- Compatibility: Script is only - available in Apache 1.1 and later; arbitrary method use is only - available with 1.3.10 and later

- -

This directive adds an action, which will activate - cgi-script when a file is requested using the method of - method. The cgi-script is the URL-path to a resource - that has been configured as a CGI script using - ScriptAlias or AddHandler. The URL and - file path of the requested document is sent using the standard CGI - PATH_INFO and PATH_TRANSLATED environment variables.

- -
- Prior to Apache 1.3.10, method can only be one of - GET, POST, PUT, or - DELETE. As of 1.3.10, any arbitrary method name - may be used. Method names are case-sensitive, so - Script PUT and Script put - have two entirely different effects. -
- -

Note that the Script command defines default actions only. - If a CGI script is called, or some other resource that is - capable of handling the requested method internally, it will do - so. Also note that Script with a method of GET - will only be called if there are query arguments present - (e.g., foo.html?hi). Otherwise, the request will - proceed normally.

- -

Examples:

-
-    # For <ISINDEX>-style searching
-    Script GET /cgi-bin/search
-    # A CGI PUT handler
-    Script PUT /~bob/put.cgi
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html b/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html deleted file mode 100644 index 93ea7d84f78..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_alias.html +++ /dev/null @@ -1,399 +0,0 @@ - - - - - - - - Apache module mod_alias - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_alias

- -

This module provides for mapping different parts of the host - filesystem in the document tree, and for URL redirection.

- -

Status: Base
- Source File: mod_alias.c
- Module Identifier: - alias_module

- -

Summary

- -

The directives contained in this module allow for - manipulation and control of URLs as requests arrive at the - server. The Alias and ScriptAlias - directives are used to map between URLs and filesystem paths. - This allows for content which is not directly under the DocumentRoot to - be served as part of the web document tree. The - ScriptAlias directive has the additional effect of - marking the target directory as containing only CGI - scripts.

- -

The Redirect directives are used to instruct - clients to make a new request with a different URL. They are - often used when a resource has moved to a new location.

- -

A more powerful and flexible set of directives for - manipulating URLs is contained in the mod_rewrite - module.

- -

Directives

- - -
- -

Alias directive

- -

- Syntax: Alias URL-path - file-path|directory-path
- Context: server config, virtual - host
- Status: Base
- Module: mod_alias

- -

The Alias directive allows documents to be stored in the - local filesystem other than under the DocumentRoot. URLs with a - (%-decoded) path beginning with url-path will be - mapped to local files beginning with - directory-filename.

- -

Example:

- -
- Alias /image /ftp/pub/image -
- -

A request for http://myserver/image/foo.gif would cause the - server to return the file /ftp/pub/image/foo.gif.

- -

Note that if you include a trailing / on the - url-path then the server will require a trailing / in - order to expand the alias. That is, if you use Alias - /icons/ /usr/local/apache/icons/ then the url - /icons will not be aliased.

- -

Note that you may need to specify additional <Directory> - sections which cover the destination of aliases. - Aliasing occurs before <Directory> sections - are checked, so only the destination of aliases are affected. - (Note however <Location> - sections are run through once before aliases are performed, so - they will apply.)

- -

See also ScriptAlias.

-
- -

AliasMatch

- -

Syntax: AliasMatch regex - file-path|directory-path
- Context: server config, virtual - host
- Status: Base
- Module: mod_alias
- Compatibility: Available in - Apache 1.3 and later

- -

This directive is equivalent to Alias, - but makes use of standard regular expressions, instead of - simple prefix matching. The supplied regular expression is - matched against the URL-path, and if it matches, the server - will substitute any parenthesized matches into the given string - and use it as a filename. For example, to activate the - /icons directory, one might use:

-
-    AliasMatch ^/icons(.*) /usr/local/apache/icons$1
-
-
- -

Redirect - directive

- -

- Syntax: Redirect - [status] URL-path URL
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_alias
- Compatibility: The directory - and .htaccess context's are only available in versions 1.1 and - later. The status argument is only available in Apache - 1.2 or later.

- -

The Redirect directive maps an old URL into a new one. The - new URL is returned to the client which attempts to fetch it - again with the new address. URL-path a (%-decoded) - path; any requests for documents beginning with this path will - be returned a redirect error to a new (%-encoded) URL beginning - with URL.

- -

Example:

- -
- Redirect /service http://foo2.bar.com/service -
- -

If the client requests http://myserver/service/foo.txt, it - will be told to access http://foo2.bar.com/service/foo.txt - instead.

- -

Note: Redirect directives take precedence - over Alias and ScriptAlias directives, irrespective of their - ordering in the configuration file. Also, URL-path - must be an absolute path, not a relative path, even when used - with .htaccess files or inside of <Directory> - sections.

- -

If no status argument is given, the redirect will - be "temporary" (HTTP status 302). This indicates to the client - that the resource has moved temporarily. The status - argument can be used to return other HTTP status codes:

- -
-
permanent
- -
Returns a permanent redirect status (301) indicating that - the resource has moved permanently.
- -
temp
- -
Returns a temporary redirect status (302). This is the - default.
- -
seeother
- -
Returns a "See Other" status (303) indicating that the - resource has been replaced.
- -
gone
- -
Returns a "Gone" status (410) indicating that the - resource has been permanently removed. When this status is - used the url argument should be omitted.
-
- -

Other status codes can be returned by giving the numeric - status code as the value of status. If the status is - between 300 and 399, the url argument must be present, - otherwise it must be omitted. Note that the status must be - known to the Apache code (see the function - send_error_response in http_protocol.c).

- -

Example:

- - 
-    Redirect permanent /one http://example.com/two

-    Redirect 303 /two http://example.com/other
-
-
- -

RedirectMatch

- -

Syntax: RedirectMatch - [status] regex URL
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_alias
- Compatibility: Available in - Apache 1.3 and later

- -

This directive is equivalent to Redirect, but makes use of standard - regular expressions, instead of simple prefix matching. The - supplied regular expression is matched against the URL-path, - and if it matches, the server will substitute any parenthesized - matches into the given string and use it as a filename. For - example, to redirect all GIF files to like-named JPEG files on - another server, one might use:

-
-    RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg
-
-
- -

RedirectTemp - directive

- -

- Syntax: RedirectTemp - URL-path URL
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_alias
- Compatibility: This directive - is only available in Apache 1.2 and later

- -

This directive makes the client know that the Redirect is - only temporary (status 302). Exactly equivalent to - Redirect temp.

-
- -

RedirectPermanent - directive

- -

- Syntax: RedirectPermanent - URL-path URL
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_alias
- Compatibility: This directive - is only available in Apache 1.2 and later

- -

This directive makes the client know that the Redirect is - permanent (status 301). Exactly equivalent to Redirect - permanent.

-
- -

ScriptAlias - directive

- -

- Syntax: ScriptAlias - URL-path file-path|directory-path
- Context: server config, virtual - host
- Status: Base
- Module: mod_alias

- -

The ScriptAlias directive has the same behavior as the Alias directive, except that in addition it - marks the target directory as containing CGI scripts that will be - processed by mod_cgi's cgi-script - handler. URLs with a (%-decoded) path beginning with - URL-path will be mapped to scripts beginning with the - second argument which is a full pathname in the local - filesystem.

- -

Example:

- -
- ScriptAlias /cgi-bin/ /web/cgi-bin/ -
- -

A request for http://myserver/cgi-bin/foo would cause the - server to run the script /web/cgi-bin/foo.

-
- -

ScriptAliasMatch

- -

Syntax: ScriptAliasMatch - regex file-path|directory-path
- Context: server config, virtual - host
- Status: Base
- Module: mod_alias
- Compatibility: Available in - Apache 1.3 and later

- -

This directive is equivalent to ScriptAlias, but makes use of standard - regular expressions, instead of simple prefix matching. The - supplied regular expression is matched against the URL-path, - and if it matches, the server will substitute any parenthesized - matches into the given string and use it as a filename. For - example, to activate the standard /cgi-bin, one - might use:

-
-    ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_asis.html b/usr.sbin/httpd/htdocs/manual/mod/mod_asis.html deleted file mode 100644 index 9d93d39f157..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_asis.html +++ /dev/null @@ -1,107 +0,0 @@ - - - - - - - - Apache module mod_asis - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_asis

- -

This module provides for sending files which contain their - own HTTP headers.

- -

Status: Base
- Source File: mod_asis.c
- Module Identifier: - asis_module

- -

Summary

- -

This module provides the handler send-as-is - which causes Apache to send the document without adding most of - the usual HTTP headers.

- -

This can be used to send any kind of data from the server, - including redirects and other special HTTP responses, without - requiring a cgi-script or an nph script.

- -

For historical reasons, this module will also process any - file with the mime type httpd/send-as-is.

- -

Directives

- -

This module provides no directives.

- -

Usage

- -

In the server configuration file, associate files with the - send-as-is handler e.g.

- -
- AddHandler send-as-is asis -
- The contents of any file with a .asis extension - will then be sent by Apache to the client with almost no - changes. Clients will need HTTP headers to be attached, so do - not forget them. A Status: header is also required; the data - should be the 3-digit HTTP response code, followed by a textual - message. - -

Here's an example of a file whose contents are sent as - is so as to tell the client that a file has - redirected.

- -
- Status: 301 Now where did I leave that URL
- Location: http://xyz.abc.com/foo/bar.html
- Content-type: text/html
-
- <HTML>
- <HEAD>
- <TITLE>Lame excuses'R'us</TITLE>
- </HEAD>
- <BODY>
- <H1>Fred's exceptionally wonderful page has moved - to
- <A - HREF="http://xyz.abc.com/foo/bar.html">Joe's</A> - site.
- </H1>
- </BODY>
- </HTML> -
- -

Notes: the server always adds a Date: and Server: header to - the data returned to the client, so these should not be - included in the file. The server does not add a - Last-Modified header; it probably should. -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html deleted file mode 100644 index 2789d5bb5e0..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth.html +++ /dev/null @@ -1,326 +0,0 @@ - - - - - - - - Apache module mod_auth - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_auth

- -

This module provides for user authentication using text - files.

- -

Status: Base
- Source File: mod_auth.c
- Module Identifier: - auth_module

- -

Summary

- -

This module allows the use of HTTP Basic Authentication to - restrict access by looking up users in plain text password and - group files. Similar functionality and greater scalability is - provided by mod_auth_dbm and mod_auth_db. HTTP Digest - Authentication is provided by mod_auth_digest.

- -

Note that these credential-based security mechanisms are - only as strong as your Web server's security. As a rule, they - are not as strong as the operating system's own security - system.

- -

Directives

- - - -

See also: require, satisfy, and mod_auth require keywords.

-
- -

mod_auth - Require Keywords

- -

The mod_auth module supports the following - keywords that can be given to the Require directive:

- -
-
user username [...]
- -
The supplied username and password must be in the AuthUserFile database, and the - username must also be one of those listed on the Require - directive.
- -
group groupname [...]
- -
The supplied username and password must be in the AuthUserFile database, and the - username must also be a member of one of the named groups in - the AuthGroupFile database.
- -
valid-user
- -
The supplied username and password must be in the AuthUserFile database. Any valid - username from that file will be allowed.
- -
file-owner
- -
[Available after Apache 1.3.20] The supplied username and - password must be in the AuthUserFile database, and the - username must also match the system's name for the owner of - the file being requested. That is, if the operating system - say the requested file is owned by jones, then - the username used to access it through the Web must be - jones as well.
- -
file-group
- -
[Available after Apache 1.3.20] The supplied username and - password must be in the AuthUserFile database, the name of - the group that owns the file must be in the AuthGroupFile database, and the - username must be a member of that group. For example, if the - operating system says the requested file is owned by group - accounts, the group accounts must - be in the AuthGroupFile database and the username used in the - request must be a member of that group.
-
-
- -

Example of Require - file-owner

- -

Consider a multi-user system running the Apache Web server, - with each user having his or her own files in - ~/public_html/private. Assuming that there is a - single AuthUserFile database that lists all of their usernames, - and that their Web usernames match the ones that actually own - the files on the server, then the following stanza would allow - only the user himself access to his own files. User - jones would not be allowed to access files in - /home/smith/public_html/private unless they were - owned by jones instead of smith.

-
-    <Directory /home/*/public_html/private>
-        AuthType Basic
-        AuthName MyPrivateFile
-        AuthUserFile /usr/local/apache/etc/.htpasswd-allusers
-        Satisfy All
-        Require file-owner
-    </Directory>
-
-
- -

AuthGroupFile directive

- Syntax: AuthGroupFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Base
- Module: mod_auth - -

The AuthGroupFile directive sets the name of a textual file - containing the list of user groups for user authentication. - File-path is the path to the group file. If it is not - absolute (i.e., if it doesn't begin with a slash), it - is treated as relative to the ServerRoot.

- -

Each line of the group file contains a groupname followed by - a colon, followed by the member usernames separated by spaces. - Example:

- -
- mygroup: bob joe anne -
- Note that searching large text files is very - inefficient; AuthDBMGroupFile - should be used instead. - -

Security: make sure that the AuthGroupFile is stored outside - the document tree of the web-server; do not put it in - the directory that it protects. Otherwise, clients will be able - to download the AuthGroupFile.

- -

See also AuthName, AuthType and AuthUserFile.

-
- -

AuthUserFile - directive

- Syntax: AuthUserFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Base
- Module: mod_auth - -

The AuthUserFile directive sets the name of a textual file - containing the list of users and passwords for user - authentication. File-path is the path to the user - file. If it is not absolute (i.e., if it doesn't begin - with a slash), it is treated as relative to the ServerRoot.

- -

Each line of the user file contains a username followed by a - colon, followed by the crypt() encrypted password. - The behavior of multiple occurrences of the same user is - undefined.

- -

The utility htpasswd - which is installed as part of the binary distribution, or which - can be found in src/support, is used to maintain - this password file. See the man page for more - details. In short

- -
- htpasswd -c Filename username
- Create a password file 'Filename' with 'username' as the - initial ID. It will prompt for the password. htpasswd - Filename username2
- Adds or modifies in password file 'Filename' the 'username'. -
- -

Note that searching large text files is very - inefficient; AuthDBMUserFile - should be used instead.

- -
-
Security:
- -
Make sure that the AuthUserFile is stored outside the - document tree of the web-server; do not put it in - the directory that it protects. Otherwise, clients may be - able to download the AuthUserFile.
- -
Also be aware that null usernames are permitted, and null - passwords as well (through Apache 1.3.20). If your - AuthUserFile includes a line containing only a colon (':'), a - 'Require valid-user' will allow access if both - the username and password in the credentials are - omitted.
-
- See also AuthName, AuthType and AuthGroupFile. -
- -

AuthAuthoritative directive

- Syntax: AuthAuthoritative - on|off
- Default: - AuthAuthoritative on
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Base
- Module: mod_auth - -

Setting the AuthAuthoritative directive explicitly to - 'off' allows for both authentication and - authorization to be passed on to lower level modules (as - defined in the Configuration and - modules.c files) if there is no - userID or rule matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will - give an Authorization Required reply.

- -

So if a userID appears in the database of more than one - module; or if a valid Require directive applies to - more than one module; then the first module will verify the - credentials; and no access is passed on; regardless of the - AuthAuthoritative setting.

- -

A common use for this is in conjunction with one of the - database modules; such as mod_auth_db.c, mod_auth_dbm.c, - mod_auth_msql.c, and mod_auth_anon.c. - These modules supply the bulk of the user credential checking; - but a few (administrator) related accesses fall through to a - lower level with a well protected AuthUserFile.

- -

Default: By default; control is - not passed on; and an unknown userID or rule will result in an - Authorization Required reply. Not setting it thus keeps the - system secure; and forces an NCSA compliant behavior.

- -

Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database such - as mSQL. Make sure that the AuthUserFile is stored outside the - document tree of the web-server; do not put it in the - directory that it protects. Otherwise, clients will be able to - download the AuthUserFile.

- -

See also AuthName, AuthType and AuthGroupFile.

- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html deleted file mode 100644 index 6824322f6b9..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_anon.html +++ /dev/null @@ -1,296 +0,0 @@ - - - - - - - Apache module mod_auth_anon.c - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_auth_anon

- This module allows "anonymous" user access to authenticated - areas. - -

Status: Extension
- Source File: - mod_auth_anon.c
- Module Identifier: - anon_auth_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Summary

- -

This module does access control in a manner similar to - anonymous-ftp sites; i.e. have a 'magic' user id - 'anonymous' and the email address as a password. These email - addresses can be logged.

- -

Combined with other (database) access control methods, this - allows for effective user tracking and customization according - to a user profile while still keeping the site open for - 'unregistered' users. One advantage of using Auth-based user - tracking is that, unlike magic-cookies and funny URL - pre/postfixes, it is completely browser independent and it - allows users to share URLs.

- -

Directives

- - - -

Example

- The example below (when combined with the Auth directives of a - htpasswd-file based (or GDM, mSQL etc.) base access - control system allows users in as 'guests' with the following - properties: - -
    -
  • It insists that the user enters a userId. - (Anonymous_NoUserId)
    • - -
  • It insists that the user enters a password. - (Anonymous_MustGiveEmail)
    • - -
  • The password entered must be a valid email address, ie. - contain at least one '@' and a '.'. - (Anonymous_VerifyEmail)
    • - -
  • The userID must be one of anonymous guest www test - welcome and comparison is not case - sensitive.
    • - -
  • And the Email addresses entered in the passwd field are - logged to the error log file - (Anonymous_LogEmail)
    • -
- -

Excerpt of httpd.conf:

- -
-
-Anonymous_NoUserId      off
-Anonymous_MustGiveEmail on
-Anonymous_VerifyEmail    on
-Anonymous_LogEmail      on
-Anonymous        anonymous guest www test welcome
-
-AuthName                "Use 'anonymous' & Email address for guest entry"
-AuthType                basic
-
-# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile
-# directive must be specified, or use
-# Anonymous_Authoritative for public access.
-# In the .htaccess for the public directory, add:
-<Files *>
-Order Deny,Allow          
-Allow from all            
-
-Require valid-user        
-</Files>
-
-
-
- -

Anonymous - directive

- Syntax: Anonymous user - [user] ...
- Default: none
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_anon - -

A list of one or more 'magic' userIDs which are allowed - access without password verification. The userIDs are space - separated. It is possible to use the ' and " quotes to allow a - space in a userID as well as the \ escape character.

- -

Please note that the comparison is - case-IN-sensitive.
- I strongly suggest that the magic username - 'anonymous' is always one of the allowed - userIDs.

- -

Example:
- Anonymous anonymous "Not Registered" 'I don\'t - know'

- -

This would allow the user to enter without password - verification by using the userId's 'anonymous', - 'AnonyMous','Not Registered' and 'I Don't Know'.

-
- -

Anonymous_Authoritative directive

- Syntax: Anonymous_Authoritative - on|off
- Default: - Anonymous_Authoritative off
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_anon - -

When set 'on', there is no fall-through to other - authorization methods. So if a userID does not match the values - specified in the Anonymous directive, access is - denied.

- -

Be sure you know what you are doing when you decide to - switch it on. And remember that it is the linking order of the - modules (in the Configuration / Make file) which details the - order in which the Authorization modules are queried.

-
- -

Anonymous_LogEmail - directive

- Syntax: Anonymous_LogEmail - on|off
- Default: - Anonymous_LogEmail on
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_anon - -

When set 'on', the default, the 'password' entered (which - hopefully contains a sensible email address) is logged in the - error log. The message is logged at a level of info, - and so you must have LogLevel set - to at least info in order to see this message.

- -

Log entries will look like the following example:

- - 
-[Fri Apr 26 14:49:50 2002] [info] [client 192.168.1.105] Anonymous: Passwd  Accepted
-
- -
- -

Anonymous_MustGiveEmail directive

- - Syntax: Anonymous_MustGiveEmail - on|off
- Default: - Anonymous_MustGiveEmail on
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_anon - -

Specifies whether the user must specify an email address as - the password. This prohibits blank passwords.

-
- -

Anonymous_NoUserID - directive

- Syntax: Anonymous_NoUserID - on|off
- Default: - Anonymous_NoUserID off
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_anon - -

When set 'on', users can leave the userID (and perhaps the - password field) empty. This can be very convenient for - MS-Explorer users who can just hit return or click directly on - the OK button; which seems a natural reaction.

-
- -

Anonymous_VerifyEmail directive

- Syntax: Anonymous_VerifyEmail - on|off
- Default: - Anonymous_VerifyEmail off
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_anon - -

When set 'on' the 'password' entered is checked for at least - one '@' and a '.' to encourage users to enter valid email - addresses (see the above Auth_LogEmail). -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html deleted file mode 100644 index 324cbfd870e..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_db.html +++ /dev/null @@ -1,248 +0,0 @@ - - - - - - - Apache module mod_auth_db - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_auth_db

- -

This module provides for user authentication using Berkeley - DB files.

- -

Status: Extension
- Source File: - mod_auth_db.c
- Module Identifier: - db_auth_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Summary

- -

This module provides an alternative to DBM files for those systems which - support DB and not DBM. It is only available in Apache 1.1 and - later.

- -

On some BSD systems (e.g., FreeBSD and NetBSD) dbm - is automatically mapped to Berkeley DB. You can use either mod_auth_dbm or mod_auth_db. The - latter makes it more obvious that it's Berkeley DB. On other - platforms where you want to use the DB library you usually have - to install it first. See http://www.sleepycat.com/ - for the distribution. The interface this module uses is the one - from DB version 1.85 and 1.86, but DB version 2.x can also be - used when compatibility mode is enabled.

- -

Directives

- - - -

See also: satisfy and require.

-
- -

AuthDBGroupFile directive

- - Syntax: AuthDBGroupFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_db - -

The AuthDBGroupFile directive sets the name of a DB file - containing the list of user groups for user authentication. - File-path is the absolute path to the group file.

- -

The group file is keyed on the username. The value for a - user is a comma-separated list of the groups to which the users - belongs. There must be no whitespace within the value, and it - must never contain any colons.

- -

Security: make sure that the AuthDBGroupFile is stored - outside the document tree of the web-server; do not - put it in the directory that it protects. Otherwise, clients - will be able to download the AuthDBGroupFile unless otherwise - protected.

- -

Combining Group and Password DB files: In some cases it is - easier to manage a single database which contains both the - password and group details for each user. This simplifies any - support programs that need to be written: they now only have to - deal with writing to and locking a single DBM file. This can be - accomplished by first setting the group and password files to - point to the same DB file:

- -
- AuthDBGroupFile /www/userbase
- AuthDBUserFile /www/userbase -
- The key for the single DB record is the username. The value - consists of - -
- Unix Crypt-ed Password : List of Groups [ : (ignored) - ] -
- The password section contains the Unix crypt() password as - before. This is followed by a colon and the comma separated - list of groups. Other data may optionally be left in the DB - file after another colon; it is ignored by the authentication - module. - -

See also AuthName, AuthType and AuthDBUserFile.

-
- -

AuthDBUserFile directive

- - Syntax: AuthDBUserFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_db - -

The AuthDBUserFile directive sets the name of a DB file - containing the list of users and passwords for user - authentication. File-path is the absolute path to the - user file.

- -

The user file is keyed on the username. The value for a user - is the crypt() encrypted password, optionally followed by a - colon and arbitrary data. The colon and the data following it - will be ignored by the server.

- -

Security: make sure that the AuthDBUserFile is stored - outside the document tree of the web-server; do not - put it in the directory that it protects. Otherwise, clients - will be able to download the AuthDBUserFile.

- -

Important compatibility note: The implementation of - "dbmopen" in the apache modules reads the string length of the - hashed values from the DB data structures, rather than relying - upon the string being NULL-appended. Some applications, such as - the Netscape web server, rely upon the string being - NULL-appended, so if you are having trouble using DB files - interchangeably between applications this may be a part of the - problem.

- -

A perl script called - href="../programs/dbmmanage.html">dbmmanage is included with - Apache. This program can be used to create and update DB format - password files for use with this module.

- See also AuthName, AuthType and AuthDBGroupFile. -
- -

AuthDBAuthoritative - directive

- - Syntax: AuthDBAuthoritative - on|off
- Default: - AuthDBAuthoritative on
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Base
- Module: mod_auth - -

Setting the AuthDBAuthoritative directive explicitly to - 'off' allows for both authentication and - authorization to be passed on to lower level modules (as - defined in the Configuration and - modules.c file if there is no - userID or rule matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will - give an Authorization Required reply.

- -

So if a userID appears in the database of more than one - module; or if a valid Require directive applies to - more than one module; then the first module will verify the - credentials; and no access is passed on; regardless of the - AuthAuthoritative setting.

- -

A common use for this is in conjunction with one of the - basic auth modules; such as mod_auth.c. Whereas this - DB module supplies the bulk of the user credential checking; a - few (administrator) related accesses fall through to a lower - level with a well protected .htpasswd file.

- -

By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behavior.

- -

Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.

- -

See also AuthName, AuthType and AuthDBGroupFile.

- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html deleted file mode 100644 index 7deef8a4fac..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_dbm.html +++ /dev/null @@ -1,235 +0,0 @@ - - - - - - - Apache module mod_auth_dbm - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_auth_dbm

- -

This module provides for user authentication using DBM - files.

- -

Status: Extension
- Source File: - mod_auth_dbm.c
- Module Identifier: - dbm_auth_module

- -

Summary

- -

This module provides for HTTP Basic Authentication, where - the usernames and passwords are stored in DBM type database - files. It is an alternative to the plain text password files - provided by mod_auth and the - Berkely DB password files provided by mod_auth_db.

- -

Directives

- - - -

See also: Satisfy and Require.

-
- -

AuthDBMGroupFile

- Syntax: AuthDBMGroupFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_dbm - -

The AuthDBMGroupFile directive sets the name of a DBM file - containing the list of user groups for user authentication. - File-path is the absolute path to the group file.

- -

The group file is keyed on the username. The value for a - user is a comma-separated list of the groups to which the users - belongs. There must be no whitespace within the value, and it - must never contain any colons.

- -

Security: make sure that the AuthDBMGroupFile is stored - outside the document tree of the web-server; do not - put it in the directory that it protects. Otherwise, clients - will be able to download the AuthDBMGroupFile unless otherwise - protected.

- -

Combining Group and Password DBM files: In some cases it is - easier to manage a single database which contains both the - password and group details for each user. This simplifies any - support programs that need to be written: they now only have to - deal with writing to and locking a single DBM file. This can be - accomplished by first setting the group and password files to - point to the same DBM:

- -
- AuthDBMGroupFile /www/userbase
- AuthDBMUserFile /www/userbase -
- The key for the single DBM is the username. The value consists - of - -
- Unix Crypt-ed Password : List of Groups [ : (ignored) - ] -
- The password section contains the Unix crypt() password as - before. This is followed by a colon and the comma separated - list of groups. Other data may optionally be left in the DBM - file after another colon; it is ignored by the authentication - module. This is what www.telescope.org uses for its combined - password and group database. - -

See also AuthName, AuthType and AuthDBMUserFile.

-
- -

AuthDBMUserFile

- - Syntax: AuthDBMUserFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_dbm - -

The AuthDBMUserFile directive sets the name of a DBM file - containing the list of users and passwords for user - authentication. File-path is the absolute path to the - user file.

- -

The user file is keyed on the username. The value for a user - is the crypt() encrypted password, optionally followed by a - colon and arbitrary data. The colon and the data following it - will be ignored by the server.

- -

Security: make sure that the AuthDBMUserFile is stored - outside the document tree of the web-server; do not - put it in the directory that it protects. Otherwise, clients - will be able to download the AuthDBMUserFile.

- -

Important compatibility note: The implementation of - "dbmopen" in the apache modules reads the string length of the - hashed values from the DBM data structures, rather than relying - upon the string being NULL-appended. Some applications, such as - the Netscape web server, rely upon the string being - NULL-appended, so if you are having trouble using DBM files - interchangeably between applications this may be a part of the - problem.

- -

A perl script called dbmmanage is included - with Apache. This program can be used to create and update DBM - format password files for use with this module.

- See also AuthName, AuthType and AuthDBMGroupFile. -
- -

AuthDBMAuthoritative

- - Syntax: AuthDBMAuthoritative - on|off
- Default: - AuthDBMAuthoritative on
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Extension
- Module: mod_auth_dbm - -

Setting the AuthDBMAuthoritative directive explicitly to - 'off' allows for both authentication and - authorization to be passed on to lower level modules (as - defined in the Configuration and - modules.c file if there is no - userID or rule matching the supplied - userID. If there is a userID and/or rule specified; the usual - password and access checks will be applied and a failure will - give an Authorization Required reply.

- -

So if a userID appears in the database of more than one - module; or if a valid Require directive applies to - more than one module; then the first module will verify the - credentials; and no access is passed on; regardless of the - AuthAuthoritative setting.

- -

A common use for this is in conjunction with one of the - basic auth modules; such as mod_auth.c. Whereas this - DBM module supplies the bulk of the user credential checking; a - few (administrator) related accesses fall through to a lower - level with a well protected .htpasswd file.

- -

By default, control is not passed on and an unknown userID - or rule will result in an Authorization Required reply. Not - setting it thus keeps the system secure and forces an NCSA - compliant behavior.

- -

Security: Do consider the implications of allowing a user to - allow fall-through in his .htaccess file; and verify that this - is really what you want; Generally it is easier to just secure - a single .htpasswd file, than it is to secure a database which - might have more access interfaces.

- -

See also AuthName, AuthType and AuthDBMGroupFile.

- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html deleted file mode 100644 index 9fc1cd3dc69..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_digest.html +++ /dev/null @@ -1,406 +0,0 @@ - - - - - - - Apache module mod_auth_digest - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_auth_digest

- -

This module provides for user authentication using MD5 - Digest Authentication.

- -

Status: Experimental
- Source File: - mod_auth_digest.c
- Module Identifier: - digest_auth_module
- Compatibility: Available in - Apache 1.3.8 and later.

- -

Summary

- -

This is an updated version of mod_digest. However, it has not been - extensively tested and is therefore marked experimental. If you - use this module, you must make sure to not use - mod_digest (because they share some of the same configuration - directives).

- -

Digest authentication is described in RFC - 2617.

- -

Directives

- - - -

See also: Require and Satisfy.

- -

Using Digest - Authentication

- -

Using MD5 Digest authentication is very simple. Simply set - up authentication normally, using "AuthType Digest" and - "AuthDigestFile" instead of the normal "AuthType Basic" and - "AuthUserFile"; also, replace any "AuthGroupFile" with - "AuthDigestGroupFile". Then add a "AuthDigestDomain" directive - containing at least the root URI(s) for this protection space. - Example:

-
-  <Location /private/>
-  AuthType Digest
-  AuthName "private area"
-  AuthDigestDomain /private/ http://mirror.my.dom/private2/
-  AuthDigestFile /web/auth/.digest_pw
-  Require valid-user
-  </Location>
-
- -

Note: MD5 authentication provides a more - secure password system than Basic authentication, but only - works with supporting browsers. As of this writing (October - 2001), the only major browsers which support digest - authentication are Opera - 4.0, MS - Internet Explorer 5.0 and Amaya. Therefore, we do not - yet recommend using this feature on a large Internet site. - However, for personal and intra-net use, where browser users - can be controlled, it is ideal.

-
- -

AuthDigestFile directive

- Syntax: AuthDigestFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Experimental
- Module: mod_auth_digest
- - -

The AuthDigestFile directive sets the name of a textual file - containing the list of users and encoded passwords for digest - authentication. File-path is the absolute path to the - user file.

- -

The digest file uses a special format. Files in this format - can be created using the htdigest utility found in - the support/ subdirectory of the Apache distribution.

-
- -

AuthDigestGroupFile - directive

- Syntax: AuthDigestGroupFile - file-path
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Experimental
- Module: mod_auth_digest
- Compatibility: Available in - Apache 1.3.8 and later - -

The AuthDigestGroupFile directive sets the name of a textual - file containing the list of groups and their members (user - names). File-path is the absolute path to the group - file.

- -

Each line of the group file contains a groupname followed by - a colon, followed by the member usernames separated by spaces. - Example:

- -
- mygroup: bob joe anne -
- Note that searching large text files is very - inefficient. - -

Security: make sure that the AuthGroupFile is stored outside - the document tree of the web-server; do not put it in - the directory that it protects. Otherwise, clients will be able - to download the AuthGroupFile.

-
- -

AuthDigestQop directive

- Syntax: AuthDigestQop - none|auth|auth-int [auth|auth-int]
- Default: AuthDigestQop - auth
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Experimental
- Module: mod_auth_digest
- Compatibility: Available in - Apache 1.3.8 and later - -

The AuthDigestQop directive determines the - quality-of-protection to use. auth will only do - authentication (username/password); auth-int is - authentication plus integrity checking (an MD5 hash of the - entity is also computed and checked); none will cause - the module to use the old RFC-2069 digest algorithm (which does - not include integrity checking). Both auth and - auth-int may be specified, in which the case the - browser will choose which of these to use. none should - only be used if the browser for some reason does not like the - challenge it receives otherwise.

- -

auth-int is not implemented - yet.

-
- -

AuthDigestNonceLifetime - directive

- Syntax: AuthDigestNonceLifetime - seconds
- Default: - AuthDigestNonceLifetime 300
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Experimental
- Module: mod_auth_digest
- Compatibility: Available in - Apache 1.3.8 and later - -

The AuthDigestNonceLifetime directive controls how long the - server nonce is valid. When the client contacts the server - using an expired nonce the server will send back a 401 with - stale=true. If seconds is greater than 0 - then it specifies the amount of time for which the nonce is - valid; this should probably never be set to less than 10 - seconds. If seconds is less than 0 then the nonce - never expires. -

-
- -

AuthDigestNonceFormat - directive

- Syntax: AuthDigestNonceFormat - ???
- Default: - AuthDigestNonceFormat ???
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Experimental
- Module: mod_auth_digest
- Compatibility: Available in - Apache 1.3.8 and later - -

Not implemented yet. -

-
- -

AuthDigestNcCheck directive

- Syntax: AuthDigestNcCheck - On|Off
- Default: - AuthDigestNcCheck Off
- Context: server config
- Override: Not - applicable
- Status: Experimental
- Module: mod_auth_digest
- Compatibility: Available in - Apache 1.3.8 and later - -

Not implemented yet. -

-
- -

AuthDigestAlgorithm - directive

- Syntax: AuthDigestAlgorithm - MD5|MD5-sess
- Default: - AuthDigestAlgorithm MD5
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Experimental
- Module: mod_auth_digest
- Compatibility: Available in - Apache 1.3.8 and later - -

The AuthDigestAlgorithm directive selects the algorithm used - to calculate the challenge and response hashes.

- -

MD5-sess is not correctly implemented - yet. -

-
- -

AuthDigestDomain directive

- Syntax: AuthDigestDomain - URI [URI] ...
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Experimental
- Module: mod_auth_digest
- Compatibility: Available in - Apache 1.3.8 and later - -

The AuthDigestDomain directive allows you to specify one or - more URIs which are in the same protection space (i.e. use the - same realm and username/password info). The specified URIs are - prefixes, i.e. the client will assume that all URIs "below" - these are also protected by the same username/password. The - URIs may be either absolute URIs (i.e. inluding a scheme, host, - port, etc) or relative URIs.

- -

This directive should always be specified and - contain at least the (set of) root URI(s) for this space. - Omitting to do so will cause the client to send the - Authorization header for every request sent to this - server. Apart from increasing the size of the request, it may - also have a detrimental effect on performance if - "AuthDigestNcCheck" is on.

- -

The URIs specified can also point to different servers, in - which case clients (which understand this) will then share - username/password info across multiple servers without - prompting the user each time. -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html b/usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html deleted file mode 100644 index 9e85f5d2cdd..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_auth_msql.html +++ /dev/null @@ -1,488 +0,0 @@ - - - -Module mod_auth_msql - - - -
- [APACHE DOCUMENTATION] -

- Apache HTTP Server Version 1.2 -

-
- -

Module mod_auth_msql

- -This module is contained in the mod_auth_msql.c file and -is compiled in by default. It allows access control using the public -domain mSQL database ftp://ftp.bond.edu.au/pub/Minerva/msql, -a fast but limited SQL engine which can be contacted over an internal -Unix domain protocol as well as over normal TCP/IP socket -communication. It is only available in Apache 1.1 and later.

- -Full description / -Example / -Compile time options / -RevisionHistory / -Person to blame / -Sourcecode -

- -

Full description of all tokens

-
- -
-Auth_MSQLhost < FQHN | IP Address | localhost > -
- Hostname of the machine running the mSQL demon. The effective uid - of the server should be allowed access. If not given, or if it is - the magic name localhost, it is passed to the mSQL library as a null - pointer. This effectively forces it to use /dev/msql rather than the - (slower) socket communication. -
- -
-Auth_MSQLdatabase < mSQL database name > -
- Name of the database in which the following table(s) are contained (Quick check: use the - mSQL command relshow [<hostname> dbase] to verify the spelling of the - database name). -
- -
-Auth_MSQLpwd_table < mSQL table name > -
- Contains at least the fields with the username - and the (encrypted) password. Each uid should only occur once in this table and - for performance reasons should be a primary key. - Normally this table is compulsory, but it is - possible to use a fall-through to other methods - and use the mSQL module for group control only. - See the Auth_MSQL_Authoritative - directive below. -
- -
-Auth_MSQLgrp_table < mSQL table name in the above database > -
- Contains at least the fields with the - username and the groupname. A user which - is in multiple groups has therefore - multiple entries. There might be some performance - problems associated with this and one - might consider to have separate tables for each - group (rather than all groups in one table) if - your directory structure allows for it. - One only need to specify this table when doing - group control. -
- -
-Auth_MSQLuid_field < mSQL field name > -
- Name of the field containing the username in the - Auth_MSQLpwd_table and optionally in the - Auth_MSQLgrp_table tables. -
- -
-Auth_MSQLpwd_field < mSQL field name > -
- Fieldname for the passwords in the - Auth_MSQLpwd_table table. -
- -
-Auth_MSQLgrp_field < mSQL field name > -
- Fieldname for the groupname
- Only the fields used need to be specified. When this - module is compiled with the - BACKWARD_VITEK option then - the uid and pwd field names default to 'user' and 'password'. - However you are strongly encouraged to always specify these values - explicitly given the security issues involved. -
- -
-Auth_MSQL_nopasswd < on | off > -
- Skip password comparison if passwd field is - empty, i.e. allow any password. This is 'off' - by default to ensure that an empty field - in the mSQL table does not allow people in by - default with a random password. -
- -
-Auth_MSQL_Authoritative < on | off > -
- Default is 'on'. When set 'on', there is no - fall-through to other authorization methods. So if a - user is not in the mSQL dbase table (and perhaps - not in the right group) or has the password wrong, then - he or she is denied access. When this directive is set to - 'off', control is passed on to any other authorization - modules, such as the basic auth module with the htpasswd - file or the Unix-(g)dbm modules. The default is 'on' - to avoid nasty 'fall-through' surprises. Be sure you - know what you are doing when you decide to switch it off. -
- -
-Auth_MSQL_EncryptedPasswords < on | off > -
- Default is 'on'. When set on, the values in the - pwd_field are assumed to be crypt-ed using *your* - machines 'crypt()' function and the incoming password - is 'crypt'ed before comparison. When this function is - 'off', the comparison is done directly with the plaintext - entered password. (Yes, http-basic-auth does send the - password as plaintext over the wire :-( ). The default - is a sensible 'on', and I personally think that it is - a *very-bad-idea* to change this. However a multi - vendor or international environment (which sometimes - leads to different crypts functions) might force you to. -
-
- - -

Example

- -An example mSQL table could be created with the following commands: -
-     % msqladmin create www               

-     % msql www                           

-     -> create table user_records (       

-     ->   User_id  char(32) primary key,  

-     ->   Cpasswd  char(32),              

-     ->   Xgroup   char(32)               

-     ->   ) \g                            

-     query OK                             

-     -> \q                                

-     %                                    

-

- -The User_id can be as long as desired. However some of the -popular web browsers truncate names at or stop the user from entering -names longer than 32 characters. Furthermore the 'crypt' function -on your platform might impose further limits. Also use of -the require users uid [uid..] directive in the -access.conf file where the uid's are separated by -spaces can possibly prohibit the use of spaces in your usernames. -Also, please note the MAX_FIELD_LEN -directive somewhere below. -

-To use the above, the following example could be in your -access.conf file. Also there is a more elaborate description -below this example. -

- -<directory /web/docs/private> -

- -

-
-Auth_MSQLhost localhost
-
-
or
-
-Auth_MSQLhost datab.machine.your.org -
- If this directive is omitted or set to localhost, - it is assumed that Apache and the mSQL - database run on the same (physical) machine and the faster - /dev/msql communication channel will be used. Otherwise, - it is the machine to contact by TCP/IP. Consult the mSQL - documentation for more information. -
-

- -

-Auth_MSQLdatabase www -
- The name of the database on the above machine, - which contains *both* the tables for group and - for user/passwords. Currently it is not possible - to have these split over two databases. Make - sure that the msql.acl (access control file) of - mSQL does indeed allow the effective uid of the - web server read access to this database. Check the - httpd.conf file for this uid. -
- -
-Auth_MSQLpwd_table user_records -
- This is the table which contain the uid/password combination - is specified. -
- -
-Auth_MSQLuid_field User_id
-Auth_MSQLpwd_field Cpasswd -
- These two directive specify the field names in the user_record - table. If this module is compiled with the BACKWARD_VITEK - compatibility switch, the defaults user and password are - assumed if you do not specify them. Currently the user_id field - *MUST* be a primary key or one must ensure that each user only - occurs once in the table. If a uid occurs twice access is - denied by default; but see the ONLY_ONCE - compiler directive for more information. -
- -
-Auth_MSQLgrp_table user_records
-Auth_MSQLgrp_field Xgroup
-
- Optionally one can also specify a table which contains the - user/group combinations. This can be the same table which - also contains the username/password combinations. However - if a user belongs to two or more groups, one will have to - use a different table with multiple entries. -
- -
-Auth_MSQL_nopasswd off
-Auth_MSQL_Authoritative on
-Auth_MSQL_EncryptedPasswords on
-
- These three optional fields (all set to the sensible defaults, - so you really do not have to enter them) are described in more - detail below. If you choose to set these to any other values then - the above, be very sure you understand the security implications and - do verify that Apache does what you expect it to do. -
- -
-AuthName example mSQL realm
-AuthType basic -
 -
- Normal Apache/NCSA tokens for access control -

- <limit get post head>
- order deny,allow
- allow from all
-

- require valid-user
-

  • valid-user; allow in any user which has a valid uid/passwd - pair in the above pwd_table. -
- or
- require user smith jones
-
  • Limit access to users who have a valid uid/passwd pair in the - above pwd_table *and* whose uid is 'smith' or 'jones'. Do note that - the uid's are separated by 'spaces' for historic (NCSA) reasons. - So allowing uids with spaces might cause problems. -
- require group has_paid
-
  • Optionally also ensure that the uid has the value 'has_paid' in - the group field in the group table. -
- <limit>
-
-
- - -

Compile Time Options

- -
-
-#define ONLY_ONCE 1 -
- If the mSQL table containing the uid/passwd combination does - not have the uid field as a primary key, it is possible for the - uid to occur more than once in the table with possibly different - passwords. When this module is compiled with the ONLY_ONCE - directive set, access is denied if the uid occurs more than once in the - uid/passwd table. If you choose not to set it, the software takes - the first pair returned and ignores any further pairs. The SQL - statement used for this is
-

"select password form pwd_table where user='UID'"

- this might lead to unpredictable results. For this reason as well - as for performance reasons you are strongly advised to make the - uid field a primary key. Use at your own peril :-) -

- -
-#define KEEP_MSQL_CONNECTION_OPEN -
- Normally the (TCP/IP) connection with the database is opened and - closed for each SQL query. When the Apache web-server and the database - are on the same machine, and /dev/msql is used this does not - cause a serious overhead. However when your platform does not - support this (see the mSQL documentation) or when the web server - and the database are on different machines the overhead can be - considerable. When the above directive is set defined the server leaves - the connection open, i.e. no call to msqlClose(). - If an error occurs an attempt is made to reopen the connection for - the next http request. -

- This has a number of very serious drawbacks -

  • It costs 2 already rare file-descriptors for each child. -
  • It costs msql-connections, typically one per child. The (compiled in) - number of connections mSQL can handle is low, typically 6 or 12. - which might prohibit access to the mSQL database for later - processes. -
  • When a child dies, it might not free that connection properly - or quick enough. -
  • When errors start to occur, connection/file-descriptor resources - might become exhausted very quickly. -
-

- In short, use this at your own peril and only in a highly controlled and - monitored environment. -

- -
- -#define BACKWARD_VITEK
 -#define VITEK_uid_name "user"
-#define VITEK_gid_name "passwd" -
- A second mSQL auth module for Apache has also been developed by Vivek Khera - <khera@kciLink.com> - and was subsequently distributed with some early versions of Apache. It - can be obtained from - ftp://ftp.kcilink.com/pub/mod_auth_msql.c*. - Older 'vitek' versions had the field/table names compiled in. Newer - versions, v.1.11 have more access.conf configuration - options. However these where chosen not to be in line the 'ewse' - version of this module. Also, the 'vitek' module does not give group - control or 'empty' password control. -

- To get things slightly more in line this version (0.9) should - be backward compatible with the 'vitek' module by: -

  • Adding support for the Auth_MSQL_EncryptedPasswords on/off functionality -
  • Adding support for the different spelling of the 4 configuration - tokens for user-table-name, user/password-field-name and dbase-name. -
  • Setting some field names to a default which used to be hard - coded in in older 'vitek' modules. -
-

- If this troubles you, remove the 'BACKWARD_VITEK' define. -

- -
- -#define MAX_FIELD_LEN (64)
-#define MAX_QUERY_LEN (32+24+MAX_FIELD_LEN*2+3*MSQL_FIELD_NAME_LEN+1*MSQL_TABLE_NAME_LEN)
 -
- In order to avoid using the very large HUGE_STRING_LENGTH, the above two compile - time directives are supplies. The MAX_FIELD_LEN contains the maximum number of - characters in your user, password and group fields. The maximum query length is derived - from those values. -

- We only do the following two queries: -

  • For the user/passwd combination -

    "select PWDFIELD from PWDTABLE where USERFIELD='UID'"
    -

  • Optionally for the user/group combination: -

    "select GROUPFIELD from GROUPTABLE where USERFIELD='UID' and GROUPFIELD='GID'"
    -

-

- This leads to the above limit for the query string. We are ignoring escaping a wee bit here - assuming not more than 24 escapes.) -

-
- - -

Revision History

- -This version: 23 Nov 1995, 24 Feb 1996, 16 May 1996. - -
- -
Version 0.0
-
First release -
-
Version 0.1
-
Update to Apache 1.00 -
-
Version 0.2
-
Added lines which got missing God knows when - and which did the valid-user authentication no good at all ! -
-
Version 0.3
-
Added 'Auth_MSQL_nopasswd' option -
-
Version 0.4
-
Cleaned out the error messages mess. -
-
Version 0.6
-
Inconsistency with gid/grp in comment/token/source - Make sure you really use 'Auth_MSQLgrp_field' - as indicated above. -
-
Version 0.7
-
*host to host fixed. Credits - go to Rob Stout, <stout@lava.et.tudelft.nl> for - spotting this one. -
-
Version 0.8
-
Authoritative directive added. See above. -
-
Version 0.9
-
palloc return code check(s), should be - backward compatible with 1.11 version of Vivek Khera - <khera@kciLink.com> msql - module, fixed broken err msg in group control, changed - command table messages to make more sense when displayed - in that new module management tool. Added - Auth_MSQL_EncryptedPasswords on/off functionality. - msqlClose() statements added upon error. Support for - persistent connections with the mSQL database (riscy). - Escaping of ' and \. Replaced some - MAX_STRING_LENGTH claims. -
-
- - -

Contact/person to blame

- -This module was written for the -European Wide Service Exchange by -<Dirk.vanGulik@jrc.it>. -Feel free to contact me if you have any problems, ice-creams or bugs. This -documentation, courtesy of Nick Himba, -<himba@cs.utwente.nl>. -

- - -

Sourcecode

- -The source code can be found at -http://www.apache.org. A snapshot of a development version -usually resides at -http://me-www.jrc.it/~dirkx/mod_auth_msql.c. Please make sure -that you always quote the version you use when filing a bug report. -

-Furthermore a test/demonstration suite (which assumes that you have -both mSQL and Apache compiled and installed) is available at the contrib -section of -ftp://ftp.apache.org/apache/dist/contrib or - -http://me-www.jrc.it/~dirkx/apache-msql-demo.tar.gz and -its -README file. - -

-

- Apache HTTP Server Version 1.2 -

- -Index -Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html b/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html deleted file mode 100644 index ca00533594e..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_autoindex.html +++ /dev/null @@ -1,959 +0,0 @@ - - - - - - - Apache module mod_autoindex - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_autoindex

- This module provides for automatic directory indexing. - -

Status: Base
- Source File: - mod_autoindex.c
- Module Identifier: - autoindex_module

- -

Summary

- The index of a directory can come from one of two sources: - -
    -
  • A file written by the user, typically called - index.html. The DirectoryIndex - directive sets the name of this file. This is controlled by - mod_dir.
    • - -
  • Otherwise, a listing generated by the server. The other - directives control the format of this listing. The AddIcon, AddIconByEncoding and AddIconByType are used to set a - list of icons to display for various file types; for each - file listed, the first icon listed that matches the file is - displayed. These are controlled by - mod_autoindex.
    • -
- The two functions are separated so that you can completely - remove (or replace) automatic index generation should you want - to. - -

Automatic index generation is enabled with using - Options +Indexes. See the Options directive for - more details.

- -

If FancyIndexing - is enabled, or the FancyIndexing keyword is - present on the IndexOptions directive, - the column headers are links that control the order of the - display. If you select a header link, the listing will be - regenerated, sorted by the values in that column. Selecting the - same header repeatedly toggles between ascending and descending - order.

- -

Note that when the display is sorted by "Size", it's the - actual size of the files that's used, not the - displayed value - so a 1010-byte file will always be displayed - before a 1011-byte file (if in ascending order) even though - they both are shown as "1K".

- -

Directives

- - - -

See also: Options and DirectoryIndex.

- -

Autoindex Request Query Arguments

- -

The column sorting headers themselves are self-referencing - hyperlinks that add the sort query options to reorder the - directory listing. The query options are of the form - X=Y, where X is one of N - (file Name), M (file last - Modified date), S (file Size), or - D (file Description), and Y - is one of A (Ascending) or D - (Descending).

- -

When options other than the file name are used as the - sorting key, the secondary key is always the file name. (When - the file name is used to sort by, there is no need of a - secondary sort key, since file names are guaranteed to be - unique, and so the sort order is unambiguous.)

- -

Example:

- -

If the URL http://your.server.name/foo/ - produces a directory index, then the following URLs will - produce different sort orders:

- -
    -
  • http://your.server.name/foo/?M=D sorts the - directory by last modified date, descending.
    • - -
  • http://your.server.name/foo/?D=A sorts the - directory by file description, ascending.
    • - -
  • http://your.server.name/foo/?S=A sorts the - directory by file size, ascending.
    • -
- -

See IndexOrderDefault to - set the default directory ordering.

- -

Note also that when the directory listing is ordered in one - direction (ascending or descending) by a particular column, the - link at the top of that column then reverses, to allow sorting - in the opposite direction by that same column.

-
- -

AddAlt directive

- - Syntax: AddAlt string - file [file] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

This sets the alternate text to display for a file, instead - of an icon, for FancyIndexing. - File is a file extension, partial filename, wild-card - expression or full filename for files to describe. - String is enclosed in double quotes ("). - This alternate text is displayed if the client is - image-incapable or has image loading disabled.

- -

Examples:

- 
-    AddAlt "PDF" *.pdf
-    AddAlt "Compressed" *.gz *.zip *.Z
-
- -
- -

AddAltByEncoding directive

- - Syntax: AddAltByEncoding - string MIME-encoding [MIME-encoding] - ...
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

This sets the alternate text to display for a file, instead - of an icon, for FancyIndexing. - MIME-encoding is a valid content-encoding, such as - x-compress. String is enclosed in double - quotes ("). This alternate text is displayed if - the client is image-incapable or has image loading - disabled.

- -

Example:

- 
-    AddAltByEncoding "gzip" x-gzip
-
- -
- -

AddAltByType - directive

- - Syntax: AddAltByType string - MIME-type [MIME-type] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

This sets the alternate text to display for a file, instead - of an icon, for FancyIndexing. - MIME-type is a valid content-type, such as - text/html. String is enclosed in double - quotes ("). This alternate text is displayed if - the client is image-incapable or has image loading - disabled.

- -

Example:

- 
-    AddAltByType "TXT" text/plain
-
-
- -

AddDescription directive

- - Syntax: AddDescription - "string" file|directory [file|directory] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

This sets the description to display for a file or directory, for IndexOptions FancyIndexing. - file|directory is a file extension, partial filename or - directory name, wild-card expression or full filename or directory name, - for files or directories to describe. String is enclosed in - double quotes ("). Example:

- -
- AddDescription "The planet Mars" - /web/pics/mars.gif -
- -

The description field is 23 bytes wide. 7 more bytes may be - added if the directory is covered by an - IndexOptions SuppressSize, and 19 bytes may - be added if IndexOptions SuppressLastModified - is in effect. The widest this column can be is therefore 49 - bytes.

- -
- As of Apache 1.3.10, the DescriptionWidth - IndexOptions keyword allows you to adjust this - width to any arbitrary size. -
- Caution: Descriptive text defined with - AddDescription may contain HTML markup, such as - tags and character entities. If the width of the description - column should happen to truncate a tagged element (such as - cutting off the end of a bolded phrase), the results may affect - the rest of the directory listing. -
- -

AddIcon directive

- - Syntax: AddIcon icon - name [name] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

This sets the icon to display next to a file ending in - name for FancyIndexing. - Icon is either a (%-escaped) relative URL to the icon, - or of the format (alttext,url) where - alttext is the text tag given for an icon for - non-graphical browsers.

- -

Name is either ^^DIRECTORY^^ for directories, - ^^BLANKICON^^ for blank lines (to format the list correctly), a - file extension, a wildcard expression, a partial filename or a - complete filename. Examples:

- -
- AddIcon (IMG,/icons/image2.gif) .gif .jpg .png
- AddIcon /icons/dir.gif ^^DIRECTORY^^
- AddIcon /icons/backup.gif *~ -
- AddIconByType should be used in - preference to AddIcon, when possible. -
- -

AddIconByEncoding directive

- - Syntax: AddIconByEncoding - icon MIME-encoding [MIME-encoding] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

This sets the icon to display next to files with - MIME-encoding for FancyIndexing. Icon is - either a (%-escaped) relative URL to the icon, or of the format - (alttext,url) where alttext is the - text tag given for an icon for non-graphical browsers.

- -

Mime-encoding is a wildcard expression matching - required the content-encoding. Examples:

- -
- AddIconByEncoding /icons/compressed.gif - x-compress -
-
- -

AddIconByType directive

- - Syntax: AddIconByType icon - MIME-type [MIME-type] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

This sets the icon to display next to files of type - MIME-type for FancyIndexing. Icon is - either a (%-escaped) relative URL to the icon, or of the format - (alttext,url) where alttext is the - text tag given for an icon for non-graphical browsers.

- -

Mime-type is a wildcard expression matching - required the mime types. Examples:

- -
- AddIconByType (IMG,/icons/image3.gif) image/* -
-
- -

DefaultIcon - directive

- - Syntax: DefaultIcon - url
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

The DefaultIcon directive sets the icon to display for files - when no specific icon is known, for FancyIndexing. Url is a - (%-escaped) relative URL to the icon. Examples:

- -
- DefaultIcon /icon/unknown.xbm -
-
- -

FancyIndexing directive

- - Syntax: FancyIndexing - on|off
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

The FancyIndexing directive sets the FancyIndexing option - for a directory. The IndexOptions - directive should be used in preference.

- -
- Note that in versions of Apache prior to 1.3.2, the - FancyIndexing and IndexOptions - directives will override each other. You should use - IndexOptions FancyIndexing in preference to - the standalone FancyIndexing directive. As of - Apache 1.3.2, a standalone FancyIndexing - directive is combined with any IndexOptions - directive already specified for the current scope. -
-
- -

HeaderName - directive

- - Syntax: HeaderName - filename
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex
- Compatibility: some features - only available after 1.3.6; see text - -

The HeaderName directive sets the name of the file that will - be inserted at the top of the index listing. Filename - is the name of the file to include.

- -
- Apache 1.3.6 and earlier: The module first - attempts to include filename.html as an - HTML document, otherwise it will try to include - filename as plain text. Filename is treated - as a filesystem path relative to the directory being indexed. - In no case is SSI processing done. Example: - -
- HeaderName HEADER -
- when indexing the directory /web, the server - will first look for the HTML file - /web/HEADER.html and include it if found, - otherwise it will include the plain text file - /web/HEADER, if it exists. -
- -
-

Apache versions after 1.3.6: - Filename is treated as a URI path relative to the - one used to access the directory being indexed. Note that this - means that if Filemame starts with a slash, it will be - taken to be relative to the DocumentRoot.

- -

Filename must - resolve to a document with a major content type of - "text" (e.g., text/html, - text/plain, etc.). This means that - filename may refer to a CGI script if the script's - actual file type (as opposed to its output) is marked as - text/html such as with a directive like:

- -
-    AddType text/html .cgi
-
- Content negotiation - will be performed if the MultiViews option is enabled. If - filename resolves to a static text/html - document (not a CGI script) and the Includes option is enabled, the file will - be processed for server-side includes (see the mod_include - documentation). -
- -

If the file specified by HeaderName contains - the beginnings of an HTML document (<HTML>, <HEAD>, - etc) then you will probably want to set IndexOptions - +SuppressHTMLPreamble, so that these tags are not - repeated.

- -

See also ReadmeName.

-
- -

IndexIgnore - directive

- - Syntax: IndexIgnore - file [file] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex - -

The IndexIgnore directive adds to the list of files to hide - when listing a directory. File is a file extension, - partial filename, wildcard expression or full filename for - files to ignore. Multiple IndexIgnore directives add to the - list, rather than replacing the list of ignored files. By - default, the list contains `.'. Example:

- -
- IndexIgnore README .htaccess *~ -
-
- -

IndexOptions - directive

- - Syntax: IndexOptions - option [option] ... (Apache 1.3.2 and - earlier)
- Syntax: IndexOptions - [+|-]option [[+|-]option] ... (Apache 1.3.3 - and later)
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex
- Compatibility: '+/-' syntax and - merging of multiple IndexOptions directives is - only available with Apache 1.3.3 and later; the - FoldersFirst and DescriptionWidth - options are only available with Apache 1.3.10 and later; the - TrackModified option is only available with Apache - 1.3.15 and later; the IgnoreCase option is only - available with Apache 1.3.24 and later - -

The IndexOptions directive specifies the behavior of the - directory indexing. Option can be one of

- -
-
DescriptionWidth=[n - | *] (Apache 1.3.10 and later)
- -
The DescriptionWidth keyword allows you to - specify the width of the description column in characters. If - the keyword value is '*', then the column is - automatically sized to the length of the longest filename in - the display. See the section on AddDescription for - dangers inherent in truncating descriptions.
- -
FancyIndexing
- -
- - This turns on fancy indexing of directories. - -
- Note that in versions of Apache prior to 1.3.2, - the FancyIndexing and - IndexOptions directives will override each - other. You should use - IndexOptions FancyIndexing in - preference to the standalone FancyIndexing - directive. As of Apache 1.3.2, a standalone - FancyIndexing directive is combined with any - IndexOptions directive already specified for - the current scope. -
-
- -
FoldersFirst (Apache - 1.3.10 and later)
- -
If this option is enabled, subdirectories in a - FancyIndexed listing will always appear first, - followed by normal files in the directory. The listing is - basically broken into two components, the files and the - subdirectories, and each is sorted separately and then - displayed subdirectories-first. For instance, if the sort - order is descending by name, and FoldersFirst is - enabled, subdirectory Zed will be listed before - subdirectory Beta, which will be listed before - normal files Gamma and Alpha. - This option only has an effect if FancyIndexing - is also enabled.
- -
IconHeight[=pixels] - (Apache 1.3 and later)
- -
- - Presence of this option, when used with IconWidth, will cause - the server to include HEIGHT and - WIDTH attributes in the IMG tag for - the file icon. This allows browser to precalculate the page - layout without having to wait until all the images have been - loaded. If no value is given for the option, it defaults to - the standard height of the icons supplied with the Apache - software.
- -
IconsAreLinks
- -
- - This makes the icons part of the anchor for the filename, for - fancy indexing.
- -
IconWidth[=pixels] (Apache - 1.3 and later)
- -
- - Presence of this option, when used with IconHeight, will - cause the server to include HEIGHT and - WIDTH attributes in the IMG tag for - the file icon. This allows browser to precalculate the page - layout without having to wait until all the images have been - loaded. If no value is given for the option, it defaults to - the standard width of the icons supplied with the Apache - software.
- -
IgnoreCase - (Apache 1.3.24 and later)
- -
- If this option is enabled, names are sorted in case-insensitive - manner. For instance, if the sort order is ascending by name, - and IgnoreCase is enabled, file Zeta - will be listed after file alfa (Note: file - GAMMA will always be listed before file - gamma). This option only has an effect if FancyIndexing - is also enabled.
- -
NameWidth=[n | *] - (Apache 1.3.2 and later)
- -
The NameWidth keyword allows you to specify the width of - the filename column in bytes. If the keyword value is - '*', then the column is automatically sized to - the length of the longest filename in the display.
- -
ScanHTMLTitles
- -
- - This enables the extraction of the title from HTML documents - for fancy indexing. If the file does not have a description - given by AddDescription then - httpd will read the document for the value of the TITLE tag. - This is CPU and disk intensive.
- -
SuppressColumnSorting
- -
- - If specified, Apache will not make the column headings in a - FancyIndexed directory listing into links for sorting. The - default behavior is for them to be links; selecting the - column heading will sort the directory listing by the values - in that column. Only available in Apache 1.3 and - later.
- -
SuppressDescription
- -
- - This will suppress the file description in fancy indexing - listings. By default, no file descriptions are defined, and - so the use of this option will regain 23 characters of screen - space to use for something else. See AddDescription for - information about setting the file description. See also the - DescriptionWidth - index option to limit the size of the description - column.
- -
SuppressHTMLPreamble - (Apache 1.3 and later)
- -
- - If the directory actually contains a file specified by the HeaderName directive, the module - usually includes the contents of the file after a standard - HTML preamble (<HTML>, <HEAD>, et - cetera). The SuppressHTMLPreamble option disables this - behavior, causing the module to start the display with the - header file contents. The header file must contain - appropriate HTML instructions in this case. If there is no - header file, the preamble is generated as usual.
- -
SuppressLastModified
- -
- - This will suppress the display of the last modification date, - in fancy indexing listings.
- -
SuppressSize
- -
- - This will suppress the file size in fancy indexing - listings.
- -
TrackModified (Apache - 1.3.15 and later)
- -
- - This returns the Last-Modified and ETag values for the listed - directory in the HTTP header. It is only valid if the - operating system and file system return legitimate stat() - results. Most Unix systems do so, as do OS2's JFS and Win32's - NTFS volumes. OS2 and Win32 FAT volumes, for example, do not. - Once this feature is enabled, the client or proxy can track - changes to the list of files when they perform a HEAD - request. Note some operating systems correctly track new and - removed files, but do not track changes for sizes or dates of - the files within the directory.
-
- -

There are some noticeable differences in the behavior of - this directive in recent (post-1.3.0) versions of Apache.

- -
-
Apache 1.3.2 and earlier:
- -
-

The default is that no options are enabled. If multiple - IndexOptions could apply to a directory, then the most - specific one is taken complete; the options are not merged. - For example:

- -
-
-<Directory /web/docs>
-    IndexOptions FancyIndexing
-</Directory>
-<Directory /web/docs/spec>
-    IndexOptions ScanHTMLTitles
-</Directory>
-
-
- then only ScanHTMLTitles will be set for the - /web/docs/spec directory. -
- -
Apache 1.3.3 and later:
- -
-

Apache 1.3.3 introduced some significant changes in the - handling of IndexOptions directives. In - particular,

- -
    -
  • Multiple IndexOptions directives for a - single directory are now merged together. The result of - the example above will now be the equivalent of - IndexOptions FancyIndexing ScanHTMLTitles.
    • - -
  • The addition of the incremental syntax - (i.e., prefixing keywords with '+' or '-').
    • -
- -

Whenever a '+' or '-' prefixed keyword is encountered, - it is applied to the current IndexOptions - settings (which may have been inherited from an upper-level - directory). However, whenever an unprefixed keyword is - processed, it clears all inherited options and any - incremental settings encountered so far. Consider the - following example:

- -
- IndexOptions +ScanHTMLTitles -IconsAreLinks - FancyIndexing
- IndexOptions +SuppressSize
- -
- -

The net effect is equivalent to - IndexOptions FancyIndexing +SuppressSize, - because the unprefixed FancyIndexing discarded - the incremental keywords before it, but allowed them to - start accumulating again afterward.

- -

To unconditionally set the IndexOptions for - a particular directory, clearing the inherited settings, - specify keywords without either '+' or '-' prefixes.

-
-
-
- -

IndexOrderDefault directive

- - Syntax: IndexOrderDefault - Ascending|Descending Name|Date|Size|Description
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex
- Compatibility: - IndexOrderDefault is only available in Apache 1.3.4 and later. - -

The IndexOrderDefault directive is used in - combination with the FancyIndexing - index option. By default, fancyindexed directory listings are - displayed in ascending order by filename; the - IndexOrderDefault allows you to change this - initial display order.

- -

IndexOrderDefault takes two arguments. The - first must be either Ascending or - Descending, indicating the direction of the sort. - The second argument must be one of the keywords - Name, Date, Size, or - Description, and identifies the primary key. The - secondary key is always the ascending filename.

- -

You can force a directory listing to only be displayed in a - particular order by combining this directive with the SuppressColumnSorting - index option; this will prevent the client from requesting the - directory listing in a different order.

-
- -

ReadmeName - directive

- - Syntax: ReadmeName - filename
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_autoindex
- Compatibility: some features - only available after 1.3.6; see text - -

The ReadmeName directive sets the name of the file that will - be appended to the end of the index listing. Filename - is the name of the file to include, and is taken to be relative - to the location being indexed.

- -
- The filename argument is treated as a stub - filename in Apache 1.3.6 and earlier, and as a relative URI - in later versions. Details of how it is handled may be found - under the description of the HeaderName directive, which uses the - same mechanism and changed at the same time as - ReadmeName. -
- -

See also HeaderName.

- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html deleted file mode 100644 index 3061b1ea4aa..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_cern_meta.html +++ /dev/null @@ -1,148 +0,0 @@ - - - - - - - Module mod_cern_meta - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache module mod_cern_meta

- -

This module provides for CERN httpd metafile semantics.

- -

Status: Extension
- Source File: - mod_cern_meta.c
- Module Identifier: - cern_meta_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Summary

- - Emulate the CERN HTTPD Meta file semantics. Meta files are HTTP - headers that can be output in addition to the normal range of - headers for each file accessed. They appear rather like the - Apache .asis files, and are able to provide a crude way of - influencing the Expires: header, as well as providing other - curiosities. There are many ways to manage meta information, - this one was chosen because there is already a large number of - CERN users who can exploit this module. - -

More information on the - CERN metafile semantics is available.

- -

Directives

- - -
- -

MetaFiles - directive

- Syntax: MetaFiles on|off
- Default: MetaFiles - off
- Context: per-directory - config
- Status: Base
- Module: mod_cern_meta
- Compatibility: MetaFiles is - only available in Apache 1.3 and later. - -

Turns on/off Meta file processing on a per-directory basis. - This option was introduced in Apache 1.3.

-
- -

MetaDir directive

- Syntax: MetaDir - directory
- Default: MetaDir - .web
- Context: (Apache prior to 1.3) server - config
- Context: (Apache 1.3) per-directory - config
- Status: Base
- Module: mod_cern_meta
- Compatibility: MetaDir is only - available in Apache 1.1 and later. - -

Specifies the name of the directory in which Apache can find - meta information files. The directory is usually a 'hidden' - subdirectory of the directory that contains the file being - accessed. Set to "." to look in the same directory - as the file.

-
- -

MetaSuffix - directive

- Syntax: MetaSuffix - suffix
- Default: MetaSuffix - .meta
- Context: (Apache prior to 1.3) server - config
- Context: (Apache 1.3) per-directory - config
- Status: Base
- Module: mod_cern_meta
- Compatibility: MetaSuffix is - only available in Apache 1.1 and later. - -

Specifies the file name suffix for the file containing the - meta information. For example, the default values for the two - directives will cause a request to - DOCUMENT_ROOT/somedir/index.html to look in - DOCUMENT_ROOT/somedir/.web/index.html.meta and - will use its contents to generate additional MIME header - information.

- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html b/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html deleted file mode 100644 index 74435a72ed7..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_cgi.html +++ /dev/null @@ -1,232 +0,0 @@ - - - - - - - - Apache module mod_cgi - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_cgi

- -

This module provides for execution of CGI scripts.

- -

Status: Base
- Source File: mod_cgi.c
- Module Identifier: - cgi_module

- -

Summary

- - Any file that has the mime type - application/x-httpd-cgi or handler - cgi-script (Apache 1.1 or later) will be treated - as a CGI script, and run by the server, with its output being - returned to the client. Files acquire this type either by - having a name containing an extension defined by the AddType directive, or by being - in a ScriptAlias - directory. Files that are not in a ScriptAlias directory, - but which are of type application/x-httpd-cgi by - virtue of an AddType directive, will still not be - executed by the server unless Options ExecCGI is - enabled. See the Options directive for - more details. - -

When the server invokes a CGI script, it will add a variable - called DOCUMENT_ROOT to the environment. This - variable will contain the value of the DocumentRoot configuration - variable.

- -

For an introduction to using CGI scripts with Apache, see - our tutorial on Dynamic Content - with CGI.

- -

Directives

- - - -

See also: Options, ScriptAlias, AddType and AddHandler.

- -

CGI Environment variables

- The server will set the CGI environment variables as described - in the CGI - specification, with the following provisions: - -
-
REMOTE_HOST
- -
This will only be set if HostnameLookups - is set to on (it is off by default), and if a - reverse DNS lookup of the accessing host's address indeed - finds a host name.
- -
REMOTE_IDENT
- -
This will only be set if IdentityCheck is set to - on and the accessing host supports the ident - protocol. Note that the contents of this variable cannot be - relied upon because it can easily be faked, and if there is a - proxy between the client and the server, it is usually - totally useless.
- -
REMOTE_USER
- -
This will only be set if the CGI script is subject to - authentication.
-
- -

CGI Debugging

- Debugging CGI scripts has traditionally been difficult, mainly - because it has not been possible to study the output (standard - output and error) for scripts which are failing to run - properly. These directives, included in Apache 1.2 and later, - provide more detailed logging of errors when they occur. - -

CGI Logfile Format

- When configured, the CGI error log logs any CGI which does not - execute properly. Each CGI script which fails to operate causes - several lines of information to be logged. The first two lines - are always of the format: -
-  %% [time] request-line
-  %% HTTP-status CGI-script-filename
-
- If the error is that CGI script cannot be run, the log file - will contain an extra two lines: -
-  %%error
-  error-message
-
- Alternatively, if the error is the result of the script - returning incorrect header information (often due to a bug in - the script), the following information is logged: -
-  %request
-  All HTTP request headers received
-  POST or PUT entity (if any)
-  %response
-  All headers output by the CGI script
-  %stdout
-  CGI standard output
-  %stderr
-  CGI standard error
-
- (The %stdout and %stderr parts may be missing if the script did - not output anything on standard output or standard error). -
- -

ScriptLog - directive

- Syntax: ScriptLog - filename
- Default: none
- Context: server config
- Status: mod_cgi - -

The ScriptLog directive sets the CGI script error - logfile. If no ScriptLog is given, no error log is created. If - given, any CGI errors are logged into the filename given as - argument. If this is a relative file or path it is taken - relative to the server root.

- -

This log will be opened as the user the child processes run - as, ie. the user specified in the main User directive. This means that - either the directory the script log is in needs to be writable - by that user or the file needs to be manually created and set - to be writable by that user. If you place the script log in - your main logs directory, do NOT change the - directory permissions to make it writable by the user the child - processes run as.

- -

Note that script logging is meant to be a debugging feature - when writing CGI scripts, and is not meant to be activated - continuously on running servers. It is not optimized for speed - or efficiency, and may have security problems if used in a - manner other than that for which it was designed.

-
- -

ScriptLogLength directive

- Syntax: ScriptLogLength - bytes
- Default: 10385760
- Context: server config
- Status: mod_cgi - -

ScriptLogLength can be used to limit the size of - the CGI script logfile. Since the logfile logs a lot of - information per CGI error (all request headers, all script - output) it can grow to be a big file. To prevent problems due - to unbounded growth, this directive can be used to set an - maximum file-size for the CGI logfile. If the file exceeds this - size, no more information will be written to it.

-
- -

ScriptLogBuffer

- Syntax: ScriptLogBuffer - bytes
- Default: 1024
- Context: server config
- Status: mod_cgi - -

The size of any PUT or POST entity body that is logged to - the file is limited, to prevent the log file growing too big - too quickly if large bodies are being received. By default, up - to 1024 bytes are logged, but this can be changed with this - directive.

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_define.html b/usr.sbin/httpd/htdocs/manual/mod/mod_define.html deleted file mode 100644 index 76c6bec09cb..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_define.html +++ /dev/null @@ -1,140 +0,0 @@ - - - - - - -Apache module mod_define - - - - -
- -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- -
-

Module mod_define

-

Variable Definition For Arbitrary Directives

- -This module is contained in the mod_define.c file. It provides -the definition variables for arbitrary directives, i.e. variables which can be -expanded on any(!) directive line. It needs Extended API (EAPI). It is not -compiled into the server by default. To use mod_define you have -to enable the following line in the server build Configuration -file: - -

-

-    AddModule  modules/extra/mod_define.o
-
- -

-

- -

Define

-Syntax: - Define variable value
-Default: - none
-Context: - server config, virtual host, directory, .htaccess
-Override: none
-Status: Extension
-Module: mod_define.c
-Compatibility: Apache+EAPI
- -

-The Define directive defines a variable which later can be -expanded with the unsafe but short construct -``$variable'' or the safe but longer construct -``${variable}'' on any configuration line. -Do not intermix this with the third-party module mod_macro. The -mod_define module doesn't provide a general macro mechanism, -although one can consider variable substitutions as a special form of macros. -Because the value of to which ``$variable'' expands has -to fit into one line. When you need macros which can span more lines, you've -to use mod_macro. OTOH mod_macro cannot be used to -expand a variable/macro on an arbitrary directive line. So, the typical use -case of mod_define is to make strings variable (and this -way easily changeable at one location) and not to bundle things -together (as it's the typical use case for macros). - -

-The syntax of the expansion construct ( -``${variable}'') follows the Perl and Shell -syntax, but can be changed via the Define directive, too. Four -internal variables can be used for this. The default is: - -

-
-Define mod_define::escape "\\"
-Define mod_define::dollar "$"
-Define mod_define::open   "{"
-Define mod_define::close  "}"
-
-
- -

-When you need to escape some of the expansion constructs you place the -mod_define::escape character in front of it. The default is the backslash as -in Perl or the Shell. - -

-Example: -

-
-Define master     "Joe Average <joe@average.dom>"
-Define docroot    /usr/local/apache/htdocs
-Define hostname   foo
-Define domainname bar.dom
-Define portnumber 80
-  :
-<VirtualHost $hostname.$domainname:$portnumber>
-SetEnv       SERVER_MASTER "$master"
-ServerName   $hostname.$domainname
-ServerAlias  $hostname
-Port         $portnumber
-DocumentRoot $docroot
-<Directory $docroot>
-  :
-<Directory>
-
-
- - -
- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_digest.html b/usr.sbin/httpd/htdocs/manual/mod/mod_digest.html deleted file mode 100644 index 5f35e3694af..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_digest.html +++ /dev/null @@ -1,111 +0,0 @@ - - - - - - - Apache module mod_digest - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_digest

- -

This module provides for user authentication using MD5 - Digest Authentication.

- -

Status: Extension
- Source File: mod_digest.c
- Module Identifier: - digest_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Summary

- -

This module implements an older version of the MD5 Digest - Authentication specification which will probably not work with - modern browsers. Please see mod_auth_digest for a module - which implements the most recent version of the standard.

- -

Directives

- - - -

Using Digest Authentication

- -

Using MD5 Digest authentication is very simple. Simply set - up authentication normally. However, use "AuthType Digest" and - "AuthDigestFile" instead of the normal "AuthType Basic" and - "AuthUserFile". Everything else should remain the same.

- -

MD5 authentication provides a more secure password system, - but only works with supporting browsers. As of this writing - (January 2002), the only major browsers which support digest - authentication are Opera 4.0, - MS Internet - Explorer 5.0 and Amaya. - Therefore, we do not recommend using this feature on a large - Internet site. However, for personal and intra-net use, where - browser users can be controlled, it is ideal.

- -

See also mod_auth_digest, - which is an updated version of this module, in order to determine - whether you want to use that module instead. In either case, if - you are using one, you should not use the other, as they share - some of the same configuration directives.

-
- -

AuthDigestFile directive

- Syntax: AuthDigestFile - filename
- Context: directory, - .htaccess
- Override: AuthConfig
- Status: Base
- Module: mod_digest - -

The AuthDigestFile directive sets the name of a textual file - containing the list of users and encoded passwords for digest - authentication. Filename is the absolute path to the - user file.

- -

Example

- - AuthDigestFile /usr/local/apache/passwords/passwords.digest - -

The digest file uses a special format. Files in this format - can be created using the "htdigest" - utility found in the support/ subdirectory of the Apache distribution.

- -
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html b/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html deleted file mode 100644 index 6ae81e435e2..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_dir.html +++ /dev/null @@ -1,129 +0,0 @@ - - - - - - - - Apache module mod_dir - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_dir

- -

This module provides for "trailing slash" redirects and - serving directory index files.

- -

Status: Base
- Source File: mod_dir.c
- Module Identifier: - dir_module

- -

Summary

- The index of a directory can come from one of two sources: - -
    -
  • A file written by the user, typically called - index.html. The DirectoryIndex directive sets the - name of this file. This is controlled by - mod_dir.
    • - -
  • Otherwise, a listing generated by the server. This is - provided by mod_autoindex.
    • -
- The two functions are separated so that you can completely - remove (or replace) automatic index generation should you want - to. - -

A "trailing slash" redirect is issued when the server - receives a request for a URL - http://servername/foo/dirname where - dirname is a directory. Directories require a - trailing slash, so mod_dir issues a redirect to - http://servername/foo/dirname/.

- -

Directives

- - -
- -

DirectoryIndex directive

- - Syntax: DirectoryIndex - local-url [local-url] ...
- Default: DirectoryIndex - index.html
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Base
- Module: mod_dir - -

The DirectoryIndex directive sets the list of resources to - look for, when the client requests an index of the directory by - specifying a / at the end of the a directory name. - Local-url is the (%-encoded) URL of a document on the - server relative to the requested directory; it is usually the - name of a file in the directory. Several URLs may be given, in - which case the server will return the first one that it finds. - If none of the resources exist and the Indexes - option is set, the server will generate its own listing of the - directory.

- -

Example:

- -
- DirectoryIndex index.html -
- then a request for http://myserver/docs/ would - return http://myserver/docs/index.html if it - exists, or would list the directory if it did not. - -

Note that the documents do not need to be relative to the - directory;

- -
- DirectoryIndex index.html index.txt - /cgi-bin/index.pl -
- would cause the CGI script /cgi-bin/index.pl to be - executed if neither index.html or - index.txt existed in a directory. - -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html b/usr.sbin/httpd/htdocs/manual/mod/mod_env.html deleted file mode 100644 index 9e03e758c31..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_env.html +++ /dev/null @@ -1,146 +0,0 @@ - - - - - - - - Apache module mod_env - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache module mod_env

- -

This module provides for modifying the environment which is - passed to CGI scripts and SSI pages.

- -

Status: Base
- Source File: mod_env.c
- Module Identifier: - env_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Summary

- -

This module allows for control of the environment that will - be provided to CGI scripts and SSI pages. Environment variables - may be passed from the shell which invoked the httpd process. - Alternatively, environment variables may be set or unset within - the configuration process.

- -

For additional information, we provide a document on Environment Variables in Apache.

- -

Directives

- - -
- -

PassEnv directive

- Syntax: PassEnv - env-variable [env-variable] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_env
- Compatibility: PassEnv is only - available in Apache 1.1 and later. Directory and .htaccess context - is available in Apache 1.3.7 and later. - -

Specifies one or more environment variables to pass to CGI - scripts and SSI pages from the environment of the shell which - invoked the httpd process. Example:

-
-    PassEnv LD_LIBRARY_PATH
-
-
- -

SetEnv directive

- Syntax: SetEnv env-variable - value
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_env
- Compatibility: SetEnv is only - available in Apache 1.1 and later. Directory and .htaccess context - is available in Apache 1.3.7 and later. - -

Sets an environment variable, which is then passed on to CGI - scripts and SSI pages. Example:

-
-    SetEnv SPECIAL_PATH /foo/bin
-
-
- -

UnsetEnv - directive

- Syntax: UnsetEnv - env-variable [env-variable] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_env
- Compatibility: UnsetEnv is only - available in Apache 1.1 and later. Directory and .htaccess context - is available in Apache 1.3.7 and later. - -

Removes one or more environment variables from those passed - on to CGI scripts and SSI pages. Example:

-
-    UnsetEnv LD_LIBRARY_PATH
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html b/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html deleted file mode 100644 index 6ae1c73ce8e..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_expires.html +++ /dev/null @@ -1,264 +0,0 @@ - - - - - - - Apache module mod_expires - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_expires

- -

This module provides for the generation of - Expires HTTP headers according to user-specified - criteria.

- -

Status: Extension
- Source File: - mod_expires.c
- Module Identifier: - expires_module
- Compatibility: Available in - Apache 1.2 and later.

- -

Summary

- -

This module controls the setting of the Expires - HTTP header in server responses. The expiration date can set to - be relative to either the time the source file was last - modified, or to the time of the client access.

- -

The Expires HTTP header is an instruction to - the client about the document's validity and persistence. If - cached, the document may be fetched from the cache rather than - from the source until this time has passed. After that, the - cache copy is considered "expired" and invalid, and a new copy - must be obtained from the source.

- -

Directives

- - - -

Alternate Interval - Syntax

- -

The ExpiresDefault and ExpiresByType directives - can also be defined in a more readable syntax of the form:

- -
-
ExpiresDefault "<base> [plus] {<num> - <type>}*"
- ExpiresByType type/encoding "<base> [plus] - {<num> <type>}*"
-
- -

where <base> is one of:

- -
    -
  • access
    • - -
  • now (equivalent to - 'access')
    • - -
  • modification
    • -
- -

The 'plus' keyword is optional. <num> - should be an integer value [acceptable to atoi()], - and <type> is one of:

- -
    -
  • years
    • - -
  • months
    • - -
  • weeks
    • - -
  • days
    • - -
  • hours
    • - -
  • minutes
    • - -
  • seconds
    • -
- -

For example, any of the following directives can be used to - make documents expire 1 month after being accessed, by - default:

- -
-
ExpiresDefault "access plus 1 month"
- ExpiresDefault "access plus 4 weeks"
- ExpiresDefault "access plus 30 days"
-
- -

The expiry time can be fine-tuned by adding several - '<num> <type>' clauses:

- -
-
ExpiresByType text/html "access plus 1 month 15 - days 2 hours"
- ExpiresByType image/gif "modification plus 5 hours 3 - minutes"
-
- -

Note that if you use a modification date based setting, the - Expires header will not be added to content - that does not come from a file on disk. This is due to the fact - that there is no modification time for such content.

-
- -

ExpiresActive - directive

- -

Syntax: ExpiresActive - on|off
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Extension
- Module: mod_expires

- -

This directive enables or disables the generation of the - Expires header for the document realm in question. - (That is, if found in an .htaccess file, for - instance, it applies only to documents generated from that - directory.) If set to Off, no - Expires header will be generated for any document - in the realm (unless overridden at a lower level, such as an - .htaccess file overriding a server config file). - If set to On, the header will be added to - served documents according to the criteria defined by the ExpiresByType and ExpiresDefault directives - (q.v.).

- -

Note that this directive does not guarantee that an - Expires header will be generated. If the criteria - aren't met, no header will be sent, and the effect will be as - though this directive wasn't even specified.

-
- -

ExpiresByType - directive

- -

Syntax: ExpiresByType - mime-type <code>seconds
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Extension
- Module: mod_expires

- -

This directive defines the value of the Expires - header generated for documents of the specified type - (e.g., text/html). The second argument - sets the number of seconds that will be added to a base time to - construct the expiration date.

- -

The base time is either the last modification time of the - file, or the time of the client's access to the document. Which - should be used is specified by the - <code> field; M - means that the file's last modification time should be used as - the base time, and A means the client's access - time should be used.

- -

The difference in effect is subtle. If M is used, - all current copies of the document in all caches will expire at - the same time, which can be good for something like a weekly - notice that's always found at the same URL. If A is - used, the date of expiration is different for each client; this - can be good for image files that don't change very often, - particularly for a set of related documents that all refer to - the same images (i.e., the images will be accessed - repeatedly within a relatively short timespan).

- -

Example:

-
-   ExpiresActive On                  # enable expirations
-   ExpiresByType image/gif A2592000  # expire GIF images after a month
-                                     #  in the client's cache
-   ExpiresByType text/html M604800   # HTML documents are good for a
-                                     #  week from the time they were
-                                     #  changed, period
- 
-
- -

Note that this directive only has effect if - ExpiresActive On has been specified. It overrides, - for the specified MIME type only, any expiration date - set by the ExpiresDefault - directive.

- -

You can also specify the expiration time calculation using - an alternate syntax, described later in - this document.

-
- -

ExpiresDefault - directive

- -

Syntax: ExpiresDefault - <code>seconds
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Status: Extension
- Module: mod_expires

- -

This directive sets the default algorithm for calculating - the expiration time for all documents in the affected realm. It - can be overridden on a type-by-type basis by the ExpiresByType directive. See the - description of that directive for details about the syntax of - the argument, and the alternate syntax - description as well.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html b/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html deleted file mode 100644 index 663e3b8eea6..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_headers.html +++ /dev/null @@ -1,204 +0,0 @@ - - - - - - - Apache module mod_headers - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_headers

- -

This module provides for the customization of HTTP response - headers.

- -

Status: Extension
- Source File: - mod_headers.c
- Module Identifier: - headers_module
- Compatibility: Available in - Apache 1.2 and later.

- -

Summary

- This module provides a directive to control the sending of HTTP - headers. Headers can be merged, replaced or removed. - -

Directives

- - -
- -

Header directive

- Syntax: Header set|append|add - header value
- Syntax: Header unset - header
- Context: server config, virtual - host, access.conf, .htaccess
- Override: FileInfo
- Status: Extension
- Module: mod_headers - -

This directive can replace, merge or remove HTTP response - headers during 1xx and 2xx series replies. For 3xx, 4xx and 5xx - use the ErrorHeader directive. -

-

- The action it performs is determined by the first - argument. This can be one of the following values:

- -
    -
  • set
    - The response header is set, replacing any previous header - with this name
    • - -
  • append
    - The response header is appended to any existing header of - the same name. When a new value is merged onto an existing - header it is separated from the existing header with a comma. - This is the HTTP standard way of giving a header multiple - values.
    • - -
  • add
    - The response header is added to the existing set of headers, - even if this header already exists. This can result in two - (or more) headers having the same name. This can lead to - unforeseen consequences, and in general "append" should be - used instead.
    • - -
  • unset
    - The response header of this name is removed, if it exists. - If there are multiple headers of the same name, all will be - removed.
    • -
- This argument is followed by a header name, which can include - the final colon, but it is not required. Case is ignored. For - add, append and set a value is given as the third argument. If - this value contains spaces, it should be surrounded by double - quotes. For unset, no value should be given. - -

Order of Processing

- The Header directive can occur almost anywhere within the - server configuration. It is valid in the main server config and - virtual host sections, inside <Directory>, - <Location> and <Files> sections, and within - .htaccess files. - -

The Header directives are processed in the following - order:

- -
    -
  1. main server
    2. - -
  2. virtual host
    3. - -
  3. <Directory> sections and .htaccess
    4. - -
  4. <Location>
    5. - -
  5. <Files>
    6. -
- Order is important. These two headers have a different effect - if reversed: -
-Header append Author "John P. Doe"
-Header unset Author
-
- This way round, the Author header is not set. If reversed, the - Author header is set to "John P. Doe". - -

The Header directives are processed just before the response - is sent by its handler. These means that some headers that are - added just before the response is sent cannot be unset or - overridden. This includes headers such as "Date" and - "Server".

- -

ErrorHeader directive

- Syntax: ErrorHeader set|append|add - header value
- Syntax: ErrorHeader unset - header
- Context: server config, virtual - host, access.conf, .htaccess
- Override: FileInfo
- Status: Extension
- Module: mod_headers - -

This directive can replace, merge or remove HTTP response - headers during 3xx, 4xx and 5xx replies. For normal replies - use the Header directive. -

-

This directive is identical to the Header - directive in all other respects. Consult this directive for - more information on the syntax. -

- -

RequestHeader directive

- Syntax: RequestHeader set|append|add - header value
- Syntax: RequestHeader unset - header
- Context: server config, virtual - host, access.conf, .htaccess
- Override: FileInfo
- Status: Extension
- Module: mod_headers - -

This directive can replace, merge or remove HTTP request - headers. As opposed to the Header directive, - this directive modifies incoming request headers instead of outgoing - responses. -

-

This directive is identical to the Header - directive in all other respects. Consult this directive for - more information on the syntax. -

- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html b/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html deleted file mode 100644 index c930f62bc24..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_imap.html +++ /dev/null @@ -1,373 +0,0 @@ - - - - - - - Apache module mod_imap - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_imap

- -

This module provides for server-side imagemap - processing.

- -

Status: Base
- Source File: mod_imap.c
- Module Identifier: - imap_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Summary

- -

This module processes .map files, thereby - replacing the functionality of the imagemap CGI - program. Any directory or document type configured to use the - handler imap-file (using either AddHandler or - SetHandler) - will be processed by this module.

- -

The following directive will activate files ending with - .map as imagemap files:

- -
- AddHandler imap-file map -
- Note that the following is still supported: - -
- AddType application/x-httpd-imap map -
- However, we are trying to phase out "magic MIME types" so we - are deprecating this method. - -

Directives

- - - -

New Features

- The imagemap module adds some new features that were not - possible with previously distributed imagemap programs. - -
    -
  • URL references relative to the Referer: information.
    • - -
  • Default <BASE> assignment through a new map - directive base.
    • - -
  • No need for imagemap.conf file.
    • - -
  • Point references.
    • - -
  • Configurable generation of imagemap menus.
    • -
- -

Imagemap File

- The lines in the imagemap files can have one of several - formats: - -
- directive value [x,y ...]
- directive value "Menu text" [x,y ...]
- directive value x,y ... "Menu text"
-
- The directive is one of base, - default, poly, circle, - rect, or point. The value is an - absolute or relative URL, or one of the special values listed - below. The coordinates are x,y pairs separated by - whitespace. The quoted text is used as the text of the link if - a imagemap menu is generated. Lines beginning with '#' are - comments. - -

Imagemap File Directives

- There are six directives allowed in the imagemap file. The - directives can come in any order, but are processed in the - order they are found in the imagemap file. - -
-
base Directive
- -
Has the effect of <BASE HREF="value">. - The non-absolute URLs of the map-file are taken relative to - this value. The base directive overrides - ImapBase as set in a .htaccess file or in the server - configuration files. In the absence of an ImapBase - configuration directive, base defaults to - http://server_name/.
- base_uri is synonymous with base. - Note that a trailing slash on the URL is significant.
- -
default Directive
- -
The action taken if the coordinates given do not fit any - of the poly, circle or - rect directives, and there are no - point directives. Defaults to - nocontent in the absence of an ImapDefault - configuration setting, causing a status code of 204 No - Content to be returned. The client should keep the - same page displayed.
- -
poly Directive
- -
Takes three to one-hundred points, and is obeyed if the - user selected coordinates fall within the polygon defined by - these points.
- -
circle
- -
Takes the center coordinates of a circle and a point on - the circle. Is obeyed if the user selected point is with the - circle.
- -
rect Directive
- -
Takes the coordinates of two opposing corners of a - rectangle. Obeyed if the point selected is within this - rectangle.
- -
point Directive
- -
Takes a single point. The point directive closest to the - user selected point is obeyed if no other directives are - satisfied. Note that default will not be - followed if a point directive is present and - valid coordinates are given.
-
- -

Values

- The values for each of the directives can any of the following: - - -
-
a URL
- -
The URL can be relative or absolute URL. Relative URLs - can contain '..' syntax and will be resolved relative to the - base value.
- base itself will not resolved according to the - current value. A statement base mailto: will - work properly, though.
- -
map
- -
Equivalent to the URL of the imagemap file itself. No - coordinates are sent with this, so a menu will be generated - unless ImapMenu is set to 'none'.
- -
menu
- -
Synonymous with map.
- -
referer
- -
Equivalent to the URL of the referring document. Defaults - to http://servername/ if no Referer: header was - present.
- -
nocontent
- -
Sends a status code of 204 No Content, - telling the client to keep the same page displayed. Valid for - all but base.
- -
error
- -
Fails with a 500 Server Error. Valid for all - but base, but sort of silly for anything but - default.
-
- -

Coordinates

- -
-
0,0 200,200
- -
A coordinate consists of an x and a y - value separated by a comma. The coordinates are separated - from each other by whitespace. To accommodate the way Lynx - handles imagemaps, should a user select the coordinate - 0,0, it is as if no coordinate had been - selected.
-
- -

Quoted Text

- -
-
"Menu Text"
- -
After the value or after the coordinates, the line - optionally may contain text within double quotes. This string - is used as the text for the link if a menu is - generated:
- <a HREF="http://foo.com/">Menu - text</a>
- If no quoted text is present, the name of the link will be - used as the text:
- <a - HREF="http://foo.com/">http://foo.com</a>
- If you want to use double quotes within this text, you have to - write them as &quot;.
-
- -

Example Mapfile

- -
- #Comments are printed in a 'formatted' or - 'semiformatted' menu.
- #And can contain html tags. <hr>
- base referer
- poly map "Could I have a menu, please?" 0,0 0,10 10,10 - 10,0
- rect .. 0,0 77,27 "the directory of the referer"
- circle http://www.inetnebr.com/lincoln/feedback/ 195,0 - 305,27
- rect another_file "in same directory as referer" 306,0 - 419,27
- point http://www.zyzzyva.com/ 100,100
- point http://www.tripod.com/ 200,200
- rect mailto:nate@tripod.com 100,150 200,0 "Bugs?"
- -
- -

Referencing your mapfile

- -
- <A HREF="/maps/imagemap1.map">
- <IMG ISMAP SRC="/images/imagemap1.gif">
- </A> -
-
- -

ImapMenu - directive

- Syntax: ImapMenu - none|formatted|semiformatted|unformatted
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Module: mod_imap
- Compatibility: ImapMenu is only - available in Apache 1.1 and later. - -

The ImapMenu directive determines the action taken if an - imagemap file is called without valid coordinates.

- -
-
none
- -
If ImapMenu is none, no menu is generated, - and the default action is performed.
- -
formatted
- -
A formatted menu is the simplest menu. - Comments in the imagemap file are ignored. A level one header - is printed, then an hrule, then the links each on a separate - line. The menu has a consistent, plain look close to that of - a directory listing.
- -
semiformatted
- -
In the semiformatted menu, comments are - printed where they occur in the imagemap file. Blank lines - are turned into HTML breaks. No header or hrule is printed, - but otherwise the menu is the same as a - formatted menu.
- -
unformatted
- -
Comments are printed, blank lines are ignored. Nothing is - printed that does not appear in the imagemap file. All breaks - and headers must be included as comments in the imagemap - file. This gives you the most flexibility over the appearance - of your menus, but requires you to treat your map files as - HTML instead of plaintext.
-
-
- -

ImapDefault - directive

- Syntax: ImapDefault - error|nocontent|map|referer|URL
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Module: mod_imap
- Compatibility: ImapDefault is - only available in Apache 1.1 and later. - -

The ImapDefault directive sets the default - default used in the imagemap files. Its value is - overridden by a default directive within the - imagemap file. If not present, the default action - is nocontent, which means that a 204 No - Content is sent to the client. In this case, the client - should continue to display the original page.

-
- -

ImapBase - directive

- Syntax: ImapBase - map|referer|URL
- Context: server config, virtual - host, directory, .htaccess
- Override: Indexes
- Module: mod_imap
- Compatibility: ImapBase is only - available in Apache 1.1 and later. - -

The ImapBase directive sets the default base - used in the imagemap files. Its value is overridden by a - base directive within the imagemap file. If not - present, the base defaults to - http://servername/. -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html b/usr.sbin/httpd/htdocs/manual/mod/mod_include.html deleted file mode 100644 index 905188fcf8d..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_include.html +++ /dev/null @@ -1,603 +0,0 @@ - - - - - - - Apache module mod_include - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_include

- -

This module provides for documents with Server Side Includes - (SSI).

- -

Status: Base
- Source File: - mod_include.c
- Module Identifier: - includes_module

- -

Summary

- -

This module provides a handler which will process files - before they are sent to the client. The processing is - controlled by specially formated SGML comments, referred to as - elements. These elements allow conditional text, the - inclusion other files or programs, as well as the setting and - printing of environment variables.

- -

For an introduction to this topic, we also provide a tutorial on Server Side - Includes.

- -

Directives

- - - -

See also: Options and AddHandler.

- -

Enabling Server-Side Includes

- Any document with handler of "server-parsed" will be parsed by - this module, if the Includes option is set. If - documents containing server-side include directives are given - the extension .shtml, the following directives will make Apache - parse them and assign the resulting document the mime type of - text/html: -
-AddType text/html .shtml
-AddHandler server-parsed .shtml
-
- The following directive must be given for the directories - containing the shtml files (typically in a - <Directory> section, but this directive is - also valid .htaccess files if AllowOverride - Options is set): -
-Options +Includes
-
- Alternatively the XBitHack - directive can be used to parse normal (text/html) - files, based on file permissions. - -

For backwards compatibility, documents with mime type - text/x-server-parsed-html or - text/x-server-parsed-html3 will also be parsed - (and the resulting output given the mime type - text/html).

- -

Basic Elements

- The document is parsed as an HTML document, with special - commands embedded as SGML comments. A command has the syntax: - -
- <!--#element attribute=value - attribute=value ... --> -
- The value will often be enclosed in double quotes; many - commands only allow a single attribute-value pair. Note that - the comment terminator (-->) should be preceded - by whitespace to ensure that it isn't considered part of an SSI - token. - -

The allowed elements are:

- -
-
config
- -
- This command controls various aspects of the parsing. The - valid attributes are: - -
-
errmsg
- -
The value is a message that is sent back to the - client if an error occurs whilst parsing the - document.
- -
sizefmt
- -
The value sets the format to be used which displaying - the size of a file. Valid values are bytes - for a count in bytes, or abbrev for a count - in Kb or Mb as appropriate.
- -
timefmt
- -
The value is a string to be used by the - strftime(3) library routine when printing - dates.
-
-
- -
echo
- -
- This command prints one of the include - variables, defined - below. If the variable is unset, it is printed as - (none). Any dates printed are subject to the - currently configured timefmt. Attributes: - -
-
var
- -
The value is the name of the variable to print.
- -
encoding
- -
Specifies how Apache should encode special characters - contained in the variable before outputting them. If set - to "none", no encoding will be done. If set to "url", - then URL encoding (also known as %-encoding; this is - appropriate for use within URLs in links, etc.) will be - performed. At the start of an echo element, - the default is set to "entity", resulting in entity - encoding (which is appropriate in the context of a - block-level HTML element, eg. a paragraph of text). This - can be changed by adding an encoding - attribute, which will remain in effect until the next - encoding attribute is encountered or the - element ends, whichever comes first. Note that the - encoding attribute must precede the - corresponding var attribute to be effective, - and that only special characters as defined in the - ISO-8859-1 character encoding will be encoded. This - encoding process may not have the desired result if a - different character encoding is in use. Apache 1.3.12 and - above; previous versions do no encoding.
-
-
- -
exec
- -
- The exec command executes a given shell command or CGI - script. The IncludesNOEXEC Option disables this command - completely. The valid attributes are: - -
-
cgi
- -
- The value specifies a (%-encoded) URL relative path to - the CGI script. If the path does not begin with a (/), - then it is taken to be relative to the current - document. The document referenced by this path is - invoked as a CGI script, even if the server would not - normally recognize it as such. However, the directory - containing the script must be enabled for CGI scripts - (with ScriptAlias or - the ExecCGI Option). - -

The CGI script is given the PATH_INFO and query - string (QUERY_STRING) of the original request from the - client; these cannot be specified in the URL path. The - include variables will be available to the script in - addition to the standard CGI - environment.

- -

For example:

- - <!--#exec cgi="/cgi-bin/example.cgi" --> - -

If the script returns a Location: header instead of - output, then this will be translated into an HTML - anchor.

- -

The include - virtual element should be - used in preference to exec cgi. In particular, - if you need to pass additional arguments to a CGI program, - using the query string, this cannot be done with exec - cgi, but can be done with include - virtual, as shown here:

- - <!--#include virtual="/cgi-bin/example.cgi?argument=value" --> -
- -
cmd
- -
-

The server will execute the given string using - /bin/sh. The include variables are available - to the command, in addition to the usual set of CGI - variables.

- -

The use of #include - virtual is almost always - prefered to using either #exec cgi or #exec - cmd. The former (#include virtual) used the - standard Apache sub-request mechanism to include files or - scripts. It is much better tested and maintained.

- -

In addition, on some platforms, like Win32, and on unix - when using suexec, you cannot pass arguments to a command in - an exec directive, or otherwise include spaces in - the command. Thus, while the following will work under a - non-suexec configuration on unix, it will not produce the - desired result under Win32, or when running suexec:

- - <!--#exec cmd="perl /path/to/perlscript arg1 arg2" --> - -
-
-
- -
fsize
- -
- This command prints the size of the specified file, subject - to the sizefmt format specification. - Attributes: - -
-
file
- -
The value is a path relative to the directory - containing the current document being parsed.
- -
virtual
- -
The value is a (%-encoded) URL-path relative to the - current document being parsed. If it does not begin with - a slash (/) then it is taken to be relative to the - current document.
-
-
- -
flastmod
- -
This command prints the last modification date of the - specified file, subject to the timefmt format - specification. The attributes are the same as for the - fsize command.
- -
include
- -
- This command inserts the text of another document or file - into the parsed file. Any included file is subject to the - usual access control. If the directory containing the - parsed file has the Option - IncludesNOEXEC set, and the including the document would - cause a program to be executed, then it will not be - included; this prevents the execution of CGI scripts. - Otherwise CGI scripts are invoked as normal using the - complete URL given in the command, including any query - string. - -

An attribute defines the location of the document; the - inclusion is done for each attribute given to the include - command. The valid attributes are:

- -
-
file
- -
The value is a path relative to the directory - containing the current document being parsed. It cannot - contain ../, nor can it be an absolute path. - Therefore, you cannot include files that are outside of the - document root, or above the current document in the directory - structure. - The virtual attribute should always be used - in preference to this one.
- -
virtual
- -
-

The value is a (%-encoded) URL relative to the - current document being parsed. The URL cannot contain a - scheme or hostname, only a path and an optional query - string. If it does not begin with a slash (/) then it is - taken to be relative to the current document.

- -

A URL is constructed from the attribute, and the output the - server would return if the URL were accessed by the client - is included in the parsed output. Thus included files can - be nested.

- -

If the specified URL is a CGI program, the program will - be executed and its output inserted in place of the directive - in the parsed file. You may include a query string in a CGI - url:

- - <!--#include virtual="/cgi-bin/example.cgi?argument=value" --> - -

include virtual should be used in preference - to exec cgi to include the output of CGI - programs into an HTML document. -

-
-
- -
printenv
- -
-

This prints out a listing of all existing variables and - their values. Starting with Apache 1.3.12, special characters - are entity encoded (see the echo element for details) - before being output. There are no attributes.

- -

For example:

- -

<!--#printenv -->

- -

The printenv element is available only in - Apache 1.2 and above.

-
-
set
- -
- This sets the value of a variable. Attributes: - -
-
var
- -
The name of the variable to set.
- -
value
- -
The value to give a variable.
-
-

- For example: <!--#set var="category" value="help" - -->

- -

The set element is available only in - Apache 1.2 and above.

-
-
- -

Include Variables

- In addition to the variables in the standard CGI environment, - these are available for the echo command, for - if and elif, and to any program - invoked by the document. - -
-
DATE_GMT
- -
The current date in Greenwich Mean Time.
- -
DATE_LOCAL
- -
The current date in the local time zone.
- -
DOCUMENT_NAME
- -
The filename (excluding directories) of the document - requested by the user.
- -
DOCUMENT_URI
- -
The (%-decoded) URL path of the document requested by the - user. Note that in the case of nested include files, this is - not then URL for the current document.
- -
LAST_MODIFIED
- -
The last modification date of the document requested by - the user.
- -
USER_NAME
- -
Contains the owner of the file which included it.
- -
- -

Variable Substitution

- -

Variable substitution is done within quoted strings in most - cases where they may reasonably occur as an argument to an SSI - directive. This includes the config, - exec, flastmod, fsize, - include, and set directives, as well - as the arguments to conditional operators. You can insert a - literal dollar sign into the string using backslash - quoting:

-
-    <!--#if expr="$a = \$test" -->
-
- -

If a variable reference needs to be substituted in the - middle of a character sequence that might otherwise be - considered a valid identifier in its own right, it can be - disambiguated by enclosing the reference in braces, - à la shell substitution:

-
-    <!--#set var="Zed" value="${REMOTE_HOST}_${REQUEST_METHOD}" -->
-
- -

This will result in the Zed variable being set - to "X_Y" if REMOTE_HOST is - "X" and REQUEST_METHOD is - "Y".

- -

EXAMPLE: the below example will print "in foo" if the - DOCUMENT_URI is /foo/file.html, "in bar" if it is - /bar/file.html and "in neither" otherwise:

-
-    <!--#if expr="\"$DOCUMENT_URI\" = \"/foo/file.html\"" -->
-    in foo
-    <!--#elif expr="\"$DOCUMENT_URI\" = \"/bar/file.html\"" -->
-    in bar
-    <!--#else -->
-    in neither
-    <!--#endif -->
-
- -

Flow Control - Elements

- These are available in Apache 1.2 and above. The basic flow - control elements are: -
-    <!--#if expr="test_condition" -->
-    <!--#elif expr="test_condition" -->
-    <!--#else -->
-    <!--#endif -->
-
- -

The if element works like an - if statement in a programming language. The test condition is - evaluated and if the result is true, then the text until the - next elif, - else. or - endif element is included in the - output stream.

- -

The elif or - else statements are be used the - put text into the output stream if the original test_condition - was false. These elements are optional.

- -

The endif element ends the - if element and is required.

- -

test_condition is one of the following:

- -
-
string
- -
true if string is not empty
- -
string1 = string2
- string1 != string2
- string1 < string2
- string1 <= string2
- string1 > string2
- string1 >= string2
- -
Compare string1 with string 2. If string2 has the form - /string/ then it is compared as a regular - expression. Regular expressions have the same syntax as those - found in the Unix egrep command.
- -
( test_condition )
- -
true if test_condition is true
- -
! test_condition
- -
true if test_condition is false
- -
test_condition1 && - test_condition2
- -
true if both test_condition1 and - test_condition2 are true
- -
test_condition1 || test_condition2
- -
true if either test_condition1 or - test_condition2 is true
-
- -

"=" and "!=" bind more tightly than - "&&" and "||". "!" binds - most tightly. Thus, the following are equivalent:

-
-    <!--#if expr="$a = test1 && $b = test2" -->
-    <!--#if expr="($a = test1) && ($b = test2)" -->
-
- -

Anything that's not recognized as a variable or an operator - is treated as a string. Strings can also be quoted: - 'string'. Unquoted strings can't contain whitespace - (blanks and tabs) because it is used to separate tokens such as - variables. If multiple strings are found in a row, they are - concatenated using blanks. So,

-
-     string1    string2  results in string1 string2
-    'string1    string2' results in string1    string2
-
- -

Using Server Side Includes for ErrorDocuments

- There is a document - which describes how to use the features of mod_include to offer - internationalized customized server error documents. -
- -

XBitHack - directive

- - Syntax: XBitHack - on|off|full
- Default: XBitHack - off
- Context: server config, virtual - host, directory, .htaccess
- Override: Options
- Status: Base
- Module: mod_include - -

The XBitHack directives controls the parsing of ordinary - html documents. This directive only affects files associated - with the MIME type text/html. XBitHack can take on - the following values:

- -
-
off
- -
No special treatment of executable files.
- -
on
- -
Any file that has the user-execute bit set will be - treated as a server-parsed html document.
- -
full
- -
- As for on but also test the group-execute bit. - If it is set, then set the Last-modified date of the - returned file to be the last modified time of the file. If - it is not set, then no last-modified date is sent. Setting - this bit allows clients and proxies to cache the result of - the request. - -

Note: you would not want to use this, - for example, when you #include a CGI that - produces different output on each hit (or potentially - depends on the hit).

-
-
- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html b/usr.sbin/httpd/htdocs/manual/mod/mod_info.html deleted file mode 100644 index 9175e2ed4da..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_info.html +++ /dev/null @@ -1,125 +0,0 @@ - - - - - - - - Apache module mod_info - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_info

- -

This module provides a comprehensive overview of the server - configuration including all installed modules and directives in - the configuration files.

- -

Status: Extension
- Source File: mod_info.c
- Module Identifier: - info_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Directives

- - - -

Using mod_info

- -

To configure it, add the following to your - access.conf file.

-
-<Location /server-info>
-SetHandler server-info
-</Location>
-
- You may wish to add a <Limit> clause inside the location directive to limit - access to your server configuration information. - -

Once configured, the server information is obtained by - accessing http://your.host.dom/server-info

- -
-

Note that the configuration files are read by the - module at run-time, and therefore the display may - not reflect the running server's active - configuration if the files have been changed since the server - was last reloaded. Also, the configuration files must be - readable by the user as which the server is running (see the - User directive), or - else the directive settings will not be listed.

- -

It should also be noted that if - mod_info is compiled into the server, its - handler capability is available in all configuration - files, including per-directory files (e.g., - .htaccess). This may have security-related - ramifications for your site.

- -

In particular, this module can leak sensitive information - from the configuration directives of other Apache modules such as - system paths, usernames/passwords, database names, etc. Due to - the way this module works there is no way to block information - from it. Therefore, this module should ONLY be used in a controlled - environment and always with caution.

- -
-
- -

AddModuleInfo

- Syntax: AddModuleInfo - module-name string
- Context: server config, virtual - host
- Status: Extension
- Module: mod_info
- Compatibility: Apache 1.3 and - above - -

This allows the content of string to be shown as - HTML interpreted, Additional Information for - the module module-name. Example:

- -
-
-AddModuleInfo mod_auth.c 'See <A HREF="http://www.apache.org/docs/mod/mod_auth.html">http://www.apache.org/docs/mod/mod_auth.html</A>'
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_agent.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_agent.html deleted file mode 100644 index 14443e97535..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_agent.html +++ /dev/null @@ -1,116 +0,0 @@ - - - - - - - Module mod_log_agent - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_log_agent

- -

This module provides for logging of the client user - agents.

- -

Status: Extension
- Source File: - mod_log_agent.c
- Module Identifier: - agent_log_module

- -

Summary

- -

This module is provided strictly for compatibility with NCSA - httpd, and is deprecated. We recommend you use mod_log_config instead.

- -

Directives

- - - -

See also: CustomLog and LogFormat.

-
- -

AgentLog

- - Syntax: AgentLog - file-pipe
- Default: AgentLog - logs/agent_log
- Context: server config, virtual - host
- Status: Extension
- Module: mod_log_agent - -

The AgentLog directive sets the name of the file to which - the server will log the UserAgent header of incoming requests. - File-pipe is one of

- -
-
A filename
- -
A filename relative to the ServerRoot.
- -
`|' followed by a command
- -
A program to receive the agent log information on its - standard input. Note the a new program will not be started - for a VirtualHost if it inherits the AgentLog from the main - server.
-
- Security: if a program is used, then it will - be run under the user who started httpd. This will be root if - the server was started by root; be sure that the program is - secure. - -

Security: See the security tips document - for details on why your security could be compromised if the - directory where logfiles are stored is writable by anyone other - than the user that starts the server.

- -

This directive is provided for compatibility with NCSA - 1.4. The same result can be obtained by using the LogFormat and CustomLog directives as - shown in the following example:

- -
-    LogFormat "%{User-agent}i" agent
-    CustomLog logs/agent_log agent
-
- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html deleted file mode 100644 index 71992b7b0f4..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_common.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - Apache module mod_log_common - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_log_common

- This module is contained in the mod_log_common.c - file, and is compiled in by default. It provides for logging of - the requests made to the server using the Common Logfile - Format. This module has been replaced by mod_log_config in - Apache 1.2 - -

Log file format

- The log file contains a separate line for each request. A line - is composed of several tokens separated by spaces: - -
- host ident authuser date request status bytes -
- If a token does not have a value then it is represented by a - hyphen (-). The meanings and values of these tokens are as - follows: - -
-
host
- -
The fully-qualified domain name of the client, or its IP - number if the name is not available.
- -
ident
- -
If IdentityCheck is - enabled and the client machine runs identd, then this is the - identity information reported by the client.
- -
authuser
- -
If the request was for a password protected document, - then this is the userid used in the request.
- -
date
- -
- The date and time of the request, in the following format: - -
-
-
- date = [day/month/year:hour:minute:second - zone]
- day = 2*digit
- month = 3*letter
- year = 4*digit
- hour = 2*digit
- minute = 2*digit
- second = 2*digit
- zone = (`+' | `-') 4*digit -
-
-
-
- -
request
- -
The request line from the client, enclosed in double - quotes (").
- -
status
- -
The three digit status code returned to the client.
- -
bytes
- -
The number of bytes in the object returned to the client, - not including any headers.
-
- -

Directives

- - -
- -

TransferLog

- - Syntax: TransferLog - file-pipe
- Default: TransferLog - logs/transfer_log
- Context: server config, virtual - host
- Status: Base
- Module: mod_log_common - -

The TransferLog directive sets the name of the file to which - the server will log the incoming requests. File-pipe - is one of

- -
-
A filename
- -
A filename relative to the ServerRoot.
- -
`|' followed by a command
- -
A program to receive the agent log information on its - standard input. Note the a new program will not be started - for a VirtualHost if it inherits the TransferLog from the - main server. See, just as an example, cronolog.
-
- Security: if a program is used, then it will - be run under the user who started httpd. This will be root if - the server was started by root; be sure that the program is - secure. - -

Security: See the security tips document - for details on why your security could be compromised if the - directory where logfiles are stored is writable by anyone other - than the user that starts the server.

- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html deleted file mode 100644 index d1ccc9fed1b..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_config.html +++ /dev/null @@ -1,420 +0,0 @@ - - - - - - - - Apache module mod_log_config - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_log_config

- -

This module provides for logging of the requests made to the - server, using the Common Log Format or a user-specified - format.

- -

Status: Base
- Source File: - mod_log_config.c
- Module Identifier: - config_log_module
- Compatibility: Was an extension - module prior to Apache 1.2.

- -

Summary

- -

This module provides for flexible logging of client - requests. Logs are written in a customizable format, and may be - written directly to a file, or to an external program. - Conditional logging is provided so that individual requests may - be included or excluded from the logs based on characteristics - of the request.

- -

Three directives are provided by this module: - TransferLog to create a log file, - LogFormat to set a custom format, and - CustomLog to define a log file and format in one - step. The TransferLog and CustomLog - directives can be used multiple times in each server to cause - each request to be logged to multiple files.

- -

See also: Apache Log Files.

- -

Directives

- - - -

Custom Log Formats

- -

The format argument to the LogFormat and - CustomLog directives is a string. This string is - used to log each request to the log file. It can contain literal - characters copied into the log files and the C-style control - characters "\n" and "\t" to represent new-lines and tabs. - Literal quotes and back-slashes should be escaped with - back-slashes.

- -

The characteristics of the request itself are logged by - placing "%" directives in the format string, which are - replaced in the log entry by the values as follows:

-
-%...a:          Remote IP-address
-%...A:          Local IP-address
-%...B:          Bytes sent, excluding HTTP headers.
-%...b:          Bytes sent, excluding HTTP headers. In CLF format
-        i.e. a '-' rather than a 0 when no bytes are sent.
-%...c:          Connection status when response was completed.
-                'X' = connection aborted before the response completed.
-                '+' = connection may be kept alive after the response is sent.
-                '-' = connection will be closed after the response is sent.
-%...{FOOBAR}e:  The contents of the environment variable FOOBAR
-%...f:          Filename
-%...h:          Remote host
-%...H       The request protocol
-%...{Foobar}i:  The contents of Foobar: header line(s) in the request
-                sent to the server.
-%...l:          Remote logname (from identd, if supplied)
-%...m       The request method
-%...{Foobar}n:  The contents of note "Foobar" from another module.
-%...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
-%...p:          The canonical Port of the server serving the request
-%...P:          The process ID of the child that serviced the request.
-%...q       The query string (prepended with a ? if a query string exists,
-        otherwise an empty string)
-%...r:          First line of request
-%...s:          Status.  For requests that got internally redirected, this is
-                the status of the *original* request --- %...>s for the last.
-%...t:          Time, in common log format time format (standard english format)
-%...{format}t:  The time, in the form given by format, which should
-                be in strftime(3) format. (potentially localized)
-%...T:          The time taken to serve the request, in seconds.
-%...u:          Remote user (from auth; may be bogus if return status (%s) is 401)
-%...U:          The URL path requested, not including any query string.
-%...v:          The canonical ServerName of the server serving the request.
-%...V:          The server name according to the UseCanonicalName setting.
-
- -

The "..." can be nothing at all (e.g., "%h %u - %r %s %b"), or it can indicate conditions for inclusion - of the item (which will cause it to be replaced with "-" if the - condition is not met). The forms of condition are a list of - HTTP status codes, which may or may not be preceded by "!". - Thus, "%400,501{User-agent}i" logs User-agent: on 400 errors - and 501 errors (Bad Request, Not Implemented) only; - "%!200,304,302{Referer}i" logs Referer: on all requests which - did not return some sort of normal status.

- -

Note that in versions previous to 1.3.25 no escaping was performed - on the strings from %...r, %...i and - %...o. This was mainly to comply with the requirements of - the Common Log Format. This implied that clients could insert control - characters into the log, so you had to be quite careful when dealing - with raw log files.

- -

For security reasons starting with 1.3.25 non-printable and - other special characters are escaped mostly by using - \xhh sequences, where hh stands for - the hexadecimal representation of the raw byte. Exceptions from this - rule are " and \ which are escaped by prepending - a backslash, and all whitespace characters that are written in their - C-style notation (\n, \t, etc).

- -

Some commonly used log format strings are:

- -
-
Common Log Format (CLF)
- -
"%h %l %u %t \"%r\" %>s %b"
- -
Common Log Format with Virtual Host
- -
"%v %h %l %u %t \"%r\" %>s %b"
- -
NCSA extended/combined log format
- -
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" - \"%{User-agent}i\""
- -
Referer log format
- -
"%{Referer}i -> %U"
- -
Agent (Browser) log format
- -
"%{User-agent}i"
-
- -

Note that the canonical ServerName and Port of the server serving the - request are used for %v and %p - respectively. This happens regardless of the UseCanonicalName setting - because otherwise log analysis programs would have to duplicate - the entire vhost matching algorithm in order to decide what - host really served the request.

- -

Security Considerations

- -

See the security tips - document for details on why your security could be compromised - if the directory where logfiles are stored is writable by - anyone other than the user that starts the server.

- -

Compatibility notes

- -
    -
  • This module is based on mod_log_config distributed with - previous Apache releases, now updated to handle multiple - logs. There is now no need to rebuild Apache to change - configuration log formats.
    • - -
  • The module also implements the CookieLog - directive, used to log user-tracking information created by - mod_usertrack. The use of - CookieLog is deprecated, and a - CustomLog should be defined to log user-tracking - information instead.
    • - -
  • As of Apache 1.3.5, this module allows conditional - logging based upon the setting of environment variables. That is, you - can control whether a request should be logged or not based - upon whether an arbitrary environment variable is defined or - not. This is configurable on a per-logfile - basis.
    • - -
  • Beginning with Apache 1.3.5, the mod_log_config module - has also subsumed the RefererIgnore - functionality from mod_log_referer. The effect - of RefererIgnore can be achieved by combinations - of SetEnvIf - directives and conditional CustomLog - definitions.
    • -
-
- -

CookieLog - directive

- -

Syntax: CookieLog - filename
- Context: server config, virtual - host
- Module: mod_cookies
- Compatibility: Only available - in Apache 1.2 and above

- -

The CookieLog directive sets the filename for logging of - cookies. The filename is relative to the ServerRoot. This directive is - included only for compatibility with mod_cookies, and is deprecated.

-
- -

CustomLog directive

- -

Syntax: CustomLog - file|pipe format|nickname - [env=[!]environment-variable]
- Context: server config, virtual - host
- Status: Base
- Compatibility: Nickname only - available in Apache 1.3 or later. Conditional logging available - in 1.3.5 or later.
- Module: mod_log_config

- -

The CustomLog directive is used to log requests - to the server. A log format is specified, and the logging can - optionally be made conditional on request characteristics using - environment variables.

- -

The first argument, which specifies the location to which - the logs will be written, can take one of the following two - types of values:

- -
-
file
- -
A filename, relative to the ServerRoot.
- -
pipe
- -
The pipe character "|", followed by the path - to a program to receive the log information on its standard - input. Security: if a program is used, then - it will be run as the user who started httpd. This will be - root if the server was started by root; be sure that the - program is secure.
-
- -

The second argument specifies what will be written to the - log file. It can specify either a nickname defined by - a previous LogFormat directive, or it - can be an explicit format string as described in the - log formats section.

- -

For example, the following two sets of directives have - exactly the same effect:

-
-     # CustomLog with format nickname
-     LogFormat "%h %l %u %t \"%r\" %>s %b" common
-     CustomLog logs/access_log common
-
-     # CustomLog with explicit format string
-     CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"
-
- -

The third argument is optional and controls - whether or not to log a particular request based on the - presence or absence of a particular variable in the server - environment. If the specified environment - variable is set for the request (or is not set, in the case - of a 'env=!name' clause), then the - request will be logged.

- -

Environment variables can be set on a per-request - basis using the mod_setenvif - and/or mod_rewrite modules. For - example, if you want to record requests for all GIF - images on your server in a separate logfile but not in your main - log, you can use:

-
-    SetEnvIf Request_URI \.gif$ gif-image
-    CustomLog gif-requests.log common env=gif-image
-    CustomLog nongif-requests.log common env=!gif-image
-
-
- -

LogFormat - directive

- -

Syntax: LogFormat - format|nickname [nickname]
- Default: LogFormat "%h %l - %u %t \"%r\" %>s %b"
- Context: server config, virtual - host
- Status: Base
- Compatibility: Nickname only - available in Apache 1.3 or later
- Module: mod_log_config

- -

This directive specifies the format of the access log - file.

- -

The LogFormat directive can take one of two - forms. In the first form, where only one argument is specified, - this directive sets the log format which will be used by logs - specified in subsequent TransferLog - directives. The single argument can specify an explicit - format as discussed in the custom log - formats section above. Alternatively, it can use a - nickname to refer to a log format defined in a - previous LogFormat directive as described - below.

- -

The second form of the LogFormat directive - associates an explicit format with a - nickname. This nickname can then be used in - subsequent LogFormat or CustomLog directives rather than - repeating the entire format string. A LogFormat - directive which defines a nickname does nothing - else -- that is, it only defines the - nickname, it doesn't actually apply the format and make it the - default. Therefore, it will not affect subsequent TransferLog directives.

- -

For example:

- - LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common - -
- -

TransferLog - directive

- -

Syntax: TransferLog - file|pipe
- Default: none
- Context: server config, virtual - host
- Status: Base
- Module: mod_log_config

- -

This directive has exactly the same arguments and effect as - the CustomLog directive, with the - exception that it does not allow the log format to be specified - explicitly or for conditional logging of requests. Instead, the - log format is determined by the most recently specified LogFormat directive that does not define - a nickname. Common Log Format is used if no other format has - been specified.

- -

Example:

-
-   LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
-   TransferLog logs/access_log
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html b/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html deleted file mode 100644 index 31161b56b1f..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_log_referer.html +++ /dev/null @@ -1,148 +0,0 @@ - - - - - - - Apache module mod_log_referer - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_log_referer

- -

This module provides for logging of the documents which - reference documents on the server.

- -

Status: Extension
- Source File: - mod_log_referer.c
- Module Identifier: - referer_log_module

- -

Summary

- -

This module is provided strictly for compatibility with NCSA - httpd, and is deprecated. We recommend you use mod_log_config instead.

- -

Directives

- - - -

See also: CustomLog and LogFormat.

- -

Log file format

- The log file contains a separate line for each refer. Each line - has the format - -
- uri -> document -
- where uri is the (%-escaped) URI for the document that - references the one requested by the client, and - document is the (%-decoded) local URL to the document - being referred to. -
- -

RefererIgnore directive

- - Syntax: RefererIgnore - string [string] ...
- Context: server config, virtual - host
- Status: Extension
- Module: mod_log_referer - -

The RefererIgnore directive adds to the list of strings to - ignore in Referer headers. If any of the strings in the list is - contained in the Referer header, then no referrer information - will be logged for the request. Example:

- -
- RefererIgnore www.ncsa.uiuc.edu -
- This avoids logging references from www.ncsa.uiuc.edu. -
- -

RefererLog - directive

- - Syntax: RefererLog - file-pipe
- Default: RefererLog - logs/referer_log
- Context: server config, virtual - host
- Status: Extension
- Module: mod_log_referer - -

The RefererLog directive sets the name of the file to which - the server will log the Referer header of incoming requests. - File-pipe is one of

- -
-
A filename
- -
A filename relative to the ServerRoot.
- -
`|' followed by a command
- -
A program to receive the referrer log information on its - standard input. Note that a new program will not be started - for a VirtualHost if it inherits the RefererLog from the main - server.
-
- Security: if a program is used, then it will - be run under the user who started httpd. This will be root if - the server was started by root; be sure that the program is - secure. - -

Security: See the security tips document - for details on why your security could be compromised if the - directory where logfiles are stored is writable by anyone other - than the user that starts the server.

- -

This directive is provided for compatibility with NCSA - 1.4.

- -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html deleted file mode 100644 index 810ee5d3e0f..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime.html +++ /dev/null @@ -1,691 +0,0 @@ - - - - - - - - Apache module mod_mime - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_mime

- -

This module provides for determining the types of files from - the filename and for association of handlers with files.

- -

Status: Base
- Source File: mod_mime.c
- Module Identifier: - mime_module

- -

Summary

- This module is used to determine various bits of "meta - information" about documents. This information relates to the - content of the document and is returned to the browser or used - in content-negotiation within the server. In addition, a - "handler" can be set for a document, which determines how the - document will be processed within the server. - -

The directives AddCharset, AddEncoding, AddHandler, AddLanguage and AddType are all used to map file extensions - onto the meta-information for that file. Respectively they set - the character set, content-encoding, handler, content-language, - and MIME-type (content-type) of documents. The directive TypesConfig is used to specify a file - which also maps extensions onto MIME types. The directives ForceType and SetHandler are used to associated all - the files in a given location (e.g., a particular - directory) onto a particular MIME type or handler.

- -

Note that changing the type or encoding of a file does not - change the value of the Last-Modified header. - Thus, previously cached copies may still be used by a client or - proxy, with the previous headers.

- -

Directives

- - - -

See also: MimeMagicFile.

- -

Files with Multiple - Extensions

- Files can have more than one extension, and the order of the - extensions is normally irrelevant. For example, if the - file welcome.html.fr maps onto content type - text/html and language French then the file - welcome.fr.html will map onto exactly the same - information. The only exception to this is if an extension is - given which Apache does not know how to handle. In this case it - will "forget" about any information it obtained from extensions - to the left of the unknown extension. So, for example, if the - extensions fr and html are mapped to the appropriate language - and type but extension xxx is not assigned to anything, then - the file welcome.fr.xxx.html will be associated - with content-type text/html but no language. - -

If more than one extension is given which maps onto the same - type of meta-information, then the one to the right will be - used. For example, if ".gif" maps to the MIME-type image/gif - and ".html" maps to the MIME-type text/html, then the file - welcome.gif.html will be associated with the - MIME-type "text/html".

- -

Care should be taken when a file with multiple extensions - gets associated with both a MIME-type and a handler. This will - usually result in the request being by the module associated - with the handler. For example, if the .imap - extension is mapped to the handler "imap-file" (from mod_imap) - and the .html extension is mapped to the MIME-type - "text/html", then the file world.imap.html will be - associated with both the "imap-file" handler and "text/html" - MIME-type. When it is processed, the "imap-file" handler will - be used, and so it will be treated as a mod_imap imagemap - file.

-
- -

AddCharset - directive

- Syntax: AddCharset charset - extension [extension] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_mime
- Compatibility: AddCharset is - only available in Apache 1.3.10 and later - -

The AddCharset directive maps the given filename extensions - to the specified content charset. charset is the MIME - charset parameter of filenames containing extension. - This mapping is added to any already in force, overriding any - mappings that already exist for the same extension.

- -

Example:

-
-    AddLanguage ja .ja
-    AddCharset EUC-JP .euc
-    AddCharset ISO-2022-JP .jis
-    AddCharset SHIFT_JIS .sjis
-
- -

Then the document xxxx.ja.jis will be treated - as being a Japanese document whose charset is ISO-2022-JP (as - will the document xxxx.jis.ja). The AddCharset - directive is useful for both to inform the client about the - character encoding of the document so that the document can be - interpreted and displayed appropriately, and for content negotiation, - where the server returns one from several documents based on - the client's charset preference.

- -

The extension argument is case-insensitive, and can - be specified with or without a leading dot.

- -

See also: mod_negotiation

-
- -

AddEncoding - directive

- - Syntax: AddEncoding - MIME-enc extension [extension] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_mime - -

The AddEncoding directive maps the given filename extensions - to the specified encoding type. MIME-enc is the MIME - encoding to use for documents containing the - extension. This mapping is added to any already in - force, overriding any mappings that already exist for the same - extension. Example:

- -
- AddEncoding x-gzip .gz
- AddEncoding x-compress .Z -
- This will cause filenames containing the .gz extension to be - marked as encoded using the x-gzip encoding, and filenames - containing the .Z extension to be marked as encoded with - x-compress. - -

Old clients expect x-gzip and - x-compress, however the standard dictates that - they're equivalent to gzip and - compress respectively. Apache does content - encoding comparisons by ignoring any leading x-. - When responding with an encoding Apache will use whatever form - (i.e., x-foo or foo) the - client requested. If the client didn't specifically request a - particular form Apache will use the form given by the - AddEncoding directive. To make this long story - short, you should always use x-gzip and - x-compress for these two specific encodings. More - recent encodings, such as deflate should be - specified without the x-.

- -

The extension argument is case-insensitive, and can - be specified with or without a leading dot.

- -

See also: Files with - multiple extensions

-
- -

AddHandler - directive

- Syntax: AddHandler - handler-name extension [extension] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_mime
- Compatibility: AddHandler is - only available in Apache 1.1 and later - -

AddHandler maps the filename extensions extension - to the handler - handler-name. This mapping is added to any already in - force, overriding any mappings that already exist for the same - extension. For example, to activate CGI scripts with - the file extension ".cgi", you might use:

-
-    AddHandler cgi-script .cgi
-
- -

Once that has been put into your srm.conf or httpd.conf - file, any file containing the ".cgi" extension - will be treated as a CGI program.

- -

The extension argument is case-insensitive, and can - be specified with or without a leading dot.

- -

See also: Files with - multiple extensions, SetHandler

-
- -

AddLanguage - directive

- - Syntax: AddLanguage - MIME-lang extension [extension] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_mime - -

The AddLanguage directive maps the given filename extension - to the specified content language. MIME-lang is the - MIME language of filenames containing extension. This - mapping is added to any already in force, overriding any - mappings that already exist for the same - extension.

- -

Example:

- -
- AddEncoding x-compress .Z
- AddLanguage en .en
- AddLanguage fr .fr
- -
- -

Then the document xxxx.en.Z will be treated as - being a compressed English document (as will the document - xxxx.Z.en). Although the content language is - reported to the client, the browser is unlikely to use this - information. The AddLanguage directive is more useful for content negotiation, - where the server returns one from several documents based on - the client's language preference.

- -

If multiple language assignments are made for the same - extension, the last one encountered is the one that is used. - That is, for the case of:

-
-    AddLanguage en .en
-    AddLanguage en-uk .en
-    AddLanguage en-us .en
-
- -

documents with the extension ".en" would be - treated as being "en-us".

- -

The extension argument is case-insensitive, and can - be specified with or without a leading dot.

- -

See also: Files with - multiple extensions, DefaultLanguage
- See also: mod_negotiation

-
- -

AddType directive

- - Syntax: AddType MIME-type - extension [extension] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_mime - -

The AddType directive maps the given filename extensions - onto the specified content type. MIME-type is the MIME - type to use for filenames containing extension. This - mapping is added to any already in force, overriding any - mappings that already exist for the same extension. - This directive can be used to add mappings not listed in the - MIME types file (see the TypesConfig directive). - Example:

- -
- AddType image/gif .gif -
- It is recommended that new MIME types be added using the - AddType directive rather than changing the TypesConfig file. - -

Note that, unlike the NCSA httpd, this directive cannot be - used to set the type of particular files.

- -

The extension argument is case-insensitive, and can - be specified with or without a leading dot.

- -

See also: Files with - multiple extensions

-
- -

DefaultLanguage directive

- - Syntax: DefaultLanguage - MIME-lang
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_mime
- Compatibility: DefaultLanguage - is only available in Apache 1.3.4 and later. - -

The DefaultLanguage directive tells Apache that all files in - the directive's scope (e.g., all files covered by the - current <Directory> container) that don't - have an explicit language extension (such as .fr - or .de as configured by AddLanguage) - should be considered to be in the specified MIME-lang - language. This allows entire directories to be marked as - containing Dutch content, for instance, without having to - rename each file. Note that unlike using extensions to specify - languages, DefaultLanguage can only specify a - single language.

- -

For example:

- - DefaultLanguage fr - -

If no DefaultLanguage directive is in force, - and a file does not have any language extensions as configured - by AddLanguage, then that file will be considered - to have no language attribute.

- -

See also: mod_negotiation
- See also: Files with - multiple extensions

-
- -

ForceType - directive

- Syntax: ForceType - media-type|None
- Context: directory, - .htaccess
- Status: Base
- Module: mod_mime
- Compatibility: ForceType is - only available in Apache 1.1 and later. - -

When placed into an .htaccess file or a - <Directory> or <Location> - section, this directive forces all matching files to be served - as the content type given by media type. For example, - if you had a directory full of GIF files, but did not want to - label them all with ".gif", you might want to use:

-
-    ForceType image/gif
-
- -

Note that this will override any filename extensions that - might determine the media type.

- -

You can override any ForceType setting - by using the value of none:

- -
-    # force all files to be image/gif:
-    <Location /images>
-      ForceType image/gif
-    </Location>
-
-    # but normal mime-type associations here:
-    <Location /images/mixed>
-      ForceType none
-    </Location>
-
- -

See also: AddType

- -
- -

RemoveEncoding directive

- Syntax: RemoveEncoding - extension [extension] ...
- Context: virtual host, directory, - .htaccess
- Status: Base
- Module: mod_mime
- Compatibility: RemoveEncoding - is only available in Apache 1.3.13 and later. - -

The RemoveEncoding directive removes any - encoding associations for files with the given extensions. This - allows .htaccess files in subdirectories to undo - any associations inherited from parent directories or the - server config files. An example of its use might be:

- -
-
/foo/.htaccess:
- -
AddEncoding x-gzip .gz
- AddType text/plain .asc
- <Files *.gz.asc>
-     RemoveEncoding - .gz
- </Files>
-
- -

This will cause foo.gz to mark as being encoded - with the gzip method, but foo.gz.asc as an - unencoded plaintext file.

- -

Note:RemoveEncoding directives are processed - after any AddEncoding - directives, so it is possible they - may undo the effects of the latter if both occur within the - same directory configuration.

- -

The extension argument is case-insensitive, and can - be specified with or without a leading dot.

-
- -

RemoveHandler directive

- Syntax: RemoveHandler - extension [extension] ...
- Context: virtual host, directory, - .htaccess
- Status: Base
- Module: mod_mime
- Compatibility: RemoveHandler is - only available in Apache 1.3.4 and later. - -

The RemoveHandler directive removes any handler - associations for files with the given extensions. This allows - .htaccess files in subdirectories to undo any - associations inherited from parent directories or the server - config files. An example of its use might be:

- -
-
/foo/.htaccess:
- -
AddHandler server-parsed .html
- -
/foo/bar/.htaccess:
- -
RemoveHandler .html
-
- -

This has the effect of returning .html files in - the /foo/bar directory to being treated as normal - files, rather than as candidates for parsing (see the mod_include - module).

- -

The extension argument is case-insensitive, and can - be specified with or without a leading dot.

-
- -

RemoveType - directive

- Syntax: RemoveType - extension [extension] ...
- Context: virtual host, directory, - .htaccess
- Status: Base
- Module: mod_mime
- Compatibility: RemoveType is - only available in Apache 1.3.13 and later. - -

The RemoveType directive removes any MIME type - associations for files with the given extensions. This allows - .htaccess files in subdirectories to undo any - associations inherited from parent directories or the server - config files. An example of its use might be:

- -
-
/foo/.htaccess:
- -
RemoveType .cgi
-
- -

This will remove any special handling of .cgi - files in the /foo/ directory and any beneath it, - causing the files to be treated as being of the default type.

- -

Note:RemoveType directives are processed - after any AddType directives, so it is - possible they may undo the effects of the latter if both occur - within the same directory configuration.

- -

The extension argument is case-insensitive, and can - be specified with or without a leading dot.

-
- -

SetHandler - directive

- Syntax: SetHandler - handler-name|None
- Context: directory, - .htaccess
- Status: Base
- Module: mod_mime
- Compatibility: SetHandler is - only available in Apache 1.1 and later. - -

When placed into an .htaccess file or a - <Directory> or <Location> - section, this directive forces all matching files to be parsed - through the handler given by - handler-name. For example, if you had a directory you - wanted to be parsed entirely as imagemap rule files, regardless - of extension, you might put the following into an - .htaccess file in that directory:

-
-    SetHandler imap-file
-
- -

Another example: if you wanted to have the server display a - status report whenever a URL of - http://servername/status was called, you might put - the following into access.conf: (See mod_status for more details.)

-
-    <Location /status>
-    SetHandler server-status
-    </Location>
-
- -

You can override an earlier defined SetHandler - directive by using the value None.

- -

See also: AddHandler

-
- -

TypesConfig - directive

- - Syntax: TypesConfig - file-path
- Default: TypesConfig - conf/mime.types
- Context: server config
- Status: Base
- Module: mod_mime - -

The TypesConfig directive sets the location of the MIME - types configuration file. Filename is relative to the - ServerRoot. This file sets - the default list of mappings from filename extensions to - content types; changing this file is not recommended. Use the - AddType directive instead. The file - contains lines in the format of the arguments to an AddType - command:

- -
- MIME-type extension extension ... -
- The extensions are lower-cased. Blank lines, and lines - beginning with a hash character (`#') are ignored. - -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html deleted file mode 100644 index 3a5a76befb7..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_mime_magic.html +++ /dev/null @@ -1,326 +0,0 @@ - - - - - - - Apache module mod_mime_magic - - - - -
- [APACHE DOCUMENTATION] -
- -

Module mod_mime_magic

- -

This module provides for determining the MIME type of a file - by looking at a few bytes of its contents.

- -

Status: Extension
- Source File: - mod_mime_magic.c
- Module Identifier: - mime_magic_module

- -

Summary

- -

This module determines the MIME type of files in the same - way the Unix file(1) command works: it looks at the first few - bytes of the file. It is intended as a "second line of defense" - for cases that mod_mime can't - resolve. To assure that mod_mime gets first try at determining - a file's MIME type, be sure to list mod_mime_magic - before mod_mime in the configuration.

- -

This module is derived from a free version of the - file(1) command for Unix, which uses "magic - numbers" and other hints from a file's contents to figure out - what the contents are. This module is active only if the magic - file is specified by the MimeMagicFile - directive.

- -

Directives

- - - -

Format of the Magic File

- -

The contents of the file are plain ASCII text in 4-5 - columns. Blank lines are allowed but ignored. Commented lines - use a hash mark "#". The remaining lines are parsed for the - following columns:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ColumnDescription
1byte number to begin checking from
- ">" indicates a dependency upon the previous non-">" - line
2 - type of data to match - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
bytesingle character
shortmachine-order 16-bit integer
longmachine-order 32-bit integer
stringarbitrary-length string
datelong integer date (seconds since Unix - epoch/1970)
beshortbig-endian 16-bit integer
belongbig-endian 32-bit integer
bedatebig-endian 32-bit integer date
leshortlittle-endian 16-bit integer
lelonglittle-endian 32-bit integer
ledatelittle-endian 32-bit integer date
-
3contents of data to match
4MIME type if matched
5MIME encoding if matched (optional)
- -

For example, the following magic file lines would recognize - some audio formats.

-
-# Sun/NeXT audio data
-0       string          .snd
->12     belong          1               audio/basic
->12     belong          2               audio/basic
->12     belong          3               audio/basic
->12     belong          4               audio/basic
->12     belong          5               audio/basic
->12     belong          6               audio/basic
->12     belong          7               audio/basic
->12     belong          23              audio/x-adpcm
-
- Or these would recognize the difference between "*.doc" files - containing Microsoft Word or FrameMaker documents. (These are - incompatible file formats which use the same file suffix.) -
-# Frame
-0       string          \<MakerFile     application/x-frame
-0       string          \<MIFFile       application/x-frame
-0       string          \<MakerDictionary       application/x-frame
-0       string          \<MakerScreenFon        application/x-frame
-0       string          \<MML           application/x-frame
-0       string          \<Book          application/x-frame
-0       string          \<Maker         application/x-frame
-
-# MS-Word
-0       string          \376\067\0\043                  application/msword
-0       string          \320\317\021\340\241\261        application/msword
-0       string          \333\245-\0\0\0                 application/msword
-
- An optional MIME encoding can be included as a fifth column. - For example, this can recognize gzipped files and set the - encoding for them. -
-# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
-0       string          \037\213        application/octet-stream        x-gzip
-
- -

Performance Issues

- This module is not for every system. If your system is barely - keeping up with its load or if you're performing a web server - benchmark, you may not want to enable this because the - processing is not free. - -

However, an effort was made to improve the performance of - the original file(1) code to make it fit in a busy web server. - It was designed for a server where there are thousands of users - who publish their own documents. This is probably very common - on intranets. Many times, it's helpful if the server can make - more intelligent decisions about a file's contents than the - file name allows ...even if just to reduce the "why doesn't my - page work" calls when users improperly name their own files. - You have to decide if the extra work suits your - environment.

- -

When compiling an Apache server, this module should be at or - near the top of the list of modules in the Configuration file. - The modules are listed in increasing priority so that will mean - this one is used only as a last resort, just like it was - designed to.

- -

Notes

- The following notes apply to the mod_mime_magic module and are - included here for compliance with contributors' copyright - restrictions that require their acknowledgment. -
-/*
- * mod_mime_magic: MIME type lookup via file magic numbers
- * Copyright (c) 1996-1997 Cisco Systems, Inc.
- *
- * This software was submitted by Cisco Systems to the Apache Group in July
- * 1997.  Future revisions and derivatives of this source code must
- * acknowledge Cisco Systems as the original contributor of this module.
- * All other licensing and usage conditions are those of the Apache Group.
- *
- * Some of this code is derived from the free version of the file command
- * originally posted to comp.sources.unix.  Copyright info for that program
- * is included below as required.
- * ---------------------------------------------------------------------------
- * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
- *
- * This software is not subject to any license of the American Telephone and
- * Telegraph Company or of the Regents of the University of California.
- *
- * Permission is granted to anyone to use this software for any purpose on any
- * computer system, and to alter it and redistribute it freely, subject to
- * the following restrictions:
- *
- * 1. The author is not responsible for the consequences of use of this
- * software, no matter how awful, even if they arise from flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission.  Since few users ever read sources, credits
- * must appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software.  Since few users ever read
- * sources, credits must appear in the documentation.
- *
- * 4. This notice may not be removed or altered.
- * -------------------------------------------------------------------------
- *
- * For compliance with Mr Darwin's terms: this has been very significantly
- * modified from the free "file" command.
- * - all-in-one file for compilation convenience when moving from one
- *   version of Apache to the next.
- * - Memory allocation is done through the Apache API's pool structure.
- * - All functions have had necessary Apache API request or server
- *   structures passed to them where necessary to call other Apache API
- *   routines.  (i.e., usually for logging, files, or memory allocation in
- *   itself or a called function.)
- * - struct magic has been converted from an array to a single-ended linked
- *   list because it only grows one record at a time, it's only accessed
- *   sequentially, and the Apache API has no equivalent of realloc().
- * - Functions have been changed to get their parameters from the server
- *   configuration instead of globals.  (It should be reentrant now but has
- *   not been tested in a threaded environment.)
- * - Places where it used to print results to stdout now saves them in a
- *   list where they're used to set the MIME type in the Apache request
- *   record.
- * - Command-line flags have been removed since they will never be used here.
- *
- */
-
-
- -

MimeMagicFile

- -

Syntax: MimeMagicFile - file-path
- Default: none
- Context: server config, virtual - host
- Status: Extension
- Module: mod_mime_magic

- -

The MimeMagicFile directive can be used to - enable this module, the default file is distributed at - conf/magic. Non-rooted paths are relative to the - ServerRoot. Virtual hosts will use the same file as the main - server unless a more specific setting is used, in which case - the more specific setting overrides the main server's file.

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html b/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html deleted file mode 100644 index 3c8721d73bf..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_mmap_static.html +++ /dev/null @@ -1,139 +0,0 @@ - - - - - - - Apache module mod_mmap_static - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_mmap_static

- -

This module provides mmap()ing of a statically configured - list of frequently requested but not changed files.

- -

Status: Experimental
- Source File: - mod_mmap_static.c
- Module Identifier: - mmap_static_module
- Compatibility: Available in - Apache 1.3 and later.

- -

Summary

- -

This is an experimental module and should - be used with care. You can easily create a broken site using - this module, read this document carefully. - mod_mmap_static maps a list of statically - configured files (via MMapFile directives in the - main server configuration) into memory through the system call - mmap(). This system call is available on most - modern Unix derivates, but not on all. There are sometimes - system-specific limits on the size and number of files that can - be mmap()d, experimentation is probably the easiest way to find - out.

- -

This mmap()ing is done once at server start or restart, - only. So whenever one of the mapped files changes on the - filesystem you have to restart the server by at least - sending it a HUP or USR1 signal (see the Stopping and Restarting - documentation). To reiterate that point: if the files are - modified in place without restarting the server you - may end up serving requests that are completely bogus. You - should update files by unlinking the old copy and putting a new - copy in place. Most tools such as rdist and - mv do this. The reason why this modules doesn't - take care of changes to the files is that this check would need - an extra stat() every time which is a waste and - against the intent of I/O reduction.

- -

Directives

- - -
- -

MMapFile - directive

- -

Syntax: MMapFile - filename [filename] ...
- Default: None
- Context: server-config
- Override: Not - applicable
- Status: Experimental
- Module: mod_mmap_static
- Compatibility: Only available - in Apache 1.3 or later

- -

The MMapFile directive maps one or more files - (given as whitespace separated arguments) into memory at server - startup time. They are automatically unmapped on a server - shutdown. When the files have changed on the filesystem at - least a HUP or USR1 signal should be send to the server to - re-mmap them.

- -

Be careful with the filename arguments: They have - to literally match the filesystem path Apache's URL-to-filename - translation handlers create. We cannot compare inodes or other - stuff to match paths through symbolic links etc. - because that again would cost extra stat() system - calls which is not acceptable. This module may or may not work - with filenames rewritten by mod_alias or - mod_rewrite... it is an experiment after all.

- -

Notice: You cannot use this for speeding up CGI programs or - other files which are served by special content handlers. It - can only be used for regular files which are usually served by - the Apache core content handler.

- Example: -
-  MMapFile /usr/local/apache/htdocs/index.html
- 
-
- -

Note: don't bother asking for a for a - MMapDir directive which recursively maps all the - files in a directory. Use Unix the way it was meant to be used. - For example, see the Include - directive, and consider this command:

-
-  find /www/htdocs -type f -print \
-  | sed -e 's/.*/mmapfile &/' > /www/conf/mmap.conf
- 
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html b/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html deleted file mode 100644 index 5240b12b266..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_negotiation.html +++ /dev/null @@ -1,234 +0,0 @@ - - - - - - - - Apache module mod_negotiation - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_negotiation

- -

This module provides for content negotiation.

- -

Status: Base
- Source File: - mod_negotiation.c
- Module Identifier: - negotiation_module

- -

Summary

- Content negotiation, or more accurately content selection, is - the selection of the document that best matches the clients - capabilities, from one of several available documents. There - are two implementations of this. - -
    -
  • A type map (a file with the handler - type-map) which explicitly lists the files - containing the variants.
    • - -
  • A MultiViews search (enabled by the MultiViews Option, where the server does an - implicit filename pattern match, and choose from amongst the - results.
    • -
- -

Directives

- - - See also: DefaultLanguage, AddEncoding, AddLanguage, AddType, and Options. - -

Type maps

- A type map has the same format as RFC822 mail headers. It - contains document descriptions separated by blank lines, with - lines beginning with a hash character ('#') treated as - comments. A document description consists of several header - records; records may be continued on multiple lines if the - continuation lines start with spaces. The leading space will be - deleted and the lines concatenated. A header record consists of - a keyword name, which always ends in a colon, followed by a - value. Whitespace is allowed between the header name and value, - and between the tokens of value. The headers allowed are: - -
-
Content-Encoding:
- -
The encoding of the file. Apache only recognizes - encodings that are defined by an AddEncoding directive. - This normally includes the encodings x-compress - for compress'd files, and x-gzip for gzip'd - files. The x- prefix is ignored for encoding - comparisons.
- -
Content-Language:
- -
The language of the variant, as an Internet standard - language tag (RFC 1766). An example is en, - meaning English.
- -
Content-Length:
- -
The length of the file, in bytes. If this header is not - present, then the actual length of the file is used.
- -
Content-Type:
- -
- The MIME media type of the document, with optional - parameters. Parameters are separated from the media type - and from one another by a semi-colon, with a syntax of - name=value. Common parameters include: - -
-
level
- -
an integer specifying the version of the media type. - For text/html this defaults to 2, otherwise - 0.
- -
qs
- -
a floating-point number with a value in the range 0.0 - to 1.0, indicating the relative 'quality' of this variant - compared to the other available variants, independent of - the client's capabilities. For example, a jpeg file is - usually of higher source quality than an ascii file if it - is attempting to represent a photograph. However, if the - resource being represented is ascii art, then an ascii - file would have a higher source quality than a jpeg file. - All qs values are therefore specific to a given - resource.
-
- Example: - -
- Content-Type: image/jpeg; qs=0.8 -
-
- -
URI:
- -
The path to the file containing this variant, relative to - the map file.
-
- -

MultiViews

- A MultiViews search is enabled by the MultiViews Option. If the server receives a - request for /some/dir/foo and - /some/dir/foo does not exist, then the - server reads the directory looking for all files named - foo.*, and effectively fakes up a type map which - names all those files, assigning them the same media types and - content-encodings it would have if the client had asked for one - of them by name. It then chooses the best match to the client's - requirements, and returns that document. -
- -

CacheNegotiatedDocs - directive

- Syntax: - CacheNegotiatedDocs
- Context: server config
- Status: Base
- Module: mod_negotiation
- Compatibility: - CacheNegotiatedDocs is only available in Apache 1.1 and later. - -

If set, this directive allows content-negotiated documents - to be cached by proxy servers. This could mean that clients - behind those proxys could retrieve versions of the documents - that are not the best match for their abilities, but it will - make caching more efficient.

- -

This directive only applies to requests which come from - HTTP/1.0 browsers. HTTP/1.1 provides much better control over - the caching of negotiated documents, and this directive has no - effect in responses to HTTP/1.1 requests.

-
- -

LanguagePriority directive

- - Syntax: LanguagePriority - MIME-lang [MIME-lang] ...
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_negotiation - -

The LanguagePriority sets the precedence of language - variants for the case where the client does not express a - preference, when handling a MultiViews request. The list of - MIME-lang are in order of decreasing preference. - Example:

- -
- LanguagePriority en fr de -
- For a request for foo.html, where - foo.html.fr and foo.html.de both - existed, but the browser did not express a language preference, - then foo.html.fr would be returned. - -

Note that this directive only has an effect if a 'best' - language cannot be determined by any other means. Correctly - implemented HTTP/1.1 requests will mean this directive has no - effect.

- -

See also: DefaultLanguage and - AddLanguage -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html b/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html deleted file mode 100644 index 4ad9ffb4574..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_proxy.html +++ /dev/null @@ -1,1338 +0,0 @@ - - - - - - - Apache module mod_proxy - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache module mod_proxy

- -

This module provides for an HTTP 1.1 - caching proxy server.

- -

Status: Extension
- Source File: mod_proxy.c
- Module Identifier: - proxy_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Summary

- This module implements a proxy/cache for Apache. It implements - proxying capability for FTP, CONNECT - (for SSL), HTTP/0.9, HTTP/1.0, and - (as of Apache 1.3.23) HTTP/1.1. - The module can be configured to connect to other proxy modules - for these and other protocols. - -

This module was experimental in Apache 1.1.x. As of Apache - 1.2, mod_proxy stability is greatly improved.

- -

Warning: Do not enable proxying with ProxyRequests until you have secured your server. Open proxy servers are - dangerous both to your network and to the Internet at large.

- -

Directives

- - - -

Common configuration - topics

- - - -

Forward and Reverse Proxies

-

Apache can be configured in both a forward and - reverse proxy mode.

- -

An ordinary forward proxy is an intermediate - server that sits between the client and the origin - server. In order to get content from the origin server, - the client sends a request to the proxy naming the origin server - as the target and the proxy then requests the content from the - origin server and returns it to the client. The client must be - specially configured to use the forward proxy to access other - sites.

- -

A typical usage of a forward proxy is to provide Internet - access to internal clients that are otherwise restricted by a - firewall. The forward proxy can also use caching to reduce - network usage.

- -

The forward proxy is activated using the ProxyRequests directive. - Because forward proxys allow clients to access arbitrary sites - through your server and to hide their true origin, it is - essential that you secure your server so - that only authorized clients can access the proxy before - activating a forward proxy.

- -

A reverse proxy, by contrast, appears to the - client just like an ordinary web server. No special - configuration on the client is necessary. The client makes - ordinary requests for content in the name-space of the reverse - proxy. The reverse proxy then decides where to send those - requests, and returns the content as if it was itself the - origin.

- -

A typical usage of a reverse proxy is to provide Internet - users access to a server that is behind a firewall. Reverse - proxies can also be used to balance load among several back-end - servers, or to provide caching for a slower back-end server. - In addition, reverse proxies can be used simply to bring - several servers into the same URL space.

- -

A reverse proxy is activated using the ProxyPass directive or the - [P] flag to the RewriteRule - directive. It is not necessary to turn - ProxyRequests on in - order to configure a reverse proxy.

- -

Basic Examples

- -

The examples below are only a very basic idea to help you - get started. Please read the documentation on the individual - directives.

- -

Forward Proxy

- ProxyRequests On
- ProxyVia On
-
- <Directory proxy:*>
- - Order deny,allow
- Deny from all
- Allow from internal.example.com
- - </Directory>
-
- CacheRoot "/usr/local/apache/proxy"
- CacheSize 5
- CacheGcInterval 4
- CacheMaxExpire 24
- CacheLastModifiedFactor 0.1
- CacheDefaultExpire 1
- NoCache a-domain.com another-domain.edu joes.garage-sale.com -

- -

Reverse Proxy

- ProxyRequests Off
-
- ProxyPass /foo http://foo.example.com/bar
- ProxyPassReverse /foo http://foo.example.com/bar -

- -

Controlling access to your - proxy

- You can control who can access your proxy via the normal - <Directory> control block using the following example: -
-<Directory proxy:*>
-Order Deny,Allow
-Deny from all
-Allow from yournetwork.example.com
-</Directory>
-
- -

A <Files> block will also work, and is the only method - known to work for all possible URLs in Apache versions earlier - than 1.2b10.

- -

For more information, see mod_access.

- -

Strictly limiting access is essential if you are using a - forward proxy (using the ProxyRequests directive). - Otherwise, your server can be used by any client to access - arbitrary hosts while hiding his or her true identity. This is - dangerous both for your network and for the Internet at large. - When using a reverse proxy (using the ProxyPass directive with - ProxyRequests Off), access control is less critical - because clients can only contact the hosts that you have - specifically configured.

- -

Using Netscape hostname - shortcuts

- There is an optional patch to the proxy module to allow - Netscape-like hostname shortcuts to be used. It's available - from the - contrib/patches/1.2 directory on the Apache - Web site. - -

Why doesn't file type - xxx download via FTP?

- You probably don't have that particular file type defined as - application/octet-stream in your proxy's mime.types - configuration file. A useful line can be -
-application/octet-stream        bin dms lha lzh exe class tgz taz
-
- -

How can I force an FTP ASCII - download of File xxx?

- In the rare situation where you must download a specific file - using the FTP ASCII transfer method (while the - default transfer is in binary mode), you can - override mod_proxy's default by suffixing the request with - ;type=a to force an ASCII transfer. - (FTP Directory listings are always executed in ASCII mode, however.) - -

How can I access - FTP files outside of my home directory?

-

- A FTP URI is interpreted relative to the home directory of - the user who is logging in. Alas, to reach higher directory - levels you cannot use /../, as the dots are interpreted by the - browser and not actually sent to the FTP server. To address - this problem, the so called "Squid %2f hack" was implemented in - the Apache FTP proxy; it is a solution which is also used by - other popular proxy servers like the - Squid Proxy Cache. - By prepending /%2f to the path of your request, you can make - such a proxy change the FTP starting directory to / (instead - of the home directory).
- Example: To retrieve the file /etc/motd, - you would use the URL

- ftp://user@host/%2f/etc/motd
-

- -

How can I hide the FTP - cleartext password in my browser's URL line?

-

- To log in to an FTP server by username and password, Apache - uses different strategies. - In absense of a user name and password in the URL altogether, - Apache sends an anonymous login to the FTP server, i.e., -

- user: anonymous
- password: apache_proxy@ -
- This works for all popular FTP servers which are configured for - anonymous access.
- For a personal login with a specific username, you can embed - the user name into the URL, like in: - ftp://username@host/myfile. If the FTP server - asks for a password when given this username (which it should), - then Apache will reply with a [401 Authorization required] response, - which causes the Browser to pop up the username/password dialog. - Upon entering the password, the connection attempt is retried, - and if successful, the requested resource is presented. - The advantage of this procedure is that your browser does not - display the password in cleartext (which it would if you had used - ftp://username:password@host/myfile in - the first place). -
- Note that the password which is transmitted in such a way - is not encrypted on its way. It travels between your browser and - the Apache proxy server in a base64-encoded cleartext string, and - between the Apache proxy and the FTP server as plaintext. You should - therefore think twice before accessing your FTP server via HTTP - (or before accessing your personal files via FTP at all!) When - using unsecure channels, an eavesdropper might intercept your - password on its way. -

- - -

Why does Apache start more - slowly when using the proxy module?

- If you're using the ProxyBlock or - NoCache directives, hostnames' IP addresses are - looked up and cached during startup for later match test. This - may take a few seconds (or more) depending on the speed with - which the hostname lookups occur. - -

Can I use the Apache proxy - module with my SOCKS proxy?

- Yes. Just build Apache with the rule SOCKS4=yes in - your Configuration file, and follow the instructions - there. SOCKS5 capability can be added in a similar way (there's - no SOCKS5 rule yet), so use the - EXTRA_LDFLAGS definition, or build Apache normally - and run it with the runsocks wrapper provided with - SOCKS5, if your OS supports dynamically linked libraries. - -

Some users have reported problems when using SOCKS version - 4.2 on Solaris. The problem was solved by upgrading to SOCKS - 4.3.

- -

Remember that you'll also have to grant access to your - Apache proxy machine by permitting connections on the - appropriate ports in your SOCKS daemon's configuration.

- -

What other functions are - useful for an intranet proxy server?

- -

An Apache proxy server situated in an intranet needs to - forward external requests through the company's firewall - (for this, configure the ProxyRemote - directive to forward the respective scheme to - the firewall proxy). - However, when it has to access resources within the intranet, - it can bypass the firewall when accessing hosts. The NoProxy directive is useful for specifying - which hosts belong to the intranet and should be accessed - directly.

- -

Users within an intranet tend to omit the local domain name - from their WWW requests, thus requesting "http://somehost/" - instead of "http://somehost.my.dom.ain/". Some commercial proxy - servers let them get away with this and simply serve the - request, implying a configured local domain. When the ProxyDomain directive is used and the - server is configured for proxy - service, Apache can return a redirect response and send the - client to the correct, fully qualified, server address. This is - the preferred method since the user's bookmark files will then - contain fully qualified hosts.

-
- -

ProxyRequests directive

- Syntax: ProxyRequests - on|off
- Default: ProxyRequests - Off
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: ProxyRequests is - only available in Apache 1.1 and later. - -

This allows or prevents Apache from functioning as a forward proxy - server. Setting ProxyRequests to 'off' does not disable use of - the ProxyPass directive.

- -

Warning: Do not enable proxying until you have - secured your server. Open proxy servers are - dangerous both to your network and to the Internet at large.

- -
- -

ProxyRemote - directive

- Syntax: ProxyRemote match - remote-server
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: ProxyRemote is - only available in Apache 1.1 and later. - -

This defines remote proxies to this proxy. match is - either the name of a URL-scheme that the remote server - supports, or a partial URL for which the remote server should - be used, or '*' to indicate the server should be contacted for - all requests. remote-server is a partial URL for the - remote server. Syntax:

-
-  remote-server = protocol://hostname[:port]
-
- protocol is the protocol that should be used to - communicate with the remote server; only "http" is supported by - this module. - -

Example:

-
-  ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000
-  ProxyRemote * http://cleversite.com
-  ProxyRemote ftp http://ftpproxy.mydomain.com:8080
-
- In the last example, the proxy will forward FTP requests, - encapsulated as yet another HTTP proxy request, to another - proxy which can handle them. -
- -

ProxyPass - directive

- Syntax: ProxyPass path - !|url
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: ProxyPass is - only available in Apache 1.1 and later. - -

This directive allows remote servers to be mapped into the - space of the local server; the local server does not act as a - proxy in the conventional sense, but appears to be a mirror of - the remote server. path is the name of a local virtual - path; url is a partial URL for the remote server.

- -

Suppose the local server has address - http://wibble.org/; then

-
-   ProxyPass /mirror/foo/ http://foo.com/
-
-

will cause a local request for the - <http://wibble.org/mirror/foo/bar> to be - internally converted into a proxy request to - <http://foo.com/bar>.

- -

The ! directive is useful when you don't want - to reverse-proxy a subdirectory, e.g.

-
-   ProxyPass /mirror/foo/bar !
-   ProxyPass /mirror/foo/ http://foo.com/
-
-

will proxy all requests to /mirror/foo to - foo.com except requests made to - /mirror/foo/bar.

- -

Note: Order is important. Exclusions must - come before the general ProxyPass directive.

- -

Warning: The ProxyRequests directive should - usually be set off when using ProxyPass. - -

- -

ProxyPassReverse directive

- Syntax: ProxyPassReverse - path url
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: ProxyPassReverse - is only available in Apache 1.3b6 and later. - -

This directive lets Apache adjust the URL in the - Location header on HTTP redirect responses. For - instance this is essential when Apache is used as a reverse - proxy to avoid by-passing the reverse proxy because of HTTP - redirects on the backend servers which stay behind the reverse - proxy.

- -

path is the name of a local virtual path.
- url is a partial URL for the remote server - the same - way they are used for the ProxyPass directive.

- -

Example:
- Suppose the local server has address - http://wibble.org/; then

-
-   ProxyPass         /mirror/foo/ http://foo.com/
-   ProxyPassReverse  /mirror/foo/ http://foo.com/
-
- will not only cause a local request for the - <http://wibble.org/mirror/foo/bar> to be - internally converted into a proxy request to - <http://foo.com/bar> (the functionality - ProxyPass provides here). It also takes care of - redirects the server foo.com sends: when - http://foo.com/bar is redirected by him to - http://foo.com/quux Apache adjusts this to - http://wibble.org/mirror/foo/quux before - forwarding the HTTP redirect response to the client. - -

Note that this ProxyPassReverse directive can - also be used in conjunction with the proxy pass-through feature - ("RewriteRule ... [P]") from mod_rewrite - because its doesn't depend on a corresponding - ProxyPass directive.

-
- -

ProxyPreserveHost directive

- Syntax: ProxyPreserveHost - on|off
- Default: - ProxyPreserveHost off
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- -

When enabled, this option will pass the Host: line from the - incoming request to the proxied host, instead of the hostname - specified in the proxypass line.
- This option should normally be turned Off. It is mostly useful - in special configurations like proxied mass name-based virtual - hosting, where the original Host header needs to be evaluated by - the backend server.

- -

AllowCONNECT - directive

- Syntax: AllowCONNECT - port [port] ...
- Default: - AllowCONNECT 443 563
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: - AllowCONNECT is only available in Apache 1.3.2 and - later. - -

The AllowCONNECT directive specifies a list of - port numbers to which the proxy CONNECT method may - connect. Today's browsers use this method when a https - connection is requested and proxy tunneling over http - is in effect.
- By default, only the default https port (443) and the default - snews port (563) are enabled. Use the AllowCONNECT - directive to override this default and allow connections to - the listed ports only.

-
- -

ProxyBlock - directive

- Syntax: ProxyBlock - *|word|host|domain [word|host|domain] - ...
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: ProxyBlock is - only available in Apache 1.2 and later. - -

The ProxyBlock directive specifies a list of words, hosts - and/or domains, separated by spaces. HTTP, HTTPS, and FTP - document requests to sites whose names contain matched words, - hosts or domains are blocked by the proxy server. The - proxy module will also attempt to determine IP addresses of - list items which may be hostnames during startup, and cache - them for match test as well. Example:

-
-  ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu
-
- 'rocky.wotsamattau.edu' would also be matched if referenced by - IP address. - -

Note that 'wotsamattau' would also be sufficient to match - 'wotsamattau.edu'.

- -

Note also that

-
-ProxyBlock *
-
- blocks connections to all sites. -
- -

ProxyReceiveBufferSize - directive

- Syntax: ProxyReceiveBufferSize - bytes
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: - ProxyReceiveBufferSize is only available in Apache 1.3 and - later. - -

The ProxyReceiveBufferSize directive specifies an explicit - network buffer size for outgoing HTTP and FTP connections, for - increased throughput. It has to be greater than 512 or set to 0 - to indicate that the system's default buffer size should be - used.

- -

Example:

-
-  ProxyReceiveBufferSize 2048
-
-
- -

ProxyIOBufferSize - directive

- Syntax: ProxyIOBufferSize - bytes
- Default: 8192
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: - ProxyIOBufferSize is only available in Apache 1.3.24 and - later. - -

The ProxyIOBufferSize directive specifies the number of bytes - that will be read from a remote HTTP or FTP server at one time. - This directive is different from the ProxyReceiveBufferSize - directive, which specifies the low level socket buffer size. -

- -

- When a response is received which fits entirely within the IO - buffer size, the remote HTTP or FTP server socket will be closed - before an attempt is made to write the response to the client. - This ensures that the remote server does not remain connected - unnecessarily while the response is delivered to a slow client. - A high value for the IO buffer decreases the load on remote HTTP - and FTP servers, at the expense of greater RAM footprint on the - proxy. -

- -

Example:

-
-  ProxyIOBufferSize 131072
-
-
- -

NoProxy directive

- Syntax: NoProxy Domain|SubNet|IpAddr|Hostname [Domain|SubNet|IpAddr|Hostname] ...
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: NoProxy is only - available in Apache 1.3 and later. - -

This directive is only useful for Apache proxy servers - within intranets. The NoProxy directive specifies a list of - subnets, IP addresses, hosts and/or domains, separated by - spaces. A request to a host which matches one or more of these - is always served directly, without forwarding to the configured - ProxyRemote proxy server(s).

- -

Example:

-
-  ProxyRemote  *  http://firewall.mycompany.com:81
-  NoProxy         .mycompany.com 192.168.112.0/21 
-
- The arguments to the NoProxy directive are one of the following - type list: - -
- - -
Domain
- -
A Domain is a partially qualified DNS domain - name, preceded by a period. It represents a list of hosts - which logically belong to the same DNS domain or zone - (i.e., the suffixes of the hostnames are all ending - in Domain).
- Examples: .com .apache.org.
- To distinguish Domains from Hostnames (both syntactically - and semantically; a DNS domain can have a DNS A record, - too!), Domains are always written with a leading - period.
- Note: Domain name comparisons are done without regard to the - case, and Domains are always assumed to be anchored - in the root of the DNS tree, therefore two domains - .MyDomain.com and .mydomain.com. - (note the trailing period) are considered equal. Since a - domain comparison does not involve a DNS lookup, it is much - more efficient than subnet comparison. - -
- -
SubNet
- -
- A SubNet is a partially qualified internet address - in numeric (dotted quad) form, optionally followed by a - slash and the netmask, specified as the number of - significant bits in the SubNet. It is used to - represent a subnet of hosts which can be reached over a - common network interface. In the absence of the explicit - net mask it is assumed that omitted (or zero valued) - trailing digits specify the mask. (In this case, the - netmask can only be multiples of 8 bits wide.)
- Examples: - -
-
192.168 or 192.168.0.0
- -
the subnet 192.168.0.0 with an implied netmask of 16 - valid bits (sometimes used in the netmask form - 255.255.0.0)
- -
192.168.112.0/21
- -
the subnet 192.168.112.0/21 with a - netmask of 21 valid bits (also used in the form - 255.255.248.0)
-
- As a degenerate case, a SubNet with 32 valid bits - is the equivalent to an IPAddr, while a - SubNet with zero valid bits (e.g., - 0.0.0.0/0) is the same as the constant _Default_, - matching any IP address. - -
- -
IPAddr
- -
- A IPAddr represents a fully qualified internet - address in numeric (dotted quad) form. Usually, this - address represents a host, but there need not necessarily - be a DNS domain name connected with the address.
- Example: 192.168.123.7
- Note: An IPAddr does not need to be resolved by - the DNS system, so it can result in more effective apache - performance. - -

See Also: DNS Issues

- -
- -
Hostname
- -
- A Hostname is a fully qualified DNS domain name - which can be resolved to one or more IPAddrs via the DNS domain name - service. It represents a logical host (in contrast to Domains, see above) and must be - resolvable to at least one IPAddr (or often to a list of - hosts with different IPAddr's).
- Examples: prep.ai.mit.edu - www.apache.org.
- Note: In many situations, it is more effective to specify - an IPAddr in place of a - Hostname since a DNS lookup can be avoided. Name - resolution in Apache can take a remarkable deal of time - when the connection to the name server uses a slow PPP - link.
- Note: Hostname comparisons are done without - regard to the case, and Hostnames are always - assumed to be anchored in the root of the DNS tree, - therefore two hosts WWW.MyDomain.com and - www.mydomain.com. (note the trailing period) - are considered equal.
- - -

See Also: DNS Issues

-
-
-
- -

ProxyDomain - directive

- Syntax: ProxyDomain - Domain
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: ProxyDomain is - only available in Apache 1.3 and later. - -

This directive is only useful for Apache proxy servers - within intranets. The ProxyDomain directive specifies the - default domain which the apache proxy server will belong to. If - a request to a host without a domain name is encountered, a - redirection response to the same host with the configured - Domain appended will be generated.

- -

Example:

-
-  ProxyRemote  *  http://firewall.mycompany.com:81
-  NoProxy         .mycompany.com 192.168.112.0/21 
-  ProxyDomain     .mycompany.com
-
-
- -

ProxyVia - directive

- Syntax: ProxyVia - on|off|full|block
- Default: ProxyVia - off
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: ProxyVia is only - available in Apache 1.3.2 and later. - -

This directive controls the use of the Via: - HTTP header by the proxy. Its intended use is to control the - flow of of proxy requests along a chain of proxy servers. See - RFC2068 (HTTP/1.1) for an explanation of Via: - header lines.

- -
    -
  • If set to off, which is the default, no special - processing is performed. If a request or reply contains a - Via: header, it is passed through - unchanged.
    • - -
  • If set to on, each request and reply will get a - Via: header line added for the current - host.
    • - -
  • If set to full, each generated Via: - header line will additionally have the Apache server version - shown as a Via: comment field.
    • - -
  • If set to block, every proxy request will have - all its Via: header lines removed. No new - Via: header will be generated.
    • -
-
- -

CacheForceCompletion - directive

- Syntax: CacheForceCompletion - percentage
- Default: 90
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: - CacheForceCompletion is only available in Apache 1.3.1 and - later. - -

If an http transfer that is being cached is cancelled, the - proxy module will complete the transfer to cache if more than - the percentage specified has already been transferred.

- -

This is a percentage, and must be a number between 1 and - 100, or 0 to use the default. 100 will cause a document to be - cached only if the transfer was allowed to complete. A number - between 60 and 90 is recommended.

-
- -

CacheRoot - directive

- Syntax: CacheRoot - directory
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: CacheRoot is - only available in Apache 1.1 and later. - -

Sets the name of the directory to contain cache files; this - must be writable by the httpd server. (see the User directive).
- Setting CacheRoot enables proxy cacheing; without - defining a CacheRoot, proxy functionality will be - available if ProxyRequests are set to - On, but no cacheing will be available.

-
- -

CacheSize - directive

- Syntax: CacheSize - kilobytes
- Default: CacheSize - 5
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: CacheSize is - only available in Apache 1.1 and later. - -

Sets the desired space usage of the cache, in KB (1024-byte - units). Although usage may grow above this setting, the garbage - collection will delete files until the usage is at or below - this setting.
- Depending on the expected proxy traffic volume and - CacheGcInterval, use a value which is at least 20 - to 40 % lower than the available space.

-
- -

CacheGcInterval directive

- Syntax: CacheGcInterval - hours
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: CacheGcinterval - is only available in Apache 1.1 and later. - -

Check the cache after the specified number of - hours, and delete files if the space usage is greater - than that set by CacheSize. Note that hours accepts a - float value, you could for example use CacheGcInterval - 1.5 to check the cache every 90 minutes. (If unset, no - garbage collection will be performed, and the cache will grow - indefinitely.) Note also that the larger the - CacheGcInterval, the more extra space beyond the - configured CacheSize will be needed for the cache - between garbage collections.
- -

-
- -

CacheMaxExpire directive

- Syntax: CacheMaxExpire - hours
- Default: CacheMaxExpire - 24
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: CacheMaxExpire - is only available in Apache 1.1 and later. - -

Specifies the maximum number of hours for which - cachable HTTP documents will be retained without checking the - origin server. Thus, documents will be out of date at most this - number of hours This restriction is enforced even if - an expiry date was supplied with the document.

-
- -

CacheLastModifiedFactor - directive

- Syntax: CacheLastModifiedFactor - factor
- Default: - CacheLastModifiedFactor 0.1
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: - CacheLastModifiedFactor is only available in Apache 1.1 and - later. - -

If the origin HTTP server did not supply an expiry date for - the document, then estimate one using the formula

-
-  expiry-period = time-since-last-modification * factor
-
- For example, if the document was last modified 10 hours ago, - and factor is 0.1, then the expiry period will be set - to 10*0.1 = 1 hour. - -

If the expiry-period would be longer than that set by - CacheMaxExpire, then the latter takes precedence.

-
- -

CacheDirLevels directive

- Syntax: CacheDirLevels - levels
- Default: CacheDirLevels - 3
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: CacheDirLevels - is only available in Apache 1.1 and later. - -

CacheDirLevels sets the number of levels of - subdirectories in the cache. Cached data will be saved this - many directory levels below CacheRoot.

-
- -

CacheDirLength directive

- Syntax: CacheDirLength - length
- Default: CacheDirLength - 1
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: CacheDirLength - is only available in Apache 1.1 and later. - -

CacheDirLength sets the number of characters in proxy cache - subdirectory names.

-
- -

CacheDefaultExpire directive

- Syntax: CacheDefaultExpire - hours
- Default: - CacheDefaultExpire 1
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: - CacheDefaultExpire is only available in Apache 1.1 and later. - -

If the document is fetched via a protocol that does not - support expiry times, then use the specified number of - hours as the expiry time. CacheMaxExpire does - not override this setting.

-
- -

NoCache directive

- Syntax: NoCache - *|word|host|domain [word|host|domain] - ...
- Default: None
- Context: server config, virtual - host
- Override: Not - applicable
- Status: Base
- Module: mod_proxy
- Compatibility: NoCache is only - available in Apache 1.1 and later. - -

The NoCache directive specifies a list of words, hosts - and/or domains, separated by spaces. HTTP and non-passworded - FTP documents from matched words, hosts or domains are - not cached by the proxy server. The proxy module will - also attempt to determine IP addresses of list items which may - be hostnames during startup, and cache them for match test as - well. Example:

-
-  NoCache joes-garage.com some-host.co.uk bullwinkle.wotsamattau.edu
-
- 'bullwinkle.wotsamattau.edu' would also be matched if - referenced by IP address. - -

Note that 'wotsamattau' would also be sufficient to match - 'wotsamattau.edu'.

- -

Note also that

-
-NoCache *
-
- disables caching completely. - -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html b/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html deleted file mode 100644 index 3ec00917564..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_rewrite.html +++ /dev/null @@ -1,2107 +0,0 @@ - - - - - - - - - - - Apache module mod_rewrite - - - - -
- -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- -
- - -

Module mod_rewrite
- URL Rewriting Engine

- -

This module provides a rule-based rewriting engine to - rewrite requested URLs on the fly.

- -

Status: Extension
- Source File: - mod_rewrite.c
- Module Identifier: - rewrite_module
- Compatibility: Available in - Apache 1.2 and later.

-
-
- - -

Summary

- -
-
-
- ``The great thing about mod_rewrite is it gives you - all the configurability and flexibility of Sendmail. - The downside to mod_rewrite is that it gives you all - the configurability and flexibility of Sendmail.'' - - -
- -- Brian Behlendorf
- Apache Group -
-
-
-
- -
-
-
- `` Despite the tons of examples and docs, - mod_rewrite is voodoo. Damned cool voodoo, but still - voodoo. '' - -
- -- Brian Moore
- bem@news.cmc.net -
-
-
-
- Welcome to mod_rewrite, the Swiss Army Knife of URL - manipulation! - -

This module uses a rule-based rewriting engine (based on a - regular-expression parser) to rewrite requested URLs on the - fly. It supports an unlimited number of rules and an - unlimited number of attached rule conditions for each rule to - provide a really flexible and powerful URL manipulation - mechanism. The URL manipulations can depend on various tests, - for instance server variables, environment variables, HTTP - headers, time stamps and even external database lookups in - various formats can be used to achieve a really granular URL - matching.

- -

This module operates on the full URLs (including the - path-info part) both in per-server context - (httpd.conf) and per-directory context - (.htaccess) and can even generate query-string - parts on result. The rewritten result can lead to internal - sub-processing, external request redirection or even to an - internal proxy throughput.

- -

But all this functionality and flexibility has its - drawback: complexity. So don't expect to understand this - entire module in just one day.

- -

This module was invented and originally written in April - 1996
- and gifted exclusively to the The Apache Group in July 1997 - by

- -
- Ralf S. - Engelschall
- rse@engelschall.com
- www.engelschall.com -
-
- -

Table Of Contents

- -

Internal Processing

- - - -

Configuration Directives

- - - Miscellaneous - - -
- -
-

Internal - Processing

-
-
- -

The internal processing of this module is very complex but - needs to be explained once even to the average user to avoid - common mistakes and to let you exploit its full - functionality.

- -

API - Phases

- -

First you have to understand that when Apache processes a - HTTP request it does this in phases. A hook for each of these - phases is provided by the Apache API. Mod_rewrite uses two of - these hooks: the URL-to-filename translation hook which is - used after the HTTP request has been read but before any - authorization starts and the Fixup hook which is triggered - after the authorization phases and after the per-directory - config files (.htaccess) have been read, but - before the content handler is activated.

- -

So, after a request comes in and Apache has determined the - corresponding server (or virtual server) the rewriting engine - starts processing of all mod_rewrite directives from the - per-server configuration in the URL-to-filename phase. A few - steps later when the final data directories are found, the - per-directory configuration directives of mod_rewrite are - triggered in the Fixup phase. In both situations mod_rewrite - rewrites URLs either to new URLs or to filenames, although - there is no obvious distinction between them. This is a usage - of the API which was not intended to be this way when the API - was designed, but as of Apache 1.x this is the only way - mod_rewrite can operate. To make this point more clear - remember the following two points:

- -
    -
  1. Although mod_rewrite rewrites URLs to URLs, URLs to - filenames and even filenames to filenames, the API - currently provides only a URL-to-filename hook. In Apache - 2.0 the two missing hooks will be added to make the - processing more clear. But this point has no drawbacks for - the user, it is just a fact which should be remembered: - Apache does more in the URL-to-filename hook than the API - intends for it.
    2. - -
  2. - Unbelievably mod_rewrite provides URL manipulations in - per-directory context, i.e., within - .htaccess files, although these are reached - a very long time after the URLs have been translated to - filenames. It has to be this way because - .htaccess files live in the filesystem, so - processing has already reached this stage. In other - words: According to the API phases at this time it is too - late for any URL manipulations. To overcome this chicken - and egg problem mod_rewrite uses a trick: When you - manipulate a URL/filename in per-directory context - mod_rewrite first rewrites the filename back to its - corresponding URL (which is usually impossible, but see - the RewriteBase directive below for the - trick to achieve this) and then initiates a new internal - sub-request with the new URL. This restarts processing of - the API phases. - -

    Again mod_rewrite tries hard to make this complicated - step totally transparent to the user, but you should - remember here: While URL manipulations in per-server - context are really fast and efficient, per-directory - rewrites are slow and inefficient due to this chicken and - egg problem. But on the other hand this is the only way - mod_rewrite can provide (locally restricted) URL - manipulations to the average user.

    -
    3. -
- -

Don't forget these two points!

- -

Ruleset - Processing

- Now when mod_rewrite is triggered in these two API phases, it - reads the configured rulesets from its configuration - structure (which itself was either created on startup for - per-server context or during the directory walk of the Apache - kernel for per-directory context). Then the URL rewriting - engine is started with the contained ruleset (one or more - rules together with their conditions). The operation of the - URL rewriting engine itself is exactly the same for both - configuration contexts. Only the final result processing is - different. - -

The order of rules in the ruleset is important because the - rewriting engine processes them in a special (and not very - obvious) order. The rule is this: The rewriting engine loops - through the ruleset rule by rule (RewriteRule - directives) and when a particular rule matches it optionally - loops through existing corresponding conditions - (RewriteCond directives). For historical reasons - the conditions are given first, and so the control flow is a - little bit long-winded. See Figure 1 for more details.

- -
- - - - - - - - -
[Needs graphics capability to display]
Figure 1: The - control flow through the rewriting ruleset
-
- -

As you can see, first the URL is matched against the - Pattern of each rule. When it fails mod_rewrite - immediately stops processing this rule and continues with the - next rule. If the Pattern matches, mod_rewrite looks - for corresponding rule conditions. If none are present, it - just substitutes the URL with a new value which is - constructed from the string Substitution and goes on - with its rule-looping. But if conditions exist, it starts an - inner loop for processing them in the order that they are - listed. For conditions the logic is different: we don't match - a pattern against the current URL. Instead we first create a - string TestString by expanding variables, - back-references, map lookups, etc. and then we try - to match CondPattern against it. If the pattern - doesn't match, the complete set of conditions and the - corresponding rule fails. If the pattern matches, then the - next condition is processed until no more conditions are - available. If all conditions match, processing is continued - with the substitution of the URL with - Substitution.

- -

Quoting Special - Characters

- -

As of Apache 1.3.20, special characters in - TestString and Substitution strings can be - escaped (that is, treated as normal characters without their - usual special meaning) by prefixing them with a slosh ('\') - character. In other words, you can include an actual - dollar-sign character in a Substitution string by - using '\$'; this keeps mod_rewrite from trying - to treat it as a backreference.

- -

Regex - Back-Reference Availability

- One important thing here has to be remembered: Whenever you - use parentheses in Pattern or in one of the - CondPattern, back-references are internally created - which can be used with the strings $N and - %N (see below). These are available for creating - the strings Substitution and TestString. - Figure 2 shows to which locations the back-references are - transferred for expansion. - -
- - - - - - - - -
[Needs graphics capability to display]
Figure 2: The - back-reference flow through a rule
-
- -

We know this was a crash course on mod_rewrite's internal - processing. But you will benefit from this knowledge when - reading the following documentation of the available - directives.

-
- -
-

Configuration Directives

-
-
- -

RewriteEngine

- Syntax: RewriteEngine - on|off
- Default: RewriteEngine - off
- Context: server config, - virtual host, directory, .htaccess
- Override: FileInfo
- Status: Extension
- Module: mod_rewrite.c
- Compatibility: Apache - 1.2
- - -

The RewriteEngine directive enables or - disables the runtime rewriting engine. If it is set to - off this module does no runtime processing at - all. It does not even update the SCRIPT_URx - environment variables.

- -

Use this directive to disable the module instead of - commenting out all the RewriteRule - directives!

- -

Note that, by default, rewrite configurations are not - inherited. This means that you need to have a - RewriteEngine on directive for each virtual host - in which you wish to use it.

-
- -

RewriteOptions

- Syntax: RewriteOptions - Option
- Default: RewriteOptions - MaxRedirects=10
- Context: server config, - virtual host, directory, .htaccess
- Override: FileInfo
- Status: Extension
- Module: mod_rewrite.c
- Compatibility: Apache - 1.2; MaxRedirects is available in Apache 1.3.28 and - later
- - -

The RewriteOptions directive sets some - special options for the current per-server or per-directory - configuration. The Option strings can be one of the - following:

- -
-
inherit
-
This forces the current configuration to inherit the - configuration of the parent. In per-virtual-server context - this means that the maps, conditions and rules of the main - server are inherited. In per-directory context this means - that conditions and rules of the parent directory's - .htaccess configuration are inherited.
- -
MaxRedirects=number
-
In order to prevent endless loops of internal redirects - issued by per-directory RewriteRules, - mod_rewrite aborts the request after reaching a - maximum number of such redirects and responds with an 500 Internal - Server Error. If you really need more internal redirects than 10 - per request, you may increase the default to the desired value.
-
-
- -

RewriteLog

- Syntax: RewriteLog - file-path
- Default: None
- Context: server config, - virtual host
- Override: Not - applicable
- Status: Extension
- Module: mod_rewrite.c
- Compatibility: Apache - 1.2
- - -

The RewriteLog directive sets the name of the - file to which the server logs any rewriting actions it - performs. If the name does not begin with a slash - ('/') then it is assumed to be relative to the - Server Root. The directive should occur only once - per server config.

- - - - - -
Note: To disable the logging of - rewriting actions it is not recommended to set - file-path to /dev/null, because - although the rewriting engine does not then output to a - logfile it still creates the logfile output internally. - This will slow down the server with no advantage - to the administrator! To disable logging either - remove or comment out the RewriteLog - directive or use RewriteLogLevel 0!
- - - - - -
Security: See the Apache Security - Tips document for details on why your security could - be compromised if the directory where logfiles are stored - is writable by anyone other than the user that starts the - server.
- -

Example:

- -
-
-RewriteLog "/usr/local/var/apache/logs/rewrite.log"
-
-
-
- -

RewriteLogLevel

- Syntax: RewriteLogLevel - Level
- Default: - RewriteLogLevel 0
- Context: server config, - virtual host
- Override: Not - applicable
- Status: Extension
- Module: mod_rewrite.c
- Compatibility: Apache - 1.2
- - -

The RewriteLogLevel directive sets the - verbosity level of the rewriting logfile. The default level 0 - means no logging, while 9 or more means that practically all - actions are logged.

- -

To disable the logging of rewriting actions simply set - Level to 0. This disables all rewrite action - logs.

- - - - - -
Notice: Using a high value for - Level will slow down your Apache server - dramatically! Use the rewriting logfile at a - Level greater than 2 only for debugging!
- -

Example:

- -
-
-RewriteLogLevel 3
-
-
-
- -

RewriteLock

- Syntax: RewriteLock - file-path
- Default: None
- Context: server config
- Override: Not - applicable
- Status: Extension
- Module: mod_rewrite.c
- Compatibility: Apache - 1.3
- - -

This directive sets the filename for a synchronization - lockfile which mod_rewrite needs to communicate with - RewriteMap programs. Set this lockfile - to a local path (not on a NFS-mounted device) when you want - to use a rewriting map-program. It is not required for other - types of rewriting maps.

-
- -

RewriteMap

- Syntax: RewriteMap - MapName MapType:MapSource
- Default: not used per - default
- Context: server config, - virtual host
- Override: Not - applicable
- Status: Extension
- Module: mod_rewrite.c
- Compatibility: Apache 1.2 - (partially), Apache 1.3
- - -

The RewriteMap directive defines a - Rewriting Map which can be used inside rule - substitution strings by the mapping-functions to - insert/substitute fields through a key lookup. The source of - this lookup can be of various types.

- -

The MapName is - the name of the map and will be used to specify a - mapping-function for the substitution strings of a rewriting - rule via one of the following constructs:

- -
- ${ MapName : - LookupKey }
- ${ MapName : - LookupKey | DefaultValue - } -
- When such a construct occurs the map MapName is - consulted and the key LookupKey is looked-up. If the - key is found, the map-function construct is substituted by - SubstValue. If the key is not found then it is - substituted by DefaultValue or by the empty string - if no DefaultValue was specified. - -

The following combinations for MapType and - MapSource can be used:

- -
    -
  • - Standard Plain Text
    - MapType: txt, MapSource: Unix filesystem - path to valid regular file - -

    This is the standard rewriting map feature where the - MapSource is a plain ASCII file containing - either blank lines, comment lines (starting with a '#' - character) or pairs like the following - one per - line.

    - -
    - MatchingKey - SubstValue -
    - -

    Example:

    - - - - - -
    -
    -##
-##  map.txt -- rewriting map
-##
-
-Ralf.S.Engelschall    rse   # Bastard Operator From Hell
-Mr.Joe.Average        joe   # Mr. Average
-
    -
    - - - - - -
    -
    -RewriteMap real-to-user txt:/path/to/file/map.txt
-
    -
    -
    • - -
  • - Randomized Plain Text
    - MapType: rnd, MapSource: Unix filesystem - path to valid regular file - -

    This is identical to the Standard Plain Text variant - above but with a special post-processing feature: After - looking up a value it is parsed according to contained - ``|'' characters which have the meaning of - ``or''. In other words they indicate a set of - alternatives from which the actual returned value is - chosen randomly. Although this sounds crazy and useless, - it was actually designed for load balancing in a reverse - proxy situation where the looked up values are server - names. Example:

    - - - - - -
    -
    -##
-##  map.txt -- rewriting map
-##
-
-static   www1|www2|www3|www4
-dynamic  www5|www6
-
    -
    - - - - - -
    -
    -RewriteMap servers rnd:/path/to/file/map.txt
-
    -
    -
    • - -
  • - Hash File
    - MapType: dbm, MapSource: Unix filesystem - path to valid regular file - -

    Here the source is a binary NDBM format file - containing the same contents as a Plain Text - format file, but in a special representation which is - optimized for really fast lookups. You can create such a - file with any NDBM tool or with the following Perl - script:

    - - - - - -
    -
    -#!/path/to/bin/perl
-##
-##  txt2dbm -- convert txt map to dbm format
-##
-
-use NDBM_File;
-use Fcntl;
-
-($txtmap, $dbmmap) = @ARGV;
-
-open(TXT, "<$txtmap") or die "Couldn't open $txtmap!\n";
-tie (%DB, 'NDBM_File', $dbmmap,O_RDWR|O_TRUNC|O_CREAT, 0644) or die "Couldn't create $dbmmap!\n";
-
-while (<TXT>) {
-  next if (/^\s*#/ or /^\s*$/);
-  $DB{$1} = $2 if (/^\s*(\S+)\s+(\S+)/);
-}
-
-untie %DB;
-close(TXT);
-
    -
    - - - - - -
    -
    -$ txt2dbm map.txt map.db
-
    -
    -
    • - -
  • - Internal Function
    - MapType: int, MapSource: Internal Apache - function - -

    Here the source is an internal Apache function. - Currently you cannot create your own, but the following - functions already exists:

    - -
      -
    • toupper:
      - Converts the looked up key to all upper case.
      • - -
    • tolower:
      - Converts the looked up key to all lower case.
      • - -
    • escape:
      - Translates special characters in the looked up key to - hex-encodings.
      • - -
    • unescape:
      - Translates hex-encodings in the looked up key back to - special characters.
      • -
    -
    • - -
  • - External Rewriting Program
    - MapType: prg, MapSource: Unix filesystem - path to valid regular file - -

    Here the source is a program, not a map file. To - create it you can use the language of your choice, but - the result has to be a executable (i.e., either - object-code or a script with the magic cookie trick - '#!/path/to/interpreter' as the first - line).

    - -

    This program is started once at startup of the Apache - servers and then communicates with the rewriting engine - over its stdin and stdout - file-handles. For each map-function lookup it will - receive the key to lookup as a newline-terminated string - on stdin. It then has to give back the - looked-up value as a newline-terminated string on - stdout or the four-character string - ``NULL'' if it fails (i.e., there - is no corresponding value for the given key). A trivial - program which will implement a 1:1 map (i.e., - key == value) could be:

    - - - - - -
    -
    -#!/usr/bin/perl
-$| = 1;
-while (<STDIN>) {
-    # ...put here any transformations or lookups...
-    print $_;
-}
-
    -
    - -

    But be very careful:
    -

    - -
      -
    1. ``Keep it simple, stupid'' (KISS), because - if this program hangs it will hang the Apache server - when the rule occurs.
      2. - -
    2. Avoid one common mistake: never do buffered I/O on - stdout! This will cause a deadloop! Hence - the ``$|=1'' in the above example...
      3. - -
    3. Use the RewriteLock directive to - define a lockfile mod_rewrite can use to synchronize - the communication to the program. By default no such - synchronization takes place.
      4. -
    -
    • -
- The RewriteMap directive can occur more than - once. For each mapping-function use one - RewriteMap directive to declare its rewriting - mapfile. While you cannot declare a map in - per-directory context it is of course possible to - use this map in per-directory context. - - - - - -
Note: For plain text and DBM format - files the looked-up keys are cached in-core until the - mtime of the mapfile changes or the server - does a restart. This way you can have map-functions in - rules which are used for every request. - This is no problem, because the external lookup only - happens once!
-
- -

RewriteBase

- Syntax: RewriteBase - URL-path
- Default: default is the - physical directory path
- Context: directory, - .htaccess
- Override: - FileInfo
- Status: Extension
- Module: mod_rewrite.c
- Compatibility: Apache - 1.2
- - -

The RewriteBase directive explicitly sets the - base URL for per-directory rewrites. As you will see below, - RewriteRule can be used in per-directory config - files (.htaccess). There it will act locally, - i.e., the local directory prefix is stripped at this - stage of processing and your rewriting rules act only on the - remainder. At the end it is automatically added back to the - path.

- -

When a substitution occurs for a new URL, this module has - to re-inject the URL into the server processing. To be able - to do this it needs to know what the corresponding URL-prefix - or URL-base is. By default this prefix is the corresponding - filepath itself. But at most websites URLs are NOT - directly related to physical filename paths, so this - assumption will usually be wrong! There you have to - use the RewriteBase directive to specify the - correct URL-prefix.

- - - - - -
Notice: If your webserver's URLs are - not directly related to physical file - paths, you have to use RewriteBase in every - .htaccess files where you want to use - RewriteRule directives.
- -

Example:

- -
- Assume the following per-directory config file: - - - - - -
-
-#
-#  /abc/def/.htaccess -- per-dir config file for directory /abc/def
-#  Remember: /abc/def is the physical path of /xyz, i.e., the server
-#            has a 'Alias /xyz /abc/def' directive e.g.
-#
-
-RewriteEngine On
-
-#  let the server know that we were reached via /xyz and not
-#  via the physical path prefix /abc/def
-RewriteBase   /xyz
-
-#  now the rewriting rules
-RewriteRule   ^oldstuff\.html$  newstuff.html
-
-
- -

In the above example, a request to - /xyz/oldstuff.html gets correctly rewritten to - the physical file /abc/def/newstuff.html.

- - - - - -
- Note - For Apache - hackers:
- The following list gives detailed information about - the internal processing steps: -
-Request:
-  /xyz/oldstuff.html
-
-Internal Processing:
-  /xyz/oldstuff.html     -> /abc/def/oldstuff.html  (per-server Alias)
-  /abc/def/oldstuff.html -> /abc/def/newstuff.html  (per-dir    RewriteRule)
-  /abc/def/newstuff.html -> /xyz/newstuff.html      (per-dir    RewriteBase)
-  /xyz/newstuff.html     -> /abc/def/newstuff.html  (per-server Alias)
-
-Result:
-  /abc/def/newstuff.html
-
-
- This seems very complicated but is - the correct Apache internal processing, because the - per-directory rewriting comes too late in the - process. So, when it occurs the (rewritten) request - has to be re-injected into the Apache kernel! BUT: - While this seems like a serious overhead, it really - isn't, because this re-injection happens fully - internally to the Apache server and the same - procedure is used by many other operations inside - Apache. So, you can be sure the design and - implementation is correct. -
-
-
- -

RewriteCond

- Syntax: RewriteCond - TestString CondPattern
- Default: None
- Context: server config, - virtual host, directory, .htaccess
- Override: - FileInfo
- Status: Extension
- Module: mod_rewrite.c
- Compatibility: Apache 1.2 - (partially), Apache 1.3
- - -

The RewriteCond directive defines a rule - condition. Precede a RewriteRule directive with - one or more RewriteCond directives. The - following rewriting rule is only used if its pattern matches - the current state of the URI and if these - additional conditions apply too.

- -

TestString is a string which can contains the - following expanded constructs in addition to plain text:

- -
    -
  • - RewriteRule backreferences: These are - backreferences of the form - -
    - $N -
    - (0 <= N <= 9) which provide access to the grouped - parts (parenthesis!) of the pattern from the - corresponding RewriteRule directive (the one - following the current bunch of RewriteCond - directives). -
    • - -
  • - RewriteCond backreferences: These are - backreferences of the form - -
    - %N -
    - (1 <= N <= 9) which provide access to the grouped - parts (parentheses!) of the pattern from the last matched - RewriteCond directive in the current bunch - of conditions. -
    • - -
  • - RewriteMap expansions: These are - expansions of the form - -
    - ${mapname:key|default} -
    - See the documentation for - RewriteMap for more details. -
    • - -
  • - Server-Variables: These are variables of - the form - -
    - %{ NAME_OF_VARIABLE - } -
    - where NAME_OF_VARIABLE can be a string taken - from the following list: - - - - - - - - - - - - - - - -
    - HTTP headers: - -

    HTTP_USER_AGENT
    - HTTP_REFERER
    - HTTP_COOKIE
    - HTTP_FORWARDED
    - HTTP_HOST
    - HTTP_PROXY_CONNECTION
    - HTTP_ACCEPT
    -

    -     		- connection & request: - -

    REMOTE_ADDR
    - REMOTE_HOST
    - REMOTE_USER
    - REMOTE_IDENT
    - REQUEST_METHOD
    - SCRIPT_FILENAME
    - PATH_INFO
    - QUERY_STRING
    - AUTH_TYPE
    -

    -
    - server internals: - -

    DOCUMENT_ROOT
    - SERVER_ADMIN
    - SERVER_NAME
    - SERVER_ADDR
    - SERVER_PORT
    - SERVER_PROTOCOL
    - SERVER_SOFTWARE
    -

    -     		- system stuff: - -

    TIME_YEAR
    - TIME_MON
    - TIME_DAY
    - TIME_HOUR
    - TIME_MIN
    - TIME_SEC
    - TIME_WDAY
    - TIME
    -

    -     		- specials: - -

    API_VERSION
    - THE_REQUEST
    - REQUEST_URI
    - REQUEST_FILENAME
    - IS_SUBREQ
    -

    -
    - - - - - -
    -

    Notice: These variables all - correspond to the similarly named HTTP - MIME-headers, C variables of the Apache server or - struct tm fields of the Unix system. - Most are documented elsewhere in the Manual or in - the CGI specification. Those that are special to - mod_rewrite include:

    - -
    -
    IS_SUBREQ
    - -
    Will contain the text "true" if the request - currently being processed is a sub-request, - "false" otherwise. Sub-requests may be generated - by modules that need to resolve additional files - or URIs in order to complete their tasks.
    - -
    API_VERSION
    - -
    This is the version of the Apache module API - (the internal interface between server and - module) in the current httpd build, as defined in - include/ap_mmn.h. The module API version - corresponds to the version of Apache in use (in - the release version of Apache 1.3.14, for - instance, it is 19990320:10), but is mainly of - interest to module authors.
    - -
    THE_REQUEST
    - -
    The full HTTP request line sent by the - browser to the server (e.g., "GET - /index.html HTTP/1.1"). This does not - include any additional headers sent by the - browser.
    - -
    REQUEST_URI
    - -
    The resource requested in the HTTP request - line. (In the example above, this would be - "/index.html".)
    - -
    REQUEST_FILENAME
    - -
    The full local filesystem path to the file or - script matching the request.
    -
    -
    -
    • -
- -

Special Notes:

- -
    -
  1. The variables SCRIPT_FILENAME and REQUEST_FILENAME - contain the same value, i.e., the value of the - filename field of the internal - request_rec structure of the Apache server. - The first name is just the commonly known CGI variable name - while the second is the consistent counterpart to - REQUEST_URI (which contains the value of the - uri field of request_rec).
    2. - -
  2. There is the special format: - %{ENV:variable} where variable can be - any environment variable. This is looked-up via internal - Apache structures and (if not found there) via - getenv() from the Apache server process.
    3. - -
  3. There is the special format: - %{HTTP:header} where header can be - any HTTP MIME-header name. This is looked-up from the HTTP - request. Example: %{HTTP:Proxy-Connection} is - the value of the HTTP header - ``Proxy-Connection:''.
    4. - -
  4. There is the special format - %{LA-U:variable} for look-aheads which perform - an internal (URL-based) sub-request to determine the final - value of variable. Use this when you want to use a - variable for rewriting which is actually set later in an - API phase and thus is not available at the current stage. - For instance when you want to rewrite according to the - REMOTE_USER variable from within the - per-server context (httpd.conf file) you have - to use %{LA-U:REMOTE_USER} because this - variable is set by the authorization phases which come - after the URL translation phase where mod_rewrite - operates. On the other hand, because mod_rewrite implements - its per-directory context (.htaccess file) via - the Fixup phase of the API and because the authorization - phases come before this phase, you just can use - %{REMOTE_USER} there.
    5. - -
  5. There is the special format: - %{LA-F:variable} which performs an internal - (filename-based) sub-request to determine the final value - of variable. Most of the time this is the same as - LA-U above.
    6. -
- -

CondPattern is the condition pattern, - i.e., a regular expression which is applied to the - current instance of the TestString, i.e., - TestString is evaluated and then matched against - CondPattern.

- -

Remember: CondPattern is a - standard Extended Regular Expression with some - additions:

- -
    -
  1. You can prefix the pattern string with a - '!' character (exclamation mark) to specify a - non-matching pattern.
    2. - -
  2. - There are some special variants of CondPatterns. - Instead of real regular expression strings you can also - use one of the following: - -
      -
    • '<CondPattern' (is lexically - lower)
      - Treats the CondPattern as a plain string and - compares it lexically to TestString. True if - TestString is lexically lower than - CondPattern.
      • - -
    • '>CondPattern' (is lexically - greater)
      - Treats the CondPattern as a plain string and - compares it lexically to TestString. True if - TestString is lexically greater than - CondPattern.
      • - -
    • '=CondPattern' (is lexically - equal)
      - Treats the CondPattern as a plain string and - compares it lexically to TestString. True if - TestString is lexically equal to - CondPattern, i.e the two strings are exactly - equal (character by character). If CondPattern - is just "" (two quotation marks) this - compares TestString to the empty string.
      • - -
    • '-d' (is - directory)
      - Treats the TestString as a pathname and tests - if it exists and is a directory.
      • - -
    • '-f' (is regular - file)
      - Treats the TestString as a pathname and tests - if it exists and is a regular file.
      • - -
    • '-s' (is regular file with - size)
      - Treats the TestString as a pathname and tests - if it exists and is a regular file with size greater - than zero.
      • - -
    • '-l' (is symbolic - link)
      - Treats the TestString as a pathname and tests - if it exists and is a symbolic link.
      • - -
    • '-F' (is existing file via - subrequest)
      - Checks if TestString is a valid file and - accessible via all the server's currently-configured - access controls for that path. This uses an internal - subrequest to determine the check, so use it with care - because it decreases your servers performance!
      • - -
    • '-U' (is existing URL via - subrequest)
      - Checks if TestString is a valid URL and - accessible via all the server's currently-configured - access controls for that path. This uses an internal - subrequest to determine the check, so use it with care - because it decreases your server's performance!
      • -
    - - - - - -
    Notice: All of these tests can - also be prefixed by an exclamation mark ('!') to - negate their meaning.
    -
    3. -
- -

Additionally you can set special flags for - CondPattern by appending

- -
- [flags] -
- as the third argument to the RewriteCond - directive. Flags is a comma-separated list of the - following flags: - -
    -
  • 'nocase|NC' - (no case)
    - This makes the test case-insensitive, i.e., there - is no difference between 'A-Z' and 'a-z' both in the - expanded TestString and the CondPattern. - This flag is effective only for comparisons between - TestString and CondPattern. It has no - effect on filesystem and subrequest checks.
    • - -
  • - 'ornext|OR' - (or next condition)
    - Use this to combine rule conditions with a local OR - instead of the implicit AND. Typical example: - -
    -
    -RewriteCond %{REMOTE_HOST}  ^host1.*  [OR]
-RewriteCond %{REMOTE_HOST}  ^host2.*  [OR]
-RewriteCond %{REMOTE_HOST}  ^host3.*
-RewriteRule ...some special stuff for any of these hosts...
-
    -
    - Without this flag you would have to write the cond/rule - three times. -
    • -
- -

Example:

- -
- To rewrite the Homepage of a site according to the - ``User-Agent:'' header of the request, you can - use the following: - -
-
-RewriteCond  %{HTTP_USER_AGENT}  ^Mozilla.*
-RewriteRule  ^/$                 /homepage.max.html  [L]
-
-RewriteCond  %{HTTP_USER_AGENT}  ^Lynx.*
-RewriteRule  ^/$                 /homepage.min.html  [L]
-
-RewriteRule  ^/$                 /homepage.std.html  [L]
-
-
- Interpretation: If you use Netscape Navigator as your - browser (which identifies itself as 'Mozilla'), then you - get the max homepage, which includes Frames, etc. - If you use the Lynx browser (which is Terminal-based), then - you get the min homepage, which contains no images, no - tables, etc. If you use any other browser you get - the standard homepage. -
-
- -

RewriteRule

- Syntax: RewriteRule - Pattern Substitution
- Default: None
- Context: server config, - virtual host, directory, .htaccess
- Override: - FileInfo
- Status: Extension
- Module: mod_rewrite.c
- Compatibility: Apache 1.2 - (partially), Apache 1.3
- - -

The RewriteRule directive is the real - rewriting workhorse. The directive can occur more than once. - Each directive then defines one single rewriting rule. The - definition order of these rules is - important, because this order is used when - applying the rules at run-time.

- -

Pattern can - be (for Apache 1.1.x a System V8 and for Apache 1.2.x and - later a POSIX) regular - expression which gets applied to the current URL. Here - ``current'' means the value of the URL when this rule gets - applied. This may not be the originally requested URL, - because any number of rules may already - have matched and made alterations to it.

- -

Some hints about the syntax of regular expressions:

- - - - - -
-
-Text:
-  .           Any single character
-  [chars]     Character class: One  of chars
-  [^chars]    Character class: None of chars
-  text1|text2 Alternative: text1 or text2
-
-Quantifiers:
-  ?           0 or 1 of the preceding text
-  *           0 or N of the preceding text (N > 0)
-  +           1 or N of the preceding text (N > 1)
-
-Grouping:
-  (text)      Grouping of text
-              (either to set the borders of an alternative or
-              for making backreferences where the Nth group can 
-              be used on the RHS of a RewriteRule with $N)
-
-Anchors:
-  ^           Start of line anchor
-  $           End   of line anchor
-
-Escaping:
-  \char       escape that particular char
-              (for instance to specify the chars ".[]()" etc.)
-
-
- -

For more information about regular expressions either have - a look at your local regex(3) manpage or its - src/regex/regex.3 copy in the Apache 1.3 - distribution. If you are interested in more detailed - information about regular expressions and their variants - (POSIX regex, Perl regex, etc.) have a look at the - following dedicated book on this topic:

- -
- Mastering Regular Expressions
- Jeffrey E.F. Friedl
- Nutshell Handbook Series
- O'Reilly & Associates, Inc. 1997
- ISBN 1-56592-257-3
-
- -

Additionally in mod_rewrite the NOT character - ('!') is a possible pattern prefix. This gives - you the ability to negate a pattern; to say, for instance: - ``if the current URL does NOT match this - pattern''. This can be used for exceptional cases, where - it is easier to match the negative pattern, or as a last - default rule.

- - - - - -
Notice: When using the NOT character - to negate a pattern you cannot have grouped wildcard - parts in the pattern. This is impossible because when the - pattern does NOT match, there are no contents for the - groups. In consequence, if negated patterns are used, you - cannot use $N in the substitution - string!
- -

Substitution of a - rewriting rule is the string which is substituted for (or - replaces) the original URL for which Pattern - matched. Beside plain text you can use

- -
    -
  1. back-references $N to the RewriteRule - pattern
    2. - -
  2. back-references %N to the last matched - RewriteCond pattern
    3. - -
  3. server-variables as in rule condition test-strings - (%{VARNAME})
    4. - -
  4. mapping-function calls - (${mapname:key|default})
    5. -
- Back-references are $N - (N=0..9) identifiers which will be replaced - by the contents of the Nth group of the - matched Pattern. The server-variables are the same - as for the TestString of a RewriteCond - directive. The mapping-functions come from the - RewriteMap directive and are explained there. - These three types of variables are expanded in the order of - the above list. - -

As already mentioned above, all the rewriting rules are - applied to the Substitution (in the order of - definition in the config file). The URL is completely - replaced by the Substitution and the - rewriting process goes on until there are no more rules - unless explicitly terminated by a - L flag - see below.

- -

There is a special substitution string named - '-' which means: NO - substitution! Sounds silly? No, it is useful to - provide rewriting rules which only match - some URLs but do no substitution, e.g., in - conjunction with the C (chain) flag to be - able to have more than one pattern to be applied before a - substitution occurs.

- -

One more note: You can even create URLs in the - substitution string containing a query string part. Just use - a question mark inside the substitution string to indicate - that the following stuff should be re-injected into the - QUERY_STRING. When you want to erase an existing query - string, end the substitution string with just the question - mark.

- - - - - -
Note: There is a special feature: - When you prefix a substitution field with - http://thishost[:thisport] - then mod_rewrite automatically strips it - out. This auto-reduction on implicit external redirect - URLs is a useful and important feature when used in - combination with a mapping-function which generates the - hostname part. Have a look at the first example in the - example section below to understand this.
- - - - - -
Remember: An unconditional external - redirect to your own server will not work with the prefix - http://thishost because of this feature. To - achieve such a self-redirect, you have to use the - R-flag (see below).
- -

Additionally you can set special flags for - Substitution by appending

- -
- [flags] -
- as the third argument to the RewriteRule - directive. Flags is a comma-separated list of the - following flags: - -
    -
  • - 'redirect|R - [=code]' (force redirect)
    - Prefix Substitution with - http://thishost[:thisport]/ (which makes the - new URL a URI) to force a external redirection. If no - code is given a HTTP response of 302 (MOVED - TEMPORARILY) is used. If you want to use other response - codes in the range 300-400 just specify them as a number - or use one of the following symbolic names: - temp (default), permanent, - seeother. Use it for rules which should - canonicalize the URL and give it back to the client, - e.g., translate ``/~'' into - ``/u/'' or always append a slash to - /u/user, etc.
    - - -

    Note: When you use this flag, make - sure that the substitution field is a valid URL! If not, - you are redirecting to an invalid location! And remember - that this flag itself only prefixes the URL with - http://thishost[:thisport]/, rewriting - continues. Usually you also want to stop and do the - redirection immediately. To stop the rewriting you also - have to provide the 'L' flag.

    -
    • - -
  • 'forbidden|F' (force URL - to be forbidden)
    - This forces the current URL to be forbidden, - i.e., it immediately sends back a HTTP response of - 403 (FORBIDDEN). Use this flag in conjunction with - appropriate RewriteConds to conditionally block some - URLs.
    • - -
  • 'gone|G' (force URL to be - gone)
    - This forces the current URL to be gone, i.e., it - immediately sends back a HTTP response of 410 (GONE). Use - this flag to mark pages which no longer exist as gone.
    • - -
  • - 'proxy|P' (force - proxy)
    - This flag forces the substitution part to be internally - forced as a proxy request and immediately (i.e., - rewriting rule processing stops here) put through the proxy module. You have to make - sure that the substitution string is a valid URI - (e.g., typically starting with - http://hostname) which can be - handled by the Apache proxy module. If not you get an - error from the proxy module. Use this flag to achieve a - more powerful implementation of the ProxyPass directive, - to map some remote stuff into the namespace of the local - server. - -

    Notice: To use this functionality make sure you have - the proxy module compiled into your Apache server - program. If you don't know please check whether - mod_proxy.c is part of the ``httpd - -l'' output. If yes, this functionality is - available to mod_rewrite. If not, then you first have to - rebuild the ``httpd'' program with mod_proxy - enabled.

    -
    • - -
  • 'last|L' - (last rule)
    - Stop the rewriting process here and don't apply any more - rewriting rules. This corresponds to the Perl - last command or the break command - from the C language. Use this flag to prevent the currently - rewritten URL from being rewritten further by following - rules. For example, use it to rewrite the root-path URL - ('/') to a real one, e.g., - '/e/www/'.
    • - -
  • 'next|N' - (next round)
    - Re-run the rewriting process (starting again with the - first rewriting rule). Here the URL to match is again not - the original URL but the URL from the last rewriting rule. - This corresponds to the Perl next command or - the continue command from the C language. Use - this flag to restart the rewriting process, i.e., - to immediately go to the top of the loop.
    - But be careful not to create an infinite - loop!
    • - -
  • 'chain|C' - (chained with next rule)
    - This flag chains the current rule with the next rule - (which itself can be chained with the following rule, - etc.). This has the following effect: if a rule - matches, then processing continues as usual, i.e., - the flag has no effect. If the rule does - not match, then all following chained - rules are skipped. For instance, use it to remove the - ``.www'' part inside a per-directory rule set - when you let an external redirect happen (where the - ``.www'' part should not to occur!).
    • - -
  • - 'type|T=MIME-type' - (force MIME type)
    - Force the MIME-type of the target file to be - MIME-type. For instance, this can be used to - simulate the mod_alias directive - ScriptAlias which internally forces all files - inside the mapped directory to have a MIME type of - ``application/x-httpd-cgi''.
    • - -
  • - 'nosubreq|NS' (used only if - no internal - sub-request)
    - This flag forces the rewriting engine to skip a - rewriting rule if the current request is an internal - sub-request. For instance, sub-requests occur internally - in Apache when mod_include tries to find out - information about possible directory default files - (index.xxx). On sub-requests it is not - always useful and even sometimes causes a failure to if - the complete set of rules are applied. Use this flag to - exclude some rules.
    - - -

    Use the following rule for your decision: whenever you - prefix some URLs with CGI-scripts to force them to be - processed by the CGI-script, the chance is high that you - will run into problems (or even overhead) on - sub-requests. In these cases, use this flag.

    -
    • - -
  • 'nocase|NC' - (no case)
    - This makes the Pattern case-insensitive, - i.e., there is no difference between 'A-Z' and - 'a-z' when Pattern is matched against the current - URL.
    • - -
  • 'qsappend|QSA' - (query string - append)
    - This flag forces the rewriting engine to append a query - string part in the substitution string to the existing one - instead of replacing it. Use this when you want to add more - data to the query string via a rewrite rule.
    • - -
  • - 'noescape|NE' - (no URI escaping of - output)
    - This flag keeps mod_rewrite from applying the usual URI - escaping rules to the result of a rewrite. Ordinarily, - special characters (such as '%', '$', ';', and so on) - will be escaped into their hexcode equivalents ('%25', - '%24', and '%3B', respectively); this flag prevents this - from being done. This allows percent symbols to appear in - the output, as in -
    -    RewriteRule /foo/(.*) /bar?arg=P1\%3d$1 [R,NE]
-   
-
    - which would turn '/foo/zed' into a safe - request for '/bar?arg=P1=zed'. - - - - - -
    Notice: The - noescape flag is only available with - Apache 1.3.20 and later versions.
    -
    • - -
  • - 'passthrough|PT' - (pass through to next - handler)
    - This flag forces the rewriting engine to set the - uri field of the internal - request_rec structure to the value of the - filename field. This flag is just a hack to - be able to post-process the output of - RewriteRule directives by - Alias, ScriptAlias, - Redirect, etc. directives from - other URI-to-filename translators. A trivial example to - show the semantics: If you want to rewrite - /abc to /def via the rewriting - engine of mod_rewrite and then - /def to /ghi with - mod_alias: -
    -    RewriteRule ^/abc(.*)  /def$1 [PT]
-    Alias       /def       /ghi
-   
-
    - If you omit the PT flag then - mod_rewrite will do its job fine, - i.e., it rewrites uri=/abc/... to - filename=/def/... as a full API-compliant - URI-to-filename translator should do. Then - mod_alias comes and tries to do a - URI-to-filename transition which will not work. - -

    Note: You have to use this flag if you want to - intermix directives of different modules which contain - URL-to-filename translators. The typical example - is the use of mod_alias and - mod_rewrite..

    -
    • - -
  • 'skip|S=num' - (skip next rule(s))
    - This flag forces the rewriting engine to skip the next - num rules in sequence when the current rule - matches. Use this to make pseudo if-then-else constructs: - The last rule of the then-clause becomes - skip=N where N is the number of rules in the - else-clause. (This is not the same as the - 'chain|C' flag!)
    • - -
  • - 'env|E=VAR:VAL' - (set environment variable)
    - This forces an environment variable named VAR to - be set to the value VAL, where VAL can - contain regexp backreferences $N and - %N which will be expanded. You can use this - flag more than once to set more than one variable. The - variables can be later dereferenced in many situations, but - usually from within XSSI (via <!--#echo - var="VAR"-->) or CGI (e.g. - $ENV{'VAR'}). Additionally you can dereference - it in a following RewriteCond pattern via - %{ENV:VAR}. Use this to strip but remember - information from URLs.
    • -
- - - - - -
- Note: Never forget that - Pattern is applied to a complete URL in - per-server configuration files. But in - per-directory configuration files, the per-directory - prefix (which always is the same for a specific - directory!) is automatically removed for the - pattern matching and automatically added after - the substitution has been done. This feature - is essential for many sorts of rewriting, because - without this prefix stripping you have to match the - parent directory which is not always possible. - -

There is one exception: If a substitution string - starts with ``http://'' then the directory - prefix will not be added and an - external redirect or proxy throughput (if flag - P is used!) is forced!

-
- - - - - -
Note: To enable the rewriting engine - for per-directory configuration files you need to set - ``RewriteEngine On'' in these files - and ``Options - FollowSymLinks'' must be enabled. If your - administrator has disabled override of - FollowSymLinks for a user's directory, then - you cannot use the rewriting engine. This restriction is - needed for security reasons.
- -

Here are all possible substitution combinations and their - meanings:

- -

Inside per-server configuration - (httpd.conf)
- for request ``GET - /somepath/pathinfo'':
-

- - - - - -
-
-Given Rule                                      Resulting Substitution
-----------------------------------------------  ----------------------------------
-^/somepath(.*) otherpath$1                      not supported, because invalid!
-
-^/somepath(.*) otherpath$1  [R]                 not supported, because invalid!
-
-^/somepath(.*) otherpath$1  [P]                 not supported, because invalid!
-----------------------------------------------  ----------------------------------
-^/somepath(.*) /otherpath$1                     /otherpath/pathinfo
-
-^/somepath(.*) /otherpath$1 [R]                 http://thishost/otherpath/pathinfo
-                                                via external redirection
-
-^/somepath(.*) /otherpath$1 [P]                 not supported, because silly!
-----------------------------------------------  ----------------------------------
-^/somepath(.*) http://thishost/otherpath$1      /otherpath/pathinfo
-
-^/somepath(.*) http://thishost/otherpath$1 [R]  http://thishost/otherpath/pathinfo
-                                                via external redirection
-
-^/somepath(.*) http://thishost/otherpath$1 [P]  not supported, because silly!
-----------------------------------------------  ----------------------------------
-^/somepath(.*) http://otherhost/otherpath$1     http://otherhost/otherpath/pathinfo
-                                                via external redirection
-
-^/somepath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
-                                                via external redirection
-                                                (the [R] flag is redundant)
-
-^/somepath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
-                                                via internal proxy
-
-
- -

Inside per-directory configuration for - /somepath
- (i.e., file .htaccess in dir - /physical/path/to/somepath containing - RewriteBase /somepath)
- for request ``GET - /somepath/localpath/pathinfo'':
-

- - - - - -
-
-Given Rule                                      Resulting Substitution
-----------------------------------------------  ----------------------------------
-^localpath(.*) otherpath$1                      /somepath/otherpath/pathinfo
-
-^localpath(.*) otherpath$1  [R]                 http://thishost/somepath/otherpath/pathinfo
-                                                via external redirection
-
-^localpath(.*) otherpath$1  [P]                 not supported, because silly!
-----------------------------------------------  ----------------------------------
-^localpath(.*) /otherpath$1                     /otherpath/pathinfo
-
-^localpath(.*) /otherpath$1 [R]                 http://thishost/otherpath/pathinfo
-                                                via external redirection
-
-^localpath(.*) /otherpath$1 [P]                 not supported, because silly!
-----------------------------------------------  ----------------------------------
-^localpath(.*) http://thishost/otherpath$1      /otherpath/pathinfo
-
-^localpath(.*) http://thishost/otherpath$1 [R]  http://thishost/otherpath/pathinfo
-                                                via external redirection
-
-^localpath(.*) http://thishost/otherpath$1 [P]  not supported, because silly!
-----------------------------------------------  ----------------------------------
-^localpath(.*) http://otherhost/otherpath$1     http://otherhost/otherpath/pathinfo
-                                                via external redirection
-
-^localpath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
-                                                via external redirection
-                                                (the [R] flag is redundant)
-
-^localpath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
-                                                via internal proxy
-
-
- -

Example:

- -
- We want to rewrite URLs of the form - -
- / Language /~ - Realname /.../ File -
- into - -
- /u/ Username /.../ - File . Language -
- -

We take the rewrite mapfile from above and save it under - /path/to/file/map.txt. Then we only have to - add the following lines to the Apache server configuration - file:

- -
-
-RewriteLog   /path/to/file/rewrite.log
-RewriteMap   real-to-user               txt:/path/to/file/map.txt
-RewriteRule  ^/([^/]+)/~([^/]+)/(.*)$   /u/${real-to-user:$2|nobody}/$3.$1
-
-
-
-
- -
-

Miscellaneous

-
-
- -

Environment - Variables

- This module keeps track of two additional (non-standard) - CGI/SSI environment variables named SCRIPT_URL - and SCRIPT_URI. These contain the - logical Web-view to the current resource, while the - standard CGI/SSI variables SCRIPT_NAME and - SCRIPT_FILENAME contain the physical - System-view. - -

Notice: These variables hold the URI/URL as they were - initially requested, i.e., before any - rewriting. This is important because the rewriting process is - primarily used to rewrite logical URLs to physical - pathnames.

- -

Example:

- -
-
-SCRIPT_NAME=/sw/lib/w3s/tree/global/u/rse/.www/index.html
-SCRIPT_FILENAME=/u/rse/.www/index.html
-SCRIPT_URL=/u/rse/
-SCRIPT_URI=http://en1.engelschall.com/u/rse/
-
-
-
- -

Practical - Solutions

- We also have an URL - Rewriting Guide available, which provides a collection of - practical solutions for URL-based problems. There you can - find real-life rulesets and additional information about - mod_rewrite. -
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html b/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html deleted file mode 100644 index 2837e4619b9..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_setenvif.html +++ /dev/null @@ -1,341 +0,0 @@ - - - - - - - - Apache module mod_setenvif - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_setenvif

- -

This module provides the ability to set environment - variables based upon attributes of the request.

- -

Status: Base
- Source File: - mod_setenvif.c
- Module Identifier: - setenvif_module
- Compatibility: Available in - Apache 1.3 and later.

- -

Summary

- -

The mod_setenvif module allows you to set - environment variables according to whether different aspects of - the request match regular - expressions you specify. These environment variables can be - used by other parts of the server to make decisions about - actions to be taken.

- -

The directives are considered in the order they appear in - the configuration files. So more complex sequences can be used, - such as this example, which sets netscape if the - browser is mozilla but not MSIE.

- -
-
-  BrowserMatch ^Mozilla netscape
-  BrowserMatch MSIE !netscape
- 
-
-
- -

For additional information, we provide a document on Environment Variables in Apache.

- -

Directives

- - -
- - -

BrowserMatch - directive

- -

Syntax: BrowserMatch regex - env-variable[=value] - [env-variable[=value]] ...
- Default: none
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_setenvif
- Compatibility: Apache 1.2 and - above (in Apache 1.2 this directive was found in the - now-obsolete mod_browser module); use in .htaccess files only - supported with 1.3.13 and later

- -

The BrowserMatch directive defines environment variables - based on the User-Agent HTTP request header field. - The first argument should be a POSIX.2 extended regular - expression (similar to an egrep-style regex). The - rest of the arguments give the names of variables to set, and - optionally values to which they should be set. These take the - form of

- -
    -
  1. varname, or
    2. - -
  2. !varname, or
    3. - -
  3. varname=value
    4. -
- -

In the first form, the value will be set to "1". The second - will remove the given variable if already defined, and the - third will set the variable to the value given by - value. If a User-Agent - string matches more than one entry, they will be merged. - Entries are processed in the order in which they appear, and - later entries can override earlier ones.

- -

For example:

-
-    BrowserMatch ^Mozilla forms jpeg=yes browser=netscape
-    BrowserMatch "^Mozilla/[2-3]" tables agif frames javascript
-    BrowserMatch MSIE !javascript
- 
-
- -

Note that the regular expression string is - case-sensitive. For case-INsensitive matching, - see the BrowserMatchNoCase - directive.

- -

The BrowserMatch and - BrowserMatchNoCase directives are special cases of - the SetEnvIf and SetEnvIfNoCase - directives. The following two lines have the same effect:

-
-   BrowserMatchNoCase Robot is_a_robot
-   SetEnvIfNoCase User-Agent Robot is_a_robot
- 
-
-
- - -

BrowserMatchNoCase directive

- -

Syntax: BrowserMatchNoCase - regex env-variable[=value] - [env-variable[=value]] ...
- Default: none
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_setenvif
- Compatibility: Apache 1.2 and - above (in Apache 1.2 this directive was found in the - now-obsolete mod_browser module)

- -

The BrowserMatchNoCase directive is - semantically identical to the BrowserMatch directive. - However, it provides for case-insensitive matching. For - example:

-
-    BrowserMatchNoCase mac platform=macintosh
-    BrowserMatchNoCase win platform=windows
- 
-
- -

The BrowserMatch and - BrowserMatchNoCase directives are special cases of - the SetEnvIf and SetEnvIfNoCase - directives. The following two lines have the same effect:

-
-   BrowserMatchNoCase Robot is_a_robot
-   SetEnvIfNoCase User-Agent Robot is_a_robot
- 
-
-
- - -

SetEnvIf - directive

- -

Syntax: SetEnvIf attribute - regex env-variable[=value] - [env-variable[=value]] ...
- Default: none
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_setenvif
- Compatibility: Apache 1.3 and - above; the Request_Protocol keyword and environment-variable - matching are only available with 1.3.7 and later; use in - .htaccess files only supported with 1.3.13 and later

- -

The SetEnvIf directive defines environment - variables based on attributes of the request. These attributes - can be the values of various HTTP request header fields (see RFC2616 - for more information about these), or of other aspects of the - request, including the following:

- -
    -
  • Remote_Host - the hostname (if available) of - the client making the request
    • - -
  • Remote_Addr - the IP address of the client - making the request
    • - -
  • Remote_User - the authenticated username (if - available)
    • - -
  • Request_Method - the name of the method - being used (GET, POST, et - cetera)
    • - -
  • Request_Protocol - the name and version of - the protocol with which the request was made (e.g., - "HTTP/0.9", "HTTP/1.1", etc.)
    • - -
  • Request_URI - the portion of the URL - following the scheme and host portion
    • -
- -

Some of the more commonly used request header field names - include Host, User-Agent, and - Referer.

- -

If the attribute name doesn't match any of the - special keywords, nor any of the request's header field names, - it is tested as the name of an environment variable in the list - of those associated with the request. This allows - SetEnvIf directives to test against the result of - prior matches.

- -
- Only those environment variables defined by earlier - SetEnvIf[NoCase] directives are available for - testing in this manner. 'Earlier' means that they were - defined at a broader scope (such as server-wide) or - previously in the current directive's scope. -
- -

Example:

-
-   SetEnvIf Request_URI "\.gif$" object_is_image=gif
-   SetEnvIf Request_URI "\.jpg$" object_is_image=jpg
-   SetEnvIf Request_URI "\.xbm$" object_is_image=xbm
-        :
-   SetEnvIf Referer www\.mydomain\.com intra_site_referral
-        :
-   SetEnvIf object_is_image xbm XBIT_PROCESSING=1
- 
-
- -

The first three will set the environment variable - object_is_image if the request was for an image - file, and the fourth sets intra_site_referral if - the referring page was somewhere on the - www.mydomain.com Web site.

-
- - -

SetEnvIfNoCase - directive

- -

Syntax: SetEnvIfNoCase - attribute regex env-variable[=value] - [env-variable[=value]] ...
- Default: none
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: Base
- Module: mod_setenvif
- Compatibility: Apache 1.3 and - above; the Request_Protocol keyword and environment-variable - matching are only available with 1.3.7 and later; use in - .htaccess files only supported with 1.3.13 and later

- -

The SetEnvIfNoCase is semantically identical to - the SetEnvIf directive, - and differs only in that the regular expression matching is - performed in a case-insensitive manner. For example:

-
-   SetEnvIfNoCase Host Apache\.Org site=apache
- 
-
- -

This will cause the site environment variable - to be set to "apache" if the HTTP request header - field Host: was included and contained - Apache.Org, apache.org, or any other - combination.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html b/usr.sbin/httpd/htdocs/manual/mod/mod_so.html deleted file mode 100644 index 21b2835e39a..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_so.html +++ /dev/null @@ -1,205 +0,0 @@ - - - - - - - - Apache module mod_so - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_so

- -

This module provides for loading of executable code and - modules into the server at start-up or restart time.

- -

Status: Base (Windows); - Experimental (Unix)
- Source File: mod_so.c
- Module Identifier: - so_module
- Compatibility: Available in - Apache 1.3 and later.

- -

Summary

- -

This is an experimental module. On selected operating - systems it can be used to load modules into Apache at runtime - via the Dynamic Shared Object (DSO) - mechanism, rather than requiring a recompilation.

- -

On Unix, the loaded code typically comes from shared object - files (usually with .so extension), whilst on - Windows this module loads DLL files. This module - is only available in Apache 1.3 and up.

- -

In previous releases, the functionality of this module was - provided for Unix by mod_dld, and for Windows by mod_dll. On - Windows, mod_dll was used in beta release 1.3b1 through 1.3b5. - mod_so combines these two modules into a single module for all - operating systems.

- -

Directives

- - - -

Creating DLL Modules for - Windows

- -

The Apache module API is unchanged between the Unix and - Windows versions. Many modules will run on Windows with no or - little change from Unix, although others rely on aspects of the - Unix architecture which are not present in Windows, and will - not work.

- -

When a module does work, it can be added to the server in - one of two ways. As with Unix, it can be compiled into the - server. Because Apache for Windows does not have the - Configure program of Apache for Unix, the module's - source file must be added to the ApacheCore project file, and - its symbols must be added to the - os\win32\modules.c file.

- -

The second way is to compile the module as a DLL, a shared - library that can be loaded into the server at runtime, using - the LoadModule - directive. These module DLLs can be distributed and run on any - Apache for Windows installation, without recompilation of the - server.

- -

To create a module DLL, a small change is necessary to the - module's source file: The module record must be exported from - the DLL (which will be created later; see below). To do this, - add the MODULE_VAR_EXPORT (defined in the Apache - header files) to your module's module record definition. For - example, if your module has:

-
-    module foo_module;
-
- -

Replace the above with:

-
-    module MODULE_VAR_EXPORT foo_module;
-
- -

Note that this will only be activated on Windows, so the - module can continue to be used, unchanged, with Unix if needed. - Also, if you are familiar with .DEF files, you can - export the module record with that method instead.

- -

Now, create a DLL containing your module. You will need to - link this against the ApacheCore.lib export library that is - created when the ApacheCore.dll shared library is compiled. You - may also have to change the compiler settings to ensure that - the Apache header files are correctly located.

- -

This should create a DLL version of your module. Now simply - place it in the modules directory of your server - root, and use the LoadModule directive to load - it.

-
- -

LoadFile - directive

- - Syntax: LoadFile - filename [filename] ...
- Context: server config
- Status: Base
- Module: mod_so - -

The LoadFile directive links in the named object files or - libraries when the server is started or restarted; this is used - to load additional code which may be required for some module - to work. Filename is either an absolute path or - relative to ServerRoot.

- -

For example:

- LoadFile libexec/libxmlparse.so - -
- -

LoadModule - directive

- - Syntax: LoadModule module - filename
- Context: server config
- Status: Base
- Module: mod_so - -

The LoadModule directive links in the object file or library - filename and adds the module structure named - module to the list of active modules. Module - is the name of the external variable of type - module in the file, and is listed as the Module Identifier - in the module documentation. Example (Unix, and for Windows as - of Apache 1.3.15):

- -
- LoadModule status_module modules/mod_status.so -
- -

Example (Windows prior to Apache 1.3.15, and some 3rd party - modules):

- -
- LoadModule foo_module modules/ApacheModuleFoo.dll
- -
- -

Note that all modules bundled with the Apache Win32 - binary distribution were renamed as of Apache version - 1.3.15.

- -

Win32 Apache modules are often distributed with the old - style names, or even a name such as libfoo.dll. Whatever the - name of the module, the LoadModule directive requires the exact - filename, no assumption is made about the filename - extension.

- -

See also: AddModule and ClearModuleList

- -
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html b/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html deleted file mode 100644 index 976f046b806..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_speling.html +++ /dev/null @@ -1,137 +0,0 @@ - - - - - - - - Apache module mod_speling - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_speling

- -

This module attempts to correct misspellings of URLs that - users might have entered, by ignoring capitalization and by - allowing up to one misspelling.

- -

Status: Extension
- Source File: - mod_speling.c
- Module Identifier: - speling_module
- Compatibility: Available in - Apache 1.3 and later. Available as an External module in Apache - 1.1 and later.

- -

Summary

- -

Requests to documents sometimes cannot be served by the core - apache server because the request was misspelled or - miscapitalized. This module addresses this problem by trying to - find a matching document, even after all other modules gave up. - It does its work by comparing each document name in the - requested directory against the requested document name - without regard to case, and allowing - up to one misspelling (character insertion / - omission / transposition or wrong character). A list is built - with all document names which were matched using this - strategy.

- -

If, after scanning the directory,

- -
    -
  • no matching document was found, Apache will proceed as - usual and return a "document not found" error.
    • - -
  • only one document is found that "almost" matches the - request, then it is returned in the form of a redirection - response.
    • - -
  • more than one document with a close match was found, then - the list of the matches is returned to the client, and the - client can select the correct candidate.
    • -
- -

Directives

- - -
- - -

CheckSpelling directive

- - Syntax: CheckSpelling - on|off
- Default: CheckSpelling - Off
- Context: server config, virtual - host, directory, .htaccess
- Override: Options
- Status: Base
- Module: mod_speling
- Compatibility: CheckSpelling - was available as a separately available module for Apache 1.1, - but was limited to miscapitalizations. As of Apache 1.3, it is - part of the Apache distribution. Prior to Apache 1.3.2, the - CheckSpelling directive was only available in the - "server" and "virtual host" contexts. - -

This directive enables or disables the spelling module. When - enabled, keep in mind that

- -
    -
  • the directory scan which is necessary for the spelling - correction will have an impact on the server's performance - when many spelling corrections have to be performed at the - same time.
    • - -
  • the document trees should not contain sensitive files - which could be matched inadvertently by a spelling - "correction".
    • - -
  • the module is unable to correct misspelled user names (as - in http://my.host/~apahce/), just file names or - directory names.
    • - -
  • spelling corrections apply strictly to existing files, so - a request for the <Location /status> may - get incorrectly treated as the negotiated file - "/stats.html".
    • -
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html deleted file mode 100644 index fb39a4440b0..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/index.html +++ /dev/null @@ -1,223 +0,0 @@ - - -mod_ssl: Title Page - - - - - - - -
- - - - -
-
- - - - - - - - - - -
- - - - - - - -
- User Manual -
- mod_ssl version 2.8    -
-
-
- mod_ssl - The Apache Interface to OpenSSL -
- - - - - - - -
- Ralf S. Engelschall
- rse@engelschall.com
- www.engelschall.com
- 		-      - -next page
Overview - 		- -
-
-
-
- - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.gfont000.gif deleted file mode 100644 index 3131a672bf97d21de0eca2606d4261733514f784..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 170 zcmZ?wbhEHb)L>9zXkcLY|NlP&1B2pE7Dgb&paUX6G7LTyj_Vu} WniiQm${kM}ZD09gYh)k;gEaud?MT=F diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html deleted file mode 100644 index 391c0668c60..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_compat.html +++ /dev/null @@ -1,551 +0,0 @@ - - -mod_ssl: Compatibility - - - - - - - - - - -
- - - - -
-
- - - - - - - - - - - - - -
- - - - - -
- mod_ssl - - Chapter 4 -
-
- - - - - -
-previous page
Reference - 		-next page
HowTo -
-
-
- Compatibility -
-
- - - - - - - -
- -All PCs are compatible. But some of -them are more compatible than others. - -
- -Unknown - -
-
-

- - - - - - -
-H -ere we talk about backward compatibility to other SSL solutions. As you -perhaps know, mod_ssl is not the only existing SSL solution for Apache. -Actually there are four additional major products available on the market: Ben -Laurie's freely available Apache-SSL -(from where mod_ssl were originally derived in 1998), RedHat's commercial Secure Web -Server (which is based on mod_ssl), Covalent's commercial Raven SSL Module (also based on mod_ssl) -and finally C2Net's commercial product Stronghold (based on a -different evolution branch named Sioux up to Stronghold 2.x and based on -mod_ssl since Stronghold 3.x). - -   - -
- - - - - - - -
- -Table Of Contents - -
- -        Configuration Directives
-        Environment Variables
-        Custom Log Functions
- -
-
-
-

-The idea in mod_ssl is mainly the following: because mod_ssl provides mostly a -superset of the functionality of all other solutions we can easily provide -backward compatibility for most of the cases. Actually there are three -compatibility areas we currently address: configuration directives, -environment variables and custom log functions. -

Configuration Directives

-For backward compatibility to the configuration directives of other SSL -solutions we do an on-the-fly mapping: directives which have a direct -counterpart in mod_ssl are mapped silently while other directives lead to a -warning message in the logfiles. The currently implemented directive mapping -is listed in Table 1. Currently full backward -compatibilty is provided only for Apache-SSL 1.x and mod_ssl 2.0.x. -Compatibility to Sioux 1.x and Stronghold 2.x is only partial because of -special functionality in these interfaces which mod_ssl (still) doesn't -provide. -

-

- - - -
Table 1: Configuration Directive Mapping
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Old Directivemod_ssl DirectiveComment
Apache-SSL 1.x & mod_ssl 2.0.x compatibility:
SSLEnableSSLEngine oncompactified
SSLDisableSSLEngine offcompactified
SSLLogFile fileSSLLog filecompactified
SSLRequiredCiphers specSSLCipherSuite specrenamed
SSLRequireCipher c1 ...SSLRequire %{SSL_CIPHER} in {"c1", ...}generalized
SSLBanCipher c1 ...SSLRequire not (%{SSL_CIPHER} in {"c1", ...})generalized
SSLFakeBasicAuthSSLOptions +FakeBasicAuthmerged
SSLCacheServerPath dir-functionality removed
SSLCacheServerPort integer-functionality removed
Apache-SSL 1.x compatibility:
SSLExportClientCertificatesSSLOptions +ExportCertDatamerged
SSLCacheServerRunDir dir-functionality not supported
Sioux 1.x compatibility:
SSL_CertFile fileSSLCertificateFile filerenamed
SSL_KeyFile fileSSLCertificateKeyFile filerenamed
SSL_CipherSuite argSSLCipherSuite argrenamed
SSL_X509VerifyDir argSSLCACertificatePath argrenamed
SSL_Log fileSSLLogFile filerenamed
SSL_Connect flagSSLEngine flagrenamed
SSL_ClientAuth argSSLVerifyClient argrenamed
SSL_X509VerifyDepth argSSLVerifyDepth argrenamed
SSL_FetchKeyPhraseFrom arg-not directly mappable; use SSLPassPhraseDialog
SSL_SessionDir dir-not directly mappable; use SSLSessionCache
SSL_Require expr-not directly mappable; use SSLRequire
SSL_CertFileType arg-functionality not supported
SSL_KeyFileType arg-functionality not supported
SSL_X509VerifyPolicy arg-functionality not supported
SSL_LogX509Attributes arg-functionality not supported
Stronghold 2.x compatibility:
StrongholdAccelerator dir-functionality not supported
StrongholdKey dir-functionality not supported
StrongholdLicenseFile dir-functionality not supported
SSLFlag flagSSLEngine flagrenamed
SSLSessionLockFile fileSSLMutex filerenamed
SSLCipherList specSSLCipherSuite specrenamed
RequireSSLSSLRequireSSLrenamed
SSLErrorFile file-functionality not supported
SSLRoot dir-functionality not supported
SSL_CertificateLogDir dir-functionality not supported
AuthCertDir dir-functionality not supported
SSL_Group name-functionality not supported
SSLProxyMachineCertPath dir-functionality not supported
SSLProxyMachineCertFile file-functionality not supported
SSLProxyCACertificatePath dir-functionality not supported
SSLProxyCACertificateFile file-functionality not supported
SSLProxyVerifyDepth number-functionality not supported
SSLProxyCipherList spec-functionality not supported
-
-
-
-

-
-

Environment Variables

-When you use ``SSLOptions +CompatEnvVars'' additional environment -variables are generated. They all correspond to existing official mod_ssl -variables. The currently implemented variable derivation is listed in Table 2. -

-

- - - -
Table 2: Environment Variable Derivation
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Old Variablemod_ssl VariableComment
SSL_PROTOCOL_VERSIONSSL_PROTOCOLrenamed
SSLEAY_VERSIONSSL_VERSION_LIBRARYrenamed
HTTPS_SECRETKEYSIZESSL_CIPHER_USEKEYSIZErenamed
HTTPS_KEYSIZESSL_CIPHER_ALGKEYSIZErenamed
HTTPS_CIPHERSSL_CIPHERrenamed
HTTPS_EXPORTSSL_CIPHER_EXPORTrenamed
SSL_SERVER_KEY_SIZESSL_CIPHER_ALGKEYSIZErenamed
SSL_SERVER_CERTIFICATESSL_SERVER_CERTrenamed
SSL_SERVER_CERT_STARTSSL_SERVER_V_STARTrenamed
SSL_SERVER_CERT_ENDSSL_SERVER_V_ENDrenamed
SSL_SERVER_CERT_SERIALSSL_SERVER_M_SERIALrenamed
SSL_SERVER_SIGNATURE_ALGORITHMSSL_SERVER_A_SIGrenamed
SSL_SERVER_DNSSL_SERVER_S_DNrenamed
SSL_SERVER_CNSSL_SERVER_S_DN_CNrenamed
SSL_SERVER_EMAILSSL_SERVER_S_DN_Emailrenamed
SSL_SERVER_OSSL_SERVER_S_DN_Orenamed
SSL_SERVER_OUSSL_SERVER_S_DN_OUrenamed
SSL_SERVER_CSSL_SERVER_S_DN_Crenamed
SSL_SERVER_SPSSL_SERVER_S_DN_SPrenamed
SSL_SERVER_LSSL_SERVER_S_DN_Lrenamed
SSL_SERVER_IDNSSL_SERVER_I_DNrenamed
SSL_SERVER_ICNSSL_SERVER_I_DN_CNrenamed
SSL_SERVER_IEMAILSSL_SERVER_I_DN_Emailrenamed
SSL_SERVER_IOSSL_SERVER_I_DN_Orenamed
SSL_SERVER_IOUSSL_SERVER_I_DN_OUrenamed
SSL_SERVER_ICSSL_SERVER_I_DN_Crenamed
SSL_SERVER_ISPSSL_SERVER_I_DN_SPrenamed
SSL_SERVER_ILSSL_SERVER_I_DN_Lrenamed
SSL_CLIENT_CERTIFICATESSL_CLIENT_CERTrenamed
SSL_CLIENT_CERT_STARTSSL_CLIENT_V_STARTrenamed
SSL_CLIENT_CERT_ENDSSL_CLIENT_V_ENDrenamed
SSL_CLIENT_CERT_SERIALSSL_CLIENT_M_SERIALrenamed
SSL_CLIENT_SIGNATURE_ALGORITHMSSL_CLIENT_A_SIGrenamed
SSL_CLIENT_DNSSL_CLIENT_S_DNrenamed
SSL_CLIENT_CNSSL_CLIENT_S_DN_CNrenamed
SSL_CLIENT_EMAILSSL_CLIENT_S_DN_Emailrenamed
SSL_CLIENT_OSSL_CLIENT_S_DN_Orenamed
SSL_CLIENT_OUSSL_CLIENT_S_DN_OUrenamed
SSL_CLIENT_CSSL_CLIENT_S_DN_Crenamed
SSL_CLIENT_SPSSL_CLIENT_S_DN_SPrenamed
SSL_CLIENT_LSSL_CLIENT_S_DN_Lrenamed
SSL_CLIENT_IDNSSL_CLIENT_I_DNrenamed
SSL_CLIENT_ICNSSL_CLIENT_I_DN_CNrenamed
SSL_CLIENT_IEMAILSSL_CLIENT_I_DN_Emailrenamed
SSL_CLIENT_IOSSL_CLIENT_I_DN_Orenamed
SSL_CLIENT_IOUSSL_CLIENT_I_DN_OUrenamed
SSL_CLIENT_ICSSL_CLIENT_I_DN_Crenamed
SSL_CLIENT_ISPSSL_CLIENT_I_DN_SPrenamed
SSL_CLIENT_ILSSL_CLIENT_I_DN_Lrenamed
SSL_EXPORTSSL_CIPHER_EXPORTrenamed
SSL_KEYSIZESSL_CIPHER_ALGKEYSIZErenamed
SSL_SECKEYSIZESSL_CIPHER_USEKEYSIZErenamed
SSL_SSLEAY_VERSIONSSL_VERSION_LIBRARYrenamed
SSL_STRONG_CRYPTO-Not supported by mod_ssl
SSL_SERVER_KEY_EXP-Not supported by mod_ssl
SSL_SERVER_KEY_ALGORITHM-Not supported by mod_ssl
SSL_SERVER_KEY_SIZE-Not supported by mod_ssl
SSL_SERVER_SESSIONDIR-Not supported by mod_ssl
SSL_SERVER_CERTIFICATELOGDIR-Not supported by mod_ssl
SSL_SERVER_CERTFILE-Not supported by mod_ssl
SSL_SERVER_KEYFILE-Not supported by mod_ssl
SSL_SERVER_KEYFILETYPE-Not supported by mod_ssl
SSL_CLIENT_KEY_EXP-Not supported by mod_ssl
SSL_CLIENT_KEY_ALGORITHM-Not supported by mod_ssl
SSL_CLIENT_KEY_SIZE-Not supported by mod_ssl
-
-
-
-

-
-

Custom Log Functions

-When mod_ssl is built into Apache or at least loaded (under DSO situation) -additional functions exist for the Custom Log Format of mod_log_config as documented in the Reference -Chapter. Beside the ``%{varname}x'' -eXtension format function which can be used to expand any variables provided -by any module, an additional Cryptography -``%{name}c'' cryptography format function -exists for backward compatibility. The currently implemented function calls -are listed in Table 3. -

-

- - - -
Table 3: Custom Log Cryptography Function
- - -
- - - - - - - - - - - -
Function CallDescription
%...{version}c SSL protocol version
%...{cipher}c SSL cipher
%...{subjectdn}c Client Certificate Subject Distinguished Name
%...{issuerdn}c Client Certificate Issuer Distinguished Name
%...{errcode}c Certificate Verification Error (numerical)
%...{errstr}c Certificate Verification Error (string)
-
-
-
-

-
- - - - - - - - - - -
- - - - - -
-previous page
Reference - 		-next page
HowTo -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - 		- Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
-

-
- - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_logo.jpg b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_logo.jpg deleted file mode 100644 index 3fcfeb4b2374c4df42d53c21baa088e0e3f32af9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20724 zcmd42by!?aupoK{cXubayE_DT2^QRfy9aj&7Ti4$+zIXy+?^2I37X*WCi%&|ckjNp zyWjrvdghy{uCA`GuBy}Br@H%P>16{zlarE_0ze=D0D(Wi%PJrNz`?-4!a&2p!otGC z!yzDHAtNCoBH?3TqGAyfkdhD+5D}44GSiT~Vx%AbN{zrm_ zfP{j9{auI+`rVKJl0Yvj01~7n0D%UH2JYhb?*CHyJELNXm7GM9lY@<&gAbec--@B3 zL>Yq$XA%k$3j6wK+bxm_T2THg5lQ0fK%)StL$Sk6Rn^VS13^KiR5^I(!-7<}?tdvk zNv01t3fOG?O9>%*x&eS}>m*VU&HH*I7RMOe zU7JzmL(R>hMX}R>OwIye@n615sfw-`unqw5_Eoe5*)VfX+K!ny_8cF(iiW3#rlz;I zE-Q%LBI_}L>-?Vvh`T3w0ZNp0P$j{p7`+`;BJ1L~XI?V5+98B-rfisow+>K~;>hA~PO9TeLdAay=@xWScOu-aB#)Dnx77 z|09x$qsitf;$W4{kOZ%n<7u&2S;ocmgs?>R)O1Y1M|wIzAx=yunn_WylYFI+PB?2&D?HRLZi`IsF6;f$=b!1x-i}IO0 zoqCCW>~p1>*ID*6li&^Jxw4D?BjP30_TZN5wiw^VoMQ9-z9?64VsH^*OEn>UKGF5{ zk3q3+5VxzE!n~5ZE)dT@T%C2&03vfsOhw!GZwjP!h6RRYqy#ALTu)Vk8dIc7E z4!M0A`D6~o042a-N0r{CP!iUOBNmV)COeO(M38Z&orx%P;y1Ppe}zmN#RGvCAeCFOxE$pB4G&`LjGhdcv#8x($_mbaY7A1aD3ubaP>mcxmcoI3%te!Y z1fIfyLs7I3HoSP<3TDC0L#Vf@F;M z(>9GAi5+VmIcqh#FgF_jP=5RCKYorJzxrXIZkby}pO!Io)J#wY2d=D)S;Hzsh7kSG zD3G3kT$aL_8pY2Q0RH$>2F=&Pw*X;aNdSn_G%XKv2b85l9W&Knj1dYg8O#|)$Baka zgAY@#O)XZJ{@RI1I;BU9OfuM(yHNZek&(|kHDoiUksONXd>Y=RAekr(vBzq=_TH(6 zDd17{a!v}dMi$WGAnu5fSYQr%MHr>+_94}2AVSl83O3~~RQi`sL(%mJS)}u3eLPhS zq6K+|QATZh+Mbtchz>KZ+*rb}*`y$Abb;+u^riM7OHK|JB++%N2~M1hv-YlNzmg|f5VM&7^TO8+e2cCgMdf{6&YOrD4+7LJTm1Z6@{K)`LxeiOX3RWpfc1{%zF)C^a@RS7y zvII|a5HEo7;8@3NEg_d>@6aP$k=5L@NwdKZRj%p+A`f)31x3tQlu2$6fV`sF*R>)-G zdh2*l+l>nvGs|`M8^Tmqr_gYZf&hxfa{(w*7!F&menNenh8K3dth{+nCxq8Q$T= z7o8G#6b&E0dtnK87aE$3XeypG8KL{k2NXB1@5i{4q98czWi2n zDFz8$p0?jDkWO$9bY%it>W^4H!JUyWfQs{nUfX*i-vUMo z4qJr~G;W$If4{&{!R>MQd1sW4G=E;{IUV!B9Q(vPLX3S}lCgXH~$#^;j*-x9li7apSE0Ha=j{3weZt* zgf8UchY{^E2e|~|y_8wTdA_$rpEZ(K-(Tc!Aie;W1)s=6Jlq3KT_iaD5ABd^Wo$rw zh`3E)gej+RTT{@|4p)7l$Cu>G$SQSDt`UXxx`ZY;EV3C1m@LAs)JMKQ4}}{lS-l^* z?SA}Q#kO~X-s5*Z)QZKN-T`&pg}O~Aor+~J?4F~9ez?blrgYkA3}FrUD{pJ(R-A}j zaQw}yf zSl$xAF6sKW<3M{R@mSTqueoGw$Lxs*`|!?v?1{T+$>I-l_sNQ;vUew-!Um0R!c#Nm zHkQ#+NjYlbY=Gz~xhd|7HiOqOH$jTW^c;>)n3Ld<*8cKrw($-FmQ==1ElIRV$de6= z%jH$urw%7ri+StD!@fuyh#K~j1B*}fP0J77TPWjYKS63tKPruc6swl?8``YgN0PjZ zGB5f$?B05S$Dr^(56tsxlgnheQ-gNFk&f+I*{u>LnlZg^xCG?9M6zaP;}_5fU$c@O9!b zNjf5ec3DM!EE0S<&Aj!GPbWD}vxZiZMe`1%GJTmGlCw{KrMrbn$4+dv%kee4Z))eI zF;?J48QkGYOp3A=?r@NVOkqsK^WS(K9RI6U)gnSWLE!c5z#ykEq>%-^2r@xu)3^Bh z_X3xA-^HnvDyp=3vtWnPjEz_F4U}!u2^HN+^>L(1BlJR567Uh~N#7J7^<=sBXu4C_ zLzm(09y=25G{gET(8=O-OG!7W$#||}iVXl(rx0b-;%1V$hg@5imo79VE?Zjy7RW1w z6gXeL@H6F?WoFQJ);=4a?+R~@-}&CX02g$rAM4%a=bC(ixIpj3siG>6oGIGI#<%Ee z*yo)63T~m~JSvbvd$n1_OXVI6Mzy{QUSZKjOKxPZlvDhW*AgOmy9+ZFq0*KaE*Jvz zsN=`hzgnxb+@s2mZ#EIw)+TDtkzz5iC|Ik5qd+m^GJaCk2jWd-DAbleYd>CGzH7M%!(&xxhi0?S4)J68zkdpSyS&4UKXC zy29D$w`%KlW>AwKE{Hf+s0?3p2VO}z?2B4_VS~HpQATA}UQA@AB|fWm#lppA|NRO+ zLEx8|>W|fqXp^ushB;5njczXF8bw`>uw$5H@D{#qy30(CJ*;Pow#*#Vyl>0>iVlQU zSo@WB1q!f7=575qx8D)tBGH&&Ulz2D3`Z|T?GFXS36Ni>BcvEqrjztwibJNv4V=tm zHItul1g2?{3@YyGR`lyj^vmnExzMnq2(o=}1adza=qmr?8!v!$WuJOxXY~UBHObHU z3J-4zig_o;;auYd;E2Ce)S1;V`ux~EQuoLc?g=~l2b7esE|X_a-@fh->;FfI+-U)e?T%B zFEkS$z@df;g8fE{V&?8$qA^-knyRnP+*+*frqFtn?l#YUTxP!bzd#4Zk6<`i$;O$= zOj3Ab{Jg_ebfM0qN{Ra4s{eYMs7F|**oxCc$%^+Abx1k1(&0{eOTzBK<`9N63_qI~ zT<=-S-q?*jhgj8ji@XK+^v9s&u;~w_7*dJt(xhc*ZVD@Y&(n~xMLPSSG4jk6$`Ul6 zO4tp&9mzvo3;-7Xf=Rs#QRYI8^V@S~diIn=$qwE$rexxXCKX+S4isIcayRXku@xEi zb|Dfbr?H{rC`s3P20f`JrFx2e+d+ysyO@JiUX4R7ZO{zUxs*T;U-antVd8&WvF%p4Y z(SR-==aB`x630USAA>`Ae^%O%Adm>i%>Vy`0^(l^8SrWz5(EhY4-a0@L;YUPg8&Ff zbSMmRG&W8#)j~|NSM0`4K_53MIMke70&DB0u|&m9@_Wu%6QEUs3ofuFOcP(L_x`=Y zhY?xF0mllY{tr-IEE^YvcbX z+45gD!Heg5Q$k0Ll0k^qi~c?=}Dh^WE_t@Q&yoLmo5v5k8Wd?MVxIj-m~Uc z{{N4kGTLk+&i8$ap!*jDV|i`BTMN)^iSIzzvXQ?-_mX)WzVg@jB9U_8qjRka1Oenco=-k)95gC z50$LM?bfIg>Md+F!Cf|Qakg!o5U`!fEstxur~b=N^(K?2&Y>^T;#cME1)>;xm#J|1 z@bc1k?Rn?Th@TqtikRDnM0wTyzdG8a)D{vMesS=4UplgN)|Tz|p&xzL$e@v);S)2A z9Cuuq^P@X&<%72>#xk%roCc4S65P63P0T}MB`1%Ck!ckp#{_z(0dKTU>cGQm>#vkH zV|>9RWnUqjdCR(o%zk7`W~VWT&-DV0;R71Wlg&X@Ux(OMiRk(-RfVpv-@Y-d8+|G} zUeP@bVfa_#UAF{GsW@J#&gdjl`Pgn;W}Yt#SYIh4Z}h753s-}K+!AnA3n$R43#ssC zwrikwDc<`UD+I|H=}>dqwvkLOc3fA3Ltl zixQ;~$6Dk@mbW__yLRrx#)2!4tBM4$TVfTKHd03HeB*XBkO}VBX4fVTd?P!I$SZDH zU#N`Udut(L>w{hZd*udQ*u+Q1>v$VcWc+|(XA4-=ATztM!LX{HP9V7~Y<}V_IoK30*E|%b#`clj0L&ta038^|a_rA9pVP_9Ur4?m$uG!By}{ zlY4OCk`z-oG@FgG2?umH#c`M7N^-%oe=o9S9v+a*nI2YIR$zeKnlVS# zi00s8sOa;jWpYAC$to;IPWpV9akRuMNbwfMjfykIinVN6VV49Eq`qYn()KqN;HQmhO_Ca+A#K z-)lZPEC0BSPI%9)XsWgGXaWP{y=9!BK!tLO{RyzzbCU8jIAZ9}^2ncXqf|Mu?Q zCSelWy*X~bi%L9JSuuZ2#?T{SF<66u!;JfbNS5H6udxVj`j(Y+4@K2??cN>2B`=q*^ zV?R0Td~ZNcnGm`7vY7-qjz7N;1yq|2s7W=RE^WRs08lmJ+mj}Z4+lWB&?OvUrU_Ek zE({4L(Kea2y=BD{pvR)noloykmB{~7IX&3j#pYrWq={Ip`I9I)Bhv3rH5j0y#=3IC z3H~RVq`1Im?5JL)cq+X`3bRvmv6&asOOVJo@4hZ1ied7cKtQ&n%<3i^@)~l^{hb2|28p+Klk+RI;xuC7WU?68HQga%eA;omiqCk@avpD+X`xe-fKQKU$DR}~ai za-h###Y?4}{vn`C%b@b;_vD)^G@4o(YEw?N9FDY}7&TD$WvyP$JELlO>DA*9#)m9f8a_U# zkAjVT+8P-!?Wa}+y<=xTBx`4Ip7ov%<9&0UR<`{z?vp8M<{p%xiHOjBs!Lnv^OV%iMJa&gDjrgHU##SV$j_0l`=Z$TmPcY*y;)!+TCL`NU4 zPAdG1@tZI$=_xNUV@jHJEq?SBiSUN^X(Dd!I54OD6SC9~imQ7KEn5v8-=k)E{1_Cz z-Bz-AY*lHos&jQZm4v-(fkhfZPrW<%ciLMQ#b2=3Y&0WH{*IKAYjzfFY>DE&@W}df4g=$;gazfqGKnybdZ zJ^ym6JSt~~RuiB!cNr)R&^&BcY!klInUhh%41erBtLX|Y>+q}-bg#$}vk0%A8lc8WHyyE%W z+!4!k4*lUIwL^q^#-dM_G z$y(XK!Lqc>tsn3SHj9gi|H&aRhUOoj4(+*a^vB(8kHbI4U^FhNS4GiQFa>zq$8YT- zoitOrW58rvbI&HMt9Ojp&kK2ks=&p^O5g)D#EAA)BgQL-VZoKCx6kMQ0a3gjzWZLD$I^|gq`$p zNwd@MD4As-OO4WdJ`9Aj4whENPKrY_xCu`>n9}7`VdZOO;+oZck{4L+=|9(7#=QTnsS2BGVo_@kltoe^Bxwjl7NJE+q}NUeO!PWxn%+r8-|!A_~cu_~oG!rn$rAgGzrO?UD& z?Yp#Zv76WhIje;FROy4UWGoE>lyQDMrup63Q8xPdUkusyY!S3Ykgewsb>5zSf-h+E z+qgEpuP`JuaBstQPb*Jd_Mfhz`(dNK(I?@#f23e@WRje0gMxRWCieMq8~X{}st)0Z zQ>j5|zT?6FrmDkKUnK7Y%cO{mvojTbdFM;z53d|fjnsL!>gV)&zkpQ7uwP3bz3!- z!^B1J_Ob+$UF=H7^5**llILr2geqGOrj_4y+Tbu1Y(k14Z=8B0t}XRfy7zsMGxjRX zux9psLyPzeq{Xb>=gl|N?5ob)^kssGy!t`*_=-#lKXZ#qp^eU&h)B$U3gd(y!Me0VDHBM@w&KH6^oUC0{VmT!QV?l z|3b>QQp7eq?S+_*2^79j)u^T~0H!^SjMpRua-clke)yZR3nok6`F)W#@Ux4#cBBE% z2RyWEASX<_)jh*}$n)=!jOW2+1xeime|yvI;Us)5*o{YdCLa)Aru zBjxXWIlX{{O9;ylH}tP8U{D!SHU zNtnt6>Aag~uh)P)n)1I>G!j?O&UTl!`B2uO8bdRW{aVtDbLC)U+QVL38@$ILJBs*! z#yK_RL*OR#`D`dc`w183R4pZsZP>wm`N#PkgnQ)s+-Y>KPfJ4ir$%{p?&Zamo%H8x z?wbZ@-<)+Rgi}n*%Ice&e-@v+<{wChj4RNEzAs6+pK!N|08c z*4E)Mmllj~Y4f5^@4RX_LU_0;|G2@`qHm$#w=pa_$m18vxvj<@WLwm@q>^!YtldLl9+i#y&z|9*+)vCAR(AILT%E21%jcXTHk9@(rH`7NuE&O09x!jhh0Mjf# za#c_Irxeyxz2xwN51OQ9%X4L(%}?jU0xigUjgIvw%9|#w9A>2tpYZqb95^a*1maKQ zdQ53OMEk3h?2`?sMf_3U(~IXl48WBY=l2gi-teq-fulY2XyDilcql_*G`l5u!?S8sQj}ZD?|LxDH#;j4^u%ENg%Plrijj>*eBGP&tw}-V)$cIS6kBxnIklj&l z>;4nLmweW#yFK%+qE_Zl7FMZT#paoe^fWG$PdfsWu;(`USgZt@L-=8ZZVjb@j@8xp z_Uj2&#WwYmKQMVVzt9zZ602fe%45zkm&9Y;rAyxE3F=EkUnCG?P9&Sy&wY>~s9Du^ zb`YSs*@PSPi5Ekb0aQ2FuAXWA$0Dse$iJL2;df7zU&l^1 zR^;FinVXa2+y!5tYb50`Bhlj2m4vfCVR=qDO^U_I@F1QyY#-AdGR3``w))kO;E{vc z*M9DKkcu#W?{t3brH+WH&vZ^}v{~TjIksYf!;;8}0B!vw$iJ@9`&vuh2LjD;npe>D zxS?E&`u$|6_PG!G{Czzd!uixW!Isg*E|L%P64&{IXj7hE`lCROe-FxR&qh?L(KzTy z{QcC~+}TF74@ot8MnTh?#jhEP!V&Cb7G$$f_pUQ*E>+Asr5Hhw7^Ohgs;S4nUftbUzIFDv?gHP7#;VBpzRw3 z;G0O4X7&MRe^`+RCT=+GncW9`-io@Pn4yiJnho>4w!u(pz9AqJ;W$%42{G}O4;)z6 z_zsFgFXfGk@ZDiKUf1vLP2-xNVx54XdplvKee4zI-DEW^>PI{&vJq~zac+L-`$`4T z@kGgCULpEbEBdq`4s%TnqQpSq`i5?}=0xO%bf-z2v(+n$j4wt;#4!-$5Ui7>Ge|1d zSgx`km1*(LV0Q9brVjMAE&~HxIpIrg0?U>tP6~Rl_sh|o4+1W^Zf|nnAQmDND>{e$ zdQsrf&@o@hv3Y)Ny@*-l!}?`WpX~^bU`dGIEoNZWB?b!>0T=wrj=pDmP0!pW3*kM- zej(_UB6@A0)|P;`FvUW6+Q#Ou@ByWW)!m9dPKqJVU<6B1q&?U|ACF}222Z!@+Z(|b zAc(jmxQCP1(_+4{9cs4mR@QbU4x}1zulRm3?9uw1{kDGK2$T5B`Onp-OPYLAs)>e-BZszmD zp`LM_c{moR1kWhKBOZAA>*rgD@4KVSbaw79!&(t?EJ})f(p?;QQ;;muMvGc$p-JOh zCU41CJVhdHal1v&mE|{Z6StsCzJz{@I&X2TmQwD*vQf#EjD>23N;6JizX#wh6s9F#-cIQA^mC4y z)QyYPY{1ILYTJ7>2_@>q&m9Iza_~8f{{Tmlp#+p+FPMUE4Wo>FQtLJ%C`^%)bdbYj zat8Ahm_!>b%JwQ}`@TNi!o86b(DWmD#tqbIBn+QS4UF3TkzNv3fg$z4rNqi$!oO%b zC1oEr=OetihBtHUXsp;E5KqFI?$9QuJ}FG_c4w}j6R)~}IL9v@3JI^XScTE?JcBD& zwxdVjHvy5+&6~LJepgz=1Gl7nft&QIq1;vU9s2%gq>iBSmAtCl-hYgFyU^omH~)agR1jmaw}6W z0v~*hOsG1k=q5N%F-#N>-u^-T!-LE7LXIGxS4~Wkevjx@8?S8la@M5#WtD>qN4s?e zbd^KoI_kRo;5g4Q`tc0?OLoZVUw|l!qM^|Br6+~OXWW+kN3?zas8;)Sffc_wVtzrM zp8NRqI8>Aedgc})L7r@HG)-{s*W)KhL%JdawdumecFN9*W##nZ>;2ORae_o( z%SIp02zI3n>|%4lp>z=ydS&bz=h8DF8>MWuMJmoxP4~ta(LoL9Jzf&;Jg=906{Vh4kFs&Vu=u6@-au$uI@)D)VZI|E)%8H8Pxce*&-O}R#mKEt-`KhHpA ze})W9(&q_26Er~5O*)W}N=;XyspxMsS%>bUUubFQvDorpf!I2}&JaGJ3r7;Q4E=Om zIqM;b`3<4cuT#{ze&|Z7^#H&S-Vkxojykpd`uTLqo=s_{d2pk z5WAePVfSxCuSjq_P^8Ew$#Hor_L}PKe+UY|W)s=iJCjA!Tsk-Bf@em!>+K;7l!E3w zMyiWJw~=?L@}-v0eyi`ai7J-ba^TT0t^bXe-*xy%{teEjaMBy$%de1p(@pR9Ap-UH za(PA|kZ?WS=8tuywe@_J+*h+2=#kn58-Ask+JtitqH>0j*+@$F98Gd1DyQU31zNC< zI1r8!yGLgn73=0UcjljQbi4q8f1V(`cuBfT*(wz=`&5|u?rw!eKmV8s*zhXEj{3t} ztIZ~8_auWv$8BtVPpi$Ez2gABt8>)OFD1}DkL9jhcsP%*I!s4qm8#nZ?64y=Ho*R{lfF2)pLO zd;+#aWBx`gQ?(7eDRd%Ue|CG(>`lIH3Z>VDU-3YPtrPQ6&GmgYp?9 znkQ225AwQ4TFQ}P^f5kozPsvo9g`wk;ccSptz;`UTFgj@mIRwS-N>O+lw^!_iEfX3 z`tFKMUGpT)>#GsH?2q?kXtd@!a=x$1D=gxf-R<*%K{7q0tlK^AH9J^)&OSJ`l|?J9 z5+3wgLFei0SWx+ZS0?7#7m<3w;tUeu#bXBuDD(z%>7Iaji>b=-Svlii!`>gjOdU*c@RpHmA+76hg9Aik#z&f6GhZt zxTuldLzg}yRkWZnVv5ulVRP5LHEd~37c&wN{FKTtR8`V7HX_0U9!XR_Z&|%D+EP@e z+^K3*9g=U4I(~!Tt;=>0H6%up)8*XIJi|HBsN+Yy%w79-!Km7v2%1lzv>Jk9ywap& zd&rXqrpdJ`{ zd^_ZyXAHE( zEms|sJ~q2Fd@=PDC~f4`aH-_nOoD()8;tK`_ju6MdKP60f;PlykwT2y`#rjR4dCyjbwbA}_wQvQTB0g< z7sA5MOs>d?+3O0Z;ki{e>X4PfZbg+L6l)GJC8-m%=^J%!Y<-?Z_@KY^&EFuQ7)v9X zYysU(S1L9k8ecy-D($PF4UdVYWHU(Me(wYk(Z9eTYDoqVSz`T2dJ?Od=mW zw`F6uwo@A-GBYI}z6!wGP)2I?z7ryd>AobXR%507?Qk{m3$P=HQdmiUO>EwRGcw}o zvdXq-pq&1!zR!1e_ddt}DDU;Lj~%F-15Ly5b!S(q*G7^*B*R-T7-g>nD+~3-b%9&e zfeRto@xicl74@)>_8mEn0vyTKi8GtPPj+dv?`5AR4MbO9zA5^A)M1@!shirc_!;5c zU)oD7Rl*-yr*z)Vz-c+l8&m%w-1GvE4-UlTX0|NG#(t6j3h)DZyzuKG>>NL7>Q z8~)MMB_iYbm7m#XO&*=g>kseVpZ>psh zS(P#)S|^K!p2-uHoO>fwC@raW_GbumN8aee;}VLu9*IbWfcqI^+_y6P%<-<;ep|d% zT!>tH?>*14&l7{>86vsHq8*uYC>M-6IUfhUTHEQM$QAo9SwwmqX36>QFnF>$bebpI z1i)qtDcsemZ}=j?=f|A8PTy%xr5jVwXdNdpWpf9yw_A5NerMHaNzLx-qMN5j=n}aD z8bRJy=ju@Jo+94t!xGRokv1qyI+L*#o10&Oq_2@4oI}qMr%QLgXXz2`mE5nU)JEWK z1#~zMjj>Z25Xas`Tv9cEqqc5rj{IC=q@D+lETP{$QruKj)zPK*fq(63^t zncms8qe4CSA?fNIdWNOwm22DyF#*Zt$!ys&myl$aj2R~&s(}!pDt+Cg{)LjvnZrG< zR5HME^;u!Nc;ef0fmOk;`Iy%26~4R!9-75m2)qt(Bg^hB$Se*B5k^r*nXiG_2Sa}D zi`X}Up)M({6d};2_ifdo^3B{=K|k6nbE~>ecx;-GyOvO@vi%LsXw2p2hl-yafxK#% zb0w_cLzmYgt<)T&KD?EQ{JYO}0nU_i*WswhXc-eUB#KZkK+pUdP3|wQUib`$>s)YP z;m_S9@R4u;KueIN{I6d!Kolwn?teg1CdiPX$x>p#{||To14IcS3dWQD31$5G0n^Bk z0eE0~G7OpjKm)Rr@o;2_5oGaV0GjAOcyKU8mNG~dSW+bmfCGa5L4yytV8BDggE_+i zfEZLf2nr333=IH+;D7{p08Iue2tI08nTFPyz6i06dTY z2bBPVN&qMUa77T10Z#@Y`@3s^7#Wx+SQ7As3vg@h;H)eF0f0+^cu}wbWbt7BaFn)U zlnF8bxFQA|*>65z;l;pl8?q2t$^=mWENXxlSrCX4Oo<@|!~;;^UL*ieVE$;LV9wxH zz+_|z@K6}wir{AcPLvQb2w&k}0RS8rAMg(r%r-#=rw5)gUKR=55FiScneunvf6IoG zAO<9ei6(%B2lrGK+$a>7GlpzHfGmIpK?&|Ygcuow=x;3r0h9@fWDxMbEdmxEoC3g? zzW{JWG6+hjcsR-+^xwk&M*_<%O9?is1pIH{&ldo93JiP{0|Jl&qW-|Y@!;5)C0fepskU5gGiW-R-2mImj`{)(gUdxlu1XAh*(Kn%A zJwkBpY%I@$sAX5Pqos2-0w}fipIsN2c2}71cO1k2itGL63jqROxcKYF1qdDZE3O9) z>xt&q_K>lvOmCiF{2SLpdjaCS;EYv5mGM;-PR}@@G0#mw!j3k5k;KGEuiH9nbScmH z?DP-P*k{wXU(r#z-SlD^NBad)5xxL~$|Abdh=UBYitGqnT78_%(dG4BtH`$#9Fk7n zXDA+lKOP2{*lY*bVh2^CkRABiSaYR7LZr$K84neAO*bz9+N=Mb1k63XMGnVscSHSQ zgjo^J2qM($e^u{Ob3%5S)={VS4dP7VvEX%ItfSxdz*eYo#B$jBm=c*L)^G3({Q2BzNbFR_AgM-K%)hd$y`F*G8_eFqm7 zHndd4CUstZe(c;40}v_~0UKt-CS}2jJQtx0N)pNjhTAj-`kW$neK#Z7sPTuxQxNyh zfz3b9iz#!|y4RVgjEh8I!ZdX``s2bO@P7#!W1u=54ry}oj3-33Gh0SMb`f1~HIk+x zMCeg${0x9Ydvb6k@bVv>`JxH2j%nCxO!y(XZG*Mp>I=+sO*AS$sS)p+{gG1UoG_jbU}#n(W&FZkh|u(j}n_)|2c5uMD*4C*bTE3!#* z%~%~|FH2ARbb-NLU;UBQ?h8PwnB+6vLf5@LTmtF1s`}cG0uw`0eJfWHt3#`S2vv#8 zJn-!}Q<0CZ$4nvlmC{xg3Mmr_Vb}@+#RcAH407Cg)Zz?;#ov^ajRs9wH>m8h=bymw zj!WSb?7I4j%ntqJTB+NmjRtAg0i{l*T4HQL&jCfmedwjQI9?8Nz3O91Zv+sBmr3Lh zQ*jzBGbERPc`LEBD{Bb(d)JP)B&=BaI zD2cT|LP9tvxH=h!|@0ZW01rDj@CnJ4Eh{LEY z3&L#yzT1|+@YKt<3Hn>=RuVR1I(VIX^GKn!fJRZ)1BS8sf?1Q=LZ} zwLt2A_f(xHp7j{g1-pOHj0K9w;{6d4zmeq!KHr*p0HbNDTD{F2pqt}dx{-^=H*SI_ z_Kg67)$0pkLC~RBoUX?+1U}&tj@vLPd<;gB4MR!e*B8J9I%|PEgm^lS0ycw(@Kw;E zlj%bC3lI?IUUJK#_VGN;{->#qzEG9)1KQKWt#FJtRTolnV6o@k3xH(JV*2Lv(dOKU z%#SxM@>Kc>?=0eTEKP+B!!~0WGOi!HZdU0HFVcp8S1U0wOZY8~yIk)0lkq((M1(Kq z^K)Ky5o$g7?Ee9Mlfs0xKh3lkO7;iR?OVSh0umvb87~(X_@f-wuvN6w1-yBEL;O9- zFd5pMi!*n`2R>CDthnJvHaE>c)X#`FPIwsB;nZ8giCa$~geAWA2hv1zT+DU$oma}s z>`kxKQJek7-g4yyPr>f!NkL`g4>!jZ-F8U^FCuS)LZFC<{Ro$q-+YGumd=K- z7Cdf52oW*Oo+;aJ6jz4h=Inr_DsrM2S@gR5(LItCSgF>w4ORe&B6vb3HL%?~_DIfI z@l}xc1*;+0$k>d?tQ7H0a45xdi_zbC3KfG_Oq{TWGTrpeOQGZRDvjT zKOeMj$$R1_ik}thIuAK;(crf9BDSfrFMa z*uF0Sc;LtfA$>e>IO&DZ$44GY)41(XfC-3X&P9J_XRnwqBkhqm*~N3}n(ml7IP?)2 z5Qu1wV%}*p}H8{k?+UU zC>S;yLzb^MLDgG6Q6|DN3wMZ}a?T#$n{ac^cT3%`Rb++Yrm>Jne{{gw6k<{&G^tdJ z9m?;H4sbPI;`$S1KXI?Rx?RxLvj!Qsp=!T9zZ7{jj{2=E(WK}Bw;j9* z{qdD-iO{>^BDBY%k@VS-z-*LMK2hzF>N@3RVjnCzFgNoLz1|9U%5+(E@`+An_Z;!pt_ofB~CWwU{FNlvk#VFr; zvj>@j!dkD*FfATUWwd0Q5!|GD6RUH; zf2Y2UyWHTyqqse^PvFT&;Xu&o?&ruID#)Fs&Z)pw-+N&Qe*MRX!utGO(vR%XXQNWM z19r-0qS3fx!(mklgU$VJm)CKMK}zfU>9++)C5No16%o`49g7p;0ez3{Z6+jX=^L7} z2V+?(V=T1;LhAOL7$#rwlFri-0Tcn94$Xh3%l_xR-!2p%n2~OOj9!+Sl z8-rpmT|oZ{I{=S6^vf3R?G%M-wce8@|~3ARykekc~qbU~9BAR=as$uNFcv<0s9 zl~(ntAzl-{%Vj8wm{UDhtpCD|nBh=xq53CO!F`;%)y_VzV>oTj2&iU?>AN#@K5B?_ zmZ5piiNX+fA3nuf!y@zOt82;E%307xTFAR6U)@Orciy1#l$yWWKZuIR6%oT;Hh^%^ zI^PCqBi#4!k4#H;cbNBy&Z(tVXdA_orlofU(&BE&c5(2T@)1HsKKL&I%etpp&2N4V zy*rcYJSP)gmYz$Z*)FVkhpO&CC|2|sSYPdpt`0*n9nkE&T~~a z+9Aa&BZE`6n-qEK9^Axl+0rt2`)iQ$HH7QyAGkRZ5X+xd@H_pkzPZKB!u~%2tO-;0 zLmu_pMs$o7z93UeqC&e$o)b&EZkomnL2l34lb`rdGzp_!2aE-+AdAQe>>LKU#SN)H zG&T6Gi*d#%Y?eA75Oa`@svbdi0Kwp%vELpJ(MQs;;*Lv;27(wfYJUQ6gOMFFh>gyO zJUTFJuq|?!ZBl4=f^w&2Cr=0-xOthsLUvVjzI4{DxFDktkBRF??J&oAKic<2M-fmE z6gveUwn)$lmCcn0V6OMkf|H=i?bx?!-B2K4=9L+PgO;J~tfk%PIiu;opTaRAqaPtY zXChky*=4y<{qs*z{{VuV0a9}O+wAD91I(Plf$HN5%kh^;4p9Sy%lT3wtD$tofMJG_ zEmbw(ovZK26wIJSRhl|oo7T_*(H=uyI6DIKiTT)>BfY#6ha!*Acrpqi=$UcXG!hC3 zMcDI(BbrR4mjqolxSAw`I|a-I^D)*?Lym(-UL<(OrP@KOFFsv!uCsLhfFKD5g$PX6 zoOE|!wj~C-qzt`Aut7R7kj4l1hS`8kprK05>SoDK2!H{lgcR^P(=!?vxCd%-LUqR6 z1RKy%eb41_Et*2w+vgG>A0TLU0H>LQOvPF@qM^|tFRi9IfX0#!Iw0=+;<7x;Kp~(` zJJS4MpOmQDKwS+W%{cIaM@0e^2YW%_!I_A0APLM*7bB?%5qaQ)IDSs>F|q+NaZ=Bi z^@^SyfLF`s<-%IZriZo4wY>08K$F%HK(WOKCjs%|VG-7dG_$mODsyHw)Y7K(Bwsd{ zyp@rG1=bgkdHDNUr*XsQ{{R*)ci+NKSOgW@$2c#I#u_-~RV*H!_q5UaL;N;9dgTV$ z{>Qo?TiXpjKz2M_nV$0x!UFS?prqJu`U3Ni78$!1L#wi)RF65brnP-9$)H;x256F2 z0MIB}Z8)xPV?a&(iw0SzBh1McX)8v3nCQjkkSJ1%EQ0qWmwvd3L0A<)bk=JY2g86M z&tcXbkq z-LA}@4tI81Oyl+jCIpm}i=x`B%l?(Ns{!6{J0z96^;bbwS4EePJ9W+hr4 z0#ahs+Bh&W|Eg-zlEu32YmNJzCC7|DPvpUrkvbezq!1NI&M z-6azbS0H2fVyRZI_$Ks(z;U4CWXS{o&>d&Y=nIPFov>v9u6q6AKcA%5fdi53{kA<} zym+9h;pq|PPG(E2Cd5JHs*l9YXjfssJ%sblK)78b@_CMs$5h*S0m@L<#F#i-I|;7? zedWkob?6e)#b<28O4z(NflaGmd|(abYrVhDC#*tD%nBv0nu>vLOickbYDuljxCCx? zR+$Z;b|NB`!%DlpxS}>d$U+>euJ@{t+d6FFeQjHnkbVK#odFkvIE073-Md$tNNbCU zcI9`fuWLp<9{pds9*{eY86uZuHn|cZ+jzv(sc!!O$SAo%a3ARARVmKH_!-R%D3BCR z0*6IcTe+&>rk6*4bM2i7N+acAH~V4zTr{XL%GJqWx4@lLsRg=ekFuOEC+?wc+R=o)!xOav5HS5>OKpKc|g@km|Nu;t~!q5VJ& zaKn}I`oveQ$AjY0YE4F_W1(j2>#E@Al)41yl%}cJO$n< zMVYM-@PZ5g+K3Fpra~6$Uxz`35EUpv%v-?SoK(OK5DJU52cqv&RUL71ma|+v)JIQ4 zgcSgU5QugM0c*V3!gUEF#k4dA`(@=k5c0Zz>srg&3c%yYeY@72S~w~|JgqM9DdB-* z-7edxoel3P2@XuX()i;X@*;v!+vWH46f)t1-$&{J*qC{L^_+|Yc=R#Hr1E<9!mFpQ zUvHN_QsPK!p};{8&+Es@_KVur$wI^khM(U-G z3-aQ40HGxD7XrlW3_AsHW;PlcCM#K#)|*d4r0!rKYZRR{eVb1g%K%gxB_tfZ5rh00 zFc{L0HZZ%Xc}(5O5QvoDLsrj&yNwC8Z^Bjm{))i3C>TAsaH{yj30&j!{CKE^tY@Jh$tGAH+XY6ZdL)#qCAH_ znabJ|?+Ex~eXlq}wjr|PZ%Uqic?7=O=oh9#kT>rcTVRm$d9nvu(?<1*2zZG|X$}Y2 zA3;1B0Qg|b)&^?6@JIvoM2=}Ut7z@CJxpgD+(2-S^Ne(ZK*^x1fB@e^fCM=G8>bpj z4`J{W`})bkFaVwy6)hJ})+$tmSu)+TOC4c@oG3E#2O~m`&%RJDM*#`LUy;$gf&;)z zmk$o(7gidfd%$6ztyE!Dm*UJqkx34+6syaFhll|W(wz9%B)AfZqpW&5`Y#>HD35s^ j*@pp>{sh^fGV7l&)1@Pn(H}Wp?*WDQzzz@4{{a8lqxloT diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_title.jpg b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_cover_title.jpg deleted file mode 100644 index 1c26232a10b9b84a5c2f5f1ea6dbf0a00ee36ac7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6055 zcmb7HcT`i`(mx3S5+D!=MS2Jcy*KG3p#~5LO(_aQ2p}Lu1XNTAAVo!r6e-fZ(m@eH zP^wgsUQ|Syh!h1WqL=c8d*6L;y??%MeY4NnYp*#oXJ((-znR%bQ%AD^!qkXp1b{#Q z0HO`x=mVe+Kp7Yq8R(&mjEpcCl!=8C&ce*h!pnhV;}ql*782wW5I|w%#8GG&Q2_yo zlaewDiYh89!r~e_>Pp&j$|_379|6H&FcxN(6L9zmB@qD;rT;e_wFB%>fCws~^I`|U z>>xUJ&`~GA2LNEYV{iXM^mGsg@bNp&|K=Y{9K8ov=)3?hf(}93;0*giZdQ}G%#8Ve zX)|IxW3j32%Bd-B%YQLwlR$D#I+S>4GaoI+&I+?+!vP!H001S%(HG&gG>~_Dk6C}w z#&&e(;JqH=o8e*+apfYaO}l6zP8}_-p{^~gVi;0Sgqhtlr zdIv3`as5kP!^y}8MJ5Cb$^at2>YUU)^VyyTIerAp_z%d^nNesg#dqvM2SG-H506@V zgi~f`GvAo5LkY)4Tty2#C^9mzpq!F~X*^IV2`aUsm}2Ew60i%<3q}~slKD7qhmkux zK1Tz~n_-|oDy1L@jeX=BRFSXQ0_mOSYek$#coztiyS!)W?KNZsdG$?Y)rC0C zsO-t^&T7gGIZ)V}*|8VWQhXrPT0iUUrSKu%w#I zMJrQfne;?M!sb`s2qR}XPB?(ziixsGHksNsQI|=$P1ww=2{yp;bJNGPsjp?4D{`~E zeiXMoTWE_pflQ0(^ceXC)GKe#l;R*}J$}sgi3FKFYtj z{_fDw_es5wwBEElRv^2(aahGavn3e`MEWFt^&smB&)uxmXjze+x?wQ$x=F96>Y!&U zaOk;jj=5ED){+?^?4!Q`EYC3{#PyP*#!1Tb)c*LTey(QCa(kJDi=GL@rj7;QqL$sF zfo{UbKj_?%7p`Mo>?~Vgdax69DKp-wswKn3Cbdv(!Nt+qghV3^Ej)%3N#*V4z;hX@s!49~qkTh7p*cijcPgc?#m)o|%X{sxo6!B_9a;7pdLY#@9^whl zwtnX_Bffig>JwhljW?4lLeR8nV%E=Xx`$}cIq%LT9G*3#(@hactUWDu&sw6jD>dpx zN4T1B*0VLYMIUw@&Q%6d>BnqNW0S7MfGzujlw&LBWO>FDK8!;9DUS{e@kS2Hv-b`YLvvO&z*z{G8%od!0SsEubx+*F5J{o{F&D%Q*S+Z2GQvXV~vIv66Dn z-RIvXK2Dhh!BOst3Tx^H$t1>8u~eo)$(RQMXs^dn1^Fyg5GP4dj?*fNb<%g(o(B&k z1P&zByx^OcmNPsj4z{CroQqVstTrFHiu{#7w&71hd6~@FrOrogbQ^z5y zouo+)XDCJ0z-EHy)ES3>LaG?s?<3$i)3g6q1)#w;=`U!~DuW&f((=DZfd4I_LBl;5 zLaQAx2>5T{gJ`7%!LG<5LP9Iy10ima1%o#!=0|h$0K^ih-B=XEpfhle?7IkVND9T(}zPZxJqTM8`=sP?@~#| z@{+uUU&Q)&+Mk@3`t0#cCatfx@16svh1_RHn=H844}Xo|hO2X-LE;}(@m$E$zK;@1 z7?T~O%hR4*sM&P-*bg094J)ggEVW6P`E~}D{sS(yiVb?6@c2D}bWOY1gC{3jLe%Op z(s6=(En@}WZ=V*Q?LLM6vfEP+k#W5#RmMGgBd+do(WlqUnTTraGfV>1ndz4qX*HM>UtXC1t)Xz zl}Tdl)FEd>qJ)yNQ*K=9gVuyTdC&WI3b#@{K<_sW$!TUTXw+D5Z#9!qF*=lQ2is~u13t-mlFSrysZ`D@g`B||e zGQ(g!qYruI__s05F?y0jjsWMv-76+Pl65y2oQu1b$Dh`HWctABNuCPRvCikTjN^~1 zv%h^1_*33hw_G<-w@h?;T8#tgPjlPGaQI`D@lzFNUwV7xP`>`6n!vLBGs@wX!D2(I z)Mm(w6RS%8t=fGY%XuoVtg_!)Ww$DoxZhFt+rGy$Bt|ZB=mg2{f984GhaWjnC1ZaC z1jma-h`;7mTdet6&M5XO)5}LZ*ng4V7GG=I5#P)-P{)+$N4UE@;3z1fwv~DV^vl3U zoK^1KsSLxa#MF7W&Pl#}lM?LEpYER`uH45C3yO7m7j>DO7nQ{@BAK_)%z>=*c zwOsEcwNF&H{DSl~<#UNpS+~Y{o2UWlvFH2ZWAv0G0Cp-|nRF}tRM5a7M*);l$(xhp z(9&)zjt}{6U3@kpRQ|$Xqg!PCK^SD(U%m8U?^z*fmxfb8(l^^}$oi@m`5fr8_p$m4 z1Kwj%MAOwkI7>6$v^abzng|>DFgtfL6(tLfB%6$ zh+RYxfhPsJMJ5;2wr!vkaKm$(|1Q&dB7Q#cqbueE9vi-C-36L=M~Sr>E)_#Mu(4dB z!kz*R6rWD#@(%wne9GeV+6tjzTip6l``$@QxCn91Rh6wWYTWaib}0tdMUvjSQ4ce` zB8c2o#(V2kyE98K#0taJUW>%#t9s<+ds`C?4mm8BiP8*T-SQ>(m>GRy{WoqirY*1@ zEV^fq?0P@TKd=e&&U{uW6urz{5-QXE=8@IMhvpH>_>8`!XN1>Ad?q`JuyZ|$_Yc@B z$69=61S-AasKZ+=-iQ~yq)m0!dx7Gii^hNUCHBT86FU_f1pL!16ymjh(C_!i-Y;xx z$ejulEeYgbXEpSCZ<6TcnD*(u!RcQ5ba%F*j>b*y#7WjqbKGpwT^!!$=*JxW&~}&V zvZIsfE#pGC1S!>5ndWjfRC*RoVQa(}2?KA|-a4@vd9I(q+pcpY`~4J-PawLRVnb42Al)!n?rC?4Hy)O+`0caWUsalYyjjl3Q-w&!ym*IK zC#h+cM_E^w-5otoe}&7U$gUSK>}%ayU1?9Q3wF zQ-YcM4!%HzUqd94s!q;G6c6`rY)Kkc`R%g}l?ibMW+V!SEYx=)-pZqGn>v$a`6aPY zXF5Lr<$$D71I9<I1)9JG0EZee21?X zHlio0_n9>(klC&+cbHEL2cj>uzV1u;byA)sGx(|gLmr3=9&T%J^#x;Svh68J(UlGF z;gelrT4}L9b1}?2_F8_fYrp+^qA}62BgIj-E=qrK8YnGq_jFhI7H(KXwA)3VGOazw z)E10M7$VqYllw(vn{T^%yu-2|77M71jSE;8&tWCRSBn+h`a}w9on&@xw!qkCu=h}W z^AVuU8Q9$6h4EI)wy%YrCB8iAod67*{8Sw)InX;^FiI-x-~f|C;p@h9o|0iq4YI zO|Il<*Q_G3d{5BLUVBrZm->Re*W%Avs-rWfgO*x`flP442cej9@I?=koC9}R(=M5c z%n6~qE(3pHgv1>NLjJ2AbAWz9;`N^S7AUYODq z^U*(m-okeVV{9ADfAM(k&1z7&t?e?Z=DVTSSuGbtveFzc%cBJxB}-C_N0GZbX@#a; zzM*VCTa)X_<#KjN_4j`?JRvP&uAi|e9A02!m2>9pxrN~M;N%9b)L*K&H zy#vjw&=V5_cV-;vNI**rjpe%++=+?6K5mY9(IMt)^wW*vvO{ZF{&fijj@t}Gk_je- zNPBNkmK%4nTk)Nia+b6awHNDKHe(1QlU|iGZOvZ~z#FihyEh*OVj> zCJ6wjAP5+bNx`EKI1~pSMa82cKo}|!1JKlgW36KWA_`2za6oB>P*ea&!DFZ}49Br` zOcEYNvx0yE2pooHlmn0908n5PAmvyXLN$S;m;gz52m%L*psAQ(j=iEO(k#+u7$)_9 z>9LNxFvS1ah5aodg`jm^ATR^11v?%z0s*v~jz^H(0+S0OYuko5P;;9Kxc}sI#D$2& z+NYc$t&eUKwxc{=Bhf>Nzl`0HpsBO%m?K~yny*3hRp2|lSqg_F-^)yJ54WNVM~LO# zi7OeT(12dO?V&MQXm#OQ%q{7XnUX`-cY!I3x_jsa14M`@zu}E(p*}A1?2kBAPpgRF zu!82M8)^Zspp43`-xx;U#uf=bdbK$Cq21$d(c_gH%Ch;fNwV97>w)4?Kd_11fhN0C6@!Ge6-l6!yb7WUQ^g|t9c+ad>gdC zD&2o>-0=wL;Y)Mf;;a2}=n-toSNUhFhR%oG#4p#NkElQONE4MR)v@Zu-?sx9S1m1f zH%nG5Z?4Vie%Lx=Z#B&N@;)_zB!tX#USpuO+Z3TkVP$e%V(mtgV zIT+d<6}cwqYg8A!v>>j|;{1o(M6%h}wuUOb3!vY^4|x6#SKIabrp>=>A~SJln*>y!F}nbJ4pu-ts(fHOA@1sYB=t zLhnIrvsxT2D@EOg^Yc8e8x#u$u=OfBcnDp-*V!7Z_DyQFq0w1XyXWY#Uzwd@1^%ey;I9DV3=n$lJVlR(iD9ORz|Ns6$p9gdcn=E4sQ z4@P+T>g&fA&Pss1t}e-)vf0v6ymoRRivDN2dR^p@?C;3*k>+v#PZ0a~SB52fvS}Pl zD?1)JPrg-buj-ylMtHgtG6TX`PkadYe%S1L^ZbL3-#Iy|IZlGEg9~GGQfUsa0jrc3uH)tu{t_!|ePvTapGhjW9(GTF-7L5o2!ZgNfP z`Aj%tF{WC}z?A5xf6p(7@6+Q-|BEqSt@A}9bp-QOkdu*Fp>nH#u$kP7WixE$gzJx& zZ}LbZr@NO}=|fVD%7vNbJT71SLJ)LV{aYb^_0 z_m(fIGq1D+;a&-GKeWmHsG5?t#anKbARnx**5>|=VbC)X5~HQ>)c)hjbZd>(;Au9O zPPU1-;Se*9>gLrK``1m8*B=VYX)7|bW`wQ2xnfXf{Y#j_MaLv-ar^VA#b$Ih*_3l? z;0H^du1C*I=F3j%v+=OTXb|(t*OIHN@|pHJj^7VVgBcWDQvLIk%c!T9L~HcE8@Wze zI_0a;!jiJ(HA^FqPc5lHj*`y z>_#ErB;VR*Uy2`|+1G*iKz4A!97D@7TZo6g;$zA-6J;e{8o0H5^1ag(o4WD>VY;9^ zWevMPd%N`|4gHAGc2Tv@KrNQ^O;fNAW9{`Vthu#WrH9F?q|CwlZngXJCN!NJ>Q8xZ z`?e5YI3LI$*{`yBkwoXESw#`@UN0jzC9!*XHa3I}{im~8 zC#kajRAq`;M5jIdx?ESdX|3njeWiPx_MbRMqvo|id$+H1mI*<3UO};RolUwh2NF2p Q2te)&Z@L`;-AC{K2W=cC?*IS* diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.gfont000.gif deleted file mode 100644 index 7fb5db91b0065b9e260603b21de138ea3495ebeb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 148 zcmZ?wbhEHbRANwKXkcLY|NlP&1B2pE7Dgb&paUX6G7L=FEKMs<&n=rX=e);@g3DZ= zo<`2?Xt^)3C}Y>mzymu~UWBdxb7@)b`&?e(heg`c)HP14wA-K|1~Rp^mv<%_M(j$i%M$S+Hb!Tvi+;K`RS8yaq{YBj2;V*g;=l$GB8*J0G2>M AHvj+t diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html deleted file mode 100644 index 8343c41d0c5..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_faq.html +++ /dev/null @@ -1,1643 +0,0 @@ - - -mod_ssl: F.A.Q. - - - - - - - - - - -
- - - - -
-
- - - - - - - - - - - - - -
- - - - - -
- mod_ssl - - Chapter 6 -
-
- - - - - -
-previous page
HowTo - 		-next page
Glossary -
-
-
- F.A.Q. -
-
- - - - - - - -
- -``The wise man doesn't give the right answers, -he poses the right questions.'' - -
- -Claude Levi-Strauss - -
-
-

- - - - - - -
-T -his chapter is a collection of frequently asked questions (FAQ) and -corresponding answers following the popular USENET tradition. Most of these -questions occured on the Newsgroup -comp.infosystems.www.servers.unix or the mod_ssl Support -Mailing List -modssl-users@modssl.org. They are collected at this place -to avoid answering the same questions over and over. -

-Please read this chapter at least once when installing mod_ssl or at least -search for your problem here before submitting a problem report to the -author. -

 -   - -
- - - - - - - -
- -Table Of Contents - -
- -        About the module
-                What is the history of mod_ssl?
-                Apache-SSL vs. mod_ssl: differences?
-                mod_ssl vs. commercial alternatives?
-                mod_ssl/Apache versions?
-                mod_ssl and Year 2000?
-                mod_ssl and Wassenaar Arrangement?
-        About Installation
-                Core dumps for HTTPS requests?
-                Core dumps for Apache+mod_ssl+PHP3?
-                Undefined symbols on startup?
-                Permission problem on SSLMutex
-                Shared memory and process size?
-                Shared memory and pathname?
-                PRNG and not enough entropy?
-        About Configuration
-                HTTP and HTTPS with a single server?
-                Where is the HTTPS port?
-                How to test HTTPS manually?
-                Why does my connection hang?
-                Why do I get connection refused?
-                Why are the SSL_XXX variables missing?
-                How to switch with relative hyperlinks?
-        About Certificates
-                What are Keys, CSRs and Certs?
-                Difference on startup?
-                How to create a dummy cert?
-                How to create a real cert?
-                How to create my own CA?
-                How to change a pass phrase?
-                How to remove a pass phrase?
-                How to verify a key/cert pair?
-                Bad Certificate Error?
-                Why does a 2048-bit key not work?
-                Why is client auth broken?
-                How to convert from PEM to DER?
-                Verisign and the magic getca program?
-                Global IDs or SGC?
-                Global IDs and Cert Chain?
-        About SSL Protocol
-                Random SSL errors under heavy load?
-                Why has the server a higher load?
-                Why are connections horribly slow?
-                Which ciphers are supported?
-                How to use Anonymous-DH ciphers
-                Why do I get 'no shared ciphers'?
-                HTTPS and name-based vhosts
-                The lock icon in Netscape locks very late
-                Why do I get I/O errors with MSIE clients?
-                Why do I get I/O errors with NS clients?
-        About Support
-                Resources in case of problems?
-                Support in case of problems?
-                How to write a problem report?
-                I got a core dump, can you help me?
-                How to get a backtrace?
- -
-
-
-

About the module

-
    -

    -

  • - - -What is the history of mod_ssl? -   - [L] -

    - The mod_ssl v1 package was initially created in April 1998 by Ralf S. Engelschall via porting Ben Laurie's Apache-SSL 1.17 source patches for - Apache 1.2.6 to Apache 1.3b6. Because of conflicts with Ben - Laurie's development cycle it then was re-assembled from scratch for - Apache 1.3.0 by merging the old mod_ssl 1.x with the newer Apache-SSL - 1.18. From this point on mod_ssl lived its own life as mod_ssl v2. The - first publically released version was mod_ssl 2.0.0 from August 10th, - 1998. As of this writing (August 1999) the current mod_ssl version is 2.4.0. -

    - After one year of very active development with over 1000 working hours and - over 40 releases mod_ssl reached its current state. The result is an - already very clean source base implementing a very rich functionality. - The code size increased by a factor of 4 to currently a total of over - 10.000 lines of ANSI C consisting of approx. 70% code and 30% code - documentation. From the original Apache-SSL code currently approx. 5% is - remaining only. -

    -

  • - - -What are the functional differences between mod_ssl and Apache-SSL, from where -it is originally derived? -   - [L] -

    - This neither can be answered in short (there were too many code changes) - nor can be answered at all by the author (there would immediately be flame - wars with no reasonable results at the end). But as you easily can guess - from the 5% of remaining Apache-SSL code, a lot of differences exists, - although user-visible backward compatibility exists for most things. -

    - When you really want a detailed comparison you have to read the entries in - the large CHANGES file that is in the mod_ssl - distribution. Usually this is much too hard-core. So I recommend you to - either believe in the opinion and recommendations of other users (the - simplest approach) or do a comparison yourself (the most reasonable - approach). For the latter, grab distributions of mod_ssl (from http://www.modssl.org) and Apache-SSL - (from http://www.apache-ssl.org), - install both packages, read their documentation and try them out yourself. - Then choose the one which pleases you most. -

    - A few final hints to help direct your comparison: quality of documentation - ("can you easily find answers and are they sufficient?"), quality of - source code ("is the source code reviewable so you can make sure there - aren't any trapdoors or inherent security risks because of bad programming - style?"), easy and clean installation ("can the SSL functionality easily - added to an Apache source tree without manual editing or patching?"), - clean integration into Apache ("is the SSL functionality encapsulated and - cleanly separated from the remaining Apache functionality?"), support for - Dynamic Shared Object (DSO) facility ("can the SSL functionality built as - a separate DSO for maximum flexibility?"), Win32 port ("is the SSL - functionality available also under the Win32 platform?"), amount and - quality of functionality ("is the provided SSL functionality and control - possibilities sufficient for your situation?"), quality of problem tracing - ("is it possible for you to easily trace down the problems via logfiles, - etc?"), etc. pp. -

    -

  • - - -What are the major differences between mod_ssl and -the commercial alternatives like Raven or Stronghold? -   - [L] -

    - In the past (until September 20th, 2000) the major difference was - the RSA license which one received (very cheaply in contrast to - a direct licensing from RSA DSI) with the commercial Apache SSL - products. On the other hand, one needed this license only in the US, - of course. So for non-US citizens this point was useless. But now - even for US citizens the situations changed because the RSA patent - expired on September 20th, 2000 and RSA DSI also placed the RSA - algorithm explicitly into the public domain. -

    - Second, there is the point that one has guaranteed support from - the commercial vendors. On the other hand, if you monitored the - Open Source quality of mod_ssl and the support activities - found on - modssl-users@modssl.org, you could ask yourself - whether you are really convinced that you can get better support - from a commercial vendor. -

    - Third, people often think they would receive perhaps at least a - better technical SSL solution than mod_ssl from the commercial - vendors. But this is not really true, because all commercial - alternatives (Raven 1.4.x, Stronghold 3.x, RedHat SWS 2.x, etc.) - are actually based on mod_ssl and OpenSSL. The reason for - this common misunderstanding is mainly because some vendors make no - attempt to make it reasonably clear that their product is actually - mod_ssl based. So, do not think, just because the commercial - alternatives are usually more expensive, that you are also receiving - an alternative technical SSL solution. This is usually not - the case. Actually the vendor versions of Apache, mod_ssl and OpenSSL - often stay behind the latest free versions and perhaps this way still do not - include important bug and security fixes. On the other hand, - it sometimes occurs that a vendor version includes useful changes - which are not available through the official freely available - packages. But most vendors play fair and contribute back those - changes to the free software world, of course. -

    - So, in short: There are lots of commercial versions of the popular - Apache+mod_ssl+OpenSSL server combination available. Every user - should decide carefully whether they really need to buy a commercial - version or whether it would not be sufficient to directly use the - free and official versions of the Apache, mod_ssl and OpenSSL - packages. -

    -

  • - - -How do I know which mod_ssl version is for which Apache version? -   - [L] -

    - That's trivial: mod_ssl uses version strings of the syntax - <mod_ssl-version>-<apache-version>, for - instance 2.4.0-1.3.9. This directly indicates that it's - mod_ssl version 2.4.0 for Apache version 1.3.9. And this also means you - only can apply this mod_ssl version to exactly this Apache - version (unless you use the --force option to mod_ssl's - configure command ;-). -

    -

  • - - -Is mod_ssl Year 2000 compliant? -   - [L] -

    - Yes, mod_ssl is Year 2000 compliant. -

    - Because first mod_ssl internally never stores years as two digits. - Instead it always uses the ANSI C & POSIX numerical data type - time_t type, which on almost all Unix platforms at the moment - is a signed long (usually 32-bits) representing seconds since - epoch of January 1st, 1970, 00:00 UTC. This signed value overflows in - early January 2038 and not in the year 2000. Second, date and time - presentations (for instance the variable ``%{TIME_YEAR}'') - are done with full year value instead of abbreviating to two digits. -

    - Additionally according to a Year 2000 - statement from the Apache Group, the Apache webserver is Year 2000 - compliant, too. But whether OpenSSL or the underlying Operating System - (either a Unix or Win32 platform) is Year 2000 compliant is a different - question which cannot be answered here. -

    -

  • - - -What about mod_ssl and the Wassenaar Arrangement? -   - [L] -

    - First, let us explain what Wassenaar and it's Arrangement on - Export Controls for Conventional Arms and Dual-Use Goods and - Technologies is: This is a international regime, established 1995, to - control trade in conventional arms and dual-use goods and technology. It - replaced the previous CoCom regime. 33 countries are signatories: - Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, - Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, - Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic - of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden, - Switzerland, Turkey, Ukraine, United Kingdom and United States. For more - details look at http://www.wassenaar.org/. -

    - In short: The aim of the Wassenaar Arrangement is to prevent the build up - of military capabilities that threaten regional and international security - and stability. The Wassenaar Arrangement controls the export of - cryptography as a dual-use good, i.e., one that has both military and - civilian applications. However, the Wassenaar Arrangement also provides an - exemption from export controls for mass-market software and free software. -

    - In the current Wassenaar ``List of Dual Use Goods and Technologies And - Munitions'', under ``GENERAL SOFTWARE NOTE'' (GSN) it says - ``The Lists do not control "software" which is either: 1. [...] 2. "in - the public domain".'' And under ``DEFINITIONS OF TERMS USED IN - THESE LISTS'' one can find the definition: ``"In the public - domain": This means "technology" or "software" which has been made - available without restrictions upon its further dissemination. N.B. - Copyright restrictions do not remove "technology" or "software" from being - "in the public domain".'' -

    - So, both mod_ssl and OpenSSL are ``in the public domain'' for the purposes - of the Wassenaar Agreement and its ``List of Dual Use Goods and - Technologies And Munitions List''. -

    - Additionally the Wassenaar Agreement itself has no direct consequence for - exporting cryptography software. What is actually allowed or forbidden to - be exported from the countries has still to be defined in the local laws - of each country. And at least according to official press releases from - the German BMWi (see here) and the - Switzerland Bawi (see here) there - will be no forthcoming export restriction for free cryptography software - for their countries. Remember that mod_ssl is created in Germany and - distributed from Switzerland. -

    - So, mod_ssl and OpenSSL are not affected by the Wassenaar Agreement. -

-

-
-

About Installation

-
    -

    -

  • - - -When I access my website the first time via HTTPS I get a core dump? -   - [L] -

    - There can be a lot of reasons why a core dump can occur, of course. - Ranging from buggy third-party modules, over buggy vendor libraries up to - a buggy mod_ssl version. But the above situation is often caused by old or - broken vendor DBM libraries. To solve it either build mod_ssl with the - built-in SDBM library (specify --enable-rule=SSL_SDBM at the - APACI command line) or switch from ``SSLSessionCache dbm:'' to the - newer ``SSLSessionCache shm:'' variant (after you have rebuilt - Apache with MM, of course). -

    -

  • - - -My Apache dumps core when I add both mod_ssl and PHP3? -   - [L] -

    - Make sure you add mod_ssl to the Apache source tree first and then do a - fresh configuration and installation of PHP3. For SSL support EAPI patches - are required which have to change internal Apache structures. PHP3 needs - to know about these in order to work correctly. Always make sure that - -DEAPI is contained in the compiler flags when PHP3 is build. -

    -

  • - - -When I startup Apache I get errors about undefined symbols like ap_global_ctx? -   - [L] -

    - This actually means you installed mod_ssl as a DSO, but without rebuilding - Apache with EAPI. Because EAPI is a requirement for mod_ssl, you need an - extra patched Apache (containing the EAPI patches) and you have to build - this Apache with EAPI enabled (explicitly specify - --enable-rule=EAPI at the APACI command line). -

    -

  • - - -When I startup Apache I get permission errors related to SSLMutex? -   - [L] -

    - When you receive entries like ``mod_ssl: Child could not open - SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows) - [...] System: Permission denied (errno: 13)'' this is usually - caused by to restrictive permissions on the parent directories. - Make sure that all parent directories (here /opt, - /opt/apache and /opt/apache/logs) have the x-bit - set at least for the UID under which Apache's children are running (see - the User directive of Apache). -

    -

  • - - -When I use the MM library and the shared memory cache each process grows -1.5MB according to `top' although I specified 512000 as the cache size? -   - [L] -

    - The additional 1MB are caused by the global shared memory pool EAPI - allocates for all modules and which is not used by mod_ssl for - various reasons. So the actually allocated shared memory is always - 1MB more than what you specify on SSLSessionCache. - But don't be confused by the display of `top': although is - indicates that each process grow, this is not reality, of - course. Instead the additional memory consumption is shared by - all processes, i.e. the 1.5MB are allocated only once per Apache - instance and not once per Apache server process. -

    -

  • - - -Apache creates files in a directory declared by the internal -EAPI_MM_CORE_PATH define. Is there a way to override the path using a -configuration directive? -   - [L] -

    - No, there is not configuration directive, because for technical - bootstrapping reasons, a directive not possible at all. Instead - use ``CFLAGS='-DEAPI_MM_CORE_PATH="/path/to/wherever/"' - ./configure ...'' when building Apache or use option - -d when starting httpd. -

    -

  • - - -When I fire up the server, mod_ssl stops with the error -"Failed to generate temporary 512 bit RSA private key", why? -And a "PRNG not seeded" error occurs if I try "make certificate". -   - [L] -

    - Cryptographic software needs a source of unpredictable data - to work correctly. Many open source operating systems provide - a "randomness device" that serves this purpose (usually named - /dev/random). On other systems, applications have to - seed the OpenSSL Pseudo Random Number Generator (PRNG) manually with - appropriate data before generating keys or performing public key - encryption. As of version 0.9.5, the OpenSSL functions that need - randomness report an error if the PRNG has not been seeded with - at least 128 bits of randomness. So mod_ssl has to provide enough - entropy to the PRNG to work correctly. For this one has to use the - SSLRandomSeed directives (to solve the run-time problem) - and create a $HOME/.rnd file to make sure enough - entropy is available also for the "make certificate" - step (in case the "make certificate" procedure is not - able to gather enough entropy theirself by searching for system - files). -

-

-
-

About Configuration

-
    -

    -

  • - - -Is it possible to provide HTTP and HTTPS with a single server? -   - [L] -

    - Yes, HTTP and HTTPS use different server ports, so there is no direct - conflict between them. Either run two separate server instances (one binds - to port 80, the other to port 443) or even use Apache's elegant virtual - hosting facility where you can easily create two virtual servers which - Apache dispatches: one responding to port 80 and speaking HTTP and one - responding to port 443 speaking HTTPS. -

    -

  • - - -I know that HTTP is on port 80, but where is HTTPS? -   - [L] -

    - You can run HTTPS on any port, but the standards specify port 443, which - is where any HTTPS compliant browser will look by default. You can force - your browser to look on a different port by specifying it in the URL like - this (for port 666): https://secure.server.dom:666/ -

    -

  • - - -How can I speak HTTPS manually for testing purposes? -   - [L] -

    - While you usually just use -

    - $ telnet localhost 80
    - GET / HTTP/1.0 -

    - for simple testing the HTTP protocol of Apache, it's not such easy for - HTTPS because of the SSL protocol between TCP and HTTP. But with the - help of OpenSSL's s_client command you can do a similar - check even for HTTPS: -

    - $ openssl s_client -connect localhost:443 -state -debug
    - GET / HTTP/1.0 -

    - Before the actual HTTP response you receive detailed information about the - SSL handshake. For a more general command line client which directly - understands both the HTTP and HTTPS scheme, can perform GET and POST - methods, can use a proxy, supports byte ranges, etc. you should have a - look at nifty cURL - tool. With it you can directly check if your Apache is running fine on - Port 80 and 443 as following: -

    - $ curl http://localhost/
    - $ curl https://localhost/
    -

    -

  • - - -Why does the connection hang when I connect to my SSL-aware Apache server? -   - [L] -

    - Because you connected with HTTP to the HTTPS port, i.e. you used an URL of - the form ``http://'' instead of ``https://''. - This also happens the other way round when you connect via HTTPS to a HTTP - port, i.e. when you try to use ``https://'' on a server that - doesn't support SSL (on this port). Make sure you are connecting to a - virtual server that supports SSL, which is probably the IP associated with - your hostname, not localhost (127.0.0.1). -

    -

  • - - -Why do I get ``Connection Refused'' messages when trying to access my freshly -installed Apache+mod_ssl server via HTTPS? -   - [L] -

    - There can be various reasons. Some of the common mistakes is that people - start Apache with just ``apachectl start'' (or - ``httpd'') instead of ``apachectl startssl'' (or - ``httpd -DSSL''. Or you're configuration is not correct. At - least make sure that your ``Listen'' directives match your - ``<VirtualHost>'' directives. And if all fails, please do - yourself a favor and start over with the default configuration mod_ssl - provides you. -

    -

  • - - -In my CGI programs and SSI scripts the various documented -SSL_XXX variables do not exists. Why? -   - [L] -

    - Just make sure you have ``SSLOptions +StdEnvVars'' - enabled for the context of your CGI/SSI requests. -

    -

  • - - -How can I use relative hyperlinks to switch between HTTP and HTTPS? -   - [L] -

    - Usually you have to use fully-qualified hyperlinks because - you have to change the URL scheme. But with the help of some URL - manipulations through mod_rewrite you can achieve the same effect while - you still can use relative URLs: - 

    -    RewriteEngine on
-    RewriteRule   ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
-    RewriteRule   ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1  [R,L]
-
    - This rewrite ruleset lets you use hyperlinks of the form - 
    -    <a href="document.html:SSL">
-
    -
-

-
-

About Certificates

-
    -

    -

  • - - -What are RSA Private Keys, CSRs and Certificates? -   - [L] -

    - The RSA private key file is a digital file that you can use to decrypt - messages sent to you. It has a public component which you distribute (via - your Certificate file) which allows people to encrypt those messages to - you. A Certificate Signing Request (CSR) is a digital file which contains - your public key and your name. You send the CSR to a Certifying Authority - (CA) to be converted into a real Certificate. A Certificate contains your - RSA public key, your name, the name of the CA, and is digitally signed by - your CA. Browsers that know the CA can verify the signature on that - Certificate, thereby obtaining your RSA public key. That enables them to - send messages which only you can decrypt. - See the Introduction chapter for a general - description of the SSL protocol. -

    -

  • - - -Seems like there is a difference on startup between the original Apache and an SSL-aware Apache? -   - [L] -

    - Yes, in general, starting Apache with a built-in mod_ssl is just like - starting an unencumbered Apache, except for the fact that when you have a - pass phrase on your SSL private key file. Then a startup dialog pops up - asking you to enter the pass phrase. -

    - To type in the pass phrase manually when starting the server can be - problematic, for instance when starting the server from the system boot - scripts. As an alternative to this situation you can follow the steps - below under ``How can I get rid of the pass-phrase dialog at Apache - startup time?''. -

    -

  • - - -How can I create a dummy SSL server Certificate for testing purposes? -   - [L] -

    - A Certificate does not have to be signed by a public CA. You can use your - private key to sign the Certificate which contains your public key. You - can install this Certificate into your server, and people using Netscape - Navigator (not MSIE) will be able to connect after clicking OK to a - warning dialogue. You can get MSIE to work, and your customers can - eliminate the dialogue, by installing that Certificate manually into their - browsers. -

    - Just use the ``make certificate'' command at the top-level - directory of the Apache source tree right before installing Apache via - ``make install''. This creates a self-signed SSL Certificate - which expires after 30 days and isn't encrypted (which means you don't - need to enter a pass-phrase at Apache startup time). -

    - BUT REMEMBER: YOU REALLY HAVE TO CREATE A REAL CERTIFICATE FOR THE LONG - RUN! HOW THIS IS DONE IS DESCRIBED IN THE NEXT ANSWER. -

    -

  • - - -Ok, I've got my server installed and want to create a real SSL -server Certificate for it. How do I do it? -   - [L] -

    - Here is a step-by-step description: -

    -

      -
    1. Make sure OpenSSL is really installed and in your PATH. - But some commands even work ok when you just run the - ``openssl'' program from within the OpenSSL source tree as - ``./apps/openssl''. -

      -

    2. Create a RSA private key for your Apache server - (will be Triple-DES encrypted and PEM formatted): -

      - $ openssl genrsa -des3 -out server.key 1024 -

      - Please backup this server.key file and remember the - pass-phrase you had to enter at a secure location. - You can see the details of this RSA private key via the command: -

      - $ openssl rsa -noout -text -in server.key -

      - And you could create a decrypted PEM version (not recommended) - of this RSA private key via: -

      - $ openssl rsa -in server.key -out server.key.unsecure -

      -

    3. Create a Certificate Signing Request (CSR) with the server RSA private - key (output will be PEM formatted): -

      - $ openssl req -new -key server.key -out server.csr -

      - Make sure you enter the FQDN ("Fully Qualified Domain Name") of the - server when OpenSSL prompts you for the "CommonName", i.e. when you - generate a CSR for a website which will be later accessed via - https://www.foo.dom/, enter "www.foo.dom" here. - You can see the details of this CSR via the command -

      - $ openssl req -noout -text -in server.csr -

      -

    4. You now have to send this Certificate Signing Request (CSR) to - a Certifying Authority (CA) for signing. The result is then a real - Certificate which can be used for Apache. Here you have two options: - First you can let the CSR sign by a commercial CA like Verisign or - Thawte. Then you usually have to post the CSR into a web form, pay for - the signing and await the signed Certificate you then can store into a - server.crt file. For more information about commercial CAs have a look - at the following locations: -

      -

      -

      - Second you can use your own CA and now have to sign the CSR yourself by - this CA. Read the next answer in this FAQ on how to sign a CSR with - your CA yourself. - You can see the details of the received Certificate via the command: -

      - $ openssl x509 -noout -text -in server.crt -

      -

    5. Now you have two files: server.key and - server.crt. These now can be used as following inside your - Apache's httpd.conf file: - 
      -       SSLCertificateFile    /path/to/this/server.crt
-       SSLCertificateKeyFile /path/to/this/server.key
-
      - The server.csr file is no longer needed. -
    -

    -

  • - - -How can I create and use my own Certificate Authority (CA)? -   - [L] -

    - The short answer is to use the CA.sh or CA.pl - script provided by OpenSSL. The long and manual answer is this: -

    -

      -
    1. Create a RSA private key for your CA - (will be Triple-DES encrypted and PEM formatted): -

      - $ openssl genrsa -des3 -out ca.key 1024 -

      - Please backup this ca.key file and remember the - pass-phrase you currently entered at a secure location. - You can see the details of this RSA private key via the command -

      - $ openssl rsa -noout -text -in ca.key -

      - And you can create a decrypted PEM version (not recommended) of this - private key via: -

      - $ openssl rsa -in ca.key -out ca.key.unsecure -

      -

    2. Create a self-signed CA Certificate (X509 structure) - with the RSA key of the CA (output will be PEM formatted): -

      - $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt -

      - You can see the details of this Certificate via the command: -

      - $ openssl x509 -noout -text -in ca.crt -

      -

    3. Prepare a script for signing which is needed because - the ``openssl ca'' command has some strange requirements - and the default OpenSSL config doesn't allow one easily to use - ``openssl ca'' directly. So a script named - sign.sh is distributed with the mod_ssl distribution - (subdir pkg.contrib/). Use this script for signing. -

      -

    4. Now you can use this CA to sign server CSR's in order to create real - SSL Certificates for use inside an Apache webserver (assuming - you already have a server.csr at hand): -

      - $ ./sign.sh server.csr -

      - This signs the server CSR and results in a server.crt file. -

    -

    -

  • - - -How can I change the pass-phrase on my private key file? -   - [L] -

    - You simply have to read it with the old pass-phrase and write it again - by specifying the new pass-phrase. You can accomplish this with the following - commands: -

    - $ openssl rsa -des3 -in server.key -out server.key.new
    - $ mv server.key.new server.key
    -

    - Here you're asked two times for a PEM pass-phrase. At the first - prompt enter the old pass-phrase and at the second prompt - enter the new pass-phrase. -

    -

  • - - -How can I get rid of the pass-phrase dialog at Apache startup time? -   - [L] -

    - The reason why this dialog pops up at startup and every re-start - is that the RSA private key inside your server.key file is stored in - encrypted format for security reasons. The pass-phrase is needed to be - able to read and parse this file. When you can be sure that your server is - secure enough you perform two steps: -

    -

      -
    1. Remove the encryption from the RSA private key (while - preserving the original file): -

      - $ cp server.key server.key.org
      - $ openssl rsa -in server.key.org -out server.key -

      -

    2. Make sure the server.key file is now only readable by root: -

      - $ chmod 400 server.key -

    -

    - Now server.key will contain an unencrypted copy of the key. - If you point your server at this file it will not prompt you for a - pass-phrase. HOWEVER, if anyone gets this key they will be able to - impersonate you on the net. PLEASE make sure that the permissions on that - file are really such that only root or the web server user can read it - (preferably get your web server to start as root but run as another - server, and have the key readable only by root). -

    - As an alternative approach you can use the ``SSLPassPhraseDialog - exec:/path/to/program'' facility. But keep in mind that this is - neither more nor less secure, of course. -

    -

  • - - -How do I verify that a private key matches its Certificate? -   - [L] -

    - The private key contains a series of numbers. Two of those numbers form - the "public key", the others are part of your "private key". The "public - key" bits are also embedded in your Certificate (we get them from your - CSR). To check that the public key in your cert matches the public - portion of your private key, you need to view the cert and the key and - compare the numbers. To view the Certificate and the key run the - commands: -

    - $ openssl x509 -noout -text -in server.crt
    - $ openssl rsa -noout -text -in server.key -

    - The `modulus' and the `public exponent' portions in the key and the - Certificate must match. But since the public exponent is usually 65537 - and it's bothering comparing long modulus you can use the following - approach: -

    - $ openssl x509 -noout -modulus -in server.crt | openssl md5
    - $ openssl rsa -noout -modulus -in server.key | openssl md5 -

    - And then compare these really shorter numbers. With overwhelming - probability they will differ if the keys are different. BTW, if I want to - check to which key or certificate a particular CSR belongs you can compute -

    - $ openssl req -noout -modulus -in server.csr | openssl md5 -

    -

  • - - -What does it mean when my connections fail with an "alert bad certificate" -error? -   - [L] -

    - Usually when you see errors like ``OpenSSL: error:14094412: SSL - routines:SSL3_READ_BYTES:sslv3 alert bad certificate'' in the SSL - logfile, this means that the browser was unable to handle the server - certificate/private-key which perhaps contain a RSA-key not equal to 1024 - bits. For instance Netscape Navigator 3.x is one of those browsers. -

    -

  • - - -Why does my 2048-bit private key not work? -   - [L] -

    - The private key sizes for SSL must be either 512 or 1024 for compatibility - with certain web browsers. A keysize of 1024 bits is recommended because - keys larger than 1024 bits are incompatible with some versions of Netscape - Navigator and Microsoft Internet Explorer, and with other browsers that - use RSA's BSAFE cryptography toolkit. -

    -

  • - - -Why is client authentication broken after upgrading from -SSLeay version 0.8 to 0.9? -   - [L] -

    - The CA certificates under the path you configured with - SSLCACertificatePath are found by SSLeay through hash - symlinks. These hash values are generated by the `openssl x509 -noout - -hash' command. But the algorithm used to calculate the hash for a - certificate has changed between SSLeay 0.8 and 0.9. So you have to remove - all old hash symlinks and re-create new ones after upgrading. Use the - Makefile mod_ssl placed into this directory. -

    -

  • - - -How can I convert a certificate from PEM to DER format? -   - [L] -

    - The default certificate format for SSLeay/OpenSSL is PEM, which actually - is Base64 encoded DER with header and footer lines. For some applications - (e.g. Microsoft Internet Explorer) you need the certificate in plain DER - format. You can convert a PEM file cert.pem into the - corresponding DER file cert.der with the following command: - $ openssl x509 -in cert.pem -out cert.der -outform DER -

    -

  • - - -I try to install a Verisign certificate. Why can't I find neither the -getca nor getverisign programs Verisign mentions? -   - [L] -

    - This is because Verisign has never provided specific instructions - for Apache+mod_ssl. Rather they tell you what you should do - if you were using C2Net's Stronghold (a commercial Apache - based server with SSL support). The only thing you have to do - is to save the certificate into a file and give the name of - that file to the SSLCertificateFile directive. - Remember that you need to give the key file in as well (see - SSLCertificateKeyFile directive). For a better - CA-related overview on SSL certificate fiddling you can look at - Thawte's mod_ssl instructions. -

    -

  • - - -Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global -ID) also with mod_ssl? -   - [L] -

    - Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have - to configure anything special for this, just use a Global ID as your - server certificate. The step up of the clients are then - automatically handled by mod_ssl under run-time. For details please read - the README.GlobalID document in the mod_ssl distribution. -

    -

  • - - -After I have installed my new Verisign Global ID server certificate, the -browsers complain that they cannot verify the server certificate? -   - [L] -

    - That is because Verisign uses an intermediate CA certificate between - the root CA certificate (which is installed in the browsers) and - the server certificate (which you installed in the server). You - should have received this additional CA certificate from Verisign. - If not, complain to them. Then configure this certificate with the - SSLCertificateChainFile directive in the server. This - makes sure the intermediate CA certificate is send to the browser - and this way fills the gap in the certificate chain. -

-

-
-

About SSL Protocol

-
    -

    -

  • - - -Why do I get lots of random SSL protocol errors under heavy server load? -   - [L] -

    - There can be a number of reasons for this, but the main one - is problems with the SSL session Cache specified by the - SSLSessionCache directive. The DBM session cache is most - likely the source of the problem, so trying the SHM session cache or - no cache at all may help. -

    -

  • - - -Why has my webserver a higher load now that I run SSL there? -   - [L] -

    - Because SSL uses strong cryptographic encryption and this needs a lot of - number crunching. And because when you request a webpage via HTTPS even - the images are transferred encrypted. So, when you have a lot of HTTPS - traffic the load increases. -

    -

  • - - -Often HTTPS connections to my server require up to 30 seconds for establishing -the connection, although sometimes it works faster? -   - [L] -

    - Usually this is caused by using a /dev/random device for - SSLRandomSeed which is blocking in read(2) calls if not - enough entropy is available. Read more about this problem in the refernce - chapter under SSLRandomSeed. -

    -

  • - - -What SSL Ciphers are supported by mod_ssl? -   - [L] -

    - Usually just all SSL ciphers which are supported by the - version of OpenSSL in use (can depend on the way you built - OpenSSL). Typically this at least includes the following: -

    -

      -
    • RC4 with MD5 -
    • RC4 with MD5 (export version restricted to 40-bit key) -
    • RC2 with MD5 -
    • RC2 with MD5 (export version restricted to 40-bit key) -
    • IDEA with MD5 -
    • DES with MD5 -
    • Triple-DES with MD5 -
    -

    - To determine the actual list of supported ciphers you can - run the following command: -

    - $ openssl ciphers -v
    -

    -

  • - - -I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no -shared cipher'' errors? -   - [L] -

    - In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough - to just put ``ADH'' into your SSLCipherSuite. - Additionally you have to build OpenSSL with - ``-DSSL_ALLOW_ADH''. Because per default OpenSSL does not - allow ADH ciphers for security reasons. So if you are actually enabling - these ciphers make sure you are informed about the side-effects. -

    -

  • - - -I always just get a 'no shared ciphers' error if -I try to connect to my freshly installed server? -   - [L] -

    - Either you have messed up your SSLCipherSuite - directive (compare it with the pre-configured example in - httpd.conf) or you have choosen the DSA/DH - algorithms instead of RSA under "make certificate" - and ignored or overseen the warnings. Because if you have choosen - DSA/DH, then your server no longer speaks RSA-based SSL ciphers - (at least not until you also configure an additional RSA-based - certificate/key pair). But current browsers like NS or IE only speak - RSA ciphers. The result is the "no shared ciphers" error. To fix - this, regenerate your server certificate/key pair and this time - choose the RSA algorithm. -

    -

  • - - -Why can't I use SSL with name-based/non-IP-based virtual hosts? -   - [L] -

    - The reason is very technical. Actually it's some sort of a chicken and - egg problem: The SSL protocol layer stays below the HTTP protocol layer - and encapsulates HTTP. When an SSL connection (HTTPS) is established - Apache/mod_ssl has to negotiate the SSL protocol parameters with the - client. For this mod_ssl has to consult the configuration of the virtual - server (for instance it has to look for the cipher suite, the server - certificate, etc.). But in order to dispatch to the correct virtual server - Apache has to know the Host HTTP header field. For this the - HTTP request header has to be read. This cannot be done before the SSL - handshake is finished. But the information is already needed at the SSL - handshake phase. Bingo! -

    -

  • - - -When I use Basic Authentication over HTTPS the lock icon in Netscape browsers -still show the unlocked state when the dialog pops up. Does this mean the -username/password is still transmitted unencrypted? -   - [L] -

    - No, the username/password is already transmitted encrypted. The icon in - Netscape browsers is just not really synchronized with the SSL/TLS layer - (it toggles to the locked state when the first part of the actual webpage - data is transferred which is not quite correct) and this way confuses - people. The Basic Authentication facility is part of the HTTP layer and - this layer is above the SSL/TLS layer in HTTPS. And before any HTTP data - communication takes place in HTTPS the SSL/TLS layer has already done the - handshake phase and switched to encrypted communication. So, don't get - confused by this icon. -

    -

  • - - -When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet -Explorer (MSIE) I get various I/O errors. What is the reason? -   - [L] -

    - The first reason is that the SSL implementation in some MSIE versions has - some subtle bugs related to the HTTP keep-alive facility and the SSL close - notify alerts on socket connection close. Additionally the interaction - between SSL and HTTP/1.1 features are problematic with some MSIE versions, - too. You've to work-around these problems by forcing - Apache+mod_ssl+OpenSSL to not use HTTP/1.1, keep-alive connections or - sending the SSL close notify messages to MSIE clients. This can be done by - using the following directive in your SSL-aware virtual host section: - 

    -    SetEnvIf User-Agent ".*MSIE.*" \
-             nokeepalive ssl-unclean-shutdown \
-             downgrade-1.0 force-response-1.0
    - Additionally it is known some MSIE versions have also problems - with particular ciphers. Unfortunately one cannot workaround these - bugs only for those MSIE particular clients, because the ciphers - are already used in the SSL handshake phase. So a MSIE-specific - SetEnvIf doesn't work to solve these problems. Instead one - has to do more drastic adjustments to the global parameters. But - before you decide to do this, make sure your clients really have - problems. If not, do not do this, because it affects all(!) your - clients, i.e., also your non-MSIE clients. -

    - The next problem is that 56bit export versions of MSIE 5.x browsers have a - broken SSLv3 implementation which badly interacts with OpenSSL versions - greater than 0.9.4. You can either accept this and force your clients to - upgrade their browsers, or you downgrade to OpenSSL 0.9.4 (hmmm), or you - can decide to workaround it by accepting the drawback that your workaround - will horribly affect also other browsers: - 

    -    SSLProtocol all -SSLv3
    - This completely disables the SSLv3 protocol and lets those browsers work. - But usually this is an even less acceptable workaround. A more reasonable - workaround is to address the problem more closely and disable only the - ciphers which cause trouble. - 
    -    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    - This also lets the broken MSIE versions work, but only removes the - newer 56bit TLS ciphers. -

    - Another problem with MSIE 5.x clients is that they refuse to connect to - URLs of the form https://12.34.56.78/ (IP-addresses are used - instead of the hostname), if the server is using the Server Gated - Cryptography (SGC) facility. This can only be avoided by using the fully - qualified domain name (FQDN) of the website in hyperlinks instead, because - MSIE 5.x has an error in the way it handles the SGC negotiation. -

    - And finally there are versions of MSIE which seem to require that - an SSL session can be reused (a totally non standard-conforming - behaviour, of course). Connection with those MSIE versions only work - if a SSL session cache is used. So, as a work-around, make sure you - are using a session cache (see SSLSessionCache directive). -

    -

  • - - -When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I -get I/O errors and the message "Netscape has encountered bad data from the -server" What's the reason? -   - [L] -

    - The problem usually is that you had created a new server certificate with - the same DN, but you had told your browser to accept forever the old - server certificate. Once you clear the entry in your browser for the old - certificate, everything usually will work fine. Netscape's SSL - implementation is correct, so when you encounter I/O errors with Netscape - Navigator it is most of the time caused by the configured certificates. -

-

-
-

About Support

-
    -

    -

  • - - -What information resources are available in case of mod_ssl problems? -   - [L] -

    -The following information resources are available. -In case of problems you should search here first. -

    -

      -
    1. Answers in the User Manual's F.A.Q. List (this)
      - - http://www.modssl.org/docs/2.8/ssl_faq.html
      - First look inside the F.A.Q. (this text), perhaps your problem is such - popular that it was already answered a lot of times in the past. -

      -

    2. Postings from the modssl-users Support Mailing List - - http://www.modssl.org/support/
      - Second search for your problem in one of the existing archives of the - modssl-users mailing list. Perhaps your problem popped up at least once for - another user, too. -

      -

    3. Problem Reports in the Bug Database - - http://www.modssl.org/support/bugdb/
      - Third look inside the mod_ssl Bug Database. Perhaps - someone else already has reported the problem. -
    -

    -

  • - - -What support contacts are available in case of mod_ssl problems? -   - [L] -

    -The following lists all support possibilities for mod_ssl, in order of -preference, i.e. start in this order and do not pick the support possibility -you just like most, please. -

    -

      -
    1. Write a Problem Report into the Bug Database
      - - http://www.modssl.org/support/bugdb/
      - This is the preferred way of submitting your problem report, because this - way it gets filed into the bug database (it cannot be lost) and - send to the modssl-users mailing list (others see the current problems and - learn from answers). -

      -

    2. Write a Problem Report to the modssl-users Support Mailing List
      - - modssl-users @ modssl.org
      - This is the second way of submitting your problem report. You have to - subscribe to the list first, but then you can easily discuss your problem - with both the author and the whole mod_ssl user community. -

      -

    3. Write a Problem Report to the author
      - - rse @ engelschall.com
      - This is the last way of submitting your problem report. Please avoid this - in your own interest because the author is really a very busy men. Your - mail will always be filed to one of his various mail-folders and is - usually not processed as fast as a posting on modssl-users. -
    -

    -

  • - - -What information and details I've to provide to -the author when writing a bug report? -   - [L] -

    -You have to at least always provide the following information: -

    -

      -
    • Apache, mod_ssl and OpenSSL version information
      - The mod_ssl version you should really know. For instance, it's the version - number in the distribution tarball. The Apache version can be determined - by running ``httpd -v''. The OpenSSL version can be - determined by running ``openssl version''. Alternatively when - you have Lynx installed you can run the command ``lynx -mime_header - http://localhost/ | grep Server'' to determine all information in a - single step. -

      -

    • The details on how you built and installed Apache+mod_ssl+OpenSSL
      - For this you can provide a logfile of your terminal session which shows - the configuration and install steps. Alternatively you can at least - provide the author with the APACI `configure'' command line - you used (assuming you used APACI, of course). -

      -

    • In case of core dumps please include a Backtrace
      - In case your Apache+mod_ssl+OpenSSL should really dumped core please attach - a stack-frame ``backtrace'' (see the next question on how to get it). - Without this information the reason for your core dump cannot be found. - So you have to provide the backtrace, please. -

      -

    • A detailed description of your problem
      - Don't laugh, I'm totally serious. I already got a lot of problem reports - where the people not really said what's the actual problem is. So, in your - own interest (you want the problem be solved, don't you?) include as much - details as possible, please. But start with the essentials first, of - course. -
    -

    -

  • - - -I got a core dump, can you help me? -   - [L] -

    - In general no, at least not unless you provide more details about the code - location where Apache dumped core. What is usually always required in - order to help you is a backtrace (see next question). Without this - information it is mostly impossible to find the problem and help you in - fixing it. -

    -

  • - - -Ok, I got a core dump but how do I get a backtrace to find out the reason for it? -   - [L] -

    -Follow the following steps: -

    -

      -
    1. Make sure you have debugging symbols available in at least - Apache and mod_ssl. On platforms where you use GCC/GDB you have to build - Apache+mod_ssl with ``OPTIM="-g -ggdb3"'' to achieve this. On - other platforms at least ``OPTIM="-g"'' is needed. -

      -

    2. Startup the server and try to produce the core-dump. For this you perhaps - want to use a directive like ``CoreDumpDirectory /tmp'' to - make sure that the core-dump file can be written. You then should get a - /tmp/core or /tmp/httpd.core file. When you - don't get this, try to run your server under an UID != 0 (root), because - most "current" kernels do not allow a process to dump core after it has - done a setuid() (unless it does an exec()) for - security reasons (there can be privileged information left over in - memory). Additionally you can run ``/path/to/httpd -X'' - manually to force Apache to not fork. -

      -

    3. Analyze the core-dump. For this run ``gdb /path/to/httpd - /tmp/httpd.core'' or a similar command has to run. In GDB you then - just have to enter the ``bt'' command and, voila, you get the - backtrace. For other debuggers consult your local debugger manual. Send - this backtrace to the author. -
    -
-

-
- - - - - - - - - - -
- - - - - -
-previous page
HowTo - 		-next page
Glossary -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - 		- Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
-

-
- - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html deleted file mode 100644 index 6c50706867f..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_glossary.html +++ /dev/null @@ -1,413 +0,0 @@ - - -mod_ssl: Glossary - - - - - - - - -
- - - - -
-
- - - - - - - - - - - - - -
- - - - - -
- mod_ssl - - Chapter 7 -
-
- - - - - -
-previous page
F.A.Q. List - 		-
-
-
- Glossary -
-
- - - - - - - -
- -``I know you believe you understand what you think I said, but I am not sure you -realize that what you heard is not what I meant.'' - -
- -Richard Nixon - -
-
-
-
Authentication
-
The positive identification of a network entity such as a server, a - client, or a user. In SSL context the server and client - Certificate verification process. -

-

Access Control
-
The restriction of access to network realms. In Apache context - usually the restriction of access to certain URLs. -

-

Algorithm
-
An unambiguous formula or set of rules for solving a problem in a finite - number of steps. Algorithms for encryption are usually called Ciphers. -

-

Certificate
-
A data record used for authenticating network entities such - as a server or a client. A certificate contains X.509 information pieces - about its owner (called the subject) and the signing Certificate - Authority (called the issuer), plus the owner's public key and the - signature made by the CA. Network entities verify these signatures using - CA certificates. -

-

Certification Authority (CA)
-
A trusted third party whose purpose is to sign certificates for network - entities it has authenticated using secure means. Other network entities - can check the signature to verify that a CA has authenticated the bearer - of a certificate. -

-

Certificate Signing Request (CSR)
-
An unsigned certificate for submission to a Certification Authority, - which signs it with the Private Key of their CA Certificate. Once - the CSR is signed, it becomes a real certificate. -

-

Cipher
-
An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc. -

-

Ciphertext
-
The result after a Plaintext passed a Cipher. -

-

Configuration Directive
-
A configuration command that controls one or more aspects of a program's - behavior. In Apache context these are all the command names in the first - column of the configuration files. -

-

CONNECT
-
A HTTP command for proxying raw data channels over HTTP. It can be used to - encapsulate other protocols, such as the SSL protocol. -

-

Digital Signature
-
An encrypted text block that validates a certificate or other file. A - Certification Authority creates a signature by generating a - hash of the Public Key embedded in a Certificate, then - encrypting the hash with its own Private Key. Only the CA's - public key can decrypt the signature, verifying that the CA has - authenticated the network entity that owns the Certificate. -

-

Export-Crippled
-
Diminished in cryptographic strength (and security) in order to comply - with the United States' Export Administration Regulations (EAR). - Export-crippled cryptographic software is limited to a small key size, - resulting in Ciphertext which usually can be decrypted by brute - force. -

-

Fully-Qualified Domain-Name (FQDN)
-
The unique name of a network entity, consisting of a hostname and a domain - name that can resolve to an IP address. For example, www is a - hostname, whatever.com is a domain name, and - www.whatever.com is a fully-qualified domain name. -

-

HyperText Transfer Protocol (HTTP)
-
The HyperText Transport Protocol is the standard transmission protocol used - on the World Wide Web. -

-

HTTPS
-
The HyperText Transport Protocol (Secure), the standard encrypted - communication mechanism on the World Wide Web. This is actually just HTTP - over SSL. -

-

Message Digest
-
A hash of a message, which can be used to verify that the contents of - the message have not been altered in transit. -

-

OpenSSL
-
The Open Source toolkit for SSL/TLS; - see http://www.openssl.org/ -

-

Pass Phrase
-
The word or phrase that protects private key files. - It prevents unauthorized users from encrypting them. Usually it's just - the secret encryption/decryption key used for Ciphers. -

-

Plaintext
-
The unencrypted text. -

-

Private Key
-
The secret key in a Public Key Cryptography system, used to - decrypt incoming messages and sign outgoing ones. -

-

Public Key
-
The publically available key in a Public Key Cryptography system, used to - encrypt messages bound for its owner and to decrypt signatures made by its - owner. -

-

Public Key Cryptography
-
The study and application of asymmetric encryption systems, which use one - key for encryption and another for decryption. A corresponding pair of - such keys constitutes a key pair. Also called Asymmetric Crypography. -

-

Secure Sockets Layer (SSL)
-
A protocol created by Netscape Communications Corporation for - general communication authentication and encryption over TCP/IP networks. - The most popular usage is HTTPS, i.e. the HyperText Transfer - Protocol (HTTP) over SSL. -

-

Session
-
The context information of an SSL communication. -

-

SSLeay
-
The original SSL/TLS implementation library developed by - Eric A. Young <eay@aus.rsa.com>; - see http://www.ssleay.org/ -

-

Symmetric Cryptography
-
The study and application of Ciphers that use a single secret key - for both encryption and decryption operations. -

-

Transport Layer Security (TLS)
-
The successor protocol to SSL, created by the Internet Engineering Task - Force (IETF) for general communication authentication and encryption over - TCP/IP networks. TLS version 1 and is nearly identical with SSL version 3. -

-

Uniform Resource Locator (URL)
-
The formal identifier to locate various resources on the World Wide Web. - The most popular URL scheme is http. SSL uses the - scheme https -

-

X.509
-
An authentication certificate scheme recommended by the International - Telecommunication Union (ITU-T) which is used for SSL/TLS authentication. -
-

-
- - - - - - - - - - -
- - - - - -
-previous page
F.A.Q. List - 		-
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - 		- Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
-

-
- - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.gfont000.gif deleted file mode 100644 index 3131a672bf97d21de0eca2606d4261733514f784..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 170 zcmZ?wbhEHb)L>9zXkcLY|NlP&1B2pE7Dgb&paUX6G7LTyj_Vu} WniiQm${kM}ZD09gYh)k;gEaud?MT=F diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html deleted file mode 100644 index 01ff7a99ac1..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_howto.html +++ /dev/null @@ -1,929 +0,0 @@ - - -mod_ssl: HowTo - - - - - - - - - - -
- - - - -
-
- - - - - - - - - - - - - -
- - - - - -
- mod_ssl - - Chapter 5 -
-
- - - - - -
-previous page
Compatibility - 		-next page
F.A.Q. List -
-
-
- HowTo -
-
- - - - - - - -
- -``The solution of this problem is trivial - and is left as an exercise for the reader.'' - -
- -Standard textbook cookie - -
-
-

- - - - - - -
-H -ow to solve particular security constraints for an SSL-aware webserver -is not always obvious because of the coherences between SSL, HTTP and Apache's -way of processing requests. This chapter gives instructions on how to solve -such typical situations. Treat is as a first step to find out the final -solution, but always try to understand the stuff before you use it. Nothing is -worse than using a security solution without knowing it's restrictions and -coherences. - -   - -
- - - - - - - -
- -Table Of Contents - -
- -        Cipher Suites and Enforced Strong Security
-                SSLv2 only server
-                strong encryption only server
-                server gated cryptography
-                stronger per-directory requirements
-        Client Authentication and Access Control
-                simple certificate-based client authentication
-                selective certificate-based client authentication
-                particular certificate-based client authentication
-                intranet vs. internet authentication
- -
-
-
-

Cipher Suites and Enforced Strong Security

-
    -

    -

  • - - -How can I create a real SSLv2-only server? -   - [L] -

    -The following creates an SSL server which speaks only the SSLv2 protocol and -its ciphers. -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      httpd.conf  
    - - - - -
    -
    -
-SSLProtocol -all +SSLv2
-SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
-
-
    -
    -
    -

    -

  • - - -How can I create an SSL server which accepts strong encryption only? -   - [L] -

    -The following enables only the seven strongest ciphers: -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      httpd.conf  
    - - - - -
    -
    -
-SSLProtocol all
-SSLCipherSuite HIGH:MEDIUM
-
-
    -
    -
    -

    -

  • - - -How can I create an SSL server which accepts strong encryption only, -but allows export browsers to upgrade to stronger encryption? -   - [L] -

    -This facility is called Server Gated Cryptography (SGC) and details you can -find in the README.GlobalID document in the mod_ssl distribution. -In short: The server has a Global ID server certificate, signed by a special -CA certificate from Verisign which enables strong encryption in export -browsers. This works as following: The browser connects with an export cipher, -the server sends it's Global ID certificate, the browser verifies it and -subsequently upgrades the cipher suite before any HTTP communication takes -place. The question now is: How can we allow this upgrade, but enforce strong -encryption. Or in other words: Browser either have to initially connect with -strong encryption or have to upgrade to strong encryption, but are not allowed -to keep the export ciphers. The following does the trick: -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      httpd.conf  
    - - - - -
    -
    -
-#   allow all ciphers for the inital handshake,
-#   so export browsers can upgrade via SGC facility
-SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-<Directory /usr/local/apache/htdocs>
-#   but finally deny all browsers which haven't upgraded
-SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
-</Directory>
-
-
    -
    -
    -

    -

  • - - -How can I create an SSL server which accepts all types of ciphers in general, -but requires a strong ciphers for access to a particular URL? -   - [L] -

    -Obviously you cannot just use a server-wide SSLCipherSuite which -restricts the ciphers to the strong variants. But mod_ssl allows you to -reconfigure the cipher suite in per-directory context and automatically forces -a renegotiation of the SSL parameters to meet the new configuration. So, the -solution is: -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      httpd.conf  
    - - - - -
    -
    -
-#   be liberal in general
-SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-<Location /strong/area>
-#   but https://hostname/strong/area/ and below requires strong ciphers
-SSLCipherSuite HIGH:MEDIUM
-</Location>
-
-
    -
    -
    -

-

Client Authentication and Access Control

-
    -

    -

  • - - -How can I authenticate clients based on certificates when I know all my -clients? -   - [L] -

    -When you know your user community (i.e. a closed user group situation), as -it's the case for instance in an Intranet, you can use plain certificate -authentication. All you have to do is to create client certificates signed by -your own CA certificate ca.crt and then verifiy the clients -against this certificate. -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      httpd.conf  
    - - - - -
    -
    -
-#   require a client certificate which has to be directly
-#   signed by our CA certificate in ca.crt
-SSLVerifyClient require
-SSLVerifyDepth 1
-SSLCACertificateFile conf/ssl.crt/ca.crt
-
-
    -
    -
    -

    -

  • - - -How can I authenticate my clients for a particular URL based on certificates -but still allow arbitrary clients to access the remaining parts of the server? -   - [L] -

    -For this we again use the per-directory reconfiguration feature of mod_ssl: -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      httpd.conf  
    - - - - -
    -
    -
-SSLVerifyClient none
-SSLCACertificateFile conf/ssl.crt/ca.crt
-<Location /secure/area>
-SSLVerifyClient require
-SSLVerifyDepth 1
-</Location>
-
-
    -
    -
    -

    -

  • - - -How can I authenticate only particular clients for a some URLs based -on certificates but still allow arbitrary clients to access the remaining -parts of the server? -   - [L] -

    -The key is to check for various ingredients of the client certficate. Usually -this means to check the whole or part of the Distinguished Name (DN) of the -Subject. For this two methods exists: The mod_auth based variant -and the SSLRequire variant. The first method is good when the -clients are of totally different type, i.e. when their DNs have no common -fields (usually the organisation, etc.). In this case you've to establish a -password database containing all clients. The second method is better -when your clients are all part of a common hierarchy which is encoded into the -DN. Then you can match them more easily. -

    -The first method: -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      /usr/local/apache/conf/httpd.conf  
    - - - - -
    -
    -
-SSLVerifyClient      none
-<Directory /usr/local/apache/htdocs/secure/area>
-SSLVerifyClient      require
-SSLVerifyDepth       5
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
-SSLOptions           +FakeBasicAuth
-SSLRequireSSL
-AuthName             "Snake Oil Authentication"
-AuthType             Basic
-AuthUserFile         /usr/local/apache/conf/httpd.passwd
-require              valid-user
-</Directory>
-
-
    -
    -
    -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      /usr/local/apache/conf/httpd.passwd  
    - - - - -
    -
    -
-/C=DE/L=Munich/O=Snake Oil, Ltd./OU=Staff/CN=Foo:xxj31ZMTZzkVA
-/C=US/L=S.F./O=Snake Oil, Ltd./OU=CA/CN=Bar:xxj31ZMTZzkVA
-/C=US/L=L.A./O=Snake Oil, Ltd./OU=Dev/CN=Quux:xxj31ZMTZzkVA
-
-
    -
    -
    -

    -The second method: -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      httpd.conf  
    - - - - -
    -
    -
-SSLVerifyClient      none
-<Directory /usr/local/apache/htdocs/secure/area>
-SSLVerifyClient      require
-SSLVerifyDepth       5
-SSLCACertificateFile conf/ssl.crt/ca.crt
-SSLCACertificatePath conf/ssl.crt
-SSLOptions           +FakeBasicAuth
-SSLRequireSSL
-SSLRequire           %{SSL_CLIENT_S_DN_O}  eq "Snake Oil, Ltd." and \
-                     %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}
-</Directory>
-
-
    -
    -
    -

    -

  • - - How can -I require HTTPS with strong ciphers and either basic authentication or client -certificates for access to a subarea on the Intranet website for clients -coming from the Internet but still allow plain HTTP access for clients on the -Intranet? -   - [L] -

    -Let us assume the Intranet can be distinguished through the IP network -192.160.1.0/24 and the subarea on the Intranet website has the URL -/subarea. Then configure the following outside your HTTPS virtual -host (so it applies to both HTTPS and HTTP): -

    - - - - - - - - - - - - - - - - - - - - - - - - -
      httpd.conf  
    - - - - -
    -
    -
-SSLCACertificateFile conf/ssl.crt/company-ca.crt
-
-<Directory /usr/local/apache/htdocs>
-#   Outside the subarea only Intranet access is granted
-Order                deny,allow
-Deny                 from all
-Allow                from 192.168.1.0/24
-</Directory>
-
-<Directory /usr/local/apache/htdocs/subarea>
-#   Inside the subarea any Intranet access is allowed
-#   but from the Internet only HTTPS + Strong-Cipher + Password
-#   or the alternative HTTPS + Strong-Cipher + Client-Certificate
-
-#   If HTTPS is used, make sure a strong cipher is used.
-#   Additionally allow client certs as alternative to basic auth.
-SSLVerifyClient      optional
-SSLVerifyDepth       1
-SSLOptions           +FakeBasicAuth +StrictRequire
-SSLRequire           %{SSL_CIPHER_USEKEYSIZE} >= 128
-
-#   Force clients from the Internet to use HTTPS
-RewriteEngine        on
-RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
-RewriteCond          %{HTTPS} !=on
-RewriteRule          .* - [F]
-
-#   Allow Network Access and/or Basic Auth
-Satisfy              any
-
-#   Network Access Control
-Order                deny,allow
-Deny                 from all
-Allow                192.168.1.0/24
-
-#   HTTP Basic Authentication
-AuthType             basic
-AuthName             "Protected Intranet Area"
-AuthUserFile         conf/protected.passwd
-Require              valid-user
-</Directory>
-
-
    -
    -
    -

-

-
- - - - - - - - - - -
- - - - - -
-previous page
Compatibility - 		-next page
F.A.Q. List -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - 		- Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
-

-
- - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.gfont000.gif deleted file mode 100644 index c64553fcbe7a19403b52ce2762dfff492ab5e0e7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 156 zcmZ?wbhEHbRAo?RXkcLY|NlP&1B2pE7Dgb&paUX6G7L<`E&Z8-ulR+tH(v8x8&>hV z*>Jvi+T+l98LOO@-mrQvQoK2m*?i9B;(ZJ5RBcG?6-zlR diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html deleted file mode 100644 index fae805f07a4..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro.html +++ /dev/null @@ -1,919 +0,0 @@ - - -mod_ssl: Introduction - - - - - - - - - - -
- - - - -
-
- - - - - - - - - - - - - -
- - - - - -
- mod_ssl - - Chapter 2 -
-
- - - - - -
-previous page
Overview - 		-next page
Reference -
-
-
- Introduction -
-
- - - - - - - -
- -``The nice thing about standards is that there are so many to choose from. -And if you really don't like all the standards you just have to wait another -year until the one arises you are looking for.'' - -
- -A. Tanenbaum, ``Introduction to Computer Networks'' - -
-
-

- - - - - - -
-A -s an introduction this chapter is aimed at readers who are familiar -with the Web, HTTP, and Apache, but are not security experts. It is not -intended to be a definitive guide to the SSL protocol, nor does it discuss -specific techniques for managing certificates in an organization, or the -important legal issues of patents and import and export restrictions. Rather, -it is intended to provide a common background to mod_ssl users by pulling -together various concepts, definitions, and examples as a starting point for -further exploration. -

-The presented content is mainly derived, with permission by the author, from -the article Introducing SSL -and Certificates using SSLeay from Frederick J. Hirsch, of The Open -Group Research Institute, which was published in Web Security: A Matter of -Trust, World Wide Web Journal, Volume 2, Issue 3, Summer 1997. -Please send any postive feedback to Frederick Hirsch (the original -article author) and all negative feedback to Ralf S. Engelschall (the mod_ssl -author). -

 -   - -
- - - - - - - -
- -Table Of Contents - -
- -        Cryptographic Techniques
-                Cryptographic Algorithms
-                Message Digests
-                Digital Signatures
-        Certificates
-                Certificate Contents
-                Certificate Authorities
-                        Certificate Chains
-                        Creating a Root-Level CA
-                        Certificate Management
-        Secure Sockets Layer (SSL)
-                Session Establishment
-                Key Exchange Method
-                Cipher for Data Transfer
-                Digest Function
-                Handshake Sequence Protocol
-                Data Transfer
-                Securing HTTP Communication
-        References
- -
-
-
-

Cryptographic Techniques

-Understanding SSL requires an understanding of cryptographic algorithms, -message digest functions (aka. one-way or hash functions), and digital -signatures. These techniques are the subject of entire books (see for instance -[AC96]) and provide the basis for privacy, integrity, and -authentication. -

Cryptographic Algorithms

-Suppose Alice wants to send a message to her bank to transfer some money. -Alice would like the message to be private, since it will include information -such as her account number and transfer amount. One solution is to use a -cryptographic algorithm, a technique that would transform her message into an -encrypted form, unreadable except by those it is intended for. Once in this -form, the message may only be interpreted through the use of a secret key. -Without the key the message is useless: good cryptographic algorithms make it -so difficult for intruders to decode the original text that it isn't worth -their effort. -

-There are two categories of cryptographic algorithms: -conventional and public key. -

    -
  • Conventional cryptography, also known as symmetric -cryptography, requires the sender and receiver to share a key: a secret -piece of information that may be used to encrypt or decrypt a message. -If this key is secret, then nobody other than the sender or receiver may -read the message. If Alice and the bank know a secret key, then they -may send each other private messages. The task of privately choosing a key -before communicating, however, can be problematic. -

    -

  • Public key cryptography, also known as asymmetric cryptography, -solves the key exchange problem by defining an algorithm which uses two keys, -each of which may be used to encrypt a message. If one key is used to encrypt -a message then the other must be used to decrypt it. This makes it possible -to receive secure messages by simply publishing one key (the public key) and -keeping the other secret (the private key). -

    -Anyone may encrypt a message using the public key, but only the owner of the -private key will be able to read it. In this way, Alice may send private -messages to the owner of a key-pair (the bank), by encrypting it using their -public key. Only the bank will be able to decrypt it. -

-

Message Digests

-Although Alice may encrypt her message to make it private, there is still a -concern that someone might modify her original message or substitute -it with a different one, in order to transfer the money to themselves, for -instance. One way of guaranteeing the integrity of Alice's message is to -create a concise summary of her message and send this to the bank as well. -Upon receipt of the message, the bank creates its own summary and compares it -with the one Alice sent. If they agree then the message was received intact. -

-A summary such as this is called a message digest, one-way -function or hash function. Message digests are used to create -short, fixed-length representations of longer, variable-length messages. -Digest algorithms are designed to produce unique digests for different -messages. Message digests are designed to make it too difficult to determine -the message from the digest, and also impossible to find two different -messages which create the same digest -- thus eliminating the possibility of -substituting one message for another while maintaining the same digest. -

-Another challenge that Alice faces is finding a way to send the digest to the -bank securely; when this is achieved, the integrity of the associated message -is assured. One way to to this is to include the digest in a digital -signature. -

Digital Signatures

-When Alice sends a message to the bank, the bank needs to ensure that the -message is really from her, so an intruder does not request a transaction -involving her account. A digital signature, created by Alice and -included with the message, serves this purpose. -

-Digital signatures are created by encrypting a digest of the message, -and other information (such as a sequence number) with the sender's -private key. Though anyone may decrypt the signature using the public -key, only the signer knows the private key. This means that only they may -have signed it. Including the digest in the signature means the signature is -only good for that message; it also ensures the integrity of the message since -no one can change the digest and still sign it. -

-To guard against interception and reuse of the signature by an intruder at a -later date, the signature contains a unique sequence number. This protects -the bank from a fraudulent claim from Alice that she did not send the message --- only she could have signed it (non-repudiation). -

Certificates

-Although Alice could have sent a private message to the bank, signed it, and -ensured the integrity of the message, she still needs to be sure that she is -really communicating with the bank. This means that she needs to be sure that -the public key she is using corresponds to the bank's private key. Similarly, -the bank also needs to verify that the message signature really corresponds to -Alice's signature. -

-If each party has a certificate which validates the other's identity, confirms -the public key, and is signed by a trusted agency, then they both will be -assured that they are communicating with whom they think they are. Such a -trusted agency is called a Certificate Authority, and certificates are -used for authentication. -

Certificate Contents

-A certificate associates a public key with the real identity of an individual, -server, or other entity, known as the subject. As shown in Table 1, information about the subject includes identifying -information (the distinguished name), and the public key. It also includes -the identification and signature of the Certificate Authority that issued the -certificate, and the period of time during which the certificate is valid. It -may have additional information (or extensions) as well as administrative -information for the Certificate Authority's use, such as a serial number. -

-

- - - -
Table 1: Certificate Information
- - -
- - - - - - - - - - - -
Subject:Distinguished Name, Public Key
Issuer:Distinguished Name, Signature
Period of Validity:Not Before Date, Not After Date
Administrative Information:Version, Serial Number
Extended Information:Basic Contraints, Netscape Flags, etc.
-
-
-
-

-A distinguished name is used to provide an identity in a specific context -- -for instance, an individual might have a personal certificate as well as one -for their identity as an employee. Distinguished names are defined by the -X.509 standard [X509], which defines the fields, field -names, and abbreviations used to refer to the fields -(see Table 2). -

-

- - - -
Table 2: Distinguished Name Information
- - -
- - - - - - - - - - - - - - - - -
DN Field:Abbrev.:Description:Example:
Common NameCNName being certifiedCN=Joe Average
Organization or CompanyOName is associated with this
organization		O=Snake Oil, Ltd.
Organizational UnitOUName is associated with this
organization unit, such as a department		OU=Research Institute
City/LocalityLName is located in this CityL=Snake City
State/ProvinceSTName is located in this State/ProvinceST=Desert
CountryCName is located in this Country (ISO code)C=XZ
-
-
-
-

-A Certificate Authority may define a policy specifying which distinguished -field names are optional, and which are required. It may also place -requirements upon the field contents, as may users of certificates. As an -example, a Netscape browser requires that the Common Name for a certificate -representing a server has a name which matches a wildcard pattern for the -domain name of that server, such as *.snakeoil.com. -

-The binary format of a certificate is defined using the ASN.1 notation [ X208] [PKCS]. This notation defines how to -specify the contents, and encoding rules define how this information is -translated into binary form. The binary encoding of the certificate is -defined using Distinguished Encoding Rules (DER), which are based on the more -general Basic Encoding Rules (BER). For those transmissions which cannot -handle binary, the binary form may be translated into an ASCII form by using -Base64 encoding [MIME]. This encoded version is called PEM -encoded (the name comes from "Privacy Enhanced Mail"), when placed between -begin and end delimiter lines as illustrated in Table 3. -

-

- - - -
Table 3: Example of a PEM-encoded certificate (snakeoil.crt)
- - -
-
-
------BEGIN CERTIFICATE-----
-MIIC7jCCAlegAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx
-FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG
-A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv
-cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz
-bmFrZW9pbC5kb20wHhcNOTgxMDIxMDg1ODM2WhcNOTkxMDIxMDg1ODM2WjCBpzEL
-MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h
-a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl
-cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN
-AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDH9Ge/s2zcH+da+rPTx/DPRp3xGjHZ4GG6pCmvADIEtBtKBFAcZ64n+Dy7Np8b
-vKR+yy5DGQiijsH1D/j8HlGE+q4TZ8OFk7BNBFazHxFbYI4OKMiCxdKzdif1yfaa
-lWoANFlAzlSdbxeGVHoT0K+gT5w3UxwZKv2DLbCTzLZyPwIDAQABoyYwJDAPBgNV
-HRMECDAGAQH/AgEAMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQQFAAOB
-gQAZUIHAL4D09oE6Lv2k56Gp38OBDuILvwLg1v1KL8mQR+KFjghCrtpqaztZqcDt
-2q2QoyulCgSzHbEGmi0EsdkPfg6mp0penssIFePYNI+/8u9HT4LuKMJX15hxBam7
-dUHzICxBVC1lnHyYGjDuAMhe396lYAn8bCld1/L4NMGBCQ==
------END CERTIFICATE-----
-
-
-
-
-

Certificate Authorities

-By first verifying the information in a certificate request before granting -the certificate, the Certificate Authority assures the identity of the private -key owner of a key-pair. For instance, if Alice requests a personal -certificate, the Certificate Authority must first make sure that Alice really -is the person the certificate request claims. -

Certificate Chains

-A Certificate Authority may also issue a certificate for another Certificate -Authority. When examining a certificate, Alice may need to examine the -certificate of the issuer, for each parent Certificate Authority, until -reaching one which she has confidence in. She may decide to trust only -certificates with a limited chain of issuers, to reduce her risk of a "bad" -certificate in the chain. -

Creating a Root-Level CA

-As noted earlier, each certificate requires an issuer to assert the validity -of the identity of the certificate subject, up to the top-level Certificate -Authority (CA). This presents a problem: Since this is who vouches for the -certificate of the top-level authority, which has no issuer? -In this unique case, the certificate is "self-signed", so the issuer of the -certificate is the same as the subject. As a result, one must exercise extra -care in trusting a self-signed certificate. The wide publication of a public -key by the root authority reduces the risk in trusting this key -- it would be -obvious if someone else publicized a key claiming to be the authority. -Browsers are preconfigured to trust well-known certificate authorities. -

-A number of companies, such as Thawte and -VeriSign have established themselves as -Certificate Authorities. These companies provide the following services: -

    -
  • Verifying certificate requests -
  • Processing certificate requests -
  • Issuing and managing certificates -
-

-It is also possible to create your own Certificate Authority. Although risky -in the Internet environment, it may be useful within an Intranet where the -organization can easily verify the identities of individuals and servers. -

Certificate Management

-Establishing a Certificate Authority is a responsibility which requires a -solid administrative, technical, and management framework. -Certificate Authorities not only issue certificates, they also manage them -- -that is, they determine how long certificates are valid, they renew them, and -they keep lists of certificates that have already been issued but are no -longer valid (Certificate Revocation Lists, or CRLs). -Say Alice is entitled to a certificate as an employee of a company. Say too, -that the certificate needs to be revoked when Alice leaves the company. Since -certificates are objects that get passed around, it is impossible to tell from -the certificate alone that it has been revoked. -When examining certificates for validity, therefore, it is necessary to -contact the issuing Certificate Authority to check CRLs -- this is not usually -an automated part of the process. -

-

Note:
-If you use a Certificate Authority that is not configured into browsers by -default, it is necessary to load the Certificate Authority certificate into -the browser, enabling the browser to validate server certificates signed by -that Certificate Authority. Doing so may be dangerous, since once loaded, the -browser will accept all certificates signed by that Certificate Authority. -

Secure Sockets Layer (SSL)

-The Secure Sockets Layer protocol is a protocol layer which may be placed -between a reliable connection-oriented network layer protocol (e.g. TCP/IP) -and the application protocol layer (e.g. HTTP). SSL provides for secure -communication between client and server by allowing mutual authentication, the -use of digital signatures for integrity, and encryption for privacy. -

-The protocol is designed to support a range of choices for specific algorithms -used for cryptography, digests, and signatures. This allows algorithm -selection for specific servers to be made based on legal, export or other -concerns, and also enables the protocol to take advantage of new algorithms. -Choices are negotiated between client and server at the start of establishing -a protocol session. -

-

- - - -
Table 4: Versions of the SSL protocol
- - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Version:Source:Description:Browser Support:
SSL v2.0Vendor Standard (from Netscape Corp.) [SSL2]First SSL protocol for which implementations exists- NS Navigator 1.x/2.x
- - MS IE 3.x
- - Lynx/2.8+OpenSSL -
SSL v3.0Expired Internet Draft (from Netscape Corp.) [SSL3]Revisions to prevent specific security attacks, add non-RSA ciphers, and support for certificate chains- NS Navigator 2.x/3.x/4.x
- - MS IE 3.x/4.x
- - Lynx/2.8+OpenSSL -
TLS v1.0Proposed Internet Standard (from IETF) [TLS1]Revision of SSL 3.0 to update the MAC layer to HMAC, add block padding for - block ciphers, message order standardization and more alert messages. -- Lynx/2.8+OpenSSL
-
-
-
-

-There are a number of versions of the SSL protocol, as shown in Table 4. As noted there, one of the benefits in SSL 3.0 is -that it adds support of certificate chain loading. This feature allows a -server to pass a server certificate along with issuer certificates to the -browser. Chain loading also permits the browser to validate the server -certificate, even if Certificate Authority certificates are not installed for -the intermediate issuers, since they are included in the certificate chain. -SSL 3.0 is the basis for the Transport Layer Security [TLS] protocol standard, currently in development by the -Internet Engineering Task Force (IETF). -

Session Establishment

-The SSL session is established by following a handshake sequence -between client and server, as shown in Figure 1. This -sequence may vary, depending on whether the server is configured to provide a -server certificate or request a client certificate. Though cases exist where -additional handshake steps are required for management of cipher information, -this article summarizes one common scenario: see the SSL specification for the -full range of possibilities. -

-

Note
-Once an SSL session has been established it may be reused, thus avoiding the -performance penalty of repeating the many steps needed to start a session. -For this the server assigns each SSL session a unique session identifier which -is cached in the server and which the client can use on forthcoming -connections to reduce the handshake (until the session identifer expires in -the cache of the server). -

-

- - - -
Figure 1: Simplified SSL Handshake Sequence
- - -
- -
-
-
-

-The elements of the handshake sequence, as used by the client and server, are -listed below: -

    -
  1. Negotiate the Cipher Suite to be used during data transfer -
  2. Establish and share a session key between client and server -
  3. Optionally authenticate the server to the client -
  4. Optionally authenticate the client to the server -
-

-The first step, Cipher Suite Negotiation, allows the client and server to -choose a Cipher Suite supportable by both of them. The SSL3.0 protocol -specification defines 31 Cipher Suites. A Cipher Suite is defined by the -following components: -

    -
  • Key Exchange Method -
  • Cipher for Data Transfer -
  • Message Digest for creating the Message Authentication Code (MAC) -
-These three elements are described in the sections that follow. -

Key Exchange Method

-The key exchange method defines how the shared secret symmetric cryptography -key used for application data transfer will be agreed upon by client and -server. SSL 2.0 uses RSA key exchange only, while SSL 3.0 supports a choice of -key exchange algorithms including the RSA key exchange when certificates are -used, and Diffie-Hellman key exchange for exchanging keys without certificates -and without prior communication between client and server. -

-One variable in the choice of key exchange methods is digital signatures -- -whether or not to use them, and if so, what kind of signatures to use. -Signing with a private key provides assurance against a -man-in-the-middle-attack during the information exchange used in generating -the shared key [AC96, p516]. -

Cipher for Data Transfer

-SSL uses the conventional cryptography algorithm (symmetric cryptography) -described earlier for encrypting messages in a session. There are nine -choices, including the choice to perform no encryption: -
    -
  • No encryption -
  • Stream Ciphers -
      -
    • RC4 with 40-bit keys -
    • RC4 with 128-bit keys -
    -
  • CBC Block Ciphers -
      -
    • RC2 with 40 bit key -
    • DES with 40 bit key -
    • DES with 56 bit key -
    • Triple-DES with 168 bit key -
    • Idea (128 bit key) -
    • Fortezza (96 bit key) -
    -
-Here "CBC" refers to Cipher Block Chaining, which means that a portion of the -previously encrypted cipher text is used in the encryption of the current -block. "DES" refers to the Data Encryption Standard [AC96, -ch12], which has a number of variants (including DES40 and 3DES_EDE). "Idea" -is one of the best and cryptographically strongest available algorithms, and -"RC2" is a proprietary algorithm from RSA DSI [AC96, -ch13]. -

Digest Function

-The choice of digest function determines how a digest is created from a record -unit. SSL supports the following: -
    -
  • No digest (Null choice) -
  • MD5, a 128-bit hash -
  • Secure Hash Algorithm (SHA-1), a 160-bit hash -
-The message digest is used to create a Message Authentication Code (MAC) which -is encrypted with the message to provide integrity and to prevent against -replay attacks. -

Handshake Sequence Protocol

-The handshake sequence uses three protocols: -
    -
  • The SSL Handshake Protocol - for performing the client and server SSL session establishment. -
  • The SSL Change Cipher Spec Protocol for actually establishing agreement - on the Cipher Suite for the session. -
  • The SSL Alert Protocol for - conveying SSL error messages between client and server. -
-These protocols, as well as application protocol data, are encapsulated in the -SSL Record Protocol, as shown in Figure 2. An -encapsulated protocol is transferred as data by the lower layer protocol, -which does not examine the data. The encapsulated protocol has no knowledge of -the underlying protocol. -

-

- - - -
Figure 2: SSL Protocol Stack
- - -
- -
-
-
-

-The encapsulation of SSL control protocols by the record protocol means that -if an active session is renegotiated the control protocols will be transmitted -securely. If there were no session before, then the Null cipher suite is -used, which means there is no encryption and messages have no integrity -digests until the session has been established. -

Data Transfer

-The SSL Record Protocol, shown in Figure 3, is used to -transfer application and SSL Control data between the client and server, -possibly fragmenting this data into smaller units, or combining multiple -higher level protocol data messages into single units. It may compress, attach -digest signatures, and encrypt these units before transmitting them using the -underlying reliable transport protocol (Note: currently all major SSL -implementations lack support for compression). -

-

- - - -
Figure 3: SSL Record Protocol
- - -
- -
-
-
-

Securing HTTP Communication

-One common use of SSL is to secure Web HTTP communication between a browser -and a webserver. This case does not preclude the use of non-secured HTTP. The -secure version is mainly plain HTTP over SSL (named HTTPS), but with one major -difference: it uses the URL scheme https rather than -http and a different server port (by default 443). This mainly -is what mod_ssl provides to you for the Apache webserver... -

References

- -

-
- - - - - - - - - - -
- - - - - -
-previous page
Overview - 		-next page
Reference -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - 		- Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
-

-
- - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig1.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig1.gif deleted file mode 100644 index 3c209864f19a32c79c520e238cace9db01df65f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 5738 zcmV-w7M1BoNk%w1VW$B{0kZ%A|NsBY%>T^H%m4rY|NsC0|NsC0|NsC0|NsC0|NsC0 z|NsC0|NsC0|NsC0|NsC0A^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0001|0Y?D< z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@TtQEE41e zjE#+3ns803VfLYeS)}&A|{FvlVLQqaaBis{vRiH z3Mt^9422DC1w{CZ7SP_88<$hi|_`(745d|8#W_d&!54z?d}*>&BkZiVj)RSrD#o&~5#dTYMI@-xsTzpofCzO80#$ce^ z`Ki`ge71&Xlo6^I5s+?1%H}-rzzLL4m;TgKrjC{bsidGP2S}y*af+#_AfbBdk7|bM zYI}pMW2vgN)@tj8YC@vxuDtfz>#Vm1E3B#{vasf>$j&5)tfl@A>+G|a7Q4c+$yV#j zs0jfZ<+jYI2yK_$Om|bapIU3KIVeec!KUDH!|u1;-YCkuytR7ny)vn50gcvmc9)#m zE$W|y{26N3lz)}^Z=%%sYg1T<)`eT3fzdl}x%g%*jlLD+^qIq9!gd{xTFUDkZ3yG0 zvW+rgH=DQ+k2%`MHs0kA#v13`3&#|gNal_+GAgslI)>abkKujyB8vlVSEz*=;jHu2 zxbQrI&r3r%=tu%L*l4>?ujsX$4DVRs$j$*B_A*uvL-pG`&swyZ;&yuU-Gd2@w3cXI z>9W{*%g8d9CbQBu3Dm+p_2C}RJanOGulA*wgg0I1$p1}m2{@E=hrG5jhi9Ys=x;Xb zr{r1wY4BWiMy%e#lb6hU}!A20L4I)BfkQ#l1(e34?${rTvJBX#(RDS0GQ@4zn^a`S9RX^`fp zumAq_{tof2@+z4g4JkOyg-M9b z>y57_Ny$oD(rP9ej~EZ7NY>=#IT2c0=ahyhtfYvLHd|mHIq=6o1X7SbY~$G;Ik>`2 zPL!J~&n>;QybiANGAaq)E6>G78oBY9rmPv%NY+VO5=fJ~sazo$_{$O@ahUijrgL_O zyJT|HjG6?~7{SQMfVGTl;G`x9v3V~xW(tx-T>4U2$@Hev@}q6^}suxi%2EM^s}*_NDed>S-LwM0AG!j_h@!IYmAkz%CxL2V=6)a!aV$y9;{GYY zy(w;qh+9nKM|C*Hp|a;EPh_`KWmrr>WKEB+qzdDT4#z6RFpup9&$_V z*l7)(+JRT5;x&xkjDHBahZ8H}n~kk}aZ6vRI8h$

G70UfepnLnK7GqkyfEl8jF#h138rC+(t`QkOM&q6*K@Qc02aDkkFv%fOpfH=x- zlKO5@Cgt;qt!$^oh&$y3$JYHA)igfz z7e}%-f3b&r3#f4`rfMi-GomLNoJ28m!Zl*^Ct5@$ghGNXf+&G@dik(@`qf??=z;my z4|11v$3TO?bc3Rzc2CBG$#Z-_=vYNZgj#2WN7xX8r-T#bgVxl9f+d7d2vAZ;P*hlj zNqB`Dm4ywph2dj`UKmec7+_);K@V|%Y}kfwcvj;ULEsm7O!Qn(v|n@hYzGEln#DsI zS8#sVL?5+>d)SBUgK>eFLbO+Vgvf^xBzq(0KE*RX0ta?JM?Fa*bwzQ8jYtNsRX>ms zBLDJHK@(J7Lx)1av2uX7F`ej$n+R252a9DVi_S$tqBvZ62y?BNU)?1_!KH|TxLvjA zi_L|KNVtpZWr%hsK6aNJdG~WSWQlrrjK~OHeVA17<%|+!TbUR|kSA19<#M&9hSjKE zC$@+<#);+F1wEIGX_z1DNL>`>eec)~@%UYDn2!o}kJB}e=~j=G!H@m8bm$mk>L`#` zaE<_ZEeN?=1=)cI*^pH5kP8@*5-9}~>1-Bxku9~5ILMKt<&nYzl9?rvL`RZ|m65r& zktk_mCYf+8nUXJg4KaxZYvoorX$er*eLPuNJ_(CJd2T-`ltGD9Q`M72$y9cQR{wZ) zS4(-5P05r``BrsRl}>4uQi+vNIh8rdl~K8sSh-j;>0LGHS1S2wELoODaF&XemTLJ| zW66qdc~fjDXKp!{K~R@dHxNPTPk1R)Y*~p1hl$D+T7MZ+XZdx5iE)dGEFh(ikQtdG z#e^ebgOO+?C1-iw=$K?!hG(>auyS)~XFz|)cdLjWPw1KYw2_IqTuf(*lxH9A7=&G@ znhC|4#pQJ;ghR$?n#q!ywn;>|nVZX)U9mV`rI};EVrx>iJZ={bLKb&?M0&oHXp;3u zjt7pk6?x}2dCF;f2e@Qwmpz7qc!{S!ZbzAMiDKwLXJ)2l(S(98=tZN)g8vh;W?KV0 ztTq-V2r_A=pA-Wcai^YR>3zktWGRz7ye53`SvLi^GBWd^tJXDiWJhMBenZv@1Ui$k zvUy&1p-LlY#CIdewoAV!q7Mi;7O0}Ll%6vsnJ_v@5tVA>7os!@Xnqrannr6MV{4p5 zPR=w&tRrfj2AXjxU`^qk%Qm9N79%P;fF{~V)(2!cvZ6#rY}$rsad@Pz=@d%(Xe~N? z(6=At_ia5oq59XLd&Z<$TAf?UrFIC9&^CUn6M7c$G+lG2`Nn7a=7Ly4Z*_W~0J=Nr zw4^$*p>P@uof({lw@`?hsO?#sj2aZ(^QegmoRg|bmI|ksnyLFUod1y8S&Qna+ykmt zH(7;Al<2aZ7H3;3mV=~aQdT}DhB$$bLnn_<^7kQ93TdeAYRrGl-NT>!gCos5!wrQ$=NSLG9bjUf4 z!w4e6l|$SbYPx5EndUU)s+#7iba;5Ju=!rHX?62xoV-bnuo^p~#G?Jztj-#&Ay z829R#`C1Q+$BmD-ok!`Nib!GFIjq!(v3{0k%><&92C_vevj0HnUI$7rAXsmE;;pQM zw5d?DXql`+TeVbMsSKNrw8yLAxwWvTw4quxqbjyV*tHyra%YRSv|_bKYM^cFwvMW{ zFWI4UOShcDnlak9yOOth8!gXTk9gZ)etWoxdkBO3j&ggLD^-_`#h!QRxI6&4NH)2Y z%THxnI+>dXmYa^9s|TNJkfH0jn;Vd&dk3SNVwjt{G_blL*1E2H5~pjnvr7lCYhki` zyIFaazMGXhIh02ERH{0>NLjp0b-czayh^E+RQbDL3BAwTyVM)K)jPe`o4we(yKnQ33kUCeSpV!Bzn5UXDq+8FFu#FSzxsKQRyap~Mb|VY4$eO{rHo-QjuM-P&A<~U2 zYhTdCz>~ESwWV?j$H5Bh!SGd@CtRGq6?CeYiVS>Pe#d|;Yz7rfc2CEyMB>BK7{t5j zR2B=9JIuo_%w5aqhZcOCPPcc0*}ycJ#AUF+(wKKoe0OM^hQG?1=&VUeZc( zn(41m6p14zjsW{x4_w7#EC!#Oh_os^7dFRWP{+rLs}AghY^%p%FuJq3U(v&!33pV2 zJjkb8xQpxsi5tm@@W@}lzx3qDl)MF&%ubD)$^V+%$bsz1TCmBpC(56Eofw3yhzwuE zWXhv_J$;N?etci9oRF~W!m|9EwTuOjJ3s`yji_jO^XtE++{>3pz@w;hHr&d)Yz4h6 zjkrjdRTs;P*347z%n?hPOq{ERY0VRP%joLGIc&!p6w1RO$>=P}i(AGXDqa?)AfqgMYh-g zsbl{Vos#X+4K zw!Dqd6m`$#w#v$qoUD8hg}jNjP2AeI&XrhNQ>?*7EGfec-D7K=4STD9OvR@O-gz9* z+C416oy*WTi9QL6vWIz^C|}!^!v8)SuV|gvBW<2et=;FX!7*&ZFznsSjG4)Nhaeor zEc-lJrnMNo;QGC|#+r)TTtR?nvcW6GMl9ZBS>NxeMXWa{WEO(J?cmw0%mXfr;p|*d z48iXm-nyvaW<%7L^Elz=w)<^x0Hnnu&c!86;;-3vBy^GutssC(*^Go|kxjQXzFcPP z&TLHJu6o=$E8oFOL2!)Ra_QnF_&MyS*68GKXq)8uLd`0U#~U2vL^`H*eXtZAxHW6# z)5GEuhs(5y<&Hz-W;$(S{i~)*kAmgqO3u!D*s_iGt*#BE3VKQpoprdWfWrOUE|Y?>7l+2U>>)ie(F-4*Vv6M55C-0 zv$~Ht>9+oco=xT$ZrvD+-QN7ozj>~+oL;|`{=r!6S)4T*Ev^ z>(2h{$6kyyEX{jq?brSU&A|3LflQ2qk5xop zRscN*aA;Ov4^%#N_DbLKCZUs5RrW)F^`hJMP>=R-?+TN^RRX{d0YFY#!LSs|&Bxz5 zF(XU!L{oJ=MKIJR7vxy`#&dn=d;eE;G9#IVcmXDrKv+eH6h4tlYSnthW`o9B*IV>T zwd3Bi8H+`^WOm#AZmYxS=@BD_=ZAK%c{=~o6C5NgbfWRN`_NdtSVU|zG*mQeLGNk%w1VXOh!0J8u9%*@Qp%>V!Y|CyQ000030|NsC0|NsC0|NsC0|NsC0 z|NsC0|NsC0|NsC0|NsC0A^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u000220oecm z1pZLSNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@TtQEE41e z0fCHXqH#@ZRK0 z^IYuhk@xtR`_}RQ&gvx*s72o}GlR|uGRTNwzeElnDg#I{7r`SJu|!OGOjV$b{=+2F z0x7al#gn5l7Ex)1NhO^dVb4#P}*`t2JO&B(wX;~v7hu-Y|`ew_Zc)i(l>x3F|E$yE7`<=>88v)H}2XHk7M54yt3|wzE29T zvE2yqb1$V=zD+weY>v$Nj^8W(uWG5gHM<{{y<+zn_lbPpmYlU<=<)^rh#NKcz(inO z@~!7teH7&vgM&ishYf1hNmibMW1UxFU(d~ETY?EfS7CMYO~xQV5WbKi5HNYz5N-cW z;>v4&IR+G6LY;@2hKsp4V{5MUcwC0paX45&oGgRJR%euA#&08_fx$&ht=JWe47IqK zBoZFA*I8&GnNyOTywgo@yOdB5l_Xf{gO;2HiI-*weKaS0arOtMdNG1|WHV-xDQGEU ze!~?sW&k3<851O$s0ePdrHqXv(iz}#=yj-^pImZ^i9AadD(Y6F0;(njyqKbDql>ay zTGP!ayTcnI#RXijTDNQkFK&z!Y_I5 zaJlWMHU%2msp7VptirCg83Lonu50e2I>0%vfb!;salLuQm~XE#RvYq{)&ksVJ_84< z^2*;ngK(qkE{w{f5~KSt#em=pbImw(nap&0*=gOK8!p;teR)8cH`~y^O23%Tq|FuCbcqNW>Gad2n;dP8x9=V`%B!;;x9cPe-n;Dlj4W5b zn*&w6@rEPcc#gLU4@d{^P^u*?DvcQX(~ghYuo$a7rvMX&>{p3gJ&+Zq4pKcfYEE}Zcc;#;2 zjHDzdIgCeA@{*X$q##-1MooJ1lb~#zB|}NdQkoJxqdcW5SIJ6Qq_UN;jHN6W^2%A- z@|L0GBrbQ!%TMaEm%t1rB!4N)Vj6RkwLGRWm+2{DGV__xJc~1wLf;WF7I6A! z3 zq-i^8K@I8wgyxc-yc?)QA!D@K)GeSTRH;a3ioKOKBA?&<*YKj#&iM2*Gdnd}J8zn{ z@mNfzK?N!}JIc_Sf=s7L^$}A$guu`VRG(6<<~}EyJbwBUt4M`hRzuoT5gk>dVWs9+ z7h2Y|I<>7`RZu`_+E%RQ6sq3bC`b9U)HHnbM1=N|KSC_p0vlJKTGp6? zy{u-Lnc2;HwwRs$tY~=|+R>VJmZd$dYFU}u)w;Hnt$nR*JsI2C+Ln^Fy{&E=ncLm^ z){wpZt#I2|+2I;@iN!sxau0d`(B(Q;k->egboZ3p=~}lc(Y>yAACleedbc>${jPW& zdC)(a_q^y$uX@+Z-u43Wpa6)keCJEw`r7xt_|30=_sie@`uD#84zPd+OyB|=_`nEG zu!0vnUrsXk!4QtHgeOel3S0QX7_P8`GtA)*d-%g34zY+w%-;=@_{1nqv5HsB;t!j+ z#W0SsjAu;a7QeX0IL@(-cg$k}-?+y>4ziGk%;Fyt`N&94vXU8WQKkp)SJFFpjD0EH0b)(x&AedXWeUI z3mMkN4l%KLZR=zM8@|r2@v24bXl=lhiTpDT5B8I!Tz?mwVmy8n|sjZKDWB{ zobGkId(Q2Cx4hLH?|IvM%=NyvzPX(5efzu0{r z^{ofJ>t3HZ*u(zvv6Fq}W>baF88@#yzX|NINtYNZ8YS4@A|Gb zv*8Z-dkdb`Z7;mN5ASWVD}LULAGO^dFYms0d+wBfcjWUP>ZwP4^MCg|)ImRa(Kns+ zm^VG=!=Cxo`@8k754`GQUv=2i9`dul{pfSAd#2mI_v`*W@Xsy$;g7rc#{V|*lYi~y zGvC?Hf4;G!Fa2LrzxubnKK5O${q2{!``*tq_`~n$@spp>HSf9l*U$d;yZ`+VgO&W} zPyhPc|Nbuc&%gfn&;S1W|Nj6OfC4yx1XzFucz_6)fC{*P4A_7U_<#@?ff6`@6j*^j G002AZ8?&qc diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig3.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_intro_fig3.gif deleted file mode 100644 index 00a975b5a4e4835c1faaf6c05ac4430ab2703f01..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4020 zcmV;l4@>YzNk%w1VW$B@0kZ%A|NsBY%*@Qp|CyQ0nVDv0W|;s00RR90|NsC0|NsC0 z|NsC0|NsC0|NsC0|NsC0A^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0001|0Yd=* z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@TtQEE41e zjE#q#u}}sHv)}tf-?aXC-D5vzMm>q*~G?}#ogQEqAau3An2yo)6wkCSK{Q_ z@`B%o_4CK??Euy1?)(K5=0pQ}@T%mf-HDr3iv{u)6J z3mKrI#ZMDMFr093RLg`bsj;Nwkf6<%6>8F&Y11FiCMHjI0{5|`sG~+pdQ7?tqtc@! zh4Mzb1plb}*Jadetgm|HYR<1S^Iwii_oION< z3i>!!gUmvk6+P2zdC|FmUSD6RDf_84)FChRL;3r0?(eV4F6-HR`aRhGryo7m4d_aI z{_zK3d3VGX^Wu{r?lcS|GrkZe;$fk}e#c3yzDPlP1oqR61=U}q*Dd>t; zBKhZ_h<0(Pkte*F=%YY6`sSjLRtl6kuvn@o7L;n>=y02c8tIfSd@8CBnGxYmp@7C0 zgQ+y0Dg~^K(ix2jw06)bUa!hZMXrIev{Rdx=m0FSFzo6p57++CR333Y`9z*V!s;e$ zv<>~knY6cZTb7>3BHQb-PLR0JwZhFfY_u|A%kGia_6F0i?P8mqvUSoBF1eYu+G@Am z+KcYM>v9!uz%CJtaJ*dJuy3sVQpD(a1y@{fL;xQQuf+m)obbiwS@W>Ju11X7#2ype zvAY&8OsvZ()64O_%;tcv$)%zk*t|2V{Bdp?_bl_!F!OVBur}j7M6;fGB{Xj>JNxa_ zL9;s^$J8Dg{Kl=F5O33+W!{)B zt@oyO>q=4Jf6GaD!>Sf8DBsBLo)#yX;d0oO`OScJkNn#<%w8 zufFL5rd8#B`^brf$}zqEN#%b7EQtUI7^L%+Dnaf;kY_-Ztz@affQ&#Ob`TL2PUHrF z$$(HZDEL4iK}>GA%FRGTMm$_y5E&Xo2|f-q8W6Ukfh&Zc2}#JpWvK9kS~JHB1L!GN z%us|Zu^}sPNTcH=&xzpyo>;y^MTuCEVpv=rY5sr*kS-d^6V}PdFAC&A?Vw~XVeDWT zYY4`rh;buG1k)6QvzKjkaffzHmw4(ptt|qlG{wQiP#!ax$H+!4W*p>G8e>S5EYO2R zDI{&y*p4T1CqZ@G)_Jzb$8DkIi({<7|I_`5Iuq9p(r~^ z!d}jin}*pH23sRd?5Hx9tPCM7T}jSkPO~4pyd*fg^UDbe^Pauj&Nug{%Tlh=m~3fg zCSs_Gb_VpFv{2?E1L{g)^yiZbS=B?v{xi{C_60l@jVN(23Nhz-(~B+~iW|vDMno2| znA6FRIiKl4H_mdU%xkDV2uh(3ni7WElj%HY`XHM^Q>PrvX#y2^QU=0OEo!`BPW8vs z|1`C!_8^D3D`NIq2Em?%uv+M=VOd5!xGwf&bLHz}HHX;rP1bRh z+Gn{JYPiZQdMEoj#r7+(kFBqKyLwsuo|nIumDqoS7vSXVm%s&1 z+<y#F%+3X%LHgrqOgn)OTvqZ?^JB-)JU^^Sq>-zjIG) zAo|#|wsoHqtm|Nd^C}^WwjPJ=>{;3R)7TDmwmbc4Fyq=z&Bo`nH_2<*O4OVC9JjSW z-Dzak+TEgNHdoZ0&m6uNYPjs?tBY;BWW)R4c>XrH_g!z^VDpLv*Nb`y?n&DL{N4WE zw7>_xYKn4`FskNg7CRHwU&qthX70AON6zg~dwa{Zd~>@^9&w0&dE#Z8w2Hdya%HzX z&oKX*%zu~VoumIe*C_k>l7%buxEieJLnk`Y!^+&Hr`2dqFDule&ebYW9jjKq`ukFn zbFJGbOkU5aSi@dCNt3rhS)f*U*S#H@PUsy~8%HviZ7xciZZ{cAjc+ z-!%j;@Kh^h(9Qem;5>LIr>9*28?SEvjvFmEp1~8_EyJXiUB%MzLyO*4chl^iQf(dc%34BSK5xx^*K8Y_tN4etF$Bi$qL zk}VwtP`#SEf@&bnPFy>*Upj}k=xF`6N!tAIM}L>p z-|KH$E=>OL&%gY!ME^XtKj!6^fBGkHr$$8nlghlSSdDm zgKu_%ItVE_*n@w@gFuKVKRAS>CWJ=lXh@iZa3Xk%2YO7{fO9v3P#A?(RfQ4(f>ww( zSQt@SxP?H#c!9TpV0b#>7nPf1DUoaWf}qD2t;( ziL1znX@-9Sn04WEQNC3f!bAe=HhD{M^FA&7-R@x z{*aB1n2rQcB_7Cqeiw^7)JGMSa0-`Ah(&XGhKnV)kD2(0*3gcx7<9f^LBKSR>gI*@ zSBHZ^jOoaVY}SDQ8IZ>{knxyJtwxXf1b5TbWg>@;qR15yIe-)CjReV0Dzqx&2#wTe zEY_%wx%iSVmo0ZNlD@+`*d&i$kx{Y6aX3PSSq6zDc7SGbVG-79L(+#aW=VKLl>eOw zS(nq4wsVI+36)fNgL_z&PKlK}sFgm*m0jtTiE@=-83bZEmKJ7~M~Ie6sFrETmf+@= zKnIs`QkHT_d38x9ba|Jkr@|7{1C*W#cr1f42Qz#zb1Zqeg0~l%j3s%z#hRu0 znWe`w!zG)UNtv}Nn7!o}GozZuwK=WXn@eb%JW`y<>08UWl+Ed!&pDLQDV@`qoYmQU z*J+*EDSq3@o!wa@%K4p9wUXk=g@9R}q;Q_-sfOgao?+O9?kRWS>7L~npZ_j4pY&;; zGpC>BB9;CbBF1R|1TX*tTA&1apazjpbi?L5IUg}TA>e$p8-a54!NP& z*pMB{q5fE#8v3Cm>X9Ytq3DRA#?oTnI6kLnPbM;=COV@iTB9IZqbk}p_H=L%btu4S zJQNzF7CNLtTBJmJq(*w61CXPr2vIv~O&Zxl^kY0UdZSi)qBqK9xZka@V zASk0Yilt^+r6;PTGRCF$_i^?zN?asQy0CI+TBl`dr;VtlIAD}M2|?0^lNt4Z)H9$1 zP^e03pof~MNs6S5x~Psiq#SBj@+dZ+0asd6@^lQ4=$pCpeE z_a5MGsEA6a(;BVRYOT?_pow~|+Ip?rTCLrRtxFo9{K$~z`m4Rlsla+C zGaKR`UeJ-b1}!oIvf z#J|SHL%Op!%1X;i%uJ7`o-t3bEw50}GOkgvQ!<)K%~sb}*w~TMo?4yTpIj(gUEWSF6_>}>6A?r!gI@Nn^Q@^bTY^mO%g_ICGo_;~qw a`g;3&{Cxd={(k>|fB`c^000000028vI}uy} diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.gfont000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.gfont000.gif deleted file mode 100644 index 7fb5db91b0065b9e260603b21de138ea3495ebeb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 148 zcmZ?wbhEHbRANwKXkcLY|NlP&1B2pE7Dgb&paUX6G7L=FEKMs<&n=rX=e);@g3DZ= zo<`2?Xt^)3C}Y>mzymu~UWBdxb7@)b`&?e(heg`c)HP14wA-K|1~Rp^mv<%_M(j$i%M$S+Hb!Tvi+;K`RS8yaq{YBj2;V*g;=l$GB8*J0G2>M AHvj+t diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html deleted file mode 100644 index be48d6c77fd..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview.html +++ /dev/null @@ -1,476 +0,0 @@ - - -mod_ssl: Preface - - - - - - - - - - -

- - - - -
-
- - - - - - - - - - - - - -
- - - - - -
- mod_ssl - - Chapter 1 -
-
- - - - - -
-previous page
Cover - 		-next page
Introduction -
-
-
- Preface -
-
- - - - - - - -
- -``Ralf Engelschall has released an -excellent module that integrates -Apache and SSLeay.'' - -
- -Tim J. Hudson, SSLeay F.A.Q. - -
-
-

- - - - - - -
-T -his module provides strong cryptography for the Apache (v1.3) webserver via the Secure Socket Layer -(SSL v2/v3) and Transport Layer -Security (TLS v1) protocols by the help of the excellent SSL/TLS -implementation library OpenSSL from Eric A. Young and Tim Hudson. - -   - - -
-

-The mod_ssl package was -created in April 1998 by Ralf S. -Engelschall and was originally derived from the Apache-SSL package developed by Ben Laurie. It stays under a BSD-style -license which is equivalent to the license used by The Apache Group for the Apache webserver -itself. This means, in short, that you are free to use it both for commercial -and non-commercial purposes as long as you retain the authors' copyright -notices and give the proper credit. -

Legalese

-Although the above conditions also apply to Apache and OpenSSL in general (both -are freely available and useable software packages), you should be aware that -especially the cryptographic algorithms used inside OpenSSL stay under -certain patents and perhaps import/export/use restrictions in some countries -of the world. So whether you can actually use the combination -Apache+mod_ssl+OpenSSL in your country depends mainly on your local state laws. -The authors of neither Apache nor mod_ssl nor OpenSSL are liable for any -violations you make here. -

-If you're not sure what law details apply to your country you're strongly -advised to first determine them by consulting an attorney before using this -module. A lot of hints you can find in the International Law -Crypto Survey which is a really comprehensive resource on this topic. At -least two countries with heavy cryptography restrictions are well known: -In the United States (USA) it's not allowed to (re-)export mod_ssl -or OpenSSL And inside France it's not allowed to use any cryptography at all -when keys with more than 40 bits are used. -

- - - - -
- - - - -
- -This software package uses strong cryptography, so while it is created, -maintained and distributed from Germany and Switzerland (where it is legal to -do this), it falls under certain export/import and/or use restrictions in some -other parts of the world. -

-PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY -SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL -DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. -SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM -THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE -AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO -ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHOR OF MOD_SSL -IS NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFULLY YOURSELF, IT -IS YOUR RESPONSIBILITY. - -

- -CREDIT INFORMATION: -This product includes software developed by Ben Laurie for use in the -Apache-SSL HTTP server project, software developed by Larry Wall and David -MacKenzie for use in the GNU project of the FSF and software developed by Dr. -Stephen N. Henson as a companion to OpenSSL. - -

-
-

Module Architecture

-The mod_ssl package consists of the SSL module (part 1 in Figure 1) and a set of source patches for Apache adding the -Extended API (EAPI) (part 2 in Figure 1) which is an -essential prerequisite in order to use mod_ssl. In other words: you can only -use the mod_ssl module when Apache's core code contains the Extended API. But -because when applying mod_ssl to the Apache source tree the Extended API is -also automatically added you usually don't have to think about this. It's -mainly important for package vendors who want to build separate packages for -Apache and mod_ssl. For more details on how to apply mod_ssl to the Apache -source tree please follow the INSTALL file in the mod_ssl -distribution. -

-

- - - -
Figure 1: Module Architecture
- - -
- -
-
-
-

Module Building

-The SSL module (mod_ssl) resides under the src/modules/ssl/ -subdirectory inside the Apache source tree and is a regular Apache module. This -means that you can configure, build and install it like any other Apache module. -Usually this is done by using the APACI command -
-
-$ cd apache_1.3.x/
-$ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl
-
-
-or by manually editing the SSL_BASE variable, -uncommenting the corresponding AddModule directive inside the -src/Configuration file and using the command -
-
-$ cd apache_1.3.x/src
-$ ./Configure
-
-
-for configuring. Additionally you can enable the Dynamic Shared Object (DSO) -support for mod_ssl by either adding the --enable-shared=ssl -option to the APACI configure command line or by replacing the -
-
-AddModule ssl_module modules/ssl/libssl.a
-
-
-line in src/Configuration with -
-
-SharedModule ssl_module modules/ssl/libssl.so
-
-
-Building mod_ssl as a DSO is especially interesting to achieve more run-time -flexibility, i.e. you can decide whether to use SSL or not at run-time instead -of build-time. But notice that building mod_ssl as a DSO requires that your -OS/compiler supports building DSOs in the first place, and additionally that -they support linking of a DSO against a static library (libssl.a, libcrypo.a). -Not all platform support this. -

-
- - - - - - - - - - -
- - - - - -
-previous page
Cover - 		-next page
Introduction -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - 		- Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
-

-
- - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview_fig1.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_overview_fig1.gif deleted file mode 100644 index 7d18de05817c781eb5fdbdee2f7dc8ca40b37e66..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7782 zcmchX^5`F&^1qGqtAQTdWLV-|dKna9~ zg3xdf8VN$9Kxm)A3wR9NM&Hl5KX51%35BAdQ1ty+pn}7pa3mCtg2K`F6hIRR zha!(f4)%3ZRKX!cizV3Jtgipn$t@G!l+R z!O?&{AP)c&cn!n>_y-^WhX6Go20#Opz*T?)7z}6w(tsBFKDqlgPy+{rM56D51pEPG zfeM8}qR>FDfL(wBXd=-lBpS#ONE!$L-~z4#K?81qD1kfxOyD&T2fzdv1{?y^fEWM` zyaccS4qz~#4M?N!S9E_HXahBH(7?ukAOU~CSfE0o(f14dxBh#Ie;d8u=f5T0L;cJB ze!c&qyl4EE&i%Ik8NNsU=iz?&|FG^I{F?+w178PVOF(#lr+=gV@4NW_{K0fb@j_XV zQODWR-9yLH%f_8i&&Hki8LuUX>z?HPS0asb2dc%TQ>uI4ABIE9X);<@Fc?L|qLQOj zUpO2~1$9_4AOd}irk9d@Lo^+LYuhqj7@~1x4s0K$;h#5-Q&bZa0X!1WX>J5veYQl!(fYXEZ zDQo=LOPY@Q{kifPNiY1?2AN61nn&YKlr0J%J&jAuPo1r=vq3O?1`YAugOVE7gJ#)V z8VE$`$acaDQk)vb;$Rfqc& zJyYIYdcVQG3wR*NmA;NILWZ5<&E7_ntVQE?@q2xO%^}@a2fS(K{vksk5Lu&46O-(8 z%`_e4@p+lK!UZ{*y2lkYm5~Y;$W=ilZ|sUB)NY=VPSb=5wrVQ+&U!QKq}`TT15dF{ zhf$C5dMhPFY3y4>oDG$s^MbnWyp3i2Xo*ed{+@9HoKSe%_m}SCw`>V}WR8*rj7>K; z93euSr=Esnv$M+@W624p=%BWy(IeYNK+35Y6k-X(3yXC24U^2U{$n5N9$Dk)MIxS5<<`G+G9Y|Mdpc-af_FAVl;SZwOl4brHbUne zSD$_qiK^@eOR@4gMEPukD?eAJ@zqFEU`0o8SHX)uQb~nFeWF$P-N&R`mt1s8WgvRt z1~lF&QI1x~pBkDEl^O>nsB0Q#UuwS18WuC>)tY?ZS>qNdDJ4K#7nRvy&sc>6)AB4O z`|Jg;P7NI`2}$Ks^}J)(qb!gPDdzTB@g~d_aMRYQZu7U=;))h9-%=A)g6r!iaYXe+ zwR42xJX2auGEZsgey|a~u!D7G+Ob^{m07nD`!Nr)AeM4$^4(PPnbmYxMnJ=1AE}Di zWE&+z%XbN#wcGQwzx01DxMFLd=Sh}i=f4(hYyV!Zc%S_J{X>SQ$9GW3H8tP(8vPf$w-((jd{U(vWg;8x@ z@q2RNeOWC$B2B(%TI_>jN&jyMr>CQ7#8yW{!<9tX>Z9p*Zx4esFtjZA(j^}(5!qpR z5QO-JfaWtU7kCN^)^Vvk7fcj4oRIRnMP1coLpD#5;o^ezP&WR>aUh ztraXpP}J|<*2{;-8b}w$MAK^^#oJNu3y*tcB#qT0+H;mrn_NU6&&)1yx_LCMn>z7iT)=Ydj# zN}N2QbvzrfmUY!g<_+s?-4Xn#mQ+eEds*c^uzPwrpUJelGEXuGSNaBXiiOX$ss)9u z#R%OFr_Ia|Xv_*+yHb*MxA1P@`5baSbcd>hqt^QJMRs0tF;BmUm?g7gRI(pYUDr$6 zHy_ILLh8}0jtxjQr3BUV!+=t;x9qh{GgzWGhdVC>Q>LGDA9DIx$_(CpMFkfs<}5a4 z__sw&xVxvQ;foFHKAIud(emI$q|lI*c*rw(ZAU4dZ*SSN? zCR%#?)zTb%xUsRkMh4za#Uv2$rU~dt%zTak1IZ{qJ0DJ5QYyHBQNuHouj}CRc|}&p zti9+Ef2EPSo@!v>Mdlr%QbDJ2Zs(njyaSnj^&bxI_DN4icm$3|W+T^%E5Gp|O{L|T zTPYaj$G{(MHyn!+TWkCw|77WSNq`r1}>BQ+;xhzw!&p5H-_$bP5Fd=ORqqWFS zv+z696utcUOEVSnPs*>Vs=f+-7YT31_l&+-RMBR~>Tf<8aQObI$11(m>5Mz@keVyN zCAR(xd92yY*wU_SYqdn@(XnWZ>M`?0=bjtA-)if~H6lJ?h4h3&AG34rsgk|R=J?}x z{MqK@_My(nRwVJMB4EDJXgO<4O1sLG+u6g?LKzyTsq*23uL$*C}$!a-Tt z==}$lczPx}P+!s^1e9-c)2gf|*3C7?FQT7JL`#MRj7#b6jzecoB%=u(4i(!YrT%!R z!mVoW$BC-n_f;FztH@a`U75BU4JFTqVlvBm#~Utk)A;s}No&1GYR`3ceZX{)L2wr} zCfIrX$u;2uJnUt;azrqmn8m|s*=2UgcO76Qxt7xJV<54t+5I-s%pVHxat!`7^ZC^$ z1tsNu6=Tsjzi=5ozuJGAF^K%U|+;D0)W>7m8P zj;uPZS)}nugdl&SGe3H>svBgvWk#j%Ky$bijp^_LR|D3AA%t z3@5fdzf31A*P6FDqHqZ?n%#XDJo(PkG$vbb-PDrHcJ_O&tIPt=Gtr5#j$GwY1vBtI z;p%r zrdBA?Wgi_S&K>{LDL7GBolZPE$ze#`MH2djs|AANx!>9brso#t#WrwQ?$djTT}6}U z$(g&I^?xV#{$W9X@q6h{IejWla$qGnI1S^(f9m7<6g>)W^|?Z!8w2AV+i!ywQ=&`f z{2T2WdW6NVnOdE}^$!|EACL3xyNvTiKPE_C5Y4u~aFn`@AXgQiTnKo?_tsvUL8_Sa z$TnDH29xG9SfvrHycJv>j3c4I=#s39fBx#i_O0)1NGm__<5_Bmh0!lQCt5yFxU3;% zA)Bdmu)Vg7fTuj(Qwvl9qw%&7$)y~j0fS~8DWMVx_!Ru2*!r8UMEbd|sasG0h8$Rl zSc&Z6hoS(FD8FvEKnD4jT&biO>10y<5tz{tKd@Qlw<88+f?9Mq*>JhDP=M&|;t&+BB62HrZ4#IJT8+a|1y-|xc zT_i*7didA!3eL#ufoNjR`$v6e>hy8@$c+ zi7dT}_RM_ytu?;zckJYYCtRTT*}c&DaveH5qFV1b!uo{qD^JwZh`w^afkoS)J-Tm^ z0Tth2W;5X=mU!1bp;bzWwLWIMN@PQsQE9)QwaWNs2qkS5gj!i9U{ka2XHrU%$4oq> zy2ByH8F}~34)S=wG=u!;uN(SM*gha7yRqKt0k1HU#j4|4 z=#`*o28rEcYdrQ+cmzv^C2s1Q=q!V4-fH_OI$oRP!tCIO?;o6rxI7fjewCNmm=_Ku z>PHZr+w%QLhwQzKkVp{SRRGGqlYK4h*W zjSharyabb=V9c=3FcP*lydsrRU^JPo71PEeP$KcyvdF%c!RZW~&Qg3WD0r(}`$#8o z%P2k;uB<0oOE0E~tgQHT>9F&roZX+DBUTvg;8(+QThD7833Y4`hd-NjlxR9pXC*UNtuC$dis)i3i_HTI2t<3G{rv)hVK zt^T&GH5~F(`&OSjN-pG*w|O|xlm$2vqk`CYBgCqF0_3|U)jj5 z-65l$y1w0Ev0ZTi{#LcTS}YX-X^VY<5D=7@fUs#n~ z#@=OZt5M_UWmi@{5&NWgLWhzqX{xFd{g$~qE~AS=w|l^|lc0dnHADJ+o6*j8^oW0# zA!SFiSjYEeq7{AFEz0E1m)=JcolzJ)7_2@1?%hY)vL^NK)7pAg@Ka8V%g!dc7=9%6 z6*8V*CA)Yr-iby1=hS_%Opoi<8+5{tm1=VN?HiUqowT+CCj%*j z+wBhDeJBYuKqi8;bi@P#{ewRu|1J+Gj>cNp7cG`Y)l_xILRcyx4ntIWrc4199_dQr zh!E`<342I>)v(Z^8mLyTIM%_KeoL*a^7FsF_R6;R$ zX&!!{5h4DQ87^u+yx`e4%gi~wK#oo)PdU9EA<};0!x0ef_7b1jvpLO2vYKTYBlxKd z40Cp*M{Fo*f|VN<@T5Y;KzuMG&0mREJBO>H`bUC49r5%#c8{VMh5}!X6%GwcubOJY)Uh8}!9wwmu07Y0#MwQ&|hv8kKW3+@rY(?j-Ek2%rS3w7ASb=1(J{Ny2BKI;_zOl(4R5`5SBw&^)>?6}EHXw?b} zetfX}CJV)*blqV`IXkd2ZzXy+r_S#b)=$>}tr$JZjH@LeHfJ59Am%6uGx?;X%~4NR z88_<48%Fq6Fa#m3NyKR2lOvXjgcM_g!tiC zC&tI2IFnIhTGJB&@+5?gbr>Vle=w=}i^9yvafE!Tg!iUMt>={Y$3!!zX+9NqZT3f5 zefp2rpeMP9A>bJwfBZw71%(Y3J|ZR<36taiU9^R+oOLiWUXY2xyiSpVEPDDYismue&92*Rlv*e!co14=|GiGEEa^38l zqqMk&^CdXvU5>Fw4)zc_P`KRlZ!ef`DrlKAqAl{>lTQEP)eywsdTxA_zh3*%8e`h3 z!{M@A=i16uroEjXLrB!cr?y@0q3ZfKA4t;vNKE}@Uq|PT&UUZc*?c=xkKX>1SK_!f*Mu60alb&T;&0}G?pe3h76#7V(rr0@#C;xiEhW8O(73DsiZKHeas|K3uf zed80;qCAnFVNxx<-F3v!?!^1;&&DV(pVl983T`Xp&|-Ye+`;m4y8p*Ua4MDaP=Lu0 zJbqP$b^69>TRLwC-DT&FQ7s>;9xXHn=7lb%8ix|^y+G{z*a-LI+9Isq5yIG| z%-yG*9A0<)s&qYUBspS2KVo+GtoiGHXJ$AL8V0tgORCW&$gM;1N}j^=ItJ-74`IZO-O9yt!bQ5k-XIEqK@Q83|$XmM#} z&iwsLsp{$d?6^=wy!eyq)b4=EF=VgVY$MxcwWfXa(q*$Z?PU7cgwy0O!z`4B>y*Hd z)=HliKa5#l`l!ily(N#Rz+}LDcT`|<4)m?xhjsrsiox9o>cKGj0N^?Q6%~82Pv&;Zu^C3(OP5v#+LW#z#-`pC-Y& zqMsS4tnUi0{e0E)q)6s~?|RrqJb?Z1BiMYEG3eZ*XBCwAlNEa~@a~sx`9)aMv1)Cr zhts9S>wT-oUF-{&F0ThI8K^z8fBW_R4p{#ki2m*3SZwS_5m8xeRMC>lbQP9gA17+3 zg}ACMxQY!TQ;tbHZI<`|NsAV|HvD{*P}_L)-*xuX)V6qmwEoIGJl*)y2aECa_^j_d zkFV94u5AmPrecZ(Y;Wfb>!D81MojA}BxFD6h0@4S6?^DmI?Ooa?o>uc z7BY8iO&av@KYIDh=Np_d)kHN`+jV3RJ8VPD4yv;x4n15$ zq~D_UhEfEBkRlifV-1$(Hf`y`V%${A5^!FNv%~Du$P=$YeK&-bbL4RwVoG$7vcul1 zq+A{%bl6|!^CQ=~Vsw7MK>A&Qn75wq4MHqGW!YSll#YjCe(e#+oU!1KtlBh-i`D+# zr&mHGBNk3_tfWJW&A?Xv#RgRq{~D_hPxti--iLT%5i;p%?C!;22d67!T zYj*OVP^-&AU9-`S8tI?8ic}t0t`YUyp=veF>{^kvpOa%6#{N;=7lHT2*q&=?7*_t%y9$_@V4&ahlD&EhcwZmA%dde(nn-r6=HuB$;Kr~H05~}$hALD zNl}{r#OrIuqMeotr;(R`Z}?{^7QD}f+Ut1ud-Ig>QB=Tb7PGSn?vON<@!3#yVR3^B zNOLhPf8nrcdWOsKw1hAD-vSxAK7 zlCF80^P*KP(sRZdx!q#SmYXJM;-*`2DX3@k?w5hH{m&LtZ%hxqdAHpX{b6@=Cmho- zGTrJg-e^oJCf6UVZ5AiT+@GtU*YnQH!3=la7GdnAZSt1!5)*=7lWZuh5?9mOtls^n zm?;(KJV({)*(_IMlVKhy0!P}Gw!<^F-g;T*7I7oFoN9j|H!?Ck8tjS^6-Dh!GVb6V z`^DR%zkPWL+p>OTZJ_ENNP?i#xph5~cDG^o?$_bn zU&6yjNw){9iWfTN@yJWEi~`i4suEKov@;mQuddE8$fk;QZ8J7i-) zY>t6DDv=W$CFu#(PW36wLRMR_mvAgTVtE*^hFh#i`9}pyz(9Ha4P~Q7GwtY7>O6Ec8yi6ic36qsB>}Ms?`G7`KMxEfR&>;1fI{Byan>qt; zWal0giW6gmBSuF_59(e(9Ris3WPMW5CTz^|h%KEQXv%Z8;b@jZW|ZH{ymWiFU=w-p zw^KQ#@}a)?Rhe=7xKJ{zK)66+97?^EB(tXJBS)V6Co)w^xr`%L8Yr~*FUgn!&*iBN zRY+pMhtSlSwi)Pq)EM^a)yMgyQx*-bcpE!+96lqy46mO>PiGqBCCJfyX>!J_%*F`0 zv+0lQvL5dV4!8PdzrjRbA}j)!8$%<@v2!xW%7{w%RbVhy*5|3KOhtx$dh|{SH$TYH zJ1?Xro!#<|s@V4*#As5~r@Xo4${;`^xpmfwl7bZbSpIHNp-SCb;{Z1%U}@{m6aXyEf&pgM%xYswFkP5A_CRMPauZI zm|q(81Zo^|(+!tzKDQ3&YB}Xr!G1XCOK%9&%CADqO<5Ou&-v@bLz|P$@t0=@nbTEb zOr2iP{#YcJ5o}Nmzymu~UWBdxb7@)b`&?e(heg`c)HP14wA-K|1~Rp^mv<%_M(j$i%M$S+Hb!Tvi+;K`RS8yaq{YBj2;V*g;=l$GB8*J0G2>M AHvj+t diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html deleted file mode 100644 index 3ea020662e9..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_reference.html +++ /dev/null @@ -1,2655 +0,0 @@ - - -mod_ssl: Reference - - - - - - - - - - -
- - - - -
-
- - - - - - - - - - - - - -
- - - - - -
- mod_ssl - - Chapter 3 -
-
- - - - - -
-previous page
Introduction - 		-next page
Compatibility -
-
-
- Reference -
-
- - - - - - - -
- -``Try to understand everything, -but believe nothing!'' - -
- -Unknown - -
-
-

- - - - - - -
-T -his chapter provides a reference to all configuration directives and -additional user visible features mod_ssl provides. It's intended as the -official resource when you want to know how a particilar mod_ssl functionality -is actually configured or activated. Each directive is documented similar to -the way standard Apache directives are documented in the official Apache -documentation set, i.e. for each directive especially the syntax, default and -context where applicable is given. -

-Notice that there are three major classes of directives which are used by -mod_ssl: First Global Directives (i.e. directives with context -``server config''), which can occur inside the server config files but only -outside of any sectioning commands like <VirtualHost>. Second -Per-Server Directives (i.e. those with context ``server config, -virtual host''), which can occur inside the server config files both outside -(for the main/default server) and inside <VirtualHost> sections. -

 -   - -
- - - - - - - -
- -Table Of Contents - -
- -Configuration Directives
-        SSLPassPhraseDialog
-        SSLMutex
-        SSLRandomSeed
-        SSLSessionCache
-        SSLSessionCacheTimeout
-        SSLEngine
-        SSLProtocol
-        SSLCipherSuite
-        SSLECDHCurve
-        SSLHonorCipherOrder
-        SSLCertificateFile
-        SSLCertificateKeyFile
-        SSLCertificateChainFile
-        SSLCACertificatePath
-        SSLCACertificateFile
-        SSLCARevocationPath
-        SSLCARevocationFile
-        SSLVerifyClient
-        SSLVerifyDepth
-        SSLLog
-        SSLLogLevel
-        SSLOptions
-        SSLRequireSSL
-        SSLRequire
-Additional Features
-        Environment Variables
-        Custom Log Formats
- -
-
-
-

-And third Per-Directory Directives (i.e. those with context ``server -config, virtual host, directory, .htaccess''), which can pretty much occur -everywhere. Especially both inside the server config files and the -per-directory .htaccess files. The three classes are subsets of -each other, i.e. directives from the per-directory class can also be used in -the per-server and global context, and directives from the per-server class -can also be used the in the global context. -

-Additional directives and environment variables provided by mod_ssl (via -on-the-fly mapping) for backward compatiblity to other Apache SSL solutions -are documented in the Compatibility chapter. -

Configuration Directives

-The most visible and error-prone things of mod_ssl are its configuration -directives. So we document them in great detail here to assist you in setting -up the best possible configuration of your SSL-aware webserver. - -

-
- -

SSLPassPhraseDialog

-

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLPassPhraseDialog
-Description: Type of pass phrase dialog for encrypted private keys
Syntax: SSLPassPhraseDialog type
Default: SSLPassPhraseDialog builtin
Context: server config
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.1
-
-
-

-When Apache starts up it has to read the various Certificate (see SSLCertificateFile) and Private Key (see SSLCertificateKeyFile) files of the -SSL-enabled virtual servers. Because for security reasons the Private Key -files are usually encrypted, mod_ssl needs to query the administrator for a -Pass Phrase in order to decrypt those files. This query can be done in two ways -which can be configured by type: -

    -
  • builtin -

    - This is the default where an interactive terminal dialog occurs at startup - time just before Apache detaches from the terminal. Here the administrator - has to manually enter the Pass Phrase for each encrypted Private Key file. - Because a lot of SSL-enabled virtual hosts can be configured, the - following reuse-scheme is used to minimize the dialog: When a Private Key - file is encrypted, all known Pass Phrases (at the beginning there are - none, of course) are tried. If one of those known Pass Phrases succeeds no - dialog pops up for this particular Private Key file. If none succeeded, - another Pass Phrase is queried on the terminal and remembered for the next - round (where it perhaps can be reused). -

    - This scheme allows mod_ssl to be maximally flexible (because for N encrypted - Private Key files you can use N different Pass Phrases - but then - you have to enter all of them, of course) while minimizing the terminal - dialog (i.e. when you use a single Pass Phrase for all N Private Key files - this Pass Phrase is queried only once). -

    -

  • exec:/path/to/program -

    - Here an external program is configured which is called at startup for each - encrypted Private Key file. It is called with two arguments (the first is - of the form ``servername:portnumber'', the second is either - ``RSA'' or ``DSA''), which indicate for which - server and algorithm it has to print the corresponding Pass Phrase to - stdout. The intent is that this external program first runs - security checks to make sure that the system is not compromised by an - attacker, and only when these checks were passed successfully it provides - the Pass Phrase. -

    - Both these security checks, and the way the Pass Phrase is determined, can - be as complex as you like. Mod_ssl just defines the interface: an - executable program which provides the Pass Phrase on stdout. - Nothing more or less! So, if you're really paranoid about security, here - is your interface. Anything else has to be left as an exercise to the - administrator, because local security requirements are so different. -

    - The reuse-algorithm above is used here, too. In other words: The external - program is called only once per unique Pass Phrase. -

-

-Example: -

-
-SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
-
-
- -

-
- -

SSLMutex

-

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLMutex
-Description: Semaphore for internal mutual exclusion of operations
Syntax: SSLMutex type
Default: SSLMutex none
Context: server config
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.1
-
-
-

-This configures the SSL engine's semaphore (aka. lock) which is used for mutual -exclusion of operations which have to be done in a synchronized way between the -pre-forked Apache server processes. This directive can only be used in the -global server context because it's only useful to have one global mutex. -

-The following Mutex types are available: -

    -
  • none -

    - This is the default where no Mutex is used at all. Use it at your own - risk. But because currently the Mutex is mainly used for synchronizing - write access to the SSL Session Cache you can live without it as long - as you accept a sometimes garbled Session Cache. So it's not recommended - to leave this the default. Instead configure a real Mutex. -

    -

  • file:/path/to/mutex -

    - This is the portable and (under Unix) always provided Mutex variant where - a physical (lock-)file is used as the Mutex. Always use a local disk - filesystem for /path/to/mutex and never a file residing on a - NFS- or AFS-filesystem. Note: Internally, the Process ID (PID) of the - Apache parent process is automatically appended to - /path/to/mutex to make it unique, so you don't have to worry - about conflicts yourself. Notice that this type of mutex is not available - under the Win32 environment. There you have to use the semaphore - mutex. -

    -

  • sem -

    - This is the most elegant but also most non-portable Mutex variant where a - SysV IPC Semaphore (under Unix) and a Windows Mutex (under Win32) is used - when possible. It is only available when the underlying platform - supports it. -

-

-Example: -

-
-SSLMutex file:/usr/local/apache/logs/ssl_mutex
-
-
- -

-
- -

SSLRandomSeed

-

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLRandomSeed
-Description: Pseudo Random Number Generator (PRNG) seeding source
Syntax: SSLRandomSeed context source [bytes]
Default: none
Context: server config
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.2
-
-
-

-This configures one or more sources for seeding the Pseudo Random Number -Generator (PRNG) in OpenSSL at startup time (context is -startup) and/or just before a new SSL connection is established -(context is connect). This directive can only be used -in the global server context because the PRNG is a global facility. -

-The following source variants are available: -

    -
  • builtin -

    This is the always available builtin seeding source. It's usage - consumes minimum CPU cycles under runtime and hence can be always used - without drawbacks. The source used for seeding the PRNG contains of the - current time, the current process id and (when applicable) a randomly - choosen 1KB extract of the inter-process scoreboard structure of Apache. - The drawback is that this is not really a strong source and at startup - time (where the scoreboard is still not available) this source just - produces a few bytes of entropy. So you should always, at least for the - startup, use an additional seeding source. -

    -

  • file:/path/to/source -

    - This variant uses an external file /path/to/source as the - source for seeding the PRNG. When bytes is specified, only the - first bytes number of bytes of the file form the entropy (and - bytes is given to /path/to/source as the first - argument). When bytes is not specified the whole file forms the - entropy (and 0 is given to /path/to/source as - the first argument). Use this especially at startup time, for instance - with an available /dev/random and/or - /dev/urandom devices (which usually exist on modern Unix - derivates like FreeBSD and Linux). -

    - But be careful: Usually /dev/random provides only as - much entropy data as it actually has, i.e. when you request 512 bytes of - entropy, but the device currently has only 100 bytes available two things - can happen: On some platforms you receive only the 100 bytes while on - other platforms the read blocks until enough bytes are available (which - can take a long time). Here using an existing /dev/urandom is - better, because it never blocks and actually gives the amount of requested - data. The drawback is just that the quality of the received data may not - be the best. -

    - On some platforms like FreeBSD one can even control how the entropy is - actually generated, i.e. by which system interrupts. More details one can - find under rndcontrol(8) on those platforms. Alternatively, when - your system lacks such a random device, you can use tool - like EGD - (Entropy Gathering Daemon) and run it's client program with the - exec:/path/to/program/ variant (see below) or use - egd:/path/to/egd-socket (see below). -

    -

  • exec:/path/to/program -

    - This variant uses an external executable /path/to/program as - the source for seeding the PRNG. When bytes is specified, only the - first bytes number of bytes of its stdout contents - form the entropy. When bytes is not specified, the entirety of - the data produced on stdout form the entropy. Use this only - at startup time when you need a very strong seeding with the help of an - external program (for instance as in the example above with the - truerand utility you can find in the mod_ssl distribution - which is based on the AT&T truerand library). Using this in - the connection context slows down the server too dramatically, of course. - So usually you should avoid using external programs in that context. -

    -

  • egd:/path/to/egd-socket (Unix only) -

    - This variant uses the Unix domain socket of the - external Entropy Gathering Daemon (EGD) (see http://www.lothar.com/tech - /crypto/) to seed the PRNG. Use this if no random device exists - on your platform. -

-

-Example: -

-
-SSLRandomSeed startup builtin
-SSLRandomSeed startup file:/dev/random
-SSLRandomSeed startup file:/dev/urandom 1024
-SSLRandomSeed startup exec:/usr/local/bin/truerand 16
-SSLRandomSeed connect builtin
-SSLRandomSeed connect file:/dev/random
-SSLRandomSeed connect file:/dev/urandom 1024
-
-
- -

-
- -

SSLSessionCache

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLSessionCache
-Description: Type of the global/inter-process SSL Session Cache
Syntax: SSLSessionCache type
Default: SSLSessionCache none
Context: server config
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.1
-
-
-

-This configures the storage type of the global/inter-process SSL Session -Cache. This cache is an optional facility which speeds up parallel request -processing. For requests to the same server process (via HTTP keep-alive), -OpenSSL already caches the SSL session information locally. But because modern -clients request inlined images and other data via parallel requests (usually -up to four parallel requests are common) those requests are served by -different pre-forked server processes. Here an inter-process cache -helps to avoid unnecessary session handshakes. -

-The following two storage types are currently supported: -

    -
  • none -

    - This is the default and just disables the global/inter-process Session - Cache. There is no drawback in functionality, but a noticeable speed - penalty can be observed. -

    -

  • dbm:/path/to/datafile -

    - This makes use of a DBM hashfile on the local disk to synchronize the - local OpenSSL memory caches of the server processes. The slight increase - in I/O on the server results in a visible request speedup for your - clients, so this type of storage is generally recommended. -

    -

  • shm:/path/to/datafile[(size)] -

    - This makes use of a high-performance hash table (approx. size bytes - in size) inside a shared memory segment in RAM (established via - /path/to/datafile) to synchronize the local OpenSSL memory - caches of the server processes. This storage type is not available on all - platforms. See the mod_ssl INSTALL document for details on - how to build Apache+EAPI with shared memory support. -

-

-Examples: -

-
-SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data
-SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000)
-
-
- -

-
- -

SSLSessionCacheTimeout

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLSessionCacheTimeout
-Description: Number of seconds before an SSL session expires in the Session Cache
Syntax: SSLSessionCacheTimeout seconds
Default: SSLSessionCacheTimeout 300
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.0
-
-
-

-This directive sets the timeout in seconds for the information stored in the -global/inter-process SSL Session Cache and the OpenSSL internal memory cache. -It can be set as low as 15 for testing, but should be set to higher -values like 300 in real life. -

-Example: -

-
-SSLSessionCacheTimeout 600
-
-
- -

-
- -

SSLEngine

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLEngine
-Description: SSL Engine Operation Switch
Syntax: SSLEngine on|off
Default: SSLEngine off
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.1
-
-
-

-This directive toggles the usage of the SSL/TLS Protocol Engine. This is -usually used inside a <VirtualHost> section to enable SSL/TLS for a -particular virtual host. By default the SSL/TLS Protocol Engine is disabled -for both the main server and all configured virtual hosts. -

-Example: -

-
-<VirtualHost _default_:443>
-SSLEngine on
-...
-</VirtualHost>
-
-
- -

-
- -

SSLProtocol

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLProtocol
-Description: Configure usable SSL protocol flavors
Syntax: SSLProtocol [+-]protocol ...
Default: SSLProtocol all
Context: server config, virtual host
Override: Options
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.2
-
-
-

-This directive can be used to control the SSL protocol flavors mod_ssl should -use when establishing its server environment. Clients then can only connect -with one of the provided protocols. -

-The available (case-insensitive) protocols are: -

    -
  • SSLv2 -

    - This is the Secure Sockets Layer (SSL) protocol, version 2.0. It is the - original SSL protocol as designed by Netscape Corporation. -

    -

  • SSLv3 -

    - This is the Secure Sockets Layer (SSL) protocol, version 3.0. It is the - successor to SSLv2 and the currently (as of February 1999) de-facto - standardized SSL protocol from Netscape Corporation. It's supported by - almost all popular browsers. -

    -

  • TLSv1 -

    - This is the Transport Layer Security (TLS) protocol, version 1.0. It is the - successor to SSLv3 and currently (as of February 1999) still under - construction by the Internet Engineering Task Force (IETF). It's still - not supported by any popular browsers. -

    -

  • All -

    - This is a shortcut for ``+SSLv2 +SSLv3 +TLSv1'' and a - convinient way for enabling all protocols except one when used in - combination with the minus sign on a protocol as the example above shows. -

-

-Example: -

-
-#   enable SSLv3 and TLSv1, but not SSLv2
-SSLProtocol all -SSLv2
-
-
- -

-
- -

SSLCipherSuite

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLCipherSuite
-Description: Cipher Suite available for negotiation in SSL handshake
Syntax: SSLCipherSuite cipher-spec
Default: SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
Context: server config, virtual host, directory, .htaccess
Override: AuthConfig
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.1
-
-
-

-This complex directive uses a colon-separated cipher-spec string -consisting of OpenSSL cipher specifications to configure the Cipher Suite the -client is permitted to negotiate in the SSL handshake phase. Notice that this -directive can be used both in per-server and per-directory context. In -per-server context it applies to the standard SSL handshake when a connection -is established. In per-directory context it forces a SSL renegotiation with the -reconfigured Cipher Suite after the HTTP request was read but before the HTTP -response is sent. -

-An SSL cipher specification in cipher-spec is composed of 4 major -attributes plus a few extra minor ones: -

    -
  • Key Exchange Algorithm:
    - RSA or Diffie-Hellman variants. -

    -

  • Authentication Algorithm:
    - RSA, Diffie-Hellman, DSS or none. -

    -

  • Cipher/Encryption Algorithm:
    - DES, Triple-DES, RC4, RC2, IDEA or none. -

    -

  • MAC Digest Algorithm:
    - MD5, SHA or SHA1. -
-An SSL cipher can also be an export cipher and is either a SSLv2 or SSLv3/TLSv1 -cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use, -one can either specify all the Ciphers, one at a time, or use aliases to -specify the preference and order for the ciphers (see Table -1). -

-

- - - -
Table 1: OpenSSL Cipher Specification Tags
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Tag Description
Key Exchange Algorithm:
kRSA RSA key exchange
kDHr Diffie-Hellman key exchange with RSA key
kDHd Diffie-Hellman key exchange with DSA key
kEDH Ephemeral (temp.key) Diffie-Hellman key exchange (no cert)
Authentication Algorithm:
aNULL No authentication
aRSA RSA authentication
aDSS DSS authentication
aDH Diffie-Hellman authentication
Cipher Encoding Algorithm:
eNULL No encoding
DES DES encoding
3DES Triple-DES encoding
RC4 RC4 encoding
RC2 RC2 encoding
IDEA IDEA encoding
MAC Digest Algorithm:
MD5 MD5 hash function
SHA1 SHA1 hash function
SHA SHA hash function
Aliases:
SSLv2 all SSL version 2.0 ciphers
SSLv3 all SSL version 3.0 ciphers
TLSv1 all TLS version 1.0 ciphers
EXP all export ciphers
EXPORT40 all 40-bit export ciphers only
EXPORT56 all 56-bit export ciphers only
LOW all low strength ciphers (no export, single DES)
MEDIUM all ciphers with 128 bit encryption
HIGH all ciphers using Triple-DES
RSA all ciphers using RSA key exchange
DH all ciphers using Diffie-Hellman key exchange
EDH all ciphers using Ephemeral Diffie-Hellman key exchange
ADH all ciphers using Anonymous Diffie-Hellman key exchange
DSS all ciphers using DSS authentication
NULL all ciphers using no encryption
-
-
-
-

-Now where this becomes interesting is that these can be put together -to specify the order and ciphers you wish to use. To speed this up -there are also aliases (SSLv2, SSLv3, TLSv1, EXP, LOW, MEDIUM, -HIGH) for certain groups of ciphers. These tags can be joined -together with prefixes to form the cipher-spec. Available -prefixes are: -

    -
  • none: add cipher to list -
  • +: add ciphers to list and pull them to current location in list -
  • -: remove cipher from list (can be added later again) -
  • !: kill cipher from list completely (can not be added later again) -
-A simpler way to look at all of this is to use the ``openssl ciphers --v'' command which provides a nice way to successively create the -correct cipher-spec string. The default cipher-spec string -is ``ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'' which -means the following: first, remove from consideration any ciphers that do not -authenticate, i.e. for SSL only the Anonymous Diffie-Hellman ciphers. Next, -use ciphers using RC4 and RSA. Next include the high, medium and then the low -security ciphers. Finally pull all SSLv2 and export ciphers to the -end of the list. -
-
-$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
-NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
-NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5
-EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
-...                     ...               ...     ...           ...
-EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
-EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
-EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
-
-
-The complete list of particular RSA & DH ciphers for SSL is given in Table 2. -

-Example: -

-
-SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
-
-
-

-

- - - -
Table 2: Particular SSL Ciphers
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cipher-Tag Protocol Key Ex. Auth. Enc. MAC Type
RSA Ciphers:
DES-CBC3-SHA SSLv3 RSA RSA 3DES(168) SHA1  
DES-CBC3-MD5 SSLv2 RSA RSA 3DES(168) MD5  
IDEA-CBC-SHA SSLv3 RSA RSA IDEA(128) SHA1  
RC4-SHA SSLv3 RSA RSA RC4(128) SHA1  
RC4-MD5 SSLv3 RSA RSA RC4(128) MD5  
IDEA-CBC-MD5 SSLv2 RSA RSA IDEA(128) MD5  
RC2-CBC-MD5 SSLv2 RSA RSA RC2(128) MD5  
RC4-MD5 SSLv2 RSA RSA RC4(128) MD5  
DES-CBC-SHA SSLv3 RSA RSA DES(56) SHA1  
RC4-64-MD5 SSLv2 RSA RSA RC4(64) MD5  
DES-CBC-MD5 SSLv2 RSA RSA DES(56) MD5  
EXP-DES-CBC-SHA SSLv3 RSA(512) RSA DES(40) SHA1 export
EXP-RC2-CBC-MD5 SSLv3 RSA(512) RSA RC2(40) MD5 export
EXP-RC4-MD5 SSLv3 RSA(512) RSA RC4(40) MD5 export
EXP-RC2-CBC-MD5 SSLv2 RSA(512) RSA RC2(40) MD5 export
EXP-RC4-MD5 SSLv2 RSA(512) RSA RC4(40) MD5 export
NULL-SHA SSLv3 RSA RSA None SHA1  
NULL-MD5 SSLv3 RSA RSA None MD5  
Diffie-Hellman Ciphers:
ADH-DES-CBC3-SHA SSLv3 DH None 3DES(168) SHA1  
ADH-DES-CBC-SHA SSLv3 DH None DES(56) SHA1  
ADH-RC4-MD5 SSLv3 DH None RC4(128) MD5  
EDH-RSA-DES-CBC3-SHA SSLv3 DH RSA 3DES(168) SHA1  
EDH-DSS-DES-CBC3-SHA SSLv3 DH DSS 3DES(168) SHA1  
EDH-RSA-DES-CBC-SHA SSLv3 DH RSA DES(56) SHA1  
EDH-DSS-DES-CBC-SHA SSLv3 DH DSS DES(56) SHA1  
EXP-EDH-RSA-DES-CBC-SHA SSLv3 DH(512) RSA DES(40) SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 DH(512) DSS DES(40) SHA1 export
EXP-ADH-DES-CBC-SHA SSLv3 DH(512) None DES(40) SHA1 export
EXP-ADH-RC4-MD5 SSLv3 DH(512) None RC4(40) MD5 export
-
-
-
- -

-
- -

SSLECDHCurve

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLECDHCurve
-Description: Named curve to use for ephemeral EC keys -
Syntax: SSLECDHCurve curve
Default: prime256v1
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility:
-
-
-

-This option specifies the named curve to use when generating ephemeral EC keys -for an ECDHE-based cipher suite. Any named curve known by OpenSSL may be -specified. Setting this to none results in no named curve being -configured for ECDH, effectively disabling ECDHE-based cipher suites. -

- -

-
- -

SSLHonorCipherOrder

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLHonorCipherOrder
-Description: User server's order of preference for ciphers
Syntax: SSLHonorCipherOrder on|off
Default: Off
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility:
-
-
-

-By default, the client's order of preference is used when choosing a cipher. -When switched on, this directive makes the server's order of preference for -ciphers leading. Applies to SSLv3 and TLS. -

- -

-
- -

SSLCertificateFile

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLCertificateFile
-Description: Server PEM-encoded X.509 Certificate file
Syntax: SSLCertificateFile filename
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.0
-
-
-

-This directive points to the PEM-encoded Certificate file for the server and -optionally also to the corresponding RSA or DSA Private Key file for it -(contained in the same file). If the contained Private Key is encrypted the -Pass Phrase dialog is forced at startup time. This directive can be used up to -two times (referencing different filenames) when both a RSA and a DSA based -server certificate is used in parallel. -

-Example: -

-
-SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
-
-
- -

-
- -

SSLCertificateKeyFile

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLCertificateKeyFile
-Description: Server PEM-encoded Private Key file
Syntax: SSLCertificateKeyFile filename
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.0
-
-
-

-This directive points to the PEM-encoded Private Key file for the server. If -the Private Key is not combined with the Certificate in the -SSLCertificateFile, use this additional directive to point to the -file with the stand-alone Private Key. When SSLCertificateFile -is used and the file contains both the Certificate and the Private Key this -directive need not be used. But we strongly discourage this practice. -Instead we recommend you to separate the Certificate and the Private Key. If -the contained Private Key is encrypted, the Pass Phrase dialog is forced at -startup time. This directive can be used up to two times (referencing -different filenames) when both a RSA and a DSA based private key is used in -parallel. -

-Example: -

-
-SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
-
-
- -

-
- -

SSLCertificateChainFile

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLCertificateChainFile
-Description: File of PEM-encoded Server CA Certificates
Syntax: SSLCertificateChainFile filename
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.3.6
-
-
-

-This directive sets the optional all-in-one file where you can -assemble the certificates of Certification Authorities (CA) which form the -certificate chain of the server certificate. This starts with the issuing CA -certificate of of the server certificate and can range up to the root CA -certificate. Such a file is simply the concatenation of the various -PEM-encoded CA Certificate files, usually in certificate chain order. -

-This should be used alternatively and/or additionally to SSLCACertificatePath for explicitly -constructing the server certificate chain which is sent to the browser in -addition to the server certificate. It is especially useful to avoid conflicts -with CA certificates when using client authentication. Because although -placing a CA certificate of the server certificate chain into SSLCACertificatePath has the same effect for -the certificate chain construction, it has the side-effect that client -certificates issued by this same CA certificate are also accepted on client -authentication. That's usually not one expect. -

-But be careful: Providing the certificate chain works only if you are using a -single (either RSA or DSA) based server certificate. If you are -using a coupled RSA+DSA certificate pair, this will work only if actually both -certificates use the same certificate chain. Else the browsers will be -confused in this situation. -

-Example: -

-
-SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/ca.crt
-
-
- -

-
- -

SSLCACertificatePath

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLCACertificatePath
-Description: Directory of PEM-encoded CA Certificates for Client Auth.
Syntax: SSLCACertificatePath directory
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.0
-
-
-

-This directive sets the directory where you keep the Certificates of -Certification Authorities (CAs) whose clients you deal with. These are used to -verify the client certificate on Client Authentication. -

-The files in this directory have to be PEM-encoded and are accessed through -hash filenames. So usually you can't just place the Certificate files -there: you also have to create symbolic links named -hash-value.N. And you should always make sure this directory -contains the appropriate symbolic links. Use the Makefile which -comes with mod_ssl to accomplish this task. -

-Example: -

-
-SSLCACertificatePath /usr/local/apache/conf/ssl.crt/
-
-
- -

-
- -

SSLCACertificateFile

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLCACertificateFile
-Description: File of concatenated PEM-encoded CA Certificates for Client Auth.
Syntax: SSLCACertificateFile filename
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.0
-
-
-

-This directive sets the all-in-one file where you can assemble the -Certificates of Certification Authorities (CA) whose clients you deal -with. These are used for Client Authentication. Such a file is simply the -concatenation of the various PEM-encoded Certificate files, in order of -preference. This can be used alternatively and/or additionally to SSLCACertificatePath. -

-Example: -

-
-SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle-client.crt
-
-
- -

-
- -

SSLCARevocationPath

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLCARevocationPath
-Description: Directory of PEM-encoded CA CRLs for Client Auth.
Syntax: SSLCARevocationPath directory
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.3
-
-
-

-This directive sets the directory where you keep the Certificate Revocation -Lists (CRL) of Certification Authorities (CAs) whose clients you deal with. -These are used to revoke the client certificate on Client Authentication. -

-The files in this directory have to be PEM-encoded and are accessed through -hash filenames. So usually you have not only to place the CRL files there. -Additionally you have to create symbolic links named -hash-value.rN. And you should always make sure this directory -contains the appropriate symbolic links. Use the Makefile which -comes with mod_ssl to accomplish this task. -

-Example: -

-
-SSLCARevocationPath /usr/local/apache/conf/ssl.crl/
-
-
- -

-
- -

SSLCARevocationFile

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLCARevocationFile
-Description: File of concatenated PEM-encoded CA CRLs for Client Auth.
Syntax: SSLCARevocationFile filename
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.3
-
-
-

-This directive sets the all-in-one file where you can assemble the -Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose -clients you deal with. These are used for Client Authentication. -Such a file is simply the concatenation of the various PEM-encoded CRL -files, in order of preference. This can be used alternatively and/or -additionally to SSLCARevocationPath. -

-Example: -

-
-SSLCARevocationFile /usr/local/apache/conf/ssl.crl/ca-bundle-client.crl
-
-
- -

-
- -

SSLVerifyClient

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLVerifyClient
-Description: Type of Client Certificate verification
Syntax: SSLVerifyClient level
Default: SSLVerifyClient none
Context: server config, virtual host, directory, .htaccess
Override: AuthConfig
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.0
-
-
-

-This directive sets the Certificate verification level for the Client -Authentication. Notice that this directive can be used both in per-server and -per-directory context. In per-server context it applies to the client -authentication process used in the standard SSL handshake when a connection is -established. In per-directory context it forces a SSL renegotiation with the -reconfigured client verification level after the HTTP request was read but -before the HTTP response is sent. -

-The following levels are available for level: -

    -
  • none: - no client Certificate is required at all -
  • optional: - the client may present a valid Certificate -
  • require: - the client has to present a valid Certificate -
  • optional_no_ca: - the client may present a valid Certificate
    - but it need not to be (successfully) verifiable. -
-In practice only levels none and require are -really interesting, because level optional doesn't work with -all browsers and level optional_no_ca is actually against the -idea of authentication (but can be used to establish SSL test pages, etc.) -

-Example: -

-
-SSLVerifyClient require
-
-
- -

-
- -

SSLVerifyDepth

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLVerifyDepth
-Description: Maximum depth of CA Certificates in Client Certificate verification
Syntax: SSLVerifyDepth number
Default: SSLVerifyDepth 1
Context: server config, virtual host, directory, .htaccess
Override: AuthConfig
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.0
-
-
-

-This directive sets how deeply mod_ssl should verify before deciding that the -clients don't have a valid certificate. Notice that this directive can be -used both in per-server and per-directory context. In per-server context it -applies to the client authentication process used in the standard SSL -handshake when a connection is established. In per-directory context it forces -a SSL renegotiation with the reconfigured client verification depth after the -HTTP request was read but before the HTTP response is sent. -

-The depth actually is the maximum number of intermediate certificate issuers, -i.e. the number of CA certificates which are max allowed to be followed while -verifying the client certificate. A depth of 0 means that self-signed client -certificates are accepted only, the default depth of 1 means the client -certificate can be self-signed or has to be signed by a CA which is directly -known to the server (i.e. the CA's certificate is under -SSLCACertificatePath), etc. -

-Example: -

-
-SSLVerifyDepth 10
-
-
- -

-
- -

SSLLog

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLLog
-Description: Where to write the dedicated SSL engine logfile
Syntax: SSLLog filename
Default: None
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.1
-
-
-

-This directive sets the name of the dedicated SSL protocol engine logfile. -Error type messages are additionally duplicated to the general Apache error -log file (directive ErrorLog). Put this somewhere where it cannot -be used for symlink attacks on a real server (i.e. somewhere where only root -can write). If the filename does not begin with a slash -('/') then it is assumed to be relative to the Server -Root. If filename begins with a bar ('|') then the -following string is assumed to be a path to an executable program to which a -reliable pipe can be established. The directive should occur only once per -virtual server config. -

-Example: -

-
-SSLLog /usr/local/apache/logs/ssl_engine_log
-
-
- -

-
- -

SSLLogLevel

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLLogLevel
-Description: Logging level for the dedicated SSL engine logfile
Syntax: SSLLogLevel level
Default: SSLLogLevel none
Context: server config, virtual host
Override: Not applicable
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.1
-
-
-

-This directive sets the verbosity degree of the dedicated SSL protocol engine -logfile. The level is one of the following (in ascending order where -higher levels include lower levels): -

    -
  • none
    - no dedicated SSL logging is done, but messages of level - ``error'' are still written to the general Apache error - logfile. -

    -

  • error
    - log messages of error type only, i.e. messages which show fatal situations - (processing is stopped). Those messages are also duplicated to the - general Apache error logfile. -

    -

  • warn
    - log also warning messages, i.e. messages which show non-fatal problems - (processing is continued). -

    -

  • info
    - log also informational messages, i.e. messages which show major - processing steps. -

    -

  • trace
    - log also trace messages, i.e. messages which show minor processing steps. -

    -

  • debug
    - log also debugging messages, i.e. messages which show development and - low-level I/O information. -
-

-Example: -

-
-SSLLogLevel warn
-
-
- -

-
- -

SSLOptions

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLOptions
-Description: Configure various SSL engine run-time options
Syntax: SSLOptions [+-]option ...
Default: None
Context: server config, virtual host, directory, .htaccess
Override: Options
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.1
-
-
-

-This directive can be used to control various run-time options on a -per-directory basis. Normally, if multiple SSLOptions could -apply to a directory, then the most specific one is taken completely; the -options are not merged. However if all the options on the -SSLOptions directive are preceded by a plus (+) or -minus (-) symbol, the options are merged. Any options preceded by -a + are added to the options currently in force, and any options -preceded by a - are removed from the options currently in force. -

-The available options are: -

    -
  • StdEnvVars -

    - When this option is enabled, the standard set of SSL related CGI/SSI - environment variables are created. This per default is disabled for - performance reasons, because the information extraction step is a - rather expensive operation. So one usually enables this option for - CGI and SSI requests only. -

    -

  • CompatEnvVars -

    - When this option is enabled, additional CGI/SSI environment variables are - created for backward compatibility to other Apache SSL solutions. Look in - the Compatibility chapter for details - on the particular variables generated. -

    -

  • ExportCertData -

    - When this option is enabled, additional CGI/SSI environment variables are - created: SSL_SERVER_CERT, SSL_CLIENT_CERT and - SSL_CLIENT_CERT_CHAINn (with n = 0,1,2,..). - These contain the PEM-encoded X.509 Certificates of server and client for - the current HTTPS connection and can be used by CGI scripts for deeper - Certificate checking. Additionally all other certificates of the client - certificate chain are provided, too. This bloats up the environment a - little bit which is why you have to use this option to enable it on - demand. -

    -

  • FakeBasicAuth -

    - When this option is enabled, the Subject Distinguished Name (DN) of the - Client X509 Certificate is translated into a HTTP Basic Authorization - username. This means that the standard Apache authentication methods can - be used for access control. The user name is just the Subject of the - Client's X509 Certificate (can be determined by running OpenSSL's - openssl x509 command: openssl x509 -noout -subject -in - certificate.crt). Note that no password is - obtained from the user. Every entry in the user file needs this password: - ``xxj31ZMTZzkVA'', which is the DES-encrypted version of the - word `password''. Those who live under MD5-based encryption - (for instance under FreeBSD or BSD/OS, etc.) should use the following MD5 - hash of the same word: ``$1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/''. -

    -

  • StrictRequire -

    - This forces forbidden access when SSLRequireSSL or - SSLRequire successfully decided that access should be - forbidden. Usually the default is that in the case where a ``Satisfy - any'' directive is used, and other access restrictions are passed, - denial of access due to SSLRequireSSL or - SSLRequire is overridden (because that's how the Apache - Satisfy mechanism should work.) But for strict access restriction - you can use SSLRequireSSL and/or SSLRequire in - combination with an ``SSLOptions +StrictRequire''. Then an - additional ``Satisfy Any'' has no chance once mod_ssl has - decided to deny access. -

    -

  • OptRenegotiate -

    - This enables optimized SSL connection renegotiation handling when SSL - directives are used in per-directory context. By default a strict - scheme is enabled where every per-directory reconfiguration of - SSL parameters causes a full SSL renegotiation handshake. When this - option is used mod_ssl tries to avoid unnecessary handshakes by doing more - granular (but still safe) parameter checks. Nevertheless these granular - checks sometimes maybe not what the user expects, so enable this on a - per-directory basis only, please. -

-

-Example: -

-
-SSLOptions +FakeBasicAuth -StrictRequire
-<Files ~ "\.(cgi|shtml)$">
-    SSLOptions +StdEnvVars +CompatEnvVars -ExportCertData
-<Files>
-
-
- -

-
- -

SSLRequireSSL

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLRequireSSL
-Description: Deny access when SSL is not used for the HTTP request
Syntax: SSLRequireSSL
Default: None
Context: directory, .htaccess
Override: AuthConfig
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.0
-
-
-

-This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for -the current connection. This is very handy inside the SSL-enabled virtual -host or directories for defending against configuration errors that expose -stuff that should be protected. When this directive is present all requests -are denied which are not using SSL. -

-Example: -

-
-SSLRequireSSL
-
-
- -

-
- -

SSLRequire

- - - - -
- - - - -
- - - - - - - - - - -
-Name: SSLRequire
-Description: Allow access only when an arbitrarily complex boolean expression is true
Syntax: SSLRequire expression
Default: None
Context: directory, .htaccess
Override: AuthConfig
Status: Extension
Module: mod_ssl
Compatibility: mod_ssl 2.1
-
-
-

-This directive specifies a general access requirement which has to be -fulfilled in order to allow access. It's a very powerful directive because the -requirement specification is an arbitrarily complex boolean expression -containing any number of access checks. -

-The expression must match the following syntax (given as a BNF -grammar notation): -

-
-expr     ::= "true" | "false"
-           | "!" expr
-           | expr "&&" expr
-           | expr "||" expr
-           | "(" expr ")"
-           | comp
-
-comp     ::= word "==" word | word "eq" word
-           | word "!=" word | word "ne" word
-           | word "<"  word | word "lt" word
-           | word "<=" word | word "le" word
-           | word ">"  word | word "gt" word
-           | word ">=" word | word "ge" word
-           | word "in" "{" wordlist "}"
-           | word "=~" regex
-           | word "!~" regex
-
-wordlist ::= word
-           | wordlist "," word
-
-word     ::= digit
-           | cstring
-           | variable
-           | function
-
-digit    ::= [0-9]+
-cstring  ::= "..."
-variable ::= "%{" varname "}"
-function ::= funcname "(" funcargs ")"
-
-
-while for varname any variable from Table 3 -can be used. Finally for funcname the following functions -are available: -
    -
  • file(filename) -

    - This function takes one string argument and expands to the contents of the - file. This is especially useful for matching this contents against a - regular expression, etc. -

-Notice that expression is first parsed into an internal machine -representation and then evaluated in a second step. Actually, in Global and -Per-Server Class context expression is parsed at startup time and -at runtime only the machine representation is executed. For Per-Directory -context this is different: here expression has to be parsed and -immediately executed for every request. -

-Example: -

-
-SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
-            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
-           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
-
-
-
- - - -
Table 3: Available Variables for SSLRequire
- - -
-
-Standard CGI/1.0 and Apache variables: -
-HTTP_USER_AGENT        PATH_INFO             AUTH_TYPE
-HTTP_REFERER           QUERY_STRING          SERVER_SOFTWARE
-HTTP_COOKIE            REMOTE_HOST           API_VERSION
-HTTP_FORWARDED         REMOTE_IDENT          TIME_YEAR
-HTTP_HOST              IS_SUBREQ             TIME_MON
-HTTP_PROXY_CONNECTION  DOCUMENT_ROOT         TIME_DAY
-HTTP_ACCEPT            SERVER_ADMIN          TIME_HOUR
-HTTP:headername        SERVER_NAME           TIME_MIN
-THE_REQUEST            SERVER_PORT           TIME_SEC
-REQUEST_METHOD         SERVER_PROTOCOL       TIME_WDAY
-REQUEST_SCHEME         REMOTE_ADDR           TIME
-REQUEST_URI            REMOTE_USER           ENV:variablename
-REQUEST_FILENAME
-
-SSL-related variables: -
-HTTPS                  SSL_CLIENT_M_VERSION   SSL_SERVER_M_VERSION
-                       SSL_CLIENT_M_SERIAL    SSL_SERVER_M_SERIAL
-SSL_PROTOCOL           SSL_CLIENT_V_START     SSL_SERVER_V_START
-SSL_SESSION_ID         SSL_CLIENT_V_END       SSL_SERVER_V_END
-SSL_CIPHER             SSL_CLIENT_S_DN        SSL_SERVER_S_DN
-SSL_CIPHER_EXPORT      SSL_CLIENT_S_DN_C      SSL_SERVER_S_DN_C
-SSL_CIPHER_ALGKEYSIZE  SSL_CLIENT_S_DN_ST     SSL_SERVER_S_DN_ST
-SSL_CIPHER_USEKEYSIZE  SSL_CLIENT_S_DN_L      SSL_SERVER_S_DN_L
-SSL_VERSION_LIBRARY    SSL_CLIENT_S_DN_O      SSL_SERVER_S_DN_O
-SSL_VERSION_INTERFACE  SSL_CLIENT_S_DN_OU     SSL_SERVER_S_DN_OU
-                       SSL_CLIENT_S_DN_CN     SSL_SERVER_S_DN_CN
-                       SSL_CLIENT_S_DN_T      SSL_SERVER_S_DN_T
-                       SSL_CLIENT_S_DN_I      SSL_SERVER_S_DN_I
-                       SSL_CLIENT_S_DN_G      SSL_SERVER_S_DN_G
-                       SSL_CLIENT_S_DN_S      SSL_SERVER_S_DN_S
-                       SSL_CLIENT_S_DN_D      SSL_SERVER_S_DN_D
-                       SSL_CLIENT_S_DN_UID    SSL_SERVER_S_DN_UID
-                       SSL_CLIENT_S_DN_Email  SSL_SERVER_S_DN_Email
-                       SSL_CLIENT_I_DN        SSL_SERVER_I_DN
-                       SSL_CLIENT_I_DN_C      SSL_SERVER_I_DN_C
-                       SSL_CLIENT_I_DN_ST     SSL_SERVER_I_DN_ST
-                       SSL_CLIENT_I_DN_L      SSL_SERVER_I_DN_L
-                       SSL_CLIENT_I_DN_O      SSL_SERVER_I_DN_O
-                       SSL_CLIENT_I_DN_OU     SSL_SERVER_I_DN_OU
-                       SSL_CLIENT_I_DN_CN     SSL_SERVER_I_DN_CN
-                       SSL_CLIENT_I_DN_T      SSL_SERVER_I_DN_T
-                       SSL_CLIENT_I_DN_I      SSL_SERVER_I_DN_I
-                       SSL_CLIENT_I_DN_G      SSL_SERVER_I_DN_G
-                       SSL_CLIENT_I_DN_S      SSL_SERVER_I_DN_S
-                       SSL_CLIENT_I_DN_D      SSL_SERVER_I_DN_D
-                       SSL_CLIENT_I_DN_UID    SSL_SERVER_I_DN_UID
-                       SSL_CLIENT_I_DN_Email  SSL_SERVER_I_DN_Email
-                       SSL_CLIENT_A_SIG       SSL_SERVER_A_SIG
-                       SSL_CLIENT_A_KEY       SSL_SERVER_A_KEY
-                       SSL_CLIENT_CERT        SSL_SERVER_CERT
-                       SSL_CLIENT_CERT_CHAINn
-                       SSL_CLIENT_VERIFY
-
-
-
-
-
-
-
-

-

Additional Features

-

Environment Variables

-This module provides a lot of SSL information as additional environment -variables to the SSI and CGI namespace. The generated variables are listed in -Table 4. For backward compatibility the information can -be made available under different names, too. Look in the Compatibility chapter for details on the -compatibility variables. -

-

- - - -
Table 4: SSI/CGI Environment Variables
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Variable Name:Value Type:Description:
HTTPS flag HTTPS is being used.
SSL_PROTOCOL string The SSL protocol version (SSLv2, SSLv3, TLSv1)
SSL_SESSION_ID string The hex-encoded SSL session id
SSL_CIPHER string The cipher specification name
SSL_CIPHER_EXPORT string true if cipher is an export cipher
SSL_CIPHER_USEKEYSIZE number Number of cipher bits (actually used)
SSL_CIPHER_ALGKEYSIZE number Number of cipher bits (possible)
SSL_VERSION_INTERFACE string The mod_ssl program version
SSL_VERSION_LIBRARY string The OpenSSL program version
SSL_CLIENT_M_VERSION string The version of the client certificate
SSL_CLIENT_M_SERIAL string The serial of the client certificate
SSL_CLIENT_S_DN string Subject DN in client's certificate
SSL_CLIENT_S_DN_x509 string Component of client's Subject DN
SSL_CLIENT_I_DN string Issuer DN of client's certificate
SSL_CLIENT_I_DN_x509 string Component of client's Issuer DN
SSL_CLIENT_V_START string Validity of client's certificate (start time)
SSL_CLIENT_V_END string Validity of client's certificate (end time)
SSL_CLIENT_A_SIG string Algorithm used for the signature of client's certificate
SSL_CLIENT_A_KEY string Algorithm used for the public key of client's certificate
SSL_CLIENT_CERT string PEM-encoded client certificate
SSL_CLIENT_CERT_CHAINn string PEM-encoded certificates in client certificate chain
SSL_CLIENT_VERIFY string NONE, SUCCESS, GENEROUS or FAILED:reason
SSL_SERVER_M_VERSION string The version of the server certificate
SSL_SERVER_M_SERIAL string The serial of the server certificate
SSL_SERVER_S_DN string Subject DN in server's certificate
SSL_SERVER_S_DN_x509 string Component of server's Subject DN
SSL_SERVER_I_DN string Issuer DN of server's certificate
SSL_SERVER_I_DN_x509 string Component of server's Issuer DN
SSL_SERVER_V_START string Validity of server's certificate (start time)
SSL_SERVER_V_END string Validity of server's certificate (end time)
SSL_SERVER_A_SIG string Algorithm used for the signature of server's certificate
SSL_SERVER_A_KEY string Algorithm used for the public key of server's certificate
SSL_SERVER_CERT string PEM-encoded server certificate
-[ where x509 is a component of a X.509 DN: - C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email ] -
-
-
-

-
-

Custom Log Formats

-When mod_ssl is built into Apache or at least loaded (under DSO situation) -additional functions exist for the Custom Log Format of mod_log_config. First there is an additional -``%{varname}x'' eXtension format function -which can be used to expand any variables provided by any module, especially -those provided by mod_ssl which can you find in Table 4. -

-For backward compatibility there is additionally a special -``%{name}c'' cryptography format function -provided. Information about this function is provided in the Compatibility chapter. -

-Example: -

-
-CustomLog logs/ssl_request_log \
-          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-
-

-
- - - - - - - - - - -
- - - - - -
-previous page
Introduction - 		-next page
Compatibility -
-
- - - - -
- mod_ssl 2.8, User Manual
- The Apache Interface to OpenSSL - - 		- Copyright © 1998-2001 - Ralf S. Engelschall
- All Rights Reserved
- -
-
-

-
- - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-chapter.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-chapter.gif deleted file mode 100644 index 7d69c96bd29ac54b8c399052cd91ec1a0e6a9f55..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1094 zcmV-M1iAZ1Nk%w1VXpvQ0J8u9|Ns9pGc#spX3WgY%>Vy0W@ee0nas@pnVHPY|IB8Y znE*30GXOJYGiCq)0000pA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u000250A2t9 z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@TtQEE41e zjE#;^1_A*Nl#~Gi1{njJoSTm!0|J$!qz(cD7L%o)AEKqNl>!y2q*n$3xVZtSOarjL zu@tnUSFWVIO1{9$0TaWO#jnUn%FD~L0MC@srPD{&;0~GE4&28|#;=zKo07oUujZrP zMAfgE76!lWt5)fi^oEe56i|Y_VB{u5qIId@giyFh;lgyG6DNiIEStp{#D+IshRiKZ>^x<1 z;O0_)C7|YslP=j`?CO@v&8cxwSbM=~sH&C&x!5nQ`s8}SH*O1f@i~19`@(E-%YR)O zIviGUwDq3JM_Pjk ze^_FmqJ;)3`J^d8f(XlpGo>Qnf+GSW6_-n9@THRy4Q1z@cWwx!2vs3BpaVATNMn&; zc}OUh6JjtSon3xVCJ3dWd7EPR5XmN3I+it7eHHz8UvgHSR+5w;>?CP{A<-1!Ru_Ky zTbrcbI9`PniYV2ikh)1vRwZt8rDA1yIi79!x#tvSvC0|?D!Am9%2{X2fC|m8mXx)t zklJ}O&|pRy<|?IF%W9$cVuP;(+M2j9!1m_)z8j`?9%V_hsH!ltBv zW3{vF`*4?x88F+Xu*IzCg8|NUQ^q3brt5nyd#tQF%qrEGs(WhECs~Y16S90%*_AHW@ecHGcy1H z05fK0GXOIH05kvp|NsC0A^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0000=09gP4 z1pW}nNvpj$>&?6WU?`4cX`X002}{O?Ut~n zsR)fqN42W;3ZiP6Tu$Km1&1*Na@l+hxC7~daxFXq=Jcigp4aa2eLZ%7fpuqug=|uY zi7kJPL649}gOikpmWE-Bjgpxzo}UV#pL=hosBd|DAFHe#uCE)hvKh3s7q_?-y1Ns- zz5u|!!@I?}$F<3_%dgF>&wJ5!(`VIT*Ie0G+fv<4-$>y@<38m%=QHUt>niOj?XuAIb@u5(cnf63LkBC Md`PmS$r%6uJA;#}4*&oF diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-2.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-2.gif deleted file mode 100644 index 14aa9f0ae115459d0b00041b4b9102e37b618245..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 580 zcmV-K0=xZ3Nk%w1VM+j50J8u900030|NqR)%w}e0Gcz;H|NqR)|IGi)nVFfHnapOH znE*30GiGKp05fJYW&i*)A^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0000=09gP4 z1pY9{Nvpj$>&?6WU?^&WfDCAglw&KN1R&3JO`w9SS7u!Qz}g_U8wm!%q*6ve6h8vr zavCHMpBW@|n;c*-2(CD3{Z6#w^w0T4tKTzrQ3|gE8NcikL9AJrrz9VSbzGiJK)6I3hC>oF>wCm{ zM!LbRx1@U;n-&Jzwb|az{b)9CMZSL<%79zA5aPxG1y2qXIrHYbpT~?YUCr|9-JE03 SPJKH&?cQZ`9#6hJW&k@Azy%Wk diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-3.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-3.gif deleted file mode 100644 index c55def0131a940bf2e2e381ff9244abbca29044c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 610 zcmV-o0-gOwNk%w1VM+j50J8u9|NsAHW@a-pGtA7)nVFf)|Nk>)X3Wh0nVHPY|IB8Y znE*300000p05fJYW&i*)A^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0000=09gP4 z1pW}nNvpj$>&?3#0}+hm2o7GVW?>*Oa4gTTAOys!Z-Yz!z?p!6+8GJ2pmNC=8dU_Q zl<9nG2Fa;5C@5MhfvtF%`%bdsG_CwatKTuU(G9Q5SM++_s|xG?F#EBfQT82TO&juBYy!Ngp86CNOc~MW1AhMW1kgosu!r09GzmODwIo&8n073vRk;5 zX{{P>9BNOtO2uQpE4orVX|y`dOwgrI)JxX0*lElbSl33`LDE+uHcaNV!A31UGwUB} zd{*x^;>K6Jl)QawW!&HDAtzky7K%7(HeFr0H@fjFtgGTmXSiPtcqa zdcgSx72HH1Ppe9}N&~4@0RD`9%|&l)27^<)vbgtRpBlB8M%Z#YumTpYG4|n=v9xR( zv3C7h*_#*KKQn}3V0deW*agQ=&`O~SATa~AWb1-~tRrkR43ec_zF_&#$Ty=YkXsUT zwUX2TTywdi2ViI|!b;1)!KVcv4xWvoJ|!GZisFYkA?F5V`4q|Nk%w1VM+j50J8u9|NsBY%*Vy0W@gOH|CyPYW|^6pnas@p z%m4rYW;130Gcz*)GXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0000=09gP4 z1pW}nNvpj$>&?6WU?`4cX`X1RuIwZ%a4gSp(4q&e)An5kyI{>n0t$saVrXzgDnqYk zF!|)dGv|-j?eG;Gj3XIfPr*zg@$Q% zi86vpe~m+Ak&-ZvH-wgxRftWRQkW}@M*^fxqAHa^0|2K-sVJaMuVX~BK?f4GSwx7Tk&|;xNwP)+@|9=jhNY({mW* zoF~}18uXVb^xzr#3!-fh({5fm6YF$rIY=U2w|opm+}ojz13-c9u=ukW5d=XHmlv0b z2@z777>uquS`kz6LrD+`X$Y7}v!+d(Y;M|Ysb`bVW*1`qOjJ;U(4l~e0yv8Fj#8#g z**uLpbShP!R{{;7=n>?B=?@9rARt2bj8 xlwjcYt;TmSVY`Ow{!OeH3*fhN^$IpTd2r>vmnBEOo0;=wx}8CPW=z^J06Udp?mz$l diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-5.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-5.gif deleted file mode 100644 index 6c74e3808f7f2f464ed319687c417167902c407c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 592 zcmV-W0T@pnane0 zW&krYGXOJYnVDuYW&i*)A^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0000=09gP4 z1pY9{Nvpj$>&?6WU?`4cX#r@eu59bRtw0KJZQpD;;C$cezF?0~A_$K*A_>WS4Q9>g z>N(m;uLhF!8kLQV-0m_Qg_4;{(e^A%ht_N#RRoR)=OOzsE28lT0)c{qgoTEOT0M9s zj2Cb*#y7*odQP0c%__u<(KUdLyVWk!YT7p3Aj#e-;2zN9E9D&MH|iPL>@Kbx z;_)b;^!7HT8s~q*f_(YwF)ss?0R<%>Yr;>~5qucnY3fkVMZ<^#Yh0vIk;O)X><>Hm z`jzpX86gQd1R6;aMaq0a+~oop1mesM9e>;eA@Rn}JScyDDA_`$&H_lJzS}UyfI}ZVe;1 zr@j@ZD`c*AIl$*;Qz^LC7yIyQ7QF-i27T)FHAbA{1@|D}_Q6oI+tlXi{F7Wp3)v93 ej>%W*(N8BJD?Mac_zi+;sRuayy!-c?0029TR1kas diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-6.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.head-num-6.gif deleted file mode 100644 index 95c45409752666f6e62edbd53e67fb0a8d62807f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 627 zcmV-(0*w7fNk%w1VM+j50J8u900030|NmxYW-~K0%*@Qp|NqR)|CyPY%>T@pnalt) zGcy1)GiGLHnVDuYW&i*)A^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0000=09gP4 z1pY9{Nvpj$>&?6WU?_3~aR_L7lw&KJ!T`*4T@S+H?iUf;z+g>4;O!1Fp;9?08bO5Q zaw-%&J5j2Z>AYSJ+ptpStq8>EAh{ekr{A^pRSK_njqbXBaLw!WRy<&TgaCIhg@u7F zbcuE?gL?y$go`17hXE&bd?J2gL>gIdnH+F(8lPLJ9I9HD9F4D+X|N<|ogR^5r5mnG zxgEbtwjH}$9|UhMX&=Y4j9Zh%7{g;OpVK)kBg-x(+*itI!ED&I=0>tqz3Cs`Jtr}f z^e8Lo<7gI}VFUN#xF-16!)k=JDgg#2DhT3WkQ|O^G;y&mA{uJ3ED|c`L1Q6~{-!)` zq$TnX$P6VFdB~SiPdf@MTf#Y6A*ReX7zKKy=jc`7~UYbE7>$tb@}}}cgJ2EMUzg6yP@t7#&05nhAbCxw8E`$j?hd6 z3!KF;;oJ@2*#>N*rzGb-46j3N%u#<-8S}jECP2p&|H2PPq3UNyKJ&bO`S)oMfrEelVNik( NDWq^&?6WU?`4cX`U!0G;Hg>a4gR>ENpA7?>v2Lxt?%X`(=W}q_SbeAeT^H z^YV;ZXH!e{%5`Nc+iv%(5}Uoavzj~!tD$U(`>l)v=5(SRpBL`?Tz`O80~-bbh>41e zjE#&b1os$7V0ih|QLWQO#d@ri2B$`5(up^&-wI!%LrMV-m zF0Z~HvOToJ9=AQc$RE2r%^<)n$I%+aQq~>HJ=z`5JJsG6*gMSQ7u-C;=oR2PoZ96& z=j{~g;r18rHTC)c^K`KLN5r4LX)OlY!w2u5J0c3(1?=aLLXwE+5VA1Xj-d{5fA%!8 zs3^f>5t0D-2_$Kf21j%%Yk)-8k_JX^FFp@41nlp;a7|K3j3S9ZtP ZTxgN%t1I(vR(*PBv_;9dv11be06Wu1;@kiL diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-000000.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-000000.gif deleted file mode 100644 index 8dd81a90202b25d32ad1eca8ef17414c68c8bef8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 35 gcmZ?wbh9u|WMp7uXkdT>9S{u?VPIl%VPvod07i!b+W-In diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-transp.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.imgdot-1x1-transp.gif deleted file mode 100644 index 5bfd67a2d6f72ac3a55cbfcea5866e841d22f5d9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 43 mcmZ?wbhEHbWMp7uXkdT>#h)yUAf^t80Ld^gF}W}@SOWlZ0R#L1 diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-n.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-next-n.gif deleted file mode 100644 index ef0e7238be06af9b403167760a627c15678c4953..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 303 zcmZ?wbhEHbbYl==*v!E2|NsBAv@~O5<1;|;|344|;Y<)X1B47f0F(o%NHbKP_7=ztW1Ol4p>C2+!X^>Q^umanyVV4%vMe*nC|cRz%sjQ zd#FR;Ryzj1M8?{?%JYZw!&?wi>zRL9tp%#{~r+9=vGsjWe%(`Rak zo!bKP_7=ztW1Ol4qs8gSBc^&kpTZH|oE8`~s#B+k6)Vt#NyY{6xQFoVKGt_1c-`3i-U+_nslM%hW$Nv+9|jI;78 z72-l|7sxj0Pm@~~Ct6Y+xL~4~ky&>C@-2n4XM5zVTjaPzZyCd~UO&a&gOk=bOxawr ztfHzk!sJ4Q-P-yEQ@0$tlcph5xAoDHt({pJx6j>SNQ;;6SXg@F<0d2XZ`OLg)_>IY S|6<~ra%ACxgU#%W4Aua2#ENkM diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-n.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.navbut-prev-n.gif deleted file mode 100644 index 912076efd4bb9753c23fec1fd2285ca08edd2400..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 306 zcmZ?wbhEHbbYl==*v!E2|NsBAv@~O5<1_#Np8^=1gM- zV<1QIpP0L+n?i7IVo^zOVp(dDLRe~%p`KwPgAPbB$W#WFvjQhPSMRlWeRlVMh2(#TCWx|b4KZFBX7#9XQxv=JFytwp**(i`{x^YCT*4D1& zEK`|TM79Q9^=1gM- zV<1QIpP0L+n?i7IVo^zOVp(dDLRe~%p`KwPgAPbB$W#WFX8|WYSMRlW9ozUnL8C7v zbKX1?t&G?E7D=6wPZV}cXfaQCBk$bD@ak%Zev}udfW{nQ#uJhSUbX?A3LeHbiC$hD zS|>8?Z{~l_49l5*qJinfqS9rtoI=08tz={|Dax-(&|wfu&Z}?;Q7B5a3@w(63z}xo zp(EZ^o1Nd6AyKQ=*|CFvN%Wuq@8@YO4zsMDa`!l_@cbU!n@Vz)%>T^)%$b>)nVHN0003s0 znE*30GiGLHGiEaYGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@TtQ%nXjmi7eHyJ;zdyma%UQVTX<$&F=zb%=ouA2oQ4DW0vxb7VW6Hp{&O;6 z6tHi?fCJvjY0QNZQbi028Orpdj@G~l-YTYa<;WquI{^d;O*vGkn0aj`@{}-OC#{kg znmQD)q-oJXMXAo*IwhqpUm3hPCB#vpPqF~U(i-MYDmMxFcD-YJHo?ZaSjuwU%i}Ae zw2;E$4R@g?-j;O>C5#w%TQs$!2J7WZ`G#RFee!XHyzQFb!9wvWu6uOw7IB>cE6=y+QqeDv8lsu)3M zr);=n`e@||16DAi z1zsVvoRpVz2m*{4p1_}Mnr*NVidA0eW(ZqakmZo0sQHOn`r%jsnP7~-pITzjN5X$^ z7V1Gt8xm<-of_DeSz>DzxrR7|b}$lYV1hMhn}&8;-<(=9N#|c15NR4oNlr>7qiPBl zhNC4^>glWxvMT2^PL>)`g`K^}Cm|cSrCM)FiXbbkvmz>3L=65iD=DcGxjH2Uzgp9% zcf_i?sjbL*Y9AaRNmt^c&^}umT&k5+t!`0GrBhosd2npEg~~VBKDlb3C+cdSbf2E2+%E;svzFt5T^@_O6GTi6M3qe0!M zoVH5}-0Ubdf+gw*AA{VZy{0wOWd`|Z*+GgbvRvzjx2~b@iVm+9iiIsdY_ppT^QdgQ zZ9byVz{v#-#(VQ__fCcW&HQOOCDr^ifFch^9jFxuIg3^hm8tc)0XuDyv%!7xZ8XTi z-SgR3O3Pc)Lf5TrEAQBMM@svI?ecc@^!GB}PwHb_&bcii5I->NjnPE|RCq~ zA7l(XX7~+fOxhQJjPp8-43~&n%{z|{=OOsUa3a_vUvz#R0-Ne^CB^O=@9K-+n(iKp zw*5Du(q@r-!y}pn(&rw$$&Yde44?h5!8|zm3ui1cokQm0lmNO9V?OBv<=VFm7Nt#r z3p_@~M&Pg1i6u&@;|*(4#yU>XiTFT Z*T}{;y77&0jH4XqNXI(b@s2Vy0W@gOH|CyPY%>T@pnaltH z001*HW;14HnVB;HGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@TtQvLovzr_@;Y_JuyZI`ttoD$Ih!E34j%xuQnA;`k1+~M9#%DkAfy(QDr)lApfYvJ-5 zUL9xz{bV$#;9WY1{@e~U zOtP;HF_3WfP4r-KNsVbNKcX!5EdVh!;ARq1Iih7A8ZfKK)VYeIyOVZG^5MYc#g{5s zR6I4|F!qBL`Es5b!VEF^-UYL}a+erSjNq|e|iH5^&rDZ&Fc<@(jko{huTp4T)k%`PMV^cN*<8P%g@C3bQ z;vrNg$zoI5MD$sQ4;PaRynE2)tVWMw7}&L-px*aLwl=NEGYzGK*VfMP8uv;GDucUw zYmXRN?QEh`V2v9T_*%d3H59M0czct&KH(N?!KiKLDd>05ym|h13$)e##85*O1ZWR? zoOZAAB>J&^c^O)o1t z6rF@@03ryADfWj4dm5?`+a=Du|vYrWKAhrX(ujeM#YkQ%ZCsgrm(VOh46Sl&6_{l7`SfiNyopj)K0> z)*lE4L{8p686a{6qNA3o;my!ie{k;98+nDG+V^()YF`FTt($%Q5S z$y^E#MS*=m0%mf`8yj1$1~6Ocx6oA$ugoE#9-Srd#GS`J;q^t(G} z5VhBO@;qU)rrPTgUabBM^4YN33e42{azZ!ZaX*dfioJmngze(!h$c@BLEvxW=;?Kn&Be$)J3 zhB?@r8Yo!mdxH`6l6ScCrEY8$U{y;P_CBLI?gNmB9JN?xyZaF^e=U1k_1>VJG~q9J zw920PbXUIPiE1NaE1p4M(WVBbKq>MQAFX`CK=fVYdfyu!wEo5%O?-$y7X+cZ1USKi z70!SuB%cILwL%x7U{=iPT{5iTJHKTJhX&JOlKx6!o3;gvc{95o-`2oDk|8mN2uxrt z>QO@{azGeBQb{6e2P`ZWPKKA;ni1nRG%La@faA*{9>Z5UX0aoQ2&>Pxl<3A0fJb0- z(jfRcv^%URQjj7X*98m(3+#PvOkyNr5t}BZGiEW3?Bmn+8c71wsAU$B`oxFSHOEO> zQe|1JUc}xu%hK`7hQhO@@^q=V^i>aZro7__6~M6du<`^@v``daxQyWJ%7Vbe;M~Nd z#s9c0e#RqK6vjx%W0oVCmE#|2`alc@J@avWVrDVh1&II&5sa9e=Pp}QPf7{XY2oyo zJIP6!Md0LohZH1>mUy&xmcV-rb&@~#{&~xQrn8%%gQ&->83_S>?n$CVQa{jXOarat z8*OyxSg^E5|4hV=7bRvTrTJ0os8JZptZCkEI=F=9@;oa6k4j%yq>yPem=r~-MU9!s zC`IR}<@_f|16d?ukaU zlN!}|E+M5|O@sGhNXoQuZIvIioUv3A&5oEQRNQH?5O+-l7T)So!w#0AO|tq@V;7?<(L@%X7BtE)Evq)R>;@9A906dEkp#_7 zA!P!{i*Km|7v2t+C7i+S>pl>F+(_hh3e9z{7z9g3+FG{*`@3!s47FVCsx-Ua^#KpV zOWv7=u)I4EZgB95-e-chy)keSe98OX`MQ8Xe6{a8>#N@taJIkNVz)%>S90nauypW|^6pnane0 zW&krY0001HGiEaYGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppVb3*U`z@QNL8TxbrLtrpqIGuw) zK(MPAdm&?W%k6qq&8K)wE{_8qgZW9d8NzGvbQ@R?LhJT-&+qf$ae-xM9e{&1YJz10 zdN_4vcOZE&0#cTi27a2GdxnaNgc|~ak(8dFPoX!Di+E;@Ev#duoVB(#r>JYH8Hs_g zEWWy}j&`nPz$>z1w71UBEV;vEycp7QFv8Ph%`?l)$7IPW-%!x!=qK0PPSqBppD)_% zv#Z9EuQBBe-Rb`S*677?S7Be7Of29DG(*sZ!G0Ph!Po~8pv8ad*fpG>YvYKF{`3%f zyJw5y#giwcc{DLE5DSBH4Ctu@vc^MaCQ<72r&8ZAktj%w1JLpejhi=uc*wc4>9d|N zrd139lfg=bYmSm!dg;DupS%d6&F3nG9+!6h{Qiv9Y#xm|QtfadEVh*YFG`D*(_|PYe_RJ-W}j_>fJg z4vKp|<=|ncymCbY^iaJ^R0lp>cyR2Jzq<}AB^Mg++QaLQwvd|!gCYU`s9qeq1q9y< ztF@Qkc^2gLL_cNiC*cYp=`t086RdR_1~3(P0Zgj7w}C`ORm2xR93D8~if;7>4hCyA zlimm*(l{f6B1ZIGgk+7wBa1+WP$4Q62}psFzTMcElJ5}{Uw%kZrDBj&dNAZC6=6t0 zj3m^Uq;nJHn1Mu&$t0zdRi??om5M;br3G4^X-1b!z9c3FB(^D*hd-+6Ck1ShV&EZU z*(Snb9u^8Fj#G{(-!x+V*XW;=1{z2|)!}t#2AO`e=?MvP(AII(B-1CQelk}=s2s`0 z!*n9R8s?;9$~WIO)triInyQk}>#fv`@D_ElGK!{x$Q>zABf9?XO69Lv4Aj*n*Ldox zq}P)3DQdP#aN;(!H0vyo&@SoX80>9enq6ejb*!k}ZnwlV0n$2dkmWvkZYspaSz58i z`j=g@oGMXaDB|8bVZI&2CXluEZW&0r%4|zPwihJf7-bPFys)91PHTxCq|%$A$Wl}g z+hZ%MjPiybTHI=WTk;?c$M1TKFUS}$D8ar?-dsUO=~g1hSVG&_F}E~7*965Gf|;<+ z;g##N!wa>MbkwBm*@F~qTCla8ivVW!*#NYKl}BsgTn5!@T5YJM9Z4{@-9V!&_M&7z zoaZbY>O$O4L<*qx= z852J2z;74-ZR=3fdHL}YDbH^~%{yN;^zZC)y1AAWFM;epuZnqF-n)aJ=;EWa`x&@@ z@VolnS~@R1?&F@VYPY;z2!ej~yU6{R0Wj9Qg>UBh-=#RGya4tGc?6?Og`&WN)FtqP z{?OPG03!uc$qX7A^F$OlR|F+s0t+CF;cSWmH5uCQhUbtVV{pjB9)@sUF!P}hhe*UC z8u5roOrjE($iyZ(@rh83q7Vy0W@gOH|CyPY%>T@pnaltH z001*HW;14HnVB;HGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@TtQtPBDHfnv!N1P%kw zU`nkPuh^`1%RL>L;BYe#)da*#L3hn=yWh5f5={q_GiS6K&hPvGfO&O;OaT~zVS9j! zjE#;wbA*x#iWG=om5-X6oSh(%laiSLmrb6hsHvQwp`sO~X{xfbv}~}ggO#_VwY|Q- zHwU=G3I`Lrz{$$XEul|k00RfNVaIg5%-P!8uabrta&-dG$RAbEURLSqCg42pe_}oKJB) zb zFJ-OFkkP}b@S5jKW)+gv(8cL4|^~ zgkXSbrRdXTl^sY!iR6{X+I|(J$RcGfUH~I0NioQTUNMRh#Zw2ZlnWFuNJGsxJglgW9C^woVd&>*#-(x5UHM%IY*(NNCp_D2I2+El!u|=_}!7@orwlCUQ)W(Q-fk! z&ZZeARj71@g@%$_-pnWl2gA|RtE#YBhKEK;c=>9ooIwAd)|X*i>RJs41%0z6 zj=*j+ln5mr3tUmqNib@o4dJS6C{8SEhqPdHpyVE~V3RF8g@%yjpAEwLtCqR84CvHUVl?Istcm;n*m- zcwL_TfeoSB$f|g%+doM;iM(`gqw!i~(%55D){%wpq5o0i2LOYV*V@u>*sxTF&Q+__ zcu=z%7CFnF@?-IYSFRZi$0_L{yEHx-18eO-f<3JV=FWY3GIkHPdLqw43oo=y6yHkg zZoW>)=unH~%J5yw^pGSDNxH1UPYYjRexpKr5jubEq zR4JhD_@zI0%}jz5+zRG+Hb6F+3v)9`j7{*MF((YfH2ir~2|KVE6jCN*@p;n?GUg^l z^{X_AP?PY8Sj4&I%^q=d7B8-N diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-howto.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-howto.gif deleted file mode 100644 index c20402d1a9dd3c43e3133526987a63f828f832ac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1192 zcmV;Z1XueT@pnapN0 zW&krYW|^4)001)pGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@TvG8yJts!6(TirkK#E z^ysWwuUMI&!R>YfpMZBP$d1J0w0i9=o8R!be6n4GJ!rLizR9!yYK=Ym+#CP01U@6=a zHP|Sn%3X9zco>|E?(z-9Q(xc1`c^mK5eJ?c|62t~6>86Q$`RJ`v^}x@C!i4S*(5=E z{{gs$5`|%w#w{dyBHcqxQC8J}7^1@%DdV-a0fPLgq2MHtptWFFvejqb2Hs@oq7DTv zS*e+6!nS9mo+QZJnpmFr z;hUVsiYTMH$b#nvV5SP5LEwQ=%tj5Ws4ANx%4%!}p03J_m9PFPM^hrNQE=v{YEDLJ zsEsyw?6wvpJK~zdMQhx5TpQO*Z$kLKaSvNVl$@JVHfh8U|-CAp#b6jn^ zEj8GmicO|_Z3~P6!6CSXa$`{Yy(Qdw@8ekjg|;f##YdCoEqF&{`Q!NKH>4&J8UJv@ zj{usWPC4kTx9VzHnVHPY|IGi)nVHNpW@cuY znE*300001HGiEaYGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@Tv06Bv(30dYx6CYdYe z5lXER2aK#%8?bsY*e&;45^t5{v>FyRGrF{Zd_G67Ic+gKEuhm27j9X0cZG%`d3rU1 z41|XkiDPO3f&+nqj*ps~6p@lMjG3ICZ)=opmKLF$tgWP_G^?!>qg8+z?Oj-z-Wgvi*GBGfWDG~$Ah7(Ad3D6T^IYzdM6=0-AWPkxs zUqyx5g(j>%Th>{1lQV;WS7W?clpuhSSFrAse4WZ@>HsBUFK!*`)$CWM3~U;ehqRNr zxm!Goj0~g)H&EZ68UJP3A-Zb+RKUSjJ zU13y_0XPPY_#^~#XyRGcokrc47V>Z>e_OhYcs6q7$DhLr zp3LWNzuJFy?oNR^)1ujtQ(WGxxrEku58s~NyNmVb>)_*_pt~~o@V$-xX9gkW;nh=m z#3{#~6{!K31x&rscUu<@K3LvkP=S`4aAbWqT!o+s$XQSz+JPW(3$D>1Q$)Qq*E<#! zm>gg&g47lT1}^m2hU8grB8f~%l-W+JSY;D0Xw^s~kZoo55?Je{c!hh>QKO@W+zmL> zW>dYG$y^@YH(~`RCdVI#7kxLEasioSBr;mc#-fif-rDT7q@L&1rJkSd6Aoi=vot{VP``AMT@Bzmd@nO#8Z zF3>n@Awa7TYnhe5@)<0w*!pR#qsku30aDrmS66J%ih(L&BwULlG+S}dE+DR23vRee zfSOeX!<-xHtXQs!O1>MgDkziDW?7pE_C7iyDY#lZaKBs93osJ`e^Tq1k_lJwyuNN= z=)V_;)v8^J*2}WQXV5Hiq{ncKu*V-y39GR8nrrgR7aEO3FRf*= zE$5u@1Sj_lM98vQTC>Jld`a}o9m5tiZ(M;r$f8ciW%SIclAAPiI#YVE);9*I5b7CtB~x{vR-=+ zx5t|M!&&d^5>i{Ow`uEaN31HvaO3MXwTd$Tq36&05WUx72OVeU0$p&c%6GPl`K!Up z-F(EaL`ex_$Lo&$de^P1?GJtFX7c{Zbl>0d6cirj1$e4U3{%k1uHwuvHijZZ75*7OI=NYIQ)obgEXuUQ&xEjPM4Vjw zj;O$KmClE!Q;dY1H@mjX0WIRdO&Bk;hb=~BGZ2f39O_i2njr}<5*g%v&?v8O8Ig@L zNFw*@7$hg+N7$;}YLl#fK^3sh-3M{wztunZ5cFbS(z0&-Z|c?We|$I4bd#}UA!qc9`s zMj67<5to_c-MZHsUd3=nTk=Yi)YKfA^pisa?$e$$z$b^EiE^V7%8xo7`2bd8qBiAJQ6uJ)j}X1$LU`&# zF%mBMISa2$WJwzQ#m;41T+oDP+iK@ zraJYhP>rfor%KhTTJ@?}&8k+n%GIuV^{ZeFt60ZM*0P%QtY}TETGz_fwz~DLaE+^6 L=StVQjuikq$h1)K diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-over.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-over.gif deleted file mode 100644 index 3e5365983667ec59d61b33063dde7f3fcdf5f00d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1473 zcmV;y1wQ&mNk%w1VaNeI0J8u9|NsAHW@gOH%*_A)GiGL)nVHPY|IGi)W|^6pnapN0 zW-~K00000pGiCrYGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppVuR;(kj9_rF2owanq)fnUHkHt* zbV^0_gxIWbQK))90-jggX*B0!3ljFdBvS(=`onwFQCpfQ|SrKzfQh@-B4t172sv9-2Rd9JPtx4pi< zk%~pI0tKymnZU}+%u~l~$rJ*jY>rO7PO#0}zKPlx&tg8~}!)#nf9y8|vfe z#zpec6~^-WJ{$F7T-fnDH(?*Xg7>&7WRZ&v!3*I=1<(*th&DBQxMZj%;fJCP{ zDBy05xeCxQ%o2&AVU~jnV}dA&W#WgBLp0E2z-xj_VHm1aOxcpnPzD%w676UboI|H# z9?G1`VNZyod!!mIh_jCcHcFd974s7ny0BX%l+6ioX$6`+smk@RR)|dyI2jzQ%fJuT zj9>F=iECk}IgS(r>y@w)=>=q#wry zaCCEH!XZVAt)P53;_u&%cB#Ak?>U;wrO$>u;<|bZb$K<$w|@d?BD{3|cEL_v5XYTy zV`b43f~e{7%}TP#M-_b|KxUY8O$nG_P5wc44qxYRWFThRMKzrqDDAP?TGdH77lk4~ zmS17p5vT!TdcfosbK)?@(To|CSC=-oVMkt%F3JaE2p*DX9zahDqSJQbK^f$DOp)ay zisfanl73i*Q&MP?C8=auF>Ym}PfY=NC6Z`f;O1&5MhVG@THc5vmhMy}nUrQmw>wtQ&nJ2Ayp30V^kB%BHhZDdmE*8Kd8IDbZ32PU&v)LEIb#bj^({rS*J1(*t zTGVV1nW*cpYSZ$OY8!NpTG6)jZj%)VSVgu|!^8Fq5I-ElQzfJvxN4}m@;Yl&#{-ot z(kXs{OjE?ORZM88-a-mtaSEP5Zn^VricU3+Mc6@XKgCs67s|pc*KH7=8}Fa2vd9@? zBNb*)$&NbIl;f<5gfLhCJD|DzkJU2Stn|jyt|7 z=qK5g6?u}JAK~{(ib)4GL^4*xtzhB(#|#cNAOCG*yv5Ui&s8i><}mS3BK(c= zno=9MqtU{d$1_Sa#PP*x$(CzQb;3J#F4MDuwfMP_`NVl7oB->6$pr=~^^k$4;zmJ{ z2mnQP)!lYnZ{WA?I_bz$ zjTSlTJ6?SF>tmn4gjTHCwQos{Gh8B6LN(rbgInE7TLJ^fjRU&odqtAX@3=NW#0d{< zbi1C_J_8-(P_SMbgq)WEle)Ytr-M@~RQ~8TvRz2UUKYUN2?c1Z?`3aL0m}$MV8}LR zrSDE>(Z%fQ$124YZ-+~x-Y{%KGwVoEM^Drf*I+J3GV*+`cB`_V#yAH>=@jD!0J6ss zsBlKr8Nr8ts0THO;IT5=@s4=RqaOFj$3FV;kAMuMAO}gvLK^arh)kp+7s<#*I`WZ_ bjHDzdNy$oD@{*X$q$W4X$xeE5k^lfZ*CEAU diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-preface.gif b/usr.sbin/httpd/htdocs/manual/mod/mod_ssl/ssl_template.title-preface.gif deleted file mode 100644 index 3189868d92f067f2f8a90dae1f2872ff911992e3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1123 zcmV-p1f2UvNk%w1Va5PC0J8u9|NsAHW@a-pGtA7)%>VzHnVHPY|IGi)nVHNpW@cuY znE*30W;130001)pGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002S0672v z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4b_pZQpo4%>0D+K$D3$qJeg61)C{jt{VA0ZwBi|*=8V~g+PIV zYHf*9afpdLi;P^80FY~vm@$=00imLyl}C<$l>wZcGpTQ-RFjJWtY@wqno}@0Ad7?@ zIw?OU!y>mFr8T3YrvL+@7*SJ9$kQ89pG>P3*wf7#-AG>B701_HO;fbax$6|UT)z?p z0`;Hv^;YnM_}k>{VV?|QEV;8_(Fj0}{s}+C zLnv$ToRd+5v4o~1~rV-D1oHQ9V^kvG_vvJ(4s>de4LOo!%jxD ze9B~q5|%xd6k;ZgC7~l34NWg-?IU#!tx}@U26fqNrM#^vsj3sjrD(a39fG!mIu^;z znn}v|GBgF?EQxBg4G=i3Y>|lX{_Vm0Mvb#L_yP>Ru(_)>#Ja?8=~>rL-?$U)N=QBV zGq}W;M`j(3!7&jut^v@)XYZyD+ACF)F7oRu2IC+b>xi;;X6%azEtPxZ*L4ujDn0khq3!qzwuO5|=_I=!{|ANs_ufI_SazC6 z#uT;zZON5q%5S0J=ip;Z-G`rMD6x0M2on~8$bN#HlAUNBYPTJI7d(@ch7^X7-B2Hv z_}y?xT+m#GC$?uJTmT&AVu^BaHlY_OG8kEj6(-@^jcfE6-Ulzr6ysJ)a5AC=Ofr%r zilC{nL;(jD;iP$C06C?3%Pi9bIrD9ZWkPAj8RwQdP7o$h1ks4Zm<|0njhujraweB2 zTp5s&BwY8&HzTf8CU+@>^=OS204RiOcQ!B`c)F~#UQZQJ7OAMjAUc6$uYA;*bQ!Rg zop8T>Hy~%5-en#KkI_5aQ?t#jYZ$pOpT-38}M2$n$H2+;p+p zu;R6sX{~K)D#^0&<=SnFB=*T?o#!H0X>f~DV@=FiNqY4 zD#5QfX~h%pH*VoXY6*s}TUWuNb{6m`54jViAiDZRm$eGtI_aJn1bjzP*A0m;jO|L< znvyCsyyH;~qRXO8MP=!(om(lpFbOWdT$PY4(`(j5&{|>|&D($rrMQP$qUwDe<#FfH zP)Pz99vvv{LC>|_xJ0l)N9Sc5wr%QlKNjU#3kd}(5el0kwEZO%nx*k2-1F2;)ZAVy0W@ee0nas@p%>T@pnapN0 zW&krYW|^4)001)pGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@Tu*8yJtsq;f!%B%9Ev zbV}6;8rZCM%f$);hTb4>?FOpow0g~+l)LbFBf!K3|?Klre~joTa9xLY|+3hA)zssIjuMFRH6@XE2tRw7tH+ zBDQ$}#Kpw|!dk5?yIlgIz|qpvZgII8V|dWaam&=-;IYEj8lz?$Pae%&An7~qEAS)o zB1qx)B;y`(uoPpeU%XXVw*{R6fM7NlTR6}F84L~q8W1>P%tB(J9GamB(VUim{vR}& z*@my=1$`Yn795z2&@yB&cd9};6yiDyyHycZ zncif=si>FB+P{;8Zskg$?N+mNzu7H^S3=>Zi}fIuX<;kh#SOM?9&}-JR)3(eFpUgs zat2|3Q)4-k*)iyTo&j8j)5^5AtFmW13EqG;KGzorZaJg;<1snSZ}NK{2byQBUx@Le z;2Rfe;tiN2qkh^rIOGixu*qE zMs;JJWY%b)6dZaOn1w(Rsz%>n7j|J5exbYq6IzPx)f99CkqAJA!dalwT(-QW+k6W~ z1KUhACf4F>aD;*%cMxXa)HMPwqaX%D?sox-b)a{a7L=ffjZQI2v)d|q;KxygnCw`M zh8jQ#fE*-YN!e3X<#ZZ;V39@6j~dtlS(M^{$Auzdc8Ot8UTTSB7j@JppJ5L6xTJ_D zordC@PP~-kn1I6h%apu~_|%?U)S+jcK9<*DdW+f_-=K3+`d*nKSQ#jxj?x0DfC0*h z1tofRCrBdUImtOe{G!`&$>DPR8bW&wVwF##e5H*N|7 zim3_P3$cyb3T!TVaw}-98M-R1poN}e?FY-^p{=UscJ^(upZ4miBIME=@3iRxx~>Q9 zR`zb3Fj}^qx3_}prMM#Iizl$>`r4|$1*dfEz_PdoZFmUJdC|uoTe>iWAeUSWB@W|f z^2!m1O6_U?TAbC&C1XtRq&)g*FwXOM$u9{hI}F0lWSwJ6nj1K2GgQcJ49(Fe#Ofu` z&dSSk2t-f(o-nHw1z)90n}i;KJ5BvsP|tdaBvo@+4K}A&pY&GNTLM~@ixYUIRi_T( z6n4fj+c)Xjr_QmAp3TOMu-}3!Q<~Y2&(<5da03c0B>!3D0yXA&Ao_PBO8#Yt&KJyS z2;#zUPDqDUvlV!`l1u7xzwae3aot{s#3!Sfe_o1`_7ZC3%UnKO?}@MH%B$^LP{ego zP}03~qu3pOH0g~|?zdHTX1!$R}5mE12i zd)poKh+_x`!iZs*@Lr@Ws6Px&?@k*N#5TzH!mS`BeO(F81GHL*YN zO)7>5>|jr5w+dq=@JP4OkM^{-JSx7z8|^~c5TgB1MCHA$hlvmf4gL2C`%wUggmFvc zW~aa^eh?@bP$3sQx5Yhlabx`uUyz=3r{rvgac*lK!1RJP_VJK^$nqmlR`Vd4;H{2u zvPdMpKt~e{AR=<{PYogx2%1#V2AFitC-Y`NLJ*^CkW8g2SINp&y7HBVzHnVBT@pnapN0 zW&i*HW|^4)Gcz*)GXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppVZ$a<>z@QMA8U|3t9Vt){3f#jkX!_smGtR}!R}Y{FcZT5In}R`Lmx2qg`K!S1;Y14+rI?GDhG2+{{!yZ( znI;D0LV}+}IBeGIA^?*vDH@EivYAH^Fl|XXRMT3^33$Me5O(QFO+PVn#+0D6%(-fJ9K|0U5ORR~Vo|7hS1ZU3;Sj1q zL8R!q5d1IPS|2Y6V?aAs@d>r##;T$6bKfz^=_>1`TE}W5&B5}vWw+NDp06+2XxPFA zbOlzYu4qj&sIc3)n7z230Na#oC$x7n#+X|-3dk37!Ky72n&&jx`RNjqbD0Z zxBbb7=V-96ZbT9Qc(3Jeofj0Q`HRKbJqVc=m;SBN+PiKmeu;B@G8 zV-hzOl*VFEp^*gwM-ckbqAD3)aO01g-Gh{h5=e*#eqAkeV{d zqY7GzdXJ~XwE3Q?I0D5Ht=A}d3Nx2t`f4J5BD%-+J_ZPoZ6{Dnl?9?th9mqAwHHFMryGXJqPW(gI1e{YuohFC1}VYw2epq zhM?rUNh0bk8U)X%Do#s^qGU^U7F=&??naxcu@@g)>xIKICf!SC5In()-EBuwz!Xm$ zX+IiEaRrICr6I7vV$%HaIMSvdVXzXP+cHC7!fWwuFw&O6da`s|!8X{TH5_jXZ(t=~ zgK~Pbhd(cH1=1Si3xbkE+02<~W1En3L+)T(w9MmH41m`e9HVy6Y!6*`+s@E5Hz|Nr zy|>-9x&t=`Tz^ON%yO4a%GtC0EdhzWU@fFFQaw$qwf~Y^05jfq10G(GD@?r@x1yP} zFw}%gx=y!5x>Iftb)cK!_~XFA;>hY!!+Q&_ z^V!b0;fc>qwi;1)AmO1t2k)*_Zz`YqV#2%qHaFQfuQCPe#^Sj~8*FbYh>E6k{irH+ zTYKEc3+r?IweTL%z{jd5S+89KGzj$4A+pQmjUpS$o8^9I5&N);cI$Ihz4m9K{&CM} z9FU&??Pz)B00pjp<&G7AeBYpIGpbJDSkN&8}LyjS&iv!AB2~Zcp01h!_BxHvP z@1sO>rE!H!3Eu$&gsr~(1Z7tgB8W8An?AAvaT#3I;lRkgh=s5+>+u~8D|p7;sqtHW zjAY~*$;8fKpnZYNfPh$3JUs4?jJMbv4Z3tDU!luof;!^`h(aIvsSkuBWSJ4e2*MJ? zvPW0!6zKx>!eKG(WPZyS|MK=cLK;tL*3BIf0uXqrGda6pr3Y1r-pWuZ&-(}^j(r&zMgK?5 zBJ#5fl{v>NrvNdPz7cypTmWhk`l{Bwj;4m3QPQYF&Pz@drmWg%js982v>H&DOi`9V ziMqs!y(cTpx|%t)`P6D=jY&NSj$T>XwP9gPJ~`tPa}fJQ&g{%#=-g3SwOSvx(vekL zyAQ5v+SDUvjTqdSL>1#Xzi-;KN2OiTt$MJca`kdz+}Uh}rbwx|s+G1>sDikP$|H{$ zv#zm1VnqC8)qd8b4eXRHR`bdK&5lmivP&D59KA%_WoV2)(8(5b98>&J`4tg$-Yt%C`xbKZd3Ho+;hB(l_NmuaN;v=GKIBY2us z2t)8HnRN?DUZ$z^H1bVUn89pf0mUGX1I$o-37YkbVSSo7!|A}tnmZ`q6`FEI2P)nu zlcyVwexnIhIO+?$nOi@D*8|Yq!HPbZpj)E^x&(}V1!WAq0!Etx3?U`7qRU|EK(m%O zPLMPeD7}ss6T*0|2Ku6NDrUi5+StyvwztjgZhQON;10LA$6aawJAcVzHnVBT@pnapN0 zW&krY0001HnVB;HGXMZHA^sLeNk$-3ZDDeBQ(<;xav)Y^axpG3VE`-u0002U0XzTz z1pW}nNvpj$>&?6WU?`4cX`X1Ru59bRa4gSsZQppV?|kq7z@Tur6Bv)kq;i=g_Lu@0 zH0rEcuhju#%k6rPd10+YjA>tgd=Knh+TFm zeqeoPfM1J+l$Di-iHVaZjbD#{F_?;$q@{wQnRA;aonD`gp<%10w6#B|sb{k!tzEC4 zv4OV3#5}mU!gr8Zy?h=9=O9hY zN*(I$`1$s_7I=Gm8T|bVP=JCqG#&~B@K$icKt2W)4iGp{gTylf2vV_dPoKw+{uAC+ zIG7^DWN0CpZG)?jQ8^7wMhc3opD(KQcjyh z0VKV~fTvHOSj7pQa1*CdWQz(=t#bimn645ICX#tItJ`T?(?*@}w2M-H62y)r+cXzi z0DHF#pwRZMVOw#f&XrJ?%UxM{18P>U#T2_>YYvLGp&aS9qLdt7QT zr>1qD11e@asp_Msj+Uyc38w2%_ z7B9Lv3Sh^Mw9K`zRRAur;X-TfJ|kA^MUsuCs_v?l7K&;Y8+NO$kE87Z9l7P4>o2ak zzKa?L9L76nyEX+xAh%$!YcPt(6iA`7|N5I4!}3l5Zji+BW-qyV+H@xY3VUKYw6>Eo%X5_4fx390Gj@0S086cDlAFZ-GQ8<>9bA z3h7aR5gG_!qhJ~VaeYSFD)0UG;D;~%_~e&w{`u&qum1Y%x9|S@@W(Iz{Pfpv|NZ#q SumAr1_wWDz01Ti60029Q0%;8Z diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_status.html b/usr.sbin/httpd/htdocs/manual/mod/mod_status.html deleted file mode 100644 index cf0f9d6aa3e..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_status.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - Apache module mod_status - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_status

- -

This module provides information on server activity and - performance.

- -

Status: Base
- Source File: mod_status.c
- Module Identifier: - status_module
- Compatibility: Available in - Apache 1.1 and later.

- -

Summary

- -

The Status module allows a server administrator to find out - how well their server is performing. A HTML page is presented - that gives the current server statistics in an easily readable - form. If required this page can be made to automatically - refresh (given a compatible browser). Another page gives a - simple machine-readable list of the current server state.

- -

The details given are:

- -
    -
  • The number of children serving requests
    • - -
  • The number of idle children
    • - -
  • The status of each child, the number of requests that - child has performed and the total number of bytes served by - the child (*)
    • - -
  • A total number of accesses and byte count served (*)
    • - -
  • The time the server was started/restarted and the time it - has been running for
    • - -
  • Averages giving the number of requests per second, the - number of bytes served per second and the average number of - bytes per request (*)
    • - -
  • The current percentage CPU used by each child and in - total by Apache (*)
    • - -
  • The current hosts and requests being processed (*)
    • -
- -

Details marked "(*)" are only available with - ExtendedStatus On.

- -

Directives

- - - -

Enabling Status Support

- To enable status reports only for browsers from the foo.com - domain add this code to your httpd.conf - configuration file -
-    <Location /server-status>
-    SetHandler server-status
-
-    Order Deny,Allow
-    Deny from all
-    Allow from .foo.com
-    </Location>
-
- -

You can now access server statistics by using a Web browser - to access the page - http://your.server.name/server-status

- -

Alternatively, if you have lynx installed, you can - also get a server statics report from the command line by running - the command apachectl status, or, for the extended - status report, apachectl fullstatus. See the apachectl documentation for - additional details.

- -

Note that mod_status will only work when you are running - Apache in standalone mode - and not inetd mode.

- -

Automatic Updates

- You can get the status page to update itself automatically if - you have a browser that supports "refresh". Access the page - http://your.server.name/server-status?refresh=N to - refresh the page every N seconds. - -

Machine Readable Status File

- A machine-readable version of the status file is available by - accessing the page - http://your.server.name/server-status?auto. This - is useful when automatically run, see the Perl program in the - /support directory of Apache, - log_server_status. - -
- It should be noted that if mod_status is - compiled into the server, its handler capability is available - in all configuration files, including - per-directory files (e.g., - .htaccess). This may have security-related - ramifications for your site. -
-
- -

ExtendedStatus - directive

- - Syntax: ExtendedStatus - On|Off
- Default: ExtendedStatus - Off
- Context: server config
- Status: Base
- Module: mod_status
- Compatibility: ExtendedStatus - is only available in Apache 1.3.2 and later. - -

This directive controls whether the server keeps track of - extended status information for each request. This is only - useful if the status module is enabled on the server.

- -

This setting applies to the entire server, and cannot be - enabled or disabled on a virtualhost-by-virtualhost basis.

- -
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_unique_id.html b/usr.sbin/httpd/htdocs/manual/mod/mod_unique_id.html deleted file mode 100644 index 3f7b31a700a..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_unique_id.html +++ /dev/null @@ -1,220 +0,0 @@ - - - - - - - - Apache module mod_unique_id - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_unique_id

- -

This module provides an environment variable with a unique - identifier for each request.

- -

Status: Extension
- Source File: - mod_unique_id.c
- Module Identifier: - unique_id_module
- Compatibility: Available in - Apache 1.3 and later.

- -

Summary

- -

This module provides a magic token for each request which is - guaranteed to be unique across "all" requests under very - specific conditions. The unique identifier is even unique - across multiple machines in a properly configured cluster of - machines. The environment variable UNIQUE_ID is - set to the identifier for each request. Unique identifiers are - useful for various reasons which are beyond the scope of this - document.

- -

Directives

- -

This module has no directives.

- -

Theory

- -

First a brief recap of how the Apache server works on Unix - machines. On Unix machines, Apache creates several children, - the children process requests one at a time. Each child can - serve multiple requests in its lifetime. For the purpose of - this discussion, the children don't share any data with each - other. We'll refer to the children as httpd processes.

- -

Your website has one or more machines under your - administrative control, together we'll call them a cluster of - machines. Each machine can possibly run multiple instances of - Apache. All of these collectively are considered "the - universe", and with certain assumptions we'll show that in this - universe we can generate unique identifiers for each request, - without extensive communication between machines in the - cluster.

- -

The machines in your cluster should satisfy these - requirements. (Even if you have only one machine you should - synchronize its clock with NTP.)

- -
    -
  • The machines' times are synchronized via NTP or other - network time protocol.
    • - -
  • The machines' hostnames all differ, such that the module - can do a hostname lookup on the hostname and receive a - different IP address for each machine in the cluster.
    • -
- -

As far as operating system assumptions go, we assume that - pids (process ids) fit in 32-bits. If the operating system uses - more than 32-bits for a pid, the fix is trivial but must be - performed in the code.

- -

Given those assumptions, at a single point in time we can - identify any httpd process on any machine in the cluster from - all other httpd processes. The machine's IP address and the pid - of the httpd process are sufficient to do this. So in order to - generate unique identifiers for requests we need only - distinguish between different points in time.

- -

To distinguish time we will use a Unix timestamp (seconds - since January 1, 1970 UTC), and a 16-bit counter. The timestamp - has only one second granularity, so the counter is used to - represent up to 65536 values during a single second. The - quadruple ( ip_addr, pid, time_stamp, counter ) is - sufficient to enumerate 65536 requests per second per httpd - process. There are issues however with pid reuse over time, and - the counter is used to alleviate this issue.

- -

When an httpd child is created, the counter is initialized - with ( current microseconds divided by 10 ) modulo 65536 (this - formula was chosen to eliminate some variance problems with the - low order bits of the microsecond timers on some systems). When - a unique identifier is generated, the time stamp used is the - time the request arrived at the web server. The counter is - incremented every time an identifier is generated (and allowed - to roll over).

- -

The kernel generates a pid for each process as it forks the - process, and pids are allowed to roll over (they're 16-bits on - many Unixes, but newer systems have expanded to 32-bits). So - over time the same pid will be reused. However unless it is - reused within the same second, it does not destroy the - uniqueness of our quadruple. That is, we assume the system does - not spawn 65536 processes in a one second interval (it may even - be 32768 processes on some Unixes, but even this isn't likely - to happen).

- -

Suppose that time repeats itself for some reason. That is, - suppose that the system's clock is screwed up and it revisits a - past time (or it is too far forward, is reset correctly, and - then revisits the future time). In this case we can easily show - that we can get pid and time stamp reuse. The choice of - initializer for the counter is intended to help defeat this. - Note that we really want a random number to initialize the - counter, but there aren't any readily available numbers on most - systems (i.e., you can't use rand() because you need - to seed the generator, and can't seed it with the time because - time, at least at one second resolution, has repeated itself). - This is not a perfect defense.

- -

How good a defense is it? Suppose that one of your machines - serves at most 500 requests per second (which is a very - reasonable upper bound at this writing, because systems - generally do more than just shovel out static files). To do - that it will require a number of children which depends on how - many concurrent clients you have. But we'll be pessimistic and - suppose that a single child is able to serve 500 requests per - second. There are 1000 possible starting counter values such - that two sequences of 500 requests overlap. So there is a 1.5% - chance that if time (at one second resolution) repeats itself - this child will repeat a counter value, and uniqueness will be - broken. This was a very pessimistic example, and with real - world values it's even less likely to occur. If your system is - such that it's still likely to occur, then perhaps you should - make the counter 32 bits (by editing the code).

- -

You may be concerned about the clock being "set back" during - summer daylight savings. However this isn't an issue because - the times used here are UTC, which "always" go forward. Note - that x86 based Unixes may need proper configuration for this to - be true -- they should be configured to assume that the - motherboard clock is on UTC and compensate appropriately. But - even still, if you're running NTP then your UTC time will be - correct very shortly after reboot.

- -

The UNIQUE_ID environment variable is - constructed by encoding the 112-bit (32-bit IP address, 32 bit - pid, 32 bit time stamp, 16 bit counter) quadruple using the - alphabet [A-Za-z0-9@-] in a manner similar to MIME - base64 encoding, producing 19 characters. The MIME base64 - alphabet is actually [A-Za-z0-9+/] however - + and / need to be specially encoded - in URLs, which makes them less desirable. All values are - encoded in network byte ordering so that the encoding is - comparable across architectures of different byte ordering. The - actual ordering of the encoding is: time stamp, IP address, - pid, counter. This ordering has a purpose, but it should be - emphasized that applications should not dissect the encoding. - Applications should treat the entire encoded - UNIQUE_ID as an opaque token, which can be - compared against other UNIQUE_IDs for equality - only.

- -

The ordering was chosen such that it's possible to change - the encoding in the future without worrying about collision - with an existing database of UNIQUE_IDs. The new - encodings should also keep the time stamp as the first element, - and can otherwise use the same alphabet and bit length. Since - the time stamps are essentially an increasing sequence, it's - sufficient to have a flag second in which all machines - in the cluster stop serving and request, and stop using the old - encoding format. Afterwards they can resume requests and begin - issuing the new encodings.

- -

This is a relatively portable solution. It is extended to - multithreaded systems like Windows NT, which add the thread-id - to the ID, producing a 144-bit (including 32-bit tid) quadruple - that generates a 24 character UNIQUE_ID value. The identifiers - generated have essentially an infinite life-time because future - identifiers can be made longer as required. Essentially no - communication is required between machines in the cluster (only - NTP synchronization is required, which is low overhead), and no - communication between httpd processes is required (the - communication is implicit in the pid value assigned by the - kernel). In very specific situations the identifier can be - shortened, but more information needs to be assumed (for - example the 32-bit IP address is overkill for any site, but - there is no portable shorter replacement for it). This module - may be extended to include an entire IPv6 address, but that is - overkill for nearly all server configurations. -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html b/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html deleted file mode 100644 index b896dffb0ef..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_userdir.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - Apache module mod_userdir - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_userdir

- -

This module provides for user-specific directories.

- -

Status: Base
- Source File: - mod_userdir.c
- Module Identifier: - userdir_module

- -

Directives

- - -
- -

UserDir directive

- - Syntax: UserDir - directory-filename
- Default: UserDir - public_html
- Context: server config, virtual - host
- Status: Base
- Module: mod_userdir
- Compatibility: All forms except - the UserDir public_html form are only available in - Apache 1.1 or above. Use of the enabled keyword, - or disabled with a list of usernames, is only - available in Apache 1.3 and above. - -

The UserDir directive sets the real directory in a user's - home directory to use when a request for a document for a user - is received. Directory-filename is one of the - following:

- -
    -
  • The name of a directory or a pattern such as those shown - below.
    • - -
  • The keyword disabled. This turns off - all username-to-directory translations except those - explicitly named with the enabled keyword (see - below).
    • - -
  • The keyword disabled followed by a - space-delimited list of usernames. Usernames that appear in - such a list will never have directory translation - performed, even if they appear in an enabled - clause.
    • - -
  • The keyword enabled followed by a - space-delimited list of usernames. These usernames will have - directory translation performed even if a global disable is - in effect, but not if they also appear in a - disabled clause.
    • -
- -

If neither the enabled nor the - disabled keywords appear in the - Userdir directive, the argument is treated as a - filename pattern, and is used to turn the name into a directory - specification. A request for - http://www.foo.com/~bob/one/two.html will be - translated to:

-
-UserDir public_html     -> ~bob/public_html/one/two.html
-UserDir /usr/web        -> /usr/web/bob/one/two.html
-UserDir /home/*/www     -> /home/bob/www/one/two.html
-
- -

The following directives will send redirects to the - client:

-
-UserDir http://www.foo.com/users -> http://www.foo.com/users/bob/one/two.html
-UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html
-UserDir http://www.foo.com/~*/   -> http://www.foo.com/~bob/one/two.html
-
- -
- Be careful when using this directive; for instance, - "UserDir ./" would map - "/~root" to "/" - which is probably - undesirable. If you are running Apache 1.3 or above, it is - strongly recommended that your configuration include a - "UserDir disabled root" declaration. - See also the <Directory> directive - and the Security - Tips page for more information. -
- -

Additional examples:

- -

To allow a few users to have UserDir directories, but -not anyone else, use the following:

- -
-UserDir disabled
-UserDir enabled user1 user2 user3
-
- -

To allow most users to have UserDir directories, but -deny this to a few, use the following:

- -
-UserDir enabled
-UserDir disabled user4 user5 user6
-
- -
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html b/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html deleted file mode 100644 index 9dbb3fef431..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_usertrack.html +++ /dev/null @@ -1,306 +0,0 @@ - - - - - - - Apache module mod_usertrack - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_usertrack

- -

This module uses cookies to provide for a - clickstream log of user activity on a site.

- -

Status: Extension
- Source File: - mod_usertrack.c
- Module Identifier: - usertrack_module
- Compatibility: Known as - mod_cookies prior to Apache 1.3.

- -

Summary

- -

Previous releases of Apache have included a module which - generates a 'clickstream' log of user activity on a site using - cookies. This was called the "cookies" module, mod_cookies. In - Apache 1.2 and later this module has been renamed the "user - tracking" module, mod_usertrack. This module has been - simplified and new directives added.

- -

Directives

- - - -

Logging

- -

Previously, the cookies module (now the user tracking - module) did its own logging, using the CookieLog - directive. In this release, this module does no logging at all. - Instead, a configurable log format file should be used to log - user click-streams. This is possible because the logging module - now allows multiple log files. - The cookie itself is logged by using the text - %{cookie}n in the log file format. For example:

-
-CustomLog logs/clickstream "%{cookie}n %r %t"
-
- For backward compatibility the configurable log module - implements the old CookieLog directive, but this - should be upgraded to the above CustomLog directive. - -

2-digit or 4-digit dates for cookies?

- (the following is from message - <022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com> - in the new-httpd archives) -
-From: "Christian Allen" <christian@sane.com>
-Subject: Re: Apache Y2K bug in mod_usertrack.c
-Date: Tue, 30 Jun 1998 11:41:56 -0400
-
-Did some work with cookies and dug up some info that might be useful.
-
-True, Netscape claims that the correct format NOW is four digit dates, and
-four digit dates do in fact work... for Netscape 4.x (Communicator), that
-is.  However, 3.x and below do NOT accept them.  It seems that Netscape
-originally had a 2-digit standard, and then with all of the Y2K hype and
-probably a few complaints, changed to a four digit date for Communicator.
-Fortunately, 4.x also understands the 2-digit format, and so the best way to
-ensure that your expiration date is legible to the client's browser is to
-use 2-digit dates.
-
-However, this does not limit expiration dates to the year 2000; if you use
-an expiration year of "13", for example, it is interpreted as 2013, NOT
-1913!  In fact, you can use an expiration year of up to "37", and it will be
-understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
-about versions previous to those).  Not sure why Netscape used that
-particular year as its cut-off point, but my guess is that it was in respect
-to UNIX's 2038 problem.  Netscape/MSIE 4.x seem to be able to understand
-2-digit years beyond that, at least until "50" for sure (I think they
-understand up until about "70", but not for sure).
-
-Summary:  Mozilla 3.x and up understands two digit dates up until "37"
-(2037).  Mozilla 4.x understands up until at least "50" (2050) in 2-digit
-form, but also understands 4-digit years, which can probably reach up until
-9999.  Your best bet for sending a long-life cookie is to send it for some
-time late in the year "37".
-
-
- -

CookieDomain - directive

- Syntax: CookieDomain domain
- Context: server config, virtual host, - directory, .htaccess
- Status: optional
- Module: mod_usertrack Compatibility: Apache 1.3.21 - and later - -

This directive controls the setting of the domain to which - the tracking cookie applies. If not present, no domain is - included in the cookie header field.

- -

The domain string must begin with a dot, and - must include at least one embedded dot. That is, - ".foo.com" is legal, but "foo.bar.com" and ".com" are not.

-
- -

CookieExpires directive

- Syntax: CookieExpires - expiry-period
- Context: 1.3.20 and - earlier: server config, virtual host; 1.3.21 and - later: server config, virtual host, directory, - .htaccess
- Status: optional
- Module: mod_usertrack - -

When used, this directive sets an expiry time on the cookie - generated by the usertrack module. The expiry-period - can be given either as a number of seconds, or in the format - such as "2 weeks 3 days 7 hours". Valid denominations are: - years, months, weeks, hours, minutes and seconds. If the expiry - time is in any format other than one number indicating the - number of seconds, it must be enclosed by double quotes.

- -

If this directive is not used, cookies last only for the - current browser session.

-
- -

CookieFormat directive

- Syntax: CookieFormat - Normal | Compact
- Context: server config, virtual host, directory, - .htaccess
- Status: optional
- Module: mod_usertrack Compatibility: Apache 1.3.28 - and later - -

When used, this directive determines whether the cookie - used for user tracking is created using the default ("normal") - format (eg: decimal values for items like the PID) or - using a more compact format (eg: hexidecimal values).

- -
- -

CookieName - directive

- Syntax: CookieName - token
- Default: Apache
- Context: server config, virtual - host, directory, .htaccess
- Status: optional
- Module: mod_usertrack
- Compatibility: Apache 1.3.7 and - later - -

This directive allows you to change the name of the cookie - this module uses for its tracking purposes. By default the - cookie is named "Apache".

- -

You must specify a valid cookie name; results are - unpredictable if you use a name containing unusual characters. - Valid characters include A-Z, a-z, 0-9, "_", and "-".

-
- -

CookiePrefix directive

- Syntax: CookiePrefix - "string"
- Context: server config, virtual host, directory, - .htaccess
- Status: optional
- Module: mod_usertrack Compatibility: Apache 1.3.28 - and later - -

When used, this directive allows for the "string" - to be prepended to the user tracking cookie. Care must be - taken not to prepend a string that would result in a bogus - cookie.

- -
- -

CookieStyle - directive

- Syntax: CookieStyle - Netscape|Cookie|Cookie2|RFC2109|RFC2965
- Context: server config, virtual host, - directory, .htaccess
- Status: optional
- Module: mod_usertrack - -

This directive controls the format of the cookie header - field. The three formats allowed are:

- -
    -
  • Netscape, which is the original but now deprecated - syntax. This is the default, and the syntax Apache has - historically used.
    • - -
  • Cookie or RFC2109, which is the syntax that - superseded the Netscape syntax.
    • - -
  • Cookie2 or RFC2965, which is the most - current cookie syntax.
    • -
- -

Not all clients can understand all of these formats. but you - should use the newest one that is generally acceptable to your - users' browsers.

-
- -

CookieTracking directive

- Syntax: CookieTracking - on|off
- Context: server config, virtual - host, directory, .htaccess
- Override: FileInfo
- Status: optional
- Module: mod_usertrack - -

When the user track module is compiled in, and - "CookieTracking on" is set, Apache will start sending a - user-tracking cookie for all new requests. This directive can - be used to turn this behavior on or off on a per-server or - per-directory basis. By default, compiling mod_usertrack will - not activate cookies.

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html b/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html deleted file mode 100644 index c6da22eb0ef..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/mod_vhost_alias.html +++ /dev/null @@ -1,335 +0,0 @@ - - - - - - - Apache module mod_vhost_alias - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Module mod_vhost_alias

- -

This module provides support for dynamically configured mass virtual - hosting.

- -

Status: Extension
- Source File: - mod_vhost_alias.c
- Module Identifier: - vhost_alias_module
- Compatibility: Available in - Apache 1.3.7 and later.

- -

Summary

- -

This module creates dynamically configured virtual hosts, by - allowing the IP address and/or the Host: header of - the HTTP request to be used as part of the pathname to - determine what files to serve. This allows for easy use of a - huge number of virtual hosts with similar configurations.

- -

Directives

- - - -

See also: UseCanonicalName.

- -

Directory Name Interpolation

- -

All the directives in this module interpolate a string into - a pathname. The interpolated string (henceforth called the - "name") may be either the server name (see the UseCanonicalName - directive for details on how this is determined) or the IP - address of the virtual host on the server in dotted-quad - format. The interpolation is controlled by specifiers inspired - by printf which have a number of formats:

- -
-
%%
- -
insert a %
- -
%p
- -
insert the port number of the virtual host
- -
%N.M
- -
insert (part of) the name
-
- -

N and M are used to specify - substrings of the name. N selects from the - dot-separated components of the name, and M - selects characters within whatever N has selected. - M is optional and defaults to zero if it isn't - present; the dot must be present if and only if M - is present. The interpretation is as follows:

- -
-
0
- -
the whole name
- -
1
- -
the first part
- -
2
- -
the second part
- -
-1
- -
the last part
- -
-2
- -
the penultimate part
- -
2+
- -
the second and all subsequent parts
- -
-2+
- -
the penultimate and all preceding parts
- -
1+ and -1+
- -
the same as 0
-
- -

If N or M is greater than the - number of parts available a single underscore is - interpolated.

- -

Examples

- -

For simple name-based virtual hosts you might use the - following directives in your server configuration file:

-
-    UseCanonicalName    Off
-    VirtualDocumentRoot /usr/local/apache/vhosts/%0
-
- -

A request for - http://www.example.com/directory/file.html will be - satisfied by the file - /usr/local/apache/vhosts/www.example.com/directory/file.html.

- -

For a very large number of virtual hosts it is a good idea - to arrange the files to reduce the size of the - vhosts directory. To do this you might use the - following in your configuration file:

-
-    UseCanonicalName    Off
-    VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2
-
- A request for - http://www.example.isp.com/directory/file.html - will be satisfied by the file - /usr/local/apache/vhosts/isp.com/e/x/a/example/directory/file.html. - A more even spread of files can be achieved by hashing from the - end of the name, for example: -
-    VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.-1/%2.-2/%2.-3/%2
-
- The example request would come from - /usr/local/apache/vhosts/isp.com/e/l/p/example/directory/file.html. - Alternatively you might use: -
-    VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2.4+
-
- -

The example request would come from - /usr/local/apache/vhosts/isp.com/e/x/a/mple/directory/file.html.

- -

For IP-based virtual hosting you might use the following in - your configuration file:

-
-    UseCanonicalName DNS
-    VirtualDocumentRootIP   /usr/local/apache/vhosts/%1/%2/%3/%4/docs
-    VirtualScriptAliasIP    /usr/local/apache/vhosts/%1/%2/%3/%4/cgi-bin
-
- -

A request for - http://www.example.isp.com/directory/file.html - would be satisfied by the file - /usr/local/apache/vhosts/10/20/30/40/docs/directory/file.html - if the IP address of www.example.com were - 10.20.30.40. A request for - http://www.example.isp.com/cgi-bin/script.pl would - be satisfied by executing the program - /usr/local/apache/vhosts/10/20/30/40/cgi-bin/script.pl.

- -

If you want to include the . character in a - VirtualDocumentRoot directive, but it clashes with - a % directive, you can work around the problem in - the following way:

-
-    VirtualDocumentRoot /usr/local/apache/vhosts/%2.0.%3.0
-
- -

A request for - http://www.example.isp.com/directory/file.html - will be satisfied by the file - /usr/local/apache/vhosts/example.isp/directory/file.html.

- -

The LogFormat - directives %V and %A are useful - in conjunction with this module.

-
- -

VirtualDocumentRoot - directive

- -

Syntax: VirtualDocumentRoot - interpolated-directory
- Default: None
- Context: server config, virtual - host
- Status: Extension
- Module: mod_vhost_alias
- Compatibility: - VirtualDocumentRoot is only available in 1.3.7 and later.

- -

The VirtualDocumentRoot directive allows you to - determine where Apache will find your documents based on the - value of the server name. The result of expanding - interpolated-directory is used as the root of the - document tree in a similar manner to the DocumentRoot - directive's argument. If interpolated-directory is - none then VirtualDocumentRoot is - turned off. This directive cannot be used in the same context - as VirtualDocumentRootIP.

-
- -

VirtualDocumentRootIP - directive

- -

Syntax: VirtualDocumentRootIP - interpolated-directory
- Default: None
- Context: server config, virtual - host
- Status: Extension
- Module: mod_vhost_alias
- Compatibility: - VirtualDocumentRootIP is only available in 1.3.7 and later.

- -

The VirtualDocumentRootIP directive is like the - VirtualDocumentRoot - directive, except that it uses the IP address of the server end - of the connection instead of the server name.

-
- -

VirtualScriptAlias directive

- -

Syntax: VirtualScriptAlias - interpolated-directory
- Default: None
- Context: server config, virtual - host
- Status: Extension
- Module: mod_vhost_alias
- Compatibility: - VirtualScriptAlias is only available in 1.3.7 and later.

- -

The VirtualScriptAlias directive allows you to - determine where Apache will find CGI scripts in a similar - manner to VirtualDocumentRoot - does for other documents. It matches requests for URIs starting - /cgi-bin/, much like ScriptAlias - /cgi-bin/ would.

-
- -

VirtualScriptAliasIP - directive

- -

Syntax: VirtualScriptAliasIP - interpolated-directory
- Default: None
- Context: server config, virtual - host
- Status: Extension
- Module: mod_vhost_alias
- Compatibility: - VirtualScriptAliasIP is only available in 1.3.7 and later.

- -

The VirtualScriptAliasIP directive is like the - VirtualScriptAlias - directive, except that it uses the IP address of the server end - of the connection instead of the server name.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/mod/module-dict.html b/usr.sbin/httpd/htdocs/manual/mod/module-dict.html deleted file mode 100644 index 0d04a540cae..00000000000 --- a/usr.sbin/httpd/htdocs/manual/mod/module-dict.html +++ /dev/null @@ -1,129 +0,0 @@ - - - - - - - - Definitions of terms used to describe Apache - modules - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Terms Used to Describe Apache Modules

- -

Each Apache module is described using a common format that - looks like this:

- -
-
Status: - status
- Source - File: source-file
- Module - Identifier: module-identifier
- Compatibility: - compatibility notes
-
- -

Each of the attributes, complete with values where possible, - are described in this document.

- -

Module Terms

- - -
- -

Status

- -

This indicates how tightly bound into the Apache Web server - the module is; in other words, you may need to recompile the - server in order to gain access to the module and its - functionality. Possible values for this attribute are:

- -
-
Base
- -
A module labeled as having "Base" status is compiled and - loaded into the server by default, and is therefore normally - available unless you have taken steps to remove the module - from your configuration.
- -
Extension
- -
A module with "Extension" status is not normally compiled - and loaded into the server. To enable the module and its - functionality, you may need to change the server build - configuration files and re-compile Apache.
- -
Experimental
- -
"Experimental" status indicates that the module is - available as part of the Apache kit, but you are on your own - if you try to use it. The module is being documented for - completeness, and is not necessarily supported.
- -
External
- -
Modules which are not included with the base Apache - distribution ("third-party modules") may use the "External" - status. We are not responsible, nor do we support such - modules.
-
-
- -

Source File

- -

This quite simply lists the name of the source file which - contains the code for the module. This is also the name used by - the <IfModule> - directive.

-
- -

Module - Identifier

- -

This is a string which identifies the module for use in the - LoadModule directive when - dynamically loading modules. In particular, it is the name of - the external variable of type module in the source file.

-
- -

Compatibility

- -

If the module was not part of the original Apache version 1 - distribution, the version in which it was introduced should be - listed here.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/multilogs.html b/usr.sbin/httpd/htdocs/manual/multilogs.html deleted file mode 100644 index a0ea0072d95..00000000000 --- a/usr.sbin/httpd/htdocs/manual/multilogs.html +++ /dev/null @@ -1,123 +0,0 @@ - - - - - - - Apache Multiple Log Files - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Multiple Log Files

- It is now possible to specify multiple log files, each with a - fully customizable format. This is compatible with existing - configurations. Multiple log files are implemented as part of - the mod_log_config module - which as of Apache 1.2 is the default log module. -
- -

Using Multiple Log Files

- Multiple log files be created with either the - TransferLog or CustomLog directive. - These directives can be repeated to create more than one log - file (in previous releases, only one logfile could be given per - server configuration). The TransferLog directive - creates a log file in the standard "common log format", - although this can be customized with LogFormat. - The syntax of these two directives is the same as for the - config log module in previous Apache releases. - -

The real power of multiple log files come from the ability - to create log files in different formats. For example, as well - as a CLF transfer log, the server could log the user agent of - each client, or the referrer information, or any other aspect - of the request, such as the language preferences of the - user.

- -

The new CustomLog directive takes both a - filename to log to, and a log file format.

-
- Syntax: CustomLog filename - "format"
- Context: server config, virtual - host
- Status: base
- Module: mod_log_config - -

The first argument is the filename to log to. This is used - exactly like the argument to TransferLog, that is, - it is either a file as a full path or relative to the current - server root, or |programname. Be aware that anyone who can - write to the directory where a log file is written can gain - access to the uid that starts the server. See the security tips document for - details.

- -

The format argument specifies a format for each line of the - log file. The options available for the format are exactly the - same as for the argument of the LogFormat - directive. If the format includes any spaces (which it will do - in almost all cases) it should be enclosed in double - quotes.

- -

Use with Virtual Hosts

- If a <VirtualHost> section does not contain any - TransferLog or CustomLog directives, - the logs defined for the main server will be used. If it does - contain one or more of these directives, requests serviced by - this virtual host will only be logged in the log files defined - within its definition, not in any of the main server's log - files. See the examples below. -
- -

Examples

- To create a normal (CLF) format log file in logs/access_log, - and a log of user agents: -
-TransferLog logs/access_log
-CustomLog   logs/agents     "%{user-agent}i"
-
- To define a CLF transfer log and a referrer log which log all - accesses to both the main server and a virtual host: -
-TransferLog logs/access_log
-CustomLog   logs/referer    "%{referer}i"
-
-<VirtualHost>
-  DocumentRoot   /whatever
-  ServerName     my.virtual.host
-</VirtualHost>
-
- Since no TransferLog or CustomLog directives appear inside the - <VirtualHost> section, any requests for this virtual host - will be logged in the main server's log files. If however the - directive -
-TransferLog logs/vhost_access_log
-
- was added inside the virtual host definition, then accesses to - this virtual host will be logged in vhost_access_log file (in - common log format), and not in logs/access_log or - logs/referer.
- -

Apache HTTP Server

- Index - - - - diff --git a/usr.sbin/httpd/htdocs/manual/process-model.html b/usr.sbin/httpd/htdocs/manual/process-model.html deleted file mode 100644 index d26fe3cee9d..00000000000 --- a/usr.sbin/httpd/htdocs/manual/process-model.html +++ /dev/null @@ -1,81 +0,0 @@ - - - - - - - - Server Pool Management - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Server Pool Management

-
- -

We found that many people were using values for "MaxServers" - either too high or too low, and were hanging themselves on it. - The model we adopted is still based on long-lived - minimal-forking processes, but instead of specifying one number - of persistent processes, the web-master specifies a maximum and - minimum number of processes to be "spare" - every couple of - seconds the parent checks the actual number of spare servers - and adjusts accordingly. This should keep the number of servers - concurrently running relatively low while still ensuring - minimal forking.

- -

We renamed the current StartServers to MinSpareServers, - created separate StartServers parameter which means what it - says, and renamed MaxServers to MaxSpareServers (though the old - name still works, for NCSA 1.4 back-compatibility). The old - names were generally regarded as too confusing.

- -

The defaults for each variable are:

-
-MinSpareServers         5
-MaxSpareServers         10
-StartServers            5
-
- There is an absolute maximum number of simultaneous children - defined by a compile-time limit which defaults to 256 and a - "MaxClients" directive which specifies the number of - simultaneous children that will be allowed. MaxClients can be - adjusted up to the compile-time limit (HARD_SERVER_LIMIT, - defined in httpd.h). If you need more than 256 simultaneous - children, you need to modify both HARD_SERVER_LIMIT and - MaxClients. - -

In versions before 1.2, HARD_SERVER_LIMIT defaulted to - 150.

- -

We do not recommend changing either of these values - unless:

- -
    -
  1. You know you have the server resources to handle - more
    2. - -
  2. You use the machine for other purposes and must limit the - amount of memory Apache uses
    3. -
-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/ab.html b/usr.sbin/httpd/htdocs/manual/programs/ab.html deleted file mode 100644 index b604dba17d2..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/ab.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - Manual Page: ab - Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Manual Page: ab

- -
-NAME
-     ab - Apache HTTP server benchmarking tool
-
-SYNOPSIS
-     ab [ -k ] [ -i ] [ -n requests ] [ -t timelimit ] [ -c  con-
-     currency   ]   [   -p   POST   file   ]  [  -A  Authenticate
-     username:password    ]    [    -P     Proxy     Authenticate
-     username:password  ]  [  -H  Custom  header  ]  [  -C Cookie
-     name=value ] [ -T content-type ] [ -v verbosity  ]  ]  [  -w
-     output HTML ] ] [ -x <table> attributes ] ] [ -y <tr> attri-
-     butes     ]     ]     [     -z     <td>     attributes     ]
-     [http://]hostname[:port]/path
-
-     ab [ -V ] [ -h ]
-
-DESCRIPTION
-     ab is a tool for benchmarking the performance of your Apache
-     HyperText  Transfer Protocol (HTTP) server.  It does this by
-     giving you an indication of how  many  requests  per  second
-     your Apache installation can serve.
-
-OPTIONS
-     -k          Enable the HTTP KeepAlive feature; that is, per-
-                 form  multiple requests within one HTTP session.
-                 Default is no KeepAlive.
-
-     -i          Use an HTTP 'HEAD' instead of  the  GET  method.
-                 Cannot be mixed with POST.
-
-     -n requests The number of requests to perform for the bench-
-                 marking session.  The default is to perform just
-                 one  single  request,  which   will   not   give
-                 representative benchmarking results.
-
-     -t timelimit
-                 The number of  seconds  to  spend  benchmarking.
-                 Using  this  option automatically set the number
-                 of requests  for  the  benchmarking  session  to
-                 50000.   Use  this to benchmark the server for a
-                 fixed period of time.  By default, there  is  no
-                 timelimit.
-
-     -c concurrency
-                 The number of simultaneous requests to  perform.
-                 The default is to perform one HTTP request at a
-                 time, that is, no concurrency.
-
-     -p POST file
-                 A file containing data  that  the  program  will
-                 send  to  the  Apache  server  in  any HTTP POST
-                 requests.
-
-     -A Authorization username:password
-                 Supply Basic Authentication credentials  to  the
-                 server.  The username and password are separated
-                 by a single ':', and  sent  as  uuencoded  data.
-                 The  string  is  sent  regardless of whether the
-                 server needs it; that is, has sent a 401 Authen-
-                 tication needed.
-
-     -p Proxy-Authorization username:password
-                 Supply Basic  Authentication  credentials  to  a
-                 proxy  en-route.  The  username and password are
-                 separated by a single ':', and sent as uuencoded
-                 data.   The string is sent regardless of whether
-                 the proxy needs it; that  is,  has  sent  a  407
-                 Proxy authentication needed.
-
-     -C Cookie name=value
-                 Add a 'Cookie:' line to the request.  The  argu-
-                 ment  is  typically  a  'name=value'  pair. This
-                 option may be repeated.
-
-     -p Header string
-                 Append extra headers to the request.  The  argu-
-                 ment  is typically in the form of a valid header
-                 line, usually  a  colon  separated  field  value
-                 pair,     for     example,     'Accept-Encoding:
-                 zip/zop;8bit'.
-
-     -T content-type
-                 The content-type header to use for POST data.
-
-     -v          Sets the verbosity level.   Level  4  and  above
-                 prints information on headers, level 3 and above
-                 prints response codes (for example,  404,  200),
-                 and level 2 and above prints warnings and infor-
-                 mational messages.
-
-     -w          Print out results in HTML tables.   The  default
-                 table  is  two  columns wide, with a white back-
-                 ground.
-
-     -x attributes
-                 The string to use  as  attributes  for  <table>.
-                 Attributes are inserted <table here >
-
-     -y attributes
-                 The string to use as attributes for <tr>.
-
-     -z attributes
-                 The string to use as attributes for <td>.
-
-     -V          Display the version number and exit.
-
-     -h          Display usage information.
-
-BUGS
-     There are  various  statically  declared  buffers  of  fixed
-     length.  Combined  with  inefficient  parsing of the command
-     line arguments, the response headers from  the  server,  and
-     other external inputs, these buffers might overflow.
-
-     Ab does not  implement  HTTP/1.x  fully;  instead,  it  only
-     accepts some 'expected' forms of responses.
-
-     The rather heavy use of strstr(3) by the  program  may  skew
-     performance   results,   since   it   uses  significant  CPU
-     resources.  Make sure that performance limits are not hit by
-     ab before your server's limit is reached.
-
-SEE ALSO
-     httpd(8)
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/apachectl.html b/usr.sbin/httpd/htdocs/manual/programs/apachectl.html deleted file mode 100644 index ef67f594b81..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/apachectl.html +++ /dev/null @@ -1,110 +0,0 @@ - - - - - - - - Manual Page: apachectl - Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Manual Page: apachectl

- -
-NAME
-     apachectl - Apache HTTP server control interface
-
-SYNOPSIS
-     apachectl command [...]
-
-DESCRIPTION
-     apachectl is a front end to the  Apache  HyperText  Transfer
-     Protocol (HTTP) server.  It is designed to help the adminis-
-     trator control the functioning of the Apache httpd daemon.
-
-     NOTE: If your Apache installation uses  non-standard  paths,
-     you  will  need  to  edit  the  apachectl  script to set the
-     appropriate paths to your PID file and  your  httpd  binary.
-     See the comments in the script for details.
-
-     The apachectl script returns a 0 exit value on success,  and
-     >0  if an error occurs.  For more details, view the comments
-     in the script.
-
-     Full   documentation   for   Apache    is    available    at
-     http://www.apache.org/
-
-OPTIONS
-     The command can be any one or more of the following options:
-
-     start       Start the Apache daemon.  Gives an error  if  it
-                 is already running.
-
-     stop        Stops the Apache daemon.
-
-     restart     Restarts the  Apache  daemon  by  sending  it  a
-                 SIGHUP.   If  the  daemon  is not running, it is
-                 started.  This command automatically checks  the
-                 configuration  files  via configtest before ini-
-                 tiating the restart to make sure Apache  doesn't
-                 die.
-
-     fullstatus  Displays a full status report  from  mod_status.
-                 For  this  to  work, you need to have mod_status
-                 enabled on your server and a text-based  browser
-                 such  as lynx available on your system.  The URL
-                 used to access the status report can be  set  by
-                 editing the STATUSURL variable in the script.
-
-     status      Displays a brief status report.  Similar to  the
-                 fullstatus  option,  except  that  the  list  of
-                 requests currently being served is omitted.
-
-     graceful    Gracefully restarts the Apache daemon by sending
-                 it  a SIGUSR1.  If the daemon is not running, it
-                 is started.  This differs from a normal  restart
-                 in  that  currently  open  connections  are  not
-                 aborted.  A side effect is that  old  log  files
-                 will not be closed immediately.  This means that
-                 if used in a log rotation script, a  substantial
-                 delay  may  be  necessary to ensure that the old
-                 log files are  closed  before  processing  them.
-                 This command automatically checks the configura-
-                 tion files via configtest before initiating  the
-                 restart to make sure Apache doesn't die.
-
-     configtest  Run a configuration file syntax test. It  parses
-                 the  configuration files and either reports Syn-
-                 tax Ok or detailed information about the partic-
-                 ular syntax error.
-
-     help        Displays a short help message.
-
-SEE ALSO
-     httpd(8)
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/apxs.html b/usr.sbin/httpd/htdocs/manual/programs/apxs.html deleted file mode 100644 index fde51c1c161..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/apxs.html +++ /dev/null @@ -1,291 +0,0 @@ - - - - - - - Manual Page: apxs - Apache HTTP Server - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Manual Page: apxs

- -
-NAME
-     apxs - APache eXtenSion tool
-
-SYNOPSIS
-     apxs -g [ -S variable=value ] -n name
-
-     apxs -q [ -S variable=value ] query ...
-
-     apxs -c [ -S variable=value ] [ -o dsofile ] [ -I incdir ] [
-     -D  variable[=value]  ]  [  -L  libdir  ]  [  -l libname ] [
-     -Wc,compiler-flags ] [ -Wl,linker-flags ] files ...
-
-     apxs -i [ -S variable=value ] [ -n name ] [ -a ] [ -A ] dso-
-     file ...
-
-     apxs -e [ -S variable=value ] [ -n name ] [ -a ] [ -A ] dso-
-     file ...
-
-DESCRIPTION
-     apxs is a tool for building and installing extension modules
-     for  the  Apache  HyperText Transfer Protocol (HTTP) server.
-     This is achieved by building a Dynamic Shared  Object  (DSO)
-     from  one  or  more source or object files which then can be
-     loaded into the Apache server under runtime via the  LoadMo-
-     dule directive from mod_so.
-
-     So to use this extension mechanism,  your  platform  has  to
-     support  the DSO feature and your Apache httpd binary has to
-     be built with the mod_so module.  The  apxs  tool  automati-
-     cally complains if this is not the case.  You can check this
-     yourself by manually running the command
-
-       $ httpd -l
-
-     The module mod_so should be part of the displayed list.   If
-     these requirements are fulfilled, you can easily extend your
-     Apache server's functionality by installing your own modules
-     with the DSO mechanism by the help of this apxs tool:
-
-       $ apxs -i -a -c mod_foo.c
-       gcc -fpic -DSHARED_MODULE -I/path/to/apache/include -c mod_foo.c
-       ld -Bshareable -o mod_foo.so mod_foo.o
-       cp mod_foo.so /path/to/apache/libexec/mod_foo.so
-       chmod 755 /path/to/apache/libexec/mod_foo.so
-       [activating module `foo' in /path/to/apache/etc/httpd.conf]
-       $ apachectl restart
-       /path/to/apache/sbin/apachectl restart: httpd not running, trying to start
-       [Tue Mar 31 11:27:55 1998] [debug] mod_so.c(303): loaded module foo_module
-       /path/to/apache/sbin/apachectl restart: httpd started
-       $ _
-
-     The arguments files can be any C source file (.c), a  object
-     file  (.o)  or  even  a  library archive (.a). The apxs tool
-     automatically recognizes these extensions and  automatically
-     uses  the  C source files for compilation while it just uses
-     the object and archive files for the linking phase. But when
-     using such pre-compiled objects, make sure they are compiled
-     for Position Independent Code (PIC) to be able to  use  them
-     for a DSO. For instance with GCC you always just have to use
-     -fpic.  For other C compilers please consult its manual page
-     or  watch  for  the  flags  apxs  uses to compile the object
-     files.
-
-     For more details about DSO support in Apache, first read the
-     background  information about DSO in htdocs/manual/dso.html,
-     then read the documentation of mod_so.
-
-OPTIONS
-     Common options:
-
-     -n name     This explicitly sets the module name for the  -i
-                 (install)  and  -g (template generation) option.
-                 Use this to explicitly specify the module  name.
-                 For  option  -g  this is required, for option -i
-                 the apxs tool tries to determine the  name  from
-                 the source or (as a fallback) at least by guess-
-                 ing it from the filename.
-
-     Query options:
-
-     -q          Performs a query for apxs's knowledge about cer-
-                 tain  settings.  The query parameters can be one
-                 or more of the following variable names:
-                   CC              TARGET
-                   CFLAGS          SBINDIR
-                   CFLAGS_SHLIB    INCLUDEDIR
-                   LD_SHLIB        LIBEXECDIR
-                   LDFLAGS_SHLIB   SYSCONFDIR
-                   LIBS_SHLIB      PREFIX
-                 Use this for manually determining settings.  For
-                 instance use
-                   INC=-I`apxs -q INCLUDEDIR`
-                 inside your own Makefiles  if  you  need  manual
-                 access to Apache's C header files.
-
-     Configuration options:
-
-     -S variable=value
-                 This option changes the apxs settings  described
-                 above.
-
-     Template Generation options:
-     -g          This generates a subdirectory name  (see  option
-                 -n)  and there two files: A sample module source
-                 file named mod_name.c which can  be  used  as  a
-                 template  for  creating your own modules or as a
-                 quick start for playing with the apxs mechanism.
-                 And  a  corresponding  Makefile  for even easier
-                 building and installing of this module.
-
-     DSO compilation options:
-
-     -c          This indicates  the  compilation  operation.  It
-                 first  compiles the C source files (.c) of files
-                 into corresponding object files  (.o)  and  then
-                 builds  a DSO in dsofile by linking these object
-                 files plus the remaining object  files  (.o  and
-                 .a)  of  files  If no -o option is specified the
-                 output file is guessed from the  first  filename
-                 in   files   and   thus   usually   defaults  to
-                 mod_name.so
-
-     -o dsofile  Explicitly specifies the filename of the created
-                 DSO  file.  If not specified and the name cannot
-                 be guessed from the  files  list,  the  fallback
-                 name mod_unknown.so is used.
-
-     -D variable[=value]
-                 This option is directly passed  through  to  the
-                 compilation  command(s).   Use  this to add your
-                 own defines to the build process.
-
-     -I incdir   This option is directly passed  through  to  the
-                 compilation  command(s).   Use  this to add your
-                 own include directories to search to  the  build
-                 process.
-
-     -L libdir   This option is directly passed  through  to  the
-                 linker  command.   Use  this  to  add  your  own
-                 library directories to search to the build  pro-
-                 cess.
-
-     -l libname  This option is directly passed  through  to  the
-                 linker  command.   Use  this  to  add  your  own
-                 libraries to search to the build process.
-
-     -Wc,compiler-flags
-                 This option passes compiler-flags as  additional
-                 flags  to the compiler command.  Use this to add
-                 local compiler-specific options.
-
-     -Wl,linker-flags
-                 This option passes  linker-flags  as  additional
-                 flags  to  the  linker command.  Use this to add
-                 local linker-specific options.
-
-     DSO installation and configuration options:
-
-     -i          This indicates the  installation  operation  and
-                 installs  one  or  more  DSOs  into the server's
-                 libexec directory.
-
-     -a          This  activates  the  module  by   automatically
-                 adding   a   corresponding  LoadModule  line  to
-                 Apache's httpd.conf configuration  file,  or  by
-                 enabling it if it already exists.
-
-     -A          Same as option -a  but  the  created  LoadModule
-                 directive is prefixed with a hash sign (#), i.e.
-                 the module is just prepared for later activation
-                 but initially disabled.
-
-     -e          This indicates the editing operation, which  can
-                 be  used with the -a and -A options similarly to
-                 the -i operation  to  edit  Apache's  httpd.conf
-                 configuration file without attempting to install
-                 the module.
-
-EXAMPLES
-     Assume you have an Apache module named  mod_foo.c  available
-     which should extend Apache's server functionality. To accom-
-     plish this you first have to compile the C source into a DSO
-     suitable  for  loading  into the Apache server under runtime
-     via the following command:
-
-       $ apxs -c mod_foo.c
-       gcc -fpic -DSHARED_MODULE -I/path/to/apache/include -c mod_foo.c
-       ld -Bshareable -o mod_foo.so mod_foo.o
-       $ _
-
-     Then you have to update the Apache configuration  by  making
-     sure  a LoadModule directive is present to load this DSO. To
-     simplify this step apxs provides an automatic way to install
-     the   DSO  in  the  "libexec"  directory  and  updating  the
-     httpd.conf file accordingly. This can be  achieved  by  run-
-     ning:
-
-       $ apxs -i -a mod_foo.c
-       cp mod_foo.so /path/to/apache/libexec/mod_foo.so
-       chmod 755 /path/to/apache/libexec/mod_foo.so
-       [activating module `foo' in /path/to/apache/etc/httpd.conf]
-       $ _
-
-     This way a line named
-
-       LoadModule foo_module libexec/mod_foo.so
-
-     is added to the configuration file if still not present.  If
-     you  want  to have this operation to be disabled, use the -A
-     option, i.e.
-
-       $ apxs -i -A mod_foo.c
-
-     For a quick test of the apxs mechanism you can create a sam-
-     ple  Apache  module  template  plus a corresponding Makefile
-     via:
-
-       $ apxs -g -n foo
-       Creating [DIR]  foo
-       Creating [FILE] foo/Makefile
-       Creating [FILE] foo/mod_foo.c
-       $ _
-
-     Then you can immediately compile this sample module  into  a
-     DSO and load it into the Apache server:
-
-       $ cd foo
-       $ make all reload
-       apxs -c mod_foo.c
-       gcc -fpic -DSHARED_MODULE -I/path/to/apache/include -c mod_foo.c
-       ld -Bshareable -o mod_foo.so mod_foo.o
-       apxs -i -a -n "foo" mod_foo.so
-       cp mod_foo.so /path/to/apache/libexec/mod_foo.so
-       chmod 755 /path/to/apache/libexec/mod_foo.so
-       [activating module `foo' in /path/to/apache/etc/httpd.conf]
-       apachectl restart
-       /path/to/apache/sbin/apachectl restart: httpd not running, trying to start
-       [Tue Mar 31 11:27:55 1998] [debug] mod_so.c(303): loaded module foo_module
-       /path/to/apache/sbin/apachectl restart: httpd started
-       $ _
-
-     You can even use apxs to compile complex modules outside the
-     Apache  source  tree,  like PHP3, because apxs automatically
-     recognized C source files and object files.
-
-       $ cd php3
-       $ ./configure --with-shared-apache=../apache-1.3
-       $ apxs -c -o libphp3.so mod_php3.c libmodphp3-so.a
-       gcc -fpic -DSHARED_MODULE -I/tmp/apache/include  -c mod_php3.c
-       ld -Bshareable -o libphp3.so mod_php3.o libmodphp3-so.a
-       $ _
-
-     Only C source files  are  compiled  while  remaining  object
-     files are used for the linking phase.
-
-SEE ALSO
-     apachectl(1), httpd(8).
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/dbmmanage.html b/usr.sbin/httpd/htdocs/manual/programs/dbmmanage.html deleted file mode 100644 index ce9e2d4865c..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/dbmmanage.html +++ /dev/null @@ -1,126 +0,0 @@ - - - - - - - Manual Page: dbmmanage - Apache HTTP Server - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Manual Page: dbmmanage

- -
-NAME
-     dbmmanage - Create and update user authentication  files  in
-     DBM format
-
-SYNOPSIS
-     dbmmanage filename [ command ] [ username [ encpasswd ] ]
-
-DESCRIPTION
-     dbmmanage is used to create and update the DBM format  files
-     used  to  store usernames and password for basic authentica-
-     tion of HTTP users.   Resources  available  from  the  httpd
-     Apache web server can be restricted to just the users listed
-     in the files created by dbmmanage. This program can only  be
-     used  when  the usernames are stored in a DBM file. To use a
-     flat-file database see htpasswd.
-
-     This manual page only lists the command line arguments.  For
-     details  of  the  directives  necessary  to  configure  user
-     authentication in httpd see the Apache manual, which is part
-     of   the   Apache   distribution   or   can   be   found  at
-     http://www.apache.org/.
-
-OPTIONS
-     filename
-          The filename of the DBM format  file.  Usually  without
-          the extension .db, .pag, or .dir.
-
-     command
-          This selects the operation to perform:
-
-     add         Adds an entry for username to filename using the
-                 encrypted password encpassword.
-
-     adduser     Asks for a password and then adds an  entry  for
-                 username to filename .
-
-     check       Asks for a password and then checks if  username
-                 is  in filename and if it's password matches the
-                 specified one.
-
-     delete      Deletes the username entry from filename.
-
-     import      Reads username:password entries (one  per  line)
-                 from  STDIN and adds them to filename. The pass-
-                 words already has to be crypted.
-
-     update      Same as the "adduser" command,  except  that  it
-                 makes sure username already exists in filename.
-
-     view        Just displays the complete contents of  the  DBM
-                 file.
-
-     username    The user for which the update operation is  per-
-                 formed.
-
-BUGS
-     One should be aware that there are a number of different DBM
-     file   formats   in  existence,  and  with  all  likelihood,
-     libraries for more than one format may exist on your system.
-     The three primary examples are NDBM, the GNU project's GDBM,
-     and Berkeley DB 2.  Unfortunately, all these  libraries  use
-     different file formats, and you must make sure that the file
-     format used by filename is the same  format  that  dbmmanage
-     expects  to see. dbmmanage currently has no way of determin-
-     ing what type of DBM file it is looking at.  If used against
-     the  wrong format, will simply return nothing, or may create
-     a different DBM file with a different name, or at worst,  it
-     may  corrupt the DBM file if you were attempting to write to
-     it.
-
-     dbmmanage has a list of DBM format preferences,  defined  by
-     the  @AnyDBM::ISA  array  near the beginning of the program.
-     Since we prefer the Berkeley DB 2 file format, the order  in
-     which  dbmmanage  will look for system libraries is Berkeley
-     DB 2, then NDBM, and then GDBM.   The  first  library  found
-     will  be  the  library dbmmanage will attempt to use for all
-     DBM file transactions.  This ordering is slightly  different
-     than  the standard @AnyDBM::ISA ordering in perl, as well as
-     the ordering used by the simple dbmopen() call in  Perl,  so
-     if  you  use  any  other utilities to manage your DBM files,
-     they must also follow  this  preference  ordering.   Similar
-     care  must  be  taken  if using programs in other languages,
-     like C, to access these files.
-
-     Apache's mod_auth_db.c module corresponds to Berkeley  DB  2
-     library,   while  mod_auth_dbm.c  corresponds  to  the  NDBM
-     library.  Also, one can usually use the  file  program  sup-
-     plied  with  most Unix systems to see what format a DBM file
-     is in.
-
-SEE ALSO
-     httpd(8)
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/htdigest.html b/usr.sbin/httpd/htdocs/manual/programs/htdigest.html deleted file mode 100644 index b158b1801ae..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/htdigest.html +++ /dev/null @@ -1,74 +0,0 @@ - - - - - - - Manual Page: htdigest - Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Manual Page: htdigest

- -
-NAME
-     htdigest - Create and update user authentication files
-
-SYNOPSIS
-     htdigest [ -c ] passwdfile realm username
-
-DESCRIPTION
-     htdigest is used to create and update the flat-files used to
-     store  usernames,  realm and password for digest authentica-
-     tion of HTTP users.   Resources  available  from  the  httpd
-     Apache web server can be restricted to just the users listed
-     in the files created by htdigest.
-
-     This manual page only lists the command line arguments.  For
-     details  of  the  directives  necessary  to configure digest
-     authentication in httpd see the Apache manual, which is part
-     of   the   Apache   distribution   or   can   be   found  at
-     http://www.apache.org/.
-
-OPTIONS
-     -c   Create the passwdfile. If passwdfile already exists, it
-          is deleted first.
-
-     passwdfile
-          Name of the file to contain  the  username,  realm  and
-          password.  If  -c is specified, this file is created if
-          it does not already exist, or deleted and recreated  if
-          it does exist.
-
-     realm
-          The realm name to which the user name belongs.
-
-     username
-          The user name to create or  update  in  passwdfile.  If
-          username  does  not  exist  is  this  file, an entry is
-          added. If it does exist, the password is changed.
-
-SEE ALSO
-     httpd(8)
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/htpasswd.html b/usr.sbin/httpd/htdocs/manual/programs/htpasswd.html deleted file mode 100644 index 2aef1cb6f5b..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/htpasswd.html +++ /dev/null @@ -1,189 +0,0 @@ - - - - - - - - Manual Page: htpasswd - Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Manual Page: htpasswd

- -
-NAME
-     htpasswd - Create and update user authentication files
-
-SYNOPSIS
-     htpasswd [ -c ] [ -m | -d | -s | -p ] passwdfile username
-     htpasswd -b [ -c ] [ -m | -d | -s | -p ] passwdfile username
-     password
-     htpasswd -n [ -m | -d | -s | -p ] username
-     htpasswd -nb [ -m | -d | -s | -p ] username password
-
-DESCRIPTION
-     htpasswd is used to create and update the flat-files used to
-     store  usernames  and  password  for basic authentication of
-     HTTP users.  If htpasswd cannot access a file, such  as  not
-     being  able to write to the output file or not being able to
-     read the file in order to update it,  it  returns  an  error
-     status and makes no changes.
-
-     Resources available from the httpd Apache web server can  be
-     restricted  to just the users listed in the files created by
-     htpasswd. This program can only manage usernames  and  pass-
-     words  stored  in  a  flat-file.  It can encrypt and display
-     password information for use in other types of data  stores,
-     though.  To use a DBM database see dbmmanage.
-
-     htpasswd encrypts passwords using either a  version  of  MD5
-     modified for Apache, or the system's crypt() routine.  Files
-     managed by htpasswd may contain  both  types  of  passwords;
-     some  user  records  may  have MD5-encrypted passwords while
-     others in the same file may have  passwords  encrypted  with
-     crypt().
-
-     This manual page only lists the command line arguments.  For
-     details  of  the  directives  necessary  to  configure  user
-     authentication in httpd see the Apache manual, which is part
-     of   the   Apache   distribution   or   can   be   found  at
-     <URL:http://www.apache.org/>.
-
-OPTIONS
-     -b   Use batch mode; i.e., get the password from the command
-          line  rather  than prompting for it. This option should
-          be used  with  extreme  care,  since  the  password  is
-          clearly visible on the command line.
-
-     -c   Create the passwdfile. If passwdfile already exists, it
-          is rewritten and truncated.  This option cannot be com-
-          bined with the -n option.
-
-     -n   Display the results  on  standard  output  rather  than
-          updating  a  file.  This is useful for generating pass-
-          word records acceptable  to  Apache  for  inclusion  in
-          non-text  data  stores.  This option changes the syntax
-          of the command  line,  since  the  passwdfile  argument
-          (usually  the first one) is omitted.  It cannot be com-
-          bined with the -c option.
-
-     -m   Use Apache's  modified  MD5  algorithm  for  passwords.
-          Passwords  encrypted with this algorithm are transport-
-          able to any platform (Windows, Unix, BeOS,  et  cetera)
-          running  Apache  1.3.9  or  later.  On Windows and TPF,
-          this flag is the default.
-
-     -d   Use crypt() encryption for passwords.  The  default  on
-          all platforms but Windows and TPF. Though possibly sup-
-          ported by htpasswd on all platforms,  it  is  not  sup-
-          ported by the httpd server on Windows and TPF.
-
-     -s   Use SHA encryption for passwords. Faciliates  migration
-          from/to  Netscape  servers  using  the  LDAP  Directory
-          Interchange Format (ldif).
-
-     -p   Use plaintext passwords. Though htpasswd  will  support
-          creation  on  all platforms, the httpd daemon will only
-          accept plain text passwords on Windows and TPF.
-
-     passwdfile
-          Name of the file to contain the user name and password.
-          If  -c  is  given,  this file is created if it does not
-          already exist, or rewritten and truncated  if  it  does
-          exist.
-
-     username
-          The username to create  or  update  in  passwdfile.  If
-          username  does  not  exist  in  this  file, an entry is
-          added. If it does exist, the password is changed.
-
-     password
-          The plaintext password to be encrypted  and  stored  in
-          the file.  Only used with the -b flag.
-
-EXIT STATUS
-     htpasswd returns a zero status ("true") if the username  and
-     password  have  been  successfully  added  or updated in the
-     passwdfile.  htpasswd returns 1 if it encounters some  prob-
-     lem  accessing  files,  2 if there was a syntax problem with
-     the command line, 3 if the  password  was  entered  interac-
-     tively  and  the  verification  entry didn't match, 4 if its
-     operation was interrupted, 5 if a value is too  long  (user-
-     name,  filename,  password, or final computed record), and 6
-     if the username contains illegal characters  (see  the  RES-
-     TRICTIONS section).
-
-EXAMPLES
-     htpasswd /usr/local/etc/apache/.htpasswd-users jsmith
-
-          Adds or modifies the password for user jsmith. The user
-          is prompted for the password.  If executed on a Windows
-          system, the password will be encrypted using the  modi-
-          fied  Apache  MD5  algorithm;  otherwise,  the system's
-          crypt() routine will be used.  If  the  file  does  not
-          exist, htpasswd will do nothing except return an error.
-
-     htpasswd -c /home/doe/public_html/.htpasswd jane
-
-          Creates a new file and stores a record in it  for  user
-          jane.   The  user is prompted for the password.  If the
-          file exists and cannot be read, or cannot  be  written,
-          it  is  not altered and htpasswd will display a message
-          and return an error status.
-
-     htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve
-
-          Encrypts the password from the command line (Pwd4Steve)
-          using the MD5 algorithm, and stores it in the specified
-          file.
-
-SECURITY CONSIDERATIONS
-     Web password files such as those managed by htpasswd  should
-     not  be  within  the Web server's URI space -- that is, they
-     should not be fetchable with a browser.
-
-     The use of the -b option is discouraged, since  when  it  is
-     used the unencrypted password appears on the command line.
-
-RESTRICTIONS
-     On the Windows and MPE platforms, passwords  encrypted  with
-     htpasswd  are  limited  to  no  more  than 255 characters in
-     length.  Longer passwords will be truncated to  255  charac-
-     ters.
-
-     The MD5 algorithm used by htpasswd is specific to the Apache
-     software;  passwords  encrypted  using it will not be usable
-     with other Web servers.
-
-     Usernames are limited to 255 bytes and may not  include  the
-     character ':'.
-
-SEE ALSO
-     httpd(8) and the scripts in support/SHA1 which come with the
-     distribution.
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/httpd.html b/usr.sbin/httpd/htdocs/manual/programs/httpd.html deleted file mode 100644 index 3a98dcd3bd1..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/httpd.html +++ /dev/null @@ -1,145 +0,0 @@ - - - - - - - - Manual Page: httpd - Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Manual Page: httpd

- -
-NAME
-     httpd - Apache hypertext transfer protocol server
-
-SYNOPSIS
-     httpd [ -X ] [ -R libexecdir ] [ -d serverroot ] [ -f config
-     ] [ -C directive ] [ -c directive ] [ -D parameter ]
-
-     httpd [ -h ] [ -l ] [ -L ] [ -v ] [ -V ] [ -S ] [ -t ] [  -T
-     ]
-
-DESCRIPTION
-     httpd is  the  Apache  HyperText  Transfer  Protocol  (HTTP)
-     server  program.  It  is  designed to be run as a standalone
-     daemon process. When used like this it will create a pool of
-     child  processes to handle requests. To stop it, send a TERM
-     signal to the initial (parent) process. The PID of this pro-
-     cess  is  written  to  a  file as given in the configuration
-     file.  Alternatively httpd may be invoked  by  the  Internet
-     daemon  inetd(8)  each time a connection to the HTTP service
-     is made.
-
-     This manual page only lists the command line arguments.  For
-     details  of  the directives necessary to configure httpd see
-     the Apache manual, which is part of the Apache  distribution
-     or  can  be  found  at http://www.apache.org/. Paths in this
-     manual may not reflect those compiled into httpd.
-
-OPTIONS
-     -R libexecdir
-                 This option is  only  available  if  Apache  was
-                 built  with  the  SHARED_CORE rule enabled which
-                 forces the Apache core code to be placed into  a
-                 dynamic  shared  object (DSO) file. This file is
-                 searched in a hardcoded  path  under  ServerRoot
-                 per  default.  Use  this  option  if you want to
-                 override it.
-
-     -d serverroot
-                 Set the initial value for the ServerRoot  direc-
-                 tive  to  serverroot.  This can be overridden by
-                 the  ServerRoot  command  in  the  configuration
-                 file. The default is /usr/local/apache.
-
-     -f config   Execute the  commands  in  the  file  config  on
-                 startup. If config does not begin with a /, then
-                 it is taken to be a path relative to the Server-
-                 Root. The default is conf/httpd.conf.
-
-     -C directive
-                 Process the configuration directive before read-
-                 ing config files.
-
-     -c directive
-                 Process the configuration directive after  read-
-                 ing config files.
-
-     -D parameter
-                 Sets a configuration parameter which can be used
-                 with  <IfDefine>...</IfDefine>  sections  in the
-                 configuration files  to  conditionally  skip  or
-                 process commands.
-
-     -h          Output a short summary of available command line
-                 options.
-
-     -l          Output a  list  of  modules  compiled  into  the
-                 server.
-
-     -L          Output  a  list  of  directives  together   with
-                 expected  arguments  and places where the direc-
-                 tive is valid.
-
-     -S          Show the settings as parsed from the config file
-                 (currently only shows the virtualhost settings).
-
-     -t          Run syntax tests for configuration  files  only.
-                 The program immediately exits after these syntax
-                 parsing with either a return code of  0  (Syntax
-                 OK)  or  return  code  not  equal  to  0 (Syntax
-                 Error).
-
-     -T          Same as option -t but does not check the config-
-                 ured document roots.
-
-     -X          Run in single-process mode, for internal  debug-
-                 ging  purposes  only; the daemon does not detach
-                 from the terminal or fork any children.  Do  NOT
-                 use this mode to provide ordinary web service.
-
-     -v          Print the version of httpd , and then exit.
-
-     -V          Print the version and build parameters of  httpd
-                 , and then exit.
-
-FILES
-     /usr/local/apache/conf/httpd.conf
-     /usr/local/apache/conf/srm.conf
-     /usr/local/apache/conf/access.conf
-     /usr/local/apache/conf/mime.types
-     /usr/local/apache/conf/magic
-     /usr/local/apache/logs/error_log
-     /usr/local/apache/logs/access_log
-     /usr/local/apache/logs/httpd.pid
-
-SEE ALSO
-     inetd(8).
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/index.html b/usr.sbin/httpd/htdocs/manual/programs/index.html deleted file mode 100644 index c3bcf6c8f96..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/index.html +++ /dev/null @@ -1,86 +0,0 @@ - - - - - - - - Apache HTTP Server and Supporting Programs - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Server and Supporting Programs

- -

This page documents all the executable programs included - with the Apache HTTP Server.

- -
-
httpd
- -
Apache hypertext transfer protocol server
- -
apachectl
- -
Apache HTTP server control interface
- -
ab
- -
Apache HTTP server benchmarking tool
- -
apxs
- -
APache eXtenSion tool
- -
dbmmanage
- -
Create and update user authentication files in DBM format - for basic authentication
- -
htdigest
- -
Create and update user authentication files for digest - authentication
- -
htpasswd
- -
Create and update user authentication files for basic - authentication
- -
logresolve
- -
Resolve hostnames for IP-addresses in Apache - logfiles
- -
rotatelogs
- -
Rotate Apache logs without having to kill the server
- -
suexec
- -
Switch User For Exec
- -
Other Programs
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/logresolve.html b/usr.sbin/httpd/htdocs/manual/programs/logresolve.html deleted file mode 100644 index 5e270db89c9..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/logresolve.html +++ /dev/null @@ -1,59 +0,0 @@ - - - - - - - Manual Page: logresolve - Apache HTTP Server - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - - -

Manual Page: logresolve

-
-NAME
-     logresolve - resolve hostnames  for  IP-addresses  in  Apache
-     logfiles
-
-SYNOPSIS
-     logresolve  [  -s  filename  ]  [  -c  ]  <   access_log   >
-     access_log.new
-
-DESCRIPTION
-     logresolve is  a  post-processing  program  to  resolve  IP-
-     addresses in Apache's access logfiles.  To minimize impact on
-     your nameserver, logresolve has its very own internal  hash-
-     table  cache.  This  means  that each IP number will only be
-     looked up the first time it is found in the log file.
-
-OPTIONS
-     -s filename Specifies a filename to record statistics.
-
-     -c          This causes logresolve to apply some DNS checks:
-                 after  finding the hostname from the IP address,
-                 it looks up the IP addresses  for  the  hostname
-                 and  checks that one of these matches the origi-
-                 nal address.
-
-SEE ALSO
-     httpd(8)
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/other.html b/usr.sbin/httpd/htdocs/manual/programs/other.html deleted file mode 100644 index 6ced5dc8134..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/other.html +++ /dev/null @@ -1,57 +0,0 @@ - - - - - - - Other Programs - Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Other Programs

- -

The following programs are simple support programs included - with the Apache HTTP Server which do not have their own manual - pages.

- -

log_server_status

- -

This Perl script is designed to be run at a frequent - interval by something like cron. It connects to the server and - downloads the status information. It reformats the information - to a single line and logs it to a file. Adjust the variables at - the top of the script to specify the location of the resulting - logfile.

- -

split-logfile

- -

This Perl script will take a combined Web server access log - file and break its contents into separate files. It assumes - that the first field of each line is the virtual host identity - (put there by "%v"), and that the logfiles should be named - that+".log" in the current directory.

- -

The combined log file is read from stdin. Records read will - be appended to any existing log files.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/rotatelogs.html b/usr.sbin/httpd/htdocs/manual/programs/rotatelogs.html deleted file mode 100644 index 65d73e4490d..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/rotatelogs.html +++ /dev/null @@ -1,65 +0,0 @@ - - - - - - - Manual Page: rotatelogs - Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Manual Page: rotatelogs

- -
-NAME
-     rotatelogs - rotate Apache logs without having to  kill  the
-     server
-
-SYNOPSIS
-     rotatelogs logfile rotationtime
-
-DESCRIPTION
-     rotatelogs is a simple program for use in  conjunction  with
-     Apache's piped logfile feature which can be used like this:
-
-        TransferLog "|rotatelogs /path/to/logs/access_log 86400"
-
-     This creates the files  /path/to/logs/access_log.nnnn  where
-     nnnn  is  the  system time at which the log nominally starts
-     (this time will always be a multiple of the  rotation  time,
-     so you can synchronize cron scripts with it).  At the end of
-     each rotation time (here  after  24  hours)  a  new  log  is
-     started.
-
-OPTIONS
-     logfile
-          The path plus basename of the logfile. The suffix .nnnn
-          is automatically added.
-
-     rotationtime
-          The rotation time in seconds.
-
-SEE ALSO
-     httpd(8)
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/programs/suexec.html b/usr.sbin/httpd/htdocs/manual/programs/suexec.html deleted file mode 100644 index 71698f43667..00000000000 --- a/usr.sbin/httpd/htdocs/manual/programs/suexec.html +++ /dev/null @@ -1,56 +0,0 @@ - - - - - - - - Manual Page: suexec - Apache HTTP Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Manual Page: suexec

- -
-NAME
-     suexec - Switch User For Exec
-
-SYNOPSIS
-     No synopsis for usage, because this program is  used  inter-
-     nally by Apache only.
-
-DESCRIPTION
-     suexec is the  "wrapper"  support  program  for  the  suEXEC
-     behavior for Apache.  It is run from within Apache automat-
-     ically to switch the user when an external program has to be
-     run  under  a  different  user.  For  more information about
-     suEXEC  see  the  document  `Apache  suEXEC  Support'  under
-     http://www.apache.org/docs/suexec.html .
-
-SEE ALSO
-     httpd(8)
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/sections.html b/usr.sbin/httpd/htdocs/manual/sections.html deleted file mode 100644 index d6ee901c52c..00000000000 --- a/usr.sbin/httpd/htdocs/manual/sections.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - How Directory, Location and Files sections work - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

How Directory, Location and Files sections - work

- -

The sections <Directory>, - <Location> - and <Files> can - contain directives which only apply to specified directories, - URLs or files respectively. Also htaccess files can be used - inside a directory to apply directives to that directory. This - document explains how these different sections differ and how - they relate to each other when Apache decides which directives - apply for a particular directory or request URL.

- -

Directives allowed in the sections

- -

Everything that is syntactically allowed in - <Directory> is also allowed in - <Location> (except a - sub-<Files> section). Semantically, however - some things, most notably AllowOverride and the - two options FollowSymLinks and - SymLinksIfOwnerMatch, make no sense in - <Location>, - <LocationMatch> or - <DirectoryMatch>. The same for - <Files> -- syntactically everything is fine, - but semantically some things are different.

- -

How the sections are merged

- -

The order of merging is:

- -
    -
  1. <Directory> (except regular - expressions) and .htaccess done simultaneously (with - .htaccess, if allowed, overriding - <Directory>)
    2. - -
  2. <DirectoryMatch>, and - <Directory> with regular expressions
    3. - -
  3. <Files> and - <FilesMatch> done simultaneously
    4. - -
  4. <Location> and - <LocationMatch> done simultaneously
    5. -
- -

Apart from <Directory>, each group is - processed in the order that they appear in the configuration - files. <Directory> (group 1 above) is - processed in the order shortest directory component to longest. - If multiple <Directory> sections apply to - the same directory they are processed in the configuration - file order. The configuration files are read in the order - httpd.conf, srm.conf and access.conf. Configurations included - via the Include directive will be treated as if - they were inside the including file at the location of the - Include directive.

- -

Sections inside <VirtualHost> sections - are applied after the corresponding sections outside - the virtual host definition. This allows virtual hosts to - override the main server configuration. (Note: this only works - correctly from 1.2.2 and 1.3a2 onwards. Before those releases - sections inside virtual hosts were applied before the - main server).

- -

Later sections override earlier ones.

- -

Notes about using sections

- -

The general guidelines are:

- -
    -
  • If you are attempting to match objects at the filesystem - level then you must use <Directory> and/or - <Files>.
    • - -
  • If you are attempting to match objects at the URL level - then you must use <Location>
    • -
- -

But a notable exception is:

- -
    -
  • proxy control is done via <Directory>. - This is a legacy mistake because the proxy existed prior to - <Location>. A future version of the config - language should probably switch this to - <Location>.
    • -
- -

Note about .htaccess parsing:

- -
    -
  • Modifying .htaccess parsing during Location doesn't do - anything because .htaccess parsing has already occurred.
    • -
- -

<Location> and symbolic links:

- -
    -
  • It is not possible to use "Options - FollowSymLinks" or "Options - SymLinksIfOwnerMatch" inside a - <Location>, - <LocationMatch> or - <DirectoryMatch> section (the options are - simply ignored). Using the options in question is only - possible inside a <Directory> section (or - a .htaccess file).
    • -
- -

<Files> and Options:

- -
    -
  • Apache won't check for it, but using an - Options directive inside a - <Files> section has no effect.
    • -
- -

Another note:

- -
    -
  • There is actually a - <Location>/<LocationMatch> - sequence performed just before the name translation phase - (where Aliases and DocumentRoots - are used to map URLs to filenames). The results of this - sequence are completely thrown away after the translation has - completed.
    • -
-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/server-wide.html b/usr.sbin/httpd/htdocs/manual/server-wide.html deleted file mode 100644 index 352f800bc8e..00000000000 --- a/usr.sbin/httpd/htdocs/manual/server-wide.html +++ /dev/null @@ -1,293 +0,0 @@ - - - - - - - - Server-Wide Configuration - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Server-Wide Configuration

- -

This document explains some of the directives provided by - the core server which are used to - configure the basic operations of the server.

- - -
- -

Server - Identification

- - - - - -
Related Directives
-
- ServerName
- ServerAdmin
- ServerSignature
- ServerTokens
- UseCanonicalName
-
- -

The ServerAdmin and ServerTokens - directives control what information about the server will be - presented in server-generated documents such as error messages. - The ServerTokens directive sets the value of the - Server HTTP response header field.

- -

The ServerName and - UseCanonicalName directives are used by the server - to determine how to construct self-referential URLs. For - example, when a client requests a directory, but does not - include the trailing slash in the directory name, Apache must - redirect the client to the full name including the trailing - slash so that the client will correctly resolve relative - references in the document.

-
- -

File Locations

- - - - - -
Related Directives
-
- CoreDumpDirectory
- DocumentRoot
- ErrorLog
- Lockfile
- PidFile
- ScoreBoardFile
- ServerRoot
-
- -

These directives control the locations of the various files - that Apache needs for proper operation. When the pathname used - does not begin with a slash "/", the files are located relative - to the ServerRoot. Be careful about locating files - in paths which are writable by non-root users. See the security tips documentation - for more details.

-
- -

Process Creation

- - - - - -
Related Directives
-
- BS2000Account
- Group
- MaxClients
- MaxRequestsPerChild
- MaxCPUPerChild
- MaxDATAPerChild
- MaxNOFILEPerChild
- MaxRSSPerChild
- MaxSTACKPerChild
- MaxSpareServers
- MinSpareServers
- ServerType
- StartServers
- ThreadsPerChild
- User
-
- -

When ServerType is set to its recommended value - of Standalone, Apache 1.3 for Unix is a - pre-forking web server. A single control process is responsible - for launching child processes which listen for connections and - serve them when they arrive. Apache always tries to maintain - several spare or idle server processes, which stand - ready to serve incoming requests. In this way, clients do not - need to wait for a new child processes to be forked before - their requests can be served.

- -

The StartServers, MinSpareServers, - MaxSpareServers, and MaxServers - regulate how the parent process creates children to serve - requests. In general, Apache is very self-regulating, so most - sites do not need to adjust these directives from their default - values. Sites which need to serve more than 256 simultaneous - requests may need to increase MaxClients, while - sites with limited memory may need to decrease - MaxClients to keep the server from thrashing - (swapping memory to disk and back). More information about - tuning process creation is provided in the performance hints - documentation.

- -

While the parent process is usually started as root under - Unix in order to bind to port 80, the child processes are - launched by Apache as a less-privileged user. The - User and Group directives are used to - set the privileges of the Apache child processes. The child - processes must be able to read all the content that will be - served, but should have as few privileges beyond that as - possible. In addition, unless suexec - is used, these directives also set the privileges which will be - inherited by CGI scripts.

- -

MaxFOOPerChild - sets rlimits on a child process to prevent a leaky module from - taking down the whole server.

- -

MaxRequestsPerChild controls how frequently the - server recycles processes by killing old ones and launching new - ones.

- -

Under Windows, Apache launches one control process and one - child process. The child process creates multiple threads to - serve requests. The number of threads is controlled by the - ThreadsPerChild directive.

-
- -

Network - Configuration

- - - - - -
Related Directives
-
- BindAddress
- KeepAlive
- KeepAliveTimeout
- Listen
- ListenBackLog
- AcceptFilter
- AcceptMutex
- MaxKeepAliveRequests
- Port
- SendBufferSize
- TimeOut
-
- -

When Apache starts, it connects to some port and address on - the local machine and waits for incoming requests. By default, - it listens to all addresses on the machine, and to the port as - specified by the Port directive in the server - configuration. However, it can be told to listen to more than - one port, to listen to only selected addresses, or a - combination. This is often combined with the Virtual Host feature which determines how - Apache responds to different IP addresses, hostnames and - ports.

- -

There are two directives used to restrict or specify which - addresses and ports Apache listens to. The - BindAddress directive is used to restrict the - server to listening to a single IP address. The - Listen directive can be used to specify multiple - IP addresses and/or Ports to which Apache will listen.

- -

The ListenBackLog, SendBufferSize, - and TimeOut directives are used to adjust how - Apache interacts with the network.AcceptFilter - controls a BSD specific filter optimization. See the BSD - section on performance hints - documentation. AcceptMutex controls which accept - mutex method will be used. For an explanation of what this is - and why it's needed, see the performance tuning guide

- -

The KeepAlive, KeepAliveTimeout, - and MaxKeepAliveRequests directives are used to - configure how Apache handles persistent connections.

-
- -

Limiting Resource - Usage

- - - - - -
Related Directives
-
- LimitRequestBody
- LimitRequestFields
- LimitRequestFieldsize
- LimitRequestLine
- RLimitCPU
- RLimitMEM
- RLimitNPROC
- RLimitNOFILE
- ThreadStackSize
-
- -

The LimitRequest* directives are used to place - limits on the amount of resources Apache will use in reading - requests from clients. By limiting these values, some kinds of - denial of service attacks can be mitigated.

- -

The RLimit* directives are used to limit the - amount of resources which can be used by processes forked off - from the Apache children. In particular, this will control - resources used by CGI scripts and SSI exec commands.

- -

The ThreadStackSize directive is used only on - Netware to control the stack size.

-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/sitemap.html b/usr.sbin/httpd/htdocs/manual/sitemap.html deleted file mode 100644 index 1ac33ed1d72..00000000000 --- a/usr.sbin/httpd/htdocs/manual/sitemap.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - Site Map - - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Site Map

- - - -
- -

Apache HTTP Server

- Index - - - - diff --git a/usr.sbin/httpd/htdocs/manual/stopping.html b/usr.sbin/httpd/htdocs/manual/stopping.html deleted file mode 100644 index 8b840ced617..00000000000 --- a/usr.sbin/httpd/htdocs/manual/stopping.html +++ /dev/null @@ -1,207 +0,0 @@ - - - - - - - - Stopping and Restarting Apache - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Stopping and Restarting Apache

- -

You will notice many httpd executables running - on your system, but you should not send signals to any of them - except the parent, whose pid is in the PidFile. That is to say you - shouldn't ever need to send signals to any process except the - parent. There are three signals that you can send the parent: - TERM, HUP, and USR1, - which will be described in a moment.

- -

To send a signal to the parent you should issue a command - such as:

- -
-
-    kill -TERM `cat /usr/local/apache/logs/httpd.pid`
-
-
- You can read about its progress by issuing: - -
-
-    tail -f /usr/local/apache/logs/error_log
-
-
- Modify those examples to match your ServerRoot and PidFile settings. - -

As of Apache 1.3 we provide a script called apachectl which can be used - to start, stop, and restart Apache. It may need a little - customization for your system, see the comments at the top of - the script.

- -

TERM Signal: stop now

- -

Sending the TERM signal to the parent causes it - to immediately attempt to kill off all of its children. It may - take it several seconds to complete killing off its children. - Then the parent itself exits. Any requests in progress are - terminated, and no further requests are served.

- -

HUP Signal: restart now

- -

Sending the HUP signal to the parent causes it - to kill off its children like in TERM but the - parent doesn't exit. It re-reads its configuration files, and - re-opens any log files. Then it spawns a new set of children - and continues serving hits.

- -

Users of the status module - will notice that the server statistics are set to zero when a - HUP is sent.

- -

Note: If your configuration file has errors - in it when you issue a restart then your parent will not - restart, it will exit with an error. See below for a method of - avoiding this.

- -

USR1 Signal: graceful restart

- -

Note: prior to release 1.2b9 this code is - quite unstable and shouldn't be used at all.

- -

The USR1 signal causes the parent process to - advise the children to exit after their current - request (or to exit immediately if they're not serving - anything). The parent re-reads its configuration files and - re-opens its log files. As each child dies off the parent - replaces it with a child from the new generation of - the configuration, which begins serving new requests - immediately.

- -

This code is designed to always respect the MaxClients, MinSpareServers, and - MaxSpareServers - settings. Furthermore, it respects StartServers in the - following manner: if after one second at least StartServers new - children have not been created, then create enough to pick up - the slack. This is to say that the code tries to maintain both - the number of children appropriate for the current load on the - server, and respect your wishes with the StartServers - parameter.

- -

Users of the status module - will notice that the server statistics are not - set to zero when a USR1 is sent. The code was - written to both minimize the time in which the server is unable - to serve new requests (they will be queued up by the operating - system, so they're not lost in any event) and to respect your - tuning parameters. In order to do this it has to keep the - scoreboard used to keep track of all children across - generations.

- -

The status module will also use a G to indicate - those children which are still serving requests started before - the graceful restart was given.

- -

At present there is no way for a log rotation script using - USR1 to know for certain that all children writing - the pre-restart log have finished. We suggest that you use a - suitable delay after sending the USR1 signal - before you do anything with the old log. For example if most of - your hits take less than 10 minutes to complete for users on - low bandwidth links then you could wait 15 minutes before doing - anything with the old log.

- -

Note: If your configuration file has errors - in it when you issue a restart then your parent will not - restart, it will exit with an error. In the case of graceful - restarts it will also leave children running when it exits. - (These are the children which are "gracefully exiting" by - handling their last request.) This will cause problems if you - attempt to restart the server -- it will not be able to bind to - its listening ports. Before doing a restart, you can check the - syntax of the configuration files with the -t - command line argument (see httpd ). This still will not - guarantee that the server will restart correctly. To check the - semantics of the configuration files as well as the syntax, you - can try starting httpd as a non-root user. If there are no - errors it will attempt to open its sockets and logs and fail - because it's not root (or because the currently running httpd - already has those ports bound). If it fails for any other - reason then it's probably a config file error and the error - should be fixed before issuing the graceful restart.

- -

Appendix: signals and race conditions

- -

Prior to Apache 1.2b9 there were several race - conditions involving the restart and die signals (a simple - description of race condition is: a time-sensitive problem, as - in if something happens at just the wrong time it won't behave - as expected). For those architectures that have the "right" - feature set we have eliminated as many as we can. But it should - be noted that there still do exist race conditions on certain - architectures.

- -

Architectures that use an on disk ScoreBoardFile have the - potential to corrupt their scoreboards. This can result in the - "bind: Address already in use" (after HUP) or - "long lost child came home!" (after USR1). The - former is a fatal error, while the latter just causes the - server to lose a scoreboard slot. So it might be advisable to - use graceful restarts, with an occasional hard restart. These - problems are very difficult to work around, but fortunately - most architectures do not require a scoreboard file. See the ScoreBoardFile - documentation for a architecture uses it.

- -

NEXT and MACHTEN (68k only) have - small race conditions which can cause a restart/die signal to - be lost, but should not cause the server to do anything - otherwise problematic. - -

- -

All architectures have a small race condition in each child - involving the second and subsequent requests on a persistent - HTTP connection (KeepAlive). It may exit after reading the - request line but before reading any of the request headers. - There is a fix that was discovered too late to make 1.2. In - theory this isn't an issue because the KeepAlive client has to - expect these events because of network latencies and server - timeouts. In practice it doesn't seem to affect anything either - -- in a test case the server was restarted twenty times per - second and clients successfully browsed the site without - getting broken images or empty documents. -

- -

Apache HTTP Server

- Index - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/suexec.html b/usr.sbin/httpd/htdocs/manual/suexec.html deleted file mode 100644 index a5156ac40f3..00000000000 --- a/usr.sbin/httpd/htdocs/manual/suexec.html +++ /dev/null @@ -1,613 +0,0 @@ - - - - - - - - Apache suEXEC Support - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Apache suEXEC Support

- -
    -
  1. CONTENTS
    2. - -
  2. What is suEXEC?
    3. - -
  3. Before we begin.
    4. - -
  4. suEXEC Security Model.
    5. - -
  5. Configuring & Installing - suEXEC
    6. - -
  6. Enabling & Disabling - suEXEC
    7. - -
  7. Using suEXEC
    8. - -
  8. Debugging suEXEC
    9. - -
  9. Beware the Jabberwock: Warnings - & Examples
    10. -
- -

What is suEXEC?

- -

The suEXEC feature -- - introduced in Apache 1.2 -- provides Apache users the ability - to run CGI and SSI programs - under user IDs different from the user ID of the calling - web-server. Normally, when a CGI or SSI program executes, it - runs as the same user who is running the web server.

- -

Used properly, this feature can reduce - considerably the security risks involved with allowing users to - develop and run private CGI or SSI programs. However, if suEXEC - is improperly configured, it can cause any number of problems - and possibly create new holes in your computer's security. If - you aren't familiar with managing setuid root programs and the - security issues they present, we highly recommend that you not - consider using suEXEC.

- -

BACK TO - CONTENTS

- -

Before we begin.

- -

Before jumping head-first into this document, - you should be aware of the assumptions made on the part of the - Apache Group and this document.

- -

First, it is assumed that you are using a UNIX - derivate operating system that is capable of - setuid and setgid operations. - All command examples are given in this regard. Other platforms, - if they are capable of supporting suEXEC, may differ in their - configuration.

- -

Second, it is assumed you are familiar with - some basic concepts of your computer's security and its - administration. This involves an understanding of - setuid/setgid operations and the various - effects they may have on your system and its level of - security.

- -

Third, it is assumed that you are using an - unmodified version of suEXEC code. All code - for suEXEC has been carefully scrutinized and tested by the - developers as well as numerous beta testers. Every precaution - has been taken to ensure a simple yet solidly safe base of - code. Altering this code can cause unexpected problems and new - security risks. It is highly recommended that - you do not alter the suEXEC code unless you are well versed in - the particulars of security programming and are willing to share - your work with the Apache Group for consideration.

- -

Fourth, and last, it has been the decision of - the Apache Group to NOT make suEXEC part of - the default installation of Apache. To this end, suEXEC - configuration requires careful attention to details from the - administrator. After due consideration has been given to the - various settings for suEXEC, the administrator may install - suEXEC through normal installation methods. The values for - these settings need to be carefully determined and specified by - the administrator to properly maintain system security during - the use of suEXEC functionality. It is through this detailed - process that the Apache Group hopes to limit suEXEC - installation only to those who are careful and determined - enough to use it.

- -

Still with us? Yes? Good. Let's move on!

- -

BACK TO - CONTENTS

- -

suEXEC Security Model

- -

Before we begin configuring and installing - suEXEC, we will first discuss the security model you are about - to implement. By doing so, you may better understand what - exactly is going on inside suEXEC and what precautions are - taken to ensure your system's security.

- -

suEXEC is based on a setuid - "wrapper" program that is called by the main Apache web server. - This wrapper is called when an HTTP request is made for a CGI - or SSI program that the administrator has designated to run as - a userid other than that of the main server. When such a - request is made, Apache provides the suEXEC wrapper with the - program's name and the user and group IDs under which the - program is to execute.

- -

The wrapper then employs the following process - to determine success or failure -- if any one of these - conditions fail, the program logs the failure and exits with an - error, otherwise it will continue:

- -
    -
  1. - Was the wrapper called with the proper number of - arguments? - -
    - The wrapper will only execute if it is given the proper - number of arguments. The proper argument format is known - to the Apache web server. If the wrapper is not receiving - the proper number of arguments, it is either being - hacked, or there is something wrong with the suEXEC - portion of your Apache binary. -
    -
    2. - -
  2. - Is the user executing this wrapper a valid user of - this system? - -
    - This is to ensure that the user executing the wrapper is - truly a user of the system. -
    -
    3. - -
  3. - Is this valid user allowed to run the - wrapper? - -
    - Is this user the user allowed to run this wrapper? Only - one user (the Apache user) is allowed to execute this - program. -
    -
    4. - -
  4. - Does the target program have an unsafe hierarchical - reference? - -
    - Does the target program contain a leading '/' or have a - '..' backreference? These are not allowed; the target - program must reside within the Apache webspace. -
    -
    5. - -
  5. - Is the target user name valid? - -
    - Does the target user exist? -
    -
    6. - -
  6. - Is the target group name valid? - -
    - Does the target group exist? -
    -
    7. - -
  7. - Is the target user NOT superuser? - - -
    - Presently, suEXEC does not allow 'root' to execute - CGI/SSI programs. -
    -
    8. - -
  8. - Is the target userid ABOVE the minimum ID - number? - -
    - The minimum user ID number is specified during - configuration. This allows you to set the lowest possible - userid that will be allowed to execute CGI/SSI programs. - This is useful to block out "system" accounts. -
    -
    9. - -
  9. - Is the target group NOT the superuser - group? - -
    - Presently, suEXEC does not allow the 'root' group to - execute CGI/SSI programs. -
    -
    10. - -
  10. - Is the target groupid ABOVE the minimum ID - number? - -
    - The minimum group ID number is specified during - configuration. This allows you to set the lowest possible - groupid that will be allowed to execute CGI/SSI programs. - This is useful to block out "system" groups. -
    -
    11. - -
  11. - Can the wrapper successfully become the target user - and group? - -
    - Here is where the program becomes the target user and - group via setuid and setgid calls. The group access list - is also initialized with all of the groups of which the - user is a member. -
    -
    12. - -
  12. - Does the directory in which the program resides - exist? - -
    - If it doesn't exist, it can't very well contain files. -
    -
    13. - -
  13. - Is the directory within the Apache - webspace? - -
    - If the request is for a regular portion of the server, is - the requested directory within the server's document - root? If the request is for a UserDir, is the requested - directory within the user's document root? -
    -
    14. - -
  14. - Is the directory NOT writable by anyone - else? - -
    - We don't want to open up the directory to others; only - the owner user may be able to alter this directories - contents. -
    -
    15. - -
  15. - Does the target program exist? - -
    - If it doesn't exists, it can't very well be executed. -
    -
    16. - -
  16. - Is the target program NOT writable by - anyone else? - -
    - We don't want to give anyone other than the owner the - ability to change the program. -
    -
    17. - -
  17. - Is the target program NOT setuid or - setgid? - -
    - We do not want to execute programs that will then change - our UID/GID again. -
    -
    18. - -
  18. - Is the target user/group the same as the program's - user/group? - -
    - Is the user the owner of the file? -
    -
    19. - -
  19. - Can we successfully clean the process environment - to ensure safe operations? - -
    - suEXEC cleans the process' environment by establishing a - safe execution PATH (defined during configuration), as - well as only passing through those variables whose names - are listed in the safe environment list (also created - during configuration). -
    -
    20. - -
  20. - Can we successfully become the target program and - execute? - -
    - Here is where suEXEC ends and the target program begins. -
    -
    21. -
- -

This is the standard operation of the - suEXEC wrapper's security model. It is somewhat stringent and - can impose new limitations and guidelines for CGI/SSI design, - but it was developed carefully step-by-step with security in - mind.

- -

For more information as to how this security - model can limit your possibilities in regards to server - configuration, as well as what security risks can be avoided - with a proper suEXEC setup, see the "Beware the Jabberwock" section of this - document.

- -

BACK TO - CONTENTS

- -

Configuring & Installing - suEXEC

- -

APACI's suEXEC configuration - options
-

- -
-
--enable-suexec
- -
This option enables the suEXEC feature which is never - installed or activated by default. At least one - --suexec-xxxxx option has to be provided together with the - --enable-suexec option to let APACI accept your request for - using the suEXEC feature.
- -
--suexec-caller=UID
- -
The username under which - Apache normally runs. This is the only user allowed to - execute this program.
- -
--suexec-docroot=DIR
- -
Define as the DocumentRoot set for Apache. This will be - the only hierarchy (aside from UserDirs) that can be used for - suEXEC behavior. The default directory is the --datadir value - with the suffix "/htdocs", e.g. if you configure - with "--datadir=/home/apache" the directory - "/home/apache/htdocs" is used as document root for the suEXEC - wrapper.
- -
--suexec-logfile=FILE
- -
This defines the filename to which all suEXEC - transactions and errors are logged (useful for auditing and - debugging purposes). By default the logfile is named - "suexec_log" and located in your standard logfile directory - (--logfiledir).
- -
--suexec-userdir=DIR
- -
Define to be the subdirectory under users' home - directories where suEXEC access should be allowed. All - executables under this directory will be executable by suEXEC - as the user so they should be "safe" programs. If you are - using a "simple" UserDir directive (ie. one without a "*" in - it) this should be set to the same value. suEXEC will not - work properly in cases where the UserDir directive points to - a location that is not the same as the user's home directory - as referenced in the passwd file. Default value is - "public_html".
- If you have virtual hosts with a different UserDir for each, - you will need to define them to all reside in one parent - directory; then name that parent directory here. If - this is not defined properly, "~userdir" cgi requests will - not work!
- -
--suexec-uidmin=UID
- -
Define this as the lowest UID allowed to be a target user - for suEXEC. For most systems, 500 or 100 is common. Default - value is 100.
- -
--suexec-gidmin=GID
- -
Define this as the lowest GID allowed to be a target - group for suEXEC. For most systems, 100 is common and - therefore used as default value.
- -
--suexec-safepath=PATH
- -
Define a safe PATH environment to pass to CGI - executables. Default value is - "/usr/local/bin:/usr/bin:/bin".
-
- -

Checking your suEXEC - setup
- Before you compile and install the suEXEC wrapper you can - check the configuration with the --layout option.
- Example output:

-
-    suEXEC setup:
-            suexec binary: /usr/local/apache/sbin/suexec
-            document root: /usr/local/apache/share/htdocs
-           userdir suffix: public_html
-                  logfile: /usr/local/apache/var/log/suexec_log
-                safe path: /usr/local/bin:/usr/bin:/bin
-                caller ID: www
-          minimum user ID: 100
-         minimum group ID: 100
-
- -

Compiling and installing the suEXEC - wrapper
- If you have enabled the suEXEC feature with the - --enable-suexec option the suexec binary (together with Apache - itself) is automatically built if you execute the command - "make".
- After all components have been built you can execute the - command "make install" to install them. The binary image - "suexec" is installed in the directory defined by the --sbindir - option. Default location is - "/usr/local/apache/sbin/suexec".
- Please note that you need root - privileges for the installation step. In order - for the wrapper to set the user ID, it must be installed as - owner root and must have the setuserid - execution bit set for file modes.

- -

BACK TO - CONTENTS

- -

Enabling & Disabling - suEXEC

- -

Upon startup of Apache, it looks for the file - "suexec" in the "sbin" directory (default is - "/usr/local/apache/sbin/suexec"). If Apache finds a properly - configured suEXEC wrapper, it will print the following message - to the error log:

-
-    [notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)
-
- -

If you don't see this message at server startup, the server - is most likely not finding the wrapper program where it expects - it, or the executable is not installed setuid - root.
- If you want to enable the suEXEC mechanism for the first time - and an Apache server is already running you must kill and - restart Apache. Restarting it with a simple HUP or USR1 signal - will not be enough.
- If you want to disable suEXEC you should kill and restart - Apache after you have removed the "suexec" file.

- -

BACK TO - CONTENTS

- -

Using suEXEC

- -

Virtual Hosts:
- One way to use the suEXEC wrapper is through the User and Group directives in VirtualHost definitions. - By setting these directives to values different from the main - server user ID, all requests for CGI resources will be executed - as the User and Group defined for that - <VirtualHost>. If only one or neither of - these directives are specified for a - <VirtualHost> then the main server userid is - assumed.

- -

User directories:
- The suEXEC wrapper can also be used to execute CGI programs as - the user to which the request is being directed. This is - accomplished by using the "~" - character prefixing the user ID for whom execution is desired. - The only requirement needed for this feature to work is for CGI - execution to be enabled for the user and that the script must - meet the scrutiny of the security checks - above.

- -

BACK TO - CONTENTS

- -

Debugging suEXEC

- -

The suEXEC wrapper will write log information - to the file defined with the --suexec-logfile option as - indicated above. If you feel you have configured and installed - the wrapper properly, have a look at this log and the error_log - for the server to see where you may have gone astray.

- -

BACK TO - CONTENTS

- -

Beware the Jabberwock: - Warnings & Examples

- -

NOTE! This section may not be - complete. For the latest revision of this section of the - documentation, see the Apache Group's Online - Documentation version.

- -

There are a few points of interest regarding - the wrapper that can cause limitations on server setup. Please - review these before submitting any "bugs" regarding suEXEC.

- -
    -
  • suEXEC Points Of Interest
    • - -
  • - Hierarchy limitations - -
    - For security and efficiency reasons, all suexec requests - must remain within either a top-level document root for - virtual host requests, or one top-level personal document - root for userdir requests. For example, if you have four - VirtualHosts configured, you would need to structure all - of your VHosts' document roots off of one main Apache - document hierarchy to take advantage of suEXEC for - VirtualHosts. (Example forthcoming.) -
    -
    • - -
  • - suEXEC's PATH environment variable - -
    - This can be a dangerous thing to change. Make certain - every path you include in this define is a - trusted directory. You don't want to - open people up to having someone from across the world - running a trojan horse on them. -
    -
    • - -
  • - Altering the suEXEC code - -
    - Again, this can cause Big Trouble if you - try this without knowing what you are doing. Stay away - from it if at all possible. -
    -
    • -
- -

BACK TO - CONTENTS

-
- -

Apache HTTP Server

- Index - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/urlmapping.html b/usr.sbin/httpd/htdocs/manual/urlmapping.html deleted file mode 100644 index 09dd304ec93..00000000000 --- a/usr.sbin/httpd/htdocs/manual/urlmapping.html +++ /dev/null @@ -1,307 +0,0 @@ - - - - - - - Mapping URLs to Filesystem Locations - Apache HTTP - Server - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server

-
- - - -

Mapping URLs to Filesystem Locations

- -

This document explains how Apache uses the URL of a request - to determine the filesystem location from which to serve a - file.

- - -
- - - - - - - -
Related Modules
-
- mod_alias
- mod_rewrite
- mod_userdir
- mod_speling
- mod_vhost_alias
- 		Related Directives
-
- Alias
- AliasMatch
- CheckSpelling
- DocumentRoot
- ErrorDocument
- Options
- Redirect
- RedirectMatch
- RewriteCond
- RewriteRule
- ScriptAlias
- ScriptAliasMatch
- UserDir
-
- -

DocumentRoot

- -

In deciding what file to serve for a given request, Apache's - default behavior is to take the URL-Path for the request (the - part of the URL following the hostname and port) and add it to - the end of the DocumentRoot specified in - your configuration files. Therefore, the files and directories - underneath the DocumentRoot make up the basic - document tree that will be visible from the web.

- -

Apache is also capable of Virtual - Hosting, where the server receives requests for more than - one host. In this case, a different DocumentRoot - can be specified for each virtual host, or alternatively, the - directives provided by the module mod_vhost_alias can be used - to dynamically determine the appropriate place from which to - serve content based on the requested IP address or - hostname.

- -

Files Outside the - DocumentRoot

- -

There are frequently circumstances where it is necessary to - allow web access to parts of the filesystem that are not - strictly underneath the DocumentRoot. Apache - offers several different ways to accomplish this. On Unix - systems, symbolic links can bring other parts of the filesystem - under the DocumentRoot. For security reasons, - Apache will follow symbolic links only if the Options setting for the - relevant directory includes FollowSymLinks or - SymLinksIfOwnerMatch.

- -

Alternatively, the Alias directive will map - any part of the filesystem into the web space. For example, - with

- -
- Alias /docs /var/web -
- -

the URL - http://www.example.com/docs/dir/file.html will be - served from /var/web/dir/file.html. The ScriptAlias directive - works the same way, with the additional effect that all content - located at the target path is treated as CGI scripts.

- -

For situations where you require additional flexibility, you - can use the AliasMatch and ScriptAliasMatch - directives to do powerful regular-expression based - matching and substitution. For example,

- -
- ScriptAliasMatch ^/~([^/]*)/cgi-bin/(.*) - /home/$1/cgi-bin/$2 -
- -

will map a request to - http://example.com/~user/cgi-bin/script.cgi to the - path /home/user/cgi-bin/script.cgi and will treat - the resulting file as a CGI script.

- -

User Directories

- -

Traditionally on Unix systems, the home directory of a - particular user can be referred to as - ~user/. The module mod_userdir extends this idea - to the web by allowing files under each user's home directory - to be accessed using URLs such as the following.

- -
- http://www.example.com/~user/file.html -
- -

For security reasons, it is inappropriate to give direct - access to a user's home directory from the web. Therefore, the - UserDir directive - specifies a directory underneath the user's home directory - where web files are located. Using the default setting of - Userdir public_html, the above URL maps to a file - at a directory like - /home/user/public_html/file.html where - /home/user/ is the user's home directory as - specified in /etc/passwd.

- -

There are also several other forms of the - Userdir directive which you can use on systems - where /etc/passwd does not contain the location of - the home directory.

- -

Some people find the "~" symbol (which is often encoded on - the web as %7e) to be awkward and prefer to use an - alternate string to represent user directories. This - functionality is not supported by mod_userdir. However, if - users' home directories are structured in a regular way, then - it is possible to use the AliasMatch directive - to achieve the desired effect. For example, to make - http://www.example.com/upages/user/file.html map - to /home/user/public_html/file.html, use the - following AliasMatch directive:

- -
- AliasMatch ^/upages/([^/]*)/?(.*) - /home/$1/public_html/$2 -
- -

URL Redirection

- -

The configuration directives discussed in the above sections - tell Apache to get content from a specific place in the - filesystem and return it to the client. Sometimes, it is - desirable instead to inform the client that the requested - content is located at a different URL, and instruct the client - to make a new request with the new URL. This is called - redirection and is implemented by the Redirect directive. For - example, if the contents of the directory /foo/ - under the DocumentRoot are moved to the new - directory /bar/, you can instruct clients to - request the content at the new location as follows:

- -
- Redirect permanent /foo/ - http://www.example.com/bar/ -
- -

This will redirect any URL-Path starting in - /foo/ to the same URL path on the - www.example.com server with /bar/ - substituted for /foo/. You can redirect clients to - any server, not only the origin server.

- -

Apache also provides a RedirectMatch - directive for more complicated rewriting problems. For example, - to redirect requests for the site home page to a different - site, but leave all other requests alone, use the following - configuration:

- -
- RedirectMatch permanent ^/$ - http://www.example.com/startpage.html -
- -

Alternatively, to temporarily redirect all pages on one site - to a particular page on another site, use the following:

- -
- RedirectMatch temp .* - http://othersite.example.com/startpage.html -
- -

Rewriting Engine

- -

When even more powerful substitution is required, the - rewriting engine provided by mod_rewrite can be useful. The - directives provided by this module use characteristics of the - request such as browser type or source IP address in deciding - from where to serve content. In addition, mod_rewrite can use - external database files or programs to determine how to handle - a request. Many practical examples employing mod_rewrite are - discussed in the URL Rewriting - Guide.

- -

File Not Found

- -

Inevitably, URLs will be requested for which no matching - file can be found in the filesystem. This can happen for - several reasons. In some cases, it can be a result of moving - documents from one location to another. In this case, it is - best to use URL redirection to inform - clients of the new location of the resource. In this way, you - can assure that old bookmarks and links will continue to work, - even though the resource is at a new location.

- -

Another common cause of "File Not Found" errors is - accidental mistyping of URLs, either directly in the browser, - or in HTML links. Apache provides the module mod_speling (sic) to help with - this problem. When this module is activated, it will intercept - "File Not Found" errors and look for a resource with a similar - filename. If one such file is found, mod_speling will send an - HTTP redirect to the client informing it of the correct - location. If several "close" files are found, a list of - available alternatives will be presented to the client.

- -

An especially useful feature of mod_speling, is that it will - compare filenames without respect to case. This can help - systems where users are unaware of the case-sensitive nature of - URLs and the Unix filesystem. But using mod_speling for - anything more than the occasional URL correction can place - additional load on the server, since each "incorrect" request - is followed by a URL redirection and a new request from the - client.

- -

If all attempts to locate the content fail, Apache returns - an error page with HTTP status code 404 (file not found). The - appearance of this page is controlled with the ErrorDocument directive - and can be customized in a flexible manner as discussed in the - Custom error responses and International Server Error - Responses documents.

-
- -

Apache HTTP Server

- Index - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/details.html b/usr.sbin/httpd/htdocs/manual/vhosts/details.html deleted file mode 100644 index 4d8b277fa89..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/details.html +++ /dev/null @@ -1,407 +0,0 @@ - - - - - - - An In-Depth Discussion of Virtual Host Matching - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

An In-Depth Discussion of Virtual Host - Matching

- -

The virtual host code was completely rewritten in - Apache 1.3. This document attempts to explain - exactly what Apache does when deciding what virtual host to - serve a hit from. With the help of the new NameVirtualHost - directive virtual host configuration should be a lot easier and - safer than with versions prior to 1.3.

- -

If you just want to make it work without - understanding how, here are some - examples.

- -

Config File Parsing

- -

There is a main_server which consists of all the - definitions appearing outside of - <VirtualHost> sections. There are virtual - servers, called vhosts, which are defined by <VirtualHost> - sections.

- -

The directives Port, ServerName, - ServerPath, - and ServerAlias - can appear anywhere within the definition of a server. However, - each appearance overrides the previous appearance (within that - server).

- -

The default value of the Port field for - main_server is 80. The main_server has no default - ServerPath, or ServerAlias. The - default ServerName is deduced from the servers IP - address.

- -

The main_server Port directive has two functions due to - legacy compatibility with NCSA configuration files. One - function is to determine the default network port Apache will - bind to. This default is overridden by the existence of any Listen - directives. The second function is to specify the port number - which is used in absolute URIs during redirects.

- -

Unlike the main_server, vhost ports do not affect - what ports Apache listens for connections on.

- -

Each address appearing in the VirtualHost - directive can have an optional port. If the port is unspecified - it defaults to the value of the main_server's most recent - Port statement. The special port * - indicates a wildcard that matches any port. Collectively the - entire set of addresses (including multiple A - record results from DNS lookups) are called the vhost's - address set.

- -

Unless a NameVirtualHost - directive is used for a specific IP address the first vhost - with that address is treated as an IP-based vhost. In 1.3.13 - and later that includes the IP address *.

- -

If name-based vhosts should be used a - NameVirtualHost directive must appear - with the IP address set to be used for the name-based vhosts. - In other words, you must specify the IP address that holds the - hostname aliases (CNAMEs) for your name-based vhosts via a - NameVirtualHost directive in your configuration - file.

- -

Multiple NameVirtualHost directives can be used - each with a set of VirtualHost directives but only - one NameVirtualHost directive should be used for - each specific IP:port pair.

- -

The ordering of NameVirtualHost and - VirtualHost directives is not important which - makes the following two examples identical (only the order of - the VirtualHost directives for one - address set is important, see below):

-
-                                |
-  NameVirtualHost 111.22.33.44  | <VirtualHost 111.22.33.44>
-  <VirtualHost 111.22.33.44>    | # server A
-  # server A                | </VirtualHost>
-  ...                   | <VirtualHost 111.22.33.55>
-  </VirtualHost>          | # server C
-  <VirtualHost 111.22.33.44>    | ...
-  # server B                | </VirtualHost>
-  ...                   | <VirtualHost 111.22.33.44>
-  </VirtualHost>          | # server B
-                                | ...
-  NameVirtualHost 111.22.33.55  | </VirtualHost>
-  <VirtualHost 111.22.33.55>    | <VirtualHost 111.22.33.55>
-  # server C                | # server D
-  ...                   | ...
-  </VirtualHost>          | </VirtualHost>
-  <VirtualHost 111.22.33.55>    |
-  # server D                | NameVirtualHost 111.22.33.44
-  ...                   | NameVirtualHost 111.22.33.55
-  </VirtualHost>          |
-                                |
-
- -

(To aid the readability of your configuration you should - prefer the left variant.)

- -

After parsing the VirtualHost directive, the - vhost server is given a default Port equal to the - port assigned to the first name in its VirtualHost - directive.

- -

The complete list of names in the VirtualHost - directive are treated just like a ServerAlias (but - are not overridden by any ServerAlias statement) - if all names resolve to the same address set. Note that - subsequent Port statements for this vhost will not - affect the ports assigned in the address set.

- -

During initialization a list for each IP address is - generated and inserted into an hash table. If the IP address is - used in a NameVirtualHost directive the list - contains all name-based vhosts for the given IP address. If - there are no vhosts defined for that address the - NameVirtualHost directive is ignored and an error - is logged. For an IP-based vhost the list in the hash table is - empty.

- -

Due to a fast hashing function the overhead of hashing an IP - address during a request is minimal and almost not existent. - Additionally the table is optimized for IP addresses which vary - in the last octet.

- -

For every vhost various default values are set. In - particular:

- -
    -
  1. If a vhost has no ServerAdmin, - ResourceConfig, - AccessConfig, - Timeout, - KeepAliveTimeout, - KeepAlive, - MaxKeepAliveRequests, - or SendBufferSize - directive then the respective value is inherited from the - main_server. (That is, inherited from whatever the final - setting of that value is in the main_server.)
    2. - -
  2. The "lookup defaults" that define the default directory - permissions for a vhost are merged with those of the - main_server. This includes any per-directory configuration - information for any module.
    3. - -
  3. The per-server configs for each module from the - main_server are merged into the vhost server.
    4. -
- Essentially, the main_server is treated as "defaults" or a - "base" on which to build each vhost. But the positioning of - these main_server definitions in the config file is largely - irrelevant -- the entire config of the main_server has been - parsed when this final merging occurs. So even if a main_server - definition appears after a vhost definition it might affect the - vhost definition. - -

If the main_server has no ServerName at this - point, then the hostname of the machine that httpd is running - on is used instead. We will call the main_server address - set those IP addresses returned by a DNS lookup on the - ServerName of the main_server.

- -

For any undefined ServerName fields, a - name-based vhost defaults to the address given first in the - VirtualHost statement defining the vhost.

- -

Any vhost that includes the magic _default_ - wildcard is given the same ServerName as the - main_server.

- -

Virtual Host Matching

- -

The server determines which vhost to use for a request as - follows:

- -

Hash table lookup

- -

When the connection is first made by a client, the IP - address to which the client connected is looked up in the - internal IP hash table.

- -

If the lookup fails (the IP address wasn't found) the - request is served from the _default_ vhost if - there is such a vhost for the port to which the client sent the - request. If there is no matching _default_ vhost - the request is served from the main_server.

- -

In Apache 1.3.13 and later, if the IP address is not found - in the hash table then the match against the port number may - also result in an entry corresponding to a - NameVirtualHost *, which is subsequently handled - like other name-based vhosts.

- -

If the lookup succeeded (a corresponding list for the IP - address was found) the next step is to decide if we have to - deal with an IP-based or a name-base vhost.

- -

IP-based vhost

- -

If the entry we found has an empty name list then we have - found an IP-based vhost, no further actions are performed and - the request is served from that vhost.

- -

Name-based vhost

- -

If the entry corresponds to a name-based vhost the name list - contains one or more vhost structures. This list contains the - vhosts in the same order as the VirtualHost - directives appear in the config file.

- -

The first vhost on this list (the first vhost in the config - file with the specified IP address) has the highest priority - and catches any request to an unknown server name or a request - without a Host: header field.

- -

If the client provided a Host: header field the - list is searched for a matching vhost and the first hit on a - ServerName or ServerAlias is taken - and the request is served from that vhost. A Host: - header field can contain a port number, but Apache always - matches against the real port to which the client sent the - request.

- -

If the client submitted a HTTP/1.0 request without - Host: header field we don't know to what server - the client tried to connect and any existing - ServerPath is matched against the URI from the - request. The first matching path on the list is used and the - request is served from that vhost.

- -

If no matching vhost could be found the request is served - from the first vhost with a matching port number that is on the - list for the IP to which the client connected (as already - mentioned before).

- -

Persistent connections

- The IP lookup described above is only done once for a - particular TCP/IP session while the name lookup is done on - every request during a KeepAlive/persistent - connection. In other words a client may request pages from - different name-based vhosts during a single persistent - connection. - -

Absolute URI

- -

If the URI from the request is an absolute URI, and its - hostname and port match the main server or one of the - configured virtual hosts and match the address and - port to which the client sent the request, then the - scheme/hostname/port prefix is stripped off and the remaining - relative URI is served by the corresponding main server or - virtual host. If it does not match, then the URI remains - untouched and the request is taken to be a proxy request.

- -

Observations

- -
    -
  • A name-based vhost can never interfere with an IP-base - vhost and vice versa. IP-based vhosts can only be reached - through an IP address of its own address set and never - through any other address. The same applies to name-based - vhosts, they can only be reached through an IP address of the - corresponding address set which must be defined with a - NameVirtualHost directive.
    • - -
  • ServerAlias and ServerPath - checks are never performed for an IP-based vhost.
    • - -
  • The order of name-/IP-based, the _default_ - vhost and the NameVirtualHost directive within - the config file is not important. Only the ordering of - name-based vhosts for a specific address set is significant. - The one name-based vhosts that comes first in the - configuration file has the highest priority for its - corresponding address set.
    • - -
  • For security reasons the port number given in a - Host: header field is never used during the - matching process. Apache always uses the real port to which - the client sent the request.
    • - -
  • If a ServerPath directive exists which is a - prefix of another ServerPath directive that - appears later in the configuration file, then the former will - always be matched and the latter will never be matched. (That - is assuming that no Host: header field was - available to disambiguate the two.)
    • - -
  • If two IP-based vhosts have an address in common, the - vhost appearing first in the config file is always matched. - Such a thing might happen inadvertently. The server will give - a warning in the error logfile when it detects this.
    • - -
  • A _default_ vhost catches a request only if - there is no other vhost with a matching IP address - and a matching port number for the request. The - request is only caught if the port number to which the client - sent the request matches the port number of your - _default_ vhost which is your standard - Port by default. A wildcard port can be - specified (i.e., _default_:*) to catch - requests to any available port. In Apache 1.3.13 and later - this also applies to NameVirtualHost * - vhosts.
    • - -
  • The main_server is only used to serve a request if the IP - address and port number to which the client connected is - unspecified and does not match any other vhost (including a - _default_ vhost). In other words the main_server - only catches a request for an unspecified address/port - combination (unless there is a _default_ vhost - which matches that port).
    • - -
  • A _default_ vhost or the main_server is - never matched for a request with an unknown or - missing Host: header field if the client - connected to an address (and port) which is used for - name-based vhosts, e.g., in a - NameVirtualHost directive.
    • - -
  • You should never specify DNS names in - VirtualHost directives because it will force - your server to rely on DNS to boot. Furthermore it poses a - security threat if you do not control the DNS for all the - domains listed. There's more - information available on this and the next two - topics.
    • - -
  • ServerName should always be set for each - vhost. Otherwise A DNS lookup is required for each - vhost.
    • -
- -

Tips

- -

In addition to the tips on the DNS Issues page, here are - some further tips:

- -
    -
  • Place all main_server definitions before any - VirtualHost definitions. (This is to aid the - readability of the configuration -- the post-config merging - process makes it non-obvious that definitions mixed in around - virtual hosts might affect all virtual hosts.)
    • - -
  • Group corresponding NameVirtualHost and - VirtualHost definitions in your configuration to - ensure better readability.
    • - -
  • Avoid ServerPaths which are prefixes of - other ServerPaths. If you cannot avoid this then - you have to ensure that the longer (more specific) prefix - vhost appears earlier in the configuration file than the - shorter (less specific) prefix (i.e., "ServerPath - /abc" should appear after "ServerPath /abc/def").
    • -
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/examples.html b/usr.sbin/httpd/htdocs/manual/vhosts/examples.html deleted file mode 100644 index 6147e5ffc05..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/examples.html +++ /dev/null @@ -1,706 +0,0 @@ - - - - - - - VirtualHost Examples - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Virtual Host examples for common setups

- -

Base configuration

- - - -

Additional features

- - -
- -

Simple name-based - vhosting

- -
    -
  • Compatibility: This syntax was added in - Apache 1.3.13.
    • - -
  • - Setup: The server machine has a primary - name server.domain.tld. There are two aliases - (CNAMEs) www.domain.tld and - www.sub.domain.tld for the address - server.domain.tld. - -

    Server configuration:

    - -
    -
    -    ...
-    Port 80
-    ServerName server.domain.tld
-
-    NameVirtualHost *
-
-    <VirtualHost *>
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    </VirtualHost>
-    
-    <VirtualHost *>
-    DocumentRoot /www/subdomain
-    ServerName www.sub.domain.tld
-    ...
-    </VirtualHost> 
-   
-
    - The asterisks match all addresses, so the main server - serves no requests. Due to the fact that - www.domain.tld is first in the configuration - file, it has the highest priority and can be seen as the - default or primary server. -
    -
    • -
-
- -

More complicated name-based - vhosts

- -
    -
  • - Setup 1: The server machine has one IP - address (111.22.33.44) which resolves to the - name server.domain.tld. There are two aliases - (CNAMEs) www.domain.tld and - www.sub.domain.tld for the address - 111.22.33.44. - -

    Server configuration:

    - -
    -
    -    ...
-    Port 80
-    ServerName server.domain.tld
-
-    NameVirtualHost 111.22.33.44 
-
-    <VirtualHost 111.22.33.44>
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    </VirtualHost>
-    
-    <VirtualHost 111.22.33.44>
-    DocumentRoot /www/subdomain
-    ServerName www.sub.domain.tld
-    ...
-    </VirtualHost> 
-   
-
    - Apart from localhost there are no - unspecified addresses/ports, therefore the main server - only serves localhost requests. Due to the - fact that www.domain.tld has the highest - priority it can be seen as the default or - primary server. -
    -
    • - -
  • - Setup 2: The server machine has two IP - addresses (111.22.33.44 and - 111.22.33.55) which resolve to the names - server1.domain.tld and - server2.domain.tld respectively. The alias - www.domain.tld should be used for the main - server which should also catch any unspecified addresses. - We want to use a virtual host for the alias - www.otherdomain.tld and another virtual host, - with server name www.sub.domain.tld, should - catch any request to hostnames of the form - *.sub.domain.tld. The address - 111.22.33.55 should be used for the virtual - hosts. - -

    Server configuration:

    - -
    -
    -    ...
-    Port 80
-    ServerName www.domain.tld
-    DocumentRoot /www/domain
-
-    NameVirtualHost 111.22.33.55
-
-    <VirtualHost 111.22.33.55>
-    DocumentRoot /www/otherdomain
-    ServerName www.otherdomain.tld
-    ...
-    </VirtualHost>
-   
-    <VirtualHost 111.22.33.55>
-    DocumentRoot /www/subdomain
-    ServerName www.sub.domain.tld
-    ServerAlias *.sub.domain.tld
-    ...
-    </VirtualHost> 
-   
-
    - Any request to an address other than - 111.22.33.55 will be served from the main - server. A request to 111.22.33.55 with an - unknown or no Host: header will be served - from www.otherdomain.tld. -
    -
    • - -
  • - Setup 3: The server machine has two IP - addresses (192.168.1.1 and - 111.22.33.55). The machine is sitting between - an internal (intranet) network and an external (internet) - network. Outside of the network, the name - server1.domain.tld resolves to the external - address (111.22.33.55), but inside the - network, that same name resolves to the internal address - (192.168.1.1). - -

    The server can be made to respond to internal and - external requests with the same content, with just one - VirtualHost section.

    - -

    Server configuration:

    - -
    -
    -    ...
-    NameVirtualHost 192.168.1.1
-    NameVirtualHost 111.22.33.55
-
-    <VirtualHost 192.168.1.1 111.22.33.55>
-    DocumentRoot /www/server1
-    ServerName server1.domain.tld
-    ServerAlias server1
-    ...
-    </VirtualHost>
-   
-
    -
    - Now requests from both networks will be served from the - same VirtualHost -
    • - -
  • - Setup 4: You have multiple domains going - to the same IP and also want to serve multiple ports. By - defining the ports in the "NameVirtualHost" tag, you can - allow this to work. If you try using <VirtualHost - name:port> without the NameVirtualHost name:port or you - try to use the Port directive, your configuration will not - work. - -

    Server configuration:

    - -
    -
    -    ...   
-    NameVirtualHost 111.22.33.44:80
-    NameVirtualHost 111.22.33.44:8080
-
-    <VirtualHost 111.22.33.44:80>
-    ServerName www.domain.tld
-    DocumentRoot /www/domain-80
-    </VirtualHost>
-
-    <VirtualHost 111.22.33.44:8080>
-    ServerName www.domain.tld
-    DocumentRoot /www/domain-8080
-    </VirtualHost>
-
-    <VirtualHost 111.22.33.44:80>
-    ServerName www.otherdomain.tld
-    DocumentRoot /www/otherdomain-80
-    </VirtualHost>
-
-    <VirtualHost 111.22.33.44:8080>
-    ServerName www.otherdomain.tld
-    DocumentRoot /www/otherdomain-8080
-    </VirtualHost>
-
-   
-
    -
    -
    • -
-
- -

IP-based vhosts

- -
    -
  • - Setup 1: The server machine has two IP - addresses (111.22.33.44 and - 111.22.33.55) which resolve to the names - server.domain.tld and - www.otherdomain.tld respectively. The hostname - www.domain.tld is an alias (CNAME) for - server.domain.tld and will represent the main - server. - -

    Server configuration:

    - -
    -
    -    ...
-    Port 80
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-
-    <VirtualHost 111.22.33.55>
-    DocumentRoot /www/otherdomain
-    ServerName www.otherdomain.tld
-    ...
-    </VirtualHost>
-   
-
    - www.otherdomain.tld can only be reached - through the address 111.22.33.55, while - www.domain.tld can only be reached through - 111.22.33.44 (which represents our main - server). -
    -
    • - -
  • - Setup 2: Same as setup 1, but we don't - want to have a dedicated main server. - -

    Server configuration:

    - -
    -
    -    ...
-    Port 80
-    ServerName server.domain.tld
-    
-    <VirtualHost 111.22.33.44>
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    </VirtualHost>
-
-    <VirtualHost 111.22.33.55>
-    DocumentRoot /www/otherdomain
-    ServerName www.otherdomain.tld
-    ...
-    </VirtualHost>
-   
-
    - The main server can never catch a request, because all IP - addresses of our machine are in use for IP-based virtual - hosts (only localhost requests can hit the - main server). -
    -
    • - -
  • - Setup 3: The server machine has two IP - addresses (111.22.33.44 and - 111.22.33.55) which resolve to the names - server.domain.tld and - www-cache.domain.tld respectively. The - hostname www.domain.tld is an alias (CNAME) - for server.domain.tld and will represent the - main server. www-cache.domain.tld will become - our proxy-cache listening on port 8080, while the web - server itself uses the default port 80. - -

    Server configuration:

    - -
    -
    -    ...
-    Port 80
-    Listen 111.22.33.44:80
-    Listen 111.22.33.55:8080
-    ServerName server.domain.tld
-    
-    <VirtualHost 111.22.33.44:80>
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    </VirtualHost>
-
-    <VirtualHost 111.22.33.55:8080>
-    ServerName www-cache.domain.tld
-    ...
-      <Directory proxy:>
-      Order Deny,Allow
-      Deny from all
-      Allow from 111.22.33
-      </Directory>
-    </VirtualHost>
-   
-
    - The main server can never catch a request, because all IP - addresses (apart from localhost) of our - machine are in use for IP-based virtual hosts. The web - server can only be reached on the first address through - port 80 and the proxy only on the second address through - port 8080. -
    -
    • -
-
- -

Mixed name-/IP-based - vhosts

- -
    -
  • - Setup: The server machine has three IP - addresses (111.22.33.44, - 111.22.33.55 and 111.22.33.66) - which resolve to the names server.domain.tld, - www.otherdomain1.tld and - www.otherdomain2.tld respectively. The address - 111.22.33.44 should be used for a couple of - name-based vhosts and the other addresses for IP-based - vhosts. - -

    Server configuration:

    - -
    -
    -    ...
-    Port 80
-    ServerName server.domain.tld
-
-    NameVirtualHost 111.22.33.44
-
-    <VirtualHost 111.22.33.44>
-    DocumentRoot /www/domain
-    ServerName www.domain.tld
-    ...
-    </VirtualHost>
-   
-    <VirtualHost 111.22.33.44>
-    DocumentRoot /www/subdomain1
-    ServerName www.sub1.domain.tld
-    ...
-    </VirtualHost> 
-    
-    <VirtualHost 111.22.33.44>
-    DocumentRoot /www/subdomain2
-    ServerName www.sub2.domain.tld
-    ...
-    </VirtualHost> 
- 
-    <VirtualHost 111.22.33.55>
-    DocumentRoot /www/otherdomain1
-    ServerName www.otherdomain1.tld
-    ...
-    </VirtualHost> 
-    
-    <VirtualHost 111.22.33.66>
-    DocumentRoot /www/otherdomain2
-    ServerName www.otherdomain2.tld
-    ...
-    </VirtualHost>     
-   
-
    -
    -
    • -
-
- -

Port-based vhosts

- -
    -
  • - Setup: The server machine has one IP - address (111.22.33.44) which resolves to the - name www.domain.tld. If we don't have the - option to get another address or alias for our server we - can use port-based vhosts if we need a virtual host with a - different configuration. - -

    Server configuration:

    - -
    -
    -    ...
-    Listen 80
-    Listen 8080
-    ServerName www.domain.tld
-    DocumentRoot /www/domain
-
-    <VirtualHost 111.22.33.44:8080>
-    DocumentRoot /www/domain2
-    ...
-    </VirtualHost>
-   
-
    - A request to www.domain.tld on port 80 is - served from the main server and a request to port 8080 is - served from the virtual host. -
    -
    • -
-
- -

Using _default_ - vhosts

- -
    -
  • - Setup 1: Catching every request - to any unspecified IP address and port, i.e., an - address/port combination that is not used for any other - virtual host. - -

    Server configuration:

    - -
    -
    -    ...
-    <VirtualHost _default_:*>
-    DocumentRoot /www/default
-    ...
-    </VirtualHost>
-   
-
    - Using such a default vhost with a wildcard port - effectively prevents any request going to the main - server.
    - A default vhost never serves a request that was sent to - an address/port that is used for name-based vhosts. If - the request contained an unknown or no Host: - header it is always served from the primary name-based - vhost (the vhost for that address/port appearing first in - the configuration file).
    - You can use AliasMatch - or RewriteRule - to rewrite any request to a single information page (or - script). -
    -
    • - -
  • - Setup 2: Same as setup 1, but the server - listens on several ports and we want to use a second - _default_ vhost for port 80. - -

    Server configuration:

    - -
    -
    -    ...
-    <VirtualHost _default_:80>
-    DocumentRoot /www/default80
-    ...
-    </VirtualHost>
-    
-    <VirtualHost _default_:*>
-    DocumentRoot /www/default
-    ...
-    </VirtualHost>    
-   
-
    - The default vhost for port 80 (which must appear - before any default vhost with a wildcard port) catches - all requests that were sent to an unspecified IP address. - The main server is never used to serve a request. -
    -
    • - -
  • - Setup 3: We want to have a default vhost - for port 80, but no other default vhosts. - -

    Server configuration:

    - -
    -
    -    ...
-    <VirtualHost _default_:80>
-    DocumentRoot /www/default
-    ...
-    </VirtualHost>
-   
-
    - A request to an unspecified address on port 80 is served - from the default vhost any other request to an - unspecified address and port is served from the main - server. -
    -
    • -
-
- -

Migrating a name-based vhost - to an IP-based vhost

- -
    -
  • - Setup: The name-based vhost with the - hostname www.otherdomain.tld (from our name-based example, setup 2) should get - its own IP address. To avoid problems with name servers or - proxies who cached the old IP address for the name-based - vhost we want to provide both variants during a migration - phase.
    - The solution is easy, because we can simply add the new IP - address (111.22.33.66) to the - VirtualHost directive. - -

    Server configuration:

    - -
    -
    -    ...
-    Port 80
-    ServerName www.domain.tld
-    DocumentRoot /www/domain
-
-    NameVirtualHost 111.22.33.55
-
-    <VirtualHost 111.22.33.55 111.22.33.66>
-    DocumentRoot /www/otherdomain
-    ServerName www.otherdomain.tld
-    ...
-    </VirtualHost>
-   
-    <VirtualHost 111.22.33.55>
-    DocumentRoot /www/subdomain
-    ServerName www.sub.domain.tld
-    ServerAlias *.sub.domain.tld
-    ...
-    </VirtualHost>
-   
-
    - The vhost can now be accessed through the new address (as - an IP-based vhost) and through the old address (as a - name-based vhost). -
    -
    • -
-
- -

Using the - ServerPath directive

- -
    -
  • - Setup: We have a server with two - name-based vhosts. In order to match the correct virtual - host a client must send the correct Host: - header. Old HTTP/1.0 clients do not send such a header and - Apache has no clue what vhost the client tried to reach - (and serves the request from the primary vhost). To provide - as much backward compatibility as possible we create a - primary vhost which returns a single page containing links - with an URL prefix to the name-based virtual hosts. - -

    Server configuration:

    - -
    -
    -    ...
-    NameVirtualHost 111.22.33.44
-
-    <VirtualHost 111.22.33.44>
-    # primary vhost
-    DocumentRoot /www/subdomain
-    RewriteEngine On
-    RewriteRule ^/.* /www/subdomain/index.html
-    ...
-    </VirtualHost>
-
-    <VirtualHost 111.22.33.44>
-    DocumentRoot /www/subdomain/sub1
-    ServerName www.sub1.domain.tld
-    ServerPath /sub1/
-    RewriteEngine On
-    RewriteRule ^(/sub1/.*) /www/subdomain$1 
-    ...
-    </VirtualHost>
-
-    <VirtualHost 111.22.33.44>
-    DocumentRoot /www/subdomain/sub2
-    ServerName www.sub2.domain.tld
-    ServerPath /sub2/
-    RewriteEngine On
-    RewriteRule ^(/sub2/.*) /www/subdomain$1 
-    ...
-    </VirtualHost>
-   
-
    - Due to the ServerPath - directive a request to the URL - http://www.sub1.domain.tld/sub1/ is - always served from the sub1-vhost.
    - A request to the URL - http://www.sub1.domain.tld/ is only served - from the sub1-vhost if the client sent a correct - Host: header. If no Host: - header is sent the client gets the information page from - the primary host.
    - Please note that there is one oddity: A request to - http://www.sub2.domain.tld/sub1/ is also - served from the sub1-vhost if the client sent no - Host: header.
    - The RewriteRule directives are used to make - sure that a client which sent a correct - Host: header can use both URL variants, - i.e., with or without URL prefix. -
    -
    • -
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/fd-limits.html b/usr.sbin/httpd/htdocs/manual/vhosts/fd-limits.html deleted file mode 100644 index b548c1606b8..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/fd-limits.html +++ /dev/null @@ -1,87 +0,0 @@ - - - - - - - - Apache Server Virtual Host Support - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

File Descriptor Limits

- -

When using a large number of Virtual Hosts, Apache may run - out of available file descriptors (sometimes called file - handles if each Virtual Host specifies different log - files. The total number of file descriptors used by Apache is - one for each distinct error log file, one for every other log - file directive, plus 10-20 for internal use. Unix operating - systems limit the number of file descriptors that may be used - by a process; the limit is typically 64, and may usually be - increased up to a large hard-limit.

- -

Although Apache attempts to increase the limit as required, - this may not work if:

- -
    -
  1. Your system does not provide the setrlimit() system - call.
    2. - -
  2. The setrlimit(RLIMIT_NOFILE) call does not function on - your system (such as Solaris 2.3)
    3. - -
  3. The number of file descriptors required exceeds the hard - limit.
    4. - -
  4. Your system imposes other limits on file descriptors, - such as a limit on stdio streams only using file descriptors - below 256. (Solaris 2)
    5. -
- In the event of problems you can: - -
    -
  • Reduce the number of log files; don't specify log files - in the VirtualHost sections, but only log to the main log - files.
    • - -
  • - If you system falls into 1 or 2 (above), then increase the - file descriptor limit before starting Apache, using a - script like - -
    - #!/bin/sh
    - ulimit -S -n 100
    - exec httpd     -
    -
    • -
- -

Please see the Descriptors and Apache - document containing further details about file descriptor - problems and how they can be solved on your operating - system.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/host.html b/usr.sbin/httpd/htdocs/manual/vhosts/host.html deleted file mode 100644 index 4a09c6c5437..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/host.html +++ /dev/null @@ -1,183 +0,0 @@ - - - - - - - Apache non-IP Virtual Hosts - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache non-IP Virtual Hosts

- See Also: Virtual - Host Support -
- -

What is a Virtual Host

- -

The "Virtual Host" refers to the practice of maintaining - more than one server on one machine, as differentiated by their - apparent hostname. For example, it is often desirable for - companies sharing a web server to have their own domains, with - web servers accessible as www.company1.com and - www.company2.com, without requiring the user to - know any extra path information.

- -

Apache was one of the first servers to support virtual hosts - right out of the box, but since the base HTTP - (HyperText Transport Protocol) standard does not allow any - method for the server to determine the hostname it is being - addressed as, Apache's virtual host support has required a - separate IP address for each server. Documentation on using - this approach (which still works very well) is available.

- -

While the approach described above works, with the available - IP address space growing smaller, and the number of domains - increasing, it is not the most elegant solution, and is hard to - implement on some machines. The HTTP/1.1 protocol - contains a method for the server to identify what name it is - being addressed as. Apache 1.1 and later support this approach - as well as the traditional IP-address-per-hostname method.

- -

The benefits of using the new virtual host support is a - practically unlimited number of servers, ease of configuration - and use, and requires no additional hardware or software. The - main disadvantage is that the user's browser must support this - part of the protocol. The latest versions of many browsers - (including Netscape Navigator 2.0 and later) do, but many - browsers, especially older ones, do not. This can cause - problems, although a possible solution is addressed below.

- -

Using non-IP Virtual Hosts

- -

Using the new virtual hosts is quite easy, and superficially - looks like the old method. You simply add to one of the Apache - configuration files (most likely httpd.conf or - srm.conf) code similar to the following:

-
-    <VirtualHost www.apache.org>
-    ServerName www.apache.org
-    DocumentRoot /usr/web/apache
-    </VirtualHost>
-
- -

Of course, any additional directives can (and should) be - placed into the <VirtualHost> section. To - make this work, all that is needed is to make sure that the - www.apache.org DNS entry points to the same IP - address as the main server. Optionally, you could simply use - that IP address in the <VirtualHost> entry.

- -

Additionally, many servers may wish to be accessible by more - than one name. For example, the Apache server might want to be - accessible as apache.org, or - ftp.apache.org, assuming the IP addresses pointed - to the same server. In fact, one might want it so that all - addresses at apache.org were picked up by the - server. This is possible with the ServerAlias - directive, placed inside the <VirtualHost> section. For - example:

-
-    ServerAlias apache.org *.apache.org
-
- -

Note that you can use * and ? as - wild-card characters.

- -

You also might need ServerAlias if you are serving local - users who do not always include the domain name. For example, - if local users are familiar with typing "www" or "www.physics" - then you will need to add ServerAlias www - www.physics. It isn't possible for the server to know - what domain the client uses for their name resolution because - the client doesn't provide that information in the request.

- -

Security Considerations

- Apache allows all virtual hosts to be made accessible via the - Host: header through all IP interfaces, even those - which are configured to use different IP interfaces. For - example, if the configuration for www.foo.com - contained a virtual host section for www.bar.com, - and www.bar.com was a separate IP interface, such - that non-Host:-header-supporting browsers can use - it, as before with Apache 1.0. If a request is made to - www.foo.com and the request includes the header - Host: www.bar.com, a page from - www.bar.com will be sent. - -

This is a security concern if you are controlling access to - a particular server based on IP-layer controls, such as from - within a firewall or router. Let's say www.bar.com - in the above example was instead an intra-net server called - private.foo.com, and the router used by foo.com - only let internal users access private.foo.com. - Obviously, Host: header functionality now allows - someone who has access to www.foo.com to get - private.foo.com, if they send a Host: - private.foo.com header. It is important to note that - this condition exists only if you only implement this policy at - the IP layer - all security controls used by Apache - (i.e., Allow, Deny - from, etc.) are consistently respected.

- -

Compatibility with Older Browsers

- -

As mentioned earlier, a majority of browsers do not send the - required data for the new virtual hosts to work properly. These - browsers will always be sent to the main server's pages. There - is a workaround, albeit a slightly cumbersome one:

- -

To continue the www.apache.org example (Note: - Apache's web server does not actually function in this manner), - we might use the new ServerPath directive in the - www.apache.org virtual host, for example:

-
-    ServerPath /apache
-
- -

What does this mean? It means that a request for any file - beginning with "/apache" will be looked for in the - Apache docs. This means that the pages can be accessed as - http://www.apache.org/apache/ for all browsers, - although new browsers can also access it as - http://www.apache.org/.

- -

In order to make this work, put a link on your main server's - page to http://www.apache.org/apache/ (Note: Do - not use http://www.apache.org/ - this would create - an endless loop). Then, in the virtual host's pages, be sure to - use either purely relative links (e.g., - "file.html" or "../icons/image.gif" - or links containing the prefacing /apache/ - (e.g., - "http://www.apache.org/apache/file.html" or - "/apache/docs/1.1/index.html").

- -

This requires a bit of discipline, but adherence to these - guidelines will, for the most part, ensure that your pages will - work with all browsers, new and old. When a new browser - contacts http://www.apache.org/, they will be - directly taken to the Apache pages. Older browsers will be able - to click on the link from the main server, go to - http://www.apache.org/apache/, and then access the - pages.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/index.html b/usr.sbin/httpd/htdocs/manual/vhosts/index.html deleted file mode 100644 index 8d3af61f1bf..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/index.html +++ /dev/null @@ -1,98 +0,0 @@ - - - - - - - - Apache Virtual Host documentation - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache Virtual Host documentation

- -

The term Virtual Host refers to the practice of - maintaining more than one server on one machine, as - differentiated by their apparent hostname. For example, it is - often desirable for companies sharing a web server to have - their own domains, with web servers accessible as - www.company1.com and - www.company2.com, without requiring the user to - know any extra path information.

- -

Apache was one of the first servers to support IP-based - virtual hosts right out of the box. Versions 1.1 and later of - Apache support both, IP-based and name-based virtual hosts - (vhosts). The latter variant of virtual hosts is sometimes also - called host-based or non-IP virtual hosts.

- -

Below is a list of documentation pages which explain all - details of virtual host support in Apache version 1.3 and - later.

-
- -

Virtual Host Support

- - - -

Configuration directives

- - - -

Folks trying to debug their virtual host configuration may - find the Apache -S command line switch useful. It - will dump out a description of how Apache parsed the - configuration file. Careful examination of the IP addresses and - server names may help uncover configuration mistakes. -

- -

Apache HTTP Server Version 1.3

- Index - Home - -

- - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/ip-based.html b/usr.sbin/httpd/htdocs/manual/vhosts/ip-based.html deleted file mode 100644 index b08b6e1fd2e..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/ip-based.html +++ /dev/null @@ -1,149 +0,0 @@ - - - - - - - Apache IP-based Virtual Host Support - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Apache IP-based Virtual Host Support

- See also: Name-based - Virtual Hosts Support -
- -

System requirements

- As the term IP-based indicates, the server - must have a different IP address for each IP-based - virtual host. This can be achieved by the machine - having several physical network connections, or by use of - virtual interfaces which are supported by most modern operating - systems (see system documentation for details, these are - frequently called "ip aliases", and the "ifconfig" command is - most commonly used to set them up). - -

How to set up Apache

- There are two ways of configuring apache to support multiple - hosts. Either by running a separate httpd daemon for each - hostname, or by running a single daemon which supports all the - virtual hosts. - -

Use multiple daemons when:

- -
    -
  • There are security partitioning issues, such as company1 - does not want anyone at company2 to be able to read their - data except via the web. In this case you would need two - daemons, each running with different User, Group, Listen, and ServerRoot - settings.
    • - -
  • You can afford the memory and file descriptor - requirements of listening to every IP alias on the - machine. It's only possible to Listen to the "wildcard" - address, or to specific addresses. So if you have a need to - listen to a specific address for whatever reason, then you - will need to listen to all specific addresses. (Although one - httpd could listen to N-1 of the addresses, and another could - listen to the remaining address.)
    • -
- Use a single daemon when: - -
    -
  • Sharing of the httpd configuration between virtual hosts - is acceptable.
    • - -
  • The machine services a large number of requests, and so - the performance loss in running separate daemons may be - significant.
    • -
- -

Setting up multiple daemons

- Create a separate httpd installation for each virtual host. For - each installation, use the Listen directive in the - configuration file to select which IP address (or virtual host) - that daemon services. e.g. -
-    Listen www.smallco.com:80
-
- It is recommended that you use an IP address instead of a - hostname (see DNS caveats). - -

Setting up a single daemon with virtual hosts

- For this case, a single httpd will service requests for the - main server and all the virtual hosts. The VirtualHost directive - in the configuration file is used to set the values of ServerAdmin, ServerName, DocumentRoot, ErrorLog and TransferLog - or CustomLog - configuration directives to different values for each virtual - host. e.g. -
-    <VirtualHost www.smallco.com>
-    ServerAdmin webmaster@mail.smallco.com
-    DocumentRoot /groups/smallco/www
-    ServerName www.smallco.com
-    ErrorLog /groups/smallco/logs/error_log
-    TransferLog /groups/smallco/logs/access_log
-    </VirtualHost>
-
-    <VirtualHost www.baygroup.org>
-    ServerAdmin webmaster@mail.baygroup.org
-    DocumentRoot /groups/baygroup/www
-    ServerName www.baygroup.org
-    ErrorLog /groups/baygroup/logs/error_log
-    TransferLog /groups/baygroup/logs/access_log
-    </VirtualHost>
-
- It is recommended that you use an IP address instead of a - hostname (see DNS caveats). - -

Almost any configuration directive can be - put in the VirtualHost directive, with the exception of - directives that control process creation and a few other - directives. To find out if a directive can be used in the - VirtualHost directive, check the Context using the - directive index.

- -

User and Group may be used inside a - VirtualHost directive if the suEXEC - wrapper is used.

- -

SECURITY: When specifying where to write log files, - be aware of some security risks which are present if anyone - other than the user that starts Apache has write access to the - directory where they are written. See the security tips document - for details.

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/mass.html b/usr.sbin/httpd/htdocs/manual/vhosts/mass.html deleted file mode 100644 index 85c50b2846c..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/mass.html +++ /dev/null @@ -1,452 +0,0 @@ - - - - - - - Dynamically configured mass virtual hosting - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Dynamically configured mass virtual - hosting

- -

This document describes how to efficiently serve an - arbitrary number of virtual hosts with Apache 1.3. -

- -

Contents:

- - -
- -

Motivation

- -

The techniques described here are of interest if your - httpd.conf contains many - <VirtualHost> sections that are - substantially the same, for example:

-
-NameVirtualHost 111.22.33.44
-<VirtualHost 111.22.33.44>
-    ServerName                 www.customer-1.com
-    DocumentRoot        /www/hosts/www.customer-1.com/docs
-    ScriptAlias  /cgi-bin/  /www/hosts/www.customer-1.com/cgi-bin
-</VirtualHost>
-<VirtualHost 111.22.33.44>
-    ServerName                 www.customer-2.com
-    DocumentRoot        /www/hosts/www.customer-2.com/docs
-    ScriptAlias  /cgi-bin/  /www/hosts/www.customer-2.com/cgi-bin
-</VirtualHost>
-# blah blah blah
-<VirtualHost 111.22.33.44>
-    ServerName                 www.customer-N.com
-    DocumentRoot        /www/hosts/www.customer-N.com/docs
-    ScriptAlias  /cgi-bin/  /www/hosts/www.customer-N.com/cgi-bin
-</VirtualHost>
-
-
-
- - -

The basic idea is to replace all of the static - <VirtualHost> configuration with a mechanism - that works it out dynamically. This has a number of - advantages:

- -
    -
  1. Your configuration file is smaller so Apache starts - faster and uses less memory.
    2. - -
  2. Adding virtual hosts is simply a matter of creating the - appropriate directories in the filesystem and entries in the - DNS - you don't need to reconfigure or restart Apache.
    3. -
-
-
- - -

The main disadvantage is that you cannot have a different - log file for each virtual host; however if you have very many - virtual hosts then doing this is dubious anyway because it eats - file descriptors. It is better to log to a pipe or a fifo and - arrange for the process at the other end to distribute the logs - to the customers (it can also accumulate statistics, etc.).

-
- -

Overview

- -

A virtual host is defined by two pieces of information: its - IP address, and the contents of the Host: header - in the HTTP request. The dynamic mass virtual hosting technique - is based on automatically inserting this information into the - pathname of the file that is used to satisfy the request. This - is done most easily using mod_vhost_alias, - but if you are using a version of Apache up to 1.3.6 then you - must use mod_rewrite. - Both of these modules are disabled by default; you must enable - one of them when configuring and building Apache if you want to - use this technique.

- -

A couple of things need to be `faked' to make the dynamic - virtual host look like a normal one. The most important is the - server name which is used by Apache to generate - self-referential URLs, etc. It is configured with the - ServerName directive, and it is available to CGIs - via the SERVER_NAME environment variable. The - actual value used at run time is controlled by the UseCanonicalName - setting. With UseCanonicalName Off the server name - comes from the contents of the Host: header in the - request. With UseCanonicalName DNS it comes from a - reverse DNS lookup of the virtual host's IP address. The former - setting is used for name-based dynamic virtual hosting, and the - latter is used for IP-based hosting. If Apache cannot work out - the server name because there is no Host: header - or the DNS lookup fails then the value configured with - ServerName is used instead.

- -

The other thing to `fake' is the document root (configured - with DocumentRoot and available to CGIs via the - DOCUMENT_ROOT environment variable). In a normal - configuration this setting is used by the core module when - mapping URIs to filenames, but when the server is configured to - do dynamic virtual hosting that job is taken over by another - module (either mod_vhost_alias or - mod_rewrite) which has a different way of doing - the mapping. Neither of these modules is responsible for - setting the DOCUMENT_ROOT environment variable so - if any CGIs or SSI documents make use of it they will get a - misleading value.

-
- -

Simple dynamic virtual - hosts

- -

This extract from httpd.conf implements the - virtual host arrangement outlined in the Motivation section above, but in a - generic fashion using mod_vhost_alias.

-
-# get the server name from the Host: header
-UseCanonicalName Off
-
-# this log format can be split per-virtual-host based on the first field
-LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
-CustomLog logs/access_log vcommon
-
-# include the server name in the filenames used to satisfy requests
-VirtualDocumentRoot /www/hosts/%0/docs
-VirtualScriptAlias  /www/hosts/%0/cgi-bin
-
- -

This configuration can be changed into an IP-based virtual - hosting solution by just turning UseCanonicalName - Off into UseCanonicalName DNS. The server - name that is inserted into the filename is then derived from - the IP address of the virtual host.

-
- -

A virtually hosted - homepages system

- -

This is an adjustment of the above system tailored for an - ISP's homepages server. Using a slightly more complicated - configuration we can select substrings of the server name to - use in the filename so that e.g. the documents for - www.user.isp.com are found in - /home/user/. It uses a single cgi-bin - directory instead of one per virtual host.

-
-# all the preliminary stuff is the same as above, then
-
-# include part of the server name in the filenames
-VirtualDocumentRoot /www/hosts/%2/docs
-
-# single cgi-bin directory
-ScriptAlias  /cgi-bin/  /www/std-cgi/
-
- -

There are examples of more complicated - VirtualDocumentRoot settings in the - mod_vhost_alias documentation.

-
- -

Using more than - one virtual hosting system on the same server

- -

With more complicated setups you can use Apache's normal - <VirtualHost> directives to control the - scope of the various virtual hosting configurations. For - example, you could have one IP address for homepages customers - and another for commercial customers with the following setup. - This can of course be combined with conventional - <VirtualHost> configuration sections.

-
-UseCanonicalName Off
-
-LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
-
-<Directory /www/commercial>
-    Options FollowSymLinks
-    AllowOverride All
-</Directory>
-
-<Directory /www/homepages>
-    Options FollowSymLinks
-    AllowOverride None
-</Directory>
-
-<VirtualHost 111.22.33.44>
-    ServerName www.commercial.isp.com
-
-    CustomLog logs/access_log.commercial vcommon
-
-    VirtualDocumentRoot /www/commercial/%0/docs
-    VirtualScriptAlias  /www/commercial/%0/cgi-bin
-</VirtualHost>
-
-<VirtualHost 111.22.33.45>
-    ServerName www.homepages.isp.com
-
-    CustomLog logs/access_log.homepages vcommon
-
-    VirtualDocumentRoot /www/homepages/%0/docs
-    ScriptAlias         /cgi-bin/ /www/std-cgi/
-</VirtualHost>
-
-
- -

More efficient IP-based - virtual hosting

- -

After the first example I noted that - it is easy to turn it into an IP-based virtual hosting setup. - Unfortunately that configuration is not very efficient because - it requires a DNS lookup for every request. This can be avoided - by laying out the filesystem according to the IP addresses - themselves rather than the corresponding names and changing the - logging similarly. Apache will then usually not need to work - out the server name and so incur a DNS lookup.

-
-# get the server name from the reverse DNS of the IP address
-UseCanonicalName DNS
-
-# include the IP address in the logs so they may be split
-LogFormat "%A %h %l %u %t \"%r\" %s %b" vcommon
-CustomLog logs/access_log vcommon
-
-# include the IP address in the filenames
-VirtualDocumentRootIP /www/hosts/%0/docs
-VirtualScriptAliasIP  /www/hosts/%0/cgi-bin
-
-
- -

Using older versions - of Apache

- -

The examples above rely on mod_vhost_alias - which appeared after version 1.3.6. If you are using a version - of Apache without mod_vhost_alias then you can - implement this technique with mod_rewrite as - illustrated below, but only for Host:-header-based virtual - hosts.

- -

In addition there are some things to beware of with logging. - Apache 1.3.6 is the first version to include the - %V log format directive; in versions 1.3.0 - 1.3.3 - the %v option did what %V does; - version 1.3.4 has no equivalent. In all these versions of - Apache the UseCanonicalName directive can appear - in .htaccess files which means that customers can - cause the wrong thing to be logged. Therefore the best thing to - do is use the %{Host}i directive which logs the - Host: header directly; note that this may include - :port on the end which is not the case for - %V.

-
- -

Simple dynamic - virtual hosts using mod_rewrite

- -

This extract from httpd.conf does the same - thing as the first example. The first - half is very similar to the corresponding part above but with - some changes for backward compatibility and to make the - mod_rewrite part work properly; the second half - configures mod_rewrite to do the actual work.

- -

There are a couple of especially tricky bits: By default, - mod_rewrite runs before the other URI translation - modules (mod_alias etc.) so if they are used then - mod_rewrite must be configured to accommodate - them. Also, mome magic must be performed to do a - per-dynamic-virtual-host equivalent of - ScriptAlias.

-
-# get the server name from the Host: header
-UseCanonicalName Off
-
-# splittable logs
-LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommon
-CustomLog logs/access_log vcommon
-
-<Directory /www/hosts>
-    # ExecCGI is needed here because we can't force
-    # CGI execution in the way that ScriptAlias does
-    Options FollowSymLinks ExecCGI
-</Directory>
-
-# now for the hard bit
-
-RewriteEngine On
-
-# a ServerName derived from a Host: header may be any case at all
-RewriteMap  lowercase  int:tolower
-
-## deal with normal documents first:
-# allow Alias /icons/ to work - repeat for other aliases
-RewriteCond  %{REQUEST_URI}  !^/icons/
-# allow CGIs to work
-RewriteCond  %{REQUEST_URI}  !^/cgi-bin/
-# do the magic
-RewriteRule  ^/(.*)$  /www/hosts/${lowercase:%{SERVER_NAME}}/docs/$1
-
-## and now deal with CGIs - we have to force a MIME type
-RewriteCond  %{REQUEST_URI}  ^/cgi-bin/
-RewriteRule  ^/(.*)$  /www/hosts/${lowercase:%{SERVER_NAME}}/cgi-bin/$1  [T=application/x-httpd-cgi]
-
-# that's it!
-
-
- -

A - homepages system using mod_rewrite

- -

This does the same thing as the second - example.

-
-RewriteEngine on
-
-RewriteMap   lowercase  int:tolower
-
-# allow CGIs to work
-RewriteCond  %{REQUEST_URI}  !^/cgi-bin/
-
-# check the hostname is right so that the RewriteRule works
-RewriteCond  ${lowercase:%{SERVER_NAME}}  ^www\.[a-z-]+\.isp\.com$
-
-# concatenate the virtual host name onto the start of the URI
-# the [C] means do the next rewrite on the result of this one
-RewriteRule  ^(.+)  ${lowercase:%{SERVER_NAME}}$1  [C]
-
-# now create the real file name
-RewriteRule  ^www\.([a-z-]+)\.isp\.com/(.*) /home/$1/$2
-
-# define the global CGI directory
-ScriptAlias  /cgi-bin/  /www/std-cgi/
-
-
- -

Using a separate virtual - host configuration file

- -

This arrangement uses more advanced mod_rewrite - features to get the translation from virtual host to document - root from a separate configuration file. This provides more - flexibility but requires more complicated configuration.

- -

The vhost.map file contains something like - this:

-
-www.customer-1.com  /www/customers/1
-www.customer-2.com  /www/customers/2
-# ...
-www.customer-N.com  /www/customers/N
-
-
-
- - -

The http.conf contains this:

-
-RewriteEngine on
-
-RewriteMap   lowercase  int:tolower
-
-# define the map file
-RewriteMap   vhost      txt:/www/conf/vhost.map
-
-# deal with aliases as above
-RewriteCond  %{REQUEST_URI}               !^/icons/
-RewriteCond  %{REQUEST_URI}               !^/cgi-bin/
-RewriteCond  ${lowercase:%{SERVER_NAME}}  ^(.+)$
-# this does the file-based remap
-RewriteCond  ${vhost:%1}                  ^(/.*)$
-RewriteRule  ^/(.*)$                      %1/docs/$1
-
-RewriteCond  %{REQUEST_URI}               ^/cgi-bin/
-RewriteCond  ${lowercase:%{SERVER_NAME}}  ^(.+)$
-RewriteCond  ${vhost:%1}                  ^(/.*)$
-RewriteRule  ^/(.*)$                      %1/cgi-bin/$1
-
-
-
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html b/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html deleted file mode 100644 index 52f9c818764..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/name-based.html +++ /dev/null @@ -1,254 +0,0 @@ - - - - - - Name-based Virtual Hosts - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Name-based Virtual Host Support

- -

This document describes when and how to use name-based virtual hosts.

- - - -

See also: Virtual Host examples for common -setups, IP-based Virtual Host Support, -An In-Depth Discussion of Virtual Host -Matching, and Dynamically configured mass -virtual hosting.

- -
- -

Name-based vs. IP-based Virtual Hosts

- -

IP-based virtual hosts use the IP address of the connection to -determine the correct virtual host to serve. Therefore you need to -have a separate IP address for each host. With name-based virtual -hosting, the server relies on the client to report the hostname as -part of the HTTP headers. Using this technique, many different hosts -can share the same IP address.

- -

Name-based virtual hosting is usually simpler, since you need -only configure your DNS server to map each hostname to the correct -IP address and then configure the Apache HTTP Server to recognize -the different hostnames. Name-based virtual hosting also eases -the demand for scarce IP addresses. Therefore you should use -name-based virtual hosting unless there is a specific reason to -choose IP-based virtual hosting. Some reasons why you might consider -using IP-based virtual hosting:

- -
    - -
  • Some ancient clients are not compatible with name-based virtual -hosting. For name-based virtual hosting to work, the client must send -the HTTP Host header. This is required by HTTP/1.1, and is -implemented by all modern HTTP/1.0 browsers as an extension. If you -need to support obsolete clients and still use name-based virtual -hosting, a possible technique is discussed at the end of this -document.
    • - -
  • Name-based virtual hosting cannot be used with SSL secure servers -because of the nature of the SSL protocol.
    • - -
  • Some operating systems and network equipment implement bandwidth -management techniques that cannot differentiate between hosts unless -they are on separate IP addresses.
    • - -
- -

Using Name-based Virtual Hosts

- - -
-Related Directives

- -DocumentRoot
-NameVirtualHost
-ServerAlias
-ServerName
-ServerPath
-VirtualHost
-
- -

To use name-based virtual hosting, you must designate the IP -address (and possibly port) on the server that will be accepting -requests for the hosts. This is configured using the NameVirtualHost directive. -In the normal case where any and all IP addresses on the server should -be used, you can use * as the argument to -NameVirtualHost. (NameVirtualHost * will -work only in version 1.3.13 and later.) Note that mentioning an IP -address in a NameVirtualHost directive does not -automatically make the server listen to that IP address. See Setting which addresses and ports Apache uses -for more details. In addition, any IP address specified here must be -associated with a network interface on the server.

- -

The next step is to create a <VirtualHost> block for -each different host that you would like to serve. The argument to the -<VirtualHost> directive should be the same as the -argument to the NameVirtualHost directive (ie, an IP -address, or * for all addresses). Inside each -<VirtualHost> block, you will need at minimum a ServerName directive to -designate which host is served and a DocumentRoot directive to -show where in the filesystem the content for that host lives.

- -

If you are adding virtual hosts to an existing web server, you -must also create a <VirtualHost> block for the existing host. -The ServerName and DocumentRoot included in -this virtual host should be the same as the global -ServerName and DocumentRoot. List this -virtual host first in the configuration file so that it will act as -the default host.

- -

For example, suppose that you are serving the domain -www.domain.tld and you wish to add the virtual host -www.otherdomain.tld, which points at the same IP address. -Then you simply add the following to httpd.conf:

-
-    NameVirtualHost *
-
-    <VirtualHost *>
-    ServerName www.domain.tld
-    DocumentRoot /www/domain
-    </VirtualHost>
-
-    <VirtualHost *>
-    ServerName www.otherdomain.tld
-    DocumentRoot /www/otherdomain
-    </VirtualHost>
-
- -

You can alternatively specify an explicit IP address in place of -the * in both the NameVirtualHost and -<VirtualHost> directives. The IP address is -required in version 1.3.12 and earlier.

- -

Many servers want to be accessible by more than one name. This is -possible with the ServerAlias -directive, placed inside the <VirtualHost> section. For -example if you add this to the first <VirtualHost> block -above

- -
-ServerAlias domain.tld *.domain.tld -
- -

then requests for all hosts in the domain.tld domain -will be served by the www.domain.tld virtual host. The -wildcard characters * and ? can be used to match names. Of course, -you can't just make up names and place them in ServerName -or ServerAlias. You must first have your DNS server -properly configured to map those names to an IP address associated -with your server.

- -

Finally, you can fine-tune the configuration of the virtual hosts -by placing other directives inside the -<VirtualHost> containers. Most directives can be -placed in these containers and will then change the configuration only -of the relevant virtual host. To find out if a particular directive -is allowed, check the Context of the -directive. Configuration directives set in the main server -context (outside any <VirtualHost> container) -will be used only if they are not overridden by the virtual host -settings.

- -

Now when a request arrives, the server will first check if it is -using an IP address that matches the NameVirtualHost. If -it is, then it will look at each <VirtualHost> -section with a matching IP address and try to find one where the -ServerName or ServerAlias matches the -requested hostname. If it finds one, then it uses the configuration -for that server. If no matching virtual host is found, then -the first listed virtual host that matches the IP -address will be used.

- -

As a consequence, the first listed virtual host is the -default virtual host. The DocumentRoot from the -main server will never be used when an IP -address matches the NameVirtualHost directive. If you -would like to have a special configuration for requests that do not -match any particular virtual host, simply put that configuration in a -<VirtualHost> container and list it first in the -configuration file.

- -

Compatibility with Older Browsers

- -

As mentioned earlier, there are some clients - who do not send the required data for the name-based virtual - hosts to work properly. These clients will always be sent the - pages from the first virtual host listed for that IP address - (the primary name-based virtual host).

- -

There is a possible workaround with the ServerPath - directive, albeit a slightly cumbersome one:

- -

Example configuration:

-
-    NameVirtualHost 111.22.33.44
-
-    <VirtualHost 111.22.33.44>
-    ServerName www.domain.tld
-    ServerPath /domain
-    DocumentRoot /web/domain
-    </VirtualHost>
-
- -

What does this mean? It means that a request for any URI - beginning with "/domain" will be served from the - virtual host www.domain.tld This means that the - pages can be accessed as - http://www.domain.tld/domain/ for all clients, - although clients sending a Host: header can also - access it as http://www.domain.tld/.

- -

In order to make this work, put a link on your primary - virtual host's page to - http://www.domain.tld/domain/ Then, in the virtual - host's pages, be sure to use either purely relative links - (e.g., "file.html" or - "../icons/image.gif" or links containing the - prefacing /domain/ (e.g., - "http://www.domain.tld/domain/misc/file.html" or - "/domain/misc/file.html").

- -

This requires a bit of discipline, but adherence to these - guidelines will, for the most part, ensure that your pages will - work with all browsers, new and old.

- -

See also: ServerPath - configuration example

-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html b/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html deleted file mode 100644 index f4717d3c5d8..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/vhosts-in-depth.html +++ /dev/null @@ -1,396 +0,0 @@ - - - - - - - An In-Depth Discussion of VirtualHost Matching - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

An In-Depth Discussion of VirtualHost - Matching

- -

This is a very rough document that was probably out of date - the moment it was written. It attempts to explain exactly what - the code does when deciding what virtual host to serve a hit - from. It's provided on the assumption that something is better - than nothing. The server version under discussion is Apache - 1.2.

- -

If you just want to "make it work" without understanding - how, there's a What Works section at - the bottom.

- -

Config File Parsing

- -

There is a main_server which consists of all the definitions - appearing outside of VirtualHost sections. There - are virtual servers, called vhosts, which are defined - by VirtualHost - sections.

- -

The directives Port, ServerName, - ServerPath, - and ServerAlias - can appear anywhere within the definition of a server. However, - each appearance overrides the previous appearance (within that - server).

- -

The default value of the Port field for - main_server is 80. The main_server has no default - ServerName, ServerPath, or - ServerAlias.

- -

In the absence of any Listen - directives, the (final if there are multiple) Port - directive in the main_server indicates which port httpd will - listen on.

- -

The Port and ServerName directives - for any server main or virtual are used when generating URLs - such as during redirects.

- -

Each address appearing in the VirtualHost - directive can have an optional port. If the port is unspecified - it defaults to the value of the main_server's most recent - Port statement. The special port * - indicates a wildcard that matches any port. Collectively the - entire set of addresses (including multiple A - record results from DNS lookups) are called the vhost's - address set.

- -

The magic _default_ address has significance - during the matching algorithm. It essentially matches any - unspecified address.

- -

After parsing the VirtualHost directive, the - vhost server is given a default Port equal to the - port assigned to the first name in its VirtualHost - directive. The complete list of names in the - VirtualHost directive are treated just like a - ServerAlias (but are not overridden by any - ServerAlias statement). Note that subsequent - Port statements for this vhost will not affect the - ports assigned in the address set.

- -

All vhosts are stored in a list which is in the reverse - order that they appeared in the config file. For example, if - the config file is:

- -
-
-    <VirtualHost A>
-    ...
-    </VirtualHost>
-
-    <VirtualHost B>
-    ...
-    </VirtualHost>
-
-    <VirtualHost C>
-    ...
-    </VirtualHost>
-
-
- Then the list will be ordered: main_server, C, B, A. Keep this - in mind. - -

After parsing has completed, the list of servers is scanned, - and various merges and default values are set. In - particular:

- -
    -
  1. If a vhost has no ServerAdmin, - ResourceConfig, - AccessConfig, - Timeout, - KeepAliveTimeout, - KeepAlive, - MaxKeepAliveRequests, - or SendBufferSize - directive then the respective value is inherited from the - main_server. (That is, inherited from whatever the final - setting of that value is in the main_server.)
    2. - -
  2. The "lookup defaults" that define the default directory - permissions for a vhost are merged with those of the main - server. This includes any per-directory configuration - information for any module.
    3. - -
  3. The per-server configs for each module from the - main_server are merged into the vhost server.
    4. -
- Essentially, the main_server is treated as "defaults" or a - "base" on which to build each vhost. But the positioning of - these main_server definitions in the config file is largely - irrelevant -- the entire config of the main_server has been - parsed when this final merging occurs. So even if a main_server - definition appears after a vhost definition it might affect the - vhost definition. - -

If the main_server has no ServerName at this - point, then the hostname of the machine that httpd is running - on is used instead. We will call the main_server address - set those IP addresses returned by a DNS lookup on the - ServerName of the main_server.

- -

Now a pass is made through the vhosts to fill in any missing - ServerName fields and to classify the vhost as - either an IP-based vhost or a name-based - vhost. A vhost is considered a name-based vhost if any of its - address set overlaps the main_server (the port associated with - each address must match the main_server's Port). - Otherwise it is considered an IP-based vhost.

- -

For any undefined ServerName fields, a - name-based vhost defaults to the address given first in the - VirtualHost statement defining the vhost. Any - vhost that includes the magic _default_ wildcard - is given the same ServerName as the main_server. - Otherwise the vhost (which is necessarily an IP-based vhost) is - given a ServerName based on the result of a - reverse DNS lookup on the first address given in the - VirtualHost statement.

- -

Vhost Matching

- -

Apache 1.3 differs from what is documented here, and - documentation still has to be written.

- -

The server determines which vhost to use for a request as - follows:

- -

find_virtual_server: When the connection is - first made by the client, the local IP address (the IP address - to which the client connected) is looked up in the server list. - A vhost is matched if it is an IP-based vhost, the IP address - matches and the port matches (taking into account - wildcards).

- -

If no vhosts are matched then the last occurrence, if it - appears, of a _default_ address (which if you - recall the ordering of the server list mentioned above means - that this would be the first occurrence of - _default_ in the config file) is matched.

- -

In any event, if nothing above has matched, then the - main_server is matched.

- -

The vhost resulting from the above search is stored with - data about the connection. We'll call this the connection - vhost. The connection vhost is constant over all requests - in a particular TCP/IP session -- that is, over all requests in - a KeepAlive/persistent session.

- -

For each request made on the connection the following - sequence of events further determines the actual vhost that - will be used to serve the request.

- -

check_fulluri: If the requestURI is an - absoluteURI, that is it includes http://hostname/, - then an attempt is made to determine if the hostname's address - (and optional port) match that of the connection vhost. If it - does then the hostname portion of the URI is saved as the - request_hostname. If it does not match, then the URI - remains untouched. Note: to achieve this - address comparison, the hostname supplied goes through a DNS - lookup unless it matches the ServerName or the - local IP address of the client's socket.

- -

parse_uri: If the URI begins with a protocol - (i.e., http:, ftp:) then the - request is considered a proxy request. Note that even though we - may have stripped an http://hostname/ in the - previous step, this could still be a proxy request.

- -

read_request: If the request does not have a - hostname from the earlier step, then any Host: - header sent by the client is used as the request hostname.

- -

check_hostalias: If the request now has a - hostname, then an attempt is made to match for this hostname. - The first step of this match is to compare any port, if one was - given in the request, against the Port field of - the connection vhost. If there's a mismatch then the vhost used - for the request is the connection vhost. (This is a bug, see - observations.)

- -

If the port matches, then httpd scans the list of vhosts - starting with the next server after the - connection vhost. This scan does not stop if there are any - matches, it goes through all possible vhosts, and in the end - uses the last match it found. The comparisons performed are as - follows:

- -
    -
  • Compare the request hostname:port with the vhost - ServerName and Port.
    • - -
  • Compare the request hostname against any and all - addresses given in the VirtualHost directive for - this vhost.
    • - -
  • Compare the request hostname against the - ServerAlias given for the vhost.
    • -
- -

check_serverpath: If the request has no - hostname (back up a few paragraphs) then a scan similar to the - one in check_hostalias is performed to match any - ServerPath directives given in the vhosts. Note - that the last match is used regardless (again - consider the ordering of the virtual hosts).

- -

Observations

- -
    -
  • It is difficult to define an IP-based vhost for the - machine's "main IP address". You essentially have to create a - bogus ServerName for the main_server that does - not match the machine's IPs.
    • - -
  • - During the scans in both check_hostalias and - check_serverpath no check is made that the - vhost being scanned is actually a name-based vhost. This - means, for example, that it's possible to match an IP-based - vhost through another address. But because the scan starts - in the vhost list at the first vhost that matched the local - IP address of the connection, not all IP-based vhosts can - be matched. - -

    Consider the config file above with three vhosts A, B, - C. Suppose that B is a named-based vhost, and A and C are - IP-based vhosts. If a request comes in on B or C's address - containing a header "Host: A" then it will be - served from A's config. If a request comes in on A's - address then it will always be served from A's config - regardless of any Host: header.

    -
    • - -
  • - Unless you have a _default_ vhost, it doesn't - matter if you mix name-based vhosts in amongst IP-based - vhosts. During the find_virtual_server phase - above no named-based vhost will be matched, so the - main_server will remain the connection vhost. Then scans - will cover all vhosts in the vhost list. - -

    If you do have a _default_ vhost, then you - cannot place named-based vhosts after it in the config. - This is because on any connection to the main server IPs - the connection vhost will always be the - _default_ vhost since none of the name-based - are considered during find_virtual_server.

    -
    • - -
  • You should never specify DNS names in - VirtualHost directives because it will force - your server to rely on DNS to boot. Furthermore it poses a - security threat if you do not control the DNS for all the - domains listed. There's more - information available on this and the next two - topics.
    • - -
  • ServerName should always be set for each - vhost. Otherwise A DNS lookup is required for each - vhost.
    • - -
  • A DNS lookup is always required for the main_server's - ServerName (or to generate that if it isn't - specified in the config).
    • - -
  • If a ServerPath directive exists which is a - prefix of another ServerPath directive that - appears later in the configuration file, then the former will - always be matched and the latter will never be matched. (That - is assuming that no Host header was available to disambiguate - the two.)
    • - -
  • If a vhost that would otherwise be a name-vhost includes - a Port statement that doesn't match the - main_server Port then it will be considered an - IP-based vhost. Then find_virtual_server will - match it (because the ports associated with each address in - the address set default to the port of the main_server) as - the connection vhost. Then check_hostalias will - refuse to check any other name-based vhost because of the - port mismatch. The result is that the vhost will steal all - hits going to the main_server address.
    • - -
  • If two IP-based vhosts have an address in common, the - vhost appearing later in the file is always matched. Such a - thing might happen inadvertently. If the config has - name-based vhosts and for some reason the main_server - ServerName resolves to the wrong address then - all the name-based vhosts will be parsed as ip-based vhosts. - Then the last of them will steal all the hits.
    • - -
  • The last name-based vhost in the config is always matched - for any hit which doesn't match one of the other name-based - vhosts.
    • -
- -

What Works

- -

In addition to the tips on the DNS Issues page, here are some - further tips:

- -
    -
  • Place all main_server definitions before any VirtualHost - definitions. (This is to aid the readability of the - configuration -- the post-config merging process makes it - non-obvious that definitions mixed in around virtualhosts - might affect all virtualhosts.)
    • - -
  • Arrange your VirtualHosts such that all name-based - virtual hosts come first, followed by IP-based virtual hosts, - followed by any _default_ virtual host
    • - -
  • Avoid ServerPaths which are prefixes of - other ServerPaths. If you cannot avoid this then - you have to ensure that the longer (more specific) prefix - vhost appears earlier in the configuration file than the - shorter (less specific) prefix (i.e., "ServerPath - /abc" should appear after "ServerPath /abcdef").
    • - -
  • Do not use port-based vhosts in the same server - as name-based vhosts. A loose definition for port-based is a - vhost which is determined by the port on the server - (i.e., one server with ports 8000, 8080, and 80 - - all of which have different configurations).
    • -
-
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html b/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html deleted file mode 100644 index 13fd6140acb..00000000000 --- a/usr.sbin/httpd/htdocs/manual/vhosts/virtual-host.html +++ /dev/null @@ -1,253 +0,0 @@ - - - - - - - Apache Server Virtual Host Support - - - - -
- [APACHE DOCUMENTATION] - -

Apache HTTP Server Version 1.3

-
- - -

Virtual Host Support

- See Also: Non-IP based - virtual hosts - -

What are virtual hosts?

- This is the ability of a single machine to be a web server for - multiple domains. For example, an Internet service provider - might have a machine called www.serve.com which - provides Web space for several organizations including, say, - smallco and baygroup. Ordinarily, these - groups would be given parts of the Web tree on www.serve.com. - So smallco's home page would have the URL - -
- http://www.serve.com/smallco/ -
- and baygroup's home page would have the URL - -
- http://www.serve.com/baygroup/ -
- -

For esthetic reasons, however, both organizations would - rather their home pages appeared under their own names rather - than that of the service provider's; but they do not want to - set up their own Internet links and servers.

- -

Virtual hosts are the solution to this problem. smallco and - baygroup would have their own Internet name registrations, - www.smallco.com and www.baygroup.org - respectively. These hostnames would both correspond to the - service provider's machine (www.serve.com). Thus smallco's home - page would now have the URL

- -
- http://www.smallco.com/ -
- and baygroup's home page would have the URL - -
- http://www.baygroup.org/ -
- -

System requirements

- Due to limitations in the HTTP/1.0 protocol, the web server - must have a different IP address for each virtual - host. This can be achieved by the machine having - several physical network connections, or by use of - virtual interface on some operating systems. - -

How to set up Apache

- There are two ways of configuring apache to support multiple - hosts. Either by running a separate httpd daemon for each - hostname, or by running a single daemon which supports all the - virtual hosts. - -

Use multiple daemons when:

- -
    -
  • The different virtual hosts need very different httpd - configurations, such as different values for: ServerType, User, Group, TypesConfig or ServerRoot.
    • - -
  • The machine does not process a very high request - rate.
    • -
- Use a single daemon when: - -
    -
  • Sharing of the httpd configuration between virtual hosts - is acceptable.
    • - -
  • The machine services a large number of requests, and so - the performance loss in running separate daemons may be - significant.
    • -
- -

Setting up multiple daemons

- Create a separate httpd installation for each virtual host. For - each installation, use the BindAddress directive - in the configuration file to select which IP address (or - virtual host) that daemon services. E.g., - -
- BindAddress www.smallco.com -
- This hostname can also be given as an IP address. - -

Setting up a single daemon

- For this case, a single httpd will service requests for all the - virtual hosts. The VirtualHost directive - in the configuration file is used to set the values of ServerAdmin, ServerName, DocumentRoot, ErrorLog and TransferLog - configuration directives to different values for each virtual - host. E.g., - -
- <VirtualHost www.smallco.com>
- ServerAdmin webmaster@mail.smallco.com
- DocumentRoot /groups/smallco/www
- ServerName www.smallco.com
- ErrorLog /groups/smallco/logs/error_log
- TransferLog /groups/smallco/logs/access_log
- </VirtualHost>
-
- <VirtualHost www.baygroup.org>
- ServerAdmin webmaster@mail.baygroup.org
- DocumentRoot /groups/baygroup/www
- ServerName www.baygroup.org
- ErrorLog /groups/baygroup/logs/error_log
- TransferLog /groups/baygroup/logs/access_log
- </VirtualHost>
- -
- This VirtualHost hostnames can also be given as IP addresses. - -

Almost ANY configuration directive can be - put in the VirtualHost directive, with the exception of ServerType, User, Group, StartServers, MaxSpareServers, MinSpareServers, MaxRequestsPerChild, - MaxCPUPerChild, - MaxDATAPerChild, - MaxNOFILEPerChild, - MaxRSSPerChild, - MaxSTACKPerChild, - BindAddress, PidFile, TypesConfig, and ServerRoot.

- -

SECURITY: When specifying where to write log files, - be aware of some security risks which are present if anyone - other than the user that starts Apache has write access to the - directory where they are written. See the security tips document - for details.

- -

File Handle/Resource Limits:

- When using a large number of Virtual Hosts, Apache may run out - of available file descriptors if each Virtual Host specifies - different log files. The total number of file descriptors used - by Apache is one for each distinct error log file, one for - every other log file directive, plus 10-20 for internal use. - Unix operating systems limit the number of file descriptors - that may be used by a process; the limit is typically 64, and - may usually be increased up to a large hard-limit. - -

Although Apache attempts to increase the limit as required, - this may not work if:

- -
    -
  1. Your system does not provide the setrlimit() system - call.
    2. - -
  2. The setrlimit(RLIMIT_NOFILE) call does not function on - your system (such as Solaris 2.3)
    3. - -
  3. The number of file descriptors required exceeds the hard - limit.
    4. - -
  4. Your system imposes other limits on file descriptors, - such as a limit on stdio streams only using file descriptors - below 256. (Solaris 2)
    5. -
- In the event of problems you can: - -
    -
  • Reduce the number of log files; don't specify log files - in the VirtualHost sections, but only log to the main log - files.
    • - -
  • - If you system falls into 1 or 2 (above), then increase the - file descriptor limit before starting Apache, using a - script like - -
    - #!/bin/sh
    - ulimit -S -n 100
    - exec httpd     -
    -
    • -
- The have been reports that Apache may start running out of - resources allocated for the root process. This will exhibit - itself as errors in the error log like "unable to fork". There - are two ways you can bump this up: - -
    -
  1. Have a csh script wrapper around httpd which - sets the "rlimit" to some large number, like 512.
    2. - -
  2. - Edit http_main.c to add calls to setrlimit() from main(), - along the lines of -
    -        struct rlimit rlp;
-
-        rlp.rlim_cur = rlp.rlim_max = 512;
-        if (setrlimit(RLIMIT_NPROC, &rlp)) {
-            fprintf(stderr, "setrlimit(RLIMIT_NPROC) failed.\n");
-            exit(1);
-        }
-
    - (thanks to "Aaron Gifford <agifford@InfoWest.COM>" - for the patch) -
    3. -
- The latter will probably manifest itself in a later version of - Apache.
- -

Apache HTTP Server Version 1.3

- Index - Home - - - - diff --git a/usr.sbin/httpd/htdocs/mod_ssl_sb.gif b/usr.sbin/httpd/htdocs/mod_ssl_sb.gif deleted file mode 100644 index aecd3c119c67bceda52c31882f170abb52106014..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2007 zcmW+x3sjQX7Ct{eAcP0M-?H1=(_0KYjAi350e%rdb3#0p zofuH<9^Ao#bsc*`&nI_3>nb>45kV5UT@l(=D93jt-l%W9ysOY>-R#i)_&I+C|MMsG z(7s=`77Ggsvx>`pmhP;~%{!KqeIV{gc{N&8+O)YQF+;Wq9Nke?mDh3nL`9vlyRo4? zrT5b1D_0|~-?;gEI2L>B_MN*ov3OF5rvJf1bsv}HP7c)ck+grjd_}?xx(|_7ak1{e z4gccRhkgwCF$s?u_j6}WynkwfnKvQ3$tC5c5duHNWg(egRhx!3vAPO~P zt!$+dEj7PI8=Z_&7w^D^?>DDT2Xpp1ClIV!fu_%j$4h=?^$A_XV6Ewn$P~M;1Pjv< znU@GiO*XXQkL>r!8a~6P`IPp=6-OzFD;8t6v6702&NcfoM58w7E_VmZ#4(4-BCPdo z`d`+TUAl8Z6YQlWPh3V+{9A6IiBlvc@JU~Sy?*Vh#IN|~Dq^m(*Io*;azsZ)`-+z1 z{f@SDM5RMRfeS;6b13>}_h#3~gBy~1Gai$eHx`pbfsqi~lF_V~{?8zeQ`+U#ldi%{ z5L+#B?MGTa+!Z+$A6oX!B|*Fdd%xZ^zORT((44>{B6V8D9d~y-&LLzF{4zZ7 znUXqZT9uF{*w&sJUA9hvV9mJbaCpdqMU&8SG0S4}PN6?yhb^3SiiIdMF~C%$rfQd9 zgI51VIeT`TOnRf++Q8%4#;VBx^?r;g#xYx|IF7G69D@bwZ0;c!E4Dil_mWCuAa?jJ zi@P$O+j>O+FwH6|FBK##kjLyQXJfdrC#pTHZ#u{hdEJ1GntS=Z0k4!`CjHFT;=ag_?2{5C0X~@z3K;xcQ)zsL@BK#cBMN!!;STjdmvr+RoAQ z%OIPj8q)md=C>RLkZp`snof{^mIiJWBnI#tTipi3L$}!-jZF8ETDPT~a8FX6I;U}< zk$O&tX9-48ODkHQ_BE7I912{}+oOZyj?1fT=x@YDJuagq7sZuPKdP@C3sxWa;n}nO z^O}E~L%}Yur+B12Bfi$Yz;vCIc|jpOy-Wr3wkC5W^Ou|O98f6I5h6v4c@E_|8mn|p zx7`tL`Vuk@wUi(EI5%s9$zdKg8<11(2l=x55hRR|;5DqIW1WKeRr$irq5K4)Xv!DWlRSQ?SNs zpq&-i*8D1|lR3S2={Q~8+SjgxUl3YWHaw?D=c7}xh$x(1O=sb5$G>spW@nYayK*kt z&P+8>Gi9#(ge6NS@7OPI6T4${p(hLSxSsgNQoW6b&BR8;OsOln%uqnCu4qp&<3=7O zA~9+2q^AvL{hXp58k1$xT46MZ4k~-Q;{E~5N!T*;x22y%XxIWAz3b$Af*-Yi`x>Cz zuEL)3e_Vxxjp34q?U(S{aWvV{*yRMKCxKJ5dLmb~g%F5i5T5dnZ(F^l`5iHc+*zXu zjdea2cQ)8olk~ixp~K;0h36)&&%-46)K0f09EL-pnfKG*r=N67EZ#?(MM2wg(B$B3#q(pv1CA z(2K_qMp5N_iOTwX-;ehYZNvJu)3hT;GMf|_Rwe>$s4Lza{K+)$U{&KsucIMN5cui; D6NgSH diff --git a/usr.sbin/httpd/htdocs/openbsd_pb.gif b/usr.sbin/httpd/htdocs/openbsd_pb.gif deleted file mode 100644 index 8dcdd3ca3dbaa1130625040c4abfe98857c564b6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3361 zcmWlYdsvd^8^>Q>Uk>64!BdD1iIyWSQ&VGz3CK(>6Pcx%l`tx^E~iN4k6Z!Ls~O@k z=a#uFA~UnLjI1fcL*&)WSsA)AvNY^yR%VAW_M_*z|9P(KzV7Gy{oLPYWnw(zYhgVQ z3`_$62tpc|4ujB;i6lsZ;LI#bJ;VhetJT#6LL!l?$<$AzP<1+2tEnFZZ6+>nh(a|O zB9gc&E`>?~A(=+4p-|0ct<^ec&}r*6Z8IR0E2^{G)iXM6CYM()5{p2nwY3e8_tJfS zXv8EdmdRXoIvWVCwo<4f8a*8E1&2qN%~J+_M}56bClc%R9VQ})Mze_oY8bZ7%+Hz4 zkkv9?-_$ryBxPoLX(Up;PAic}EtaV!yjM7v$0d@?rhX<95`;&<^>tS33lScg$=%t` zWLXSdcn~s!ke$o3Fj-u#4Tjt74xPES8GVPYy-kmY%tPZ8ytqC*!eFr3?IU*c2rN4z z5TrGM(EJe8&V}aTVu53VorlNU%oJCvUKI{Py81d9H&zBhdWW^4@mxs+9!#5IvW5&@ z7K@F`ES{fvX_ZK=g4M7_ZMXDeu~3u7(dn9mbsfUGigI^anzWgjHd$sCGhC_{q)C{p zaLP`-9%3?WNlB|M)-01jY!{^IC{(*nD-($`1!;kSBt4gBH}%^oR11-$Yidm57SGhz z4bdQrg*4=7%Wcd}T5Xm{>p!C|wu{6v8Ot6Xk(s2@w+{{tY3+6gD3-<2Wf>aGC6Ww= z{+XHarur_J$(ot55wTfGG&&9IYIRh5TT|{%CXocoigRVfnM~F^)>VRaHDFzvXml*r z*3@LvXdF^)xe^9dMk_zXQP7fpgBJg!9LGN-zXk*1-AZzEa%6 zsHtl&Gkra_4w76(zd3%bk{nlFJm9f@Y4OIWAmZ@36nAKAZ$)F`1>Fths_`;S`SXj~R^}XGVV(GwN_SolhzBvq{@LqJ6|J zJfUu+B$Qi5e^2xY&8iZg4yKVnr%lsV=fi!@jRmxpv!$06(@jr1pL=5%a7}#h57LId zUy2m>y=EGX74i+xG8`ZIQ=hgwF@7$R!7c1T7DrBo`0b727-TLQ%)Y${#yu>8&R&uK zKJTCwSbSa-a=jM+oB@QS_9iQ(e|Fh-J^d{K!B+2GhUb)NiaUS9-p#-300}Je2TmYBPc58~XMr z9#z(ZP6z+4wh%VZwd0YWJR`WYQ8j;(Jt1G{yq`fSA_0RpGp1sGT9APQ9u!~rj=Rvf zyjS6L$7yJPU@ADa*r__TVK=GFXrhg_y*cDR+fsrg7L8Xs$E?bEuL26GQ&W+9@FU-8 zIPOq?WsHcyS7pm@{-SxEh;ON2P_E$oe!L%dlAQ_$1@mnDUzGt)YbW9CMSgF_A{ki% zE;H9SX=0{yJj(^`!U14W?Hg|>o|c#(*{%T+K55z4D?%T#7s`dWeGlZzvg=0K*Q<&z z&rg2={IOyRi4JgA4H8IVbc(0b)6hPjmey1**sf1%0M1h(9?f%K;Snm}x{6-=;U-E> zb=q`c8|T6BhN*q>@Q&}h(Lr?2SQfn?IfOjteL$91$2YQfmpzYjewH>2?|H7ux|>0# zLMCI~N%}-DD@~-KtO170m(=Ia7A$?-wJ0xyTgF#lgwn;CSA}KyJg&R0tz-Y`vFEth z!}&%J@`%1xg%TYOVq-=J^DDo$b^%WKsbj6XhQ|*C0j%8Fj=6hLoaApJm+?2C+;CYq zl%0hxzIQzkkP9{LXUT{P|1EVlQR{Or1@$7<*x0y$ubwRY#w{|TIR%?f5cfvuR3Wk_ zOG$I4*nrj9l`&D$M;@F>b;zfv$+{+-S7~ZE519wRRzz+~&-KW1K<*B_%U>4dPtrP9 z0>gc8i;%yoiHBBfV;%c<{_d#po9R)~aV}}<$IXTq{pMwB0v?|U-S_bZMqK`Jt~O<0 z3A!Nuz@Iz)Og)6Wgi_|zYxlS@#ikMLfhAk3(7ya2*Jr^_th>0wPHBMe*T2UvSNC+I z#g%)FPfU?Dp_Tg^W>vwfo3ZHwT*A-^(&J$+Nt_x>Yy}A5|BxSZiZK2WlQ_H8|5~K( zeBY;w=Lo3n{lX#+TnOpbI^*ORODe**Q;8S>0rI9$Czq&{Fk$m^{l#*F#vzGRja673LNcN zvrl|*+?&6%(;f^f={XG*J0iY=3pyXfZVE$ky~5nN+CPOYRqc!GwtnA3P<{<<852wI zIs38TkdcJpzSr+epf<+olc=7NNh%@Ki&-vY9u)jJq zmpK1RK`@fjnR?*``OAW5{F3-3WMDbZh;8q*pY$NzTyVRL?Y3qN$*Do8y9247_m;&k zHy5EiO``MnF>oTfM*WjXxmQs1WmbjfA-dPiA7+jO1=Z84mX8@vz57-X^GUMiO+YU> z8Tr@?ODVlTWrufFlyB3kfZIr=`feb_nroo7+emY+J8^iWa}=q zI$9pWnLJ)|$ER_cm^HC!LuFStxJr203DFLJhkI-=k&z9i2-2lXTNG{8g)dG7#iDOL zWaI?7oE+wci9P>NMC_`i6@B z{RvczW=ZP5Gua%$&9 zcU&MMa3KHmc#m-4xv|`*|AhULZw9k1%(J(pmx$z)y11zBnL1%-#txo0?)Z_TMVoJU zyoPrei-zKAxPJoGTZZr*XIA~}(;!)1#tDD2pe|1fyzNcsd4j|r z`d-rHem~!eDPjL}_qN^tUwi_7byY>WI^2J0!rRE5DK=`=zMy3CpWD?Hxe@!r=nuEuVc)QbQkY8OXi8|1|32?)NUUm4DbC$7-hY zDqT1Yf7svu^`HHp|NaB~al^{Ps&xzkk?qz~2=Ft0xRb8( z#=#fPqtY|rC?WdtFev;W-7x_3CY+D)p=;YG$F_RVns diff --git a/usr.sbin/httpd/htdocs/openbsdpower.gif b/usr.sbin/httpd/htdocs/openbsdpower.gif deleted file mode 100644 index 9875138a68b60e7dfdee41029e1a450bc7d180e6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3334 zcmXYy3s6&6zr}YFf`<@f^NxU;fV>|93W8Ei0!WCWycFa$5RHI<1rdRd+M9%c(V{oS z6lp;LB`8V+lz;xbe zfFc0O@tn;rLXaW|%V{(&mm3!s$Is0zDk>5KPz`_#fCd1>2qHs}Y8p-E;vxq?0e}*K zegIVX1A-_a9B^=uR|AC%bTt8`0-V}KS2odP>FJmA@{~%@kGmiAt3ZD*MWq5auRGni z#KEWH1bixlUpP1c!hdN0Pe2d_gbfhNae}Qa&g@5!eh9x{5o8aiXjO8F?0av z5kwE69smP^7$7t-7}YK=b%B9RD_1Jn?1t#*PO(^=ovn0p8+Ubm$6y!&1Lup11~W2V zaJh!vyA4vQR4nfAtf}cxD5|UP$YiKoj`sKWi^UqT*ic<qtWy3rB)vHu^WCAZcP!UDMvNcI$brUm1%Vi7$(QGa;;Xb)62D(LaS9^m{N-=by}rPkFWhYol2)e zH5!dpqtR(KI-N$Z(dhLWgGPg4m=?oy7^cUq#|#EctJUhXT0L(4m*eOcbDmn%*J{u7LAOr6& zcjL<~0muR{MI1SuO@kGPX-2(kezH;wow*I1uG2q%M_aY0PqO);+;P<|iS=RUhpOZ5 z@#j--*SwH(Wd|k)7^JGP`hWu&0Z3EUR*jc+bQ|7dOvycpWc~)%fAXPOm4LaBP`xXUJC>RdkNHUH+-6Z zTe1=?A`$FB#v?bikOC&jOj*X(Mc-SMa8i3#-C4dasL)%^zM`XJjB`lX87KP=ieFYOH}yr=fjOb|9Fb&KzB=O6jIE#7}3 zxp%=yRZxF5X>M_yIehCFG&}JJdG6TP>#mmnI%GOsIUjt@APF34y0!Q=ZAEmz`K0?{ zE)Dx@?)cZ{JhU^uHud^M(M$hBr^-{t7d34CAmlG8e3>ShC^E=PA=PP2Kr&zdX@F!d z`@oEfuPLM|M)b$aBg>FKB=#@r9NTf2{wC!k$rZ8bs2Qc zL`+mH*7An3-MkH+LDGyGicyl>IP>?+Mzy>kEQTr>$>HulM)}pmYxB@Ar|my~sBc?v zm^ZqR<>JTV)F?#3Z!h*)CWshEtu48%w>~>!5B0m6zBTg*eLlqKt>RCIr<65KD-UiT z7;*9m<&Ah`jwPy1=&6ux;?c*1U$37%{O)*5cO8loVYhY0vx*PUL7+;28ql;gppVLCj9Fw%^U69ug|KKh27J0 zqdt!;Vwdu%1S1$GD};ALf9bOHVxFiGF?y`k+;L}O1|WdyP9nvl9Uycs@ni>??oFTT zHt846*=C0p4qLmIbnWZNqZPh?5*9iuhIx&JkhW$6E5aro62uEINXv+E+|zON^3$N- z+TU~c0Vfl73IqRDFpx_kidQE@7=lzL3nAvEjoZ1WSPVl_b8L{^?bnRT$(VCfD*H%e z%UV{Y+jyk|@!jn3lQe3}+P4=wzOTa8eAjiKTos-oZC<}b{R>IZ852SmQsX!jo4he4 zi=Rsfr;+nxgKTcI2e17`B!9cgo^-hDfNhq!b*YZ@MAao_cMQ_OaYb8@3)H z3z(e(@&l`3I+Z0cF5Tk9f6KPq9SPTj$L#I9^xN3X8fkFnUb<*>h_!d)24OZt99Kvt zC7qVcZ!Xa7-ZXr4XCg+%Y#6*bofz(Fp>FmzU0^afM$PIAR;`_2S>JNxQBY-tjDWa! z3oPEd!60M{#j{Mvps`^44rV#1W15i)Z?Wq9dDb&gB&X-fODqDF?VV!toGx9{PADOj zk>1>Z8!Fypn(^bqmYZfohQ6NN_08%L>qVBvgE^UpbJwM^nmE#kEpY{&JA@3#l9~tr zIr(Wag^D1Ko>C~5)X|sCfLA|v<*_&%qYHjj$mw>o@=m^8OrkVY;A_SUW%h6ZjO#XT1YuRIT!oldqsB_?*rnR%mRk);ff-D8Al<7JX43DLUR z?*)C|o_oHIj4Nq=p8GR%4yo=JU5hx%cThB~5rzBJk~TiJXem#-ys;?%e?mtb`n<;I zFSoW3J)Vs4^C}PX6Il$G+$gmfc3L)`5^rqFIP&L8wzS;nMO5MC#kJ0k z`E8Yf-NJ6>Oc(P5c=;^n&+ZpX+a`bFRJqYx%<|JGDZAN};-$6uTm9Jyt(=hGd# z-gvJ+&7u^DWI91i{?QF8Odrc_Gdd$jR<*k%!N7BbidUM;3C-=(YdP`asJtOmvz;7v zD#j#>|MA@x9?5P?JKZv)EcOQ(dp_UE%kI{Ox4vu;c^QP=Oe;(V@hr|T+HGhaz~@sgnBw~}9wr`EQPrX)KR zbid{}4q1!*#%kMoC@w2VzjD3AZha?R>s~LB1@mg?5KUyEX|$x!7+eI)L)ylI0gyCod>g2 zJYP-0TtvvDk8V)}vU#l^47PxN0y{zAM2Vm$B4yJWB5c{T?A)f}2fLOBi&i9wTuVjn zbt1Q5TiBFN*eT4eJvj4&zYEhsUR)twos^crNB38(|5U-GiP^zoRX3kqnV{53OK2G!7*&LBo(!+RmTb&a{zDPWyCZQ ztx+d$>r94IyS6)4sCjFxG1D$?`9r#xW6jps#osg|`!WCR`QG!L=bYy`=e#ffGhWaR zkr?m=766kOjYf?|Gcz-z5yMfe5yOWCCo`rZOu@tq%ot%Th5?+-z>+_si7;g*gJrP9 zXoP!A4u2ZcT(~HPD=;={;0Y!)1F!%w0Epo~yvfwdG6i@aO9KEfHkk%?z~o{UJOobR zO)vvD{hv8++Vel-Q3Xdtg+&6<@vK5>a#o?=Ha`)-FzHOMWTQ6O()=ifWBpWD;dEYb z`)ps)ZwwNWJZANIJ`Uxy`;dA!4u|?~U;b4B77CZ?z8-R_94g&LLMt3VD-isO(5|-=9v}k zJI$L54j`LnxJX2;5T)Rhtf8&$$B$_pzmo;n8?Y`$wOatMHs^V%iNfaGqP^#FD=h+H_4c zI7S>zT5WKhZgh()e5pu~^6Mw^mR!5OSlPVwO=vOJa$io)Y$*HGL@tJ12MSO}JN`*s zXlmUd#86cN8JWDjaIxxBHqOsx1!C7gTS#Hr2tLeR!HM?6|QIRj8JY$`^yC ze?jVRqQJK6@ysXY<5npU>H9T*_Lwhr2E9FbiV^;Tcu}xGD;k}aTkOe1cAP_gBpyQ( zrdB!K!^Ix%zWpas1~X&S^oL^yjHTTr@0kK|(oe*dg!4PML?k632rct*IhHMra?DL+ z$5%+NXI1hq6NJ=6hsB5{DQk1b8R0=i=kl4LBU1@{M~|=9d5+#aQ+#EStCkHFj2~0h z`p>yMfxyQRQg?*iJV0qf10cx9iYh)&kEa5VnSwupGPpIvZz<`~uysMr$nARhmwigP{Ef=?ej2JG6$iTat_0HA@@E}ZH1N%_3D_(}U&UQ%k zG7kQF-Wymfw!ynpA5UVqwE8oT1~wSHBg4?1vr>;Q<<2@#YZ!HMa==M}E!S(`n}K_o z8U0@7Ee$*{*;O|)Zg*HOb>>guM~+*-*R+w9j8F(mA=A&uUUc_MfWzfJ-RRjf@1ATe z!e#!n3;Ki1N4&**s@b-7SJ?<_?X)}P2+v2FCx}jew?H`C`|e({i6G^T$yC$!iS}j4@VMX!($~>XSwxeM`Be(j>Hi5s_7rg zfj-?yPiuUwB;|^Xt@@>q?pGgHI;wsdI=!_=baHiXT1jxTK_|1TdD=8(PTmYzX{@i~ zuWVDNB4a6C$lZ5c%0YC?Ry#-YC^y4+n$5+Nl))d#r?&dJ3}?L(qvuAb*kkr@LpPbf z#)TKL8`bl%cg4d=`9iTqBJ!ypT=TJ?wWDN@4DcEIM=ymBMrko@{ld9nDGnIVu|17* zrm++7 zUP^gM1t}7oS0A_XHc=1tvd5ISX;$CVxmi-0q#);oRN{GqhXvWxVK%Z2d4me-_Uum% zl%jR2+)7nNzd}}-!}SJ<`CRN~Z(ByZ&VOhN+KjxZZOeGOOq$f!Nr+Siji`72$7{%RA&t)K>jXR4o>AwkMWl3=dY(I?3J3l3*dWq-Y#=dTO44?m{(+t{ z47K1+4fX_KW+zmx+Dp8HhoQKHTGy;ji`4G^s=^0VUI$eZL^@DXIA_O{p9e>$ZpJIG z?7`Fn4!kryQn!<i zmiRLbwAHQp(KBq#GuP2bJw~%ppmUK-9^0$G1u!xu|E5A^H!dDB);6erCJJ76` z0hYq4%huS9mR)32%=s&n~yFhSQWZ zH%$q{w1N_bl^=BGiD9?~hE+5xn@yKm2-3pvyc7hD0DuEPn48m?1i%161{kIsTeV6f7S}{YwIB#0lWCSOA6d3c&*M>ke(&@0I#W~s6B$WmW>N};0ztGb z)zw$jYPozssYF#ORIAk@2!*$cgU2KIe2RuZphE$Q0v!sWx__W_Mqv~cpcugB0ihU-VK5~YQ?#?B zq^a%OQQARzI+c}$>H<(KU=)oUzMDnRhLpF5T9;sC=T9Oqy-AH&5D@dOOd!f9Z6IJOVP<_?G`}=DlGU0iXw-^9Seu1c2ti zqeYJ4Ep?rTA#0D6zLxqsM_|{;n()?hJ;$uZd-&EDj`sTGjHWr3!xjA}RzzJ*QzaDravepdSj6Q+8?Su_Ol9HOi>yC-L$r@B< zT>fjKIyEDmTlH1lEMkkROE9*dMac02$|^!yDdpNoa;J?Vh7sq0s?e3|gjJ55oyt=a ztfBAuq0AKJSd}F5W>@4nNvKsRXDei7nxD1akFg}Xz$%XUX?R-6(YbfC{>z;fjwcSY z4|e7bpK%rxn~Ik?_jI#ApLvT^-fKJja9=cQpqu&61<9c-S;~`C+gNUKDEli#l_OI% zko2ovj=bQZW?4U7GH7CzYhmTj%jh3LdZxTuYt@XB6ui$pT?h~5&g9tUN@lq~1lHuq@9K(h39Jj9zFlq{+$ z34)W?!AdJHehDW-b~l*4o;tM3uW;lRP@V& z_5PmHT-2|`%6Q1f&Mj`m7+cmdGNCVdildt7gDYnakjCtV&8gh;lNpzMA6q)e0*c>? z+BW#Nw@uG@!P=0rrGGtnX>==8^qld_&Nn9dn{zLrTY83L`+tL)MECY@T33Coy#G{6 zTT^tvm)!4~jEh?8mfeT%M(Ft|FCdlUp$1p;v@*2AY){8q#~fi{m-C)KhnG5Y(n4B~ zmRk=f*1B-R5#ejrV%uuFN^hw6maBzjr4Ld&J+N&~?OkCb4leD@=9?#Sql}wU0}t#v zYMwv*ZP3P9rE|C1(Oces_FjzGnIV!MEiaGR_O(-6x7ul<&V?!Wxl>YVs8(N&r*xS=^VYSk;pnFOaJZiYl*GX|4{qk zmId5(PwQI_{*j*gg~+zb)pCiwxg+EcCx*QGkri5>e`C+JfS~TQ*Ae`!7rJ9lx-`cL zrE#BZj~x5%;j0V&L(ig^S6geZnRxY!jJFj=-aBVM+Ylb*5i9W-`>gTRC20?|w{UfP VL(*(x;!tD4^?~u`wQgJx_q7tl diff --git a/usr.sbin/httpd/httpd.8 b/usr.sbin/httpd/httpd.8 deleted file mode 100644 index 95f54454660..00000000000 --- a/usr.sbin/httpd/httpd.8 +++ /dev/null @@ -1,306 +0,0 @@ -.\" $OpenBSD: httpd.8,v 1.34 2010/05/18 15:09:34 sobrado Exp $ -.\" Copyright (c) 1995-1997 David Robinson. All rights reserved. -.\" Copyright (c) 1997-1999 The Apache Group. All rights reserved. -.\" Copyright (c) 1998-1999 Bob Beck. All rights reserved. -.\" Copyright (c) 2002-2003 Henning Brauer. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the Apache Group -.\" for use in the Apache HTTP server project (http://www.apache.org/)." -.\" -.\" 4. The names "Apache Server" and "Apache Group" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. -.\" -.\" 5. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the Apache Group -.\" for use in the Apache HTTP server project (http://www.apache.org/)." -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" ==================================================================== -.\" -.\" This software consists of voluntary contributions made by many -.\" individuals on behalf of the Apache Group and was originally based -.\" on public domain software written at the National Center for -.\" Supercomputing Applications, University of Illinois, Urbana-Champaign. -.\" For more information on the Apache Group and the Apache HTTP server -.\" project, please see . -.Dd $Mdocdate: May 18 2010 $ -.Dt HTTPD 8 -.Os -.Sh NAME -.Nm httpd -.Nd Apache HyperText Transfer Protocol server -.Sh SYNOPSIS -.Nm httpd -.Bk -words -.Op Fl 46FhLlSTtUuVvX -.Op Fl C Ar directive -.Op Fl c Ar directive -.Op Fl D Ar parameter -.Op Fl d Ar serverroot -.Op Fl f Ar config -.Op Fl R Ar libexecdir -.Ek -.Sh DESCRIPTION -.Nm -is the Apache HyperText Transfer Protocol (HTTP) server program. -It is designed to be run as a stand-alone daemon process. -When used like this it will create a pool of child processes to -handle requests. -To stop it, send a -.Dv TERM -signal to the initial (parent) process. -The PID of this process is written to a file as given in the -configuration file. -Normally this service can be enabled for startup on -.Ox -by editing -.Pa /etc/rc.conf.local . -.Pp -Alternatively, -.Nm -may be invoked by the Internet daemon -.Xr inetd 8 -each -time a connection to the HTTP service is made. -.Pp -.Nm -can be made to support HTTPS transactions -if RSA certificates are generated -and the utility is started with the -.Va -DSSL -flag. -See -.Xr ssl 8 -for further information. -.Pp -By default, -.Nm -will -.Xr chroot 2 -to the -.Dq ServerRoot -path, -serving documents from the -.Dq DocumentRoot -path. -As a result of the default secure behaviour, -.Nm -cannot access any objects outside -.Dq ServerRoot -\- this security measure is taken in case -.Nm -is compromised. -This is not without drawbacks, though: -.Pp -CGI programs may fail due to the limited environment available inside -this chroot space. -.Dq UserDir , -of course, cannot access files outside the directory space. -Other modules will also have issues. -.Dq DocumentRoot -directories or any other files needed must be inside -.Dq ServerRoot . -For this to work, -pathnames inside the configuration file do not need adjustment relative to -.Dq ServerRoot . -For this option to remain secure, it is important that no files or directories -writable by user -.Ar www -or group -.Ar www -are created inside the -.Dq ServerRoot . -.Pp -The -.Fl u -option -(see below) -can be specified to disable -.Xr chroot 2 -functionality. -.Pp -This manual page only lists the command line arguments. -For details of the directives necessary to configure -.Nm , -see the Apache manual in -.Pa /usr/share/doc/html/httpd/ . -Paths in this manual page reflect those -compiled into -.Nm -by default with -.Ox . -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl 4 -Assume IPv4 addresses on ambiguous directives (default). -Along with -.Fl 6 -and -.Fl U , -this can be used to remove ambiguities in cases such as "BindAddress *". -.It Fl 6 -Assume IPv6 addresses on ambiguous directives. -.It Fl C Ar directive -Process the configuration -.Ar directive -before reading config files. -.It Fl c Ar directive -Process the configuration -.Ar directive -after reading config files. -.It Fl D Ar parameter -Sets a configuration -.Ar parameter -which can be used with -... sections in the configuration files -to conditionally skip or process commands. -.It Fl d Ar serverroot -Set the initial value for the -.Dq ServerRoot -directive to -.Ar serverroot . -This can be overridden by the -.Dq ServerRoot -command in the configuration file. -The default is -.Pa /var/www . -.It Fl F -Run the main process in foreground. -For process supervisors. -.It Fl f Ar config -Execute the commands in the file -.Ar config -on startup. -If -.Ar config -does not begin with a /, then it is taken to be a path relative to -the ServerRoot. -The default is -.Pa conf/httpd.conf . -.It Fl h -Output a short summary of available command line options. -.It Fl L -Output a list of directives together with expected arguments and -places where the directive is valid. -.It Fl l -Output a list of modules compiled into the server. -.It Fl R Ar libexecdir -This option is only available if -.Nm -was built with the -.Dv SHARED_CORE -rule enabled which forces the -.Nm -core code to be placed into a dynamic shared object (DSO) file. -This file is searched in a hardcoded path under ServerRoot per default. -Use this option to override. -.It Fl S -Show the settings as parsed from the config file (currently only shows the -virtualhost settings). -.It Fl T -Run syntax tests for configuration files only, without DocumentRoot checks. -The program immediately exits after this syntax parsing with either a return -code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error). -.It Fl t -Run syntax tests for configuration files only, including DocumentRoot checks. -The program immediately exits after this syntax parsing with either a return -code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error). -.It Fl U -Do not assume a specific address family for ambiguous specifications. -.It Fl u -By default -.Nm -will -.Xr chroot 2 -to the -.Dq ServerRoot -path. -The -.Fl u -option disables this behaviour, and returns -.Nm -to the expanded "unsecure" behaviour. -.It Fl V -Print the version and build parameters of -.Nm httpd , -and then exit. -.It Fl v -Print the version of -.Nm httpd , -and then exit. -.It Fl X -Run in single-process mode, for internal debugging purposes only; the daemon -does not detach from the terminal or fork any children. -Do NOT use this mode to provide ordinary web service. -.El -.Pp -The documents served by -.Nm -should not be owned by the user which -.Nm -is running as (usually user -.Ar www -and group -.Ar www ) . -They must, however, be readable by this user. -.Sh FILES -.Bl -tag -width /etc/passwd -compact -.It Pa /var/www/cgi-bin/ -.It Pa /var/www/conf/httpd.conf -.It Pa /var/www/conf/magic -.It Pa /var/www/conf/mime.types -.It Pa /var/www/icons/ -.It Pa /var/www/logs/access_log -.It Pa /var/www/logs/error_log -.It Pa /var/www/logs/etag-state -.It Pa /var/www/logs/httpd.pid -.It Pa /var/www/logs/ssl_engine_log -.It Pa /var/www/logs/ssl_request_log -.It Pa /var/www/logs/ssl_scache.db -.It Pa /var/www/users/ -.It Pa /etc/rc.conf.local -.El -.Sh SEE ALSO -.Xr dbmmanage 1 , -.Xr htdigest 1 , -.Xr htpasswd 1 , -.Xr chroot 2 , -.Xr apachectl 8 , -.Xr apxs 8 , -.Xr inetd 8 , -.Xr logresolve 8 , -.Xr rc.conf.local 8 , -.Xr rotatelogs 8 , -.Xr ssl 8 , -.Xr suexec 8 -.Pp -The Apache manual: -.Pa /usr/share/doc/html/httpd/ . diff --git a/usr.sbin/httpd/icons/README b/usr.sbin/httpd/icons/README deleted file mode 100644 index 74b2970b9e8..00000000000 --- a/usr.sbin/httpd/icons/README +++ /dev/null @@ -1,158 +0,0 @@ -Public Domain Icons - - These icons were originally made for Mosaic for X and have been - included in the NCSA httpd and Apache server distributions in the - past. They are in the public domain and may be freely included in any - application. The originals were done by Kevin Hughes - (kevinh@kevcom.com). - - Many thanks to Andy Polyakov for tuning the icon colors and adding a - few new images. If you'd like to contribute additions or ideas to - this set, please let me know. - - Almost all of these icons are 20x22 pixels in size. There are - alternative icons in the "small" directory that are 16x16 in size, - provided by Mike Brown (mike@hyperreal.org). - -Suggested Uses - -The following are a few suggestions, to serve as a starting point for ideas. -Please feel free to tweak and rename the icons as you like. - - a.gif - This might be used to represent PostScript or text layout - languages. - - alert.black.gif, alert.red.gif - These can be used to highlight any important items, such as a - README file in a directory. - - back.gif, forward.gif - These can be used as links to go to previous and next areas. - - ball.gray.gif, ball.red.gif - These might be used as bullets. - - binary.gif - This can be used to represent binary files. - - binhex.gif - This can represent BinHex-encoded data. - - blank.gif - This can be used as a placeholder or a spacing element. - - bomb.gif - This can be used to repreesnt core files. - - box1.gif, box2.gif - These icons can be used to represent generic 3D applications and - related files. - - broken.gif - This can represent corrupted data. - - burst.gif - This can call attention to new and important items. - - c.gif - This might represent C source code. - - comp.blue.gif, comp.red.gif - These little computer icons can stand for telnet or FTP - sessions. - - compressed.gif - This may represent compressed data. - - continued.gif - This can be a link to a continued listing of a directory. - - down.gif, up.gif, left.gif, right.gif - These can be used to scroll up, down, left and right in a - listing or may be used to denote items in an outline. - - dvi.gif - This can represent DVI files. - - f.gif - This might represent FORTRAN or Forth source code. - - folder.gif, folder.open.gif, folder.sec.gif - The folder can represent directories. There is also a version - that can represent secure directories or directories that cannot - be viewed. - - generic.gif, generic.sec.gif, generic.red.gif - These can represent generic files, secure files, and important - files, respectively. - - hand.right.gif, hand.up.gif - These can point out important items (pun intended). - - image1.gif, image2.gif, image3.gif - These can represent image formats of various types. - - index.gif - This might represent a WAIS index or search facility. - - layout.gif - This might represent files and formats that contain graphics as - well as text layout, such as HTML and PDF files. - - link.gif - This might represent files that are symbolic links. - - movie.gif - This can represent various movie formats. - - p.gif - This may stand for Perl or Python source code. - - pie0.gif ... pie8.gif - These icons can be used in applications where a list of - documents is returned from a search. The little pie chart images - can denote how relevant the documents may be to your search - query. - - patch.gif - This may stand for patches and diff files. - - portal.gif - This might be a link to an online service or a 3D world. - - ps.gif, quill.gif - These may represent PostScript files. - - screw1.gif, screw2.gif - These may represent CAD or engineering data and formats. - - script.gif - This can represent any of various interpreted languages, such as - Perl, python, TCL, and shell scripts, as well as server - configuration files. - - sound1.gif, sound2.gif - These can represent sound files. - - sphere1.gif, sphere2.gif - These can represent 3D worlds or rendering applications and - formats. - - tex.gif - This can represent TeX files. - - text.gif - This can represent generic (plain) text files. - - transfer.gif - This can represent FTP transfers or uploads/downloads. - - unknown.gif - This may represent a file of an unknown type. - - uuencoded.gif - This can stand for uuencoded data. - - world1.gif, world2.gif - These can represent 3D worlds or other 3D formats. diff --git a/usr.sbin/httpd/icons/a.gif b/usr.sbin/httpd/icons/a.gif deleted file mode 100644 index bb23d971f4ce99b43dcadc7179deab4e3f55d2fd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 246 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2nHIbDd^F&3SUp#HU#9hW!Rw()J9@9Pc4|E2W2srx z@ZjD%n_KH1+_viO4gW0IG)3`1D5IB^&A~|*Z0siQ)e*Jc?U}v(RZqm-rsn%xldEMP i9?8v^arV~QxusXc{Vzw0+BY`Y83|alcZ6{=SOWlx{aaiB diff --git a/usr.sbin/httpd/icons/a.png b/usr.sbin/httpd/icons/a.png deleted file mode 100644 index c1840256dcf85ae97807b18bb7d6cc05eb0f95ed..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 293 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-1lBbJfNX0GJa~F9JC~&X@gfql0Xk*MNVLbcRJ~&Y0-gRzE zrj_%zEUEOI{8@GD>6)F#+gXz>SQ{p8TqWVUY;yR_lqm~zIyOE?l#q=2$n?6i-nXCi zXOQfbx(R00TVG7(ocDz>?~G*qvz$l8K-!lN`jBehsZAsfWYa7fK8(M!(H)lmpeEhtIN cO-e0NFtoHZ^?C8-2+#%wPgg&ebxsLQ07e&Tg#Z8m diff --git a/usr.sbin/httpd/icons/alert.black.gif b/usr.sbin/httpd/icons/alert.black.gif deleted file mode 100644 index eaecd2172a091ee2994c73f33e784e336b23b58b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 242 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2sTRBTd^F&3SUp#HU#9hW!Eiwp#*PQqrY@^+(mQa9 zIq>=_)6J=N(?l8rJU#@b9ZU?|#8k#|TH+FuDboTL$LCUaCvA&aeP+vAqk{>XuXw(F ebwjlD^Y4l5CwY+}}V#>(}+e%YC`G9tD6 z<&>04);Dfl>^kL$*$OX@lhto@l!QXAdZw&9sN4A?$yR>aXGxPKmyi?175+0@L8L7oO3fUlDhC^y*iC%Jku8u-*YC%bA zZc=KIf}y3QDTCrq7DfgJW(FOg=?oy-8JM#&cJ29GAmOljuG+p#>+^!)qA83W53Y$i zRmV;6*!V8-#*VCuOa*@qH0ND;#mM2YBw&+P*rb-FJO^IOEcFdnw_3sy#i%{~=Eb~? osgHMN$4+)vHJp`EcP`!U`}1doVY%uqk+$u`wANvs|`dJjBCm zYHZeQ&^+Z#kK>_)WtCM`Ry~n%aeS##yLaq3JVT9R*+xUQU=P7_CPBxJu`rjfklrw} z;fPBRck;5G4h$D2@;nVV0Ce0U!voj7bSr^2g_XEQlsM<-=BDPAFoa}e7Aqtcl_&tI z%shpXj8uh!(xjZsWQCOc+{Da0Jq7R7GN6P8TBKlTX=&>7;>!`B4Gf;HelF{r5}E+k7-OOU diff --git a/usr.sbin/httpd/icons/apache_pb.gif b/usr.sbin/httpd/icons/apache_pb.gif deleted file mode 100644 index 3a1c139fc4247ec7e770fdaab961fb3692c953fb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2326 zcmeH``#aS60)Ri?F~*GRoWb@r$c#H_jN6u#)66_>GY!UILM{ophO`}&oUt=FmBNTY z$`ICVA7j^+h#i;OQDc-ga!qS+8Gc0FW4f z)Bt1yAj_Q32!U{ zRIo-qQptb-t7{uBm(~px;>}n!KArWR1^>`Cf~is&A3~v0s8aF}M#nn9GGt0d7v`yb z*>S>eMWL(I627?MNllQ7BkqHq)M=1k z=&Ky&zXVh2hPE6DHG1$Mj#+!@W<|fAeonA2iB#Un#%N(&&W1dtI~9BfQ#)e2X=lF^XcGT}q=AoZ{H^5&_C+Pv zN&hQZTYONvvH2qVcG~jIh^yqZXMG0jauI~J<^%?yjPC{pb>Ylqd7Qgl5*ph^Ulf=T ztUu|ceZK)dM=IDKg~q~CZoH&Cb~-~Z=;&lvYG{6Kc>2z^;Sv327g?kssFZ=dw}0cH zdw$mEtN!A<`J8^&z3 zt~SwiD6S8)Rjrr!Kx<)&vBl1-$xbOvcBi~nxrDC!TBPace;L%k*DDqrZ4t4XvN(& zu%4H=wkn0>)>bWw*7qy^XgxfL8hEr{3=!aT@x^9eDj^ytk&Chl$kO(lBLUN|dQ6Gs zqR_gQC$$$-23%rt``_I(>C3A7dOXT9Z$frk_k~-Ys+P;@AA_2Pg%%8=^ZRrL+?~|f zW&~d`K5oo!G0s}dw|gtsI8gBY`D(2K(S?RiMa{{iIhO(d)G0SJjuwocN&dl=)Ns$! zkAoL^`msv}wXFIo9^Egsd~xDITuw=a{)ty}PeNiaZ{?=q1Ff-;&+#A?LvlJm+3a2z z0EU`idSaEFK|F|qEq^5hpn?C2d=DQ+H3YkO^OBqUex<5bLo z9(N*aTe0*iA?|UPIVvKLCc?9Ag1I16-HvOfbsA#dH4-dk3 zhnz>*3E(FdLU+yVpuPUsliM=aeNjZUS*@XX3Z53T6iR8-2uO=XFwVs0@AhefEv8q zeI*^7gje{cZVN8?oK%ZT=2#U=<_Ih7M^R~)Ja%@QBEHt-Nj+won-qIvXTfK$!wnkr z2MQ*#TaAN%Ohqz*uQYER7$<|Jgd}A|ZL~mb$%8Fh^ z{1s=ft;T@}n?u#1Sd8|0dAq@XlaA<)Sy)vu-xZB|?3vPJ`3#PxQkI=}-aLquKdtW{ zRsg5o;PBjI;EgPh^zTEWZ?enGho=a|_a2#rB5>rG$ipb8~ZRYin9sS|J!1|3Vo5F#x?%5Z#agaH4}82`=y&d$cYy~Z&B z|6>6EoB;pt0RQJo@7{af)}_w>0G#hijQ;>*=Y*W^Qe*!B7ytkOKp?+w00001VoOIv z9|a8%y#N3Nw@E}nRCwC$n2U0wI21&+5=byvIT4S5BHR4`Uv9Sq81N(ZOwFvP%AE%o zkez$fx21{@FTM2AOOHrW4~}u;2>0;F|3mI{=G?_6%s}af-c=97>iFD}W~yAu9H%>J zrQI@+s6`2;z*T+ zwX-R}K*(XpWb}h{C<~`f4~8WU7;Ofem}nRf&Ej)2gLsiXG7oy`&r&c(;gBmOMbN>A z#Gx$h&LsvKKd8gt$Wk>*%W#mWPQ~h=EE_byWFkE`Gl&oCINtrzpZS}mK*9Z!=b7-0 zZ!;f)judQJ6f#z5B(1ymA=$^+0Mz-P7rg@(Y4!Q^$_)V>K# z@cx)onlyoKWZ>M8Cf5kX+9i9z#Ci>1(f4l2K(Z0o6i;n~>Ca_pRaG}o>uc}P7VrbE zAB(~|!?|R&cv31B#&Tt5Mh2`E;Ww@$%RCrl0`cTRY^Tf{Dq;W!PYjLs>}}XV7eB_# z!}OzM7A9h!WFvzVhEh1aVZgMJe}N5Lt_Pi~YUBVl4GjSbq461FvP3@oD6HJAwh?Z% z2a;Fo)X#4NB%020;p@7pW;f_cgF{O<)L1WoVTeI#ZBZ1D&8myGd2V5k=rD<_cE*tG zP*)9OGID^Jl5x!-hr7$_%+tFdQs5VgY(tAKsE3I|0>Qp$$$>%Xa|C6i0Sr6$^nLyq z1?&>h{YXQG0YEG`zz=W)?$mW?J(STDWf@W2#(=@y`bu-Iu3tXTeL|bJ`PlD|EA6Kt z{Q-JgKKq6pUO8R)_grt{s+_`G)AGK>y3m3{b>a|7)Lb*#x=FSOnzjhXU~f=}!`20L z7a%kX2wy&Gg{429Yd_v%#fLKn<;1|A=>`MgEGYm3{{&2T!^Svq7+21;c-C#p+f5$E zzEI(kAriQ11tBr$PKqz*+kVm#LMnRJ*MYA;W(LP^7`&||Zpjt8Wd0LFGJTr%deFnL zhEb=)1PT>bP+uy$+pRG;8b^HM!Fq8cF<3mdWYF_NJMp=J5E(3neDQUE@aLWfH0z9;auw~Hi`#BHF%UUwH zBMCN=R!0hq|JWBkO#WmP#K_cov3h`v)$jJ5-zP8hBZ3jaT+od?=q3c?>HZpnC5}57 z+>-=bIRy-~L)<8bF)F8=h*=TW4{V`;M1x532aeW`5Qt#5$r8c^2HgU|N)v=FgZ<$! zEewf4%8AtO<<&g+c&sNJ60)#m>Wj!?!2T!(#pI0;S)>#7PN5y(3CVv*bmKb0T~~xr zRo#L?ci|(?5qSS~nZe<==E0VPRE3J~c}z60he)=7JGeOVKq@)&fE-dYL9<4T)w7G7^nN~DX)5G{ rGrM}bkL6^)UC^IE@X|{!{bl+Odo{L8 zTBKlTX=%!!_>+Z^fq{`h2V@1vb_Ql|iCuU8DGPkc5-<+lz3AMXubFeq{lvP)Ggp6^Q($uOC~PM5!3Knu5hd8zzVA-2Z^g;lkQyz{qtht`EC{l FYXAcbPG|rC diff --git a/usr.sbin/httpd/icons/back.png b/usr.sbin/httpd/icons/back.png deleted file mode 100644 index 2d8d353bbc7d6adb82b273b25d3dae725c7112a9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 284 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#R|IeH`Gc7I6*w`2- zwpDWP2O!0mjE56cA(Nrx9qvI~p!6wdxLzImj= zanJh4s&h`5%dX*-2>G_uA+t!s>+8>g&37bjzr3n{_RQ*&i&kXKY@HcdA-Fb}|K$Ch zzjy6ZEt8xYpO?-lq4J>m&nuuMVI{5+CC>S|xv6<23?Uhr#R`c?)Gf$x;BUPcG zG$|)DSs^7qH!(9$Pr*C23@G7Inx2tbtfP<(;$=9bW|rtB=jZAu1g931q~<227AY87 WTAKR2_;Lhj1B0ilpUXO@geCx0RA-$4 diff --git a/usr.sbin/httpd/icons/ball.gray.gif b/usr.sbin/httpd/icons/ball.gray.gif deleted file mode 100644 index eb84268c4ccf0146e661f51e63fc7d958d39111f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 233 zcmZ?wbhEHb6k!l!c+9}?|Ns9pKy>EJ?%lg*&YaoN(UF#x78)9AY;4Sc4JiKe3(3eV zR!A%=Q2NWsw3(v(5*CkrD310#bD$U2a#7+72kPI#`~Yw`N*?)jcGYB&?6 zl*5^v5@j;O_zpaf^Qf7s_EE`__xyKmPTmvoe(9bH{5w=PbF!#4X}t_l`&F_3!G;Q* IP6h^R09S}j761SM diff --git a/usr.sbin/httpd/icons/ball.gray.png b/usr.sbin/httpd/icons/ball.gray.png deleted file mode 100644 index 7b756f2d82dee472e1faafe53abc04ca1cccb9ca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 277 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DY*cj5Z5#RLEy}pGrM>1o;h=7 zM@L6mT3TpmsIjpzP)S{Pq6d&-O!9Vj;rw`W=^G%&+0(@_q~ca`f`a^+Ih@IbyLR|C z7%k^$4RvCj+j>|_&EaY6CF=yA?O*&fjCI#CozrgTe~DWM4fO8H?_ diff --git a/usr.sbin/httpd/icons/ball.red.gif b/usr.sbin/httpd/icons/ball.red.gif deleted file mode 100644 index a8425cb574b1e4250b8cd35656432245cf4b51c8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 205 zcmZ?wbhEHb6k!l!IK;s49|&g7{BLZ0=KudR1_V(2=NFQZS*(y)RH6W+GV>HlGEx-^ zN|SOjlND0(a}zW3^c1{P%YYIdrRf=|#X1VvAYO(;YG#REa(=FkLU3w9NosCVYLSAW zrKKr@;!hSv1_ovZ9grm;+ZmW0EOy=bXK>1Mb*$?2=q7RLtBj2b0*O~xQ!1DFD^5{O pJnUyaTmRk(8|hQW8HD_tlL9-OLb*IseTr8`t-rA*Y$5}LH2|rsMHm18 diff --git a/usr.sbin/httpd/icons/ball.red.png b/usr.sbin/httpd/icons/ball.red.png deleted file mode 100644 index 05f3e50629c6d930c77e762fce2fe2c6e0ba0e25..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 265 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DWL$L5Z5#R|Noyk^S`k%kWK>% zGBC(-)@T4J#w2fd7uFy7FOLH`&YmugAr-fh6BOiI+73mmX>wu=NL#RQlD5x<01sBB zGpkmtc*K;-#i_Z|X{MK#Ucs`--Wpdr1jNI`XY5>O;Fxk-gPCDFH|O(oRcDadVI{5+ zCC>S|xv6<23?Uhr#R`c?)Gf$x;BUPcGG$|)DSs^7qH!(9$Pr*C23@G7Inx2tb ytfP<(;$=9bW|rtB=jZAu1g931q~<227AY87TAKR2_;Lhj1B0ilpUXO@geCyzSyzq# diff --git a/usr.sbin/httpd/icons/binary.gif b/usr.sbin/httpd/icons/binary.gif deleted file mode 100644 index 9a15cbae04ccda7ee515f0e56360afc5a0dba7a5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 246 zcmZ?wbhEHb6k!l!IK;s4|Ns9pKy>EJ%$YNdjg1*#K=GenNJeI{LSj*g0+7ngQz*$u zRVXM;%E?StNXgGl%*@kM@J=lQN_do}XQUSEC}e|p84jtLC3?yExjG8LsRbpexk;%- z3Wk=JrVNTdSr{1@7#VaxR)B10V9xZ|wdbROfWzv!D*Gb21Y#8#gjW{Ev9DOlxiI_H z)^#HHvm9UiDQlh^nDJt>gl6-T1rM0J@~%VW#e jit!gMUf+_g-~76GhV}Y)-JD*HO`g_*&g~t+oD9|gOVnOa diff --git a/usr.sbin/httpd/icons/binary.png b/usr.sbin/httpd/icons/binary.png deleted file mode 100644 index c5119d1e1ea26c01d09aa3cf2fa936989a543056..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 296 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DWL$L5Z5#RLEy}pGc#w-G&VK{ z3SZ^1dYPzKY!0^ck#nB%+)~>Czxe^sqA_8;*1v1wy+Y{h!W@g+}zZ>5{8hB%wmPaq7nrl zm6@kdl98%VP@0sJnXHhKpPQJOr>EeZS_YKxC{52uE!I)U2Jtc+QZq~RlJj$Q6oOL= fN>X!^Qi~J}EiFxbUVJ$Mw1L6X)z4*}Q$iB}M9gd? diff --git a/usr.sbin/httpd/icons/binhex.gif b/usr.sbin/httpd/icons/binhex.gif deleted file mode 100644 index 62d0363108d2585b7574f1eafa0749ae48e15f5b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 246 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIWsLS&DhwO0R|NR`GsU;7Aqtcl_&tI%shpX zj8uh!(xjZsWQCOc+{Da0Jq7R7GN6P8 zTBKlTX=%!!_>+Z^fq{`h2V@1vb_V85k6n8{8VES7o~yDia@YFk=4>QQyf+b%kUIiE6v`j kq<41P{%f~vu3nm((IxdxXZmdxm!@WCGePSPUrq*V0OwX&D*ylh diff --git a/usr.sbin/httpd/icons/binhex.png b/usr.sbin/httpd/icons/binhex.png deleted file mode 100644 index eff532202d39384c325bb87f35478a993322ca7b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 304 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DWL$L5Z5#RL15<0nQ3Wh#>U1# z;af%-tU!t}$=lt9^+*28<3LW9r;B4q#jVu7i<}1(cwAy1ddVzkQvMQukS9U$_xejJ zQMz9gK2*rKJAIzAVC4k?%dWNnvq|Df><72pK5<6>)mc^D;q6 z=31#uZPE>|)f;wyJAA)xR|L0i?~BQfX@{7Drl=S#V(K{$v^A{6HKN2hKQ}iuuY@5a zBePf`v8Y4=NM+_Jlw_nT6qF|AWF{-5LrY6jpBG<_0BvCKboFyt=akR{0Ce|o#{d8T diff --git a/usr.sbin/httpd/icons/blank.gif b/usr.sbin/httpd/icons/blank.gif deleted file mode 100644 index 0ccf01e1983e40365a9ab9f373b6fc497c8603cd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 148 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ pvM@3*Ff!-Xz$Dz$zw-23{>5{)-0I$ZZ_jW3Hcv(dYXE)}F?;|3 diff --git a/usr.sbin/httpd/icons/blank.png b/usr.sbin/httpd/icons/blank.png deleted file mode 100644 index 3802c03c9c8351d0983ca8750eba2cb1c17a4420..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 195 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0$P6TZ_3OC;Ddqs55Z5#R|2MvLU<7g*lf2zs z82>Zr-UD)YJY5_^DsCkwEZ_z5A{ZELyTj~(tgsT-h!W@g+}zZ>5{8hB%wmPaq7nrl zm6@kdl98%VP@0sJnXHhKpPQJOr>EeZS_YKxC{52uE!I)U2Jtc+QZq~RlJj$Q6oOL= fN>X!^Qi~J}EiFxbUVJ$Mw1L6X)z4*}Q$iB}S=%`= diff --git a/usr.sbin/httpd/icons/bomb.gif b/usr.sbin/httpd/icons/bomb.gif deleted file mode 100644 index 270fdb1c064a678acb8764f49dfab1e4930a437c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 308 zcmZ?wbhEHb6k!l!c+9}?9|+DEp8*nQ&g|a3d*;lU9UUEMX=$OMp~l9>3>ZN1pI=Bu zX0bwIQHcVO%FI(J$w*ZwC{4=AOjbzA&rQtC(^K$HEdxq;l%{8-7V9WvgLoMZshK5u z$@#fD3c;xbC8@bdsYMEgmX@Xria%Kx85o!tbU=22T*biBZ*bCc`Hl#c1H12gmgUBI zw%rtC;M!28($IJJckPX3ES?w2x?Bo89sFpnv51;GTC)?h;TiA$0@sFrUdir9fOkb>zt{bzE;`1Aq>0nv_CTVK7LtMGqaBGac%}zsr|X5CcYWJ z_MO@Cq9tdSvr_f8f17kC@0s(WBk9!%by?|m>~3jpZJn0eK<*4Hag8W(&d<$F%`0ID z$;d2LNGvK*08*KG3MCn-3I(M}Ihn}{DfzjHnR$8&-l=6k36IkBjMQQsg=`Qn!yz@Z pL@zl%S4SZ@wV)(5Hz~D9!O+su)aS*QBS0G%JYD@<);T3K0RXm{gZuyh diff --git a/usr.sbin/httpd/icons/box1.gif b/usr.sbin/httpd/icons/box1.gif deleted file mode 100644 index 65dcd002eafc0513dd4e7f6d54ca1d82345aa4be..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 251 zcmZ?wbhEHb6k!l!IK;s4|Ns9pKy>EJ%$YNdjg1**8Z)FBGcYhH{__jT$ShV!EGkg| zQki)QB^jv-1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz!(9+VBLGdRGBLf2?gAUMi29WIx%y|;K?))=oQ+_D9Ws|kbwV3Cb!G;~l zr6S87EaNL&_a?hVeW3t@!}Ye?nKK^#j99avpyTG(I#$(nk_Jvoof)on^{`p)&3!-P v58tszhQ3zU#BLwgx4CO~=RuzOzlQVSzZ;^Bd|G^1BFxnCE`Z|dwK(Wu%S;>ma{6yCIZTmQXIZvEpmE!TmtV>dWc7~O>MwB?`=jNv7 zl`w>4WELwV7L_Ofsmwful8jV^g3_d%%w&a>{M^LMJUs>P)H0xiM`?OSYO#(&Hi(zu rkeXSdmzEJ%$YNdjg1**8Z)FBGcYhH{__jT$ShV!EGkg| zQki)QB^jv-1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz!(9+VBLGdRGBLf2?gAUMi29WIx%=I3-_IxxDa9BN8WnZTCdBN+UN;`V5 zvvyudlx5MGf7Niu+lB8<68M>}CwT0+Sa%>{VugiRTa(75mo;unPcK^%`XY`u`0=&t zU!@MXG|VX05I^^VF*R2EaBhQ*t$*G8!m22pl=_-R+Zy(Sw)W(nhPLXS$-P|O(_IV& Nt>?_0!_UcJ4FEU+X8-^I diff --git a/usr.sbin/httpd/icons/box2.png b/usr.sbin/httpd/icons/box2.png deleted file mode 100644 index 26d14325d970a9e93f5e08cdf7e7422dc3cf1055..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 322 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DTx4|5Z5#RLEy}pGc#w-G&VM7 zm}$(AW(<^E+t^bCq!^RD-Cfwl5<6Z4Ic1(Mjv*DdT+bPD9Z?WzNnCHBu;*S<@bT~^ zz6uHZz1In3a~^!19%K6N>hX}|Z}qDarDtqyj$nVAF!Lk}r=rLyrjwT9adsQ z!=?dU5LV(EQR1ARo12?S*(y)RH6W+GV>HlGEx-^N|SOjlND0(a}zW3^c1{P z%YYIdrRf=|#X1VvAYO(;YG#REa(=FkLU3w9NosCVYLSAWrKPFQi!VojHZXX)`njxg HN@xNAQ@VK0 diff --git a/usr.sbin/httpd/icons/broken.gif b/usr.sbin/httpd/icons/broken.gif deleted file mode 100644 index 9f8cbe9f7604077bbd3a2bc8bc3a5bb5f569b838..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 247 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2Sr)tYd^F&3SUp#HU#9hW!Rw()J9@9Pc4`>z_|O^T zk}LelhjUMZx0Uz%<6KNN%O7PlP1)n6a$s{L_l_mk)%DU^kLsajo diff --git a/usr.sbin/httpd/icons/broken.png b/usr.sbin/httpd/icons/broken.png deleted file mode 100644 index e8fd150a339f8928e416ae7f2f631440060cd7fe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 305 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-1o~MgrNX0GRvj=$(DDW^l*l%*+5)P4F(7_|%@@@V~wx~em z$mKRXug>r;)0li|*}d7B#dFj*&#dj~m|ivKy8GWi_UYV_zaxC-@@R&gX-V#TcUM-X znLEWyCHN5Atg6q)!lN`jBehsZAsfWYa7fK8 o(M!(H)lmpeEhtINO-e0NFtoHZ^?C8-2+#%wPgg&ebxsLQ0MRjSH2?qr diff --git a/usr.sbin/httpd/icons/burst.gif b/usr.sbin/httpd/icons/burst.gif deleted file mode 100644 index fbdcf575f78a5ebbd3eeac5bbd9f963962ab664f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 235 zcmZ?wbhEHb6k!l!IK;s49|+DEpZWiPW*S3UTAH!3F#{MV{__jT$ShV!EGkg|Qki)Q zB^jv-1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXn zDYZz!(9+VBLGdRGBLf2ygAT}iknIf2aT>es{4+SUl4tW3o}3LYCJ5%-`ZlvqY)y_i zON{zvlk8Qc_r#nUUz;+oS7*8wAfNp1ThKa>J&QI6cbF|deBP(?&CiC}j@vi=I#{!y ctx@66$5l65-@mTg36FLd3o%#&030@6>Hq)$ diff --git a/usr.sbin/httpd/icons/burst.png b/usr.sbin/httpd/icons/burst.png deleted file mode 100644 index 2329898f2a4b89a0297f36374a18f81e2232d0b7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 314 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DWL$L5Z5#R|NlQ@JTr|UEiKL1 z*cd3hHr8YbkYY^oc6VX@k^k~IkW=F6;uunKtG9nQZ-W63YrG);0}mdCAh!kOj=uzM z{$Afy$h2jLRpj?SjQ>KIeHSq?Z#|F`{kn1P%-qt`Z%UrrSyXymX~paAmohJy)QT8= z7iwgz(mK!LfAEd(QmJQU?^Vm(bql`h7VYR>vQkX)ITzpGdmYbMn-xTs%0*6F0JJ}> z#5JPCIX^cyHLrvrBqOs}A+e}L0Z3)$DU@WSDio9^XnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2sTRBTd^F&3SUp#HU#9hWL3V*Bp^eh6>z=a~rmo~; z@m;PwF+98fv}{9yhQgnc16&t10u@Ug6@{;Ldlgz{Obt2`rF%DR+wn(!`wtpSjoH_A d@zm!TvfmF~E%;F4@aA{Bxj;^{Ha{nWH2?tDSDF9- diff --git a/usr.sbin/httpd/icons/c.png b/usr.sbin/httpd/icons/c.png deleted file mode 100644 index 41593b36b36dd8f23c15b81779af794ce72e0e2c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 285 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-1l&6bhNX4zCeHVETC~&w$HlAWR#%Qvs;pAKUV1IAt|G)Re z=@lq^zR=2}x^zjFeV6Oqj|L699w%~Vz5A!tu=vjItnQGni*GGboU-@WE3xZE4F4}( ziIo4bL}7w-?-c3AH|=+40&NK^ag8W(&d<$F%`0ID$;d2LNGvK*08*KG3MCn-3I(M} zIhn}{DfzjHnR$8&-l=6k36IkBjMQQsg=`Qn!yz@ZL@zl%S4SZ@wV)(5Hz~D9!O+su V)aS*QBS0G%JYD@<);T3K0RR+AY-<1j diff --git a/usr.sbin/httpd/icons/comp.blue.gif b/usr.sbin/httpd/icons/comp.blue.gif deleted file mode 100644 index f8d76a8c23f018497587e3f99b1ca6de51b3f31c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 251 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIWz6d|FpC;V`F26w3!SH42u8!LNYRo6%va| z6o6D_oCMz{sEjG@SutI|Fl`#I8I43{F+7+RH9?U^n~B&57a> z9SY`avJ)3cpWb!+X3wWT_Y&^C>j_NskYN&^eSY~d0}D@y<%x+OBE#9DLr=Z++8Ul6 x7HBJQ=EA9jH5MFGT$gJ@mp5m{0_#-#wxuc*35QMb=U457e-D7YXCOLU#$QD diff --git a/usr.sbin/httpd/icons/comp.blue.png b/usr.sbin/httpd/icons/comp.blue.png deleted file mode 100644 index 60ff156deb9e9379f5dd717fa5cb41a3136e096b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 313 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DTx4|5Z5#RL15<0nQ3SKr=_JC z8yhpE%>+u?yh>6BQjAI7?k?F!$q5QPryLhB97z&qVJtKVmQm4? zV@TtYlAi4}^AN`}!>}|B0f!j^hZ}shnQRbE&2(61$TEY~V8hI%jt&f6D|YU-_As1q zGJwU*afM9Av?KuzmQ~^gBAu(68Ur+sJX8ocbwG-Xm65@;M&szRTgD|oi^ED>BTAg} zb8}PkN*F>iGK&=wi%JxLRA!z+Nk*zdL1|J>X0k#`er{rBo}PktY8g<%qclAuwOB_X v8^p_SNX;zKOU}>LQ3y^gC`rvtN-a__w6rw!dGX~4&;|xiS3j3^P6Hl zGEx-^N|SOjlND0(a}zW3^c1{P%YYIdrRf=|#X1VvAYO(;YG#REa(=FkLU3w9NosCV zYLSAWrKKr@;!hSv1_nk39gr0u+ZmWMC3fBUXK*TF)m~Py1H0L0ZcY^U=uj|Uqn)@& z`t+`&H+w$)xtDP7U5{X*hYXYW?DNZyDNHgr!s_U-Hfnv#g)JxEX01=i4l~r{ICH)$ lVU2;d{qukWdt+~JZ}<_zu;TaoO4H0{QT5pN7)DM8YXGT7UX1_% diff --git a/usr.sbin/httpd/icons/comp.gray.png b/usr.sbin/httpd/icons/comp.gray.png deleted file mode 100644 index 01538f8f3162eee18d9a4d5487b22b3395daccfe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 304 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DWL$L5Z5#RL15<0nQ3SK8ygz~ zg=fECuntHuCV9KNu>Qz@c^t^e@^oogUn=@%A+ z&nljl9Jb=&`yHr$7s$*tXCKcR~zb9Y$pOIk&(AKaL*N775{M_8syb^|x zjLc$%#G(=fAeEV?P?C|VP*9qblbNiLlAoKHnWv}VomvKz@F-2sNG;Y;$OiE;98xn& o^pf*)brgbA3rbRRlTwQm3@t59eO`Py0y(5j?VVxWbZa?#}6Rb z^C4&mE(8ey7I`1M2JeEG;9*JiK{cogDnVhj&IhN#x!@!?SgZIT8pH*WAfQr!56}P? zAOQ@hO=)Venboj4_SAdly?75B%ShF$^D16p6ihnx&Uq)^!Jt?x>cx2xFCZgZJ=DW_ zhzF;Vnqq_|C9#;}U}{sET5N_bWHFyp6;;@N9LvZ#b)pWoE-9E4ry?rg_Jm@s!YM?- z_2>sN*-bmRKOwjwsVPQiQnHjB987IWQw!#tr5W>yb1);hAICBhaRU0vbxFabgE-Jf zI!yz}#c~?WZD}R_ASSzM2bs7qHzYO12+dAnk%NP&O=;MPteR=YeBi}sB=_T3Mgsdd z%-8tdmW)qmHpf@7+Sq7wJ@(F8V>|2!@rI@pL)%Sa4ik>0`8n`PG>cNN~PuHj#2TU&K?b$PjISFN2mlgUm*z2muv zKiQEemq|xslYK+k{%BxyxHmh}7Dc}w4}4S#{SXahUj#9ESDbc zOOHnflF24it!!Ke)S!Xtuzwj6iq1sMV&VMamBiM~1Dk->?y_AKLvKGkd3CL_zUO(} z{{Gh4ox9inc{4lTIae9-XIHj->p*v3PgZ}I-!Gd(0R3W>2Z59 z@wZv>Co5WRejm!z{yeqNojm@2_0WZ-{JG+hhh&B-mUxe ZEb;5(orN8>^?I=Ddd=ePr!Oz#=sza7#nJ!( diff --git a/usr.sbin/httpd/icons/compressed.png b/usr.sbin/httpd/icons/compressed.png deleted file mode 100644 index de7276dbc08d599e67cbac9e87ac4c6c3b3e0c8a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 315 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DbWC*5Z5#R|Nl2O1`;!8&P-!q zFg7*@$|S^}R|ZmyN#5=*Y>8<*YJr?0PZ!6Kid(Vg9Jv}41XwR{S~;|-8|28lz3$;t zXp%elTYlmD9wn36l{FI2gaf@AZ@FZ%`$}wSw(YAvw{!E9OBrV6p%oVzq+%S3eW!M< zoS|L8A-bYP>dPT^o0+rD*E~Ht=iu}iH~#FHROfSUXV|2!DSsHQzn040q7nQSXnRVo`|#kjl(cD9K1wC@4+J$xK#A$FVdQ&MBb@0M4;< AOaK4? diff --git a/usr.sbin/httpd/icons/continued.gif b/usr.sbin/httpd/icons/continued.gif deleted file mode 100644 index b0ffb7e0cc026c1e0c383a17044f5aabcf4b5d91..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 214 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIWsLS&DhwO0R|NR`GsU;7Aqtcl_&tI%shpX zj8uh!(xjZsWQCOc+{Da0Jq7R7GN6P8 zTBKlTX=%!!_>+Z^fq{`h2V@1vb_QloiCuU88JzN5z4yk{OJ&c!6gd(UCY?Un$r?Nn?=Lqvv3P#w6Kw&mW_iT|AE}uhs$W)G1T8U1# z;af%-tU!t}$=lt9^+*28<3Ns=r;B4q#jUl+Hu4@&;9)qZe}*Bk*&?Z_W1iBNX~N&) zRj2J?x_{^JH8BzID<7uGteta}Y0t4$tUJCfn$CLW_vG#U43W(5{8hB%wmPaq7nrlm6@kdl98%VP@0sJnXHhKpPQJOr>EeZ zS_YKxC{52uE!I)U2Jtc+QZq~RlJj$Q6oOL=N>X!^Qi~J}EiFxbUVJ$Mw1L6X)z4*} HQ$iB}OB7<- diff --git a/usr.sbin/httpd/icons/dir.gif b/usr.sbin/httpd/icons/dir.gif deleted file mode 100644 index 48264601ae0655bbb5b5539e54ab9c4c52c0ca96..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 225 zcmZ?wbhEHb6k!l!IK;s49|+FOJoEqm%rs*lV1NO|e|{kunZ*i;MI{PADl<=^BqLR! zpfo8bGg%=eKQ}QmPfx)+wG1fXQJS8STCAgx4dP`uq-K`rCFkerCyg@&WtvAFs%+oyn@vrAN+!2FgA&7LgdM$msG{jgj*VKw;b&W_&MNEp LeCV-eWUvMRho4eP diff --git a/usr.sbin/httpd/icons/dir.png b/usr.sbin/httpd/icons/dir.png deleted file mode 100644 index 6b97905067e6b9b10af40be23f8e9aca47cbd456..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 272 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#R|NlQTb7q<`5CFxT zZO^L$DaIskcNdoajGKW#j<2VSV@SoVuN0m5O_!5>WcW6F(#Pr0naYmPe zTtEmXM}v(bdk2$3fKj7ytIrA@Ef!Wa9vv@%1v!TfJjmf;Jm)8yXsnjg1)?7!-f9FajwC9S{Lh z>%g3ov1`u<0SU!(nu}i;Yy3QD%o~;&6sNIJ$7<(=jB`2*wc^*kKX!MUzH`b~=d*lv zms~enUYT?*-b7U^DmQd>f|AU>HTUzbRT)eKynygkW{*rDjP6lfL{kKE1 diff --git a/usr.sbin/httpd/icons/diskimg.png b/usr.sbin/httpd/icons/diskimg.png deleted file mode 100644 index 11f34e681bd5a1844eac7d033ed47abb97114a4a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 202 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DTx4|5Z40-4#=^v{Qv)d|Ni|m zXU=SBXfQT521*u$Z_ol#j7i?^F6?579j}3$1Wy;okcwNi=M1?T40u`}&Uvc%c3sEj z3)&^?`O5T^cJ9ku%qI9}dB1>DMz-ptFpqPR6MN1@9PhPz{#31aXNTSyr}~~k_s1$J x4wCYlzNFfI^S&*+B#!g#S>23JDjUOIu-vUOFb=Zs-37FZ!PC{xWt~$(69BpZN%{Z) diff --git a/usr.sbin/httpd/icons/down.gif b/usr.sbin/httpd/icons/down.gif deleted file mode 100644 index a354c871cd0b1871aea54b437a9fcd88608b6945..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 163 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ zvM@3*Ff!-Xz@*gEzw-23{>5`lI=eR?ORw&$xvkW+F!$q5ITU;VdF*zmu;!SP=`GxPs?Hnwl|JUnOWB_t&38C2~V z3Yq-YGVp41haGPGZ3omDR^l2_;+&tGo0?a`5R#EutdLk#q5z~a^At)lQWXkHlX5bX z6;kqZ6EpMl6ueW*fD#_1=^3fTIttk!UWP+zW{F;Mey)x}aB4wGYHm_$k%FP6rK!)0 SFGqkjFnGH9xvXXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2i59!|d^F&3SUp#HpXaXk2Sl>&JZ}wUn<}Oew2Ebh zy5WrhZnywi7`v{UmEc1RMWQW;i796*RD-1HnCY( abURyR&WU;9JD3;O#qV)F(-6+dU=09`UszZG diff --git a/usr.sbin/httpd/icons/dvi.png b/usr.sbin/httpd/icons/dvi.png deleted file mode 100644 index 19c417f227b9e86f0a483ac268a148ed3cd59c3c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 290 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-1yr+v}NX4zza~F9V6a<(rL@$&R7GOVcfN9n{`^irgvU)oI zR++RWm?r1XYK$1 diff --git a/usr.sbin/httpd/icons/f.gif b/usr.sbin/httpd/icons/f.gif deleted file mode 100644 index fbe353c28223f727deb5144a964b67aa52081e42..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 236 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2@fN%Gd^F&3SUp#HU#9hW!Rw()I|5y1O%gw{Qrk-4 za}Co**45@VTn>y2mrF4=IdgU;Y~koUdn&jyIjm;NN)0XFePuTmPrrRp@1UjePH&g! XquWjAXkF)P`eAc{t#G$ICxbNr*wRvL diff --git a/usr.sbin/httpd/icons/f.png b/usr.sbin/httpd/icons/f.png deleted file mode 100644 index c946f5b3165874522c62a888a08e931a2ccfc198..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 282 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-1xTlL_NX4zC=MM57P~c%cu;#%bmJUXTlt!{&!;W9esImIbK(y!FIqZ3$lUNHQ{FG1*!VZoy8mr$Uwr0+ z$41eg3?I{_I@XCfnENWsw3($we0 Smm@$M7(8A5T-G@yGywom3u*rV diff --git a/usr.sbin/httpd/icons/folder.gif b/usr.sbin/httpd/icons/folder.gif deleted file mode 100644 index 48264601ae0655bbb5b5539e54ab9c4c52c0ca96..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 225 zcmZ?wbhEHb6k!l!IK;s49|+FOJoEqm%rs*lV1NO|e|{kunZ*i;MI{PADl<=^BqLR! zpfo8bGg%=eKQ}QmPfx)+wG1fXQJS8STCAgx4dP`uq-K`rCFkerCyg@&WtvAFs%+oyn@vrAN+!2FgA&7LgdM$msG{jgj*VKw;b&W_&MNEp LeCV-eWUvMRho4eP diff --git a/usr.sbin/httpd/icons/folder.open.gif b/usr.sbin/httpd/icons/folder.open.gif deleted file mode 100644 index 30979cb52855157110d56344ce09ff29ad726585..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 242 zcmZ?wbhEHblx7fPIK;s49|+FOJoEqm?%lg*rWpeP0~jd&^9#wyELKP?Dp3GZnRyB& z8L0{drAaxN$qFg?xrv#1dJ5jDWk3m!()5hfVjYES5HG_aHM2x7IX_oNAvm?5BsDiF zwMfCx($bVc@h1x-0|OI-4#<3v?F`JR8oTcNGdShBI#=y=&2-5G4yn89^Q6URrb|x} zc)e?b^5WuCck>TOH!hekVIgPfp~Qt9URLv4mOfysiDC|%v8Jjt&35m)a4xxmqX+dL h7rU*#p8HYSdByGb-x-@{1*yNCydwGFlv>A_(~JC>i%fGbFeRAl7JSN_ ze>2P50^@uKkLcUZ$9I^g31vYo+O~PVI{5+CC>S|xv6<2 z3?Uhr#R`c?)Gf$x;BUPcGG$|)DSs^7qH!(9$Pr*C23@G7Inx2tbtfP<(;$=9b qW|rtB=jZAu1g931q~<227AY87TAKR2_;Lhj1B0ilpUXO@geCx6PjQd{ diff --git a/usr.sbin/httpd/icons/folder.png b/usr.sbin/httpd/icons/folder.png deleted file mode 100644 index 6b97905067e6b9b10af40be23f8e9aca47cbd456..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 272 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#R|NlQTb7q<`5CFxT zZO^L$DaIskcNdoajGKW#j<2VSV@SoVuN0m5O_!5>WcW6F(#Pr0naYmPe zTtEmXM}v(bdk2$3fKj7ytIrA@Ef!Wa9vv@%1v!TfJjmf;JmX0k#`er{rBo}PktY8g<%qclAuwOB_X8^p_SNX;zKOU}>LQ3y^g zC`rvtN-a__w6rv3Q2fcl$iTqNpaV3W0c1M^bDG7jJO2z$dEVUl?ms=DL1^Wsd7@M%Ug(28~s77{U`|*wVGy10zEuITRMgTe~DWM4fNjh1f diff --git a/usr.sbin/httpd/icons/forward.gif b/usr.sbin/httpd/icons/forward.gif deleted file mode 100644 index b2959b4c85c612f74f3ed207b3c8e09ce906fd70..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 219 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIWsLS&DhwO0R|NR`GsU;7Aqtcl_&tI%shpX zj8uh!(xjZsWQCOc+{Da0Jq7R7GN6P8 zTBKlTX=%!!_>+Z^fq{`h2V@1vb_QlYiCuU8wX}SU+2eAh_5B^k_ROg-0w+{X^b?$Q zKX`{e+d0=|9tjPPcd_Mu)Ml%7PAUBP*kHbKD+5<3&kBD{#@jg@+pgRzznQIiy36?2 IL4Jr&u&xxLv0rETyYUgS);|wSIr|N7TXZ+^Rys;!xv*$)%g4?o{?ItqmT{aWjLf}mgptt=jtc~rxui?<|d^UDHvK> Vn)as+4tgQu&X%Q~loCIDh7W^4ce diff --git a/usr.sbin/httpd/icons/generic.gif b/usr.sbin/httpd/icons/generic.gif deleted file mode 100644 index de60b2940f90cc3bef3e16e2d20b39aa00807327..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 221 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf20T#RVd^F&3SUp#HU#9hW!Rw()J9@9Pc4`>z_|O^T zk}LelhjUMZx0Uz%<6KNNmX9Z{SfkK*HucgE9k$hhnp--1%Xa$c7hcewUAg{5?%98; H3=Gx)qghVl diff --git a/usr.sbin/httpd/icons/generic.png b/usr.sbin/httpd/icons/generic.png deleted file mode 100644 index 0227cabb5ce99df7839ccd94bea389260541bee4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 260 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-%qo<2wNX4yW12$%6HU$F_7N*2Rmf#Bv2SwZr91kTd>*(y{ z?0Na<5mPD`m*&a?Gnzbn9CsP_PE}xd;lU=Zk-)%^>LRk6lgIS}(6F!)*N775{M_8s zyb^|xjLc$%#G(=fAeEV?P?C|VP*9qblbNiLlAoKHnWv}VomvKz@F-2sNG;Y;$OiE; s98xn&^pf*)brgbA3rbRRlTwQm3@t59eO`Py0vky)&eSX80_q%!jq zN-|Ov3QCi5GLscj@^ce2^Yj$FQ_Fx79;N9Ssl_@9*&tqqLuzJ;UUGh}jzVy1K}l+E zQfiTcp{1oMgW^vXMg|6E1|5+3Aln(3{XKT=`CK62xLURGi22&%H?LKSN;oNN&RD)A zj7{+T9dF5syeno$->jSG&*;OMYO`?t3LV4QtJ8%g=XgyGN!I7?Roi$yd81>RNCW@e KDqbH325SH#15FnI diff --git a/usr.sbin/httpd/icons/generic.red.png b/usr.sbin/httpd/icons/generic.red.png deleted file mode 100644 index be63249beb5be105a84eb123ff3e15b6f46bbe61..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 262 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DWL$L5Z5#R|Nl=*`#*DL8Uur| zu`y8C`ofi`K#DQR+ueorNB+y>K#qf_i(^Q|tz-i>W@a`80}&Rc#8j5xlMDw#+zcEK zB`jO9a;0XEq?8m_Di@dZVHZ}`i8Go?(xsdmwJ*F~7;u1r!Tp?gdc()_SAb@PmAFQf zIOpf)rskC}gk)qEDvky)&eSX80_q%!jq zN-|Ov3QCi5GLscj@^ce2^Yj$FQ_Fx79;N9Ssl_@9*&tqqLuzJ;UUGh}jzVy1K}l+E zQfiTcp{1oMgW^vXMg|5Z1|5+3Aln(3b0VTHIq;y*eT9 pbHuxO``>OATea-a%QUllYxjTS@>KR}wi0z>>0oj07UpEI1^}8@T=4(^ diff --git a/usr.sbin/httpd/icons/generic.sec.png b/usr.sbin/httpd/icons/generic.sec.png deleted file mode 100644 index 0bd3d96bdcd6c1f71503491294c48905ba27f41f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 279 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DbWC*5Z5#R|Nl2O1`;!8&P-!q zFg7*@$|S^}R|ZmyN#5=*Y>8<*YJnU-PZ!6Kid)GXyrLo{yu1kvO$w@xj_RSIEWw%# z2SZ#991kTdi;9Sl=$Scf8e6KCru6KCGrT-}RCgIW_p-9i?d|Pt>`U?RE-dtBwiIFz z{h=)LVAUlLpvhq+t`Q~9`MJ5Nc_j=X8JWcjiA5y}Kq@m&p(GL>)K7L=ssCZ!fB7+PAI`n>pZ1ZV?; Mr>mdKI;Vst02Q@Ye*gdg diff --git a/usr.sbin/httpd/icons/hand.right.gif b/usr.sbin/httpd/icons/hand.right.gif deleted file mode 100644 index 5cdbc7206da8856227e36b9d8f1fe5668e162607..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 217 zcmZ?wbhEHb6k!l!IK;s49|+FOJoEqm%rs*LB%t`uFC-(gSRt{fL;*-;<|&k9q$(7Y zCgo%%E2QM-CT8a8DR`%r0VO<2(=$?wbriBeybOob%o4ri{9GM{;M9VW)ZC=hA_YTB zOH&5LpDc_F3``6 z1P@2d%A8Z(d*Iop;+0_slQ(LVa73?qy!_*&UOA1|IbCl>b_(7P3tlzje1;bjgEav1 C5>Ye& diff --git a/usr.sbin/httpd/icons/hand.right.png b/usr.sbin/httpd/icons/hand.right.png deleted file mode 100644 index 93035c658ab61cbfc29e9afbd281a0266436f916..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 280 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0#0(_&>W54PQak}ZA+Bfs|Nnnx=FBu>pn&%Z zNgp7^nB?v5!Ys(+^9jg_@N{tuskoJ#aDeq+J%iAhg@z87%uN3Mmv39YFxq*sq*Jo< z<}l-yur_8_C-30KOHcikuNxS+_|AjMLJ9}7fN9&z9F?^ zrUV1SjAq%bGN%~s0PP4Xag8W(&d<$F%`0ID$;d2LNGvK*08*KG3MCn-3I(M}Ihn}{ zDfzjHnR$8&-l=6k36IkBjMQQsg=`Qn!yz@ZL@zl%S4SZ@wV)(5Hz~D9!O+su)aS*Q RBS0G%JYD@<);T3K0RYZoUZ4N~ diff --git a/usr.sbin/httpd/icons/hand.up.gif b/usr.sbin/httpd/icons/hand.up.gif deleted file mode 100644 index 85a5d683177b439d3bd52a5fbe4f4b88e6b36a51..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 223 zcmZ?wbhEHb6k!l!IK;s49|+FOJoEqm%rs*LB%t`uFC-(gSRt{fL;*-;<|&k9q$(7Y zCgo%%E2QM-CT8a8DR`%r0VO<2(=$?wbriBeybOob%o4ri{9GM{;M9VW)ZC=hA_YTB zOH&5LpDc_F3``6slVT^wp$^;wzNj zocQ$p=uWvS+vn$eP!`KQ9AC&Oq&a`zGo|*%R}=iZ3~#^S+W54PQak}ZA+Bfs|Nnnx=FBu>pn&%Z zNgp7^nB?v5!Ys(+^9jg_@N{tuskoJ#;K24L;nFLH4wJ(w{~J!;R_J?q)>h%uD;|ZP zrbfRQn2U2>UE$?9Gcj?ZgOQ1es7ISWuQtP``nIMM778Z|O!Y)o+%(aVS#jD-EJY?i zgO8a(^N6gx_}5iGfOdqHxJHyX=jZ08=9MsnWMmdABo>t@0IAG8g_4X^g@V$goXli} zl>FSp%sf2>@6ht2u Q5ugnWp00i_>zopr0N09MC;$Ke diff --git a/usr.sbin/httpd/icons/icon.sheet.gif b/usr.sbin/httpd/icons/icon.sheet.gif deleted file mode 100644 index ad1686e44808e4eea393f203c7d91538612eefe1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11977 zcmV;)E;i9eNk%w1Vc-D_0)zkn|NsC0%$fhpGyj>H|7K?YGc(Np|IEzH%$YO0yStg0 z|CyPYnPxMYW&ntYh-S?HW@gN0W@ctHnPvb0RaI3pGcy30%mA4)0A`s0W-|aYW&i*H z000000000000000A^uKOXlZjGVRCdJX>%ZHZXk4MWgu{MVr*$+AY^ZCVQFqIAWLO- zX>K4$b!TX0b1WchWp-(9Xh3CYbS`6WZ7d*DWpH$5ZDM6|ATc>PH2@*`1OWg51^_Go z0002s0Sp2F1^=KSj$~<`XsWJk>%MR-&vb3yc&_h!@BhG{a7Zi~kI1BQ$!t2G(5Q4u zt=2Z94c57Jbq!xrSezYad1i2Vl`geKT`f9=ebeIhcKwyc$G&!dYcqgkSA#%-MR_EJ zbY5(ce3FzZifTQ2m_Le|mzyY`jYOh`k2s}nVOo2vOmdj8t*~ISaDH2Wa&@$Wxw&et zaItv0vw_03Yrtj4nY6aX!MDTJx6W+Pz;VRQjk~p}!n}Ud+}`9@(X!gs(&;wmd!S3L z!_cGCXWWkSp0UcT1>ENDp1@Ou_~rBGgPB2j0ng~G#*l?WbG{62B1jJsMo_%=Ed+Sz zBSU8MDF2eYgHKg`4SU=Sq&9D1xIlGG`8y;2=ty2+-&Wr1sp| z+*p&)L!mrrx{P;qE30!7D_W(xwO&_&{k)0{yOM2Ii3Qo>JQ%8~Lbr5L*(ICO;i{?@ z_kvA3w_^)}KT4SJ(V0TC+XE?^m?+L z6!wPC#e7FIzNGl)+46zyJRL1}NZw1QuxEfe0q3 z;QxXQHt67k5Jo8BgcMe2;f4KGpy7rbZumrpAZqwwh#g{RA`B#!=tPPfeh9#eFveH` z02Qnlgof zW;df2035)|0XgbeB>-Q2Rc4k-Sc#*PY$D;NnsA;O;{?UP8mALmk_adjf)XmKm75k}C73-@+NhMQRIq`o ztHP+}tF*$JgqxRUS}U!63h5~nUsV^Zi(nR8sH@19ha#bhqM59%ksi5#qRPH7C;uzV z4jV0uxfYOZGEa1xB6kav8$q>~4WMoT=*kePm|BoYZKKo{s%We?POC+^<+jVhwW#vj zFTMbD`=Y?p_Ufs>d@K;A0})Wb@ErpHFaV|#Ox%K-JPNEa3LN9;F~J9Kpf3RYetZJJ zgC3kR!3MiL@DyA|q=d-{0FVI06hOsc zS~9_E=DTzWxMJ$9)`5z!CAdkL%x}aRZf#Kk7hjyG+DwaTEYgzD7D8nrR z%Xe@4V$6B_ZORB^r`d$r3q*i+cdxYVb;gE|5bE4uPo1=^fgjMF#q0B@7uW% zZVFv-=C5>-_`I(;?s(6xR{oUNL*ofK>T=tAx~VkU&AR6=vI4c!rIXBe;Us7J`w{g< zzxeF5lf5{`xm!=X(MUf(grMgd@4XO4o?Lp;qYGaA=E;)|qw~Wf5q-U-LeC+u%jKCd z(NQ|e{M1nMU;2m_HA$h*a3PZx0{!>DvdxcL3*b)ecE<(EQIL0F;@MFk01+KYm=qBOS;l2CKPYajusCb|WR(1beV-JQI)LKe30 zRT2D@6fWnx6B6N6>36Rj6;~lLf$U(+YfCvO5 z!X{ZRpP^2Ylth>%O@+x!@@tc2Tcmn4?J zdh?s$45v89NzQVb^PK2Rr#jck&UU)D6TRqDBI=rl7XMT)dAFlv~7g4Cg7 z(T++{I)qs^w4{d#g)Ig$(|3^ODD5bYX;gs?*W`3C;_0bR%K;X&B!!@d>CHfd!kKRf zHKZtU2|QR6!^t=`7)ZSiQDU-FZZOhVB*@8i_q1qD}C!6l~NeO5+|*FsL5x*x>t~*^{|KSC}S2QSeWcpqlmTa zM7B{3u|(FOYJtmN;p)-CF0QhZb&O9;yHS&@X0*ymOkU#>oU@X|t*n)(T%Gb+wyIS! zdS%Q*(JGhRp47OZWUXgaJBHpib*Hjr4QYk*Q=HVaHvg!oZd`~_+sP1hAHjkyVE-`F zt@_3@-OWZZHj)tORx32=^^SS_%2}wm7rTjAk4q1Vp8b{@u!c9x;SPKF!ypc^h(}D~jj?D*7&ljPuoRI*~1b`_& z`N=Xwq@A41s1O>t%K)}ctg;B^ddx4yI=1qTNky&&h-r*Y)>Nh9%w`!jKs6O5-;C3A zWh^f)&Utps$2xW4)EqE%xTAn_Wz-iBP~M#+<5~HxHA|u9WBf`Ygd1c zp0h0EBmo3)&-Z%81fMOT> zOEqSYl+m;RHS2g}s$O-gU7cjJi3w$slysb-?L}7T`rEqZGy!cmV{Qw3P{uYkvPr$> z+8J4Da_ZLw=H2QHFs_oTVjQFI4R1GYduH;(HMj@9>typ0)n$A(z|Wm-b&tA2R+8B3 z$W(40ZeZT@&VaoUX7N?KdEePKq?5JGK}-{z;IG1)r{6tTG&TI#52w(nwnPDQ9j)T| z#`py^zHxI4@#4~MHNO{l;~bH^4vxc`4XLY9Y`L@}Qb6l)Fup56TDKlruIc|P=< z)0@#f@AoBN)n^(b(RPDQI=Gh}NM@nBhkpii${}uKoK^jCH|+G*HO{!ak6Y&l;5)zk zPT)HDi0sJ%L!wjt1|+uSI=&Bw*m>xGy#aVt=4H$*y{X!urAYjPcMvThgC5e(h0D7L}B( z@oJyDm$yCn2VDO8*uOmQ4di>YO|bKAM-%AzzGLCb9@68tclj$FePmjP+8c4RP!2CoNwwBlen zFnjj5e9&`hN~SNF=YJ-6f_j#ML8xsrNP|iUXf+5E=i(}jS0f%Ga!FVZ4g*G7xFuZJ zG&&d{8F+uwCwW%Lgk|V-Rg!XPb7vx$b%2J3@{@&KIEPx;H*F{&q=ZV9bV_L zrL=fJkcWCGh~Hy5$N~j~h)RYC9{Tpcsmx zIEtiLil%sqsF;eXxQeXUivOL^*`2#qcEQOXgH-I$FpWgUh?RM6E`I)P_J6;`XjkGs%SvEd7Nc2iUp5;P@V zo6!wTb&z_%4$e12#bJ=y)fYBZRWQ*D{&-9CH4bAnkrY$xALUmS& z63HFGCPNHbEclt9pO$!0HlinrKN|`}ly)-#5Ti00qyDu432>u0dZQ6mC^Ob@>$W2y zN={ywCVOLR;}%6hN(wW&qyb>0(37K3ngC8(HdOX&n@C6_Cw88f zMp^oVuE79I8lz~sr1u!5Zi=HVw*k0!rATlofAelLGc;J3K4udKT3UEtdPPpNJYpJ1 zO{Z{X8V>=$0F2tGjGCql;5Rn^4lk=(A7OKNKs>SM|xOzrp z3WrD9s`m)1u{x`lQK?OOt4tcHr0|B2sHwOUgt#*SpK5cXDz1!kE{h{QXM(DKWO0WE zM6OB*(0Z*5AgxE?rW+umigK;=>Mm(BKUG+#xbrnT7O>!YD;*exLUOQbsIVmpVN<#- zsA`5|c!gyXulm|x)@rdbIULD(%N%ZXeQCo9GUAqhM^$b$angwL9@I*YMz3bi%+ zME`xbhe?nt6Y#4WptYZ}ojL%ZhiZfz^mZ`&v@8w<-F#eT#ykOSXxiri+@oXu7(pTey=ExN*3-TR6L0Vuu4Nh8J48F&hJX zYr2WxsK6V%X;U`ATfFn?y51#A4SNHNh_zAXv6+OtJPW;)B)xagiHTS?F9x>Li@nQ> zQx6-VuXKqAO1@uYzRAj->bt(|+rIAmzVI8r@;kruTfg>uzxbQK`n$jU+rR$%zyAOn zzydtL1YE!de832tzzV#;3d~qyrdisEQ0y3v+zXHYRKe+(!J?I$BQ;+d+!3EZjiq22 z*VvqPb-^P{k00{}?GhgRR7>b61(+4X!-)*^7@P@JcsLAI9SM<88JZWlJ07W8cO_Lp z9Kt^Q8fj@W8>t;hTwMcMlMM-yw~>$;5yhQ(6HRQ8Ch1is5s>;w#m)6oRg9TeHB~Xi zRfsUe54^<~wZx?9eoVoZhQL{-30{@iSd#EqedU;m$zObI$8%g$by>(;xl~i>$870W zK&e!6C72_z7R&XN@kIuOxfjj%$2#d+;Z?^|0m*gj$6?8vGg()I`Ic&Fm;Z1HoCU>| z^`*)bESF4)Rg3k>Gl3Pi99i}?%YYe}yoH;FT*~4I8J=0oEdk0N0moWF%qB(0UpdHN zSzM4A%A-{ft8B`E?92U>%l0VDza^B`yippZ%a}aLy?m6^T+V_y&EjlYANiPiEKs&7 zT}8Z`+{MaL0nfg9#;(c36M4^93DCm~8n=0y-M|xFT+o_{mA2d&5i!IHEf)-(6u?1~ z5&g^)J({T5&y!Hh0(s0AtzXVD!4O=HH$%fg2|XW7lsEj2?pRAZDjgUs!7PEamM~aq zgH$tZ!Q_~o3&y}e9n?ZS)I?p>Mt#&sozzOb)HKs#PM|+ftv~Tu0sr6Xp7oTp5+Wim zlw(J>pIJ))U>(+CJpltSw6XH7OZL6rv;kqwoPp9IVT7e!ZJ}Q+)^<(SWu0Vbjbwnb z)7}BrZr#)+vek0^Wg1$ic750ClGk$v0DBFg6|w=08rY$50ER{YXqUc!7$R|fyM}$( zy_(o#z1WORI*+|(Aj-19vZ$2(6t9PNu(|=bvm%~C*q#k(&yu*J-PZflwUV~iFIo>w z>ely)trlh3k0;#F`mGqqBAwmXN~YOAFaf&_*x`GGjt#U7YG!GQuCKt_we;Gru%_4g ztxbB;wN0U|TBt)n-PH}&`t#e`U2g2{N`t$x_dTP=E!>gn*Z-M--1J9ai(0$^VBY(! z!@gqGTpgyn3j^-`-URSAXFcEa-QX`U-16$EgT>mcJxkO(Ew7Dl6}#M%qqf_KM1NCc zx~tm|9@hM`Eql$ZM!=@z-K5g(N;Imv{_O%XrUj4ZyA2Vq25!Aj)hf^Zxupx_J@DWy z{^C0nCTBA9Rx(ra*ux3IQ?gc_#;+g9m)M7_HUA8N(1WXR$PJTsDj=M+D zq&8mTt9#(*s^9pHfpO-pXq%=(Zk^+MhEYxgY5v}8K1FRlxRK}x~j^iYbF;R;I za$CMlOMPhm>7YL0qVBRs5UERA<5nK4YHD$h+vSIG=|hw0NAQ7v4yI0<>$+a(ZFlHO zP9CN{*)oi;HIBN*UUxFS2+BSIvz`R6W2(1KhIRev)K0qD-Rt2l;EaCW%TeW$J>2+2&v;F8V-!` zP2Mw~y>N&nwky{#?7gL|(UpLHK@O6N)~@x84P zB8jDHiIe#C0pB3`4c?e*gD?ANYbl z_=I2hhJW~opZI}4jTBVEChWuu6~T{Bn;UG>5d4LG5FR^z%cSM_@yK72-@&2ZUk^;2 zi%|N_Ow#|A!>fNd&nU;BZ=9(=oiI#bub@+F?87GI#%UaoxnGd>cvLB@#Fsf&Pj#5V zMaba7`=FK38Y%p;`I$y_{IB`YegXVqJXEWR#wvZuz0Ab%92nlu$E+Ftk#NXRY5vbh zl{<;d26f5koL`R-|3u0DZmG$^DVCw+(f{;i6zts2AYg2UNN#6Yo+xRyqw2OZO^@*H zu5kM5axEzIiCDSR5jRsRhfduJ$U{<}R%ebmr8ckLS~K~(MP=fzu*(FZ+v%!!O|<=b z-*db!C7#jw*pi*xmYa_nA6y_Hp`TsP)L`M=BA{87lqy%UZ0YhP%$PD~(yVFoCeEBXck=A% z^C!@tLWdG9YV;^lG!>RIZORm*)2K_KN_9%L>eHl7ur|fG<15&K3b|&rSOEaqv}(^* zxOi4AT()lE#s$#UEZwzswGMfk*X~}68x9-@yMyqCyAl27m5cW;;J_3a(|xOWBIUZ0 zF++}g`6I({ne}d#IJj_x)T&bhIGva?WXq5L`uz-XblTb#aii5exwq5axkHM*-P!lV z9T65VZ@!@Q3fl+Y?jT*-c!BKN3mk~t`#0JN;>S;5EPeX%wcslV5b)r=@ZlcI>`pJ= zG~(sXnYTuKz8`hf#rGX&+y7}dL2DHxwjgW(OkiLE3o58!gLz5FphT9r_ud0&T}UBE zJIn>yhoOy<-+uhL_8&a~LYG#F1wx2mSPedCV2v4emg8c*aR?uDUxg^*Y!-r*+zR^b z7vyU?zIXzRN9qV+0SKbyoQatD^&pp3R*7YW063Qxm`+x}0Gep3Rc1y~*4LSs&1ETx zYf6r}B5Yp)u;-p^Vz=D|fnLyEoD0lZ2yc8AdZ-(IEudg@&n*hunQ1bh=%j7B2_B}M z%9$LBDfU+wi|+&orKij>+QwOc?s-6X9a?q>*%#!SXRN0?=5BR zu+<8CkzwhwTJ4R++RF@L_2TIys`85aP`2U?YVHNuYB2CvwjwMjygC}%>z*9$x*&ZG zGYMA2f*Ceqr#BYRF+_E)rrM}Y_V^;7&oYc2pARQ|fCUTh`$TOC>s&6noEZvVyNNk< zvk-|gOY|McawamBBhTw>k|{nHZM@aKOptj9M^J$UHD3*&yq+Rm^sMc22<(1i({O57 zBzr6*UQ9RrbjhJE`R~g9x~=i6gqc^eHhANG9*hg=)>C#Of zNcTf^N}aN_>Hiq5Z2NA5h5#Sx5ec2@d+kmjP|J?{12vyLh9 z$yaYGpQpQDbIsUKiz}oj@Cv$5sTQIBN8l$O8gaHeCR|aGVyo)s+SIj_{1gl z&<6g3TmSaHs6B#+kw{?_V-&qu#xAyiEK#Y*8poK%InuF?cDy4V^Qgx?^0AM8{39R( zDab(*vXF*6Bq9^3$VD=;k&b*MBqJ%wNm8a5RA+fy%c6C`auXV(jl8A!)8OGSqp)98xBy1(QgMuE&?go4(C0MkIg54r0u|}VhBwCv&}t@apxrF!KJ#IOg#Kco_Cjbd zEB^t}fR19K!7PSF4~h&+kdzDKv}P!%5ejj}fD^}b20PXO3Pfz98#0xGN}*xXG2pZl zm&gZCS8CFE@-wKY$mvgSSPfTf0;T|QDpG3-k1^rPW@)v^**9&)AY*ltQqyv8)Bir}kATl!b9niU;_-K!Vm7-0PRtqkyM+a))%E+ zEkIg}h+`U}}^@l7D4fj}73Lo5$+$i{Z%QjSUIN zB{t2FeY`^l`)PX~&To@V^JIB~LBBUfr9<*UM&a!4SQ~!C$Z*Gm7 z^ZemRfBDXS{xhKYN#Kvcanp~}7y&{pYEd(qGXY~+ski)SIy+j-R;IL=EloyGUpaHM zmbEr-t!MU$XVjt=50urZ=(hP6(KdbbtG(>$O{==nxQ?lV>(%U7Kl`B3=Jd*ZJ?d2V z$Zshjck0Ad*5(Y_P+bg zZgpFG;P9rCylXvcg9{tK+9q|l)l6(|JImjY1~{?>9&mK0TjS1dcfmgnau_;@(DwFT zzLzm<+ff|P{`UB)Ieu=8V;bGkrui3P^YBo&oNrGmHw$x}aad28=>HyO^^`{*a%vOY z-8qL1p`&i-o|F0K1Wvi8hu&$e%RJd#S2{cl9%(dI=*%AEH;jvo^l`_T?evQI+mqgQ zrqfv#{^~EXv92YH>pkl;pF6YLRCK`~T_delIMi-FnJE^riql~{5FHOSITtz0mFM#1 zfn51&{|?)4E2EItXn3%*xao;McuYy(dDDZC^&EaZ>|-zc+0(xEw!b~@bFcf|^S<}K z|2^=7FZ|&Xzxc*KKJt^V{N*#h`Oben^rJ8R=~KV@*1taXv)_A=K9iz>b!Ksni8N_y zPyGH{rtHjL&Lc!NukVZ}G-v3`i`t@`?0jxv^FQ48^B=pDtN*M1C078}T^is6LtxZb zsS#RT6lguvMxmYp>Hw%iAOkJ9UIb$Rkd|lpm0LNLZ&B4Q)==Tp5?Y}V3IZA?p-G+L7RD7N zJRuXFl^N>Q5w2nV9Tq{&;aRbtIq~6QX_OS=As3cmBD|Gp8N(pHVROY{B>-YqIpR-2 zVlOOWAmrc=9-wR?U}#z3Ygtt%ves?wlQ!(2I#5cHW0^vSn;A`pDLE%C(tRm4M zB4(YSDOQ(dIg=s$6)o~0b$uT&E|+o%AXc#z{Mp|)pwlv@#Gy!+c4e3U`BpT>mM}U* zo9LpD*#ZHEp!R(uIEJG*jw3miqdA@?$oO$dhMW0olZ z1fXO_X4g<+L$|bKnz@*f6(w{nkN?kq=ecSX3t3(E(*pUgS$=R!qjC zOUlVp9$r?~!^e$YRpt+`YybkRKw(5#)p?j)o{yDrr3858SDsc)9@O;6iR9rN;&qV{Q^+=69OKXx(kKrX|W~PY^rdKkndfQtTMr;Zs zk3q?)*`{o60ByF~UfPy$vJbVLMcUY$=e6FPZD;8b=K{6mVK~}!VhfXa+toFkfkmg< zsbqCZWrDOM zj7fPm6nLHh&czFvego#}DxbiKZTYo)Otu zXoZqbh92jCrd@&>4|GBbU3TMwT4#?{fJ+k5hL-4za_5nLXOfbckhWw?-e^hoC}&iF z0^HA&dFXvI<-L5^qX?;$5-5@$W_~WIl8Wg9B~Xi=5Z^UiVhm_{y5~lqXt;D~dyZ+0 z!suF3sF})Uhwf+Iv8kKBDT#3eV-yBl)~TK5sf>E(qR!h~z8RL{%$l0ozD25Y5vqSV zsi1})qvENFiejg7D5UynpWW~;VtE4Oy5 zw|*{8lNa`1Fz!PpM4~vjLqN=l`$cRrPS!5Eq8##~L7n2pE}##R z;HsEHVriB;g%rqs6cmVG6$S$aN+SwhpaiCD3|807x}Yl#mdduG3u<7@!sO42EX)!u zGOC{@EMZjTqA${H$1)fNdF|4&;%srk z7_wB-R+QETVjcG2R)K9e4dT;QZ6k2)N_{OXN<$<#);6_mGWKm%;np7lE;b2n781$d zLha$I6=12YiYT@$UL-a0{Agn_3QsDExVlQ%Ua5---^e#%IAI3T(NnFeLN$fQi*GcT^rA}k= zzAyZGQE$cKF={M}(f_Zz_OJi`F8~Ly01q$$7q9^zaP__8d|`$0Deyd!#R69aRJ>U~ z`ecE@;~m+jP23{}tI(5GFrWGt2v??q$wonnutavmWn_o2j!+Z2elk7Q>kk|1b&QF_P%@+3>(-Z$1x?IjNjvXBCg=ER)faOd1R4axMd>ZhrA%s7f#&h=777 z0Bt}R1F|bCvuj#0HLG(7GnqRp=UA#rI+N8MMa!t@P_htbb3b>r3Cv1R^9>Lgbt02AV!yOvt6Y}Jbd)wUTzBb%7B(C| zHkCESU?`d;=QbuQ>0f`flgzVo$O>e)(T5FnLQ~H%vs`1hP<<{pB+n`AkajBHGgRC* z58QHog0@#jhhT5%Q7%BZgtv5iaF2y`Ry+6n*w0!6-EfmY45hXx_ysS^3VM5RT`Q!5 zaR209=eC!5+hue`g*Yi;$To+58-YJ6Yv<#{wYLEjYD>CyYj0|G+j1rEcA0j!TUV-O zL%14CI0=_(gdezFf;bYdaA$|nRK)3|hWL1^>07gSeVDx1=>ChF56IVpqcog%Q5PdSxWxs_izmS?$^Z#kEDxtD)A zn1{KTk2#r_xtX6iny0y%uQ{8yxtqUv{GM;7)uO)g7Qqsu!`|ySG^{VKFCXNq!cLNj z3_AOQVf(5?_tDecR>S!Upc^VWB>@x*qT*-i0m)+Q$7%u6E|pu|EIWN{(So}B-v5H} z?rf!xY|kFz3|5u`in=0p?O~Bss8^sR?QH9+dJXb}=dNuVHr3=#E$qhCAN&E{_5l;l zBCH#G>2|N>3L(~(ZT$iTD=hEv`XT3jIu{_~A?EGs0{i5$l@N*`Uv00p*A%ipqOZ^H z72@FdZf+)S5-2G9BrdzIUoEe{6jNcYwxl_#%ERpZLXQ2)|54U!y=YUVT4V7GGjSB-7`Ncp z+ylS`kUc`cN=pt3Vch-M^HJKXJ?pT&dYkdvv$b~!emw*V-9L=o-#r|~inkyPtYpC7 z>k)Mva^1ZJ;oHv~&(X^1$s+F=w=n+WLk#4jlio`{D#^U_kQX-%fTGX>aYF+xV|hg#!}NYLw{REbL#EqT{V*t#5}(5Uq82CwV?Dp z@$3BoWB`LFk^r$;Uq|UxK0l03aOa~L`fJnN_rCRGf1vyp-*-RjhyP0k*9PmrvNA*xy%}x zhXb_hy?DKgOy;IdtJmzddsLVlU!swF={m}M3*=o})bpoAv@v%GfHs)ZB=sZ(MTNDf z!WGsf76x^8Hc9yj8hQsuT1qOqk_S`N=ZDG?=<}*lSahg3yEU~76XkoAt9$u{*>zTi z8?3wxYU*6NtoqW^8sixpTg2?L=W~0F+GO=e{tFH&o;g;0aNNlZAOBbPY&sD=*YgdZ z9f*&JDA_AZA6abPrkK~^S%LU|M`=AbtrqsEMI?)3cwI7i^Xe*S_<1L;Z` z!79BBMw+;gn7U17YQnULGiQl9a^~=acT!)-n>uHmL@6>Hq+U#`5FNAu6EQLiAWAHX zHS5keheUYXmd}Wur&>Q91({T7l_)I9k%cPtK-FUq-$aX6g%|o3ror)DT{k| b@W92JKaW1W`t|JFyMGTqzWn*9LI40ePu4mb diff --git a/usr.sbin/httpd/icons/icon.sheet.png b/usr.sbin/httpd/icons/icon.sheet.png deleted file mode 100644 index b875cb6b1c15e5a9cce993b50a1f47ce08852f45..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8898 zcmaKS2Qb{<*S9RItZ31@Nc2t+J)(su5f(w%M0C~?y=Dm_goq%Bl86#zZKCW7*6Put zx5XlfL|tWBbzi^#%=`SFndf=mJ9oZk&gY)_-kEdnIcLr}H|d_a5d(+^L_tBpV0=ga zJ_W@kJOu^dGA-o=!t*4p|JkE?|mFccFa$kjHn8 z^mzf0@lO;KLKMdOy4Inyn-3XWKB;`Y9_%Kn);zqL$LwBnv0tRnYY&CU@^3xJ_m%If zT3k$If<~^$*H%;r)5Z!7QT#pUr2M-B%+Y~dd8C{r{kpU+^T4)AYNGp|?Xq@2c7#S@ zW-P4MQMWgFMXpPadXlO@BU&OL=TqfoO>l@6KJ$(gKrZlu_?NF|UyFX0H{F@?Yy+V+ z?3YpBIf!2D_WU=7uMIq9x8!JIU#V(nop$})U4Bg_s9Z8h3LNIgZYye5m6-QyjoO4p zn@_D2lzwycNs8)ksA-4eb2Y?InxPOW<8KS+qYwk2E&ulj47+VfSTQOS>Y!}75Hbi( zG{7qBjNWqtgnGF02=Aufeq%VZokcj%zXXlCE8LYW1F-$&Zlswvoh{Qd_O?`WFMu>!lOtX3i{Hir$;CM;Z?uT*Ujix456g3SAt*e!&Q{aq||26H3z4yF{za+24Z4{$fh)HX$jV~Sjgac}Snox5EWQy^)9OAg9+gniB zMi#+|uu_r`j9hrt)*fOj@@OLoOTBd#(1^#qIMz=l=|ePaWkx=xbD-HPJX`NUnQzMb zLz%gL8%A0O#{*CAe2LSfU)Ua7xDkF0+2yp>@jEaY;0DyXeZ>%16P~{!ljb z1S-v!W4e={in{TE#=Pk(bHbwvFQPJCWSDR3Y-Nl!zK)tVAhXm%)7I>L;jkzH7I|+< zm|$d!Ed@b|o1jozcw#@K7@Oa`q?2)nC?8~p_N{R81tgvt20eo7XlviTlqZSKIK)kyv8VeI9p%j5$4*VrSs=6fhf>iVc_?9Ecmdk6tpF9TSNBi z`1}xt^TB+r$GemAZJKvmdWBE;{n?{}s@iBA4J=mO>!O*SSwLEt?STRuOIEaw`KI%0 zw&nOoGTL1{eC*mu=(Er?r??P~UJ1hA^Yo!djb6Fxl=~`^y0~Yxbdin-&9uv@%LOb0 z?7GZU|Ic}<&L!i!PrtUBnYP}$Cbj+(EX!jXQ_8&Dx2#aRn|z4d7krm!`+uS3@OY?Fv=2M)D*DP$Y?C$myQjPV=b5rNp=%4(B?Ti#{4Dca$} zF7yUZx~dhEkmw{D;)4kGwJ&}*6n=}T2;~*TzjO@$sTm?V=q3I6mH?nrPqfs@!0<6s zu$c%4gb6o5zMP`*&FT@(v3#_ka;H?0VwpogZTO+_UO2gD?}3KFmLw9PYmN8Gy^Z!l zzUg+7MfRP@2_vOL?`gjWid8|vB3rESfoNU)`-nR1T?wu!{O6dz4cD9+IJ)=BC9e(F zv?ZWBX6T7(X6s5W&Yr^E6Ns{|EjVNHcYlVVv8r0%og%7;of}`p5S7EJqJ72|f0nv) ztY=?H4F`V}+hX04ZJmC!qeiBM1-V5UQv7SYLV(m=LCs?KWr-G^!X+Ja2u|tXNS<^? z<2yW?dSI$4YD-hph;b}ABYP3FE;ASBm}g1Xj^)iLS+>f(>dYJ|U`&npt`hRl!nylN zTT9kA%!6<1hYodzjq3+#OZ-|tJ!7_Cv9L9C@~b98=M+8-B>a|?8@&6%cSmqzz!%C9 zpBPnP=3j4HJfdXj6#e4V1I%cW-Seu+ATJ=ZA!X~7e&_8Bv*gWVEqrZaWH5l2Z7bwf zP1hAw)s?z|(A^c0BKD&$QKX3N{L$&chZ!(Fm;sS!%!4Y+7#=o@VFqY5XyQB3&&l((g-CHdL5ftLT%sJQl%ff4t8t^IIO6)+k3WZ1Fy+CliFzu{tsJBcD! zyWmOMoF;bE^S@o{{~MbAD@F-vJ|kZ$SpKCmKn_p(=pviAxRr03OVOR72H@G~ukiBJ zt0q!UHBRdLtbR9tlew6APZM(uphS?BewuA?g(f5(g-_-*BLw&rCn+yTtEP|FRE|S^ zgjUwvirIf$bLGo1O?loY!z$>L#w@3c{R}I}JK+=2sjR;EXHMF{iM$>!U^8o)hRpoSh(C(U~bpY^ANfa3Dw2|rHE2fWGLQ|XGel>#=sUFJ0N*KAuVy$7yQ*$)%Aj)T0+LdG~^UWMd zQhL+7uR!PKI-4$T%xI0_B~EmveWnY&m0!#IN{|A7i%(BB$H%`j;Gb9D6?zn5<&6sY zl$_!W7!UztuTA*5+@tNogL2ljzMHi1ss{FS9<@`K5b94=6)XKl_Go zrfja3NK_%+DT}-Muj|%iaGx7rO~E84epJigbPh6K?9dx|-+;?Zc$RnzjO;p; z2c@Jvh~|ZaS*#CVYPjAMxx-USgIAz!k_jm{!z7N7Xn%`FImC|yid=kUJ_jEy$2Wow zmn%n4-W{RtSA?zGq=h`na7=?Cnhl~B@waUNd7v4eyx`W(=ft=cTzYv_^sZmmlfB7i zvsSV5q6|IA_#pv>x@75&FP4fqW(%f`G-e-RJcy;0ZdtTEXDG@;Ii*_F4NBeKXO|F# zrJ_)~?2&ACyPv=9uejPcH{0O*#R))m^j0Q#k-`qO4@ErY_?rVDyRq0sXOJir>EA`| zsKe#_k(}1}p^<=H2KdgxnFPD$k3$5+*w*8_+9;J(CGDT9-prx*NB|J-dykPjEIld? z(xf^tg+IHjRdBEEvG=3L9B{M&6@2>)vR#C&F4Y}5<)s>vi5vUkDjh#BHC^r}Md;kV z#7Yui4Wa=e5*mfc)NKKW)dGR z`&i{KrU^^U=UVZr3etqh?BLvvuBpQ=ZMUiqHBxI3iKJ!a1bzM_N-2^I89)_XfI-U% z0A-&y|GI^6>oN~ISvIi1j5R+DeYgF=blc{c=BguMCVz@^_|R?t9NB8Qv|>}B9`Ib` zf7+STu-Ainf@(s3pASo-rgwRaqZMnVbNuwX9DmCyygU}=9rqNx z`$nQx2P!gn{Kb5`N4Ib!(Mv%?@z6F$aoD(6`RXJ=EJZhCb6h_SUX_(ZfjXZ|D>qMEz`4>6^qA0@$eQ5-HE5ry z`iX0jGEC&8ME2D8q$LQU$yYo(yNtLTeqZ1JSEZ<&?bEZu)r!mr*Uk*kd zEh)Trd!*n+zC$FMD+!?FW&zNtYFe1JcR10SWsTB29VVyH08*0|?%8<$dp5D8+o3AZ zZ{A$X3HfOj>pG!W6%*f5ZO9P%5#I)7C|PUi93+XmoR_^gyrv_*SsnsL*R=7JdcxaG z-2rhRcfdA+!1~hSi7kAEZ@m&CKh}tS*WQTLkdpR$mNRsl6~%c8c(9R{ZDZ*Ubjc~8 zy)2>0!eujEpIsybHKsRfZZ7isaJ{DPm6B}0Y} zKsXLUKT|nFJ-a`b>TR2;wgOOsJF|>@-vppz;++aq1xkNR1>XS(Xc61dS1nrBB-k&X zP)Ne(jK9U3L2xnhN0ue;KM={kn|j;m?IPBQfNKTeS1P%-y)capdiX_tK%9T#+N+4& z5G-)(hT+r9;BrQw3}NFW+MZt7`q@JO$ep-WPWv$k@#8a^s(Lz^sOV zICQmsLVrm#LkzvQYM??TFrh^l$L=%db^aDWo}44|(4%V>QQ}`jY~$8bm#fUAa=WKwH7!_+fF_HzpN!*qxxr z4MM{EtHoFiTbM(~U`PdC+re+rD06htxuwlQBdrq8nA2_daaasigWS>jK;kW2>^#o=d1c*}XK!@lS_dPo-+&!aIc4(nZD;=`%^ImF zE^MGw^+V*!|JQdcv-Asgj|q+^A4od4<$Jpp)bfYq6*>(>w+Q%Ynh0pzGo0r$@KpK@ z+mn$wSWR+-J2{}8gVHPTOZ4Ujg{_);vSb}?q#IZq%bDjExl`je+hL>F4nIQcz2(D zhxnyrM-e`z`r`P9m1X0sSLr^w`jXg*bW)jTBbF6fKU0F^`#PTJxAA5g$l*`#h?@w4 zkD)_YZk}9osA>QfEC~bBYS=*1wF)n#(7T|GYKYcWl$70r6XPlqi7I@e&Pz0FYo~Im z0KsmLRces|v*zgE%ni4!7M;}JGZfYSzM3`c3Ks&8o|4vHxK7|d+@%K``mlyP zi=PWT#>}14xb$fOI{fDWhY5V7(0Xi^SxYfCm7z@r_dAMtx>>CZzWTQ|;-vtUiqAkk zRYJ>YI6P5~62;{4a_%`lqUNTp81Ab4Rs`w21drgh5Wzi}ckS2eMPhUr3wZAL-18-4`AGP#Et05WOdq*u1#t(WKq%7Ob;6<+44%*VAiJ_G_7#)* z$8-xa4$>nr`=CvCrS&0z991#*>0Lm|2f43XS;=DyDuJpb@z< z^qq)hof1L%HK$s{<-b{nUxO-jad+SS|I`GS7ikoa8au}<_`!y~dVhzhvUYzh(Y#+z zT3>tW`rA#gNI#%D*KTc`$MRO69_^Q1F-m=O0UDugq5i5n9<9i;#sCf9xt#9H)b`}T z^>T)yUBIX)*fnx+qD*Co*ck-N(BK?mKYMJ9xF*J}dP&=1jrnt*xE1u%tx2a`-ZYhf z579cw$-kvmKpd)jf*Q9WEKS(h2LjpwC10QNM`e9kbruK_9%W(IoV*%sXw>jZ>d0Gu zYQfzbnD#ROuC(52GA{jf^J+QYvr0viA%5HF7lr;~Fn>hnQOA|333qAdF>Sp@j+JeW zXy=ccvv7mRfc{1)qs)17>{}u_{vYn&YRS%~zaf(@0L!gKMMt5{)K;fgI;{7aq)yVL zs>fQBvY(IX$)gP}1FV*uSI&L{W;Pj0gKyln2>SFZg5*8=AB78 zFXbFMwBh3D!32oC8_YZ`6^qDN(G)(SI18L@ZOmN2V2lYsd}fwnZ?c zgCW@&q5#_Xj6c7VL_5Oo`8*E2jIZd>T6*-NrDyk!LiBEZ zC(4o!6Pl|LjQiaqCLRJY*>#lme*BXovA_*GMMA1IjCBu;I{bc`Ta@_cAYQi(#>J(Sl`@|vzXvIg#37Zet z=|&PCT&fAX^WssF3cSbMt^z4Ze}F^3EI7X}E?+)00pmkIi=pe`8R2?-7-3P-wQ`)bR;uc=`Y6j3w1MT4$qqrCZH5u z?E52i*I_`)?x!;uz8HnPJHA;IdLjy}B3v%Zw)}T241lK(H zxwp~EMYVOPGe6b$VSJP5pM+xeG_p)NMBa#w8h6){#oW6ZfNAt zk8Q3`-<;_oJ=1zk11Ecgsm_e}eX%?~FPoSWM}B7G;TDyqpQ&d(y43XU5J2A9H4>BG zK-tl-#xAV)UMCdEVJ?O9D1P?}_jK4-oSN=x?Z10VU(+$K{Q97Rw{wxv40p5ByB_|UEL`PuQn7mL)7R&B8}Ic;vBv0AlZc$%>wmLt2s?N46>?Y z_2}lPpoUQ)9B5Cu;*}OkwlO*6=gVgR-m*X6bVL}Ulg*s5mW%lpoM$-P^5mn-KUT15 zu3#pP|Fj*=`9K$cpdx`T!k$};aZJ}yH&JE9C<}8S1a9=1SOv}p9!Imn{j?6)(MPsc zb7-$0;u3iu8T>bS_`CQ8RS%|2PUxiVor|&JVtF5B{D&owF1bWnM~6nw0dbLoBMwzi;cwUK^BdWm@aR-pwii)< zv5pScnXDYiD5YG!@~?0DA2!vAiaUSrbVKcdM&to|e<|d#&uyf(--EYRJF8CAd#=MH z8Kewr&KOMxNlIf@lT#80`d;Cxfn>7Go?LZz)^0;XYFj|_pJYz5-Ch@OBT}UBK+eSc zj-(mTU$D_N%0`Qyf3=%MZqK%H{fmKybk=W=0*8W?>CazKv#)*TEaX>zyLV?TW;{vs zynV$>YKsq5H_RQfaTLD6uob=`-Ri1lzx+5-x$b;#=M9VP+=$~n$h?a+-T)d_SkJ$D zbH94p8&^GjpXbSk;g|FULVK9dkF!otqo=xXL81g_D4c%(s12v6V0+Y$8=O{bfL7t9 z7rRbHoHdigJWdT(gW&5W4M-;P-6`5OU{axP~na)Gh8w=7a#X?2H)i(*dwUW3==Q4!ZlKDJS9JXP8 zIht-*e{tp!;nGG3B)*ZQO?#jm_WH0x2-%FmIKkqh8vCeJB1GH6%(G-{GqRl*T`5Cu zt;*X1FPaiGVSXewnVPAo{$GrTHX^ed5gz-dd_xR+1t*dl2YC%)M-1#fxa+lZkf!{P zm3{Zxjh(FV4be3<9P#zoP=tC$((L#89tQUwydx-Lw;a^X-w3GXMP4RG^Z*%mRgl>1 zse|=sRS@5?@Arv!l5y@IudC#){#IAd=AlYuk2Hv)IDt%w6Xu0suTgDO&{?P8<6xk4 z5fh~KeLQha7^!A^lz>NLdmG1vkwId+BWJg$gJb}SyfLPD6?{nsN(Per!N{@I43L(p ziOjbEd}lBh9%hO+D5ph_c z+!s2{s>Q6Cq3HBqRrrzrNHo(;O8A8TU~zX-FdaEF(@W0#B^hqlx-&BbZd*}e%)l1Q zEDRZ1=C@}VWv&e17Ns9WLD?CdOLq>|Q6G+(E-J<{3#sfl)vG9y8|7^)B_)z*=r(2O zU2Xpc6UD*cf=Ul(pp-*%z7*POdN=s0rjky{u=`JejbBsBkHb3z^K+O4xBUTyKl*FZ zd{4Nh|0&^yWziih3&a<9pUm%?{x6aAzb>wO=StcBC;J0BafR&}827X$#h;TEi{xsH zS3$24*CTk7eV3rjhn3(YtO$*kl$;WvhRIk!UqX=CBL}TJ{7$h$L3y!2Ei)7U zs|-cwtDm!`Uw#=swSR2X^vR^>m6OR@nen=d`-!1qQ|T*&bUQ(Mz6U+pi2n37VQ07FUfaa}lcR4SM1>lh)6mBCVH~hvwNDQfE%T(m zs={zHs|+MuTyZ>7xqO|q*2nnn+2g(bhXN0&40am9Om@D$e^4{@c=w2~-Z5wsz z3EggK&9O8nF^rMeS@{M#<@(L-+r_&8#6NEVey+NIb8BNCI-JHY|1h2!K zG4njQ^TV+^-GfVL+==N2jMyMruO1AsTB-zL+6$6&$DNkX9m44D{;1DJpV^R4!&0wc z_5sc{A+SZFVegy>FXyyMeFUHBlOHOBW4Gw~i#FvgP=LaZ&*khPca{v->5plN+_jsq zc@IkAV(bc-LzV!`B-U!jW3%ZfDuO9>qn_VxPlSU4xNUGBnoq)vVDOA6~<|0A7?TC0*i8J zrbB4JhhgbK+w&Zh@==BOhaOhboFU9A+5_!daXN{B^HXjZ;G+MrV!-jSrZ#qyK*#q9 zTzf+pCcbEn|HjB334%MsXJB7rR@uNXk3(FxjV z&Bdw$r@>3Q3-J~&PFl3TxfAceJu=To6a0f9mn#1kqM=;0~^3wrG1=_2&R&-alhR95J&Yw*RwogjA)*Qe4# w-v4kOw_H5~WnKJyrG>0qVS%o`k6ib%7 diff --git a/usr.sbin/httpd/icons/image1.gif b/usr.sbin/httpd/icons/image1.gif deleted file mode 100644 index 01e442bfa92332ec1c6f6a3a1310a41da8be5cb4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 274 zcmZ?wbhEHb6k!l!c+9}?9|+DE|4&Oh1EkNKnF$1G493RB3^;(|KfjQS%wmPaq7nrl zm6@kdl98%VP@0sJnXHhKpPQJOr>EeZS_YKxC{52uE!I)U2Jtc+QZq~RlJj$Q6oOL= zN>X!^Qi~J}EiFwM6o0ZXGB7YR=zwelxr%`$x8Q`Q<}TB46{|}Ro;FH4vD|TwVqCRu z(oHG-o-GnG^BH|*TNeaW6tnVAVoo@j5?96H;J7r$On>@QlgzzoTd%A$K6Qt0Rl^Fa tT+{HAkBVmGwl?ql^5gHGE#Ge!M>NIeRkegTICnX-n>O`N&=O>@1_0HcVjBPe diff --git a/usr.sbin/httpd/icons/image1.png b/usr.sbin/httpd/icons/image1.png deleted file mode 100644 index c1374fde333a1ea462d2edb9fac7c8eecaf9711a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 307 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{Dd_;85Z5#R|NlQ@{68%XM4ve` z6A026jE#+f^8L>jwgV}~ByV>Yj<$PKtALyoPZ!6Kid)GE4Gn#48qJN)p3LWRnvA1W z9-MLGoDs$6ZfFs_fq7ks0kg-nHYUf#F4-2$&KnH{N;*v456qA~R*+`gl*yB5#?07~ znaIOtpjLO0Z^6oA1&0;Rdi zGK&=wi%JxLRA!z+Nk*zdL1|J>X0k#`er{rBo}PktY8g<%qclAuwOB_X8^p_SNX;zK nOU}>LQ3y^gC`rvtN-a__w6rw!dGX~4&;|xiS3j3^P6AFlZ-6WvSM=7VP{@&>xS8Bwhc1-A7qQa*6llSbi$3t0`pjwvYB~D2%9p5teUK9 z!JHj-nw2N%{)ee19sAhWn7?J+(8*}hLs;X|rU4J$iGeWf`wdw5G*d!uZZa9_W^ ocG{GwRjPF}8>Y#Xb1hynfA)0M4)%aGYyBN0JvVI*5@fIj0DN?8ZvX%Q diff --git a/usr.sbin/httpd/icons/image2.png b/usr.sbin/httpd/icons/image2.png deleted file mode 100644 index 606d4fb87e58bdb5db8af12d5cafa4827c431540..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 355 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DU|@95Z5#R|Nl2O1`=n^oS8Xu zW*QJMFc=#fGt4~0Fw>a97|3I2EqLq*q!^RD-CelluOB%8do4%+U{1`*LO=iJ~AapHTPC@S~GuWUk|h9cV6asQ;#2atq8p&cHr~emks&x zC-m>MJ6W~XDSb5fY%{q&DAqJF!@KCxl372Qw{_b-&$X4w1Uf6M#5JPCIX^cyHLrvr zBqOs}A+e}L0Z3)$DU@WSDio9^3he!($l^D4LHYfmjv4i)2j@WJuw z(xQEj48%`M?cSeKc2$dA;a$a_s7`|)|JgXI)5;nenzd@X8XG%`OT79!SOcd{3$T;) Lm^~+0kii-Nb17t& diff --git a/usr.sbin/httpd/icons/image3.png b/usr.sbin/httpd/icons/image3.png deleted file mode 100644 index 701fb1e1359e4fbd3f0d4c1428c1e9f809a5447d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 323 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DY*cj5Z5#R|Nl2O1`;!8&P-!q zFg7-3n0ba_rZIytkjJp;v=K-pW0JSK3+Kn1OWy!Fg`O^sAr-fhIar$+*c3Q|n3zIC zS%Nhg4u-HA$Hv6OOm#Tq=+)QMG-=|*i3ZQk%rrjeqflVBttBfssL8-Fj776?=EJ8? zpL(28(h%lYut|1NzF}4EmAPFv^4d3@#P561_n=8KbLh* G2~7Z9eQS;Y diff --git a/usr.sbin/httpd/icons/index.gif b/usr.sbin/httpd/icons/index.gif deleted file mode 100644 index 162478fb3a7f690884b1527488a27a9d34ab497b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 268 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIWz6de`8}~1{hHM=NFQZS*(y)RH6W+GV>Hl zGEx-^N|SOjlND0(a}zW3^c1{P%YYIdrRf=|#X1VvAYO(;YG#REa(=FkLU3w9NosCV zYLSAWrKKr@;!hSv1_nk39gr0u+ZmYaJ$CK+XdvLQdala8OzZQ4*F%+d^j>G}%y8WC zp)<%eSG-8|P1Cu@LU&KQy{J}XRik+(=tTM=GYuMB5h}jym8(tr{ zTHty08q@pqX@{qpFA8HkpSQf;)z`l$D#)_MC9vJG&E2N2-g4rU9Qz@c^t?o^K@|xskr5P?jr9I1&)Tq@CE7Y8n)sS_yVFMA1M7^ zU(}HMrT$kE3-49y<}iouLVsVTt3y~&%;(tp6RhW!zMW}qaBTJqjdNR= zpI$3jr}9f+Yt+pZe*>O>VG0zBw(0jh{Y!Z6w-4U_ksFuK=lLY^@8(A(CZ07r1c5FH zD{+k|an8@pP0cG|2+7DSR!A%=Q2NWsw3($we0mm@$M7(8A5T-G@yGywo_ C$9f$A diff --git a/usr.sbin/httpd/icons/layout.gif b/usr.sbin/httpd/icons/layout.gif deleted file mode 100644 index c96338a15228f70b4fa5753ff93db7d70f1123cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 276 zcmZ?wbhEHb6k!l!c+9}?9|+DE|2H;1^Z)-$AV@P#I|JkyGvEM<|NKHSGK&=wi%JxL zRA!z+Nk*zdL1|J>X0k#`er{rBo}PktY8g<%qclAuwOB_X8^p_SNX;zKOU}>LQ3y^g zC`rvtN-a__w6rv3Q2fcl$iTqNpaZfI}mo*BX ubMM=^lVvk>^@~}aS-AV^f3&VBD9tXZudR+|59;m-w3jTH=pio1U=0AHb6^Gl diff --git a/usr.sbin/httpd/icons/layout.png b/usr.sbin/httpd/icons/layout.png deleted file mode 100644 index 0a97c1c475f364f66ad30ec78a081a22e60f5109..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 306 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{Dd_;85Z5#R|NlQ@{NLCZNY4a< zG~={0K%OyBKHl{GR3OEeEaktaVuGay_tzkLBouVskoTsvV=-Z zPF!4EPF@aQ8rL$_+0xA|-Di(pnxw0xrR8wOL}Byd#mq-|czMmt3O_a&_8#;}=5R=E z+EQX7te%yV;MD{+k|an8@pP0cG|2+7DS zR!A%=Q2NWsw3($we0mm@$M7(8A5T-G@yGywq6*JeTh diff --git a/usr.sbin/httpd/icons/left.gif b/usr.sbin/httpd/icons/left.gif deleted file mode 100644 index 279e6710d4961d7644ea2e3e39e6afd300147aa8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 172 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ zvM@3*Ff!-Xz@**Nzw-3iM{+%$5nXSNI_AHs_0#Z5ammWC>ec*qNb!1QNo>>3 NI{94w6cGjnYXFzvI#mDw diff --git a/usr.sbin/httpd/icons/left.png b/usr.sbin/httpd/icons/left.png deleted file mode 100644 index d6e2404a811ad62eb3c5f705ba265e273661d7d5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 235 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0$P6TZ_3OC;DYgKg5Z5#R{{xxVb(YlvDaIsk zcNfP0OuF}g979hR$B>F!$q5aNVhYa~lOz?kF+P$~_;>ig0gfYQ9M13^JriI!K_;S? zH-w-63J(VZ!&+6&{hg;CMguj6mAFQfIOpf)rskC}gk)qEDvky)&eSX80_q%!jq zN-|Ov3QCi5GLscj@^ce2^Yj$FQ_Fx79;N9Ssl_@9*&tqqLuzJ;UUGh}jzVy1K}l+E zQfiTcp{1oMgW^vXMg|5Z1|5+3Aln(3b0T)_`4k}HuzIfQzD(=$g4aWpcJy9n?OYMK z<3neVTdwpcAKpI=-d5i4k8cuSl8s+i>=HJ`A>=Y=gWs~oHD8<*YC&S2E{-7;w|vhXqT$m zk0QMrQE@zFI{IE`rv3Zjxj?dJ5}%4lQ`WtHpj}}lt`Q~9`MJ5Nc_j=X8JWcjiA5y} zKq@m&p(GL>)K g7L=ssCZ!fB7+PAI`n>pZ1ZV?;r>mdKI;Vst02>Qy2LJ#7 diff --git a/usr.sbin/httpd/icons/movie.gif b/usr.sbin/httpd/icons/movie.gif deleted file mode 100644 index 003518377414735b97dd78c435daa795c9136526..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 243 zcmZ?wbhEHb6k!l!IK;s4|Ns9pKy>EJ%$YOO($b8LjTyi|@tVo`|#kjl(c zD9K1wC@4+J$xK#A$0Aq je4J*Rr#@1aJXdjR@wJsoZ!aBYW^HV0ZfO+YWUvMRZ1!36 diff --git a/usr.sbin/httpd/icons/movie.png b/usr.sbin/httpd/icons/movie.png deleted file mode 100644 index 5615180de885fdad381d4dc6702eaec6ef4a378c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 258 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DbWC*5Z5#RLEy}pGc#w-OiN2M zHZ}&zbP8DI0x8BMZ+92A#Izl?K#rxSi(^Q|tz?hpCKk3f6;lImP0=GIj7)|C#=2*3 z-nbE=!>hxUrnS(hGeCiZC4lwIR;F_)ysb=Z3~8z+uN05GjsqGJR^l2_;+&tGo0?a` z5R#EutdLk#q5z~a^At)lQWXkHlX5bX6;kqZ6EpMl6ueW*fD#_1=^3fTIttk!UWP+z qW{F;Mey)x}aB4wGYHm_$k%FP6rK!)0FGqkjFnGH9xvXXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf22^PEdd^F&3SUp#HU#9hWLHC{`p^eh6ea~4tRaf(| z_%3JAe*U`SyKG~C!;gtpQxXFgX({TuJQm*75*apCqqytJp{nC4Q*X#X Y_^R}pPJ1}};XQE`%{%V$b23;10Di_)fB*mh diff --git a/usr.sbin/httpd/icons/p.png b/usr.sbin/httpd/icons/p.png deleted file mode 100644 index 3fbe0e8801e4eeb7179e4d8845690c7d86cfb010..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 284 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-1q^FBxNX4zCeW!U3DDXIMZsHbJVAD|IR;c_xbC!vtOw}7} z+sJe7&ra(eYY03QSYe|zJ(F|k%Hxam7Oi>}HYxJJ)v7+mg?R_U_g?;d%P;rh{x2_b z8f`Uwo-n4yNGslH`rHV#B&@_WqQp5rH#aq}gdrp&vsfXqs6+usW#%cAWTYw-lqTh5 zCM%@m=O$+6=_z=pmH{O^O4Bn^i**#TLA(ry)XWmSbP0l+XkKuy<#B diff --git a/usr.sbin/httpd/icons/patch.gif b/usr.sbin/httpd/icons/patch.gif deleted file mode 100644 index 39bc90e7953103a7fb4d6dbbd3efcfc1cc8de759..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 251 zcmZ?wbhEHb6k!l!IK;s49|+RY&iwyBbLPx61_oneV+Jr#{O1>vky)&eSX80_q%!jq zN-|Ov3QCi5GLscj@^ce2^Yj$FQ_Fx79;N9Ssl_@9*&tqqLuzJ;UUGh}jzVy1K}l+E zQfiTcp{1oMgW^vXMg|5Z1|5+3Aln(3^CEWb`4k}HuzIfQzD(=$g4aWpcJy9n?OYMK z<3neVTdwpcAKpI=-eOD+8f(7P$v8QjjESn*)KFqotJLnbYDxf$LnDLk)v8Bb)9>m( q*HL9Yo3!quRNC&zr)@sV$^5d;vQo}swQXy+(HAuD>9yx%um%8r)mtS1 diff --git a/usr.sbin/httpd/icons/patch.png b/usr.sbin/httpd/icons/patch.png deleted file mode 100644 index 808ed7865fe85986e4a15b5038aba0397f6e041d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 295 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DbWC*5Z5#R|Nl=*0}?Z5&P-!q zFg7*@%H%vd6#}Fflf2zs*b>ur)B-tio-U3d6}OT(SeqHx6gYyIm_kEYf;AZqhPWCy z9!gji6%irPGjrNBwp1-m>Di4lw6wImyb_jmaR_K=HqPj3a$rc@#Sp3FH>E>qCih0( zLoEyn##bbm8v0T^nwi)b%sZ4GPVBT-1=XGxPKmyi?175+0@L8L7oO3fUlDhC^y*iC%Jku8u-*YC%bA dZc=KIf}y3Qsn3fqM}Rgkc)I$ztaD0e0s!bdTx|dV diff --git a/usr.sbin/httpd/icons/pdf.gif b/usr.sbin/httpd/icons/pdf.gif deleted file mode 100644 index c88fd777c4b2a85b930eb4a6b68440c88536289a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 249 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2ITpM2d^F&3SUp#HpXaXk2Sl>&JZ}wU>twhgl(8#J z&4;IaU+5wAJaJ`3 kwKt!oQbM;s-=_PA@BRCyb&avi?yYTZ7J^Yx{G1Hd067U;U;qFB diff --git a/usr.sbin/httpd/icons/pdf.png b/usr.sbin/httpd/icons/pdf.png deleted file mode 100644 index 516142bb47bca0ec5906b6cc7547e68812835107..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 289 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-1oTrOpNX4z(a~F9V6nI<%!z!k6axf<(FrK_!ujZY(#_-;H zXJ^ip(Yl%HCW6YQj@(_b3RAMzsC<@4-dL1o`-|Jc>#OMlSBb`U!?jOJlD@}sE5+CM zY)#O&{+qIBdY)#y>_R_8TBKlT WX=&>7;>!`B4Gf;HelF{r5}E+$&SK#J diff --git a/usr.sbin/httpd/icons/pie0.gif b/usr.sbin/httpd/icons/pie0.gif deleted file mode 100644 index 6f7a0ae7a703000c365896477c32f9f1434d14ca..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 188 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ zvM@3*Ff!-Xz+~Oizw-23{>3JXu0=Fn+uq4rbVj_b$!S{Jq*b>ox4e@+uPSrG fY~A@idsi_sTAZ5D!6YVVJJJ1GWyGRRCI)K&$B{!c diff --git a/usr.sbin/httpd/icons/pie0.png b/usr.sbin/httpd/icons/pie0.png deleted file mode 100644 index 12e0200c97f4174cb32e46b48c7446947628e11c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 242 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0#0(_&>W54PQk(%kA+Bfsg8+~>)5HEZkYY^o zc6VV)#z(kc6`Rn5OhHFV)Avj=|BU*N?apKobz*YQ}ap~LNYRo6%va|6o6D_o-Xz~tJ~zw-23{>3JXu0=3z*v`4OaPFr@>FpEKG8&zNm_A7^cehR7 q{3odT-{ZSYE(_O7ykRZyxV`aZjoH-0n$0tdUlfJ#w+AvXSOWl+b4fP< diff --git a/usr.sbin/httpd/icons/pie1.png b/usr.sbin/httpd/icons/pie1.png deleted file mode 100644 index c44c793ed8b2aab446b8fcb47039c33209cd52c9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 261 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0#0(_&>W54PQk(%kA+Bfsg8+~>)5HEZkYY^o zc6VV)Ls8Z>t_2Pm*NoWM&Rtlul2^fKOQWNy ziLnWz$FioA0Vb1#JNWsw3($we0mm@$M7(8A5T-G@yGywn-Xz~tJ~zw-23{>3JXu0=3z*v`4OaPFtZ*%}klI+l54ZqwVk=`G`N qqqzCzcVC|^a=f79z@jnzl=39bRIB-cn#w!p?CVf&?+9dIum%8pzDGL% diff --git a/usr.sbin/httpd/icons/pie2.png b/usr.sbin/httpd/icons/pie2.png deleted file mode 100644 index e0b7167d913cc7c6e6bc35d3dac8496bcf15b1bd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 253 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0#0(_&>W54PQk(%kA+Bfsg8+~>)5HEZkYY^o zc6VV)Ls8Z>t_2PmVgVh(9%c@np$a=0dU<$# z8z#+h*u>~%)Y{h8c!sl=VW#9RhAcY<_gKlcQ{}1#K(oS1Tq8=H^K)}k^GX;(GBS%5 z5{pU{fK+ClLP!lN`jBehsZAsfWYa7fK8(M!(H k)lmpeEhtINO-e0NFtoHZ^?C8-2+#%wPgg&ebxsLQ03Qudga7~l diff --git a/usr.sbin/httpd/icons/pie3.gif b/usr.sbin/httpd/icons/pie3.gif deleted file mode 100644 index 4db9d023eda78f499c5e5efb7d6739d0d450652d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 191 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ zvM@3*Ff!-Xz+~6czw-23{>3JXu0=3z*v`4OaPFtZ*%}klI+l54ZqwVk=`G`N iqqzCzcW*N`uLwVHCM7ial+@(%Il4wxJnexD4AuaG3PW-L diff --git a/usr.sbin/httpd/icons/pie3.png b/usr.sbin/httpd/icons/pie3.png deleted file mode 100644 index 820a3c35fa9f6652703d8e9e9e45378cf9090af3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 256 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0#0(_&>W54PQk(%kA+Bfsg8+~>)5HEZkYY^o zc6VV)Ls8Z>t_2PmVgVh(9%c@np$a=0dV82A zCpt_rHW684WU`uZg}Dh=ieCoHi8B{i13ojhY?M|Js$8E9G%l>fHKN2hKQ}iuuY@5a zBePf`v8Y4=NM+_Jlw_nT6qF|AWF{-5LrY6jpBG<_0BvCKboFyt=akR{09h|mF#rGn diff --git a/usr.sbin/httpd/icons/pie4.gif b/usr.sbin/httpd/icons/pie4.gif deleted file mode 100644 index 93471fdd885b4e54a6ebcfb68fa98626f3d43d75..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 193 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ zvM@3*Ff!-Xz~s==zw-23{>3JXu0=3z*v`4OaPFtZ*%}klI+l54ZqwVk=`G`N kqqzCzv6IghDLmwE@Ojtg`DD^c7sH|;f6tbO23!o*02@O^$p8QV diff --git a/usr.sbin/httpd/icons/pie4.png b/usr.sbin/httpd/icons/pie4.png deleted file mode 100644 index 35490d857c7f2fa89b7924a3ad65e40085b7e27a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 239 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0#0(_&>W54PQk(%kA+Bfsg8+~>)5HEZkYY^o zc6VV)Ls8Z>t_2PmVgVh(9%c@np$a=0)H~M* zEfP=SyW%t9C&LminTfl$lsN)*hn2WSlsM<-=BDPAFoa}e7Aqtcl_&tI%shpXj8uh! z(xjZsWQCOc+{Da0Jq7R7GN6P8TBKlT WX=&>7;>!`B4Gf;HelF{r5}E*K=S>9w diff --git a/usr.sbin/httpd/icons/pie5.gif b/usr.sbin/httpd/icons/pie5.gif deleted file mode 100644 index 57aee93f0707a6fea58637c351c4ac1dae6459cf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 189 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ zvM@3*Ff!-Xz+}_Yzw-23{>3JXu0=3z*v`4OaPFtZ*%}klI+l54ZqwVk=`G`N gqqzCzdnff4?UOy9X2YesW54PQk(%kA+Bfsg8+~>)5HEZkYY^o zc6VV)Ls8Z>t_2PmVgVh(9%c@np$a=0dSh6X z4m+r%U(uRyN=M-2mMqZ|J3?1CJTu5x8^vHM&u~9L?)tr5555Bp3@dSsC~?lu%}vcK zVF<~{ELKP?Dp3GZnRyB&8L0{drAaxN$qFg?xrv#1dJ5jDWk3m!()5hfVjYES5HG_a rHM2x7IX_oNAvm?5BsDiFwMfCx($duD#g`*M8yGxY{an^LB{Ts5*X~xb diff --git a/usr.sbin/httpd/icons/pie6.gif b/usr.sbin/httpd/icons/pie6.gif deleted file mode 100644 index 0dc327b569730e90421c3fae883b17691b8b9219..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 186 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ zvM@3*Ff!-Xz+~Cezw-23{>3JXu0=3z*v`4OaPFtZ*%}klI+l54ZqwVk=`G`N dBfa+_^}iWi*Dq8}v{CBqS-80Up#c|zH2^QW54PQk(%kA+Bfsg8+~>)5HEZkYY^o zc6VV)Ls8Z>t_2PmVgVh(9%c@np$a=0yt39t zwYn8Co@CQF$)eKuY)ura3A@H#hAcY!lN`jBehsZAsfWYa7fK8(M!(H k)lmpeEhtINO-e0NFtoHZ^?C8-2+#%wPgg&ebxsLQ0P!18A^-pY diff --git a/usr.sbin/httpd/icons/pie7.gif b/usr.sbin/httpd/icons/pie7.gif deleted file mode 100644 index 8661337f067f9933eb0ef9bb4ccd77dd8bdb0b10..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 185 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ zvM@3*Ff!-Xz+}3JXu0=3z*v`4OaPFkWM->GJsune#*ygc&t5eqP cin@0;&wnp$nZ|PQtB_G$pA6d$4F(2l04BFX#Q*>R diff --git a/usr.sbin/httpd/icons/pie7.png b/usr.sbin/httpd/icons/pie7.png deleted file mode 100644 index 6bfa2d06ae2be70d6e378b84f66a88bc1ef6d5ec..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 258 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0#0(_&>W54PQk(%kA+Bfsg8+~>)5HEZkYY^o zc6VV)Ls8Z>t_26K=qwPperZi8FHelNbV1H(#OBTAg}b8}Pk zN*F>iGK&=wi%JxLRA!z+Nk*zdL1|J>X0k#`er{rBo}PktY8g<%qclAuwOB_X8^p_S rNX;zKOU}>LQ3y^gC`rvtN-a__w6rw!dGX~4&;|xiS3j3^P6-Xz@*dDzw-23{>3JXu4R1A-L;ud>%okkhl!IyUaie(+qXfR+ave> Q)*p2%lMkH{VP&ue01>A?od5s; diff --git a/usr.sbin/httpd/icons/pie8.png b/usr.sbin/httpd/icons/pie8.png deleted file mode 100644 index 716cf2822bf1cbb2f46fff422d0a7388f99e2806..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 233 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0$P6TZ_3OC;DYgKg5Z5#R{{xxVb(YlvDaIsk zcNfP0OuF}g9DPq0$B>F!$q5ITBK9F> diff --git a/usr.sbin/httpd/icons/portal.gif b/usr.sbin/httpd/icons/portal.gif deleted file mode 100644 index 0e6e506e004caddde40da13470f5b566c4ebd3e4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 254 zcmZ?wbhEHb6k!l!IK;s49|+DEp8*m;Fw=PE%$df<#taM$ivRpVGBS%55{pU{fK+Cl zLP!lN`jBehsZAsfWYa7fK8(M!(H)lmpeEhtIN zO-e0NFtoHZWl;Rd!pOkD#GnH-odIM!19M@xy5abNeolJ^dKQ(i&E!y0oZhYAIz1P__bl`CXaRbu>JEQyKU^X{_%FW>4o vqif4-qpv>D{n{&Y~ zGmVXnfs!_c&Fg>^W0JSK3%gii$7>)b+0(@_q~ccTIYYh%1)kQ2^OiD;KVb2jw;)kf zB2nCDeZHpes|EkREUn~pxN79Vx>R7!jJb}M+bzzs`Y*Z?6})Mg%$ z`&97jtL=|la)xe?YfkO>mAZ6ljnIuI_Ugyh(`v()3jwVQD{+k|an8@pP0cG|2+7DS zR!A%=Q2NWsw3($we0mm@$M7(8A5T-G@yGywp!BXJJ^ diff --git a/usr.sbin/httpd/icons/ps.gif b/usr.sbin/httpd/icons/ps.gif deleted file mode 100644 index 0f565bc1db7ebc72bc372381239f378780df5487..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 244 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2=@z^8d^F&3SUp#HpXaXk2Sl>&JZ}wU>twhgl(8#J z&4;IaU+5wAJ;6lrj$UyQTKrXC=eAut`Q_@GqDYq{i?eZ? fuRb@A(YSxEI~f$8&tS>vF?`AKxHx{oVylS|xv6<23?Uhr#R`c?)Gf$x;BUPcG zG$|)DSs^7qH!(9$Pr*C23@G7Inx2tbtfP<(;$=9bW|rtB=jZAu1g931q~<227AY87 WTAKR2_;Lhj1B0ilpUXO@geCx=%V}r; diff --git a/usr.sbin/httpd/icons/quill.gif b/usr.sbin/httpd/icons/quill.gif deleted file mode 100644 index 818a5cdc7e0f1d073cea1f9771b6d94737d34183..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 267 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaN2}Co~($1tA&onkRW?*1Y{O1>vky)&eSX80_ zq%!jqN-|Ov3QCi5GLscj@^ce2^Yj$FQ_Fx79;N9Ssl_@9*&tqqLuzJ;UUGh}jzVy1 zK}l+EQfiTcp{1oMgW^vXMg|5(1|6X33?SPXnCmij?fGaR;jntH+P+NdaQBLW*w$93 zLXW4dLa(j`>C2pYt0=I?YR#HS>z@C9sN+1ND~Ts;Qmd-42b05628YQhH#GTgelWA? zX*ztt@0IAG8g_4X^g@V$goXli}l>FSp%sf2>@6ht2u5ugnWp00i_>zopr09j6Rvj6}9 diff --git a/usr.sbin/httpd/icons/right.gif b/usr.sbin/httpd/icons/right.gif deleted file mode 100644 index b256e5f75fb1f5467251abbf9442f338892e6ab5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 172 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk?9f#N^Ekc`Y?g~Xx~1t67~r%;lSs!&jxl#`jP zkdmL9n3<=i;GJ3ql<+7`&qyuSQOE}IG8|GfOZ1ZSb9EGgQwvH`bCXhw6bvmbO&Jt_ zvM@3*Ff!-Xz@**Nzw)%~qgf4szES6oR(^g_8+4;}QR+O8Rat3Y55;}UDY3n~ OBkprQ{}oXN25SJF!$q5ZiY6@v=57`v#7>@8a{9qRN&+y3J;SYb;e}|)X4p(Iw zUNz2QWMz=@;;}4gDD?+w4J&btC~?lu%}vcKVF<~{ELKP?Dp3GZnRyB&8L0{drAaxN z$qFg?xrv#1dJ5jDWk3m!()5hfVjYES5HG_aHM2x7IX_oNAvm?5BsDiFwMfCx($duD T#g`*M8yGxY{an^LB{Ts5Aj(LZ diff --git a/usr.sbin/httpd/icons/screw1.gif b/usr.sbin/httpd/icons/screw1.gif deleted file mode 100644 index af6ba2b097bda90209dd1d3d392fccdb7bcfa629..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 258 zcmZ?wbhEHb6k!l!IK;s4|Ns9pKy>EJ%$YNdjg1*#K=GenNJeI{LSj*g0+7ngQz*$u zRVXM;%E?StNXgGl%*@kM@J=lQN_do}XQUSEC}e|p84jtLC3?yExjG8LsRbpexk;%- z3Wk=JrVNTdSr{1@7#VaxR)B10U@n!|b?2W!n^SiVYewRG7AFm!*eRWl9lSzTtP=4S z(YLfe5`E@s3_lC29c$pLc?<`iz?;NP}q&5N72t!=+B{M{uprRc!*Z9v<@N?apK zobz*YQ}ap~LNYRo6%va|6o6D_oEJ%$YNdjg1*#K=GenNJeI{LSj*g0+7ngQz*$u zRVXM;%E?StNXgGl%*@kM@J=lQN_do}XQUSEC}e|p84jtLC3?yExjG8LsRbpexk;%- z3Wk=JrVNTdSr{1@7#VaxR)B10V6O7mwdbROfWzv!D*H06&kJ4;Roc;eowd{9p;(CH zi7%4jOn=^)>HKMOOmxr@^Rrv9(Zj|os#X5-Q4yu|;5S>$t1~+pUK<~i5YtS$=vU@u yeU(L%F~&2zjqBi^) diff --git a/usr.sbin/httpd/icons/screw2.png b/usr.sbin/httpd/icons/screw2.png deleted file mode 100644 index 5d7d2cf65e999a28311dc28eec53eac318d20eeb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 318 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DWL$L5Z5#RLEy}pGc#w-G&VK{ z3SZ^1dv-+ z<)`}k9I>}Oe^SqWuHSBt&vg^ex$d`k*3Fcqv6LswiisihMn%4oXXH#($%9G;-_%x0 zI5)->PN=#zQI08g(Z?S*(y)RH6W+GV>HlGEx-^N|SOjlND0(a}zW3^c1{P%YYId zrRf=|#X1VvAYO(;YG#REa(=FkLU3w9NosCVYLSAWrKPFQi!VojHZXX)`njxgN@xNA DzPfgG diff --git a/usr.sbin/httpd/icons/script.gif b/usr.sbin/httpd/icons/script.gif deleted file mode 100644 index d8a853bc5828cf534c4c46a0efbf4b1d7d3c52fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 242 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2sTRBTd^F&3SUp#HU#9hW!Rw()J3?6|OcFmLXwbvQ z;yXWN*R#T&@77%j8VV0WP6%GqkhE;|xp+C~4`X#h&eoZ4tM=c%ZhDQk{(Ri#ES<}4 d7Yj^x^9CF~_};qCSmD=yXLEt#WPVNtYXEP%SK9yp diff --git a/usr.sbin/httpd/icons/script.png b/usr.sbin/httpd/icons/script.png deleted file mode 100644 index 2520570a775d4ed6898317d00aefbaf63f8b379e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 275 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-1fTxRNNX4zSeFr%i3^`bG6VHbTtZQhw(U9=pbZ%$Ugzsmw zWg;eAOPpZ*&|rGfluv=7*XO1iI}1--Qx_Fx^Y<)Q3)}Q}oiG1yE%|z2zKZt?=KpV` zRtEpn?f{w{R^l2_;+&tGo0?a`5R#EutdLk#q5z~a^At)lQWXkHlX5bX6;kqZ6EpMl z6ueW*fD#_1=^3fTIttk!UWP+zW{F;Mey)x}aB4wGYHm_$k%FP6rK!)0FGqkjFnGH9 KxvXl+r>Ez@fddR+p!k!8k%57gK?lSGsbyex zi`aFC_kd@D&y?=4?(Pes3MEI<1Y!g8G%~jxUU1@6RIiH;$6BEo^BN2cqBwk-7hXtI c(vnrUxMBN-xh<~83yn{BaU>KdGcs5M0L&38p8x;= diff --git a/usr.sbin/httpd/icons/small/back.png b/usr.sbin/httpd/icons/small/back.png deleted file mode 100644 index 2257df2140d3bd07fb6173d33167b365714c4906..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 238 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^JZv^(q?ydCNUr978H@ zwN5Y;I;0@rdOvMXN2-_cog;qQvrM*Gy7^6DzERmOqB%1ns)#jzgBT-|U(f9~hw4Ar zpEyw$TDT#rlzqdik2#8=QyP7jG%dU#vrj;had~XSH;JEupWbVKnpJXX>EVS_(s=xm zr?oLiSiTf)u+}wRUvj{u+iG{+)M!u1TT}i{Jm`8N`NeycSnmg7yOwhkCVOO8JN!f4l^cQ-w>w;1ST22WQ%mvv4FO#st;Uc3MR diff --git a/usr.sbin/httpd/icons/small/binary.gif b/usr.sbin/httpd/icons/small/binary.gif deleted file mode 100644 index 995f79b9b10d5a49fd6e6d9f641d3bb65cfffa02..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 134 zcmV;10D1pMNk%w1VGsZi0HXf@|Ns9vIXP=4 o#kZK`47H){6`LuGH;j-%Jne!zs_mH6LPMOYA{Q)|S&IY!JF>VnX#fBK diff --git a/usr.sbin/httpd/icons/small/binary.png b/usr.sbin/httpd/icons/small/binary.png deleted file mode 100644 index 2e2e1b073d62786ba186eb440908f86852839429..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 242 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^JZv^(q?yd8<8L978H@ zwN6mvYjzNDy+7gV)sV2z$qTY9SXXTl3qLLTDr=&KUZ77X^R87w_qlyoRo-l9`IjRL?D73h=0P*6y9g6B1K# ziOVEwUdEOs%O3f$rd07rCfTu-Ok=hP2>3M3sW@?CJI9QFdoOPc+x*t p1+u{=%?$@@pDs(RakraW$82xbyly4;PoT3IJYD@<);T3K0RWRGS{VQU diff --git a/usr.sbin/httpd/icons/small/binhex.gif b/usr.sbin/httpd/icons/small/binhex.gif deleted file mode 100644 index 3d54a5458e6edfde1f60b8a35d549e3af1552ffd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 131 zcmV-}0DS*PNk%w1VGsZi0HXf@|Ns9vIXP=NV?p<;}t+_F|n1vIhdG61y)fInX+{xz%o-MD*`-pgKX5xCVZ_5 lPsPf~hJ=DqCWLWTOyuOYZ1$d>Ba9hs3_k!%1skspbw=XFPD;yQ2*-xB zgoI*yQI%ntpj-15_^92AoeW0r;JN-R&&-|_`zr>U4u~*G7;hF8=jgjlX30tF`d9(Q y=*_sgrUQ~}FW*UMJ>33J{0+PM{l}iXT&FX4I4j@G8(e1q0000e#^gj&X!xZAVnu4@CeN-d>06V1HFU9}> diff --git a/usr.sbin/httpd/icons/small/broken.png b/usr.sbin/httpd/icons/small/broken.png deleted file mode 100644 index 79c998c8c3111f187ac1d586b4c5101534ca0d0e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 254 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^JZv^(q?ydD}f*978H@ z)lS&W+w36Va$l+IfTF5G>=TxgsxnGN+~G{BH&QJYaatF)EMRep_hEj0;Lo`mIR>|8 z%JyziF8`+fOH7J)=ayM(GmbY(yOjwEopU^O?83)GCz3i37atRJIQYlxz~pv^zxs>{ z;rr`~1&%9K9B8#QnU(a>LPoAz`RFA*Hsyc>#tkA2%6+b}S3K6f^r#N9tI^W7nwV|+ zTbtuY%vSZ8f(HWqID-#zw+ZtXU9D5zKIQQ@HVHQqejb+scAys+JYD@<);T3K0RWxM BTo3>N diff --git a/usr.sbin/httpd/icons/small/burst.gif b/usr.sbin/httpd/icons/small/burst.gif deleted file mode 100644 index d882ceba9cbf05051d5081f2e102ebff5f24edac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 128 zcmZ?wbhEHb6krfwSoELaz<~priULty691oD&Y82+%PWWh3>1H|FoGC5AOfV8f!UQ~ z*PVX`hZb>6bP*BCs6S}H;Vd99C5S^ubKfnY9r=Gl6W4NkFT36}`PFx$95FVrz#Gvo Z(|nHUXljWp;?_Q1GLa!b)18UI8UVh_DDeOQ diff --git a/usr.sbin/httpd/icons/small/burst.png b/usr.sbin/httpd/icons/small/burst.png deleted file mode 100644 index 2b21436c78eb254526ce54349170863cb136d5a8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 194 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!73?$#)eFPE^4e$wZJ#gTFrlLTUm&E_)mUHGT z_3{GA2nX~{0#b}g-tI1JiD^4(ft+Yh7srr_TgeFr*druk6nK^k1Ri4$aK3ROfaL^7 zP>`9K8Iw^j$0;jFgqJ`Oni0Vzyy|%Y#xz>0#>6I2OhSCDvtvU kl&=I{U`%55*63hiuwBIa#*q8iR-iQup00i_>zopr0A~t1EC2ui diff --git a/usr.sbin/httpd/icons/small/comp1.gif b/usr.sbin/httpd/icons/small/comp1.gif deleted file mode 100644 index 712f36afdb27370918ce1eb008be6073aba769e6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 130 zcmV-|0Db>QNk%w1VGsZi0HXf@|NsA#l$5~0z$qaZT4Q55rOtD`-T(jqA^8LW00062 zEC2ui01yBW0009=D7xJKFt$LdB@lxJ4RqIg#Z8m diff --git a/usr.sbin/httpd/icons/small/comp1.png b/usr.sbin/httpd/icons/small/comp1.png deleted file mode 100644 index 6d8c3459ed08a21c1d7cc50afbad7a1abd5471b4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 197 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!73?$#)eFPGa2=EDUJ#gT_lqpmG|NpP4C=r#M zY`OGY@!oqt$zwq`CITtOByV>YcCo~c*Fa9Rr;B4q#jWIo1I#WlF);^t*c}}inFS8J zUO2i?;7o!ycZ0#9ODtRqvsxT@!WO8Bhbt(XnwprHTy1Pr)D>ZA;0bdSTQG;=Lc#>L ov;`iD9vhVdX74r>m|<;87h-29Pxjp00i_>zopr06UjHhX4Qo diff --git a/usr.sbin/httpd/icons/small/comp2.gif b/usr.sbin/httpd/icons/small/comp2.gif deleted file mode 100644 index 7759eb11f95a4bb3803ca55eae6c3ff8fd100b96..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 131 zcmV-}0DS*PNk%w1VGsZi0HXf@|Ns9O7#M_vgsrWuz`(##T3U0)=KufzA^8LW000C4 zEC2ui01yBW0009>NV?qqFg8)DEpK4KIl+xqbkqNgD~s^aKww; lWe8G`jyjbQNm3FtI?)idj0B1>qD63^77l^1cw9^X06XYXE$jdQ diff --git a/usr.sbin/httpd/icons/small/comp2.png b/usr.sbin/httpd/icons/small/comp2.png deleted file mode 100644 index 57f7ad197b8e18ceb981ecdb30a05611720acfbe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 194 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!73?$#)eFPGa2=EDUJ#gTFgoH#(OUv4|YybcM z9~2c;eC#<;a^D=?L?FeOji_2J;mN5pjX-!C6mBTe9h@q>&CzYj( mqxlM(sG&g%casAHGs8MFfm+4rr^P@!7(8A5T-G@yGywoMl{}6B diff --git a/usr.sbin/httpd/icons/small/compressed.gif b/usr.sbin/httpd/icons/small/compressed.gif deleted file mode 100644 index d3b156072ac0b62c0248694d2d05791379e34927..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 128 zcmZ?wbhEHb6krfwSoELa|NsBl+1YdE%sFu2!277EYykl;1`tsE$->CMz|5cn;(*jL zFuPjpx+AC8q?t7P$~sH6D{%rMQ(HBiPS!|-)_OUXyj2ijRTh5h@?e)dzw#N~vZiai c6)G%M%rgTM8yr{}o0lx>>ev_S%EVv|0H!@EhyVZp diff --git a/usr.sbin/httpd/icons/small/compressed.png b/usr.sbin/httpd/icons/small/compressed.png deleted file mode 100644 index 43acd8b943dadffd426aabaa42e86df0891b0274..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 189 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!73?$#)eFPE^4e$wZJ#gSac6RohIdlI1|NlNJ zDqBFni-BQ<`NyR|1&m4F?k;SJX*+6xoG?!p$B>F!$q5b&ZW?EE)-WVXI7+e|V-jdv zm>>|+<;dy6Z6GbJ-DuLrAnCJCp>6ZVjhr(cCgr?gO0$rZUfm#h=-9C}3T{ds8zqj& iB&&7EHZ?gp2r(3X<=P(@v3?8C1_n=8KbLh*2~7Y3^*sCl diff --git a/usr.sbin/httpd/icons/small/continued.gif b/usr.sbin/httpd/icons/small/continued.gif deleted file mode 100644 index e1c9f2cfa68034f0439e336d3b3903deb44a0883..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 114 zcmV-&0FD1gNk%w1VGsZi0HXf@|Ns9vIXP=|;7%PM|whF~X2*V%{U5E|8iMaEOD$ U0n_;{NXL`HRB1Y&&_@CQJD2_|n*aa+ diff --git a/usr.sbin/httpd/icons/small/continued.png b/usr.sbin/httpd/icons/small/continued.png deleted file mode 100644 index db17c424650859f7b8f2117ce08ce4e78888e1b9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 214 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^JZv^(q?ydHtR)jv*Dd z&R*D&GNR2Uen0VOOkQ~&?~ diff --git a/usr.sbin/httpd/icons/small/dir.png b/usr.sbin/httpd/icons/small/dir.png deleted file mode 100644 index 9bd6256bdbb781ad96d26b02870c8dabb1622f5f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 175 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!73?$#)eFPE^4e$wZJ#gT_|2ymc-&?z5L2bCV zwYI7(P$v7ROxnB?v5!j_n}qZY{V@N{tuskoJUY@=v{0SD`W_*6!7548*XJ9zi% zGyU#Q;FuCu+Mq0HYu{RTEKU4Vh0?||QA_tvUAX_^>Py$klAL*~Lv|O7nuyn2n47&`btTS3j3^P6t>yewCRwrrVbz0%P@q&p!pQbR!HK;_&hjwjs0n_k|_ba-tRk+K#r}ai(^Q|t>gp+CIe|{=?xYPl4^Q-=h_Z2^6;EG zc1*3$Xu1{p00i_>zopr E0QN;PK>z>% diff --git a/usr.sbin/httpd/icons/small/doc.gif b/usr.sbin/httpd/icons/small/doc.gif deleted file mode 100644 index 0fcf18db2a89a540716c06e734cc564cdf08375a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 191 zcmZ?wbhEHb6krfw_{0DLmX?;;+1WikJ?GAyd;a|S|NsAif{H&`7#SGY85IA?BvmT- zCKi=s=IMDCC8p-47CHDPXXpj{dFr{OGU$Lz0GV|Nmr2Y%6}#@Zv(3<4F35AuIl!xvcWvVE3&b1Cxh RG|&8^tTFrSX;&r&YXB6~L|Om< diff --git a/usr.sbin/httpd/icons/small/doc.png b/usr.sbin/httpd/icons/small/doc.png deleted file mode 100644 index c560df21d3c48dffb288d24f7f7a4212bc15b531..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 269 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^Rni_n+Ah+3ye&|Y znRhqvklAa_-HUlDQ{^5UJ>x9Bl!3*|^xU0>)$?<^#Td%XbyXBwSQ5@pZJ#7&v`DpZ zRh!4;?n6mS9apj(u;&oEFK4InMJ|iS@;{5uk&DmYd{4N2Tke$W;`_fhef`S#YjS@0 zbV>iUKo_c%xJHyX=jZ08=9MrcRVw%<7L{b?>3J6=rsk#=Irt`L=mqbayAUSJ1# Omci52&t;ucLK6Uk;AJ2H diff --git a/usr.sbin/httpd/icons/small/forward.gif b/usr.sbin/httpd/icons/small/forward.gif deleted file mode 100644 index 2997466eb4de77500cbe27060b1a590f251102ab..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 125 zcmZ?wbhEHb6krfwSoEL4($X?JJG-Z+=fHsj=gysDfC0syEQ|~c%nUjp0gze-W+#hX zTmETtFwSL&2y5Nl=5irbM5W{Lcb21_)0{VRxK0$bkc%jd_Yl5)#{CVW($PnOg`QH9 VToX4n&1RWCdxjo&kqQHYH2_Q8aRPp4rmu`- zG>KU7gl)k=|E;BlOv-&$y9#`6vF)B)6cA=BXY+OC5eHS-Zx>pBs5U#Q9}`W@RONcM sBH`auwM){DlN|k3SBw7lI9Sj4rp(KBi<{n8pu-tFUHx3vIVCg!0GNGUY5)KL diff --git a/usr.sbin/httpd/icons/small/generic.gif b/usr.sbin/httpd/icons/small/generic.gif deleted file mode 100644 index f8da6ff92c3103d440aa34c842efce51ddd2d55c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 116 zcmV-)0E_=eNk%w1VGsZi0HXf@|Ns9vIXP=CMz|5cn;(*jL zFuPc2E&As#5ERnD*ARJtfp=NqymCk7r$B>F!$q5NT2@MRQ;cScoXLBB9C9ot* za5zZv_z1KWuF#m0cz`2SLOSSNf(Wm$h)7BT1H3mVwz!V%Hr- z1E&XvCVaS5R(RiAy>mgUql=e;(y~pho8&ujXu&V@o)YW0l^; H!e9*mJvSwK diff --git a/usr.sbin/httpd/icons/small/generic3.png b/usr.sbin/httpd/icons/small/generic3.png deleted file mode 100644 index aa38963afa2abcadb18fceb583aa705aae9b9acd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 147 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!73?$#)eFPHV5AX?bJ#gSac6RprsHkiK0WSuI zd1=SofKrS}-tI0e{TVj{fgB@G7srr_TgeFxjH(I(42C^Zrc4n{ e&3OOfw2*gItqmas!g_N~w>q49yG@Lf!5RRR*e}ok diff --git a/usr.sbin/httpd/icons/small/image.png b/usr.sbin/httpd/icons/small/image.png deleted file mode 100644 index d92f0a5fcc45d6a98f9a3c92864e9b1cb4d68c46..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 178 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!73?$#)eFPGa2=EDUJ#gSac6N48PtX7V|KCSN zwImz9zh()PRC_T0I*?*a@^*J&7fbAT4di%ux;TbZ+)7SxU|Yi)(6-8YieMC9YKy32 z#fE@^*J&7fbAT4dkSFx;TbZ+)7SxU}IBgI(qbIBj>RK!v@0{ z3Ov&<6=)o86g^U)r&CbKYAAA9B63cIj6}qdJD0pfotq^k8hVmaA1ko6P1s_Rc=$pR zo0#Hu7vT*_#{(3_)mK<1uoX|3G-;9&Gc&`kkHQ80#fCe9_Az+6`njxgN@xNAHjzb! diff --git a/usr.sbin/httpd/icons/small/key.gif b/usr.sbin/httpd/icons/small/key.gif deleted file mode 100644 index 8dfd6c09de379a7fb7e78f3d06b5e2dbc959b109..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 187 zcmZ?wbhEHb6krfw_{0DLmX?;;+1WikJ?GAyd;a|S|NsAif{H&`7#SGY85IA?BvmT- zCKi=s=IMDCC8p-47CHDPXXpj{dFr{OGU$Lz0GV|Nmr2YX6}#@ZFYAcxF>N}S-D%%k z#wa;mSK3`9k(pCGM`QUUra7VZmHVu_rmbdA-1QFo2l NCU4lW(}RJ*8UX)gL+=0p diff --git a/usr.sbin/httpd/icons/small/key.png b/usr.sbin/httpd/icons/small/key.png deleted file mode 100644 index 1a45f67df3115e1caa9ed558cabe24553cd87e44..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 254 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^Rni_n+Ahvt0^r(6dQ?I{WEEqt7^yVQ*WnHIiyWVwMM@}B{Z{={c_>F*D&e;LZV z=#-1A_w2(4834KPd%5^!VBym-!XW)`njxgN@xNA6%Sw| diff --git a/usr.sbin/httpd/icons/small/movie.gif b/usr.sbin/httpd/icons/small/movie.gif deleted file mode 100644 index 7b4a42e7a0eec8e4508903e9bd49cd966e966e21..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 134 zcmZ?wbhEHb6krfwSoEL4($X?JJG-Z+=fHsj=gysb{`@%u7%2W^VPs%nX3zogKx!G7 zy*+mMeAYkV+1#MabHG}Fse$nzdz^H8ru>rzC6{fBxi)IB^anlsy)r`O#>SQkwF`?k i-+B_~9;vx~3vcGG7n{Cov&^1%&M%y6veyh225SHs|1u2# diff --git a/usr.sbin/httpd/icons/small/movie.png b/usr.sbin/httpd/icons/small/movie.png deleted file mode 100644 index 7c126042c9aa4e013f543244b0c281e540b06d53..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 202 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^JZv^(q?ydCi_Kjv*Dd zu1?&@d)R=7q!eTc&D)5IHA6<$y`u@`%#5a*Q)JecWT3x1vvLV+xFmDnh0y_QvEk9 zk1ty0yE++lh0WicVE5%idU(O!q(`NdKh#6mjUp`ty!>_N0G-3&>FVdQ&MBb@08;c! A#sB~S diff --git a/usr.sbin/httpd/icons/small/patch.gif b/usr.sbin/httpd/icons/small/patch.gif deleted file mode 100644 index 100484e59822e79e22ab469fecd4a39052a66875..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 182 zcmZ?wbhEHb6krfw_{6|qX=$0Ao!!&ZbMD-^=g*)2|Nox>3>1H|FfuT(F)03%Nvc%v zO)M(O%+vEON=(g7EpqTp&d>|?^VD-mWzYes2AOpTmr2ad8N2S7sdgD9bMoA>*d;jA zG*oa~#%+fN-d&1Z?m{=gQq9|Qen-8 z3J6=rsk#=Irt`L=mqbayAUSJ3LjKR~@&t;ucLK6U8FkJNj diff --git a/usr.sbin/httpd/icons/small/ps.gif b/usr.sbin/httpd/icons/small/ps.gif deleted file mode 100644 index fa4bcfce30f5fb3f62e65f0c989ac15be60a49b9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 184 zcmZ?wbhEHb6krfw_{0DLmX?;;+1WikJ?GAyd;a|S|NsAif{H&`7#SGY85IA?BvmT- zCKi=s=IMDCC8p-47CHDPXXpj{dFr{OGU$Lz0GV|Nmr2a76}#@ZALB7tB+7HkIql96D6GMaovr)0~p+w&0R?vcik1 Ky{BB67_0$$w?x1I diff --git a/usr.sbin/httpd/icons/small/ps.png b/usr.sbin/httpd/icons/small/ps.png deleted file mode 100644 index 5c604230d07d4611118d95d9c0d916c99e095104..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 254 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^Rni_n+AhlV6%Y$%Xi7H0%^4+qSGG;O#OJpRn4nlh0!@qvq=JH3Qqpd$a@#YU;cEJ+@c~^ z)v43g`Bi+-3gT;<>ayW(QsDVR26@FBdk(e=NV6Y^c0Jm%`MTH2qX`vkRlm;8U)3dP z@a);css;v*DZ4W-=kT8B13F2i#5JPCIX^cy yHLrvrsZzl=v8W_7PtUt3F*P@}$iX)`Loe9RQ_m%}@B%x?cMP7celF{r5}E)dJz-1$ diff --git a/usr.sbin/httpd/icons/small/rainbow.gif b/usr.sbin/httpd/icons/small/rainbow.gif deleted file mode 100644 index 8216b89bade87b795a7345329da487735f3e07eb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3811 zcmX9*2|QHo+ddH{AxoAlA=?Pq8Eb=SjP)JMn6Xa`Ml#0M*kcR^Nimp;vQxd3HA&gG zP{>{hMJ1K2r{2-6a=6k2nDoQqb?SX0=ifo1OVxD)*A%?C=kWsLqNg*gMnlaOlHxTOc20< zz!KXE2Y^c~F~0BUQJ^eB8vwL{tO*bUf-x+@CIAvQ*$SYR z&94POIgkkeEO$8&lw%=q08CD13E=<$2jOfb2w@M|2>=kr4#Qe70Dyr29t80$Py)OL z0M|f30t6+1A-3%hJN6ulhyTQ80pJ`vHvpD`bO4}(pdgD20D>TzRnZ`bW~%{~3v0mA zv*01tc8+DhIt0`L*dMDFWL=iM0o&SGAekKnAcHZio~?}mHvhk4U6}o-vkUuQ06YiD zR#Yp|w6yc|^G?~>CRdM`9LWn~Fzkx#EN)tel!*A>@%LA#thBFDynC1OFGZ_fOG~0j z!l%^-{rItQM+c;n+}(}pL!B8ob4Fl9fcS!_Ix*ok<#u}J^l9KV5Wg6ou)OkKXLS|x z2_w5MD;x4XL}g3Gb$3?|l#Bco8OimRiv;QDuEJaJL-d*ML~g28hWV*q<5t)GlCuv5 z5{tvD{H>44nNO^u4gt^CCpdzEn$wBT6^}*AbKTURC+jExgqY2c8ibWBh!_jr1VNSj+5_ zp*2yT57lD%aNQo+A+u1w3bd6cf9h*Kj}N4Y9(vfjaO$8D{5SmSd!yTmm$xdjBR`%f zA7q+8y&C;Rsj-OI^E8wG{nQXm#R^G{-G)!9xpyw+#2fN1siC_n%#W#pRSEN*f2n_u zY63767tK{LJ%x@aLn-7U^17ssd2DejTM&9ORZ8hPJnES9HQ?n&)E_NT zN6w(Z@?Om@K9^DLVOZ&?&PzDwnBKHkK0mM!^(x0OAzAmu^#taDf|c<`^D6<uj6|Y%%DOL(v@tY|+Aw)l?I3cCNKRBTjtCrVn_-h%?cGew=uk2$MXjYD} zA3OPIgpviV6oEt6a^d9`rd*sHS^x~zJFP&_BYGEu^UuMEc?4JW7kZMHf27t%y-gGM ziT~QtEq4DPzzR`Fp8*~W2Vc}^aIxPaB;Ts6 z`zI;F6U`CLu$0LnUGkrDmBthppe{Hka(XR2_Y-qGQLjhc0^Y)Dg!V4X1RdUn7b%LU$dF-mY_O zcAYZ~_vSHKH5T8VR66w0BG>F|gHOWR0p`Kiw?}=&0pDb9SGjFfD4sK(rYJD;%pONS zUqYA7u(voXcy}cUR1?wwAC-%>K#~s~p9gZB;DMF)){{hc{f84>Ji?iQ`YysRqFQxh ze)AFcC2kfVW13UQ7Qrg^^jCd-mS*U$X}Im7nO5$+`q-}_r;U2%KA;UuClLQ67<0aU z!woIx<5jgS^AyVa#89$a&-7S+{qET*F$ey7@@-3LF;SJGcG!zE0q|*VSN+G>oQa4c z7e4=!oHx818nC7B?WI>?))U2NqVM~Ae<4()&yA5hrrW*02|RqV7(U|JE#>p$YLV$T zIzINZhxn5>N>A;5j>YdS`|SVXJb0G4J0e(ZD%&mBU<;|swG{KfsY|t%3D|5DiYZ)I z*DEZ)`lnG`D{DgQXiOvLJ@u549VgwABV$Bot)Qs{=a=>K-KX7cXzp9pNBV~aA^(!? z0~#SSdcwW>W1A)6yix+*<-JXB5uwIEUfo%8>r+t9Ql*5rF5YB{+U|yyF@?QEU;4rN zvoaY{}F4+jl5k8=GIY!8}5^F~Xc5H8a(s8r+vNK0~+Q zM`rR`aCVQwC3@7aZ{FfLFUfR+v_#zAPLpz~;h8fMmRvwPZbjLYTpF^HT|?Y46Y@LD zbq;E!%GGjM|C2?@oJYO-lv>KIm1+pKt;L>EUeQPt-)?m3q=jo0at5C`7pL~(2XB?? zDj)yKoO97axc>7C{Ly#xrEV>9UrU(^ro_idBb0S&CxZzxqeq7~pkYsK>J;Oc#!uHD z2jv$}-G2IP=_z^<3xBV0N0qa6x*kbSWX33^9QAT@DaIfaBGNJ?M;i`)hV|&2;?7ym zTISQt?|rkmX_$3*Me*QIfsNwYJpQv#bG%@VEd5VLVH>TdTBEPQFAqhiD|9@O-d94N z+z1>|&NtZ=yc2J^<%oR!a`FX#CZ$&jQ){_;+S4{mnp`XT0Or(2d+eI~rS5~V@xW4G z{TRtSIHEvJeRBHe;~`sz+qYKLgQkx^xqN%(Qpzju@1&9OF?Yq-yW2y;#j_L0lFIhE z>3T}{m$TjmS z59mqmj}7HC70Y~kV=~BSf7nnj+ayI?+F*=7Gue40Y&M0gcw@32@O>Nlb*g64E`Db< zx2BgeZKX)^+`cj<}BrgL>P30~YbyOSQty`|}~>ic&$^6r{#F<>`7E8jvmyWfPj|A;@fc2;vGk+V63TQP~E z&+k46?>5l&-pAT;;7r~NNFs21T9;oR4>jEM3mL@CA{`el`G*%dhV(dwItv?Ax?3O( z0$m9493B=s29?utfIa+)?-n`R9Vm9egEgQgn+HU}Nn zW-}tb7>NW|QFBn~!jTB`;UaS%uBb6Xyo9A&(+7DJR=c4(9Xjcz&VlVx)X{aehw3J& zZHL4#GkU9&2GcJ}OzEm9Uk;k}+pEz7Yv}*+2raaR=JyL7f+iovB^yn-?>8s&wUH{$ zAtFT3$0fqJccK4sopWlAaj6XZFVM4;BM=ZL6VhXEV9E0OUJCux4yN-+zgIUb^b9@O%n(O@t^2cZhht_OD)T$9?VpQ0JBWbp~kgVMg>QEva_~YrS<4tsr)3M(+~T zfUb54hl`+J5cmJ}h)$ZNlf@}UVwqp3l$W^)u~<_4AZ2|m8Ga}xTsI|42Ytma#({>; z$_TjI7SJr}B+Nzq%bhK8j_P|Hse%G-1tAp*vIj-uI!^^f889g6);a}o#zd*hG#9Da zEA87?(!_k|$efm-_*}7*xEloyt2sqtzB&|Hd}bQJae?qSZE(={aK+V{bS=@9gqI(+ z0@I=*9^)lb6aR>ue><2Pf0xftC+S%s_Txu5SMW8%3SEb-B!3m9fc=XCs-an;*R$xM z$LBATDf&i**O%Nfe-M(j&XbOS?ujaS$L2^8kb-I09ObgNQ(+<$OAI YQf)BD<7dvMP-NGBf&PAQ3ILe=54mLULI3~& diff --git a/usr.sbin/httpd/icons/small/rainbow.png b/usr.sbin/httpd/icons/small/rainbow.png deleted file mode 100644 index 175053cb4335738d0e0a4f7f93e745acbef90443..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2418 zcmW+&3sh5A7QGPu9|dGcKolyX(OO=#-~gqRuL+_QkhZo;5~*nXlmS$dNNEx<8U+dX znIL|OAR29pidZARq!gUkAPtBG5g0+iAfG@`xDfJY?(2GM-FNOjd+&44S@*5=PR7U4 z9ql~q0053LjHpBa%rO)%vLT^Wo9fUCfEhP_OHwq@K>*X!(V_!)AOP?VfK*rpKp6y7 z2&sUEQYwTqfC@!607@k2%>aM_8HjHKo&JV_5JDlMm6SlR9fFsH)ph`1A~B)c4hWP3 zAqQxQloo2yIS3x2P!T}^fC8cn;6cbkgh>E7lY|1u3BDXaZ&(5Va`%SN8zEr;3WZ1* z20$1LBb3mFND>_Y7)UgOoj)Nr-9+C2 zmO%*s5(u3T7XT+1kJfky;|VoDE+~QY2v(zQH!?s)APo@1l0$S@VgnTl1f~ObzBU9^{+8e;YqxnUoM>7ahC4%$eHHZAMq->AoJw0W@eR{s8=G%j{Otta@6F=w;m#Oy&)m@ecQU*G+v^it?Z4y!+NGUpHABOQjn(Y!bl|vj zTK(~0XnM{sY1P@0O*y1WW#!Y6pUM`Ob;)nYhlhtT`M&u5!RI$$w*F2uQSKIQ$~T!z zN6I3#&ZA~;KceCrmrM1+387p3gRsgSm5C$%y7jtG-v)C?hn)kg=0(Al9u}t4wYF>f z*SY<9^@@mDJ~KP(V=QLurUcmcSR{jn+R4o$iFEJb0lrTDnz@eQCt~yv*^3 zJFWNI`X9S>`}Xb5uhyQ===9YF>#X)$zO#AO-Mu|+olNr}VY-Z|T^&ERZJk^8iK902 zZS$x0b2tqDl`bb!le{=f54)WUxwvH&s|>dc5M2>ge_s83>@)d+uBtxzva+LL0#R_d zxGmypx_iL-^;4_&FYc`E>gfr#D<%C>UL~AJe)!c11)v>JYc2-lYxcfQwc=m6bXReB z$W~U6r+MZ-kgE!@WS17p_E^iN*EFSSeyd!>3yNYEda?^C6kk&7GOO#a!F0Ffo;;!Z zA(8uTcDzOF$L5<(3NQGw{r$ieSKb`uNO};deryG{t!Qm0ad@uA)AYxx8_Sf|BAy@io6L6(-n$ifjA~iL;98&R+F*RZmg{ zKVv*K%Is-`s;I$x{an4(s;AL2xy{#}x>0svc4UiH;uY+3bsToYc+1NsmA9Wwt2sE7 zFHBH))AVK~qxxle?vd;t3fy`^3i?S8;=q*lEVvo zm$RBR?0*M$GleCaqe+MMg|sp~&MVK^QvSo#COgoUqjKh((4Y>^e)nT4+Z8pv1WX?j z?aDJ_FDjByD8#HY-W3EvL0%9)}l(cDCOo zFJ(B_$aXDZTy$mFk*yxR%+09LsA>-EJm~pRg69{#fwjANU*AaH$s z?b3T7Pum(<>Jr8aS4PY@w)GEIDYdA&hqc@Ly(Dby_Ur^zy!Vq2Xu(Bat}hCd1{QX+ z)J%zN<6!ih{ZKJ@H0(TJX!!{XF5D>y3VCOcn8bq&GQ}WE`~{E5xMp84MK1J7W)~;} z`B53WO)cH_(;aENc09!(5w+tH{N{`(ReJUXGM+N#+sO(nJS)c+bXNPk#nws{`crsQ zj%>JCUEw5%;V@m2xWX5<9ikv2b!n@5AJZ%|HN`qCm8|MdSCwD>+*-k=QQcfBX#|uE^mSdunp48Hj{X`W+SCm`E%XOih27t30l^z z@rt2iPq{%wOs#3?no*Y-4)blVwSRd-KW~%>i%l)>`hI<^3VoY3>pYi#mj3y3R${gC z;GC)Qma_S#(nhf6LgS7Xp=*!gE(7@Be13gbG|42MPctU5y&Qv#5>v}?yW=P}RDDl+ z?l(1_xe&UUho8AdXbkiAdY=(2%WEpc1$QwlQok_f&ydZJPhdT)1!I+>%T_Qa&OtZ* zaYfH;`#o(=GrnTR`H9Z}_JLk_>5w1+PZ4FCj zRyT%4#uh3Io}%xMI@UPak0f)CLo?^A?n%$wpYYM+O-6~a>VcH^x%Ir}^^}p(%VjCE zCXQS+4W*sWIh=IFtEIu1-$TD~ppPD{$5Zrmzl%=z^l>ANnoh*-=XQ0CH?-C1OYx5E tj+}Fo6WHJY&ybTexggfpRTu`K*RHrL-%qveGoYUi5EC62RTaU`{Xff*$Fl$c diff --git a/usr.sbin/httpd/icons/small/sound.gif b/usr.sbin/httpd/icons/small/sound.gif deleted file mode 100644 index a7a89ffd9ed29c24e1759e48291cadb875f6562a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 130 zcmV-|0Db>QNk%w1VGsZi0HXf@|NsAUb92DJz}B3c_ZS$h0022kN&o-=A^8LW00062 zEC2ui01yBW0009=D7xJKa0M|0iNY9L?>oRm4WtwVAYcqvtDHa_pF~g>Zy?Whj|;FJ k&6i_@dN;{osSB_y&_-ah8I>H<4WSc3QKFczSdah!J59YUXaE2J diff --git a/usr.sbin/httpd/icons/small/sound.png b/usr.sbin/httpd/icons/small/sound.png deleted file mode 100644 index 6e3e95d3d01a390c8ae57bd8ac4631f69b36d526..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 176 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!73?$#)eFPGa2=EDUJ#gSaadGkg|NpPene$yj zVl4xMrI!~_a;MO(Fd)U4xup za(G0$g7wn#kbk>gTe~DWM4fl?XO@ diff --git a/usr.sbin/httpd/icons/small/sound2.gif b/usr.sbin/httpd/icons/small/sound2.gif deleted file mode 100644 index 07706e07b86d25525e8e7fcb8cd2d8b10c235d49..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 119 zcmZ?wbhEHb6krfwSoEL4($X?JJG-Z+=fHsj=gysDfC0syEQ|~c%nUjp0gze-W*duL zK7aHX7^e#>G_TrlZjM+_!c@ diff --git a/usr.sbin/httpd/icons/small/sound2.png b/usr.sbin/httpd/icons/small/sound2.png deleted file mode 100644 index bc46eb48fe59bce696319655f7377566780f44fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 236 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^JZv^(q?yc}qQA978H@ zl}_{(Y&H;R-T(H941YvIKtn5^)+z?p&_GrmF$orfhy%_%d*l?hcqaIteD`~H>}<`` z+7UJOr#>za?|yWC=^j^Q24!E)84{td<~GDJm@>Q;O^{#T>LgUe`pWrf5aT?PXQkO6 z&DLvj&wBgtaM{$vi~A(>U+A=2NU(@99Mt+cv-Ni5;fr~Vyf4m0@0cRGW}#?HefONN jyHy&_9;tY#a810L)68h)2`*irgBd(s{an^LB{Ts50xwq0 diff --git a/usr.sbin/httpd/icons/small/tar.gif b/usr.sbin/httpd/icons/small/tar.gif deleted file mode 100644 index 59c3ffb9a5f0dcbcc0052a6dc8b428f4b033d316..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 132 zcmV-~0DJ#ONk%w1VGsZi0HXf@|Ns9vIXP=H^|M=26Efy0jDoCS8nDw3MpHX8$hcs!0R5&$~~!7=6l diff --git a/usr.sbin/httpd/icons/small/tar.png b/usr.sbin/httpd/icons/small/tar.png deleted file mode 100644 index 12f0347bf9cd2d5131184de55dae0238ece29e4b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 227 zcmeAS@N?(olHy`uVBq!ia0vp^0wB!60wlNoGJgf6n3BBRT^JZv^(q?yd2>8n978H@ z^-kO<$fPLXdf!N_a9SZ>r&?HIiewbqw8RwQSrV2JO$(2iZ4htR)$n|W%A4osZ}Xp+ zc>ihE!$qn3fz_AeW^Ouun!~Z7uhg;drNY`HJ03qxp2_fH_Jz$SnzpxHKfy7_l2azC zNnpmp13~g?(-m_%Bj02>mwsK;#dCj+-pOKx9{a5f2U9ZKR6ac0e?E)D|K`iJ6O~u* bk!DC*uX6R!hdNuJI~hD({an^LB{Ts5S|wX9 diff --git a/usr.sbin/httpd/icons/small/text.gif b/usr.sbin/httpd/icons/small/text.gif deleted file mode 100644 index 66ceefbc8c46837738701f2ab48d202b4df62686..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 128 zcmV-`0Du2SNk%w1VGsZi0HXf@|Ns9vIXP=L7D<;z<5S%P>S%fZDrUCEXNey i3D;T)3BKR#h$>>1MhO4_ diff --git a/usr.sbin/httpd/icons/small/transfer.gif b/usr.sbin/httpd/icons/small/transfer.gif deleted file mode 100644 index d460d3fffe6c7cf99f9928a6304bd6067fa6f03d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 124 zcmZ?wbhEHb6krfwSoELa|NsBl+1YdE%sFu2!26b#_fb*V0s;&S42nNl7#SFt8FYYb zph}<+v!lhXJ92tWnn|;-tg}?R5+@)rwN=wel2yVXs`a9jYseiJzdNRf|2w!nNYjwY cpMNxu+d;~6|%{an^LB{Ts5fPFec diff --git a/usr.sbin/httpd/icons/small/unknown.gif b/usr.sbin/httpd/icons/small/unknown.gif deleted file mode 100644 index 7bf0bbc10a654c44b34856884713f88e202b3d5d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 131 zcmV-}0DS*PNk%w1VGsZi0HXf@|Ns9vIXP=NV?p<;}t+_F|o}`C)Qk76hx+MVW0-gHlm8q0>wI1hP+I5AqX7Z lsY3_=D?$QFWeCnFftzz@X-$72T1yV?|sLV6}lnkK4Y>!dZUK}|Hh-+|MVTf_I9qvr-K@2cm%Py$u^d^x%y4$>fbG$v-tE`TXoeJZ(@K f4p@7|h& z&1|tK|FFBsWSazuo9ss%95_N7yPR21$abm!v)XcOugIIYBf`6%eqrn2RL?y7X5LJo P>li#;{an^LB{Ts5e;iKN diff --git a/usr.sbin/httpd/icons/sound1.gif b/usr.sbin/httpd/icons/sound1.gif deleted file mode 100644 index 8efb49f55d6a370df44ad6e3269f6f966ffe25f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 248 zcmZ?wbhEHb6k!l!IK;s49|(+%&;0*?=FFLyGiRnTFc=#fGcYhH{__jT$ShV!EGkg| zQki)QB^jv-1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz!(9+VBLGdRGBLf2ygAUMi29WIx%-I^d?))<_JM1*!l}uu2Kl{c)an9BQ z8Fjp~isqGPnlRppzAozM@n_rZ?DB^@TMqI1Z!lq-XpvS})uOfhlGZ1!vqC)g^DkYQ rbCHkPIiy`w;vU-;D{*7rCt7AIb`rH-)ly|T)gs(25}jS#oD9|g^MhHm diff --git a/usr.sbin/httpd/icons/sound1.png b/usr.sbin/httpd/icons/sound1.png deleted file mode 100644 index 7a766be6cc8038c54605beca648425afa090b17a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 310 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DTx4|5Z5#R|Nl2O1`=n^oS8Xu zW*P&7v9U2w^6&fe4}lb8lDE4HyI5k!Yal1f)5S5Q;#P9P0bU^q304K2Z%mGCjvSkp zGz2mzop~2>K!GE1nuaKc0aNIP>C>$>MHyI`CB0%|rZo732?TR;a4~fzFI%GGxRsID zxLNAhglS=OST-_oTsr$eY_n+d9OlAEt3wlWIF=_fFszZ5Ue4}nQwFp(ti&~<#5q4V zH#M(>AtWQSSRt{fL;*-;<|&k9q$(7YCgo%%E2QM-CT8a8DR`%r0VO<2(=$?wbriBe uybOob%o4ri{9GM{;M9VW)ZC=hA_YTBOH-d0UycB6VDNPHb6Mw<&;$S_1!QFa diff --git a/usr.sbin/httpd/icons/sound2.gif b/usr.sbin/httpd/icons/sound2.gif deleted file mode 100644 index 48e6a7fb2faeb6ba254a87945246f5ca5980583b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 221 zcmZ?wbhEHb6k!l!IK;s4|Ns9pKy>EJ%$YOO($b8LjTyi|@tVo`|#kjl(c zD9K1wC@4+J$xK#A$~K Lz}Ywz1_o;YcDqp^ diff --git a/usr.sbin/httpd/icons/sound2.png b/usr.sbin/httpd/icons/sound2.png deleted file mode 100644 index 45112909398771bab1ed7004379521ae610cf191..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 297 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DbWC*5Z5#RLEy}pGc#w-OiN2M zHZ}&zbP8DI0x8BMZ+92A#Izl?Ku&_Ei(^Q|t<>{-c^e!!SQDfoAC&E6?Af^N;4SUG zzwRG89eny;aaTTU&(PfMZRY*lN7gZ;|G;XMlGFoRRvdB^_2T*)A>87wZ}xsuWBh?x z>7p{ScMQ&#d)_%^HhIaeJ>MA)rzz$wIyt8aXjfQ?Yeb22er|4RUI{};MrN@>Vo`|# zkjl(cD9K1wC@4+J$xK#A$FVdQ&MBb@0N#3S761SM diff --git a/usr.sbin/httpd/icons/sphere1.gif b/usr.sbin/httpd/icons/sphere1.gif deleted file mode 100644 index 7067070da2786b9842212ff1ce2307fb404407ce..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 285 zcmZ?wbhEHb6k!l!c+9}?9|&g7{BLZ0=KudQXU@!=IWvuc!PwZC0S8e0=NFQZS*(y) zRH6W+GV>HlGEx-^N|SOjlND0(a}zW3^c1{P%YYIdrRf=|#X1VvAYO(;YG#REa(=Fk zLU3w9NosCVYLSAWrKKr@;!hSv1_ovZ9gvM6S23_u6rAu}z1QM(uhlIPp`JtRT@DHy zZ8JL^S8aON%CRcz&DRnUR>3@1XNE@hlZ*^I1j}_C#yT z68XztxyIW*eK)gq&Gg$oObhE&HaxGaZep#g4-2m9Y;B7#>??2R@5{BXndV`dHEXt- HAcHjk`1fN- diff --git a/usr.sbin/httpd/icons/sphere1.png b/usr.sbin/httpd/icons/sphere1.png deleted file mode 100644 index 2198ae89ec4cd38ae9dedec1849543cd304e3451..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 326 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{Dd_;85Z5#R|Noyk^S`k%kUn$f z%*>fH(-;_xjg5iwjq7qh11ZKNZ+91twtG{nfShtq7srr_TfOHM`5Fv(S|57p>}C|M z2x6I6*sQxi(A!o~L6PNB^5!+O4}4s$uRmAfK>v)*T|u&)>5Db{dsn6Ety=YM;_D?- zmfh}U@Ls-kIrs7tH#ZB&`?nnGJEY-~=2N1WXwC9%lT>!DRYvd2&zo;dpFR284|dMD zou73>=R1Gm1UezC#5JPCIX^cyHLrvrBqOs}A+e}L0Z3)$DU@WSDio9^XGxPKmyi?175+0@L8L7oO3fUlDhC^y*iC%Jku8u-*YC%bA zZc=KIf}y3QDTCrq7DfgJW(FOg=?oy-8JMdxcJ29GAmOljuG+p#>+^!wLzQ;)UT5um zk+|bSXOMfYd{L=zjsF9o(~1rvGBq{}GB`LmSXvkRdn%jF4af{C6R?=uy5ZaLzjm9G zwH8$Kxi4iXD)_78aNoVF=4GE7r)afPMP*}_m05#Wld*D7Z?_kl#}r$ALGzij95@-Q E0diYklmGw# diff --git a/usr.sbin/httpd/icons/sphere2.png b/usr.sbin/httpd/icons/sphere2.png deleted file mode 100644 index 257632ba46db43a6f3fdee93a6dc61dd26d8efe5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 322 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DTx4|5Z5#R|Noyk^S`k%n4X!& zz+h}_43y-(^*$9yF(!GtyReHTcDx31$~;{hLn>~Co;%2SK!L|0F#H0qR!M`>3kI&e z;ws?_1J1L0U(5H=xl~{EWP(dI(XMUMndxmH0wf>G1E8? zam-K4J(L>xd4ZuA+uE}i7JWEzLngn%$U%f{!NLjaj`rV~A3o`YXRGp8rc@@=bFG{Q zKLTA4R^l2_;+&tGo0?a`5R#EutdLk#q5z~a^At)lQWXkHlX5bX6;kqZ6EpMl6ueW* zfD#_1=^3fTIttk!UWP+zW{F;Mey)x}aB4wGYHm_$k%FP6rK!)0FGqkjFnGH9xvX6w diff --git a/usr.sbin/httpd/icons/tar.gif b/usr.sbin/httpd/icons/tar.gif deleted file mode 100644 index 4032c1bd3d407abddd0f0e8801e3091726574171..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 219 zcmZ?wbhEHb6k!l!_{6~Q|NsB}`}gnOy*n%{)ZE;h0R|NRxrAh77As^X=jSPa=sbmz zj8uh!(xjZsWQCOc+{Da0Jq1HcOH&2!)H0x~M`?OSYO#(&Hi(zukeXSdmz{U7WG~8yuhh5Zb<@7 z`xV^^pIq^?J6sl`b?E$;oi=gneQc#~{w%G2Eo$=bQcK8x IUrq*V0QdG)RsaA1 diff --git a/usr.sbin/httpd/icons/tar.png b/usr.sbin/httpd/icons/tar.png deleted file mode 100644 index 6c40521ff80f9282f16938e6fbfd5c7ab43bd008..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 261 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5ZC|z|L@ z=H~J@7dil?B0XIkLn?0N_8jCrpuls)uaR|=V{1f%=%qLI!Ru8xR$kFBHgcTJ6MB?Y zDOKBT#f}AgUb!5wy!z%GL(Q>U3Tx9De4f^8ee2qFD}d!I$Fygy`3ZT?TjN9hzc4;r zFP3%6gNYAliBE}ZM2T~LZf*7|f#x!Jy85}Sb4q9e0MnaZ ACIA2c diff --git a/usr.sbin/httpd/icons/tex.gif b/usr.sbin/httpd/icons/tex.gif deleted file mode 100644 index 45e43233b845960c59aa8933251d6d745b324031..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 251 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2c^13&d^F&3SUp#HU#6xa!*tin>9Z0|^A1!l(>hWb zZ!PfsEZ4Gxo$}LGGYd#m9-20(LPaIeg)1oN=Z{6M>Y}HwOe>foy~6k})9y8|ETZxl nuQycuR$g`V{oCDj`rkkOugz?zPGxp)?{Kpc$nTBfWUvMReehfo diff --git a/usr.sbin/httpd/icons/tex.png b/usr.sbin/httpd/icons/tex.png deleted file mode 100644 index 906622d3844661a0928730801e5dbe6c06b26da2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 295 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-1il>WXNX4z(zJt666nKtoI%KL7aD>5i14Gca`76aUqU64w zw&HQR^+YJhF~r&TVX^6=3;wn99AE7X?w;#mGxH!rU(AZ+fQ?te4~XVCi?0j2>g37t za__da(YyD4Sgou7!*e71PDYpg($82muBZa-3oCJrC~?lu%}vcKVF<~{ELKP?Dp3GZ znRyB&8L0{drAaxN$qFg?xrv#1dJ5jDWk3m!()5hfVjYES5HG_aHM2x7IX_oNAvm?5 fBsDiFwMfCx($duD#g`*M8yGxY{an^LB{Ts5f|+Yh diff --git a/usr.sbin/httpd/icons/text.gif b/usr.sbin/httpd/icons/text.gif deleted file mode 100644 index 4c623909fbfb54658f19186beec8d362f87e233b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 229 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf25f;1ld^F&3SUp#HU#9hW!Rw()J9@9P7P`C+IwEjh zoojbq@AhdAxLane{lx8+w_BW5Lq@1~%@UylHdfUEOTOIP6XtsB<@c_)dDA0}cD??? QSNCCuzu3fEy_^iz0A2r7i2wiq diff --git a/usr.sbin/httpd/icons/text.png b/usr.sbin/httpd/icons/text.png deleted file mode 100644 index 34d0edf86e4702601cababe0759021b1c0dc6337..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 273 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DgFST5Z5#RL15<0na0M(K(W_% zWKIGp#w2fd7nc5vn}I-%pQnpsNX4zGeFu3N6ggNj6Zy3b!W-PA3>N;M6=SQnXYO@_ z-;T!?a=uhpwK8MntX;+W?>5hf44Ee<>R-E<$^H9@d7|4zcdXps_v@hgQRc`u&!uXD zl+-JMCWn={MwB?`=jNv7l`w>4WELwV7L_Ofsmwful8jV^g3_d%%w&a>{M^LMJUs>P z)H0xiM`?OSYO#(&Hi(zukeXSdmzvky)&eSX80_q%!jq zN-|Ov3QCi5GLscj@^ce2^Yj$FQ_Fx79;N9Ssl_@9*&tqqLuzJ;UUGh}jzVy1K}l+E zQfiTcp{1oMgW^vXMg|5Z1|5+3Aln(3Q#G`%?loA)#Gq@m*=ucI?DJZ$h{7jq60EN$ z%~d?lR>S0McO~B8j-}Ir=et8&oIMkM8Y@liURvT6>$dvF%11Mo3W@nQRp?BsQ#|oZ hcdptv6Cq9pYXE?dSF`{C diff --git a/usr.sbin/httpd/icons/transfer.png b/usr.sbin/httpd/icons/transfer.png deleted file mode 100644 index efaf17b682fc991783918932e9ea9edc715e7ddd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 319 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0!VDyh@)w!{DbWC*5Z5#R|Nl2O1`;!8&P-!q zFg7*@$|S^}R|ZmyN#5=*Y>8<*YJr?GPZ!6Kid(7Y4sx<6@~~dmZ@}tvfXiqHFUvEV zMiB+(sHVTuH%N){|Mu_q?_r!!eCUkyW3}aHckF!iJ=!aB%~rops^1e5#7b+WBG3C3 z1?gulxw?hvMF;~QSK6{KTN1yfFU+@?)33kHEn43Ae*GCGqkb1z_kRpL-^94T%#|tx zx*)8?HKN2hKQ}iuuY@5aBePf`v8Y4=NM+_Jlw_nT6qF|AWF{-5LrY6jpBG<_0BvCKboFyt=akR{ E05jQfJOBUy diff --git a/usr.sbin/httpd/icons/unknown.gif b/usr.sbin/httpd/icons/unknown.gif deleted file mode 100644 index 32b1ea23fb6f6195f1bb17adf9c3cb2cc29dfefa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 245 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf285X53oh^1 zKW>&-5jAtkp-JEQEv1zUHl91`xN@`LTGNM(dGW_4H_kXFe`nde&k0Pwmh>bVe^Aqp zn*VkF`rX~8eNQH~NZvgrA+!7Mou#}$yTVFbBTAg}b8}PkN*F>iGK&=wi%JxLRA!z+ zNk*zdL1|J>X0k#`er{rBo}PktY8g<%qclAuwOB_X8^p_SNX;zKOU}>LQ3y^gC`rvt bN-a__w6rw!dGX~4&;|xiS3j3^P6-Xz@*&Mzw-23{>5{AIi%LijXHkMRw1HyNzyFOS#mnvM?d*oFAHE` Gum%9J?KeFD diff --git a/usr.sbin/httpd/icons/up.png b/usr.sbin/httpd/icons/up.png deleted file mode 100644 index a69ea00c5b70706a98fda039b8e92afa35829e1f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 234 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0$P6TZ_3OC;DYgKg5Z5#R{{xxVb(YlvDaIsk zcNfP0OuF}g90N}m$B>F!$q5Hog&KY^Gc!NtXJdP2&%^WPzl6k(|HcL<{^uub_+Q_! z@ZW!CHX8XnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2@fN%Gd^F&3SUp#HpJvB@7K6@PEKNyM9n&%bmCrCe zcjss6%XbLBY-{hkn53brAS;k_~V>SO;rqEX_zty4nJbR|}ofI+Ll^r*| X^nl%z(d&ZmxB6;I8Lw|y#bCN(!>$jR;n}YIb+6~?|Mcv1 zl8b7RW?Z)P#Rs4TVI{5+CC>S|xv6<23?Uhr#R`c?)Gf$x;BUPcGG$|)DSs^7q zH!(9$Pr*C23@G7Inx2tbtfP<(;$=9bW|rtB=jZAu1g931q~<227AY87TAKR2_;Lhj O1B0ilpUXO@geCychGTF5 diff --git a/usr.sbin/httpd/icons/uuencoded.gif b/usr.sbin/httpd/icons/uuencoded.gif deleted file mode 100644 index 4387d529f69f77810347be63429d13ff38bcb2c1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 236 zcmZ?wbhEHb6k!l!IK;s4|Ns9p|NqaNIn&tKm;nhW{__jT$ShV!EGkg|Qki)QB^jv- z1*J(jnaK(%`MHUid3p-osbxS3kJ9vv)M6clY!ENQAvLo^FF8L~MXnDYZz! z(9+VBLGdRGBLf2?gAT|RknIf2@fN%Gd^F&3SUp#HpJvB@7K6@PEKNyM9n&%bmCrCe zcjss6%XbLBY-{hkn53brAS;k_~V>SO;rqEX_zty4nJbR|}ofI+Ll^r*| X^nl%z(d&ZmxB6;I8Lw|y#bCN(!>$jR;n}YIb+6~?|Mcv1 zl8b7RW?Z)P#Rs4TVI{5+CC>S|xv6<23?Uhr#R`c?)Gf$x;BUPcGG$|)DSs^7q zH!(9$Pr*C23@G7Inx2tbtfP<(;$=9bW|rtB=jZAu1g931q~<227AY87TAKR2_;Lhj O1B0ilpUXO@geCychGTF5 diff --git a/usr.sbin/httpd/icons/world1.gif b/usr.sbin/httpd/icons/world1.gif deleted file mode 100644 index 05b4ec205884f16202e290b83db7c36ec660a73e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 228 zcmZ?wbhEHb6k!l!SjfQe|Ns9p|Nk@0G-hC6Q2gf?l95@gkXTfr0HiYW6iPBu6$(m| zax#+@Qu1>XGxPKmyi?175+0@L8L7oO3fUlDhC^y*iC%Jku8u-*YC%bAZc=KIf}y3Q zDTCrq7DfgJMg|?A=?own8JLoL`d3=Lojq&DmV<08H)chf_{g}X9%4v)7BSC#N7g2- z#f}=s?(`k{vcq_8jpbY)WyV!4N-Aq^MwZQ4x?oEC?F~i2;bkXPZnEj*mSpYLJUDmD atT54C`TIV6aAK=hU_0K-zaxNw!5RQ*npTkj diff --git a/usr.sbin/httpd/icons/world1.png b/usr.sbin/httpd/icons/world1.png deleted file mode 100644 index 3a65c00d8468f2455e5edd5b494fd4b5f39b7172..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 315 zcmeAS@N?(olHy`uVBq!ia0vp^B0wz0#0(_&>W54PQak}ZA+Bfsg8;)!W1v7p;}(zx z#w2fd7iK{opHDzewWo_?NX4z>ga(FZ|JfUs++Ahs@a*h~7tB00m&0^#A2?vGo%NKB z?R08prX^3<<+Nqz5-Y5XjY~}rUtT)XcsldR%+;49=bh#1_DQc0WmAf8TibOeZ9`X2 z)Yi6xC8;SXe9ZZ2DJhK1`L|B3;N>~vzd4L~?MC0Vjkh_N82D>-k8Ed+xCeAbScz*y ziF1B#Zfaf$Lr6wuu|i@|i2{(y%u^`INL45(P0GnkR!GUuP0Y;GQ}9kL14?+5re~xU y>nLP{co`0EJ%$YM8W*Rf388d)^;y=HTjLc$%#G(=fAeEV? zP?C|VP*9qblbNiLlAoKHnWv}VomvKz@F-2sNG;Y;$OiE;98xn&^pf*)brgbA3rbRR zlTwQm3@t5985DoAFfuSOGU$NJ2ieZRTp_XR&O5bJ*Ohi!T+-@^=jL?!gy~R6SmeCA7ufyx{6*ATcJslr}JKu)ixi(^Q|t=RJi1rICmusGO>D6D376H$o2#Gw4| zM&Ivz)%M3WLVL?3o|SmLO#f8b7tQ`*&m42{>8IPZ8Qwm5CUD^7n+uj^L2avddr7|( zI8@r{=k#Nb+ujpB?GsP2)Xkl<RUDr}%b9ZV}q- zS0~#2V*a7sQ?35-|2ilA!AADOJ}aGDK!=5uxJHyX=jZ08=9MsnWMmdABo>t@0IAG8 zg_4X^g@V$goXli}l>FSp%sf2>@6ht2u5ugnWp00i_>zopr0H=3?nE(I) diff --git a/usr.sbin/httpd/src/.gdbinit b/usr.sbin/httpd/src/.gdbinit deleted file mode 100644 index 564d9c3a255..00000000000 --- a/usr.sbin/httpd/src/.gdbinit +++ /dev/null @@ -1,28 +0,0 @@ -# gdb macros which may be useful for folks using gdb to debug -# apache. Delete it if it bothers you. - -define dump_table - set $t = (table_entry *)((array_header *)$arg0)->elts - set $n = ((array_header *)$arg0)->nelts - set $i = 0 - while $i < $n - printf "[%u] '%s'='%s'\n", $i, $t[$i].key, $t[$i].val - set $i = $i + 1 - end -end -document dump_table - Print the key/value pairs in a table. -end - -define dump_string_array - set $a = (char **)((array_header *)$arg0)->elts - set $n = (int)((array_header *)$arg0)->nelts - set $i = 0 - while $i < $n - printf "[%u] '%s'\n", $i, $a[$i] - set $i = $i + 1 - end -end -document dump_string_array - Print all of the elements in an array of strings. -end diff --git a/usr.sbin/httpd/src/.indent.pro b/usr.sbin/httpd/src/.indent.pro deleted file mode 100644 index 77b65f3d6a7..00000000000 --- a/usr.sbin/httpd/src/.indent.pro +++ /dev/null @@ -1 +0,0 @@ --i4 -npsl -di0 -br -nce -d0 -cli0 -npcs diff --git a/usr.sbin/httpd/src/BUILD.NOTES b/usr.sbin/httpd/src/BUILD.NOTES deleted file mode 100644 index 5eee75e8d6a..00000000000 --- a/usr.sbin/httpd/src/BUILD.NOTES +++ /dev/null @@ -1,39 +0,0 @@ -OS Specific notes for building/compiling Apache - -------------- -Introduction: -------------- -Apache has been ported to a wide variety of platforms, from multiple -UNIX variants to OS/2 to Windows95/NT. In building and/or compiling -Apache on some platforms, there are some hints and notes which may -help you if you run into problems. - ------ -A/UX: ------ - Don't even try with cc. Instead, use gcc-2.7.2 and the libUTIL.a - function library, both of which are available on jagubox.gsfc.nasa.gov. - libUTIL.a includes many basic functions that Apache (and other software) - requires as well as fixed versions of functions in libc.a. Contact - Jim Jagielski (jim@apache.org) if you need a precompiled build for - A/UX 3.1.x. - ------ -AIX: ------ - If you compiled Apache on AIX (any version) using the xlC compiler - version 3.6.X and you receive an error such as the following when - trying to start Apache: - - "Expected but saw " - or - "Expected but saw " - - then you have encountered a bug in xlC. This is a problem with the - 3.6.X versions of xlC, and is not a problem with the Apache code. - You need to update your xlC compiler and rebuild the server. A - set of PTFs which correct the problem is available from: - http://techsupport.services.ibm.com/rs6k/fixdb.html - The PTFs are: U462005, U462006, U462007, and U462023 through - U462030. The PTFs have been tested and do indeed fix the problem. - diff --git a/usr.sbin/httpd/src/CHANGES b/usr.sbin/httpd/src/CHANGES deleted file mode 100644 index 22f5edc7fa7..00000000000 --- a/usr.sbin/httpd/src/CHANGES +++ /dev/null @@ -1,9230 +0,0 @@ -Changes with Apache 1.3.29 - - *) SECURITY: CAN-2003-0542 (cve.mitre.org) - Fix buffer overflows in mod_alias and mod_rewrite which occurred if - one configured a regular expression with more than 9 captures. - [André Malo] - - *) Within ap_bclose(), ap_pclosesocket() is now called consistently - for sockets and ap_pclosef() for files. Also, closesocket() - is used consistenly to close socket fd's. The previous - confusion between socket and file fd's would cause problems - with some applications now that we proactively close fd's to - prevent leakage. PR 22805 - [Radu Greab , Jim Jagielski] - - *) If a request fails and the client will be redirected to another URL - due to ErrorDocument, see if we need to drop the connection after - sending the 302 response. This fixes a problem where Apache treated - the body of the failed request as the next request on a keepalive - connection. The subsequent 501 error sent to the browser prevented - some browsers from fetching the error document. [Jeff Trawick] - - *) Fixed mod_usertrack to not get false positive matches on the - user-tracking cookie's name. PR 16661. - [Manni Wood ] - - *) Enabled RFC1413 ident functionality for both Win32 and - NetWare platforms. This also included an alternate thread safe - implementation of the socket timout functionality when querying - the identd daemon. - [Brad Nicholes, William Rowe] - - *) Prevent creation of subprocess Zombies when using CGI wrappers - such as suExec and cgiwrap. PR 21737. [Numerous] - - *) ab: Overlong credentials given via command line no longer clobber - the buffer. [André Malo] - - *) Fix ProxyPass for ftp requests - the original code was segfaulting since - many of the values were not being filled out in the request_rec. - [Tollef Fog Heen , André Malo] - - *) Removed BIND_NOSTART from HP/UX shl_load() logic for loadable - Apache modules, so that statics are initialized when the module - is loaded (especially critical for c++ modules on HPUX.) - [William Rowe, Noah Arliss ] - - *) Win32 build system changes; always recompile buildmark.c (used for - Apache -v 'server built' messages) even when Apache is built from - within the IDE; build test_char.h and uri_delims.h from within the - ApacheCore.dsp project. PR 12706. [William Rowe] - - *) Introduce Win32 .pdb diagnostic symbols into the Apache 1.3 build - (as created in Apache 2.0.45 and later.) Makes debugging and - analysis of crash dumps and Dr. Watson logs trivial. Requires the - Win32 binary builder to set aside the exact .pdb files that match - the released binaries (.exe/.so files) for reference by users and - developers. [William Rowe] - - *) Make sure the accept mutex is released before calling child exit - hooks and cleanups. Otherwise, modules can segfault in such code - and, with pthread mutexes, leave the server deadlocked. Even if - the module doesn't segfault, if it performs extensive processing - it can temporarily prevent the server from accepting new - connections. [Jeff Trawick] - - *) Fix mod_rewrite's handling of absolute URIs. The escaping routines - now work scheme dependent and the query string will only be - appended if supported by the particular scheme. [André Malo] - - *) Use appropriate language codes for Czech (cs) and Traditional Chinese - (zh-tw) in default config files. PR 9427. [André Malo] - - *) Don't block synchronous signals (e.g., SIGSEGV) while waiting for - and holding a pthread accept mutex. [Jeff Trawick] - - *) AIX: Change the default accept mechanism from pthread back to - fcntl. Idle child cleanup doesn't work when the child selected - for termination by the parent is waiting on a pthread mutex, and - because the AIX kernel's notion of hot process is apparently the - same as Apache's, it is common for the Apache parent to continually - select a child for termination that the kernel will leave waiting - on the mutex for extended periods of time. There are other - concerns with pthread mutexes as well, such as the ability to - deadlock the server if a child process segfaults while holding the - mutex. [Jeff Trawick] - - *) Fix a pair of potential buffer overflows in htdigest - [Martin Schulze , Thom May] - - *) A newly created child now has a start_time of 0, to prevent - mod_status from displaying a bogus value for the "time to - process most recent request" column for freshly-started children - in a previously-used scoreboard slot. [Martin Kraemer] - - *) When using Redirect in directory context, append requested query - string if there's no one supplied by configuration. PR 10961. - [André Malo] - - *) Fix path handling of mod_rewrite, especially on non-unix systems. - There was some confusion between local paths and URL paths. - PR 12902. [André Malo] - - *) backport from 2.x series: Prevent endless loops of internal redirects - in mod_rewrite by aborting after exceeding a limit of internal redirects. - The limit defaults to 10 and can be changed using the RewriteOptions - directive. PR 17462. [André Malo] - - *) Use the correct locations of srm.conf and access.conf when tailoring - the httpd.conf during the install process. PR 9446. - [Stanislav Brabec ] - - *) suexec: Be more pedantic when cleaning environment. Clean it - immediately after startup. PR 2790, 10449. - [Jeff Stewart , André Malo] - - *) Fix apxs to insert LoadModule/AddModule directives only outside of - sections. PR 8712, 9012. [André Malo] - - *) Fix suexec compile error under SUNOS4, where strerror() doesn't - exist. PR 5913, 9977. - [Jonathan W Miner ] - - *) Unix build: Add support for environment variable - EXTRA_LDFLAGS_SHLIB, which allows the user to add to the hard-coded - ld flags specified for DSOs. Compare with the existing LDFLAGS_SHLIB - environment variable, which allows the user to completely replace the - hard-coded ld flags specified for DSOs. [Jeff Trawick] - - *) mod_auth_digest no longer tries to guess AuthDigestDomain, if it's - not specified. Now it assumes "/" as already documented. PR 16937. - [André Malo] - - *) In configure always assume suexec-umask to be an octal value by - prepending a "0". PR 16984. [André Malo] - - *) Fix typo in suexec -V output. PR 9034. - [Youichirou Koga ] - - *) Fix bug where 'Satisfy Any' without an AuthType resulted in an - "Internal Server Error" response. PR 9076. [André Malo] - - *) mod_rewrite: Allow "RewriteEngine Off" even if no - "Options FollowSymlinks" (or SymlinksIfOwnermatch) is set. - PR 12395. [André Malo] - - *) Change the log messages for setsockopt(TCP_NODELAY) and - getsockname() failures to log the client IP address and to - change the log level to debug. [Jeff Trawick] - - *) Correction to mod_negotiation for Win32, OS2, Netware etc, where - case insensitive requests such as the HEADER or README search - from autoindex would fail to match HEADER.html (because the - system internally looked for the case-sensitive header.* pattern.) - PR 7300 [William Rowe] - - *) Correction to mod_autoindex so that only text/* files (prefering - /html, then /plain, then some other flavor) can be recovered - from a multiview-based HEADER or README subrequest. - [William Rowe] - - *) Improvements to mod_usertrack that allows for a regular (verbose) - as well as "compact" version of the tracking cookie (the new - 'CookieFormat' directive), and the ability to prepend a string - to the cookie via the 'CookiePrefix' directive. - [Pål Løberg , with cleanup by Jim Jagielski] - - *) Certain 3rd party modules would bypass the Apache API and not - invoke ap_cleanup_for_exec() before creating sub-processes. - To such a child process, Apache's file descriptors (lock - fd's, log files, sockets) were accessible, allowing them - direct access to Apache log file etc. Where the OS allows, - we now add proactive close functions to prevent these file - descriptors from leaking to the child processes. - [Jim Jagielski, Martin Kraemer] - - *) Prevent obscenely large values of precision in ap_vformatter - from clobbering a buffer. [Sander Striker, Jim Jagielski] - - *) NetWare: implemented ap_os_default_port() to resolve the - correct default port based on the request method. This fixes - a URL reconstruction problem on a redirect. - [Pavel Novy (novy@feld.cvut.cz)] - - *) Added new ap_register_cleanup_ex() API function which allows - for a "magic" cleanup function to be run at register time - rather than at cleanup time. Also added the - ap_note_cleanups_for_(socket|fd|file)_ex() API functions - which allows for control over whether that magic cleanup - should be called or not. This does not change the default - behavior of the non-"ex" function (eg: ap_register_cleanup). - [Jim Jagielski, concept by Ben Laurie] - - *) PORT: Take advantage of OpenBSD's arc4random() function for the - initial secret [Henning Brauer ] - - *) If Listen directive is not a port, but just an IP, emit an - error condition as this case is ambiguous. - [Rich Bowen, Justin Erenkrantz, Cliff Woolley] - - *) Update timeout algorithm in free_proc_chain. If a subprocess - did not exit immediately, the thread would sleep for 3 seconds - before checking the subprocess exit status again. In a very - common case when the subprocess was an HTTP server CGI script, - the CGI script actually exited a fraction of a second into the 3 - second sleep, which effectively limited the server to serving one - CGI request every 3 seconds across a persistent connection. - PRs 6961, 8664 [Bill Stoddard] - - *) mod_setenvif: Add SERVER_ADDR special keyword to allow - envariable setting according to the server IP address - which received the request. [Ken Coar] - - *) PORT: Enable SINGLE_LISTEN_UNSERIALIZED_ACCEPT for AIX 4.3.2 - and above. Update AIX configure logic to allow higher AIX - release numbers without having to change Apache. - [Jeff Trawick] - -Changes with Apache 1.3.27 - - *) SECURITY: CAN-2002-0840 (cve.mitre.org) - Prevent a cross-site scripting vulnerability in the default - error page. The issue could only be exploited if the directive - UseCanonicalName is set to Off and a server is being run at - a domain that allows wildcard DNS. [Matthew Murphy] - - *) SECURITY: CAN-2002-0843 (cve.mitre.org) - Fix some possible overflows in ab.c that could be exploited by - a malicious server. Reported by David Wagner. [Jim Jagielski] - - *) Included a patch submitted by Sander van Zoest (#9181) and - written by Michael Radwin whichs is essentially a work around - for the adding headers to error responses. As apache does not - go through the proper chain for non 2xx responses. This patch - adds an ErrorHeader directive; which is for non 2xx replies the - direct analog of the existing Header directive. This is usefull - during 3xx redirects or more complex 4xx auth schemes. [Dirk- - Willem van Gulik] - - *) Included the patch submitted by Sander van Zoest (#12712) which - prevents just 'anything' being sucked in when doing gobbeling in - complete directories - such as editor backup files and other - cruft. This patch allows us to tailor/control this properly by - allowing simple wildcards such as *.conf. [Dirk-Willem van Gulik] - - *) SECURITY: CAN-2002-0839 (cve.mitre.org) - Add the new directive 'ShmemUIDisUser'. By default, Apache - will no longer set the uid/gid of SysV shared memory scoreboard - to User/Group, and it will therefore stay the uid/gid of - the parent Apache process. This is actually the way it should - be, however, some implementations may still require this, which - can be enabled by 'ShmemUIDisUser On'. Reported by iDefense. - [Jim Jagielski] - - *) Fix a problem with the definition of union semun which broke - System V semaphores on systems where sizeof(int) != sizeof(long). - PR 12072 [] - - *) The protocol version (eg: HTTP/1.1) in the request line parsing - is now case insensitive. This closes a few PRs and implies that - ProtocolReqCheck will trigger on *true* invalid protocols. - [Jim Jagielski] - - *) Relaxed mod_digest its parsing in order to make it work - with iCal's "WebDAVFS/1.2 (01208000) Darwin/6.0 (Power Macintosh)" - User-Agent. Apache (incorrectly) insisted on a quoted URI's - in the uri field of the Authorization client header. Not - yet done for EBCDIC plaforms. - [Dirk-Willem van Gulik] - - *) Back out an older patch for PR 9932, which had some incorrect - behavior. Instead, use a backport of the APR fix. This has - the nice effect that ap_snprintf() can now distinguish between - an output which was truncated, and an output which exactly - filled the buffer. [Jim Jagielski] - - *) The cache in mod_proxy was incorrectly updating the Content-Length - value (to 0) from 304 responses when doing validation. Bugz#10128 - [Paul Terry , ast@domdv.de, Jim Jagielski] - - *) Added support for Berkeley-DB/4.x to mod_auth_db. - [Martin Kraemer] - - *) PR 10993: add image/x-icon to default httpd.conf files - [Ian Holsman, Peter Bieringer - - *) Fix a problem in proxy where headers from other modules were - added to the response headers when this was already done in the - core already. This resulted in header (and therefore cookie) - duplication. [Martijn Schoemaker ] - - *) Fix FileETags none operation. PR 12202. - [Justin Erenkrantz, Andrew Ho ] - - *) Win32: Fix one byte buffer overflow in ap_get_win32_interpreter - when a CGI script's #! line does not contain a \r or \n (i.e. - a line feed character) in the first 1023 bytes. The overflow - is always a '\0' (string termination) character. - - *) Add new "suppress-error-charset" environment variable to - allow a BrowserMatch workaround for clients that incorrectly - use the charset of a redirect as the charset of the target. - [Ken Coar] - - *) Support Caldera OpenUNIX 8. [Larry Rosenman ] - - *) Use SysV semaphores by default on OpenBSD. [Henning Brauer - ] - - *) httpd -V will now also print out the compile time defined - HARD_SERVER_LIMIT value. [Dirk-Willem van Gulik]. - - *) In 1.3.26, a null or all blank Content-Length field would be - triggered as an error; previous versions would silently ignore - this and assume 0. As a special case, we now allow this and - behave as we previously did. HOWEVER, previous versions would - also silently accept bogus C-L values; We do NOT do that. That - *is* an invalid value and we treat it as such. - [Jim Jagielski] - - *) Add ProtocolReqCheck directive, which determines if Apache will - check for a valid protocol string in the request (eg: HTTP/1.1) - and return HTTP_BAD_REQUEST if not valid. Versions of Apache - prior to 1.3.26 would silently ignore bad protocol strings, but - 1.3.26 included a more strict check. This makes it runtime - configurable. The default is On. This also removes the requirement - on an ANSI sscanf() implementation. [Jim Jagielski] - - *) NetWare: implemented file locking in mod_rewrite for the NetWare - CLib platform. This fixes a bug that prevented rewrite logging - from working. [Brad Nicholes] - -Changes with Apache 1.3.26 - - *) Potential NULL referencing fixed in the CGI module. It had - been there for 5 years. [Justin Erenkrantz] - - *) Ensure that we set the result value in ap_strtol before - we return it. [Justin Erenkrantz, Jim Jagielski] - -Changes with Apache 1.3.25 - - *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335] - Code changes required to address and close chunked - encoding security issues. To support this, we utilize the ANSI - functionality of strtol, and provide ap_strtol for completeness. - [Aaron Bannert, Justin Erenkrantz, Jim Jagielski, Brian Pane, - William Rowe, Cliff Woolley] - - *) PORT: With OpenBSD 3.1 and up, allow modules to work on their - ELF-based architectures. [Brad ] - - *) Add X-Forwarded-Host and X-Forwarded-Server to X-Forwarded-For - to the proxy. [Thomas Eibner ] - - *) Fix a problem in mod_proxy: it would not set the number of bytes - transferred, so other modules could not access the value from - the request_rec->bytes_sent field. - [Anthony Howe ] PR#6841 - - *) Fix a problem in mod_rewrite which would lead to 400 Bad Request - responses for rewriting rules which resulted in a local path. - Note: This will also reject invalid requests like - "HEAD /roaming/martin/IMAP localhost HTTP/1.0" as issued by - Netscape-4.x Roaming Profiles (on a DAV-enabled server) - [Martin Kraemer] - - *) Disallow anything but whitespace on the request line after the - HTTP/x.y protocol string. That prevents arbitrary user input - from ending up in the access_log and error_log. Also, special - characters (especially control characters) are escaped in the - log file now, to make a clear distinction between client-supplied - strings (with special characters) and server-side strings. - [Martin Kraemer] - - *) Get rid of DEFAULT_XFERLOG as it is not used anywhere. It was - preserved by the build system, printed with "httpd -V", but - apart from that completely ignored: the default transfer log - is to not produce any transfer log. - [Martin Kraemer] - - *) Fixed sending of binary files under Cygwin. PR 9185. - [Cliff Woolley] - - *) Added Cygwin directory layout to config.layout file. - [Stipe Tolj, ] - - *) Added a '-F' flag; which causes the mother/supervisor process to - no longer fork down and detach. But instead stays attached to - the tty - thus making live for automatic restart and exit checking - code easier. [ Contributed by Michael Handler , - Jos Backus [ Dirk-Willem van Gulik ]]. - - *) Make apxs.pl more flexible (file extensions like .so or .dll are - no longer hardcoded). [Stipe Tolj ] - - *) Add an intelligent error message should no proxy submodules be - valid to handle a request. PR 8407 [Graham Leggett] - - *) Allow child processes sufficient time for cleanups but making - ap_select in reclaim_child_processes more "resistant" to - signal interrupts. Bugz# 8176 - [David Winterbourne , Jim Jagielski] - - *) Recognize platform specific root directories (other than - leading slash) in mod_rewrite for filename rewrite rules. - Bugz# 7492 [William Rowe] - - *) For supported versions of Darwin, place dynamically loaded - Apache extensions' public symbols into the global symbol - table. This allows dynamically loaded PHP extensions. - [Marko Karppinen ] - - *) Correct proxy to be able to handle the unexpected 100-continue - reponses sent during PUT or POST requests. [Graham Leggett] - - *) Correct a timeout problem within proxy which would force long - or slow POST requests to close after 300 seconds. - [Martin Lichtin , Brian Bothwell - ] - - *) Add support for dechunking chunked responses in proxy. - [Graham Leggett] - - *) Made AB's use of the Host: header rfc2616 compliant - by Taisuke Yamada [Dirl-Willem van Gulik]. - - *) Update the Red Hat Layout to match Red Hat Linux version 7. - PR BZ-7422 [Joe Orton] - - *) Add some popular types to the mime magic file. PR 7730. - [Linus Walleij , Justin Erenkrantz] - - *) Tighten up the overridden-Server-header bugfix in the proxy, by - only overriding if the request is a proxy request. It has been - pointed out that the previous fix allows CGIs and modules to - override the Server header, which is change to previous behavior. - [Graham Leggett, Joshua Slive] - - *) Another fix for the multiple-cookie header bug in proxy. With some - luck this bug is actually now dead. [Graham Leggett] - -Changes with Apache 1.3.24 - - *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif - directives were improperly terminated. [Cliff Woolley] - - *) Win32 SECURITY: CVE-2002-0061 (cve.mitre.org) - Introduce proper escaping of command.com and cmd.exe for Win32. - These patches close vulnerability CAN-2002-0061, identified and - reported by Ory Segal , by which any CGI - invocation of .bat or .cmd files could compromise the system - when the .bat or .cmd was parsed the query args as an argument - to either cmd.exe /c or command.com /c. [William Rowe] - - *) Add % and \r [C/R] to the dangerous Win32 shell character list. - Retain the Unix sh escapes list for compatibility. - [William Rowe] - - *) Pass the command line to the cmd.exe /c interpreter double quoted. - This fixes a bug that CGI args ending in a double-quote would - cause invocation to fail. Also, treat command.com as a 16-bit - executable. [William Rowe] - - *) Win32; Never invoke cmd or bat scripts based on the registry, even - for 'ScriptInterpreterSource Registry' enabled. [William Rowe] - - *) Provide Win32 users a log of the cgi command invoked, to assist - in debugging scripts at LogLevel info. Also provide env vars - at LogLevel debug for additional help to admins troubleshooting - the ever mysterious "Premature end of script headers" error. - [Aaron Bannert] - - *) Added the 'CGICommandArgs off' directive, to allow admins - to disable the query argument passing mechanism in Apache, - if future CGI argument vulnerabilities should be discovered. - This defaults to 'on', meaning isindex-style query arguments - are enabled. [Aaron Bannert] - - *) When a proxied site was being served, Apache was replacing - the original site Server header with it's own, which is not - allowed by RFC2616. Fixed. [Graham Leggett] - - *) Fixed the previous multiple-cookie fix in the proxy. Cookies - are broken in that they contain dates which in turn contain - commas - so merging and then unmerging them breaks Set-Cookie - headers. Sigh. [Graham Leggett] - - *) Add ap_uuencode to the httpd.exp exports file used by - the AIX linker. [Bill Stoddard] - - *) Win32: Ignore AcceptMutex directive if it is present - [Bill Stoddard] - - *) mod_rewrite: restored rnd behavior that was broken in 1.3.23. - PR 10090, 10185 [Jeroen Boomgaardt ] - - *) NetWare: Added the command line directive -e that forces all - fatal configuration error messages to the logger screen rather - than the Apache screen before Apache is unloaded. - [Brad Nicholes bnicholes@novell.com] - - *) Add the ProxyIOBufferSize option. Previously the size of the - buffer used while reading from the remote server in proxy was - taken from ProxyReceiveBufferSize. [Graham Leggett] - - *) Fix a NULL variable check in proxy where we were checking the - wrong variable. [Geff Hanoian ] - - *) Fix typo in default config files related to Swedish language - documents. PR: 9906, 10040 [Tomas Ögren , - Dennis Lundberg ] - - *) apxs didn't get rebuilt when options were changed. This must have - caused much puzzlement in the past. Fixed. - [Ben Laurie] - - *) No idea why an HTTP/1.1 proxy would send an HTTP/1.0 request - to a remote server by default. Fixed. - [Graham Leggett, Gabriel Russell ] - - *) NetWare: Added the module mod_log_nw to handle log rotation. - This module adds LogRotateDaily and LogRotateInterval to allow - all of the custom logs to be either rotated on a daily basis or - on a specific interval. Based on a patch by Bertrand Demiddelaer. - [Brad Nicholes bnicholes@novell.com] - - *) Fix typo in rotatelogs.8. [Will Lowe ] - - *) Clean up warnings in mod_proxy [Chuck Murcko ] - - *) TPF: Use the correct subpool when opening the error log. - This prevents a possible SIGPIPE in standalone_main. - [David McCreedy ] - - *) When proxy enabled a slow frontend client to read from an - expensive backend server, it would wait until it had delivered - the response to the slow frontend client completely before - closing the backend connection. The backend connection is now - closed as soon as the last byte is read from it, freeing up - resources that would have been tied up unnecessarily. - [Graham Leggett, Igor Sysoev ] - - *) The proxy code read chunks from the backend server in a - hardcoded amount of 8k. The existing ProxyReceiveBufferSize - parameter has been overloaded to specify the size of this buffer. - [Graham Leggett, Igor Sysoev ] - - *) [Security] Prevent invalid client hostnames from appearing in - the log file. If a double-reverse lookup was performed (e.g., - for an "Allow from .my.domain" directive) but failed, then - a spoofed dns-reverse-address could appear in the logs. Now - the numeric address is logged instead. Note that - reverse-address-spoofing did NOT actually allow access - to any protected resource! [Martin Kraemer] - - *) Some browsers ignore cookies that have been merged into a - single Set-Cookie header. Set-Cookie and Set-Cookie2 headers - are now unmerged in the http proxy before being sent to the - client. [Graham Leggett] - - *) Fix a problem with proxy where each entry of a duplicated - header such as Set-Cookie would overwrite and obliterate the - previous value of the header, resulting in multiple header - values (like cookies) going missing. - [Graham Leggett, Joshua Slive] - - *) Fix a problem with proxy where X-Cache headers were - overwriting and then obliterating upstream X-Cache headers - from other proxies. - [Graham Leggett, Jacob Rief ] - - *) Win32: Work around a bug in Windows XP that caused data - corruption on writes to the network. The WinXP bug - is tickled by the combined use of WSADuplicateSocket - and blocking send() calls. - [Bill Stoddard, Bill Rowe, Allan Edwards, Szabolcs Szakacsits] - - *) Add 'IgnoreCase' keyword to the IndexOptions directive; - if active, upper- and lower-case letters are insignificant - in ordering. In other words, all A* and a* files will be - listed together, rather than the a* ones after all the [A-Z]* - ones. [Tullio Andreatta ] - - *) NetWare: Implemented the real ap_os_case_canonical_filename() - function that retrieves the accurately cased path and file - name from the file system. [Brad Nicholes bnicholes@novell.com] - - *) Fix the longstanding bug that errors (returned by src/Configure) - would not be noticed by the top level configure script. - That was bad for automated configurations. [Martin Kraemer] - - *) Link with -lpthread on Solaris since we reference pthread - functions for the accept mutex. Previously, the link step - would succeed but we would link to bogus versions of the - pthread functions in libc, apparently breaking accept mutex - serialization when "AcceptMutex pthread" was used and - apparently breaking some third-party modules whether - or not "AcceptMutex pthread" was used. [Jeff Trawick] - - *) The Location: response header field, used for external - redirect, *must* be an absoluteURI. The Redirect directive - tested for that, but RedirectMatch didn't -- it would allow - almost anything through. Now it will try to turn an abs_path - into an absoluteURI, but it will correctly varf like Redirect - if the final redirection target isn't an absoluteURI. [Ken Coar] - - *) apxs: fix bug that prevented -S option from containing quotes. - [Ben Laurie] - - *) ftp proxy: various cosmetic and functional improvements - - Allow for /%2f hack (to access the root directory / ) - - properly escape generated links in dir listing - - do directory listings in ASCII, to avoid problems with EBCDIC - servers - - close data & control channels to server properly - [Martin Kraemer] - - *) NetWare: Added mod_auth_dbm to the project file. - [Brad Nicholes bnicholes@novell.com] - - -Changes with Apache 1.3.23 - - *) Changed the symbol mapping of the following from API_EXPORT - to API_EXPORT_NONSTD: - ap_snprintf(), ap_table_do(), ap_bvputs(), ap_log_error(), - ap_log_rerror(), ap_log_printf(), ap_rprintf() - [William Rowe] - - *) Fixed a number of mismatched int sizes and signedness problems. - Still remains, MSVC's 'interesting' declaration of FD_SET still emits - (impotent) warnings. [William Rowe] - - *) mod_proxy changes: - - *) Bug fix for ap_proxy_cache_conditional(), unititialized wetag - [Zvi Har'El ] - - *) Add persistent connection handling - The patch changes mod_proxy to write the reply-headers using - ap_send_http_header() instead of directly using ap_bvputs(). This not - only simplifies mod_proxy, in my opinion at least, but enables it to - make use of the features of Apache's normal header and persistent - connection machinery. - [Christian von Roques ] - - *) Graham Leggett's original 1.3.12 patch, updated for 1.3.19+ - Original comments: - - HTTP/1.1 support for mod_proxy: - - support for Cache-Control - - conditional support If-Match, If-None-Match, - If-Unmodified-Since, Etag - - support for content negotiation using Vary - - storing of request headers (for Vary support) in cache file - - storing of updated response headers (with 304 Not Modified) in - cache file - - support for 64 bit dates and content-lengths in cache file - Fixes: - - ProxyPassReverse applied to Content-Location - - entity headers no longer stripped from response after cache - revalidation - - annotation of mod_proxy cache code - [Graham Leggett ] - - changes to preserve binary compatibility with httpd core, clean up - [Chuck Murcko ] - - *) HPUX 11.*: Do not kill the child process when accept() - returns ENOBUFS on HPUX 11.*. - [madhusudan_mathihalli@hp.com] - - *) PORT: Numerous additions to Cygwin, including: defaulting - to Posix thread accept mutex, excluding the call to - pthread_mutexattr_setpshared(), better proxy and DBM support, and - allowing the use of native Win32 socket ops instead of - Cygwin's Posix wrapper (for better performance). The last - item required the addition of a new Configure Rule: CYGWIN_WINSOCK. - [Stipe Tolj ] - - *) Use "httpready" accept filter rather than "dataready" on - FreeBSD after 4.1.1-RELEASE where it works correctly. - [Tony Finch] - - *) Fix incorrect "Content-Length" header in the 416 "range not - satisfiable" response. [Joe Orton ] - - *) Add FileETag directive to control fields used when constructing - an ETag for a file-based resource. Historically the inode, - size, and mtimehave been used, but the inode factor broke - caching for systems with content fan-out across multiple - back-end servers. Now the fields used in the construction - can be controlled by configuration directives. Minor MMN - bumped; MMN went from 19990320.10 to 19990320.11. - [Ken Coar, from a patch by Phil Dietz] - - *) NetWare: Fixed the access forbidden problem when requesting an - empty directory rather than showing the empty listing. - [Charles Goldman, Guenter Knauf ] - - *) Cause Win32 to capture all child-worker process errors in - Apache to the main server error log, until the child can - open it's own error logs. [William Rowe] - - *) Revert mod_negotiation's handling of path_info and query_args - to the 1.3.20 behavior. PR: 8628, 8582, 8538 [William Rowe] - - *) Modify buff.h and buff.c to enable modules to intercept the - output byte stream for dynamic page caching. A pointer to a - 'filter callback' function is added to the end of buff.h. - This function, if registered by a module, is called - at the top of buff_write() and writev_it_all(). - [Kevin Mallory ] - - *) When the default of 'Group #-1' was changed to 'Group "#-1"', - the Makefile wasn't updated to recognise the quotation marks. - [Owen Boyle ] - - *) Win32: Do not allow threads to continue handling keepalive - requests after a shutdown or restart has ben signaled. - [Bill Stoddard] - - *) Win32: Accept OPTIONS * requests. [Keith Wannamaker] - - *) Unixware 7.0 and later did not have a default locking - mechanism defined. This bug was introduced in apache 1.3.4. - [Dean Gaudet] - - *) Prevent an Apache module from being loaded or added twice due - to duplicate LoadModule or AddModule directives (or a missing - ClearModuleList directive). - [William Rowe, Brian Pane ] - - *) Add checkgid app to do run-time validation of Group directive - values which might cause the server to fall over, but which - are syntactically correct. [Ken Coar] - - *) NetWare: Added mod_unique_id to the project file. - [Brad Nicholes bnicholes@novell.com] - - *) NetWare: Fixed a link problem with mod_vhost_alias so that it - exports the correct MODULE structure. PR 8598 - [Brad Nicholes bnicholes@novell.com] - - *) Unix: The generated install script for binary distributions, - install-bindist.sh, now makes DSO files executable, like - make install. This allows a binary distribution to work on - HP-UX without any manual intervention. PR 7428 - [Jeff Trawick] - - *) Win32: The Apache Win32 developers generally recommend that - MaxRequestsPerChild be set to 0 to prevent the child process - from ever recycling. However, for those that do require a - non-zero setting, this patch fixes a serious bug that can cause - an apparent 'server-hang' condition where the server stops - responding to requests for a period of time. Prior to this - fix, when the child process handled MaxRequestsPerChild - connnections, the child process would stop accepting new - connections and begin allowing inactive threads to exit. The - problem was that a new process would not be created to begin - handling requests until the old process fully exited. The old - process can take an indeterminate amount of time to exit because - it may be sending large responses to clients connected over slow - links, or it may have threads blocked in read awaiting requests - (eg, one attack mode of the Nimda worm is to establish a - connection to the server but not send an HTTP request. This - connection will be timed out according to the setting of the - Timeout directive, 300 seconds). This fix allows the new process - to be immediately started and begin accepting requests when the - old child process reaches MaxRequestsPerChild. - [Bill Stoddard] - - *) Win32: Emit error message when the server bumps up against the - ThreadsPerChild configuration limit. This will be useful for - admins to detect when their server is running out of threads - to handle requests. [Bill Stoddard] - - *) Test all directories listed with the UserDir directive for validity. - Also resolves the Win32/Netware bug of unparsable quoted paths. - PR 8238 [William Rowe] - -Changes with Apache 1.3.22 - - *) Recognize AIX 5.1. [Jeff Trawick] - - *) PORT: Support AtheOS (see www.atheos.cx) - [Rodrigo Parra Novo ] - - *) The manual directory is still configurable (as enabled by - the 1.3.21 change), but its default setting was reverted to - the pre-1.3.21 default as a subdirectory of the DocumentRoot. - You can adapt your path in config.layout or with the - "configure --manualdir=" switch. [Martin Kraemer] - - *) Additional correction for the mutex changes on the TPF platform. - [David McCreedy ] - - *) mod_proxy - remove Explain*; replace with ap_log_* - [Chuck Murcko ] - -Changes with Apache 1.3.21 - - *) Enable mod_mime_magic (experimental) for Win32. [William Rowe] - - *) Use an installed Expat library rather than the bundled Expat. This - fixes a problem where multiple copies of Expat could be loaded - into the process space, thus conflicting and causing strange - segfaults. Most notably with mod_perl and XML::Parsers::Expat. - [Greg Stein] - - *) Handle user modification of WinNT/2K service display names. Prior - versions of Apache only accepted identical internal and display names - (where internal service names were space-stripped.) [William Rowe] - - *) Introduce Win32 -W option for -k install/config to set up service - dependencies on the workstation, snmp and other services that given - modules or configurations might depend upon. [William Rowe] - - *) Update the mime.types file to map video/vnd.mpegurl to mxu - and add commonly used audio/x-mpegurl for m3u extensions. - [Heiko Recktenwald , Lars Eilebrecht] - - *) Modified mod_mime and mod_negotiation to prevent mod_negotiation - from serving any multiview variant containing one or more - 'unknown' filename extensions. In PR #8130, mod_negotiation was - incorrectly serving index.html.zh.Big5 when better variants were - available. The httpd.conf file on the failing server did not have - an AddLanguage directive for .zh, which caused mod_mime to loose - the file_type information it gleened from parsing the .html - extension. The absence of any language preferences, either in - the browser or configured on the server, caused mod_negotiation - to consider all the variants equivalent. When that occurs, - mod_negotiation picks the 'smallest' variant available, which - just happened to be index.html.zh.Big5. - [Bill Stoddard, Bill Rowe] PR #8130 - - *) SECURITY: CVE-2001-0731 (cve.mitre.org) - Close autoindex /?M=D directory listing hole reported - in bugtraq id 3009. In some configurations where multiviews and - indexes are enabled for a directory, requesting URI /?M=D could - result in a directory listing being returned to the client rather - than the negotiated index.html variant that was configured and - expected. The work around for this problem (for pre 1.3.21 - releases) is to disable Indexes or Multiviews in the affected - directories. [Bill Stoddard, Bill Rowe] - - *) Enabled Win32/OS2/Netware file paths (not / rooted, but c:/ rooted) - as arguments for mod_vhost_alias'es directives. [William Rowe] - - *) Changes for Win32 to assure mod_unique_id's UNIQUE_ID strings really - are unique between threads. [William Rowe] - - *) mod_proxy - fix for Pragma: nocache (HTTP/1.0 only) - [Kim Bisgaard ] PR #5668 - - *) PORT: Some Cygwin changes, esp. improvements for dynamic loading, - and cleanups. [Stipe Tolj ] - - *) Win32 SECURITY: CAN-2001-0729 (cve.mitre.org) - The default installation could lead to mod_negotiation - and mod_dir/mod_autoindex displaying a directory listing instead of - the index.html.* files, if a very long path was created artificially - by using many slashes. Now a 403 FORBIDDEN is returned. This - problem was similar to and in the same area as the problem - reported and fixed by Martin Kraemer in 1.3.18, only the scope - is much narrower and is specific to Windows. [Bill Stoddard] - - *) Update the mime.types file to the registered media types as - of 2001-09-25, and add xsl, so, dll extensions [Mark Cox] - - *) Resolved the build failure on Win32 using MSVC 5.0 (without the - current SDK.) PRs 7790, 7948. [William Rowe] - - *) mod_proxy - fix reverse proxy cookie passthrough - [Brian Eidelman ] PR#6055 - - *) mod_proxy - fix CacheForceCompletion directive - [Alexey Panchenko ] PR#8090 - - *) mod_proxy - close origin server connection when client aborts - [Alexey Panchenko ] PR#8067,7383,6585 - - *) ErrorDocument 404 pointing to a parsed html file with a - with a request URI containing - %2f would result in a segfault (NULL pointer deref, not a - security problem). [Jeff Moe , Dean Gaudet] PR#8362 - - *) UnsetEnv from main body of httpd.conf file didn't work; backport - of bugfix from 2.0 codebase. [Gary Benson ] PR#8254 - - *) Win32 - add mod_unique_id.so and mod_vhost_alias.so to the build. - [William Rowe] - - *) Enhancement of mod_auth to handle 'Require file-owner' and - 'Require file-group'. This allows access IFF the authenticated - username (from the appropriate AuthUserFile database) matches - the username of the UID that owns the document (and equivalent - checking for file GID and user's membership in AuthGroupFile). - See the mod_auth documentation for examples. (Not supported - on Windows.) [Ken Coar] - - *) Addition of the AcceptMutex runtime directive. The accept mutex - method is now runtime controllable. The suite of available methods - per platform is defined at compile time (with HAVE_FOO_SERIALIZED_ACCEPT - noting that the method is available and works, and - USE_FOO_SERIALIZED_ACCEPT noting that it should be the default - method in absense of any AcceptMutex line, or via AcceptMutex default) - and selectable at runtime. The full (current) suite is uslock, - pthread, sysvsem, fcntl, flock, os2sem, tpfcore and none, but - not all platforms accept all methods. [Jim Jagielski] - - *) Parallel to a change in Apache-2.0, the manual directory was - moved out of the DocumentRoot tree to simplify the separation - of private content&configuration from server's on-line - documentation. An "Alias /manual/ ..." projects the manual/ - directory (which resides now side-by-side with the icons/ - directory) into the logical DocumentRoot. Note that a request - to http://server/manual (without the trailing slash) will now - behave different than before (it used to redirect to - http://server/manual/ but no longer does). - [Martin Kraemer] - - *) Fixed ap_os_canonical_filename() so that it wouldn't try to - canonicalize an invalid file name. Also fixed - ap_os_is_path_absolute() so that it wouldn't recognize names - such as proxy:http://blah as a NetWare volume:pathname. Both of - these fixes were necessary to fix mod_proxy problems on NetWare. - [Brad Nicholes ] - - *) Fix a storage leak (a strdup() call) in mod_mime_magic. - [Jeff Trawick] - - *) We have always used the obsolete/deprecated Netscape syntax - for our tracking cookies; now the CookieStyle directive - allows the Webmaster to choose the Netscape, RFC2109, or - RFC2965 format. The new CookieDomain directive allows the - setting of the cookie's Domain= attribute, too. PR #s 5006, - 5023, 5920, 6140 [Ken Coar] - - *) The Win32 Makefile.win build script failed if - INSTDIR="c:\path\with spaces" was given, this is now fixed. PR 8184 - [Jack Tan ] - - *) EBCDIC: The proxy, when used in a proxy chain, "forgot" to - convert the "CONNECT host:port HTTP/1.0" request line to ASCII - before contacting the next proxy, and was thus unusable for - SSL proxying. [Martin Kraemer] - - *) SECURITY: CVE-2001-0730 (cve.mitre.org) - Make support/split-logfile use the default log file if - "/" or "\" are present in the virtual host name. This prevents - the possible use of specially crafted virtual host names in - some configurations to allow writing to any .log file on the - system. [Daniel Matuschek , - Marc Slemko] PR#7848 - - *) Added a directive: "AcceptFilter ". To control BSD - acccept filters when at compile time SO_ACCEPT_FILTER is - detected. The default is still 'on' except when, at compile - time, AP_ACCEPT_FILTER_OFF is defined. - - Also downgraded the fatal exit to a warning when the - associated setsocketopt(2) fails for any reason but - for ENOPROTOOPT. The latter - which implies that the - kernel does not support the filters - now rates only an - info level message. All in all this should make it easier - to move httpd binaries and config files across BSD machines - with varying acceptfilter support. - [Dirk-Willem van Gulik ] - - *) Fix the container to *really* deny all access. - Without the Satisfy All, .ht* files could still be fetched if - they were within the scope of a Satisfy Any directive. - [Ken Coar] - - *) Print a warning when an attempt is made to use line-end comments. - Apparently they are not detected/handled gracefully by all directives. - [Martin Kraemer] - - *) (TPF only) Take advantage of improvements to select(), fork(), and - exec() in the TPF operating system. - [David McCreedy ] - - *) (Cygwin only) Fix problems with signals sent to child processes; - Improve auto-configuration for Cygwin. - [Stipe Tolj ] - - *) Added Mod_Vhost_Alias to the project file so that it builds as an - external module (VHOST.NLM). - [Brad Nicholes ] - - *) Fix problem with lingering_close() on Windows. Issuing read() on the - socket descriptor on Windows always fails. Should be calling - recv() instead of read() on Windows. - [Bill Stoddard, Bill Rowe] - - *) Added an abnormal exit clean up routine to make sure that ApacheC NLM - is always unloaded cleanly. This fixes the "Ouch! out of memory" - problem when restarting Apache for NetWare after an abnormal exit - due to configuration errors. - [Brad Nicholes ] - - *) Change the compile switches for ReliantUNIX SVR4 not to use - SYSV semaphores, because upon reaching the system limit of - semaphores, the whole server exits (not just one child). - Apache could be improved to use NO_SEM_UNDO flag (see test/time-sem.c) - which is currently implemented only in the time-sem program, but not in - apache. Until then, revert to using fcntl() locks. - [Martin Kraemer] - - *) Changes to 'ab': fixed int overruns, added statistics, output in - csv/gnuplot format, rudimentary SSL support and various other tweaks - to make results more true to what is measured. The upshot of this it - turns out that 'ab' has often underreported the true performance of - apache. Often by a order of magnitude :-) See talk/paper of Sander - Temme at April ApacheCon 2001 for details. - [Dirk-Willem van Gulik] - -Changes with Apache 1.3.20 - - *) Autodetect if platforms have isnan() and/or isinf() for use in - ap_snprintf.c. [Jim Jagielski] - - *) SECURITY DoS: CVE-2001-1342 (cve.mitre.org) - Correct a vulnerability in the Win32 and OS2 ports, by which a - client submitting a carefully constructed URI could cause a GP - (segment) fault in the child process, which would have to be - cleared by the operator to resume operation. This vulnerability - introduced no identified means of compromising the server's data. - Reported by Auriemma Luigi . - [William Rowe, Brian Havard] - - *) Resolve the Win32 SSI exec cmd bug, where cmd was not executed - appropriately against the shell. [William Rowe] - - *) Added NOESCAPE (NS) flag to RewriteRule and enabled use of - '\' to allow escaping of special characters. Previously - there was no way to embed either '$' or '%' in the output - of a RewriteRule; now 'foo\$1' will result in a literal - 'foo$1' appearing in the result rather than 'foo\'. - Note that [NS] disables *all* normal URI escaping, so incautious - use can give unexpected results. [Ken Coar] - - *) Add support for Win32 apxs. Note that cygwin builders must use a - cygwin perl to avoid the MSWin32 handling. [William Rowe] - - *) Changed the initial screen handling for NetWare so that the -s - parameter will properly destroy the Apache console screen and switch - to the system console screen. Also removed the call to clrscr() for - NetWare so that any warning messages produced during startup are visible. - [Brad Nicholes ] - - *) Integrate support for the Cygwin 1.x platform (a POSIX emulation layer - for Win32 systems, see http://www.cygwin.com) - [Stipe Tolj ] - - *) Hooked calls to opendir() and readdir() so that we could add '.' and - '..' to the entry list. By default NetWare does not return these - entries which caused mod_autoindex not to display the parent directory - entry. [Brad Nicholes ] - - *) Solved a very serious threading problem with WinNT/2K Services. The - moment master_main told that the shutdown was complete, the parent - control thread exited Apache, leaving mod_jserv's Java process running - and alternately invoking mod_perl's cleanups from the correct thread - or the service control thread. [William Rowe] - - *) Populate the Win32 HKLM\System\CurrentControlSet\Services\[apachesvc] - key with the Description value of the running server across all Win32 - platforms, including NT, ME and 9x. This value is the server_version - string including loaded modules. [William Rowe] - - *) Fix ndbm.h include problems with various Linux distributions and - brain-dead glibc >= 2.1, which sometimes have ndbm.h in a - non-standard db1/ subdir. PR#6929 - [Victor J. Orlikowski] - - *) Empty headers are allowed by RFC2068 section 4.2. The presence or - absence of an empty header can be significant. The current mod_proxy - of httpd 1.3.x removes empty headers. Change mod_proxy to preserve - empty headers. [Christian von Roques ] - - *) Enhance rotatelogs so that a UTC offset can be specified, and - the logfile name can be formatted using strftime(3). [Ken Coar] - - *) Fix a possible NULL pointer dereference in the detection of the - default ServerName or IP string (introduced in 1.3.18). - [Ignasi Roca, ] - - *) Make EBCDIC conversion fully configurable. Until now, apache relied - on some (incomplete) heuristics, and would fail to correctly serve - text files when they had a MIME type of application/anything, like - application/x-javascript. The new conversion directives allow - defining the conversion based on MIME type or file suffix. - [Martin Kraemer] - - *) Add a -V flag to suexec, which causes it to display the - compile-time settings with which it was built. (Only - usable by root or the HTTPD_USER username.) [Ken Coar] - - *) Set the Win32 service description in the Services control panel to - the server_version string from Apache and the loaded modules. - [William Rowe] - - *) Added a new API for NetWare, ap_os_dso_unsym(), to allow Apache the - chance to unimport module symbols before it shuts down. This is - necessary so that Apache on NetWare can shutdown cleanly in an error - condition such as a failure while reading the httpd.conf file. - [Brad Nicholes ] - - *) Introduce NUL device pipes for stdin and stdout for the parent Win32 - service process. This solves bugs such as PR7198 that report - "dup2(stdin) failed" when trying to use piped logs. [William Rowe] - -Changes with Apache 1.3.19 - - *) Rewrite ap_unparse_uri_components() to make it safer and more readable - ["Jeffrey W. Baker" ] - - *) Under certain circumstances, Apache did not supply the - right response headers when requiring authentication. - [Gertjan van Wingerde ] PR#7114 - - *) Clean up some end-of-loop not reached warnings [Jim Jagielski, - Aris Stathakis ] - - *) Add the correct language tag for interoperation with the Taiwanese - versions of MSIE and Netscape. [Clive Lin ] PR#7142 - - *) Fixed system shutdown on Windows 2000 to assure that the modules have - an opportunity to clean up. Note there is a _very_ limited amount of - time in which to execute all cleanups [see MSKB Q146092] so all of - the modules may still not be given an opportunity to complete their - cleanups if they require more than 20 seconds total. [William Rowe] - -Changes with Apache 1.3.18 [not released] - - *) Workaround enabled for a core dump which appeared in broken - NameVirtualHost configurations. [Martin Kraemer] - - *) Sporadic core dump in ap_default_port_for_scheme() with - internal requests fixed by [Jeffrey W. Baker ] - - *) PORT: Allow for build under latest dev. version of NonStopUX - on Compaq. [Tom Bates ] - - *) mod_user on Win32 bug introduced in 1.3.17 is corrected. The parsing - is completely rewritten so all platforms share the same file/redirect - logic interpreting UserDir directives. Specifying a Win32 or Netware - relative path or a relative path on any platform using an '*' now - emits an error when httpd.conf is first parsed. [William Rowe] - - *) Apache/Win32 no longer holds open the console on error, unless invoked - by a shortcut with the new -w option. [William Rowe] - - *) The Win32 -t test config now holds the console open on "SYNTAX OK". - [William Rowe] - - *) Apache on Win9x now ensures the service is stopped before removal. - [William Rowe] - - *) SECURITY: CAN-2001-0925 (cve.mitre.org) - The default installation could lead to mod_negotiation - and mod_dir/mod_autoindex displaying a directory listing instead of - the index.html.* files, if a very long path was created artificially - by using many slashes. Now a 403 FORBIDDEN is returned. - [Martin Kraemer] - - *) Trailing slashes (if they exist) are now removed from ServerRoot, - because there were known problems with them. - ["William A. Rowe, Jr." ] - - *) Changed ap_os_is_filename_valid on NetWare to accept - SERVER/VOLUME:/PATH/FILE as a valid filename pattern. - [Brad Nicholes ] - - *) Win32/Netware: correct relative paths and eliminate trailing slash - in the -d serverroot argument. -d Serverroot may be relative to - the path of the Apache.exe file. [William Rowe] - - *) Win32; fix the ServerRoot as the path of the Apache.exe file. - Eliminates the requirement of a 'backup' registry key to locate - the server root. [William Rowe] - - *) NetWare MOD_TLS fixes to disable nagles properly when making an SSL - connection, and properly detect an SSL connection based on the port - and work around the r->server->port 80 bug. - [Brad Nicholes ] - - *) TPF startup/shutdown fixes. [David McCreedy ] - - *) Correct a typo in httpd.conf. - [Kunihiro Tanaka ] PR#7154 - - *) Get the correct IP address if ServerName isn't set and we can't - find a fully-qualified domain name at startup. - [Danek Duvall ] PR#7170 - - *) Fix pointer arithmetic in mod_rewrite map expansion. - [Christopher A. Bongaarts ] PR#7157, 7158 - - *) Fixed a problem with file extensions being truncated during - the call to ap_os_canonical_filename(). - [Brad Nicholes ] - -Changes with Apache 1.3.17 - - *) Normalize the Netware path names to close a potential security - hole in comparing paths when the adminstrator specifies both - sys:foo and sys:/foo formats in the same httpd.conf file. - [Brad Nicholes] - - *) Fix an unlikely segfault provided a zero length string in the - translate_userdir() call on win32/os2, and accept backslashes - in the UserDir directive on those platforms [William Rowe] - - *) Fixed translate_userdir() in MOD_USERDIR.C so that it correctly - recognizes NetWare absolute paths. This fixes the problem where - MOD_USERDIR was trying to redirect to an absolute NetWare path - rather than opening the file at the specified location. This - patch fixes PR5826 & 6283. [Brad Nicholes ] - - *) Fixed ap_os_is_path_absolute() in OS.H so that it can tell the - between a NetWare path (SYS:/path) and a URL (HTTP://path). - [Brad Nicholes ] - - *) Fixed the sdbm.h bundled in Apache for Win32, bringing it in sync - with Perl. Because it didn't have the same geometry as Perl, - users reported the first user added with dbmmanage was not - recognized. [William Rowe] - - *) Fixed ap_os_canonical_filename to append a the default volume - name if the the path is a full path and does not include the - volume name. Since NetWare's current working directory always - defaults to the SYS: volume regardless of where the executible - started, the default volume will be the volume that is specified - in ap_server_root. [Brad Nicholes ] - - *) Handle port numbers in Host headers properly again after - the code was broken in 1.3.15. [Tony Finch] - -Changes with Apache 1.3.16 [not released] - - *) None from 1.3.15 [repository tags were the issue, no code altered] - -Changes with Apache 1.3.15 [not released] - - *) Fix a new problem introduced with the -k config syntax, that the - service installed with the -i flag would attempt to re-install - itself when starting the server. [William Rowe, Andrew Braund] - - *) Fix the declaration of the module structure in mod_example. - [Gururaj Upadhye ] PR#7095 - - *) Fix the handling of variable expansion look-ahead in mod_rewrite, - i.e. syntax like %{LA-U:REMOTE_USER}, and also fix the parsing of - more complicated nested RewriteMap lookups. [Tony Finch] PR#7087 - - *) Fix the RFC number mentioned when complaining about a missing - Host: header. [Alexey Toptygin ] PR#7079 - - *) Fix Range header processing to properly parse the syntax specified - in RFC 2616, and properly handle unsatisfiable requests by returning - a 416 error. [Tony Finch, William Rowe] PR#6973 - - *) Remove some human-readable fluff from the machine-readable mod_status - display. [Youichirou Koga ] PR#7025 - - *) The new Win32 command line option, -k config, replaces the default - options for the existing, named service with the options given on - the -k config command line. Apache -n servicename -t now displays - the default options before it tests the httpd.conf. Use the syntax - apache -k config -n servicename -f conffile to upgrade an existing - 1.3.x service to the new 1.3.15 default arguments. [William Rowe] - - *) All Win32 services now support default command line options when - starting an Apache service. The command line options given with - the apache -k install command, including -d, -f, -D, -C and -c, - are all saved in the registry. This change superceeds the old - ConfPath entry, so existing services must be reconfigured when - upgrading to 1.3.15. [William Rowe] - - *) The Win32 build is overhauled to use mod_foo.so for all dynamic - Apache modules. [William Rowe] - - *) The Win32 build scripts (makefile.win, Apache.dsw) now build - all the usual targets, including the directories htdocs, include, - lib, libexec, and cgi-bin. [William Rowe] - - *) WinNT/2K service can be started from the command line with any - desired args (e.g. Apache -k start -n apache-1.3 -D FOO will - start the service with the -D FOO option.) This extends what - Apache on Win9x already does, even running as a service. - [William Rowe] - - *) WinNT/2K can be started from the Services control panel adding - whatever args are desired (e.g. -D ARG) in the 'Start Parameters' - box of the start service dialog. These will be passed on and - recognized by the service as it starts. [William Rowe] - - *) Support -k install/-k uninstall on Win32 for compatibility with - Apache 2.0. [William Rowe] - - *) mod_cgi on Win32 and Netware now does a more effective job of - capturing all stderr output from user's scripts. PR6161 - [Hardy Braunsdorf , Will Rowe] - - *) mod_status now respects ?refresh=n of 1 or greater. If the given - refresh value is not a number, ?refresh is set to 1 second. - [William Rowe, Dirk Ahlers PR5067] - - *) Restore child process consoles to correct 16-bit CGI execution - on Windows. Relies on Win9xConHook.dll for Win9x. This patch - also assures the Apache window remains titled 'Apache', rather - than flickering to the cgi app titles. [William Rowe] - - *) Added Win9xConHook.dll, which uses hidden console spy windows to - handle the shutdown, logoff and Close button events, and dispatch - them to Apache just as SetConsoleCtrlHandler does on Win NT/2K. - The close button on Win9x now works, and the Win9x service support - code moved into this module. [William Rowe] - - *) Fix messages from the -k start/stop/restart command options on - Windows. [William Rowe] - - *) Allow Win32 users to build mod_isapi, regardless of the age of - their Win32 SDK headers. Warning provided if features must be - disabled due to old headers. [William Rowe] - - *) The ScriptInterpreterSource Registry source will now handle any - post-scriptname arguments (e.g. cmd script -q), substitute any - environment variables (e.g. "%windir%\sysapp.exe") and use the - short or long path name as appropriate (e.g. "doit %1" uses the - short form, no spaces, while "doit "%1"" uses the long form of - the script name, in quotes.) Also, passes all script names in - backslash delimited format (instead of slashes). [William Rowe] - - *) Accomodate an out-of-space condition in the piped logs and the - rotatelogs.c code, and no longer churn log processes for this - condition. [Victor J. Orlikowski] - - *) Make cgi-bin work as a regular directory when using mod_vhost_alias - with no VirtualScriptAlias directives. [Tony Finch] PR#6829 - - *) Move the check of the Expect request header field after the hook - for ap_post_read_request, since that is the only opportunity for - modules to handle Expect extensions. - [Justin Erenkrantz ] - - *) Add default CacheGcInterval of one hour [ Chuck Murcko ] - - *) Each Netware thread is created in its own thread group to ensure - that any context change applies only to the thread in which the - change was made. [Brad Nicholes ] - - *) Relax the syntax checking of Host: headers in order to support - iDNS. [Tony Finch] PR#6635 - - *) Fix Content-Length calculation when doing Range header processing. - This makes PDF byteserving work again. [Tony Finch] PR#6711 - - *) Link with libresolv on UnixWare 7 so that PHP works. - [Larry Rosenman ] PR#6780 - - *) Linux 2.2.x and later do not need a serialised single listener, - and sysv semaphores scale better than fcntl. Updated GuessOS - to distinguish 2.0.x from 2.2.x -- 2.0.x will still use fcntl. - [Andrew Morton , Dean Gaudet] - - *) Eliminate caching problems of mod_autoindex results, so the last - modified date of the directory is returned as the Last-Modified - and ETag HTTP header tags are sent if IndexOptions TrackModified - directive/option is used. [William Rowe] - - *) Corrected file path arguments from server conf directives to - their canonical form (excluding OS2 - which uses alternate - logic.) Resolves a long list of PRs reporting that Win32 paths - of the syntax x:\foo were mis-concatinated to the server root - as of release 1.3.14. [William Rowe] - - *) Correct an issue with Alias and ScriptAlias directives that - file path arguments were not normalized in canonical form. - This correction makes no attempt to normalize regular expression - forms of Alias or ScriptAlias. [William Rowe] - - *) Add a new LogFormat directive, %c, that will log connection - status at the end of the response as follows: - 'X' - connection aborted before the response completed. - '+' - connection may be kept-alive by the server. - '-' - connection will be closed by the server. - [Bill Stoddard ] - - *) Normalize all NetWare config directive paths and filespecs to - their canonical names. [Brad Nicholes ] - - *) Update the mime.types file to the registered media types as - of 2000-10-19. [Carsten Klapp , - Tony Finch] PR#6613 - - *) Restore functionality broken by the mod_rewrite security fix: - rewrite map lookup keys and default values are now expanded - so that the lookup can depend on the requested URI etc. - [Tony Finch] PR #6671 - -Changes with Apache 1.3.14 - - *) Fixes to allow compilation on NetWare [Brad Nicholes - ] - -Changes with Apache 1.3.13 [not released] - - *) NOTE: A number of Win32 symbols were exported without explicit - declaration in the ApacheCore.def file. These are now exported - with the same ordinal export values from 1.3.12, but are now - named consistent with Apache's conventions. [William Rowe] - - *) Add support for a "conf directory" which operates similar to - /etc/rc.d/init. Basically, if a config file is actually a - directory, all the files in that directory will be parsed - as conf files. PR #6397 [Jim Jagielski, Lionel Clark - ] - - *) Initial support added for mod_proxy under MPE/iX. - [Mark Bixby ] - - *) Refined UID/GID management and permissions on MPE/iX to deal - with some limitations. [Mark Bixby ] - - *) Updated the MPE DSO code to be compatible with an OS patch that - fixed an earlier DSO problem, #include tweakage required for - using apxs to build modules without access to the full source - tree, and other minor MPE tweaks. - [Mark Bixby ] - - *) SECURITY: Tighten up the syntax checking of Host: headers to fix a - security bug in some mass virtual hosting configurations - that can allow a remote attacker to retrieve some files - on the system that should be inaccessible. [Tony Finch] - - *) Add support for /, //, //servername and //server/sharename - parsing of blocks under Win32 and OS2. - [Tim Costello, William Rowe, Brian Havard] - - *) Expand dbmmanage to allow -d -m -s -p options for Crypt, MD5, - SHA1 and plaintext password encodings. Make feature tests a - bit more flexible. [William Rowe] - - *) SECURITY: CVE-2000-0913 (cve.mitre.org) - Fix a security problem that affects some configurations of - mod_rewrite. If the result of a RewriteRule is a filename that - contains expansion specifiers, especially regexp backreferences - $0..$9 and %0..%9, then it may have been possible for an attacker - to access any file on the web server. [Tony Finch] - - *) Add mod_auth_dbm (sdbm flavor) binary build for Win32. - [William Rowe] - - *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2) - as well as a comment arg to the add, adduser and update cmds. - update allows the user to clear or preserve pw/groups/comment. - Fixed a bug in dbmmanage that prevented the check option from - parsing a password followed by :group... text. Corrected the - seed calcualation for Win32 systems, and added -lsdbm support. - [William Rowe] - - *) Radical surgery to improve mod_isapi support under Win32. - Includes a number of newer ServerSupportFunction calls, support - for ReadClient (in order to retrieve POSTs greater than 48KB), - and general bug fixes to more reliably load ISAPI .dll's and - prevent leaking handle resources. Note: There are still - discrepancies between IIS's and Apache's ServerVariables, and - async calls are still not supported. Additional warnings are - logged to facilitate debugging of unsupported ISAPI calls. - [William Rowe] - - *) Update Configure script to allow building Apache on IBM's - IA64 version of AIX. [Paul Reder] - - *) NameVirtualHost can now take "*" as an argument instead of - an IP address. This allows you to create a purely name-based - virtual hosting server that does not have any IP addresses in - the configuration file and which ignores the local address - of any connections. PR #5595, PR #4455 [Tony Finch] - - *) Fix processing/merging of Remove* MIME directives. - PR #5597 [Sander van Zoest ] - - *) Fix merging of AddDefaultCharset directive. - PR #5872 [Jun Kuriyama ] - - *) Win32: Work around bug in Win32 select on network reads. Select - can indicate a socket has data to read, but the subsequent read - can return WSAEWOULDBLOCK. This problem has been observed - when running with SSL enabled Apache, specifically, browsers - sometimes cannot complete the SSL handshake when an SGC - certificate is used, receiving a network error message. - [Richard Scholz richard.scholz@subito.de] - - *) Use "accept filtering" on recent versions of FreeBSD iff the - kernel is configured to support them. This allows Apache to avoid - having to handle new connections until the request has arrived. - [Tony Finch] - - *) Fix error handling in make_sock. [Tony Finch] - - *) The htdocs/ tree has been moved out of the CVS source tree into - a separate area for easier development. This has NO EFFECT on - end-users or Apache installations. [Ken Coar] - - *) Fix problem matching Configure guessos on HP-UX 10. - [Victor J. Orlikowski] PR#6015 - - *) Correct the problem where the only local host name that the IP stack - can discover are 'undotted' private names. If no fully qualified - domain name can be identified, the default ServerName will be set to - the machine's IP address string. A warning is provided if Apache has - to assume the IP dotted address string or the localhost/loopback - address as the ServerName. The default ServerName is removed from - the default Win32 httpd.conf file. [William Rowe] - - *) Add new directives RemoveType and RemoveEncoding to accompany the - RemoveHandler directive added in 1.3.4. AddType, AddEncoding, and - AddHandler now all have corresponding 'undo' directives. This allows - things like marking foo.tar.gz.asc as *not* being gzipped, so it will be - correctly interpreted as an unzipped signature of a gzipped file. - [Ken Coar] - - *) Win32 NT and 2000 services now capture stderr messages that occur - before Apache's logs are opened to the Application Event Log. - Console and Win9x services now hold the console open for 30 seconds - (and may be dismissed with the key) if they exit with an error. - [William Rowe] - - *) Expand Win32 protection for pathname length, to provide protection - from future potential bugs such as that which caused directory index - to be displayed rather than returning an error. - [William Rowe, Allan Edwards ] - - *) USE_SYSVSEM_SERIALIZED_ACCEPT locking on OS/390 - [Ovies Brabson] - - *) Change Win32 the isProcessService() routine to compensate for other - helper apps that invoke Apache.exe without a console. Recognize that - we are running NT, and use the STARTF_FORCEOFFFEEDBACK flag to be - sure that the SCM has invoked the process. [William Rowe, - Jim Patterson , Kevin Kiley ] - - *) Export from Win32 the ap_start_shutdown and ap_start_restart symbols - for modules and executables dynamically linked to the core. - [William Rowe; Jim Patterson ] - - *) SECURITY: CAN-2000-1204 (cve.mitre.org) - Prevent the source code for CGIs from being revealed when - using mod_vhost_alias and the CGI directory is under the document root - and a user makes a request like http://www.example.com//cgi-bin/cgi - as reported in - [Tony Finch] - - *) Under Win32, The console input mode is fixed to ignore mouse events - and always listen for a Ctrl+C interrupt, even if the console window - defaults to another mode. [William Rowe] - - *) All Win32 services will now perform a graceful restart when given - the -n servicename -k restart signal. No equivilant control exists - in the service control panel applet or through the NET command. - There is no useful acknowledgement on Windows 95/98, however. - [William Rowe] - - *) Significant overhaul of the Win32 port documentation contained in - the README-WIN.TXT, as well as the htdocs/manual pages windows.html, - win_compiling.html, and the new win_service.html. - [Andrew Braund , William Rowe] - - *) Add 'services' for Windows 95 and 98, including install/uninstall - options. The Apache server therefore can start when the OS loads, - and will not stop between logoffs. This implementation remains - -HIGHLY EXPERIMENTAL-. Additional changes provide for clean shutdown - of Win95/98 when Apache is running as a 'service' or a console. - [William Rowe, Jan Just Keijser ] - - *) USE_PTHREAD_SERIALIZED_ACCEPT on AIX 4.3 and above. This change - provides a substantial performance improvement on multi-CPU - machines serving large numbers of concurrent clients. - [Victor J. Orlikowski ] - - *) Brought httpd.conf-dist-win into sync with httpd.conf-dist, and added - explicit documentation of many Win32 specific features. [William Rowe] - - *) Convert Win32 build files (.dsp) to MSVC 6.0 format, and add perl - scripts cvstodsp5.pl and dsp5tocvs.pl for portability to version 5.0. - [William Rowe] - - *) Fix mod_expires to merge its settings for Cache-Control into any - existing value for the field. It was unconditionally setting it, - wiping out anything from, say, a 'Header Append Cache-Control'. - [Ken Coar] PR#5769 - - *) Add Win32 option -k stop as an alias of -k shutdown, to correspond to - the NET START/NET STOP syntax. [William Rowe] - - *) Force Apache to test the Win32 config prior to any operation, - except the [-k shutdown -n service] and [-u -n service] combinations. - [William Rowe] - - *) Add Win32 Ctrl+C/Ctrl+Break/Close/Logoff/Shutdown handler. - [William Rowe, Jan Just Keijser ] - - *) Expand mod_setenvif so its directives can be used in and - containers, and in .htaccess files when FileInfo - overriding is allowed. [Ken Coar] PR#3000 - - *) SECURITY: CVE-2000-0505 (cve.mitre.org) - Fix Win32 bug when pathname length exactly equals MAX_PATH. - This bug caused directory index to be displayed rather than - returning an error. [Allan Edwards ] - - *) Correct mod_proxy Win95 dynamic link __declspec(thread) bug. - David Whitmarsh - PR: 1462, 2216, 3645 - - *) Changed Apache for NetWare build to link with XDC data which - marks the NLMs as being able to run on any processor. - [Mike Gardiner ] - - *) Ported expat-lite to NetWare and integrated project files into the - ApacheNW.mcp. [Mike Gardiner ] - - *) Switched thread storage data mechanism on NetWare to use updated - system calls. [Mike Gardiner ] - - *) Fixed problem with multilanguage support that prevented Apache on - NetWare from displaying the correct language page. - [Mike Gardiner ] - - *) Fixed memory leaks on NetWare port. When unloading Apache with - the developer option turned on NetWare would spew messages - complaining about unreleased resources. - [Mike Gardiner ] - - *) Fixed a problem that prevented Apache on NetWare from shutting down - correctly when loading multiple instances in individual address - spaces. [Mike Gardiner ] - - *) Changed threading primitives to use faster more scalable calls. - [Mike Gardiner ] - - *) Added -s option for NetWare port to allow Apache to run without a - screen. [Mike Gardiner ] - - *) Added code for NetWare port to display the listening ports and loaded - DSO modules to the console screen. - [Mike Gardiner ] - - *) Removed ugly NetWare specific code from the modules and added libpre.c - and libprews.c instead. These files implement the NLM startup code - for shared NLMs (DSOs). The result of using these files is less - obtrusive code, faster load times, and a smaller executable size. - libprews.c contains WSAStartup and WSACleanup WinSock calls needed for - initialization and termination of DSO modules. - [Mike Gardiner ] - - *) Moved htpasswd and htdigest projects files for NetWare into the main - ApacheNW.mcp project file. [Mike Gardiner ] - - *) Added mod_tls (SSL/TLS) module for NetWare SSL/TLS support. - [Mike Gardiner ] - - *) Updated httpd.conf-dist-nw with directives around - standard DSO modules. [Mike Gardiner ] - - *) Correct mod_proxy Win32 garbage collection bug (clean failing - due to stat() against directory). - PR: 1891, 3278, 3640, 4139, 5997 - [Michael Friedel ] - - *) Add '-n' option to htpasswd to make it print its user:pw record - on stdout rather than having to frob a text file. [Ken Coar] - - *) Set default ServerName setting to 127.0.0.1 for the Windows - config file (httpd.conf-dist-win) - PR: 5509, 5783, 5953, 5903, 5983, 5259, 5515, 5858 - [Oliver Wendemuth ] - - *) [EBCDIC] Update mod_mmap_static so that an ebcdic box can use - MMapFile for files that shouldn't be converted from ebcdic->ascii. - [Greg Ames] - - *) Revamp the Win32 make environment. Apache.dsw created to bring - together all the pieces. Create new file os/win32/BaseAddr.ref - to define module base addresses (to prevent dll relocation at - start-up). Extraneous compiler files were removed (precompiled - headers, incremental link images), and .map files were added - for consistent diagnostics of gpfaults of the binary release. - [William Rowe, Greg Marr, Tim Costello, Bill Stoddard] - - *) Resolved Win32 mod_info (ApacheModuleInfo.dll) errors. - PR1442, PR2472, PR4125, PR1643 and PR2208 - Jim Patterson, Jan Just Keijser - - *) Add some more error reporting to htpasswd in the case of problems - generating or accessing the temporary file. Also, pass in a - buffer if the implementation knows how to use it (i.e., if L_tmpnam - is defined). [Ken Coar] PR#3945, 5253, 5383, 5558 - - *) PORT: Add recognition of the GNU/Hurd platform. - [Adam Farrell ] - - *) More FAQs and answers from comp.infosystems.www.servers.unix. - [Joshua Slive ] - - *) Win32: Add dependency checking to the CreateService call to ensure - TCPIP and AFP (winsock) are started before Apache. - [William Rowe ] - - *) FAQ changes related to tidying up historical documents on the web site. - [Joshua Slive ] - - *) Various fixes to mod_auth_digest: - - Reworked MD5-sess stuff. The semantics of userpw_hash() have been - changed for it to return - MD5(MD5(username ":" realm ":" password) ":" nonce ":" cnonce) - instead of just - MD5(username ":" realm ":" password) - because one of the points of MD5-sess is to allow the info to be - retrieved from login servers so that the server itself never has - the full auth info (after all, MD5(u/r/p) is equivalent to the - password for auth purposes). - - In order to allow for servers to share a realm the server-name - and port have been removed from the nonce-hash. Even so, sharing - the realm has problems - see the new comments at the beginning. - - Fixed uri-comparison when request-uri isn't identical to uri in - Authorization header (some fields were not being initialized). - - Handle non-FQDN's (i.e. simple hostnames) in uri parameter in - the Authorization header. Thanks to Joe Orton - for pointing out the problem. - [Ronald Tschalär] - - *) Add case_preserved_filename field to the request_rec structure. - On systems with case insensitive file systems (Windows, OS/2, etc.), - r->filename is case canonicalized (folded to either lower or upper - case, depending on the specific system) to accomodate file access - checking. case_preserved_filename is the same as r->filename - except case is preserved. There is at least one instance where Apache - needs access to the case preserved filename: Java class files published - with WebDAV need to preserve filename case to make the Java compiler - happy. [Bill Stoddard] - - *) Put in Korean and Norwegian index.html pages (2.0 and 1.3) - which where donated by Lee Kuk Hyun and Lorant Czaran [dirkx]. - - *) Modules which load third-party DLLs (ala mod_dav) - expect them to be in the path or cwd. Tweak the - service startup code to not only change to correct - drive but also correct directory. - [Keith Wannamaker ] - - *) WinNT: Do a better job at handling spaces in service names. - Add the util function ap_remove_spaces and export it on all - platforms. Change some Win32 service and registry functions to - make use of this new function. - [Keith Wannamaker ] - - *) use send/recv instead of write/read in proxy_connect -- fixes - https through proxy on NT. [willem.vanpelt@philips.com] - PR 5963, 5899, 5823, 5107, 4990?, 4885, 4680, 4468, 3801, 2014 - - *) [EBCDIC] Make chunked encoding work again; it was broken by the - recent CRLF macro changes. An oversight. [Martin Kraemer] - - *) Work around a popular restriction of some sed(1)'s in APACI where - "1,//" commands start searching for at line 2 only. - [Ralf S. Engelschall] - - *) Merged in a small subset of SGI's latest `10x' patchkit for Apache - 1.3.11. The extracted and merged in parts are entirely cleanup and - non-performance related changes only. SGI's remaining changes are - not taken over, because they are either cluttering the Apache 1.3 - sources too much (e.g. the lint(1) related changes) or cause too - much internal changes (e.g. the ap_int32 types, etc.) which are not - reasonable to do any longer for Apache 1.3 (they should be done for - Apache 2.0 instead). - [Mike Abbott , Ralf S. Engelschall] - - *) Fixes to mod_proxy for BeOS support. - [David Reid ] - - *) Fix return value calculation in APXS' error messages. - This should avoid the confusion on APXS errors. - [Ralf S. Engelschall] - - *) Make ApacheBench (ab) compile again stand-alone under - -DNO_APACHE_INCLUDES. - [Ralf S. Engelschall] - - *) The ServerTokens directive now accepts the 'ProductOnly' keyword, - which results in the display of just 'Apache' with no version - information. Additional product tokens are still only visible - with ServerTokens Full. In addition, ServerTokens now complains - about bogus keywords (which it used to silently treat as 'Full'). - [Ken Coar] - -Changes with Apache 1.3.12 - - *) Only OS/2 requires the addition "t" flag for ap_pfopen() - (as therefore fopen() as well). This is handled by the - FOPEN_REQUIRES_T macro. [Ian Turner , - Jim Jagielski] PR#5760 - - *) The default charset is only added, when enabled, for those - Content-types which require it (text/plain, text/html). - [Jim Jagielski] PR#5766 - - *) Fix handling of multiple queries in APXS commands (e.g. "apxs -q - CC CFLAGS") and make sure Perl-related command line options (which - can contain the "::" constructs) do no longer cause an incorrect - internal parsing of the query result. - [Ralf S. Engelschall, Steve Robb ] - - *) Avoid infinite looping in APACI's configure script - inside Ultrix' /bin/sh5 upgrade step. - [Jan Gallo , Ralf S. Engelschall] PR#4940 - - *) PORT: Add support for Amdahl UTS 4.3 and later. - [Dave Dykstra ] PR#5654 - - *) Make implementation/descriptions of the FLAG directives - AuthAuthoritative, MetaFiles and ExtendedStatus consistent with - documentation and the standard way of implementation those directives. - [David MacKenzie , Ralf S. Engelschall] PR#5642 - - *) Cast integer ap_wait_t values in http_main.c to get rid of compile - time errors on platforms where "ap_wait_t" is not defined as "int" - (currently only the NEXT and UTS21 platforms). - [Gary Bickford , Ralf S. Engelschall] PR#5053 - - *) The default suexec path was HTTPD_ROOT/sbin/suexec if not - configured via APACI. Changed to HTTPD_ROOT/bin/suexec. - [Lars Eilebrecht] - - *) Add an explicit charset=iso-8859-1 to pages generated by - ap_send_error_response(), such as the default 404 page. - [Marc Slemko] - - *) Add the AddDefaultCharset directive. This allows you to specify - the given character set on any document that does not have one - explicitly specified in the headers. [Marc Slemko, Jim Jagielski] - - *) SECURITY: CAN-2000-1205 (cve.mitre.org) - Properly escape various messages output to the client from a number - of modules and places in the core code. [Marc Slemko] - - *) SECURITY: CAN-2000-1205 (cve.mitre.org) - Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to - not consider any parameters such as charset when making decisions - based on content type. This does remove some functionality for - some users, but means that when these modules are configured to do - particular things with particular MIME types, the charset should - not be included. A better way of addressing this for users who - want to set things on a per charset basis is necessary in the future. - [Marc Slemko] - - *) SECURITY: CAN-2000-1205 (cve.mitre.org) - mod_include now entity encodes output from "printenv" and "echo var" - by default. The encoding for "echo var" can be set to URL encoding - or no encoding using the new "encoding" attribute to the echo tag. - [Marc Slemko] - -Changes with Apache 1.3.11 - - *) MPE builds are no longer stripped, which caused the executable - to not work. [Mark Bixby] - -Changes with Apache 1.3.10 - - *) Fixed parsing of TAKE13-based configuration directives. - [Steffen Roller ] PR#5550 - - *) rename the lookup() function to hashTableLookup() (in expat-lite) - to prevent name clashes with modules / third-party software. - [Ralf S. Engelschall, Greg Stein] - - *) Reduce the time that a parent waits for its children to die - after SIGKILL has been sent, since there isn't much point in waiting - another 16 seconds beyond the initial SIGTERM waiting period. - [Ed Korthof] - - *) Add --suexec-umask option to configure, and severity levels - to suexec log messages. Also clarify a couple of those messages, - which were perhaps a bit too cryptic. [Ken Coar] PR#4178 - - *) The end_chunk() code forgot to convert the trailing CRLF pair - from EBCDIC to ASCII. Fixed. [Martin Kraemer] - - *) An Action set for a Location that didn't correspond to a file didn't - work. Fixed. - [Manoj Kasichainula, Ben Laurie] - - *) ProxyPass and mod_rewrite's proxy mode erroneously converted - authentication requests to proxy authentication requests. - [Ben Laurie] - - *) Reverse a patch which broke HPUX shared builds. Basically - we comment out the SHLIB_SUFFIX_NAME=sl line in Configure. - [Ryan Bloom] - - *) Added the mod_rewrite `URL Rewriting Guide' to the online - documentation (htdocs/manual/misc/rewriteguide.html). This paper - provides a large collection of practical solutions to URL based - problems a webmaster is often confronted with. - [Ralf S. Engelschall] - - *) Add a suexec status report to the '-l' (compiled-in modules) - output. [Ken Coar] - - *) Changes to enable server-parsed mod_autoindex Header and - Readme files. [Raymond S Brand ] - - *) Add back support for UseCanonicalName in containers - [Manoj Kasichainula] - - *) SECURITY: CAN-2000-1206 (cve.mitre.org) - More rigorous checking of Host: headers to fix security - problems with mass name-based virtual hosting (whether using mod_rewrite - or mod_vhost_alias). - [Ben Hyde, Tony Finch] - - *) Updated README.config to reflect current APACI state. - [Brian Slesinsky ] PR#5397 - - *) Added SuSE and BSDI layouts to config.layout for convinience reasons. - [Sebastian Helms , Timur Bakeyev - ] PR#5112 PR#5154 - - *) Consistency cleanup of the complete APXS tool and corresponding manpage. - [Ralf S. Engelschall] - - *) Add %q logging format directive (logs "?" and the query string part - of a query, or the empty string if no query). - Can be used in combination with %m, %U and %H: "%m %U%q %H" is the - same as "%r". [Peter Watkins ] - - *) Improve OS390 port to work on older system releases - [Paul Gilmartin ] - - *) Enhance mod_mime with an AddCharset directive to properly handle - that negotiation dimension. - [Youichirou Koga ] - - *) OS: Added first cut at support for IBM's OS/390. - [Ovies Brabson ] - - *) Replace all occurrences of "\012\015" by a macro CRLF. This makes - the code (somewhat) more readable, and improves the portability - to character sets other than ASCII (e.g., EBCDIC). - This patch results in no functional change whatsoever on ASCII - machines, but allows EBCDIC platforms to live without the - ebcdic2ascii_strictly() kludge. - [Paul Gilmartin , slightly modified - by Martin Kraemer] - - *) more fixes to mod_auth_digest: - - better comparing of request-uri with uri parameter in Authorization - header - - added a check for a MUST condition in the spec - - fixed SEGV - [Ronald Tschalär] - - *) mod_proxy now works on TPF. - [Joe Moenich ] - - *) Enhance mod_actions' Script handling to be able to deal with - arbitrary methods and not just the well-known ones. This allows - experimental or organisation-private methods to be used without - waiting for Apache to catch up. - [Ken Coar] - - *) Fix various compile time warnings in hashbang_emul code which - prevent successful compilation on OS/390 [Ovies Brabson - , Paul Gilmartin ] - - *) EBCDIC: Fixed binary upload capability (plain and chunked) for - all methods using the ap_*_client_block() functions, most notably - POST and PUT. The functionality to switch input between protocol - parts (chunks) and (possibly binary) data had been missing all - the time, making chunked PUT impossible until now. - [Martin Kraemer] - - *) Fixed a recently introduced off-by-one-character bug in - mod_rewrite's expansion of expression back-references. - [Cliff Woolley ] PR#4766 PR#5389 - - *) Add IndexOptions DescriptionWidth so that the width of the - description field in fancy-indexed directory listings can - be specified. - [Ken Coar] PR#2324, plus lots that are closed unsatisfied - - *) EBCDIC: Escaped characters were encoding the ebcdic representation - of the special characters, not the latin1 representation. This - would result in invalid URI's for, e.g., filenames (with special chars) - in mod_autoindex.c [Martin Kraemer] - - *) EBCDIC: Fix Byte Ranges for EBCDIC platforms. The necessary switch - between implied conversion for protocol parts and configured - conversion for document data was missing. The effect of this was that - PDF files could not be read by Acrobat Reader (which sends long - lists of byte ranges in each request) when the server was apache - on ebcdic machines. - [Noted by Oliver Reh , solved by Martin - Kraemer, warnings fixed by Ovies Brabson ] - - *) Add IndexOptions FoldersFirst to allow fancy-indexed directory - listings to have the subdirectories always listed at the top. - [Ken Coar] - - *) BS2000: Use send() instead of write() in the core buff routines - for better performance and fewer restrictions (max. transfer size) - [Martin Kraemer] - - *) If the compiler sanity check fails, force the verbose output - for TestCompile so people can have a clue what the problem - is. [Jim Jagielski] - - *) Add --iconsdir, --htdocsdir, and --cgidir option to top-level - configure script to allow one to override the corresponding - variables from config.layout. - [Ralf S. Engelschall] - - *) Fixed `quad integer' (aka `long long') handling in ap_snprintf.c - [Jim Jagielski, Ralf S. Engelschall] - - *) Fixed error handling in dbmmanage script. - [Andrew McRae ] PR#4973 - - *) Fixed NEXT/OpenStep building by adding an fallback typedef for - rlim_t to ap_config.h. - [Mark Miller ] PR#4906 - - *) Fix SHARED_CORE feature for HPUX by backing-out a change (comitted - between 1.3.7 and 1.3.9) which changed the DSO extension from `sl' to - `so'. This worked only for modules (where we load the DSO manually), but - horribly fails under HPUX for DSO-based/shared libraries (where our - $SHLIB_SUFFIX_NAME is used, too). - [Gary Silverman ] PR#4974 - - *) Added support for Berkeley-DB/3.x to mod_auth_db. - [Steve Atkins , Ralf S. Engelschall] PR#5382 - - *) Fixed mod_auth_digest.c: result of an open() call was being - checked against the wrong failure value. - [Rick Ohnemus ] PR#5292 - - *) Removed the variable name "template" from a prototype for SunOS4 - in ap_config.h to make C++ compiler happy, too. - [SAKAI Kiyotaka ] PR#5363 - - *) Added missing links to htdocs/manual/mod/directives.html - for AllowCONNECT and ProxyDomain. [Patrik Grip-Jansson - , Ralf S. Engelschall] PR#5319 - - *) Fixed typo in htdocs/manual/install.html. - [Chris Pepper ] PR#5360 - - *) Fix $AWK/awk usage in top-level configure script: We confused ourself and - replaced the wrong "$AWK" with a plain "awk" in the last releases. So we - now both fix this and move the comment which already tried to explain it - more closer to the location to which it applies. - [Paul Gilmartin , Ralf S. Engelschall] PR#5304 - - *) Replaced pipes with commas in GuessOS' fallback output (displayed for not - explicitly recognized platforms) to avoid side-effects with APACI's - --shadow feature and similar uses where GuessOS' output is used directly - on the filesystem (where pipes are meta-characters!). - [Paul Gilmartin ] PR#5303 - - *) Made stripping of a trailing slash in directory names in top-level - configure script more robust and this way support also a plain `/' - as the argument without resulting in an empty name. - [Matthias Lohmann , Ralf S. Engelschall] PR#5291 - - *) Made `tr' usage in top-level configure script more portable - by always using square brackets consistently. - [Masashi Kizaki ] PR#5230 - - *) Fixed ap_config_auto.h generation in src/Configure: there for the ``quad - integer'' stuff ``#ifndef+#undef+#endif'' pairs were generated instead of - ``#ifdef+#undef+#endif'' pairs. - [Greg Siebers ] PR#5231 - - *) EBCDIC: fix the hsregex package to correctly deal with [a-zA-Z] type - character ranges (the alphabet is non-contiguous in EBCDIC) and with - the special [:cntrl:] range (the control character class is determined - dynamically at run time). [Martin Kraemer] - - *) Add --with-port option to APACI. [Ian Kallen ] - - *) Fixed QUERY_STRING handling for `RewriteRule ... [P]' - in per-directory context. - [Martin Zeh ] PR#5073 - - *) Overhauled mod_rewrite's general substitution function - (expand_backref_inbuffer): 1. The `$0' backreference is now officially - allowed and documented and references the while pattern space; 2. the - ampersamp (&) backreference (which is equal to $0) is no longer expanded, - because it was never documented and only leads to confusion with - QUERY_STRINGS; 3. backslashes (\) are honored correctly, that is `\$N' - now really forces the dollar to be an ordinary character and $N is - not expanded. - [Ralf S. Engelschall] PR#4766 PR#4161 - - *) Make sure mod_rewrite escapes QUERY_STRINGS on redirects. - [Klaus Johannes Rusch ] PR#4734 - - *) Make sure mod_rewrite matches URL schemes case-insensitive and also allow - additional (commonly used) URL schemes ldap:, news: and mailto:. - [Ralf S. Engelschall, Klaus Johannes Rusch ] PR#3140 - - *) Overhauled ApacheBench (ab) manpage ab.8. - [Simon Baldwin ] PR#5139 - - *) Made sure ApacheBench (ab) performs no more requests than - specified on command line (option -n). - [Jim Cox ] PR#4839 - - *) Support DSOs properly on 32-bit HP-UX 11.0 - [Dilip Khandekar ] - - *) Fix problem with proxy configuration where globally set configuration - options were overridden inside virtual hosts. - [Graham Leggett ] - - *) Fix ProxyReceiveBufferSize where default value was left uninitialised. - [Graham Leggett ] - - *) Added a CLF '-' respecting %B to the log format. - Suggested by Ragnar Kjørstad [dirkx] - - *) Added protocol(%H)/method(%m) logging to the log format. - Suggested by Peter W [dirkx] - - *) Added a HEAD method to 'ab'. [dirkx] - - *) When generating the Location: header, mod_speling forgot - to escape the spelling-fixed uri. [Martin Kraemer] - - *) Update for the next release of the TPF OS (PUT11) - [David McCreedy ] - - *) Add some compile-time flags to the output when -V is used for TPF - [David McCreedy ] - - *) mod_auth_digest fixes: - - Use unix-io instead of stdio to read /dev/random (fixes problems - on FreeBSD) - [Kano ] PR#4967 - - Correctly unescape all parts of the request uri and the uri - attribute of the Authorization header before doing comparison - [Joe Orton , Ronald Tschalär] - - Fixes for MD5-sess - [Joe Orton ] - - Don't send a domain attribute in Proxy-Authenticate - [Ronald Tschalär] - - *) ap_base64decode_binary does not null-terminate the output anymore - [Bill Stoddard, Ronald Tschalär] - - *) WIN32: The following bugs introduced in Apache 1.3.9 have been fixed - - CGIs broken if script calls other programs which deliver on stdout - (Search this file for "DETACHED") - - 16 bit CGIs should work now - - Server will not start if passed the -d option with spaces in the - argument. [Bill Stoddard] - - *) WIN32: GetExtensionVersion() comparison in mod_isapi fails when - using some non-MS compilers [Bill Stoddard] - PR#3597, PR#3782, PR#3781, PR#4887 - - *) Allow BeOS to use its native closesocket() call - [David Reid ] - - *) More TPF changes. Code reorganization for cleanliness, regex - changes for testing, as well as doc and build updates. - [David McCreedy and others at IBM] - - *) Add TPF processing for the socket read to the rfc1413 code. - [David McCreedy and others at IBM] - - *) Require the batch (-b) option and default to MD5 on TPF in htpasswd. - [David McCreedy and others at IBM] - - *) Move "handler not found" warning message to below the check - for a wildcard handler. [Dirk , Roy Fielding] - PR#2584, PR#2751, PR#3349, PR#3436, PR#3548, PR#4384, PR#4795, PR#4807 - - *) Build errors in src/support stop with an error, just like all the - other recursive make calls. [David Harris ] - - -Changes with Apache 1.3.9 - - *) Remove bogus error message when a redirect doesn't set Location. - Instead, use an empty string to avoid coredump if the error message - was supposed to include a location. [Roy Fielding] - - *) Don't allow configure to include mod_auth_digest unless it is - explicitly requested, even if the user asked for all modules. - [Roy Fielding] - - *) Translate module names to dll names for OS/2 so that they are no more - than 8 characters long and have an extension of "dll" instead of "so". - [Brian Havard] - - *) Print out pointer to Rule DEV_RANDOM when truerand lib not found. - Fix test-compile check to check for randbyte instead of trand32. - Use ap_base64encode_binary/decode instead of copy in mod_auth_digest.c - and tweak to make Amaya happier. [Ronald Tschalär] - - *) Ensure that the installed expat include files are world readable, - just like the other header files. [Martin Kraemer] - - *) Fixed generated AddModule adjustments in APACI's `configure' script - in order to allow (new) modules like mod_vhost_alias to be handled - correctly (which was touched by the adjustments for mod_alias). - [Ralf S. Engelschall] - - *) For binary builds, add -R flag to apachectl to work around the lack of - an absolute path to the ./libexec directory where the libhttp.ep file - is needed for SHARED_CORE architectures. [Randy Terbush] - - *) WIN32: Create the CGI script process as DETACHED. This may solve the - problem observed by some Win95/98 users where they get CGI script - output sent to the console. [Bill Stoddard] - - *) Fix (re)naming in the uuencode/decode section. The ap/ap_ - routines are now called ap_base64* and are 'plain' (i.e., no - pool access or anything clever). Inside util.c the routines acting - like pstrdup are called ap_pbase64encode() and ap_pbase64decode(). - The oddly named ap_uuencode(), ap_uudecode() are kept around for - now but deprecated. [dirkx] - - *) Clean up the base64 and SHA1 additions and make sure they are - represented in the ApacheCore.def, ApacheCoreOS2.def, and httpd.exp - files. [Roy Fielding] - - *) WIN32: Migrate to InstallShield 5.5 and provide a bit more error - checking. Allow compiling on VS 6.0. [Randy Terbush] - - *) Fixed assumption of absolute paths in binbuild.sh. [Tony Finch] - - *) Use TestCompile to search for the truerand library (rather than blindly - assuming its existence). If it is not found, complain (but do not - exit - yet). [Martin Kraemer] - - *) We forgot to add the new exported function names to - src/support/httpd.exp. [Bill Stoddard, Randy Terbush] - - *) Add description of -T command-line option to usage(). - [Ralf S. Engelschall] - - *) For "some" platforms (notably, EBCDIC based ones), libos needs to be - searched only AFTER libap has been searched, because libap needs - some symbols from libos. [Martin Kraemer] - - *) Fix conflict with original mod_digest related to the symbol of the - module dispatch list (which has to be unique for DSO and follow the - usual conventions for the installation procedure). - [Ralf S. Engelschall] - - *) Add a dbm-library check for the "usual places" (-ldbm, -lndbm, -ldb) - for other platforms as well. [Martin Kraemer] - - *) Make ap_sha1.c compile for EBCDIC platforms: replace remaining LONG - types by AP_LONG and replace reference to renamed variable 'ubuf' - by 'buffer'. [Martin Kraemer] - -Changes with Apache 1.3.8 [not released] - - *) Flush the output buffer immediately after sending an error or redirect - response, since the result may be needed by the client to abort a - long data transfer or restart a series of pipelined requests. - [Tom Vaughan , Roy Fielding] - - *) PORT: Improved compilation and DSO support on Sequent DYNIX/ptx. - [Ian Turner ] PR#4735 - - *) Local struct mmap in http_core.c conflicted with system structure - name on DYNIX -- changed to mmap_rec. [Roy Fielding] PR#4735 - - *) Added updated mod_digest as modules/experimental/mod_auth_digest. - [Ronald Tschalär ] - - *) Fix a memory leak where the module counts were getting messed - up across restarts. [David Harris ] - - *) CIDR addresses such as a.b.c.d/24 where d != 0 weren't handled - properly in mod_access. - ["Paul J. Reder" ] PR#4770 - - *) RewriteLock/RewriteMap didn't work properly with virtual hosts. - [Dmitry Khrustalev ] PR#3874 - - *) PORT: Support for compaq/tandem/com. - [Michael Ottati , dirkx] - - *) Added SHA1 password encryption support to easy migration from - Netscape servers. See support/SHA1 for more information. - Caused the separation of ap_md5.c into md5, sha1 and a general - ap_checkpass.c with just a validate_passwd routine. Added a - couple of flags to support/htpasswd. Some reuse of the to64() - function; hence renamed to ap_to64(). - [Dirk-Willem van Gulik, Clinton Wong ] - - *) Change for EBCDIC platforms (TPF and BS2000) to correctly deal - with ASCII/EBCDIC conversions in "ident" query. - [David McCreedy ] - - *) Get rid of redefinition warning on MAC_OS_X_SERVER platform. - Change "Power Macintosh" to Power* so if uname prints "Power Book" - we're still happy on Rhapsody platforms. [Wilfredo Sanchez] - - *) Fix SIGSEGV on some systems because the Vary fix below included - a call to table_do with a variable argument list that was not - NULL terminated. Replaced with better implementation. [Roy Fielding] - -Changes with Apache 1.3.7 [not released] - - *) The "Vary" response header field is now sanitised right before - the header is sent back to the client. Multiple "Vary" fields - are combined, and duplicate tokens (e.g., "Vary: host, host" or - "Vary: host, negotiate, host, accept-language") are reduced to - single instances. This is a better solution than the force-no-vary - one (which is still valid for clients that can't cope with Vary - at all). [Dean Gaudet, Roy Fielding, Ken Coar] PR#3118 - - *) Portability changes for BeOS. [David Reid abb37@dial.pipex.com] - - *) Link DSO's with "gcc -shared" instead of "ld -Bshareable" at - least on Linux and FreeBSD for now. - [Rasmus Lerdorf] - - *) Win32: More apache -k restart work. Restarts are now honored - immediately and connections in the listen queue are -not- lost. - This is made possible by the use of the WSADuplicateSocket() - call. The listeners are opened in the parent, duplicated, then - the duplicates are passed to the child. The original listen sockets - are not closed by the parent across a restart, thus the listen queue - is preserved. - [Bill Stoddard ] - - *) Fix handling of case when a client has sent "Expect: 100-continue" - and we are going to respond with an error, but get stuck waiting to - discard the body in the pointless hope of preserving the connection. - [Roy Fielding, Joe Orton ] PR#4499, PR#3806 - - *) Fix 'configure' to work correctly with SysV-based versions of - 'tr' (consistent with Configure's use as well). [Jim Jagielski] - - *) apxs: Add "-S var=val" option which allows for override of CFG_* - built-in values. Add "-e" option which works like -i but doesn't - install the DSO; useful for editing httpd.conf with apxs. Fix - editing code so that multiple invocations of apxs -a will not - create duplicate LoadModule/AddModule entries; apxs can now be - used to re- enable/disable a module. [Wilfredo Sanchez] - - *) Win32: Update the server to use Winsock 2. Specifically, link with - ws2_32.lib rather than wsock32.lib. This gives us access to - WSADuplcateSocket() in addition to some other enhanced comm APIs. - Win 95 users may need to update their TCP/IP stack to pick up - Winsock 2. (See http://www.microsoft.com/windows95/downloads/) - [Bill Stoddard stoddard@raleigh.ibm.com] - - *) Win32: Redirect CGI script stderr (script debug info) into the - error.log when CGI scripts fail. This makes Apache on Win32 - behave more like Unix. - [Bill Stoddard stoddard@raleigh.ibm.com] - - *) Fixed `httpd' usage display: -D was missing. - [Ralf S. Engelschall] PR#4614 - - *) Fix `make r' test procedure in src/regex/: ap_isprint was not found. - [Ralf S. Engelschall] PR#4561, PR#4562 - - *) OS/2: Fix problem with accept lock semaphores where server would die with - "OS2SEM: Error 105 getting accept lock. Exiting!" - [Brian Havard] PR#4505 - - *) Add DSO support for DGUX 4.x using gcc. Tested on x86 platforms. - [Randy Terbush ] - - *) Add the new mass-vhost module (mod_vhost_alias.c) developed and - used by Demon Internet, Ltd. [Tony Finch ] - - *) Better GCC detection for DSO flags under Solaris 2 where the `cc' - command potentially _is_ GCC. [Ralf S. Engelschall] - - *) Fix apxs build issues on AIX - [Rasmus Lerdorf ] - - *) DocumentRoot Checking: Under previous versions, when Apache - first started up, it used to do a stat of each DocumentRoot to - see if it existed and was a directory. If not, then an error - message was printed. THIS HAS BEEN DISABLED. If DocumentRoot - does not exist, you will get error messages in error_log. If - the '-t' command line option is used (to check the configuration) - the check of DocumentRoot IS performed. An additional command - line option, '-T', has been added if you want to avoid the - DocumentRoot check even when checking the configuration. - [Jim Jagielski] - - *) Win32: The query switch "apache -S" didn't exit after showing the - vhost settings. That was inconsistent with the other query functions. - [Bill Stoddard - Fixed by Martin on Unix in 1.3.4] - - *) Win32: Changed behaviour of apache -k restart. - Previously, the server would drain all connections in the stack's - listen queue before honoring the restart. On a busy server, this - could take hours. Now, a restart is honored almost immediately. - All connections in Apache's queues are handled but connections in - the stack's listen queue are discarded. Restart triggered by - MaxRequestPerChild is unchanged. - [Bill Stoddard ] - - *) Win32: Eliminated unnecessary call to wait_for_multiple_objects in - the accept loop. Good for a 5% performance boost. Cleaned up - parent/child process management code. - [Bill Stoddard ] - - *) Added ceiling on file size for memory mapped files. - [John Giannandrea ] PR#4122 - - *) Fix ndbm.h include problems with brain-dead glibc >= 2.1 which - has ndbm.h in a non-standard db1/ subdir. PR#4431, PR#4528 - [Henri Gomez , Ralf S. Engelschall] - - *) Determine AP_BYTE_ORDER for ap_config_auto.h and already - use this at least for Expat. [Ralf S. Engelschall] - - *) Allow .module files to specify libraries with Lib:. - [Ben Laurie] - - *) Allow SetEnvIf[NoCase] to test environment variables as well - as header fields and request attributes. [Ken Coar] - - *) Fix mod_autoindex's handling of ScanHTMLTitles when file - content-types are "text/html;parameters". [Ken Coar] PR#4524 - - *) Remove "mxb" support from mod_negotiation -- it was a draft feature - never accepted into any standard, and it opens up certain DoS - attacks. [Koen Holtman ] - - *) TestCompile updated. We can now run programs and output the - results during the Configure process. [ Jim Jagielski] - - *) The source is now quad (long long) aware as needed. Specifically, - the Configure process determines the correct size of off_t and - *void. When the OS/platform/compiler supports quads, ap_snprintf() - provides for the 'q' format qualifier (if quads are not available, - 'q' is silently "demoted" to long). [Jim Jagielski] - - *) When the username or password fed to htpasswd is too long, include the - size limit in the error message. Also report illegal characters - (currently only ':') in the username. Add the size restrictions - to the man page. [Ken Coar] - - *) Fixed the configure --without-support option so it doesn't result in - an infinite loop. [Marc Slemko] - - *) Piped error logs could cause a segfault if an error occured - during configuration after a restart. - [Aidan Cully ] PR#4456 - - *) If a "Location" field was stored in r->err_headers_out rather - than r->headers_out, redirect processing wouldn't find it and - the server would core dump on ap_escape_html(NULL). Check both - tables and raise HTTP_INTERNAL_SERVER_ERROR with a log message - if Location isn't set. [Doug MacEachern, Ken Coar] - - *) Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy - of the Expat 1.0.2 distribution. [Greg Stein] - - *) Replace regexec() calls with calls to a new API stub function - ap_regexec(). This solves problems with DSO modules which use the regex - library. [Jens-Uwe Mager , Ralf S. Engelschall] - - *) Add 'Request_Protocol' special keyword to mod_setenvif so that - environment variables can be set according to the protocol version - (e.g., HTTP/0.9 or HTTP/1.1) of the request. [Ken Coar] - - *) Add DSO support for OpenStep (Mach 4.2) platform. - [Ralf S. Engelschall, Rex Dieter ] PR#3997 - - *) Fix sed regex for generating ap_config_auto.h in src/Configure. - [Jan Gallo ] PR#3690, PR#4373 - - *) Switch to /bin/sh5 in APACI on Ultrix and friends to avoid problems with - their brain-dead /bin/sh. [Ralf S. Engelschall] PR#4372 - - *) Better DSO flags recognition on NetBSD platforms using ELF. - [Todd Vierling ] PR#4310 - - *) Always log months in english format for %t in mod_log_config. - [Petr Lampa ] PR#4366, 679 - - *) Support for server-parsed and multiview-determined ReadmeName and - HeaderName files in mod_autoindex. Removed the restriction on - "/"s in ReadmeName and HeaderName directives since the *sub_req* - routines will deal with the access issues. (It's now possible to - have {site|group|project|customer|...} wide readmes and headers.) - [Raymond S Brand , Ken Coar] PR#1574, 3026, 3529, - 3569, 4256 - - *) When stat() fails, don't assume anything about the contents of - the struct stat. [Ed Korthof ] - - *) It's OK for a semop to return EINTR, just loop around and try - again. [Dean Gaudet] - - *) Fix configuration engine re-entrant hangups, which solve a - handful of problems seen with mod_perl configuration sections - [Salvador Ortiz Garcia ] - - *) Mac OS and Mac OS X Server now use the appropriate custom layout - by default when building with APACI; allow for platform-specific - variable defaults in configure. [Wilfredo Sanchez] - - *) Do setgid() before initgroups() in http_main; some platforms - zap the grouplist when setgid() is called. This was fixed in - suexec earlier, but the main httpd code missed the change. - [Rob Saccoccio ] PR#2579 - - *) Add recognition of .tgz as a gzipped tarchive. - [Bertrand de Singly ] PR#2364 - - *) mod_include's fsize/flastmod should allow only relative paths, just - like "include file". [Jaroslav Benkovsky ] - - *) OS/2: Add support for building loadable modules using DLLs. - [Brian Havard] - - *) Add iconsdir, htdocsdir, and cgidir to config.layout. - [Wilfredo Sanchez] - - *) Fix minor but annoying bug with the test for Configuration.tmpl - being newer than Configuration so that it is less likely to fail - when using APACI and shadow sources. [Wilfredo Sanchez] - - *) PORT: Add initial support for Mac OS (versions 10.0 and - greater). Use Mac OS X Server layout for now. Clean up dyld code - in unix/os.c, and don't install the dyld error handlers, which - are no longer needed in Mac OS. [Wilfredo Sanchez] - - *) Rename Rhapsody layout to "Mac OS X Server". Change install - locations to appropriate ones for user-built (as opposed to - system) installs. [Wilfredo Sanchez] - - *) Modify mod_autoindex's handling of AddDescription so that the - behaviour matches the documentation. [Ken Coar] PR#1898, 3072. - - *) Add functionality to the install-bindist.sh script created by - binbuild.sh to use tar when copying distribution files to the - serverroot. This allows upgrading an existing installation - without nesting the new distribution in the old. - - install-bindist.sh now detects the local perl5 path to install - apxs and dbmmanage with proper path to perl interpreter. - - Add an install-binsupport target which copies the source files - for apxs and dbmmanage to bindist to allow these scripts to - be properly installed relative to the destination serverroot. - [Randy Terbush, Covalent Technologies, randy@covalent.net] - - *) Fix intermittent SEGV in ap_proxy_cache_error() in - src/modules/proxy_util.c where a NULL filepointer and - temporary filename were closed and unlinked. - [Graham Leggett , - Tim Costello ] PR#3178 - - *) Fix inconsistent error messages reported by mod_proxy. - [Graham Leggett ] - - *) OS/2: Fix terminating CGIs that aren't compiled by EMX GCC when a - connection is aborted. [Brian Havard] - - *) Force the LANG envariable to the known state of "C" so that we - have assurance about how string manipulators (e.g., tr) will - function. [Ken Coar] PR#1630 - - *) Add a directive to allow customising of the tracking cookie name. - [Ken Coar] PR#2921, 4303 - - *) Add "force-no-vary" envariable to allow servers to work around - clients that choke on "Vary" fields in the response header. - [Ken Coar, Dmitry Khrustalev ] PR#4118 - - *) Fixed a bug in mod_dir that causes a child process will infinitely - recurse when it attemps to handle a request for a directory wnd the - value of the DirectoryIndex directive is a single dot. Also likely - to happen for anyother values of DirectoryIndex that will map back - to the same directory. The handler now only considers regular files - as being index candidates. No PR#s found. - [Raymond S Brand ] - - *) Ease configuration debugging by making TestCompile fall back to - using "make" if the $MAKE variable is unset [Martin Kraemer] - - *) Fixed the ServerSignature directive to work as documented. - [Raymond S Brand ] PR#4248 - - *) Add "opt" (SysV-style) layout to config.layout. [Raymond S Brand - ] - - *) Add APACI --without-execstrip option which can be used to disable the - stripping of executables on installation. This is very important for DSO - and debugging situations. [Ralf S. Engelschall] - - *) Add support for OS/2 (case insenstive filesystem, .exe suffix, etc) - to APACI files and related scripts. - [Yitzchak Scott-Thoennes , Ralf S. Engelschall] PR#4269 - - *) Add support for standalone mode in TPF - [Joe Moenich ] - - *) Fix number of bytes copied by read_connection() in src/support/ab.c - [Jim Cox ] PR#4271 - - *) Fix special RewriteCond "-s" pattern matching. - [Bob Finch ] - - *) Fix value quoting in src/Configure script for ap_config_auto.h - [Paul Sutton ] - - *) Make sure RewriteLock can be used only in the global context, (i.e. - outside of any sections) because it's a global facility of - the rewrite engine. [Ralf S. Engelschall] - - *) Fix the ownership delegation for proxy directory under `make install'. - [Ralf S. Engelschall] - - *) APACI would not correctly build suexec. [Maria Verina - ] PR#4260 - - *) mod_mime_magic passed only the first 4k of a file to - uncompress/gzip, but those tools sometimes do not produce - any output unless a sufficient portion of the compressed - file is input. Change to pass the entire file -- but - only read 4k of output. - [Marcin Cieslak ] PR#4097 - - *) "IndexOptions None" generated extra spaces at the end of each - line. [inkling@firstnethou.com] PR#3770 - - *) The "100 Continue" response wasn't being sent after internal - redirects. [Jose KAHAN ] PR#3910, 3806, 3575 - - *) When padding the name with spaces for display, mod_autoindex would - count &, <, and > in their escaped width, messing up the display. - [Dean Gaudet] PR#4075, 3758 - - *) PORT: fixed a compilation problem on NEXT. - [Jacques Distler ] PR#4130 - - *) r->request_time wasn't being set properly in certain error conditions. - [Dean Gaudet] PR#4156 - - *) PORT: deal with UTS compiler error in http_protocol.c - [Dave Dykstra ] PR#4189 - - *) Add ap_vrprintf() function. [John Tobey ] PR#4246 - - *) Fix the mod_mime hash table to work properly with locales other - than C. [Dean Gaudet] PR#3427 - - *) Fix a memory leak which is exacerbated by certain configurations. - [Dean Gaudet] PR#4225 - - *) Prevent clobbering saved IFS values in APACI. [Jim Jagielski] - - *) Fix buffer overflows in ap_uuencode and ap_uudecode pointed out - by "Peter 'Luna' Altberg " and PR#3422 - [Peter 'Luna' Altberg , Ronald Tschalär] - - *) Make {Set,Unset,Pass}Env per-directory instead of per-server. - [Ben Laurie] - - *) Correct an apparent typo: on the Windows and MPE platforms, the - htpasswd utility was limiting passwords to only 8 characters. - [Ken Coar] - - *) EBCDIC platforms: David submitted patches for two bugs in the - MD5 digest port for EBCDIC machines: - a) the htdigest utility overwrote the old contents of the digest file - b) the Content-MD5 header value (ContentDigest directive) was wrong - when the returned file was not converted from EBCDIC, but was a - binary (e.g., image file) in the first place. - [David McCreedy at IBM] - - *) support/htpasswd now permits the password to be specified on the - command line with the '-b' switch. This is useful when passwords - need to be maintained by scripts -- particularly in the Win32 - environment. [Ken Coar] - - *) Win32: Win32 multiple services patch. Added capability to install and - run multiple copies of apache as individual services. - - Example 1: - apache -n apache1 -i -f c:/httpd.conf - Installs apache as service 'apache1' and associates c:/httpd.conf - with that service. - net start apache1 - Starts apache1 service. - net stop apache1 - Stops apache1 service - - Example 2: - apache -n apache2 -i - Installs apache as service 'apache2'. httpd.conf is located under - the default server root (/apache/conf/httpd.conf). - net start apache2 - Starts apache2 service. - - Example 3: - apache -n apache3 -i -d c:/program files/apache - Install apache as service 'apache3' and sets server root to - c:/program files/apache. - - Example 4: - apache -n apache2 -k restart - Restart apache2 service - - [Keith Wannamaker, Ken Parzygnat, Bill Stoddard] - - *) Correct the signed/unsigned character handling for the MD5 routines; - mismatches were causing compilation problems with gcc -pedantic and - in the TPF cross-compilation. [Ken Coar] - - *) OS/2: Rework CGI handling to use spawn*() instead of fork/exec, achieving - a roughly 5 fold speed up. [Brian Havard] - - *) proxy ftp: instead of using the hardwired string "text/plain" as - a fallback type for files served by the ftp proxy, use the - ap_default_type() function to determine the configured type. - This allows for special configurations like - - DefaultType gargle/blurb - - Additionally, add the Content-Encoding: header to FTP proxy replies - when the encoding is defined (by the AddEncoding directive). - Because it was missing, it was almost impossible to browse compressed - files using the FTP proxy (works now perfectly in Communicator). - The ftp proxy now also returns the Date: and Server: header lines (if not - much else... This code is "somewhat" broken) like normal requests do. - [Martin Kraemer] - - *) Be more smart in APACI's configure script when determining the UID/GID - for User/Group directives and use the determined UID/GID to initialize - the permissions on the proxycachedir. - [Dirk-Willem van Gulik, Ralf S. Engelschall] - - *) Changed the forking-prior-to-cleanup in the proxy module to first - check wether it actually needs to collect garbage. This reduces - the number of fork()s from one/request to just the odd one an hour. - [Dirk-Willem van Gulik] - - *) Added proxy, auth and header support to src/support/ab.c. Added a - README file to src/support/ - [Dirk-Willem van Gulik] - - *) Don't hard-code the path to AWK in --shadow bootstrapping Makefile. - [Ralf S. Engelschall] PR#4050 - - *) Add support for DSO module compilation on BSD/OS 3.x. - [Randy Terbush, Covalent Technologies] - - *) Fix sed-substitutions in `make install': path elements like `httpd/conf' - (for instance from an APACI configure --sysconfdir=/etc/httpd/conf - option) were substituted with $(TARGET).conf, etc. Same for other strings - with dots where the dot wasn't matched as plain text. - [Ralf S. Engelschall] - - *) PORT: Add support for FreeBSD 4.x [Ralf S. Engelschall] - - *) Fix verbose output of APACI configure (option -v) - [Martin Kraemer, Ralf S. Engelschall] - -Changes with Apache 1.3.6 - - *) Removed new PassAllEnv code due to DSO problems. [Lars Eilebrecht] - -Changes with Apache 1.3.5 [not released] - - *) M_INVALID needed a value within the scope of METHODS so that unknown - methods can be access controlled. [Roy Fielding] PR#3821 - - *) Added PassAllEnv; makes server's entire environment available - to CGIs and SSIs executed within directive's scope. [Ken Coar] - - *) ap_uuencode() always added two trailing '='s and encoding of - 8 bit characters on a machine with signed char may produced - incorrect results. Additionally ap_uuencode() should now - work correctly on EBCDIC platforms. - [Ronald Tschalär ] PR#3411 - - *) WIN32: Binary installer now runs the configuration DLL before - the reboot prompt (which is only given if MSVCRT.DLL system - DLL is new or updated). This should avoid the configuration - directory being empty after installation. [Paul Sutton] - PR#3767, 3800, 3827, 3850, 3900, 3953, 3988 - - *) WIN32: Binary installer now creates Start menu options to start - and stop Apache as a console application and to uninstall - the Apache service on NT. [Paul Sutton] PR#3741 - - *) WIN32: Apache.exe now contains an icon. [Paul Sutton] - - *) PORT: Switch back to using fcntl() locking on Linux -- instabilities - have been reported with flock() locking (probably related to kernel - version). [Dean Gaudet] PR#2723, 3531 - - *) Using APACI, the main config file (usually httpd.conf) was - not being adjusted as $(TARGET).conf. [Wilfredo Sanchez - ] - - *) PORT: AIX does not require the SHARED_CODE "hack" - [Ryan Bloom ] - - *) Set-Cookie headers were being doubled up for some CGIs by the O(n^2) - avoidance code added in 1.3.3. - [Dean Gaudet, Jeff Lewis ] PR#3872 - - *) ap_isxdigit was somehow neglected when adding the ap_isfoo() macros - for 8-bit safeness. [Dean Gaudet] - - *) PORT: Use -fPIC instead of -fpic on Solaris and SunOS for compiling DSOs - because SPARCs have a small machine-specific maximum size for the Global - Offset Table which is often exceeded when compiling one of the larger - third-party modules with Apache. [Peter Urban ] PR#3977 - - *) Move the directive `ExtendedStatus' in httpd.conf-dist-win _after_ the - DSO/DLL section because it's a directive from mod_status and isn't - available before the DLL of mod_status is loaded. - [Martin POESCHL ] PR#3936 - - *) SECURITY: Fix a bug in the calculation of the buffer size for the line - continuation facility in Apache's configuration files which could - lead to a buffer overflow situation. - [Thomas Devanneaux ] PR#3617 - - *) Make documentation and error messages of APACI's --activate-module=FILE - option more clear. [Jan Wolter ] PR#3995 - - *) Fix the gcc version check (for enabling the `inline' facility) to - really support all future gcc versions >= 2.7 until we know more. - [John Tobey ] PR#3983 - - *) Let APACI's configure script correctly complain for unknown --enable-XXX - and --disable-XXX options. [Ralf S. Engelschall] PR#3958 - - *) Link the shared core bootstrap program (``Rule SHARED_CORE=yes'') also - against libap.a and use its ap_snprintf() instead of sprintf() to avoid - possible buffer overflows. [Ralf S. Engelschall] - - *) Remove no longer used non-API function ap_single_module_init(). - [Ralf S. Engelschall] - - *) Add Apple's Mac OS X Server Layout "Rhapsody" to config.layout. - [Wilfredo Sanchez] - - *) Add cgidir, htdocsdir, iconsdir variables to Makefile.tmpl in order - to make platform installations easier. [Wilfredo Sanchez] - - *) In configure, do not append the target name to the directory path if - the path already contains "apache". [Ralf S. Engelschall] - - *) SIGPIPE is now ignored by the server core. The request write routines - (ap_rputc, ap_rputs, ap_rvputs, ap_rwrite, ap_rprintf, ap_rflush) now - correctly check for output errors and mark the connection as aborted. - Replaced many direct (unchecked) calls to ap_b* routines with the - analogous ap_r* calls. [Roy Fielding] - - *) Enhanced mod_rewrite's mapfile handling: The in-core cache for text and - DBM format mapfiles now uses a 4-way hash table with LRU functionality. - Furthermore map lookups for non-existent keys are now cached as well. - Additionally "txt" maps are now parsed with simple string functions - instead of using ap_pregcomp(). As a side effect a bug that prevented - the usage of keys containing the "," character was fixed. - The changes drastically improve the performance when large rewrite maps - are in use. - [Michael van Elst , Lars Eilebrecht] PR#3160 - - *) Added ap_sub_req_method_uri() for doing a subrequest with a method - other than GET, and const'd the definition of method in request_rec. - [Greg Stein] - - *) Use proper pid_t type for saving PIDs in alloc.c. [John Bley] - - *) Replaced use of WIN32 define with HAVE_DRIVE_LETTERS to indicate - when the OS allows a DOS drive letter within pathnames. [Brian Havard] - - *) Add %V to mod_log_config, this logs the hostname according to the - UseCanonicalName setting (this is the pre-1.3.4 behaviour of - %v). Useful for mass vhosting. [Tony Finch ] - - *) Add support for \n and \t to mod_log_config, can be used to produce - more reliable logs with multiline entries. [Tony Finch ] - - *) Fixed a few compiler nits. [John Bley ] - - *) Added informative error messages for failed munmap() and fseek() calls - in http_core.c. [John Bley, Roy Fielding] - - *) Added some informative error messages for some failed malloc() - calls. [John Bley , Jim Jagielski] - - *) OS/2 ap_os_canonical_filename()'s behaviour is improved: ap_assert() - is removed. This allows directives to work and - prevents invalid requests from killing the process. - [Brian Havard ] - - *) Reorganised FAQ document. - [Joshua Slive ] PR#2497 - - *) src/support/: The ApacheBench benchmark program was overhauled by - David N. Welton: you can now have it generate an HTML TABLE, presumably - for integration into other HTML sources. David updated the ab man page - as well and added some missing descriptions. Thanks! - [David N. Welton ] - - *) Win32: The filename validity checker now allows filenames containing - characters in the range 0x80 to 0xff (for example accented characters). - [Paul Sutton] PR#3890 - - *) Added conditional logging based upon environment variables to - mod_log_config. mod_log_referer and mod_log_agent - are now deprecated. [Ken Coar] - - *) Allow apache acting as a proxy server to relay the real - reason of a failure to a client rather than the "internal - server error" it does currently. The general exposure mechanism - can be triggered by any module by setting the "verbose-error-to" - note to "*"; this allows more than just proxy errors to be exposed. - [Cliff Skolnick, Roy Fielding, Martin Kraemer] Related to PR#3455, 4086 - - *) Moved man pages for ab and apachectrl to section 8. - [Wilfredo Sanchez, Roy Fielding] - - *) Added -S option to install.sh so that options can be passed to - strip on some platforms. [Ralf S. Engelschall, Wilfredo Sanchez] - - *) Tweak modules Makefile generated by Configure so that it handles - the test case of no modules being selected. [chaz@reliant.com] - - *) Added a sectioning directive that allows - the user to assign authentication control to any HTTP method that - is *not* given in the argument list; i.e., the logical negation - of the directive. This is particularly useful for controlling - access on methods unknown to the Apache core, but perhaps known by - some module or CGI script. [Roy Fielding, Tony Finch] - - *) Prevent apachectl from complaining if the PIDFILE exists but - does not contain a process id, as might occur if the server is - being rapidly restarted. [Wilfredo Sanchez] - - *) Win32: Add global symbols missing from ApacheCore.def. [Carl Olsen] - - *) Entity tag comparisons for If-Match and If-None-Match were not being - performed correctly -- weak tags might cause false positives. Also, - strong comparison wasn't properly enforced in all cases. - [Roy Fielding, Ken Coar, Dean Gaudet] PR#2065, 3657 - - *) OS/2: Supply OS/2 error code instead of errno on semaphore errors. - [Brian Havard] - - *) Work around a bug in Lynx regarding its sending "Negotiate: trans" - even though it doesn't understand TCN. [Koen Holtman, Roy Fielding] - - *) Added ap_size_list_item(), ap_get_list_item(), and ap_find_list_item() - to util.c for parsing an HTTP header field value to extract the next - list item, taking into account the possible presence of nested comments, - quoted-pairs, and quoted-strings. ap_get_list_item() also removes - insignificant whitespace and lowercases non-quoted tokens. - [Roy Fielding] PR#2065 - - *) proxy: The various calls to ap_proxyerror() can return HTTP/1.1 status - code different from 500. This allows the proxy to, e.g., return - "403 Forbidden" for ProxyBlock'ed URL's. [Martin Kraemer] Related to PR#3455 - - *) Fix ordering of language variants for the case where the traditional - negotiation algorithm is being used with multiple language variants - and no Accept-Language. [James Treacy ] PR#3299, 3688 - - *) Do not round the TCN quality calculation to 5 decimal places, - unlike RFC 2296, because the calculation might need 12 decimal places - to get the right result. [Roy Fielding] - - *) Remove unused code to disable transparent negotiation when - negotiating on encoding only, as we now handle encoding too - (though this is nonstandard for TCN), remove charset=ISO-8859-1 - fiddle from the fiddle-averse RVSA comparison, and fix bugs in - some debugging statements within mod_negotiation. [Koen Holtman] - - *) Fixed a rare memory corruption possibility in mod_dir if the index - file is negotiable and no acceptable variant can be found. - [Dean Gaudet, Roy Fielding, Martin Kraemer] - - *) Win32: Add new config directive, ScriptInterpreterSource, to enable - searching the Win32 registry for script interpreters. - [Bill Stoddard] - - *) Win32: The compiled-in default filename for the error log is now - error.log, which matches the default in the distributed httpd.conf. - [Paul Sutton] - - *) Win32: Any error messages from -i or -u command line options are now - displayed on the console output rather than sent to the error log. - Also the "Running Apache..." message is not output unless Apache is - going to serve requests. [Paul Sutton] - - *) Rework the MD5 authentication scheme to use FreeBSD's algorithm, - and use a private significator ('$apr1$') to mark passwords as - being smashed with our own algorithm. Also abstract the password - checking into a new ap_validate_password() routine. [Ken Coar] - - *) Win32: The filename validity checker now allows "COM" but refuses - access to "COM1" through "COM4". This allows filenames such - as "com.name" to be served. [Paul Sutton] PR#3769. - - *) BS2000: Adapt to the new ufork() system call interface which will - make subtasking easier on the OSD/POSIX mainframe environment. - [Martin Kraemer] - - *) Add a compatibility define for escape_uri() -> ap_escape_uri() to - ap_compat.h. [David White ] PR#3725 - - *) Make NDBM file suffix determination for mod_rewrite more accurate, i.e. - use `.db' instead of `.pag' not only for FreeBSD, but also when - the NDBM library looks like Berkeley-DB based. - [Ralf S. Engelschall] PR#3773 - - *) Add ability to handle DES or MD5 authentication passwords. - [Ryan Bloom ] - - *) Fix O(n^2) memory consumption in mod_speling. [Dean Gaudet] - - *) SECURITY: Avoid some buffer overflow problems when escaping - quoted strings. (This overflow was on the heap and we believe - impossible to exploit.) [Rick Perry ] - - *) Let src/Configure be aware of CFLAGS options starting with plus - signs as it's the case for the HP/UX compiler. - [Doug Yatcilla ] PR#3681 - - *) Remove the hard-wire of TAR=tar (we now check for gtar and gnutar first) - and check to see if the tar we wind up with supports '-h'. - [Jim Jagielski] PR#3671 - - *) A consistent and conservative style for all shell scripts has been - implemented. Basically, all shell string tests use the traditional - hack of 'if [ "x$var" != "x" ]' or 'if [ "x$var" = "xstring" ]' - to protect against bare null variable strings (ie: wrapping both - sides with double quotes and prepending 'x'). 'x' was chosen - because it's more universal and hopefully easier for old shell - prgrammers, as well as being easier to search for in 'vi' (/x\$) :) - [Jim Jagielski] - - *) The status module now prints out both the main server generation as - well as the generation of each process. Also, the vhost info is - printed with '?notable'. [Jim Jagielski] - - *) Move src/main/md5c.c to src/ap/ap_md5c.c; it's httpd-neutral - and this makes its functions available to things in src/support. - [Ken Coar] - -Changes with Apache 1.3.4 - - *) Renamed macros status_drops_connection to ap_status_drops_connection - and vestigial scan_script_header to ap_scan_script_header_err, - mostly for aesthetic reasons. [Roy Fielding] - - *) The query switch "httpd -S" didn't exit after showing the - vhost settings. That was inconsistent with the other query functions. - [Martin Kraemer] - - *) Moved the MODULE_MAGIC_COOKIE from before the versions and - filename to the end of the STANDARD_MODULE_STUFF. Its - presence at the beginning prevented reporting of the filename - for modules compiled before 1 January 1999. [Ken Coar] - - *) SECURITY: ap_os_is_filename_valid() has been added to Win32 - to detect and prevent access to special DOS device file names. - [Paul Sutton, Ken Parzygnat] - - *) WIN32: Created new makefiles Makefile_win32.txt (normal build) - and Makefile_win32_debug.txt (debug build) that work on Win95. - Run each of the following from the src directory: - nmake /f Makefile_win32.txt # compiles normal build - nmake /f Makefile_win32.txt install # compiles and installs - nmake /f Makefile_win32.txt clean # removes compiled junk - nmake /f Makefile_win32_debug.txt # compiles debug build - nmake /f Makefile_win32_debug.txt install - nmake /f Makefile_win32_debug.txt clean - [Roy Fielding] - - *) Added binbuild.sh and findprg.sh helpers to make it easier for us - to build binary distributions. [Lars Eilebrecht] - - *) IndexOptions SuppressColumnSorting only turned off making - the column headers anchors; you could still change the display - order by manually adding a '?N=A' or similar query string to the - URL. Now SuppressColumnSorting locks in the sort order so - it can't be overridden this way. [Ken Coar] - - *) Added IndexOrderDefault directive to supply a default sort order - for FancyIndexed directory listings. [Ken Coar] PR#1699 - - *) Change the ap_assert macro to a variant that works on all platforms. - [Richard Prinz ] PR#2575 - - *) Make sure under ELF-based NetBSD (now) and OpenBSD (future) we don't - search for an underscore on dlsym() (as it's already the case - for FreeBSD 3.0). [Todd Vierling ] PR#2462 - - *) Small fix for mod_env.html: The module was documented as to be _not_ - compiled into Apache per default, although it _IS_ compiled into - Apache per default. [Sim Harbert ] PR#3572 - - *) Instead of fixing a bug in the generation procedure for config.status (a - backslash was missing) we remove the bug together with it's complete - context because the special cases of the past can now no longer occur - because of the recent magic for the --with-layout default. - [Ralf S. Engelschall] PR#3590 - - *) Make top-level Makefile aware of a parallel build procedures (make -j) by - making sure the src/support/ tools are _forced_ to be build last (they - depend on other libraries). - [Markus Theissinger ] - - *) Fix installation procedure: Now that os-inline.c is actually used (a - recently fixed bug prevented this) we need to also install os-include.c - in addition to os.h into the PREFIX/include/ location or building of - module DSOs with APXS fails. [Ralf S. Engelschall] PR#3527 - - *) Added MODULE_MAGIC_COOKIE as the first field in a module structure to - allow us to distinguish between a garbled DSO (or even a file which isn't - an Apache module DSO at all) and a DSO which doesn't match the current - Apache API. [Ralf S. Engelschall] PR#3152 - - *) Two minor enhancements to mod_rewrite: First RewriteRule now also - supports the ``nocase|NC'' flag (as RewriteCond already does for ages) to - match case insensitive (this especially avoids nasty patterns like - `[tT][eE][sS][tT]'). Second two additional internal map functions - `escape' and `unescape' were added which can be used to escape/unescape - to/from hex-encodings in URLs parts (this is especially useful in - combination with map lookups). - [Magnus Bodin, Ian Kallen, Ralf S. Engelschall] - - *) Renamed the macro escape_uri() to ap_escape_uri() which was - forgotten (because it was a macro) in the symbol renaming process. - [Ralf S. Engelschall] - - *) Fix some inconsistencies related to the scopes of directives. The only - user visible change is that the directives `UseCanonicalName' and - `ContentDigest' now use the (more correct) `Options' scope instead of - (less correct) `AuthConfig' scope. [Ralf S. Engelschall] - - *) Using DSO, the Server token was being mangled. Specifically, the - module's token was being added first before the Apache token. This - has been fixed. [Jim Jagielski] - - *) Major overhaul of mod_negotiation.c, part 2. - - properly handle "identity" within Accept-Encoding. - - allow encoded variants in RVSA negotiation and let them appear in - the Alternates field using the non-standard "encoding" tag-list. - - fixed both negotiation algorithms so that an explicitly accepted - encoding is preferred over no encoding if "identity" is not - included within Accept-Encoding. - - added ap_array_pstrcat() to alloc.c for efficient concatenation - of large substring sequences. - - replaced O(n^2) memory hogs in mod_negotiation with ap_array_pstrcat. - [Roy Fielding] - - *) Major overhaul of mod_negotiation.c, part 1. - - cleanups to mod_negotiation comments and code structure - - made compliant with HTTP/1.1 proposed standard (rfc2068) and added - support for everything in the upcoming HTTP/1.1 - revision (draft-ietf-http-v11-spec-rev-06.txt). - - language tag matching also handles tags with more than 2 - levels like x-y-z - - empty Accept, Accept-Language, Accept-Charset headers are - processed correctly; previously an empty header would make all - values acceptable instead of unacceptable. - - allowed for q values in Accept-Encoding - - added support for transparent content negotiation (rfc2295 and - rfc2296) (though we do not implement all features in these drafts, - e.g. no feature negotiation). Removed old experimental version. - - implemented 'structured entity tags' for better cache correctness - (structured entity tags ensure that caches which can deal with Vary - will (eventually) be updated if the set of variants on the server - is changed) - - this involved adding a vlist_validator element to request_rec - - this involved adding the ap_make_etag() function to the global API - - modified guessing of charsets used by Apache negotiation algorithm - to guess 'no charset' if the variant is not a text/* type - - added code to sort multiviews variants into a canonical order so that - negotiation results are consistent across backup/restores and mirrors - - removed possibility of a type map file resolving to another type map - file as its best variant - [Koen Holtman, Roy Fielding, Lars Eilebrecht] PR#3451, 3299, 1987 - - *) RFC2396 allows the syntax http://host:/path (with no port number) - but the proxy disallowed it (ap_proxy_canon_netloc()). - [David Kristol ] PR#3530 - - *) When modules update/modify the file name in the configfile_t structure, - syntax errors will report the updated name, not the original one. - [Fabien Coelho ] PR#3573 - - *) Correct some filename case assumptions from WIN32 to - CASE_BLIND_FILESYSTEM. [Brian Havard ] - - *) For %v log ServerName regardless of the UseCanonicalName - setting (similarly for %p). [Dean Gaudet] - - *) Configure was initializing the variables $OSDIR, $INCDIR and $SHELL - rather late (too late for some invocations of TestCompile). - This improves the make environment available to TestCompile and - the *.module scripts. [Martin Kraemer] - - *) The hashbang emulation code in ap_execve.c would interpret - #!/hashbang/scripts correctly, but failed to fall back to a - standard shell for scripts which did NOT start with #! - Now SHELL_PATH is started in these cases. [Martin Kraemer] - - *) PORT: Added the Cyberguard V2 port [Richard Stagg ] - PR#3336 - - *) Update APXS manual page: some -q option arguments were missing - and another was incorrect. [Mark Anderson ] PR#3553 - - *) Cleanup the command line options: `-?' was documented to show - the usage list but does it with an error because `?' is not a valid - command. OTOH a lot of users expect `-h' to print such a usage list and - instead are annoyed for ages by our huge unreadable list of directives. - So we now changed the command line options this way: - 1. `-L' => `-R' - Intent: we need `-L' to be free, and `-R' for the DSO run-time path is - very similar to the popular linker option. - 2. `-h' => `-L' - Intent: while -l gives the small list of modules, -L now gives the - large list of directives implemented by these modules. This is also - consistent with -v (short version info) and -V (large version info). - 3. `-?' => `-h' - Intent: it's now the expected option ;-) - The manual page was adjusted accordingly. - [Ralf S. Engelschall] PR#2714 - - *) Fixed problem of fclose() on an unopened file in suexec if LOG_EXEC - wasn't defined. [Rick Franchuk ] - - *) Removed recently introduced bugs and disfigurements in APACI: - o fixed argument line processing: using $args was broken: It was not - initialized and using args="$args $apc_option" and even args="$args - \"$apc_option\"" fails in the second processing round for any arguments - containing whitespaces. The only correct way is to use the construct - "$@" (but not possible here) or iterate _both_ times over the implicit - argument line (no argument to for-loop) which is what we now use. - o make --with-layout=Apache the default without creating - redundancy (copying the --with-layout block in the argument parsing - loop). We achieve this by using the "$@" construct together with the - `set' command to prepend --with-layout=Apache to the command line in - case --with-layout is not used. - o fixed auto-suffix handling now that config.layout exists. - Paths which are auto-suffixed are marked with a trailing plus sign in - config.layout and every path now can be marked this way (not only the - four paths for which we do it currently). Additionally the suffix is - no longer a static one. Instead it's now `/' where is - the argument of the --target option or per default `httpd'. - o allow also tabs (and only spaces) where we match whitespaces - o various fixes and cleanups related to used shell coding style - o made Jim happy by replacing `Written by' with `Initially written by' ;-) - o trimmed output of --help to fit into 80 columns - [Ralf S. Engelschall] - - *) Added two new core API functions, ap_single_module_configure() and - ap_single_module_init(), which are now used by mod_so to configure a module - after loading. [Ralf S. Engelschall] - - *) PORT: Add defines for USE_FLOCK_SERIALIZED_ACCEPT and - SINGLE_LISTEN_UNSERIALIZED_ACCEPT to NetBSD/OpenBSD section - of ap_config.h to allow serialized accept for multiport listens. - [Roy Fielding, Curt Sampson] PR#3120 - - *) PORT: Fixed a misplaced #endif for NetBSD/OpenBSD section - of ap_config.h that would skip several defines if DEFAULT_GROUP - was overridden. [Roy Fielding] - - *) PORT: The I86 version of DGUX has support for strncasecmp and - strcasecmp, so allow it in ap_config.h. [Amiel Lee Yee] PR#3247 - - *) Fix ordering of definitions in ap_config.h so that ap_inline is - defined before it might be used. [Victor Khimenko] - - *) PORT: Add Dynamic Shared Object (DSO) support for BSDI (v4.0). - [Tom Serkowski ] PR#3453 - - *) Make generation of src/Configuration.apaci more robust: It failed to - differenciate between modules when one module name was a postfix of - another (e.g. cgi vs. fastcgi). We now check for mod_XXX, libXXX and even - just XXX (think about totally non-standard names like "apache_ssl", too). - [Ralf S. Engelschall] PR#3380 - - *) In src/Configure remove the SERVER_SUBVERSION support (already deprecated - since 1.3b7) and make whitespace handling more robust (it failed horrible - when whitespaces were present in the arguments of -D options). - [Ralf S. Engelschall] PR#3240 - - *) Add APACI --shadow=DIR variant (in addition to --shadow). This now first - creates an external package shadow tree in DIR before the local build - shadow tree is generated under DIR. This way one can have the extracted - Apache distribution tree read-only on NFS or CDROM and still build Apache - from these sources. An automatically triggered VPATH-like mechanism is - provided through the TOP variable, too. - [Ralf S. Engelschall, Wilfredo Sanchez ] - - *) Fix negotiation so that a Vary response header is correctly - generated when, for a particular dimension, variants only vary - in having or not having a value for that dimension. [Paul Sutton] - - *) Fix negotiation so that we prefer an encoded variant over an - unencoded variant if the user-agent explicitly says it can - accept that encoding. Previously we always preferred the unencoded - variant. - [Paul Ausbeck , Paul Sutton] PR#3447 - - *) Fix APXS tool: query variables LIBS_SHLIB and TARGET were not recognized - and the usage page was inconsistent with the functionality and manpage. - [Ralf S. Engelschall] - - *) Allow special options -Wc,xxx and -Wl,xxx on APXS compile/link command. - They can occur multiple times and their arguments (`xxx') are passed AS - IS to the compiler/linker command. [Ralf S. Engelschall] - - *) Fixed possible (but harmless in practice) bug in the DBM lookup - procedure of mod_rewrite: very long keys were truncated. - [Ralf S. Engelschall] - - *) Added a generic --with-layout=[FILE:]ID option. ID here is a layout - identifier, currently "Apache" and "GNU" are pre-defined in the file - config.layout. Custom layouts are possible by using FILE:ID as the - argument where the layout ID is taken from FILE. - - The config.layout file consists of .. sections - where inside those sections "path_variable: path_value" pairs can be - specified. These lines are converted to path_variable='path_value'. - - *) Add a DefaultLanguage directive so that files missing a language - extension (e.g., .fr, .de) can be labelled as being some other - default language. DefaultLanguage can appear in and - containers as well as .htaccess files. [Paul Sutton] - PR#1180 - - *) Fix TARGET configuration when configuring and installing using - APACI configure. TARGET now defines the basename of the configuration - file, startup script, manual page, etc. log_error_core() now reports - the server binary name given by argv[0]. TARGET can now also be defined - with --target=TARGET parameter passed to APACI configure. - [Ralf Engelschall, Randy Terbush] - - *) mod_include.c:handle_perl() now properly tests for OPT_INCNOEXEC - rather than OPT_INCLUDES [Rainer Schoepf ] - - *) ap_md5_binary() was using sprintf() rather than a table lookup - to convert binary bytes to hex digits. - [Ronald Tschalär ] PR#3409 - - *) Fix SEGV in TCN negotiation if no variants are acceptable. - [Martin Plechsmid ] PR#1987 - - *) API: ap_exists_config_define() function is now "public" [Doug MacEachern] - - *) Fix documentation of `Action' directive: It can activate a CGI script - when either a handler or a MIME content type is triggered by the request. - [Andrew Pimlott ] PR#3340 - - *) Document the `add' command of `dbmmanage' in `dbmmanage.1' manpage. - [David MacKenzie ] PR#3394 - - *) Ignore a "ErrorDocument 401" directive with a full URL and write a - notice to the error log. It is not possible to send a 401 response - and a redirect at the same time. [Lars Eilebrecht] - - *) Fallback to native compilers for IRIX-32 platform. It seems that - a gcc 2.8.1 compiled apache is logging client addresses with all - bits set (255.255.255.255). This is the second such problem caused - by gcc 2.8.1 compiler. The first being broken semaphore locking. - [Randy Terbush] - - *) Updated mime.types to reflect current Internet media types - and include a URL to the registry. - [Manoj Kasichainula, Roy Fielding] PR#2380, 2286, 2246 - - *) SECURITY: Do a more complete check in mod_include to avoid - an infinite loop of recursive SSI includes. [Marc Slemko] PR#3323 - - *) Add APACI --suexec-docroot and --suexec-logfile options which can be - used to set the document root directory (DOC_ROOT) and the suexec - logfile (LOG_EXEC), respectively. Additionally the --layout option - was changed to show more information about the suEXEC setup. - [Lars Eilebrecht] PR#3316, 3357, 3361 - - *) Added the last two WebDAV status codes of 424 (Failed Dependency) - and 507 (Insufficient Storage) for use by third-party modules. - [Roy Fielding] - - *) Enabled all of the WebDAV method names for use by third-party - modules, Limit, and Script directives. That includes PATCH, - PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. - Improved mod_actions.c so that it can use any of the methods - defined in httpd.h. Added ap_method_number_of(method) for - getting the internal method number. [Roy Fielding] - - *) PORT: Add a port to the TPF OS. [Joe Moenich and - others at IBM] - - *) Fix problems with handling of UNC names (e.g., \\host\path) - on Win32. [Ken Parzygnat ] - - *) Rework os_canonical_*() on Win32 so it's simpler, more - robust, and works. [Ken Parzygnat ] - PR#2555, 2915, 3064, 3232 - - *) Work around incomplete implementation of strftime on Win32. - [Manoj Kasichainula, Ken Parzygnat ] - - *) Move a typedef to fix compile problems on Linux with 1.x kernels. - [Manoj Kasichainula] PR#3177 - - *) PORT: Add a port to the Concurrent PowerMAX OS. [Tom Horsley - ] - - *) WIN32: Log more explicit error messages if spawning an interpreted - script failed, including the command line used to attempt to execute - the interpreter and the Win32 error code returned. [Marc Slemko] - - *) Disable sending of error-notes on a 500 (Internal Server Error) response - since it often includes file path info. Enable sending of error-notes - on a 501 (Method Not Implemented). [Roy Fielding] PR#3173 - - *) http_config.c would respond with 501 (Method Not Implemented) if a - content type handler was specified but could not be found, which - should have been a 500 response. Likewise, mod_proxy.c would responsd - with a 501 if the URI scheme is unrecognized instead of the correct - response of 403 (Forbidden). [Roy Fielding] - - *) SECURITY: Eliminate DoS attack when a bad URI path contains what - looks like a printf format escape. [Marc Slemko, Studenten Net Twente] - - *) Fix in mod_autoindex: for files where the last modified time stamp was - unavailable, an empty string was printed which was 2 bytes short. - The size and description columns were therefore not aligned correctly. - [Martin Kraemer] (no PR#) - - *) Update BS2000 OS code to work with recent versions. Starting with - release A17, the child fork() must be replaced by a _rfork(). - (BS2000 only) [Martin Kraemer] - - *) Add the actual server_rec structure of the specific Vhost to the - scoreboard file and avoid a string copy (as well as allow some - further future enhancements). [Harrie Hazewinkel - ] - - *) Add APACI --permute-module=foo:bar option which can be used to - on-the-fly/batch permute the order of two modules (mod_foo and mod_bar) - in the Configuration[.apaci] file. Two special and important variants are - supported for the option argument: first BEGIN:foo which permutes module - mod_foo with the begin of the module list, i.e. it `moves' the module to - the begin of the list (gives it lowest priority). And second foo:END - which permutes mod_foo with the end of the module list, i.e. it `moves' - the module to the end of the list (gives it highest priority). - [Ralf S. Engelschall] - - *) Fix problem with 'apache -k shutdown' and startup event - synchronisation (Win32). [Ken Parzygnat ] - PR#3255 - - *) The config parser wasn't correctly noticing a missing '>' - on container start lines (e.g., it wouldn't spot - "] - PR#3279 - - *) Add a 'RemoveHandler' directive which will selectively remove - all handler associations for the specified file extensions. - [Ryan Bloom ] PR#1799. - - *) Properly handle & allow "nul" and ".*/null" in AccessConfig and - ResourceConfig directives on Win32. Also add a note to the effect - of 'useless User directive ignored on Win32' to the errorlog if - a User directive is encountered on Win32. - [Ken Parzygnat ] PR#2078, 2303. - - *) Fix multiple whitespace handling in imagemaps for mod_imap which was - broken since Apache 1.3.1 where we took out compressing of multiple - spaces in ap_cfg_getline(). - [Ivan Richwalski ] PR#3249 - - *) Fix Berkeley-DB/2.x support in mod_auth_db: The data structures were not - initialized correctly and the db_open() call used an invalid mode - parameter. [Ron Klatchko ] PR#3171 - - *) PORT: DSO support for UnixWare 7 - [Ralf S. Engelschall, Ron Record ] - - *) Merge the contents of the {srm,access}.conf-dist* files into the - httpd.conf-dist* files. The srm and access files now contain - only comments, and httpd.conf has all the combined contents in - a rational order. [Ken Coar] - - *) PORT: DSO/ELF support for FreeBSD 3.0. - [Ralf S. Engelschall, Dirk Froemberg ] - - *) Add a "default-handler" handler that calls the default_hander() - function which is normally called for static content. This allows - you to override a specific handler. [Marc Slemko] - - *) Further simplify checking for absolute paths by replacing an - hard-coded syntax check with a call to a routine we already created to - do this. [Ken Parzygnat ] PR#2976, 3074 - - *) Log an error if we encounter a malformed "require" directive - in mod_auth if we know that we know that no other module can - deal with it. [Marc Slemko] - - *) Remove ap_private_extern method of hiding conflicting symbols - on the NEXT platform because it is not correct for all versions, - and the versions for which it is correct are unknown. - [Wilfredo Sanchez ] - - *) Fix inheritance of IndexOptions NameWidth and remove unintended - restriction on +NameWidth, +IconHeight, and +IconWidth. [Ken Coar] - - *) Fix per-directory config merging for cases in which a 500 error - is encountered in an .htaccess file somewhere down the tree. - [Ken Coar] PR#2409 - - *) Minor performance improvement to ap_escape_html(). [Roy Fielding] - - *) Fixed a segmentation violation in mod_proxy when a response is - non-cachable. [Roy Fielding, traced by Doug Bloebaum]. PR#2950, 3056 - -Changes with Apache 1.3.3 - - *) Added a complete implementation of the Expect header field as - specified in rev-05 of HTTP/1.1. Disabled the 100 Continue - response when we already know the final status, which is mighty - useful for PUT responses that result in 302 or 401. [Roy Fielding] - - *) Remove extra trailing whitespace from the getline results as part - of the protocol processing, which is extra nice because it works - between continuation lines, is almost no cost in the normal case - of no extra whitespace, and saves memory. [Roy Fielding] - - *) Added new HTTP status codes and default response bodies from the - revised HTTP/1.1 (307, 416, 417), WebDAV (102, 207, 422, 423), and - HTTP Extension Framework (510) specifications. Did not add the - WebDAV 424 and 425 codes because they are bogus. We don't use any - of these codes yet, but they are now available to 3rd-party modules. - [Roy Fielding] - - *) Fix a possible race condition between timed-out requests and the - ap_bhalfduplex select that might result in an infinite loop on - platforms that do not validate the descriptor. [Roy Fielding] - - *) WIN32: Add "-k shutdown" and "-k restart" options to signal a - running Apache server [Paul Sutton] - - *) Fix mod_autoindex bug where directories got a size of "0k" instead - of "-". [Martin Plechsmid , Marc Slemko] - PR#3130 - - *) PORT: DRS 6000 machine. [Paul Debleecker ] - - *) Add the server signature text (from the core ServerSignature directive) - to the list of envariables available to scripts, SSI, and the like. - [Ken Coar] - - *) PORT: Fix sys/resource.h handling for SCO 3.x platform. - [M. Laak ] PR#3108 - - *) Fallback from sysconf-based to plain HZ-based `ticks per second' - calculation in mod_status for all systems which don't have POSIX - sysconf() (like UTS 2.1) and not only for the NEXT platform. - [Dave Dykstra ] PR#3055 - - *) Fix `require ...' directive parsing in mod_auth, mod_auth_dbm and - mod_auth_db by using ap_getword_white() (which uses ap_isspace()) - instead of ap_getword(..., ' ') (which parses only according to spaces - but not tabs). [James Morris , - Ralf S. Engelschall] PR#3105 - - *) Fix the SERVER_NAME variable under sub-request situations (where - `UseCanonicalName off' is used) like CGI's called from SSI pages or - RewriteCond variables by adopting r->hostname to sub-requests. - [James Grinter ] PR#3111 - - *) Fix stderr redirection under syslog-based error logging situation. - [Youichirou Koga ] PR#3095 - - *) Document `ErrorLog syslog:facility' variant of error logging. - [Youichirou Koga ] PR#3096 - - *) Fix http://localhost/ hints in top-level INSTALL document. - [Rob Jenson , Ralf S. Engelschall] PR#3088 - - *) Quote paths in default configuration files. [Wilfredo Sanchez] - - *) PORT: Remove extra HAVE_SYS_RESOURCE_H define for RHAPSODY since - it is now taken care of properly by the header file tests. - [Wilfredo Sanchez ] - - *) Fix problem with scripts and filehandle inheritance on Win32. - [Ken Parzygnat ] PR#2884, 2910 - - *) Win32 name canonicalisation could end up using the server's - working directory to fill in some blanks. [Ken Parzygnat - ] PR#3001 - - *) Correct invalid assumption by ap_sub_req_lookup_file() that all - absolute paths begin with "/" -- because they don't on Win32. - [Ken Parzygnat ] PR#2976, 3074 - - *) Add [REDIRECT_]VARIANTS environment variable to mod_speling - so that ErrorDocument 300 processors can reformat the list - if desired. [Ken Coar] PR#2859 - - *) Add +/- incremental prefixes to IndexOptions keywords, and - enable merging of multiple IndexOptions directives. [Ken Coar] - - *) PORT: Allow GuessOS to recognize Unixware 7.0.1 [Steve Cameron - ] - - *) Reconstructed the loop through multiple htaccess file names so - that missing files are not confused with unreadable files. - [Roy Fielding] - - *) The ap_pfopen and ap_pfdopen routines were failing to protect the - errno on an error, which leads to one error being mistaken for - another when reading non-existent .htaccess files. - [Jim Jagielski] - - *) OS/2: The new header tests get things right, need to update - ap_config.h. [Brian Havard] - - *) The Perl %ENV hash will now be setup by default when using the - mod_include `perl' command [Doug MacEachern] - - *) PORT: Add Pyramid DC/OSx support to configuration mechanism. - [Earle Ake ] - - *) PORT: Fix sys/resource.h handling for Amdahl's UTS 2.1 - [Dave Dykstra ] PR#3054 - - *) Correct comment in mod_log_config.c about its internals. - [Elf Sternberg ] - - *) Avoid possible line overflow in Configure: Use an awkfile to - handle the creation of modules.c [Jim Jagielski] - -Changes with Apache 1.3.2 - - *) Fix bug in ap_remove_module(), which caused problems for dso's - who were the top_module. [Doug MacEachern] - - *) Add support for Berkeley-DB/2.x (in addition to Berkeley-DB/1.x) to - mod_auth_db to both be friendly to users who wants to use this version - and to avoid problems under platforms where only version 2.x is present. - [Dan Jacobowitz , Ralf S. Engelschall] - - *) When using ap_log_rerror(), make the error message available to the - *ERROR_NOTES envariables by default. [Ken Coar] - - *) BS2000 platform only: get rid of the nasty BS2000AuthFile. - You now must define a BS2000Account name for the server User. - This has fewer security implications than the old approach. - [Martin Kraemer] - - *) Fix SHARED_CORE feature for HPUX platform: We now use extension `.sl' - instead of `.so' and `SHLIB_PATH' instead of `LD_LIBRARY_PATH' on this - platform to make the braindead HPUX linker happy. Notice, for the module - DSOs we don't have to use this, because these are loaded manually (and - not via HPUX' dld). [Ralf S. Engelschall] PR#2905, PR#2968 - - *) Remove 64 thread limit on Win32. - [Bill Stoddard ] - - *) Remove redundant substitutions in top-level Makefile.tmpl. - [Ralf S. Engelschall] - - *) Fix APACI's `Group' configuration adjustment - especially for Linux - platforms where `nogroup' exists in /etc/group. [Ralf S. Engelschall] - - *) Make PrintPath work generically instead of having one version - strictly for OS/2. [Jim Jagielski, Brian Havard] - - *) Fix the recently introduced C header file checking: We now use the C - pre-processor pass only (and no longer the complete compiler pass) to - determine whether a C header file exists or not. Because only this way - we're safe against inter-header dependencies (which caused horrible - portability problems). The only drawback is that we now have a CPP - configuration variable which has to be determined first (we do a similar - approach as GNU Autoconf does here). When all fails the user still has - the possibility to override it manually via APACI or src/Configuration. - As a fallback for the header check itself we can directly check the - existance of the file under /usr/include, too. - [Ralf S. Engelschall] PR#2777 - - *) PORT: Added RHAPSODY (Mac OS X Server) support. MAP_TMPFILE defined - as an alternate mechanism for mmap'd shared memory for RHAPSODY. - ap_private_extern defined to hide symbols that conflict with loaded - dynamic libraries on the NEXT and RHAPSODY platforms. - [Wilfredo Sanchez ] - - *) Delete PID file on clean shutdowns. - [Charles Randall ] PR#2947 - - *) Fix mod_auth_*.html documents: NSCA -> NCSA - [Youichirou Koga ] PR#2991 - - *) Fix INSTALL document: www.gnu.ai.mit.edu -> www.gnu.org - [Karl Berry ] PR#2994 - - *) Fix dbmmanage.1 manual page. - [Youichirou Koga ] PR#2992 - - *) Fix possible buffer overflow situation in suexec.c. - [Jeff Stewart ] PR#2790 - - *) Add some more LIBS for the SCO5 platform which are needed for the already - used -lprot. It's actually a bug in SCO5, of course. - [Ronald Record ] PR#2533 - - *) Fix documentation of ProxyPass/ProxyPassReverse according to the - trailing slash problem. [Jon Drukman ] PR#2933 - - *) Remove `-msym' option from LDFLAGS_SHLIB for the Digital UNIX (OSF/1) - platform, because it's only supported under version 4.0 and higher. But - because our GuessOS is still unaware of Digital UNIX versions and the - -msym is just to optimize the DSO statup time a little bit it's safe and - best when we leave it out now. [Ralf S. Engelschall] PR#2969 - - *) Fix the ap_log_error_old(), ap_log_unixerr() and ap_log_printf() - functions: First all three functions no longer fail on strings containing - "%" chars and second ap_log_printf() no longer does a double-formatting - (instead it directly passes through the message to be formatted to the - real internal formatting function). [Ralf S. Engelschall] PR#2941 - - *) Allow "Include" directives anywhere in the server config - files (but not .htaccess files). [Ken Coar] PR#2727 - - *) The proxy was refusing to serve CONNECT requests except to - port 443 (https://) and 563 (snews://). The new AllowCONNECT - directive allows the configuration of the ports to which a - CONNECT is allowed. [Sameer Parekh, Martin Kraemer] - - *) mod_expires will now act on content that is not sent from a file - on disk. Previously it would never add an Expires: header to - any response that did not come from a file on disk; the only - case where it still doesn't (and can't) add one for that type of - content is if you are using a modification date based setting. - [Marc Slemko, Paul Phillips ] - - *) Problems encountered during .htaccess parsing or CGI execution - that lead to a "500 Server Error" condition now provide explanatory - text (in the *ERROR_NOTES envariable) to ErrorDocument 500 scripts. - [Ken Coar] PR#1291 - - *) Add NameWidth keyword to IndexOptions directive so that the - width of the filename column is customisable. [Ken Coar, Dean Gaudet] - PR#1949, 2324. - - *) Recognize lowercase _and_ uppercase `uname' results under - SCO OpenServer. [David Coelho ] - - *) As duplicate "HTTP/1.0 200 OK" lines within the header seem to be - a common problem of (mis-administrated?) IIS servers, make the apache - proxy immune to these errors (and ignore the duplicates, but log - the fact to error_log). [Martin Kraemer], after the proposal in PR#2914 - - *) The ] PR#2866 - - *) Replace the inlined information grabbing stuff for the configuration - adjustment feature (no --without-confadjust) with calls to a new helper - script `buildinfo.sh' which is both more flexible and already proofed to - be more robust against platform differences. This mainly fixes the - recently occured ``sed: command garbled: ...'' problems. - [Ralf S. Engelschall] PR#2776, PR#2848 - - *) Make ab.c again pass ``gcc -Wall -Wshadow -Wpointer-arith -Wcast-align - -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Winline'' - without complains after we recently added the POST feature. - [Ralf S. Engelschall] - - *) Renamed is_HTTP_xxx() macros to ap_is_HTTP_xxx() name. They are used inside - modules as API functions and we forgot them at the big symbol renaming. - [Ralf S. Engelschall] - - *) Remove bad reference to non-existing SERVER_VERSION in mod_rewrite.html - [Youichirou Koga ] PR#2895 - - *) Dynamically size the filename column of mod_autoindex output. - [Dean Gaudet] - - *) Add the ability to do POST requests to the ab benchmarking tool. - [Kurt Sussman ] PR#2871 - - *) Bump up MAX_ENV_FLAGS in mod_rewrite.h from the too conservatice limit of - 5 to 10 because there are some users out there who always have 5 to 8 - variables in one RewriteRule and had to patch mod_rewrite.h for every - release. So 15 should be now more than enough, even for them. (I never - needed more than 4 in my RewriteRules ;-) - [Ralf S. Engelschall] - - *) Make the proxy generate and understand Via: headers - [Martin Kraemer] - - *) Change the proxy to use tables instead of array_headers for - the header lines. [Martin Kraemer] - - *) Make sure the config.status file is not overridden when just - ``configure --help'' is used. [Ralf S. Engelschall] PR#2844 - - *) Split MODULE_MAGIC_NUMBER into _MAJOR/_MINOR numbers. This should - provide a way to trace API changes that add functionality but do - not create a compatibility issue for precompiled modules, etc. - See include/ap_mmn.h for more details. [Randy Terbush] - - *) Fix suexec installation under `make install root=xxx' situation. - [Ralf S. Engelschall] - - *) Extend the output of the -V switch to include the paths of all - compiled-in configuration files, if they were overridden at - compile time, for least astonishment of the user. - [Martin Kraemer] - - *) When READing a request in ExtendedStatus mode, the "old" - vhost, request and client information is not displayed. - [Jim Jagielski] - - *) STATUS is no longer available. Full status information now - run-time configurable using the ExtendedStatus directive. - [Jim Jagielski] - - *) SECURITY: CAN-1999-1199 (cve.mitre.org) - Eliminate O(n^2) space DoS attacks (and other O(n^2) - cpu time attacks) in header parsing. Add ap_overlap_tables(), - a function which can be used to perform bulk update operations - on tables in a more efficient manner. [Dean Gaudet] - - *) SECURITY: Added compile-time and configurable limits for - various aspects of reading a client request to avoid some simple - denial of service attacks, including limits on maximum request-line - size (LimitRequestLine), number of header fields (LimitRequestFields), - and size of any one header field (LimitRequestFieldsize). Also added - a configurable directive LimitRequestBody for limiting the size of the - request message body. [Roy Fielding] - - *) Make status module aware of DNS and logging states, even if - STATUS not defined. [Jim Jagielski] - - *) Fix a problem with the new OS/2 mutexes. [Brian Havard] - - *) Enhance mod_speling so that CheckSpelling can be used in - containers and .htaccess files. [Ken Coar] - - *) API: new ap_custom_response() function for hooking into the - ErrorDocument mechanism at runtime [Doug MacEachern] - - *) API: new ap_uuencode() function [Doug MacEachern] - - *) API: scan_script_header_err_core() now "public" and renamed - ap_scan_script_header_err_core() [Doug MacEachern] - - *) The 'status' module will now show the process pid's and their - state even without full STATUS accounting. [Jim Jagielski] - - *) Restore the client IP address to the error log messages, this - was lost during the transition from 1.2 to 1.3. Add a new - function ap_log_rerror() which takes a request_rec * and - formats it appropriately. [Dean Gaudet] PR#2661 - - *) Cure ap_cfg_getline() of its nasty habit of compressing internal - whitespace in input lines -- including within quoted strings. - [Ken Coar] - but leading and trailing whitespace should continue to be - stripped [Martin Kraemer] - - *) Cleanup of the PrintPath/PrintPathOS2 helper functions. Avoid - the ugly use of an env. variable and use command-line args for - alternate $PATH. Make more like advanced 'type's as well. - [Jim Jagielski] - - *) The IRIXN32 Rule was being ignored. Configure now correctly adds - -n32 only if IRIXN32 says to. [Jim Jagielski, Alain St-Denis - ] PR#2736 - - *) Clean up a warning in mod_proxy. [Ralf S. Engelschall] - - *) Renamed __EMX__ (internal define of the gcc port under OS/2) to OS2 - following the same idea as "MSVC vs WIN32". Additionally the src/os/emx/ - directory was renamed to src/os/os2/ for consistency. - [Brian Havard, Ralf S. Engelschall] - - *) Add new Rule SHARED_CHAIN which can be used to enable linking of DSO - files (here modules) against other DSO files (here shared libraries). - This is done by determining a subset of LIBS which can be safely used for - linking the DSOs, i.e. PIC libs and shared libs. Currently the rule is - disabled for all platforms to avoid problems with this (experimental) - rule. But we provide it now for those people how ran into problems and - want to came out by forcing linking against DSOs. - [Ralf S. Engelschall] PR#2587 - - *) Fix suEXEC start message: Has to be of `notice' level to really get - printed together with the standard startup message because the `notice' - level is handled special inside ap_log_error() for startup messages. - [Ralf S. Engelschall] PR#2761 PR#2761 PR#2765 - - *) Add correct `model' MIME types from RFC2077 to mime.types file. - [Ralf S. Engelschall] PR#2732 - - *) Fixed examples in mod_rewrite.html document. - [Youichirou Koga , Ralf S. Engelschall] PR#2756 - - *) Allow ap_read_request errors to propagate through the normal request - handling loop so that the connection can be properly closed with - lingering_close, thus avoiding a potential TCP reset that would - cause the client to miss the HTTP error response. [Roy Fielding] - - *) One more portability fix for APACI shadow tree support: Swap order of awk - and sed in top-level configure script to avoid sed fails on some - platforms (for instance SunOS 4.1.3 and NCR SysV) because of the - non-newline-termined output of Awk. [Ralf S. Engelschall] PR#2729 - - *) PORT: NEC EWS4800 support. - [MATSUURA Takanori ] - - *) Fix a segfault in the proxy on OS/2. [Brian Havard] - - *) Fix Win32 part of ap_spawn_child() by providing a reasonable child_info - structure instead of just NULL. This fixes at least the RewriteMap - programs under Win32. [Marco De Michele ] PR#2483 - - *) Add workaround to top-level `configure' script for brain dead - `echo' commands which interpet escape sequences per default. - [Ralf S. Engelschall] PR#2654 - - *) Make sure that the path to the Perl interpreter is correctly - adjusted under `make install' also for the printenv CGI script. - [Ralf S. Engelschall] PR#2595 - - *) Update the mod_rewrite.html document to correctly reflect the situation - of the `proxy' (`[P]') feature. [Ralf S. Engelschall] PR#2679 - - *) Fix `install-includes' sub-target of `install' target in top-level - Makefile.tmpl: The umask+cp approach didn't work as expected (especially - for users which extracted the distribution under 'umask 077'), so replace - it by an explicit cp+chmod approach. - [Richard Lloyd, Curt Sampson, Ralf S. Engelschall] PR#2656 PR#2626 - - *) Fix `distclean' and `clean' targets in src/Makefile.tmpl to have same - behavior and to cleanup correctly even under enabled SHARED_CORE rule. - [Ralf S. Engelschall] - - *) Use a more straight forward and thus less problematic Sed command in - src/helper/mkdir.sh script. [Ralf S. Engelschall] - - *) Make sure the `configure' scripts doesn't fail when trying to guess the - domainname of the machine and there are multiple `domainname' and - `search' entries in /etc/resolv.conf. - [Ralf S. Engelschall] PR#2710 - - *) Add note about the SHARED_CORE requirement on some platforms also to the - INSTALL file because a lot of users don't read htdocs/manual/dso.html - first. [Ralf S. Engelschall] PR#2701 - - *) Fix document "hyperlink" for dso.html in src/Configuration.tmpl - [Knut A.Syed ] PR#2674 - - *) Modify mod_rewrite to update the Vary response field if the URL rewriting - engine does any manipulations or decisions based upon request fields. - [Ken Coar] PR#1644 - - *) Document the special APACI behavior for installation paths where - ``/apache'' is appended to paths under some (well defined, of course) - situations to prevent pollution of system locations with Apache files. - [Ralf S. Engelschall] PR#2660 - - *) Fixed problem with buffered response message not being sent for - the read_request error conditions of URI-too-long (414) and - malformed header fields (400). [Roy Fielding] PR#2646 - - *) Add support for the Max-Forwards: header line required by RFC2068 for - the TRACE method. This allows apache to TRACE along a chain of proxies - up to a predetermined depth. [Martin Kraemer] - - *) Fix SHARED_CORE rule: The CFLAGS_SHLIB variable is no longer doubled - (compilers complained) and the .so.V.R.P filename extension was adjusted - to correctly reflect the 1.3.2 version. - [Ralf S. Engelschall] PR#2644 - - *) SECURITY: Plug "..." and other canonicalization holes under OS/2. - [Brian Havard] - - *) PORT: implement serialized accepts for OS/2. [Brian Havard] - - *) mod_include had problems with the fsize and flastmod directives - under WIN32. Fix also avoids the minor security hole of using - ".." paths for fsize and flastmod. - [Manoj Kasichainula ] PR#2355 - - *) Fixed some Makefile dependency problems. [Dean Gaudet] - -Changes with Apache 1.3.1 - - *) Disable the incorrect entry for application/msword in the - mod_mime_magic "magic" file because it also matches other Office - documents. [Ralf S. Engelschall] PR#2608 - - *) Fix broken RANLIB handling in src/Configure (the entry from - src/Configuration.tmpl was ignored) and additionally force RANLIB to - /bin/true under HP/UX where ranlib exists but is deprecated. - [Ralf S. Engelschall] PR#2627 - - *) 'apachectl status' failed on some systems. - [Steve VanDevender , Lars Eilebrecht] PR#2613 - - *) Add new flags for ap_unparse_uri_components() to make it generate - the scheme://sitepart string only, or to omit the query string. - [Martin Kraemer] - - *) WIN32: Canonicalize ServerRoot before checking to see if it - is a valid directory. The failure to do this caused certain - ServerRoot settings (eg. "ServerRoot /apache") to be improperly - rejected. [Marc Slemko] - - *) Global renaming of C header files to both get rid of conflicts with third - party packages and to again reach consistency: - 1. conf.h -> ap_config.h - 2. conf_auto.h -> ap_config_auto.h \ these are now merged - 3. ap_config.h -> ap_config_auto.h / in the config process - 4. compat.h -> ap_compat.h - 5. apctype.h -> ap_ctype.h - Backward compatibility files for conf.h and compat.h were created. - - *) mod_mmap_static will no longer take action on requests unless at - least one "mmapfile" directive is present in the configuration. - This experimental module has to do some black magic to operate - inside the current API and thus creates side-effects for other - modules under some circumstances. - [Ralf S. Engelschall] - - *) Add conservative ticks around more egrep arguments in top-level configure - to avoid problems under brain-dead platforms like Digital UNIX (OSF1). - [Ralf S. Engelschall] PR#2596 - - *) mod_rewrite created RewriteLock files under the UID of the parent - process, thus the child processes had no write access to the files. - Now a chown() is done on the file to the uid of the children, - if applicable. [Lars Eilebrecht, Ralf S. Engelschall] PR#2341 - - *) Autogenerate some HAVE_XXXXX_H defines in conf_auto.h (determined via - TestCompile) instead of defining them manually in conf.h based on less - accurate platform definitions. This way we no longer have to fiddle with - OS-type and/or OS-version identifiers to discover whether a system header - file exists or not. Instead we now directly check for the existence of - those esoteric ones. - [Ralf S. Engelschall] PR#2093, PR#2361, PR#2377, PR#2434, - PR#2524, PR#2525, PR#2533, PR#2569 - - *) mod_setenvif (BrowserMatch* and friends) will now match a missing - field with "^$". [Ken Coar] - - *) Set the RTLD_GLOBAL dlopen mode parameter to allow dynamically loaded - modules to load their own modules dynamically. This improves mod_perl - and mod_php3 when these modules are loaded dynamically into Apache. - [Rasmus Lerdorf] - - *) Cache a proxied request in the event that the client cancels the - transfer, provided that the configured percentage of the file has - already been transferred. It works for HTTP transfers only. The - new configuration directive is called CacheForceCompletion. - [Glen Parker ] PR#2277 - - *) Add the "] - - *) Fix yet another signal-based race condition involving nested timers. - Signals suck. [Dean Gaudet] - - *) suexec's error messages have been clarified a little bit. [Ken Coar] - - *) Clean up some, but perhaps not all, 8-bit character set problems - with config file parsing, and URL parsing. We now define - ap_isdigit(), ap_isupper(), ... which cast to an (unsigned char). - This should work on most modern unixes. - [Dean Gaudet] PR#800, 2282, 2553 (and others) - - *) The "handler not found" error was issued in cases where the handler - really did exist, but was just declining to serve the request. - [John Van Essen ] PR#2529 - - *) Add Dynamic Shared Object (DSO) support for SCO5 (OpenServer 5.0.x). - [Ronald Record ] PR#2533 - - *) The APACI libexecdir was not extended with an "apache/" subdir - if the installation prefix didn't already contain "apache", but - it should be because the DSO files are Apache-specific. Now - libexecdir is treated the same way sysconfdir, datadir, localstatedir - and includedir are already treated. - [Charles Levert ] PR#2551 - - *) The parsing routine was incorrectly treating methods as - case-insensitive. [Ken Coar] - - *) The ap_bprintf() code neglected to test if there was an error on - the connection. ap_bflush() misdiagnosed a failure as a success. - [Dean Gaudet] - - *) add support for #perl arg interpolation in mod_include - [Doug MacEachern] - - *) API: Name changes of table_elts to ap_table_elts, is_table_empty - to ap_is_table_empty and bgetflag to ap_bgetflag. [Ben Laurie] - - *) PORT: Add UnixWare 7 support - [Vadim Kostoglodoff ] PR#2463 - - *) Fix the Guess-DSO-flags-from-Perl stuff in src/Configure: "perl" was - used instead of "$PERL" which contains the correctly determined Perl - interpreter (important for instance on systems where "perl" and "perl5" - exists, like BSDI or FreeBSD, etc). - [Ralf S. Engelschall] PR#2505 - - *) Move the initial suEXEC-related startup message from plain - fprintf()/stderr to a delayed ap_log_error()-based one to avoid problems - when Apache is started from inetd (instead of standalone). Under this - situation startup messages on stderr lead to problems (the line is sent - to the client in front of the requested document). - [Ralf S. Engelschall] PR#871, PR#1318 - - *) Add a flag so ap_fnmatch() can be used for case-blind pattern matching. - [Ken Coar, Dean Gaudet] - - *) WIN32: Don't collapse multiple slashes in PATH_INFO. - [Ben Laurie, Bill Stoddard ] PR#2274 - - *) WIN32 SECURITY: Eliminate trailing "."s in path components. These are - ignored by the Windows filesystem, and so can be used to bypass security. - [Ben Laurie, Alexei Kosut]. - - *) We now attempt to dump core when we get SIGILL. [Jim Jagielski] - - *) PORT: remove broken test for MAP_FILE in http_main.c. - [Wilfredo Sanchez ] - - *) PORT: Change support/apachectl to use "kill -0 $pid" to test if the - httpd is running. This should be more portable than figuring out - which of three dozen different versions of "ps" are installed. - [a cast of dozens] - - *) WIN32: If we can't figure out how to execute a file in a script - directory, bail out of the request with an error message. [W G Stoddard] - - *) WIN32 SECURITY: Eliminate directories consisting of three or more dots; - these are treated by Win32 as if they are ".." but are not detected by - other machinery within Apache. This is something of a kludge but - eliminates a security hole. [Manoj Kasichainula, Ben Laurie] - - *) Move ap_escape_quotes() from src/ap to src/main/util.c; it uses - pools and thus pollutes libap (until the pool stuff is moved there). - [Ken Coar] - - *) IndexIgnore should be case-blind on Win32 (and any other case-aware - but case-insensitive platforms). New #define for this added to conf.h - (CASE_BLIND_FILESYSTEM). [Ken Coar] PR#2455 - - *) Enable DSO support for OpenBSD in general, not only for 2.x, because it - also works for OpenBSD 1.x. [Ralf S. Engelschall] - - *) PORT: Fix compilation problem on ARM Linux. - [Sam Kington ] PR#2443 - - *) Let APACI's configure script determine some configuration parameters - (Group, Port, ServerAdmin, ServerName) via some intelligent tests to - remove some of the classical hurdles for new users when setting up - Apache. This is done per default because it is useful for the average - user. Package authors can use the --without-confadjust option to disable - these configuration adjustments. - [Ralf S. Engelschall] - - *) Added an EXTRA_DEPS configuration parameter which can be used - to add an extra Makefile dependency for the httpd target, for instance - to external third-party libraries, etc. - [Ralf S. Engelschall] - - *) Add .. sections to the core module (with same spirit - as .. sections) which can be used to skip or process - contained commands dependend of ``-D PARAMETER'' options on the command - line. This can be used to achieve logical conditions like instead of physically ones (e.g. ) - and thus especially can be used for conditionally loading DSO-based - modules via LoadModule, etc. [Ralf S. Engelschall] - - *) PORT: clean up a warning in mod_status for OS/2. [Brian Havard] - - *) Make table elements const. This may prevent obscure errors. [Ben Laurie] - - *) Fix parsing of FTP `SIZE' responses in proxy module: The newline was not - truncated which forced following HTTP headers to be data in the HTTP - reponse. [Ralf S. Engelschall, Charles Fu ] - PR#2412, 2367 - - *) Portability fix for APACI shadow tree support: Swap order of awk and sed - in top-level configure script to avoid sed fails on some platforms (for - instance SunOS 4.1.3 and NCR SysV) because of the non-newline-termined - output of Awk. [Bill Houle ] PR#2435 - - *) Improve performance of directory listings (mod_autoindex) by comparing - integer keys (last-modified and size) as integers rather than converting - them to strings first. Also use a set of explicit byte tests rather - than strcmp() to check for parent directory-ness of an entry. Oh, and - make sure the parent directory (if displayed) is *always* listed first - regardless of the sort key. Overall performance winnage should be good - in CPU time, instruction cache, and memory usage, particularly for large - directories. [Ken Coar] - - *) Add a tiny but useful goody to APACI's configure script: The generation - of a config.status script (as GNU Autoconf does) which remembers the used - configure command and hence can be used to restore the configuration by - just re-running this script or for remembering the configuration between - releases. - [Ralf S. Engelschall] - - *) Add httpd -t (test) option for running configuration syntax tests only. - If something is broken it complains and exits with a return code - non-equal to 0. This can be used manually by the user to check the Apache - configuration after editing and is also automatically used by apachectl - on (graceful) restart command to make sure Apache doesn't die on restarts - because of a configuration which is now broken since the last (re)start. - This way `apachectl restart' can be used inside cronjobs without having - to expect Apache to be falling down. Additionally the httpd -t can be run - via `apachectl configtest'. - [Ralf S. Engelschall] PR#2393 - - *) Minor display fix for "install" target of top-level Makefile: - the displayed installation command was incorrect although the - executed command was correct. Now they are in sync. - [Ralf S. Engelschall] PR#2402 - - *) Correct initialization of variable `allowed_globals' in http_main.c - [Justin Bradford ] PR#2400 - - *) Apache would incorrectly downcase the entire Content-Type passed from - CGIs. This affected server-push scripts and such which use - multipart/x-mixed-replace;boundary=ThisRandomString. - [Dean Gaudet] PR#2394 - - *) PORT: QNX update to properly guess 32-bit systems. - [Sean Boudreau ] PR#2390 - - *) Make sure the DSO emulation code for HPUX finds the proprietary shl_xxx() - functions which are in libdld under HPUX 9/10. - [Ralf S. Engelschall] PR#2378 - - *) Make sure the "install" target of the top-level Makefile doesn't break - because of a return code of 1 from an "if" (for instance under braindead - Ultrix the result code of an "if" construct is 1 if the "then" clause - didn't match). [Ralf S. Engelschall] - - *) Add an additional "dummy" target to the "$(LIB)" target in generated - modules/xxx/Makefile's to avoid problems with SVR4 Make under "full-DSO" - situation (no libxxx.a built, only mod_xxx.so's) where LIB and OBJS are - empty. [Ralf S. Engelschall, Dean Gaudet, Martin Kraemer] - - *) Replace two bad sprintf() calls with ap_snprintf() variants in - mod_rewrite. [Ralf S. Engelschall] - - *) Fix missing usage description for MetaFiles directive. - [David MacKenzie ] PR#2384 - - *) mod_log_config wouldn't let vhosts use log formats defined in the - main server. [Christof Damian ] PR#2090 - - *) mod_usertrack was corrupting the client hostname. As part of the - fix, the cookie values were slightly extended to include the - fully qualified hostname of the client. - [Dean Gaudet] PR#2190, 2229, 2366 - - *) Fix a typo in pool debugging code. [Alvaro Martinez Echevarria] - - *) mod_unique_id did not work on alpha linux (in general on any - architecture that has 64-bit time_t). - [Alvaro Martinez Echevarria] - - *) PORT: Make SCO 5 (and probably 3) compile again. [Ben Laurie] - - *) PORT: NCR MPRAS systems have the same bug with SIGHUP restart that - Solaris systems experience. So define WORKAROUND_SOLARIS_BUG. - [Klaus Weber ] PR#1973 - - *) Change "Options None" to "Options FollowSymLinks" in the - section of the default access.conf-dist - (and -win even though it doesn't matter there). This has better - performance, and more intuitive semantics. [Dean Gaudet] - - *) PORT: Updated support for UTS 2.1.2. - [Dave Dykstra ] PR#2320 - - *) Fix symbol export list (src/support/httpd.exp) after recent - API changes in the child spawning area. - [Jens-Uwe Mager ] - - *) Workaround for configure script and old `test' commands which do not - support the -x flag (for instance under platforms like Ultrix). This is - solved by another helper script findprg.sh which searches for Perl and - Awk like PrintPath but _via different names_. - [Ralf S. Engelschall] - - *) Remove the system() call from htpasswd.c, which eliminates a system - dependancy. ["M.D.Parker" ] PR#2332 - - *) PORT: Fix compilation failures on NEXTSTEP. - [Rex Dieter ] PR#2293, 2316 - - *) PORT: F_NDELAY is a typo, should have been FNDELAY. There's also - O_NDELAY on various systems. [Dave Dykstra ] PR#2313 - - *) PORT: helpers/GuessOS updates for various versions for NCR SVR4. - [juerg schreiner , - Bill Houle ] PR#2310 - - *) Fix recently introduced Win32 child spawning code in mod_rewrite.c which - was broken because of invalid ap_pstrcat() -> strcat() transformation. - [Ralf S. Engelschall] - - *) Proxy Cache Fixes: account for directory sizes, fork off garbage collection - to continue in background, use predefined types (off_t, size_t, time_t), - log the current cache usage percentage at LogLevel debug - [Martin Kraemer, based on discussion between Dean Gaudet & Dirk vanGulik] - -Changes with Apache 1.3.0 - - *) Using a type map file as a custom error document was not possible. - [Lars Eilebrecht] PR#1031 - - *) Avoid problems with braindead Awks by additionally searching for gawk - and nawk in APACI's configure script. - [Dave Dykstra , Ralf S. Engelschall] PR#2319 - - *) Rename md5.h to ap_md5.h to avoid conflicts with native MD5 on - some systems. [Randy Terbush] - - *) Change usage of perror()+fprintf(stderr,...) in mod_rewrite to - more proper ap_log_error() variants. - [Ralf S. Engelschall] - - *) Make sure the argument for the --add-module option to APACI's configure - script is of type [path/to/]mod_xxx.c because all calculations inside - configure and src/Configure depend on this. - [Ralf S. Engelschall] PR#2307 - - *) Changes usage of perror/fprintf to stderr to more proper ap_log_error - in mod_mime, mod_log_referer, mod_log_agent, and mod_log_config. - [Brian Behlendorf] - - *) Various OS/2 cleanups ["Brian Havard" ] - - *) PORT: QNX needed a #include ; and now it uses flock - serialized accept to handle multiple sockets. - [Rob Saccoccio ] PR#2295, 2296 - - *) Have NT properly set the directory for CGI scripts - (& other spawned children) - [W G Stoddard ] - - *) Propagate environment to CGI scripts correctly in Win32. - [W G Stoddard ] PR#2294 - - *) Some symbol renaming: - ap_spawn_child_err became ap_spawn_child - ap_spawn_child_err_buff became ap_bspawn_child - spawn_child was obsoleted and moved to compat.h - [Brian Behlendorf] - - *) Upgrade the child spawning code in mod_rewrite for the RewriteMap - programs: ap_spawn_child_err() is used and the Win32 case now uses - CreateProcess() instead of a low-level execl() (which caused problems in - the past under Win32). - [Ralf S. Engelschall] - - *) A few cosmetics and trivial enhancements to APXS to make the - generated Makefile more user friendly. [Ralf S. Engelschall] - - *) Proxy Fix: The proxy special failure routine ap_proxyerror() - was updated to use the normal apache error processing, thereby allowing - proxy errors to be treated by ErrorDocument's as well. For this - purpose, a new module-to-core communication variable "error-notes" - was introduced; the proxy (and possibly other modules) communicates - its error text using this variable. Its content is copied to a new - cgi-env-var REDIRECT_ERROR_NOTES for use by ErrorDocuments. - The old proxy special error routine ap_proxy_log_uerror() - was replaced by regular ap_log_error() calls, many messages were made - more informative. - [Martin Kraemer] PR#494, 1259 - - *) SECURITY: A possible buffer overflow in the ftp proxy was fixed. - [Martin Kraemer] - - *) Transform the configure message "You need root privileges for suEXEC" - from a fatal error into a (more friendly) warning because the building - ("make") of Apache we can allow, of course. Root privileges are needed - only for the installation step ("make install"). So make sure the - user is aware of this fact but let him proceed as long as he can. - [Ralf S. Engelschall] PR#2288 - - *) Renamed three more functions to common ap_ prefix which we missed at the - Big Symbol Renaming because they're #defines and not real C functions: - is_default_port(), default_port(), http_method(). - [Ralf S. Engelschall] - - *) A zero-length name after a $ in an SSI document should cause - just the $ to be in the expansion. This was broken during the - security fixes in 1.2.5. [Dean Gaudet] PR#1921, 2249 - - *) Call ap_destroy_sub_req() in ap_add_cgi_vars() to reclaim some - memory. [Rob Saccoccio ] PR#2252 - - *) Fix src/support/httpd.exp (DSO export file which is currently only - used under AIX) because of recent changes to function names. - [Ralf S. Engelschall] - -Changes with Apache 1.3b7 - - *) Make sure a MIME-type can be forced via a RewriteRule even when no - substitution takes place, for instance via the following rule: - ``RewriteRule ^myscript$ - [T=application/x-httpd-cgi]'' This was often - requested by users in the past to force a single script without a .cgi - extension and outside any cgi-bin dirs to be executed as a CGI program. - [Ralf S. Engelschall] PR#2254 - - *) A fix for protocol issues surrounding 400, 408, and - 414 responses. [Ed Korthof] - - *) Ignore MaxRequestsPerChild on WIN32. [Brian Behlendorf] - - *) Fix discrepancy in proxy_ftp.c which was causing failures when - trying to connect to certain ftpd's, such as anonftpd. - [Rick Ohnemus ] - - *) Make mod_rewrite use ap_open_piped_log() for RewriteLog directive's - logfile instead of fiddling around itself with child spawning stuff. - [Ralf S. Engelschall] - - *) Made RefererIgnore case-insensitive. - - *) Mod_log_agent, mod_log_referer now use ap_open_piped_log for piped logs. - [Brian Behlendorf] - - *) Replace use of spawn_child with ap_spawn_child_err_buff, to make everything - "safe" under Win32. In: mod_include.c, mod_mime_magic.c - [Brian Behlendorf] - - *) Improve RFC1413 support. [Bob Beck ] - - *) Fix support script `dbmmanage': It was unable to handle some sort - of passwords, especially passwords with "0" chars. - [Ralf S. Engelschall] PR#2242 - - *) WIN32: Clicking on "Last Modified" in a fancy index caused a crash. Fixed. - [Ben Laurie] PR#2238 - - *) WIN32: CGIs could cause a hang (because of a deadlock in the standard C - library), so CGI handling has been changed to use Win32 native handles - instead of C file descriptors. - [Ben Laurie and Bill Stoddard ] PR#1129, 1607 - - *) The proxy cache would store an incorrect content-length in the cached - file copy after a cache update. That resulted in repeated fetching - of the original copy instead of using the cached copy. - [Ernst Kloppenburg ] PR#2094 - - *) The Makefiles assumed that DSO files are build via $(LD). This - is broken for two reasons: First we never defined at least LD=ld - somewhere to make sure this works (it was silently assumed that most Make - provide a built-in LD definition - ARGL!) and second using the generic LD - variable is not the truth. Instead a special variable named LD_SHLIB is - reasonable because although "ld" is usually the default, the command for - building DSO files can be "libtool" or even "cc" on some systems. - [Ralf S. Engelschall] - - *) Replace the AddVersionPlatform directive with ServerTokens which - provides for more control over the format of the Server: - header line. SERVER_SUBVERSION is no longer supported; - all module should use the ap_add_version_component() - API function instead. [Jim Jagielski] - - *) Support for the NCR MP/RAS 3.0 - [John Withers ] - - *) The LDFLAGS_SHLIB_EXPORT variable of src/Configuration[.tmpl] was - not retrieved in src/Configure and thus was not useable. - [Ralf S. Engelschall] - - *) Various Makefile consistency cleanups: - - make OSDIR also automatically be relative to src/ like INCDIR - - SUBDIRS is now generated in src/Makefile only and not in - Makefile.config because it is a local define for this location. - - remove BROKEN_BPRINTF_FLAGS because is it no longer used inside - any Makefile but make sure that at least the "-K inline" is kept in - CFLAGS for SCO 5. - - update the "depend" targets in Makefile.tmpl files to use $(OSDIR), too. - - updated the dependencies theirself - - removed not existing SHLIB variable from "clean" targets - - replaced SHLIB_OBJS/SHLIBS_OBJ consistently with OBJS_PIC because OBJS - already exists and OBJS_PIC are also just plain objects and have not - directly to do with "shared" things. The only difference is that they - contain PIC. So OBJS_PIC is the more canonical name. - - Updated the Makefile-dependency lines for OBJS_PIC - - Removed the Makefile-dependency line in Configure to avoid double - definitions - - replaced ugly xx-so.o/xx.so-o hack with a clean and consistent usage - of xxx.lo as GNU libtool does with its PIC objects - - reduce local complexity in modules Makefile.tmpl by moving the last - existing target "depend" to the generation section in Configure, too. - - removed the historical $(SPACER) which was used in the past together - with BROKEN_BPRINTF_FLAGS to avoid zig-zags in the build process. This - is no longer needed. - - force the build and run of the gen_xxx programs under main/ as the - first step before building the objects because it looks cleaner - [Ralf S. Engelschall] - - *) WIN32: Make Win32 work again after the /dev/null DoS fix. - [Ben Laurie] - - *) WIN32: Check for buffer overflows in ap_os_canonical_filename. - [Ben Laurie] - - *) WIN32: Don't force ISAPI headers to finish with \n. - [Jim Patterson , Ben Laurie] PR#2060 - - *) When opening "configuration" files (like httpd.conf, htaccess - and htpasswd), Apache will not allow them to be non-/dev/null - device files. This closes a DoS hole. At the same time, - we use ap_pfopen to open these files to handle timeouts. - [Jim Jagielski, Martin Kraemer] - - *) Apache will now log the reason its httpd children exit if they exit - due to an unexpected signal. (It requires a new porting define, - SYS_SIGLIST, which if defined should point to a list of text - descriptions of the signals available. See PORTING.) [Dean Gaudet] - - *) WIN32: chdir() doesn't make sense in a multithreaded environment - like WIN32. Before, Win32 CGI's could have had sporadic failures - if a chdir call from one thread was made between another chdir call - and a spawn in another thread. So, for now don't chdir for CGI scripts - in WIN32. The current CGI "spec" is unclear as to whether it's - necessary. Long-term fix is to either serialize the chdir/spawn combo - or use WIN32 native calls to spawn a process. This temp fix was - necessary to remove this as a showstopper for 1.3's release. - [Brian Behlendorf] - - *) Cleanup the suEXEC support in APACI and make it more safe: - 1. Add big fat hint in INSTALL about risks and to read the - htdocs/manual/suexec.html document before using the suexec-related - configure options. - 2. Make sure the user has at least provided one --suexec-xxxx option - (specifies suEXEC parameters) in addition to --enable-suexec option. - If only --enable-suexec is given APACI stops with a hint to INSTALL - and htdocs/manual/suexec.html documents. - 3. Provide two additional --suexec-xxxx options to make the suEXEC - configuration complete (especially for package maintainers who else - had to patch the source tree) by providing ways to configure minimal - UID/GID and safe PATH, too. - [Ralf S. Engelschall] - - *) Cleanup of the `configure --shadow' process: - - make sure the configure script creates its temporary files in the - shadow tree to avoid conflicts with parallel configure runs - - removed unnecessary option "-r" from "rm" call for Makefiles - - make sure the configure scripts creates the shadow-wrapper Makefile - only when no shadow trees already exists - - make sure "make distclean" removes the shadow-wrapper Makefile but only - when no more shadow trees exists - - overhauled mkshadow.sh script: now its more IFS-safe and approx. twice - as fast (in the past it needed 70sec, now it runs just 38sec) - - make sure CVS does not complain about the created files - Makefille. and directories src. - [Ralf S. Engelschall] - - *) Added the ap_add_version_component() API routine and the - AddVersionPlatform core directive. The first allows modules to - declare themselves in the Server response header field value, - augmenting the SERVER_SUBVERSION define in the Configuration file - with run-time settings (more useful in a loadable-module environment). - AddVersionPlatform inserts a comment such as "(UNIX)" or "(Win32)" - into the server version string. [Ken Coar] PR#2056 - - *) Minor stability tweaks to avoid core dumps in ap_snprintf. - [Martin Kraemer] - - *) Emit the "Accept-Range" header for the default handler. - [Brian Behlendorf] PR#1464 - - *) Add a note to httpd.conf-dist that apache will on some systems fail - to start when the Group # is set to a negative or large positive value. - [Martin Kraemer] - - *) Make sure the module execution order is correct even when some modules - are loaded under runtime (`LoadModule') via the DSO mechanism: - 1. The list of loaded modules is now a dynamically allocated one - and not the original statically list from modules.c - 2. The loaded modules are now correctly setup by LoadModule for - later use by the AddModule command. - 3. When the DSO mechanism for modules is used APACI's `install' - target now enables all created `LoadModule' lines per default because - this is both already expected by the user _and_ needed to avoid - confusion with the next point and reduces the Makefile.tmpl complexity - 4. When the DSO mechanism for modules is used, APACI's `install' - target now additionally makes sure the module list is reconstructed - via a complete `ClearModuleList+AddModule...' entry. - 5. The support tool `apxs' now also makes sure an AddModule command - is added in addition to the LoadModule command. - 6. The modules.c generation was extended to now contain two - comments to make sure no one is confused by the confusing terminology - of loading/linking (we use load=link+load & link=activate instead of - the obvious load=activate & link=link :-( ) - This way now there is no longer a difference under execution time between - statically and dynamically linked modules. - [Ralf S. Engelschall] - - *) Fix the generated mod_xxx.c from "apxs -g -f xxx" after the - Big Symbol Renaming. [Ralf S. Engelschall] - - *) Add a comment to mod_example.c showing the format of a FLAG command - handler. [Ken Coar] - - *) Standardized the time format in mod_status to match that of other - places in the code (e.g. DATE_GMT). PR#1551 - - *) Fix handling of %Z in timefmt strings for those platforms with no time - zone information in their tm struct. [Paul Eggert ] - PR#754 - - *) Makes mod_rewrite, mod_log_config, mod_status and the ServerSignature - feature compatible with 'UseCanonicalName off' by changing - r->server->server_hostname to ap_get_server_name(). And I changed some - functions which use r->server->port to use ap_get_server_port() instead, - because if there's no Port directive in the config r->server->port is 0. - [Lars Eilebrecht] - - *) get/set_module_config are trivial enough to be better off inline. Worth - 1.5% performance boost. [Dean Gaudet] - - *) Fix off-by-one error in ap_proxy_date_canon() in proxy_util.c - when ensuring 'x' is at least 30-chars big. [Jim Jagielski, - Brian Behlendorf] - - *) [BS2000 security] BS2000 needs an extra authentication to initialize - the task environment to the unprivileged User id. Otherwise CGI scripts - would have a way to gain super user access. [Martin Kraemer] - - *) Fix debug log messages for BS2000/OSD: instead of logging the whole - absolute path, only log base name of logging source as is done - in unix. [Martin Kraemer] - - *) Ronald Tschalaer's Accept-Encoding patch - preserve the "x-" in - the encoding type from the Accept-Encoding header (if it's there) - and use it in the response, as that's probably what it'll be expecting. - [Ronald.Tschalaer@psi.ch] - - *) Fix to mod_alias: translate_alias_redir is dealing with - a URI, not a filename, so the check for drive letters for win32 - and emx is not necessary. [Dean Gaudet] - - *) WIN32: Allow .cmd as an executable extension. - [Kari Likovuori ] PR#2146 - - *) Make Apache header files, and some variables, C++ friendly. - [Michael Anderson's ] - - *) Child processes can now "signal" (by exiting with a status - of APEXIT_CHILDFATAL) the parent process to abort and - shutdown the server if the error in the child process was - fatal enough. [Jim Jagielski] - - *) mod_autoindex's find_itme() was sensitive to MIME type case. - [Jim Jagielski] PR#2112 - - *) Make sure the referer_log and agent_log entries in the default httpd.conf - file are also adjusted for the actual relative installation paths. - [Ralf S. Engelschall] PR#2175 - - *) WIN32: Extensive overhaul of the way UNCs are handled. [Ben Laurie] - - *) WIN32: Make roots of filesystems (e.g. c:/) work. [Ben Laurie] - PR#1558 - - *) PORT: Various porting changes to support AIX 3.2, 4.1.5, 4.2 and 4.3. - Additionally the checks for finding the vendor DSO library were moved - from mod_so.c to Configure because first it needs $PLAT etc. and second - mod_so already uses an abstraction layer and does not fiddle with the - vendor functions itself. - [Jens-Uwe Mager, Ralf S. Engelschall] - - *) PORT: Some optimization defines for NetBSD - [Jaromir Dolecek ] PR#2165 - - *) PORT: Dynamic Shared Object (DSO) support for NetBSD. - [Jaromir Dolecek , Ralf S. Engelschall] PR#2158 - - *) Add Dynamic Shared Object (DSO) support for AIX (at least 4.2 but older - AIX variants should work fine, too. Even AIX 3.x should work). This is - accomplished by using the free DSO emulation code from Jens-Uwe Mager - which we put into a os/unix/os-dso-aix.c file. - [Ralf S. Engelschall] - - *) PORT: Fix compiler warnings under AIX >= 4.2 where the manual pages imply - that we should use NET_SIZE_T == int but the include files force size_t. - [Ralf S. Engelschall] - - *) Fix two bugs in select() handling in http_main.c. - [Roy Fielding] - - *) Suppress "error(0)" messages for ap_log_error() when the APLOG_NOERRNO - is unset (as it is in situations like timeouts) where it is unclear - whether errno is set or not. [Martin Kraemer] - - *) Just having APACI's localstatedir is too general and not enough for most - of the systems. 1.3b6 again required manual APACI patches by package - maintainers from Red Hat and FreeBSD because for their filesystem layout a - little bit more flexibility in configuring the paths is needed. Hence we - provide three additional configure options (--runtimedir, --logfiledir, - --proxycachedir) which now can be used for more granular adjustments if - --localstatedir is not enough to fit the particular needs. As a nice - side-effect this reduces some subdir fiddling in configure+Makefile.tmpl. - [Ralf S. Engelschall] - - *) Make the install root for "make install" in APACI's Makefile overrideable - by package authors. This way we are even more friendly to package - maintainers (especially Debian and Red Hat) who build for the real prefix - via "configure --prefix=/" but use a different local prefix via - "make root=/tmp/apache install" for rolling the package without bristling - the target location on their system. - [Ralf S. Engelschall] - - *) Workaround sed limitations in APACI's configure script by now - substituting in chunks of 50 commands (because for instance HPUX's vendor - sed has a limit of max. 98 commands) - [Ralf S. Engelschall] PR#2136 - - *) Adding SOCKS5 support and fixing existing SOCKS4 support. - [Ralf S. Engelschall] PR#2140 - - *) Manually fix some symbols which were not renamed to prefix ap_ in the BIG - RENAMING process because they are defined as pre-processor macros instead - of real functions: bputc, bgetc, piped_log_write_fd, piped_log_read_fd - [Ralf S. Engelschall] - - *) Workaround braindead AWK's when generating ap_config.h: The split() and - substr() functions cannot be nested under vendor AWK from Solaris 2.6. - [Ralf S. Engelschall] PR#2139 - - *) Various bugfixes and cleanups for the APACI configure script: - o fix IFS handling for _nested_ situation - o fix Perl interpreter search: take first one found instead of last one - o fix DSO consistency check - o print error messages to stderr instead of stdout - o add install-quiet for --shadow situation to Makefile stub - o reduce complexity by avoiding sed-hacks for rule and module list loops - [Ralf S. Engelschall] - - *) Fix DEBUG_CGI situation in mod_cgi.c [David MacKenzie] PR#2114 - - *) Make sure the input field separator (IFS) shell variable is explicitly - initialized correctly before _every_ `for' loop and also restored after - the loops. [Ralf S. Engelschall] - - *) Make sure that "make install" doesn't overwrite the `mime.types' and - `magic' files from an existing Apache installation. Because people often - customize these for own MIME and content types. - [Ralf S. Engelschall] - - *) PORT: Dynamic Shared Object (DSO) support for OpenBSD 2.x - [Peter Galbavy, Ralf S. Engelschall] PR#2109 - - *) Fix the path to the ScoreBoardFile in the install-config target, too. - [Ralf S. Engelschall] PR#2105 - - *) Let "configure" clear out the users parameters (provided as shell - variables) to avoid side-effects in "src/Configure" when the user - exported them (which is not needed, but some users do it). - [Ralf S. Engelschall] PR#2101 - - *) Provide backward compatibility from some old src/Configuration.tmpl - parameter names to the canonical Autoconf-style shell variable names. For - instance CFLAGS vs. EXTRA_CFLAGS. The EXTRA_xxx variants are accepted now - but a hint message is displayed. [Ralf S. Engelschall] - - *) Make sure that "make install" doesn't overwrite the DocumentRoot and - CGI scripts from an existing Apache installation. - [Ralf S. Engelschall, Jim Jagielski] PR#2084 - - *) Make `configure --compat' more "compatible" by first - let the libexecdir default to EPREFIX/libexec instead of EPREFIX/bin and - second by making sure the "avoid-bristling-suffix" /apache is not - appended to sysconfdir, datadir, localstatedir and includedir when - --compat is used. [Ralf S. Engelschall, Lars Eilebrecht] - - *) NeXT required strdup() in support/logresolve.c - [Francisco Tomei ] PR#2082 - - *) AIX required sys/select.h in support/ab.c - [Jens Schleusener ] PR#2081 - - *) Fix the path to the MimeMagicFile in the install-config target, too. - [Ralf S. Engelschall] PR#2089 - - *) PORT: Added HP-UX 11 patches [Jeff Earickson ] - - *) If you start apache with the -S command line option it will dump - out the parsed vhost settings. This is useful for folks trying - to figure out what is wrong with their vhost configuration. - (Other dumps may be added in the future.) [Dean Gaudet] - - *) Add %pA, %pI, and %pp codes to ap_vformatter (and hence ap_bprintf, - ap_snprintf, and ap_psprintf). See include/ap.h for docs. - [Dean Gaudet] - - *) Because /usr/local/apache is the default prefix the ``configure - --compat'' option no longer has to set prefix, again. This way the - --compat option honors a leading --prefix option. [Lars Eilebrecht] - - *) PORT: Cast the first argument of dlopen() in ap_os_dso_load() - to `char *' under OSF1 and FreeBSD 2.x where it is defined this way - to avoid "discard const" warnings. [Ralf S. Engelschall] - - *) If a specific handler is set for a file yet the request still - ends up being handled by the default handler, log an error - message before handling it. This catches things such as trying - to use SSIs without mod_include enabled. [Marc Slemko] - - *) Fix error logging for the startup case where ap_log_error() still uses - stderr as the target. Now the default log level is honored here, too. - [Ralf S. Engelschall] - - *) PORT: Make sure some AWK's don't fail in src/Configure with "string too - long" errors when generating the MODULES entry for src/Makefile - [Ben Hyde, Ralf S. Engelschall] - - *) Make sure src/Configure doesn't complain about the old directory - /usr/local/etc/httpd/ when APACI is used. [Lars Eilebrecht] - -Changes with Apache 1.3b6 - - *) PORT: Clean up warnings on Ultrix and HPUX. [Ben Hyde] - - *) Adding DSO support for the HP/UX platform by emulating the dlopen-style - interface via the similar but proprietary HP/UX shl_xxx-style system - calls. [Ralf S. Engelschall] - - *) PORT: Updated UnixWare 2.0.x and 2.1.x entries for DSO support and made - APACI Makefile.tmpl "install" target more robust for sensible UnixWare - Make. [Ralf S. Engelschall] - - *) ++++ THE BIG SYMBOL RENAMING ++++ - To avoid symbol clashes with third-party code compiled into the server, - we globally applied the prefix "ap_" to the following classes of - functions: - - Apache provided general functions (e.g., ap_cpystrn) - - Public API functions (e.g., palloc, bgets) - - Private functions which we can't make static (because of - cross-object usage) but should be (e.g., new_connection) - For backward source compatibility a new header file named compat.h was - created which provides defines for the old symbol names and can be used - by third-party module authors. - [The Apache Group] - - *) Added dynamic shared object (DSO) support for SVR4-derivates: The - problem under SVR4 is that there is no command flag to force the linker - to export the global symbols of the httpd executable therewith they are - available to the DSO's. Instead of problematic hacks like creating a - dummy.so file (containing dummy references to all global symbols) the - httpd binary is linked against, we use a clean trick stolen from Perl 5: - Placing the Apache core code itself into a DSO library named libhttpd.so. - This way the global symbols _HAVE_ to be exported and thus are available - to any manually loaded DSO's under runtime. To reduce the impact to the - user to null we go even further and create a stub httpd executable which - automatically keeps track of the DSO library loading itself and thus - hides the complete mechanism from the user. Although the generation of - this DSO library is automatically triggered for platforms which - essentially need it (mostly all SVR4-derivates) it can be also enabled - manually via the Rule SHARED_CORE. This can be interesting in the future - where we perhaps exploit this libhttpd.so mechanism for providing nifty - features like graceful upgrades, or whatever. - [Ralf S. Engelschall, Martin Kraemer] - - *) Build the libraries before building the rest of the tools. [Ben Hyde] - - *) Add "distclean" target to src/-Makefiles to provide "make distclean" also - inside the src subtree (i.e. for non-APACI users). Following GNU Makefile - conventions while "clean" removes only stuff created by "all" targets, - "distclean" additionally removes the stuff from the configuration - process. This way "make distclean" (hence the name) provides a fresh - source tree as it was for distribution. - [Ralf S. Engelschall] - - *) Allow top-level (APACI) Makefile to break on build errors - the same way the src/ subtree Makefiles breaks on them by replacing the - initial APACI sed-subdir-display-kludge with a more clean - variable-passing-solution: variable SDP can optionally hold the subdir - prefix which is consistently used for displaying the subdir movement. - This way even the top-level Makefile can stop correctly on errors as the - user expects. [Ralf S. Engelschall] - - *) Fixed ordering of argument checks for RewriteBase directive. - [Todd Eigenschink ] PR#2045 - - *) Change Win32 IS_MODULE to SHARED_MODULE to match Unix' method of - indicating that a module is being compiled for dynamic loading. Also - remove #define IS_MODULE from modules and add SHARED_MODULE define - to the mak/dsp files. [Alexei Kosut] - - *) Reduce logging level of "normal" warning messages to APLOG_INFO, - since we are now logging APLOG_WARNING by default. [Roy Fielding] - - *) PORT: OS/2 tweak to deal with multiple .exe targets. [Brian Havard] - - *) Add documentation file and src/Configuration.tmpl entry for the - experimental mod_mmap_static module. Because although it is and marked as - an experimental one it is distributed and thus should be documented and - prepared for configuration the same way as all others modules. - [Ralf S. Engelschall] - - *) Add query (-q) option to apxs support tool to be able to manually query - specific settings from apxs. This is needed for instance when you - manually want to access Apache's header files and you need to assemble - the -I option. Now you can do -I`apxs -q INCLUDEDIR`. - [Ralf S. Engelschall] - - *) Now src/Configure uses a fallback strategy for the shared object support - on platforms where no explicit information is available: If a Perl - installation exists we ask it about its shared object support and if it's - the dlopen-style one we shamelessly guess the compiler and linker flags - for creating shared objects from Perls knowledge. Of course, the user is - warning about what we are doing and informed that he should send us - the guessed flags when they work. [Ralf S. Engelschall] - - *) Provide APACI --without-support option to be able to disable the build - and installation of the support tools from the src/support/ area. - Although its useful to have these installed per default we should provide - a way to compile and install without them for backward-compatibility. - [Ralf S. Engelschall] - - *) Add of the new APache eXtenSion (apxs) support tool for building and - installing modules into an _already installed_ Apache package through the - dynamic shared object (DSO) mechanism [mod_so.c]. The trick here is that - this approach actually doesn't need the Apache source tree. The - (APACI-installed) server package is enough, because this now includes the - Apache C header files (PREFIX/include) and the new APXS tool - (SBINDIR/apxs). The intend is to provide a handy tool for third-party - module authors to build their Apache modules _OUTSIDE_ the Apache source - tree while avoiding them to fiddle around with the totally platform - dependend way of compiling DSO files. The tool supports all ranges of - modules, from trivial ones (single mod_foo.c) to complex ones (like PHP3 - which has a mod_php3.c plus a pre-built libmodphp3-so.a) and even can - on-the-fly generate a minimalistic Makefile and sample module for the - first step to provide both a quick success event and to demonstrate the - APXS mechanism to module authors. [Ralf S. Engelschall] - - *) Fix core dumps in use of CONNECT in proxy. - [Rainer.Scherg@rexroth.de] PR#1326, #1573, #1942 - - *) Modify the log directives in httpd.conf-dist files to use CustomLog - so that users have examples of how CustomLog can be used. - [Lars Eilebrecht] - - *) Add the new Apache Autoconf-style Interface (APACI) for the top-level of - the Apache distribution tree. Until Apache 1.3 there was no real - out-of-the-box batch-capable build and installation procedure for the - complete Apache package. This is now provided by a top-level "configure" - script and a corresponding top-level "Makefile.tmpl" file. The goal is - to provide a GNU Autoconf-style frontend which is capable to both drive - the old src/Configure stuff in batch and additionally installs the - package with a GNU-conforming directory layout. Any options from the old - configuration scheme are available plus a lot of new options for flexibly - customizing Apache. [Ralf S. Engelschall] - - *) The floating point ap_snprintf code wasn't threadsafe. - Had to remove the HAVE_CVT macro in order to do threadsafe - calling of the ?cvt() floating point routines. [Dean Gaudet] - - *) PORT: Add the SCO_SV port. [Jim Jagielski] PR#1962 - - *) PORT: IRIX needs the -n32 flag iff using the 'cc' compiler - [Jim Jagielski] PR#1901 - - *) BUG: Configure was using TCC and CC inconsistently. Make sure - Configure knows which CC we are using. [Jim Jagielski] - - *) "Options +Includes" wasn't correctly merged if "+IncludesNoExec" - was defined in a parent directory. [Lars Eilebrecht] - - *) API: ap_snprintf() code mutated into ap_vformatter(), which is - a generic printf-style routine that can call arbitrary output - routines. Use this to replace http_bprintf.c. Add new routines - psprintf(), pvsprintf() which allocate the exact amount of memory - required for a string from a pool. Use psprintf() to clean up - various bits of code which used ap_snprintf()/pstrdup(). - [Dean Gaudet] - - *) PORT: HAVE_SNPRINTF doesn't do anything any longer. This is because - ap_snprintf() has different semantics and formatting codes than - snprintf(). [Dean Gaudet] - - *) SIGXCPU and SIGXFSZ are now reset to SIG_DFL at boot-time. This - is necessary on at least Solaris where the /etc/rc?.d scripts - are run with these signals ignored, and "SIG_IGN" settings are - maintained across exec(). - [Rein Tollevik ] PR#2009 - - *) Fix the check for symbolic links in ``RewriteCond ... -l'': stat() was - used instead of lstat() and thus this flag didn't work as expected. - [Rein Tollevik ] PR#2010 - - *) Fix the proxy pass-through feature of mod_rewrite for the case of - existing QUERY_STRING now that mod_proxy was recently changed because of - the new URL parsing stuff. [Ralf S. Engelschall] - - *) A few changes to scoreboard definitions which helps gcc generate - better code. [Dean Gaudet] - - *) ANSI C doesn't guarantee that "int foo : 2" in a structure will - be a signed bitfield. So mark a few bitfields as signed to - ensure correct code. [Dean Gaudet] - - *) The default for HostnameLookups was changed to Off, but there - was a problem and it wasn't taking effect. [Dean Gaudet] - - *) PORT: Clean up undefined signals on some platforms (SCO, BeOS). - [Dean Gaudet] - - *) After a SIGHUP the listening sockets in the parent weren't - properly marked for closure on fork(). - [Jürgen Keil ] PR#2000 - - *) Allow %2F in two situations: 1) it is in the query part of the URI, - therefore not exposed to %2F -> '/' translations and 2) the request - is a proxy request, so we're not dealing with a local resource anyway. - Without this, the proxy would fail to work for any URL's with - %2f in them (occurs quite often in - http://.../cgi-bin/...?http%3A%2F%2F... references) [Martin Kraemer] - - *) Protect against FD_SETSIZE mismatches. [Dean Gaudet] - - *) Make the shared object compilation command more portable by avoiding - the direct combination of `-c' & `-o' which is not honored by some - compilers like UnixWare's cc. [Ralf S. Engelschall] - - *) WIN32: the proxy was creating filenames missing the last four - characters. While this normally doesn't stop anything from - working, it can result in extra collisions. - [Tim Costello ] PR#1890 - - *) Now mod_proxy uses the response string (in addition to the response status - code) from the already used FTP SIZE command to setup the Content-Length - header if available. [Ralf S. Engelschall] PR#1183 - - *) Reanimated the (still undocumented) proxy receive buffer size directive: - Renamed from ReceiveBufferSize to ProxyReceiveBufferSize because the old - name was really too generic, added documentation for this directive to - the mod_proxy.html and corrected the hyperlink to it in the - new_features_1.3.html document. [Ralf S. Engelschall] PR#1348 - - *) Fix a bug in the src/helpers/fp2rp script and make it a little bit - faster [Martin Kraemer] - - *) Make Configure die when you give it an unknown command switch. - [Ben Hyde] - - *) Add five new and fresh manpages for the support programs: dbmmanage.1, - suexec.8, htdigest.1, rotatelogs.8 and logresolve.8. Now all up-to-date - and per default compiled support programs have manual pages - just to - document our stuff a little bit more and to be able to do really - Unix-like installations ;-) [Ralf S. Engelschall] - - *) Major cleanups to the Configure script to make it and its generated - Makefiles again readable and maintainable: add SRCDIR option, removed - INCLUDES_DEPTH[0-2] kludge, cleanup of TARGET option, cleanup of - generated sections, consequently added Makefile headers with inheritance - information, added subdir movement messages for easier following where - the build process currently stays (more verbose then standard Make, less - verbose than GNU make), same style to comments in the Configure script, - added Apache license header, fixed a few bugs, etc. [Ralf S. Engelschall] - - *) Add the new ApacheBench program "ab" to src/support/: This is derived - from the ZeusBench benchmarking program and can be used to determine the - response performance of an Apache installation. This version is - officially licensed with Zeus Technology, Ltd. See the license agreement - statements in <199803171224.NAA24547@en1.engelschall.com> in apache-core. - [Ralf S. Engelschall] - - *) API: Various core functions that are definately not part of the API - have been made static, and a few have been marked API_EXPORT. Still - more have been marked CORE_EXPORT and are not intended for general - use by modules. [Doug MacEachern, Dean Gaudet] - - *) mod_proxy was not clearing the Proxy-Connection header from - requests; now it does. This did not violate any spec, however - causes poor interactions when you are talking to remote proxies. - [Marc Slemko] PR#1741 - - *) Various cleanups to the command line interface and manual pages. - [Ralf S. Engelschall] - - *) cfg_getline() was not properly handling lines that did not end - with a line termination character. [Marc Slemko] PR#1869, 1909 - - *) Performance tweak to mod_log_config. [Dmitry Khrustalev] - - *) Clean up some undocumented behavior of mod_setenvif related to - "merging" two SetEnvIf directives when they match the same header - and regex. Document that mod_setenvif will perform comparisons in - the order they appear in the config file. Optimize mod_setenvif by - doing more work at config time rather than at runtime. - [Dean Gaudet] - - *) src/include/ap_config.h now wraps it's #define's with #ifndef/#endif's - to allow for modules to overrule them and to reduce redefinition - warnings [Jim Jagielski] - - *) [PORT] For A/UX change the OS-#define for -DAUX to -DAUX3. - [Jim Jagielski] - - *) Making the hard-coded cross-module function call mime_find_ct() (from - mod_proxy to mod_mime) obsolete by making sure the API hook for MIME type - checking is really called even for proxy requests except for URLs with - HTTP schemes (because there we can optimize by not running the type - checking hooks due to the fact that the proxy gets the MIME Content-type - from the remote host later). This change cleans up mod_mime by removing - the ugly export kludge, makes the one-liner file mod_mime.h obsolete, and - especially unbundles mod_proxy and mod_mime. This way they both now can - be compiled as shared objects and are no longer tied together. - [Ralf S. Engelschall] - - *) util.c cleanup and speedup. [Dean Gaudet] - - *) API: Clarification, pstrndup() will always copy n bytes of the source - and NUL terminate at the (n+1)st byte. [Dean Gaudet] - - *) Mark module command_rec and handler_rec structures const so that they - end up in the read-only data section (and are friendlier to systems - that don't do optimistic memory allocation on fork()). [Dean Gaudet] - - *) Add check to the "Port" directive to make sure the specified - port is in the appropriate range. [Ben Hyde] - - *) Performance improvements to invoke_handler(). - [Dmitry Khrustalev ] - - *) Added support for building shared objects even for library-style modules - (which are built from more than one object file). This now provides the - ability to build mod_proxy as a shared object module. Additionally - modules like mod_example are now also supported for shared object - building because the generated Makefiles now no longer assume there is at - least one statically linked module. [Ralf S. Engelschall] - - *) API: Clarify usage of content_type, handler, content_encoding, - content_language and content_languages fields in request_rec. They - must always be lowercased; and the strings pointed to shouldn't - be modified (you must copy them to modify them). Fix a few bugs - related to this. [Dean Gaudet] - - *) API: Clarification: except for RAW_ARGS, all command handlers can - treat the char * parameters as permanent, and modifiable. There - is no need to pstrdup() them. Clean up some needless pstrdup(). - [Dean Gaudet] - - *) Now mod_so keeps track of which module shared objects with which names - are loaded and thus avoids multiple loading and unloading and irritating - error_log messages. [Ralf S. Engelschall] - - *) Prior to the existence of mod_setenv it was necessary to tweak the TZ - environment variable in the apache core. But that tweaking interferes - with mod_setenv. So don't tweak if the user has specified an explicit - TZ variable. [Jay Soffian ] PR#1888 - - *) rputs() did not calculate r->sent_bodyct properly. - [Siegmund Stirnweiss ] PR#1900 - - *) The CGI spec says that REMOTE_HOST should be set to the remote hosts's - name, or left unset if this value is unavailable. Apache was setting - it to the IP address when unavailable. - [Tony Finch ] PR#1925 - - *) Various improvements to the configuration and build support for compiling - modules as shared objects. Especially Solaris 2.x, SunOS 4.1, IRIX and - OSF1 support with GCC and vendor compilers was added. This way shared - object support is now provided out-of-the-box for FreeBSD, Linux, - Solaris, SunOS, IRIX and OSF1. In short: On all major platforms! - [Ralf S. Engelschall] - - *) Minor cleanup in http_main -- split QNX and OS2 specific "mmap" - scoreboard code into separate #defines -- USE_POSIX_SCOREBOARD - and USE_OS2_SCOREBOARD. [Dean Gaudet] - - *) Fix one more special locking problem for RewriteMap programs in - mod_rewrite: According to the documentation of flock(), "Locks are on - files, not file descriptors. That is, file descriptors duplicated - through dup(2) or fork(2) do not result in multiple instances of a lock, - but rather multiple references to a single lock. If a process holding a - lock on a file forks and the child explicitly unlocks the file, the - parent will lose its lock.". To overcome this we have to make sure the - RewriteLock file is opened _AFTER_ the childs were spawned which is now - the case by opening it in the child_init instead of the module_init API - hook. [Ralf S. Engelschall] PR#1029 - - *) Change to Location and LocationMatch semantics. LocationMatch no - longer lets a single slash match multiple adjacent slashes in the - URL. This change is for consistency with RewriteRule and - AliasMatch. Multiple slashes have meaning in URLs that they do - not have in (some) filesystems. Location on the other hand can - be considered a shorthand for a more complicated regex, and it - does match multiple slashes with a single slash -- which is - also consistent with the Alias directive. - [Dean Gaudet] related PR#1440 - - *) Fix bug with mod_mime_magic causing certain files, including files - of length 0, to result in no response from the server. - [Dean Gaudet] - - *) The Configure script now generates src/include/ap_config.h which - contains the set of defines used when Apache is compiled on a platform. - This file can then be included by external modules before including - any Apache header files in case they are being built separately from - Apache. Along with this change, a couple of minor changes were - made to make Apache's #defines coexist peacefully with any autoconf - defines an external module might have. [Rasmus Lerdorf] - - *) Fix mod_rewrite for the ugly API case where sections exist - but without any RewriteXXXXX directives. Here mod_rewrite is given no - chance by the API to initialize its per-server configuration and thus - receives the wrong one from the main server. This is now avoided by - remembering the server together with the config structure while - configuring and later assuming there is no config when we see a - difference between the remembered server and the one calling us. - [Ralf S. Engelschall] PR#1790 - - *) Fixed the DBM RewriteMap support for mod_rewrite: First the support now - is automatically disabled under configure time when the dbm_xxx functions - are not available. Second, two heavy source code errors in the DBM - support code were fixed. This makes DBM RewriteMap's usable again after - a long time of brokenness. [Ralf S. Engelschall] PR#1696 - - *) Now all configuration files support Unix-style line-continuation via - the trailing backslash ("\") character. This enables us to write down - complex or just very long directives in a more readable way. The - backslash character has to be really the last character before the - newline and it has not been prefixed by another (escaping) backslash. - [Ralf S. Engelschall] - - *) When using ProxyPass the ?querystring was not passed correctly. - [Joel Truher ] - - *) To deal with modules being compiled and [dynamically] linked - at a different time from the core, the SERVER_VERSION and - SERVER_BUILT symbols have been abstracted through the new - API routines apapi_get_server_version() and apapi_get_server_built(). - [Ken Coar] PR#1448 - - *) WIN32: Preserve trailing slash in canonical path (and hence - in PATH_INFO). [Paul Sutton, Ben Laurie] - - *) PORT: USE_PTHREAD_SERIALIZED_ACCEPT has proven unreliable - depending on the rev of Solaris and what mixture of modules - are in use. So it has been disabled, and Solaris is back to - using USE_FCNTL_SERIALIZED_ACCEPT. Users may experiment with - USE_PTHREAD_SERIALIZED_ACCEPT at their own risk, it may speed - up static content only servers. Or it may fail unpredictably. - [Dean Gaudet] PR#1779, 1854, 1904 - - *) mod_test_util_uri.c created which tests the logic in util_uri.c. - [Dean Gaudet] - - *) API: Rewrite of absoluteURI handling, and in particular how - absoluteURIs match vhosts. Unless a request is a proxy request, a - "http://host" url is treated as if a similar "Host:" header had been - supplied. This change was made to support future HTTP/1.x protocols - which may require clients to send absoluteURIs for all requests. - - In order to achieve this change subtle changes were made to the API. In a - request_rec, r->hostlen has been removed. r->unparsed_uri now exists so - that the unmodified uri can be retrieved easily. r->proxyreq is not set - by the core, modules must set it during the post_read_request or - translate_names phase. - - Plus changes to the virtualhost test suite for absoluteURI testing. - - This fixes several bugs with the proxy proxying requests to vhosts - managed by the same httpd. - [Dean Gaudet] - - *) API: Cleanup of code in http_vhost.c, and remove vhost matching - code from mod_rewrite. The vhost matching is now performed by a - globally available function matches_request_vhost(). [Dean Gaudet] - - *) Reduce memory usage, and speed up ServerAlias support. As a - side-effect users can list multiple ServerAlias directives - and they're all considered. - [Chia-liang Kao ] PR#1531 - - *) The "poly" directive in image maps did not include the borders of the - polygon, whereas the "rect" directive does. Fix this inconsistency. - [Konstantin Morshnev ] PR#1771 - - *) Make \\ behave as expected. [Ronald.Tschalaer@psi.ch] - - *) Add the `%a' construct to LogFormat and CustomLog to log the client IP - address. [Todd Eigenschink ] PR#1885 - - *) API: A new source module main/util_uri.c; It contains a routine - parse_uri_components() and friends which breaks a URI into its component - parts. These parts are stored in a uri_components structure called - parsed_uri within each request_rec, and are available to all modules. - Additionally, an unparse routine is supplied which re-assembles the URI - components back to an URI, optionally hiding the username:password@ part - from ftp proxy requests, and other useful routines. Within the structure, - you find on a ready-for-use basis: - scheme; /* scheme ("http"/"ftp"/...) */ - hostinfo; /* combined [user[:password]@]host[:port] */ - user; /* user name, as in http://user:passwd@host:port/ */ - password; /* password, as in http://user:passwd@host:port/ */ - hostname; /* hostname from URI (or from Host: header) */ - port_str; /* port string (integer representation is in "port") */ - path; /* the request path (or "/" if only scheme://host was given) */ - query; /* Everything after a '?' in the path, if present */ - fragment; /* Trailing "#fragment" string, if present */ - This is meant to serve as the platform for *BIG* savings in - code complexity for the proxy module (and maybe the vhost logic). - [Martin Kraemer] - - *) Make all possible meta-construct expansions ($N, %N, %{NAME} and - ${map:key}) available for all location where a string is created in - mod_rewrite rewriting rulesets: 1st arg of RewriteCond, 2nd arg of - RewriteRule and for the [E=NAME:STRING] flag of RewriteRule. This way the - possible expansions are consequently usable at all string creation - locations. [Ralf S. Engelschall] - - *) Fix initialization of RewriteLogLevel (default now is 0 as documented - and not 1) and the per-virtual-server merging of directives. Now all - directives except `RewriteEngine' and `RewriteOption' are either - completely overridden (default) or completely inherited (when - `RewriteOptions inherit') is used. [Ralf S. Engelschall] PR#1325 - - *) Fix `RewriteMap' program lookup in situations where such maps are - defined but disabled (`RewriteEngine off') in per-server context. - [Ralf S. Engelschall] PR#1431 - - *) Fix bug introduced in 1.3b4-dev, config with no Port setting would cause - server to bind to port 0 rather than 80. [Dean Gaudet] - - *) Fix long-standing problem with RewriteMap _programs_ under Unix derivates - (like SunOS and FreeBSD) which don't accept the locking of pipes - directly. A new directive RewriteLock is introduced which can be used to - setup a separate locking file which then is used for synchronization. - [Ralf S. Engelschall] PR#1029 - - *) WIN32: The server root is obtained from the registry key - HKLM\SOFTWARE\Apache Group\Apache\ (version is currently - "1.3 beta"), unless overridden by the -d command line flag. The - value is stored by running "apache -i -d serverroot". [Paul Sutton] - - *) Merged os/win32/mod_dll.c into modules/standard/mod_so.c to support - dynamic loading on Win32 and Unix via the same module. [Paul Sutton] - - *) Now mod_rewrite no longer makes problematic assumptions on the characters - a username can contain when trying to expand it via /etc/passwd. - [Ralf S. Engelschall] - - *) The mod_setenvif BrowserMatch backwards compatibility command did not - work properly with spaces in the regex. [Ronald Tschalaer] PR#1825 - - *) Add new RewriteMap types: First, `rnd' which is equivalent to the `txt' - type but with a special post-processing for the looked-up value: It - parses it into alternatives according to `|' chars and then only one - particular alternative is chosen randomly (this is an essential - functionality needed for balancing between backend-servers when using - Apache as a Reverse Proxy. The looked up value here is a list of - servers). Second, `int' with the built-in maps named `tolower' and - `toupper' which can be used to map URL parts to a fixed case (this is an - essential feature to fix the case of server names when doing mass - virtual-hosting with the help of mod_rewrite instead of using - sections). [Ralf S. Engelschall, parts based on code from - Jay Soffian ] PR#1631 - - *) Add a new directive to mod_proxy similar to ProxyPass: `ProxyPassReverse'. - This directive lets Apache adjust the URL in Location-headers on HTTP - redirect responses sent by the remote server. This way the virtually - mapped area is no longer left on redirects and thus by-passed which is - especially essential when running Apache as a reverse proxy. - [Ralf S. Engelschall] - - *) Hide Proxy-Authorization from CGI/SSI/etc just like Authorization is - hidden. [Alvaro Martinez Echevarria] - - *) Apache will, when started with the -X (single process) debugging flag, - honor the SIGINT or SIGQUIT signals again now. This capability got lost - a while ago during OS/2 signal handling changes. - - *) [PORT] Work around the fact that NeXT runs on more than the - m68k chips in mod_status [Scott Anguish and Timothy Luoma - ] - - *) [PORT] Recognize FreeBSD versions so we can use the OS regex as well - as handling unsigned-chars for FreeBSD v3 and v2 [Andrey Chernov - and Jim] PR#1450 - - *) Use SA_RESETHAND or SA_ONESHOT when installing the coredump handlers. - In particular the handlers could trigger themselves into an infinite - loop if RLimitMem was used with a small amount of memory -- too small - for the signal stack frame to be set up. [Dean Gaudet] - - *) Fix problems with absoluteURIs introduced during 1.3b4. [Dean Gaudet, - Alvaro Martinez Echevarria ] - - *) Fix multiple UserDir problem introduced during 1.3b4-dev. - [Dean Gaudet] PR#1850 - - *) ap_cpystrn() had an off-by-1 error. - [Charles Fu ] PR#1847 - - *) API: As Ken suggested the check_cmd_context() function and related - defines are non-static now so modules can use 'em. [Martin Kraemer] - - *) mod_info would occasionally produce an unpaired in its - output. Fixed. [Martin Kraemer] - - *) By default AIX binds a process (and it's children) to a single - processor. httpd children now unbind themselves from that cpu - and re-bind to one selected at random via bindprocessor() - [Doug MacEachern] - - *) Linux 2.0 and above implement RLIMIT_AS, RLIMIT_DATA has almost no - effect. Work around it by using RLIMIT_AS for the RLimitMEM - directive. [Enrik Berkhan ] PR#1816 - - *) mod_mime_magic error message should indicate the filename when - reads fail. ["M.D.Parker" ] PR#1827 - - *) Previously Apache would permit to end (and - similary for Location and Directory), now this is diagnosed as an - error. Improve error messages for mismatched sections (, - , , , ...). - [Dean Gaudet, Martin Kraemer] - - *) is not permitted within (because of the - semantic ordering). [Dean Gaudet] PR#379 - - *) with wildcards was broken by the change in wildcard - semantics (* does not match /). To fix this, now - apply only to the basename of the request filename. This - fixes some other inconsistencies in semantics - (such as not working). [Dean Gaudet] PR#1817 - - *) Removed bogus "dist.tar" target from Makefile.tmpl and make sure - backup files are removed on "clean" target [Ralf S. Engelschall] - - *) PORT: Add -lm to LIBS for HPUX. [Dean Gaudet] PR#1639 - - *) Various errors from select() and accept() in child_main() would - result in an infinite loop. It seems these two tickle kernel - or library bugs occasionally, and result in log spammage and - a generally bad scene. Now the child exits immediately, - which seems to be a good workaround. - [Dean Gaudet] PR#1747, 1107, 588, 1787, 987, 588 - - *) Cleaned up some race conditions in unix child_main during - initialization. [Dean Gaudet] - - *) SECURITY: "UserDir /abspath" without a * in the path would allow - remote users to access "/~.." and bypass access restrictions - (but note /~../.. was handled properly). - [Lauri Jesmin ] PR#1701 - - *) API: os_is_path_absolute() now takes a const char * instead of a char *. - [Dean Gaudet] - -Changes with Apache 1.3b5 - - *) Source file dependencies in Makefile.tmpl files throughout the - source tree were updated to accurately reflect reality. - [Dean Gaudet] - - *) Preserve the content encoding given by the AddEncoding directive - when the client doesn't otherwise specify an encoding. - [Ronald Tschalaer ] - - *) Sort out problems with canonical filename handling happening too late. - [Dean Gaudet, Ben Laurie] - -Changes with Apache 1.3b4 - - *) The module structure was modified to include a *dynamic_load_handle - in the STANDARD_MODULE_STUFF portion, and the MODULE_MAGIC_NUMBER - has been bumped accordingly. [Paul Sutton] - - *) All BrowserMatch directives mentioned in - htdocs/manual/known_client_problems.html are in the default - configuration files. [Lars Eilebrecht] - - *) MiNT port update. [Jan Paul Schmidt] - - *) HTTP/1.1 requires x-gzip and gzip encodings be treated - equivalent, similarly for x-compress and compress. Apache - now ignores a leading x- when comparing encodings. It also - preserves the encoding the client requests (for example if - it requests x-gzip, then Apache will respond with x-gzip - in the Content-Encoding header). - [Ronald Tschalaer ] PR#1772 - - *) Fix a memory leak on keep-alive connections. [Igor Tatarinov] - - *) Added mod_so module to support dynamic loading of modules on Unix - (like mod_dld for Win32). This replaces mod_dld.c. Use SharedModule - instead of AddModule in Configuration to build shared modules - [Sameer Parekh, Paul Sutton] - - *) Minor cleanups to r->finfo handling in some modules. - [Dean Gaudet] - - *) Abstract read()/write() to ap_read()/ap_write(). - Makes it easier to add other types of IO code such as SFIO. - [Randy Terbush] - - *) API: Generalize default_port manipulations to make support of - different protocols easier. [Ben Laurie, Randy Terbush] - - *) There are many cases where users do not want Apache to form - self-referential urls using the "canonical" ServerName and Port. - The new UseCanonicalName directive (default on), if set to off - will cause Apache to use the client-supplied hostname and port. - API: Part of this change required a change to the construct_url() - prototype; and the addition of get_server_name() and - get_server_port(). - [Michael Douglass , Dean Gaudet] - PR#315, 459, 485, 1433 - - *) Yet another rearrangement of the source tree.. now all the common - header files are in the src/include directory. The -Imain -Iap - references in Makefiles have been changed to the simpler -Iinclude - instead. In addition to simplifying the build a little bit, this - also makes it clear when a module is referencing something in a - other than kosher manner (e.g., the proxy including mod_mime.h). - Module-private header files (the proxy, mod_mime, the regex library, - and mod_rewrite) have not been moved to src/include; nor have - the OS-abstraction files. [Ken Coar] - - *) Fix a bug where r->hostname didn't have the :port stripped - from it. [Dean Gaudet] - - *) Tweaked the headers_out table size, and the subprocess_env - table size guess in rename_original_environment(). Added - MAKE_TABLE_PROFILE which can help discover make_table() - calls that use too small an initial guess, see alloc.c. - [Dean Gaudet] - - *) Options and AllowOverride weren't properly merging in the main - server setting inside vhosts (only an issue when you have no - or other section containing an Options that affects - a request). Options +foo or -foo in the main_server wouldn't - affect the main_server's lookup defaults. [Dean Gaudet] - - *) Variable 'cwd' was being used pointlessly before being set. - [Ken Coar] PR#1738 - - *) r->allowed handling cleaned up in the standard modules. - [Dean Gaudet] - - *) Some case-sensitivity issues cleaned up to be consistent with - RFC2068. [Dean Gaudet] - - *) SIGURG doesn't exist everywhere. - [Mark Andrew Heinrich ] - - *) mod_unique_id was erroneously generating a second unique id when - an internal redirect occured. Such redirects occur, for example, - when processing a DirectoryIndex match. [Dean Gaudet] - - *) API: table_add, table_merge, and table_set include implicit pstrdup() - of the key and value. But in many cases this is not required - because the key/value is a constant, or the value has been built - by pstrcat() or other similar means. New routines table_addn, - table_mergen, and table_setn have been added to the API, these - routines do not pstrdup() their arguments. The core code and - standard modules were changed to take advantage of these routines. - The resulting server is up to 20% faster in some situations. - - Note that it is easy to get code subtly wrong if you pass a key/value - which is in a pool other than the pool of the table. The only - safe thing to do is to pass key/values which are in the pool of - the table, or in one of the ancestors of the pool of the table. - i.e. if the table is part of a subrequest, a value from the main - request's pool is OK since the subrequest pool is a sub_pool of the - main request's pool (and therefore has a lifespan at most as long as - the main pool). There is debugging code which can detect improper - usage, enabled by defining POOL_DEBUG. See alloc.c for more details. - [Dmitry Khrustalev , Dean Gaudet] - - *) More mod_mime_magic cleanup: fewer syscalls; should handle "files" - which don't exist on disk more gracefully; handles vhosts properly. - Update documentation to reflect the code -- if there's no - MimeMagicFile directive then the module is not enabled. - [Dean Gaudet] - - *) PORT: Some older *nix dialects cannot automatically start scripts - which begin with a #! interpreter line (the shell starts the scripts - appropriately on these platforms). Apache now supports starting of - "hashbang-scripts" when the NEED_HASHBANG_EMUL define is set. - [Martin Kraemer, with code from peter@zeus.dialix.oz.au (Peter Wemm) - taken from tcsh] - - *) API: "typedef array_header table" removed from alloc.h, folks should - have been writing to use table as if it were an opaque type, but even - some standard modules got this wrong. By changing the definition - to "typedef struct table table" module authors will receive compile - time warnings that they're doing the wrong thing. This change - facilitates future changes with more sophisticated table - structures. Specifically, module authors should be using table_elts() - to get access to an array_header * for the table. [Dean Gaudet] - - *) API: Renamed new_connection() to avoid namespace collision with LDAP - library routines. [Ken Coar, Rasmus Lerdorf] - - *) WIN32: mod_speling is now available on the Win32 platform. - [Marc Slemko] - - *) For clarity the following compile time definition was changed: - - SAFE_UNSERIALIZED_ACCEPT -> SINGLE_LISTEN_UNSERIALIZED_ACCEPT - - Also, for example, HAVE_MMAP would mean to use mmap() scoreboards - and not be a general notice that the OS has mmap(). Now the - HAVE_MMAP/SHMGET #defines strictly are informational that the - OS has that method of shared memory; the type to use for - the scoreboard is a seperate #define (USE_MMAP_SCOREBOARD - and USE_SHMGET_SCOREBOARD). This allows outside modules to - determine if shared memory is available and allows Apache - to determine the best method to use for the scoreboard. - [Jim Jagielski] - - *) PORT: UnixWare 2.1.2 SMP appears to require USE_FCNTL_SERIALIZED_ACCEPT, - as do various earlier versions. It should be safe on all versions. - Unixware 1.x appears to have the same SIGHUP bug as solaris does with - the slack code. A few other cleanups for Unixware. - [Tom Hughes ] PR#1082, PR#1282, PR#1499, PR#1553 - - *) PORT: A/UX can handle single-listen accepts without mutex - locking, so we add SINGLE_LISTEN_UNSERIALIZED_ACCEPT. [Jim Jagielski] - - *) When die() happens we need to eat any request body if one exists. - Otherwise we can't continue with a keepalive session. This shows up - as a POST problem with MSIE 4.0, typically against pages which are - authenticated. [Roy Fielding] PR#1399 - - *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization - header will be passed to CGIs. This is generally a security hole, so - it's not a default. [Marc Slemko] PR#549 - - *) Fix Y2K problem with date printing in suexec log. - [Paul Eggert ] PR#1343 - - *) WIN32 deserves a pid file. [Ben Hyde] - - *) suexec errors now include the errno/description. [Marc Slemko] PR#1543 - - *) PORT: OSF/1 now uses USE_FLOCK_SERIALIZED_ACCEPT to solve PR#467. - The choice of flock vs. fcntl was made based on timings which showed that - even on non-NFS, non-exported filesystems fcntl() was an order of - magnitude slower. It also uses SINGLE_LISTEN_UNSERIALIZED_ACCEPT so - that single socket users will see no difference. [Dean Gaudet] PR#467 - - *) "File does not exist" error message was erroneously including the - errno. [Marc Slemko] - - *) Improve the warning message generated when a client drops the - connection (hits stop button, etc.) during a send. [Roy Fielding] - - *) Defining GPROF will disable profiling in the parent and enable it - in the children. If you're profiling under Linux this is pretty much - necessary because SIGPROF is lost across a fork(). [Dean Gaudet] - - *) htdigest and htpasswd needed slight tweaks to work on OS/2 and WIN32. - [Brian Havard] - - *) The NeXT cc (which is gcc hacked up) doesn't appear to support some - gcc functionality. Work around it. - [Keith Severson ] PR#1613 - - *) Some linkers complain when .o files contain no functions. - [Keith Severson ] PR#1614 - - *) Some const declarations in mod_imap.c that were added for debugging - purposes caused some compilers heartburn without adding any - significant value, so they've been removed. [Ken Coar] - - *) The src/main/*.h header files have had #ifndef wrappers added to - insulate them against duplicate calls if they get included through - multiple paths (e.g., in .c files as well as other .h files). - [Ken Coar] - - *) The libap routines now have a header file for their prototypes, - src/ap/ap.h, to ease their use in non-httpd applications. [Ken Coar] - - *) mod_autoindex with a plaintext header file would emit the 
-     start-tag before the HTML preamble, rather than after the preamble
-     but before the header file contents.  [John Van Essen ]
-     PR#1667
-
-  *) SECURITY: Fix a possible buffer overflow in logresolve.  This is
-     only an issue on systems without a MAXDNAME define or where
-     the resolver returns domain names longer than MAXDNAME.  [Marc Slemko]
-
-  *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
-     is used to read various types of files such as htaccess and
-     htpasswd files.  [Marc Slemko]
-
-  *) SECURITY: Ensure that the buffer returned by ht_time is always
-     properly null terminated.  [Marc Slemko]
-
-  *) The "Connection" header could be sent back with multiple "close"
-     tokens.  Not an error, but a waste.
-     [Ronald.Tschalaer@psi.ch] PR#1683
-
-  *) mod_rewrite's RewriteLog should behave like mod_log_config, it
-     shouldn't force hostname lookups.  [Dean Gaudet] PR#1684
-
-  *) "basic" auth needs a case-insensitive comparison.
-     [Ronald.Tschalaer@psi.ch] PR#1666
-
-  *) For maximum portability, the environment passed to CGIs should
-     only contain variables whose names match the regex
-     /[a-zA-Z][a-zA-Z0-9_]*/.  This is now enforced by stamping
-     underscores over any character outside the regex.  This
-     affects HTTP_* variables, in a way that should be backward
-     compatible for all the standard headers; and affects variables
-     set with SetEnv/BrowserMatch and similar directives.
-     [Dean Gaudet]
-
-  *) mod_speling returned incorrect HREF's when an ambiguous match
-     was found. Noticed by  (Soeren Ziehe)
-     [robinton@amtrash.comlink.de (Soeren Ziehe), Martin Kraemer]
-
-  *) PORT: Apache now compiles & runs on an EBCDIC mainframe
-     (the Siemens BS2000/OSD family) in the POSIX subsystem
-     [Martin Kraemer]
-
-  *) PORT: Fix problem killing children when terminating.  Allow ^C
-     to shut down the server.  [Brian Havard]
-
-  *) pstrdup() is implicit in calls to table_* functions, so there's
-     no need to do it before calling.  Clean up a few cases.
-     [Marc Slemko, Dean Gaudet]
-
-  *) new -C and -c command line arguments
-     usage:
-     -C "directive" : process directive before reading config files
-     -c "directive" : process directive after reading config files
-     example:
-     httpd -C "PerlModule Apache::httpd_conf"
-     [Doug MacEachern, Martin Kraemer]
-
-  *) WIN32: Fix the execution of CGIs that are scripts and called 
-     with path info that does not have an '=' in.
-     (eg. http://server/cgi-bin/printenv?foobar)  
-     [Marc Slemko] PR#1591
-
-  *) WIN32: Fix a call to os_canonical_filename so it doesn't try to 
-     mess with fake filenames.  This fixes proxy caching on 
-     win32. PR#1265
-
-  *) SECURITY: General mod_include cleanup, including fixing several
-     possible buffer overflows and a possible infinite loop.
-     [Dean Gaudet, Marc Slemko]
-
-  *) SECURITY: Numerous changes to mod_imap in a general cleanup
-     including fixing a possible buffer overflow.  [Dean Gaudet]
-
-  *) WIN32: overhaul of multithreading code. Shutdowns are now graceful
-     (connections are not dropped). Code can handle graceful restarts
-     (but there is as yet no way to signal this to Apache). Various
-     other cleanups. [Paul Sutton]
-
-  *) The aplog_error changes specific to 1.3 introduced a buffer
-     overrun in the (now legacy) log_printf function.  Fixed.
-     [Dean Gaudet]
-
-  *) mod_digest didn't properly deal with proxy authentication.  It
-     also lacked a case-insensitive comparision of the "Digest"
-     token.  [Ronald Tschalaer ] PR#1599
-
-  *) A few cleanups in mod_status for efficiency.  [Dean Gaudet]
-
-  *) A few cleanups in mod_info to make it thread-safe, and remove an
-     off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet]
-
-  *) no2slash() was O(n^2) in the length of the input.  Make it O(n).
-     [Dean Gaudet]
-
-  *) API: migration from strncpy() to our "enhanced" version called
-     ap_cpystrn() for performance and functionality reasons.
-     Located in libap.a.  [Jim Jagielski]
-
-  *) table_set() and table_unset() did not deal correctly with
-     multiple occurrences of the same key. [Stephen Scheck
-	 , Ben Laurie] PR#1604
-
-  *) The AuthName must now be enclosed in quotes if it is to contain
-     spaces.  [Ken Coar] PR#1195
-
-  *) API: new function: ap_escape_quotes(). [Ken Coar] PR#1195
-
-  *) WIN32: Work around optimiser bug that killed ISAPI in release
-     versions. [Ben Laurie] PR#1533
-
-  *) PORT: Update the MPE port [Mark Bixby, Jim Jagielski]
-
-  *) Interim (slow) fix for p->sub_pool critical sections in
-     alloc.c (affects win32 only).  [Ben Hyde]
-
-  *) non-WIN32 was missing destroy_mutex definition.  [Ben Hyde]
-
-  *) send_fd_length() did not calculate total_bytes_sent properly.
-     [Ben Reser ] PR#1366
-
-  *) The bputc() macro was not properly integrated with the chunking
-     code; in many cases modules using bputc() could cause completely
-     bogus chunked output.  (Typically this will show up as problems
-     with Internet Explorer 4.0 reading a page, but other browsers
-     having no problem.) [Dean Gaudet]
-
-  *) Create LARGE_WRITE_THRESHOLD define which determines how many
-     bytes have to be supplied to bwrite() before it will consider
-     doing a writev() to assemble multiple buffers in one system
-     call.  This is critical for modules such as mod_include,
-     mod_autoindex, mod_php3 which all use bputc()/bputs() of smaller
-     strings in some cases.  The result would be extra effort
-     setting up writev(), and in many cases extra effort building
-     chunks.  The default is 31, it can be overriden at compile
-     time. [Dean Gaudet]
-
-  *) Move the gid switching code into the child so that log files
-     and pid files are opened with the root gid.
-     [Gregory A Lundberg ]
-
-  *) WIN32: Check for binaries by looking for the executable header
-     instead of counting control characters.
-	 [Jim Patterson ] PR#1340
-
-  *) ap_snprintf() moved from main/util_snprintf.c to ap/ap_snprintf.c
-     so the functionality is available to applications other than the
-     server itself (like the src/support tools).  [Ken Coar]
-
-  *) ap_slack() moved out of main/util.c into ap/ap_slack.c as part of
-     the libap consolidation work.  [Ken Coar]
-
-  *) ap_snprintf() with a len of 0 behaved like sprintf().  This is not
-     useful, and isn't what the standards require.  Now it returns 0
-     and writes nothing.  [Dean Gaudet]
-
-  *) When an error occurs in fcntl() locking suggest the user look up
-     the docs for LockFile.  [Dean Gaudet]
-
-  *) Eliminate some dead code from writev_it_all().
-     [Igor Tatarinov ]
-
-  *) mod_autoindex had an fread() without checking the result code.
-     It also wouldn't handle "AddIconByType (TXT,/icons/text.gif text/*"
-     (note the missing closing paren) properly.  [Dean Gaudet]
-
-  *) It appears the "257th byte" bug (see
-     htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
-     at the 256th byte as well.  Fixed.  [Dean Gaudet]
-
-  *) PORT: Fix mod_mime_magic under OS/2, no support for block devices.
-     [Brian Havard]
-
-  *) Fix memory corruption caused by allocating auth usernames in the
-     wrong pool.  [Dean Gaudet] PR#1500
-
-  *) Fix an off-by-1, and an unterminated string error in
-     mod_mime_magic.  [Dean Gaudet]
-
-  *) Fix a potential SEGV problem in mod_negotiation when dealing
-     with type-maps.  [Dean Gaudet]
-
-  *) Better glibc support under Linux.  [Dean Gaudet] PR#1542
-
-  *) "RedirectMatch gone /" would cause a SIGSEGV. [Dean Gaudet] PR#1319
-
-  *) WIN32: avoid overflows during file canonicalisations.
-     [malcolm@mgdev.demon.co.uk] PR#1378
-
-  *) WIN32: set_file_slot() didn't detect absolute paths. [Ben Laurie]
-     PR#1511, 1508
-
-  *) WIN32: mod_status display header didn't match fields. [Ben Laurie]
-
-  *) The pthread_mutex_* functions return an error code, and don't
-     set errno.  [Igor Tatarinov ]
-
-  *) WIN32: Allow spaces to prefix the interpreter in #! lines.
-     [Ben Laurie] PR#1101
-
-  *) WIN32: Cure file leak in CGIs. [Peter Tillemans ] PR#1523
-
-  *) proxy_ftp: the directory listings generated by the proxy ftp module
-     now have a title in which the path components are clickable and allow
-     quick navigation to the clicked-on directory on the currently listed
-     ftp server. This also fixes a bug where the ".." directory links would
-     sometimes refer to the wrong directory.  [Martin Kraemer]
-
-  *) WIN32: Allocate the correct amount of memory for the scoreboard.
-     [Ben Hyde] PR#1387
-
-  *) WIN32: Only lowercase the part of the path that is real. [Ben Laurie]
-     PR#1505
-
-  *) Fix problems with timeouts in inetd mode and -X mode.  [Dean Gaudet]
-
-  *) Fix the spurious "(0)unknown error: mmap_handler: mmap failed"
-     error messages. [Ben Hyde]
-
-Changes with Apache 1.3b3
-
-  *) WIN32: Work around brain-damaged spawn calls that can't deal
-     with spaces and slashes.  [Ben Laurie]
-
-  *) WIN32: Fix the code so CGIs can use socket calls on Windows.  
-     The problem was that certain undocumented environment variables
-	 needed for sockets to work under Win32 were not being passed.
-     [Frank Faubert ]
-
-  *) Add a "-V" command line flag to the httpd binary.  This 
-     flag shows some of the defines that Apache was compiled with.
-     It is useful for debugging purposes.  [Martin Kraemer]
-
-  *) Start separating the ap_*() routines into their own library, so they
-     can be used by items in src/support among other things.  
-     [Ken Coar] PR#512, 905, 1252, 1308 
-
-  *) Give a more informative error when no AuthType is set.
-     [Lars Eilebrecht]
-
-  *) Remove strtoul() use from mod_proxy because it isn't available
-     on all platforms.   [Marc Slemko] PR#1214
-
-  *) WIN32: Some Win32 systems terminated all responses after 16 kB. 
-     This turns out to be a bug in Winsock - select() doesn't always 
-     return the correct status.  [Ben Laurie]
-
-  *) Directives owned by http_core can now use the new check_cmd_context()
-     routine to ensure that they're not being used within a container
-     (e.g., ) where they're invalid.  [Martin Kraemer]
-
-  *) PORT: Recent changes made it necessary to add explicit prototype
-     for fgetc() and fgets() on SunOS 4.x.  [Martin Kraemer, Ben Hyde]
-
-  *) It was necessary to distinguish between resources which are
-     allocated in the parent, for cleanup in the parent, and resources
-     which are allocated in each child, for cleanup in each child.
-     A new pool was created which is passed to the module child_init
-     and child_exit functions; modules are free to register per-child
-     cleanups there.  This fixes a bug with reliable piped logs.
-     [Dean Gaudet]
-
-  *) mod_autoindex wasn't displaying the ReadmeName file at the bottom
-     unless it was also doing FancyIndexes, but it displayed the
-     HeaderName file at the top under all circumstances.  It now shows
-     the ReadmeName file for simple indices, too, as it should.  
-     [Ken Coar] PR#1373
-
-  *) http_core was mmap()ing even in cases where it wasn't going to
-     read the file.  [Ben Hyde ]
-
-  *) Complete rewrite ;-) of mod_rewrite's URL rewriting engine:
-     Now the rewriting engine (the heart of mod_rewrite) is organized more
-     straight-forward, first time well documented and reduced to the really
-     essential parts. All redundant cases were stripped off and processing now
-     is the same for both per-server and per-directory context with only a
-     minimum difference (the prefix stripping in per-dir context). As a
-     side-effect some subtle restrictions and two recently discovered problems
-     are gone: Wrong escaping of QUERY_STRING on redirects in per-directory
-     context and restrictions on the substitution URL on redirects.
-     Additionally some minor source cleanups were done. 
-     [Ralf S. Engelschall] 
-
-  *) Lars Eilebrecht wrote a whole new set of Apache Vhost Internals
-     documentation, examples, explanations and caveats. They live in a new
-     subdirectory htdocs/manual/vhost/. [Lars Eilebrecht ]
-
-  *) If ap_slack fails to allocate above the low slack line it's a good
-     indication that further problems will occur; it's a better indication
-     than many external libraries give us when we actually run out of
-     descriptors.  So report it to the user once per restart.
-     [Dean Gaudet] PR#1181
-
-  *) Change mod_include and mod_autoindex to use Y2K-safe date formats
-     by default.  [Ken Coar]
-
-  *) Add a "SuppressColumnSorting" option to the IndexOptions list,
-     which will keep the column heading from being links for sorting
-     the display.  [Ken Coar, suggested by Brian Tiemann ]
-     PR #1261
-
-  *) PORT: Update the LynxOS port.  [Marius Groeger ]
-
-  *) Fix logic error when issuing a mmap() failed message
-     with a non-zero MMAP_THRESHOLD.
-     [David Chambers ] PR#1294
-
-  *) Preserve handler value on ProxyPass'ed requests by not
-     calling find_types on a proxy'd request; fixes problems
-     where some ProxyPass'ed URLs weren't actually passed
-     to the proxy.
-     [Lars Eilebrecht] PR#870
-
-  *) Fix a byte ordering problem in mod_access which prevented
-     the old-style syntax (i.e. "a.b.c." to match a class C)
-     from working properly. [Dean Gaudet] PR#1248, 1328, 1384
-
-  *) Fix problem with USE_FLOCK_SERIALIZED_ACCEPT not working
-     properly. Each child needs to open the lockfile instead
-     of using the passed file-descriptor from the parent. 
-     [Jim Jagielski] PR#1056
-
-  *) Fix the error logging in mod_cgi; the recent error log changes
-     introduced a bug that prevented it from working correctly.
-     [M.D.Parker] PR#1352
-
-  *) Default to USE_FCNTL_SERIALIZED_ACCEPT on HPUX to properly 
-     handle multiple Listen directives.  [Marc Slemko] PR#872
-
-  *) Inherit a bugfix to fnmatch.c from FreeBSD sources.
-     ["[KOI8-R] áÎÄÒÅÊ þÅÒÎÏ×" ] PR#1311
-
-  *) When a configuration parse complained about a bad directive,
-     the logger would use whatever (unrelated) value was in errno.
-     errno is now forced to EINVAL first in this case.  [Ken Coar]
-
-  *) A sed command in the Configure script pushed the edge of POSIXness,
-     breaking on some systems.  [Bhaba R.Misra ] PR#1368
-
-  *) Solaris >= 2.5 was totally broken due to a mess up using pthread
-     mutexes.  [Roy Fielding, Dean Gaudet]
-
-  *) OS/2 Port updated; it should be possible to build OS/2 from the same
-     sources as Unix now.  [Brian Havard ]
-
-  *) Fix a year formatting bug in mod_usertrack.
-     [Paul Eggert ] PR#1342
-
-  *) A mild SIGTERM/SIGALRM race condition was eliminated.
-     [Dean Gaudet] PR#1211
-
-  *) Warn user that default path has changed if /usr/local/etc/httpd
-     is found on the system.  [Lars Eilebrecht]
-
-  *) Various mod_mime_magic bug fixes and cleanups: Uncompression
-     should work, it should work on WIN32, and a few resource
-     leaks and abort conditions are fixed.
-     [Dean Gaudet] PR#1205
-
-  *) PORT: On AIX 1.x files can't be named '@', fix the proxy cache
-     to use '%' instead of '@' in its encodings.
-     [David Schuler ] PR#1317
-
-  *) Improve the warning message generated when the "server is busy".
-     [Dean Gaudet] PR#1293
-
-  *) PORT: All ports which don't otherwise define DEF_WANTHSREGEX will
-     get Spencer regex by default.  This is to avoid having to
-     discover bugs in operating system libraries.  [Dean Gaudet]
-
-  *) PORT: "Fix" PR#467 by generating warnings on systems which we have
-     not been able to get working USE_*_SERIALIZED_ACCEPT settings for.
-     Document this a bit more in src/PORTING.  [Dean Gaudet] PR#467
-
-  *) Ensure that one copy of config warnings makes it to the
-     error_log.  [Dean Gaudet]
-
-  *) Invent new structure and associated methods to handle config file
-     reading. Add "custom" hook to use config file cfg_getline() on
-     something which is not a FILE*  [Martin Kraemer]
-
-  *) Make single-exe Windows install. [Ben Laurie and Eric Esselink]
-
-  *) WIN32: Make CGI work under Win95. [Ben Laurie and Paul Sutton]
-
-  *) WIN32: Make index.html and friends work under Win95. [Ben Laurie]
-
-  *) PORT: Solaris 2.4 needs Spencer regex, the system regex is broken.
-	[John Line ] PR#1321
-
-  *) Default pathname has been changed everywhere to /usr/local/apache
-     [Sameer ]
-
-  *) PORT: AIX now uses USE_FCNTL_SERIALIZED_ACCEPT.
-	[David Bronder ] PR#849
-
-  *) PORT: i386 AIX does not have memmove.
-     [David Schuler ] PR#1267
-
-  *) PORT: HPUX now defaults to using Spencer regex.
-     [Philippe Vanhaesendonck ,
-     Omar Del Rio ] PR#482, 1246
-
-  *) PORT: Some versions of NetBSD don't automatically define
-	    __NetBSD__.  Workaround by defining NETBSD.
-     [Chris Craft ] PR#977
-
-  *) PORT: UnixWare 2.x requires -lgen for syslog.
-     [Hans Snijder ] PR#1249
-
-  *) PORT: ULTRIX appears to not have syslog.
-     [Lars Eilebrecht ]
-
-  *) PORT: Basic Gemini port (treat it like unixware212).
-     ["Pavel Yakovlev (Paul McHacker)" ]
-
-  *) PORT: All SVR4 systems now use NET_SIZE_T = size_t, and
-	    use USE_SHMGET_SCOREBOARD.
-     [Martin Kraemer]
-
-  *) Various improvements in detecting config file errors (missing closing
-     directives for ,  etc. blocks, prohibiting global
-     server settings in  blocks, flagging unhandled multiple
-     arguments to ,  etc.)
-     [Martin Kraemer]
-
-  *) Add support to suexec wrapper program for mod_unique_id's UNIQUE_ID
-     variable to provide this one to suexec'd CGIs, too.
-     [M.D.Parker ] PR#1284
-
-  *) New support tool: src/support/split-logfile, a sample Perl script which
-     splits up a combined access log into separate files based on the
-     name of the virtual host (listed first in the log records by "%v").
-     [Ken Coar]
-
-Changes with Apache 1.3b2 (there is no 1.3b1)
-
-  *) TestCompile was not passing $LIBS [Dean Gaudet]
-
-  *) Makefile.tmpl was not using $CFLAGS in the link phase. 
-     [Martin Kraemer]
-
-  *) Add debugging code to alloc.c.  Defining ALLOC_DEBUG provides a
-     rudimentary memory debugger which can be used on live servers with
-     low impact -- it sets all allocated and freed memory bytes to 0xa5.
-     Defining ALLOC_USE_MALLOC will cause the alloc code to use malloc()
-     and free() for each object.  This is far more expensive and should
-     only be used for testing with tools such as Electric Fence and
-     Purify.  See main/alloc.c for more details.  [Dean Gaudet]
-
-  *) Configure uses a sh trap and didn't set its exitcode properly.
-     [Dean Gaudet] PR#1159
-
-  *) Yet another vhost revamp.  Add the NameVirtualHost directive which
-     explicitly lists the ip:port pairs that are to be used for name-vhosts.
-     From a given ip:port, regardless what the Host: header is, you can
-     only reach the vhosts defined on that ip:port.  The precedence of
-     vhosts was reversed to match other precedences in the config --
-     the earlier vhosts override the later vhosts.  All vhost matching was
-     moved into http_vhost.[ch].  [Dean Gaudet]
-
-  *) ap_inline can be used to force inlining.  GNUC __attribute__() can
-     be used for whatever reason is appropriate (i.e. format() warnings
-     for printf style functions).  Both are enabled only with
-     gcc >= 2.7.x (so that we have fewer support issues with older
-     versions).  [Dean Gaudet]
-
-  *) Fix support for Proxy Authentication (we were testing the response
-     status too early). [Marc Slemko]
-
-  *) CoreDumpDirectory directive directs where the core file is
-     written when a SIGSEGV, SIGBUS, SIGABORT or SIGABRT are
-     received.  [Marc Slemko, Dean Gaudet]
-
-  *) PORT: Support for Atari MINT.
-     [Jan Paul Schmidt ]
-
-  *) When booting, apache will now detach itself from stdin, stdout,
-     and stderr.  stderr will not be detached until after the config
-     files have been read so you will be able to see initial error
-     messages.  After that all errors are logged in the error_log.
-     This makes it more convenient to start apache via rsh, ssh,
-     or crontabs.  [Dean Gaudet] PR#523
-
-  *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
-     Also removed the auto-generated link to www.apache.org that was the
-     source of so many misdirected bug reports.  [Roy Fielding, Marc Slemko]
-
-  *) send_fb would not detect aborted connections in some situations.
-     [Dean Gaudet]
-
-  *) mod_include would use uninitialized data when parsing certain
-     expressions involving && and ||. [Brian Slesinsky] PR#1139
-
-  *) mod_imap should only handle GET methods.  [Jay Bloodworth]
-
-  *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
-
-  *) mod_autoindex improperly counted &escapes; as more than one
-     character in the description.  It also improperly truncated
-     descriptions that were exactly the maximum length.
-     [Martin Kraemer]
-
-  *) RedirectMatch was not properly escaping the result (PR#1155).  Also
-     "RedirectMatch /advertiser/(.*) $1" is now permitted.
-     [Dean Gaudet]
-
-  *) mod_include now uses symbolic names to check for request success
-     and return HTTP errors, and correctly handles all types of
-     redirections (previously it only did temporary redirect correctly).
-     [Ken Coar, Roy Fielding]
-
-  *) mod_userdir was modifying r->finfo in cases where it wasn't setting
-     r->filename.  Since those two are meant to be in sync with each other
-     this is a bug.  ["Paul B. Henson" ]
-
-  *) PORT: Support Unisys SVR4, whose uname returns mostly useless data.
-     ["Kaufman, Steven E" ]
-
-  *) Inetd mode (which is buggy) uses timeouts without having setup the
-     jmpbuffer. [Dean Gaudet] PR#1064
-
-  *) Work around problem under Linux where a child will start looping
-     reporting a select error over and over.
-     [Rick Franchuk ] PR#1107, 987, 588
-
-  *) Fixed error in proxy_util.c when looping through multiple host IP
-     addresses. [Lars Eilebrecht] PR#974
-
-  *) If BUFFERED_LOGS is defined then mod_log_config will do atomic
-     buffered writes -- that is, it will buffer up to PIPE_BUF (i.e. 4k)
-     bytes before writing, but it will never split a log entry across a
-     buffer boundary.  [Dean Gaudet]
-
-  *) API: the short_score record has been split into two pieces, one which
-     the parent writes on, and one which the child writes on.  As part of
-     this change the get_scoreboard_info() function was removed, and
-     scoreboard_image was exported.  This change fixes a race condition
-     in file based scoreboard systems, and speeds up changes involving the
-     scoreboard in earlier 1.3 development.  [Dean Gaudet]
-
-  *) API: New register_other_child() API (see http_main.h) which allows
-     modules to register children with the parent for maintenance.  It
-     is disabled by defining NO_OTHER_CHILD.  [Dean Gaudet]
-
-  *) API: New piped_log API (see http_log.h) which implements piped logs,
-     and will use register_other_child to implement reliable piped logs
-     when it is available.  The reliable piped logs part can be disabled
-     by defining NO_RELIABLE_PIPED_LOGS.  At the moment reliable piped
-     logs is only available on Unix. [Dean Gaudet]
-
-  *) API: set_last_modified() broken into set_last_modified(), set_etag(), and
-     meets_conditions().  This allows conditional HTTP selection to be
-     handled separately from the storing of the header fields, and provides
-     the ability for CGIs to set their own ETags for conditional checking.
-     [Ken Coar, Roy Fielding]  PR#895
-
-  *) Changes to mod_log_config to allow naming of format strings.
-     Format nicknames are defined with "LogFormat fmt nickname", and can
-     be used with "LogFormat nickname" and "CustomLog logtarget nickname".
-     [Ken Coar]
-
-  *) New module, "mod_speling", which can help find files even when 
-     the URL is slightly misspelled. [Martin Kraemer, Alexei Kosut]
-
-  *) API: New function child_terminate() triggers the child process to
-     exit, while allowing the child finish what it needs to for the
-     current request first.  
-     [Doug MacEachern, Alexei Kosut]
-
-  *) Windows now defaults to using full status reports with mod_status.
-     [Alexei Kosut] PR #1094
-
-  *) *Really* disable all mod_rewrite operations if the engine is off.
-     Some things (like RewriteMaps) were checked/performed even if they
-     weren't supposed to be.  [Ken Coar] PR #991
-
-  *) Implement a new timer scheme which eliminates the need to call alarm() all
-     the time.  Instead a counter in the scoreboard for each child is used to
-     show when the child has made forward progress.  The parent samples this
-     counter every scoreboard maintenance cycle, and issues SIGALRM if no
-     progress has been made in the timeout period.  This reduces the static
-     request best-case syscall count to 22 from 29.  This scheme is only
-     used by systems with memory-based scoreboards.  [Dean Gaudet]
-
-  *) The proxy now properly handles CONNECT requests which are sent
-     to proxy servers when using ProxyRemote.  [Marc Slemko] PR#1024
-
-  *) A script called apachectl has been added to the support 
-     directory.  This script allows you to do things such as 
-     "apachectl start" and "apachectl restart" from the command
-     line.  [Marc Slemko]
-
-  *) Modules and core routines are now put into libraries, which
-     simplifies the link line tremendously (among other advantages).
-     [Paul Sutton]
-
-  *) Some of the MD5 names defined in Apache have been renamed to have
-     an `ap_' prefix to avoid conflicts with routines supplied by
-     external libraries.  [Ken Coar]
-
-  *) Removal of mod_auth_msql.c from the distribution. There are many
-     other options for databases today. Rather than offer one option,
-     offer none at this time. mod_auth_msql and other SQL database
-     authentication modules can be found at the Apache Module Registry.
-     http://modules.apache.org/ It would be nice to offer a generic
-     mod_auth_sql option in the near future.
-
-  *) PORT: BeOS support added [Alexei Kosut]
-
-  *) Configure no longer accepts the -make option, since it creates
-     Makefile on the fly based on Makefile.tmpl and Configuration.
-
-  *) Apache now gracefully shuts down when it receives a SIGTERM, instead
-     of forcibly killing off all its processes and exiting without
-     cleaning up. [Alexei Kosut]
-
-  *) API: A new field in the request_rec, r->mtime, has been added to
-     avoid gratuitous parsing of date strings.  It is intended to hold
-     the last-modified date of the resource (if applicable).  An
-     update_mtime() routine has also been added to advance it if
-     appropriate.  [Roy Fielding, Ken Coar]
-
-  *) SECURITY: If a htaccess file can not be read due to bad permissions,
-     deny access to the directory with a HTTP_FORBIDDEN.  The previous
-     behavior was to ignore the htaccess file if it could not be read.
-     This change may make some setups with unreadable htaccess files
-     stop working.  [Marc Slemko] PR#817
-
-  *) Add aplog_error() providing a mechanism to define levels of
-     verbosity to the server error logging. This addition also provides
-     the ability to log errors using syslogd. Error logging is configurable
-     on a per-server basis using the LogLevel directive. Conversion
-     of log_*() in progress. [Randy Terbush]
-
-  *) Further enhance aplog_error() to not log filename, line number, and
-     errno information when it isn't applicable. [Ken Coar, Dean Gaudet]
-
-  *) WIN32: Canonicalise filenames under Win32. Short filenames are
-     converted to long ones. Backslashes are converted to forward
-     slashes. Case is converted to lower. Parts of URLs that do not
-     correspond to files are left completely alone. [Ben Laurie]
-
-  *) PORT: 2 new OSs added to the list of ports:
-      Encore's UMAX V: Arieh Markel 
-      Acorn RISCiX: Stephen Borrill 
-
-  *) Add the server version (SERVER_VERSION macro) to the "server
-     configured and running" entry in the error_log.  Also build an
-     object file at link-time that contains the current time
-     (SERVER_BUILT global const char[]), and include that in the
-     message.  [Ken Coar]
-
-  *) Set r->headers_out when sending responses from the proxy.
-     This fixes things such as the logging of headers sent from
-     the proxy.  [Marc Slemko] PR#659
-
-  *) support/httpd_monitor is no longer distributed because the 
-     scoreboard should not be file based if at all possible. Use
-     mod_status to see current server snapshot.
-
-  *) (set_file_slot): New function, allowing auth directives to be
-     independent of the server root, so the server documents can be
-     moved to a different directory or machine more easily.
-     [David J. MacKenzie]
-
-  *) If no TransferLog is given explicitly, decline
-     to log.  This supports coexistence with other logging modules,
-     such as the custom one that UUNET uses. [David J. MacKenzie]
-
-  *) Check for titles in server-parsed HTML files.
-     Ignore leading newlines and returns in titles.  The old behavior
-     of replacing a newline after  with a space causes the
-     title to be misaligned in the listing. [David J. MacKenzie]
-
-  *) Change mod_cern_meta to be configurable on a per-directory basis.
-     [David J. MacKenzie]
-
-  *) Add 'Include' directive to allow inclusion of configuration
-     files within configuration files. [Randy Terbush]
-
-  *) Proxy errors on connect() are logged to the error_log (nothing
-     new); now they include the IP address and port that failed
-     (*that's* new).   [Ken Coar, Marc Slemko] PR#352
-
-  *) Various architectures now define USE_MMAP_FILES which causes
-     the server to use mmap() for static files.  There are two
-     compile-time tunables MMAP_THRESHOLD (minimum number of bytes
-     required to use mmap(), default is 0), and MMAP_SEGMENT_SIZE (maximum
-     number of bytes written in one cycle from a single mmap()d object,
-     default 32768).  [Dean Gaudet]
-
-  *) API: Added post_read_request API phase which is run right after reading
-     the request from a client, or right after an internal redirect.  It is
-     useful for modules setting environment variables that depend only on
-     the headers/contents of the request.  It does not run during subrequests
-     because subrequests inherit pretty much everything from the main
-     request. [Dean Gaudet]
-
-  *) Added mod_unique_id which is used to generate a unique identifier for
-     each hit, available in the environment variable UNIQUE_ID.
-     [Dean Gaudet]
-
-  *) init_modules is now called after the error logs have been opened.  This
-     allows modules to emit information messages into the error logs.
-     [Dean Gaudet]
-
-  *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
-     information for case where proxy module is not available. [Marc Slemko]
-
-  *) PORT: Apache has need for mutexes to serialize its children around
-     accept.  In prior versions either fcntl file locking or flock file
-     locking were used.  The method is chosen by the definition of
-     USE_xxx_SERIALIZED_ACCEPT in conf.h.  xxx is FCNTL for fcntl(),
-     and FLOCK for flock().  New options have been added:
-	- SYSVSEM to use System V style semaphores
-	- PTHREAD to use POSIX threads (appears to work on Solaris only)
-	- USLOCK to use IRIX uslock
-     Based on timing various techniques, the following changes were made
-     to the defaults:
-	- Linux 2.x uses flock instead of fcntl
-	- Solaris 2.x uses pthreads
-	- IRIX uses SysV semaphores -- however multiprocessor IRIX boxes
-	    work far faster if you -DUSE_USLOCK_SERIALIZED_ACCEPT
-     [Dean Gaudet, Pierre-Yves Kerembellec <Pierre-Yves.Kerembellec@vtcom.fr>,
-     Martijn Koster <m.koster@pobox.com>]
-
-  *) PORT: The semantics of accept/select make it very desirable to use
-     mutexes to serialize accept when multiple Listens are in use.  But
-     in the case where only a single socket is open it is sometimes
-     redundant to serialize accept().  Not all unixes do a good job with
-     potentially dozens of children blocked on accept() on the same
-     socket.  It's now possible to define SINGLE_LISTEN_UNSERIALIZED_ACCEPT and
-     the server will avoid serialization when listening on only one socket,
-     and use serialization when listening on multiple sockets.
-     [Dean Gaudet] PR#467
-
-  *) Configure changes: TestLib replaced by TestCompile, which has
-     some additional capability (such as doing a sanity check of
-     the compiler and flags selected); the version of Solaris is now
-     available via the #define value of SOLARIS2; IRIX n32bit libs
-     now supported and selectable by new Configuration Rule: IRIXN32;
-     We no longer default to -O2 optimization.  [Jim Jagielski]
-
-  *) Updated Configure: Configuration now uses AddModule to specify
-     module source or binary file location, relative to src directory.
-     Modules can be dropped into modules/extra, or in their own 
-     directory, and modules can come with a Makefile or Configure can 
-     create one.  Modules can add compiler or library information to 
-     generated Makefiles. [Paul Sutton]
-
-  *) Source core re-organisation: distributed modules are now in 
-     modules/standard. All other source code is in main. OS-specific
-     code is in os/{unix,emx,win32} directories. [Paul Sutton]
-
-  *) mod_browser has been removed, since it's replaced by mod_setenvif.
-     [Ken Coar]
-
-  *) Fix another long-standing bug in sub_req_lookup_file where it would
-     happily skip past access checks on subdirectories looked up with
-     relative paths.  (It's used by mod_dir, mod_negotiation,
-     and mod_include.) [Dean Gaudet]
-
-  *) directory_walk optimization to reduce an O(N*M) loop to O(N+M) where
-     N is the number of <Directory> sections, and M is the number of
-     components in the filename of an object.
-
-     To achieve this optimization the following config changes were made:
-	- Wildcards (* and ?, not the regex forms) in <Directory>s,
-	  <Files>s, and <Location>s now treat a slash as a special
-	  character.  For example "/home/*/public_html" previously would
-	  match "/home/a/andrew/public_html", now it only matches things
-	  like "/home/bob/public_html".  This mimics /bin/sh behaviour.
-	- It's possible now to use [] wildcarding in <Directory>, <Files>
-	  or <Location>.
-	- Regex <Directory>s are applied after all non-regex <Directory>s.
-
-    [Dean Gaudet]
-
-  *) Fix a bug introduced in 1.3a1 directory_walk regarding .htaccess files
-     and corrupted paths.  [Dean Gaudet]
-
-  *) Enhanced and cleaned up the URL rewriting engine of mod_rewrite:
-     First the grouped parts of RewriteRule pattern matches (parenthesis!) can
-     be accessed now via backreferences $1..$9 in RewriteConds test-against
-     strings in addition to RewriteRules subst string. Second the grouped
-     parts of RewriteCond pattern matches (parenthesis!) can be accessed now
-     via backreferences %1..%9 both in following RewriteCond test-against
-     strings and RewriteRules subst string. This provides maximum flexibility
-     through the use of backreferences.
-     Additionally the rewriting engine was cleaned up by putting common
-     code to the new expand_backrefs_inbuffer() function. 
-     [Ralf S. Engelschall]
-
-  *) When merging the main server's <Directory> and <Location> sections into
-     a vhost, put the main server's first and the vhost's second.  Otherwise
-     the vhost can't override the main server.  [Dean Gaudet] PR#717
-
-  *) The <Directory> code would merge and re-merge the same section after
-     a match was found, possibly causing problems with some modules.
-     [Dean Gaudet]
-
-  *) ip-based vhosts are stored and queried using a hashing function, which
-     has been shown to improve performance on servers with many ip-vhosts.
-     Some other changes had to be made to accommodate this:
-	- the * address for vhosts now behaves like _default_
-	- the matching process now is:
-	    - match an ip-vhost directly via hash (possibly matches main
-		server)
-	    - if that fails, just pretend it matched the main server
-	    - if so far only the main server has been matched, perform
-		name-based lookups (ServerName, ServerAlias, ServerPath)
-		*only on name-based vhosts*
-	    - if they fail, look for _default_ vhosts
-     [Dean Gaudet, Dave Hankins <dhankins@sugarat.net>]
-
-  *) dbmmanage overhaul:
-     - merge dbmmanage and dbmmanage.new functionality, remove dbmmanage.new 
-     - tie() to AnyDBM_File which will use one of DB_File, NDBM_File or
-       GDBM_File (-ldb, -lndbm, -lgdbm) (trying each in that order)
-     - provide better seed for rand
-     - prompt for password as per getpass(3) (turn off echo, read from
-       /dev/tty, etc.)
-     - use "newstyle" crypt based on $Config{osname} ($^O)
-     - will not add a user if already in database, use new `update' command
-       instead
-     - added `check' command to check a users' password
-     - added `import' command to convert existing password text-files or 
-       dbm files exported with `view'
-     - more descriptive usage, general cleanup, 'use strict' clean, etc.
-     [Doug MacEachern]
-
-  *) Added psocket() which is a pool form of socket(), various places within
-     the proxy weren't properly blocking alarms while registering the cleanup
-     for its sockets.  bclose() now uses pclose() and pclosesocket().  There
-     was a bug where the client socket was being close()d twice due a still
-     registered cleanup.  [Dean Gaudet]
-
-  *) A few cleanups were made to reduce time(), getpid(), and signal() calls.
-     [Dean Gaudet]
-
-  *) PORT: AIX >= 4.2 requires -lm due to libc changes.
-     [Jason Venner <jason@idiom.com>] PR#667
-
-  *) Enable ``=""'' for RewriteCond directives to match against
-     the empty string. This is the preferred way instead of ``^$''.
-     [Ralf S. Engelschall]
-
-  *) Fixed an infinite loop in mod_imap for references above the server root
-     [Dean Gaudet] PR#748
-
-  *) mod_proxy now has a ReceiveBufferSize directive, similar to
-     SendBufferSize, so that the TCP window can be set appropriately
-     for LFNs. [Phillip A. Prindeville]
-
-  *) mod_browser has been replaced by the more general mod_setenvif
-     (courtesy of Paul Sutton).  BrowserMatch* directives are still
-     available, but are now joined by SetEnvIf*, UnSetEnvIf*, and
-     UnSetEnvIfZero directives.  [Ken Coar]
-
-  *) "HostnameLookups double" forces double-reverse DNS to succeed in
-     order for remote_host to be set (for logging, or for the env var
-     REMOTE_HOST).  The old define MAXIMUM_DNS has been deprecated.
-     [Dean Gaudet]
-
-  *) mod_access overhaul:
-     - Now understands network/netmask syntax (i.e.  10.1.0.0/255.255.0.0)
-	and cidr syntax (i.e. 10.1.0.0/16).  PR#762
-     - Critical path was sped up by pre-computing a few things at config
-	time.
-     - The undocumented syntax "allow user-agents" was removed,
-	the replacement is "allow from env=foobar" combined with mod_browser.
-     - When used with hostnames it now forces a double-reverse lookup
-	no matter what the directory settings are.  This double-reverse
-	doesn't affect any of the other routines that use the remote
-	hostname.  In particular it's still passed to CGIs and the log
-	without the double-reverse check.  Related PR#860.
-     [Dean Gaudet]
-
-  *) When a large bwrite() occurs (larger than the internal buffer size),
-     while there is already something in the buffer, apache will combine
-     the large write and the buffer into a single writev().  (This is
-     in anticipation of using mmap() for reading files.)
-     [Dean Gaudet]
-
-  *) In obscure cases where a partial socket write occurred while chunking,
-     Apache would omit the chunk header/footer on the next block.  Cleaned
-     up other bugs/inconsistencies in error conditions in buff.c.  Fixed
-     a bug where a long pause in DNS lookups could cause the last packet
-     of a response to be unduly delayed.  [Roy Fielding, Dean Gaudet]
-
-  *) API: Added child_exit function to module structure.  This is called
-     once per "heavy-weight process" just before a server child exit()'s 
-     e.g. when max_requests_per_child is reached, etc.
-     [Doug MacEachern, Dean Gaudet]
-
-  *) mod_include cleanup showed that handle_else was being used to handle
-     endif.  It didn't cause problems, but it was cleaned up too.
-     [Howard Fear]
-
-  *) mod_cern_meta would attempt to find meta files for the directory itself
-     in some cases, but not in others.  It now avoids it in all cases.
-     [Dean Gaudet]
-
-  *) mod_mime_magic would core dump if there was a decompression error.
-     [Martin Kraemer <Martin.Kraemer@mch.sni.de>] PR#904
-
-  *) PORT: some variants of DGUX require -lsocket -lnsl
-     [Alexander L Jones <alex@systems-options.co.uk>] PR#732
-
-  *) mod_autoindex now allows sorting of FancyIndexed directory listings
-     by the various fields (name, size, et cetera), either in ascending
-     or descending order.  Just click on the column header.  [Ken Coar]
-
-  *) PORT: Various tweaks to eliminate pointer-int casting warnings on 64-bit
-     CPUs like the Alpha.  Apache still stores ints in pointers, but that's
-     the relatively safe direction.  [Dean Gaudet] PR#344
-
-  *) PORT: QNX mmap() support for faster/more reliable scoreboard handling.
-     [Igor N Kovalenko <infoh@mail.wplus.net>] PR#683
-
-  *) child_main avoids an unneeded call to select() when there is only one
-     listening socket.  [Dean Gaudet]
-
-  *) In the event that the server is starved for idle servers it will
-     spawn 1, then 2, then 4, ..., then 32 servers each second,
-     doubling each second.  It'll also give a warning in the errorlog
-     since the most common reason for this is a poor StartServers
-     setting.  The define MAX_SPAWN_RATE can be used to raise/lower
-     the maximum.  [Dean Gaudet]
-
-  *) Apache now provides an effectively unbuffered connection for
-     CGI scripts.  This means that data will be sent to the client
-     as soon as the CGI pauses or stops output; previously, Apache would
-     buffer the output up to a fixed buffer size before sending, which
-     could result in the user viewing an empty page until the CGI finished
-     or output a complete buffer.  It is no longer necessary to use an
-     "nph-" CGI to get unbuffered output.  Given that most CGIs are written
-     in a language that by default does buffering (e.g. perl) this
-     shouldn't have a detrimental effect on performance.
-
-     "nph-" CGIs, which formerly provided a direct socket to the client
-     without any server post-processing, were not fully compatible with
-     HTTP/1.1 or SSL support.  As such they would have had to implement
-     the transport details, such as encryption or chunking, in order
-     to work properly in certain situations.  Now, the only difference
-     between nph and non-nph scripts is "non-parsed headers".
-     [Dean Gaudet, Sameer Parekh, Roy Fielding]
-
-  *) If a BUFF is switched from buffered to unbuffered reading the first
-     bread() will return whatever remained in the buffer prior to the
-     switch. [Dean Gaudet]
-
-Changes with Apache 1.3a1
-
-  *) Added another Configure helper script: TestLib. It determines
-     if a specified library exists.  [Jim Jagielski]
-
-  *) PORT: Allow for use of n32bit libraries under IRIX 6.x
-     [derived from patch from Jeff Hayes <jhayes@aw.sgi.com>]
-     PR#721
-
-  *) PORT: Some architectures use size_t for various lengths in network
-     functions such as accept(), and getsockname().  The definition
-     NET_SIZE_T is used to control this. [Dean Gaudet]
-
-  *) PORT: Linux: Attempt to detect glibc based systems and include crypt.h
-     and -lcrypt.  Test for various db libraries (dbm, ndbm, db) when
-     mod_auth_dbm or mod_auth_db are included.  [Dean Gaudet]
-
-  *) PORT: QNX doesn't have initgroups() which support/suexec.c uses.
-     [Igor N Kovalenko <infoh@mail.wplus.net>]
-
-  *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
-     begin with.  "nokeepalive" now works for HTTP/1.1 clients.  Added
-     "downgrade-1.0" which causes Apache to pretend it received a 1.0.
-     [Dean Gaudet] related PR#875
-
-  *) API: Correct child_init() slot declaration from int to void, to
-     match the init() declaration.  Update mod_example to use the new
-     hook.  [Ken Coar]
-
-  *) added transport handle slot (t_handle) to the BUFF structure
-     [Doug MacEachern]
-
-  *) get_client_block() returns wrong length if policy is
-     REQUEST_CHUNKED_DECHUNK.
-     [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#815
-
-  *) Support the image map format of FrontPage.  For example:
-        rect /url.hrm 10 20 30 40
-     ["Chris O'Byrne" <obyrne@iol.ie>] PR#807
-
-  *) PORT: -lresolv and -lsocks were in the wrong order for Solaris.
-     ["Darren O'Shaughnessy" <darren@aaii.oz.au>] PR#846
-
-  *) AddModuleInfo directive for mod_info which allows you to annotate
-     the output of mod_info.  ["Lou D. Langholtz" <ldl@usi.utah.edu>]
-
-  *) Added NoProxy directive to avoid using ProxyRemote for selected
-     addresses.  Added ProxyDomain directive to cause unqualified
-     names to be qualified by redirection.
-     [Martin Kraemer <Martin.Kraemer@mch.sni.de>]
-
-  *) Support Proxy Authentication, and don't pass the Proxy-Authorize
-     header to the remote host in the proxy. [Sameer Parekh and
-     Wallace]
-
-  *) Upgraded mod_rewrite from 3.0.6+ to latest officially available version
-     3.0.9. This upgrade includes: fixed deadlooping on rewriting to same
-     URLs, fixed rewritelog(), fixed forced response code handling on
-     redirects from within .htaccess files, disabled pipe locking under
-     braindead SunOS 4.1.x, allow env variables to be set even on rules with
-     no substitution, bugfixed situations where HostnameLookups is off, made
-     mod_rewrite more thread-safe for NT port and fixed problem when creating
-     an empty query string via "xxx?".
-         This update also removes the copyright of Ralf S. Engelschall,
-     i.e. now mod_rewrite no longer has a shared copyright. Instead is is
-     exclusively copyrighted by the Apache Group now. This happened because
-     the author now has gifted mod_rewrite exclusively to the Apache Group and 
-     no longer maintains an external version.
-     [Ralf S. Engelschall]
-
-  *) API: Added child_init function to module structure.  This is called
-     once per "heavy-weight process" before any requests are handled.
-     See http_config.h for more details.  [Dean Gaudet]
-
-  *) Anonymous_LogEmail was logging on each subrequest.
-     [Dean Gaudet] PR#421, 868
-
-  *) API: Added is_initial_req() which tests if the request being
-     processed is the initial request, or a subrequest.
-     [Doug MacEachern]
-
-  *) Extended SSI (mod_include) now handles additional relops for
-     string comparisons (<, >, <=, and >=).  [Bruno Wolff III] PR#41
-
-  *) Configure fixed to correctly propagate user-selected options and
-     settings (such as CC and OPTIM) to Makefiles other than
-     src/Makefile (notably support/Makefile).  [Ken Coar] PR#666, #834
-
-  *) IndexOptions SuppressHTMLPreamble now causes the actual HTML of
-     directory indices to start with the contents of the HeaderName file
-     if there is one.  If there isn't one, the behaviour is unchanged.
-     [Ken Coar, Roy Fielding, Andrey A. Chernov]
-
-  *) WIN32: Modules can now be dynamically loaded DLLs using the
-     LoadModule/LoadFile directives. Note that module DLLs must be
-     compiled with the multithreaded DLL version of the runtime library.
-     [Alexei Kosut and Ben Laurie]
-
-  *) Automatic indexing removed from mod_dir and placed into mod_autoindex.
-     This allows the admin to completely remove automatic indexing
-     from the server, while still supporting the basic functions of
-     trailing-slash redirects and DirectoryIndex files.  Note that if
-     you're carrying over an old Configuration file and you use directory
-     indexing then you'll want to add:
-
-     Module autoindex_module    mod_autoindex.o
-
-     before mod_dir in your Configuration.  [Dean Gaudet]
-
-  *) popendir/pclosedir created to properly protect directory scanning.
-     [Dean Gaudet] PR#525
-
-  *) AliasMatch, ScriptAliasMatch and RedirectMatch directives added,
-     giving regex support to mod_alias. <DirectoryMatch>, <LocationMatch>
-     and <FilesMatch> sections added to succeed <DirectoryMatch ~>, etc...
-     [Alexei Kosut]
-
-  *) The AccessFileName directive can now take more than one filename.
-     ["Lou D. Langholtz" <ldl@usi.utah.edu>]
-
-  *) The new mod_mime_magic can be used to "magically" determine the type
-     of a file if the extension is unknown.  Based on the unix file(1)
-     command.  [Ian Kluft <ikluft@cisco.com>]
-
-  *) We now determine and display the time spent processing a
-     request if desired.  [Jim Jagielski]
-
-  *) mod_status: PID field of "dead" child slots no longer displays
-     main httpd process's PID.  [Jim Jagielski]
-
-  *) Makefile.nt added - to build all the bits from the command line:
-        nmake -f Makefile.nt
-         Doesn't yet work properly. [Ben Laurie]
-
-  *) Default text of 404 error is now "Not Found" rather than the
-     potentially misleading "File Not Found".  [Ken Coar]
-
-  *) CONFIG: "HostnameLookups" now defaults to off because it is far better
-     for the net if we require people that actually need this data to
-     enable it.  [Linus Torvalds]
-
-  *) directory_walk() is an expensive function, keep a little more state to
-     avoid needless string counting.  Add two new functions make_dirstr_parent
-     and make_dirstr_prefix which replace all existing uses of make_dirstr.
-     The new functions are a little less general than make_dirstr, but
-     work more efficiently (less memory, less string counting).
-     [Dean Gaudet]
-
-  *) EXTRA_LFLAGS was changed to EXTRA_LDFLAGS (and LFLAGS was changed
-     to LDFLAGS) to avoid complications with lex rules in make files.
-     [Dean Gaudet] PR#372
-
-  *) run_method optimized to avoid needless scanning over NULLs in the
-     module list.  [Dean Gaudet]
-
-  *) Revamp of (unix) scoreboard management code such that it avoids
-     unnecessary traversals of the scoreboard on each hit.  This is
-     particularly important for high volume sites with a large
-     HARD_SERVER_LIMIT.  Some of the previous operations were O(n^2),
-     and are now O(n).  See also SCOREBOARD_MAINTENANCE_INTERVAL in
-     httpd.h. [Dean Gaudet]
-
-  *) In configurations using multiple Listen statements it was possible for
-     busy sockets to starve other sockets of service.  [Dean Gaudet]
-
-  *) Added hook so standalone_main can be replaced at compile time
-     (define STANDALONE_MAIN)
-     [Doug MacEachern]
-
-  *) Lowest-level read/write functions in buff.c will be replaced with
-     the SFIO library calls sfread/sfwrite if B_SFIO is defined at
-     compile time.  The default sfio discipline will behave as apache
-     would without sfio compiled in.
-     [Doug MacEachern]
-
-  *) Enhance UserDir directive (mod_userdir) to accept a list of
-     usernames for the 'disable' keyword, and add 'enable user...' to
-     selectively *en*able userdirs if they're globally disabled.
-     [Ken Coar]
-
-  *) If NETSCAPE_DBM_COMPAT is defined in EXTRA_CFLAGS then Apache
-     will work with Netscape dbm files.  (dbmmanage will probably not
-     work however.) [Alexander Spohr <aspohr@netmatic.com>] PR#444
-
-  *) Add a ListenBacklog directive to control the backlog parameter
-     passed to listen().  Also change the default to 511 from 512.
-     [Marc Slemko]
-
-  *) API: A new handler response DONE which informs apache that the
-     request has been handled and it can finish off quickly, similar to
-     how it handles errors. [Rob Hartill]
-
-  *) Turn off chunked encoding after sending terminating chunk/footer
-     so that we can't do it twice by accident. [Roy Fielding]
-
-  *) mod_expire also issues Cache-Control: max-age headers.
-     [Rob Hartill]
-
-  *) API: Added kill_only_once option for free_proc_chain so that it won't
-     aggressively try to kill off specific children.  For fastcgi.
-     [Stanley Gambarin <gambarin@OpenMarket.com>]
-
-  *) mod_auth deals with extra ':' delimited fields.  [Marc Slemko]
-
-  *) Added IconHeight and IconWidth to mod_dir's IndexOptions directive.
-     When used together, these cause mod_dir to emit HEIGHT and WIDTH
-     attributes in the FancyIndexing IMG tags.  [Ken Coar]
-
-  *) PORT: Sequent and SONY NEWS-OS support added.  [Jim Jagielski]
-
-  *) PORT: Added Windows NT support
-     [Ben Laurie and Ambarish Malpani <ambarish@valicert.com>]
-
-Changes with Apache 1.2.6
-
-  *) mod_include when using XBitHack Full would send ETags in addition to
-     sending Last-Modifieds.  This is incorrect HTTP/1.1 behaviour.
-     [Dean Gaudet] PR#1133
-
-  *) SECURITY: When a client connects to a particular port/addr, and
-     gives a Host: header ensure that the virtual host requested can
-     actually be reached via that port/addr.  [Ed Korthof <ed@organic.com>]
-
-  *) Support virtual hosts with wildcard port and/or multiple ports
-     properly.  [Ed Korthof <ed@organic.com>]
-
-  *) Fixed some case-sensitivity issues according to RFC2068.
-     [Dean Gaudet]
-
-  *) Set r->allowed properly in mod_asis.c, mod_dir.c, mod_info.c,
-     and mod_include.c.  [Dean Gaudet]
-
-  *) Variable 'cwd' was being used pointlessly before being set.
-     [Ken Coar] PR#1738
-
-  *) SIGURG doesn't exist on all platforms.
-     [Mark Andrew Heinrich <heinrich@tinderbox.Stanford.EDU>]
-
-  *) When an error occurs during a POST, or other operation with a
-     request body, the body has to be read from the net before allowing
-     a keepalive session to continue.  [Roy Fielding] PR#1399
-
-  *) When an error occurs in fcntl() locking suggest the user look up
-     the docs for LockFile.  [Dean Gaudet]
-
-  *) table_set() and table_unset() did not deal correctly with
-     multiple occurrences of the same key. [Stephen Scheck
-     <sscheck@infonex.net>, Ben Laurie] PR#1604
-
-  *) send_fd_length() did not calculate total_bytes_sent properly in error
-     cases.  [Ben Reser <breser@regnow.com>] PR#1366
-
-  *) r->connection->user was allocated in the wrong pool causing corruption
-     in some cases when used with mod_cern_meta.  [Dean Gaudet] PR#1500
-
-  *) mod_proxy was sending HTTP/1.1 responses to ftp requests by mistake.
-     Also removed the auto-generated link to www.apache.org that was the
-     source of so many misdirected bug reports.  [Roy Fielding, Marc Slemko]
-
-  *) Multiple "close" tokens may have been set in the "Connection"
-     header, not an error, but a waste.
-     [Ronald.Tschalaer@psi.ch] PR#1683
-
-  *) "basic" and "digest" auth tokens should be tested case-insensitive.
-     [Ronald.Tschalaer@psi.ch] PR#1599, PR#1666
-
-  *) It appears the "257th byte" bug (see
-     htdocs/manual/misc/known_client_problems.html#257th-byte) can happen
-     at the 256th byte as well.  Fixed.  [Dean Gaudet]
-
-  *) mod_rewrite would not handle %3f properly in some situations.
-     [Ralf Engelschall]
-
-  *) Apache could generate improperly chunked HTTP/1.1 responses when
-     the bputc() or rputc() functions were used by modules (such as
-     mod_include).  [Dean Gaudet]
-
-  *) #ifdef wrap a few #defines in httpd.h to make life easier on
-     some ports.  [Ralf Engelschall]
-
-  *) Fix MPE compilation error in mod_usertrack.c.  [Mark Bixby]
-
-  *) Quote CC='$(CC)' to improve recurse make calls.  [Martin Kraemer]
-
-  *) Avoid B_ERROR redeclaration on sysvr4 systems.  [Martin Kraemer]
-
-Changes with Apache 1.2.5
-
-  *) SECURITY: Fix a possible buffer overflow in logresolve.  This is
-     only an issue on systems without a MAXDNAME define or where 
-     the resolver returns domain names longer than MAXDNAME.  [Marc Slemko]
-
-  *) Fix an improper length in an ap_snprintf call in proxy_date_canon().
-     [Marc Slemko]
-
-  *) Fix core dump in the ftp proxy when reading incorrectly formatted
-     directory listings.  [Marc Slemko]
-
-  *) SECURITY: Fix possible minor buffer overflow in the proxy cache.
-     [Marc Slemko]
-
-  *) SECURITY: Eliminate possible buffer overflow in cfg_getline, which
-     is used to read various types of files such as htaccess and 
-     htpasswd files.  [Marc Slemko]
-
-  *) SECURITY: Ensure that the buffer returned by ht_time is always
-     properly null terminated.  [Marc Slemko]
-
-  *) SECURITY: General mod_include cleanup, including fixing several
-     possible buffer overflows and a possible infinite loop.  This cleanup
-     was done against 1.3 code and then backported to 1.2, the result
-     is a large difference (due to indentation cleanup in 1.3 code).
-     Users interested in seeing a smaller set of relevant differences
-     should consider comparing against src/modules/standard/mod_include.c
-     from the 1.3b3 release.  Non-indentation changes to mod_include
-     between 1.2 and 1.3 were minimal.  [Dean Gaudet, Marc Slemko]
-
-  *) SECURITY: Numerous changes to mod_imap in a general cleanup
-     including fixing a possible buffer overflow.  This cleanup also
-     was done with 1.3 code as a basis, see the the previous note
-     about mod_include.  [Dean Gaudet]
-
-  *) SECURITY: If a htaccess file can not be read due to bad 
-     permissions, deny access to the directory with a HTTP_FORBIDDEN.  
-     The previous behavior was to ignore the htaccess file if it could not
-     be read.  This change may make some setups with unreadable
-     htaccess files stop working.  [Marc Slemko]  PR#817
-
-  *) SECURITY: no2slash() was O(n^2) in the length of the input.  
-     Make it O(n).  This inefficiency could be used to mount a denial 
-     of service attack against the Apache server.  Thanks to 
-     Michal Zalewski <lcamtuf@boss.staszic.waw.pl> for reporting
-     this.  [Dean Gaudet]
-
-  *) mod_include used uninitialized data for some uses of && and ||.
-     [Brian Slesinsky <bslesins@wired.com>] PR#1139
-
-  *) mod_imap should decline all non-GET methods.
-     [Jay Bloodworth <jay@pathways.sde.state.sc.us>]
-
-  *) suexec.c wouldn't build without -DLOG_EXEC. [Jason A. Dour]
-
-  *) mod_userdir was modifying r->finfo in cases where it wasn't setting
-     r->filename.  Since those two are meant to be in sync with each other
-     this is a bug.  ["Paul B. Henson" <henson@intranet.csupomona.edu>]
-
-  *) mod_include did not properly handle all possible redirects from sub-
-     requests.  [Ken Coar]
-
-  *) Inetd mode (which is buggy) uses timeouts without having setup the
-     jmpbuffer. [Dean Gaudet] PR#1064
-
-  *) Work around problem under Linux where a child will start looping
-     reporting a select error over and over.
-     [Rick Franchuk <rickf@transpect.net>] PR#1107
-
-Changes with Apache 1.2.4
-
-  *) The ProxyRemote change in 1.2.3 introduced a bug resulting in the proxy
-     always making requests with the full-URI instead of just the URI path.
-     [Marc Slemko, Roy Fielding]
-
-  *) Add -lm for AIX versions >= 4.2 to allow Apache to link properly
-     on this platform.  [Marc Slemko]
-
-Changes with Apache 1.2.3
-
-  *) The request to a remote proxy was mangled if it was generated as the
-     result of a ProxyPass directive. URL schemes other than http:// were not
-     supported when ProxyRemote was used. [Lars Eilebrecht] PR#260, PR#656,
-     PR#699, PR#713, PR#812
-
-  *) Fixed proxy-pass-through feature of mod_rewrite; Added error logging
-     information for case where proxy module is not available. [Marc Slemko]
-
-  *) Force proxy to always respond as HTTP/1.0, which it was failing to
-     do for errors and cached responses.  [Roy Fielding]
-
-  *) PORT: Improved support for ConvexOS 11.  [Jeff Venters]
-
-Changes with Apache 1.2.2 [not released]
-
-  *) Fixed another long-standing bug in sub_req_lookup_file where it would
-     happily skip past access checks on subdirectories looked up with relative
-     paths.  (It's used by mod_dir, mod_negotiation, and mod_include.)
-     [Dean Gaudet]
-
-  *) Add lockfile name to error message printed out when
-     USE_FLOCK_SERIALIZED_ACCEPT is defined.
-     [Marc Slemko]
-
-  *) Enhanced the chunking and error handling inside the buffer functions.
-     [Dean Gaudet, Roy Fielding]
-
-  *) When merging the main server's <Directory> and <Location> sections into
-     a vhost, put the main server's first and the vhost's second.  Otherwise
-     the vhost can't override the main server.  [Dean Gaudet] PR#717
-
-  *) The <Directory> code would merge and re-merge the same section after
-     a match was found, possibly causing problems with some modules.
-     [Dean Gaudet]
-
-  *) Fixed an infinite loop in mod_imap for references above the server root.
-     [Dean Gaudet] PR#748
-
-  *) mod_include cleanup showed that handle_else was being used to handle
-     endif.  It didn't cause problems, but it was cleaned up too.
-     [Howard Fear]
-
-  *) Last official synchronization of mod_rewrite with author version (because
-     mod_rewrite is now directly developed by the author at the Apache Group):
-     o added diff between mod_rewrite 3.0.6+ and 3.0.9
-       minus WIN32/NT stuff, but plus copyright removement.
-       In detail:
-       - workaround for detecting infinite rewriting loops
-       - fixed setting of env vars when "-" is used as subst string
-       - fixed forced response code on redirects (PR#777)
-       - fixed cases where r->args is ""
-       - kludge to disable locking on pipes under braindead SunOS
-       - fix for rewritelog in cases where remote hostname is unknown
-       - fixed totally damaged request_rec walk-back loop
-     o remove static from local data and add static to global ones.
-     o replaced ugly proxy finding stuff by simple
-       find_linked_module("mod_proxy") call.
-     o added missing negation char on rewritelog()
-     o fixed a few comment typos
-     [Ralf S. Engelschall]
-
-  *) Anonymous_LogEmail was logging on each subrequest.
-     [Dean Gaudet] PR#421, PR#868
-
-  *) "force-response-1.0" now only applies to requests which are HTTP/1.0 to
-     begin with.  "nokeepalive" now works for HTTP/1.1 clients.  Added
-     "downgrade-1.0" which causes Apache to pretend it received a 1.0.
-     Additionally mod_browser now triggers during translate_name to workaround
-     a deficiency in the header_parse phase.
-     [Dean Gaudet] PR#875
-
-  *) get_client_block() returns wrong length if policy is 
-     REQUEST_CHUNKED_DECHUNK.
-     [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#815
-
-  *) Properly treat <files> container like other containers in mod_info.
-     [Marc Slemko] PR#848
-
-  *) The proxy didn't treat the "Host:" keyword of the host header as case-
-     insensitive.  The proxy would corrupt the first line of a response from
-     an HTTP/0.9 server.  [Kenichi Hori <ken@d2.bs1.fc.nec.co.jp>] PR#813,814
-
-  *) mod_include would log some bogus values occasionally.
-     [Skip Montanaro <skip@calendar.com>, Marc Slemko] PR#797
-
-  *) PORT: The slack fd changes in 1.2.1 introduced a problem with SIGHUP
-     under Solaris 2.x (up through 2.5.1).  It has been fixed.
-     [Dean Gaudet] PR#832
-
-  *) API: In HTTP/1.1, whether or not a request message contains a body
-     is independent of the request method and based solely on the presence
-     of a Content-Length or Transfer-Encoding.  Therefore, our default
-     handlers need to be prepared to read a body even if they don't know
-     what to do with it; otherwise, the body would be mistaken for the
-     next request on a persistent connection.  discard_request_body()
-     has been added to take care of that.  [Roy Fielding] PR#378
-
-  *) API: Symbol APACHE_RELEASE provides a numeric form of the Apache
-     release version number, such that it always increases along the
-     same lines as our source code branching.  [Roy Fielding]
-
-  *) Minor oversight on multiple variants fixed.  [Paul Sutton] PR#94
-
-Changes with Apache 1.2.1
-
-  *) SECURITY: Don't serve file system objects unless they are plain files,
-     symlinks, or directories.  This prevents local users from using pipes
-     or named sockets to invoke programs for an extremely crude form of
-     CGI.  [Dean Gaudet]
-
-  *) SECURITY: HeaderName and ReadmeName were settable in .htaccess and
-     could contain "../" allowing a local user to "publish" any file on
-     the system.  No slashes are allowed now.  [Dean Gaudet]
-
-  *) SECURITY: It was possible to violate the symlink Options using mod_dir
-     (headers, readmes, titles), mod_negotiation (type maps), or
-     mod_cern_meta (meta files).  [Dean Gaudet]
-
-  *) SECURITY: Apache will refuse to run as "User root" unless
-     BIG_SECURITY_HOLE is defined at compile time.  [Dean Gaudet]
-
-  *) CONFIG: If a symlink pointed to a directory then it would be disallowed
-     if it contained a .htaccess disallowing symlinks.  This is contrary
-     to the rule that symlink permissions are tested with the symlink
-     options of the parent directory.  [Dean Gaudet] PR#353
-
-  *) CONFIG: The LockFile directive can be used to place the serializing
-     lockfile in any location.  It previously defaulted to /usr/tmp/htlock.
-     [Somehow it took four of us: Randy Terbush, Jim Jagielski, Dean Gaudet,
-     Marc Slemko]
-
-  *) Request processing now retains state of whether or not the request
-     body has been read, so that internal redirects and subrequests will
-     not try to read it twice (and block). [Roy Fielding]
-
-  *) Add a placeholder in modules/Makefile to avoid errors with certain
-     makes. [Marc Slemko]
-
-  *) QUERY_STRING was unescaped in mod_include, it shouldn't be.
-     [Dean Gaudet] PR#644
-
-  *) mod_include was not properly changing the current directory.
-     [Marc Slemko] PR#742
-
-  *) Attempt to work around problems with third party libraries that do not
-     handle high numbered descriptors (examples include bind, and
-     solaris libc).  On all systems apache attempts to keep all permanent
-     descriptors above 15 (called the low slack line).  Solaris users
-     can also benefit from adding -DHIGH_SLACK_LINE=256 to EXTRA_CFLAGS
-     which keeps all non-FILE * descriptors above 255.  On all systems
-     this should make supporting large numbers of vhosts with many open
-     log files more feasible.  If this causes trouble please report it,
-     you can disable this workaround by adding -DNO_SLACK to EXTRA_CFLAGS.
-     [Dean Gaudet] various PRs
-
-  *) Related to the last entry, network sockets are now opened before
-     log files are opened.  The only known case where this can cause
-     problems is under Solaris with many virtualhosts and many Listen
-     directives.  But using -DHIGH_SLACK_LINE=256 described above will
-     work around this problem.  [Dean Gaudet]
-
-  *) USE_FLOCK_SERIALIZED_ACCEPT is now default for FreeBSD, A/UX, and
-     SunOS 4.
-
-  *) Improved unix error response logging.  [Marc Slemko]
-
-  *) Update mod_rewrite from 3.0.5 to 3.0.6.  New ruleflag
-     QSA=query_string_append.  Also fixed a nasty bug in per-dir context:
-     when a URL http://... was used in conjunction with a special
-     redirect flag, e.g. R=permanent, the permanent status was lost.
-     [Ronald Tschalaer <Ronald.Tschalaer@psi.ch>, Ralf S. Engelschall]
-
-  *) If an object has multiple variants that are otherwise equal Apache
-     would prefer the last listed variant rather than the first.
-     [Paul Sutton] PR#94
-
-  *) "make clean" at the top level now removes *.o.  [Dean Gaudet] PR#752
-
-  *) mod_status dumps core in inetd mode.  [Marc Slemko and Roy Fielding]
-     PR#566
-
-  *) pregsub had an off-by-1 in its error checking code. [Alexei Kosut]
-
-  *) PORT: fix rlim_t problems with AIX 4.2. [Marc Slemko] PR#333
-
-  *) PORT: Update UnixWare support for 2.1.2.
-     [Lawrence Rosenman <ler@lerctr.org>] PR#511
-
-  *) PORT: NonStop-UX [Joachim Schmitz <schmitz_joachim@tandem.com>] PR#327
-
-  *) PORT: Update ConvexOS support for 11.5.
-     [David DeSimone <fox@convex.com>] PR#399
-
-  *) PORT: Support for DEC cc compiler under ULTRIX.
-     ["P. Alejandro Lopez-Valencia" <alejolo@ideam.gov.co>] PR#388
-
-  *) PORT: Support for Maxion/OS SVR4.2 Real Time Unix. [no name given] PR#383
-
-  *) PORT: Workaround for AIX 3.x compiler bug in http_bprintf.c.  
-     [Marc Slemko] PR#725
-
-  *) PORT: fix problem compiling http_bprintf.c with gcc under SCO
-     [Marc Slemko] PR#695
-
-Changes with Apache 1.2
-
-Changes with Apache 1.2b11
-
-  *) Fixed open timestamp fd in proxy_cache.c [Chuck Murcko]
-
-  *) Added undocumented perl SSI mechanism for -DUSE_PERL_SSI and mod_perl.
-     [Doug MacEachern, Rob Hartill]
-
-  *) Proxy needs to use hard_timeout instead of soft_timeout when it is
-     reading from one buffer and writing to another, at least until it has
-     a custom timeout handler.  [Roy Fielding and Petr Lampa]
-
-  *) Fixed problem on IRIX with servers hanging in IdentityCheck,
-     apparently due to a mismatch between sigaction and setjmp.
-     [Roy Fielding] PR#502
-
-  *) Log correct status code if we timeout before receiving a request (408)
-     or if we received a request-line that was too long to process (414).
-     [Ed Korthof and Roy Fielding] PR#601
-
-  *) Virtual hosts with the same ServerName, but on different ports, were
-     not being selected properly.  [Ed Korthof]
-
-  *) Added code to return the requested IP address from proxy_host2addr()
-     if gethostbyaddr() fails due to reverse DNS lookup problems. Original
-     change submitted by Jozsef Hollosi <hollosi@sbcm.com>.
-     [Chuck Murcko] PR#614
-
-  *) If multiple requests on a single connection are used to retrieve
-     data from different virtual hosts, the virtual host list would be
-     scanned starting with the most recently used VH instead of the first,
-     causing most virtual hosts to be ignored.
-     [Paul Sutton and Martin Mares] PR#610
-
-  *) The OS/2 handling of process group was broken by a porting patch for
-     MPE, so restored prior code for OS/2.  [Roy Fielding and Garey Smiley]
-
-  *) Inherit virtual server port from main server if none (or "*") is
-     given for VirtualHost.  [Dean Gaudet] PR#576
-
-  *) If the lookup for a DirectoryIndex name with content negotiation
-     has found matching variants, but none are acceptable, return the
-     negotiation result if there are no more DirectoryIndex names to lookup.
-     [Petr Lampa and Roy Fielding]
-
-  *) If a soft_timeout occurs after keepalive is set, then the main child
-     loop would try to read another request even though the connection
-     has been aborted.  [Roy Fielding]
-
-  *) Configure changes: Allow for whitespace at the start of a
-     Module declaration. Also, be more understanding about the
-     CC=/OPTIM= format in Configuration. Finally, fix compiler
-     flags if using HP-UX's cc compiler. [Jim Jagielski]
-
-  *) Subrequests and internal redirects now inherit the_request from the
-     original request-line. [Roy Fielding]
-
-  *) Test for error conditions before creating output header fields, since
-     we don't want the error message to include those fields.  Likewise,
-     reset the content_language(s) and content_encoding of the response
-     before generating or redirecting to an error message, since the new
-     message will have its own Content-* definitions. [Dean Gaudet]
-
-  *) Restored the semantics of headers_out (headers sent only with 200..299
-     and 304 responses) and err_headers_out (headers sent with all responses).
-     Avoid the overhead of copying tables if err_headers_out is empty
-     (the usual case).  [Roy Fielding]
-
-  *) Fixed a couple places where a check for the default Content-Type was
-     not properly checking both the value configured by the DefaultType
-     directive and the DEFAULT_TYPE symbol in httpd.h.  Changed the value
-     of DEFAULT_TYPE to match the documented default (text/plain).
-     [Dean Gaudet] PR#506
-
-  *) Escape the HTML-sensitive characters in the Request-URI that is
-     output for each child by mod_status. [Dean Gaudet and Ken Coar] PR#501
-
-  *) Properly initialize the flock structures used by the mutex locking
-     around accept() when USE_FCNTL_SERIALIZED_ACCEPT is defined.
-     [Marc Slemko]
-
-  *) The method for determining PATH_INFO has been restored to the pre-1.2b
-     (and NCSA httpd) definition wherein it was the extra path info beyond
-     the CGI script filename.  The environment variable FILEPATH_INFO has
-     been removed, and instead we supply the original REQUEST_URI to any
-     script that wants to be Apache-specific and needs the real URI path.
-     This solves a problem with existing scripts that use extra path info
-     in the ScriptAlias directive to pass options to the CGI script.
-     [Roy Fielding]
-
-  *) The _default_ change in 1.2b10 will change the behaviour on configs
-     that use multiple Listen statements for listening on multiple ports.
-     But that change is necessary to make _default_ consistent with other
-     forms of <VirtualHost>.  It requires such configs to be modified
-     to use <VirtualHost _default_:*>.  The documentation has been
-     updated.  [Dean Gaudet] PR#530
-
-  *) If an ErrorDocument CGI script is used to respond to an error
-     generated by another CGI script which has already read the message
-     body of the request, the server would block trying to read the
-     message body again.  [Rob Hartill]
-
-  *) signal() replacement conflicted with a define on QNX (and potentially
-     other platforms). Fixed. [Ben Laurie] PR#512
-
-Changes with Apache 1.2b10
-
-  *) Allow HTTPD_ROOT, SERVER_CONFIG_FILE, DEFAULT_PATH, and SHELL_PATH
-     to be configured via -D in Configuration.  [Dean Gaudet] PR#449
-
-  *) <VirtualHost _default_:portnum> didn't work properly.  [Dean Gaudet]
-
-  *) Added prototype for mktemp() for SUNOS4 [Marc Slemko]
-
-  *) In mod_proxy.c, check return values for proxy_host2addr() when reading
-     config, in case the hostent struct returned is trash.
-     [Chuck Murcko] PR #491
-
-  *) Fixed the fix in 1.2b9 for parsing URL query info into args for CGI
-     scripts.  [Dean Gaudet, Roy Fielding, Marc Slemko]
-
-Changes with Apache 1.2b9  [never announced]
-
-  *) Reset the MODULE_MAGIC_NUMBER to account for the unsigned port
-     changes and in anticipation of 1.2 final release.  [Roy Fielding]
-
-  *) Fix problem with scripts not receiving a SIGPIPE when client drops
-     the connection (e.g., when user presses Stop).  Apache will now stop
-     trying to send a message body immediately after an error from write.
-     [Roy Fielding and Nathan Kurz] PR#335
-
-  *) Rearrange Configuration.tmpl so that mod_rewrite has higher priority
-     than mod_alias, and mod_alias has higher priority than mod_proxy;
-     rearranged other modules to enhance understanding of their purpose
-     and relative order (and maybe even reduce some overhead).
-     [Roy Fielding and Sameer Parekh]
-
-  *) Fix graceful restart.  Eliminate many signal-related race
-     conditions in both forms of restart, and in SIGTERM.  See
-     htdocs/manual/stopping.html for details on stopping and
-     restarting the parent.  [Dean Gaudet]
-
-  *) Fix memory leaks in mod_rewrite, mod_browser, mod_include.  Tune
-     memory allocator to avoid a behaviour that required extra blocks to
-     be allocated.  [Dean Gaudet]
-
-  *) Allow suexec to access files relative to current directory but not
-     above.  (Excluding leading / or any .. directory.)  [Ken Coar]
-     PR#269, 319, 395
-
-  *) Fix suexec segfault when group doesn't exist. [Gregory Neil Shapiro]
-     PR#367, 368, 354, 453
-
-  *) Fix the above fix: if suexec is enabled, avoid destroying r->url
-     while obtaining the /~user and save the username in a separate data
-     area so that it won't be overwritten by the call to getgrgid(), and
-     fix some misuse of the pool string allocation functions.  Also fixes
-     a general problem with parsing URL query info into args for CGI scripts.
-     [Roy Fielding] PR#339, 367, 354, 453
-
-  *) Fix IRIX warning about bzero undefined. [Marc Slemko]
-
-  *) Fix problem with <Directory proxy:...>. [Martin Kraemer] PR#271
-
-  *) Corrected spelling of "authoritative".  AuthDBAuthoratative became
-     AuthDBAuthoritative. [Marc Slemko] PR#420
-
-  *) MaxClients should be at least 1. [Lars Eilebrecht] PR#375
-
-  *) The default handler now logs invalid methods or URIs (i.e. PUT on an
-     object that can't be PUT, or FOOBAR for some method FOOBAR that
-     apache doesn't know about at all).  Log 404s that occur in mod_include.
-     [Paul Sutton, John Van Essen]
-
-  *) If a soft timeout (or lingerout) occurs while trying to flush a
-     buffer or write inside buff.c or fread'ing from a CGI's output,
-     then the timeout would be ignored. [Roy Fielding] PR#373
-
-  *) Work around a bug in Netscape Navigator versions 2.x, 3.x and 4.0b2's
-     parsing of headers.  If the terminating empty-line CRLF occurs starting
-     at the 256th or 257th byte of output, then Navigator will think a normal
-     image is invalid.  We are guessing that this is because their initial
-     read of a new request uses a 256 byte buffer. We check the bytes written
-     so far and, if we are about to tickle the bug, we instead insert a
-     padding header of eminent bogosity. [Roy Fielding and Dean Gaudet] PR#232
-
-  *) Fixed SIGSEGV problem when a DirectoryIndex file is also the source
-     of an external redirection.  [Roy Fielding and Paul Sutton]
-
-  *) Configure would create a broken Makefile if the configuration file
-     contained a commented-out Rule.  [Roy Fielding]
-
-  *) Promote per_dir_config and subprocess_env from the subrequest to the
-     main request in mod_negotiation.  In particular this fixes a bug
-     where <Files> sections wouldn't properly apply to negotiated content.
-     [Dean Gaudet]
-
-  *) Fix a potential deadlock in mod_cgi script_err handling.
-     [Ralf S. Engelschall]
-
-  *) rotatelogs zero-pads the logfile names to improve alphabetic sorting.
-     [Mitchell Blank Jr]
-
-  *) Updated mod_rewrite to 3.0.4: Fixes HTTP redirects from within
-     .htaccess files because the RewriteBase was not replaced correctly.
-     Updated mod_rewrite to 3.0.5: Fixes problem with rewriting inside
-     <Directory> sections missing a trailing /.  [Ralf S. Engelschall]
-
-  *) Clean up Linux settings in conf.h by detecting 2.x versus 1.x.  For
-     1.x the settings are those of pre-1.2b8.  For 2.x we include
-     USE_SHMGET_SCOREBOARD (scoreboard in shared memory rather than file) and
-     HAVE_SYS_RESOURCE_H (enable the RLimit commands).
-     [Dean Gaudet] PR#336, PR#340
-
-  *) Redirect did not preserve ?query_strings when present in the client's
-     request.  [Dean Gaudet]
-
-  *) Configure was finding non-modules on EXTRA_LIBS. [Frank Cringle] PR#380
-
-  *) Use /bin/sh5 on ULTRIX.  [P. Alejandro Lopez-Valencia] PR#369
-
-  *) Add UnixWare compile/install instructions.  [Chuck Murcko]
-
-  *) Add mod_example (illustration of API techniques).  [Ken Coar]
-
-  *) Add macro for memmove to conf.h for SUNOS4. [Marc Slemko]
-
-  *) Improve handling of directories when filenames have spaces in them.
-     [Chuck Murcko]
-
-  *) For hosts with multiple IP addresses, try all additional addresses if
-     necessary to get a connect. Fail only if hostent address list is
-     exhausted. [Chuck Murcko]
-
-  *) More signed/unsigned port fixes.  [Dean Gaudet]
-
-  *) HARD_SERVER_LIMIT can be defined in the Configuration file now.
-     [Dean Gaudet]
-
-Changes with Apache 1.2b8
-
-  *) suexec.c doesn't close the log file, allowing CGIs to continue writing
-     to it.  [Marc Slemko]
-
-  *) The addition of <Location> and <File> directives made the
-     sub_req_lookup_simple() function bogus, so we now handle
-     the special cases directly.  [Dean Gaudet]
-
-  *) We now try to log where the server is dumping core when a fatal
-     signal is received.  [Ken Coar]
-
-  *) Improved lingering_close by adding a special timeout, removing the
-     spurious log messages, removing the nonblocking settings (they
-     are not needed with the better timeout), and adding commentary
-     about the NO_LINGCLOSE and USE_SO_LINGER issues.  NO_LINGCLOSE is
-     now the default for SunOS4, UnixWare, NeXT, and IRIX.  [Roy Fielding]
-
-  *) Send error messages about setsockopt failures to the server error
-     log instead of stderr.  [Roy Fielding]
-
-  *) Fix loopholes in proxy cache expiry vis a vis alarms. [Brian Moore]
-
-  *) Stopgap solution for CGI 3-second delay with server-side includes: if
-     processing a subrequest, allocate memory from r->main->pool instead
-     of r->pool so that we can avoid waiting for free_proc_chain to cleanup
-     in the middle of an SSI request.  [Dean Gaudet] PR #122
-
-  *) Fixed status of response when POST is received for a nonexistent URL
-     (was sending 405, now 404) and when any method is sent with a
-     full-URI that doesn't match the server and the server is not acting
-     as a proxy (was sending 501, now 403).  [Roy Fielding]
-
-  *) Host port changed to unsigned short. [Ken Coar] PR #276
-
-  *) Fix typo in command definition of AuthAuthoritative. [Ken Coar] PR #246
-
-  *) Defined USE_SHMGET_SCOREBOARD for shared memory on Linux.  [Dean Gaudet]
-
-  *) Report extra info from errno with many errors that cause httpd to exit.
-     spawn_child, popenf, and pclosef now have valid errno returns in the
-     event of an error.  Correct problems where errno was stomped on
-     before being reported.  [Dean Gaudet]
-
-  *) In the proxy, if the cache filesystem was full, garbage_coll() was
-     never called, and thus the filesystem would remain full indefinitely.
-     We now also remove incomplete cache files left if the origin server
-     didn't send a Content-Length header and either the client has aborted
-     transfer or bwrite() to client has failed. [Petr Lampa]
-
-  *) Fixed the handling of module and script-added header fields.
-     Improved the interface for sending header fields and reduced
-     the duplication of code between sending okay responses and errors.
-     We now always send both headers_out and err_headers_out, and
-     ensure that the server-reserved fields are not being overridden,
-     while not overriding those that are not reserved.  [Roy Fielding]
-
-  *) Moved transparent content negotiation fields to err_headers_out
-     to reflect above changes.  [Petr Lampa]
-
-  *) Fixed the determination of whether or not we should make the
-     connection persistent for all of the cases where some other part
-     of the server has already indicated that we should not.  Also
-     improved the ordering of the test so that chunked encoding will
-     be set whenever it is desired instead of only when KeepAlive
-     is enabled. Added persistent connection capability for most error
-     responses (those that do not indicate a bad input stream) when
-     accessed by an HTTP/1.1 client. [Roy Fielding]
-
-  *) Added missing timeouts for sending header fields, error responses,
-     and the last chunk of chunked encoding, each of which could have
-     resulted in a process being stuck in write forever.  Using soft_timeout
-     requires that the sender check for an aborted connection rather than
-     continuing after an EINTR.  Timeouts that used to be initiated before
-     send_http_header (and never killed) are now initiated only within or
-     around the routines that actually do the sending, and not allowed to
-     propagate above the caller.  [Roy Fielding]
-
-  *) mod_auth_anon required an @ or a . in the email address, not both.
-     [Dirk vanGulik]
-
-  *) per_dir_defaults weren't set correctly until directory_walk for
-     name-based vhosts.  This fixes an obscure bug with the wrong config
-     info being used for vhosts that share the same ip as the server.
-     [Dean Gaudet]
-
-  *) Improved generation of modules/Makefile to be more generic for
-     new module directories. [Ken Coar, Chuck Murcko, Roy Fielding]
-
-  *) Generate makefile dependency for Configuration based on the actual
-     name given when running the Configure process.  [Dean Gaudet]
-
-  *) Fixed problem with vhost error log not being set prior to
-     initializing virtual hosts. [Dean Gaudet]
-
-  *) Fixed infinite loop when a trailing slash is included after a type map
-     file URL (extra path info). [Petr Lampa]
-
-  *) Fixed server status updating of per-connection counters. [Roy Fielding]
-
-  *) Add documentation for DNS issues (reliability and security), and try
-     to explain the virtual host matching process.  [Dean Gaudet]
-
-  *) Try to continue gracefully by disabling the vhost if a DNS lookup
-     fails while parsing the configuration file.  [Dean Gaudet]
-
-  *) Improved calls to setsockopt.  [Roy Fielding]
-
-  *) Negotiation changes: Don't output empty content-type in variant list;
-     Output charset in variant list; Return sooner from handle_multi() if
-     no variants found; Add handling of '*' wildcard in Accept-Charset.
-     [Petr Lampa and Paul Sutton]
-
-  *) Fixed overlaying of request/sub-request notes and headers in
-     mod_negotiation.  [Dean Gaudet]
-
-  *) If two variants' charset quality are equal and one is the default
-     charset (iso-8859-1), then prefer the variant that was specifically
-     listed in Accept-Charset instead of the default.  [Petr Lampa]
-
-  *) Memory allocation problem in push_array() -- it would corrupt memory
-     when nalloc==0.  [Kai Risku <krisku@tf.hut.fi> and Roy Fielding]
-
-  *) invoke_handler() doesn't handle mime arguments in content-type
-     [Petr Lampa] PR#160
-
-  *) Reduced IdentityCheck timeout to 30 seconds, as per RFC 1413 minimum.
-     [Ken Coar]
-
-  *) Fixed problem with ErrorDocument not working for virtual hosts
-     due to one of the performance changes in 1.2b7. [Dean Gaudet]
-
-  *) Log an error message if we get a request header that is too long,
-     since it may indicate a buffer overflow attack. [Marc Slemko]
-
-  *) Made is_url() allow "[-.+a-zA-Z0-9]+:" as a valid scheme and
-     not reject URLs without a double-slash, as per RFC2068 section 3.2.
-     [Ken Coar] PR #146, #187
-
-  *) Added table entry placeholder for new header_parser callback
-     in all of the distributed modules. [Ken Coar] PR #191
-
-  *) Allow for cgi files without the .EXE extension on them under OS/2.
-     [Garey Smiley] PR #59
-
-  *) Fixed error message when resource is not found and URL contains
-     path info. [Petr Lampa and Dean Gaudet] PR #40
-
-  *) Fixed user and server confusion over what should be a virtual host
-     and what is the main server, resulting in access to something
-     other than the name defined in the virtualhost directive (but
-     with the same IP address) failing. [Dean Gaudet]
-
-  *) Updated mod_rewrite to version 3.0.2, which: fixes compile error on
-     AIX; improves the redirection stuff to enable the users to generally
-     redirect to http, https, gopher and ftp; added TIME variable for
-     RewriteCond which expands to YYYYMMDDHHMMSS strings and added the
-     special patterns >STRING, <STRING and =STRING to RewriteCond, which
-     can be used in conjunction with %{TIME} or other variables to create
-     time-dependent rewriting rules. [Ralf S. Engelschall]
-
-  *) bpushfd() no longer notes cleanups for the file descriptors it is handed.
-     Module authors may need to adjust their code for proper cleanup to take
-     place (that is, call note_cleanups_for_fd()). This change fixes problems
-     with file descriptors being erroneously closed when the proxy module was
-     in use. [Ben Laurie]
-
-  *) Fix bug in suexec reintroduced by changes in 1.2b7 which allows
-     initgroups() to hose the group information needed for later
-     comparisons. [Randy Terbush]
-
-  *) Remove unnecessary call to va_end() in create_argv() which
-     caused a SEGV on some systems.
-
-  *) Use proper MAXHOSTNAMELEN symbol for limiting length of server name.
-     [Dean Gaudet]
-
-  *) Clear memory allocated for listeners. [Randy Terbush]
-
-  *) Improved handling of IP address as a virtualhost address and
-     introduced "_default_" as a synonym for the default vhost config.
-     [Dean Gaudet] PR #212
-
-Changes with Apache 1.2b7
-
-  *) Port to  UXP/DS(V20) [Toshiaki Nomura <nom@yk.fujitsu.co.jp>]
-
-  *) unset Content-Length if chunked (RFC-2068) [Petr Lampa]
-
-  *) mod_negotiation fixes [Petr Lampa] PR#157, PR#158, PR#159
-     - replace protocol response numbers with symbols
-     - save variant-list into main request notes
-     - free allocated memory from subrequests
-     - merge notes, headers_out and err_headers_out
-
-  *) changed status check mask in proxy_http.c from "HTTP/#.# ### *" to
-     "HTTP/#.# ###*" to be more lenient about what we accept.
-     [Chuck Murcko]
-
-  *) more proxy FTP bug fixes:
-     - Changed send_dir() to remove user/passwd from displayed URL.
-     - Changed login error messages to be more descriptive.
-     - remove setting of SO_DEBUG socket option
-     - Make ftp_getrc() more lenient about multiline responses,
-       specifically, 230 responses which don't have continuation 230-
-       on each line). These seem to be all NT FTP servers, and while
-       perhaps questionable, they appear to be legal by RFC 959.
-     - Add missing kill_timeout() after transfer to user completes.
-     [Chuck Murcko]
-
-  *) Fixed problem where a busy server could hang when restarting
-     after being sent a SIGHUP due to child processes not exiting.
-     [Marc Slemko]
-
-  *) Modify mod_include escaping so a '\' only signifies an escaped
-     character if the next character is one that needs
-     escaping.  [Ben Laurie]
-
-  *) Eliminated possible infinite loop in mod_imap when relative URLs are
-     used with a 'base' directive that does not have a '/' in it.
-     [Marc Slemko, reported by Onno Witvliet <onno@tc.hsa.nl>]
-
-  *) Reduced the default timeout from 1200 seconds to 300, and the
-     one in the sample configfile from 400 to 300.  [Marc Slemko]
-
-  *) Stop vbprintf from crashing if given a NULL string pointer;
-     print (null) instead.  [Ken Coar]
-
-  *) Don't disable Nagle algorithm if system doesn't have TCP_NODELAY.
-     [Marc Slemko and Roy Fielding]
-
-  *) Fixed problem with mod_cgi-generated internal redirects trying to
-     read the request message-body twice. [Archie Cobbs and Roy Fielding]
-
-  *) Reduced timeout on lingering close, removed possibility of a blocked
-     read causing the child to hang, and stopped logging of errors if
-     the socket is not connected (reset by client).  [Roy Fielding]
-
-  *) Rearranged main child loop to remove duplication of code in
-     select/accept and keep-alive requests, fixed several bugs regarding
-     checking scoreboard_image for exit indication and failure to
-     account for all success conditions and trap all error conditions,
-     prevented multiple flushes before closing the socket; close the entire
-     socket buffer instead of just one descriptor, prevent logging of
-     EPROTO and ECONNABORTED on platforms where supported, and generally
-     improved readability.  [Roy Fielding]
-
-  *) Extensive performance improvements. Cleaned up inefficient use of
-     auto initializers, multiple is_matchexp calls on a static string,
-     and excessive merging of response_code_strings. [Dean Gaudet]
-
-  *) Added double-buffering to mod_include to improve performance on
-     server-side includes. [Marc Slemko]
-
-  *) Several fixes for suexec wrapper. [Randy Terbush]
-     - Make wrapper work for files on NFS filesystem.
-     - Fix portability problem of MAXPATHLEN.
-     - Fix array overrun problem in clean_env().
-     - Fix allocation of PATH environment variable
-
-  *) Removed extraneous blank line is description of mod_status chars.
-     [Kurt Kohler]
-
-  *) Logging of errors from the call_exec routine simply went nowhere,
-     since the logfile fd has been closed, so now we send them to stderr.
-     [Harald T. Alvestrand]
-
-  *) Fixed core dump when DocumentRoot is a CGI.
-     [Ben Laurie, reported by geddis@tesserae.com]
-
-  *) Fixed potential file descriptor leak in mod_asis; updated it and
-     http_core to use pfopen/pfclose instead of fopen/fclose.
-     [Randy Terbush and Roy Fielding]
-
-  *) Fixed handling of unsigned ints in ap_snprintf() on some chips such
-     as the DEC Alpha which is 64-bit but uses 32-bit ints.
-     [Dean Gaudet and Ken Coar]
-
-  *) Return a 302 response code to the client when sending a redirect
-     due to a missing trailing '/' on a directory instead of a 301; now
-     it is cacheable. [Markus Gyger]
-
-  *) Fix condition where, if a bad directive occurs in .htaccess, and
-     sub_request() goes first to this directory, then log_reason() will
-     SIGSEGV because it doesn't have initialized r->per_dir_config.
-     [PR#162 from Petr Lampa, fix by Marc Slemko and Dean Gaudet]
-
-  *) Fix handling of lang_index in is_variant_better().  This was
-     causing problems which resulted in the server sending the
-     wrong language document in some cases. [Petr Lampa]
-
-  *) Remove free() from clean_env() in suexec wrapper. This was nuking
-     the clean environment on some systems.
-
-  *) Tweak byteserving code (e.g. serving PDF files) to work around
-     bugs in Netscape Navigator and Microsoft Internet Explorer.
-     Emit Content-Length header when sending multipart/byteranges.
-     [Alexei Kosut]
-
-  *) Port to HI-UX/WE2. [Nick Maclaren]
-
-  *) Port to HP MPE operating system for HP 3000 machines
-     [Mark Bixby <markb@cccd.edu>]
-
-  *) Fixed bug which caused a segmentation fault if only one argument
-     given to RLimit* directives. [Ed Korthof]
-
-  *) Continue persistent connection after 204 or 304 response. [Dean Gaudet]
-
-  *) Improved buffered output to the client by delaying the flush decision
-     until the BUFF code is actually about to read the next request.
-     This fixes a problem introduced in 1.2b5 with clients that send
-     an extra CRLF after a POST request. Also improved chunked output
-     performance by combining writes using writev() and removing as
-     many bflush() calls as possible.  NOTE: Platforms without writev()
-     must add -DNO_WRITEV to the compiler CFLAGS, either in Configuration
-     or Configure, unless we have already done so.  [Dean Gaudet]
-
-  *) Fixed mod_rewrite bug which truncated the rewritten URL [Marc Slemko]
-
-  *) Fixed mod_info output corruption bug introduced by buffer overflow
-     fixes. [Dean Gaudet]
-
-  *) Fixed http_protocol to correctly output all HTTP/1.1 headers, including
-     for the special case of a 304 response.  [Paul Sutton]
-
-  *) Improved handling of TRACE method by bypassing normal method handling
-     and header parsing routines; fixed Allow response to always allow TRACE.
-     [Dean Gaudet]
-
-  *) Fixed compiler warnings in the regex library. [Dean Gaudet]
-
-  *) Cleaned-up some of the generated HTML. [Ken Coar]
-
-Changes with Apache 1.2b6
-
-  *) Allow whitespace in imagemap mapfile coordinates. [Marc Slemko]
-
-  *) Fix typo introduced in fix for potential infinite loop around
-     accept() in child_main(). This change caused the rev to 1.2b6.
-     1.2b5 was never a public beta.
-
-Changes with Apache 1.2b5
-
-  *) Change KeepAlive semantics (On|Off instead of a number), add
-     MaxKeepAliveRequests directive. [Alexei Kosut]
-
-  *) Various NeXT compilation patches, as well as a change in
-     regex/regcomp.c since that file also used a NEXT define.
-     [Andreas Koenig]
-
-  *) Allow * to terminate the end of a directory match in mod_dir.
-     Allows /~* to match for both /~joe and /~joe/. [David Bronder]
-
-  *) Don't call can_exec() if suexec_enabled. Calling this requires
-     scripts executed by the suexec wrapper to be world executable, which
-     defeats one of the advantages of running the wrapper. [Randy Terbush]
-
-  *) Portability Fix: IRIX complained with 'make clean' about *pure* (removed)
-     [Jim Jagielski]
-
-  *) Migration from sprintf() to snprintf() to avoid buffer
-     overflows. [Marc Slemko]
-
-  *) Provide portable snprintf() implementation (ap_snprintf)
-     as well as *cvt family. [Jim Jagielski]
-
-  *) Portability Fix: NeXT lacks unistd.h so we wrap it's inclusion
-     [Jim Jagielski]
-
-  *) Remove mod_fastcgi.c from the distribution. This module appears
-     to be maintained more through the Open Market channels and should
-     continue to be easily available at http://www.fastcgi.com/
-
-  *) Fixed bug in modules/Makefile that wouldn't allow building in more
-     than one subdirectory (or cleaning, either). [Jeremy Laidman]
-
-  *) mod_info assumed that the config files were relative to ServerRoot.
-     [Ken the Rodent]
-
-  *) CGI scripts called as an error document resulting from failed
-     CGI execution would hang waiting for POST'ed data. [Rob Hartill]
-
-  *) Log reason when mod_dir returns access HTTP_FORBIDDEN
-     [Ken the Rodent]
-
-  *) Properly check errno to prevent display of a directory index
-     when server receives a long enough URL to confuse stat().
-     [Marc Slemko]
-
-  *) Several security enhancements to suexec wrapper. It is _highly_
-     recommended that previously installed versions of the wrapper
-     be replaced with this version.  [Randy Terbush, Jason Dour]
-
-        - ~user execution now properly restricted to ~user's home
-          directory and below.
-        - execution restricted to UID/GID > 100
-        - restrict passed environment to known variables
-        - call setgid() before initgroups() (portability fix)
-        - remove use of setenv() (portability fix)
-
-  *) Add HTTP/1.0 response forcing. [Ben Laurie]
-
-  *) Add access control via environment variables. [Ben Laurie]
-
-  *) Add rflush() function. [Alexei Kosut]
-
-  *) remove duplicate pcalloc() call in new_connection().
-
-  *) Fix incorrect comparison which could allow number of children =
-     MaxClients + 1 if less than HARD_SERVER_LIMIT. Also fix potential
-     problem if StartServers > HARD_SERVER_LIMIT. [Ed Korthof]
-
-  *) Updated support for OSes (MachTen, ULTRIX, Paragon, ISC, OpenBSD
-     AIX PS/2, CONVEXOS. [Jim Jagielski]
-
-  *) Replace instances of inet_ntoa() with inet_addr() for ProxyBlock.
-     It's more portable. [Martin Kraemer]
-
-  *) Replace references to make in Makefile.tmpl with $(MAKE).
-     [Chuck Murcko]
-
-  *) Add ProxyBlock directive w/IP address caching. Add IP address
-     caching to NoCache directive as well. ProxyBlock works with all
-     handlers; NoCache now also works with FTP for anonymous logins.
-     Still more code cleanup. [Chuck Murcko]
-
-  *) Add "header parse" API hook [Ben Laurie]
-
-  *) Fix byte ordering problems for REMOTE_PORT [Chuck Murcko]
-
-  *) suEXEC wrapper was freeing memory that had not been malloc'ed.
-
-  *) Correctly allow access and auth directives in <Files> sections in
-     server config files. [Alexei Kosut]
-
-  *) Fix bug with ServerPath that could cause certain files to be not
-     found by the server. [Alexei Kosut]
-
-  *) Fix handling of ErrorDocument so that it doesn't remove a trailing
-     double-quote from text and so that it properly checks for unsupported
-     status codes using the new index_of_response interface. [Roy Fielding]
-
-  *) Multiple fixes to the lingering_close code in order to avoid being
-     interrupted by a stray timeout, to avoid lingering on a connection
-     that has already been aborted or never really existed, to ensure that
-     we stop lingering as soon as any error condition is received, and to
-     prevent being stuck indefinitely if the read blocks.  Also improves
-     reporting of error conditions.  [Marc Slemko and Roy Fielding]
-
-  *) Fixed initialization of parameter structure for sigaction.
-     [mgyger@itr.ch, Adrian Filipi-Martin]
-
-  *) Fixed reinitializing the parameters before each call to accept and
-     select, and removed potential for infinite loop in accept.
-     [Roy Fielding, after useful PR from adrian@virginia.edu]
-
-  *) Fixed condition where, if a child fails to fork, the scoreboard would
-     continue to say SERVER_STARTING forever. Eventually, the main process
-     would refuse to start new children because count_idle_servers() will
-     count those SERVER_STARTING entries and will always report that there
-     are enough idle servers. [Phillip Vandry]
-
-  *) Fixed bug in bcwrite regarding failure to account for partial writes.
-     Avoided calling bflush() when the client is pipelining requests.
-     Removed unnecessary flushes from http_protocol. [Dean Gaudet]
-
-  *) Added description of "." mode in server-status [Jim Jagielski]
-
-Changes with Apache 1.2b4
-
-  *) Fix possible race condition in accept_mutex_init() that
-     could leave a small security hole open allowing files to be
-     overwritten in cases where the server UID has write permissions.
-     [Marc Slemko]
-
-  *) Fix awk compatibilty problem in Configure. [Jim Jagielski]
-
-  *) Fix portablity problem in util_script where ARG_MAX may not be
-     defined for some systems.
-
-  *) Add changes to allow compilation on Machten 4.0.3 for PowerPC.
-     [Randal Schwartz]
-
-  *) OS/2 changes to support an MMAP style scoreboard file and UNIX
-     style magic #! token for better script portability. [Garey Smiley]
-
-  *) Fix bug in suexec wrapper introduced in b3 that would cause failed
-     execution for ~userdir CGI. [Jason Dour]
-
-  *) Fix initgroups() business in suexec wrapper. [Jason Dour]
-
-  *) Fix month off by one in suexec wrapper logging.
-
-Changes with Apache 1.2b3:
-
-  *) Fix error in mod_cgi which could cause resources not to be properly
-     freed, or worse. [Dean Gaudet]
-
-  *) Fix find_string() NULL pointer dereference. [Howard Fear]
-
-  *) Add set_flag_slot() at the request of Dirk and others.
-     [Dirk vanGulik]
-
-  *) Sync mod_rewrite with patch level 10. [Ralf Engelschall]
-
-  *) Add changes to improve the error message given for invalid
-     ServerName parameters. [Dirk vanGulik]
-
-  *) Add "Authoritative" directive for Auth modules that don't
-     currently have it. This gives admin control to assign authoritative
-     control to an authentication scheme and allow "fall through" for
-     those authentication modules that aren't "Authoritative" thereby
-     allowing multiple authentication mechanisms to be chained.
-     [Dirk vanGulik]
-
-  *) Remove requirement for ResourceConfig/AccessConfig if not using
-     the three config file layout. [Randy Terbush]
-
-  *) Add PASV mode to mod_proxy FTP handler. [Chuck Murcko]
-
-  *) Changes to suexec wrapper to fix the following problems:
-     1.  symlinked homedirs will kill ~userdirs.
-     2.  initgroups() on Linux 2.0.x clobbers gr->grid.
-     3.  CGI command lines paramters problems
-     4.  pw-pwdir for "docroot check" still the httpd user's pw record.
-    [Randy Terbush, Jason Dour]
-
-  *) Change create_argv() to accept variable arguments. This fixes
-     a problem where arguments were not getting passed to the CGI via
-     argv[] when the suexec wrapper was active. [Randy Terbush, Jake Buchholz]
-
-  *) Collapse multiple slashes in path URLs to properly apply
-     handlers defined by <Location>. [Alexei Kosut]
-
-  *) Define a sane set of DEFAULT_USER and DEFAULT_GROUP values for AIX.
-
-  *) Improve the accuracy of request duration timings by setting
-     r->request_time in read_request_line() instead of read_request().
-     [Dean Gaudet]
-
-  *) Reset timeout while reading via get_client_block() in mod_cgi.c
-     Fixes problem with timed out transfers of large files. [Rasmus Lerdorf]
-
-  *) Add the ability to pass different Makefile.tmpl files to Configure
-     using the -make flag. [Rob Hartill]
-
-  *) Fix coredump triggered when sending a SIGHUP to the server caused
-     by an assertion failure, in turn caused by an uninitialised field in a
-     listen_rec.
-     [Ben Laurie]
-
-  *) Add FILEPATH_INFO variable to CGI environment, which is equal to
-     PATH_INFO from previous versions of Apache (in certain situations,
-     Apache 1.2's PATH_INFO will be different than 1.1's). [Alexei Kosut]
-     [later removed in 1.2b11]
-
-  *) Add rwrite() function to API to allow for sending strings of
-     arbitrary length. [Doug MacEachern]
-
-  *) Remove rlim_t typedef for NetBSD. Do older versions need this?
-
-  *) Defined rlim_t and WANTHSREGEX=yes and fixed waitpid() substitute for
-     NeXT. [Jim Jagielski]
-
-  *) Removed recent modification to promote the status code on internal
-     redirects, since the correct fix was to change the default log format
-     in mod_log_config so that it outputs the original status. [Rob Hartill]
-
-Changes with Apache 1.2b2:
-
-  *) Update set_signals() to use sigaction() for setting handlers.
-     This appears to fix a re-entrant problem in the seg_fault()
-     bus_error() handlers. [Randy Terbush]
-
-  *) Changes to allow mod_status compile for OS/2 [Garey Smiley]
-
-  *) changes for DEC AXP running OSF/1 v3.0. [Marc Evans]
-
-  *) proxy_http.c bugfixes:  [Chuck Murcko]
-        1) fixes possible NULL pointer reference w/NoCache
-        2) fixes NoCache behavior when using ProxyRemote (ProxyRemote
-           host would cache nothing if it was in the local domain,
-           and the local domain was in the NoCache list)
-        3) Adds Host: header when not available
-        4) Some code cleanup and clarification
-
-  *) mod_include.c bugfixes:
-        1) Fixed an ommission that caused include variables to not
-           be parsed in config errmsg directives [Howard Fear]
-        2) Remove HAVE_POSIX_REGEX cruft [Alexei Kosut]
-        3) Patch to fix compiler warnings [perrot@lal.in2p3.fr]
-        4) Allow backslash-escaping to all quoted text
-           [Ben Yoshino <ben@wiliki.eng.hawaii.edu>]
-        5) Pass variable to command line if not set in XSSI's env
-           [Howard Fear]
-
-  *) Fix infinite loop when processing Content-language lines in
-     type-map files. [Alexei Kosut]
-
-  *) Closed file-globbing hole in test-cgi script. [Brian Behlendorf]
-
-  *) Fixed problem in set_[user|group] that prevented CGI execution
-     for non-virtualhosts when suEXEC was enabled. [Randy Terbush]
-
-  *) Added PORTING information file.  [Jim Jagielski]
-
-  *) Added definitions for S_IWGRP and S_IWOTH to conf.h [Ben Laurie]
-
-  *) Changed default group to "nogroup" instead of "nobody" [Randy Terbush]
-
-  *) Fixed define typo of FCNTL_SERIALIZED_ACCEPT where
-     USE_FCNTL_SERIALIZED_ACCEPT was intended.
-
-  *) Fixed additional uses of 0xffffffff where INADDR_NONE was intended,
-     which caused problems of systems where socket s_addr is >32bits.
-
-  *) Added comment to explain (r->chunked = 1) side-effect in
-     http_protocol.c [Roy Fielding]
-
-  *) Replaced use of index() in mod_expires.c with more appropriate
-     and portable isdigit() test.  [Ben Laurie]
-
-  *) Updated Configure for ...
-        OS/2          (DEF_WANTHSREGEX=yes, other code changes)
-        *-dg-dgux*    (bad pattern match)
-        QNX           (DEF_WANTHSREGEX=yes)
-        *-sunos4*     (DEF_WANTHSREGEX=yes, -DUSEBCOPY)
-        *-ultrix      (new)
-        *-unixware211 (new)
-     and added some user diagnostic info.  [Ben Laurie]
-
-  *) In helpers/CutRule, replaced "cut" invocation with "awk" invocation
-     for better portability. [Jim Jagielski]
-
-  *) Updated helpers/GuessOS for ...
-        SCO 5            (recognize minor releases)
-        SCO UnixWare     (braindamaged uname, whatever-whatever-unixware2)
-        SCO UnixWare 2.1.1      (requires a separate set of #defines in conf.h)
-        IRIX64           (-sgi-irix64)
-        ULTRIX           (-unknown-ultrix)
-        SINIX            (-whatever-sysv4)
-        NCR Unix         (-ncr-sysv4)
-     and fixed something in helpers/PrintPath  [Ben Laurie]
-
-Changes with Apache 1.2b1
-
-  *) Not listed. See <http://www.apache.org/docs/new_features_1_2.html>
-
-Changes with Apache 1.1.1
-
-  *) Fixed bug where Cookie module would make two entries in the
-     logfile for each access [Mark Cox]
-
-  *) Fixed bug where Redirect in .htaccess files would cause memory
-     leak. [Nathan Neulinger]
-
-  *) MultiViews now works correctly with AddHandler [Alexei Kosut]
-
-  *) Problems with mod_auth_msql fixed [Dirk vanGulik]
-
-  *) Fix misspelling of "Anonymous_Authorative" directive in mod_auth_anon.
-
-Changes with Apache 1.1.0
-
-  *) Bring NeXT support up to date. [Takaaki Matsumoto]
-
-  *) Bring QNX support up to date. [Ben Laurie]
-
-  *) Make virtual hosts default to main server keepalive parameters.
-     [Alexei Kosut, Ben Laurie]
-
-  *) Allow ScanHTMLTitles to work with lowercase <title> tags. [Alexei Kosut]
-
-  *) Fix missing address family for connect, also remove unreachable statement
-     in mod_proxy. [Ben Laurie]
-
-  *) mod_env now turned on by default in Configuration.tmpl.
-
-  *) Bugs which were fixed:
-        a) yet more mod_proxy bugs [Ben Laurie]
-        b) CGI works again with inetd [Alexei Kosut]
-        c) Leading colons were stripped from passwords [osm@interguide.com]
-        d) Another fix to multi-method Limit problem [jk@tools.de]
-
-Changes with Apache 1.1b4
-
-  *) r->bytes_sent variable restored. [Robert Thau]
-
-  *) Previously broken multi-method <Limit> parsing fixed. [Robert Thau]
-
-  *) More possibly unsecure programs removed from the support directory.
-
-  *) More mod_auth_msql authentication improvements.
-
-  *) VirtualHosts based on Host: headers no longer conflict with the
-     Listen directive.
-
-  *) OS/2 compatibility enhancements. [Gary Smiley]
-
-  *) POST now allowed to directory index CGI scripts.
-
-  *) Actions now work with files of the default type.
-
-  *) Bugs which were fixed:
-        a) more mod_proxy bugs
-        b) early termination of inetd requests
-        c) compile warnings on several systems
-        d) problems when scripts stop reading output early
-
-Changes with Apache 1.1b3
-
-  *) Much of cgi-bin and all of cgi-src has been removed, due to
-     various security holes found and that we could no longer support
-     them.
-
-  *) The "Set-Cookie" header is now special-cased to not merge multiple
-     instances, since certain popular browsers can not handle multiple
-     Set-Cookie instructions in a single header. [Paul Sutton]
-
-  *) rprintf() added to buffer code, occurrences of sprintf removed.
-     [Ben Laurie]
-
-  *) CONNECT method for proxy module, which means tunneling SSL should work.
-     (No crypto needed)  Also a NoCache config directive.
-
-  *) Several API additions: pstrndup(), table_unset() and get_token()
-     functions now available to modules.
-
-  *) mod_imap fixups, in particular Location: headers are now complete
-     URL's.
-
-  *) New "info" module which reports on installed module set through a
-     special URL, a la mod_status.
-
-  *) "ServerPath" directive added - allows for graceful transition
-     for Host:-header-based virtual hosts.
-
-  *) Anonymous authentication module improvements.
-
-  *) MSQL authentication module improvements.
-
-  *) Status module design improved - output now table-based. [Ben Laurie]
-
-  *) htdigest utility included for use with digest authentication
-     module.
-
-  *) mod_negotiation: Accept values with wildcards to be treated with
-     less priority than those without wildcards at the same quality
-     value. [Alexei Kosut]
-
-  *) Bugs which were fixed:
-        a) numerous mod_proxy bugs
-        b) CGI early-termination bug [Ben Laurie]
-        c) Keepalives not working with virtual hosts
-        d) RefererIgnore problems
-        e) closing fd's twice in mod_include (causing core dumps on
-           Linux and elsewhere).
-
-Changes with Apache 1.1b2
-
-  *) Bugfixes:
-        a) core dumps in mod_digest
-        b) truncated hostnames/ip address in the logs
-        c) relative URL's in mod_imap map files
-
-Changes with Apache 1.1b1
-
-  *) Not listed. See <http://www.apache.org/docs/new_features_1_1.html>
-
-Changes with Apache 1.0.3
-
-  *) Internal redirects which occur in mod_dir.c now preserve the
-     query portion of a request (the bit after the question mark).
-     [Adam Sussman]
-
-  *) Escape active characters '<', '>' and '&' in html output in
-     directory listings, error messages and redirection links.
-     [David Robinson]
-
-  *) Apache will now work with LynxOS 2.3 and later [Steven Watt]
-
-  *) Fix for POSIX compliance in waiting for processes in alloc.c.
-     [Nick Williams]
-
-  *) setsockopt no longer takes a const declared argument [Martijn Koster]
-
-  *) Reset timeout timer after each successful fwrite() to the network.
-     This patch adds a reset_timeout() procedure that is called by
-     send_fd() to reset the timeout ever time data is written to the net.
-     [Nathan Schrenk]
-
-  *) timeout() signal handler now checks for SIGPIPE and reports
-     lost connections in a more user friendly way. [Rob Hartill]
-
-  *) Location of the "scoreboard" file which used to live in /tmp is
-     now configurable (for OSes that can't use mmap) via ScoreBoardFile
-     which works similar to PidFile (in httpd.conf) [Rob Hartill]
-
-  *) Include sys/resource.h in the correct place for SunOS4 [Sameer Parekh]
-
-  *) the pstrcat call in mod_cookies.c didn't have an ending NULL,
-     which caused a SEGV with cookies enabled
-
-  *) Output warning when MinSpareServers is set to <= 0 and change it to 1
-     [Rob Hartill]
-
-  *) Log the UNIX textual error returned by some system calls, in
-     particular errors from accept() [David Robinson]
-
-  *) Add strerror function to util.c for SunOS4 [Randy Terbush]
-
-Changes with Apache 1.0.2
-
-  *) patch to get Apache compiled on UnixWare 2.x, recommended as
-     a temporary measure, pending rewrite of rfc931.c. [Chuck Murcko]
-
-  *) Fix get_basic_auth_pw() to set the auth_type of the request.
-     [David Robinson]
-
-  *) past changes to http_config.c to only use the
-     setrlimit function on systems defining RLIMIT_NOFILE
-     broke the feature on SUNOS4. Now defines HAVE_RESOURCE
-     for SUNOS and prototypes the needed functions.
-
-  *) Remove uses of MAX_STRING_LEN/HUGE_STRING_LEN from several routines.
-     [David Robinson]
-
-  *) Fix use of pointer to scratch memory. [Cliff Skolnick]
-
-  *) Merge multiple headers from CGI scripts instead of taking last
-     one. [David Robinson]
-
-  *) Add support for SCO 5. [Ben Laurie]
-
-Changes with Apache 1.0.1
-
-  *) Silence mod_log_referer and mod_log_agent if not configured
-     [Randy Terbush]
-
-  *) Recursive includes can occur if the client supplies PATH_INFO data
-     and the server provider uses relative links; as file.html
-     relative to /doc.shtml/pathinfo is /doc.shtml/file.html. [David Robinson]
-
-  *) The replacement for initgroups() did not call {set,end}grent(). This
-     had two implications: if anything else used getgrent(), then
-     initgroups() would fail, and it was consuming a file descriptor.
-     [Ben Laurie]
-
-  *) On heavily loaded servers it was possible for the scoreboard to get
-     out of sync with reality, as a result of a race condition.
-     The observed symptoms are far more Apaches running than should
-     be, and heavy system loads, generally followed by catastrophic
-     system failure. [Ben Laurie]
-
-  *) Fix typo in license. [David Robinson]
-
-Changes with Apache 1.0.0                                        23 Nov 1995
-
-  *) Not listed. See <http://www.apache.org/docs/new_features_1_0.html>
-
-Changes with Apache 0.8.16                                       05 Nov 1995
-
-  *) New man page for 'httpd' added to support directory [David Robinson]
-
-  *) .htgroup files can have more than one line giving members for a
-     given group (each must have the group name in front), for NCSA
-     back-compatibility [Robert Thau]
-
-  *) Mutual exclusion around accept() is on by default for SVR4 systems
-     generally, since they generally can't handle multiple processes in
-     accept() on the same socket.  This should cure flaky behavior on
-     a lot of those systems.  [David Robinson]
-
-  *) AddType, AddEncoding, and AddLanguage directives take multiple
-     extensions on a single command line [David Robinson]
-
-  *) UserDir can be disabled for a given virtual host by saying
-     "UserDir disabled" in the <VirtualHost> section --- it was a bug
-     that this didn't work.  [David Robinson]
-
-  *) Compiles on QNX [Ben Laurie]
-
-  *) Corrected parsing of ctime time format [David Robinson]
-
-  *) httpd does a perror() before exiting if it can't log its pid
-     to the PidFile, to make diagnosing the error a bit easier.
-     [David Robinson]
-
-  *) <!--#include file="..."--> can no longer include files in the
-     parent directory, for NCSA back-compatibility.  [David Robinson]
-
-  *) '~' is *not* escaped in URIs generated for directory listings
-     [Roy Fielding]
-
-  *) Eliminated compiler warning in the imagemap module [Randy Terbush]
-
-  *) Fixed bug involving handling URIs with escaped %-characters
-     in redirects [David Robinson]
-
-Changes with Apache 0.8.15                                       14 Oct 1995
-
-  *) Switched to new, simpler license
-
-  *) Eliminated core dumps with improperly formatted DBM group files [Mark Cox]
-
-  *) Don't allow requests for ordinary files to have PATH_INFO [Ben Laurie]
-
-  *) Reject paths containing %-escaped '%' or null characters [David Robinson]
-
-  *) Correctly handles internal redirects to files with names containing '%'
-     [David Robinson]
-
-  *) Repunctuated some error messages [Aram Mirzadeh, Andrew Wilson]
-
-  *) Use geteuid() rather than getuid() to see if we have root privilege,
-     so that server correctly resets privilege if run setuid root.  [Andrew
-     Wilson]
-
-  *) Handle ftp: and telnet: URLs correctly in imagemaps (built-in module)
-     [Randy Terbush]
-
-  *) Fix relative URLs in imagemap files [Randy Terbush]
-
-  *) Somewhat better fix for the old "Alias /foo/ /bar/" business
-     [David Robinson]
-
-  *) Don't repeatedly open the ErrorLog if a bunch of <VirtualHost>
-     entries all name the same one. [David Robinson]
-
-  *) Fix directory listings with filenames containing unusual characters
-     [David Robinson]
-
-  *) Better URI-escaping for generated URIs in directories with filenames
-     containing unusual characters [Ben Laurie]
-
-  *) Fixed potential FILE* leak in http_main.c [Ben Laurie]
-
-  *) Unblock alarms on error return from spawn_child() [David Robinson]
-
-  *) Sample Config files have extra note for SCO users [Ben Laurie]
-
-  *) Configuration has note for HP-UX users [Rob Hartill]
-
-  *) Eliminated some bogus Linux-only #defines in conf.h [Aram Mirzadeh]
-
-  *) Nuked bogus #define in httpd.h [David Robinson]
-
-  *) Better test for whether a system has setrlimit() [David Robinson]
-
-  *) Calls update_child_status() after reopen_scoreboard() [David Robinson]
-
-  *) Doesn't send itself SIGHUP on startup when run in the -X debug-only mode
-     [Ben Laurie]
-
-Changes with Apache 0.8.14                                       19 Sep 1995
-
-  *) Compiles on SCO ODT 3.0 [Ben Laurie]
-
-  *) AddDescription works (better) [Ben Laurie]
-
-  *) Leaves an intelligible error diagnostic when it can't set group
-     privileges on standalone startup [Andrew Wilson]
-
-  *) Compiles on NeXT again --- the 0.8.13 RLIMIT patch was failing on
-     that machine, which claims to be BSD but does not support RLIMIT.
-     [Randy Terbush]
-
-  *) gcc -Wall no longer complains about an unused variable when util.c
-     is compiled with -DMINIMAL_DNS [Andrew Wilson]
-
-  *) Nuked another compiler warning for -Wall on Linux [Aram Mirzadeh]
-
-Changes with Apache 0.8.13                                       07 Sep 1995
-
-  *) Make IndexIgnore *work* (ooops) [Jarkko Torppa]
-
-  *) Have built-in imagemap code recognize & honor Point directive [James
-     Cloos]
-
-  *) Generate cleaner directory listings in directories with a mix of
-     long and short filenames [Rob Hartill]
-
-  *) Properly initialize dynamically loaded modules [Royston Shufflebotham]
-
-  *) Properly default ServerName for virtual servers [Robert Thau]
-
-  *) Rationalize handling of BSD in conf.h and elsewhere [Randy Terbush,
-     Paul Richards and a cast of thousands...]
-
-  *) On self-identified BSD systems (we don't try to guess any more),
-     allocate a few extra file descriptors per virtual host with setrlimit,
-     if we can, to avoid running out. [Randy Terbush]
-
-  *) Write 22-character lock file name into buffer with enough space
-     on startup [Konstantin Olchanski]
-
-  *) Use archaic setpgrp() interface on NeXT, which requires it [Brian
-     Pinkerton]
-
-  *) Suppress -Wall warning by casting const away in util.c [Aram Mirzadeh]
-
-  *) Suppress -Wall warning by initializing variable in negotiation code
-     [Tobias Weingartner]
-
-Changes with Apache 0.8.12                                       31 Aug 1995
-
-  *) Doesn't pause three seconds after including a CGI script which is
-     too slow to die off (this is done by not even trying to kill off
-     subprocesses, including the SIGTERM/pause/SIGKILL routine, until
-     after the entire document has been processed).  [Robert Thau]
-
-  *) Doesn't do SSI if Options Includes is off.  (Ooops).  [David Robinson]
-
-  *) Options IncludesNoExec allows inclusion of at least text/* [Roy Fielding]
-
-  *) Allows .htaccess files to override <Directory> sections naming the
-     same directory [David Robinson]
-
-  *) Removed an efficiency hack in sub_req_lookup_uri which was
-     causing certain extremely marginal cases (e.g., ScriptAlias of a
-     *particular* index.html file) to fail.  [David Robinson]
-
-  *) Doesn't log an error when the requested URI requires
-     authentication, but no auth header line was supplied by the
-     client; this is a normal condition (the client doesn't no auth is
-     needed here yet).  [Robert Thau]
-
-  *) Behaves more sanely when the name server loses its mind [Sean Welch]
-
-  *) RFC931 code compiles cleanly on old BSDI releases [Randy Terbush]
-
-  *) RFC931 code no longer passes out name of prior clients on current
-     requests if the current request came from a server that doesn't
-     do RFC931.  [David Robinson]
-
-  *) Configuration script accepts "Module" lines with trailing whitespace.
-     [Robert Thau]
-
-  *) Cleaned up compiler warning from mod_access.c [Robert Thau]
-
-  *) Cleaned up comments in mod_cgi.c [Robert Thau]
-
-Changes with Apache 0.8.11                                       24 Aug 1995
-
-  *) Wildcard <Directory> specifications work.  [Robert Thau]
-
-  *) Doesn't loop for buggy CGI on Solaris [Cliff Skolnick]
-
-  *) Symlink checks (FollowSymLinks off, or SymLinkIfOwnerMatch) always check
-     the file being requested itself, in addition to the directories leading
-     up to it. [Robert Thau]
-
-  *) Logs access failures due to symlink checks or invalid client address
-     in the error log [Roy Fielding, Robert Thau]
-
-  *) Symlink checks deal correctly with systems where lstat of
-     "/path/to/some/link/" follows the link.  [Thau, Fielding]
-
-  *) Doesn't reset DirectoryIndex to 'index.html' when
-     other directory options are set in a .htaccess file.  [Robert Thau]
-
-  *) Clarified init code and nuked bogus warning in mod_access.c
-     [Florent Guillaume]
-
-  *) Corrected several directives in sample srm.conf
-     --- includes corrections to directory indexing icon-related directives
-     (using unknown.gif rather than unknown.xbm as the DefaultIcon, doing
-     icons for encodings right, and turning on AddEncoding by default).
-     [Roy Fielding]
-
-  *) Corrected descriptions of args to AddIcon and AddAlt in command table
-     [James Cloos]
-
-  *) INSTALL & README mention "contributed modules" directory [Brian
-     Behlendorf]
-
-  *) Fixed English in the license language...  "for for" --> "for".
-     [Roy Fielding]
-
-  *) Fixed ScriptAlias/Alias interaction by moving ScriptAlias handling to
-     mod_alias.c, merging it almost completely with handling of Alias, and
-     adding a 'notes' field to the request_rec which allows the CGI module
-     to discover whether the Alias module has put this request through
-     ScriptAlias (which it needs to know for back-compatibility, as the old
-     NCSA code did not check Options ExecCGI in ScriptAlias directories).
-     [Robert Thau]
-
-Changes with Apache 0.8.10                                       18 Aug 1995
-
-  *) AllowOverride applies to the named directory, and not just
-     subdirectories.  [David Robinson]
-
-  *) Do locking for accept() exclusion (on systems that need it)
-     using a special file created for the purpose in /usr/tmp, and
-     not the error log; using the error log causes real problems
-     if it's NFS-mounted; this is known to be the cause of a whole
-     lot of "server hang" problems with Solaris.  [David Robinson;
-     thanks to Merten Schumann for help diagnosing the problem].
-
-Changes with Apache 0.8.9                                        12 Aug 1995
-
-  *) Compiles with -DMAXIMUM_DNS ---- ooops! [Henrik Mortensen]
-
-  *) Nested includes see environment variables of the including document,
-     for NCSA bug-compatibility (some sites have standard footer includes
-     which try to print out the last-modified date).  [Eric Hagberg/Robert
-     Thau]
-
-  *) <!--exec cgi="/some/uri/here"--> always treats the item named by the
-     URI as a CGI script, even if it would have been treated as something
-     else if requested directly, for NCSA back-compatibility.  (Note that
-     this means that people who know the name of the script can see the
-     code just by asking for it).  [Robert Thau]
-
-  *) New version of dbmmanage script included in support directory as
-     dbmmanage.new.
-
-  *) Check if scoreboard file couldn't be opened, and say so, rather
-     then going insane [David Robinson]
-
-  *) POST to CGI works on A/UX [Jim Jagielski]
-
-  *) AddIcon and AddAlt commands work properly [Rob Hartill]
-
-  *) NCSA server push works properly --- the Arena bug compatibility
-     workaround, which broke it, is gone (use -DARENA_BUG_WORKAROUND
-     if you still want the workaround).  [Rob Hartill]
-
-  *) If client didn't submit any Accept-encodings, ignore encodings in
-     content negotiation.  (NB this will all have to be reworked anyway
-     for the new HTTP draft).  [Florent Guillaume]
-
-  *) Don't dump core when trying to log timed-out requests [Jim Jagielski]
-
-  *) Really honor CacheNegotiatedDocs [Florent Guillaume]
-
-  *) Give Redirect priority over Alias, for NCSA bug compatibility
-     [David Robinson]
-
-  *) Correctly set PATH_TRANSLATED in all cases from <!--#exec cmd=""-->,
-     paralleling earlier bug fix for CGI [David Robinson]
-
-  *) If DBM auth is improperly configured, report a server error and don't
-     dump core.
-
-  *) Deleted FCNTL_SERIALIZED_ACCEPTS from conf.h entry for A/UX;
-     it seems to work well enough without it (even in a 10 hits/sec
-     workout), and the overhead for the locking under A/UX is
-     alarmingly high (though it is very low on other systems).
-     [Eric Hagberg, Jim Jagielski]
-
-  *) Fixed portability problems with mod_cookies.c [Cliff Skolnick]
-
-  *) Further de-Berklize mod_cookies.c; change the bogus #include.  [Brian
-     Behlendorf/Eric Hagberg]
-
-  *) More improvements to default Configuration for A/UX [Jim Jagielski]
-
-  *) Compiles clean on NEXT [Rob Hartill]
-
-  *) Compiles clean on SGI [Robert Thau]
-
-Changes with Apache 0.8.8                                        08 Aug 1995
-
-  *) SunOS library prototypes now never included unless explicitly
-     requested in the configuration (via -DSUNOS_LIB_PROTOTYPES);
-     people using GNU libc on SunOS are screwed by prototypes for the
-     standard library.
-
-     (Those who wish to compile clean with gcc -Wall on a standard
-     SunOS setup need the prototypes, and may obtain them using
-     -DSUNOS_LIB_PROTOTYPES.  Those wishing to use -Wall on a system
-     with nonstandard libraries are presumably competent to make their
-     own arrangements).
-
-  *) Strips trailing '/' characters off both args to the Alias command,
-     to make 'Alias /foo/ /bar/' work.
-
-Changes with Apache 0.8.7                                        03 Aug 1995
-
-  *) Don't hang when restarting with a child from 'TransferLog "|..."' running
-     [reported by David Robinson]
-
-  *) Compiles clean on OSF/1 [David Robinson]
-
-  *) Added some of the more recent significant changes (AddLanguage stuff,
-     experimental LogFormat support) to CHANGES file in distribution root
-     directory
-
-Changes with Apache 0.8.6                                        02 Aug 1995
-
-  *) Deleted Netscape reload workaround --- it's in violation of HTTP specs.
-     (If you actually wanted a conditional GET which bypassed the cache, you
-     couldn't get it). [Reported by Roy Fielding]
-
-  *) Properly terminate headers on '304 Not Modified' replies to conditional
-     GETs --- no browser we can find cares much, but the CERN proxy chokes.
-     [Reported by Cliff Skolnick; fix discovered independently by Rob Hartill]
-
-  *) httpd -v doesn't call itself "Shambhala".  [Reported by Chuck Murcko]
-
-  *) SunOS lib-function prototypes in conf.h conditionalized on __GNUC__,
-     not __SUNPRO_C (they're needed to quiet gcc -Wall, but acc chokes on 'em,
-     and older versions don't set the __SUNPRO_C preprocessor variable).  On
-     all other systems, these are never used anyway.  [Reported by Mark Cox].
-
-  *) Scoreboard file (/tmp/htstatus.*) no longer publically writable.
-
-Changes with Apache 0.8.5                                        01 Aug 1995
-
-  *) Added last-minute configurable log experiment, as optional module
-
-  *) Correctly set r->bytes_sent for HTTP/0.9 requests, so they get logged
-     properly.  (One-line fix to http_protocol.c).
-
-  *) Work around bogus behavior when reloading from Netscape.
-     It's Netscape's bug --- for some reason they expect a request with
-     If-modified-since: to not function as a conditional GET if it also
-     comes with Pragma: no-cache, which is way out of line with the HTTP
-     spec (according to Roy Fielding, the redactor).
-
-  *) Added parameter to set maximum number of server processes.
-
-  *) Added patches to make it work on A/UX.  A/UX is *weird*.  [Eric Hagberg,
-     Jim Jagielski]
-
-  *) IdentityCheck bugfix [Chuck Murcko].
-
-  *) Corrected cgi-src/Makefile entry for new imagemap script.  [Alexei Kosut]
-
-  *) More sample config file corrections; add extension to AddType for
-     *.asis, move AddType generic description to its proper place, and
-     fix miscellaneous typos. [ Alexei Kosut ]
-
-  *) Deleted the *other* reference to the regents from the Berkeley
-     legal disclaimer (everyplace).
-
-  *) Nuked Shambhala name from src/README; had already cleaned it out
-     of everywhere else.
-
-Changes with Apache 0.8.4
-
-  *) Changes to server-pool management parms --- renamed current
-     StartServers to MinSpareServers, created separate StartServers
-     parameter which means what it says, and renamed MaxServers to
-     MaxSpareServers (though the old name still works, for NCSA 1.4
-     back-compatibility).  The old names were generally regarded as
-     too confusing.  Also altered "docs" in sample config files.
-
-  *) More improvements to default config files ---
-     sample directives (commented out) for XBitHack, BindAddress,
-     CacheNegotiatedDocs, VirtualHost; decent set of AddLanguage
-     defaults, AddTypes for send-as-is and imagemap magic types, and
-     improvements to samples for DirectoryIndex [Alexei Kosut]
-
-  *) Yet more improvements to default config files --- changes to
-     Alexei's sample AddLanguage directives, and sample LanguagePriority
-     [ Florent Guillaume ]
-
-  *) Set config file locations properly if not set in httpd.conf
-     [ David Robinson ]
-
-  *) Don't escape URIs in internal redirects multiple times; don't
-     do that when translating PATH_INFO to PATH_TRANSLATED either.
-     [ David Robinson ]
-
-  *) Corrected spelling of "Required" in 401 error reports [Andrew Wilson]
-
-Changes with Apache 0.8.3
-
-  *) Edited distribution README to *briefly* summarize installation
-     procedures, and give a pointer to the INSTALL file in the src/
-     directory.
-
-  *) Upgraded imagemap script in cgi-bin to 1.8 version from more
-     recent NCSA distributions.
-
-  *) Bug fix to previous bug fix --- if .htaccess file and <Directory>
-     exist for the same directory, use both and don't segfault.  [Reported
-     by David Robinson]
-
-  *) Proper makefile dependencies [David Robinson]
-
-  *) Note (re)starts in error log --- reported by Rob Hartill.
-
-  *) Only call no2slash() after get_path_info() has been done, to
-     preserve multiple slashes in the PATH_INFO [NCSA compatibility,
-     reported by Andrew Wilson, though this one is probably a real bug]
-
-  *) Fixed mod_imap.c --- relative paths with base_uri referer don't
-     dump core when Referer is not supplied. [Randy Terbush]
-
-  *) Lightly edited sample config files to refer people to our documentation
-     instead of NCSA's, and to list Rob McCool as *original* author (also
-     deleted his old, and no doubt non-functional email address).  Would be
-     nice to have examples of new features...
-
-Changes with Apache 0.8.2                                        19 Jul 1995
-
-  *) Added AddLanuage code [Florent Guillaume]
-
-  *) Don't say "access forbidden" when a CGI script is not found.  [Mark Cox]
-
-  *) All sorts of problems when MultiViews finds a directory.  It would
-     be nice if mod_dir.c was robust enough to handle that, but for now,
-     just punt.  [reported by Brian Behlendorf]
-
-  *) Wait for all children on restart, to make sure that the old socket
-     is gone and we can reopen it.  [reported by Randy Terbush]
-
-  *) Imagemap module is enabled in default Configuration
-
-  *) RefererLog and UserAgentLog modules properly default the logfile
-     [Randy Terbush]
-
-  *) Mark Cox's mod_cookies added to the distribution as an optional
-     module (commented out in the default Configuration, and noted as
-     an experiment, along with mod_dld). [Mark Cox]
-
-  *) Compiles on ULTRIX (a continuing battle...). [Robert Thau]
-
-  *) Fixed nasty bug in SIGTERM handling [reported by Randy Terbush]
-
-  *) Changed "Shambhala" to "Apache" in API docs. [Robert Thau]
-
-  *) Added new, toothier legal disclaimer. [Robert Thau; copied from BSD
-     license]
-
-Changes with Apache 0.8.1
-
-  *) New imagemap module [Randy Terbush]
-
-  *) Replacement referer log module with NCSA-compatible RefererIgnore
-     [Matthew Gray again]
-
-  *) Don't mung directory listings with very long filenames.
-     [Florent Guillaume]
-
-Changes with Apache 0.8.0 (nee Shambhala 0.6.2)                  16 Jul 1995
-
-  *) New config script.  See INSTALL for info.  [Robert Thau]
-
-  *) Scoreboard mechanism for regulating the number of extant server
-     processes.  MaxServers and StartServers defaults are the same as
-     for NCSA, but the meanings are slightly different.  (Actually,
-     I should probably lower the MaxServers default to 10).
-
-     Before asking for a new connection, each server process checks
-     the number of other servers which are also waiting for a
-     connection.  If there are more than MaxServers, it quietly dies
-     off.  Conversely, every second, the root, or caretaker, process
-     looks to see how many servers are waiting for a new connection;
-     if there are fewer than StartServers, it starts a new one.  This
-     does not depend on the number of server processes already extant.
-     The accounting is arranged through a "scoreboard" file, named
-     /tmp/htstatus.*, on which each process has an independent file
-     descriptor (they need to seek without interference).
-
-     The end effect is that MaxServers is the maximum number of
-     servers on an *inactive* server machine, but more will be forked
-     off to handle unusually heavy loads (or unusually slow clients);
-     these will die off when they are no longer needed --- without
-     reverting to the overhead of full forking operation.  There is a
-     hard maximum of 150 server processes compiled in, largely to
-     avoid forking out of control and dragging the machine down.
-     (This is arguably too high).
-
-     In my server endurance tests, this mechanism did not appear to
-     impose any significant overhead, even after I forced it to put the
-     scoreboard file on a normal filesystem (which might have more
-     overhead than tmpfs).  [Robert Thau]
-
-  *) Set HTTP_FOO variables for SSI <!--#exec cmd-->s, not just CGI scripts.
-     [Cliff Skolnick]
-
-  *) Read .htaccess files even in directory with <Directory> section.
-     (Former incompatibility noted on mailing list, now fixed). [Robert
-     Thau]
-
-  *) "HEAD /" gives the client a "Bad Request" error message, rather
-     than trying to send no body *and* no headers.  [Cliff Skolnick].
-
-  *) Don't produce double error reports for some very obscure cases
-     mainly involving auth configuration (the "all modules decline to
-     handle" case which is a sure sign of a server bug in most cases,
-     but also happens when authentication is badly misconfigured).
-     [Robert Thau]
-
-  *) Moved FCNTL_SERIALIZED_ACCEPT defines into conf.h (that's what
-     it's *for*, and this sort of thing really shouldn't be cluttering
-     up the Makefile). [Robert Thau]
-
-  *) Incidental code cleanups in http_main.c --- stop dragging
-     sa_client around; just declare it where used.  [Robert Thau]
-
-  *) Another acc-related fix.  (It doesn't like const char
-     in some places...). [Mark Cox]
-
-Changes with Shambhala 0.6.1                                     13 Jul 1995
-
-  *) Fixed auth_name-related typos in http_core.c [Brian Behlendorf]
-     Also, fixed auth typo in http_protocol.c unmasked by this fix.
-
-  *) Compiles clean with acc on SunOS [Paul Sutton]
-
-  *) Reordered modules in modules.c so that Redirect takes priority
-     over ScriptAlias, for NCSA bug-compatibility [Rob Hartill] ---
-     believe it or not, he has an actual site with a ScriptAlias and
-     a Redirect declared for the *exact same directory*.  Even *my*
-     compatibility fetish wouldn't motivate me to fix this if the fix
-     required any effort, but it doesn't, so what the hey.
-
-  *) Fixed to properly default several server_rec fields for virtual
-     servers from the corresponding fields in the main server_rec.
-     [Cliff Skolnick --- 'port' was a particular irritant].
-
-  *) No longer kills off nph- child processes before they are
-     finished sending output. [Matthew Gray]
-
-Changes with Shambhala 0.6.0                                     10 Jul 1995
-
-  *) Two styles of timeout --- hard and soft.  soft_timeout()s just put
-     the connection to the client in an "aborted" state, but otherwise
-     allow whatever handlers are running to clean up.  hard_timeout()s
-     abort the request in progress completely; anything not tied to some
-     resource pool cleanup will leak.  They're still around because I
-     haven't yet come up with a more elegant way of handling
-     timeouts when talking to something that isn't the client.  The
-     default_handler and the dir_handler now use soft timeouts, largely
-     so I can test the feature.  [Robert Thau]
-
-  *) TransferLog "| my_postprocessor ..." seems to be there.  Note that
-     the case of log handlers dying prematurely is probably handled VERY
-     gracelessly at this point, and if the logger stops reading input,
-     the server will hang.  (It is known to correctly restart the
-     logging process on server restart; this is (should be!) going through
-     the same SIGTERM/pause/SIGKILL routine used to ding an errant CGI
-     script).  [Robert Thau]
-
-  *) asis files supported (new module).  [Robert Thau]
-
-  *) IdentityCheck code is compiled in, but has not been tested.  (I
-     don't know anyone who runs identd). [Robert Thau]
-
-  *) PATH_INFO and PATH_TRANSLATED are not set unless some real PATH_INFO
-     came in with the request, for NCSA bug-compatibility. [Robert Thau]
-
-  *) Don't leak the DIR * on HEAD request for a directory. [Robert Thau]
-
-  *) Deleted the block_alarms() stuff from dbm_auth; no longer necessary,
-     as timeouts are not in scope. [Robert Thau]
-
-  *) quoted-string args in config files now handled correctly (doesn't drop
-     the last character). [Robert Thau; reported by Randy Terbush]
-
-  *) Fixed silly typo in http_main.c which was suddenly fatal in HP-UX.
-     How the hell did it ever work? [Robert Thau; reported by Rob Hartill]
-
-  *) mod_core.c --- default_type returns DEFAULT_TYPE (the compile-time
-     default default type); the former default default behavior when all
-     type-checkers defaulted had been a core dump.  [Paul Sutton]
-
-  *) Copy filenames out of the struct dirent when indexing
-     directories.  (On Linux, readdir() returns a pointer to the same
-     memory area every time).  Fix is in mod_dir.c.  [Paul Sutton]
-
-Changes with Shambhala 0.5.3 [not released]
-
-  *) Default response handler notes "file not found" in the error log,
-     if the file was not found.  [Cliff Skolnick].
-
-  *) Another Cliff bug --- "GET /~user" now properly redirects (the userdir
-     code no longer sets up bogus PATH_INFO which fakes out the directory
-     handler). [Cliff Skolnick]
-
-Changes with Shambhala 0.5.2                                     06 Jul 1995
-
-  *) Changes to http_main.c --- root server no longer plays silly
-     games with SIGCHLD, and so now detects and replaces dying
-     children.  Child processes just die on SIGTERM, without taking
-     the whole process group with them.  Potential problem --- if any
-     child process refuses to die, we hang in restart.
-     MaxRequestsPerChild may still not work, but it certainly works
-     better than it did before this!  [Robert Thau]
-
-  *) mod_dir.c bug fixes: ReadmeName and HeaderName
-     work (or work better, at least); over-long description lines
-     properly terminated. [Mark Cox]
-
-  *) http_request.c now calls unescape_url() more places where it
-     should [Paul Sutton].
-
-  *) More directory handling bugs (reported by Cox)
-     Parent Directory link is now set correctly. [Robert Thau]
-
-Changes with Shambhala 0.5.1                                     04 Jul 1995
-
-  *) Generalized cleanup interface in alloc.c --- any function can be
-     registered with alloc.c as a cleanup for a resource pool;
-     tracking of files and file descriptors has been reimplemented in
-     terms of this interface, so I can give it some sort of a test.
-     [Robert Thau]
-
-  *) More changes in alloc.c --- new cleanup_for_exec() function,
-     which tracks down and closes all file descriptors which have been
-     registered with the alloc.c machinery before the server exec()s a
-     child process for CGI or <!--#exec-->.  CGI children now get
-     started with exactly three file descriptors open.  Hopefully,
-     this cures the problem Rob H. was having with overly persistent
-     CGI connections. [Robert Thau]
-
-  *) Mutual exclusion around the accept() in child_main() --- this is
-     required on at least SGI, Solaris and Linux, and is #ifdef'ed in
-     by default on those systems only (-DFCNTL_SERIALIZED_ACCEPT).
-     This uses fcntl(F_SETLK,...) on the error log descriptor because
-     flock() on that descriptor won't work on systems which have BSD
-     flock() semantics, including (I think) Linux 1.3 and Solaris.
-
-     This does work on SunOS (when the server is idle, only one
-     process in the pool is waiting on accept()); it *ought* to work
-     on the other systems. [Robert Thau]
-
-  *) FreeBSD and BSDI portability tweaks [Chuck Murcko]
-
-  *) sizeof(*sa_client) bugfix from [Rob Hartill]
-
-  *) pstrdup(..., NULL) returns NULL, [Randy Terbush]
-
-  *) block_alarms() to avoid leaking the DBM* in dbm auth (this should
-     be unnecessary if I go to the revised timeout-handling scheme).
-     [Robert Thau]
-
-  *) For NCSA bug-compatibility, set QUERY_STRING env var (to a null
-     string) even if none came in with the request.  [Robert Thau]
-
-  *) CHANGES file added to distribution ;-).
-
-Changes with Shambhala 0.4.5
-
-  *) mod_dld --- early dynamic loading support [rst]
-  *) Add wildcard content handlers for XBITHACK; default_hander now
-     invoked with that mechanism (as a handler hanging off mod_core) [rst]
-  *) XBITHACK supported as a wildcard content-handler, and 
-     configurable at run-time (not just at compile time, as in the
-     "patchy server" releases) [rst]
-
-Changes with Shambhala 0.4.4                                     30 Jun 1995
-
-  *) Fixed basic thinkos in mod_dbm_auth.c [rst, reported by Mark Cox]
-  *) Handle Addtype x/y .z [rst, reported by Cox]
-
-Changes with Shambhala 0.4.3
-
-  *) Fixed very dumb bug in mod_alias; "Alias" and "Redirect" are not
-     synonymous [rst, terbush]
-
-Changes with Shambhala 0.4.1                                     28 Jun 1995
-
-  *) First-cut virtual host implementation; some refit in the config
-     reading code, and log management, was necessary to support this [rst]
-  *) Sub-pool machinery, originally added to avoid excessive storage
-     allocation on listings of large directories (which turned out to
-     be the problem that the 0.3 storage accounting was added to
-     find).  Subrequests and mod_dir changed to use subpools.  [rst]
-  *) More memory debugging --- free list consistency checks. [rst]
-  *) Added err_headers to request_rec, with support elsewhere [rst]
-  *) Other fixes to minor bugs in mod_dir and mod_includes [rst, terbush]
-
-Changes with Shambhala 0.3                                       19 Jun 1995
-
-  *) Switch ONE_PROCESS to a runtime command-line option (-X)
-  *) Don't compile in mod_ai_backcompat by default
-  *) Switch name of server from Apache to Shambhala in Makefile
-  *) Add some accounting routines to track memory usage in the pools,
-     for debugging
-
-Changes with Shambhala 0.2
-
-  *) Set DOCUMENT_ROOT CGI variable
-  *) Add single-process debugging, as a compile-time option (ONE_PROCESS)
-  *) Add critical section protection to handling of cleanup structures 
-     in alloc.c [rst]
-  *) Significant code reorg within the server core to group related
-     functions together [rst]
-  *) Correctly handle clients that hang up before sending any request
-     [rst]
-  *) Replace dying child processes. [rst]
-
-Changes with Shambhala 0.1                                       12 Jun 1995
-
-   Major rewrite of the pre-existing "patchy server" codebase, by
-   Robert Thau (rst).  Significant portions of the server code, such
-   as configuration-file handling and HTTP authentication support,
-   were ripped out and rewritten from scratch.  Code that was not
-   completely rewritten was significantly altered.
-
-   Major changes with this release include:
-
-   *) Introduction of the module API; in request handling, the central 
-      machinery just dispatches to various modules, which actually do
-      most of the work.  Configuration handling is similar --- modules
-      declare their own commands, and the central machinery just
-      dispatches to them.  
-
-      API features from shambhala/0.1 were substantially unchanged in
-      Apache 1.0 and 1.1.  (1.0 API features not yet present in this
-      release, such as wildcard handlers and subpools, were added in
-      subsequent Shambhala releases, and were also generally rst's
-      work). 
-
-   *) This release included the following modules:
-
-      mod_access      (access control --- allow and deny directives),
-      mod_alias       (Alias and Redirect commands),
-      mod_auth        (straight HTTP authentication, based on flat-files)
-      mod_auth_dbm    (same, with dbm files)
-      mod_cgi         (CGI scripts and, in this release, ScriptAlias)
-      mod_common_log  (CLF access logs; later renamed mod_log_common)
-      mod_dir         (directory indexing)
-      mod_include     (server-side includes)
-      mod_mime        (AddType directives)
-      mod_negotiation (content negotiation)
-      mod_userdir     (support for users' public_html directories)
-
-      It also included a mod_ai_backcompat, which was a private hack
-      for back-compatibility with rst's own AI-lab servers.
-
-      All of these modules were substantially complete, and functional 
-      or nearly so (a few, which implemented features not in use at
-      Thau's site, required patches of a few lines).
-
-   *) sub-request machinery, to allow modules to determine how other
-      modules would assign MIME types to a given file, or optionally
-      serve its content (this is heavily used by mod_dir, mod_include
-      and mod_negotiation).
-
-   *) Resource pool system for keeping track of memory allocated and
-      files opened in service of a particular request.  Much of the
-      code in the modules (when they weren't rewrites) was adjusted to 
-      replace a pervasive convention of using fixed-size buffers on
-      the stack with an equally pervasive convention of using memory
-      allocated with palloc().
-
-   *) Reorganization of data structures associated with a given
-      request to eliminate use of global variables and the troublesome 
-      unmunge_name function (used in NCSA and early Apache releases to 
-      attempt to determine the URI which mapped to a given filename
-      --- a difficult proposition, given that it is easy to produce
-      setups in which multiple URIs map to the same file).
-
-   *) Source files renamed and rearranged
-
-   *) Very simple pre-forking behavior --- parent process forked off a 
-      fixed number of children, and then just waited for SIGHUP.
-
-   *) Other more minor changes too numerous to list.
-
-   This release included modified versions of a lot of code from the
-   Apache 0.6.4 public release, plus an early pre-forking patch
-   codeveloped by Robert Thau and Rob Hartill.
-
-Changes with Apache 0.7.3                                        20 Jun 1995
-
-   *) There were a bunch of changes between Apache 0.6.4 and 0.7.3 that
-      were incorporated by Rob Hartill on the main branch while Robert Thau
-      worked on the Shambhala rewrite above.  Most were merged into the
-      Shambala architecture after Apache 0.8.0.
-
-Changes with Apache 0.6.4                                        13 May 1995
-
-   *) Patches by Rob Hartill, Cliff Skolnick, Randy Terbush, Robert Thau,
-      and others.
-
-Changes with Apache 0.5.1                                        10 Apr 1995
-
-Changes with Apache 0.4                                          02 Apr 1995
-
-  *) Patches by Brian Behlendorf, Andrew Wilson, Robert Thau,
-     and Rob Hartill.
-
-Changes with Apache 0.3                                          24 Mar 1995
-
-  *) Patches by Robert Thau, David Robinson, Rob Hartill, and
-     Carlos Varela.
-
-Changes with Apache 0.2                                          18 Mar 1995
-
-  *) Based on NCSA httpd 1.3 by Rob McCool and patches by CERT,
-     Roy Fielding, Robert Thau, Nicolas Pioch, David Robinson,
-     Brian Behlendorf, Rob Hartill, and Cliff Skolnick.
diff --git a/usr.sbin/httpd/src/CHANGES.SSL b/usr.sbin/httpd/src/CHANGES.SSL
deleted file mode 100644
index 5581857f709..00000000000
--- a/usr.sbin/httpd/src/CHANGES.SSL
+++ /dev/null
@@ -1,3878 +0,0 @@
-                       _             _ 
-   _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-  | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-  | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-  |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-                       |_____|         
-  _____________________________________________________________________________
-
-                               ``The difference between a career 
-                                 and a job is about 20 hours a week.''
-  CHANGES
-
-  This file summarizes *all* types of changes to the mod_ssl package, i.e.
-  changes between each betalevel and patchlevel,  i.e. changes between
-  2.x.y->2.x.(y+1) and 2.x.y->2.(x+1).0.  Take this list as a reference for
-  concrete and detailed information about every single change.  There are
-  _INTENTIONALLY_ no contributor names attached to the entries. Instead all
-  contributors are listed in the CREDITS file.
-
-      ____    ___  
-     |___ \  ( _ ) 
-       __) | / _ \ 
-      / __/ | (_) |
-  __ |_____(_)___/ ___________________________________________
-              
-  Changes with mod_ssl 2.8.16 (18-Jul-2003 to 01-Nov-2003)
-
-   *) Upgraded to Apache 1.3.29
-
-   *) Avoid memory corruption in certificate handling caused by a heap
-      memory double-freeing situation.
-
-   *) Allow "HTTPS" variable to be passed through by suEXEC.
-
-   *) Clear the OpenSSL error code in pass phrase reading code to
-      workaround the following situation: multiple keys, all with
-      different passphrases -- entering the correct pass phrase at each
-      prompt leads to an OpenSSL error message after the last prompt.
-
-   *) Reverted the recent change where ap_cleanup_for_exec() called
-      ap_kill_alloc_shared(). This caused nasty side-effects in other
-      processes and is not necessary at all (because shared memory
-      segments are not inherited across exec).
-   
-   *) mod_ssl was checking the OpenSSL error reason code against
-      SSL_R_HTTP_REQUEST and concluded the result is an SSL error. Since
-      OpenSSL reason codes are not unique, this isn't always the case.
-      It now additionally checks that the library is the SSL library.
-
-  Changes with mod_ssl 2.8.15 (21-Mar-2003 to 18-Jul-2003)
-
-   *) Upgraded to Apache 1.3.28
-
-   *) Take over security fix from Apache 2.0 related
-      to per-directory renogotiations.
-
-  Changes with mod_ssl 2.8.14 (18-Mar-2003 to 21-Mar-2003)
-
-   *) Fixed logic in the destruction of a temporary certificate
-      structure and this way avoid a crash due to freeing NULL object.
-
-   *) Removed one newly introduced X509_free() call in the context of
-      SSL_get_certificate(), because this function does not increment a
-      reference count (although SSL_get_peer_certificate() does).
-
-   *) Fixed hash-table based shared memory session cache (shmht)
-      implementation by making sure that the underlying hash table
-      library does not crash if memory cannot be allocated.
-
-  Changes with mod_ssl 2.8.13 (23-Oct-2002 to 18-Mar-2003)
-
-   *) Always enforce RSA blinding on RSA private keys in order to be
-      resistent to timing attacks.
-
-   *) Added timeout also to the "pre-sucking" of the trailing data in
-      POST request handling.
-
-   *) Correctly shutdown shared memory pools on fork+exec situations.
-
-   *) Bugfix SSL client certificate verification: OpenSSL was not
-      informed with SSL_set_verify_result(ssl, X509_V_OK) in case
-      mod_ssl forced the verification to be ok.
-
-   *) Consistently use OPENSSL_free() instead of plain free() to
-      deallocate memory chunks allocated inside OpenSSL.
-
-   *) Fixed various memory leaks related to X509 certificates.
-
-  Changes with mod_ssl 2.8.12 (04-Oct-2002 to 23-Oct-2002)
-
-   *) Fixed potential Cross-Site-Scripting bug.
-
-   *) Allow also 8192 bytes of shared memory data size.
-
-  Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002)
-   
-   *) Upgraded to Apache 1.3.27.
-
-   *) Fixed internal error handling for CRL verification.
-
-   *) Initialize OpenSSL ENGINE before initializing OpenSSL
-      to workaround problems with the PRNG.
-
-   *) Also find "openssl" executable in "sbin" directories.
-
-   *) Honor specified number of maximum bytes on SSLRandomSeed
-      if reading from EGD.
-
-   *) Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables.
-
-  Changes with mod_ssl 2.8.10 (19-Jun-2002 to 24-Jun-2002)
-
-   *) Fixed off-by-one buffer overflow bug in the compatibility
-      functionality (mapping of old directives to new ones).
-
-   *) Fixed memory leak in processing of CA certificates.
-  
-   *) In case there is actually a certificate chain in the session cache, 
-      we now use the value of SSL_get_peer_certificate(ssl) to verify as
-      it will have been removed from the chain before it was put in the
-      cache.
-
-   *) Seed the PRNG with a maximum of 1K from the internal scoreboard.
-
-  Changes with mod_ssl 2.8.9 (27-Mar-2002 to 19-Jun-2002)
-
-   *) Upgraded to Apache 1.3.26.
-
-   *) Support for OpenSSL 0.9.7.
-
-   *) Open random files in binary mode under Win32 to not
-      stop on EOS characters.
-
-   *) Additional internal consistency check on vhost sanity checking
-      in case no DNS entries are found for virtual hosts.
-
-   *) Fixed detection of a faked "Faked Basic Auth" situation for
-      internal redirection situations.
-
-  Changes with mod_ssl 2.8.8 (23-Feb-2002 to 27-Mar-2002)
-
-   *) Upgraded to Apache 1.3.24
-
-   *) Support leading whitespaces in commands of SSLLog "|..."
-      directives.
-
-   *) Fixed timeout handling on connection establishment
-      by correctly resetting the timeout on errors.
-
-   *) Fixed two memory leaks related to CA certificate configuration.
-
-   *) Fixed memory leak related to temporary DH key handling.
-
-   *) Fixed memory leak on shutdown if CRLs are used.
-
-   *) Fixed remaining SIGBUS problems on SPARC inside SHMCB session
-      cache implementation.
-
-  Changes with mod_ssl 2.8.7 (01-Feb-2002 to 23-Feb-2002)
-
-   *) Support for the latest OpenSSL 0.9.7 snapshots.
-
-   *) Fixed potential buffer overflow in DBM and SHMHT session
-      cache if very very large certificate chains are used. 
-
-   *) Compliance with POSIX 1003.1-2001 (SUSv3) by replacing obsolete
-      "head -1" and "tail -1" constructs with sed variants in scripts.
-
-   *) Fixed file descriptor leakage under Win32.
-
-  Changes with mod_ssl 2.8.6 (16-Oct-2001 to 01-Feb-2002)
-
-   *) Upgraded to Apache 1.3.23
-
-   *) Fixed a subtle indexing bug in SHMCB. Each sub-cache used an
-      indexing structure that (correctly) used index values (and ranges)
-      as "unsigned int", but the meta-structure in the header had these
-      ranged as "unsigned char".
-
-   *) Perform the SHMCB remove operation under mutual exclusion
-      to prevent a inter-process synchronization problem.
-
-   *) Made sure that mod_ssl does not segfault in case of
-      SCOREBOARD_SIZE < 1024.
-
-   *) Merged in the SDBM patch from Uwe Ohse which fixes a problem with
-      sdbms .dir file, which arrises when a second .dir block is needed
-      for the first time. read() returns 0 in that case, and the library
-      forgot to initialize that new block. A related problem is that the
-      calculation of db->maxbno is wrong. It just appends 4096*BYTESIZ
-      bits, which is not enough except for small databases (.dir
-      basically doubles everytime it's too small).
-
-  Changes with mod_ssl 2.8.5 (20-May-2001 to 16-Oct-2001)
-
-   *) Upgraded to Apache 1.3.22
-
-   *) Fixed check whether server certificate wildcard CommonName (CN)
-      matches the configured server name.
-
-   *) Use correct ANSI C prototypes also in (semi-automatically
-      generated) ssl_engine_dh.c
-
-   *) Fixed buffer overflow in ssl_expr_eval_func_file().
-
-  Changes with mod_ssl 2.8.4 (04-May-2001 to 20-May-2001)
-
-   *) Removed old db1/ndbm.h kludge from mod_ssl.h, because it should be
-      not needed at all, because mod_ssl downgrades to SDBM anyway on all
-      Linux platforms. Additionally made the Linux check more accurate
-      by using src/Configure's $PLAT variable instead of $OS.
-
-   *) Upgraded to Apache 1.3.20
-
-   *) +------------------------------------------------------------------+
-      | Officially moved mod_ssl to Apache 2.0:                          |
-      | The mod_ssl 2.8.x source tree is now frozen for development      |
-      | and will only be updated for bugfixes and Apache 1.3.x version   |
-      | upgrades. The last release (2.8.3) was imported to the ASF CVS   |
-      | repository under httpd-2.0/modules/ssl/. All development efforts |
-      | are now directed to the Apache 2.0 area. Nevertheless, mod_ssl   |
-      | 2.8.x releases will occur as long as Apache 1.3.x releases occur.|
-      +------------------------------------------------------------------+
-
-  Changes with mod_ssl 2.8.3 (30-Mar-2001 to 04-May-2001)
-
-   *) Allow loadcacert.cgi script to work inside mod_perl.
-
-   *) Fixed typo in the directive descriptions in mod_ssl.c
-
-   *) Fixed EAPI context usage in http_request.c: a context pointer
-      potentially can be NULL requests and can cause a segfault if
-      dereferenced.
-
-   *) Fixed ENGINE support: the engine support is are now already
-      loaded at configure time. Else mod_ssl fails to find them.
-
-   *) Fixed typo in httpd.conf-dist.
-
-  Changes with mod_ssl 2.8.2 (03-Mar-2001 to 30-Mar-2001)
-
-   *) Moved the Shared Memory Cyclic Buffer (SHMCB) session cache
-      variant from "experimental" state to "production" by removing the
-      `#ifdef SSL_EXPERIMENTAL_SHMCB ...#endif' wrappers. This means
-      that now `SSLSessionCache shmcb:...' is unconditionally available.
-
-   *) Modified (only) Win32's specific function SSL_recvwithtimeout()
-      to use the same retry logic as SSL_writewithtimeout(). This
-      fixes some problems with MSIE 5.x clients.
-
-   *) Made the mutex handling more robust by retrying the
-      semaphore-based operations in interrupt situations 
-      (errno == EINTR).
-
-   *) Also log the OpenSSL error message if the RSA temporary
-      key(s) cannot be generated.
-
-   *) Mention in INSTALL document that building OpenSSL with
-      `no-threads' increased performance without negative side-effects
-      because Apache 1.3 is never multi-threaded.
-
-   *) Fixed mod_ssl Auth handler: it now returns DECLINED instead of
-      OK if authentication is passed successfully to allow other modules
-      (usually mod_auth) to still deny the request.
-
-   *) Allow IPC semaphore support also under Tru64 5.x.
-
-   *) Fixed certificate DN handling under EBCDIC platforms.
-
-   *) Try to avoid casting warnings by using "unsigned long" type
-      instead of "unsigned int" in the EAPI macros AP_CTX_XXXX.
-
-   *) Make sure that the default path /usr/include is never added to
-      CFLAGS with an explicit -I options to avoid conflicts with vendor
-      include paths.
-
-   *) Make extra sure the ssl_expr_parse.[ch] and ssl_expr_scan.c
-      files are not regenerated for regular users by timestamping
-      them in a little bit more conservative way.
-
-   *) More fixes to configure.bat and Makefile.win32 to
-      make mod_ssl work again under Win32.
-
-  Changes with mod_ssl 2.8.1 (30-Jan-2001 to 03-Mar-2001)
-
-   *) Conditionally adjusted source to build quietly also under
-      latest OpenSSL 0.9.7-dev versions.
-
-   *) Added a bunch of (untested!) adjustments and fixes for 
-      the Win32 platform as posted to modssl-users some time
-      ago by various people.
-
-   *) Fixed SSLCipherSuite example in httpd.conf-dist: 
-      The string EXP56 is actually EXPORT56, although OpenSSL
-      internally the variable is named SSL_TXT_EXP56.
-
-   *) Upgraded to Apache 1.3.19 as base version.
-
-   *) Extended FAQ entry for MSIE problems.
-
-   *) Added FAQ entry for questions "Why do I get lots of random SSL
-      errors under heavy load?"
-
-  Changes with mod_ssl 2.8.0 (14-Oct-2000 to 30-Jan-2001)
-   
-   *) Upgraded to Apache 1.3.17 as base version.
-   
-   *) Changed ApacheModuleSSL.dll to mod_ssl.so in Makefile.Win32 to
-      make mod_ssl not too broken after Apache 1.3.16's Win32 changes.
-
-   *) Enhanced ApacheCore.def patch for Win32 folks.
-
-   *) Upgraded to Apache 1.3.16 as base version.
-    
-   *) Fixed ssl_intro.wml: DES uses 56 bit, not 54 bit.
-
-   *) Allow %{ENV:variable} in SSLRequire expressions, too.
-
-   *) Fixed version parsing for APXS stuff in configure.
-
-   *) Fixed Geoff Thorpe's Email addresses in various places.
-
-   *) Fixed typo in INSTALL document.
-
-   *) Make sure the user is not able to fake the client certificate
-      based authentication by just entering an X.509 Subject DN
-      ("/XX=YYY/XX=YYY/..") as the username and "password" as the
-      password if "SSLVerifyClient optional" is used in combination
-      with "SSLOptions +FakeBasicAuth".
-
-   *) Fixed URLs in FAQ.
-
-   *) Various fixes for the Win32 world:
-      reflect renaming of "makefile.nt" to "makefile.win"; scache
-      reorganisation adjustments; etc.
-
-      ____   _____ 
-     |___ \ |___  |
-       __) |   / / 
-      / __/ _ / /  
-  __ |_____(_)_/______________________________________________
-              
-  Changes with mod_ssl 2.7.1 (13-Oct-2000 to 14-Oct-2000)
-
-   *) Fixed the parsing of SSLSessionCache directives. The prefixes were
-      incorrectly skipped and leaded to "unable to open semaphore file"
-      errors.
-
-  Changes with mod_ssl 2.7.0 (12-Aug-2000 to 13-Oct-2000)
-
-   *) Upgraded to Apache 1.3.14 as base version.
-
-   *) Added new Cyclic Buffer based Shared Memory Session Cache
-      as ssl_scache_shmcb.c. This was contributed by Geoff Thorpe
-      <geoff@geoffthorpe.net> and is derived from the "c2shm" variant
-      used in Stronghold V3. It uses a fixed size cyclic buffer placed
-      over a shared memory segment for storing SSL session ids. This
-      way it is even more efficient and faster than the old hash table
-      based shared memory cache (ssl_scache_shmht.c). It can be used
-      by building mod_ssl with --enable-rule=SSL_EXPERIMENTAL and then
-      using "SSLSessionCache shmcb:<path-to-temp-file>(<bytes>)".
-
-   *) Cleaned up and restructured the session cache implementation.
-      ssl_engine_scache.c was split into ssl_scache.c (the abstraction
-      layer), ssl_scache_dbm.c (the DBM-based implementation) and
-      ssl_scache_shmht.c (the shared memory based implementation which
-      uses a hash table).
-
-   *) Added experimental support for the ENGINE branch of OpenSSL 0.9.6.
-      A new SSLCryptoDevice configuration directive is available if the
-      OpenSSL-ENGINE 0.9.6 package and --enable-rule=SSL_EXPERIMENTAL
-      is used. The default is "SSLCryptoDevice builtin". To enable
-      to use of a crypto device use "SSLCryptoDevice <name>",
-      where <name> is its ID as used with the OpenSSL command line
-      option "-engine <name>". 
-
-   *) Completely removed RSAref support to make sure US residents no
-      longer try to use this ancient piece of restricted/buggy code.
-
-   *) mod_ssl failed to start if two certificate keys are encrypted 
-      with different pass phrases and SSLProxyVerify was specified.  
-
-      ____    __   
-     |___ \  / /_  
-       __) || '_ \ 
-      / __/ | (_) |
-  __ |_____(_)___/____________________________________________
-
-  Changes with mod_ssl 2.6.6 (04-Jul-2000 to 12-Aug-2000)
-
-   *) Fixed experimental HTTPS proxy code: A segfault was
-      produced by an incorrect logging command.
-
-   *) Fixed server restarts: Under non-DSO run-time situation, the 
-      OpenSSL library was shutdown (and never re-initialized) and this 
-      way caused segfaults on server restarts. This affected only 
-      installations where mod_ssl+OpenSSL were built as a static module
-      instead of a DSO. This nasty bug was unfortunately introduced in
-      2.6.5 as a side-effect of an (otherwise correct) memory leak bugfix.
-   
-   *) Upgraded both the user manual sources and the website
-      www.modssl.org from WML 1.6 to WML 2.0 format.
-
-   *) Various typo fixes in user manual.
-
-   *) Typo fix in INSTALL document related to RSAref.
-
-  Changes with mod_ssl 2.6.5 (01-May-2000 to 04-Jul-2000)
-
-   *) Removed more memory leaks by freeing even more stuff
-      from the OpenSSL toolkit on module shutdown.
-
-   *) Added missing TLSv1, EXP40 and EXP56 keywords to
-      ssl_reference's documentation of SSLCipherSuite.
-
-   *) Updated INSTALL document for MM 1.1.x.
-
-   *) Added hints about MSIE workarounds (-SSLv3, !EXP56, etc.)
-      to the FAQ entry about MSIE errors.
-
-   *) Added !EXP56 to pre-configured SSLCipherSuite in order to avoid
-      MSIE5.x problems in advance.
-
-   *) Fixed typos in INSTALL: sbin -> bin for apachectl.
-
-   *) mod_ssl's configure script now touches also ssl_expr_scan.l and
-      ssl_expr_parse.y when applying the sources corrupted timestamps do
-      not trigger the lex/yacc Makefile rules (which are intended for
-      developer use only).
-
-   *) Allow spaces in ServerRoot and SSLPassPhraseDialog arguments
-      which is especially important for the Win32 environment.
-
-   *) Fixed syntax errors in ssl_howto.wml: "Deny all" -> "Deny from all"
-
-   *) Be aware of extended SERVER_BASEVERSION strings in configure.
-
-   *) Removed a left-over ssl_scache_expire() call in ssl_scache_init()
-      which made the life of vendors complicated.
-
-   *) Allow more fine-tuned overriding of ap_server_root_relative calls
-      by providing the context of the call.
-
-  Changes with mod_ssl 2.6.4 (16-Apr-2000 to 01-May-2000)
-
-   *) Fixed Win32 build by adding gdi32.lib to the libraries
-      and an additional include for <winsock2.h>.
-
-   *) Added Equifax Secure CA certificates to ca-bundle.crt.
-
-   *) Let the pass phrase dialog force the prompt to occur only once
-      (no verification step), because mod_ssl uses the dialog only for
-      pass phrases which are required for reading private keys. This as a
-      side-effect should fix a problem under Win32 where a second prompt
-      occured for unknown reasons.
-
-   *) Added more compatibility to Stronghold v2's SSL_SessionCache.
-   
-   *) Added two more EAPI hools under SSL_VENDOR: one for overriding
-      ap_server_root_relative calls and one for hooking into the server
-      configuration step.
-
-   *) Fixed SSL display for mod_status in `short report' situation.
-
-   *) Made the SSL_EXPERIMENTAL stuff more flexible by checking
-      for particular subset SSL_EXPERIMENTAL_xxxx defines and let
-      SSL_EXPERIMENTAL define all those per default. This reduces the
-      amount of patching vendors have to do in order to just enable a
-      subset of the experimental code.
-
-   *) Added hint to INSTALL document about port specifiers in test URLs
-      (`:8080' and `:8443') if the installation is done under a non-root
-      user.
-
-   *) Fixed Win32's configure.bat: the check for OpenSSL
-      header and libraries is now extended.
-
-   *) Fixed --with-apxs under Solaris where libssl.module
-      has to know $CC in order to enable the libgcc.a workaround.
-
-   *) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy
-      support (ssl_engine_ext.c/mod_proxy) under _NOT_ SSL_EXPERIMENTAL.
-
-  Changes with mod_ssl 2.6.3 (02-Mar-2000 to 16-Apr-2000)
-
-   *) Moved the session cache expire time calculation and handling in
-      ssl_engine_scache.c down to the particular cache-type dependent
-      expire functions to allow a custom vendor supplied cache to perform
-      its own expire handling.
-
-   *) The sub-shells from libssl.module are now called with an
-      explicitly determined Bourne Shell (instead of the implicit she-bang
-      line). This both avoids problems on brain-dead platforms where
-      /bin/sh is broken (Ultrix, etc.) and workarounds a CVS problem in
-      OpenBSD where on read-only checkouts the x-bits sometimes get lost.
-
-   *) Do a slightly better initialization of the random file
-      in src/support/mkcert.sh if $HOME/.rnd doesn't exist.
-
-   *) Be aware of OpenSSL 0.9.5's X509_V_ERR_CERT_UNTRUSTED error.
-
-   *) Cleaned up and optimized ssl_engine_vars.c by kicking out the old
-      static cipher table and calculating the cipher bits dynamically. This
-      avoids lots of string comparisons, reduces further maintainance costs
-      and makes the code smaller.
-
-   *) Cleaned up pkg.contrib/truerand.c: volatile variables,
-      correct function return types, etc.
-
-   *) Fix HTTPS proxy support: if SSLProxyVerify is Off, we don't need
-      to log any errors if the certification fails. Additionally we now
-      don't free the proxy context after a connection, because we will need
-      it for the next proxy connection we make.
-
-   *) Activate `SSLMutex sem' also on HPUX.
-
-   *) Allow libssl.module to handle CFLAGS="cc -flags".
-
-   *) Fixed typo in ssl_intro.wml: "message" was written twice
-
-   *) Added two eval casts for ap_md5() calls.
-
-   *) Fixed typo in ssl_faq.wml: SSLRandSeed -> SSLRandomSeed.
-
-   *) Add final messages also under "configure --with-eapi-only" which
-      give a hint to proceed with --enable-module=so --enable-rule=EAPI in
-      the Apache source tree.
-
-  Changes with mod_ssl 2.6.2 (29-Feb-2000 to 02-Mar-2000)
-
-   *) Updated the conf/ssl.crt/ca-bundle.crt file (containing the CA
-      Root Certificates of over 60 popular CAs) to the contents extracted
-      from Netscape Communicator 4.72's cert7.db file.
-
-   *) Fixed compilation of the new HTTPS proxy code (SSL_EXPERIMENTAL):
-      The SSL_VENDOR was required without need if SSL_EXPERIMENTAL was
-      enabled. This is now fixed and only SSL_EXPERIMENTAL is requied again
-      for the new HTTPS proxy stuff.
-
-   *) Added an FAQ entry about the "less entropy for the PRNG"
-      problem which now becomes "popular" ;) with OpenSSL 0.9.5.
-
-   *) Fixed conf/ssl.crl/Makefile: the files which have to be
-      checked for existance are named foo.rNNN and not just foo.NNN
-
-   *) Fixed a typo related to a RAND_status call in ssl_engine_rand.c
-      which was introduced in 2.6.1 and which caused mod_ssl fail to
-      compile if OpenSSL >= 0.9.5 was used [Sorry, my gcc hasn't caught
-      this typo :-(...]
-
-   *) Added also some random files which exists under Mach/Rhapshody
-      platforms to the list of files in src/support/mkcert.sh to make
-      sure enough entropy is available on these platforms under "make
-      certificate" with OpenSSL 0.9.5
-
-   *) Enhanced SSLRequire (SH2) -> SSLRequireSSL (mod_ssl)
-      directive compatibility mapping.
-
-  Changes with mod_ssl 2.6.1 (25-Feb-2000 to 29-Feb-2000)
-
-   *) Added support for OpenSSL 0.9.5's RAND_egd() which is now used
-      to read entropy from the EGD Unix domain socket if `SSLRandSeed
-      egd:/path/to/socket' is configured. 
-
-   *) Extended builtin PRNG seeding with a run-time stack based source.
-      This way the builtin source now creates more entropy and usually
-      enough to make OpenSSL >= 0.9.5 happy again. If OpenSSL is still not
-      happy (i.e. still not sufficient entropy exists), a warning message
-      is logged by mod_ssl now.
-
-   *) Fixed Tanenbaum's name on the quote in ssl_intro.wml
-
-   *) Updated Thawte's sxnet stuff for latest OpenSSL.
-
-   *) Allow mod_ssl to compile also under Win32 & VC++ 6.0
-   
-   *) Fix OS/2 support and this way make mod_ssl again work
-      also under this platform.
-
-  Changes with mod_ssl 2.6.0 (24-Feb-2000 to 25-Feb-2000)
-
-   *) Merged in enhanced HTTPS Proxy Support which is derived from
-      Stronghold 2.x and was originally contributed by C2Net over one
-      year ago. This is still _EXPERIMENTAL_ stuff, so it is entirely
-      wrapped with SSL_EXPERIMENTAL sections and has to be abled under
-      built-time with --enable-rule=SSL_EXPERIMENTAL. Then the following
-      new configuration directives are provided to fine-tune the HTTPS
-      proxy support:
-
-          o  SSLProxyProtocol [+-][SSLv2|SSLv3|TLSv1] ...
-             (enable or disable SSL protocol flavors)
-          o  SSLProxyCipherSuite XXX:...:XXX
-             (colon-delimited list of permitted SSL ciphers)
-          o  SSLProxyVerify on|off
-             (whether to verify the remote certificate)
-          o  SSLProxyVerifyDepth N
-             (maximum certificate verification depth)
-          o  SSLProxyCACertificateFile /path/to/file
-             (file containing server certificates)
-          o  SSLProxyCACertificatePath /path/to/dir
-             (directory containing server certificates)
-          o  SSLProxyMachineCertificateFile /path/to/file
-             (file containing client certificates)
-          o  SSLProxyMachineCertificatePath /path/to/dir
-             (directory containing client certificates)
-
-      This stuff is declared experimental, because it was still _NOT_
-      tested in depth and is still _UNDOCUMENTED_. So keep in mind what
-      SSL_EXPERIMENTAL means and use this with care!
-
-   *) Extended the EAPI patches to mod_proxy to allow the new
-      HTTPS proxy support to be merged in.
-
-   *) Fixed ssl_io_suck() prototype scope in mod_ssl.h by changing
-      the old #ifdef SSL_EXPERIMENTAL to the now correct #ifndef
-      SSL_CONSERVATIVE.
-
-   *) Added "cons" and "nocons" development target to
-      src/modules/ssl/Makefile.tmpl.
-
-   *) Upgraded to Apache version 1.3.12.
-
-
-      ____    ____  
-     |___ \  | ___| 
-       __) | |___ \ 
-      / __/ _ ___) |
-  __ |_____(_)____/___________________________________________
-               
-  Changes with mod_ssl 2.5.1 (22-Jan-2000 to 24-Feb-2000)
-
-   *) Made sure OpenSSL's Pseudo Random Number Generator (PRNG) is
-      seeded already before the temporary RSA keys are generated.
-
-   *) Fixed possible security hole in mkcert.sh script (make
-      certificate) by making sure we already generate the foo.key files
-      with proper umask instead of chmod them later (and this way
-      perhaps too late).
-
-   *) Fixed memory leak caused by not-freed SSL_CTX in the HTTPS proxy
-      support (ssl_engine_ext.c/mod_proxy).
-
-   *) Fixed quotation author in ssl_glossary.html: it's Richard Nixon,
-      as Lukas Bradley pointed out.
-
-   *) Use "/usr/local/ssl" as the default for $SSL_BASE only if this
-      path really exists. Else use "SYSTEM" and this way be more
-      flexible. This is especially interesting for RedHat/RPM users
-      where OpenSSL stays often directly under /usr.
-
-   *) Make sure libssl.module also detects OpenSSL correctly
-      if OpenSSL was built as shared libraries (.so)
-   
-   *) Let configure script more accurately check for -h, -v and
-      -q options on command line.
-
-   *) Make `SSLSessionCache none' really work as expected.
-
-   *) Added support for the latest OpenSSL snapshot (>= version 0.9.4).
-
-   *) Removed the removal of "#ifdef lint.. #endif" lines from
-      src/modules/ssl/Makefile.tmpl to make the life of the 
-      OpenBSD guys easier in the future.
-
-   *) Removed Unix Bourne-Shell construct "2>&1" from Win32's
-      configure.bat script because Win32 hates this.
-   
-   *) Fixed ApacheCore.def for Win32: Some numbers occured 
-      multiple times.
-
-  Changes with mod_ssl 2.5.0 (08-Jan-2000 to 22-Jan-2000)
-
-   *) Switched the old "POST for HTTPS" support code from
-      defined(SSL_EXPERIMENTAL) to !defined(SSL_CONSERVATIVE), because this
-      code is both already stable (even it's not a conservative approach) and
-      important. This way POST support is now available per default, but still
-      can be disabled/removed by very conservative people with an easy
-      --enable-rule=SSL_CONSERVATIVE.
-
-   *) Added SSL_CONSERVATIVE rule to src/Configuration.tmpl which
-      complements SSL_EXPERIMENTAL. Both rules are per default set
-      to "no", i.e. disabled. But while SSL_EXPERIMENTAL still enables
-      experimental code, enables SSL_CONSERVATIVE conservative code.  That is,
-      actually per default some non-conservative things might be enabled which
-      can be _disabled_ by forcing mod_ssl to use only conservative
-      approaches.
-
-   *) Added entry about "no shared ciphers" to FAQ.
-
-   *) Upgraded to the new Apache version: 1.3.11 (BTW, Apache 1.3.10
-      was never released). This moves the mod_ssl community to the
-      latest Apache state and this way implicitly provides them over 70
-      bugfixes and cleanups which 1.3.11 provides over 1.3.9.
-
-      ____   _  _   
-     |___ \ | || |  
-       __) || || |_ 
-      / __/ |__   _|
-  __ |_____(_) |_| ___________________________________________
-
-  Changes with mod_ssl 2.4.10 (24-Nov-1999 to 08-Jan-2000)
-
-   *) Mentioned MD5-encrypted password in ssl_reference.wml in addition
-      to DES-encrypted password.
-   
-   *) Added a new FAQ entry about the path internally pre-defined by
-      EAPI_MM_CORE_PATH.
-
-   *) Adjust the name-based-vhost complain: Talk say "you should not
-      use" instead of "you cannot use", because first there are
-      situations where it can be reasonable to use name-based vhosts with
-      SSL and second there is no technical restriction on the mod_ssl side,
-      of course.
-
-   *) Changed the license on mod_define.c from the BSD/Apache-style
-      license to a even less restrictive MIT-style license to allow
-      everyone to do with this module what they want.
-
-   *) Fixed a compile-time warning under very strict compilers by using
-      a more correct `ssl_verify_t' (enum based) instead of `int' in
-      ssl_engine_config.c.
-
-   *) Various minor documentation updates.
-
-   *) Made the EAPI-vs-plain-API complain in mod_so more clear.
-
-   *) Adjusted all copyright messages to contain the new year 2000 ;)
-
-   *) Fixed INSTALL.W32 document for latest OpenSSL versions.
-
-   *) Fixed SSL session id context configuration: the value is now an
-      MD5 of `server:port' and this way always a string of just 32 bytes,
-      so OpenSSL's SSL_set_session_id_context() doesn't fail.
-
-   *) Removed old CVS informations from etc/patch.tar tarball.
-
-  Changes with mod_ssl 2.4.9 (05-Nov-1999 to 24-Nov-1999)
-
-   *) Fixed SSLRequire expression evaluation for number strings.
-      Expressions like `SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128'
-      didn't work if SSL_CIPHER_USEKEYSIZE was "40" because the evaluation
-      used strcmp(3) and this fails to compare numbers of different length.
-      An own comparison function is now used to avoid this problem.
-
-   *) Now on Win32 a warning is logged once on startup that mod_ssl is
-      NOT officially supported under Win32 and people have to use it there on
-      their own risk (and so shouldn't complain if it doesn't work). Because
-      only the Unix platform is officially supported and mod_ssl is checked
-      for security issues only related this platform.
-
-   *) For performance reasons it is unreasonable to create the SSL_*
-      CGI/SSI variables _all the time_, because their creation is
-      a rather expensive operation which slows down the server
-      noticeable. Instead it is more reasonable to let them create for
-      CGI and SSI requests _only_. For consistency reason with other
-      `SSLOptions' variables (which all have positive names) and to
-      avoid necessary cleanups changes in the future, I decided to make
-      the incompatibility change _NOW_ (sorry).
-
-      In short: With mod_ssl 2.4.9 per default no SSI/CGI variables
-      SSL_* are created any longer (only the special "HTTPS" variable is
-      always created). Instead one has to use `SSLOptions +StdEnvVars'
-      to switch the creation on.
-
-   *) Added an `SSLOptions' variable `StdEnvVars' which now controls 
-      the creation of the numerious SSL_* CGI/SSI variables.
-
-   *) Renamed old variable SSL_{CLIENT,SERVER}_{S,I}_DN_SP to more
-      correct SSL_{CLIENT,SERVER}_{S,I}_DN_ST variable to conform to
-      RFC2156 and current OpenSSL state (which also prints this OID as
-      "ST" and no longer "SP").
-
-   *) Added support for SSL_{CLIENT,SERVER}_{S,I}_DN_{T,I,G,S,D,UID}
-      variables (corresponding to X.509 title, initials, givenName, surname,
-      description and uniqueIdentifier OIDs) to allow the checking of more
-      X.509 certificate ingredients.
-
-   *) Allow mod_rewrite to also lookup the "HTTPS" variable, for instance
-      via ``RewriteCond %{HTTPS} !=on''.
-
-   *) Removed old URL references to rsaref20.tar.Z from INSTALL document.
-
-   *) Now an explicit error message is logged also if an SSL session cannot be
-      stored to the DBM file via dbm_store (and not just if dbm_open failed).
-
-   *) Now the pass phrase dialog no longer uses the hard-coded
-      filedescriptor 10 as the storage for stderr while the pass phrase dialog
-      is displayed. Instead (at least under Unix) it tries to open /dev/null
-      and uses this filedescriptor instead. And when this fails (or always
-      under Win32) it uses the hard-coded filedescriptor 50 (a lot higher than
-      10 to avoid problems with logfile rotation programs and other things
-      Apache could have started).
-
-   *) Fixed SSL_make_ciphersuite() function: it calculated the required string
-      length incorrectly and could segfault. BUT THIS FUNCTION IS STILL NOT
-      USED IN MOD_SSL AT ALL, so don't panic. This function is for debugging
-      purposes only.
-
-   *) Fixed a filedescriptor leak which happened if encrypted private keys
-      were used. Here the pass phrase dialog forgot to close a temporary
-      filedescriptor.
-
-   *) Added three new OpenSSL log entry annotations: First, "*no start
-      line*" now triggers "Bad file contents or format - or even just
-      a forgotten SSLCertificate KeyFile?" and "*bad password read*"
-      triggers "You entered an incorrect pass phrase!?". Additionally
-      "*bad mac decode*" now triggers "Browser still remembered details
-      of a re-created server certificate?" because people often get "bad
-      data" dialog boxes while (re-)testing with Snake Oil certs.
-
-   *) Added hint about possibly blocking /dev/random devices also to
-      httpd.conf-default to make sure people don't overlook this subtle
-      platform-dependent problem. Additionally a new FAQ entry was
-      made about this, too.
-
-   *) Added an entry to the FAQ about GIDs and their intermediate
-      certificate which has to be configured with SSLCertificateChainFile.
-
-   *) Fixed some external URLs in the FAQ.
-
-  Changes with mod_ssl 2.4.8 (02-Nov-1999 to 05-Nov-1999)
-
-   *) ** IMPORTANT BUGFIX **
-      If (and only if)...
-         1. a server restart at least once happened
-         2. a HTTPS request occurs from a 40-bit/export browser
-         3. the underlaying Unix flavor doesn't map DSOs always
-            to the same memory address on each restart
-      ...then a segfault was very likely to occur for usually
-      all previous mod_ssl version. 
-      
-      The reason was that mod_ssl's temporary RSA keys and DH parameters
-      were stored in the persistent memory pool directly as OpenSSL's
-      RSA and DH structures. But although these structures successfully
-      survived restarts, the contained pointers, which were placed there
-      by OpenSSL and which were referencing _static_ parts of OpenSSL,
-      pointed to Nirvana after restarts. So on the next need for RSA
-      temporary keys or DH parameters (usually caused by 40bit clients)
-      the OpenSSL library internally segfaulted while processing these
-      structures.
-
-      This was a very long-standing bug and is now fixed by storing the
-      RSA keys and DH parameters as raw (and this way safe) DER-encoded
-      ASN.1 dats streams (and not structures) in the persistent memory
-      pool.
-
-   *) Added an FAQ entry about Verisign GIDs and the intermediate CA
-      certificate which is required to fill the gap in the server certificate
-      chain or browsers will complain.
-
-   *) The configure.bat for Win32 now tries to complain if patches were
-      rejected while they are applied to the Apache source tree.
-
-   *) Updated ANNOUNCE and README documents.
-
-  Changes with mod_ssl 2.4.7 (22-Oct-1999 to 02-Nov-1999)
-
-   *) Added a check to mod_so to complain with a warning if one loads
-      a plain Apache 1.3 DSO under EAPI (which might work, but can also
-      segfault).
-
-   *) Added more defensive programming checks in the cert/key handling.
-
-   *) Added an entry to the FAQ about the commercial alternatives.
-
-   *) Disabled SysV IPC semaphore based mutex variant for FreeBSD < 3.0 and
-      any OpenBSD and NetBSD platforms because of conflicts with their
-      non-POSIX conforming semctl(2) prototypes.
-
-   *) Added an FAQ entry on how to enable Anonymous 
-      Diffie-Hellman (ADH) ciphers.
-
-   *) Now `make certificate' allows one to also change the
-      certificate validity time (default is still 365 days).
-
-   *) Recreated the ssl.crt/ca-bundle.crt file with all CA certs found in
-      Netscape Communicator 4.7's cert7.db file.
-
-  Changes with mod_ssl 2.4.6 (01-Oct-1999 to 22-Oct-1999)
-
-   *) Re-created RSA and DSA certificates and private keys for both SnakeOil
-      CA and SnakeOil Server, because the RSA certificate already expired
-      recently.  The cert/keys are now valid for the next 2 years.
-
-   *) Freshed up the test welcome page htdocs/index.html with a feather
-      background image (just for fun ;) and with a few other cosmetic
-      cleanups. 
-
-   *) Fixed a few compile warnings under Win32 environment.
-
-   *) Fixed interactive terminal based pass phrase dialog on Win32 platform by
-      explicitly opening `con' (the console) instead of trying to use stdout
-      (which seems to be no longer connected to the console under Win32).
-
-   *) Fixed expiration checks for the session cache. The
-      calculation and time comparsions were incorrect.
-
-   *) Now `httpd -V' also shows the value of EAPI_MM_CORE_PATH
-      (the path to the MM temporary files) if EAPI_MM is activated.
-
-   *) Made sure that `httpd -t' correctly dies, i.e. including a
-      cleanup of the global MM shared memory pool. Same for
-      `httpd -V'. This is important to not let temporary files
-      stay around which confuse `apachectl'.
-
-   *) Changed a few checks in ssl_engine_scache.c to be even more
-      conservative in order to prevent problems in advance.
-   
-   *) Reduced the size check for DBM session caching from 1024 to 950 bytes,
-      because most DBM libraries have a limit of 1022. This should make sure
-      we do not break some requirements some DBM libraries implicitly assume
-      (even they do not explicitly document it).
-
-   *) Fixed SSL_EXPERIMENTAL code related to the POST problem.  We now do a
-      more careful memory management and a segfault-situation was removed,
-      too.
-
-   *) Now the PID is appended to the global MM based shared memory pool
-      alloc.c allocates. This avoids problems with multiple server instances
-      run from the same installation.
-
-   *) Fixed a few typos in the INSTALL document.
-
-   *) Fixed a nasty bug in the fixup phase which caused ``SSLOptions
-      +ExportCertChain'' to dump core if no client certificates were present.
-
-  Changes with mod_ssl 2.4.5 (28-Sep-1999 to 01-Oct-1999)
-
-   *) Now ``make certificate'' displays a warning message if one generates a
-      DSA certificate with it to make sure the user is aware of the fact that
-      a DSA-only webserver is currently useless because the popular browsers
-      do not speak DH-based ciphers. A hint is given that a DSA cert/key pair
-      is only useful in _combination_ with a parallel configured RSA
-      cert/key pair.
-
-   *) Enhanced the pass phrase dialog: Now ``Server <host>:<port> (<algo>)''
-      is displayed instead of just ``Server <host>:<port>'' and the
-      ``SSLPassPhraseDialog exec:/path/to/program'' is called with arguments
-      ``<host>:<port> <algo>'' instead of just ``<host>:<port>'' to allow the
-      distinction between RSA and DSA keys both to the user and to the
-      program.  This is important, because a single virtual host can use both
-      a RSA and a DSA cert/key at the same time.
-
-   *) Added pre-configured (but commented out) SSLCertificate[Key]File
-      directives to conf/httpd.conf-dist which explains the use of the
-      additional DSA cert/key.
-
-   *) Now the default for SSL_SDBM is 'yes' on Linux boxes because it occurrs
-      too often that Linux boxes with broken DBM libraries are used and people
-      are wondering why their session cache operations segfault the server. If
-      you really want to use the vendor DBM library on Linux you now have to
-      use --disable-rule=SSL_SDBM. But I recommend you to use SDBM except
-      you know what you're doing.
-
-   *) Fixed typo in FAQ: SSLSessioCache -> SSLSessionCache.
-   
-   *) Enhanced the logging facility: First the "Connection to child x"
-      messages now also contain the client IP address, second every
-      logfile entry now has a prefix which contains also the process id in
-      addition to the time. This way it's easier to identify logfile entries
-      written by different processes.
-   
-   *) Fixed ssl_engine_vars.c: SSL3_TXT_RSA_IDEA_128_SHA was contained twice
-      in a table. Instead the second occurrence should be
-      SSL2_TXT_IDEA_128_CBC_WITH_MD5.
-
-   *) Fixed the `union semun' situation for SSLMutex again, this time for
-      brain-dead anchient Linux versions which have incorrect semctl(2)
-      prototypes. We now enable IPC semaphores only on glibc 2.1 boxes.
-
-  Changes with mod_ssl 2.4.4 (27-Sep-1999 to 28-Sep-1999)
-
-   *) Fixed the `union semun' situation for SSLMutex which was broken in 2.4.3
-      because Apache's internal NEED_UNION_SEMUN define is horrible
-      inconsistent (it was defined only for Solaris although it should be for
-      a lot more platforms). The correct solution actually is this: Some
-      platforms have a `union semun' pre-defined but Single Unix Specification
-      (SUSv2) says in semctl(2): `If required, it is of type union semun,
-      which the application program must explicitly declare'. So we have to
-      define it always ourself to avoid problems (but under a different name
-      to avoid a namespace clash, of course).
-
-   *) Fixed `make certificate VIEW=1': nested quotes are
-      disliked by strict(er) Bourne shell flavors.
-
-  Changes with mod_ssl 2.4.3 (06-Sep-1999 to 27-Sep-1999)
-
-   *) Upgraded pkg.contrib/gid-mkcert.sh to use OpenSSL
-      instead of SSLeay+cafix+pkcs12.
-   
-   *) Enabled SSL_USE_SEM (Semaphore based SSLMutex) now explicitly
-      for FreeBSD, NetBSD, OpenBSD, Linux and Solaris.
-
-   *) Fixed ``SSL_CLIENT_CERT_CHAIN<n>'' variable generation under
-      ``SSLOptions +ExportOptions''.
-
-   *) Added new ``SSL_CLIENT_VERIFY'' variable which can be used with
-      SSLRequire to manually check the verify results under ``SSLVerifyClient
-      optional'' in order to redirect to an enrollment page.
-
-   *) Fixed documentation related to SSL_XXX variables.
-
-   *) Fixed timeout handling of internal OpenSSL cache.
-
-   *) Make sure server.key/ca.key files are stored with explicit
-      permissions 600 also in conf/ssl.key/ inside the source tree.
-
-   *) Added hint about "Connection refused" problem to FAQ.
-
-   *) Fixed semaphore based SSLMutex variant: the IPC_CREAT fallback was wrong
-      and the return code semantics were treated incorrectly. Additionally the
-      ownership of the semaphore is now set, too.
-
-  Changes with mod_ssl 2.4.2 (30-Aug-1999 to 06-Sep-1999)
-   
-   *) Added hint about -fPIC vs. -fpic to INSTALL document.
-
-   *) Changed /sw/bin/perl to the more common /usr/bin/perl
-      in pkg.contrib/loadcacert.cgi.
-
-   *) Fixed two (harmless) compile-time warnings related to
-      `unsigned char *' vs. `char *'.
-
-   *) Added hint about required browser restarts on re-installations.
-
-   *) Added quotes to DocumentRoot in conf/httpd.conf-dist
-      to avoid problems with binbuild.sh.
-
-   *) Fixed --with-apxs: configure.stub.sh has to be `sourced' as
-      `./configure.stub.sh' instead of just `configure.stub.sh' or some
-      Bourne Shells cannot find it.
-
-  Changes with mod_ssl 2.4.1 (18-Aug-1999 to 30-Aug-1999)
-
-   *) Added logging hint "too restrictive SSLCipherSuite or using DSA server
-      certificate?" for "no shared cipher" errors.
-   
-   *) Added an explicit ap_blush() call to the connection close hook to
-      make sure that pending outgoing data is flushed _before_ the SSL
-      layer is closed. This is important to make sure that the pending
-      data is still transferred through the SSL layer. Else an I/O
-      error can occur inside the browser because the pending data is
-      transferred as plain data (at a time where the browser will no
-      longer expect the data, i.e. after the SSL close notify message
-      was already received by it).
-
-   *) Added new FAQ entries.
-
-   *) Show `-D EAPI_MM' on `httpd -V', too.
-
-   *) Pass also $(MFLAGS) to src/support/mkcert.sh for consistency.
-
-   *) Fixed mod_define.html: `docroot' was doubled.
-
-   *) Made sure mkcert.sh handles the algorithm variable more robust in order
-      to make sure that people do not accidently choose the DSA variant.
-
-   *) mod_ssl now complains already at startup if one tries to use ``SSLMutex
-      file:...'' on Win32 (where the semaphore mutex _has_ to be used).
-
-   *) Removed obsolete pkg.ssldoc/ssl_cover_title.gif
-
-  Changes with mod_ssl 2.4.0 (03-Aug-1999 to 18-Aug-1999)
-   
-   *) Upgraded from Apache 1.3.6 to Apache 1.3.9 
-      (Apache versions 1.3.7 and 1.3.8 were not released).
-
-   *) Fixed a nasty bug in mod_define.c: the global define variable pool was
-      never destroyed and this way could lead to segfaults on server restarts.
-
-   *) Pass number of bytes from ``SSLRandomSeed exec:/path/to/prog(bytes)'' as
-      first argument to /path/to/prog in order to allow the program to know
-      how much bytes of entropy it should provide on stdout.
-
-      ____    _____ 
-     |___ \  |___ / 
-       __) |   |_ \ 
-      / __/ _ ___) |
-  __ |_____(_)____/ __________________________________________
-               
-  Changes with mod_ssl 2.3.11 (28-Jul-1999 to 03-Aug-1999)
-
-   *) Changed pass phrase dialog: Now you're allowed to enter even 1 char pass
-      phrases, i.e. you're no longer required to enter more than 4 characters.
-      That's important for encrypted private keys not generated via OpenSSL.
-   
-   *) Added configuration check: Now mod_ssl checks on startup whether the
-      CommonName (CN) of a certificate matches the ServerName of the virtual
-      host. If not, a warning is given, because it will lead to at least
-      popping up dialog boxes in NS and IE.
-
-   *) Added configuration check: Now mod_ssl checks whether more than one
-      SSL-aware virtual host uses the same IP:port and complains with a
-      warning, because for SSL name-based virtual hosts cannot be used.
-
-   *) Overhauled mod_define: it now uses a global define value table and
-      this way not works correctly also in <VirtualHost> sections and other
-      contexts.
-
-   *) Added a few more FAQ entries.
-
-   *) Cleaned up ssl_init_Module() function: it now no longer
-      destroys the server_rec argument as a side-effect.
-
-   *) Fixed top-level Makefile.tmpl: ssl.crl wasn't created; README.CRL
-      wasn't installed; incorporated an important escaping bugfix from Apache
-      1.3.7-dev.
-
-   *) Added fallback definitions for TRUE/FALSE to ap_mm.h
-
-   *) Fixed I/O pre-sucking for HTTPS proxy situations where
-      no mod_ssl context is attached to SSL structures.
-
-   *) Fixed Mutex acquiring under Win32: the result value
-      was computed incorrectly and leaded to warning log entries.
-
-   *) Catch SIGPIPE in truerand.c (a contrib program in pkg.contrib/) to allow
-      it behave correctly under `SSLRandomSeed exec:bin/truerand N'.
-
-  Changes with mod_ssl 2.3.10 (26-Jul-1999 to 28-Jul-1999)
-
-   *) Changed the handling of the `per-URL SSL re-configuration in conjunction
-      with POST method based HTTP requests' problem: Per default mod_ssl now
-      returns a METHOD_NOT_ALLOWED HTTP error when one tries to POST to a URL
-      which has SSL parameters re-configured, because mod_ssl per default
-      cannot handle this situation (for technical reasons). This way the I/O
-      errors which occured in the past are now at least replaced by a correct
-      error message. 
-
-      But when you build with --enable-rule=SSL_EXPERIMENTAL you get
-      experimental support for this situation and you then _CAN_ use POST even
-      in conjunction with per-URL SSL re-configurations.
-      
-      But nevertheless one have to keep in mind that the POST body is still
-      transferred under the global SSL parameters and that the renegotiation
-      (typically to a stronger cipher, etc.) happens only before the response
-      is sent (and not before the POST data is read!). The rule of thumb is:
-      per-URL SSL parameters _CANNOT_ be applied to _ANY_ part of the
-      _REQUEST_, they are only guarrantied to be applied to the _RESPONSE_.
-
-      In practice there are situations (for instance when the client resumes
-      the request already with previously renegotiated parameters, etc.) where
-      the situation _CAN_ be better. But you cannot _EXPECT_ it to be better
-      and mod_ssl _CANNOT GUARRANTY_ it to be better, of course.
-
-   *) Added support for latest OpenSSL 0.9.4-dev snapshot version.
-
-   *) Fixed initialization and cleanup related problems with SSLMutex: The
-      mutex is now closed before the chown and the mutex is removed only in
-      the parent on module shutdown.
-
-   *) Removed HTTPD_ROOT from EAPI_MM_CORE_PATH definition in httpd.h
-      because it is redundant and can cause problems.
-
-  Changes with mod_ssl 2.3.9 (25-Jul-1999 to 26-Jul-1999)
-   
-   *) Compile ap_make_shared_sub_pool() only under -DEAPI
-      and added it to httpd.exp.
-
-   *) Fixed alloc.c again: the ap_mm_destroy has to be used only for
-      defined(EAPI) && defined(EAPI_MM) and not just for defined(EAPI).
-
-  Changes with mod_ssl 2.3.8 (25-Jul-1999 to 25-Jul-1999)
-
-   *) Fixed a nasty problem with early pool cleanups during 
-      startup when shared memory session caches are configured.
-
-  Changes with mod_ssl 2.3.7 (14-Jul-1999 to 25-Jul-1999)
-
-   *) Optimization for logfile handling: We now short-circuit the
-      filedescriptors for inherited logfiles in order to save filedescriptors.
-      This is important for mass virtual hosting situations where we really
-      have to reduce the resource consumption. 
-
-   *) Enhanced the DBM-based SSL Session Cache:
-
-      o the cache DBM files are removed on shutdowns and restarts now
-        to prevent the occurance of DBM inconsistencies over long runs.
-
-      o the DBM store operation now stores only data which has
-        sizeof(key)+sizeof(data) < 1024 to make sure some broken vendor DBM
-        libraries do not segfault on large entries.  Only with the built-in
-        SDBM library up to 8KB are stored.
-
-      o the expiry procedure was rewritten to prevent problems with
-        less smart DBM libraries: Instead of iterating and deleting in
-        parallel (which causes some DBM libraries to become totally crazy) a
-        two pass approach is used. In the first pass the DBM library is
-        scanned and expired elements are remembered only. In the second pass
-        the rememebered elements are actually deleted.
-
-   *) Fixed SSL mutex handling: the mutex file was not removed on shutdown.
-
-   *) Fixed global shared memory pool handling in alloc.c: The shared memory
-      related temporary files of MM were not removed because ap_mm_destroy()
-      was missing on exit.
-
-   *) A few adjustments anf fixes to the FAQ and added hint to OpenSA
-      to INSTALL.Win32.
-
-   *) Fixed ``SSLRandomSeed exec:..'' for OS/2 and Win32.
-
-   *) Fixed shared memory pool handling in alloc.c:
-      Two realloc() calls were not shared memory aware.
-
-  Changes with mod_ssl 2.3.6 (22-Jun-1999 to 14-Jul-1999)
-
-   *) Enhanced ap_mm_create() failure messages in alloc.c
-   
-   *) Fixed a core dump for the rare situation where mod_ssl was build
-      statically into Apache but not enabled (AddModule).
-
-   *) Perform more tries to chown() used DBM files.
-
-   *) Fixed memory leaks on restarts related to shared memory session cache:
-      the MM object wasn't removed at all.
-
-   *) Allow SSL_DBM_FILE_SUFFIX_DIR and SSL_DBM_FILE_SUFFIX_PAG
-      to be overridden via CFLAGS.
-   
-   *) Fixed grammar and typos in ssl_reference.wml
-
-   *) Done a blind update of the INSTALL.Win32 document.
-
-   *) Added five new FAQ entries.
-
-   *) Fixed EAPI MM related permission problems.
-
-   *) On startup the configured cipher suite is now also
-      displayed under log level "trace".
-
-   *) Let the Win32 configure.bat complain when --with-apache or
-      --with-ssl is missing.
-
-   *) Added new `SSLCertificateChainFile /path/to/file' directive. This can
-      point to a file containing the concatenation of PEM encoded CA
-      certificates which explicitly form the server certificate chain. This is
-      intended for instance for the Global-ID situation where one _has_ to
-      send the intermediate CA of Verisign with the GID while one wants to
-      avoid that under client authentication all clients issued by this CA are
-      accepted (which would happen when one references the CA cert via
-      SSLCACertificatePath or SSLCACertificateFile instead of
-      SSLCertificateChainFile).
-
-   *) Changed the "Interrupted by system" `error' to `info' level in
-      case errno is not > 0.
-
-  Changes with mod_ssl 2.3.5 (18-Jun-1999 to 22-Jun-1999)
-
-   *) Rewritten the DBM and SHM expiration functions in ssl_engine_scache.c to
-      avoid problematic situation where one deletes an entry before the
-      iteration counter was incremented. This was perhaps also another reasons
-      for the session cache related core dumps.
-
-   *) Fixed a nasty bug in ssl_util_table.c: A static (heap-based) calloc()
-      call was forgotten to be converted to a dynamic (shared memory based)
-      table->calloc() call. This leaded to various core dumps once the session
-      cache's hash table was filled as had to be resized (which occured
-      only after some time of operation, of course).
-
-   *) Now mod_ssl displays an info logfile entry when the server certificate
-      is a SCG one and warning logfile entries when the server certificate has
-      BasicConstraints CA:TRUE or pathlen>0.
-
-   *) Fixed FakeBasicAuth handling: ssl::client::dn wasn't
-      set correctly and wasn't set at all in renegotiation context.
-
-   *) Fixed HowTo example with +FakeBasicAuth: AuthName was
-      missing and typos
-
-  Changes with mod_ssl 2.3.4 (09-Jun-1999 to 18-Jun-1999)
-
-   *) The Fake Basic Auth stuff now is logging it's operation.
-
-   *) Fixed pkg.contrib/cca.sh script: CA:TRUE was incorrect
-      for a client certificate, of course.
-
-   *) Added session cache status display to the pages generated by mod_status.
-      When "ExtendedStatus on" is used mod_ssl appends session cache
-      information (supported for both DBM and SHM).
-
-   *) Fixed ``SSLVerifyClient optional_no_ca'' for per-directory context.
-
-   *) Added ``SSLOptions +OptRenegotiate'':
-      This enables optimized SSL connection renegotiation handling when SSL
-      directives are used in per-directory context. Per default a strict
-      handling is enabled where every per-directory reconfiguration of SSL
-      parameters cause a full SSL renegotiation handshake.  When this option
-      is used mod_ssl tries to avoid unnecessary handshakes by doing more
-      granular (but still safe) parameter checks. This should reduce
-      the renegotiation overhead a little bit.
-
-   *) Also print SSL errors on SSL_ERROR_SYSCALL situation.
-
-   *) Make sure EAPI_MM=SYSTEM doesn't add -I/usr/include to CFLAGS (which
-      occurrs for instance under Debian where MM is installed in system
-      locations).
-
-   *) The SSL session context is now also set on session renegotiations.
-
-  Changes with mod_ssl 2.3.3 (08-Jun-1999 to 09-Jun-1999)
-
-   *) Various type fixes for Session Cache code.
-
-   *) A few fixes to make the Win32 world happy again.
-
-   *) Fixed glibc 2.1 ndbm.h inclusion problems.
-
-   *) Make sure that in "SSLSessionCache shm:/path/to/file(NNN)"
-      the size NNN cannot be specified greater than the maximum
-      possible shared memory segment (which is platform
-      dependent, of course).
-
-  Changes with mod_ssl 2.3.2 (28-May-1999 to 08-Jun-1999)
-
-   *) Removed obsolete mca.sh script and updated cca.sh script to current
-      OpenSSL state.
-
-   *) Now "SSLSessionCache none" really disables _all_ caching,
-      i.e. including the internal OpenSSL cache.
-
-   *) Added Shared Memory based SSL Session Cache: A new "SSLSessionCache
-      shm:/path/to/file(bytes)" variant of the SSL session cache was added.
-      This uses a high-performance hash table inside a shared memory segment
-      to provide the fastest inter-process session cache which is possible.
-      For this Apache+EAPI has to be built with EAPI_MM (linked against the MM
-      library, the shared memory abstraction).
-   
-   *) Fixed the EAPI_MM related patches to Apache's src/Configure:
-      The variables were overridden instead of extended.
-
-   *) Added hint to FAQ to make sure people enter the FQDN for CommonName when
-      generating a server certificate. Added hint to EGD to reference chapter.
-
-   *) Some more Win32 fixes.
-
-   *) Fixed a session cache problem on shutdowns.
-
-   *) Fixed mod_ssl's ``configure --with-mm=DIR''
-
-  Changes with mod_ssl 2.3.1 (25-Apr-1999 to 28-May-1999)
-
-   *) Fixed two memory leaks in ssl_util_ssl.c related to BIOs.
-
-   *) Fixed EAPI sources in src/ap/: They failed to compile
-      when -DEAPI wasn't used which isn't nice.
-
-   *) Fixed Win32 stuff: src/ap/ap.mak missed entries for ap_mm.[ch],
-      src/modules/ssl/Makefile.win32 missed entry for ssl_engine_dh.c,
-      configure.bat wasn't aware of the new include/openssl/ layout.
-
-  Changes with mod_ssl 2.3.0 (12-Apr-1999 to 25-May-1999)
-
-   *) Upgraded to final OpenSSL 0.9.3 API and made this
-      version the lowest possible OpenSSL version for mod_ssl.
-
-   *) Fixed ap_mm.c stubs.
-
-   *) Updated dependencies in src/modules/ssl/Makefile.tmpl
-
-   *) Fixed INSTALL document for OpenSSL 0.9.3: 
-      -DNO_IDEA => no-idea and -DRSAref & friends => rsaref.
-
-   *) ** Second major step for DH/DSA support **: 
-      The mod_ssl module itself is now aware of multiple certificate/keys when
-      they are of a different type (one RSA, the other DSA). All internal
-      cert/key related handling which was hard-coded for RSA was replaced by
-      generic code which supports both RSA and DSA. This way now all SSL
-      ciphers, including the real Diffie-Hellman ciphers like
-      EDH-DSS-DES-CBC3-SHA are supported by mod_ssl.
-
-   *) Upgraded Thawte's sxnet stuff in pkg.contrib/
-
-   *) Added new variable SSL_SESSION_ID which contains the hex-encoded SSL
-      session id. This variable is also exported to the SSI/CGI environment
-      and can be used as a session-unique key.
-
-   *) Added more error checking for SSL_XXX variable lookups.
-
-   *) ** First major step for DH/DSA support **: 
-      1) snakeoil.{crt,key} was renamed to snakeoil-rsa.{crt,key} and a
-      snakeoil-dsa.{crt,key} was created. 2) src/support/ca-fix.c was kicked
-      out (it's obsolete with OpenSSL 0.9.3) and 3) src/support/mkcert.sh was
-      changed to use the new `openssl x509 -extfile ..' instead of ca-fix and
-      to support the generation of DSA certs/keys via `openssl gendsa'.
-      Finally 4) the top-level Makefiles were adjusted to support an
-      ALGO={RSA,DSA} parameter for selecting the algorithm in batch and a
-      VIEW=1 parameter for viewing the generated cert/key in plain text
-      format.
-
-   *) Removed more source code relicts of SSLeay by replacing
-      them with the official OpenSSL variants.
-
-   *) Added ap_{mm,MM}* function list to src/support/httpd.exp
-
-   *) Update ap_mm.{c,h} for MM 1.0.3, i.e. add stubs for new
-      ap_{MM,mm,mm_core}_permission() function.
-
-   *) Replaced all references to EAY's old email address with the new one.
-
-   *) Fixed source tree creation: ap_mm.[ch] wasn't installed.
-  
-   *) Removed -l option from yacc call in src/modules/ssl/Makefile.tmpl and
-      touch the pre-generated scanner/parser files so the generation isn't
-      done for end users.
-
-   *) Give more reasonable error message on pass phrase dialog by
-      distinguishing between "Pass phrase incorrect" and "Private key not
-      found" situations.
-
-   *) Fixed configure and configure.bat scripts: ssl.crl wasn't created
-      and server.csr wasn't installed under Win32.
-
-   *) Added a new ``SSLOptions +StrictRequire'' This _forces_ forbidden
-      access when SSLRequireSSL or SSLRequire successfully decided that access
-      should be forbidden. Usually the default is that at least a used
-      ``Satisfy any'' can cancel such access denies (when other access
-      restrictions were passed), because that's how the Apache Satisfy
-      mechanism should work.  But for strict access restriction you can use
-      SSLRequireSSL and/or SSLRequire in combination with an ``SSLOptions
-      +StrictRequire''. Then an additional ``Satisfy Any'' has no chance once
-      mod_ssl has decided to deny access.
-
-   *) Removed all direct Apache-SSL related comparsions from the mod_ssl FAQ
-      chapter of the user manual to finally avoid any more blames by Ben
-      Laurie.
-   
-   *) Upgraded to the forthcoming OpenSSL 0.9.3 API. Because of too much API
-      changes (constifications, STACK_OF, etc.) we cannot provide support for
-      older versions any longer without making the mod_ssl source code ugly.
-      OTOH for mkcert.sh we already want >= 0.9.3, so drop support for all
-      older versions now.
-
-   *) Switched all addresses and references to new modssl.org domain.
-
-   *) Updated the User Manual for version 2.3
-
-   *) Various stylistic source code cleanups.
-
-   *) EBCDIC-related fix for variable lookup functions.
-
-   *) Added generic Shared Memory support to Extended API (EAPI) via the new
-      MM library (available externally).  First two new ap_mm.c/ap_mm.h source
-      files provide new functions ap_mm_xxx() which are either stubs (when no
-      shared memory support is available via the MM library) or call the
-      mm_xxx() counterparts of the MM library.  Second, shared memory pools
-      are patched into alloc.c/alloc.h which uses the ap_mm_xxx() functions in
-      the background.
-
-   *) Added support for X.509 CA Certificate Revocation Lists (CRL).  For this
-      the two new directives SSLCARevocationPath and SSLCARevocationFile
-      (similar to SSLCACertificate{Path,File}) are provided where one can
-      store CRL files.  The preconfigured default directory for CRLs is
-      PREFIX/conf/ssl.crl. The SSLCARevocationPath is a directory where the
-      CRLs are looked up via hash symlinks. For this a ssl.crl/Makefile is
-      provided similar to ssl.crt/Makefile.
-
-   *) Kicked out all remaining SSLeay references and dependencies.  The
-      minimum SSL library version which is now required is OpenSSL 0.9.2b.
-
-      ____    ____  
-     |___ \  |___ \ 
-       __) |   __) |
-      / __/ _ / __/ 
-  __ |_____(_)_____| _________________________________________
-               
-  Changes with mod_ssl 2.2.8 (29-Mar-1999 to 12-Apr-1999)
-   
-   *) Use SSL_smart_shutdown() also for SSL proxy stuff.
-
-   *) Fixed some compat variable mappings and updated ssl_compat.wml
-      document to reflect the current compat state.
-
-   *) Added ssl_log_applies() function in advance for forthcoming feature
-      commits.
-
-   *) Added NEWS file to distribution which summarizes the major changes and
-      this way gives a faster overview for the impatient users.
-
-   *) Added a new pkg.contrib/cca.sh script which I used for client auth
-      testing with the latest OpenSSL versions.  Additionally adjust old
-      mca.sh script for OpenSSL.
-   
-   *) Added the missing ssl_template.inc file to the distribution
-
-   *) Various source code cleanups to make forthcoming patches more clean.
-
-  Changes with mod_ssl 2.2.7 (24-Mar-1999 to 29-Mar-1999)
-
-   *) Fixed the ``HTTPS request received for child'' log entries: Now no
-      longer multiple copies of a message occur, because mod_ssl logs them
-      only on initial requests (and no longer on sub-requests and internal
-      redirects).
-
-   *) Fixed a few more memory leaks which occured on server restarts.
-
-   *) Added entry to the FAQ for the MSIE work-around with
-      ``SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown''.
-
-   *) Added support for two SetEnvIf variables: ssl-unclean-shutdown and
-      ssl-accurate-shutdown. These can be used to for instance force different
-      shutdown approaches for particular browsers. An ``SetEnvIf User-Agent
-      ".*MSIE.*" ssl-unclean-shutdown'' now forces the old mod_ssl 2.1
-      behaviour where no close notify messages are sent at all before
-      connection close. An ``SetEnvIf User-Agent ".*Lynx.*"
-      ssl-accurate-shutdown'' forces an accurate shutdown when the client is
-      Lynx+OpenSSL where mod_ssl both sends it's close notify alert and waits
-      for the close notify alert of the client.
-
-   *) Updated source file dependecies in src/modules/ssl/Makefile.tmpl.
-
-  Changes with mod_ssl 2.2.6 (18-Mar-1999 to 24-Mar-1999)
-
-   *) Now mod_ssl logs the current Apache, mod_ssl and OpenSSL versions at
-      startup which makes it easier to distinguish which software combination
-      is actually running by just looking into the log.
-
-   *) Added support for new 56/1024 bit export ciphersuites (idea overtaken
-      from Apache-SSL 1.32) and sign-only-certificate situations where
-      stronger (1024 instead of 512 bit) temporary keys are reasonable to use.
-
-   *) Upgrade to new upstream version Apache 1.3.6 on vendor branch.
-      [Version 1.3.5 was not released because of last minute problems]
-
-   *) *** SECURITY *** SECURITY *** SECURITY ***
-      In the OpenSSL project we discovered that a terrible security hole
-      exists for _all_ SSLeay/OpenSSL server applications that use virtual
-      hosting. Here sessions could be resumed in the wrong context thus
-      bypassing client certificate protection! This hole is now fixed in
-      OpenSSL 0.9.2b by an ad-hoc solution were SSL sessions cannot be resumed
-      unless the server application tags it with a unique context id per
-      virtual host. mod_ssl now also performs this tagging to prevent this
-      exploit.
-
-   *) Added the nifty EAPI-based mod_define module to the source tree.  This
-      modules provides variable definitions for arbitrary directive lines,
-      i.e.  you can expand ${xxx} on any(!) directive line. This module is
-      disabled per default in src/Configuration.tmpl (need an
-      --enable-module=define) and it lives in the new pkg.addon area.
-
-   *) Added Stronghold's table look and feel to mod_status' display page.
-      This patch is harmless and enabled per default and lives in the new
-      pkg.addon area.
-
-   *) Opened another distribution package subdir: pkg.addon/.
-      Here addons will be stored which are not directly/physically related to
-      mod_ssl and EAPI, but indirectly.
-
-   *) Cleaned up the generation of the signature table in ap_hook.c
-      and updated the hook list with the still missing vendor hooks.
-
-   *) Renamed recently added vendor hooks to from ssl::vendor::xxx to
-      ap::mod_ssl::vendor::xxx to be consistent with remaining EAPI hook
-      names.
-
-   *) Upgrade to new upstream version Apache 1.3.5 on vendor branch
-
-   *) Fixed a segfault in the HTTPS support for mod_proxy which
-      occured when the proxy couldn't connect to the remote host.
-
-   *) Be 100% conservative and clean and use SSL_clean() after SSL_new().
-
-  Changes with mod_ssl 2.2.5 (04-Mar-1999 to 18-Mar-1999)
-
-   *) Fixed the situation were we discovered processes consuming
-      100% CPU time. This occured under various not exactly known
-      circumstances, but it seems it was always when the client plays bad with
-      the socket connection and OpenSSL cannot recognize it. Then the state
-      machine of SSL_shutdown() seems to loop endless. It's now fixed by not
-      limiting the iterations.
-
-   *) Fixed a typo in the SSL_CERTIFICATE_FILE define, although this
-      variable is still not used.
-
-   *) Fixed the POST-problem where kept-alive HTTPS connections hang or
-      resulted in an I/O error inside the browser because the ``SSL close
-      notify'' alert couldn't be sent correctly because of Apache's internal
-      ``lingering close'' handling. EAPI was changed to now correctly call the
-      close_connection module hook also on timeout and linger closes. This
-      EAPI change means you cannot upgrade your libssl.so with --with-apxs to
-      this version. A complete Apache rebuild with the updated EAPI code is
-      necessary.
-
-   *) The SSLCertificateFile and SSLCertificateKeyFile directives now can read
-      PEM (=DER+Base64+headers), DER+Base64 (without headers) and plain DER
-      format certificate and private key files. This is mostly provided for
-      convinience reasons.
-
-   *) Add FAQ entry: How to convert PEM into DER.
-  
-  Changes with mod_ssl 2.2.4 (21-Feb-1999 to 04-Mar-1999)
-
-   *) Add important note to INSTALL/INSTALL.Win32 that all
-      documentation references already use the term OpenSSL, the file and
-      program names `openssl', etc. although most of the users are still using
-      SSLeay and don't have any `openssl' command, etc.
-
-   *) Fixed two export warnings for ssl_expr_parse.c under Win32.
-
-   *) In correspondence with the SSLeay to OpenSSL transition
-      we changed the --with-ssleay=DIR option to --with-ssl=DIR (but the old
-      variant is still recognized for backward compatibility, of course).  For
-      consistency we also renamed --with-rsaref=DIR to --with-rsa=DIR.
-
-   *) Ported src/support/ca-fix tool to OpenSSL 0.9.2, although after final
-      switching to OpenSSL 0.9.2 as the minimum required toolkit version we
-      will no longer need this tool.  But until then let us be friendly and
-      support the OpenSSL snapshots ;-)
-
-   *) Added the first cut of Vendor extension support.  This stuff is
-      currently _NOT_ compiled in per default. It has to be enabled with the
-      new APACI --enable-rule=SSL_VENDOR option. The idea is this: the mod_ssl
-      sources contain EAPI vendor hooks (`ssl::vendor::xxxx') and internal
-      EAPI context variables which can be used to change or extend mod_ssl by
-      a vendor without patching the source code. Grep for `ssl::vendor::'
-      inside src/modules/ssl/ for more details.  Additionally vendors can now
-      add their own source code as files named ssl_vendor.c, ssl_vendor_XXX.c,
-      etc.  The libssl.module script automatically picks these up under
-      configuration time and mod_ssl under run-time calls the functions `void
-      ssl_vendor_register(void)' and `void ssl_vendor_unregister(void)' inside
-      these objects to bootstrap them.  Read the src/modules/ssl/README file
-      for more details.
-
-   *) Fixed two old Stronghold directive compatibility mappings, added missing
-      Stronghold directive mappings and added a bunch of additional Stronghold
-      variable mappings.
-
-   *) Big and official switch from the name `Apache Interface to SSLeay' to
-      `Apache Interface to OpenSSL', from any SSLeay-references to
-      OpenSSL-references, etc. There is still support for SSLeay, of course.
-      But this renaming cleanup has to be done, because in the near future
-      support for SSLeay has to be completely dropped due to non-optional
-      support for new features like DSA/DH, etc (which is only possible with
-      OpenSSL).
-
-   *) Made the error messages of `configure' even more idiot-proof :-(
-
-   *) Fixed the connection closing phase: First, mod_ssl no longer hooks into
-      this phase by using ap_register_cleanup() (with the connection pool)
-      because the cleanup functions are called by Apache's API a lot too late
-      (actually _after_ the socket was already closed!).  Instead a new EAPI
-      hook `close_connection' was added to register a hook which is run
-      directly _before_ the socket is closed.  Second, the SSL ``Close
-      Notify'' alert is now always sent (even when older IE browsers display
-      the message in the window), because not sending the alert is a violation
-      of the SSL/TLS standard.
-      !! ATTENTION: THIS HAD TO CHANGE EAPI, SO YOU HAVE TO RECOMPILE APACHE !!
-
-   *) Enhance the output of alert messages under `SSLLogLevel trace'.
-   
-   *) Make mod_ssl aware of the forthcoming OpenSSL 0.9.2 version
-      where some callback function signatures will be changed 
-      and a few new TLSv1 export ciphers are added.
-
-   *) Fixed restarts which were broken due to recent changes to the cert/key
-      handling (DER/internal conversions). Now mod_ssl again surives server
-      restarts without problems.
-
-   *) Replaced `%0 %*' with `%0 %1 %2 %3 %4 %5 %6 %7 %8 %9' in configure.bat
-      because Windows 98 is even more braindead than anyone can image.
-
-   *) Added AP_HOOK_DECLTMP return code semantic to EAPI's hook mechanism
-      which is needed in the forthcoming vendor hooks to avoid local temporary
-      variables.
-
-   *) Fixed the `SSLLogLevel debug' output where confusing `Ops, no memory
-      buffer?' messages occured in the past. The BIO callback function now
-      only outputs messages for the actual read/write calls.
-
-   *) Fixed a warning the `gcc -O -Wall ...' compiler flag combination causes.
-
-   *) Fixed confusing terms in the final messages in mkcert.sh
-      which display a short description of files under `make certificate'.
-
-   *) Fixed compilation for SunOS where no RAND_MAX exists.
-
-  Changes with mod_ssl 2.2.3 (05-Feb-1999 to 21-Feb-1999)
-   
-   *) Cleaned up the namespace of mod_ssl structures: 
-      All helper structures are now named ssl_xxxx_t.
-
-   *) Fixed hyperlinks to mod_log_config.html in mod_ssl's User Manual
-
-   *) Let mod_log_config's %{XXXX}x functions (provided by mod_ssl) correctly
-      expand to "-" instead of "" in case XXXX is not available as it's the
-      case for other mod_log_config functions.
-
-   *) Unbreak `SSLOptions +CompatEnvVar' by fixing two nasty bugs
-      and adding a missing variable.
-
-   *) Fixed a confusing "not"-typo in the FAQ.
-
-   *) Another round to get rid of the core dumps under the DSO situation when
-      DSOs are loaded to different memory addresses. We now no longer try to
-      preserve `RSA *' and `X509 *' structures of the SSL library between
-      Apache's init rounds. Because as we discovered, SSLeay/OpenSSL uses
-      various static variables inside these structures which is a big NO-NO
-      for the nasty Apache double-init round situation. Instead we now convert
-      the internal structures to DER/ASN.1 byte-streams allocated inside
-      mod_ssl's global memory pool. This now at least fixed the core dumps
-      under the Solaris/DSO situation for me.
-
-   *) Incorporated a few cleanups for the SDBM code Gred Stein sent me 
-      while he was adding SDBM to his mod_dav package.
-  
-  Changes with mod_ssl 2.2.2 (04-Feb-1999 to 05-Feb-1999)
-
-   *) Fixed `SSLOptions +FakeBasicAuth' and related stuff which
-      was broken because of a typo in a context variable name.
-
-   *) Fixed ToC in chapter 1 of the user manual.
-
-   *) Fixed export lists src/ApacheCore.def (Win32) and 
-      src/support/httpd.exp (AIX).
-
-  Changes with mod_ssl 2.2.1 (27-Jan-1999 to 04-Feb-1999)
-
-   *) Now the configure script uses bold mode to mark some
-      error messages under xterm, vt100 and vt220 terminals.
-   
-   *) Added a new chapter 5 (`HowTo') to the User Manual where solutions for
-      typical situations are presented.
-    
-   *) Now mod_ssl identifies itself to the SCCS `what' and RCS `ident'
-      commands with a string `mod_ssl/2.2.x'.  This allows one for instance to
-      quickly check what version a libssl.so by typing `what libssl.so' or
-      `ident libssl.so'.
-
-   *) Added a new directive `SSLProtocol' which is compatible to Stronghold
-      2.x's directive of the same name. It provides a handy way to control the
-      SSL protocol flavors (SSLv2, SSLv3, TLSv1) mod_ssl should provide on the
-      server side. It's use is a little bit similar to special cases of
-      SSLCipherSuite, but it actually directly affects internal behaviour of
-      the SSL library. So, saying `SSLProtocol all -SSLv3 -TLSv1' to get a
-      SSLv2 only server is not really equal to an `SSLCipherSuite' where just
-      all SSLv3 and TLSv1 ciphers are dropped.
-   
-   *) EAPI functions are now also added to src/ApacheCore.def.
-   
-   *) Output a warning when `SSLVerifyClient require' is used but no CAs are
-      configured for verification.  Additionally the `peer didn't return a
-      certificate' message is annotated with a similar hint.
-
-   *) Updated the README.dsov.{fig,ps} files to reflect the
-      additional internal data structure link from SSL* to request_rec*.
-
-  Changes with mod_ssl 2.2.0 (21-Jan-1999 to 27-Jan-1999)
-
-   *) Commit the long-prepared and long-awaited feature of 
-      per-directory SSL configuration parameters. 
-      
-      The background is this: SSL parameters like the Cipher Suite or the
-      certificate chain verification parameters up to now could only be
-      configured on a per-(virtual)server basis and this way apply to all URLs
-      under https://this-virtual-server/.  The drawback is obvious: You've to
-      find a common denominator for the whole website which isn't usually
-      possible. For instance just because you need client authentication
-      (``SSLVerifyClient require'') for https://this-virtual-server/foo/bar/,
-      this shouldn't mean you have to force client authentication for the
-      whole server. Same for ciphers: Just because a subarea needs to enforce
-      a stronger cipher (e.g. no export, no null cipher, etc.) shouldn't mean
-      that the whole website can only be visited with those requirements.  So
-      the idea is to enforce those (usually stronger) requirements on a
-      per-directory basis.
-
-      The problem is: It's a chicken and egg situation. To decide which
-      parameters should be enforced in the SSL handshake mod_ssl has first to
-      find out the requested directory. For this the HTTP request has to be
-      read. But for this the SSL handshake first has to be performed. Bingo!
-      
-      The nifty solution known from Netscape Commerce servers now is: We
-      simply do the standard SSL handshake, then we read the HTTP response,
-      then we perhaps reconfigure the parameters and enforce a second SSL
-      handshake (this is called "SSL renegotiation") with it. And only when
-      this handshake is also successful, the HTTP response is send.
-
-      How is this configured? You just put additional SSLVerifyClient,
-      SSLVerifyDepth and/or SSLCipherSuite directives in <Directory> or
-      <Location> containers or even .htaccess files. When Apache reaches those
-      directories, those directives reconfigure the SSL parameters and the SSL
-      renegotiation is automatically enforced by mod_ssl. The only drawback is
-      that although an optimization is done to reduce unnecessary
-      renegotiations (when the parameters were not actually changed), you
-      usually increase the overhead for a request because a SSL renegotiation
-      is expensive. So, use the per-directory reconfiguration feature
-      economically.
-
-      Under SSL_EXPERIMENTAL additionally the directives SSLCACertificatePath
-      and SSLCACertificateFile can be used in per-directory context for
-      reconfiguration. But it's tagged experimental because SSLeay/OpenSSL
-      still lacks real support for this. So an ugly kludge has to be done to
-      support these two directives, too.
-      
-   *) Give out more information on "Certificate Chain too long" error message.
-
-   *) Moved SSLeay/OpenSSL specific stuff to the new source files
-      ssl_util_ssl.[ch]. !! ATTENTION: NOW SSLeay 0.9.0 or OpenSSL IS NEEDED
-      !!  Because the new internal structures need at least SSL_get_ex_data()
-      and SSL_set_ex_data() and those are not supported in SSLeay 0.8.x.  So
-      we removed all remaining support for SSLeay 0.8.0. OTOH that's no
-      problem, because SSLeay 0.8.x is known to be unstable, so it's
-      reasonable to remove support for it also for other reasons.
-
-   *) Added a second SSL context variable which holds (with a delay) a pointer
-      back to the request_rec structure in Apache.  This is needed to reach
-      the per-directory configuration parameters.
-   
-   *) Updated the User Manual for mod_ssl 2.2
-
-   *) Added SSL_EXPERIMENTAL rule to Configuration.tmpl which
-      can be used to enable (APACI: ``--enable-rule=SSL_EXPERIMENTAL'')
-      experimental code inside mod_ssl. Code is declared experimental unless
-      it is proofed to be stable by the users.
-
-   *) Replaced the GNU Bison generated ssl_expr_parse.[ch] files with variants
-      generated by BSD Yacc. This way we have more portable source because BSD
-      Yacc doesn't used alloca() and other tricks. This especially should
-      solve the problems under HP/UX.
-
-   *) Updated INSTALL file for recent changes and fixed a few typos there.
-
-   *) Add a SSL_SDBM rule to Apache's Configuration.tmpl which can be used
-      (APACI: ``--enable-rule=SSL_SDBM'') to force mod_ssl to built with the
-      built-in SDBM instead of the custom defined (DBM_LIB) or vendor supplied
-      DBM library. This is especially useful when the vendor DBM library is
-      buggy or restricts the data size too dramatically (BTW, Berkeley-DB/1.x,
-      Berkely-DB/2.x and GDBM based DBM libraries are ok, because they allow
-      unlimited data size).
-   
-   *) Enlarge the SDBM pag/dir blocksize from 1KB/4KB to 8KB/32KB to make sure
-      SDBM really can deal with SSL sessions containing long certificate
-      chains. !! ATTENTION: THIS MEANS THAT YOU'VE TO ONCE REMOVE THE FILE YOU
-      CONFIGURED WITH SSLSessioCache WHEN SDBM WAS USED AND YOU UPGRADE TO
-      THIS OR A LATER mod_ssl VERSION, BECAUSE THE INTERNAL LAYOUT CHANGED. SO
-      THE FILE HAS TO BE RECREATED WITH THE NEW LAYOUT !!
-
-   *) Make the DBM based session cache more robust by using additional error
-      situations. This should fix some observed core dumps on Linux boxes
-      where the vendor DBM library returned strange values.
-
-   *) Fixed configuration handling for global directives: Now the correct
-      memory pools are used and after the first configuration round the global
-      configuration structure is locked.
-
-   *) Added a new `SSLRandomSeed' directive for explicit seeding the Pseudo
-      Random Number Generator (PRNG) of the SSL library on server startup
-      and/or connection establishment time. The intent is that this way the
-      PRNG is better initialized and this way the security of the generated
-      SSL protocol ingredients are more secure (because less predictable). For
-      maximum flexibility you can use three seed sources: an internal source,
-      an external file or an an external program. And you can specify one or
-      more such sources, of course. For instance under a FreeBSD box you can
-      now use the following: 
-
-          SSLRandomSeed startup builtin
-          SSLRandomSeed startup exec:bin/truerand 16
-          SSLRandomSeed startup file:/dev/random  512
-          SSLRandomSeed startup file:/dev/urandom 512
-          SSLRandomSeed connect builtin
-          SSLRandomSeed connect file:/dev/random  512
-          SSLRandomSeed connect file:/dev/urandom 512
-
-      This would at server startup-time seed the PRNG first with a few bytes
-      from the internal source, plus 16 bytes read from stdout of the
-      `truerand' utility (which is based on the AT&T truerand library and can
-      be found in the mod_ssl distribution under pkg.contrib/), plus up to 512
-      bytes from the /dev/random device (it usually only returns a maximum
-      number of bits of randomness currently contained in the device entropy
-      pool) plus 512 bytes from the /dev/urandom device (which usually returns
-      as many bytes as requested, but of low random-quality). Additionally
-      before any new SSL connection is established the PRNG is again seed from
-      the internal source plus up to 512 bytes from /dev/random and plus 512
-      bytes from /dev/urandom. This should give an adequate seed for the PRNG
-      used for generating the SSL protocol ingredients.
-
-   *) Removed some unneccessary defines for `index' and `rindex'
-      in etc/patch/config.h which caused problems under AIX.
-   
-   *) Changed a misleading sentence about RSAref in INSTALL
-
-   *) Overtake the idea of Apache-SSL 1.30 to log SSL errors also directly
-      after SSL_read/SSL_write. This way those error messages should no longer
-      be missed.
-
-      ____    _ 
-     |___ \  / |
-       __) | | |
-      / __/ _| |
-  __ |_____(_)_| _____________________________________________
-
-  Changes with mod_ssl 2.1.8 (11-Jan-1999 to 21-Jan-1999)
-   
-   *) Added an additional variable REQUEST_SCHEME which can be used for in
-      SSLRequire, RewriteCond, RewriteRule, etc.  to forward or redirect
-      HTTP/HTTPS requests with the incoming URL scheme.
-
-   *) Surrounded ap_hook_[un]register() calls with wrapper macros to
-      implicitly cast the function pointers to void pointers, because strict
-      ANSI C requires this.
-
-   *) Added AP_HOOK_ALL support which can be used to call all registered
-      callback-functions for a hooks, independent of any decline value.
-      This will be used in the future by forthcoming features.
-
-   *) Fixed a potential security hole: Both the SSLMutex and SSLSessionCache
-      files are now created without read access for the group and others.
-
-   *) Fixed a typo in the SSL logfile hints and in the terminal
-      message displayed for the `make certificate' step.
-
-   *) Under Extended API situations we now replace the module magic cookie
-      "AP13" with "EAPI" to let us later distinguish between the EAPI-aware
-      module structures (which contain additional pointers at the end) and
-      standard module structures (which lack at least NULL's for the pointers
-      at the end of the structure). This is important because standard
-      ("AP13") modules would dump core when we dispatch over the additional
-      hooks because NULL's are missing at the end of the module structure. 
-
-      But we now to the following: We allow _both_ types of modules to be
-      loaded by mod_so, but dispatch over the EAPI hooks only when the module
-      magic cookie indicates "EAPI".  This way an Apache+EAPI server can load
-      module DSOs built with a plain Apache. That's important to allow people
-      for instance use mod_coldfusion (which is available only as a pre-built
-      DSO!) or allow the Debian package maintainers to finally build their
-      Apache package with EAPI without the need to upgrade all other module
-      packages at the same time.
-
-   *) The SSLMutex filename now is internally extended to contain the PID of
-      the Apache parent process to make the file unique across different
-      server instances. That's the same approach Apache already uses for the
-      accept mutex lockfile.
-
-   *) We now replace the MODULE_MAGIC_COOKIE ("AP13") with "EAPI" under -DEAPI
-      to make sure that mod_so only loads modules which were really compiled
-      with -DEAPI. Because else NULL's at the end of the module structure are
-      missing, which always will leads to core dumps when the Apache core
-      dispatches over it.
-
-   *) Removed hints to the test suite in INSTALL.Win32 because under this
-      platform there are more test suite problems before the tests can be
-      really reasonable.
-
-   *) Now mod_rewrite's %{XXXX} construct can also "magically" expand all
-      variables known to mod_ssl, i.e.  especially the SSL_XXXX variables.
-      This way you can use the same variables in a RewriteRule or RewriteCond
-      you're used to use in a SSLRequire directive.
-
-   *) Fixed a few type problems in ca-fix.c which caused strict ANSI C
-      compilers (not GCC) to complain and fail.  This especially fixed the
-      problems under AIX 4.2
-
-   *) Fixed a syntax problem GCC and VC++ never complained about: A trailing
-      comma on the last element of an enumeration declaration is not allowed,
-      of course.
-
-   *) Changed the EAPI usage inside mod_log_config.c to no longer store a
-      foreign function pointer (which belongs to mod_ssl) into internal
-      structures (because when mod_ssl is unloaded during restarts they evolve
-      into dangling references).
-
-   *) Cleaned up the verbose output of configure & configure.bat
-      and added also support for -v to configure.bat.
-
-   *) Make sure mod_ssl's configure script stops with an error
-      when Apache's configure (APACI) script stopped with an error.
-
-   *) Overtake the important idea from Khimenko Victor's EAPI variant to
-      _un_register EAPI hooks for the various modules when the module is
-      unloaded (DSO!). Without this dangling references occur inside the EAPI
-      hook lists which can cause core-dumps.
-
-   *) Fixed the %{errstr}c function provided for mod_log_config
-      and let %{errcode}c always expand to "-".
-
-   *) Fixed the self-referencing hyperlink in ssl_overview.html
-
-  Changes with mod_ssl 2.1.7 (06-Jan-1999 to 11-Jan-1999)
-
-   *) Fixed APXS support for configure script: The --with-apxs was broken when
-      `apxs' wasn't in the PATH.
-
-   *) Added hint for DSO/PIC-situation to the INSTALL file.
-
-   *) Changed the "you're speaking HTTP to the HTTPS port" error message from
-      HTTP_INTERNAL_SERVER_ERROR to BAD_REQUEST, because first BAD_REQUEST is
-      more correct and HTTP_INTERNAL_SERVER_ERROR from Apache 1.3.4 on no
-      longer displayed the "error-note".
-
-   *) Now finally use LIBS_SHLIB for APXS support (because Apache 1.3.4's apxs
-      is fixed) and also query the target name and no longer hard-code
-      "httpd".
-
-   *) Upgraded to Apache 1.3.4
-
-   *) Now the client IP and server virtual host id are displayed
-      in addition to the general handshake failure logfile message to make it
-      more meaningful inside the Apache error_log (where no SSL context is
-      given).
-
-   *) Remove the ca-fix "-pathlen 0" option in mkcert.sh when creating the
-      server cert. It's only useful for the CA certs.
-
-  Changes with mod_ssl 2.1.6 (02-Jan-1999 to 06-Jan-1999)
-
-   *) Be even more conservative and correct when aborting a connection: We now
-      set the conn_rec->aborted flag in addition to blocking the
-      connection/socket buffer.
-   
-   *) Added some sort of downgrading support to the logging function to no
-      longer create messages like "(SSLeay error follows)" although no such
-      message follows (because SSLeay has no one). The same is done for the
-      System/errno related messages.
-
-   *) Removed direct fiddling with the BUFF->flags stuff. Instead we now use
-      the API conforming way via ap_bsetflag().
-
-   *) Added timeout support for the SSL handshake phase. The timeout in
-      seconds is the same as configured with the standard Apache "Timeout"
-      directive for the HTTP request phase. This way one can defend against
-      special DoS attacks (where the attacker just establishes a lot of
-      parallel connections but doesn't send data) to the HTTPS port the same
-      way one can already do it for the HTTP ports.
-
-   *) Fixed a display error in the `debug' dump messages and made
-      the debug dumping more robust by explicitly checking for the case where
-      SSLeay gives us either a NULL memory pointer or a memory length of -1.
-
-   *) Fixed the "Exit: ..." trace messages: They wrote out an (unnecessary)
-      additional newline which optically broke the tracing messages.
-
-   *) Fixed the "you're speaking HTTP to the HTTPS port" error handling.
-      mod_ssl caused a core dump of the Apache child because the request
-      processing functions were not aware that a dynamically downgraded (from
-      HTTPS to HTTP) request can exists for error sitiations.
-
-   *) Added the EAPI functions to src/support/httpd.exp which is needed to
-      compile mod_ssl as a DSO under the most non-smart linker: AIX' ld.
-
-   *) Fixed internal `host:port' based identification of virtual servers which
-      caused problems under specific Listen/<VirtualHost> configuration
-      variants where an implicit port was used. Additionally we now no longer
-      patch the server_rec->port variable of Apache. Instead we leave it as is
-      and on-the-fly make our decisions.
-
-   *) Fixed APXS/EAPI-related error message in the configure script.
-
-   *) More OpenSSL support: Recognize the forthcoming `openssl' program in
-      addition to `ssleay' when searching for the command line tool.
-
-  Changes with mod_ssl 2.1.5 (23-Dec-1998 to 02-Jan-1999)
-
-   *) Fixed virtual host configuration merging by removing 
-      the default value for SSLCertificateFile.
-
-   *) Replaced index() (non-POSIX) with strchr() (POSIX) function
-      because it doesn't exists under the Win32 environment.
-
-   *) Fixed SSLPassPhraseDialog argument processing: exec:/path/to/program
-      argument variant was not parsed correctly.
-
-   *) Let EAPI hooks also be added to the APXS generated
-      sample module (`apxs -g -n foo').
-
-  Changes with mod_ssl 2.1.4 (05-Nov-1998 to 23-Dec-1998)
-
-   *) Added the support for OpenSSL (see http://www.openssl.org/), 
-      the Open Source successor of SSLeay. The package name is no longer
-      hard-wired and so both the HTTP Server field and the logfile entries
-      correctly reflect the name OpenSSL, too.
-
-   *) Changed the EAPI hook `rewrite_command' from
-      ``char *(*rewrite_command) (cmd_parms *, const char *)'' to 
-      ``char *(*rewrite_command) (cmd_parms *, void *config, const char *)''
-      to allow modules to also access the config structure.
-
-   *) Added two AddType directives to httpd.conf-dist for
-      loading .crt and .crl files into Netscape Communicator.
-
-   *) Added an entry about the Wassenaar Agreement to the mod_ssl FAQ. In
-      short: both mod_ssl and SSLeay are not affected by the Wassenaar
-      Agreement.
-
-   *) Added a few more backslashes to the INSTALL step-by-step lists
-      to make it more clear which commands are on the same command
-      line and which are separate commands.
-
-   *) Added `Year 2000' and `Netscape Lock Icon' entries to the FAQ and fixed
-      a few layouting bugs in the FAQ.
-
-   *) Lot's of cleanups to make the source more accurate and to remove
-      thread-unsafe stuff. Especially all global mc->rCtx.pConn and
-      mc->rCtx.pServ references are now gone. Additionally the SSLeay app_data
-      facility is used whereever possible to walk from SSLeay data structures
-      to Apache data structures without the need of global variables.
-
-   *) Cleaned up and enhanced the README.GlobalID document with more
-      information about the Global ID stuff with the help of 
-      additional hints from Dr Stephen N. Henson.
-
-  Changes with mod_ssl 2.1.3 (03-Nov-1998 to 05-Dec-1998)
-
-   *) Added APXS support: By using the --with-apxs option you can now easily
-      upgrade the libssl.so file through a stand-alone build process as long
-      as you actually use DSO and EAPI doesn't change. In other words, a
-      simple `./configure --with-apxs=/path/to/apache/sbin/apxs
-      --with-ssleay=/path/to/your/ssleay; make install' can be used to upgrade
-      the /path/to/apache/libexec/libssl.so.
-
-   *) Added support documenation, programs and scripts for the `Global Server
-      ID' facility as README.GlobalID, pkg.contrib/gid-mkcert.sh,
-      pkg.contrib/gid-tagcert.c and pkg.contrib/loadcacert.cgi. This way
-      people can setup their own private `Global Server ID' stuff :)
-
-   *) Allowed SSL renegotiations initiated by the client.
-      This especially adds support for Verisign's `Global Server ID' facility
-      where Netscape Communicator does a renegotiation to upgrade the SSL
-      connection parameters (the cipher) from 40-bit to 128-bit encryption.
-
-   *) Fix typo in httpd.conf-dist: `</Location />' -> `</Location>'
-
-   *) Added new README.dsov.{fig,ps} files: They are intended for those people
-      who want to hack theirself inside the mod_ssl source. The figure
-      provides two diagrams which show the lifetime and chaining of the
-      various Apache, mod_ssl and SSLeay data structures which are used inside
-      mod_ssl.
-
-   *) Cleaned up some documents.
-
-   *) Cleaned up ssl_engine_compat.c a little bit more...
-
-  Changes with mod_ssl 2.1.2 (30-Nov-1998 to 03-Dec-1998)
- 
-   *) Let `httpd -V' show `-D EAPI', too.
-
-   *) Fixed again the DBM library determination inside libssl.module: A syntax
-      error caused the fallback (SDBM) to be never used which leaded to
-      problems on systems where no DBM library exists.
-
-   *) Added a check to libssl.module: It now complains with
-      a warning when SSLeay 0.8 is used because of the known problems (core
-      dumps on large files, etc.) with these versions.
-
-   *) Slightly changed mod_ssl's configure hints displayed as the last step.
-
-   *) Removed internal OPTIONAL_SSL stuff which was inherited from Apache-SSL.
-      I currently cannot see a good reason for allowing subrequests to disable
-      SSL, so kick out this stuff.
-
-   *) Extended Chapter 5 (FAQ List) of the User Manual.
-
-   *) Added the Website META Language (WML) sources for the User Manual to the
-      distribution: This way all sources are available to the user community.
-     
-   *) Removed one last reference to SSLCACertificateReqFile inside the 
-      httpd.conf-dist file.
-
-  Changes with mod_ssl 2.1.1 (17-Nov-1998 to 30-Nov-1998)
-
-   *) Fixed typos in pass phrase dialog.
-
-   *) Added support to APACI for overriding the conf/ssl.crt/server.crt
-      default certificate path.
-
-   *) Added another logging level `trace' (between `info' and `debug')
-      and converted all existing `debug' messages to this level.  Additionally
-      the internal SSLeay processing is now logged to this level, too.  The
-      `debug' level now consists of deepest-level I/O dumps where you can even
-      see every read/write byte on the BIO (the buffer above the SSL record
-      layer).
-
-   *) Changed buffer I/O: Previously NO_WRITEV was forced
-      because there is no real SSL_writev() available.  But the drawback of
-      this was that writev() (which nevertheless is available on mostly all
-      platforms) wasn't used for non-SSL requests. The result was bad network
-      I/O performance when Apache was built with EAPI/mod_ssl. This is now
-      changed: When writev() is available it is used for non-SSL requests
-      (this way we gain maximum performance) while for SSL requests the output
-      is still done via SSL_write().
-
-   *) Fixed DBM library determination and build. This especially fixed the
-      problems with DSO support under Linux platforms where libdbm was
-      previously not linked against libssl.
-
-   *) Added a README.Patents document to the distribution
-      which tries to explain some RSA patent issues.
-
-   *) Fixed Thawte sxnet stuff to work with recent EAPI changes.
-
-   *) Fixed documentation: X.509 field was incorrect: SP -> ST.
-
-   *) Fixed SSL support for mod_proxy: It was broken because
-      the "ssl_enable" ctx-flag was set too late.
-
-   *) Ported a recent change in Apache-SSL 1.29 to mod_ssl:
-      ``Send CA list to client when SSLCACertificatePath is used (this was
-      only done for SSLCACertificateFile up to now)''. I've implemented it
-      with a new ssl_init_FindCAList() function in ssl_engine_init.c where the
-      main difference is that it _merges_ the list entries from both
-      directives together while in Apache-SSL the SSLCACertificatePath would
-      override the SSLCACertificateFile for this list generation. I use them
-      in parallel for the list generation (by merging their entries) because
-      they are used in parallel by SSLeay under the verification process, too.
-      Additionally I've now removed SSLCACertifiateReqFile because it was
-      oversize.
-
-   *) Added a similar SSL_accept() check as was recently added to Apache-SSL
-      1.29, but in a different way: Under the SSL_ERROR_ZERO_RETURN error
-      don't log it as an error. A "info"-level log entry is enough.
-    
-   *) Extended the Compatibility chapter of the User Manual to now also
-      contain information about environment variable derivation.
-
-   *) Overhauled the SSL part in the http.conf-dist file.
-
-   *) Fixed pkg.sslcfg/ssl.key/server.key: It contained a dummy key 
-      instead of the intended dummy text "THIS FILE SHOULD ...".
-
-   *) Fixed httpd.conf-dist: The SSLRequire is only allowed in
-      <Location> or <Directory> sections there.
-   
-   *) Fixed documentation: sign.sh instead of ca.sign, SSLRequire uses
-      braces and not parenthesis for word groups, etc.
-   
-   *) Use the commonly used .crt extension also in the sign.sh script
-
-   *) Fixed backward compatibility code: half-way matching could occur (Sioux'
-      "RequireSSL" matched the correct "SSLRequireSSL" and leaded to
-      "SSLSSLRequireSSL") and the SSLRequireCipher/SSLBanCipher directives
-      were not matched correctly.
-
-   *) Don't do I/O read-aheads in SSLeay under Win32 because it's not safe
-      for this platform (we use select() there).
-
-   *) Fixed two memory leaks in ssl_engine_var.c by copying over
-      malloc-allocated buffers from X509_NAME_oneline() to Apache
-      pool-allocated buffers.
-
-   *) Fixed RSAref handling: the -L path to the librsaref.a library 
-      file was configured incorrectly (a bogus "/lib" was there)
-
-   *) Fixed some ANSI C portability issues which popped up with IRIX vendor
-      compiler while good-old GCC was happy. This way other compilers should
-      be quiet now, too.
-
-   *) Added notice and workarounds for RSAref portability problem to the
-      INSTALL document. This is especially important to people using platforms
-      with non-Intel CPUs (like the Alpha-boxes of DEC).
-
-  Changes with mod_ssl 2.1.0 (15-Nov-1998 to 17-Nov-1998)
-
-   *) Updated all distribution documents for the final release.
-
-   *) Fixed configure.bat script: It failed for version strings like 2.1.0 (no
-      "b" for beta contained), failed to patch Apache's src/Makefile.nt file
-      correctly and used not necessary options in nmake calls.  Additionally
-      it now creates .orig files for the patched DevStudio Makefiles, too.
-
-  Changes with mod_ssl 2.1b9 (04-Nov-1998 to 15-Nov-1998)
-
-   *) Replaced the pkg.ssldoc/* stuff with the new mod_ssl 2.1 User Manual.
-
-   *) Fixed patching of Makefile.nt under Win32.
-
-   *) Changed test `-e' option to more portable `-r' option.
-
-   *) Fixed again the init round handling: The SSLeay initialization
-      has to be done _every_ time under DSO/DLL situation because
-      there SSLeay is part of the mod_ssl DSO/DLL which is re-loaded.
-
-   *) Under DSO situation the LoadModule directive for libssl.so
-      is now surrounded by <IfDefine SSL>, too. This way when
-      -DSSL is not used not even the module is loaded.
-
-   *) Replaced the last global var (ssl_ModConfig) with an ap_global_ctx
-      based approach. This way thread-safety for Win32 and Apache 2.0 
-      can be made more easily.
-
-   *) Added compile time check for EAPI: 
-      mod_ssl now can only be compiled when EAPI is active.
-
-   *) Forward port from 2.0 branch:
-      Now SSLVerifyDepth defaults to 1 and this means the client certificate
-      has to be signed directly by the root CA. The verify depth now is the
-      max number of CAs which are checked: 0 = self-signed only, 1 =
-      self-signed or signed by root-CA, 2 = signed by root-CA or signed by a
-      CA which is signed by the root-CA, etc.
-
-   *) Forward port from 2.0 branch:
-      Now SSLSessionCacheTime defaults to 300s.
-
-   *) Forward port from 2.0 branch:
-      Fixed RSAref instructions in INSTALL file and added more support for
-      implicitly finding the RSA_BASE to the libssl.module script.
-
-   *) Added a SSL_COMPAT configuration rule which is enabled per
-      default. But when you disable it via --disable-rule=SSL_COMPAT the
-      backward compatibility code is not build into mod_ssl.  This provides a
-      little bit better performance for those people who don't need the compat
-      stuff. 
-
-   *) Removed the patch from mod_auth.c by not spreading the -I option for
-      SSLeay. Because with the EAPI only the mod_ssl needs to include SSLeay
-      headers. So we no longer have a conflict with the vendors
-      crypt.h stuff ;-)
-
-   *) Moved the patch from ap_config.h into libssl.module.
-
-   *) Overhauled the mod_ssl distribution tree: Now four packages exists
-      (eapi, sslmod, ssldoc, sslcfg, sslsup) and each contains the patches and
-      corresponding files. Especially the EAPI stuff is now stand-alone and
-      doesn't contain any crypto-related stuff.
-
-   *) Fixed version parsing in configure.bat script (Win32)
-
-   *) Fixed default value for SSLCertificateFile directive.
-
-   *) Added real contents for the environment variable mapping. Now all
-      Apache-SSL 1.x and mod_ssl 2.0.x and the most important Stronghold 2.0.x
-      variables (the ones corresponding to certificate DN fields) are mapped
-      to mod_ssl 2.1 variables.
-
-   *) Added on-the-fly mapping for the Apache-SSL 1.x and mod_ssl
-      2.0.x SSLRequireCipher and SSLBanCipher directives.
-
-   *) Added a useful SSL_CIPHER_EXPORT variable.
-
-   *) Fixed compatibility on-the-fly directive mapping: Now comment and blank
-      lines are correctly recognized by the mapping mechanism so the user no
-      longer gets confusing warnings about obsolete directives when they still
-      occured in comments.
-
-   *) Fixed complex situation where the SSL logfile cannot be opened but the
-      error message should be still logged: to the Apache general error log.
-
-   *) Forward port from 2.0 branch:
-      Make sure the mkcert.sh can only be used by `make certificate' _inside_
-      the Apache source tree.
-
-  Changes with mod_ssl 2.1b8 (30-Oct-1998 to 04-Nov-1998)
-
-   *) Replaced the per-server context Fake-Basic-Authentication stuff with a
-      per-directory mechanism which can be now enabled on-demand and on a
-      per-directory basis with `SSLOptions +FakeBasicAuth'. This way the
-      `Cert-Subject-DN to Basic-Auth-Username' mapping is more useful to the
-      users. The SSLFakeBasicAuth directive was removed. But the mod_ssl
-      compatibility code automatically maps Apache-SSL's `SSLFakeBasicAuth'
-      directive to `SSLOptions +FakeBasicAuth' on-the-fly.
-
-   *) Added support for exporting the client and server certificates
-      (not the CA chain; currently only the end certificates) via `SSLOptions
-      +ExportCertData' in PEM format through the environment variables
-      SSL_SERVER_CERT and SSL_CLIENT_CERT.  This way we bloat up the
-      environment with certificate stuff only on demand. Additionally the
-      mod_ssl compatibility code automatically maps Apache-SSL's new
-      `SSLExportClientCertificates' directive to `SSLOptions +ExportCertData'
-      on-the-fly.
-
-   *) Added backward compatibility mappings for environment variables
-      of Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x (where
-      possible). This can be now enabled by the user on-demand via `SSLOptions
-      +CompatEnvVars' - typically inside the .htaccess context of a CGI
-      script. This way we bloat up the environment with compat stuff only on
-      demand.
-
-   *) Added a generic `SSLOptions [+-]option [...]' directive which can be
-      used in the `Options' context, i.e. _everywhere_. It is intended to
-      control various SSL engine parameters.
-
-   *) Enhanced the `make depend' author Makefile target: Now dependencies are
-      also generated for .lo files (DSO object files). This way Make recogizes
-      the dependencies also under the DSO situation.
-
-   *) Now under `make certificate' an interactive prompt is given which asks
-      whether the private key should be encrypted (the default) or not.  This
-      way it's a little bit easier to setup test servers, at least for me ;-)
-
-   *) Make sure all filenames can be ServerRoot relative _and_ get checked for
-      existence directly inside the directive handlers (and not under
-      request-time).
-
-   *) Changed per-directory directives SSLRequireSSL and SSLRequire from
-      `FileInfo' to `AuthConfig' context (see AllowOverride), because they are
-      really authentication directives.
-
-   *) Replaced hard-coded r->server->is_virtual and similar checks with more
-      API-like ap_check_cmd_context()-based checks. Also added some more
-      configuration checks to make sure directives cannot be placed into the
-      wrong context.
-
-   *) Added a special kludge for the GCC+DSO situation to libssl.module: Under
-      some platforms (like Solaris) libssl.so has to be explicitly linked
-      against the libgcc.a in order to resolve internal symbols.
-
-   *) Made a lot of coding style cleanups in the ssl_expr_*.c sources.
-
-   *) Fixed a nasty bug in ap_hook_use() and ap_hook_call().
-
-   *) Backport from 2.0 branch:
-      Upgraded to included Thawte Strong Extranet sources (ssl.contrib/sxnet/)
-      from version 1.2.2 to the current 1.2.3.
-
-   *) Backport from Apache-SSL:
-      Incorporation of recent Base64 (uuencode) encoding bugfixes.
-
-   *) Added more hints about EAPI and upgrade problems with DSO/DDLs
-      to the INSTALL and INSTALL.W32 files.
-
-   *) Changed the building of mod_ssl under Win32 from static (.LIB)
-      to dynamic (.DLL), i.e. mod_ssl is now build as a stand-alone Win32 DSO
-      (DLL in Windows terms) containing SSLeay instead of statically linked
-      into the apache.exe binary.
-
-  Changes with mod_ssl 2.1b7 (09-Oct-1998 to 30-Oct-1998)
-
-   *) Fixed DBM access stuff: An invalid argument was given by the
-      NDBM emulation layer of DB under FreeBSD 2.2.6.
-
-   *) Moved all Crypto/SSL stuff from mod_log_config.c, mod_proxy.c and
-      proxy_http.c to the new ssl_engine_ext.c file. Now SSLeay is _ONLY_
-      needed for linking the mod_ssl code itself. There is no more any SSLeay
-      symbol reference outside mod_ssl.
-
-   *) Rewrote the ap_hook mechanism to provide support for loosly coupling
-      modules together, too. Also support is now provided for up to 8
-      arguments in function signatures.
-
-   *) Added support for a SSL Product ID. To the mod_ssl/x.x.x-y.y.y 
-      string inside libssl.version you now can append a string <product>/x.x.x
-      and then you get -DSSL_PRODUCT=<hex-value-of-x.x.x>,
-      -DSSL_PRODUCT_NAME="<product>", -DSSL_PRODUCT_VERSION="x.x.x" and a HTTP
-      Server field similar to this one: ``Server: Apache/1.3.3 (Unix)
-      MyStuff/1.0.0 mod_ssl/2.1b7 SSLeay/0.9.0b''. This can be used by RH SWS
-      or the other forthcoming mod_ssl based SSL product to add the version
-      string without patching ;-)
-
-   *) The ca-fix tool is now generated at the `make certificate' step
-      on-demand only because it's only needed here. And when mod_ssl is not
-      enabled this tool cannot be build at all (no SSLeay stuff known).
-
-   *) Created a new ssl_engine_io.c source file which now contains
-      all I/O and buffer related code, i.e. the new EAPI-based stuff plus
-      the Win32/SSLeay functions for buffer I/O.
-
-   *) Because with the help of the EAPI we were now able to add Dynamic Shared
-      Object (DSO) support for mod_ssl. For this the
-      src/modules/ssl/Makefile.tmpl, src/modules/ssl/libssl.module and
-      top-level configure files were adjusted.
-
-   *) Replaced SSL code inside mod_log_config.c with EAPI based
-      code which mainly tries to lookup mod_ssl variables. For this the
-      ssl_engine_vars.c stuff now exports the ssl_var_lookup() function as the
-      "ssl::var::lookup" hook.
-
-   *) Replaced all hard r->connection->client->ssl references with the
-      now loosely based ap_ctx_get(r->connection->client->ctx, "ssl").
-
-   *) SSL patches -> Generic Extended API patches:
-      Completely rewrote the Apache code patches: Instead of patching in SSL
-      specific hooks we now patch in an Extended API which provides mainly the
-      following new features:
-
-      - generic low-level hooks mechanism:
-        ap_hook_{init,kill},
-        ap_hook_{configure,register,unregister},
-        ap_hook_{configured,registered,call}
-
-      - buffer hooks:
-        ap::buff::{read,write,recvwithtimeout,sendwithtimeout}
-
-      - generic context mechanism:
-        ap_ctx_{new,set,get}
-
-      - structure context variables:
-        BUFF->ctx, conn_rec->ctx, request_rec->ctx, server->ctx
-        ap_global_ctx
-
-      - four new high-level module hooks: 
-        add_module, remove_module, 
-        rewrite_command, new_connection
-    
-      - a new function ap_add_config_define() which does what
-        option -D does on the command line.
-
-   *) Added new backward compatibility stuff to ssl_engine_compat.c:
-      We use wildcard configuration directive handlers which are used by us to
-      provide backward compatibility to old obsolete directives via on-the-fly
-      mapping. Those wildcard handlers are an additional (patched in)
-      functionality inside the Apache core, of course ;-)
-
-   *) Renamed snakeoil.{crt,key} to snakeoil-ca.{crt,key} and created a real
-      dummy server certificate/key pair as snakeoil.{crt,key} which is now
-      used under `make certificate TYPE=dummy'. This fixes the recently
-      occured problem where Netscape rejected the dummy certificates because
-      they had the CA flag set.
-
-   *) Fixed CRYPTO_malloc_init() call for Win32 environment.
-
-   *) Added a small stand-alone patch.exe (v2.1) to etc/patch/ for the Win32
-      port. This is now used per default by configure.bat, but the user can
-      override it with --with-patch=FILE as under Unix. This way the patching
-      problems caused by incompatible patch utils should be solved.
-
-   *) Fix pathname seperators (slashes) in Win32's configure.bat script
-      and make configure.bat script accept also Perl 5.003 because 5.004 is
-      not really needed.
-
-   *) Fix `uchar' redefinition problem under AIX.
-
-   *) Now a warning is done when HTTPS is configured on a HTTP port.
-
-   *) Added configuration parameter checks for various the directives.
-
-  Changes with mod_ssl 2.1b6 (01-Oct-1998 to 09-Oct-1998)
-   
-   *) Added a --expert option which disables the user hint messages.
-      This can be used by package maintainers to get rid of the final
-      configure messages.
-
-   *) Forward port from 2.0 branch:
-      Recreated the Snake Oil CA certificate: it's now a X.509 v3
-      certificate with the CA flag set and pathlen 0.
-
-   *) Forward port from 2.0 branch:
-      With special permission from Dr Stephen N. Henson his excellent ca-fix
-      program was now added to src/support/ and is used by
-      src/support/mkcert.sh (`make certificate') to fixup the generated
-      certificates. Especially X.509 v3 certificates can be now generated
-      where nsCertType and CA pathlen is correctly set. Additionally `ssleay
-      verify' and `ssleay ... -modulus' checks are performed to make sure the
-      generated certificates are valid.
-
-   *) Forward port from 2.0 branch:
-      Fixed portability problems with prop.sh aux script.
-
-   *) Fixed SSLeay memory setup for Win32 environment.
-
-   *) Upgraded to Apache 1.3.3.
-
-   *) Added a --force option to mod_ssl's configure script to let developers
-      apply mod_ssl also to different Apache versions (especially 1.3.x-dev
-      versions).
-
-  Changes with mod_ssl 2.1b5 (17-Sep-1998 to 01-Oct-1998)
-
-   *) Created a configure.bat script which tries to resemble the
-      Unix configure script. Enhanced the INSTALL.W32 document.
-
-   *) Incorporated the third feeback for the Win32 port from
-      Trung Tran-Duc <trung.tranduc@prague.ixos.cz>.
-
-   *) Incorporated the second cut of the Win32 port from
-      Trung Tran-Duc <trung.tranduc@prague.ixos.cz>. Now the buffer code is
-      finally SSL-aware and a Makefile.nt is provided to build the mod_ssl
-      sources into a DLL.
-
-   *) Replaced some ugly hacking for SSL_CLIENT_CERT_SERIAL
-      by a more safe and straight-foreward BIO based approach.
-      Additionally replaced BIO_ctrl stuff with BIO_pending.
-
-   *) Use a more graceful shutdown approach when the SSL handshake
-      or re-negotiation fails instead of immediately dropping the socket
-      communication.
-
-   *) Cleaned up the log messages and levels.
-
-   *) Fixed the "SSLVerifyType optional_no_ca" situation: The situation
-      has to be checked against more SSLeay errors, because under SSLv3
-      certificate chain loading leads to the presentation of the client CA
-      certs, too. Here SSLeay gives different errors.
-
-   *) Replaced the first cut of the `Recognize HTTP to HTTPS port' stuff with
-      the real (=clean) variant which doesn't use SSLeay internal hex values,
-      etc.
-
-   *) Upgrade from Apache 1.3.1 to Apache 1.3.2
-
-   *) Forward-port from 2.0 branch:
-      Changed HTTPS support in mod_proxy: the ap_proxy_http_handler() function
-      is (illegally because of DSO, of course) called used by third-party
-      modules (like Apache::Proxy). So make make sure we don't change the
-      signature of this function.
-
-   *) Forward-port from 2.0 branch:
-      Added answer to FAQ `Why is client auth broken after upgrading from
-      SSLeay 0.8 to 0.9'. Because of the changed hash algorithm used for the
-      symlinks.
-
-   *) Forward-port from 2.0 branch:
-      Now when `make certificate TYPE=custom' is used the generated
-      ca.crt/ca.key files are installed, too.
-   
-   *) Forward-port from 2.0 branch:
-      Make sure mkcert.sh removes temporary files after work.
-
-   *) Enhanced the ssl.crt/Makefile: now <hash>.N extensions are
-      created when conflicts occur and not only <hash>.0 
-
-   *) Included a first cut of a port to the Win32 platform by
-      courtesy of Trung Tran-Duc <trung.tranduc@prague.ixos.cz>.  Up to know
-      these are only source changes to make it compile under Win32. No support
-      for the build process itself (Makefiles, etc.). But the port already
-      runs on Trung's Windows NT box.
-
-   *) Forward port from 2.0 branch:
-      Enhanced the INSTALL file: Now an example section describes the
-      installation with mod_perl and PHP3. Beside this some bugs were fixed
-      and some more NOTEs were added.
-
-  Changes with mod_ssl 2.1b4 (08-Sep-1998 to 17-Sep-1998)
-
-   *) Now mod_ssl is more friendly to the typical user error: Using HTTP
-      instead of HTTPS to access an SSL-server. In the past the client has
-      just seen an I/O error which often confused a lot of people (including
-      the author of mod_ssl ;-). Now when the SSL_accept of SSLeay fails
-      mod_ssl recognizes the fact that SSLeay already recognized the HTTP
-      protocol. Then mod_ssl does a trick: It does some sort of a request
-      roll-back: It reads the remaining bytes of the request, fakes it with an
-      own error-request, lets Apache process this error-request and finally
-      puts out a HTML error page with a clear description of the problem plus
-      a hyperlink to the HTTPS URL. Currently this check works only with
-      SSLeay 0.9 until the error code determination can be made more general.
-
-   *) Fixed session cache timeout calculation.
-
-   *) Fixed session cache DBM file initialization.
-   
-   *) Forward port from 2.0 branch:
-      Make the SSL_HOOK_SetupConnection more robust. 
-
-   *) Forward port from 2.0 branch:
-      Added checks to APACI to automatically disable DSO for mod_proxy and
-      mod_log_config when SSL is used (because they have to be built against
-      SSLeay which is not supported in Apache 1.3.1). But we allow the user to
-      explicitly use --enable-shared=.., but then at least he gets a warning.
-      This way we protect the average user but don't hurt the experts.
-      Especially with Apache 1.3.2 the experts want to use
-      --enable-rule=SHARED_CHAIN for linking the DSO's against SSLeay.
-
-   *) Forward port from 2.0 branch:
-      Renamed `aux' directory to `etc' because `aux' is a special name under
-      Windows filesystems (and people at least wanted to extract the stuff
-      under windows).
-
-   *) Forward port from 2.0 branch:
-      Added Thawte's Strong Extranet module (mod_sxnet.c) to
-      the ssl.contrib area. This module can be used together
-      with mod_ssl.
-
-   *) Forward port from 2.0 branch:
-      In order to
-      - reduce the confusion with sslcerts/server.pem and sslkeys/server.pem
-      - provide less-problematic non-self-signed certificates on `make certificate'
-      - prepare for mod_ssl 2.1 and the forthcoming client auth & CA scripts 
-      the following cleanups were done:
-
-      1. The files for the SSL certificate system are now stored in the
-         following thee subdirs of the configuration directory:
-         ssl.crt/ ...... contains the X.509 certificate(s)
-         ssl.csr/ ...... contains the X.509 certificate signing requests(s)
-         ssl.key/ ...... contains the RSA private key(s)
-         Each directory contains a README file which describes the purpose and
-         the contents.
-
-      2. A ssl.crt/snakeoil.crt and ssl.key/snakeoil.key demo CA certificate
-         and key is distributed with mod_ssl which is used to sign the test
-         certificates the `make certificate' target creates.  This avoids the
-         problems with MSIE users because MSIE doesn't like self-signed
-         server-certificates very well.
-
-      3. A ssl.crt/ca-bundle.crt is now installed (but not enabled!) which
-         contains all 33 CA root certificates of known public CAs.  They were
-         extracted from Netscape Communicator 4.06 with my certbundle stuff.
-
-      4. The `make certificate' command now can create four types
-         of certificate setups:
-         $ make certificate TYPE=dummy    (dummy self-signed Snake Oil cert)
-         $ make certificate TYPE=test     (test cert signed by Snake Oil CA)
-         $ make certificate TYPE=custom   (custom cert signed by own CA)
-         $ make certificate TYPE=existing (existing official cert)
-                CRT=/path/to/your.crt
-                [KEY=/path/to/your.key]
-         The default is TYPE=test which is equivalent to the old `make
-         certificate' with the exception that now the generated certificate is
-         no longer a self-signed one.  This overview text is also now
-         displayed under built-time.  When KEY is missing it is assumed that
-         it's present in the file from CRT and is extracted from there.
-
-      5. For consistency with 4.) the mod_ssl configure script now
-         uses --with-crt=FILE and --with-key=FILE options. When
-         --with-key is missing it is assumed that it's present in
-         the file from --with-crt and is extracted from there.
-
-   *) Forward port from 2.0 branch:
-      Changed the <VirtualHost> example in the conf/httpd.conf-dist file so it
-      now uses _default_ instead of the server name. This is more portable and
-      totally sufficient for our default configuration where only one virtual
-      host is present.
-
-   *) Fixed INSTALL document: rsaref.a has to be copied to librsaref.a
-
-   *) Totally revised my mod_sslcompat idea because it's not really
-      practical to have the backward compatibility stuff outside the standard
-      mod_ssl code. Another reason is that by including it again into the
-      mod_ssl stuff the code gets easier.
-
-   *) Fixed pass phrase dialog: The server name was always displayed
-      for a new pass phrase. 
-
-   *) Added support for the idea of SSL_CLIENT_CERT_CHAIN<N> variables (Mark
-      Shuttleworth, Thawte Consulting) which enables CGI scripts to verify the
-      client certificate chain up to the root:
-      SSL_CLIENT_CERT_CHAIN_0 = end entity cert
-      SSL_CLIENT_CERT_CHAIN_1 = issuer cert
-      SSL_CLIENT_CERT_CHAIN_2 = issuer's issuer cert ...
-      But because of problems with system resource limits this is currently
-      disabled.
-
-   *) Added support for automatically determining the DBM library. 
-      When a vendor DBM library is available we now use this one (because
-      typically this is a better and faster one than SDBM).  Only when no
-      vendor DBM library could be found we fallback to our built-in SDBM
-      library (which is slow, but portable).
-   
-   *) Splitted the mod_ssl.html document into smaller parts for easier
-      reading and maintaining. Same for the CHANGES file. The entries for
-      mod_ssl 2.0.x are now stores in CHANGES.20 while mod_ssl 2.1bx entries
-      are staying in the CHANGES file.
-
-   *) Fixed some pre-processor and variable declaration inconsitencies 
-      which forced portability problems under some non-GCC compilers.
-
-  Changes with mod_ssl 2.1b3 (06-Sep-1998 to 08-Sep-1998)
-
-   *) Removed a few unneccessary local buffer usages in the mod_ssl-related
-      code in mod_log_config.c.
-
-   *) Updated the documentation for the recent changes, especially for the new
-      SSLRequire directive and the new provided CGI/SSI variables. I've now
-      also added a new FAQ which tries to explain why SSL cannot be used
-      together with name-based virtual hosts (IP-based virtual hosts have to
-      be used).
-
-   *) Fixed ssl_log() (the function which is used produce all kinds of
-      SSL logfile messages): It failed for messages with "%" because
-      it insecurely used fprintf at some points.
-
-   *) Added --quiet|-q, --verbose|-v and --help|-h options to mod_ssl's
-      `configure' script for controlling the verbosity and for more user
-      friendlyness.
-
-   *) Now the mod_ssl `configure' script creates a `config.status' script as
-      APACI does. This can be used for re-configuring mod_ssl the same way one
-      does it for Apache.
-
-   *) The top-level APACI Makefile now gives a hint for `apachectl start-SSL'
-      (which internally uses the `httpd -DSSL' command).
-
-   *) Now on `make certificate' the hash symlinks in conf/sslcerts/ are
-      generated via the provided Makefile instead of directly linking (which
-      fails under some platforms).
-
-   *) Added boolean expression scanning/parsing/evaluation as ssl_expr_*
-      sources and a new SSLRequire directive which now uses this
-      functionality.  This directive can be used in both per-server and
-      per-directory context and has the syntax ``SSLRequire <expr>'' where
-      <expr> is defined as:
-
-        expr     ::= "true" | "false" 
-                   | "!" expr
-                   | expr "&&" expr
-                   | expr "||" expr
-                   | "(" expr ")"
-                   | comp
-        comp     ::= word "==" word | word "eq" word
-                   | word "!=" word | word "ne" word
-                   | word "<"  word | word "lt" word
-                   | word "<=" word | word "le" word
-                   | word ">"  word | word "gt" word
-                   | word ">=" word | word "ge" word
-                   | word "in" "{" wordlist "}"
-                   | word "=~" regex
-                   | word "!~" regex
-        wordlist ::= word 
-                   | wordlist "," word
-        word     ::= digit
-                   | cstring
-                   | variable
-                   | function
-        digit    ::= [0-9]+
-        cstring  ::= "..."
-        variable ::= "%{" [a-zA-Z][a-zA-Z0-9_-]* "}"
-        function ::= funcname "(" funcargs ")"
-
-      Here for %{XXXX} mostly _all_ possible server variables can be looked
-      up: the standard CGI variables, the SSL CGI variables, the internal
-      variables known from mod_rewrite, etc. pp. The intent is the following:
-      With <expr> one can specifiy an arbitrary complex boolean expression
-      which is evaluated under runtime. When it evaluates to "true" access for
-      the current request is granted. If it evaluates to "false" access for
-      the current request is denied. The main use for this is for flexible
-      certificate screening (because one can lookup all certificate X.509
-      fields via %{SSL_CLIENT_xxx}). But it can be used for other
-      authentication schemes, too.
-
-      This is now the general authentication workhorse. With it we were able
-      to remove the too special SSLRequireCipher and SSLBanCipher directives
-      because their functionalities are just special cases of a boolean
-      expressions:
-
-      SSLRequireCipher C1 C2 ... => SSLRequire %{SSL_CIPHER} in ("C1", "C2", ...)
-      SSLBanCipher     C1 C2 ... => SSLRequire not %{SSL_CIPHER} in ("C1", "C2", ...)
-
-      For mod_ssl 2.1.0 (the release version) the above mapping will be done
-      automatically on the fly by the backward-compatibility code.
-
-   *) Removed the __SSLeay prefix inside the source now that the function
-      prefixes are documented in the README file.
-
-  Changes with mod_ssl 2.1b2 (02-Sep-1998 to 06-Sep-1998)
-
-   *) Added the first cut of HTTPS support for the proxy module. This is
-      currently done by making the generic HTTP handler SSL-aware. But it
-      still doesn't provide support for client or server authentication nor
-      does it provide a way to configure it. Later we'll add perhaps
-      SSLProxyXXXXX directives to allow the users to configure the SSL client
-      inside the proxy.  But beside this it's full functional. One can use it
-      for proxying https://xxx URLs and also use `ProxyPass https://xxxx'.
-      (the sources of SSLeay's s_client and cURL were my friends ;-)
-
-   *) Replaced old kludges in mod_log_config.c and mod_ssl sources to
-      determine SSL protocol name with the clean SSL_get_version() which
-      already exists in SSLeay 0.8 and 0.9.
-
-   *) As a of the new ssl_var_lookup() the function ssl_ExpandCert() with the
-      old less-portable and unclean parsing stuff (parsed the DN into the
-      fields on a string basis instead of correctly determining the fields
-      from SSLeay structures) was kicked out and the environment annotation is
-      now done with generic variable lookups. 
-
-   *) Added a new source file named ssl_engine_vars.c which contains
-      a waterfall approach to expanding arbitrary server+SSL variables.  The
-      main function is ssl_var_lookup() which can operate in different
-      contexts. The idea is to resolve information mainly through this
-      function when it's required. Currently the usage is: logfile entries,
-      environment annotation. In the future this will be also used for the
-      SSLRequire directive.
-
-   *) Cleaned up the API command configuration and shortened the code by using
-      #defines. Additionally removed the polymorphic command handling
-      functions with real ones (less pointer arithmetic and preparation for
-      more config-time syntax checks).
-
-  Changes with mod_ssl 2.1b1 (26-Aug-1998 to 02-Sep-1998)
-
-   *) Again completely rewrote the pass phrase handling. This time because the
-      recent dicussions on the sw-mod-ssl mailing lists showed that the direct
-      caching of pass phrases under run-time and the forcing of the
-      administrator to use a single pass phrase for all private key files is
-      not really reasonable. Now the pass phrase handling looks this way:
-
-      1. A directive `SSLPassPhraseDialog builtin|exec:/path/to/program'
-         is used for configuring the pass phrase dialog. The `builtin' is a
-         terminal based dialog while `exec:/path/to/program' runs an external
-         program (which gets `servername:port' as the argument for which the
-         pass phrase has to be given on stdout).
-
-      2. The `builtin' terminal dialog is now a lot different:
-         First it detacts wrong pass phrases and gives reasonable error
-         messages and second it uses Holger Reif's maximum-reuse idea for the
-         pass phrase query:
-
-         When a private key file is encrypted, all known pass phrases (at the
-         beginner there are none, of course) are tried. If one of those known
-         pass phrases succeeds no dialog pops up for this file.  If none
-         succeeded, another pass phrase is queried and remembered for the next
-         round (where it perhaps can be reused).  This scheme allows mod_ssl
-         to be maximum flexible (because for N encrypted private key files you
-         _can_ use N different pass phrases - but then you have to enter all
-         of them, of course) while minimizing the dialog (i.e.  when you use a
-         single pass phrase for all N private key files this pass phrase is
-         queried only once).
-
-      3. After the pass phrase dialog the temporarily remembered pass phrases
-         are immediately wiped out from memory. Instead only the
-         SSLeay-internal representation of the RSA private key and the X.509
-         certificate are stored (as SSLeay already does itself). For this a
-         per-module global configuration pool is used which survives Apache
-         server restarts. This means that Apache will again no longer fall
-         down on restarts.
-
-   *) Beside the per-directory and per-server context configurations 
-      we now use a per-module global configuration pool which survives both
-      the Apache API 2nd init round and server restarts. This is done by using
-      an own permanent memory sub-pool. The idea for this tricky approach
-      which came from Philip Gwyn. This global configuration pool now holds
-      _all_ previous global variables (ssl_g_xxx). This way mod_ssl now uses
-      only a single global variable.
-
-   *) Added ssl_engine_ds.c source which contains new data structures (array
-      and table) which are based on Apache's API arrays but can contain
-      arbitrary data (important especially for the tables).
-
-   *) Removed all explicit ap_clear_pool() calls which are no longer
-      necessary because we already got rid of the gcache stuff
-      which required it.
-
-   *) Moved all pass phrase handling stuff into own file ssl_engine_pphrase.c
-      source file
-
-   *) Now the error messages which are duplicated to the general
-      Apache error logfile are prefixed with "mod_ssl:" there to
-      indicate from where they come.
-
-   *) Forward-port from 2.0.6: Added RSAref support for the US-citizens:
-      mod_ssl now automatically recognizes an SSLeay compiled with -DRSAref,
-      automatically finds libRSAglue and librsaref.a or rsaref.a.
-      Additionally beside SSL_BASE now the variable RSA_BASE can be used to
-      select a particular RSAref source tree (if not installed under system
-      locations).  This way mod_ssl provides out-of-the-box support for
-      SSLeay+RSAref.
-
-   *) Changed SSLSessionCacheDefault from 0 (none) to a reasonable
-      300s default.
-
-   *) The socket connection message in the SSL Engine logfile now
-      also displays the Cipher keysizes for even more information
-      about the connection.
-
-  Changes with mod_ssl 2.1b0 (17-Aug-1998 to 26-Aug-1998)
-
-   *) Added a few files to the distribution: First my PGP public key as
-      ssl.contrib/rse.pgp to the distribution so people can use it on
-      forthcoming releases to verify the tarballs signature. Second the files
-      WISHES and TODO which contain the mod_ssl wishlist and the ToDo-list for
-      2.1.0.
-
-   *) Finally fixed the SSL connection deallocation and removed the old
-      FREE_SESSION stuff.
-
-   *) Added support for annotating SSLeay error messages. Now some
-      of the raw-level SSLeay error messages are automatically annotated with 
-      high-level hints. For instance the unmeaningly message
-      ``error:06065064:digital envelope routines:EVP_DecryptFinal:bad
-      decrypt'' now reads ``...routines:EVP_DecryptFinal:bad decrypt [Hint:
-      wrong pass phrase!?]'' etc.
-
-   *) Removed ERR_load_crypto_strings() call because it's already contained in
-      SSL_load_error_string() from SSLeay 0.8 and 0.9.  Additionally now a
-      ERR_clear_error() is done after each logfile entry was written to make
-      sure no unread SSLeay errors are kept and occur with later messages
-      (where they would confuse people).
-
-   *) Renamed `SSLLogFile' to `SSLLog' because it isn't always a file,
-      it also can have an argument "|/path/to/filter" and act as
-      a reliable pipe to a logging filter program.
-
-   *) Renamed `SSLRequiredCiphers' directive to `SSLCipherSuite'
-      because the Apache-SSL directivename `SSLRequiredCiphers' was a full
-      accident. Because first it always got intermixed with the per-directory
-      context directive `SSLRequireCipher'. And second this sets not Ciphers
-      which are all `required'. It just sets the Ciphers the clients is
-      permitted to negotiate (the client actually chooses only _one_ Cipher).
-
-   *) Added SSLMutex for mutal expclusion of server process operations.
-      This is currently used only for synchronizing access to the new Session
-      Cache stuff. Three variants can be configured: `SSLMutex none' (no mutex
-      at all - works but risky), `SSLMutex file:/path/to/lockfile' (portable)
-      and `SSLMutex ipcsem' (elegant but not portable).
-
-   *) Moved the backward compatibility stuff into its own module:
-      mod_sslcompat. This module now already provides configuration directive
-      compatibility for both Apache-SSL and Sioux.  More (Stronghold?) can be
-      add later, too. Additionally a mod_sslcompat.html document was written
-      which described the provided configuration directive mapping.
-
-   *) Split the mod_ssl sources from its large 70KB file into smaller chunks,
-      which are now mainly named accoring to the logical modules they contain.
-      This way the source inside src/modules/ssl/ is easier to overview.  Just
-      one minor drawback: We lose a lot of nice `static' and have to prefix
-      really _all_ functions with `ssl_' now.
-
-   *) Replaced the gcache stuff from Apache-SSL days and replaced it
-      by a more simple but even more flexible approach. Now the new
-      `SSLSessionCache' directive replaces `SSLCacheServerPath' and
-      `SSLCacheServerPort'.  The SSLSessionCacheTimeout remains and has the
-      old semantics.  So, where is the difference? The old gcache stuff was
-      like this: An extra process (ssl_gcache) was running in parallel to the
-      httpd server processes and listening to a socket. Through SSLeay
-      callbacks the internal SSLeay caches of all server processes were synced
-      with this global cache.  For this socket connections were established.
-      The drawback of this approach were:
-
-      1. The nasty fiddling with the extra child process was totally buggy
-
-      2. The gcache program itself used another local memory cache. This
-         was totally unnecessary because SSLeay already caches the stuff in a
-         local memory cache. So, under Apache-SSL three cache layers were used
-         (1: SSLeay internal, 2: gcache internal, 3: gcache external) while
-         layer 2 is not needed.
-
-      So the intent now was to replace this with a better solution. The idea
-      came from Stronghold: We either cache the information never (the
-      default), in a hashfile on the local disk (the portable variant -
-      already implemented) or even in a hash structure inside a shared memory
-      segment ( (non-portable, but fast and elegant - still not implemented,
-      only stubs were created to plug this in later).
-
-   *) CORRECTLY SOLVE THE PASS PHRASE DIALOG PROBLEM (the problem is that
-      Apache detaches from the terminal before the SSLeay pass phrase dialog
-      pops up). First I got rid of the ugly and unsuccessful filedescriptor
-      hacks Ben added recently to Apache-SSL because they do not work under
-      all platforms as expected. Second I re-ordered the control flow to allow
-      the following processing:
-      
-      Now at the 1st round of the Apache API init cycle the servers are
-      scanned for certificate and key files and the first one which uses an
-      encrypted key forces the pass phrase dialog to pop up. This dialog is
-      either an interactive builtin terminal dialog (`SSLPassPhraseDialog
-      builtin' - which is similar to SSLeay default dialog) or can be driven
-      in batch by a filtering program which is run once and has to provide the
-      pass phrase on stdout (`SSLPassPhraseDialog /path/to/program').  After
-      this the pass phrase is _temporarily_ stored in memory for use later in
-      the 2nd round of the Apache API init cycle. Now additionally this pass
-      phrase can be kept in memory (`SSLPassPhraseCaching on') for forthcoming
-      server restarts (`kill -HUP') or is explicitly wiped out from memory
-      (`SSLPassPhraseCaching off' - for the paranoid users).
-
-      The following combinations are possible:
-
-      1. THE SMART DEFAULT VARIANT:
-         `SSLPassPhraseDialog builtin' + `SSLPassPhraseCaching on':
-         This is the default which is reasonable for most of the users. This
-         way on Apache startup time the pass phrase is requested on the
-         terminal but kept in memory for all forthcoming restarts.
-
-      2. THE THEORY VARIANT:
-         `SSLPassPhraseDialog builtin' + `SSLPassPhraseCaching off':
-         This combination leads to a server fall-down on any occuring restarts
-         because the terminal dialog _cannot_ be done at restart time (Apache
-         is already detached).  So, this combination is only interesting in
-         theory but should be avoided because its not really useful in
-         practice.  
-
-      3. THE BATCH VARIANT:
-         `SSLPassPhraseDialog /path/to/program' + `SSLPassPhraseCaching on':
-         This is for users who want to remote control the Apache startup or
-         make it automatic by controlling the dialog from within a program.
-         This program is run only once at startup. Then the pass phrase is
-         kept in memory for forthcoming restarts.
-
-      4. THE PARANOIA VARIANT: 
-         `SSLPassPhraseDialog /path/to/program' + `SSLPassPhraseCaching off':
-         This is for the really paranoid users who want avoid any pass phrase
-         caching. Instead both on startup and restart time the pass phrase has
-         to be provided by an external program.
-      
-   *) The SSL logfile is now placed in the main server instead of the virtual
-      host because its actually a global logfile, even when it could be used
-      only inside a virtual server.  
-
-   *) The expensive operation of generating the temporary RSA key is now done
-      before Apache forks the server processes. This speeds up the startup
-      phase a little bit.
-
-   *) Added new SSLCACertificateReqFile directive which defaults to the value
-      of SSLCACertificateFile. It sets the all-in-one file where one can
-      assemble the Certificates of Certification Authorities (CA) whose
-      servers you deal with. These are optionally used by the clients for
-      SSLv3 Server Authentication to speedup processing. The file is requested
-      by the client via the "SSLv3 write certificate request A" for loading
-      intermediate CA certificates in the certificate chain (only SSLv3). It
-      is simply the concatenation of the various PEM-encoded certification
-      files, in order of preference.  
-
-   *) Inlined some functions like init_SSLeay() and init_VerifyType() because
-      they were really small functions and only used once in mod_ssl. These
-      were stand-alone functions in Apache-SSL without real need.
-
-   *) Made `SSLEnable'/`SSLDisable' directives obsolete by adding the simpler
-      `SSEngine on|off'. The old directives are now deprecated but still can
-      be used for backward-compatibility with Apache-SSL. Additionally the
-      default is now `SSLEngine off' (formerly `SSLDisable') instead of the
-      Apache-SSL default of `SSLEngine on'. This breaks a little bit with
-      Apache-SSL semantics, but doesn't hurt as much as it sounds.  Because
-      people run SSL inside a virtual hosts and thus already have a SSLDisable
-      in their main (non-SSL) server. The difference is just that with mod_ssl
-      one no longer has to add SSLDisable to all non-SSL virtual hosts (which
-      is nasty).  OTOH SSL is an additional feature, so the logic of "disabled
-      per default and have to be enabled explicity" is more useful and what is
-      expected.
-
-   *) The "SSL rubbish logfile" of Apache-SSL was now replaced by real
-      dedicated SSL logfile which contains no longer "rubbish".  For this the
-      logging mechanism in mod_ssl was completely re-written from scratch and
-      now looks like this:
-
-      1. `SSLogFile <file>' is optional
-      2. `SSLogFile /dev/null' disables the logging _without_ overheads
-      3. `SSLLogLevel <level>' controls the degree of verbosity in SSLLogFile
-      4. `SSLogLevel none' disables the logging _without_ overheads and is the
-         default.
-      5. Log messages of type `error' are _always_ duplicated to 
-         the Apache general error logfile, even under `SSLLogLevel none'.
-      6. The maximum logging can be now achieved by using `SSLLogLevel debug'.
-
-      Additionally obsolete logging stuff from Apache-SSL was removed from the
-      source code.  Finally the logfiles in the provided default config were
-      changed: ssl_log is now the dedicated SSL protocol logfile (SSLLogFile)
-      while the custom logfile (CustomLog) containing only one line per
-      request is now named ssl_req_log.
-  
-       ____    ___  
-      |___ \  / _ \ 
-        __) || | | |
-       / __/ | |_| |
-  ___ |_____(_)___/ __________________________________________
-
-  Changes with mod_ssl 2.0.16 (07-Nov-1998 to 09-Nov-1998)
-
-   *) Fixed documenation: SSLRequireSSL can be used in .htaccess
-      files when the `FileInfo' context is enabled for it.
-
-   *) Revised my recent RSAref fix to INSTALL file a little bit.
-
-   *) Backport of an Apache-SSL bugfix:
-      Fix file-descriptor leak for stderr.
-
-  Changes with mod_ssl 2.0.15 (01-Nov-1998 to 07-Nov-1998)
-
-   *) Fixed some long-standing inconsistencies in mod_ssl.html
-
-   *) Now SSLVerifyDepth defaults to 1 and this means the client certificate
-      has to be signed directly by the root CA. The verify depth now is the
-      max number of CAs which are checked: 0 = self-signed only, 1 =
-      self-signed or signed by root-CA, 2 = signed by root-CA or signed by a
-      CA which is signed by the root-CA, etc.
-
-   *) Now SSLSessionCacheTime defaults to 300s.
-
-   *) Fixed RSAref instructions in INSTALL file and added more support for
-      implicitly finding the RSA_BASE to the libssl.module script.
-
-   *) Backport from 2.1 branch:
-      Now under `make certificate' an interactive prompt is given which asks
-      whether the private key should be encrypted (the default) or not.  This
-      way it's a little bit easier to setup test servers, at least for me ;-)
-
-   *) Fixed SSLRequiredCiphers: The server configuration entry wasn't
-      correctly merged internally which lead to the effect that it got
-      ignored.
-
-  Changes with mod_ssl 2.0.14 (09-Oct-1998 to 01-Nov-1998)
-
-   *) Backport from 2.1 branch:
-      Renamed snakeoil.{crt,key} to snakeoil-ca.{crt,key} and created a real
-      dummy server certificate/key pair as snakeoil.{crt,key} which is now
-      used under `make certificate TYPE=dummy'. This fixes the recently
-      occured problem where Netscape rejected the dummy certificates because
-      they had the CA flag set.
-
-   *) Upgraded to included Thawte Strong Extranet sources (ssl.contrib/sxnet/)
-      from version 1.2.2 to the current 1.2.3.
-
-   *) Backport from Apache-SSL:
-      Incorporation of recent Base64 (uuencode) encoding bugfixes.
-
-   *) Backport from 2.1 branch:
-      Fixed the "SSLVerifyType optional_no_ca" situation: The situation
-      has to be checked against more SSLeay errors, because under SSLv3
-      certificate chain loading leads to the presentation of the client CA
-      certs, too. Here SSLeay gives different errors.
-
-   *) Fixed documentation of SSL_CLIENT_I<x509> and SSL_SERVER_I<x509>
-      environment variables.
-
-   *) Fixed mod_proxy source for the situation where
-      no --enable-module=ssl is used.
-
-   *) Make sure the stand-alone ssl_gcache program compiles
-      correctly even under SunOS where no strerror() exists.
-
-   *) Backport from 2.1 branch:
-      Fix "uchar" redefinition problem under AIX.
-
-  Changes with mod_ssl 2.0.13 (02-Oct-1998 to 09-Oct-1998)
-  
-   *) Fixed some more race conditions in ssl_gcache, cleaned
-      up the error logging and namespace in ssl_gcache.
-
-   *) Overtaken the SIGPIPE handling patch from Apache-SSL 1.27
-
-   *) Recreated the Snake Oil CA certificate: it's now a X.509 v3
-      certificate with the CA flag set and pathlen 0.
-
-   *) With special permission from Dr Stephen N. Henson his excellent ca-fix
-      program was now added to src/support/ and is used by
-      src/support/mkcert.sh (`make certificate') to fixup the generated
-      certificates. Especially X.509 v3 certificates can be now generated
-      where nsCertType and CA pathlen is correctly set. Additionally `ssleay
-      verify' and `ssleay ... -modulus' checks are performed to make sure the
-      generated certificates are valid.
-
-   *) Upgraded to Apache 1.3.3.
-
-   *) Fixed again some RSAref hints in the INSTALL file.
-
-   *) Fixed `SSLLogFile /dev/null' situation: it now works as expected: No
-      logging is done. But not by writing to /dev/null. Instead no logging at
-      all is done, of course.
-
-  Changes with mod_ssl 2.0.12 (23-Sep-1998 to 02-Oct-1998)
-
-   *) Cleaned up gcache stuff again and fixed a few problematic things 
-      by adding extra runtime checks. Now gcache should no longer dump core.
-      At least I've now found no more bug...
-
-   *) Changed gcache communication from TCP-sockets to Unix domain 
-      sockets in default configuration (httpd.conf-dist), because
-      this is more reliable and safe.
-
-   *) Incorporated reasonable change from Apache-SSL 1.25:
-      Allow up to three retries at the pass phrase prompt.  
-     
-      [The other main change in Apache-SSL 1.25 (the client cert export via
-      env variables) is intentionally not overtaken for mod_ssl because of
-      three reasons: 1. it's a too large patch which is not acceptable for the
-      stable mod_ssl 2.0 branch; 2. it still has some flaws Ben is still
-      fixing for 1.26; 3. I'm still not convinced that providing complete
-      Base64 encoded certs (greated than 1KB) via a set of environment
-      variables is really reasonable (because of performance and system
-      resource limits). Instead I'm still seeking for a real on-demand
-      solution, but for mod_ssl 2.1, of course.]
-
-   *) Backport from 2.1 branch: 
-      Added a --force option to mod_ssl's configure script to let developers
-      apply mod_ssl also to different Apache versions (especially 1.3.x-dev
-      versions).
-
-   *) Fixed portability problems with prop.sh aux script.
-
-   *) Fixed gcache expiring: A static variable was not initialized.
-
-   *) Fixed a few inconsistencies in the mod_ssl.html document.
-
-   *) Fixed RSAref installation instructions in INSTALL file and a little big
-      in libssl.module which caused problems for RSAref installations, too.
-
-   *) Fixed mod_perl part in INSTALL file.
-
-   *) Changed some Apache-SSL wordings in mod_ssl.html on request
-      by Ben Laurie.
-
-  Changes with mod_ssl 2.0.11 (17-Sep-1998 to 23-Sep-1998)
-
-   *) Upgrade from Apache 1.3.1 to Apache 1.3.2
-
-   *) Back-port from 2.1: 
-      Enhanced the ssl.crt/Makefile: now <hash>.N extensions are
-      created when conflicts occur and not only <hash>.0 
-
-   *) Changed HTTPS support in mod_proxy: the ap_proxy_http_handler() function
-      is (illegally because of DSO, of course) called used by third-party
-      modules (like Apache::Proxy). So make make sure we don't change the
-      signature of this function.
-
-   *) Added answer to FAQ `Why is client auth broken after upgrading from
-      SSLeay 0.8 to 0.9'. Because of the changed hash algorithm used for the
-      symlinks.
-
-   *) Now when `make certificate TYPE=custom' is used the generated
-      ca.crt/ca.key files are installed, too.
-   
-   *) Make sure mkcert.sh removes temporary files after work.
-
-   *) Enhanced the INSTALL file: Now an example section describes the
-      installation with mod_perl and PHP3. Beside this some bugs were fixed
-      and some more NOTEs were added.
-  
-  Changes with mod_ssl 2.0.10 (13-Sep-1998 to 17-Sep-1998)
-
-   *) Temporarily added a fix from 1.3.2-dev for APACI's configure script to
-      allow the `Group' directive to be adjusted correctly even under Linux
-      boxes. Without this Linux users always have to fix the `Group' directive
-      manually which is nasty.
-
-   *) Added checks to APACI to automatically disable DSO for mod_proxy and
-      mod_log_config when SSL is used (because they have to be built against
-      SSLeay which is not supported in Apache 1.3.1). But we allow the user to
-      explicitly use --enable-shared=.., but then at least he gets a warning.
-      This way we protect the average user but don't hurt the experts.
-      Especially with Apache 1.3.2 the experts want to use
-      --enable-rule=SHARED_CHAIN for linking the DSO's against SSLeay.
-
-   *) Make the SSL_HOOK_SetupConnection a little bit more robust. 
-
-   *) Avoid confusing "unable to load 'random state'" messages
-      from `ssleay genrsa' command.
-
-   *) Renamed `aux' directory to `etc' because `aux' is a special name under
-      Windows filesystems (and people at least wanted to extract the stuff
-      under windows).
-
-   *) Fix top-level Makefile.tmpl: replace `make' with `$(MAKE)'
-      and grep out SSL_PROGRAM variable from src/Makefile.config directly
-      (instead of running a subtarget) to avoid problems with Make output
-      messages. This especially fixed the `make install' problems under Linux
-      platforms (where GNU Make is used which gives nasty messages).
-
-   *) Update INSTALL file: Use apachectl and add hint to 
-      the Apache general error logfile.
-
-   *) Allow ServerRoot relative path for SSLCertificateFile.
-
-  Changes with mod_ssl 2.0.9 (12-Sep-1998 to 13-Sep-1998)
-
-   *) Portability fixes: The ssl.crt/Makefile didn't work on
-      all platforms because of braindead shells and the mkcert.sh script
-      failed to use /dev/random because this device doesn't work as expected
-      on some platforms.
-
-  Changes with mod_ssl 2.0.8 (09-Sep-1998 to 12-Sep-1998)
-
-   *) Make the whole build process (including `make certificate')
-      independent of any installed ssleay.cnf file (some systems have it in
-      non-standard locations and we don't need it any longer at all).
-
-   *) Added Thawte's Strong Extranet module (mod_sxnet.c) to
-      the ssl.contrib area. This module can be used together
-      with mod_ssl.
-
-   *) Fixed hash symlink generation under `make certificate'
-      and `make install' for the cases where `ssleay' is not in $PATH.
-
-   *) Fixed INSTALL document: rsaref.a has to be copied to librsaref.a
-
-   *) Added more information to the mod_ssl.html file about the
-      SSLCACertificateFile: It's also used implicitly for the "SSLv3 write
-      certificate request A" where it's contents is sent to the client to
-      enable him to verify a possible issuer chain on the server certificate.
-
-   *) Fixed a few bugs in the new mkcert.sh script, enhanced it's
-      dialogs and added a lot error checks.
-
-  Changes with mod_ssl 2.0.7 (29-Aug-1998 to 09-Sep-1998)
-   
-   *) Changed the <VirtualHost> example in the conf/httpd.conf-dist
-      file so it now uses _default_ instead of the server name. This is more
-      portable and totally sufficient for our default configuration where
-      only one virtual host is present.
-
-   *) Backport from 2.1b branch: Now the mod_ssl `configure' script creates a
-      `config.status' script as APACI does. This can be used for
-      re-configuring mod_ssl the same way one does it for Apache.
-
-   *) Backport from 2.1b branch: Added the first cut of HTTPS support for the
-      proxy module. This is currently done by making the generic HTTP handler
-      SSL-aware. But it still doesn't provide support for client or server
-      authentication nor does it provide a way to configure it. Later we'll
-      add perhaps SSLProxyXXXXX directives to allow the users to configure the
-      SSL client inside the proxy.  But beside this it's full functional. One
-      can use it for proxying https://xxx URLs and also use `ProxyPass
-      https://xxxx'. (the sources of SSLeay's s_client and cURL were my
-      friends ;-)
-
-   *) In order to
-      - reduce the confusion with sslcerts/server.pem and sslkeys/server.pem
-      - provide less-problematic non-self-signed certificates on `make certificate'
-      - prepare for mod_ssl 2.1 and the forthcoming client auth & CA scripts 
-      the following cleanups were done:
-
-      1. The files for the SSL certificate system are now stored in the
-         following thee subdirs of the configuration directory:
-         ssl.crt/ ...... contains the X.509 certificate(s)
-         ssl.csr/ ...... contains the X.509 certificate signing requests(s)
-         ssl.key/ ...... contains the RSA private key(s)
-         Each directory contains a README file which describes the purpose and
-         the contents.
-
-      2. A ssl.crt/snakeoil.crt and ssl.key/snakeoil.key demo CA certificate
-         and key is distributed with mod_ssl which is used to sign the test
-         certificates the `make certificate' target creates.  This avoids the
-         problems with MSIE users because MSIE doesn't like self-signed
-         server-certificates very well.
-
-      3. A ssl.crt/ca-bundle.crt is now installed (but not enabled!) which
-         contains all 33 CA root certificates of known public CAs.  They were
-         extracted from Netscape Communicator 4.06 with my certbundle stuff.
-
-      4. The `make certificate' command now can create four types
-         of certificate setups:
-         $ make certificate TYPE=dummy    (dummy self-signed Snake Oil cert)
-         $ make certificate TYPE=test     (test cert signed by Snake Oil CA)
-         $ make certificate TYPE=custom   (custom cert signed by own CA)
-         $ make certificate TYPE=existing (existing official cert)
-                CRT=/path/to/your.crt
-                [KEY=/path/to/your.key]
-         The default is TYPE=test which is equivalent to the old `make
-         certificate' with the exception that now the generated certificate is
-         no longer a self-signed one.  This overview text is also now
-         displayed under built-time.  When KEY is missing it is assumed that
-         it's present in the file from CRT and is extracted from there.
-
-      5. For consistency with 4.) the mod_ssl configure script now
-         uses --with-crt=FILE and --with-key=FILE options. When
-         --with-key is missing it is assumed that it's present in
-         the file from --with-crt and is extracted from there.
-
-   *) Removed unnecessary DEBUG_XXXX stuff which gets replaced in
-      mod_ssl 2.1b with ssl_log().
-
-   *) Backport from 2.1b branch: Now on `make certificate' the hash symlinks
-      in conf/sslcerts/ are generated via the provided Makefile instead of
-      directly linking (which fails under some platforms).
-
-   *) Backport from 2.1b branch: The top-level APACI Makefile now gives a hint
-      for `apachectl start-SSL' (which internally uses the `httpd -DSSL'
-      command).
-
-   *) Backport from 2.1b branch: Replaced old kludges in mod_log_config.c
-      to determine SSL protocol name with the clean SSL_get_version() which
-      already exists in SSLeay 0.8 and 0.9.  And removed a few unneccessary
-      local buffer usages in the mod_ssl-related code in mod_log_config.c.
-
-   *) Merge in changes from Apache-SSL 1.23 to 1.24: Cache private keys over
-      init rounds and restarts. This means you now can use enrypted private
-      key files (where pass phrases are needed to read them in) and both
-      survive the terminal detachment and the restart rounds of Apache. This
-      is achieved by using an own permanent memory pool which survives server
-      restarts and holds the private key files. Remember that this is _not_ a
-      backported full-featured pass phrase handling from mod_ssl 2.1b.
-      Instead it's exactly the easier handling from Apache-SSL 1.24. Because
-      the mod_ssl 2.1b pass phrase handling is too complex to be backported to
-      the 2.0 branch. At least it could lead to side-effects in 2.0 which I
-      want to avoid.
-
-   *) Fixed some pre-processor and variable declaration inconsitencies 
-      which forced portability problems under some non-GCC compilers.
-
-   *) Minor correction to the README, SUPPORT, etc. files.
-
-  Changes with mod_ssl 2.0.6 (25-Aug-1998 to 29-Aug-1998)
-
-   *) Added RSAref support for the US-citizens: mod_ssl now automatically
-      recognizes an SSLeay compiled with -DRSAref, automatically finds
-      libRSAglue and librsaref.a or rsaref.a.  Additionally beside SSL_BASE
-      now the variable RSA_BASE can be used to select a particular RSAref
-      source tree (if not installed under system locations). This way mod_ssl
-      provides out-of-the-box support for SSLeay+RSAref.
-
-   *) Back-port from 2.1: Replaced assert()ions with non-process-terminating
-      runtime checks and removed some unnecessary debugging stuff. 
-
-   *) Back-port from 2.1: Finally fixed the SSL connection deallocation and
-      removed the old FREE_SESSION stuff by back-porting the change from the
-      2.1 track.
-
-   *) Added PGP public key as ssl.contrib/rse.pgp to the distribution 
-      so people can use it on forthcoming releases to verify the tarballs
-      signature.
-
-   *) Taken over a change between Apache-SSL 1.22 and 1.23: Move the call for
-      launching the gcache program to a later point in processing.
-
-   *) Back-port from 2.1: Removed ERR_load_crypto_strings() call because it's
-      already contained in SSL_load_error_string() from SSLeay 0.8 and 0.9.
-
-  Changes with mod_ssl 2.0.5
-
-   *) Fix per-server configuration structure merging.
-
-   *) Added support for reliable piped logs to SSLLogFile directive which can
-      be used to plug-in a filter program which receives the logfile entries.
-
-   *) Removed per-server check for valid SSLVerifyClient argument because in
-      mod_ssl it's no longer possible that an invalid argument can exit under
-      run-time because the argument is already validated under config-time.
-
-   *) Removed DEBUG_SSLEAY stuff from Apache-SSL because SSL_debug() does no
-      longer exist in SSLeay 0.9.x.
-
-   *) Added one more digit at the MOD_SSL define value to indicate beta or
-      release versions. The scheme now is the following (only important when
-      one has to check against the version of an SSL-aware Apache from within
-      an own module): <version>.<revision><type><level> where <version>,
-      <revision> and <level> are numbers between 0 and 99 while <type> is
-      either `b' (for beta versions) or `.' (for release versions). From
-      this the MOD_SSL define is created similar to this command:
-
-          sprintf("%d%02d%c%02d", <version>, <revision>, 
-                                  <type> == `b' ? 0 : 1, <level>);
-
-      As an example: the beta version 2.1b3 has MOD_SSL=201003 while
-      the release version 2.1.4 has MOD_SSL=201104.
-
-   *) Fixed typos in mod_ssl.html document.
-
-   *) Fixed typos in mod_ssl.c source.
-
-   *) Created two buttons similar to the existing "Includes SSLeay
-      encryption software" button: One for Apache ("Powered by Apache
-      Webserver Software") and one for mod_ssl ("Secured by mod_ssl
-      Interface"). These are now put on the default frontdoor webpage at
-      install time.
-
-   *) Removed half done DSO-related stuff from Apache-SSL because it's
-      useless.  Why? Because mod_ssl currently _cannot_ be build as a DSO,
-      because:
-
-      1. Because SSLeay is directly called from within Apache's buffer code
-         (SSL_write/SSL_read) because the Apache API lacks a hook for this.
-         But direct calls from the core to modules and libraries is tabu under
-         DSO situation.
-
-      2. Because mod_ssl is directly called from within Apache's main loop
-         for setting up the SSL protocol after the socket connection was
-         established because the Apache API lacks a hook for this.  But
-         direct calls from the core to modules and libraries is tabu under
-         DSO situation.
-
-      3. Because the pass-phrase dialog can be done only before Apache
-         detaches from the terminal. But the general order is this:
-
-           a) ap_read_config (where LoadModule is done)
-           b) ap_init_modules (where mod_ssl can do the pass-phrase dialog)
-           c) detaching
-           d) ap_read_config (where DSOs are unloaded and reloaded)
-           e) ap_init_modules (where mod_ssl no longer can do the dialog)
-
-         When mod_ssl is not a DSO it can do the pass-phrase dialog in step
-         b), but when it's a DSO (assuming 1. and 2. are already solved) then
-         it cannot preserve information between b) and e) because it is
-         unloaded in the meantime.
-
-      So, for DSO the Apache kernel has to be bloated up with some more
-      features. Currently I want to avoid this because DSO is still not not
-      really worth the effort (there are other things which can be improved in
-      mod_ssl first). 
-
-  Changes with mod_ssl 2.0.4
-
-   *) Added VERSIONS file to the distribution which contains the
-      release date and version numbers for reference.
-
-   *) Make sure the server.pem certificate files in sysconfdir/sslcerts/ is
-      not overridden on APACI re-installs. Now a message simular to other
-      existing APACI messages informs the user that his certificates are
-      preserved.
-
-   *) Added support for SSL_BASE=SYSTEM which means that SSLeay header files,
-      libraries, configuration and binary files were not searched under a
-      single SSL_BASE root. Instead they are searched inside the common system
-      directories like /etc/, /usr/etc, /lib, /usr/lib, /usr/local/lib,
-      /usr/include, etc. pp.
-
-   *) Replaced even more old Apache-SSL relicts to make mod_ssl really secure,
-      stable and robust: sprintf -> ap_snprinf, srcpy -> ap_cpystrn, fopen ->
-      ap_pfopen. 
-
-   *) Added U.S. export law information to SUPPORT file to make sure
-      mailing list users inside the United States remember the U.S. export law.
-
-  Changes with mod_ssl 2.0.3
-
-   *) Fixed a view ap_log_error() calls where APLOG_NOERRNO was missing.
-
-   *) For better compatibility with Stronghold and because it is really more
-      intuitive we now also provide the CustomLog directives %{subjectdn}c and
-      %{issuerdn}c: The (more intuitive) %{subjectdn}c replaced the (confusing)
-      %{clientcert}c directive (although %{clientcert}c is still accepted as an
-      alias).  And the %{issuerdn}c was added (with the alias %{cacert}c :-( ).
-      This way custom logfiles now can contain the certificate issuer as well.
-
-   *) For better configuration sharing with Stronghold (which uses
-      the name mod_ssl.c for its module, too) mod_ssl now defines not only the
-      C Pre-Processor define MOD_SSL, it now also pre-defines the Apache
-      configuration define MOD_SSL. This now can be used with <IfDefine
-      MOD_SSL>..</IfDefine> sections without the need to startup Apache
-      explicitly with an -DSSL or -DMOD_SSL option. 
-   
-   *) ANSI C doesn't allow one to forward declare an array variable without
-      specifying the actual array size. GCC didn't complain, but other vendor
-      compilers (like /bin/cc under IRIX) do. This is now fixed by re-ordering
-      the definitions in the code to make the forward declaration not
-      necessary. 
-
-   *) Let APACI adjust the port 443 to 8443 when installing under a non-root
-      UID similar to what Apache already does with adjusting port 80 to 8080.
-
-   *) Fix patch tool location for the situation where the user
-      has to compile manually the stuff because of platforms errors.
-
-   *) Incorporated changes from Apache-SSL 1.20 to 1.21:
-      Was only a single register_cleanup -> ap_register_cleanup rename,
-      because all other changes were either already in mod_ssl or will be done
-      totally different with the next mod_ssl changes (for instance the
-      logging stuff which gets replaced by a more improved version the next
-      days - because Ben's idea to now log anything to Apache's error_log
-      sounds not reasonable to me).
-
-   *) Fixed variable arg usage in logging functions: va_end was missing.
-
-  Changes with mod_ssl 2.0.2
-
-   *) Make egrep arguments more safe because they failed under
-      Solaris and other platforms. 
-
-   *) Replaced basename() and dirname() functions in aux/patch/backupfile.c
-      to avoid conflicts with glibc2's versions of these functions.
-
-   *) Removed ssl.contrib/ssleay.diff because it was only needed
-      for the temporary broken SSLeay 0.9.0b which was staying around on the
-      net. 
-
-   *) Now the sslcerts dir is created with permissions 755 and sslkeys 
-      with 700 for security reasons.
-
-   *) Now the FAQ inside the mod_ssl.html document has corresponding ToC
-      entries. Additionally now the question "What is different between mod_ssl
-      and Apache-SSL" is tried to be answered.  And a few hints were added on how
-      to check HTTPS manually.
-
-   *) Make the building of the 'patch' tool more robust by checking for
-      success and providing a log of the failure. Additionally in case of
-      problems the user now can use a --with-patch option to force the usage
-      of a vendor patch program.
-
-   *) Cleaned up the gcache stuff even more: reduced #includes
-      to minimum and moved some stuff to the header file.
-
-   *) Cleaned up the httpd.conf-dist entries for SSL.
-
-   *) Cleanup mod_log_config.c patch and fixed %{version}c construct:
-      It now says "SSLX" even under SSLeay 0.8.0.
-
-   *) Misc. doc ajdustments: Fixed a few comment typos in apache.patch file;
-      Added Announcement text as ANNOUNCE file to distribution; Fixed
-      hyperlinks in mod_ssl.html document and added more useful hyperlinks to
-      the README file.
-
-   *) Replaced a lot of C constructs into shorthand defines to
-      make the code even more readable and reviewable: 
-      o ``strcmp ... == 0'' -> ``strEQ''
-      o ``\0'' -> ``NUL''
-      o ``ap_get_module_config(...)'' -> ``myXXConfig''
-      o ``ap_overlay_tables'' -> ``cfgMergeTable''
-
-   *) Fixed dependencies in src/modules/ssl/Makefile.tmpl
-
-   *) Add Ben Laurie's copyright message to gcache sources, even when Ben
-      missed it here. It's from Ben, so his copyright applies and credit has
-      to be given. 
-
-  Changes with mod_ssl 2.0.1
-
-   *) Minor documentation updates.
-
-   *) Now the ssl.patch/apache.diff file is named ssl.patch/apache.patch
-      and contains descriptive annotations for each patches file. This way
-      even the patches are easier reviewable.
- 
-   *) The configure patch was not 100% correct: The SSL has not to be
-      disabled for --enable-module=most (where it should be enabled, of
-      course). Instead it has to be disabled automatically for
-      --enable-shared=max.
-  
-  Changes with mod_ssl 2.0.0
-  
-   *) Added "SSL library type" message to the configuration process
-      to inform the user how we recognized the SSLeay location.
- 
-   *) Added support for conf/sslkeys/ directory both to configure
-      script, Makefile.tmpl and default config files. Additionally now on
-      "make install" the hash symlinks are created and a dummy server cert
-      file is skipped.
- 
-   *) Fixed prop.sh script.
- 
-   *) Cleaned up mod_ssl.html document for release.
- 
-   *) Cleaned up the README file and added a situation report
-      about the author conflict with Ben.
- 
-   *) Incorporated changes from Apache-SSL 1.19 to 1.20:
-      - Do a cleanup before starting gcache.
-      - Make gcache die when httpd dies. 
-        This failing in previous versions appears to be a bug in Apache. 
-      - Document the biz with passphrases and sleep.
-      - Do Apache-SSL on inetd connections.
-      ALL OTHER CHANGES BETWEEN APACHE-SSL 1.19 AND 1.20 WERE ALREADY DONE
-      FOR MOD_SSL IN THE PAST BY Ralf S. Engelschall. Because it seems Ben
-      just has drawn level Apache-SSL with the mod_ssl pre-release I sent to
-      him last week.  Hmmmm...
- 
-   *) Minor cleanups to README and mod_ssl.html file.
- 
-   *) Now create the CHANGES.SSL in <apache>/src/ instead in <apache>/.
- 
-   *) Moved patch to a subdir aux/patch/ and added prop.sh for
-      a visual process indicator while building the aux tools.
- 
-   *) Slightly fixed the configure scripts messages
- 
-   *) Added support for checking the Apache version: Now mod_ssl can
-      only be applied to the correct matching Apache source tree.
- 
-   *) Added configurable support for mod_ssl version strings: Now
-      a libssl.version file is created inside src/modules/ssl/ which holds
-      the mod_ssl version. From this the libssl.module script creates a
-      MOD_SSL_VERSION define holding the value as a string ("X.Y.Z") and a
-      MOD_SSL define holding the value with a zero-spaced numerical value
-      (XYYZZ). This way the mod_ssl received the string for the Server field
-      and other modules can check against certain mod_ssl versions via #ifdef
-      or more granular via #if MOD_SSL >= 20000 or whatever.
-    
-   *) Added support for named to SSLVerifyClient directive: Now the ogly
-      numerical levels 0-2 are still valid but can be replaced by better
-      readable names: "none", "optional", "require" and "optional_no_ca".
- 
-   *) Added Makefile for conf/sslcerts/ directory to keep <hash>.0 
-      symlinks up-to-date.
- 
-   *) Translated the FAQ into HTML format and appended it to mod_ssl.html.
-      Additionally I created a ca.sign script and a Makefile for sslcert/ in
-      relation to the FAQ.
- 
-   *) Enhanced the logfile support: First I've converted nasty
-      fprintf(stderr,..) to ap_log_error() variants. Second I've moved the
-      fprintf(pConfig->fileLogfile,...) to ssl_log_own(pConfig,...) calls.
-      And third error messages are now consistently prefixed with "mod_ssl:"
-      and "SSLeay:" - dependend from which an error comes. And forth I've
-      added the word "SSL" to a lot of messages to indicate that the
-      SSL-relationship.  Additionally I removed doubled ERR_print_xxx calls.
-  
-   *) Cleanup up namespace by added lots of `static's, so only the
-      module structure and the SSL_HOOK_xxx symbols are now exported.
- 
-   *) Fixed up Apache API structures for Apache 1.3: added MODULE_VAR_EXPORT
-      for consistency and missing module structure dispatch pointers.
-       
-   *) Completely renamed the functions to use common prefixes which
-      indicate their relationship and ordered the functions according to this
-      relationship. Additionally a complete list of prototypes is now
-      provided in mod_ssl.h. The order of functions now reflects the logical
-      order when one wants to review the module: 1. API structures, 2. config
-      handing, 3.  directive handling, 4. init functions, 5. API hooks, 6.
-      internals, 7.  caching support, 8. logfile support and 9. utility
-      functions.  Additionally I cleanup up the namespace of global data
-      symbols: They now all have the prefix "_g": bFirstTime -> g_bFirstTime,
-      szCacheServerPort -> g_szCacheServerPort, szCacheServerPath ->
-      g_szCacheServerPath, s_pServer -> g_pServer.
-
-   *) Now all stuff for SSLEay < 0.8.0 is removed because an #error was
-      already given and there is now real need to support these versions any
-      longer. As a consequence we now also could remove the CACHE_SESSIONS
-      #ifdef mess because  this was enabled for >= 0.8.0 since a long time.
-
-   *) Cleaned up the mess inside ap_config.h where TRUE, FALSE and BOOL
-      where globally defined even when they were only used my mod_ssl.  Now
-      all stuff mod_ssl needs is inside mod_ssl.h and not spread over the
-      Apache sources without need. I've also cleaned up the "uchar"
-      definition because this was defined only by coincidence. I've also
-      replaced ugly return 0's with return FALSE and -1 by UNSET when the
-      context was the one for UNSET (like for VerifyType). Additionally I
-      replaced some incorrect declarations (extern uid_t ap_user_id) by
-      including the correct header file (http_config_globals.h). In the same
-      spirit for cleaness I've replaced the numerical filedescriptor numbers
-      by the STDXX_FILENO aliases.
-
-   *) Fixed a nasty bug: When a startup error occured an exit() was done.
-      But an already started ssl_gcache program was not terminated because
-      the exit() doesn't give Apache a chance to cleanup the pools (where the
-      program is registered). Fixed by adding a bunch of ap_clear_pool()
-      calls before the exit() calls. Additionally some more missing exit()'s
-      were added to config checks. And last but not least a termination
-      message is now created by ssl_gcache when it is terminated so one now
-      see both the start and the termination of ssl_gcache program in the
-      logfiles.
- 
-   *) Replaced various sprintf()'s by the more safe and correct ap_snprintf()
-      variants. Same for fopen() and ap_pfopen() and other such functions.
- 
-   *) Prefixed all SSLeay function calls with __SSLeay to mark them
-      for reviewing. I'm still not happy with this long and ugly reading
-      prefix but need to use an initial one which doesn't conflict.
-      Additionally I've then grep'ed out all __SSLeay prefixed symbols,
-      sorted them by group and inserted them into a README which can help
-      identifiying the used SSLeay API functions. The whole intent is
-      just to make reviewing of the code more easier, because this is
-      really important for security related sources.
-
-   *) A lot of various minor cleanups and fixes: For instance I've corrected the
-      directive descriptions, added some descriptive source comments, etc.
-      Really to much of these minor cleanups to write them down, sorry.
- 
-   *) Added an FAQ file, assembled from some information found
-      on www.apache-ssl.org
-
-   *) Incorporated the changes between Apache-SSL 1.18-1.19
- 
-   *) Added back support for the old Apache 1.2 way of configuring and
-      building by placing the SSL_BASE into src/Configuration.tmpl and
-      providing steps in INSTALL, too.
-
-   *) Added a complete Apache-style mod_ssl.html document which describes all
-      mod_ssl directives in detail. I've also painted a nice mod_ssl logo out
-      of the old mod_rewrite logo parts and a safety lock which secures the
-      feather. The SSLeay logo is also part of the document to give credit.
-
-   *) Added a `configure' frontend script for easy applying the mod_ssl
-      source extension and patches to the Apache source tree. It also can
-      replace APACI's configure script by running it in the background.
-      Additionally a slightly changed GNU patch 2.1 tool is distributed under
-      aux/ subdir to make sure the source patching works reliable because
-      newer patches have problems with the apache.diff file and some systems
-      have no "patch" at all.
-
-   *) Split definitions from mod_ssl.c into own mod_ssl.h and converted all
-      source files to the Apache coding styles to be consistent with the
-      officially distributed Apache sources.
- 
-   *) Generation of a certificate is supported via top-level "make
-      certificate" which correctly finds SSLeay both when SSLeay tree is the
-      source tree or the installed tree.
- 
-   *) Added SSLNeedsSSL to config files and cleaned up the
-      SSL-related stuff at the end of httpd.conf-dist.
-
-   *) Out-of-the-box installation for a SSL-aware Apache is provided by
-      automatically installing the certificate and the ssl_gcache program.
-      Additionally the SSL-related directives in the extended httpd.conf file
-      is adjusted, so one immediately can fire up an SSL-aware httpd.
-
-   *) The name of the binary is now again "httpd" instead of the "httpsd"
-      because "httpsd" reads ugly and confuses APACI. And there is no real
-      need to distinguish between them, because one still can compile a
-      standard Apache even after mod_ssl was applied to the Apache source
-      tree. Or why isn't everybody using httppd just because mod_perl is
-      built in? Bingo!
- 
-   *) Added Apache 1.3 Autoconf-style Interface (APACI) support to
-      automatically enable the SSL module via --enable-module=ssl.  This also
-      triggers the MOD_PERL define, so without this APACI option you still
-      can build a standard Apache.
-
-   *) Use the official Apache 1.3 way of adding strings to the
-      HTTP Server header: via ap_add_version_component() instead of patching
-      the defines in httpd.h.  Additionally it now creates a header like
-      ``Server: Apache/1.3.1-dev (Unix) mod_ssl/2.0.0 SSLeay/0.9.0a'' i.e.
-      SSLeay is part of the Server header. Because SSLeay's version is more
-      important than mod_ssl's.
-
-   *) Removed all broken parts in the original Ben-SSL patch, for instance
-      incorrectly added newlines, incorrectly moved SecureWare, etc.
-
-   *) Removed nasty terminal messages like "Skip first time initialization",
-      "Launching ....", etc. These can be enabled in the future by using the
-      ap_log_error stuff.
-
-   *) Fixed incorrect log_ssl_info prototypes in mod_log_config.c from
-      Ben-SSL patch and fixed minor other things.
-
-   *) Cleaned up mod_ssl.c (formerly apache_ssl.c): removed unused variables
-      mod_ssl.c, added prototypes, moved extern prototypes. Actually I've
-      made it run quietly through ``gcc -Wall -Wshadow -Wpointer-arith
-      -Wcast-align -Wmissing-prototypes -Wmissing-declarations
-      -Wnested-externs -Winline'', etc.
-
-   *) Renamed apache_ssl.c to mod_ssl.c for consistency and also
-      to avoid problems inside APACI. Additionally the APACHE_SSL define was
-      renamed to MOD_SSL which is also consistent which the behaviour of
-      mod_perl which uses MOD_PERL.
-
-   *) *GENESIS*: Based the complete code on Ben Laurie's latest Apache-SSL
-      patch (Ben-SSL) version "apache_1.3.0+ssl_1.18". To avoid confusion and
-      to show that its second generation stuff the mod_ssl version starts
-      with 2.0.0. I've merged in all my previous work on Apache-SSL for
-      Apache 1.3b, i.e. especially the APACI stuff.
-
diff --git a/usr.sbin/httpd/src/Configuration b/usr.sbin/httpd/src/Configuration
deleted file mode 100644
index 62fb681c0dd..00000000000
--- a/usr.sbin/httpd/src/Configuration
+++ /dev/null
@@ -1,453 +0,0 @@
-# Config file for the Apache httpd.
-
-# Configuration.tmpl is the template for Configuration. Configuration should
-# be edited to select the modules to be included as well as various flags
-# for Makefile.
-
-# The template should only be changed when a new system or module is added,
-# or an existing one modified. This will also most likely require some minor
-# changes to Configure to recognize those changes.
-
-# There are 5 types of lines here:
-
-# '#' comments, distinguished by having a '#' as the first non-blank character
-#
-# Makefile options, such as CC=gcc, etc...
-#
-# Rules, distinguished by having "Rule" at the front. These are used to
-# control Configure's behavior as far as how to create Makefile.
-#
-# Module selection lines, distinguished by having 'AddModule' at the front.
-# These list the configured modules, in priority order (highest priority
-# last).  They're down at the bottom.
-#
-# Optional module selection lines, distinguished by having `%Module'
-# at the front.  These specify a module that is to be compiled in (but
-# not enabled).  The AddModule directive can be used to enable such a
-# module.  By default no such modules are defined.
-
-
-################################################################
-# Makefile configuration
-#
-# These are added to the general flags determined by Configure.
-# Edit these to work around Configure if needed. The EXTRA_* family
-# will be added to the regular Makefile flags. For example, if you
-# want to compile with -Wall, then add that to EXTRA_CFLAGS. These
-# will be added to whatever flags Configure determines as appropriate
-# and needed for your platform.
-#
-# You can also set the compiler (CC) and optimization (OPTIM) used here as
-# well.  Settings here have priority; If not set, Configure will attempt to
-# guess the C compiler, looking for gcc first, then cc.
-#
-# Optimization note: 
-# Be careful when adding optimization flags (like -O3 or -O6) on the OPTIM
-# entry, especially when using some GCC variants. Experience showed that using
-# these for compiling Apache is risky. If you don't want to see Apache dumping
-# core regularly then at most use -O or -O2.
-#
-# The EXTRA_DEPS can be used to add extra Makefile dependencies to external
-# files (for instance third-party libraries) for the httpd target. The effect
-# is that httpd is relinked when those files are changed.
-#
-EXTRA_CFLAGS=
-EXTRA_LDFLAGS=
-EXTRA_LIBS=
-EXTRA_INCLUDES=
-EXTRA_DEPS=
-
-#CC=
-#CPP=
-#OPTIM=
-#RANLIB=
-
-################################################################
-# Name of the installed Apache HTTP webserver.
-#
-#TARGET=
-
-################################################################
-# Dynamic Shared Object (DSO) support
-#
-# There is experimental support for compiling the Apache core and
-# the Apache modules into dynamic shared object (DSO) files for
-# maximum runtime flexibility.
-#
-# The Configure script currently has only limited built-in
-# knowledge on how to compile these DSO files because this is
-# heavily platform-dependent. The current state of supported and
-# explicitly unsupported platforms can be found in the file 
-# "htdocs/manual/dso.html", under "Supported Platforms".
-#
-# For other platforms where you want to use the DSO mechanism you
-# first have to make sure it supports the pragmatic dlopen()
-# system call and then you have to provide the appropriate
-# compiler and linker flags below to create the DSO files on your
-# particular platform.
-#
-# The placement of the Apache core into a DSO file is triggered
-# by the SHARED_CORE rule below while support for building
-# individual Apache Modules as DSO files and loading them under
-# runtime without recompilation is triggered by `SharedModule'
-# commands. To be able to use the latter one first enable the
-# module mod_so (see corresponding `AddModule' command below).
-# Then enable the DSO feature for particular modules individually
-# by replacing their `AddModule' command with `SharedModule' and
-# change the filename extension from `.o' to `.so'. 
-#
-# Sometimes the DSO files need to be linked against other shared
-# libraries to explicitly resolve symbols from them when the
-# httpd program not already contains references to them. For
-# instance when buidling mod_auth_db as a DSO you need to link
-# the DSO against the libdb explicity because the Apache kernel
-# has no references for this library. But the problem is that
-# this "chaining" is not supported on all platforms. Although one
-# usually can link a DSO against another DSO without linker
-# complains the linkage is not really done on these platforms.
-# So, when you receive "unresolved symbol" errors under runtime
-# when using the LoadModule directive for a particular module try
-# to enable the SHARED_CHAIN rule below.
-
-#CFLAGS_SHLIB=
-#LD_SHLIB=
-#LDFLAGS_SHLIB=
-#LDFLAGS_SHLIB_EXPORT=
-
-Rule SHARED_CORE=default
-Rule SHARED_CHAIN=default
-
-################################################################
-# Rules configuration
-#
-# These are used to let Configure know that we want certain
-# functions. The format is: Rule RULE=value
-#
-# At present, only the following RULES are known: WANTHSREGEX, SOCKS4,
-# SOCKS5, IRIXNIS, IRIXN32, PARANOID, and DEV_RANDOM.
-#
-# For all Rules except DEV_RANDOM, if set to "yes", then Configure knows
-# we want that capability and does what is required to add it in. If set
-# to "default" then Configure makes a "best guess"; if set to anything
-# else, or not present, then nothing is done.
-#
-# SOCKS4:
-#  If SOCKS4 is set to 'yes', be sure that you add the socks library
-#  location to EXTRA_LIBS, otherwise Configure will assume
-#  "-L/usr/local/lib -lsocks"
-#
-# SOCKS5:
-#  If SOCKS5 is set to 'yes', be sure that you add the socks5 library
-#  location to EXTRA_LIBS, otherwise Configure will assume
-#  "-L/usr/local/lib -lsocks5"
-#
-# IRIXNIS:
-#  Only takes effect if Configure determines that you are running
-#  SGI IRIX.  If you are using a (ancient) 4.x version of IRIX, you
-#  need this if you are using NIS and Apache needs access to it for
-#  things like mod_userdir.  This is not required on 5.x and later
-#  and you should not enable it on such systems.
-#
-# IRIXN32:
-#  If you are running a version of IRIX and Configure detects
-#  n32 libraries, it will use those instead of the o32 ones.
-#
-# PARANOID:
-#  New with version 1.3, during Configure modules can run
-#  pre-programmed shell commands in the same environment that
-#  Configure runs in. This allows modules to control how Configure
-#  works. Normally, Configure will simply note that a module
-#  is performing this function. If PARANOID is set to yes, it will
-#  actually print-out the code that the modules execute
-#
-# EXPAT:
-#  Include an Expat implementation into Apache for use by the
-#  modules. James Clark's Expat package (expat-lite) is bundled
-#  with Apache for the convenience of our users. The EXPAT rule
-#  determines which Expat implementation, if any, to use as follows:
-#
-#  Rule EXPAT=yes       : Use system Expat if available; otherwise
-#                         use bundled Expat (lib/expat-lite). If
-#                         neither exists the build will fail
-#  Rule EXPAT=no        : Don't include Expat at all
-#  Rule EXPAT=default   : If Expat can be found at the system or
-#                         in lib/expat-lite, use it; otherwise
-#                         skip it
-# 
-# CYGWIN_WINSOCK: 
-#  Use Win32 API system calls for socket communication instead 
-#  of Cygwin's POSIX.1 wrappers. This avoids the Cygwin specific
-#  implementation and uses the Win32 native calls. Should be faster
-#  and more reliable for high-load systems.  
-# 
-
-Rule SOCKS4=no
-Rule SOCKS5=no
-Rule IRIXNIS=no
-Rule IRIXN32=yes
-Rule PARANOID=no
-Rule EXPAT=default
-Rule CYGWIN_WINSOCK=no 
-
-# DEV_RANDOM:
-#  Note: this rule is only used when compiling mod_auth_digest.
-#  mod_auth_digest requires a cryptographically strong random seed for its
-#  random number generator. It knows two ways of getting this: 1) from
-#  a file or device (such as "/dev/random"), or 2) from the truerand
-#  library. If this rule is set to 'default' then Configure will choose
-#  to use /dev/random if it exists, else /dev/urandom if it exists,
-#  else the truerand library. To override this behaviour set DEV_RANDOM
-#  either to 'truerand' (to use the library) or to a device or file
-#  (e.g. '/dev/urandom'). If the truerand library is selected, Configure
-#  will assume "-L/usr/local/lib -lrand".
-Rule DEV_RANDOM=/dev/arandom
-
-# The following rules should be set automatically by Configure. However, if
-# they are not set by Configure (because we don't know the correct value for
-# your platform), or are set incorrectly, you may override them here.
-# If you have to do this, please let us know what you set and what your
-# platform is, by filling out a problem report form at the Apache web site:
-# <http://bugs.apache.org/>.  If your browser is forms-incapable, you
-# can get the information to us by sending mail to apache-bugs@apache.org.
-#
-# WANTHSREGEX:
-#  Apache requires a POSIX regex implementation. Henry Spencer's
-#  excellent regex package is included with Apache and can be used
-#  if desired. If your OS has a decent regex, you can elect to
-#  not use this one by setting WANTHSREGEX to 'no' or commenting
-#  out the Rule. The "default" action is "yes" unless overruled
-#  by OS specifics
-
-Rule WANTHSREGEX=default
-
-################################################################
-# Module configuration
-#
-# Modules are listed in reverse priority order --- the ones that come
-# later can override the behavior of those that come earlier.  This
-# can have visible effects; for instance, if UserDir followed Alias,
-# you couldn't alias out a particular user's home directory.
-
-# The configuration below is what we consider a decent default 
-# configuration.  If you want the functionality provided by a particular
-# module, remove the "#" sign at the beginning of the line. But remember, 
-# the more modules you compile into the server, the larger the executable
-# is and the more memory it will take, so if you are unlikely to use the
-# functionality of a particular module you might wish to leave it out.
-
-## mod_mmap_static is an experimental module, you almost certainly
-## don't need it.  It can make some webservers faster.  No further
-## documentation is provided here because you'd be foolish
-## to use mod_mmap_static without reading the full documentation.
-
-# AddModule modules/experimental/mod_mmap_static.o
-
-## mod_vhost_alias provides support for mass virtual hosting
-## by dynamically changing the document root and CGI directory
-## based on the host header or local IP address of the request.
-## See "../htdocs/manual/vhosts/mass.html".
-
-# AddModule modules/standard/mod_vhost_alias.o
-
-##
-## Config manipulation modules
-##
-## mod_env sets up additional or restricted environment variables to be
-## passed to CGI/SSI scripts.  It is listed first (lowest priority) since
-## it does not do per-request stuff.
-
-AddModule modules/standard/mod_env.o
-
-##
-## Request logging modules
-##
-
-AddModule modules/standard/mod_log_config.o
-
-## Optional modules for NCSA user-agent/referer logging compatibility
-## We recommend, however, that you just use the configurable access_log.
-
-# AddModule modules/standard/mod_log_agent.o
-# AddModule modules/standard/mod_log_referer.o
-
-##
-## Type checking modules
-##
-## mod_mime_magic determines the type of a file by examining a few bytes
-## of it and testing against a database of filetype signatures.  It is
-## based on the unix file(1) command.
-## mod_mime maps filename extensions to content types, encodings, and
-## "magic" type handlers (the latter is obsoleted by mod_actions, and
-## don't confuse it with the previous module).
-## mod_negotiation allows content selection based on the Accept* headers.
-
-# AddModule modules/standard/mod_mime_magic.o
-AddModule modules/standard/mod_mime.o
-AddModule modules/standard/mod_negotiation.o
-
-##
-## Content delivery modules
-##
-## The status module allows the server to display current details about 
-## how well it is performing and what it is doing.  Consider also enabling 
-## the 'ExtendedStatus On' directive to allow full status information.
-## Please note that doing so can result in a palpable performance hit.
-
-AddModule modules/standard/mod_status.o
-
-## The Info module displays configuration information for the server and 
-## all included modules. It's very useful for debugging.
-
-# AddModule modules/standard/mod_info.o
-
-## mod_include translates server-side include (SSI) statements in text files.
-## mod_autoindex handles requests for directories which have no index file
-## mod_dir handles requests on directories and directory index files.
-## mod_cgi handles CGI scripts.
-
-AddModule modules/standard/mod_include.o
-AddModule modules/standard/mod_autoindex.o
-AddModule modules/standard/mod_dir.o
-AddModule modules/standard/mod_cgi.o
-
-## The asis module implements ".asis" file types, which allow the embedding
-## of HTTP headers at the beginning of the document.  mod_imap handles internal 
-## imagemaps (no more cgi-bin/imagemap/!).  mod_actions is used to specify 
-## CGI scripts which act as "handlers" for particular files, for example to
-## automatically convert every GIF to another file type.
-
-AddModule modules/standard/mod_asis.o
-AddModule modules/standard/mod_imap.o
-AddModule modules/standard/mod_actions.o
-
-##
-## URL translation modules.
-##
-
-## The Speling module attempts to correct misspellings of URLs that
-## users might have entered, namely by checking capitalizations
-## or by allowing up to one misspelling (character insertion / omission /
-## transposition/typo). This catches the majority of misspelled requests.
-## If it finds a match, a "spelling corrected" redirection is returned.
-
-# AddModule modules/standard/mod_speling.o
-
-## The UserDir module for selecting resource directories by user name
-## and a common prefix, e.g., /~<user> , /usr/web/<user> , etc.
-
-AddModule modules/standard/mod_userdir.o
-
-## The Alias module provides simple URL translation and redirection.
-
-AddModule modules/standard/mod_alias.o
-
-## The URL rewriting module allows for powerful URI-to-URI and 
-## URI-to-filename mapping using a regular expression based 
-## rule-controlled rewriting engine.
-
-# AddModule modules/standard/mod_rewrite.o
-
-##
-## Access control and authentication modules. 
-##
-AddModule modules/standard/mod_access.o
-AddModule modules/standard/mod_auth.o
-
-## The anon_auth module allows for anonymous-FTP-style username/ 
-## password authentication.
-
-# AddModule modules/standard/mod_auth_anon.o
-
-## db_auth and dbm_auth work with Berkeley DB files - make sure there
-## is support for DBM files on your system.  You may need to grab the GNU
-## "gdbm" package if not and possibly adjust EXTRA_LIBS. (This may be
-## done by Configure at a later date)
-
-# AddModule modules/standard/mod_auth_dbm.o
-# AddModule modules/standard/mod_auth_db.o
-
-## "digest" implements HTTP Digest Authentication rather than the less 
-## secure Basic Auth used by the other modules.  This is the old version.
-
-# AddModule modules/standard/mod_digest.o
-
-## "auth_digest" implements HTTP/1.1 Digest Authentication (RFC 2617)
-## rather than the less secure Basic Auth used by the other modules.
-## This is an updated version of mod_digest, but it is not as well tested
-## and is therefore marked experimental.  Use either the one above, or
-## this one below, but not both digest modules.
-## Note: if you add this module in then you might also need the
-## truerand library (available for example from
-## ftp://research.att.com/dist/mab/librand.shar) - see the Rule
-## DEV_RANDOM above for more info.
-##
-## Must be added above (run later than) the proxy module because the
-## WWW-Authenticate and Proxy-Authenticate headers are parsed in the
-## post-read-request phase and it needs to know if this is a proxy request.
-
-# AddModule modules/experimental/mod_auth_digest.o
-
-## Optional Proxy
-##
-## The proxy module enables the server to act as a proxy for outside
-## http and ftp services. It's not as complete as it could be yet.
-## NOTE: You do not want this module UNLESS you are running a proxy;
-##       it is not needed for normal (origin server) operation.
-
-# AddModule modules/proxy/libproxy.a
-
-## Optional response header manipulation modules. 
-##
-## cern_meta mimics the behavior of the CERN web server with regards to 
-## metainformation files.  
-
-# AddModule modules/standard/mod_cern_meta.o
-
-## The expires module can apply Expires: headers to resources,
-## as a function of access time or modification time.
-
-# AddModule modules/standard/mod_expires.o
-
-## The headers module can set arbitrary HTTP response headers,
-## as configured in server, vhost, access.conf or .htaccess configs
-
-# AddModule modules/standard/mod_headers.o
-
-## Miscellaneous modules
-##
-## mod_usertrack is the new name for mod_cookies.  This module
-## uses Netscape cookies to automatically construct and log
-## click-trails from Netscape cookies, or compatible clients who
-## aren't coming in via proxy.   
-##
-## You do not need this, or any other module to allow your site
-## to use Cookies.  This module is for user tracking only
-
-# AddModule modules/standard/mod_usertrack.o
-
-## The example module, which demonstrates the use of the API.  See
-## the file modules/example/README for details.  This module should
-## only be used for testing -- DO NOT ENABLE IT on a production server.
-
-# AddModule modules/example/mod_example.o
-
-## mod_unique_id generates unique identifiers for each hit, which are
-## available in the environment variable UNIQUE_ID.  It may not work on all
-## systems, hence it is not included by default.
-
-# AddModule modules/standard/mod_unique_id.o
-
-## mod_so lets you add modules to Apache without recompiling.
-## This is an experimental feature at this stage and only supported 
-## on a subset of the platforms we generally support. 
-## Don't change this entry to a 'SharedModule' variant (Bootstrapping!)
-
-# AddModule modules/standard/mod_so.o
-
-## mod_setenvif lets you set environment variables based on the HTTP header
-## fields in the request; this is useful for conditional HTML, for example.
-## Since it is also used to detect buggy browsers for workarounds, it
-## should be the last (highest priority) module.
-
-AddModule modules/standard/mod_setenvif.o
-
diff --git a/usr.sbin/httpd/src/Configuration.tmpl b/usr.sbin/httpd/src/Configuration.tmpl
deleted file mode 100644
index f471d8d7545..00000000000
--- a/usr.sbin/httpd/src/Configuration.tmpl
+++ /dev/null
@@ -1,528 +0,0 @@
-# Config file for the Apache httpd.
-
-# Configuration.tmpl is the template for Configuration. Configuration should
-# be edited to select the modules to be included as well as various flags
-# for Makefile.
-
-# The template should only be changed when a new system or module is added,
-# or an existing one modified. This will also most likely require some minor
-# changes to Configure to recognize those changes.
-
-# There are 5 types of lines here:
-
-# '#' comments, distinguished by having a '#' as the first non-blank character
-#
-# Makefile options, such as CC=gcc, etc...
-#
-# Rules, distinguished by having "Rule" at the front. These are used to
-# control Configure's behavior as far as how to create Makefile.
-#
-# Module selection lines, distinguished by having 'AddModule' at the front.
-# These list the configured modules, in priority order (highest priority
-# last).  They're down at the bottom.
-#
-# Optional module selection lines, distinguished by having `%Module'
-# at the front.  These specify a module that is to be compiled in (but
-# not enabled).  The AddModule directive can be used to enable such a
-# module.  By default no such modules are defined.
-
-################################################################
-# SSL support:
-#
-# o Set SSL_BASE to either the directory of your OpenSSL source tree or the
-#   installation tree. Alternatively you can also use the value 'SYSTEM' which
-#   then indicates that OpenSSL is installed under various system locations.
-#
-# o Disable SSL_COMPAT rule to build mod_ssl without backward compatibility
-#   code for Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.x and Stronghold 2.x.
-#
-# o The SSL_SDBM rule controls whether the built-in SDBM library should be
-#   used instead of a custom defined or vendor supplied DBM library.  Use the
-#   value 'default' for automatic determination or use 'yes' to force the use
-#   of SDBM in case the vendor DBM library is buggy or restricts the data
-#   sizes too dramatically.
-#
-# o The SSL_EXPERIMENTAL rule can be used to enable still experimental code
-#   inside mod_ssl. These are usually new features which need some more
-#   testing before they can be considered stable. So, enable this on your own
-#   risk and only when you like to see Apache+mod_ssl dump core ;-)
-#
-# o The SSL_CONSERVATIVE rule can be used to disable some non-conservative
-#   code inside mod_ssl. These are usually recently introduced features 
-#   which some people still want to consider unstable. So, to be maximum 
-#   conservative, one can enable this flag and this way remove such code.
-#
-# o The SSL_VENDOR rule can be used to enable code inside mod_ssl which can be
-#   used by product vendors to extend mod_ssl via EAPI hooks without patching
-#   the source. Additionally ssl_vendor*.c source files are automatically
-#   picked up by the compilation process.
-
-#SSL_BASE=/usr/local/ssl
-Rule SSL_COMPAT=yes
-Rule SSL_SDBM=default
-Rule SSL_EXPERIMENTAL=no
-Rule SSL_CONSERVATIVE=no
-Rule SSL_VENDOR=no
-
-################################################################
-# Makefile configuration
-#
-# These are added to the general flags determined by Configure.
-# Edit these to work around Configure if needed. The EXTRA_* family
-# will be added to the regular Makefile flags. For example, if you
-# want to compile with -Wall, then add that to EXTRA_CFLAGS. These
-# will be added to whatever flags Configure determines as appropriate
-# and needed for your platform.
-#
-# You can also set the compiler (CC) and optimization (OPTIM) used here as
-# well.  Settings here have priority; If not set, Configure will attempt to
-# guess the C compiler, looking for gcc first, then cc.
-#
-# Optimization note: 
-# Be careful when adding optimization flags (like -O3 or -O6) on the OPTIM
-# entry, especially when using some GCC variants. Experience showed that using
-# these for compiling Apache is risky. If you don't want to see Apache dumping
-# core regularly then at most use -O or -O2.
-#
-# The EXTRA_DEPS can be used to add extra Makefile dependencies to external
-# files (for instance third-party libraries) for the httpd target. The effect
-# is that httpd is relinked when those files are changed.
-#
-EXTRA_CFLAGS=
-EXTRA_LDFLAGS=
-EXTRA_LIBS=
-EXTRA_INCLUDES=
-EXTRA_DEPS=
-
-#CC=
-#CPP=
-#OPTIM=
-#RANLIB=
-
-################################################################
-# Name of the installed Apache HTTP webserver.
-#
-#TARGET=
-
-################################################################
-# Extended API (EAPI) support:
-#
-# EAPI:
-#   The EAPI rule enables more module hooks, a generic low-level hook
-#   mechanism, a generic context mechanism and shared memory based pools. 
-#
-# EAPI_MM:
-#   Set the EAPI_MM variable to either the directory of a MM Shared Memory
-#   Library source tree or the installation tree of MM. Alternatively you can
-#   also use the value 'SYSTEM' which then indicates that MM is installed
-#   under various system locations. When the MM library files cannot be found
-#   the EAPI still can be built, but without shared memory pool support, of
-#   course.
-
-Rule EAPI=no
-#EAPI_MM=SYSTEM
-
-################################################################
-# Dynamic Shared Object (DSO) support
-#
-# There is experimental support for compiling the Apache core and
-# the Apache modules into dynamic shared object (DSO) files for
-# maximum runtime flexibility.
-#
-# The Configure script currently has only limited built-in
-# knowledge on how to compile these DSO files because this is
-# heavily platform-dependent. The current state of supported and
-# explicitly unsupported platforms can be found in the file 
-# "htdocs/manual/dso.html", under "Supported Platforms".
-#
-# For other platforms where you want to use the DSO mechanism you
-# first have to make sure it supports the pragmatic dlopen()
-# system call and then you have to provide the appropriate
-# compiler and linker flags below to create the DSO files on your
-# particular platform.
-#
-# The placement of the Apache core into a DSO file is triggered
-# by the SHARED_CORE rule below while support for building
-# individual Apache Modules as DSO files and loading them under
-# runtime without recompilation is triggered by `SharedModule'
-# commands. To be able to use the latter one first enable the
-# module mod_so (see corresponding `AddModule' command below).
-# Then enable the DSO feature for particular modules individually
-# by replacing their `AddModule' command with `SharedModule' and
-# change the filename extension from `.o' to `.so'. 
-#
-# Sometimes the DSO files need to be linked against other shared
-# libraries to explicitly resolve symbols from them when the
-# httpd program not already contains references to them. For
-# instance when buidling mod_auth_db as a DSO you need to link
-# the DSO against the libdb explicity because the Apache kernel
-# has no references for this library. But the problem is that
-# this "chaining" is not supported on all platforms. Although one
-# usually can link a DSO against another DSO without linker
-# complains the linkage is not really done on these platforms.
-# So, when you receive "unresolved symbol" errors under runtime
-# when using the LoadModule directive for a particular module try
-# to enable the SHARED_CHAIN rule below.
-
-#CFLAGS_SHLIB=
-#LD_SHLIB=
-#LDFLAGS_SHLIB=
-#LDFLAGS_SHLIB_EXPORT=
-
-Rule SHARED_CORE=default
-Rule SHARED_CHAIN=default
-
-################################################################
-# Rules configuration
-#
-# These are used to let Configure know that we want certain
-# functions. The format is: Rule RULE=value
-#
-# At present, only the following RULES are known: WANTHSREGEX, SOCKS4,
-# SOCKS5, IRIXNIS, IRIXN32, PARANOID, and DEV_RANDOM.
-#
-# For all Rules except DEV_RANDOM, if set to "yes", then Configure knows
-# we want that capability and does what is required to add it in. If set
-# to "default" then Configure makes a "best guess"; if set to anything
-# else, or not present, then nothing is done.
-#
-# SOCKS4:
-#  If SOCKS4 is set to 'yes', be sure that you add the socks library
-#  location to EXTRA_LIBS, otherwise Configure will assume
-#  "-L/usr/local/lib -lsocks"
-#
-# SOCKS5:
-#  If SOCKS5 is set to 'yes', be sure that you add the socks5 library
-#  location to EXTRA_LIBS, otherwise Configure will assume
-#  "-L/usr/local/lib -lsocks5"
-#
-# IRIXNIS:
-#  Only takes effect if Configure determines that you are running
-#  SGI IRIX.  If you are using a (ancient) 4.x version of IRIX, you
-#  need this if you are using NIS and Apache needs access to it for
-#  things like mod_userdir.  This is not required on 5.x and later
-#  and you should not enable it on such systems.
-#
-# IRIXN32:
-#  If you are running a version of IRIX and Configure detects
-#  n32 libraries, it will use those instead of the o32 ones.
-#
-# PARANOID:
-#  New with version 1.3, during Configure modules can run
-#  pre-programmed shell commands in the same environment that
-#  Configure runs in. This allows modules to control how Configure
-#  works. Normally, Configure will simply note that a module
-#  is performing this function. If PARANOID is set to yes, it will
-#  actually print-out the code that the modules execute
-#
-# EXPAT:
-#  Include an Expat implementation into Apache for use by the
-#  modules. James Clark's Expat package (expat-lite) is bundled
-#  with Apache for the convenience of our users. The EXPAT rule
-#  determines which Expat implementation, if any, to use as follows:
-#
-#  Rule EXPAT=yes       : Use system Expat if available; otherwise
-#                         use bundled Expat (lib/expat-lite). If
-#                         neither exists the build will fail
-#  Rule EXPAT=no        : Don't include Expat at all
-#  Rule EXPAT=default   : If Expat can be found at the system or
-#                         in lib/expat-lite, use it; otherwise
-#                         skip it
-# 
-# CYGWIN_WINSOCK: 
-#  Use Win32 API system calls for socket communication instead 
-#  of Cygwin's POSIX.1 wrappers. This avoids the Cygwin specific
-#  implementation and uses the Win32 native calls. Should be faster
-#  and more reliable for high-load systems.  
-# 
-# INET6:
-#  IPv6 support.
-#
-
-Rule SOCKS4=no
-Rule SOCKS5=no
-Rule IRIXNIS=no
-Rule IRIXN32=yes
-Rule PARANOID=no
-Rule EXPAT=default
-Rule CYGWIN_WINSOCK=no 
-Rule INET6=yes
-
-# DEV_RANDOM:
-#  Note: this rule is only used when compiling mod_auth_digest.
-#  mod_auth_digest requires a cryptographically strong random seed for its
-#  random number generator. It knows two ways of getting this: 1) from
-#  a file or device (such as "/dev/random"), or 2) from the truerand
-#  library. If this rule is set to 'default' then Configure will choose
-#  to use /dev/random if it exists, else /dev/urandom if it exists,
-#  else the truerand library. To override this behaviour set DEV_RANDOM
-#  either to 'truerand' (to use the library) or to a device or file
-#  (e.g. '/dev/urandom'). If the truerand library is selected, Configure
-#  will assume "-L/usr/local/lib -lrand".
-Rule DEV_RANDOM=/dev/arandom
-
-# The following rules should be set automatically by Configure. However, if
-# they are not set by Configure (because we don't know the correct value for
-# your platform), or are set incorrectly, you may override them here.
-# If you have to do this, please let us know what you set and what your
-# platform is, by filling out a problem report form at the Apache web site:
-# <http://bugs.apache.org/>.  If your browser is forms-incapable, you
-# can get the information to us by sending mail to apache-bugs@apache.org.
-#
-# WANTHSREGEX:
-#  Apache requires a POSIX regex implementation. Henry Spencer's
-#  excellent regex package is included with Apache and can be used
-#  if desired. If your OS has a decent regex, you can elect to
-#  not use this one by setting WANTHSREGEX to 'no' or commenting
-#  out the Rule. The "default" action is "yes" unless overruled
-#  by OS specifics
-
-Rule WANTHSREGEX=default
-
-################################################################
-# Module configuration
-#
-# Modules are listed in reverse priority order --- the ones that come
-# later can override the behavior of those that come earlier.  This
-# can have visible effects; for instance, if UserDir followed Alias,
-# you couldn't alias out a particular user's home directory.
-
-# The configuration below is what we consider a decent default 
-# configuration.  If you want the functionality provided by a particular
-# module, remove the "#" sign at the beginning of the line. But remember, 
-# the more modules you compile into the server, the larger the executable
-# is and the more memory it will take, so if you are unlikely to use the
-# functionality of a particular module you might wish to leave it out.
-
-## mod_mmap_static is an experimental module, you almost certainly
-## don't need it.  It can make some webservers faster.  No further
-## documentation is provided here because you'd be foolish
-## to use mod_mmap_static without reading the full documentation.
-
-# AddModule modules/experimental/mod_mmap_static.o
-
-## mod_vhost_alias provides support for mass virtual hosting
-## by dynamically changing the document root and CGI directory
-## based on the host header or local IP address of the request.
-## See "../htdocs/manual/vhosts/mass.html".
-
-# AddModule modules/standard/mod_vhost_alias.o
-
-##
-## Config manipulation modules
-##
-## mod_env sets up additional or restricted environment variables to be
-## passed to CGI/SSI scripts.  It is listed first (lowest priority) since
-## it does not do per-request stuff.
-
-AddModule modules/standard/mod_env.o
-
-## mod_define expands variables on arbitrary directive lines.
-## It requires Extended API (EAPI).
-
-# AddModule modules/extra/mod_define.o
-
-##
-## Request logging modules
-##
-
-AddModule modules/standard/mod_log_config.o
-
-## Optional modules for NCSA user-agent/referer logging compatibility
-## We recommend, however, that you just use the configurable access_log.
-
-# AddModule modules/standard/mod_log_agent.o
-# AddModule modules/standard/mod_log_referer.o
-
-##
-## Type checking modules
-##
-## mod_mime_magic determines the type of a file by examining a few bytes
-## of it and testing against a database of filetype signatures.  It is
-## based on the unix file(1) command.
-## mod_mime maps filename extensions to content types, encodings, and
-## "magic" type handlers (the latter is obsoleted by mod_actions, and
-## don't confuse it with the previous module).
-## mod_negotiation allows content selection based on the Accept* headers.
-
-# AddModule modules/standard/mod_mime_magic.o
-AddModule modules/standard/mod_mime.o
-AddModule modules/standard/mod_negotiation.o
-
-##
-## Content delivery modules
-##
-## The status module allows the server to display current details about 
-## how well it is performing and what it is doing.  Consider also enabling 
-## the 'ExtendedStatus On' directive to allow full status information.
-## Please note that doing so can result in a palpable performance hit.
-
-AddModule modules/standard/mod_status.o
-
-## The Info module displays configuration information for the server and 
-## all included modules. It's very useful for debugging.
-
-# AddModule modules/standard/mod_info.o
-
-## mod_include translates server-side include (SSI) statements in text files.
-## mod_autoindex handles requests for directories which have no index file
-## mod_dir handles requests on directories and directory index files.
-## mod_cgi handles CGI scripts.
-
-AddModule modules/standard/mod_include.o
-AddModule modules/standard/mod_autoindex.o
-AddModule modules/standard/mod_dir.o
-AddModule modules/standard/mod_cgi.o
-
-## The asis module implements ".asis" file types, which allow the embedding
-## of HTTP headers at the beginning of the document.  mod_imap handles internal 
-## imagemaps (no more cgi-bin/imagemap/!).  mod_actions is used to specify 
-## CGI scripts which act as "handlers" for particular files, for example to
-## automatically convert every GIF to another file type.
-
-AddModule modules/standard/mod_asis.o
-AddModule modules/standard/mod_imap.o
-AddModule modules/standard/mod_actions.o
-
-##
-## URL translation modules.
-##
-
-## The Speling module attempts to correct misspellings of URLs that
-## users might have entered, namely by checking capitalizations
-## or by allowing up to one misspelling (character insertion / omission /
-## transposition/typo). This catches the majority of misspelled requests.
-## If it finds a match, a "spelling corrected" redirection is returned.
-
-# AddModule modules/standard/mod_speling.o
-
-## The UserDir module for selecting resource directories by user name
-## and a common prefix, e.g., /~<user> , /usr/web/<user> , etc.
-
-AddModule modules/standard/mod_userdir.o
-
-## The Alias module provides simple URL translation and redirection.
-
-AddModule modules/standard/mod_alias.o
-
-## The URL rewriting module allows for powerful URI-to-URI and 
-## URI-to-filename mapping using a regular expression based 
-## rule-controlled rewriting engine.
-
-# AddModule modules/standard/mod_rewrite.o
-
-##
-## Access control and authentication modules. 
-##
-AddModule modules/standard/mod_access.o
-AddModule modules/standard/mod_auth.o
-
-## The anon_auth module allows for anonymous-FTP-style username/ 
-## password authentication.
-
-# AddModule modules/standard/mod_auth_anon.o
-
-## db_auth and dbm_auth work with Berkeley DB files - make sure there
-## is support for DBM files on your system.  You may need to grab the GNU
-## "gdbm" package if not and possibly adjust EXTRA_LIBS. (This may be
-## done by Configure at a later date)
-
-# AddModule modules/standard/mod_auth_dbm.o
-# AddModule modules/standard/mod_auth_db.o
-
-## "digest" implements HTTP Digest Authentication rather than the less 
-## secure Basic Auth used by the other modules.  This is the old version.
-
-# AddModule modules/standard/mod_digest.o
-
-## "auth_digest" implements HTTP/1.1 Digest Authentication (RFC 2617)
-## rather than the less secure Basic Auth used by the other modules.
-## This is an updated version of mod_digest, but it is not as well tested
-## and is therefore marked experimental.  Use either the one above, or
-## this one below, but not both digest modules.
-## Note: if you add this module in then you might also need the
-## truerand library (available for example from
-## ftp://research.att.com/dist/mab/librand.shar) - see the Rule
-## DEV_RANDOM above for more info.
-##
-## Must be added above (run later than) the proxy module because the
-## WWW-Authenticate and Proxy-Authenticate headers are parsed in the
-## post-read-request phase and it needs to know if this is a proxy request.
-
-# AddModule modules/experimental/mod_auth_digest.o
-
-## Optional Proxy
-##
-## The proxy module enables the server to act as a proxy for outside
-## http and ftp services. It's not as complete as it could be yet.
-## NOTE: You do not want this module UNLESS you are running a proxy;
-##       it is not needed for normal (origin server) operation.
-
-# AddModule modules/proxy/libproxy.a
-
-## Optional response header manipulation modules. 
-##
-## cern_meta mimics the behavior of the CERN web server with regards to 
-## metainformation files.  
-
-# AddModule modules/standard/mod_cern_meta.o
-
-## The expires module can apply Expires: headers to resources,
-## as a function of access time or modification time.
-
-# AddModule modules/standard/mod_expires.o
-
-## The headers module can set arbitrary HTTP response headers,
-## as configured in server, vhost, access.conf or .htaccess configs
-
-# AddModule modules/standard/mod_headers.o
-
-## Miscellaneous modules
-##
-## mod_usertrack is the new name for mod_cookies.  This module
-## uses Netscape cookies to automatically construct and log
-## click-trails from Netscape cookies, or compatible clients who
-## aren't coming in via proxy.   
-##
-## You do not need this, or any other module to allow your site
-## to use Cookies.  This module is for user tracking only
-
-# AddModule modules/standard/mod_usertrack.o
-
-## The example module, which demonstrates the use of the API.  See
-## the file modules/example/README for details.  This module should
-## only be used for testing -- DO NOT ENABLE IT on a production server.
-
-# AddModule modules/example/mod_example.o
-
-## mod_unique_id generates unique identifiers for each hit, which are
-## available in the environment variable UNIQUE_ID.  It may not work on all
-## systems, hence it is not included by default.
-
-# AddModule modules/standard/mod_unique_id.o
-
-## mod_so lets you add modules to Apache without recompiling.
-## This is an experimental feature at this stage and only supported 
-## on a subset of the platforms we generally support. 
-## Don't change this entry to a 'SharedModule' variant (Bootstrapping!)
-
-# AddModule modules/standard/mod_so.o
-
-## mod_setenvif lets you set environment variables based on the HTTP header
-## fields in the request; this is useful for conditional HTML, for example.
-## Since it is also used to detect buggy browsers for workarounds, it
-## should be the last (highest priority) module.
-
-AddModule modules/standard/mod_setenvif.o
-
-## mod_keynote adds RFC 2704 KeyNote-based authentication support.
-## It requires that mod_ssl also be configured in order to function.
-
-# AddModule modules/keynote/mod_keynote.o
-
-## mod_ssl incorporates SSL into Apache.
-## It must stay last here to be first in execution to 
-## fake basic authorization.
-
-# AddModule modules/ssl/libssl.a
-
diff --git a/usr.sbin/httpd/src/Configure b/usr.sbin/httpd/src/Configure
deleted file mode 100644
index 62b8d1aebd7..00000000000
--- a/usr.sbin/httpd/src/Configure
+++ /dev/null
@@ -1,2649 +0,0 @@
-#!/bin/sh
-# $OpenBSD: Configure,v 1.29 2010/05/05 11:58:27 kettenis Exp $
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## <http://www.apache.org/>.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-
-
-
-# Uses 6 supplemental scripts located in ./helpers:
-#	CutRule: Determines the value for a specified Rule
-#	GuessOS: Uses uname to determine OS/platform
-#	PrintPath: generic "type" or "whence" replacement
-#	TestCompile: Can check for libs and if $(CC) is ANSI
-#	 (i.e., a simple "sanity check")
-#	mfhead:
-#	fp2rp:
-#	slo.sh:
-
-LANG=C; export LANG
-exitcode=0
-trap 'rm -f $tmpfile $tmpfile2 $tmpfile3 $tmpconfig $awkfile; exit $exitcode' 0 1 2 3 15
-
-####################################################################
-## Set up some defaults
-##
-file=Configuration
-tmpfile=htconf.$$
-tmpfile2=$tmpfile.2
-tmpfile3=$tmpfile.3
-awkfile=$tmpfile.4
-tmpconfig=$tmpfile.5
-SUBDIRS="ap main"
-APLIBDIRS=""
-SHELL=/bin/sh
-
-####################################################################
-## Now handle any arguments, which, for now, is -file
-## to select an alternate Configuration file and -v
-## to turn on verbose mode
-##
-while [ "x$1" != "x" ]; do
-  if [ "x$1" = "x-v" ] ; then
-    shift 1;
-    vflag="-v";
-  fi
-  if [ "x$1" = "x-file" ] ; then
-    shift 1; file=$1; shift 1
-    if [ ! -r $file ]; then
-      echo "$file does not exist or is not readable."
-      exitcode=1
-      exit 1
-    fi
-  else
-    echo "ERROR: Bad command line option '$1'"
-    echo "  Please read the file INSTALL."
-    exit 1
-  fi
-done
-if [ ! -r $file ]; then
-  echo "Can't see or read \"$file\""
-  echo "Please copy Configuration.tmpl to $file, edit it for your platform,"
-  echo "and re-run $0 again."
-  exitcode=1
-  exit 1
-fi
-
-####################################################################
-## Now see if Configuration.tmpl is more recent than $file. If
-## so, then we complain and bail out
-##
-if ls -lt $file Configuration.tmpl | head -1 | \
-  grep 'Configuration.tmpl' > /dev/null
-then
-  echo "Configuration.tmpl is more recent than $file;"
-  echo "Make sure that $file is valid and, if it is, simply"
-  echo "'touch $file' and re-run $0 again."
-  exitcode=1
-  exit 1
-fi
-
-echo "Using config file: $file"
-
-####################################################################
-## From the Configuration file, create a "cleaned-up" version
-## that's easy to scan
-##
-
-# Strip comments and blank lines, remove whitespace around
-# "=" assignments, change Rules to comments and then remove whitespace
-# before Module declarations
-sed 's/#.*//' $file | \
- sed '/^[ 	]*$/d' | \
- sed 's/[ 	]*$//' | \
- sed 's/[ 	]*=[ 	]*/=/' | \
- sed '/^Rule[ 	]*/d' | \
- sed 's/^[ 	]*AddModule/AddModule/' | \
- sed 's/^[ 	]*%AddModule/%AddModule/' | \
- sed 's/^[ 	]*SharedModule/SharedModule/' | \
- sed 's/^[ 	]*Module/Module/' | \
- sed 's/^[ 	]*%Module/%Module/' > $tmpfile
-
-# Determine if shared objects are used
-using_shlib=`grep  '^SharedModule' $tmpfile >/dev/null && echo 1`
-
-# But perhaps later via apxs when just mod_so is compiled in!
-if [ "x$using_shlib" = "x" ]; then
-    using_shlib=`grep  '^AddModule modules/standard/mod_so.o' $tmpfile >/dev/null && echo 1`
-fi
-
-# Only "assignment" ("=") statements and Module lines
-# should be left at this point. If there is other stuff
-# we bail out
-if egrep -v '^%?Module[ 	]+[A-Za-z0-9_]+[ 	]+[^ 	]+$' $tmpfile \
- | egrep -v '^%?AddModule[ 	]+[^ 	]+$' \
- | egrep -v '^SharedModule[ 	]+[^ 	]+$' \
- | grep -v = > /dev/null
-then
-  echo "Syntax error --- The configuration file is used only to"
-  echo "define the list of included modules or to set Makefile"
-  echo "options or Configure rules, and I don't see that at all:"
-  egrep -v '^%?Module[ 	]+[A-Za-z0-9_]+[ 	]+[^ 	]+$' $tmpfile \
-   | egrep -v '^%?AddModule[ 	]+[^ 	]+$'  \
-   | egrep -v '^%?SharedModule[ 	]+[^ 	]+$'  \
-   | grep -v =
-  exitcode=1
-  exit 1
-fi
-
-####################################################################
-## If we find the directory /usr/local/etc/httpd and there is
-## no HTTPD_ROOT flag set in the Configuration file we assume
-## that the user was using the old default root directory
-## and issue a notice about it.
-##
-if [ "x$file" != "xConfiguration.apaci" ]
-then
-  if [ -d /usr/local/etc/httpd/ ]
-  then
-    if egrep '^EXTRA_CFLAGS.*HTTPD_ROOT' $file >/dev/null
-    then
-      :
-    else
-      echo " | Please note that the default httpd root directory has changed"
-      echo " | from '/usr/local/etc/httpd/' to '/usr/local/apache/.'"
-      echo " | You may add '-DHTTPD_ROOT=\\\"/usr/local/etc/httpd\\\"' to EXTRA_CFLAGS"
-      echo " | in your Configuration file (and re-run Configure) or start"
-      echo " | httpd with the option '-d /usr/local/etc/httpd' if you still"
-      echo " | want to use the old root directory for your server."
-    fi
-  fi
-fi
-
-####################################################################
-## Start creating the Makefile. We add some comments and
-## then fold in the modules that were included in Configuration
-##
-echo "Creating Makefile"
-${SHELL} helpers/mfhead . $file > Makefile
-
-####################################################################
-## Now we create a stub file, called Makefile.config, which
-## just includes those assignments (eg: CC=gcc) in Configuration
-##
-awk >Makefile.config <$tmpfile '
-    BEGIN {
-	print "##"
-	print "##  Inherited Makefile options from Configure script"
-	print "##  (Begin of automatically generated section)"
-	print "##"
-	print "SRCDIR=."
-    } 
-    /\=/ { print } 
-    '
-
-####################################################################
-## Extract the rules.
-##
-RULE_WANTHSREGEX=`${SHELL} helpers/CutRule WANTHSREGEX $file`
-RULE_STATUS=`${SHELL} helpers/CutRule STATUS $file`
-RULE_SOCKS4=`${SHELL} helpers/CutRule SOCKS4 $file`
-RULE_SOCKS5=`${SHELL} helpers/CutRule SOCKS5 $file`
-RULE_IRIXNIS=`${SHELL} helpers/CutRule IRIXNIS $file`
-RULE_IRIXN32=`${SHELL} helpers/CutRule IRIXN32 $file`
-RULE_PARANOID=`${SHELL} helpers/CutRule PARANOID $file`
-RULE_EXPAT=`${SHELL} helpers/CutRule EXPAT $file`
-RULE_CYGWIN_WINSOCK=`${SHELL} helpers/CutRule CYGWIN_WINSOCK $file` 
-RULE_SHARED_CORE=`${SHELL} helpers/CutRule SHARED_CORE $file`
-RULE_SHARED_CHAIN=`${SHELL} helpers/CutRule SHARED_CHAIN $file`
-RULE_INET6=`${SHELL} helpers/CutRule INET6 $file`
-
-####################################################################
-## Rule SHARED_CORE implies required DSO support
-##
-if [ "x$RULE_SHARED_CORE" = "xyes" ]; then
-	using_shlib=1
-fi
-
-####################################################################
-## Preset some "constants";
-## can be overridden on a per-platform basis below.
-##
-DBM_LIB="-ldbm"
-DB_LIB="-ldb"
-SHELL="/bin/sh"
-SUBTARGET="target_static"
-SHLIB_SUFFIX_NAME=""
-SHLIB_SUFFIX_LIST=""
-CAT="cat"
-
-####################################################################
-## Now we determine the OS/Platform automagically, thanks to
-## GuessOS, a home-brewed OS-determiner ala config.guess
-##
-## We adjust CFLAGS, LIBS, LDFLAGS and INCLUDES (and other Makefile
-## options) as required. Setting CC and OPTIM here has no effect
-## if they were set in Configure.
-##
-## Also, we set DEF_WANTHSREGEX and to the appropriate
-## value for each platform.
-##
-## As more PLATFORMs are added to Configuration.tmpl, be sure to
-## add the required lines below.
-##
-SHELL="/bin/sh"
-PLAT=`${SHELL} helpers/GuessOS`
-OSDIR="os/unix"
-
-case "$PLAT" in
-    *mint)
-	OS="MiNT"
-	CFLAGS="-DMINT"
-	LIBS="$LIBS -lportlib -lsocket"
-	DEF_WANTHSREGEX=yes
-	;;
-    *MPE/iX*)
-	export OS='MPE/iX'
-	OSDIR='os/mpeix'
-	CFLAGS="$CFLAGS -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE"
-	LIBS="$LIBS -lsocket -lsvipc -lcurses"
-	LDFLAGS="$LDFLAGS -Xlinker \"-WL,cap=ia,ba,ph;nmstack=1024000\""
-	CAT="/bin/cat" # built-in cat is badly broken for stdin redirection
-	;;
-    *-apple-aux3*)
-	OS='A/UX 3.1.x'
-	CFLAGS="$CFLAGS -DAUX3 -D_POSIX_SOURCE"
-	LIBS="$LIBS -lposix -lbsd"
-	LDFLAGS="$LDFLAGS -s"
-	DEF_WANTHSREGEX=no
-	;;
-    i386-ibm-aix*)
-	OS='IBM AIX PS/2'
-	CFLAGS="$CFLAGS -DAIX=100 -U__STR__ -DUSEBCOPY"
-	DEF_WANTHSREGEX=no
-	;;
-    ia64-ibm-aix*)
-       OS='IBM AIX IA64'
-       CFLAGS="$CFLAGS -DAIXIA64 -U__STR__"
-       LDFLAGS="$LDFLAGS -lm"
-       RULE_SHARED_CORE=no
-       DEF_SHARED_CORE=no
-       ;;
-    *-ibm-aix[1-2].*)
-	OS='IBM AIX 1.x/2.x'
-	CFLAGS="$CFLAGS -DAIX=100 -DNEED_RLIM_T -U__STR__"
-	;;
-    *-ibm-aix3.*)
-	OS='IBM AIX 3.x'
-	CFLAGS="$CFLAGS -DAIX=300 -DNEED_RLIM_T -U__STR__"
-	;;
-    *-ibm-aix[45678].*)
-        PLATOSVERS=`echo $PLAT | sed 's/^.*ibm-aix//'`
-        OS="AIX $PLATOSVERS"
-        PLATOSVERSNUM=`echo $PLATOSVERS | sed 's/\.//'`
-        if test $PLATOSVERSNUM -ge 43; then
-            PLATOSVERSNUM=`oslevel | sed 's/\.//g' | sed 's/.$//'`
-        else
-            PLATOSVERSNUM="$PLATOSVERSNUM"0
-        fi
-        # PLATOSVERSNUM is a three digit number at this point
-        CFLAGS="$CFLAGS -DAIX=$PLATOSVERSNUM -U__STR__"
-        if test $PLATOSVERSNUM -lt 420; then
-            CFLAGS="$CFLAGS -DNEED_RLIM_T"
-        fi
-        if test $PLATOSVERSNUM -ge 420; then
-            LDFLAGS="$LDFLAGS -lm"
-        fi
-        if test $PLATOSVERSNUM -ge 430; then
-            LDFLAGS="$LDFLAGS -lpthread"
-            RULE_SHARED_CORE=no
-            DEF_SHARED_CORE=no
-        fi
-        ;;
-    *-ibm-aix*)
-	OS='IBM AIX'
-	CFLAGS="$CFLAGS -DAIX=100 -U__STR__"
-	LDFLAGS="$LDFLAGS -lm"
-	;;
-    *-apollo-*)
-	OS='Apollo Domain'
-	CFLAGS="$CFLAGS -DAPOLLO"
-	;;
-    *-dg-dgux*)
-	OS='DG/UX 5.4'
-	CFLAGS="$CFLAGS -DDGUX"
-	DEF_WANTHSREGEX=yes
-	;;
-    *OS/2*)
-	OSDIR="os/os2"
-	DEF_WANTHSREGEX=yes
-	OS='EMX OS/2'
-	CFLAGS="$CFLAGS -DOS2 -DTCPIPV4 -g -Zmt"
-	LDFLAGS="$LDFLAGS -Zexe -Zmtd -Zsysv-signals -Zbin-files"
-	LIBS="$LIBS -lsocket -lufc -lbsd"
-	DBM_LIB="-lgdbm"
-	SHELL=sh
-	;;
-    *-hi-hiux)
-	OS='HI-UX'
-	CFLAGS="$CFLAGS -DHIUX"
-	;;
-    *-hp*-hpux11.*)
-	OS='HP-UX 11'
-	CFLAGS="$CFLAGS -DHPUX11"
-	RANLIB="/bin/true"
-	LIBS="$LIBS -lm -lpthread"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-hp*-hpux10.*)
-	OS='HP-UX 10'
-	CFLAGS="$CFLAGS -DHPUX10"
-	RANLIB="/bin/true"
- 	case "$PLAT" in
- 	  *-hp-hpux10.01)
-	       # We know this is a problem in 10.01.
-	       # Not a problem in 10.20.  Otherwise, who knows?
-	       CFLAGS="$CFLAGS -DSELECT_NEEDS_CAST"
-	       ;;	     
- 	esac
-	DEF_WANTHSREGEX=yes
-	;;
-    *-hp*-hpux*)
-	OS='HP-UX'
-	CFLAGS="$CFLAGS -DHPUX"
-	RANLIB="/bin/true"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lm"
-	;;
-    *-sgi-irix64)
-	# Note: We'd like to see patches to compile 64-bit, but for now...
-	echo "You are running 64-bit Irix. For now, we will compile 32-bit"
-	echo "but if you would care to port to 64-bit, send us the patches."
-	DEF_WANTHSREGEX=yes
-	DBM_LIB=""
-	if [ "x$RULE_IRIXNIS" = "xyes" ]; then
-	    OS='SGI IRIX-64 w/NIS'
-	    CFLAGS="$CFLAGS -DIRIX"
-	    LIBS="$LIBS -lsun"
-	else
-	    OS='SGI IRIX-64'
-	    CFLAGS="$CFLAGS -DIRIX"
-	fi
-	;;
-    *-sgi-irix32)
-	DEF_WANTHSREGEX=yes
-	DBM_LIB=""
-	if [ "x$RULE_IRIXN32" = "xyes" ]; then
-	    if [ "x$RULE_IRIXNIS" = "xyes" ]; then
-		OS='SGI IRIX-32 w/NIS'
-	    else
-		OS='SGI IRIX-32'
-	    fi
-	else
-	    if [ "x$RULE_IRIXNIS" = "xyes" ]; then
-		OS='SGI IRIX w/NIS'
-	    else
-		OS='SGI IRIX'
-	    fi
-	fi
-	CC='cc'
-	CFLAGS="$CFLAGS -DIRIX"
-	;;
-    *-sgi-irix)
-	DEF_WANTHSREGEX=yes
-	DBM_LIB=""
-	if [ "x$RULE_IRIXNIS" = "xyes" ]; then
-	    OS='SGI IRIX w/NIS'
-	    CFLAGS="$CFLAGS -DIRIX"
-	    LIBS="$LIBS -lsun"
-	else
-	    OS='SGI IRIX'
-	    CFLAGS="$CFLAGS -DIRIX"
-	fi
-	;;
-    *-linux20)
-	DEF_WANTHSREGEX=yes
-	OS='Linux'
-	CFLAGS="$CFLAGS -DLINUX=20"
-	LIBS="$LIBS -lm"
-	;;
-    *-linux22)
-        # This handles linux 2.2 and above (2.4, ...)
-	DEF_WANTHSREGEX=yes
-	OS='Linux'
-	CFLAGS="$CFLAGS -DLINUX=22"
-	LIBS="$LIBS -lm"
-	;;
-    *-GNU*)
-	DEF_WANTHSREGEX=yes
-	OS='GNU/Hurd'
-	CFLAGS="$CFLAGS -DHURD"
-	LIBS="$LIBS -lm -lcrypt"
-	;;
-    *-linux1)
-	DEF_WANTHSREGEX=yes
-	OS='Linux'
-	CFLAGS="$CFLAGS -DLINUX=1"
-	;;
-    *-lynx-lynxos)
-	OS='LynxOS 2.x'
-	CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__ -DLYNXOS"
-	LIBS="$LIBS -lbsd -lcrypt"
-	DEF_WANTHSREGEX=yes
-	;;
-    *486-*-bsdi*)
-	OS='BSDI w/486'
-	CFLAGS="$CFLAGS -m486"
-	DBM_LIB=""
-	DB_LIB=""
-	;;
-    *-bsdi3)
-        if [ "x$using_shlib" = "x1" ] ; then
-            CC="shlicc2"
-        fi
-        ;;
-    *-bsdi*)
-	OS='BSDI'
-	DBM_LIB=""
-	DB_LIB=""
-	;;
-    *-netbsd*)
-	OS='NetBSD'
-	CFLAGS="$CFLAGS -DNETBSD"
-	LIBS="$LIBS -lcrypt"
-	DBM_LIB=""
-	DB_LIB=""
-	DEF_WANTHSREGEX=no
-	;;
-    *-freebsd*)
-    	PLATOSVERS=`echo $PLAT | sed 's/^.*freebsd//'`
-	OS="FreeBSD $PLATOSVERS"
-	case "$PLATOSVERS" in
-	    [2345]*)
-		DEF_WANTHSREGEX=no
-		CFLAGS="$CFLAGS -funsigned-char"
-		;;
-	esac
-	LIBS="$LIBS -lcrypt"
-	DBM_LIB=""
-	DB_LIB=""
-	;;
-    *-openbsd*)
-	OS='OpenBSD'
-	DBM_LIB=""
-	DB_LIB=""
-	DEF_WANTHSREGEX=no
-	;;
-    *-next-nextstep*)
-	OS='NeXTStep'
-	OPTIM='-O'
-	CFLAGS="$CFLAGS -DNEXT"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-next-openstep*)
-	OS='OpenStep/Mach'
-	CC='cc'
-	OPTIM='-O'
-	CFLAGS="$CFLAGS -DNEXT"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-apple-rhapsody*)
-	OS='Mac OS X Server'
-	CFLAGS="$CFLAGS -DDARWIN -DMAC_OS_X_SERVER"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-apple-darwin*)
-	OS='Darwin'
-	CFLAGS="$CFLAGS -DDARWIN"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-dec-osf*)
-	OS='DEC OSF/1'
-	CFLAGS="$CFLAGS -DOSF1"
-	LIBS="$LIBS -lm"
-	;;
-    *-qnx)
-	OS='QNX'
-	CFLAGS="$CFLAGS -DQNX"
-	LIBS="$LIBS -N128k -lsocket -lunix"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-qnx32)
-        CC='cc -F'
-	OS='QNX32'
-	CFLAGS="$CFLAGS -DQNX -mf -3"
-	LIBS="$LIBS -N128k -lsocket -lunix"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-isc4*)
-	OS='ISC 4'
-	CC='gcc'
-	CFLAGS="$CFLAGS -posix -DISC"
-	LDFLAGS="$LDFLAGS -posix"
-	LIBS="$LIBS -linet"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-sco3*)
-	OS='SCO 3'
-	CFLAGS="$CFLAGS -DSCO -Oacgiltz"
-	LIBS="$LIBS -lPW -lsocket -lmalloc -lcrypt_i"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-sco5*)
-	OS='SCO 5'
-	CFLAGS="$CFLAGS -DSCO5"
-	LIBS="$LIBS -lsocket -lmalloc -lprot -ltinfo -lx -lm"
-	DEF_WANTHSREGEX=no
-	;;
-    *-sco_sv*|*-SCO_SV*)
-	OS='SCO SV'
-	CFLAGS="$CFLAGS -DSCO"
-	LIBS="$LIBS -lPW -lsocket -lmalloc -lcrypt_i"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-solaris2*)
-    	PLATOSVERS=`echo $PLAT | sed 's/^.*solaris2.//'`
-	OS="Solaris $PLATOSVERS"
-	CFLAGS="$CFLAGS -DSOLARIS2=$PLATOSVERS"
-	LIBS="$LIBS -lsocket -lnsl -lpthread"
-	DBM_LIB=""
-	case "$PLATOSVERS" in
-	    2[01234]*)
-		DEF_WANTHSREGEX=yes
-		;;
-	    *)
-		DEF_WANTHSREGEX=no
-		;;
-	esac
-	;;
-    *-sunos4*)
-	OS='SunOS 4'
-	CFLAGS="$CFLAGS -DSUNOS4 -DUSEBCOPY"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-unixware1)
-	DEF_WANTHSREGEX=yes
-	OS='UnixWare 1.x'
-	CFLAGS="$CFLAGS -DUW=100"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt"
-	;;
-    *-unixware2)
-	DEF_WANTHSREGEX=yes
-	OS='UnixWare 2.x'
-	CFLAGS="$CFLAGS -DUW=200"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen"
-	;;
-    *-unixware211)
-	OS='UnixWare 2.1.1'
-	CFLAGS="$CFLAGS -DUW=211"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen"
-	;;
-    *-unixware212)
-	OS='UnixWare 2.1.2'
-	CFLAGS="$CFLAGS -DUW=212"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen"
-	DBM_LIB=""
-	;;
-    *-unixware7)
-	OS='UnixWare 7'
-	CFLAGS="$CFLAGS -DUW=700"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv"
-	DBM_LIB=""
-	;;
-    *-OpenUNIX)
-	OS='OpenUNIX'
-	CFLAGS="$CFLAGS -DUW=800"
-	LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv"
-	DBM_LIB=""
-	;;
-    maxion-*-sysv4*)
-    	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc -lgen"
-	;;
-    *-*-powermax*)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lgen"
-	LD_SHLIB='cc'
-	LDFLAGS_SHLIB="-Zlink=so"
-	LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	LDFLAGS_SHLIB_EXPORT="-Zlink=dynamic -Wl,-Bexport"
-	CFLAGS_SHLIB='-Zpic'
-	;;
-    TPF)
-       OS='TPF'
-       OSDIR='os/tpf'
-       CC='c89'
-       CFLAGS="$CFLAGS -DTPF -DCHARSET_EBCDIC -D_POSIX_SOURCE"
-       DEF_WANTHSREGEX=yes
-       LIBS="$LIBS"
-       SUBTARGET="target_compile_only"
-       ;;
-    BS2000*-siemens-sysv4*)
-	OS='BS2000'
-	OSDIR='os/bs2000'
-	# If you are using a CPP before V3.0, delete the -Kno_integer_overflow flag
-	CC='c89 -XLLML -XLLMK -XL -Kno_integer_overflow'
-	CFLAGS="$CFLAGS -DCHARSET_EBCDIC -DSVR4 -D_XPG_IV"
-	DEF_WANTHSREGEX=yes
-	DBM_LIB=""
-	;;
-    *-siemens-sysv4*)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4 -D_XPG_IV -DHAS_DLFCN -DUSE_MMAP_FILES -DNEED_UNION_SEMUN"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	DBM_LIB=""
-	;;
-    pyramid-pyramid-svr4)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4 -DNO_LONG_DOUBLE"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    DS/90\ 7000-*-sysv4*)
-	OS='UXP/DS'
-	CFLAGS="$CFLAGS -DUXPDS"
-	LIBS="$LIBS -lsocket -lnsl"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-tandem-sysv4*)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4"
-	LIBS="$LIBS -lsocket -lnsl"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-ncr-sysv4)
-	OS='NCR MP/RAS'
-	CFLAGS="$CFLAGS -DSVR4 -DMPRAS"
-	LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-sysv4*)
-	OS='SVR4'
-	CFLAGS="$CFLAGS -DSVR4"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    88k-encore-sysv4)
-	OS='Encore UMAX V'
-	CFLAGS="$CFLAGS -DSVR4 -DENCORE"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lPW"
-	;;
-    *-uts*)
-	PLATOSVERS=`echo $PLAT | sed 's/^.*,//'`
-	OS='Amdahl UTS $PLATOSVERS'
-	case "$PLATOSVERS" in
-	    2*) CFLAGS="$CFLAGS -Xa -eft -DUTS21 -DUSEBCOPY"
-	        LIBS="$LIBS -lsocket -lbsd -la"
-	        DEF_WANTHSREGEX=yes
-	        ;;
-	    *)  CFLAGS="$CFLAGS -Xa -DSVR4"
-	        LIBS="$LIBS -lsocket -lnsl"
-	        ;;
-	esac
-	;;
-    *-ultrix)
-	OS='ULTRIX'
-	CFLAGS="-DULTRIX"
-	DEF_WANTHSREGEX=yes
-	SHELL="/bin/sh5"
-	;;
-    *powerpc-tenon-machten*)
-	OS='MachTen PPC'
-	LDFLAGS="$LDFLAGS -Xlstack=0x14000 -Xldelcsect"
-	;;
-    *-machten*)
-	OS='MachTen 68K'
-	LDFLAGS="$LDFLAGS -stack 0x14000"
-	DEF_WANTHSREGEX=yes
-	;;
-    *convex-v11*)
-	OS='CONVEXOS11'
-	CFLAGS="$CFLAGS -ext -DCONVEXOS11"
-	OPTIM="-O1" # scalar optimization only
-	CC='cc'
-	DEF_WANTHSREGEX=yes
-	;;
-    i860-intel-osf1)
-	DEF_WANTHSREGEX=yes
-	OS='Paragon OSF/1'
-	CFLAGS="$CFLAGS -DPARAGON"
-	;;
-    *-sequent-ptx2.*.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v2.*.*'
-	CFLAGS="$CFLAGS -DSEQUENT=20 -Wc,-pw"
-	LIBS="$LIBS -lsocket -linet -lnsl -lc -lseq"
-	;;
-    *-sequent-ptx4.0.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v4.0.*'
-	CFLAGS="$CFLAGS -DSEQUENT=40 -Wc,-pw"
-	LIBS="$LIBS -lsocket -linet -lnsl -lc"
-	;;
-    *-sequent-ptx4.[123].*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v4.1.*/v4.2.*'
-	CFLAGS="$CFLAGS -DSEQUENT=41 -Wc,-pw"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    *-sequent-ptx4.4.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v4.4.*'
-	CFLAGS="$CFLAGS -DSEQUENT=44 -Wc,-pw"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    *-sequent-ptx4.5.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v4.5.*'
-	CFLAGS="$CFLAGS -DSEQUENT=45 -Wc,-pw"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    *-sequent-ptx5.0.*)
-	DEF_WANTHSREGEX=yes
-	OS='SEQUENT DYNIX/ptx v5.0.*'
-	CFLAGS="$CFLAGS -DSEQUENT=50 -Wc,-pw"
-	LIBS="$LIBS -lsocket -lnsl -lc"
-	;;
-    *NEWS-OS*)
-	DEF_WANTHSREGEX=yes
-	OS='SONY NEWS-OS'
-	CFLAGS="$CFLAGS -DNEWSOS"
-	;;
-    *-riscix)
-	OS='Acorn RISCix'
-	CFLAGS="$CFLAGS -DRISCIX"
-	OPTIM="-O"
-	MAKE="make"
-	DEF_WANTHSREGEX=yes
-	;;
-    *-BeOS*)
-	PLATOSVER=`uname -r`
-        case "$PLATOSVER" in
-            5.0.4*)
-                OS="BeOS BONE"
-                LIBS="-lbind -lsocket -lbe -lroot"
-                CFLAGS="$CFLAGS -DBONE"
-                ;;
-            *)
-                OS='BeOS';
-	        CFLAGS="$CFLAGS -DBEOS"
-                ;;
-        esac
-	DEF_WANTHSREGEX=yes
-	;;
-    4850-*.*)
-	OS='NCR MP/RAS'
-	CFLAGS="$CFLAGS -DSVR4 -DMPRAS"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb"
-	;;
-    drs6000*)
-	OS='DRS6000'
-	CFLAGS="$CFLAGS -DSVR4"
-	DEF_WANTHSREGEX=yes
-	LIBS="$LIBS -lsocket -lnsl -lc -L/usr/ucblib -lucb"
-	;;
-    m88k-*-CX/SX|CYBER)
-	OS='Cyberguard CX/SX'
-	CFLAGS="$CFLAGS -D_CX_SX -Xa"
-	DEF_WANTHSREGEX=yes
-	CC='cc'
-	RANLIB='true'
-	;;
-    *-tandem-oss)
-	OS='Tandem OSS'
-	CFLAGS="-D_TANDEM_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
-	CC='c89'
-	;;
-    *-IBM-OS390*)
-       OS='OS390'
-       OSDIR='os/os390'
-       CC='c89'
-       CFLAGS="$CFLAGS -DOS390 -DCHARSET_EBCDIC -D_ALL_SOURCE"
-       DEF_WANTHSREGEX=yes
-       LIBS="$LIBS"
-       ;;
-    *-cygwin*)
-	OS='Cygwin'
-	OSDIR="os/cygwin"
-	CFLAGS="$CFLAGS -DCYGWIN"
-	DEF_WANTHSREGEX=yes
-	DBM_LIB="-lgdbm"
-	LIBS="$LIBS -lcrypt $DBM_LIB"
-	if [ "x$RULE_CYGWIN_WINSOCK" = "xyes" ]; then 
-	    CFLAGS="$CFLAGS -DCYGWIN_WINSOCK" 
-	    LIBS="$LIBS -lwsock32" 
-	fi 
-
-	;;
-    *atheos*)
-	DEF_WANTSREGEX=yes
-	OS='AtheOS'
-	CFLAGS="$CFLAGS -DATHEOS"
-	LIBS="$LIBS -lcrypt"
-	;;
-    *) # default: Catch systems we don't know about
-	OS='Unknown and unsupported OS'
-    	echo Sorry, but we cannot grok \"$PLAT\"
-	echo uname -m
-	uname -m
-	echo uname -r
-	uname -r
-	echo uname -s
-	uname -s
-	echo uname -v
-	uname -v
-	echo uname -X
-	uname -X
-	echo Ideally, read the file PORTING, do what it says, and send the
-	echo resulting patches to The Apache Group by filling out a report
-	echo form at http://bugs.apache.org/.  If you don\'t 
-	echo wish to do the port yourself, please submit this output rather 
-	echo than the patches. Thank you.
-	echo
-	echo Pressing on with the build process, but all bets are off.
-	echo Do not be surprised if it fails. If it works, and even
-	echo if it does not, please contact the above address.
-	echo
-	;;
-esac
-
-####################################################################
-## set this if we haven't
-##
-if [ "x${MAKE}" = "x" ]; then
-    MAKE='make'; export MAKE
-fi
-
-####################################################################
-## Show user what OS we came up with
-##
-echo " + configured for $OS platform"
-SUBDIRS="$OSDIR $SUBDIRS"
-
-####################################################################
-# Continue building the stub file
-# Set variables as soon as possible so that TestCompile can use them
-##
-echo >>Makefile.config "OSDIR=\$(SRCDIR)/$OSDIR"
-echo >>Makefile.config "INCDIR=\$(SRCDIR)/include"
-echo >>Makefile.config "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR)"
-echo >>Makefile.config "SHELL=$SHELL"
-echo >>Makefile.config "OS=$OS"
-
-####################################################################
-## And adjust/override WANTHSREGEX as needed
-##
-if [ "x$RULE_WANTHSREGEX" = "xdefault" ]; then
-	if [ "x$DEF_WANTHSREGEX" = "x" ]; then
-		RULE_WANTHSREGEX=yes
-	else
-		RULE_WANTHSREGEX=$DEF_WANTHSREGEX
-	fi
-fi
-
-####################################################################
-## Now we determine the C-compiler and optimization level
-## to use. Settings of CC and OPTIM in Configuration have
-## the highest precedence; next comes any settings from
-## the above "OS-specific" section. If still unset,
-## then we look for a known compiler somewhere in PATH
-##
-
-# First, look for a CC=<whatever> setting in Configuration (recall, we
-# copied these to Makefile.config)
-#
-# If $TCC is null, then no such line exists in Configuration
-#
-TCC=`egrep '^CC=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-if [ "x$TCC" = "x" ]; then
-    if [ "x$CC" = "x" ]; then
-	# At this point, CC is not set in Configuration or above, so we
-	# try to find one
-	for compilers in "gcc" "cc" "acc" "c89"
-	do
-	    lookedfor="$lookedfor $compilers"
-	    if ${SHELL} helpers/PrintPath -s $compilers; then
-		COMPILER="$compilers"
-		break
-	    fi
-	done
-	if [ "x$COMPILER" = "x" ]; then
-	    echo "Error: could not find any of these C compilers"
-	    echo " anywhere in your PATH: $lookedfor"
-	    echo "Configure terminated"
-	    exitcode=1
-	    exit 1
-	fi
-	CC=$COMPILER
-    fi
-    echo " + setting C compiler to $CC"
-fi
-
-####################################################################
-## Write the value of $CC to Makefile.config... We only do this
-## is not done already (ie: a 'CC=' line was in Configuration).
-## If there was an entry for it, then set $CC for our own internal
-## use.
-##
-if [ "x$TCC" = "x" ]; then
-    echo "CC=$CC" >> Makefile.config
-else
-    CC=$TCC
-fi
-
-####################################################################
-## Now check how we can _directly_ run the C pre-processor
-##
-TCPP=`egrep '^CPP=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-if [ "x$TCPP" != "x" ]; then
-    CPP=`CPP="$TCPP"; export CPP CC; ${SHELL} ./helpers/findcpp.sh`
-else
-    CPP=`export CC; ${SHELL} ./helpers/findcpp.sh`
-fi
-if [ "x$TCPP" = "x" ]; then
-    echo "CPP=$CPP" >> Makefile.config
-fi 
-echo " + setting C pre-processor to $CPP"
-
-####################################################################
-## Now check for existance of non-standard system header files
-## and start generation of the ap_config_auto.h header
-##
-AP_CONFIG_AUTO_H="include/ap_config_auto.h.new"
-echo "/*" >$AP_CONFIG_AUTO_H
-echo " *  ap_config_auto.h -- Automatically determined configuration stuff" >>$AP_CONFIG_AUTO_H
-echo " *  THIS FILE WAS AUTOMATICALLY GENERATED - DO NOT EDIT!" >>$AP_CONFIG_AUTO_H
-echo " */" >>$AP_CONFIG_AUTO_H
-echo "" >>$AP_CONFIG_AUTO_H
-echo "#ifndef AP_CONFIG_AUTO_H" >>$AP_CONFIG_AUTO_H
-echo "#define AP_CONFIG_AUTO_H" >>$AP_CONFIG_AUTO_H
-
-for uppercase in "tr [a-z] [A-Z]" "tr [:lower:] [:upper:]" "sed y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/"
-do
-  case `echo Apache | $uppercase` in
-    APACHE) break;;
-  esac
-done
-echo " + using \"$uppercase\" to uppercase"
-echo " + checking for system header files"
-CHECK_FOR_HEADERS="dlfcn.h dl.h bstring.h crypt.h unistd.h sys/resource.h sys/select.h sys/processor.h sys/param.h"
-(
-export CPP
-for header in $CHECK_FOR_HEADERS; do
-    echo "" >>$AP_CONFIG_AUTO_H
-    echo "/* check: #include <$header> */" >>$AP_CONFIG_AUTO_H
-    name="`echo $header | sed -e 's:/:_:g' -e 's:\.:_:g' | $uppercase`"
-    ${SHELL} ./helpers/checkheader.sh $header
-    if [ $? -eq 0 ]; then
-	echo "#ifndef HAVE_${name}" >>$AP_CONFIG_AUTO_H
-	echo "#define HAVE_${name} 1" >>$AP_CONFIG_AUTO_H
-	echo "#endif" >>$AP_CONFIG_AUTO_H
-    else
-	echo "#ifdef HAVE_${name}" >>$AP_CONFIG_AUTO_H
-	echo "#undef HAVE_${name}" >>$AP_CONFIG_AUTO_H
-	echo "#endif" >>$AP_CONFIG_AUTO_H
-    fi
-done
-)
-
-####################################################################
-# Special AIX 4.x support: need to check for sys/processor.h
-# to decide whether the Processor Binding can be used or not
-case "$PLAT" in
-    *-ibm-aix*)
-	CPP=$CPP ${SHELL} helpers/checkheader.sh sys/processor.h
-	if [ $? -eq 0 ]; then
-	    CFLAGS="$CFLAGS -DAIX_BIND_PROCESSOR"
-	fi
-	;;
-esac
-
-####################################################################
-## Look for OPTIM and save for later
-##
-TOPTIM=`egrep '^OPTIM=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TRANLIB=`egrep '^RANLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TTARGET=`egrep '^TARGET=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-
-####################################################################
-## Check for user provided flags for shared object support
-##
-TLD_SHLIB=`egrep '^LD_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TLDFLAGS_SHLIB=`egrep '^LDFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TLDFLAGS_MOD_SHLIB=`egrep '^LDFLAGS_MOD_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TLDFLAGS_SHLIB_EXPORT=`egrep '^LDFLAGS_SHLIB_EXPORT=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-TCFLAGS_SHLIB=`egrep '^CFLAGS_SHLIB=' Makefile.config | tail -1 | awk -F= '{print $2}'`
-
-####################################################################
-## Handle TARGET name
-##
-if [ "x$TTARGET" = "x" ]; then
-    TARGET=httpd
-    echo "TARGET=$TARGET" >> Makefile.config
-else
-    TARGET=$TTARGET
-fi
-if [ "x$TARGET" != "xhttpd" ]; then
-    echo " + using custom target name: $TARGET"
-    CFLAGS="$CFLAGS -DTARGET=\\\"$TARGET\\\""
-fi
-
-####################################################################
-## We adjust now CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT as
-## required.  For more platforms just add the required lines below.
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    LD_SHLIB="ld"
-    DEF_SHARED_CORE=no
-    DEF_SHARED_CHAIN=no
-    SHLIB_SUFFIX_NAME=so
-    SHMOD_SUFFIX_NAME=so
-    SHLIB_SUFFIX_DEPTH=all
-    SHLIB_EXPORT_FILES=no
-    SHARED_CORE_EP='lib$(TARGET).ep'
-    SHCORE_IMPLIB=''
-    case "$PLAT" in
-	*MPE/iX*)
-	    LD_SHLIB=ld	
-	    LDFLAGS_SHLIB='-b -a archive'
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    ;;
-	*-linux1)
-	    CFLAGS_SHLIB="-fpic"
-	    LDFLAGS_SHLIB="-Bshareable"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-rdynamic"
-	    ;;
-	*-linux2*)
-		LD_SHLIB="gcc"
-	    CFLAGS_SHLIB="-fpic"
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-rdynamic"
-	    SHLIB_SUFFIX_DEPTH=0
-	    ;;
-	*-freebsd2*)
-		LD_SHLIB="gcc"
-	    CFLAGS_SHLIB="-fpic"
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=2
-	    ;;
-	*-freebsd[3-9]*)
-		LD_SHLIB="gcc"
-	    CFLAGS_SHLIB="-fpic"
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    OBJFORMAT=`test -x /usr/bin/objformat && /usr/bin/objformat || echo aout` 
-	    if [ "x$OBJFORMAT" = "xelf" ]; then
-		LDFLAGS_SHLIB_EXPORT="-Wl,-E"
-		SHLIB_SUFFIX_DEPTH=0
-	    else
-		LDFLAGS_SHLIB_EXPORT=""
-		SHLIB_SUFFIX_DEPTH=2
-	    fi  
-	    ;;
-	*-openbsd*)
-	    PLATOSVERS=`echo $PLAT | sed 's/^.*openbsd//'`
-	    CFLAGS_SHLIB="-fPIC"
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=2
-	    case "$PLATOSVERS" in
-		[01].*|2.[0-7]|2.[0-7].*)
-		   LDFLAGS_SHLIB="-Bshareable"
-		;;
-		*)
-		   LD_SHLIB="gcc"
-		   LDFLAGS_SHLIB="-shared \$(CFLAGS_SHLIB)"
-		   if [ -z "`echo __ELF__ | ${CC} -E - | grep __ELF__`" ]; then
-		     LDFLAGS_SHLIB_EXPORT="-Wl,-E"
-		   fi
-		;;
-	    esac
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    ;;
-	*-netbsd*)
-	    CFLAGS_SHLIB="-fPIC -DPIC"
-	    if echo __ELF__ | ${CC} -E - | grep -q __ELF__; then
-		LDFLAGS_SHLIB="-Bshareable"
-		LDFLAGS_SHLIB_EXPORT=""
-	    else
-		LDFLAGS_SHLIB="-shared"
-		LDFLAGS_SHLIB_EXPORT="-Wl,-E"
-	    fi
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    SHLIB_SUFFIX_DEPTH=2
-	    ;;
-	*-bsdi3)
-	    LD_SHLIB="shlicc2"
-	    LDFLAGS_SHLIB="-r"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    ;;
-	*-bsdi)
-	    CFLAGS_SHLIB="-fPIC"
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-rdynamic"
-	    ;;
- 	*-next-openstep*)
- 	    LD_SHLIB='cc'
- 	    CFLAGS_SHLIB='-dynamic -fno-common'
- 	    LDFLAGS_SHLIB='-bundle -undefined warning'
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
- 	    LDFLAGS_SHLIB_EXPORT=''
- 	    SHLIB_SUFFIX_DEPTH=0
- 	    ;;
-	*-apple-rhapsody* | *-apple-darwin* )
-	    LD_SHLIB="cc"
-	    CFLAGS_SHLIB=""
-	    case "$PLAT" in
-		*-apple-rhapsody* | *-apple-darwin1.[0-3]* )
-		    LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -undefined suppress'
-		    ;;
-		* )
-		    LDFLAGS_SHLIB='$(EXTRA_LDFLAGS) -bundle -undefined suppress -flat_namespace'
-		    ;;
-	    esac
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=0
-	    ;;
-	*-solaris2*)
-	    if [ "x`$CC -v 2>&1 | grep gcc`" != "x" ]; then
-	        CFLAGS_SHLIB="-fPIC"
-	    else
-	        CFLAGS_SHLIB="-KPIC"
-	    fi
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=1
-	    ;;
-	*-sunos4*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fPIC" ;;
-		*/acc|acc ) CFLAGS_SHLIB="-pic" ;;
-	    esac
-	    LDFLAGS_SHLIB="-assert pure-text"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-sgi-irix32)
-	    case $CC in
-		*/gcc|gcc )
-		    CFLAGS_SHLIB="-fpic"
-		    N32FLAG=""
-		    ;;
-		*/cc|cc )
-		    CFLAGS_SHLIB="-KPIC"
-		    N32FLAG="-n32"
-		    ;;
-	    esac
-	    if [ "x$RULE_IRIXN32" = "xyes" ]; then
-		LDFLAGS_SHLIB="$N32FLAG -shared"
-	    else
-		LDFLAGS_SHLIB="-shared"
-	    fi
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-sgi-irix64)
-	    case $CC in
-		*/gcc|gcc )
-		    CFLAGS_SHLIB="-fpic"
-		    N32FLAG=""
-		    ;;
-		*/cc|cc )
-		    CFLAGS_SHLIB="-KPIC"
-		    N32FLAG="-n32"
-		    ;;
-	    esac
-	    if [ "x$RULE_IRIXN32" = "xyes" ]; then
-		LDFLAGS_SHLIB="$N32FLAG -shared"
-	    else
-		LDFLAGS_SHLIB="-shared"
-	    fi
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-sgi-irix)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-shared"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-dec-osf*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="" ;;
-	    esac
-	    LDFLAGS_SHLIB='-shared -expect_unresolved "*" -s'
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    ;;
-	*-unixware*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-Bdynamic -G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
-	    ;;
-	*-OpenUNIX*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-Bdynamic -G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
-	    LD_SHLIB=$CC
-	    ;;
-	 *-sco5*)
-	     case $CC in
-		 */gcc*|gcc* ) CFLAGS_SHLIB="-fpic" ;;
-		 */cc*|cc*   ) CFLAGS_SHLIB="-KPIC" ;;
-	     esac
-	     LDFLAGS_SHLIB="-G"
-	     LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	     SHLIB_SUFFIX_DEPTH=1
-	     ;;
-	*-sequent-ptx*)
-	    case $PLAT in
-	       *-sequent-ptx2*)
-	           ;;
-	       *-sequent-ptx4.0*)
-	           ;;
-	       *-sequent-ptx*)
-	           CFLAGS_SHLIB="-KPIC"
-	           LDFLAGS_SHLIB="-G"
-	           LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport"
-	           LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	           ;;
-	    esac
-	    ;;
-	RM*-siemens-sysv4*)
-	    # MIPS hosts can take advantage of the LDFLAGS_SHLIB_EXPORT switch
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-Blargedynsym"
-	    ;;
-	BS2000-siemens-sysv4*)
-	    CFLAGS_SHLIB="-K PIC"
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=0
-	    DEF_SHARED_CORE=no
-	    ;;
-	*-siemens-sysv4*)
-	    # Older SINIX machines must be linked as "shared core"-Apache
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*)          CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    SHLIB_SUFFIX_DEPTH=0
-	    DEF_SHARED_CORE=yes
-	    ;;
-	*-sysv4*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="-KPIC" ;;
-	    esac
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-	    DEF_SHARED_CORE=yes
-	    ;;
-	*-hp-hpux9.*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="+z" ;;
-	    esac
-	    LDFLAGS_SHLIB="-b"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-E -Wl,-B,deferred"
-	    SHLIB_SUFFIX_NAME=sl
-	    ;;
-	*-hp-hpux10.*|*-hp-hpux11.*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="+z" ;;
-	    esac
-	    LDFLAGS_SHLIB="-b"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-E -Wl,-B,deferred -Wl,+s"
-	    SHLIB_SUFFIX_NAME=sl
-	    ;;
-       ia64-ibm-aix*)
-           case $CC in
-               */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-               */cc|cc   ) CFLAGS_SHLIB="" ;;
-           esac
-           LDFLAGS_SHLIB=" -L /usr/lib/ia64l32 -G "
-           LDFLAGS_MOD_SHLIB="$LDFLAGS_SHLIB -bI:@libexecdir@/httpd.exp -lc"
-           LDFLAGS_SHLIB="$LDFLAGS_SHLIB -Bexport:\`echo \$@|sed -e 's:\.so\$\$:.exp:'\`"
-           LDFLAGS_SHLIB="$LDFLAGS_SHLIB -lc"
-           LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport:\$(SRCDIR)/support/httpd.exp"
-           SHLIB_EXPORT_FILES=yes
-           ;;
-	*-ibm-aix*)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-		*/cc|cc   ) CFLAGS_SHLIB="" ;;
-	    esac
-	    case $PLAT in
-		*-ibm-aix[45678]*)
-		    LDFLAGS_SHLIB="-H512 -T512 -bhalt:4 -bM:SRE -bnoentry"
-		    ;;
-		*-ibm-aix*)
-		    LDFLAGS_SHLIB="-H512 -T512 -bhalt:4 -bM:SRE -e _nostart"
-		    ;;
-	    esac
-	    LDFLAGS_MOD_SHLIB="$LDFLAGS_SHLIB -bI:@libexecdir@/httpd.exp -lc"
-	    LDFLAGS_SHLIB="$LDFLAGS_SHLIB -bI:\$(SRCDIR)/support/httpd.exp "
-	    LDFLAGS_SHLIB="$LDFLAGS_SHLIB -bE:\`echo \$@|sed -e 's:\.so\$\$:.exp:'\`"
-	    LDFLAGS_SHLIB="$LDFLAGS_SHLIB -lc"
-	    LDFLAGS_SHLIB_EXPORT="-Wl,-bE:\$(SRCDIR)/support/httpd.exp"
-	    SHLIB_EXPORT_FILES=yes
-	    ;;
-	*-*-powermax*)
-	    LD_SHLIB='cc'
-	    LDFLAGS_SHLIB="-Zlink=so"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT="-Zlink=dynamic -Wl,-Bexport"
-	    CFLAGS_SHLIB='-Zpic'
-	    ;;
-	*-OS/2*)
-	    DEF_SHARED_CORE=yes
-	    LDFLAGS_SHLIB="`echo $LDFLAGS|sed -e s/-Zexe//` -Zdll"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    SHLIB_SUFFIX_NAME=dll
-	    SHMOD_SUFFIX_NAME=dll
-	    SHLIB_SUFFIX_DEPTH=0
-	    LD_SHLIB=$CC
-	    LD_SHCORE_DEF="ApacheCoreOS2.def"
-	    LD_SHCORE_LIBS="$LIBS"
-	    LIBS_SHLIB='$(SRCDIR)/ApacheCoreOS2.a -lsocket -lbsd $(EXTRA_LIBS)'
-	    SHARED_CORE_EP=''
-	    SHCORE_IMPLIB='ApacheCoreOS2.a'
-	    OS_MODULE_INCLUDE='Makefile.OS2'
-	    ;;
-	*-dgux)
-	    case $CC in
-		*/gcc|gcc ) CFLAGS_SHLIB="-fpic" ;;
-	    esac
-	    DEF_SHARED_CORE=yes
-	    LDFLAGS_SHLIB="-G"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    LDFLAGS_SHLIB_EXPORT=""
-            ;;
-	*-cygwin*)
-	    DEF_SHARED_CORE=yes
-	    LDFLAGS_SHLIB="--export-all"
-	    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-	    SHLIB_SUFFIX_NAME=dll
-	    SHMOD_SUFFIX_NAME=dll
-	    SHLIB_SUFFIX_DEPTH=0
-	    LD_SHLIB='dllwrap'
-	    LD_SHCORE_DEF=''
-	    LD_SHCORE_LIBS="$LIBS"
-	    LIBS_SHLIB='$(EXTRA_LIBS)'
-	    SHARED_CORE_EP='lib$(TARGET).ep'
-	    SHCORE_IMPLIB='lib$(TARGET).dll'
-	    OS_MODULE_INCLUDE='$(SRCDIR)/modules/standard/Makefile.Cygwin'
-	    ;;
-	*)
-	    ##  ok, no known explict support for shared objects
-	    ##  on this platform, but we give not up immediately.
-	    ##  We take a second chance by guessing the compiler
-	    ##  and linker flags from the Perl installation
-	    ##  if it exists.
-	    PERL=
-	    for dir in `echo $PATH | sed -e 's/:/ /g'`
-	    do
-		if [ -f "$dir/perl5" ]; then
-		    PERL="$dir/perl5"
-		    break
-		fi
-		if [ -f "$dir/perl" ]; then
-		    PERL="$dir/perl"
-		    break
-		fi
-	    done
-	    if [ "x$PERL" != "x" ]; then
-		#   cool, Perl is installed on this platform...
-		if [ "x`$PERL -V:dlsrc 2>/dev/null | grep dlopen`" != "x" ]; then
-		    #   ...and actually uses the dlopen-style interface,
-		    #   so we can guess the flags from its knowledge
-		    CFLAGS_SHLIB="`$PERL -V:cccdlflags | cut -d\' -f2`"
-		    LDFLAGS_SHLIB="`$PERL -V:lddlflags | cut -d\' -f2`"
-		    LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB
-		    LDFLAGS_SHLIB_EXPORT="`$PERL -V:ccdlflags | cut -d\' -f2`"
-		    #   but additionally we have to inform the
-		    #   user that we are just guessing the flags
-		    echo ""
-		    echo "** WARNING: We have no explicit knowledge about shared object"
-		    echo "** support for your particular platform. But perhaps you have"
-		    echo "** luck: We were able to guess the compiler and linker flags"
-		    echo "** for creating shared objects from your Perl installation."
-		    echo "** If they actually work, please send the following information"
-		    echo "** for inclusion into later releases to new-httpd@apache.org or make"
-		    echo "** a suggestion report at http://bugs.apache.org/:"
-		    echo "**     PLATFORM=$PLAT"
-		    echo "**     CFLAGS_SHLIB=$CFLAGS_SHLIB"
-		    echo "**     LDFLAGS_SHLIB=$LDFLAGS_SHLIB"
-		    echo "**     LDFLAGS_SHLIB_EXPORT=$LDFLAGS_SHLIB_EXPORT"
-		    echo ""
-		fi
-	    fi
-	    ;;
-    esac
-fi
-
-####################################################################
-## Check if we really have some information to compile
-## the shared objects if SharedModule was used.
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    if [ "x$TCFLAGS_SHLIB"  = "x" -a "x$CFLAGS_SHLIB"  = "x"  -a \
-	 "x$TLDFLAGS_SHLIB" = "x" -a "x$LDFLAGS_SHLIB" = "x" ]; then
-	echo ""
-	echo "** FAILURE: Sorry, no shared object support available."
-	echo "** Either compile all modules statically (use AddModule instead"
-	echo "** of SharedModule in the Configuration file) or at least provide"
-	echo "** us with the appropriate compiler and linker flags via the"
-	echo "** CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT entries"
-	echo "** in the Configuration file."
-	echo ""
-	exit 1
-    fi
-fi
-
-####################################################################
-## Now we do some OS specific adjustments... for some OSs, we need
-## to adjust CFLAGS and/or OPTIM depending on which compiler we
-## are going to use. This is easy, since this can be gleamed from
-## Makefile.config
-##
-case "$OS" in
-    'ULTRIX')
-	case "$CC" in
-	    */cc|cc ) CFLAGS="$CFLAGS -std" ;;
-	esac
-	;;
-    'SCO 5')
-	case "$CC" in
-	    */cc|cc ) CFLAGS="$CFLAGS -K noinline" ;;
-	esac
-	;;
-    'HI-UX')
-	case "$CC" in
-	    */cc|cc )
-		CFLAGS="$CFLAGS -Aa -Ae -D_HIUX_SOURCE"
-		OPTIM=" "
-		TOPTIM=""
-	    ;;
-	esac
-	;;
-    'HP-UX'|'HP-UX 10'|'HP-UX 11')
-	case "$CC" in
-	    */cc|cc )
-		CFLAGS="$CFLAGS -Aa -Ae -D_HPUX_SOURCE"
-		OPTIM=" "
-		TOPTIM=""
-	    ;;
-	esac
-	;;
-    *IRIX-64*)
-	if [ "x$RULE_IRIXN32" = "xyes" ]; then
-	    case "$CC" in
-		*/cc|cc )
-		    CFLAGS="$CFLAGS -n32"
-		    LDFLAGS="$LDFLAGS -n32"
-		;;
-	    esac
-	fi
-	;;
-    *IRIX-32*)
-	if [ "x$RULE_IRIXN32" = "xyes" ]; then
-	    case "$CC" in
-		*/cc|cc )
-		    CFLAGS="$CFLAGS -n32"
-		    LDFLAGS="$LDFLAGS -n32"
-		;;
-	    esac
-	fi
-	;;
-    IBM?AIX?4.[123])
-	case $CC in
-	    */cc|cc ) 
-		CFLAGS="$CFLAGS -qnogenpcomp -qnousepcomp"
-	    ;;
-	esac
-	;;
-    'IBM AIX IA64')
-       case $CC in
-           */cc|cc )
-               CFLAGS="$CFLAGS -qnogenpcomp -qnousepcomp"
-           ;;
-       esac
-       ;;
-esac
-
-####################################################################
-## OK, now we can write OPTIM
-##
-if [ "x$TOPTIM" = "x" ]; then
-    echo "OPTIM=$OPTIM" >> Makefile.config
-fi
-
-####################################################################
-## OK, now handle RANLIB
-##
-if [ "x$RANLIB" = "x" ]; then
-    if [ "x$TRANLIB" != "x" ]; then
-	RANLIB=$TRANLIB
-    else
-	if ${SHELL} helpers/PrintPath -s ranlib; then
-	    RANLIB="ranlib"
-	else
-	    RANLIB="true"
-	fi
-    fi
-fi
-
-####################################################################
-## Now we do some general checks and some intelligent Configuration
-## control.
-
-# Use TestCompile to look for various LIBS
-case "$PLAT" in
-    *-linux*)
-	# newer systems using glibc 2.x need -lcrypt
-	if ${SHELL} helpers/TestCompile lib crypt; then
-	    LIBS="$LIBS -lcrypt"
-	fi
-	;;
-
-    *-dg-dgux*)
-	# R4.11MU02 requires -lsocket -lnsl ... no idea if it's earlier or
-	# later than what we already knew about.  PR#732
-	if ${SHELL} helpers/TestCompile lib nsl; then
-	    LIBS="$LIBS -lnsl"
-	    TLIB='-lnsl'
-	fi
-	if TLIB=$TLIB ${SHELL} helpers/TestCompile lib socket; then
-	    LIBS="-lsocket $LIBS"
-	fi
-	;;
-    BS2000*-siemens-sysv4*)
-	# Activate RISC compilation if this is a SR2000 machine
-	# (test written by Thomas Dorner <Thomas.Dorner@start.de>
-	# for perl5 port):
-	ISSR2000="`bs2cmd SHOW-SYSTEM-INFO | grep 'HSI-ATT'`"
-	case "$ISSR2000" in
-	    *TYPE*SR*)
-	        CFLAGS="$CFLAGS -Krisc_4000"
-	        ;;
-	esac
-	# Depending on the BS2000 OS and compiler/crte release,
-	# -lnsl may be available (or may be not).
-	# In standard SVR4 systems, -lsocket relies on some symbols
-	# from -lnsl, so the test for -lnsl must appear first.
-	if ${SHELL} helpers/TestCompile lib nsl; then
-	    LIBS="$LIBS -lnsl"
-	    TLIB='-lnsl'
-	fi
-	if TLIB=$TLIB ${SHELL} helpers/TestCompile lib socket; then
-	    LIBS="-lsocket $LIBS"
-	fi
-	# Auto-detect presence of libdl for dynamic loading
-	if ${SHELL} ./helpers/TestCompile lib dl; then
-	    if ${SHELL} ./helpers/TestCompile func dlopen; then
-		LIBS="$LIBS -ldl"
-		TLIB='-ldl'
-    	   fi
-	fi
-	# Test for the presence of the "union semun":
-	if TCADDINCL='#include <sys/types.h>
-#include <sys/ipc.h>
-#include <sys/sem.h>' ${SHELL} helpers/TestCompile sizeof "union semun"; then
-            : Okay, union semun is defined
-	else
-	    CFLAGS="$CFLAGS -DNEED_UNION_SEMUN"
-	fi
-	# Test for the presence of the _rini_struct typedef:
-	if TCADDINCL='#include <pwd.h>' ${SHELL} ./helpers/TestCompile sizeof _rini_struct; then
-	    CFLAGS="$CFLAGS -DHAVE_RINI_STRUCT"
-	fi
-	# Test whether initgroups() must be emulated:
-	if ${SHELL} helpers/TestCompile func initgroups; then
-	    :
-	else
-	    CFLAGS="$CFLAGS -DNEED_INITGROUPS"
-	fi
-	;;
-esac
-
-# SOCKS4 support:
-# We assume that if they are using SOCKS4, then they've
-# adjusted EXTRA_LIBS and/or EXTRA_LDFLAGS as required,
-# otherwise we assume "-L/usr/local/lib -lsocks"
-if [ "x$RULE_SOCKS4" = "xyes" ]; then
-    echo " + enabling SOCKS4 support"
-    CFLAGS="$CFLAGS -DSOCKS -DSOCKS4"
-    CFLAGS="$CFLAGS -Dconnect=Rconnect -Dselect=Rselect"
-    CFLAGS="$CFLAGS -Dgethostbyname=Rgethostbyname"
-    if [ "x`egrep '^EXTRA_L' Makefile.config | grep lsocks`" = "x" ]; then
-	LIBS="$LIBS -L/usr/local/lib -lsocks"
-    fi
-    case $PLAT in
-	*-solaris2* )
-	    LIBS="$LIBS -lresolv"
-	    ;;
-    esac
-fi
-
-# SOCKS5 support:
-# We assume that if they are using SOCKS5, then they've
-# adjusted EXTRA_LIBS and/or EXTRA_LDFLAGS as required,
-# otherwise we assume "-L/usr/local/lib -lsocks5"
-if [ "x$RULE_SOCKS5" = "xyes" ]; then
-    echo " + enabling SOCKS5 support"
-    CFLAGS="$CFLAGS -DSOCKS -DSOCKS5"
-    CFLAGS="$CFLAGS -Dconnect=SOCKSconnect -Dselect=SOCKSselect"
-    CFLAGS="$CFLAGS -Dgethostbyname=SOCKSgethostbyname -Dclose=SOCKSclose"
-    if [ "x`egrep '^EXTRA_L' Makefile.config | grep lsocks5`" = "x" ]; then
-	LIBS="$LIBS -L/usr/local/lib -lsocks5"
-    fi
-    case $PLAT in
-	*-solaris2* )
-	    LIBS="$LIBS -lresolv"
-	    ;;
-    esac
-fi
-
-# INET6 support.
-if [ "$RULE_INET6" = "yes" ]; then
-    echo " + enabling INET6 support"
-    CFLAGS="$CFLAGS -DINET6"
-    CFLAGS="$CFLAGS -Dss_family=__ss_family -Dss_len=__ss_len"
-    IPV6_STACKTYPE=KAME
-fi
-
-echo '#include <sys/types.h>' >testfunc.c
-echo '#include <sys/socket.h>' >>testfunc.c
-echo 'int testfunc(){ struct sockaddr sa; int i = sa.sa_len; };' >>testfunc.c
-rm -f testfunc.o
-eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
-if [ -f testfunc.o ]; then
-    echo " + you have sa_len in struct sockaddr."
-    CFLAGS="$CFLAGS -DHAVE_SOCKADDR_LEN"
-else
-    echo " + you don't have sa_len in struct sockaddr."
-fi
-rm -f testfunc.c testfunc.o
-
-echo '#include <sys/types.h>' >testfunc.c
-echo '#include <sys/socket.h>' >>testfunc.c
-echo 'struct sockaddr_storage sockaddr_storage;' >>testfunc.c
-rm -f testfunc.o
-eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
-if [ -f testfunc.o ]; then
-    echo " + assuming you have struct sockaddr_storage"
-else
-    CFLAGS="$CFLAGS -DNEED_SOCKADDR_STORAGE"
-    echo " + you need struct sockaddr_storage"
-fi
-rm -f testfunc.c testfunc.o
-
-echo '#include <sys/types.h>' >testfunc.c
-echo '#include <sys/socket.h>' >>testfunc.c
-echo 'int testfunc(){ socklen_t t; }' >>testfunc.c
-rm -f testfunc.o
-eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
-if [ ! -f testfunc.o ]; then
-    CFLAGS="$CFLAGS -Dsocklen_t=int"
-fi
-rm -f testfunc.c testfunc.o
-
-echo '#include <sys/types.h>' >testfunc.c
-echo '#include <sys/socket.h>' >>testfunc.c
-echo 'struct sockaddr_in sin;' >>testfunc.c
-echo 'int main(){ int i = sin.sin_len; }' >>testfunc.c
-rm -f testfunc.o
-eval "${MAKE-make} -f Makefile.config testfunc.o >/dev/null 2>/dev/null"
-if [ -f testfunc.o ]; then
-    CFLAGS="$CFLAGS -DSIN_LEN"
-fi
-rm -f testfunc.c testfunc.o
-
-
-####################################################################
-## Find out what modules we want and try and configure things for them
-## Module lines can look like this:
-##
-##  Module  name_module    some/path/mod_name[.[oa]]
-##  AddModule              some/path/mod_name[.[oa]]
-##
-## In both cases, the some/path can either be an arbitrary path (including
-## an absolute path), or a path like "modules/DIR", in which case we _might_
-## auto-generate a Makefile in modules/DIR (see later).
-##
-## The first case is the original style, where we give the module's
-## name as well as it's binary file location - either a .o or .a.
-##
-## The second format is new, and means we do not repeat the module
-## name, which is already part of the module source or definition.
-## The way we find the module name (and other optional information about
-## the module) is like this:
-##
-##  1 If extension is not given or is .c, assume .o was given and goto 3
-##  2 If extension is .module, go to D1
-##  3 If extension is .o, look for a corresponding .c file and if
-##      found, go to C1
-##  4 If no .c file was found, look for a .module file (Apache module
-##      definition file). If found, go to D1
-##  5 Assume module name is the "name" part of "mod_name", as in
-##      name_module.
-##
-## If a C file is found:
-##
-## C1 Look for module name given by an MODULE: line (e.g. MODULE: name_module)
-##      If found assume module contains a definition, and go to D1
-## C2 If not found, look for a module name given on the declaration of the
-##      module structure (e.g. module name_module).
-## C3 If neither given, go to 4 above.
-##
-## If a definition file is found, or a .c file includes a module definition:
-##
-## D1 Get the module name from the MODULE: name= line
-## D2 Get other module options (libraries etc). To be done later.
-##
-##
-## For now, we will convert the AddModule lines into Module format
-## lines, so the rest of Configure can do its stuff without too much
-## additional hackery. It would be nice to reduce the number of times
-## we have to awk the $tmpfile, though.
-
-## MODFILES contains a list of module filenames (could be .c, .o, .so, .a
-##    or .module files) from AddModule lines only
-## MODDIRS contains a list of subdirectories under 'modules' which
-##    contain modules we want to build from both AddModule and Module
-##    lines
-
-echo " + adding selected modules"
-
-MODFILES=`awk <$tmpfile '($1 == "AddModule" || $1 == "SharedModule") { printf "%s ", $2 }'`
-MODDIRS=`awk < $tmpfile '
-	($1 == "Module" && $3 ~ /^modules\//) {
-	    split ($3, pp, "/")
-	    if (! SEEN[pp[2]]) {
-		printf "%s ", pp[2]
-		SEEN[pp[2]] = 1
-	    }
-    	}
-	(($1 == "AddModule" || $1 == "SharedModule") && $2 ~ /^modules\//) { 
-	    split ($2, pp, "/")
-	    if (! SEEN[pp[2]]) {
-		printf "%s ", pp[2]
-		SEEN[pp[2]] = 1
-	    } 
-    	}'`
-MODDIRS_NO_SO=`awk < $tmpfile '
-	($1 == "Module" && $3 ~ /^modules\//) {
-	    split ($3, pp, "/")
-	    if (! SEEN[pp[2]]) {
-		printf "%s ", pp[2]
-		SEEN[pp[2]] = 1
-	    }
-    	}
-	(($1 == "AddModule") && $2 ~ /^modules\//) { 
-	    split ($2, pp, "/")
-	    if (! SEEN[pp[2]]) {
-		printf "%s ", pp[2]
-		SEEN[pp[2]] = 1
-	    } 
-    	}'`
-
-# Now autoconfigure each of the modules specified by AddModule.
-# Use tmpfile2 for the module definition file, and tmpfile3 for the
-# shell commands to be executed for this module.
-
-for modfile in $MODFILES ; do
-	rm -f $tmpfile2 $tmpfile3
-	modname=''
-
-	ext=`echo $modfile | sed 's/^.*\.//'`
-	modbase=`echo $modfile | sed 's/\.[^.]*$//'`
-	if [ "x$ext" = "x$modfile" ]; then ext=o; modbase=$modfile; modfile=$modbase.o; fi
-	if [ "x$ext" = "x" ] ; then ext=o; modbase=$modfile; fi
-	if [ "x$ext" = "xc" ] ; then ext=o; fi
-
-	# modbase is the path+filename without extension, ext is the
-	# extension given, or if none, o
-	if [ -r $modbase.module ] ; then
-		$CAT $modbase.module > $tmpfile2
-	else
-	    if [ -f $modbase.c ] ; then
-		# Guess module structure name in case there is no
-		# module definition in this file
-		modname=`egrep '^module .*;' $modbase.c | head -1 |\
-			sed 's/^module.*[ 	][ 	]*//' | \
-			sed 's/[ 	]*;[ 	]*$//'`
-		# Get any module definition part
-		if grep "MODULE-DEFINITION-" $modbase.c > /dev/null; then
-		$CAT $modbase.c | \
-		sed '1,/MODULE-DEFINITION-START/d;/MODULE-DEFINITION-END/,$d' \
-			> $tmpfile2
-		fi
-	    fi
-	fi		
-	if [ -r $tmpfile2 ] ; then
-		# Read a module definition from .module or .c
-		modname=`grep "Name:" $tmpfile2 | sed 's/^.*Name:[ 	]*//'`
-		if grep "ConfigStart" $tmpfile2 > /dev/null \
-		 && grep "ConfigEnd" $tmpfile2 > /dev/null; then
-		    sed '1,/ConfigStart/d;/ConfigEnd/,$d' $tmpfile2 > \
-		     $tmpfile3
-		    echo "    o $modname uses ConfigStart/End"
-		    if [ "x$RULE_PARANOID" = "xyes" ]; then
-			sed 's/^/>> /' $tmpfile3
-		    fi
-		    . ./$tmpfile3
-		fi
-		if grep "Libs:" $tmpfile2 > /dev/null; then
-		    modlibs1=`grep Libs: $tmpfile2 | sed 's/^.*Libs:[ 	]*//'`
-		    echo "    o $modbase adds libraries: $modlibs1"
-		    modlibs="$modlibs $modlibs1"
-		fi
-		rm -f $tmpfile2 $tmpfile3
-		if [ "x$ext" != "x$SHMOD_SUFFIX_NAME" ]; then
-		    ext=o
-		fi
-	fi
-	if [ "x$modname" = "x" ] ; then
-		modname=`echo $modbase | sed 's/^.*\///' | \
-			sed 's/^mod_//' | sed 's/^lib//' | sed 's/$/_module/'`
-	fi
-	if [ "x$ext" != "x$SHMOD_SUFFIX_NAME" ]; then
-		echo "Module $modname $modbase.$ext" >>$tmpfile
-	fi
-	#   optionally generate export file for some linkers 
-	if [ "x$ext" = "x$SHMOD_SUFFIX_NAME" -a "x$SHLIB_EXPORT_FILES" = "xyes" ]; then
-		echo "$modname" >$modbase.exp
-	fi
-done
-# $tmpfile now contains Module lines for all the modules we want
-
-####################################################################
-## Now HS's POSIX regex implementation if needed/wanted. We do it
-## now since AddModule may have changed it
-##
-if [ "x$RULE_WANTHSREGEX" = "xyes" ]; then
-    REGLIB="regex/libregex.a"
-    SUBDIRS="regex $SUBDIRS"
-    CFLAGS="$CFLAGS -DUSE_HSREGEX"
-fi
-
-####################################################################
-## Extended API (EAPI) support:
-##
-if [ "x$RULE_EAPI" = "x" ]; then
-    RULE_EAPI=`${SHELL} helpers/CutRule EAPI $file`
-fi
-if [ "x$RULE_EAPI" = "xyes" ]; then
-    echo " + enabling Extended API (EAPI)"
-    CFLAGS="$CFLAGS -DEAPI"
-    #   some vendor compilers are too restrictive
-    #   for our ap_hook and ap_ctx sources.
-    case "$OS:$CC" in
-        *IRIX-32*:*/cc|*IRIX-32*:cc )
-            CFLAGS="$CFLAGS -woff 1048,1110,1164"
-            ;;
-    esac
-    #   MM Shared Memory Library support for EAPI
-    if [ "x$EAPI_MM" = "x" ]; then
-        EAPI_MM=`egrep '^EAPI_MM=' $file | sed -n -e '$p' | awk -F= '{print $2}'`
-    fi
-    if [ "x$EAPI_MM" != "x" ]; then
-        case $EAPI_MM in
-            SYSTEM|/* ) ;;
-            * ) for p in . .. ../..; do
-                    if [ -d "$p/$EAPI_MM" ]; then
-                        EAPI_MM="`echo $p/$EAPI_MM | sed -e 's;/\./;/;g'`" 
-                        break
-                    fi
-                done
-                ;;
-        esac
-        if [ "x$EAPI_MM" = "xSYSTEM" ]; then
-            echo "   using MM library for EAPI: (system-wide)"
-            CFLAGS="$CFLAGS -DEAPI_MM"
-            __INCLUDES="`mm-config --cflags`"
-            if [ "x$__INCLUDES" != "x-I/usr/include" ]; then
-                INCLUDES="$INCLUDES $__INCLUDES"
-            fi
-            LDFLAGS="$LDFLAGS `mm-config --ldflags`"
-            LIBS="$LIBS `mm-config --libs`"
-        else
-            if [ -f "$EAPI_MM/.libs/libmm.a" -a -f "$EAPI_MM/mm.h" ]; then
-                echo "   using MM library: $EAPI_MM (source-tree only)"
-                case $EAPI_MM in
-                    /* ) ;;
-                    *  ) EAPI_MM="\$(SRCDIR)/$EAPI_MM" ;;
-                esac
-                CFLAGS="$CFLAGS -DEAPI_MM"
-                INCLUDES="$INCLUDES -I$EAPI_MM"
-                LDFLAGS="$LDFLAGS -L$EAPI_MM/.libs"
-                LIBS="$LIBS -lmm"
-            elif [ -f "$EAPI_MM/bin/mm-config" ]; then
-                echo "   using MM library: $EAPI_MM (installed)"
-                CFLAGS="$CFLAGS -DEAPI_MM"
-                INCLUDES="$INCLUDES `$EAPI_MM/bin/mm-config --cflags`"
-                LDFLAGS="$LDFLAGS `$EAPI_MM/bin/mm-config --ldflags`"
-                LIBS="$LIBS `$EAPI_MM/bin/mm-config --libs`"
-            else
-                echo "Configure:Error: Cannot find MM library under $EAPI_MM" 1>&2
-                exit 1
-            fi
-        fi
-    fi
-fi
-
-
-####################################################################
-## Add in the Expat library if needed/wanted.
-##
-
-# set the default, based on whether expat-lite is bundled. if it is present,
-# then we can always include expat.
-if [ "x$RULE_EXPAT" = "xdefault" ]; then
-    if [ -d ./lib/expat-lite/ ]; then
-        RULE_EXPAT=yes
-    else
-        RULE_EXPAT=no
-    fi
-fi
-
-if [ "x$RULE_EXPAT" = "xyes" ]; then
-    if ${SHELL} ./helpers/TestCompile lib expat; then
-        echo " + using system Expat"
-        LIBS="$LIBS -lexpat"
-    else
-        if [ ! -d ./lib/expat-lite/ ]; then
-            echo "ERROR: RULE_EXPAT set to \"yes\" but is not available."
-	    exit 1
-        fi
-        echo " + using builtin Expat"
-        EXPATLIB="lib/expat-lite/libexpat.a"
-        APLIBDIRS="expat-lite $APLIBDIRS"
-        CFLAGS="$CFLAGS -DUSE_EXPAT -I\$(SRCDIR)/lib/expat-lite"
-    fi
-fi
-
-####################################################################
-## Now the SHARED_CHAIN stuff
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    if [ "x$RULE_SHARED_CHAIN" = "xdefault" ] ; then
-	RULE_SHARED_CHAIN=$DEF_SHARED_CHAIN
-    fi
-    if [ "x$RULE_SHARED_CHAIN" = "xyes" ]; then
-	echo " + enabling DSO files to be linked against others"
-	#   determine libraries which can be safely linked
-	#   to our DSO files, i.e. PIC libraries and shared libraries
-	extra_ldflags="`grep EXTRA_LDFLAGS= Makefile.config`"
-	extra_libs="`grep EXTRA_LIBS= Makefile.config`"
-	eval "`${SHELL} helpers/slo.sh $LDFLAGS $LIBS $extra_ldflags $extra_libs`"
-	LIBS_SHLIB="$SLO_DIRS_PIC $SLO_LIBS_PIC $SLO_DIRS_DSO $SLO_LIBS_DSO"
-    fi
-fi
-
-####################################################################
-## Now the SHARED_CORE stuff
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    if [ "x$RULE_SHARED_CORE" = "xdefault" ] ; then
-	RULE_SHARED_CORE=$DEF_SHARED_CORE
-    fi
-    if [ "x$RULE_SHARED_CORE" = "xyes" ]; then
-	DSO_STRING="DSO"
-	if [ "$OS" = "Cygwin" ]; then
-	    DSO_STRING="DLL"
-	fi
-	echo " + enabling generation of Apache core as $DSO_STRING"
-	#    shuffle compiler flags from shlib variant to standard
-	CFLAGS="$CFLAGS $CFLAGS_SHLIB"
-	CFLAGS_SHLIB=""
-	#    indicate that Rule SHARED_CORE is active
-	CFLAGS="$CFLAGS -DSHARED_CORE"
-	#    select the special subtarget for shared core generation
-	SUBTARGET=target_shared
-	#    determine additional suffixes for libhttpd.so
-	V=1 R=3 P=29
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then
-	    SHLIB_SUFFIX_LIST=""
-	fi
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "x1" ]; then
-	    SHLIB_SUFFIX_LIST="$V"
-	fi
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "x2" ]; then
-	    SHLIB_SUFFIX_LIST="$V.$R"
-	fi
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "x3" ]; then
-	    SHLIB_SUFFIX_LIST="$V.$R.$P"
-	fi
-	if [ "x$SHLIB_SUFFIX_DEPTH" = "xall" ]; then
-	    SHLIB_SUFFIX_LIST="$V $V.$R $V.$R.$P"
-	fi
-    fi
-fi
-
-####################################################################
-## Set the value of the shared libary flags, if they aren't explicitly
-## set in the configuration file
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    if [ "x$TCFLAGS_SHLIB" = "x" ]; then
-	echo "CFLAGS_SHLIB=$CFLAGS_SHLIB -DSHARED_MODULE" >> Makefile.config
-    fi
-    if [ "x$TLD_SHLIB" = "x" ]; then
-	echo "LD_SHLIB=$LD_SHLIB" >> Makefile.config
-    fi
-    if [ "x$TLDFLAGS_SHLIB" = "x" ]; then
-	echo "EXTRA_LDFLAGS_SHLIB=$EXTRA_LDFLAGS_SHLIB" >> Makefile.config
-	echo "LDFLAGS_SHLIB=$LDFLAGS_SHLIB $EXTRA_LDFLAGS_SHLIB" >> Makefile.config
-    fi
-    if [ "x$TLDFLAGS_SHLIB_EXPORT" = "x" ]; then
-	echo "LDFLAGS_SHLIB_EXPORT=$LDFLAGS_SHLIB_EXPORT" >> Makefile.config
-    fi
-    if [ "x$TLDFLAGS_MOD_SHLIB" = "x" ]; then
-	echo "LDFLAGS_MOD_SHLIB=$LDFLAGS_MOD_SHLIB" >> Makefile.config
-    fi
-    echo "LD_SHCORE_DEF=$LD_SHCORE_DEF" >> Makefile.config
-    echo "LD_SHCORE_LIBS=$LD_SHCORE_LIBS" >> Makefile.config
-    echo "SHARED_CORE_EP=$SHARED_CORE_EP" >> Makefile.config
-    echo "SHCORE_IMPLIB=$SHCORE_IMPLIB" >> Makefile.config
-fi
-
-####################################################################
-## Now create modules.c
-##
-$CAT > $awkfile <<'EOFM'
-    BEGIN {
-	modules[n++] = "core"
-	pmodules[pn++] = "core"
-    } 
-    /^Module/ { modules[n++] = $2 ; pmodules[pn++] = $2 } 
-    /^%Module/ { pmodules[pn++] = $2 } 
-    END {
-	print "/*"
-	print " * modules.c --- automatically generated by Apache"
-	print " * configuration script.  DO NOT HAND EDIT!!!!!"
-	print " */"
-	print ""
-	print "#include \"httpd.h\""
-	print "#include \"http_config.h\""
-	print ""
-	for (i = 0; i < pn; ++i) {
-	    printf ("extern module %s_module;\n", pmodules[i])
-	}
-	print ""
-	print "/*"
-	print " *  Modules which implicitly form the"
-	print " *  list of activated modules on startup,"
-	print " *  i.e. these are the modules which are"
-	print " *  initially linked into the Apache processing"
-	print " *  [extendable under run-time via AddModule]"
-	print " */"
-	print "module *ap_prelinked_modules[] = {"
-	for (i = 0; i < n; ++i) {
-	    printf "  &%s_module,\n", modules[i]
-	}
-	print "  NULL"
-	print "};"
-	print ""
-	print "/*"
-	print " *  Modules which initially form the"
-	print " *  list of available modules on startup,"
-	print " *  i.e. these are the modules which are"
-	print " *  initially loaded into the Apache process"
-	print " *  [extendable under run-time via LoadModule]"
-	print " */"
-	print "module *ap_preloaded_modules[] = {"
-	for (i = 0; i < pn; ++i) {
-	    printf "  &%s_module,\n", pmodules[i]
-	}
-	print "  NULL"
-	print "};"
-	print ""
-    }
-EOFM
-$CAT $tmpfile | sed 's/_module//' | awk -f $awkfile > modules.c 
-
-####################################################################
-## figure out which module dir require use to autocreate a Makefile.
-## for these dirs we must not list the object files from the AddModule
-## lines individually since the auto-generated Makefile will create
-## a library called libMODDIR.a for it (MODDIR is the module dir
-## name). We create two variable here:
-##
-##   AUTODIRS   Space separated list of module directories, relative to
-##              src
-##   AUTOLIBS   Space separated list of auto-generated library files
-##
-for moddir in $MODDIRS 
-do
-	if [ -f modules/$moddir/Makefile.tmpl ] ; then
-		AUTODIRS="$AUTODIRS modules/$moddir"
-	fi
-done
-for moddir in $MODDIRS_NO_SO
-do
-	if [ -f modules/$moddir/Makefile.tmpl ] ; then
-		AUTOLIBS="$AUTOLIBS modules/$moddir/lib$moddir.a"
-	fi
-done
-
-####################################################################
-## Add the module targets to the Makefile. Do not add individual object
-## targets for auto-generated directories.
-##
-$CAT > $awkfile <<EOF1
-    BEGIN {
-	split ("$AUTODIRS", tmp, " ")
-EOF1
-$CAT >> $awkfile <<'EOF2'
-	for ( key in tmp ) {
-	    autodirs[tmp[key]] = 1
-	}
-     }
-    /^Module/ { modules[n++] = $3 }
-    /^%Module/ { modules[n++] = $3 }
-    END {
-	print "MODULES= \\"
-	for (i = 0; i < n; ++i) {
-	    split (modules[i], pp, "/")
-	    dir = pp[1] "/" pp[2] 
-	    inthere = 0
-	    for ( tdir in autodirs ) {
-		if (tdir == dir) 
-		    inthere = 1
-	    }
-	    if (inthere == 1)
-		continue
-	    else
-		printf ("  %s \\\n", modules[i])
-	}
-    }
-EOF2
-awk -f $awkfile >>Makefile <$tmpfile
-
-####################################################################
-## Now add the auto-generated library targets.  Need to use awk so we
-## don't hang a continuation on the last line.
-##
-$CAT > $awkfile <<'EOF4'
-    {
-	z = 0
-	split ($0, libs)
-	for ( lib in libs ) {
-	    if (z != 0)
-		printf (" \\\n")
-	    z++
-	    printf ("  %s", libs[lib])
-	}
-    }
-    END {
-	printf ("\n")
-    }
-EOF4
-echo "$AUTOLIBS" | awk -f $awkfile >>Makefile
-echo "" >>Makefile
-
-####################################################################
-## Now add the target for the main Makefile
-##
-echo "SUBDIRS=$SUBDIRS lib modules" >> Makefile
-echo "SUBTARGET=$SUBTARGET" >> Makefile
-echo "SHLIB_SUFFIX_NAME=$SHLIB_SUFFIX_NAME" >> Makefile
-echo "SHMOD_SUFFIX_NAME=$SHMOD_SUFFIX_NAME" >> Makefile
-echo "SHLIB_SUFFIX_LIST=$SHLIB_SUFFIX_LIST" >> Makefile
-echo "SHLIB_EXPORT_FILES=$SHLIB_EXPORT_FILES" >> Makefile
-echo "" >> Makefile
-
-####################################################################
-## Determine GNU Make variant because
-## it uses ugly looking built-in directory walk messages
-## while we are already using our own messages
-##
-if [ "x`${MAKE} -v 2>/dev/null | grep 'GNU Make'`" = "x" ]; then
-	MFLAGS_STATIC=
-else
-	MFLAGS_STATIC=--no-print-directory
-fi
-
-####################################################################
-## Continue building Makefile.config. Fill in all entries except
-## for $LIBS at this point. This implies that anything below
-## can only alter $LIBS
-##
-echo "CFLAGS1=$CFLAGS" >>Makefile.config
-echo "INCLUDES1=$INCLUDES" >>Makefile.config
-echo "LIBS_SHLIB=$LIBS_SHLIB" >>Makefile.config
-echo "LDFLAGS1=$LDFLAGS" >>Makefile.config
-echo "MFLAGS_STATIC=$MFLAGS_STATIC" >>Makefile.config
-echo "REGLIB=$REGLIB" >>Makefile.config
-echo "EXPATLIB=$EXPATLIB" >>Makefile.config
-echo "RANLIB=$RANLIB" >>Makefile.config
-
-####################################################################
-## Some OS-related stuff for the DSO mechanism:
-## Finding the vendor DSO functions
-##
-if [ "x$using_shlib" = "x1" ] ; then
-    DL_LIB=""
-    case $PLAT in
-       ia64-ibm-aix* )
-           DL_LIB="-ldl"
-           ;;
-	*-ibm-aix* )
-	    DL_LIB="-lld"
-	    ;;
-	*-sequent-ptx* )
-	    case $PLAT in
-	        *-sequent-ptx2*)
-	            ;;
-	        *-sequent-ptx4.0*)
-	            ;;
-	        *-sequent-ptx*)
-	            DL_LIB="-ldl"
-	            ;;
-	    esac
-	    ;;
-	*-hp-hpux*)
-	    if ${SHELL} helpers/TestCompile func shl_load; then
-		:
-	    else
-		if ${SHELL} helpers/TestCompile lib dld; then
-		    DL_LIB="-ldld"
-		fi
-	    fi
-	    ;;
-	* )
-	    if ${SHELL} helpers/TestCompile func dlopen; then
-		:
-	    else
-		if ${SHELL} helpers/TestCompile lib dl; then
-		    DL_LIB="-ldl"
-		fi
-	    fi
-	    ;;
-    esac
-    if [ "x$DL_LIB" != "x" ]; then
-	LIBS="$LIBS $DL_LIB"
-	echo " + using $DL_LIB for vendor DSO support"
-    fi
-fi
-
-####################################################################
-## More building ap_config_auto.h
-##
-## Check for availability of isinf() and isnan()
-##
-echo "" >>$AP_CONFIG_AUTO_H
-echo "/* determine: isinf() found in libc */ " >>$AP_CONFIG_AUTO_H
-echo "#ifndef HAVE_ISINF" >>$AP_CONFIG_AUTO_H
-echo "#define HAVE_ISINF 1" >>$AP_CONFIG_AUTO_H
-echo "#endif" >>$AP_CONFIG_AUTO_H
-
-echo "" >>$AP_CONFIG_AUTO_H
-echo "/* determine: isnan() found in libc */ " >>$AP_CONFIG_AUTO_H
-echo "#ifndef HAVE_ISNAN" >>$AP_CONFIG_AUTO_H
-echo "#define HAVE_ISNAN 1" >>$AP_CONFIG_AUTO_H
-echo "#endif" >>$AP_CONFIG_AUTO_H
-
-##
-## Now compare the sizes of off_t to long
-##
-echo "" >>$AP_CONFIG_AUTO_H
-echo "/* sizeof(off_t) == sizeof(quad_t) on OpenBSD */" >>$AP_CONFIG_AUTO_H
-echo "#ifndef AP_OFF_T_IS_QUAD" >>$AP_CONFIG_AUTO_H
-echo "#define AP_OFF_T_IS_QUAD 1" >>$AP_CONFIG_AUTO_H
-echo "#endif" >>$AP_CONFIG_AUTO_H
-
-####################################################################
-## Finish building ap_config_auto.h
-##
-## We pick out all -D's from CFLAGS and insert them as defines into
-## ap_config_auto.h so they are available to external modules needing to
-## include Apache header files.
-##
-TEXTRA_CFLAGS=`egrep '^EXTRA_CFLAGS=' Makefile.config | tail -1 |\
-	       sed -e 's;^EXTRA_CFLAGS=;;' -e 's;\`.*\`;;'`
-tmpstr=`echo $CFLAGS $TEXTRA_CFLAGS |\
-	sed -e 's;[ 	]\([+-]\);!\1;g' -e 's/\([^\\\]\)"/\1/g' -e 's/\\\"/\"/g'`
-OIFS="$IFS"
-IFS='!'
-for cflag in $tmpstr; do
-    echo "$cflag" >>$tmpconfig
-done
-IFS="$OIFS"
-awk >>$AP_CONFIG_AUTO_H <$tmpconfig '
-    /^-D.*/ {
-	i = index($0, "=")
-	if (i > 0) {
-	    define = substr($0, 3, i-3)
-	    value  = substr($0, i+1, length($0)-i)
-	}
-	else {
-	    define = substr($0, 3, length($0)-2)
-	    value  = "1";
-	}
-	printf ("\n/* build flag: %s */\n", $0)
-	printf ("#ifndef %s\n#define %s %s\n#endif\n", define, define, value)
-    }
-'
-
-# finish header file
-echo "" >>$AP_CONFIG_AUTO_H
-echo "#endif /* AP_CONFIG_AUTO_H */" >>$AP_CONFIG_AUTO_H
-
-####################################################################
-## Finish creating the Makefile.config file
-##
-echo "LIBS1=$modlibs $LIBS">> Makefile.config
-echo "##" >> Makefile.config
-echo "##  (End of automatically generated section)">> Makefile.config
-echo "##" >> Makefile.config
-echo "" >> Makefile.config
-
-####################################################################
-## Use TestCompile to see if $(CC) is ANSI and as a "final" sanity
-## check
-##
-
-if [ "x$OS" = "xTPF" ] ; then
-    :
-else
-   echo " + doing sanity check on compiler and options"
-   if ${SHELL} ./helpers/TestCompile $vflag sanity; then
-      :
-   else
-      if [ "x$vflag" = "x-v" ] ; then
-         WHEREERR="above"
-      else
-         WHEREERR="below"
-      fi
-      echo "** A test compilation with your Makefile configuration"
-      echo "** failed.  The $WHEREERR error output from the compilation"
-      echo "** test will give you an idea what is failing. Note that"
-      echo "** Apache requires an ANSI C Compiler, such as gcc. "
-      echo ""
-      echo "======== Error Output for sanity check ========"
-      (${SHELL} ./helpers/TestCompile -v sanity) 2>&1
-      echo "============= End of Error Report ============="
-      echo ""
-      echo " Aborting!"
-      exitcode=1
-      exit 1
-   fi
-fi
-
-####################################################################
-## Now (finish) creating the makefiles
-##
-
-# ./Makefile
-$CAT Makefile.config >> Makefile
-sed -e "s#@@Configuration@@#$file#" "Makefile.tmpl" >>Makefile
-
-# xxx/Makefile
-MAKEDIRS="support $SUBDIRS"
-for dir in $MAKEDIRS ; do
-	echo Creating Makefile in $dir
-	${SHELL} helpers/mfhead $dir $file > $dir/Makefile
-	$CAT Makefile.config $dir/Makefile.tmpl |\
-	sed -e "s:^SRCDIR=.*:SRCDIR=`${SHELL} helpers/fp2rp $dir`:" >> $dir/Makefile
-done
-
-####################################################################
-## Now create the lib/Makefile
-##
-${SHELL} helpers/mfhead modules $file > lib/Makefile
-$CAT Makefile.config | sed -e 's:^SRCDIR=.*:SRCDIR=..:' >> lib/Makefile
-
-$CAT << EOF >> lib/Makefile
-APLIBS=$APLIBDIRS
-CFLAGS=\$(OPTIM) \$(CFLAGS1) \$(EXTRA_CFLAGS)
-
-default: all
-
-all clean distclean depend :: 
-	@for i in \$(APLIBS) ""; do \\
-	  if [ "x\$\$i" != "x" ]; then \\
-	    echo "===> \$(SDP)lib/\$\$i"; \\
-		(cd \$\$i && \$(MAKE) \$(MFLAGS_STATIC) SDP='\$(SDP)' CC='\$(CC)' AUX_CFLAGS='\$(CFLAGS)' RANLIB='\$(RANLIB)' \$@) || exit 1; \\
-		echo "<=== \$(SDP)lib/\$\$i"; \\
-	  fi; \\
-	done
-
-EOF
-
-####################################################################
-## Now create the lib/xxx/Makefile
-##
-
-for dir in $APLIBDIRS ; do
-	echo Creating Makefile in lib/$dir
-	${SHELL} helpers/mfhead lib/$dir $file > lib/$dir/Makefile
-	$CAT Makefile.config lib/$dir/Makefile.tmpl |\
-	sed -e "s:^SRCDIR=.*:SRCDIR=`${SHELL} helpers/fp2rp lib/$dir`:" >> lib/$dir/Makefile
-done
-
-####################################################################
-## Now create the modules/Makefile
-##
-${SHELL} helpers/mfhead modules $file > modules/Makefile
-$CAT Makefile.config | sed -e 's:^SRCDIR=.*:SRCDIR=..:' >> modules/Makefile
-
-$CAT << EOF >> modules/Makefile
-MODULES=$MODDIRS
-CFLAGS=\$(OPTIM) \$(CFLAGS1) \$(EXTRA_CFLAGS)
-
-default: all
-
-all clean distclean depend :: 
-	@for i in \$(MODULES) ""; do \\
-	  if [ "x\$\$i" != "x" ]; then \\
-	    echo "===> \$(SDP)modules/\$\$i"; \\
-		case "x\$(OS)" in \\
-		  xOS390 | xTPF) (cd \$\$i && \$(MAKE) SDP='\$(SDP)' OPTIM='\$(OPTIM)' \$@) || exit 1;; \\
-		              *) (cd \$\$i && \$(MAKE) \$(MFLAGS_STATIC) SDP='\$(SDP)' CC='\$(CC)' AUX_CFLAGS='\$(CFLAGS)' RANLIB='\$(RANLIB)' OPTIM='\$(OPTIM)' \$@) || exit 1;; \\
-		esac; \\
-		echo "<=== \$(SDP)modules/\$\$i"; \\
-	  fi; \\
-	done
-
-EOF
-
-####################################################################
-## Now create modules/xxx/Makefile
-##
-for moddir in $AUTODIRS ; do
-	echo "Creating Makefile in $moddir"
-
-    ${SHELL} helpers/mfhead $moddir $file > $moddir/Makefile
-	$CAT Makefile.config |\
-	sed -e "s:^SRCDIR=.*:SRCDIR=`${SHELL} helpers/fp2rp $moddir`:" >> $moddir/Makefile
-	$CAT << 'EOF' >> $moddir/Makefile
-##
-##  Default Makefile options from Configure script
-##  (Begin of automatically generated section)
-##
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-INCDIR=$(SRCDIR)/include
-EOF
-	if [ -f $moddir/Makefile.libdir ]; then
-	    basedir=`echo $moddir | sed 's@^[^/]*/@@g'`
-	    awk >> $moddir/Makefile < $tmpfile '
-		($2 ~ /^modules\/'$basedir'\//) {
-		    split($2, pp, "/");
-		    split(pp[3], parts, ".");
-		    libext=parts[2];
-		}
-		END { 
-		    printf "LIBEXT=%s\n", libext;
-		}'
-	    # it's responsible for the rest of its Makefile...
-	else
-	    basedir=`echo $moddir | sed 's@^[^/]*/@@g'`
-	    OBJS=`awk < $tmpfile '
-		($1 == "Module" && $3 ~ /^modules\/'$basedir'\//) { 
-		    split ($3, pp, "/")
-		    printf "%s ", pp[3] 
-		} 
-		'`
-	    echo "OBJS=$OBJS" >> $moddir/Makefile
-	    if [ "x$OBJS" != "x" ]; then
-		echo "LIB=lib$basedir.a" >> $moddir/Makefile
-	    else
-		#   essential!
-		echo "LIB=" >> $moddir/Makefile
-	    fi
-	    awk >> $moddir/Makefile < $tmpfile '
-	    ($1 == "SharedModule" && $2 ~ /^modules\/'$basedir'\//) {
-		split($2, pp, "/")
-		shlibs=shlibs " " pp[3]
-		so=pp[3]
-		split(pp[3], parts, ".")
-		base=parts[1]
-		objspic=objspic " " base ".lo"
-	    }
-	    END { 
-		printf "SHLIBS=%s\n", shlibs;
-		printf "OBJS_PIC=%s\n", objspic;
-	    }'
-
-	    $CAT << 'EOF' >> $moddir/Makefile
-
-all: lib shlib
-
-lib:	$(LIB) 
-
-shlib:	$(SHLIBS)
-
-dummy $(LIB): $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-.SUFFIXES: .o .so .dll
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-.c.so:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $(CFLAGS_SHLIB) $< && mv $*.o $*.lo
-	$(LD_SHLIB) $(LDFLAGS_SHLIB) -o $@ $*.lo $(LIBS_SHLIB)
-
-clean:
-	rm -f $(LIB) $(OBJS) $(SHLIBS) $(OBJS_PIC)
-
-distclean: clean
-	rm -f Makefile
-
-#   NOT FOR END USERS!
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-		   -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-EOF
-	fi
-
-	if [ "x$OS_MODULE_INCLUDE" != "x" ]; then
-		echo "include $OS_MODULE_INCLUDE" >> $moddir/Makefile
-	fi
-
-	$CAT << 'EOF' >> $moddir/Makefile
-##
-##  (End of automatically generated section)
-##
-EOF
-    $CAT >> $moddir/Makefile < $moddir/Makefile.tmpl
-
-done
-
diff --git a/usr.sbin/httpd/src/INSTALL b/usr.sbin/httpd/src/INSTALL
deleted file mode 100644
index 73c91ccdb2d..00000000000
--- a/usr.sbin/httpd/src/INSTALL
+++ /dev/null
@@ -1,169 +0,0 @@
-
-  A P A C H E   I N S T A L L A T I O N
-
-  NOTE: Windows users please read the documents ../README-WIN.TXT and
-        http://httpd.apache.org/docs/windows.html, (or the
-        htdocs/manual/windows.html file included with Apache).  
-        The following applies only to Unix users.
-
-  Installing the Apache 1.3 HTTP server with APACI
-  ================================================
-
-  For the out-of-the-box build and installation through the new Apache
-  Autoconf-style Interface (APACI) see the file INSTALL in the parent
-  directory. This document describes only the manual way of installing Apache.
-
-  Installing the Apache 1.3 HTTP server manually
-  ==============================================
-
-  Unless you grabbed a binary distribution of Apache, you must compile it for
-  your specific platform.  In order to compile it, you must set compile-time
-  options (in particular, system type) for your system by editing a
-  Configuration file, run a script which generates a Makefile and a small
-  piece of C code, and then compile it.
-
-  Compilation
-  -----------
-
-  Building the Apache Web server absolutely REQUIRES an ANSI C-compliant
-  compiler.  If your compiler does not meet this requirement, don't even
-  bother trying to build the server; it won't work.  The server may or may not
-  build correctly with a C++ compiler.  Making it compilable with C++ is not a
-  goal at this point, so if it doesn't work please use a normal ANSI C
-  compiler instead.
-
-  This release of Apache supports the notion of "optional modules".  However,
-  the server has to know which modules are compiled into it, in order for
-  those modules to be effective; this requires generation of a short bit of
-  code ("modules.c") which simply has a list of them.
-
-  It is also necessary to choose the correct options for your platform.
-
-  To do this:
-
-  1) Copy the file "Configuration.tmpl" to "Configuration" and then edit
-     "Configuration".  This contains the list and settings of various "Rules"
-     and an additional section at the bottom which lists the modules which
-     have been compiled in, and also names the files containing them.  You
-     will need to:
-
-     a) Adjust the Rules and EXTRA_CFLAGS|LIBS|LDFLAGS|INCLUDES if
-        you feel so inclined.
-
-     b) Uncomment lines corresponding to those optional modules you wish to
-        include (among the Module lines at the bottom of the file), or add new
-        lines corresponding to custom modules you have written.  (See API.html
-        for preliminary docs on how to do that).    
-
-     Note that DBM auth has to be explicitly configured in, if you want it ---
-     just uncomment the corresponding line.
-
-  2) Run the "Configure" script:
-
-     $ ./Configure
-     Using config file: Configuration
-     Creating Makefile
-      + configured for <whatever> platform
-      + setting C compiler to <whatever>
-      + Adding selected modules
-      + doing sanity check on compiler and options
-     Creating Makefile in support
-     Creating Makefile in main
-     Creating Makefile in os/unix
-     Creating Makefile in modules/standard
-     $ _
-
-     This generates new versions of the Makefiles and of modules.c.  (If you
-     want to maintain multiple configurations, you can say, e.g.,
-
-     $ ./Configure -file Configuration.ai
-     Using config file: Configuration.ai
-     Creating Makefile
-      + configured for <whatever> platform
-      + setting C compiler to <whatever>
-      + Adding selected modules
-      + doing sanity check on compiler and options
-     Creating Makefile in support
-     Creating Makefile in main
-     Creating Makefile in os/unix
-     Creating Makefile in modules/standard
-     $ _
-
-  3) Now compile the program:
-  
-     $ make
-
-  The modules we place in the Apache distribution are the ones we have tested
-  and are used regularly by various members of the Apache development group.
-  Additional modules contributed by members or third parties with specific
-  needs or functions are available at
-  http://www.apache.org/dist/contrib/modules/.  There are instructions
-  on that page for linking these modules into the core Apache code.
-
-  If during compilation you get a warning about a missing 'regex.h', set
-  WANTHSREGEX=yes in the 'Configuration', and let The Apache Group know you
-  needed to do this for your OS by filling out a problem report form at
-  http://bugs.apache.org/, or by sending a mail message to
-  apache-bugs@apache.org. Include the output of the command "uname -a".
-
-  Installation
-  ------------
- 
-  After compilation, you will have a binary called "httpd" in this src/
-  directory.  If you received a binary distribution of apache, you should have
-  this file already.
-
-  The next step is to edit the configuration files for the server.  In the
-  top-level subdirectory called "conf" you should find distribution versions
-  of the three configuration files: srm.conf-dist, access.conf-dist, and
-  httpd.conf-dist.  Copy them to srm.conf, access.conf, httpd.conf
-  respectively.
-
-  First edit httpd.conf.  This sets up general attributes about the server -
-  the port number, the user it runs as, etc.  Next edit the srm.conf file -
-  this sets up the root of the document tree, special functions like
-  server-parsed HTML or internal imagemap parsing, etc.  Finally, edit the
-  access.conf file to at least set the base cases of access. Documentation for
-  all of these is located at http://www.apache.org/docs/.
-
-  Finally, make a call to httpd, with a -f to the full path to the httpd.conf
-  file. I.e., the common case:
-
-    $ /usr/local/apache/httpd -f /usr/local/apache/conf/httpd.conf
-
-  And voila! The server should be running.
-
-  By default the srm.conf and access.conf files are located by name - to
-  specifically call them by other names, use the AccessConfig and
-  ResourceConfig directives in httpd.conf.
-
-  Set your system time properly!
-
-  Proper operation of a public web server requires accurate time
-  keeping, since elements of the HTTP protocol are expressed as the time
-  of day.  So, it's time to investigate setting up NTP or some other
-  time synchronization system on your Unix box, or whatever the
-  equivalent on NT would be.
-
-  Upgrading an Existing Apache Environment
-  ----------------------------------------
-
-  Between releases of Apache, there are several files that are likely to get
-  changed (aside from the source, of course).  These include:
-
-    src/Makefile.tmpl
-    src/Configuration.tmpl
-    src/Configure
-    conf/*.conf-dist
-    conf/mime.types
-
-  It's recommended that you unpack a new Apache version distribution into a
-  different directory than the existing one, and check these files against the
-  ones you already have for new or changed directives.  It's almost certain
-  that the Configure, Configuration.tmpl, and Makefile.tmpl files are going to
-  change, so pay particular attention to merging your existing Configuration
-  settings with the ones in the Configuration.tmpl file to make a new
-  Configuration file in the new Apache src directory.  Then follow the steps
-  for a new installation to build and test the new server before replacing the
-  existing Apache directory tree with the one from the new distribution.
-
diff --git a/usr.sbin/httpd/src/Makefile.bsd-wrapper b/usr.sbin/httpd/src/Makefile.bsd-wrapper
deleted file mode 100644
index bc836a9c85b..00000000000
--- a/usr.sbin/httpd/src/Makefile.bsd-wrapper
+++ /dev/null
@@ -1,48 +0,0 @@
-
-.include <bsd.own.mk>
-
-PROG=httpd
-BINDIR=/usr/sbin
-BINOWN=root
-BINGRP=daemon
-
-all: Makefile
-	${MAKE}
-
-.FORCE:	.IGNORE
-
-helpers/GuessOS: 
-	lndir -e Makefile.bsd-wrapper -e obj ${.CURDIR} ${.OBJDIR}
-
-config:	.FORCE
-	sh ${.CURDIR}/Configure -file ${.CURDIR}/Configuration -make ${.CURDIR}/Makefile.tmpl
-
-Makefile: helpers/GuessOS
-	sh ${.CURDIR}/Configure -file ${.CURDIR}/Configuration -make ${.CURDIR}/Makefile.tmpl
-
-# apache has no man pages in the dist
-
-maninistall:
-	@echo No man pages for apache
-
-install: maninistall
-	${INSTALL} ${INSTALL_COPY} ${INSTALL_STRIP} -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} ${PROG} ${BINDIR} 
-
-clean cleandir:
-.if 	exists(${.OBJDIR}/Makefile)
-		 ${MAKE} clean 
-.endif
-	/bin/rm -f Makefile
-	/bin/rm -f modules/Makefile
-	/bin/rm -f Makefile.config
-	/bin/rm -f modules.c
-
-depend:
-	# Nothing here yet
-lint:
-	#Nothing here yet
-tags:
-	#Nothing here yet
-
-.include<bsd.obj.mk>
-.include<bsd.subdir.mk>
diff --git a/usr.sbin/httpd/src/Makefile.tmpl b/usr.sbin/httpd/src/Makefile.tmpl
deleted file mode 100644
index aa5b7917bb3..00000000000
--- a/usr.sbin/httpd/src/Makefile.tmpl
+++ /dev/null
@@ -1,147 +0,0 @@
-
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-
-OBJS= \
-  modules.o \
-  $(MODULES) \
-  main/libmain.a \
-  $(OSDIR)/libos.a \
-  ap/libap.a
-
-TYPE=
-ALGO=
-CRT=
-KEY=
-VIEW=
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-# Used to generate import library for OS/2
-.SUFFIXES: .def
-.def.a:
-	emximp -o $@ $<
-
-all: @@Configuration@@ $(TARGET)
-
-@@Configuration@@: Configuration.tmpl
-	@echo "++ File '@@Configuration@@' older than 'Configuration.tmpl',"
-	@echo "++ or still doesn't exist. Please consider copying 'Configuration.tmpl'"
-	@echo "++ to '@@Configuration@@', editing and rerunning 'Configure'."
-	@echo "++ If not, you will at least have to touch '@@Configuration@@'."
-	@false
-
-$(TARGET): $(EXTRA_DEPS) $(SUBTARGET)
-
-target_static: subdirs modules.o
-	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
-	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
-	      -o $(TARGET) buildmark.o $(OBJS) $(REGLIB) $(EXPATLIB) $(LIBS)
-
-target_compile_only: subdirs modules.o
-	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
-
-target_shared: $(SHCORE_IMPLIB) $(SHARED_CORE_EP) lib$(TARGET).$(SHLIB_SUFFIX_NAME)
-	$(CC) $(INCLUDES) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
-	      -o $(TARGET) -DSHARED_CORE_BOOTSTRAP main/http_main.c \
-	      ap/libap.a $(LIBS) $(SHCORE_IMPLIB)
-
-lib$(TARGET).ep: lib$(TARGET).$(SHLIB_SUFFIX_NAME)
-	$(CC) $(INCLUDES) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
-	      -o lib$(TARGET).ep -DSHARED_CORE_TIESTATIC main/http_main.c \
-		  -L. -l$(TARGET) $(LIBS)
-
-lib$(TARGET).$(SHLIB_SUFFIX_NAME): subdirs modules.o
-	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
-	$(LD_SHLIB) $(LDFLAGS_SHLIB) -o lib$(TARGET).$(SHLIB_SUFFIX_NAME) buildmark.o $(OBJS) $(REGLIB) $(EXPATLIB) $(LD_SHCORE_DEF) $(LD_SHCORE_LIBS)
-	@if [ ".$(SHLIB_SUFFIX_LIST)" != . ]; then \
-		rm -f lib$(TARGET).$(SHLIB_SUFFIX_NAME).*; \
-		for suffix in $(SHLIB_SUFFIX_LIST) ""; do \
-			[ ".$$suffix" = . ] && continue; \
-		    echo "ln lib$(TARGET).$(SHLIB_SUFFIX_NAME) lib$(TARGET).$(SHLIB_SUFFIX_NAME).$$suffix"; \
-		    ln lib$(TARGET).$(SHLIB_SUFFIX_NAME) lib$(TARGET).$(SHLIB_SUFFIX_NAME).$$suffix; \
-		done; \
-	fi
-
-certificate:   
-	@./support/mkcert.sh \
-		"$(MAKE)" "$(MFLAGS) $(MFLAGS_STATIC)" \
-		"$(SSL_PROGRAM)" ./support \
-		"$(TYPE)" "$(ALGO)" "$(CRT)" "$(KEY)" "$(VIEW)"
-	@cd ../conf/ssl.crt; $(MAKE) $(MFLAGS_STATIC) SSL_PROGRAM=$(SSL_PROGRAM) >/dev/null 2>&1
-
-subdirs:
-	@for i in $(SUBDIRS); do \
-		echo "===> $(SDP)$$i"; \
-		case ".$(OS)" in \
-		  .OS390 | .TPF) ( cd $$i && $(MAKE) SDP='$(SDP)' OPTIM='$(OPTIM)') || exit 1;; \
-		              *) ( cd $$i && $(MAKE) $(MFLAGS_STATIC) SDP='$(SDP)' CC='$(CC)' AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)' OPTIM='$(OPTIM)') || exit 1;; \
-		esac; \
-		echo "<=== $(SDP)$$i"; \
-	done
-
-support: support-dir
-
-support-dir:
-	@echo "===> $(SDP)support"; \
-	cd support; $(MAKE) $(MFLAGS_STATIC) SDP='$(SDP)' CC='$(CC)' AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)' OPTIM='$(OPTIM)' || exit 1; \
-	echo "<=== $(SDP)support"
-
-clean:
-	-rm -f $(TARGET) lib$(TARGET).* *.o
-	@for i in $(SUBDIRS); do \
-		echo "===> $(SDP)$$i"; \
-		( cd $$i && $(MAKE) $(MFLAGS_STATIC) SDP='$(SDP)' OPTIM='$(OPTIM)' $@ ) || exit 1; \
-		echo "<=== $(SDP)$$i"; \
-	done
-
-distclean:
-	-rm -f $(TARGET) lib$(TARGET).* *.o
-	@for i in $(SUBDIRS); do \
-		echo "===> $(SDP)$$i"; \
-		( cd $$i && $(MAKE) $(MFLAGS_STATIC) SDP='$(SDP)' $@ ) || exit 1; \
-		echo "<=== $(SDP)$$i"; \
-	done
-	-rm -f include/ap_config_auto.h
-	-rm -f modules.c
-	-rm -f modules/Makefile
-	-rm -f regex/Makefile
-	-rm -f lib/Makefile
-	-rm -f Makefile.config
-	-rm -f Makefile
-
-install:
-	@echo "++ Sorry, no installation procedure available at this level."
-	@echo "++ Go to the parent directory for an 'install' target."
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-	for i in $(SUBDIRS); do \
-	    ( cd $$i && $(MAKE) CC='$(CC)' AUX_CFLAGS='$(CFLAGS)' RANLIB='$(RANLIB)' OPTIM='$(OPTIM)' depend ) || exit 1; \
-	done
-
-#Dependencies
-
-$(OBJS): Makefile subdirs
-
-# DO NOT REMOVE
-buildmark.o: buildmark.c include/ap_config.h include/ap_mmn.h \
- include/ap_config_auto.h $(OSDIR)/os.h include/ap_ctype.h \
- include/httpd.h include/ap_alloc.h include/buff.h \
- include/ap.h include/util_uri.h
-modules.o: modules.c include/httpd.h include/ap_config.h \
- include/ap_mmn.h include/ap_config_auto.h $(OSDIR)/os.h \
- include/ap_ctype.h include/ap_alloc.h include/buff.h \
- include/ap.h include/util_uri.h include/http_config.h
diff --git a/usr.sbin/httpd/src/PORTING b/usr.sbin/httpd/src/PORTING
deleted file mode 100644
index e9b3bc63ee7..00000000000
--- a/usr.sbin/httpd/src/PORTING
+++ /dev/null
@@ -1,387 +0,0 @@
-The Semi-Official Guide to Porting Apache
-
--------------
-Introduction:
--------------
-Apache has been ported to a wide variety of platforms, from multiple
-UNIX variants to OS/2. Starting with v1.3, it will even run under
-Windows95 and Windows NT. Nonetheless, there are most likely a few
-platforms out there that currently are not "officially" supported under
-Apache. Porting Apache to these platforms can be quite simple
-depending on the "genericness" of the OS. This document will provide
-some basic guidelines to help the potential porter.
-
--------------
-Requirements:
--------------
-One of the basic requirements for a potential Apache platform is
-a robust TCP/IP implementation. Just about any UNIX out there
-nowadays, even some ancient ones, have a TCP/IP stack that will
-work. In particular, the UNIX should provide for sockets and the
-basic controlling functions for them (like accept(), bind(), etc).
-
-The source for Apache is written in ANSI-C, so an ANSI-C compiler
-is required. However, Apache does not use or require ANSI-only
-functions or options (eg: the "%n" parameter in the scanf()
-family) as much as possible to ease portability. Generally,
-an ANSI-C compiler (eg: gcc) even without a full-blown ANSI
-C library is usually sufficient.
-
-At present, the Apache source is not compatible with C++.
-
--------------------
-The Starting Point:
--------------------
-The first thing to look at is the output of the ./helpers/GuessOS
-script. This is a simple script that attempts to determine the
-platform and OS you are running on. The output of this script
-is used by Configure to set some basic compilation parameters.
-
-The output of ./helpers/GuessOS was designed to be GNU 'config.guess'
-compatible (from GNU/autoconf). The format of the output string
-is:
-
-   machine-vendor-OS
-
-This string is returned to the main Configure script as the
-shell variable $PLAT. If Configure is not "aware" of that platform
-(or cannot correctly parse it), it will complain and die. We realize
-that this may not be the best solution; the intent is to get as
-much feedback as possible.
-
-----------------------
-Configure cannot Grok:
-----------------------
-If this happens to you, then it means that Configure doesn't know
-how to configure and compile Apache for your OS. It will still try
-nonetheless, but at this point, all bets are off.
-
-The best solution if this happens to you is to make Apache aware
-of your OS.  The first course of action is the easiest:  Look in
-Configure and see if there are any OSs which are similar to yours.
-
-For example, let's say that your OS is similar to HP-UX, but that
-GuessOS returns "foobar-intel-hubble". You would then edit
-Configure as follows:
-
-    *-hp-hpux*|*-*-hubble)
-	OS='HP-UX'
-	CFLAGS="$CFLAGS -DHPUX"
-	;;
-
-The '|*-*-hubble' was added to the switch statement for HP-UX.
-
-Another fix may involve editing the GuessOS helper script. Let's
-say, for example, that your system is SysV4-based, but that
-GuessOS does not return that info. You could then add a switch
-to the script that does something like:
-
-	*WeirdSystem*)
-	    echo "${MACHINE}-whatever-sysv4"; exit 0
-	    ;;
-
-In this case, we force GuessOS to return a string that includes
-the "sysv4" cookie for Configure to recognize.
-
-Unfortunately, unless you are running a very generic BSD or SysV
-system, no "supported" OS will be close enough in all aspects to
-allow for a clear (and possibly workable) build of Apache. If this
-is the case, you will need to port Apache to your OS.
-
--------------------
-Porting for Apache:
--------------------
-When all else fails, it's time to hack some code. The source itself
-is generic enough that most ports are incredibly easy. No matter
-what, however, there are 2 source files that need to be updated
-for the port:
-
-   ./Configure
-   ./include/ap_config.h
-
-Configure:
-==========
-Configure concerns itself with determining the OS-type for the
-build and setting up a few Makefile variables for the build. The
-most important are 'OS' and 'CFLAGS'. For example, when Configure
-determines a build for A/UX, it runs the following lines:
-
-  case "$PLAT" in
-    *-apple-aux3*)
-	OS='A/UX 3.1.x'
-	CFLAGS="$CFLAGS -DAUX -D_POSIX_SOURCE"
-	LIBS="$LIBS -lposix -lbsd"
-	LDFLAGS="$LDFLAGS -s"
-	DEF_WANTHSREGEX=no
-	;;
-
-The 'OS' variable is used to define the system Apache is being built
-for. You will also note that 'CFLAGS' defines "-DAUX". In this case,
-'AUX' is a magic cookie used by the Apache code (mainly ap_config.h [see
-below]) to handle OS-specific code. Each code that has and requires
-such OS-specific code will require a unique "system cookie" defined
-in 'CFLAGS'. You will also note that Configure also goes ahead and
-predefines the LIBS and LDFLAGS Makefile variables.
-
-DEF_WANTHSREGEX indicates the "default" setting of the WANTHSREGEX rule.
-If left undefined it'll default to yes.  Yes means the src/regex/
-directory, containing Henry Spencer's regex library will be used rather
-than any system supplied regex.  It's been our experience that system
-supplied regex libraries are generally buggy, and should be avoided.
-
-ap_config.h:
-=======
-The Apache code, specifically in ap_config.h, uses a variety of #defines to
-control how the code is compiled and what options are available for each
-supported OS. One of the hardest parts about the porting process is
-determining which of the following are applicable for your system and
-setup. This time using the example of AIX, we see:
-
-   #elif defined(AIX)
-   #undef HAVE_GMTOFF
-   #undef NO_KILLPG
-   #undef NO_SETSID
-   #define HAVE_SYS_SELECT_H
-   #define JMP_BUF sigjmp_buf
-   #define HAVE_MMAP
-   #define USE_MMAP_SCOREBOARD
-   typedef int rlim_t;
-
-The above lines describe which functions,  capabilities and specifics
-are required for Apache to build and run under IBM AIX (the #undefs
-are not strictly required, but are a Good Idea anyway).
-
-The following several lines provide a list and short description
-of these #defines. By correctly #defining the ones you need in ap_config.h
-(wrapped by the above mentioned "system cookie"), you can fine tune the
-build for your OS.
-
---
-
- NEED_*:
-  If the particular OS doesn't supply the specified function, we use the
-  Apache-supplied version (in util.c). 
-
-    NEED_STRERROR:
-    NEED_STRDUP:
-    NEED_STRCASECMP:
-    NEED_STRNCASECMP:
-    NEED_INITGROUPS:
-    NEED_WAITPID:
-    NEED_STRERROR:
---
-
- HAVE_*:
-  Does this OS have/support this capability?
-
-    HAVE_MMAP:
-      The OS has a working mmap() implementation
-
-    HAVE_SHMGET:
-      The OS has a working shmget() (SystemV shared memory) implementation
-
-    HAVE_GMTOFF:
-      Define if the OS's tm struct has the tm_gmtoff element
-
-    HAVE_CRYPT_H:
-      Defined if the OS has the <crypt.h> header file. This is set
-      automatically during the Configure process and stored in the
-      src/include/ap_config_auto.h header file.
-
-    HAVE_SYS_SELECT_H:
-      Defined if the OS has the <sys/select.h> header file. This is
-      set automatically during the Configure process and stored in the
-      src/include/ap_config_auto.h header file.
-
-    HAVE_SYS_RESOURCE_H:
-      Defined if the OS has and supports the getrlimit/setrlimit
-      family. Apache uses this to determine if RLIMIT_CPU|VMEM|DATA|RLIMIT
-      is found and used. This also assumes that the getrlimit()/setrlimit()
-      functions are available as well. This is set automatically during the
-      Configure process and stored in the src/include/ap_config_auto.h header
-      file.
-
-    HAVE_SYS_PARAM_H:
-      Defined if the OS has the <sys/param.h> header file. This is
-      set automatically during the Configure process and stored in the
-      src/include/ap_config_auto.h header file.
-
---
-
- USE_*:
-  These #defines are used for functions and ability that aren't exactly
-  required but should be used.
-
-     USE_MMAP_SCOREBOARD:
-      Define if the OS supports the BSD mmap() call. This is used by various
-      OSs to allow the scoreboard file to be held in shared mmapped-memory
-      instead of a real file.  Note that this is only used to determine
-      if mmap should be used for shared memory. If HAVE_MMAP is not
-      #defined, this will automatically be unset.
-
-     USE_SHMGET_SCOREBOARD:
-      Define if the OS has the SysV-based shmget() family of shared-memory
-      functions. Used to allow the scoreboard to live in a shared-memory
-      slot instead of a real file. If HAVE_SHMGET is not #defined,
-      this will automatically be unset.
-
-     <<NOTE: If neither USE_MMAP_SCOREBOARD or USE_SHMGET_SCOREBOARD
-	     is defined, a file-based scoreboard will be used and
-	     SCOREBOARD_FILE will automatically be defined >>
-
-     USE_POSIX_SCOREBOARD:
-      Defined on QNX currently where the shared memory scoreboard follows
-      the POSIX 1003.4 spec.
-    
-     USE_OS2_SCOREBOARD:
-      Defined on OS2, uses OS2 primitives to construct shared memory for
-      the scoreboard.
-
-     USE_LONGJMP:
-      Define to use the longjmp() call instead of siglongjmp()
-      (as well as setjmp() instead of sigsetjmp()).
-
-     USE_MMAP_FILES:
-      Enable the use of mmap() for sending static files. If HAVE_MMAP
-      is not #defined, this will automatically be unset.
---
-
- USE_*_SERIALIZED_ACCEPT:
-  See htdocs/manual/misc/perf-tuning.html for an in-depth discussion of
-  why these are required.  These are choices for implementing a mutex
-  between children entering accept().  A complete port should define at
-  least one of these, many may work and it's worthwhile timing them.
-  Without these the server will not implement multiple Listen directives
-  reliably.  Please note that as of 1.3.21, we can set the method at runtime.
-  To so do, we specify which methods are available at compile time
-  with the HAVE_FOO_SERIALIZED_ACCEPT #defines. The USE_FOO_SERIALIZED_ACCEPT
-  is used to pick the default version of all those available. These are
-  set at compile time usually in include/ap_config.h but can also be
-  done at the compile command line.
-
-     USE_FCNTL_SERIALIZED_ACCEPT:
-      Use fcntl() to implement the semaphore.
-
-     USE_FLOCK_SERIALIZED_ACCEPT:
-      Use flock() to implement the semaphore (fcntl() is expensive on
-      some OSs, esp.  when using NFS).
-
-     USE_USLOCK_SERIALIZED_ACCEPT:
-      Probably IRIX only: use uslock() to serialize, which is far faster
-      on multiprocessor boxes (and far slower on uniprocessor, yay).
-
-     USE_SYSVSEM_SERIALIZED_ACCEPT:
-      Use System V semaphores to implement the semaphore.  These are
-      problematic in that they won't be cleaned up if apache is kill -9d,
-      and there's the potential of a CGI causing a denial of service
-      attack if it's running as the same uid as apache (i.e. suexec
-      is recommended on public servers).  But they can be faster than
-      either of fcntl() or flock() on some systems.
-
-     USE_PTHREAD_SERIALIZED_ACCEPT:
-      Use POSIX mutexes to implement the semaphore.
-
-     << NOTE: If none of the above USE_*SERIALIZED_ACCEPTs are
-	      defined, NO_SERIALIZED_ACCEPT will automatically
-	      be defined if MULTITHREAD is not defined >>
-
-     SINGLE_LISTEN_UNSERIALIZED_ACCEPT:
-      It's safe to unserialize single-socket accept().
-
---
-
-  NO_*:
-   These are defined if the OS does NOT have the specified function or if
-   we should not use it.
-
-      NO_SHMGET:
-       Do not use shmget() (SystemV shared memory) at all.
-
-      NO_MMAP:
-       Do not use mmap() at all.
-
-      NO_UNISTD_H:
-
-      NO_KILLPG:
-
-      NO_SETSID:
-
-      NO_USE_SIGACTION:
-       Do not use the sigaction() call, even if we have it.
-
-      NO_LINGCLOSE:
-       Do not use Apache's soft, "lingering" close feature to
-       terminate connections. If you find that your server crashes
-       due to being choked by too many FIN_WAIT_2 network states, 
-       some reports indicate that #define'ing this will help.
-
-      NO_SLACK:
-       Do not use the "slack" fd feature which requires a working fcntl
-       F_DUPFD.
-
-      NO_GETTIMEOFDAY:
-       OS does not have the gettimeofday() function (which is
-       BSDish).
-
-      NO_TIMES:
-       OS does not have the times() function.
-
-      NO_OTHER_CHILD:
-       Do not implement the register_other_child API, usually because
-       certain system calls aren't available.
-
-      NO_RELIABLE_PIPED_LOGS:
-       Do not use reliable piped logs, which happen to also require
-       the register_other_child API.  The reliable piped log code
-       requires another child spawning interface which hasn't been
-       generalised yet.
-
---
-
-  MISC #DEFINES:
-   Various other #defines used in the code.
-
-      MULTITHREAD:
-       Defined if the OS is multi-threaded. Used only on Win32 and Netware.
-
-      JMP_BUF:
-       The variable-type for siglongjmp() or longjmp() call.
-
-      MOVEBREAK:
-       Amount to move sbrk() breakpoint, if required, before attaching
-       shared-memory segment.
-
-      NET_SIZE_T:
-       Some functions such as accept(), getsockname(), getpeername() take
-       an int *len on some architectures and a size_t *len on others.
-       If left undefined apache will default it to int.  See
-       include/ap_config.h for a description of NET_SIZE_T.
-
-      NEED_HASHBANG_EMUL:
-       The execve()/etc. functions on this platform do not deal with #!,
-       so it must be emulated by Apache.
-
-      SYS_SIGLIST
-       Should be defined to point to a const char * const * array of
-       signal descriptions.  This is frequently sys_siglist or
-       _sys_siglist, defined in <signals.h>
-
-      ap_wait_t
-       The type used for wait()/waitpid()/... status parameter.  Usually
-       int.
-
------------
-Conclusion:
------------
-The above hints, and a good understanding of your OS and Apache, will
-go a LONG way in helping you get Apache built and running on your
-OS. If you have a port, PLEASE send Email to 'Apache@Apache.Org',
-or log a suggestion report at <http://bugs.apache.org/>, with
-the patches so that we may add them to the official version.
-If you hit a rough spot in the porting process, you can also try
-sending Email to that address as well and, if you are lucky, someone
-will respond. Another good source is the 'comp.infosystems.www.servers.unix'
-Usenet group as well.
-
-Good luck and happy porting!
-
diff --git a/usr.sbin/httpd/src/README b/usr.sbin/httpd/src/README
deleted file mode 100644
index 9aefdcac470..00000000000
--- a/usr.sbin/httpd/src/README
+++ /dev/null
@@ -1,147 +0,0 @@
-The following document was written by Robert S. Thau (rst@ai.mit.edu) on the
-release of Apache 1.0.  Some details may have changed since then regarding the
-functions and names of modules, but the basic ideas are still intact.
- =================================================
-
-The basic idea of the new Apache release is to make a modular
-"tinkertoy" server, to which people can easily add code which is
-valuable to them (even if it isn't universally useful) without hairing
-up a monolithic server.  Applications for this idea include database
-integration, support for experimental search and scripting extensions,
-new authentication modes (digest authentication, for instance, could
-be done entirely as a module), and so forth.  All modules have the
-same interface to the server core, and through it, to each other.
-
-In particular, the following are modules in the current code base:
-common log format (other loggers can easily coexist with it), auth and
-dbm auth (although both use common code in http_protocol.c to parse
-the Authorization: line), directory handling (which can be added or
-replaced), handling of aliases and access control, content
-negotiation, CGI, includes, aliases, and so forth.  (What's left in
-the basic server?  Not a whole lot).  The configuration file commands
-which configure these things are defined, for the most part, by the
-modules themselves, and not by the server core (each module has, or
-can have, a command dispatch table).
-
-Besides carving up the base code into modules, this release makes a
-few other fairly pervasive changes.  Most of the global variables are
-gone; most of the MAX_STRING_LENGTH char arrays are gone (the few that
-are left being sprintf() targets, or I/O buffers of various sorts),
-and unmunge_name has vanished.  The most drastic change is the use of
-a "compool" strategy to manage resources allocated for a request ---
-the code in alloc.c keeps track of it all and allows it to be freed en
-bloc at the end of the request.  This strategy seems to be effective
-in stanching memory and descriptor leaks.
-
-Additional third-party modules can be found at
-<URL:http://www.apache.org/dist/contrib/modules/>.
-
-
-A brief code review:
-
-The code here can be divided into the server core (the http_* files,
-along with alloc.c and the various utility files), and several modules
-(the mod_* files).
-
-The core interfaces to modules through the "module" structure which
-describes each one.  There's a linked list of these things rooted at
-top_module, through which http_config.c dispatches when necessary.  The
-module structures themselves are defined at the bottom of the mod_foo
-files.  (Loading new modules dynamically at runtime should be simple;
-just push them onto the linked list.  The only complication is what to
-do with AddModule commands when the config files are reread,
-particularly if you find a module has been taken out).
-
-In addition to the core itself (which does have a module structure to
-hold its command tables, and the handlers for various phases of
-request handling which make it *barely* a web server on its own),
-the modules included here are the following:
-
-mod_mime.c --- deduction of MIME types and content-encodings from
-  filename extensions.  This module defines the AddType, AddEncoding,
-  and TypesConfig config-file directives.  This code is off in a
-  module by itself so that people who want to experiment with other
-  meta-information schemes can replace it, and still have content
-  negotiation work.
-
-mod_log_config.c --- logging in configurable or common log format.
-
-mod_auth.c --- HTTP authentication.  Defines the AuthUserFile and
-  AuthGroupFile directives (other auth-related commands are handled by
-  the core itself, so it knows which requests require it to poll the
-  modules for authentication handlers).
-
-mod_auth_dbm.c --- DBM auth.  Untested, and left out of the modules
-  list in modules.c because of that, but it does at least compile.
-  Grump. 
-
-mod_access.c --- access checking by DNS name or IP address; defines
-  the "order", "allow" and "deny" config-file commands.  (If this
-  module is compiled out, the server fails safe --- any attempt to
-  configure access control will die on a config file syntax error when
-  the relevant commands go unrecognized).
-
-mod_negotiation.c --- Content negotiation.  Defines the
-  CacheNegotiatedDocs config-file command.  Making this a module is
-  perhaps going overboard, but I wanted to see how far I could push
-  it. 
-
-mod_alias.c --- Alias command and file translation.
-
-mod_userdir.c --- ditto for Userdir.
-
-mod_cgi.c --- Common Gateway Interface.  Also defines ScriptAlias,
-  because scripts are treated slightly differently depending on
-  whether they are ScriptAliased or not (in particular, ExecCGI is not
-  required in the former case).
-
-mod_includes.c --- server-side includes.
-
-mod_dir.c --- defines a whole *raft* of commands; handles directories.
-
-mod_asis.c --- ASIS file handling.
-
-mod_dld.c --- the experimental runtime-code-loader described above.
-  You'll have to alter the makefile and modules.c to make this active
-  if you want it.
-
-
-
-As to the core, here's a brief review of what's where:
-
-http_protocol.c --- functions for dealing directly with the client.
-  Reading requests, writing replies of various sorts.  I've tried to
-  route all data transfer between server and client through here, so
-  there's a single piece of code to change if we want to add, say,
-  HTTP-NG packetization.  The major glaring exception is NPH- CGI
-  scripts; what *will* we do with those for HTTP-NG?
-
-http_request.c --- functions which direct the processing of requests,
-  including error handling.  Generally responsible for making sure
-  that the right module handlers get invoked, in the right order.
-  (This includes the "sub-request" mechanism, which is used by
-  includes and other stuff to ask about the status of particular
-  subfiles).
-
-http_core.c --- 
-  Contains the core module structure, its command table, and the
-  command handlers, also the filename translation routine, and the
-  like for the core.  (Basically, this is all of the core module stuff
-  which looks more or less like the boilerplate from the other modules).
-
-http_config.c --- Functions to read config files and dispatch to the
-  command handlers; also, routines to manage configuration vectors,
-  and to dispatch to modules' handlers for the various phases of
-  handling a request.  
-
-http_log.c --- just the error log.  Error handling is split between
-  http_protocol.c (for generating the default error responses) and
-  http_request.c (for executive handling, including ErrorDocument
-  invocation); transaction logging is in the modules.
-
-http_main.c --- System startup, restart, and accepting connections;
-  also timeout handling (which is pretty grotesque right now; ideas?)
-
-alloc.c --- allocation of all resources which might have to be reclaimed
-  eventually, including memory, files, and child processes.
-
diff --git a/usr.sbin/httpd/src/README.EAPI b/usr.sbin/httpd/src/README.EAPI
deleted file mode 100644
index ffd1dee4a77..00000000000
--- a/usr.sbin/httpd/src/README.EAPI
+++ /dev/null
@@ -1,340 +0,0 @@
-
- Extended API (EAPI)
- ===================
-
- What is EAPI
- ============
-
- Extended API (EAPI) is a comprehensive API addition which can be _OPTIONALLY_
- enabled with ``Rule EAPI=yes'' in src/Configuration or ``--enable-rule=EAPI''
- on the APACI configure command line. This then defines a -DEAPI and this way
- the EAPI code is compiled into Apache. When this define is not present _NO_
- EAPI code is compiled into Apache at all, because all(!) EAPI patches are
- encapsulated in #ifdef EAPI...#endif.
-
- What is provided by EAPI?
- =========================
-
- EAPI's additions to the Apache API fall into the following categories:
-
-    o  Context Attachment Support for Data Structures
-    o  Loosly-coupled Hook Interface for Inter-Module Communication
-    o  Direct and Pool-based Shared Memory Support 
-    o  Additional Apache Module Hooks
-    o  Specialized EAPI Goodies
-
- They are discussed in details now....
-
- Context Attachment Support for Data Structures
- ----------------------------------------------
-
- Attaching private information to a request_rec, conn_rec, server_rec or even
- BUFF structure is for a lot of modules the most elegant solution to keep
- states between API phases without the need for any global variables. That's
- especially true for modules which operate on lower I/O levels (where no
- per-module configuration structure is available) or have to deal with various
- callback functions of third-party libraries (where one need to find the
- private context which can be hard without global variables).
-
- The EAPI way to solve this situation is: 
-
- 1. A generic context library was written which allows one
-    to create a context and later store and retrieve context variables
-    identified by a unique key.
-
- 2. The Apache kernel was extended to provide contexts for all standard data
-    structures like request_rec, server_rec, conn_rec, BUFF, etc.  This way
-    modules can easily attach information to all these structures with the
-    help of the context API.
-
- Point 1 is implemented by new src/ap/ap_ctx.c and src/include/ap_ctx.h source
- files.  Point 2 is implemented by EAPI patches to various src/main/*.c and
- src/include/*.h files.
-
- Example:
- 
-  | /* a module implements on-the-fly compression for
-  |    the buffer code and for this uses a third-party library which 
-  |    don't uses a filedescriptor. Instead a CLIB* is used.  The module has to
-  |    attach this CLIB* to the BUFF in oder to have it available whenever a
-  |    BUFF is used somewhere. */
-  | BUFF *buff;
-  | CLIB *comp;
-  | comp = CLIB_new_from_fd(buff->fd);
-  | ap_ctx_set(buff->ctx, "CLIB", comp);
-  |   :
-  | 
-  | /* later when it deals with a BUFF, it can easily find back the
-  |    CLIB* via the BUFF* */
-  | comp = (CLIB *)ap_ctx_get(buff->ctx, "CLIB");
-  |   :
- 
- Possible use cases from practice are:
-  
-  o  attaching third-party structures to Apache structures
-  o  replacing global module variables with clean context variables
-  o  custom attachments for complex modules like mod_php, mod_php, etc.
-  o  companion support for the hook interface (see below)
-  o  etc. pp.
-
- Loosly-coupled Hook Interface for Inter-Module Communication
- ------------------------------------------------------------
-
- Apache is structured into modules which is a nice idea.  With the Dynamic
- Shared Object (DSO) facility it gets even nicer because then modules are then
- really stand-alone objects. The drawback is that DSO restricts modules.  The
- most popular problem is that no inter-module symbol references are allowed.
- The classical problem: Module A implements some nice functions module B would
- like to use to avoid reimplementing the wheel. But B cannot call A's
- functions because this violates both the design idea of stand-alone modules
- and the DSO restrictions. Additionally a module C could exists which also
- provides a variant of the functionality of A's function.  Then B should get
- the variant (either A's or C's) which is best or available at all.
- 
- Real Life Example:
-
- mod_rewrite provides %{XXXX} constructs to lookup variables.  The available
- variables are (and have to be) hard-coded into mod_rewrite. Now our mod_clib
- which does on-the-fly compression provides a variable CLIB_FACTOR which gives
- information about the shrink factor of the compression and a user wants to
- use this shrink factor to make an URL-rewriting decision (<grin>). No chance
- without EAPI.  With EAPI it's easy: Inside the if-cascade for the various
- variables in mod_rewrite one replaces:
-
-  | char *result;
-  | request_rec *r;
-  |    :
-  | if (strcasecmp(var, "...") == 0) {
-  |    :
-  | else if (strcasecmp(var, "SCRIPT_GROUP") == 0) {
-  |     result = ...
-  | }
-  | else {
-  |     if (result == NULL) {
-  |         ...complain...
-  |     }
-  | }
-  |    :
-
- with
-
-  | char *result;
-  | request_rec *r;
-  |    :
-  | if (strcasecmp(var, "...") == 0) {
-  |    :
-  | else if (strcasecmp(var, "SCRIPT_GROUP") == 0) {
-  |     result = ...
-  | }
-  | else {
-  |     ap_hook_use("ap::lookup_variable",
-  |                 AP_HOOK_SIG4(ptr,ptr,ptr,ctx), 
-  |                 AP_HOOK_DECLINE(NULL),
-  |                 &result, r, var);
-  |     if (result == NULL) {
-  |         ...complain...
-  |     }
-  | }
-  |    :
-
- What this does is that when XXXX of %{XXXX} isn't known, a hook named
- ap::lookup_variable is called with the request_rec and the var ("XXX") and
- the result variable. When no one has registered for this hook, nothing
- happens. ap_hook_use() immediately returns and nothing was changed. 
-
- But now let's assume mod_clib is additionally loaded as a DSO. And without
- changing anything now magically mod_rewrite implements %{CLIB_FACTOR}. How?
- Look inside mod_clib.c:
-
-  | /* mod_clib registeres for the ap::lookup_variable hook 
-  | inside it's init phase */
-  | CLIB *comp;
-  | ap_hook_register("ap::lookup_variable", 
-  |                  my_lookup_variable, AP_HOOK_CTX(comp));
-  |
-  | /* and implements the my_lookup_variable() function */
-  | char *my_lookup_variable(request_rec *r, char *name, CLIB *comp)
-  | {
-  |     if (strcmp(name, "CLIB_FACTOR") == 0)
-  |         return ap_psrintf(r->pool, "%d", comp->factor);
-  |     return NULL;
-  | }
-
- What happens? When mod_rewrite calls the ap_hook_use() function internally
- the hook facility knows that mod_clib has registered for this hook and calls
- the equivalent of
-
- |     result = my_lookup_variable(r, var, <comp>);
-
- where <comp> is the CLIB* context variable mod_clib has registered for
- itself. Now assume a second module exists which also provides variables and
- want to allow mod_rewrite to lookup them.  It registers after mod_clib with
-
- |      ap_hook_register("ap::lookup_variable", 
- |                        my_lookup_variable2, AP_HOOK_CTX(whatever));
- | 
-
- and then the following happens: The hook facility does for mod_rewrite the
- equivalent of:
-
- |      result = my_lookup_variable(r, var, <comp>);
- |      if (result == NULL)
- |          result = my_lookup_variable2(r, var, <whatever>);
-
- As you can see the hook functions decline in this example with NULL.  That's
- the NULL from AP_HOOK_DECLINE(NULL) and can be any value of any type, of
- course.
-
- The same idea can be also used by mod_log_config and every other module which
- wants to lookup a variable inside Apache. Which variables are available
- depend on the available modules which implement them. And this all works
- nicely with the DSO facility, because the ap_hook_xxx() API is part of the
- Apache kernel code. And nothing has to be changed inside Apache when another
- modules wants to create a new hook, because the mechanism is totally generic.
-
- So when our module A wants to let other modules to use it's function it just
- has to configure a hook for this.  Then other modules call this hook. Is
- module A not there the boolean return value of the hook call will indicate
- this. When module A is there the function is called.
-
- Direct and Pool-based Shared Memory Support
- -------------------------------------------
-
- Since years it was annoying that Apache's pre-forked process model basically
- means that every server lives it's own life (= address space) and this way
- module authors cannot easily spread module configuration or other data
- accross the processes.  The most elegant solution is to use shared memory
- segments.  The drawback is that there is no portable API for shared memory
- handling and there is no convinient memory allocation API for working inside
- shared memory segments.
-
- The EAPI way to solve this situation is: 
-
- 1. A stand-alone and resuable library was written (named MM from "memory
-    mapped" and available from http://www.engelschall.com/sw/mm/) which
-    abstracts the shared memory and memory mutex fiddling into a low-level
-    API.  Internally the shared memory and mutex functionality is implemented
-    in various platform-depended ways: 4.4BSD or POSIX.1 anonymous memory
-    mapping, /dev/zero-based memory mapping, temporary file memory mapping, or
-    SysV IPC shared memory for allocating the shared memory areas and POSIX.1
-    fcntl(2), BSD flock(2) or SysV IPC semaphores for implementing mutual
-    exclusion capabilities.
-
-    Additionally MM provides a high-level malloc()-style API based on this
-    abstracted shared memory low-level API. The idea is just to allocate the
-    requested memory chunks from shared memory segments instead of the heap.
-
- 2. EAPI now provides an easy method (with the EAPI_MM configuration 
-    variable) to build Apache against this MM library. For this the whole MM
-    API (mm_xxx() functions) is encapsulated in an Apache API subpart
-    (ap_mm_xxx() functions). This way the API is fixed and always present (no
-    #ifdef EAPI stuff in modules!), but useable only when EAPI was used in
-    conjunction with MM. A simple ``EAPI_MM=/path/to/mm ./configure
-    --enable-rule=EAPI ...'' is enough to put MM under the ap_mm_xxx() API.
-    This way modules can use a consistent, powerful and abstracted ap_mm_xxx()
-    API for dealing with shared memory.
-
- 3. Because inside Apache mostly all memory handling is done via the
-    pool facility, additional support for ``shared memory pools'' is provided.
-    This way modules can use all ap_pxxx() functions in combination with
-    shared memory.
-
- Point 1 is implemented inside the MM package. Point 2 is implemented by the
- new src/ap/ap_mm.c and src/include/ap_mm.h source files.  Point 3 is
- implemented by EAPI patches to src/main/alloc.c and src/include/alloc.h.
-
- Example:
-
- | /* inside a module init function (before the forking!)
- |    for instance a module allocates a structure with a counter
- |    in a shared memory segment */
- | pool *p;
- | pool *sp;
- | struct mystuff { int cnt } *my;
- | sp = ap_make_shared_sub_pool(p);
- | my = (struct mystuff *)ap_palloc(sp, sizeof(struct mystuff));
- | my->cnt = 0;
- | 
- |     :
- | /* then under request processing time it's changed by one process */
- | ap_acquire_pool(sp, AP_POOL_RW);
- | my->cnt++;
- | ap_release_pool(sp);
- |     :
- | 
- | /* and at the same time read by other processes */
- | ap_acquire_pool(sp, AP_POOL_RD);
- | ap_rprintf(r, "The counter is %d\n", my->cnt);
- | ap_release_pool(sp);
-
- Possible use cases from practice are:
-
-  o  assembling traffic or other accounting details
-  o  establishing of high-performance inter-process caches
-  o  inter-process wide keeping of session state information
-  o  shared memory support for mod_perl, mod_php, etc.
-  o  etc. pp.
-
- Additional Apache Module Hooks
- ------------------------------
-
- The above three EAPI additions are all very generic facilities.  But there
- were also specialized things which were missing in Apache (and needed by
- modules). Mostly additional API phases. EAPI adds the following additional
- hook pointers to the module structure:
-
- add_module: 
-     Called from within ap_add_module() right after the module structure
-     was linked into the Apache internal module list.  It is mainly
-     intended to be used to define configuration defines (<IfDefine>)
-     which have to be available directly after a LoadModule/AddModule.
-     Actually this is the earliest possible hook a module can use.  It's
-     especially important for the modules when they use the hook facility.
-
- remove_module: 
-     Called from within ap_remove_module() right before the module
-     structure is kicked out from the Apache internal module list.
-     Actually this is last possible hook a module can use and exists for
-     consistency with the add_module hook.
-
- rewrite_command:
-     Called right after a configuration directive line was read and
-     before it is processed. It is mainly intended to be used for
-     rewriting directives in order to provide backward compatibility to
-     old directive variants.
-
- new_connection:
-     Called from within the internal new_connection() function, right
-     after the conn_rec structure for the new established connection was
-     created and before Apache starts processing the request with
-     ap_read_request().  It is mainly intended to be used to setup/run
-     connection dependent things like sending start headers for
-     on-the-fly compression, etc.
-
- close_connection:
-     Called from within the Apache dispatching loop just before any
-     ap_bclose() is performed on the socket connection, but a long time
-     before any pool cleanups are done for the connection (which can be
-     too late for some applications).  It is mainly intended to be used
-     to close/finalize connection dependent things like sending end
-     headers for on-the-fly compression, etc.
-
- Specialized EAPI Goodies
- ------------------------
-
- And finally EAPI now uses some of the new functionality to add a few new
- EAPI-based goodies to mod_rewrite, mod_status and mod_proxy:
-
- mod_rewrite:
-     The above presented example of lookup hooks is implemented which allows
-     mod_rewrite to lookup arbitrary variables provides by not known modules.
-
- mod_status:
-     Any module now can register to an EAPI hook of mod_status which
-     allows it to put additional text on the /status webpages.
-
- mod_proxy:  
-     Some EAPI hooks are provided to allow other modules to control the HTTP
-     client processing inside mod_proxy.  This can be used for a lot of
-     tricks.
-
diff --git a/usr.sbin/httpd/src/ap/.indent.pro b/usr.sbin/httpd/src/ap/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/ap/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/ap/Makefile.tmpl b/usr.sbin/httpd/src/ap/Makefile.tmpl
deleted file mode 100644
index 0e6fe22ea2f..00000000000
--- a/usr.sbin/httpd/src/ap/Makefile.tmpl
+++ /dev/null
@@ -1,84 +0,0 @@
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-
-LIB=libap.a
-
-OBJS=ap_cpystrn.o ap_execve.o ap_fnmatch.o ap_getpass.o ap_md5c.o ap_signal.o \
-     ap_slack.o ap_snprintf.o ap_sha1.o ap_checkpass.o ap_base64.o ap_ebcdic.o \
-     ap_strtol.o ap_hook.o ap_ctx.o ap_mm.o
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-all: $(LIB)
-
-clean:
-	rm -f *.o *.a
-
-distclean: clean
-	-rm -f Makefile
-
-$(OBJS): Makefile
-
-$(LIB): $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-# DO NOT REMOVE
-ap_cpystrn.o: ap_cpystrn.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
-ap_execve.o: ap_execve.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
-ap_fnmatch.o: ap_fnmatch.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(OSDIR)/os-inline.c \
- $(INCDIR)/ap_ctype.h $(INCDIR)/fnmatch.h
-ap_getpass.o: ap_getpass.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(OSDIR)/os-inline.c \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap.h
-ap_md5c.o: ap_md5c.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(OSDIR)/os-inline.c \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/ap.h
-ap_sha1.o: ap_sha1.c $(INCDIR)/ap_config.h $(INCDIR)/ap_sha1.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(OSDIR)/os-inline.c
-ap_signal.o: ap_signal.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
-ap_slack.o: ap_slack.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_log.h
-ap_snprintf.o: ap_snprintf.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
-ap_strtol.o: ap_strtol.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h
diff --git a/usr.sbin/httpd/src/ap/ap_base64.c b/usr.sbin/httpd/src/ap/ap_base64.c
deleted file mode 100644
index 0c36a7a9048..00000000000
--- a/usr.sbin/httpd/src/ap/ap_base64.c
+++ /dev/null
@@ -1,215 +0,0 @@
-/* $OpenBSD: ap_base64.c,v 1.9 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* base64 encoder/decoder. Originally part of main/util.c
- * but moved here so that support/ab and ap_sha1.c could
- * use it. This meant removing the ap_palloc()s and adding
- * ugly 'len' functions, which is quite a nasty cost.
- */
-
-#include <string.h>
-
-#include "ap_config.h"
-#include "ap.h"
-
-
-/* aaaack but it's fast and const should make it shared text page. */
-static const unsigned char pr2six[256] =
-{
-	/* ASCII table */
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 62, 64, 64, 64, 63,
-	52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 64, 64, 64, 64, 64, 64,
-	64, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
-	15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 64, 64, 64, 64, 64,
-	64, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
-	41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
-	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64
-};
-
-API_EXPORT(int)
-ap_base64decode_len(const char *bufcoded)
-{
-	int nbytesdecoded;
-	const unsigned char *bufin;
-	int nprbytes;
-
-	bufin = (const unsigned char *) bufcoded;
-	while (pr2six[*(bufin++)] <= 63);
-
-	nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
-	nbytesdecoded = ((nprbytes + 3) / 4) * 3;
-
-	return nbytesdecoded + 1;
-}
-
-API_EXPORT(int)
-ap_base64decode(char *bufplain, const char *bufcoded)
-{
-	int len;
-
-	len = ap_base64decode_binary((unsigned char *) bufplain, bufcoded);
-	bufplain[len] = '\0';
-	return len;
-}
-
-/* This is the same as ap_base64udecode() except on EBCDIC machines, where
- * the conversion of the output to ebcdic is left out.
- */
-API_EXPORT(int)
-ap_base64decode_binary(unsigned char *bufplain, const char *bufcoded)
-{
-	int nbytesdecoded;
-	const unsigned char *bufin;
-	unsigned char *bufout;
-	int nprbytes;
-	bufin = (const unsigned char *) bufcoded;
-	while (pr2six[*(bufin++)] <= 63);
-	nprbytes = (bufin - (const unsigned char *) bufcoded) - 1;
-	nbytesdecoded = ((nprbytes + 3) / 4) * 3;
-
-	bufout = (unsigned char *) bufplain;
-	bufin = (const unsigned char *) bufcoded;
-
-	while (nprbytes > 4) {
-		*(bufout++) = (unsigned char) (pr2six[*bufin] << 2
-		    | pr2six[bufin[1]] >> 4);
-		*(bufout++) = (unsigned char) (pr2six[bufin[1]] << 4
-		    | pr2six[bufin[2]] >> 2);
-		*(bufout++) = (unsigned char) (pr2six[bufin[2]] << 6
-		    | pr2six[bufin[3]]);
-		bufin += 4;
-		nprbytes -= 4;
-	}
-
-	/* Note: (nprbytes == 1) would be an error, so just ingore that case */
-	if (nprbytes > 1)
-		*(bufout++) = (unsigned char) (pr2six[*bufin] << 2
-		    | pr2six[bufin[1]] >> 4);
-	if (nprbytes > 2)
-		*(bufout++) = (unsigned char) (pr2six[bufin[1]] << 4
-		    | pr2six[bufin[2]] >> 2);
-	if (nprbytes > 3)
-		*(bufout++) = (unsigned char) (pr2six[bufin[2]] << 6
-		    | pr2six[bufin[3]]);
-
-	nbytesdecoded -= (4 - nprbytes) & 3;
-	return nbytesdecoded;
-}
-
-static const char basis_64[] =
-"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-API_EXPORT(int)
-ap_base64encode_len(int len)
-{
-	return ((len + 2) / 3 * 4) + 1;
-}
-
-API_EXPORT(int)
-ap_base64encode(char *encoded, const char *string, int len)
-{
-	return ap_base64encode_binary(encoded, (const unsigned char *) string,
-	    len);
-}
-
-/* This is the same as ap_base64encode() except on EBCDIC machines, where
- * the conversion of the input to ascii is left out.
- */
-API_EXPORT(int)
-ap_base64encode_binary(char *encoded, const unsigned char *string, int len)
-{
-	int i;
-	char *p;
-
-	p = encoded;
-	for (i = 0; i < len - 2; i += 3) {
-		*p++ = basis_64[(string[i] >> 2) & 0x3F];
-		*p++ = basis_64[((string[i] & 0x3) << 4) |
-		    ((int) (string[i + 1] & 0xF0) >> 4)];
-		*p++ = basis_64[((string[i + 1] & 0xF) << 2) |
-		    ((int) (string[i + 2] & 0xC0) >> 6)];
-		*p++ = basis_64[string[i + 2] & 0x3F];
-	}
-	if (i < len) {
-		*p++ = basis_64[(string[i] >> 2) & 0x3F];
-		if (i == (len - 1)) {
-			*p++ = basis_64[((string[i] & 0x3) << 4)];
-			*p++ = '=';
-		}
-		else {
-			*p++ = basis_64[((string[i] & 0x3) << 4) |
-			    ((int) (string[i + 1] & 0xF0) >> 4)];
-			*p++ = basis_64[((string[i + 1] & 0xF) << 2)];
-		}
-		*p++ = '=';
-	}
-
-	*p++ = '\0';
-	return p - encoded;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_checkpass.c b/usr.sbin/httpd/src/ap/ap_checkpass.c
deleted file mode 100644
index fa04d403c7c..00000000000
--- a/usr.sbin/httpd/src/ap/ap_checkpass.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* $OpenBSD: ap_checkpass.c,v 1.9 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Simple password verify, which 'know's about various password
- * types, such as the simple base64 encoded crypt()s, MD5 $ marked
- * FreeBSD style and netscape SHA1's.
- */
-#include <string.h>
-
-#include "ap_config.h"
-#include "ap_md5.h"
-#include "ap_sha1.h"
-#include "ap.h"
-
-/*
- * Validate a plaintext password against a smashed one.  Use either
- * crypt() (if available), ap_MD5Encode() or ap_SHA1Encode depending
- * upon the format of the smashed input password.
- *
- * Return NULL if they match, or an explanatory text string if they don't.
- */
-
-API_EXPORT(char *)
-ap_validate_password(const char *passwd, const char *hash)
-{
-	char sample[120];
-
-	/* FreeBSD style MD5 string 
-	*/
-	if (strncmp(hash, AP_MD5PW_ID, AP_MD5PW_IDLEN) == 0)
-		ap_MD5Encode((const unsigned char *)passwd,
-		    (const unsigned char *)hash, sample, sizeof(sample));
-	/* Netscape / SHA1 ldap style strng  
-	*/
-	else if (strncmp(hash, AP_SHA1PW_ID, AP_SHA1PW_IDLEN) == 0)
-		ap_sha1_base64(passwd, strlen(passwd), sample);
-	/*
-	 * It's not our algorithm, so feed it to crypt() if possible.
-	 */
-	else
-		ap_cpystrn(sample, (char *)crypt(passwd, hash),
-		    sizeof(sample) - 1);
-	return (strcmp(sample, hash) == 0) ? NULL : "password mismatch";
-}
diff --git a/usr.sbin/httpd/src/ap/ap_cpystrn.c b/usr.sbin/httpd/src/ap/ap_cpystrn.c
deleted file mode 100644
index 0fba2bf4195..00000000000
--- a/usr.sbin/httpd/src/ap/ap_cpystrn.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* $OpenBSD: ap_cpystrn.c,v 1.7 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-
-/*
- * Apache's "replacement" for the strncpy() function. We roll our
- * own to implement these specific changes:
- *   (1) strncpy() doesn't always null terminate and we want it to.
- *   (2) strncpy() null fills, which is bogus, esp. when copy 8byte
- *       strings into 8k blocks.
- *   (3) Instead of returning the pointer to the beginning of
- *       the destination string, we return a pointer to the
- *       terminating '\0' to allow us to "check" for truncation
- *
- * ap_cpystrn() follows the same call structure as strncpy().
- */
-
-API_EXPORT(char *)
-ap_cpystrn(char *dst, const char *src, size_t dst_size)
-{
-
-	char *d, *end;
-
-	if (!dst_size)
-		return (dst);
-
-	d = dst;
-	end = dst + dst_size - 1;
-
-	for (; d < end; ++d, ++src)
-		if (!(*d = *src))
-			return (d);
-
-	*d = '\0';      /* always null terminate */
-
-	return (d);
-}
diff --git a/usr.sbin/httpd/src/ap/ap_ctx.c b/usr.sbin/httpd/src/ap/ap_ctx.c
deleted file mode 100644
index 0a1b9cb89c2..00000000000
--- a/usr.sbin/httpd/src/ap/ap_ctx.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/* $OpenBSD: ap_ctx.c,v 1.6 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- *
- */
-
-/*
-**  Generic Context Interface for Apache
-**  Written by Ralf S. Engelschall <rse@engelschall.com> 
-*/
-
-#include "httpd.h"
-#include "ap_config.h"
-#include "ap_ctx.h"
-
-API_EXPORT(ap_ctx *)
-ap_ctx_new(pool *p)
-{
-	ap_ctx *ctx;
-	int i;
-
-	if (p != NULL) {
-		ctx = (ap_ctx *)ap_palloc(p, sizeof(ap_ctx_rec));
-		ctx->cr_pool = p;
-		ctx->cr_entry = (ap_ctx_entry **)
-		    ap_palloc(p, sizeof(ap_ctx_entry *)*(AP_CTX_MAX_ENTRIES+1));
-	}
-	else {
-		ctx = (ap_ctx *)malloc(sizeof(ap_ctx_rec));
-		ctx->cr_pool = NULL;
-		ctx->cr_entry = (ap_ctx_entry **)
-		    malloc(sizeof(ap_ctx_entry *)*(AP_CTX_MAX_ENTRIES+1));
-	}
-	for (i = 0; i < AP_CTX_MAX_ENTRIES+1; i++)
-		ctx->cr_entry[i] = NULL;
-	return ctx;
-}
-
-API_EXPORT(void)
-ap_ctx_set(ap_ctx *ctx, char *key, void *val)
-{
-	int i;
-	ap_ctx_entry *ce;
-
-	ce = NULL;
-	for (i = 0; ctx->cr_entry[i] != NULL; i++) {
-		if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0) {
-			ce = ctx->cr_entry[i];
-			break;
-		}
-	}
-	if (ce == NULL) {
-		if (i == AP_CTX_MAX_ENTRIES)
-			return;
-		if (ctx->cr_pool != NULL) {
-			ce = (ap_ctx_entry *)ap_palloc(ctx->cr_pool,
-			    sizeof(ap_ctx_entry));
-			ce->ce_key = ap_pstrdup(ctx->cr_pool, key);
-		}
-		else {
-			ce = (ap_ctx_entry *)malloc(sizeof(ap_ctx_entry));
-			ce->ce_key = strdup(key);
-		}
-		ctx->cr_entry[i] = ce;
-		ctx->cr_entry[i+1] = NULL;
-	}
-	ce->ce_val = val;
-	return;
-}
-
-API_EXPORT(void *)
-ap_ctx_get(ap_ctx *ctx, char *key)
-{
-	int i;
-
-	for (i = 0; ctx->cr_entry[i] != NULL; i++)
-		if (strcmp(ctx->cr_entry[i]->ce_key, key) == 0)
-			return ctx->cr_entry[i]->ce_val;
-	return NULL;
-}
-
-API_EXPORT(ap_ctx *)
-ap_ctx_overlay(pool *p, ap_ctx *over, ap_ctx *base)
-{
-	ap_ctx *new;
-	int i;
-
-	#ifdef POOL_DEBUG
-	if (p != NULL) {
-		if (!ap_pool_is_ancestor(over->cr_pool, p))
-		    ap_log_assert("ap_ctx_overlay: overlay's pool is not an"
-			" ancestor of p", __FILE__, __LINE__);
-		if (!ap_pool_is_ancestor(base->cr_pool, p))
-		    ap_log_assert("ap_ctx_overlay: base's pool is not an"
-			" ancestor of p", __FILE__, __LINE__);
-	}
-	#endif
-	if ((new = ap_ctx_new(p)) == NULL)
-		return NULL;
-	memcpy(new->cr_entry, base->cr_entry,
-	    sizeof(ap_ctx_entry *)*(AP_CTX_MAX_ENTRIES+1));
-	for (i = 0; over->cr_entry[i] != NULL; i++)
-		ap_ctx_set(new, over->cr_entry[i]->ce_key,
-		    over->cr_entry[i]->ce_val);
-	return new;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_ebcdic.c b/usr.sbin/httpd/src/ap/ap_ebcdic.c
deleted file mode 100644
index 752237ebcf3..00000000000
--- a/usr.sbin/httpd/src/ap/ap_ebcdic.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* $OpenBSD: ap_ebcdic.c,v 1.6 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-#include "httpd.h"
-#include "http_core.h"
-#include "http_config.h"
-#include "ap_config.h"
-
diff --git a/usr.sbin/httpd/src/ap/ap_execve.c b/usr.sbin/httpd/src/ap/ap_execve.c
deleted file mode 100644
index 0b89d4ebb1d..00000000000
--- a/usr.sbin/httpd/src/ap/ap_execve.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* $OpenBSD: ap_execve.c,v 1.11 2005/03/28 21:03:33 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Portions of this code are under this license:
- *
- * Copyright (c) 1980, 1991 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "httpd.h"
-
-/*---------------------------------------------------------------*/
-
-extern void ap_execve_is_not_here(void);
-void
-ap_execve_is_not_here(void)
-{
-}
diff --git a/usr.sbin/httpd/src/ap/ap_fnmatch.c b/usr.sbin/httpd/src/ap/ap_fnmatch.c
deleted file mode 100644
index f6191e93c2a..00000000000
--- a/usr.sbin/httpd/src/ap/ap_fnmatch.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/* $OpenBSD: ap_fnmatch.c,v 1.6 2011/09/17 15:20:57 stsp Exp $ */
-
-/*
- * Copyright (c) 1989, 1993, 1994
- *      The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Guido van Rossum.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6.
- * Compares a filename or pathname to a pattern.
- */
-
-#include "ap_config.h"
-#include "fnmatch.h"
-#include <string.h>
-#include <limits.h>
-
-#define EOS     '\0'
-
-/* Limit of recursion during matching attempts. */
-#define __FNM_MAX_RECUR	64
-
-static int __fnmatch(const char *, const char *, int, int);
-static const char *rangematch(const char *, int, int);
-
-API_EXPORT(int)
-ap_fnmatch(const char *pattern, const char *string, int flags)
-{
-	int e;
-
-	if (strnlen(pattern, PATH_MAX) == PATH_MAX ||
-	    strnlen(string, PATH_MAX) == PATH_MAX)
-		return (FNM_NOMATCH);
-		
-	e = __fnmatch(pattern, string, flags, __FNM_MAX_RECUR);
-	if (e == -1)
-		e = FNM_NOMATCH;
-	return (e);
-}
-
-int
-__fnmatch(const char *pattern, const char *string, int flags, int recur)
-{
-	const char *stringstart;
-	char c, test;
-	int e;
-
-	if (recur-- == 0)
-		return (-1);
-
-	for (stringstart = string;;) {
-		switch (c = *pattern++) {
-		case EOS:
-			return (*string == EOS ? 0 : FNM_NOMATCH);
-		case '?':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && (flags & FNM_PATHNAME))
-				return (FNM_NOMATCH);
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '*':
-			c = *pattern;
-			/* Collapse multiple stars. */
-			while (c == '*')
-				c = *++pattern;
-
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-
-			/* Optimize for pattern with * at end or before /. */
-			if (c == EOS) {
-				if (flags & FNM_PATHNAME)
-					return (strchr(string, '/') == NULL ? 0 : FNM_NOMATCH);
-				else
-					return (0);
-			}
-			else if (c == '/' && flags & FNM_PATHNAME) {
-				if ((string = strchr(string, '/')) == NULL)
-					return (FNM_NOMATCH);
-				break;
-			}
-
-			/* General case, use recursion. */
-			while ((test = *string) != EOS) {
-				e = __fnmatch(pattern, string,
-				    flags & ~FNM_PERIOD, recur);
-				if (e != FNM_NOMATCH)
-					return (e);
-				if (test == '/' && flags & FNM_PATHNAME)
-					break;
-				++string;
-			}
-			return (FNM_NOMATCH);
-		case '[':
-			if (*string == EOS)
-				return (FNM_NOMATCH);
-			if (*string == '/' && flags & FNM_PATHNAME)
-				return (FNM_NOMATCH);
-			if (*string == '.' && (flags & FNM_PERIOD) &&
-			    (string == stringstart ||
-			    ((flags & FNM_PATHNAME) && *(string - 1) == '/')))
-				return (FNM_NOMATCH);
-			if ((pattern = rangematch(pattern, *string, flags))
-			    == NULL)
-				return (FNM_NOMATCH);
-			++string;
-			break;
-		case '\\':
-			if (!(flags & FNM_NOESCAPE))
-				if ((c = *pattern++) == EOS) {
-					c = '\\';
-					--pattern;
-				}
-			/* FALLTHROUGH */
-		default:
-			if (flags & FNM_CASE_BLIND) {
-				if (ap_tolower(c) != ap_tolower(*string))
-					return (FNM_NOMATCH);
-			}
-			else if (c != *string)
-				return (FNM_NOMATCH);
-			string++;
-			break;
-		}
-	/* NOTREACHED */
-	}
-}
-
-static const char *
-rangematch(const char *pattern, int test, int flags)
-{
-	int negate, ok;
-	char c, c2;
-
-	/*
-	* A bracket expression starting with an unquoted circumflex
-	* character produces unspecified results (IEEE 1003.2-1992,
-	* 3.13.2).  This implementation treats it like '!', for
-	* consistency with the regular expression syntax.
-	* J.T. Conklin (conklin@ngai.kaleida.com)
-	*/
-	if ((negate = (*pattern == '!' || *pattern == '^')))
-		++pattern;
-
-	for (ok = 0; (c = *pattern++) != ']';) {
-		if (c == '\\' && !(flags & FNM_NOESCAPE))
-			c = *pattern++;
-		if (c == EOS)
-			return (NULL);
-		if (*pattern == '-' && (c2 = *(pattern + 1)) != EOS && c2
-		    != ']') {
-			pattern += 2;
-			if (c2 == '\\' && !(flags & FNM_NOESCAPE))
-				c2 = *pattern++;
-			if (c2 == EOS)
-				return (NULL);
-			if ((c <= test && test <= c2)
-			    || ((flags & FNM_CASE_BLIND)
-			    && ((ap_tolower(c) <= ap_tolower(test))
-			    && (ap_tolower(test) <= ap_tolower(c2)))))
-				ok = 1;
-		}
-		else if ((c == test) || ((flags & FNM_CASE_BLIND)
-		    && (ap_tolower(c) == ap_tolower(test))))
-			ok = 1;
-	}
-	return (ok == negate ? NULL : pattern);
-}
-
-
-/* This function is an Apache addition */
-/* return non-zero if pattern has any glob chars in it */
-API_EXPORT(int)
-ap_is_fnmatch(const char *pattern)
-{
-	int nesting;
-
-	nesting = 0;
-	while (*pattern) {
-		switch (*pattern) {
-		case '?':
-		case '*':
-			return 1;
-
-		case '\\':
-			if (*pattern++ == '\0')
-				return 0;
-			break;
-
-		case '[':    /* '[' is only a glob if it has a matching ']' */
-			++nesting;
-			break;
-
-		case ']':
-			if (nesting)
-				return 1;
-			break;
-		}
-		++pattern;
-	}
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_getpass.c b/usr.sbin/httpd/src/ap/ap_getpass.c
deleted file mode 100644
index b1804f0616a..00000000000
--- a/usr.sbin/httpd/src/ap/ap_getpass.c
+++ /dev/null
@@ -1,104 +0,0 @@
-/* $OpenBSD: ap_getpass.c,v 1.8 2005/03/28 21:03:33 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-/*
- * ap_getpass.c: abstraction to provide for obtaining a password from the
- * command line in whatever way the OS supports.  In the best case, it's a
- * wrapper for the system library's getpass() routine; otherwise, we
- * use one we define ourselves.
- */
-
-#include "ap_config.h"
-#include <sys/types.h>
-#include <errno.h>
-#include "ap.h"
-
-#define LF 10
-#define CR 13
-
-#define MAX_STRING_LEN 256
-
-#define ERR_OVERFLOW 5
-
-/*
- * Use the OS getpass() routine (or our own) to obtain a password from
- * the input stream.
- *
- * Exit values:
- *  0: Success
- *  5: Partial success; entered text truncated to the size of the
- *     destination buffer
- *
- * Restrictions: Truncation also occurs according to the host system's
- * getpass() semantics, or at position 255 if our own version is used,
- * but the caller is *not* made aware of it.
- */
-
-API_EXPORT(int)
-ap_getpass(const char *prompt, char *pwbuf, size_t bufsiz)
-{
-	char *pw_got;
-	int result = 0;
-
-	pw_got = getpass(prompt);
-	if (strlen(pw_got) > (bufsiz - 1))
-		result = ERR_OVERFLOW;
-	ap_cpystrn(pwbuf, pw_got, bufsiz);
-	return result;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_hook.c b/usr.sbin/httpd/src/ap/ap_hook.c
deleted file mode 100644
index 56142de232f..00000000000
--- a/usr.sbin/httpd/src/ap/ap_hook.c
+++ /dev/null
@@ -1,817 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- *
- */
-
-/*
-**  Implementation of a Generic Hook Interface for Apache
-**  Written by Ralf S. Engelschall <rse@engelschall.com> 
-**
-**  See POD document at end of ap_hook.h for description.
-**  View it with the command ``pod2man ap_hook.h | nroff -man | more''
-**
-*/
-
-                                      /*
-                                       * Premature optimization is 
-                                       * the root of all evil.
-                                       *       -- D. E. Knuth
-                                       */
-
-#include "httpd.h"
-#include "http_log.h"
-#include "ap_config.h"
-#include "ap_hook.h"
-
-/* 
- * the internal hook pool
- */
-static ap_hook_entry **ap_hook_pool = NULL;
-
-/* 
- * forward prototypes for internal functions
- */
-static int            ap_hook_call_func(va_list ap, ap_hook_entry *he, ap_hook_func *hf);
-static ap_hook_entry *ap_hook_create(char *hook);
-static ap_hook_entry *ap_hook_find(char *hook);
-static void           ap_hook_destroy(ap_hook_entry *he);
-
-/*
- * Initialize the hook mechanism
- */
-API_EXPORT(void) ap_hook_init(void)
-{
-	int i;
-
-	if (ap_hook_pool != NULL)
-		return;
-	ap_hook_pool = (ap_hook_entry **)malloc(sizeof(ap_hook_entry *)
-	    *(AP_HOOK_MAX_ENTRIES+1));
-	for (i = 0; i < AP_HOOK_MAX_ENTRIES; i++)
-		ap_hook_pool[i] = NULL;
-	return;
-}
-
-/*
- * Kill the hook mechanism
- */
-API_EXPORT(void) ap_hook_kill(void)
-{
-	int i;
-
-	if (ap_hook_pool == NULL)
-		return;
-	for (i = 0; ap_hook_pool[i] != NULL; i++)
-		ap_hook_destroy(ap_hook_pool[i]);
-	free(ap_hook_pool);
-	ap_hook_pool = NULL;
-	return;
-}
-    
-/*
- * Smart creation of a hook (when it exist this is the same as
- * ap_hook_find, when it doesn't exists it is created)
- */
-static ap_hook_entry *ap_hook_create(char *hook)
-{
-	int i;
-	ap_hook_entry *he;
-
-	for (i = 0; ap_hook_pool[i] != NULL; i++)
-		if (strcmp(ap_hook_pool[i]->he_hook, hook) == 0)
-			return ap_hook_pool[i];
-
-	if (i >= AP_HOOK_MAX_ENTRIES)
-		return NULL;
-
-	if ((he = (ap_hook_entry *)malloc(sizeof(ap_hook_entry))) == NULL)
-		return NULL;
-	ap_hook_pool[i] = he;
-
-	he->he_hook          = strdup(hook);
-	he->he_sig           = AP_HOOK_SIG_UNKNOWN;
-	he->he_modeid        = AP_HOOK_MODE_UNKNOWN;
-	he->he_modeval.v_int = 0;
-
-	he->he_func = (ap_hook_func **)malloc(sizeof(ap_hook_func *)
-	    *(AP_HOOK_MAX_FUNCS+1));
-	if (he->he_func == NULL)
-		return FALSE;
-
-	for (i = 0; i < AP_HOOK_MAX_FUNCS; i++)
-		he->he_func[i] = NULL;
-	return he;
-}
-
-/*
- * Find a particular hook
- */
-static ap_hook_entry *ap_hook_find(char *hook)
-{
-	int i;
-
-	for (i = 0; ap_hook_pool[i] != NULL; i++)
-		if (strcmp(ap_hook_pool[i]->he_hook, hook) == 0)
-			return ap_hook_pool[i];
-	return NULL;
-}
-
-/*
- * Destroy a particular hook
- */
-static void ap_hook_destroy(ap_hook_entry *he)
-{
-	int i;
-
-	if (he == NULL)
-		return;
-	free(he->he_hook);
-	for (i = 0; he->he_func[i] != NULL; i++)
-		free(he->he_func[i]);
-	free(he->he_func);
-	free(he);
-	return;
-}
-
-/*
- * Configure a particular hook, 
- * i.e. remember its signature and return value mode
- */
-API_EXPORT(int) ap_hook_configure(char *hook, ap_hook_sig sig, ap_hook_mode modeid, ...)
-{
-	ap_hook_entry *he;
-	va_list ap;
-	int rc;
-
-	va_start(ap, modeid);
-	if ((he = ap_hook_create(hook)) == NULL)
-	rc = FALSE;
-	else {
-		he->he_sig = sig;
-		he->he_modeid = modeid;
-		if (modeid == AP_HOOK_MODE_DECLINE || modeid == AP_HOOK_MODE_DECLTMP) {
-			if (AP_HOOK_SIG_HAS(sig, RC, char))
-				he->he_modeval.v_char = va_arg(ap, va_type(char));
-			else if (AP_HOOK_SIG_HAS(sig, RC, int))
-				he->he_modeval.v_int = va_arg(ap, va_type(int));
-			else if (AP_HOOK_SIG_HAS(sig, RC, long))
-				he->he_modeval.v_long = va_arg(ap, va_type(long));
-			else if (AP_HOOK_SIG_HAS(sig, RC, float))
-				he->he_modeval.v_float = va_arg(ap, va_type(float));
-			else if (AP_HOOK_SIG_HAS(sig, RC, double))
-				he->he_modeval.v_double = va_arg(ap, va_type(double));
-			else if (AP_HOOK_SIG_HAS(sig, RC, ptr))
-				he->he_modeval.v_ptr = va_arg(ap, va_type(ptr));
-		}
-		rc = TRUE;
-	}
-	va_end(ap);
-	return rc;
-}
-
-/*
- * Register a function to call for a hook
- */
-API_EXPORT(int) ap_hook_register_I(char *hook, void *func, void *ctx)
-{
-	int i, j;
-	ap_hook_entry *he;
-	ap_hook_func *hf;
-
-	if ((he = ap_hook_create(hook)) == NULL)
-		return FALSE;
-
-	for (i = 0; he->he_func[i] != NULL; i++)
-		if (he->he_func[i]->hf_ptr == func)
-			return FALSE;
-
-	if (i == AP_HOOK_MAX_FUNCS)
-		return FALSE;
-
-	if ((hf = (ap_hook_func *)malloc(sizeof(ap_hook_func))) == NULL)
-		return FALSE;
-
-	for (j = i; j >= 0; j--)
-		he->he_func[j+1] = he->he_func[j];
-	he->he_func[0] = hf;
-
-	hf->hf_ptr = func;
-	hf->hf_ctx = ctx;
-
-	return TRUE;
-}
-
-/*
- * Unregister a function to call for a hook
- */
-API_EXPORT(int) ap_hook_unregister_I(char *hook, void *func)
-{
-	int i, j;
-	ap_hook_entry *he;
-
-	if ((he = ap_hook_find(hook)) == NULL)
-		return FALSE;
-	for (i = 0; he->he_func[i] != NULL; i++) {
-		if (he->he_func[i]->hf_ptr == func) {
-			free(he->he_func[i]);
-			for (j = i; he->he_func[j] != NULL; j++)
-				he->he_func[j] = he->he_func[j+1];
-			return TRUE;
-			}
-	}
-	return FALSE;
-}
-
-/*
- * Retrieve the status of a particular hook
- */
-API_EXPORT(ap_hook_state) ap_hook_status(char *hook)
-{
-	ap_hook_entry *he;
-
-	if ((he = ap_hook_find(hook)) == NULL)
-		return AP_HOOK_STATE_NOTEXISTANT;
-	if (   he->he_func[0] != NULL
-	    && he->he_sig != AP_HOOK_SIG_UNKNOWN
-	    && he->he_modeid != AP_HOOK_MODE_UNKNOWN)
-		return AP_HOOK_STATE_REGISTERED;
-	if (   he->he_sig != AP_HOOK_SIG_UNKNOWN
-	    && he->he_modeid != AP_HOOK_MODE_UNKNOWN)
-		return AP_HOOK_STATE_CONFIGURED;
-	return AP_HOOK_STATE_ESTABLISHED;
-}
-
-/*
- * Use a hook, i.e. optional on-the-fly configure it before calling it
- */
-API_EXPORT(int) ap_hook_use(char *hook, ap_hook_sig sig, ap_hook_mode modeid, ...)
-{
-	int i;
-	ap_hook_value modeval;
-	ap_hook_entry *he;
-	va_list ap;
-	int rc;
-
-	va_start(ap, modeid);
-
-	if (modeid == AP_HOOK_MODE_DECLINE || modeid == AP_HOOK_MODE_DECLTMP) {
-		if (AP_HOOK_SIG_HAS(sig, RC, char))
-			modeval.v_char = va_arg(ap, va_type(char));
-		else if (AP_HOOK_SIG_HAS(sig, RC, int))
-			modeval.v_int = va_arg(ap, va_type(int));
-		else if (AP_HOOK_SIG_HAS(sig, RC, long))
-			modeval.v_long = va_arg(ap, va_type(long));
-		else if (AP_HOOK_SIG_HAS(sig, RC, float))
-			modeval.v_float = va_arg(ap, va_type(float));
-		else if (AP_HOOK_SIG_HAS(sig, RC, double))
-			modeval.v_double = va_arg(ap, va_type(double));
-		else if (AP_HOOK_SIG_HAS(sig, RC, ptr))
-			modeval.v_ptr = va_arg(ap, va_type(ptr));
-	}
-
-	if ((he = ap_hook_create(hook)) == NULL)
-		return FALSE;
-
-	if (he->he_sig == AP_HOOK_SIG_UNKNOWN)
-		he->he_sig = sig;
-	if (he->he_modeid == AP_HOOK_MODE_UNKNOWN) {
-		he->he_modeid  = modeid;
-		he->he_modeval = modeval;
-	}
-
-	for (i = 0; he->he_func[i] != NULL; i++)
-		if (ap_hook_call_func(ap, he, he->he_func[i]))
-			break;
-
-	if (i > 0 && he->he_modeid == AP_HOOK_MODE_ALL)
-		rc = TRUE;
-	else if (i == AP_HOOK_MAX_FUNCS || he->he_func[i] == NULL)
-		rc = FALSE;
-	else
-		rc = TRUE;
-
-	va_end(ap);
-	return rc;
-}
-
-/*
- * Call a hook
- */
-API_EXPORT(int) ap_hook_call(char *hook, ...)
-{
-	int i;
-	ap_hook_entry *he;
-	va_list ap;
-	int rc;
-
-	va_start(ap, hook);
-
-	if ((he = ap_hook_find(hook)) == NULL) {
-		va_end(ap);
-		return FALSE;
-	}
-	if (   he->he_sig == AP_HOOK_SIG_UNKNOWN
-	    || he->he_modeid == AP_HOOK_MODE_UNKNOWN) {
-		va_end(ap);
-		return FALSE;
-	}
-
-	for (i = 0; he->he_func[i] != NULL; i++)
-		if (ap_hook_call_func(ap, he, he->he_func[i]))
-			break;
-
-	if (i > 0 && he->he_modeid == AP_HOOK_MODE_ALL)
-		rc = TRUE;
-	else if (i == AP_HOOK_MAX_FUNCS || he->he_func[i] == NULL)
-		rc = FALSE;
-	else
-		rc = TRUE;
-
-	va_end(ap);
-	return rc;
-}
-
-static int ap_hook_call_func(va_list ap, ap_hook_entry *he, ap_hook_func *hf)
-{
-	void *v_rc;
-	ap_hook_value v_tmp;
-	int rc;
-
-	/*
-	* Now we dispatch the various function calls. We support function
-	* signatures with up to 9 types (1 return type, 8 argument types) where
-	* each argument can have 7 different types (ctx, char, int, long, float,
-	* double, ptr), so theoretically there are 9^7 (=4782969) combinations
-	* possible.  But because we don't need all of them, of course, we
-	* implement only the following well chosen subset (duplicates are ok):
-	*
-	* 1. `The basic hook'.
-	*
-	*    void func()
-	*
-	* 2. The standard set of signatures which form all combinations of
-	*    int&ptr based signatures for up to 3 arguments. We provide
-	*    them per default for module authors.
-	*
-	*    int func()
-	*    ptr func()
-	*    int func(int)
-	*    int func(ptr)
-	*    ptr func(int)
-	*    ptr func(ptr)
-	*    int func(int,int)
-	*    int func(int,ptr)
-	*    int func(ptr,int)
-	*    int func(ptr,ptr)
-	*    ptr func(int,int)
-	*    ptr func(int,ptr)
-	*    ptr func(ptr,int)
-	*    ptr func(ptr,ptr)
-	*    int func(int,int,int)
-	*    int func(int,int,ptr)
-	*    int func(int,ptr,int)
-	*    int func(int,ptr,ptr)
-	*    int func(ptr,int,int)
-	*    int func(ptr,int,ptr)
-	*    int func(ptr,ptr,int)
-	*    int func(ptr,ptr,ptr)
-	*    ptr func(int,int,int)
-	*    ptr func(int,int,ptr)
-	*    ptr func(int,ptr,int)
-	*    ptr func(int,ptr,ptr)
-	*    ptr func(ptr,int,int)
-	*    ptr func(ptr,int,ptr)
-	*    ptr func(ptr,ptr,int)
-	*    ptr func(ptr,ptr,ptr)
-	*
-	* 3. Actually currently used hooks.
-	*
-	*    int   func(ptr)                          [2x]
-	*    int   func(ptr,ptr)                      [2x]
-	*    int   func(ptr,ptr,int)                  [5x]
-	*    int   func(ptr,ptr,ptr,int)              [1x]
-	*    int   func(ptr,ptr,ptr,int,ptr)          [1x]
-	*    int   func(ptr,ptr,ptr,ptr,int)          [1x]
-	*    int   func(ptr,ptr,ptr,ptr,int,ptr)      [1x]
-	*    ptr   func(ptr,ptr)                      [3x]
-	*    ptr   func(ptr,ptr,ptr,ptr,ptr)          [1x]
-	*    void  func(ptr)                          [2x]
-	*    void  func(ptr,int,int)                  [1x]
-	*    void  func(ptr,ptr)                      [5x]
-	*    void  func(ptr,ptr,ptr)                  [3x]
-	*    void  func(ptr,ptr,ptr,ptr)              [2x]
-	*
-	* To simplify the programming task we generate the actual dispatch code
-	* for these calls via the embedded Perl script at the end of this source
-	* file. This script parses the above lines and generates the section
-	* below.  So, when you need more signature variants just add them to the
-	* above list and run
-	*
-	*     $ perl ap_hook.c
-	*
-	* This automatically updates the above code.
-	*/
-
-	rc = TRUE;
-	v_rc = NULL;
-	if (!AP_HOOK_SIG_HAS(he->he_sig, RC, void)) {
-		if (he->he_modeid == AP_HOOK_MODE_DECLTMP) {
-			/* the return variable is a temporary one */ 
-			if (AP_HOOK_SIG_HAS(he->he_sig, RC, char))
-				v_rc = &v_tmp.v_char;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, int))
-				v_rc = &v_tmp.v_int;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, long))
-				v_rc = &v_tmp.v_long;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, float))
-				v_rc = &v_tmp.v_float;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, double))
-				v_rc = &v_tmp.v_double;
-			else if (AP_HOOK_SIG_HAS(he->he_sig, RC, ptr))
-				v_rc = &v_tmp.v_ptr;
-		}
-		else {
-			/* the return variable is provided by caller */ 
-			v_rc = va_arg(ap, void *);
-		}
-	}
-
-	/* ----BEGIN GENERATED SECTION-------- */
-	if (he->he_sig == AP_HOOK_SIG1(void)) {
-		/* Call: void func() */
-		((void(*)())(hf->hf_ptr))();
-	}
-	else if (he->he_sig == AP_HOOK_SIG1(int)) {
-		/* Call: int func() */
-		*((int *)v_rc) = ((int(*)())(hf->hf_ptr))();
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG1(ptr)) {
-		/* Call: ptr func() */
-		*((void * *)v_rc) = ((void *(*)())(hf->hf_ptr))();
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(int, int)) {
-		/* Call: int func(int) */
-		int   v1 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(int))(hf->hf_ptr))(v1);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(int, ptr)) {
-		/* Call: int func(ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *))(hf->hf_ptr))(v1);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(ptr, int)) {
-		/* Call: ptr func(int) */
-		int   v1 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(int))(hf->hf_ptr))(v1);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(ptr, ptr)) {
-		/* Call: ptr func(ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *))(hf->hf_ptr))(v1);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(int, int, int)) {
-		/* Call: int func(int,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(int, int))(hf->hf_ptr))(v1, v2);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(int, int, ptr)) {
-		/* Call: int func(int,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(int, void *))(hf->hf_ptr))(v1, v2);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(int, ptr, int)) {
-		/* Call: int func(ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, int))(hf->hf_ptr))(v1, v2);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(int, ptr, ptr)) {
-		/* Call: int func(ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *))(hf->hf_ptr))(v1, v2);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(ptr, int, int)) {
-		/* Call: ptr func(int,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(int, int))(hf->hf_ptr))(v1, v2);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(ptr, int, ptr)) {
-		/* Call: ptr func(int,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(int, void *))(hf->hf_ptr))(v1, v2);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(ptr, ptr, int)) {
-		/* Call: ptr func(ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(void *, int))(hf->hf_ptr))(v1, v2);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(ptr, ptr, ptr)) {
-		/* Call: ptr func(ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *, void *))(hf->hf_ptr))(v1, v2);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, int, int, int)) {
-		/* Call: int func(int,int,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(int, int, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, int, int, ptr)) {
-		/* Call: int func(int,int,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(int, int, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, int, ptr, int)) {
-		/* Call: int func(int,ptr,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		int   v3 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(int, void *, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, int, ptr, ptr)) {
-		/* Call: int func(int,ptr,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(int, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, ptr, int, int)) {
-		/* Call: int func(ptr,int,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, int, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, ptr, int, ptr)) {
-		/* Call: int func(ptr,int,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, int, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, ptr, ptr, int)) {
-		/* Call: int func(ptr,ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		int   v3 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, void *, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(int, ptr, ptr, ptr)) {
-		/* Call: int func(ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, int, int, int)) {
-		/* Call: ptr func(int,int,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(int, int, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, int, int, ptr)) {
-		/* Call: ptr func(int,int,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		int   v2 = va_arg(ap, va_type(int));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(int, int, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, int, ptr, int)) {
-		/* Call: ptr func(int,ptr,int) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		int   v3 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(int, void *, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, int, ptr, ptr)) {
-		/* Call: ptr func(int,ptr,ptr) */
-		int   v1 = va_arg(ap, va_type(int));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(int, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, ptr, int, int)) {
-		/* Call: ptr func(ptr,int,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(void *, int, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, ptr, int, ptr)) {
-		/* Call: ptr func(ptr,int,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *, int, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, ptr, ptr, int)) {
-		/* Call: ptr func(ptr,ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		int   v3 = va_arg(ap, va_type(int));
-		*((void * *)v_rc) = ((void *(*)(void *, void *, int))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(ptr, ptr, ptr, ptr)) {
-		/* Call: ptr func(ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG5(int, ptr, ptr, ptr, int)) {
-		/* Call: int func(ptr,ptr,ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		int   v4 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, int))(hf->hf_ptr))(v1, v2, v3, v4);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG6(int, ptr, ptr, ptr, int, ptr)) {
-		/* Call: int func(ptr,ptr,ptr,int,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		int   v4 = va_arg(ap, va_type(int));
-		void *v5 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, int, void *))(hf->hf_ptr))(v1, v2, v3, v4, v5);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG6(int, ptr, ptr, ptr, ptr, int)) {
-		/* Call: int func(ptr,ptr,ptr,ptr,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		int   v5 = va_arg(ap, va_type(int));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, void *, int))(hf->hf_ptr))(v1, v2, v3, v4, v5);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG6(int, ptr, ptr, ptr, ptr, ptr)) {
-		/* Call: int func(ptr,ptr,ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		void *v5 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, void *, void *))(hf->hf_ptr))(v1, v2, v3, v4, v5);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG7(int, ptr, ptr, ptr, ptr, int, ptr)) {
-		/* Call: int func(ptr,ptr,ptr,ptr,int,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		int   v5 = va_arg(ap, va_type(int));
-		void *v6 = va_arg(ap, va_type(ptr));
-		*((int *)v_rc) = ((int(*)(void *, void *, void *, void *, int, void *))(hf->hf_ptr))(v1, v2, v3, v4, v5, v6);
-		rc = (*((int *)v_rc) != he->he_modeval.v_int);
-	}
-	else if (he->he_sig == AP_HOOK_SIG6(ptr, ptr, ptr, ptr, ptr, ptr)) {
-		/* Call: ptr func(ptr,ptr,ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		void *v5 = va_arg(ap, va_type(ptr));
-		*((void * *)v_rc) = ((void *(*)(void *, void *, void *, void *, void *))(hf->hf_ptr))(v1, v2, v3, v4, v5);
-		rc = (*((void * *)v_rc) != he->he_modeval.v_ptr);
-	}
-	else if (he->he_sig == AP_HOOK_SIG2(void, ptr)) {
-		/* Call: void func(ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		((void(*)(void *))(hf->hf_ptr))(v1);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(void, ptr, int, int)) {
-		/* Call: void func(ptr,int,int) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		int   v2 = va_arg(ap, va_type(int));
-		int   v3 = va_arg(ap, va_type(int));
-		((void(*)(void *, int, int))(hf->hf_ptr))(v1, v2, v3);
-	}
-	else if (he->he_sig == AP_HOOK_SIG3(void, ptr, ptr)) {
-		/* Call: void func(ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		((void(*)(void *, void *))(hf->hf_ptr))(v1, v2);
-	}
-	else if (he->he_sig == AP_HOOK_SIG4(void, ptr, ptr, ptr)) {
-		/* Call: void func(ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		((void(*)(void *, void *, void *))(hf->hf_ptr))(v1, v2, v3);
-	}
-	else if (he->he_sig == AP_HOOK_SIG5(void, ptr, ptr, ptr, ptr)) {
-		/* Call: void func(ptr,ptr,ptr,ptr) */
-		void *v1 = va_arg(ap, va_type(ptr));
-		void *v2 = va_arg(ap, va_type(ptr));
-		void *v3 = va_arg(ap, va_type(ptr));
-		void *v4 = va_arg(ap, va_type(ptr));
-		((void(*)(void *, void *, void *, void *))(hf->hf_ptr))(v1, v2, v3, v4);
-	}
-	/* ----END GENERATED SECTION---------- */
-	else
-		ap_log_assert("hook signature not implemented", __FILE__, 0);
-
-	if (he->he_modeid == AP_HOOK_MODE_ALL)
-		rc = FALSE;
-	else if (he->he_modeid == AP_HOOK_MODE_TOPMOST)
-		rc = TRUE;
-
-	return rc;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_md5c.c b/usr.sbin/httpd/src/ap/ap_md5c.c
deleted file mode 100644
index 9f03e5f48aa..00000000000
--- a/usr.sbin/httpd/src/ap/ap_md5c.c
+++ /dev/null
@@ -1,297 +0,0 @@
-/* $OpenBSD: ap_md5c.c,v 1.11 2009/10/31 13:29:07 sobrado Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * The ap_MD5Encode() routine uses much code obtained from the FreeBSD 3.0
- * MD5 crypt() function, which is licenced as follows:
- * ----------------------------------------------------------------------------
- * "THE BEER-WARE LICENSE" (Revision 42):
- * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
- * can do whatever you want with this stuff. If we meet some day, and you think
- * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
- * ----------------------------------------------------------------------------
- */
-
-#include <string.h>
-
-#include "ap_config.h"
-#include "ap_md5.h"
-#include "ap.h"
-
-static void Encode(unsigned char *output, const UINT4 *input, unsigned int len);
-static void Decode(UINT4 *output, const unsigned char *input, unsigned int len);
-
-API_EXPORT(void)
-ap_MD5Init(AP_MD5_CTX *context)
-{
-	MD5Init(context);
-}
-
-API_EXPORT(void)
-ap_MD5Update(AP_MD5_CTX *context, const unsigned char *input,
-    unsigned int inputLen)
-{
-	MD5Update(context, input, inputLen);
-}
-
-API_EXPORT(void)
-ap_MD5Final(unsigned char digest[16], AP_MD5_CTX *context)
-{
-	MD5Final(digest, context);
-}
-
-/* Encodes input (UINT4) into output (unsigned char). Assumes len is
-   a multiple of 4.
- */
-static void
-Encode(unsigned char *output, const UINT4 *input, unsigned int len)
-{
-	unsigned int i, j;
-	UINT4 k;
-
-	for (i = 0, j = 0; j < len; i++, j += 4) {
-		k = input[i];
-		output[j] = (unsigned char) (k & 0xff);
-		output[j + 1] = (unsigned char) ((k >> 8) & 0xff);
-		output[j + 2] = (unsigned char) ((k >> 16) & 0xff);
-		output[j + 3] = (unsigned char) ((k >> 24) & 0xff);
-	}
-}
-
-/* Decodes input (unsigned char) into output (UINT4). Assumes len is
- * a multiple of 4.
- */
-static void
-Decode(UINT4 *output, const unsigned char *input, unsigned int len)
-{
-	unsigned int i, j;
-
-	for (i = 0, j = 0; j < len; i++, j += 4)
-		output[i] = ((UINT4) input[j]) | (((UINT4) input[j + 1]) << 8) |
-		    (((UINT4) input[j + 2]) << 16)
-		    | (((UINT4) input[j + 3]) << 24);
-}
-
-/*
- * The following MD5 password encryption code was largely borrowed from
- * the FreeBSD 3.0 /usr/src/lib/libcrypt/crypt.c file, which is
- * licenced as stated at the top of this file.
- */
-API_EXPORT(void)
-ap_to64(char *s, unsigned long v, int n)
-{
-	static unsigned char itoa64[] =         /* 0 ... 63 => ASCII - 64 */
-	    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-
-	while (--n >= 0) {
-		*s++ = itoa64[v&0x3f];
-		v >>= 6;
-	}
-}
-
-API_EXPORT(void)
-ap_MD5Encode(const unsigned char *pw, const unsigned char *salt, char *result,
-    size_t nbytes)
-{
-	/*
-	* Minimum size is 8 bytes for salt, plus 1 for the trailing NUL,
-	* plus 4 for the '$' separators, plus the password hash itself.
-	* Let's leave a goodly amount of leeway.
-	*/
-
-	char passwd[120], *p;
-	const unsigned char *sp, *ep;
-	unsigned char final[16];
-	int i;
-	unsigned int sl;
-	int pl;
-	unsigned int pwlen;
-	MD5_CTX ctx, ctx1;
-	unsigned long l;
-
-	/* 
-	* Refine the salt first.  It's possible we were given an already-hashed
-	* string as the salt argument, so extract the actual salt value from it
-	* if so.  Otherwise just use the string up to the first '$' as the salt.
-	*/
-	sp = salt;
-
-	/*
-	* If it starts with the magic string, then skip that.
-	*/
-	if (strncmp((char *)sp, AP_MD5PW_ID, AP_MD5PW_IDLEN) == 0)
-		sp += AP_MD5PW_IDLEN;
-
-	/*
-	* It stops at the first '$' or 8 chars, whichever comes first
-	*/
-	for (ep = sp; (*ep != '\0') && (*ep != '$') && (ep < (sp + 8)); ep++)
-		continue;
-
-	/*
-	* Get the length of the true salt
-	*/
-	sl = ep - sp;
-
-	/*
-	* 'Time to make the doughnuts..'
-	*/
-	MD5Init(&ctx);
-
-	pwlen = strlen((char *)pw);
-	/*
-	* The password first, since that is what is most unknown
-	*/
-	MD5Update(&ctx, pw, pwlen);
-
-	/*
-	* Then our magic string
-	*/
-	MD5Update(&ctx, (const unsigned char *) AP_MD5PW_ID, AP_MD5PW_IDLEN);
-
-	/*
-	* Then the raw salt
-	*/
-	MD5Update(&ctx, sp, sl);
-
-	/*
-	* Then just as many characters of the MD5(pw, salt, pw)
-	*/
-	MD5Init(&ctx1);
-	MD5Update(&ctx1, pw, pwlen);
-	MD5Update(&ctx1, sp, sl);
-	MD5Update(&ctx1, pw, pwlen);
-	MD5Final(final, &ctx1);
-	for(pl = pwlen; pl > 0; pl -= 16)
-		MD5Update(&ctx, final, (pl > 16) ? 16 : (unsigned int) pl);
-
-	/*
-	* Don't leave anything around in vm they could use.
-	*/
-	memset(final, 0, sizeof(final));
-
-	/*
-	* Then something really weird...
-	*/
-	for (i = pwlen; i != 0; i >>= 1) {
-		if (i & 1)
-		    MD5Update(&ctx, final, 1);
-		else
-		    MD5Update(&ctx, pw, 1);
-	}
-
-	/*
-	* Now make the output string.  We know our limitations, so we
-	* can use the string routines without bounds checking.
-	*/
-	ap_cpystrn(passwd, AP_MD5PW_ID, AP_MD5PW_IDLEN + 1);
-	ap_cpystrn(passwd + AP_MD5PW_IDLEN, (char *)sp, sl + 1);
-	passwd[AP_MD5PW_IDLEN + sl]     = '$';
-	passwd[AP_MD5PW_IDLEN + sl + 1] = '\0';
-
-	MD5Final(final, &ctx);
-
-	/*
-	* And now, just to make sure things don't run too fast..
-	* On a 60 MHz Pentium this takes 34 msec, so you would
-	* need 30 seconds to build a 1000 entry dictionary...
-	*/
-	for (i = 0; i < 1000; i++) {
-		MD5Init(&ctx1);
-		if (i & 1)
-		    MD5Update(&ctx1, pw, pwlen);
-		else
-		    MD5Update(&ctx1, final, 16);
-		if (i % 3)
-		    MD5Update(&ctx1, sp, sl);
-
-		if (i % 7)
-		    MD5Update(&ctx1, pw, pwlen);
-
-		if (i & 1)
-		    MD5Update(&ctx1, final, 16);
-		else
-		    MD5Update(&ctx1, pw, pwlen);
-		MD5Final(final,&ctx1);
-	}
-
-	p = passwd + strlen(passwd);
-
-	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; ap_to64(p, l, 4);
-	p += 4;
-	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; ap_to64(p, l, 4);
-	p += 4;
-	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; ap_to64(p, l, 4);
-	p += 4;
-	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; ap_to64(p, l, 4);
-	p += 4;
-	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; ap_to64(p, l, 4);
-	p += 4;
-	l =                    final[11]                ; ap_to64(p, l, 2);
-	p += 2;
-	*p = '\0';
-
-	/*
-	* Don't leave anything around in vm they could use.
-	*/
-	memset(final, 0, sizeof(final));
-
-	ap_cpystrn(result, passwd, nbytes - 1);
-}
diff --git a/usr.sbin/httpd/src/ap/ap_mm.c b/usr.sbin/httpd/src/ap/ap_mm.c
deleted file mode 100644
index 4392ad10af0..00000000000
--- a/usr.sbin/httpd/src/ap/ap_mm.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/* $OpenBSD: ap_mm.c,v 1.4 2005/03/28 21:03:33 niallo Exp $ */
-
-/* ====================================================================
- * Copyright (c) 1999-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- */
-
-/*
-**  ap_mm.c -- wrapper for MM shared memory library
-**
-**  This file has two reason:
-**
-**  1. Under DSO context we need stubs inside the Apache core code
-**     to make sure the MM library's code is actually available
-**     to the module DSOs.
-**
-**  2. When the MM library cannot be built on the current platform
-**     still provide dummy stubs so modules using the ap_mm_xxx()
-**     functions can be still built. But modules should use
-**     ap_mm_useable() to find out whether they really can use
-**     the MM stuff.
-*/
-                                       /*
-                                        * "What you see is all you get."
-                                        *     -- Brian Kernighan
-                                        */
-#include "httpd.h"
-#include "ap_mm.h"
-
-#ifdef EAPI_MM
-#include "mm.h"
-API_EXPORT(int) ap_mm_useable(void) { return TRUE;  }
-#define STUB(val,nul)               { return val;   }
-#define STUB_STMT(stmt)             { stmt; return; }
-#else
-API_EXPORT(int) ap_mm_useable(void) { return FALSE; }
-#define STUB(val,nul)               { return nul;   }
-#define STUB_STMT(stmt)             { return;       }
-#endif
-
-API_EXPORT(int) ap_MM_create(size_t size, char *file)
-    STUB(MM_create(size, file), FALSE)
-API_EXPORT(int) ap_MM_permission(mode_t mode, uid_t owner, gid_t group)
-    STUB(MM_permission(mode, owner, group), -1)
-API_EXPORT(void) ap_MM_destroy(void)
-    STUB_STMT(MM_destroy())
-API_EXPORT(int) ap_MM_lock(ap_mm_lock_mode mode)
-    STUB(MM_lock(mode), FALSE)
-API_EXPORT(int) ap_MM_unlock(void)
-    STUB(MM_unlock(), FALSE)
-API_EXPORT(void *) ap_MM_malloc(size_t size)
-    STUB(MM_malloc(size), NULL)
-API_EXPORT(void *) ap_MM_realloc(void *ptr, size_t size)
-    STUB(MM_realloc(ptr, size), NULL)
-API_EXPORT(void) ap_MM_free(void *ptr)
-    STUB_STMT(MM_free(ptr))
-API_EXPORT(void *) ap_MM_calloc(size_t number, size_t size)
-    STUB(MM_calloc(number, size), NULL)
-API_EXPORT(char *) ap_MM_strdup(const char *str)
-    STUB(MM_strdup(str), NULL)
-API_EXPORT(size_t) ap_MM_sizeof(void *ptr)
-    STUB(MM_sizeof(ptr), 0)
-API_EXPORT(size_t) ap_MM_maxsize(void)
-    STUB(MM_maxsize(), 0)
-API_EXPORT(size_t) ap_MM_available(void)
-    STUB(MM_available(), 0)
-API_EXPORT(char *) ap_MM_error(void)
-    STUB(MM_error(), NULL)
-
-API_EXPORT(AP_MM *) ap_mm_create(size_t size, char *file)
-    STUB(mm_create(size, file), NULL)
-API_EXPORT(int) ap_mm_permission(AP_MM *mm, mode_t mode, uid_t owner,
-    gid_t group)
-    STUB(mm_permission(mm, mode, owner, group), -1)
-API_EXPORT(void) ap_mm_destroy(AP_MM *mm)
-    STUB_STMT(mm_destroy(mm))
-API_EXPORT(int) ap_mm_lock(AP_MM *mm, ap_mm_lock_mode mode)
-    STUB(mm_lock(mm, mode), FALSE)
-API_EXPORT(int) ap_mm_unlock(AP_MM *mm)
-    STUB(mm_unlock(mm), FALSE)
-API_EXPORT(void *) ap_mm_malloc(AP_MM *mm, size_t size)
-    STUB(mm_malloc(mm, size), NULL)
-API_EXPORT(void *) ap_mm_realloc(AP_MM *mm, void *ptr, size_t size)
-    STUB(mm_realloc(mm, ptr, size), NULL)
-API_EXPORT(void) ap_mm_free(AP_MM *mm, void *ptr)
-    STUB_STMT(mm_free(mm, ptr))
-API_EXPORT(void *) ap_mm_calloc(AP_MM *mm, size_t number, size_t size)
-    STUB(mm_calloc(mm, number, size), NULL)
-API_EXPORT(char *) ap_mm_strdup(AP_MM *mm, const char *str)
-    STUB(mm_strdup(mm, str), NULL)
-API_EXPORT(size_t) ap_mm_sizeof(AP_MM *mm, void *ptr)
-    STUB(mm_sizeof(mm, ptr), 0)
-API_EXPORT(size_t) ap_mm_maxsize(void)
-    STUB(mm_maxsize(), 0)
-API_EXPORT(size_t) ap_mm_available(AP_MM *mm)
-    STUB(mm_available(mm), 0)
-API_EXPORT(char *) ap_mm_error(void)
-    STUB(mm_error(), NULL)
-API_EXPORT(void) ap_mm_display_info(AP_MM *mm)
-    STUB_STMT(mm_display_info(mm))
-
-API_EXPORT(void *) ap_mm_core_create(size_t size, char *file)
-    STUB(mm_core_create(size, file), NULL)
-API_EXPORT(int) ap_mm_core_permission(void *core, mode_t mode, uid_t owner,
-    gid_t group)
-    STUB(mm_core_permission(core, mode, owner, group), -1)
-API_EXPORT(void) ap_mm_core_delete(void *core)
-    STUB_STMT(mm_core_delete(core))
-API_EXPORT(size_t) ap_mm_core_size(void *core)
-    STUB(mm_core_size(core), 0)
-API_EXPORT(int) ap_mm_core_lock(void *core, ap_mm_lock_mode mode)
-    STUB(mm_core_lock(core, mode), FALSE)
-API_EXPORT(int) ap_mm_core_unlock(void *core)
-    STUB(mm_core_unlock(core), FALSE)
-API_EXPORT(size_t) ap_mm_core_maxsegsize(void)
-    STUB(mm_core_maxsegsize(), 0)
-API_EXPORT(size_t) ap_mm_core_align2page(size_t size)
-    STUB(mm_core_align2page(size), 0)
-API_EXPORT(size_t) ap_mm_core_align2word(size_t size)
-    STUB(mm_core_align2word(size), 0)
-
-API_EXPORT(void) ap_mm_lib_error_set(unsigned int type, const char *str)
-    STUB_STMT(mm_lib_error_set(type, str))
-API_EXPORT(char *) ap_mm_lib_error_get(void)
-    STUB(mm_lib_error_get(), NULL)
-API_EXPORT(int) ap_mm_lib_version(void)
-    STUB(mm_lib_version(), 0)
diff --git a/usr.sbin/httpd/src/ap/ap_sha1.c b/usr.sbin/httpd/src/ap/ap_sha1.c
deleted file mode 100644
index 6a1dac0733e..00000000000
--- a/usr.sbin/httpd/src/ap/ap_sha1.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* $OpenBSD: ap_sha1.c,v 1.9 2005/03/28 21:03:33 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- *
- * The exported function:
- *
- *       ap_sha1_base64(const char *clear, int len, char *out);
- *
- * provides a means to SHA1 crypt/encode a plaintext password in
- * a way which makes password files compatible with those commonly
- * used in netscape web and ldap installations. It was put together
- * by Clinton Wong <clintdw@netcom.com>, who also notes that:
- *
- * Note: SHA1 support is useful for migration purposes, but is less
- *     secure than Apache's password format, since Apache's (MD5)
- *     password format uses a random eight character salt to generate
- *     one of many possible hashes for the same password.  Netscape
- *     uses plain SHA1 without a salt, so the same password
- *     will always generate the same hash, making it easier
- *     to break since the search space is smaller.
- *
- * See also the documentation in support/SHA1 as to hints on how to
- * migrate an existing netscape installation and other supplied utitlites.
- *
- * This software also makes use of the following component:
- *
- * NIST Secure Hash Algorithm
- *      heavily modified by Uwe Hollerbach uh@alumni.caltech edu
- *      from Peter C. Gutmann's implementation as found in
- *      Applied Cryptography by Bruce Schneier
- *      This code is hereby placed in the public domain
- */
-
-#include <string.h>
-
-#include "ap_config.h"
-#include "ap_sha1.h"
-#include "ap.h"
-
-
-API_EXPORT(void)
-ap_SHA1Init(AP_SHA1_CTX *sha_info)
-{
-	SHA1Init(sha_info);
-}
-
-/* update the SHA digest */
-
-API_EXPORT(void)
-ap_SHA1Update_binary(AP_SHA1_CTX *sha_info, const unsigned char *buffer,
-    unsigned int count)
-{
-	SHA1Update(sha_info, buffer, count);
-}
-
-API_EXPORT(void)
-ap_SHA1Update(AP_SHA1_CTX *sha_info, const char *buf, unsigned int count)
-{
-	SHA1Update(sha_info, (const unsigned char *) buf, count);
-}
-
-/* finish computing the SHA digest */
-
-API_EXPORT(void)
-ap_SHA1Final(unsigned char digest[SHA_DIGESTSIZE], AP_SHA1_CTX *sha_info)
-{
-	SHA1Final(digest, sha_info);
-}
-
-
-API_EXPORT(void)
-ap_sha1_base64(const char *clear, int len, char *out)
-{
-	int l;
-	AP_SHA1_CTX context;
-	unsigned char digest[SHA_DIGESTSIZE];
-
-	if (strncmp(clear, AP_SHA1PW_ID, AP_SHA1PW_IDLEN) == 0)
-		clear += AP_SHA1PW_IDLEN;
-
-	ap_SHA1Init(&context);
-	ap_SHA1Update(&context, clear, len);
-	ap_SHA1Final(digest, &context);
-
-	/* private marker. */
-	ap_cpystrn(out, AP_SHA1PW_ID, AP_SHA1PW_IDLEN + 1);
-
-	/* SHA1 hash is always 20 chars */
-	l = ap_base64encode_binary(out + AP_SHA1PW_IDLEN, digest,
-	    sizeof(digest));
-	out[l + AP_SHA1PW_IDLEN] = '\0';
-
-	/*
-	* output of base64 encoded SHA1 is always 28 chars + AP_SHA1PW_IDLEN
-	*/
-}
diff --git a/usr.sbin/httpd/src/ap/ap_signal.c b/usr.sbin/httpd/src/ap/ap_signal.c
deleted file mode 100644
index 290bde940c4..00000000000
--- a/usr.sbin/httpd/src/ap/ap_signal.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/* $OpenBSD: ap_signal.c,v 1.9 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-
-/*
- * Replace standard signal() with the more reliable sigaction equivalent
- * from W. Richard Stevens' "Advanced Programming in the UNIX Environment"
- * (the version that does not automatically restart system calls).
- */
-Sigfunc *
-signal(int signo, Sigfunc * func)
-{
-	struct sigaction act, oact;
-
-	act.sa_handler = func;
-	sigemptyset(&act.sa_mask);
-	act.sa_flags = 0;
-	if (sigaction(signo, &act, &oact) < 0)
-		return SIG_ERR;
-	return oact.sa_handler;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_slack.c b/usr.sbin/httpd/src/ap/ap_slack.c
deleted file mode 100644
index eb62078ebbd..00000000000
--- a/usr.sbin/httpd/src/ap/ap_slack.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * ap_slack.c: File descriptor preallocation
- *
- * 3/21/93 Rob McCool
- * 1995-96 Many changes by the Apache Group
- *
- */
-
-#include "httpd.h"
-#include "http_log.h"
-
-int ap_slack(int fd, int line)
-{
-	static int low_warned;
-	int new_fd;
-
-	/* otherwise just assume line == AP_SLACK_LOW */
-	if (fd >= LOW_SLACK_LINE) {
-		return fd;
-	}
-	new_fd = fcntl(fd, F_DUPFD, LOW_SLACK_LINE);
-	if (new_fd == -1) {
-		if (!low_warned) {
-		/* Give them a warning here, because we really can't predict
-		* how libraries and such are going to fail.  If we can't
-		* do this F_DUPFD there's a good chance that apache has too
-		* few descriptors available to it.  Note we don't warn on
-		* the high line, because if it fails we'll eventually try
-		* the low line...
-		*/
-			ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				"unable to open a file descriptor above %u, "
-				"you may need to increase the number of descriptors",
-				LOW_SLACK_LINE);
-			low_warned = 1;
-		}
-		return fd;
-	}
-	close(fd);
-	return new_fd;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_snprintf.c b/usr.sbin/httpd/src/ap/ap_snprintf.c
deleted file mode 100644
index aad2a402838..00000000000
--- a/usr.sbin/httpd/src/ap/ap_snprintf.c
+++ /dev/null
@@ -1,1231 +0,0 @@
-/* $OpenBSD: ap_snprintf.c,v 1.17 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * This code is based on, and used with the permission of, the
- * SIO stdio-replacement strx_* functions by Panos Tsirigotis
- * <panos@alumni.cs.colorado.edu> for xinetd.
- */
-
-#include "httpd.h"
-
-#include <stdio.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <stdarg.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <math.h>
-
-typedef enum {
-        NO = 0, YES = 1
-} boolean_e;
-
-#ifndef FALSE
-#define FALSE			0
-#endif
-#ifndef TRUE
-#define TRUE			1
-#endif
-#define NUL			'\0'
-#define WIDE_INT		long
-
-typedef WIDE_INT wide_int;
-typedef unsigned WIDE_INT u_wide_int;
-typedef intmax_t widest_int;
-typedef uintmax_t u_widest_int;
-typedef int bool_int;
-
-#define S_NULL			"(null)"
-#define S_NULL_LEN		6
-
-#define FLOAT_DIGITS		6
-#define EXPONENT_LENGTH		10
-
-/*
- * NUM_BUF_SIZE is the size of the buffer used for arithmetic conversions
- *
- * XXX: this is a magic number; do not decrease it
- */
-#define NUM_BUF_SIZE		512
-
-/*
- * cvt.c - IEEE floating point formatting routines for FreeBSD
- * from GNU libc-4.6.27.  Modified to be thread safe.
- */
-
-/*
- *    ap_ecvt converts to decimal
- *      the number of digits is specified by ndigit
- *      decpt is set to the position of the decimal point
- *      sign is set to 0 for positive, 1 for negative
- */
-
-#define	NDIG	80
-
-/* buf must have at least NDIG bytes */
-static char *
-ap_cvt(double arg, int ndigits, int *decpt, int *sign, int eflag, char *buf)
-{
-	int r2;
-	double fi, fj;
-	char *p, *p1;
-
-	if (ndigits >= NDIG - 1)
-		ndigits = NDIG - 2;
-	r2 = 0;
-	*sign = 0;
-	p = &buf[0];
-	if (arg < 0) {
-		*sign = 1;
-		arg = -arg;
-	}
-	arg = modf(arg, &fi);
-	p1 = &buf[NDIG];
-	/*
-	* Do integer part
-	*/
-	if (fi != 0) {
-		p1 = &buf[NDIG];
-		while (p1 > &buf[0] && fi != 0) {
-			fj = modf(fi / 10, &fi);
-			*--p1 = (int) ((fj + .03) * 10) + '0';
-			r2++;
-		}
-		while (p1 < &buf[NDIG])
-			*p++ = *p1++;
-	}
-	else if (arg > 0) {
-		while ((fj = arg * 10) < 1) {
-			arg = fj;
-			r2--;
-		}
-	}
-	p1 = &buf[ndigits];
-	if (eflag == 0)
-		p1 += r2;
-	*decpt = r2;
-	if (p1 < &buf[0]) {
-		buf[0] = '\0';
-		return (buf);
-	}
-	while (p <= p1 && p < &buf[NDIG]) {
-		arg *= 10;
-		arg = modf(arg, &fj);
-		*p++ = (int) fj + '0';
-	}
-	if (p1 >= &buf[NDIG]) {
-		buf[NDIG - 1] = '\0';
-		return (buf);
-	}
-	p = p1;
-	*p1 += 5;
-	while (*p1 > '9') {
-		*p1 = '0';
-		if (p1 > buf)
-			++ * --p1;
-		else {
-			*p1 = '1';
-			(*decpt)++;
-			if (eflag == 0) {
-				if (p > buf)
-					*p = '0';
-				p++;
-			}
-		}
-	}
-	*p = '\0';
-	return (buf);
-	}
-
-	static char
-	*ap_ecvt(double arg, int ndigits, int *decpt, int *sign, char *buf)
-	{
-	return (ap_cvt(arg, ndigits, decpt, sign, 1, buf));
-	}
-
-	static char *
-	ap_fcvt(double arg, int ndigits, int *decpt, int *sign, char *buf)
-	{
-	return (ap_cvt(arg, ndigits, decpt, sign, 0, buf));
-}
-
-/*
- * ap_gcvt  - Floating output conversion to
- * minimal length string
- */
-
-static char
-*ap_gcvt(double number, int ndigit, char *buf, boolean_e altform)
-{
-	int sign, decpt;
-	char *p1, *p2;
-	int i;
-	char buf1[NDIG];
-
-	p1 = ap_ecvt(number, ndigit, &decpt, &sign, buf1);
-	p2 = buf;
-	if (sign)
-		*p2++ = '-';
-	for (i = ndigit - 1; i > 0 && p1[i] == '0'; i--)
-		ndigit--;
-	if ((decpt >= 0 && decpt - ndigit > 4)
-	    || (decpt < 0 && decpt < -3)) {             /* use E-style */
-		decpt--;
-		*p2++ = *p1++;
-		*p2++ = '.';
-		for (i = 1; i < ndigit; i++)
-		    *p2++ = *p1++;
-		*p2++ = 'e';
-		if (decpt < 0) {
-		    decpt = -decpt;
-		    *p2++ = '-';
-		}
-		else
-		    *p2++ = '+';
-		if (decpt / 100 > 0)
-		    *p2++ = decpt / 100 + '0';
-		if (decpt / 10 > 0)
-		    *p2++ = (decpt % 100) / 10 + '0';
-		*p2++ = decpt % 10 + '0';
-	}
-	else {
-		if (decpt <= 0) {
-			if (*p1 != '0')
-				*p2++ = '.';
-			while (decpt < 0) {
-				decpt++;
-				*p2++ = '0';
-			}
-		}
-		for (i = 1; i <= ndigit; i++) {
-			*p2++ = *p1++;
-			if (i == decpt)
-				*p2++ = '.';
-		}
-		if (ndigit < decpt) {
-			while (ndigit++ < decpt)
-				*p2++ = '0';
-			*p2++ = '.';
-		}
-	}
-	if (p2[-1] == '.' && !altform)
-		p2--;
-	*p2 = '\0';
-	return (buf);
-}
-
-/*
- * The INS_CHAR macro inserts a character in the buffer and writes
- * the buffer back to disk if necessary
- * It uses the char pointers sp and bep:
- *      sp points to the next available character in the buffer
- *      bep points to the end-of-buffer+1
- * While using this macro, note that the nextb pointer is NOT updated.
- *
- * NOTE: Evaluation of the c argument should not have any side-effects
- */
-#define INS_CHAR(c, sp, bep, cc)                                \
-                {                                               \
-                if (sp >= bep) {                                \
-                        vbuff->curpos = sp;                     \
-                        if (flush_func(vbuff))                  \
-                                return -1;                      \
-                        sp = vbuff->curpos;                     \
-                        bep = vbuff->endpos;                    \
-                }                                               \
-                *sp++ = (c);                                    \
-                cc++;                                           \
-        }
-
-#define NUM( c )                        ( c - '0' )
-
-#define STR_TO_DEC( str, num )          \
-    num = NUM( *str++ ) ;               \
-    while ( ap_isdigit( *str ) )        \
-    {                                   \
-        num *= 10 ;                     \
-        num += NUM( *str++ ) ;          \
-    }
-
-/*
- * This macro does zero padding so that the precision
- * requirement is satisfied. The padding is done by
- * adding '0's to the left of the string that is going
- * to be printed. We don't allow precision to be large
- * enough that we continue past the start of s.
- *
- * NOTE: this makes use of the magic info that s is
- * always based on num_buf with a size of NUM_BUF_SIZE.
- */
-#define FIX_PRECISION( adjust, precision, s, s_len )    \
-    if ( adjust ) {                                     \
-        int p = precision < NUM_BUF_SIZE - 1 ? precision : NUM_BUF_SIZE - 1; \
-        while ( s_len < p )                             \
-        {                                               \
-            *--s = '0' ;                                \
-            s_len++ ;                                   \
-        }                                               \
-    }
-
-/*
- * Macro that does padding. The padding is done by printing
- * the character ch.
- */
-#define PAD( width, len, ch )   do              \
-        {                                       \
-            INS_CHAR( ch, sp, bep, cc ) ;       \
-            width-- ;                           \
-        }                                       \
-        while ( width > len )
-
-/*
- * Prefix the character ch to the string str
- * Increase length
- * Set the has_prefix flag
- */
-#define PREFIX( str, length, ch )	 *--str = ch ; length++ ; has_prefix = YES
-
-
-/*
- * Convert num to its decimal format.
- * Return value:
- *   - a pointer to a string containing the number (no sign)
- *   - len contains the length of the string
- *   - is_negative is set to TRUE or FALSE depending on the sign
- *     of the number (always set to FALSE if is_unsigned is TRUE)
- *
- * The caller provides a buffer for the string: that is the buf_end argument
- * which is a pointer to the END of the buffer + 1 (i.e. if the buffer
- * is declared as buf[ 100 ], buf_end should be &buf[ 100 ])
- *
- * Note: we have 2 versions. One is used when we need to use quads
- * (conv_10_quad), the other when we don't (conv_10). We're assuming the
- * latter is faster.
- */
-static char *
-conv_10(wide_int num, bool_int is_unsigned,
-    bool_int *is_negative, char *buf_end, int *len)
-{
-	char *p = buf_end;
-	u_wide_int magnitude;
-
-	if (is_unsigned) {
-		magnitude = (u_wide_int) num;
-		*is_negative = FALSE;
-	}
-	else {
-		*is_negative = (num < 0);
-
-		/*
-		 * On a 2's complement machine, negating the most negative
-		 * integer results in a number that cannot be represented as
-		 * a signed integer.
-		 * Here is what we do to obtain the number's magnitude:
-		 *      a. add 1 to the number
-		 *      b. negate it (becomes positive)
-		 *      c. convert it to unsigned
-		 *      d. add 1
-		 */
-		if (*is_negative) {
-			wide_int t = num + 1;
-
-			magnitude = ((u_wide_int) -t) + 1;
-		}
-		else
-			magnitude = (u_wide_int) num;
-	}
-
-	/*
-	* We use a do-while loop so that we write at least 1 digit 
-	*/
-	do {
-		u_wide_int new_magnitude = magnitude / 10;
-
-		*--p = (char) (magnitude - new_magnitude * 10 + '0');
-		magnitude = new_magnitude;
-	}
-	while (magnitude);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-static char *
-conv_10_quad(widest_int num, bool_int is_unsigned,
-    bool_int *is_negative, char *buf_end, int *len)
-{
-	char *p = buf_end;
-	u_widest_int magnitude;
-
-	/*
-	* We see if we can use the faster non-quad version by checking the
-	* number against the largest long value it can be. If <=, we
-	* punt to the quicker version.
-	*/
-	if ((num <= ULONG_MAX && is_unsigned) ||
-	    (num <= LONG_MAX && !is_unsigned))
-		return(conv_10( (wide_int)num, is_unsigned, is_negative,
-		    buf_end, len));
-
-	if (is_unsigned) {
-		magnitude = (u_widest_int) num;
-		*is_negative = FALSE;
-	}
-	else {
-		*is_negative = (num < 0);
-
-		/*
-		 * On a 2's complement machine, negating the most negative
-		 * integer * results in a number that cannot be represented as
-		 * a signed integer.
-		 * Here is what we do to obtain the number's magnitude:
-		 *      a. add 1 to the number
-		 *      b. negate it (becomes positive)
-		 *      c. convert it to unsigned
-		 *      d. add 1
-		 */
-		if (*is_negative) {
-			widest_int t = num + 1;
-
-			magnitude = ((u_widest_int) -t) + 1;
-		}
-		else
-			magnitude = (u_widest_int) num;
-	}
-
-	/*
-	* We use a do-while loop so that we write at least 1 digit 
-	*/
-	do {
-		u_widest_int new_magnitude = magnitude / 10;
-
-		*--p = (char) (magnitude - new_magnitude * 10 + '0');
-		magnitude = new_magnitude;
-	}
-	while (magnitude);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-
-
-static char*
-conv_in_addr(struct in_addr *ia, char *buf_end, int *len)
-{
-	unsigned addr = ntohl(ia->s_addr);
-	char *p = buf_end;
-	bool_int is_negative;
-	int sub_len;
-
-	p = conv_10((addr & 0x000000FF)      , TRUE, &is_negative, p, &sub_len);
-	*--p = '.';
-	p = conv_10((addr & 0x0000FF00) >>  8, TRUE, &is_negative, p, &sub_len);
-	*--p = '.';
-	p = conv_10((addr & 0x00FF0000) >> 16, TRUE, &is_negative, p, &sub_len);
-	*--p = '.';
-	p = conv_10((addr & 0xFF000000) >> 24, TRUE, &is_negative, p, &sub_len);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-
-
-static char *
-conv_sockaddr_in(struct sockaddr_in *si, char *buf_end, int *len)
-{
-	char *p = buf_end;
-	bool_int is_negative;
-	int sub_len;
-
-	p = conv_10(ntohs(si->sin_port), TRUE, &is_negative, p, &sub_len);
-	*--p = ':';
-	p = conv_in_addr(&si->sin_addr, p, &sub_len);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-
-
-/*
- * Convert a floating point number to a string formats 'f', 'e' or 'E'.
- * The result is placed in buf, and len denotes the length of the string
- * The sign is returned in the is_negative argument (and is not placed
- * in buf).
- */
-static char *
-conv_fp(char format, double num, boolean_e add_dp,
-    int precision, bool_int *is_negative, char *buf, int *len, int buflen)
-{
-	char *s = buf;
-	char *p;
-	int decimal_point;
-	char buf1[NDIG];
-
-	if (format == 'f')
-		p = ap_fcvt(num, precision, &decimal_point, is_negative, buf1);
-	else                    /* either e or E format */
-		p = ap_ecvt(num, precision + 1, &decimal_point, is_negative,
-		    buf1);
-	/*
-	* Check for Infinity and NaN
-	*/
-	if (ap_isalpha(*p)) {
-		*len = strlcpy(buf, p, buflen);
-		/* we really need the wanted len here */
-		*is_negative = FALSE;
-		return (buf);
-	}
-
-	if (format == 'f') {
-		if (decimal_point <= 0) {
-			*s++ = '0';
-			if (precision > 0) {
-				*s++ = '.';
-				while (decimal_point++ < 0)
-					*s++ = '0';
-			}
-			else if (add_dp)
-				*s++ = '.';
-		}
-		else {
-			while (decimal_point-- > 0)
-				*s++ = *p++;
-			if (precision > 0 || add_dp)
-				*s++ = '.';
-		}
-	}
-	else {
-		*s++ = *p++;
-		if (precision > 0 || add_dp)
-			*s++ = '.';
-	}
-
-	/*
-	* copy the rest of p, the NUL is NOT copied
-	*/
-	while (*p)
-		*s++ = *p++;
-
-	if (format != 'f') {
-		char temp[EXPONENT_LENGTH];     /* for exponent conversion */
-		int t_len;
-		bool_int exponent_is_negative;
-
-		*s++ = format;          /* either e or E */
-		decimal_point--;
-		if (decimal_point != 0) {
-			p = conv_10((wide_int) decimal_point, FALSE,
-			    &exponent_is_negative, &temp[EXPONENT_LENGTH],
-			    &t_len);
-			*s++ = exponent_is_negative ? '-' : '+';
-
-			/*
-			* Make sure the exponent has at least 2 digits
-			*/
-			if (t_len == 1)
-				*s++ = '0';
-			while (t_len--)
-				*s++ = *p++;
-		}
-		else {
-			*s++ = '+';
-			*s++ = '0';
-			*s++ = '0';
-		}
-	}
-	*len = s - buf;
-	return (buf);
-}
-
-
-/*
- * Convert num to a base X number where X is a power of 2. nbits determines X.
- * For example, if nbits is 3, we do base 8 conversion
- * Return value:
- *      a pointer to a string containing the number
- *
- * The caller provides a buffer for the string: that is the buf_end argument
- * which is a pointer to the END of the buffer + 1 (i.e. if the buffer
- * is declared as buf[ 100 ], buf_end should be &buf[ 100 ])
- *
- * As with conv_10, we have a faster version which is used when
- * the number isn't quad size.
- */
-static char *
-conv_p2(u_wide_int num, int nbits, char format, char *buf_end,
-    int *len)
-{
-	int mask = (1 << nbits) - 1;
-	char *p = buf_end;
-	static const char low_digits[] = "0123456789abcdef";
-	static const char upper_digits[] = "0123456789ABCDEF";
-	const char *digits = (format == 'X') ? upper_digits :
-	    low_digits;
-
-	do {
-		*--p = digits[num & mask];
-		num >>= nbits;
-	}
-	while (num);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-static char *
-conv_p2_quad(u_widest_int num, int nbits, char format,
-    char *buf_end, int *len)
-{
-	int mask = (1 << nbits) - 1;
-	char *p = buf_end;
-	static const char low_digits[] = "0123456789abcdef";
-	static const char upper_digits[] = "0123456789ABCDEF";
-	const char *digits = (format == 'X') ? upper_digits :
-	    low_digits;
-
-	if (num <= ULONG_MAX)
-		return(conv_p2( (u_wide_int)num, nbits, format, buf_end, len));
-
-	do {
-		*--p = digits[num & mask];
-		num >>= nbits;
-	}
-	while (num);
-
-	*len = buf_end - p;
-	return (p);
-}
-
-
-/*
- * Do format conversion placing the output in buffer
- */
-API_EXPORT(int)
-ap_vformatter(int (*flush_func)(ap_vformatter_buff *),
-    ap_vformatter_buff *vbuff, const char *fmt, va_list ap)
-{
-	char *sp;
-	char *bep;
-	int cc = 0;
-	int i;
-
-	char *s = NULL;
-	char *q;
-	int s_len;
-
-	int min_width = 0;
-	int precision = 0;
-	enum {
-	LEFT, RIGHT
-	} adjust;
-	char pad_char;
-	char prefix_char;
-
-	double fp_num;
-	widest_int i_quad = (widest_int) 0;
-	u_widest_int ui_quad;
-	wide_int i_num = (wide_int) 0;
-	u_wide_int ui_num;
-
-	char num_buf[NUM_BUF_SIZE];
-	char char_buf[2];		/* for printing %% and %<unknown> */
-
-	enum var_type_enum {
-		IS_QUAD, IS_LONG, IS_SHORT, IS_INT
-	};
-	enum var_type_enum var_type = IS_INT;
-
-	/*
-	* Flag variables
-	*/
-	boolean_e alternate_form;
-	boolean_e print_sign;
-	boolean_e print_blank;
-	boolean_e adjust_precision;
-	boolean_e adjust_width;
-	bool_int is_negative;
-
-	sp = vbuff->curpos;
-	bep = vbuff->endpos;
-
-	while (*fmt) {
-		if (*fmt != '%') {
-			INS_CHAR(*fmt, sp, bep, cc);
-			}
-		else {
-			/*
-			* Default variable settings
-			*/
-			adjust = RIGHT;
-			alternate_form = print_sign = print_blank = NO;
-			pad_char = ' ';
-			prefix_char = NUL;
-
-			fmt++;
-
-			/*
-			* Try to avoid checking for flags, width or precision
-			*/
-			if (!ap_islower(*fmt)) {
-				/*
-				 * Recognize flags: -, #, BLANK, +
-				 */
-				for (;; fmt++) {
-					if (*fmt == '-')
-						adjust = LEFT;
-					else if (*fmt == '+')
-						print_sign = YES;
-					else if (*fmt == '#')
-						alternate_form = YES;
-					else if (*fmt == ' ')
-						print_blank = YES;
-					else if (*fmt == '0')
-						pad_char = '0';
-					else
-						break;
-				}
-
-				/*
-				 * Check if a width was specified
-				 */
-				if (ap_isdigit(*fmt)) {
-					STR_TO_DEC(fmt, min_width);
-					adjust_width = YES;
-				}
-				else if (*fmt == '*') {
-					min_width = va_arg(ap, int);
-					fmt++;
-					adjust_width = YES;
-					if (min_width < 0) {
-						adjust = LEFT;
-						min_width = -min_width;
-					}
-				}
-				else
-					adjust_width = NO;
-
-				/*
-				 * Check if a precision was specified
-				 */
-				if (*fmt == '.') {
-					adjust_precision = YES;
-					fmt++;
-					if (ap_isdigit(*fmt)) {
-						STR_TO_DEC(fmt, precision);
-					}
-					else if (*fmt == '*') {
-						precision = va_arg(ap, int);
-						fmt++;
-						if (precision < 0)
-							precision = 0;
-					}
-					else
-						precision = 0;
-				}
-				else
-					adjust_precision = NO;
-			}
-			else
-				adjust_precision = adjust_width = NO;
-
-			/*
-			* Modifier check
-			*/
-			if (*fmt == 'q') {
-				var_type = IS_QUAD;
-				fmt++;
-			}
-			else if (*fmt == 'l') {
-				var_type = IS_LONG;
-				fmt++;
-			}
-			else if (*fmt == 'h') {
-				var_type = IS_SHORT;
-				fmt++;
-			}
-			else {
-				var_type = IS_INT;
-			}
-
-			/*
-			* Argument extraction and printing.
-			* First we determine the argument type.
-			* Then, we convert the argument to a string.
-			* On exit from the switch, s points to the string that
-			* must be printed, s_len has the length of the string
-			* The precision requirements, if any, are reflected in
-			* s_len.
-			*
-			* NOTE: pad_char may be set to '0' because of the 0
-			* flag.
-			* It is reset to ' ' by non-numeric formats
-			*/
-			switch (*fmt) {
-			case 'u':
-				if (var_type == IS_QUAD) {
-					i_quad = va_arg(ap, u_widest_int);
-					s = conv_10_quad(i_quad, 1,
-					    &is_negative,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				else {
-					if (var_type == IS_LONG)
-						i_num = (wide_int) va_arg(ap,
-						    u_wide_int);
-					else if (var_type == IS_SHORT)
-						i_num = (wide_int)
-						    (unsigned short) va_arg(ap,
-						    unsigned int);
-					else
-						i_num = (wide_int) va_arg(ap,
-						    unsigned int);
-					s = conv_10(i_num, 1, &is_negative,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				FIX_PRECISION(adjust_precision, precision, s,
-				    s_len);
-				break;
-
-			case 'd':
-			case 'i':
-				if (var_type == IS_QUAD) {
-					i_quad = va_arg(ap, widest_int);
-					s = conv_10_quad(i_quad, 0,
-					    &is_negative,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				else {
-					if (var_type == IS_LONG)
-						i_num = (wide_int) va_arg(ap,
-						wide_int);
-					else if (var_type == IS_SHORT)
-						i_num = (wide_int) (short)
-						    va_arg(ap, int);
-					else
-						i_num = (wide_int) va_arg(ap,
-						    int);
-					s = conv_10(i_num, 0, &is_negative,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				FIX_PRECISION(adjust_precision, precision, s,
-				    s_len);
-
-				if (is_negative)
-					prefix_char = '-';
-				else if (print_sign)
-					prefix_char = '+';
-				else if (print_blank)
-					prefix_char = ' ';
-				break;
-
-
-			case 'o':
-				if (var_type == IS_QUAD) {
-					ui_quad = va_arg(ap, u_widest_int);
-					s = conv_p2_quad(ui_quad, 3, *fmt,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				else {
-					if (var_type == IS_LONG)
-						ui_num = (u_wide_int) va_arg(ap,
-						    u_wide_int);
-					else if (var_type == IS_SHORT)
-						ui_num = (u_wide_int)
-						    (unsigned short)
-						    va_arg(ap, unsigned int);
-					else
-						ui_num = (u_wide_int) va_arg(ap,
-						    unsigned int);
-					s = conv_p2(ui_num, 3, *fmt,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				FIX_PRECISION(adjust_precision, precision, s,
-				    s_len);
-				if (alternate_form && *s != '0') {
-					*--s = '0';
-					s_len++;
-				}
-				break;
-
-
-			case 'x':
-			case 'X':
-				if (var_type == IS_QUAD) {
-					ui_quad = va_arg(ap, u_widest_int);
-					s = conv_p2_quad(ui_quad, 4, *fmt,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				else {
-					if (var_type == IS_LONG)
-						ui_num = (u_wide_int) va_arg(ap,
-						    u_wide_int);
-					else if (var_type == IS_SHORT)
-						ui_num = (u_wide_int)
-						    (unsigned short) va_arg(ap,
-						    unsigned int);
-					else
-						ui_num = (u_wide_int) va_arg(ap,
-						    unsigned int);
-					s = conv_p2(ui_num, 4, *fmt,
-					    &num_buf[NUM_BUF_SIZE], &s_len);
-				}
-				FIX_PRECISION(adjust_precision, precision, s,
-				    s_len);
-				if (alternate_form && i_num != 0) {
-					*--s = *fmt;	/* 'x' or 'X' */
-					*--s = '0';
-					s_len += 2;
-				}
-				break;
-
-
-			case 's':
-				s = va_arg(ap, char *);
-				if (s != NULL) {
-					s_len = strlen(s);
-					if (adjust_precision && precision
-					    < s_len)
-						s_len = precision;
-				}
-				else {
-					s = S_NULL;
-					s_len = S_NULL_LEN;
-				}
-				pad_char = ' ';
-				break;
-
-
-			case 'f':
-			case 'e':
-			case 'E':
-				fp_num = va_arg(ap, double);
-				/*
-				 * * We use &num_buf[ 1 ], so that we have room
-				 *   for the sign
-				 */
-				if (isnan(fp_num)) {
-					s = "nan";
-					s_len = 3;
-				}
-				else if (isinf(fp_num)) {
-					s = "inf";
-					s_len = 3;
-				} else {
-					s = conv_fp(*fmt, fp_num,
-					    alternate_form,
-					    (adjust_precision == NO) ?
-					    FLOAT_DIGITS : precision,
-					    &is_negative, &num_buf[1],
-					    &s_len, sizeof(num_buf) - 1);
-					if (is_negative)
-						prefix_char = '-';
-					else if (print_sign)
-						prefix_char = '+';
-					else if (print_blank)
-						prefix_char = ' ';
-				}
-				break;
-
-
-			case 'g':
-			case 'G':
-				if (adjust_precision == NO)
-					precision = FLOAT_DIGITS;
-				else if (precision == 0)
-					precision = 1;
-				/*
-				 * * We use &num_buf[ 1 ], so that we have room
-				 *   for the sign
-				 */
-				s = ap_gcvt(va_arg(ap, double), precision,
-				    &num_buf[1], alternate_form);
-				if (*s == '-')
-					prefix_char = *s++;
-				else if (print_sign)
-					prefix_char = '+';
-				else if (print_blank)
-					prefix_char = ' ';
-
-				s_len = strlen(s);
-
-				if (alternate_form && (q = strchr(s, '.'))
-				    == NULL) {
-					s[s_len++] = '.';
-					s[s_len] = '\0';
-					/* delimit for following strchr() */
-				}
-				if (*fmt == 'G' && (q = strchr(s, 'e')) != NULL)
-					*q = 'E';
-				break;
-
-
-			case 'c':
-				char_buf[0] = (char) (va_arg(ap, int));
-				s = &char_buf[0];
-				s_len = 1;
-				pad_char = ' ';
-				break;
-
-
-			case '%':
-				char_buf[0] = '%';
-				s = &char_buf[0];
-				s_len = 1;
-				pad_char = ' ';
-				break;
-
-
-			case 'n':
-				if (var_type == IS_QUAD)
-					*(va_arg(ap, widest_int *)) = cc;
-				else if (var_type == IS_LONG)
-					*(va_arg(ap, long *)) = cc;
-				else if (var_type == IS_SHORT)
-					*(va_arg(ap, short *)) = cc;
-				else
-					*(va_arg(ap, int *)) = cc;
-				break;
-
-			/*
-			 * This is where we extend the printf format, with a
-			 * second type specifier
-			 */
-			case 'p':
-				switch(*++fmt) {
-				case 'p':
-					ui_quad = (u_widest_int)(uintptr_t)
-					    va_arg(ap, void *);
-					s = conv_p2_quad(ui_quad, 4,
-					    'x', &num_buf[NUM_BUF_SIZE],
-					    &s_len);
-					pad_char = ' ';
-					break;
-
-				/* print a struct sockaddr_in as a.b.c.d:port */
-				case 'I':
-				{
-					struct sockaddr_in *si;
-
-					si = va_arg(ap, struct sockaddr_in *);
-					if (si != NULL) {
-						s = conv_sockaddr_in(si,
-						    &num_buf[NUM_BUF_SIZE],
-						    &s_len);
-						if (adjust_precision &&
-						    precision < s_len)
-							s_len = precision;
-					}
-					else {
-					    s = S_NULL;
-					    s_len = S_NULL_LEN;
-					}
-					pad_char = ' ';
-					break;
-				}
-
-				    /* print a struct in_addr as a.b.c.d */
-				case 'A':
-				{
-					struct in_addr *ia;
-
-					ia = va_arg(ap, struct in_addr *);
-					if (ia != NULL) {
-						s = conv_in_addr(ia,
-						    &num_buf[NUM_BUF_SIZE],
-						    &s_len);
-						if (adjust_precision &&
-						    precision < s_len)
-							s_len = precision;
-					}
-					else {
-						s = S_NULL;
-						s_len = S_NULL_LEN;
-					}
-					pad_char = ' ';
-					break;
-				}
-
-				case NUL:
-				/* if %p ends the string, oh well ignore it */
-					continue;
-
-				default:
-					s = "bogus %p";
-					s_len = 8;
-					prefix_char = NUL;
-					break;
-				}
-				break;
-
-			case NUL:
-				/*
-				 * The last character of the format string was
-				 * %. We ignore it.
-				 */
-				continue;
-
-
-			/*
-			 * The default case is for unrecognized %'s.
-			 * We print %<char> to help the user identify what
-			 * option is not understood.
-			 * This is also useful in case the user wants to pass
-			 * the output of format_converter to another function
-			 * that understands some other %<char> (like syslog).
-			 * Note that we can't point s inside fmt because the
-			 * unknown <char> could be preceded by width etc.
-			 */
-			default:
-				char_buf[0] = '%';
-				char_buf[1] = *fmt;
-				s = char_buf;
-				s_len = 2;
-				pad_char = ' ';
-				break;
-			}
-
-			if (prefix_char != NUL && s != S_NULL &&
-			    s != char_buf) {
-				*--s = prefix_char;
-				s_len++;
-			}
-
-			if (adjust_width && adjust == RIGHT &&
-			    min_width > s_len) {
-				if (pad_char == '0' && prefix_char != NUL) {
-					INS_CHAR(*s, sp, bep, cc);
-					s++;
-					s_len--;
-					min_width--;
-				}
-				PAD(min_width, s_len, pad_char);
-			}
-
-			/*
-			* Print the string s. 
-			*/
-			for (i = s_len; i != 0; i--) {
-				INS_CHAR(*s, sp, bep, cc);
-				s++;
-			}
-
-			if (adjust_width && adjust == LEFT && min_width > s_len)
-				PAD(min_width, s_len, pad_char);
-		}
-		fmt++;
-	}
-	vbuff->curpos = sp;
-
-	return cc;
-}
-
-
-static int
-snprintf_flush(ap_vformatter_buff *vbuff)
-{
-	/* if the buffer fills we have to abort immediately, there is no way
-	* to "flush" an ap_snprintf... there's nowhere to flush it to.
-	*/
-	return -1;
-}
-
-
-API_EXPORT_NONSTD(int)
-ap_snprintf(char *buf, size_t len, const char *format,...)
-{
-	int cc;
-	va_list ap;
-	ap_vformatter_buff vbuff;
-
-	if (len == 0)
-		return 0;
-
-	/* save one byte for nul terminator */
-	vbuff.curpos = buf;
-	vbuff.endpos = buf + len - 1;
-	va_start(ap, format);
-	cc = ap_vformatter(snprintf_flush, &vbuff, format, ap);
-	va_end(ap);
-	*vbuff.curpos = '\0';
-	return (cc == -1) ? len : cc;
-}
-
-
-API_EXPORT(int)
-ap_vsnprintf(char *buf, size_t len, const char *format, va_list ap)
-{
-	int cc;
-	ap_vformatter_buff vbuff;
-
-	if (len == 0)
-		return 0;
-
-	/* save one byte for nul terminator */
-	vbuff.curpos = buf;
-	vbuff.endpos = buf + len - 1;
-	cc = ap_vformatter(snprintf_flush, &vbuff, format, ap);
-	*vbuff.curpos = '\0';
-	return (cc == -1) ? len : cc;
-}
diff --git a/usr.sbin/httpd/src/ap/ap_strtol.c b/usr.sbin/httpd/src/ap/ap_strtol.c
deleted file mode 100644
index d1f1e9a89c1..00000000000
--- a/usr.sbin/httpd/src/ap/ap_strtol.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/* $OpenBSD: ap_strtol.c,v 1.7 2005/06/20 12:23:22 robert Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "httpd.h"
-#include <limits.h>
-#include <errno.h>
-#include <stdlib.h>
-#include "ap_ctype.h"
-
-#ifndef LONG_MAX
-#define LONG_MAX  2147483647
-#endif
-#ifndef LONG_MIN
-#define LONG_MIN  (-2147483647-1)
-#endif
-
-/*
- * Convert a string to a long integer.
- *
- * Assumes that the upper and lower case
- * alphabets and digits are each contiguous.
- * (On EBCDIC machines it assumes that digits and
- *  upper/lower case A-I, J-R, and S-Z are contiguous.)
- */
-
-API_EXPORT(long)
-ap_strtol(const char *nptr, char **endptr, int base)
-{
-	const char *s;
-	unsigned long acc;
-	char c;
-	unsigned long cutoff;
-	int neg, any, cutlim;
-        long result;
-
-	/*
-	 * Skip white space and pick up leading +/- sign if any.
-	 * If base is 0, allow 0x for hex and 0 for octal, else
-	 * assume decimal; if base is already 16, allow 0x.
-	 */
-	s = nptr;
-	do {
-		c = *s++;
-	}
-	while (ap_isspace(c));
-	if (c == '-') {
-		neg = 1;
-		c = *s++;
-	} else {
-		neg = 0;
-		if (c == '+')
-			c = *s++;
-	}
-	if ((base == 0 || base == 16) &&
-	    c == '0' && (*s == 'x' || *s == 'X')) {
-		c = s[1];
-		s += 2;
-		base = 16;
-	}
-	if (base == 0)
-		base = c == '0' ? 8 : 10;
-	acc = any = 0;
-	if (base < 2 || base > 36)
-		goto noconv;
-
-	/*
-	 * Compute the cutoff value between legal numbers and illegal
-	 * numbers.  That is the largest legal value, divided by the
-	 * base.  An input number that is greater than this value, if
-	 * followed by a legal input character, is too big.  One that
-	 * is equal to this value may be valid or not; the limit
-	 * between valid and invalid numbers is then based on the last
-	 * digit.  For instance, if the range for longs is
-	 * [-2147483648..2147483647] and the input base is 10,
-	 * cutoff will be set to 214748364 and cutlim to either
-	 * 7 (neg==0) or 8 (neg==1), meaning that if we have accumulated
-	 * a value > 214748364, or equal but the next digit is > 7 (or 8),
-	 * the number is too big, and we will return a range error.
-	 *
-	 * Set 'any' if any `digits' consumed; make it negative to indicate
-	 * overflow.
-	 */
-	cutoff = neg ? (unsigned long)-(LONG_MIN + LONG_MAX) + LONG_MAX
-	    : LONG_MAX;
-	cutlim = cutoff % base;
-	cutoff /= base;
-	for ( ; ; c = *s++) {
-		if (c >= '0' && c <= '9')
-			c -= '0';
-		else if (c >= 'A' && c <= 'Z')
-			c -= 'A' - 10;
-		else if (c >= 'a' && c <= 'z')
-			c -= 'a' - 10;
-		else
-			break;
-		if (c >= base)
-			break;
-		if (any < 0 || acc > cutoff || (acc == cutoff && c > cutlim)) {
-			any = -1;
-		} else {
-			any = 1;
-			acc *= base;
-			acc += c;
-		}
-	}
-        result = (long)acc;
-	if (any < 0) {
-		result = neg ? LONG_MIN : LONG_MAX;
-		errno = ERANGE;
-	} else if (!any) {
-noconv:
-                result = (long)acc;
-		errno = EINVAL;
-	} else if (neg)
-		result = -(long)acc;
-	if (endptr != NULL)
-		*endptr = (char *)(any ? s - 1 : nptr);
-	return (result);
-}
-
diff --git a/usr.sbin/httpd/src/buildmark.c b/usr.sbin/httpd/src/buildmark.c
deleted file mode 100644
index 5d30ed5b9a2..00000000000
--- a/usr.sbin/httpd/src/buildmark.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "ap_config.h"
-#include "httpd.h"
-
-API_EXPORT(const char *) ap_get_server_built(void)
-{
-    return "unknown";
-}
diff --git a/usr.sbin/httpd/src/helpers/CutRule b/usr.sbin/httpd/src/helpers/CutRule
deleted file mode 100644
index ca4b1f8eabb..00000000000
--- a/usr.sbin/httpd/src/helpers/CutRule
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-# Helper script for Configure - cut a rule from Configuration.
-# note that there is a tab and a space in the character groups.
-# Map to lowercase to make tests easier
-
-egrep "^[	 ]*Rule[	 ]+$1[	 ]*=" $2 | \
-awk 'BEGIN {FS="="}{print $2}' | \
-sed 's/[	 ]//g' | tr "A-Z" "a-z"
diff --git a/usr.sbin/httpd/src/helpers/GuessCodeset b/usr.sbin/httpd/src/helpers/GuessCodeset
deleted file mode 100644
index b761efb3150..00000000000
--- a/usr.sbin/httpd/src/helpers/GuessCodeset
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-# This script tries to find out whether the native codeset of this machine
-# is ASCII or EBCDIC. On EBCDIC based machines, it is used to activate
-# the mod_ebcdic EBCDIC conversion module.
-#
-# Note: This script will break if you use an ebcdic cross-compiler!
-#
-case `${AWK-awk} 'BEGIN {printf("%c%c%c%c%c<->%c%c%c%c%c%c\n",97,115,99,105,105,133,130,131,132,137,131);}' /dev/null` in
-    ascii*)     echo ASCII;;
-    *ebcdic)    echo EBCDIC;;
-    *)          echo >&2 "ERROR: Your platform codeset could not be detected correctly."
-		echo >&2 "Assuming ASCII. Please send an EMail to <martin@apache.org>"
-		echo >&2 "describing the platform in use. Is your AWK broken?"
-		echo ASCII;;
-esac
diff --git a/usr.sbin/httpd/src/helpers/GuessOS b/usr.sbin/httpd/src/helpers/GuessOS
deleted file mode 100644
index d2c27a5bd39..00000000000
--- a/usr.sbin/httpd/src/helpers/GuessOS
+++ /dev/null
@@ -1,366 +0,0 @@
-#!/bin/sh
-#
-# Simple OS/Platform guesser. Similar to config.guess but
-# much, much smaller. Since it was developed for use with
-# Apache, it follows under Apache's regular licensing
-# (see http://www.apache.org/docs/LICENSE)  with one specific
-# addition: Any changes or additions to this script should be
-# Emailed to the Apache group (apache@apache.org).
-#
-# Initially written by Jim Jagielski for the Apache configuration mechanism
-#
-# Be as similar to the output of config.guess/config.sub
-# as possible.
-
-# Handle TPF before handling other OSes.  This
-# is being done because TPF is sometimes compiled
-# on OS/390.  When that is the case, if we don't
-# handle TPF ahead of the other OSes, TPF will
-# fall into the OS/390 case and this script would
-# return an incorrect value for the platform.
-#
-# Apache is not compiled on the TPF platform
-# therefore an environment variable is used
-if [ "x$TPF" = "xYES" ]; then
-    echo "TPF"
-    exit 0	
-fi
-
-# First get uname entries that we use below
-
-MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
-RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
-SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
-VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
-
-# Some HP machines have slashes.
-MACHINE=`echo ${MACHINE}|sed -e 's/\//_/'`
-
-# Now test for ISC and SCO, since it is has a braindamaged uname.
-#
-# We need to work around FreeBSD 1.1.5.1 
-XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
-if [ "x$XREL" != "x" ]; then
-    if [ -f /etc/kconfig ]; then
-	case "$XREL" in
-	    4.0|4.1)
-		    echo "${MACHINE}-whatever-isc4"; exit 0
-		;;
-	esac
-    else
-	case "$XREL" in
-	    3.2v4.2)
-		echo "whatever-whatever-sco3"; exit 0
-		;;
-	    3.2v5.0*)
-		echo "whatever-whatever-sco5"; exit 0
-		;;
-	    4.2MP)
-		if [ "x$VERSION" = "x2.1.1" ]; then
-		    echo "${MACHINE}-whatever-unixware211"; exit 0
-		elif [ "x$VERSION" = "x2.1.2" ]; then
-		    echo "${MACHINE}-whatever-unixware212"; exit 0
-		else
-		    echo "${MACHINE}-whatever-unixware2"; exit 0
-		fi
-		;;
-	    4.2)
-		echo "whatever-whatever-unixware1"; exit 0
-		;;
-	    5)
-	    	case "$VERSION" in
-		    7*)
-			echo "${MACHINE}-whatever-unixware7"; exit 0
-			;;
-		    8*)
-			echo "${MACHINE}-whatever-OpenUNIX"; exit 0
-			;;
-		esac
-		;;
-	esac
-    fi
-fi
-# Now we simply scan though... In most cases, the SYSTEM info is enough
-#
-case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
-    MiNT:*)
-        echo "m68k-atari-mint"; exit 0
-	;;
-    A/UX:*)
-	echo "m68k-apple-aux3"; exit 0
-	;;
-
-    AIX:*)
-	echo "${MACHINE}-ibm-aix${VERSION}.${RELEASE}"; exit 0
-	;;
-
-    dgux:*)
-	echo "${MACHINE}-dg-dgux"; exit 0
-	;;
-
-    HI-UX:*)
-	echo "${MACHINE}-hi-hiux"; exit 0
-	;;
-
-    HP-UX:*)
-	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
-	echo "${MACHINE}-hp-hpux${HPUXVER}"; exit 0
-	;;
-
-    IRIX:*)
-	if [ -f /usr/lib32/mips4/libm.so ]; then
-	    echo "${MACHINE}-sgi-irix32"; exit 0
-	else
-	    echo "${MACHINE}-sgi-irix"; exit 0
-	fi
-	;;
-
-    IRIX64:*)
-	echo "${MACHINE}-sgi-irix64"; exit 0
-	;;
-
-    Linux:2.0.*)
-    	echo "${MACHINE}-whatever-linux20"; exit 0
-	;;
-
-    Linux:[2-9].*)
-        # This handles linux 2.2 and above (2.4, ...)
-	# Don't worry if you don't really have a Linux-2.2
-	echo "${MACHINE}-whatever-linux22"; exit 0
-	;;
-
-    Linux:1.*)
-	echo "${MACHINE}-whatever-linux1"; exit 0
-	;;
-
-    GNU:*)
-	echo "${MACHINE}-GNU-GNU/Hurd"; exit 0
-	;;
-
-    LynxOS:*)
-	echo "${MACHINE}-lynx-lynxos"; exit 0
-	;;
-
-    BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
-	echo "i486-whatever-bsdi"; exit 0
-	;;
-
-	BSD/386|BSD/OS:3.*)
-	echo "${MACHINE}-whatever-bsdi3"; exit 0
-	;;
-
-	BSD/386:*|BSD/OS:*)
-	echo "${MACHINE}-whatever-bsdi"; exit 0
-	;;
-
-    FreeBSD:*:*:*486*)
-	FREEBSDVERS=`echo ${RELEASE}|sed -e 's/[-(].*//'`
-	echo "i486-whatever-freebsd${FREEBSDVERS}"; exit 0
-	;;
-
-    FreeBSD:*)
-	FREEBSDVERS=`echo ${RELEASE}|sed -e 's/[-(].*//'`
-	echo "${MACHINE}-whatever-freebsd${FREEBSDVERS}"; exit 0
-	;;
-
-    NetBSD:*:*:*486*)
-	echo "i486-whatever-netbsd"; exit 0
-	;;
-
-    NetBSD:*)
-	echo "${MACHINE}-whatever-netbsd"; exit 0
-	;;
-
-    OpenBSD:*)
-	OPENBSDVERS=`echo ${RELEASE}|sed -e 's/[-(].*//'`
-	echo "${MACHINE}-whatever-openbsd${OPENBSDVERS}"; exit 0
-	;;
-
-    OSF1:*:*:*alpha*)
-	echo "${MACHINE}-dec-osf"; exit 0
-	;;
-
-	NONSTOP_KERNEL:*:*:*)
-	echo "${MACHINE}-tandem-oss"; exit 0; 
-	;;
-
-    QNX:*)
-	if [ "$VERSION" -gt 422 ]; then
-	    echo "${MACHINE}-qssl-qnx32"
-	else
-	    echo "${MACHINE}-qssl-qnx"
-	fi
-	exit 0
-	;;
-
-    Paragon*:*:*:*)
-	echo "i860-intel-osf1"; exit 0
-	;;
-
-    SunOS:5.*)
-	SOLVER=`echo ${RELEASE}|awk -F. '{
-	    if (NF < 3)
-		printf "2%s0\n",$2
-	    else
-	    	printf "2%s%s\n",$2,$3
-	}'`
-	echo "${MACHINE}-sun-solaris2.${SOLVER}"; exit 0
-	;;
-
-    SunOS:*)
-	echo "${MACHINE}-sun-sunos4"; exit 0
-	;;
-
-    UNIX_System_V:4.*:*)
-	echo "${MACHINE}-whatever-sysv4"; exit 0
-	;;
-
-    unix:3.0.9*:*:88k)
-	echo "${MACHINE}-encore-sysv4"; exit 0
-	;;
-
-    *:4*:R4*:m88k)
-	echo "${MACHINE}-whatever-sysv4"; exit 0
-	;;
-
-    UnixWare:5:99*:*)
-	# Gemini, beta release of next rev of unixware
-	echo "${MACHINE}-whatever-unixware212"; exit 0
-	;;
-
-    DYNIX/ptx:4*:*:i386)
-	PTXVER=`echo ${VERSION}|sed -e 's/[^.]//'`
-	echo "${MACHINE}-sequent-ptx${PTXVER}"; exit 0
-	;;
-
-    *:3.2.0:*:i386)
-	# uname on DYNIX/ptx below V4.0.0 is brain dead
-	PTXVER=`echo ${VERSION}|sed -e 's/[^.]//'`
-	echo "${MACHINE}-sequent-ptx${PTXVER}"; exit 0
-	;;
-
-    *:4.0:3.0:[345][0-9]?? | *:4.0:3.0:3[34]??[/,]* | library:*)
-	echo "x86-ncr-sysv4"; exit 0
-	;;
-
-    ULTRIX:*)
-	echo "${MACHINE}-unknown-ultrix"; exit 0
-	;;
-
-    SINIX-?:* | ReliantUNIX-?:*)
-	echo "${MACHINE}-siemens-sysv4"; exit 0
-	;;
-
-    POSIX*BS2000)
-	echo "${MACHINE}-siemens-sysv4"; exit 0
-	;;
-
-    machten:*)
-       echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
-       ;;
-
-    ConvexOS:*:11.*:*)
-	echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
-	;;
-    
-    UNIX_SV:*:*:maxion)
-	echo "${MACHINE}-ccur-sysv4"; exit 0;
-	;;
-
-    PowerMAX_OS:*:*:Night_Hawk)
-        MACHINE=`uname -p`
-        echo "${MACHINE}-concurrent-powermax"; exit 0;
-        ;;
-    
-    UNIX_SV:*)
-	if [ -d /usr/nec ];then
-		echo "mips-nec-sysv4"; exit 0;
-	fi
-	;;
-
-    NonStop-UX:4.[02]*:[BC]*:*)
-	echo "${MACHINE}-tandem-sysv4"; exit 0;
-	;;
-
-    NonStop-UX:*:*:*)
-	echo "${MACHINE}-compaq-sysv4"; exit 0;
-	;;
-
-    Rhapsody:*:*:*)
-	case "${MACHINE}" in
-	    Power*) MACHINE=powerpc ;;
-	esac
-	echo "${MACHINE}-apple-rhapsody${RELEASE}"; exit 0
-	;;
-
-    Darwin:*:*:*)
-	MACHINE=`uname -p`
-	echo "${MACHINE}-apple-darwin${RELEASE}"; exit 0
-	;;
-
-    "RISC iX":*)
-	echo "arm-whatever-riscix"; exit 0;
-	;;
-
-    *:4.0:2:*)
-	echo "whatever-unisys-sysv4"; exit 0;
-	;;
-
-    *:*:dcosx:NILE*)
-	echo "pyramid-pyramid-svr4"; exit 0;
-	;;
-
-    *:*:*:"DRS 6000")
-        echo "drs6000-whatever-whatever"; exit 0;
-	;;
-    OS/390:*)
-        echo "${MACHINE}-IBM-OS390-${RELEASE}-${VERSION}"; exit 0;
-        ;;
-    CYGWIN*:*:*:*)
-	echo "${MACHINE}-whatever-cygwin"; exit 0
-	;;
-    atheos:*)
-	echo "${MACHINE}-whatever-atheos"; exit 0
-	;;
-esac
-
-#
-# Ugg. These are all we can determine by what we know about
-# the output of uname. Be more creative:
-#
-
-# Do the Apollo stuff first. Here, we just simply assume
-# that the existance of the /usr/apollo directory is proof
-# enough
-if [ -d /usr/apollo ]; then
-    echo "whatever-apollo-whatever"
-    exit 0
-fi
-
-# Now NeXT
-ISNEXT=`hostinfo 2>/dev/null`
-case "$ISNEXT" in
-    *NeXT*)
-#	echo "whatever-next-nextstep"; exit 0
-
-#	Swiped from a friendly uname clone for NEXT/OPEN Step.
-     	NEXTOSVER="`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`"
-	if [ "$NEXTOSVER" -gt 3.3 ]
-     	then
-          NEXTOS="openstep"
-     	else
-          NEXTOS="nextstep"
-     	fi
-
-	NEXTREL="`hostinfo | sed -n 's/.*NeXT Mach \([0-9\.]*\).*/\1/p'`" 
-	NEXTARCH=`arch`
-	echo "${NEXTARCH}-next-${NEXTOS}${NEXTREL}" ; exit 0
-
-	;;
-esac
-
-# At this point we gone through all the one's
-# we know of: Punt
-
-echo "${MACHINE}-whatever-${SYSTEM},${RELEASE},${VERSION}" 
-exit 0
diff --git a/usr.sbin/httpd/src/helpers/MakeEtags b/usr.sbin/httpd/src/helpers/MakeEtags
deleted file mode 100644
index 25f6bdab176..00000000000
--- a/usr.sbin/httpd/src/helpers/MakeEtags
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-# This file illustrates how to generate a useful TAGS file via etags
-# for emacs.  This should be invoked from the src directory i.e.:
-#   > helpers/MakeEtags
-# and will create a TAGS file in the src directory.
-
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-# Once you have created src/TAGS in emacs you'll need to setup
-# tag-table-alist with an entry to assure it finds the single src/TAGS
-# file from the many source directories.  Something along these lines:
-# (setq tag-table-alist
-#	'(("/home/me/work/apache-1.3/src/" 
-#	   . "/home/me/work/apache-1.3/src/")
-#	 ))
-
-# This requires a special version of etags, i.e. the
-# one called "Exuberant ctags" available at:
-#    http://fly.hiwaay.net/~darren/ctags/
-# Once that is setup you'll need to point to the
-# executable here:
-
-etags=~/local/bin/etags
-
-# Exuberant etags is necessary since it can ignore some defined symbols
-# that obscure the function signatures.
-
-ignore=API_EXPORT,API_EXPORT_NONSTD,__declspec
-
-# Create an etags file at the root of the source
-# tree, then create symbol links to it from each
-# directory in the source tree.  By passing etags
-# absolute pathnames we get a tag file that is
-# NOT portable when we move the directory tree.
-
-find . -name '*.[ch]' -print | $etags -I "$ignore"  -L -
-
diff --git a/usr.sbin/httpd/src/helpers/MakeLint b/usr.sbin/httpd/src/helpers/MakeLint
deleted file mode 100644
index 4ab6bba1c40..00000000000
--- a/usr.sbin/httpd/src/helpers/MakeLint
+++ /dev/null
@@ -1,31 +0,0 @@
-#!perl
-
-# Create a Configuration.lint with every Module except for the modules
-# specified in the 'isbad' subroutine.
-
-sub isbad
-{
-    local($module) = @_;
-    return 1 if $module =~ /mod_dld/;
-    return 1 if $module =~ /mod_dld/;
-    return 1 if $module =~ /mod_auth_msql/;
-    return 1 if $module =~ /mod_example/;
-
-    return 0;
-}
-
-open(TMPL, "Configuration.tmpl") || die "can't open Configuration.tmpl: $!";
-open(LINT, ">Configuration.lint") || die "can't write Configuration.link: $!";
-
-while(<TMPL>)
-{
-    next if /^$/;
-    print LINT if /^[^#]/;
-    if(/^# AddModule\s+(.*)$/)
-    {
-	   $module = $1;
-	   print LINT "AddModule $module\n" if ! &isbad($module);
-    }
-}
-close(TMPL);
-close(LINT);
diff --git a/usr.sbin/httpd/src/helpers/PrintPath b/usr.sbin/httpd/src/helpers/PrintPath
deleted file mode 100644
index 908d2740083..00000000000
--- a/usr.sbin/httpd/src/helpers/PrintPath
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/bin/sh
-# Look for program[s] somewhere in $PATH.
-#
-# Options:
-#  -s
-#    Do not print out full pathname. (silent)
-#  -pPATHNAME
-#    Look in PATHNAME instead of $PATH
-#
-# Usage:
-#  PrintPath [-s] [-pPATHNAME] program [program ...]
-#
-# Initially written by Jim Jagielski for the Apache configuration mechanism
-#  (with kudos to Kernighan/Pike)
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-##
-# Some "constants"
-##
-pathname=$PATH
-echo="yes"
-
-##
-# Find out what OS we are running for later on
-##
-os=`(uname) 2>/dev/null`
-
-##
-# Parse command line
-##
-for args in $*
-do
-    case $args in
-	-s  ) echo="no" ;;
-	-p* ) pathname="`echo $args | sed 's/^..//'`" ;;
-	*   ) programs="$programs $args" ;;
-    esac
-done
-
-##
-# Now we make the adjustments required for OS/2 and everyone
-# else :)
-#
-# First of all, all OS/2 programs have the '.exe' extension.
-# Next, we adjust PATH (or what was given to us as PATH) to
-# be whitespace seperated directories.
-# Finally, we try to determine the best flag to use for
-# test/[] to look for an executable file. OS/2 just has '-r'
-# but with other OSs, we do some funny stuff to check to see
-# if test/[] knows about -x, which is the prefered flag.
-##
-
-if [ "x$os" = "xOS/2" ]
-then
-    ext=".exe"
-    pathname=`echo -E $pathname |
-     sed 's/^;/.;/
-	  s/;;/;.;/g
-	  s/;$/;./
-	  s/;/ /g
-	  s/\\\\/\\//g' `
-    test_exec_flag="-r"
-else
-    ext=""	# No default extensions
-    pathname=`echo $pathname |
-     sed 's/^:/.:/
-	  s/::/:.:/g
-	  s/:$/:./
-	  s/:/ /g' `
-    # Here is how we test to see if test/[] can handle -x
-    testfile="pp.t.$$"
-
-    cat > $testfile <<ENDTEST
-#!/bin/sh
-if [ -x / ] || [ -x /bin ] || [ -x /bin/ls ]; then
-    exit 0
-fi
-exit 1
-ENDTEST
-
-    if `/bin/sh $testfile 2>/dev/null`; then
-	test_exec_flag="-x"
-    else
-	test_exec_flag="-r"
-    fi
-    rm -f $testfile
-fi
-
-for program in $programs
-do
-    for path in $pathname
-    do
-	if [ $test_exec_flag $path/${program}${ext} ] && \
-	   [ ! -d $path/${program}${ext} ]; then
-	    if [ "x$echo" = "xyes" ]; then
-		echo $path/${program}${ext}
-	    fi
-	    exit 0
-	fi
-    done
-done
-exit 1
-
diff --git a/usr.sbin/httpd/src/helpers/TestCompile b/usr.sbin/httpd/src/helpers/TestCompile
deleted file mode 100644
index 0b7171ed158..00000000000
--- a/usr.sbin/httpd/src/helpers/TestCompile
+++ /dev/null
@@ -1,281 +0,0 @@
-#!/bin/sh
-exstat=1
-trap 'rm -f Makefile dummy ../dummy.o dummy.exe testfunc.c testfunc ../testfunc.o testfunc.exe; exit $exstat' 0 1 2 3 15
-#
-# Yet another Apache Configure helper script.
-# This script tests certain aspects of the compilation
-# process. Right now, it can perform 5 tests:
-#
-# ./helpers/TestCompile lib <libname>
-#    Which checks to see if <libname> exists on this system
-#
-# ./helpers/TestCompile lib <libname> <func>
-#    Which checks to see if <libname> exists on this system and
-#    contains func.
-#
-# ./helpers/TestCompile func <function>
-#    Which checks to see if <function> exists
-#
-# ./helpers/TestCompile header <header>
-#    Which checks to see if header file <header> exists
-#
-# ./helpers/TestCompile sanity
-#    Which does a simple sanity check/test compile
-#
-# ./helpers/TestCompile sizeof <type>
-#    Which prints out the sizeof <type> (sure would be nice
-#    if sizeof could be use in preprocessor if's)
-#
-# ./helpers/TestCompile byteorder
-#    Which prints out the byte order of the machine
-#    (12: little endian, 21: big endian)
-#
-# It does these by creating a small mini-makefile, based on
-# ../Makefile.config and trying to compile a small dummy
-# program. If the compilation succeeds, we assume the test
-# was successful as well.
-#
-# This must be run as './helpers/TestCompile' from
-# the ./src directory (same directory that Configure is
-# located) if you want to test it out. Configure must
-# also call it as './helpers/TestCompile'
-#
-#
-# INVOCATION SWITCHES:
-# TestCompile evaluates the following switches
-# (currently, it accepts only *ONE* of them!):
-#
-#  -v (enable verbose operation)
-#   Enables VERBOSE=yes, see below.
-#
-#  -s (enforce silent operation)
-#   Override a VERBOSE=yes, force it to VERBOSE=no.
-#
-#  -r (run generated test program)
-#   Enables TCRUNIT=yes, see below
-#
-#  
-# ENVIRONMENT VARIABLES:
-# The following environment variables have influence on
-# TestCompile's operation:
-#
-#  $VERBOSE (yes|no; default=no)
-#    If set to "yes", will print compiler messages to stderr
-#    Otherwise, stderr of all invoked programs is sent to /dev/null
-#
-#  $TCRUNIT (yes|no; default=no)
-#    (This variable is obsoleted by the "-r" switch)
-#    If set to "yes", will invoke the test program which was
-#    generated by TestCompile. Useful for "TestCompile sizeof"
-#    and "TestCompile byteorder" tests.
-#    Otherwise, TestCompile only tests for the presence of a
-#    generated program when deciding whether the compilation was
-#    successful.
-#
-#  $TCADDINCL (#include <> stmt list; default=empty)
-#    If set to an "#include <file>" preprocessor directive
-#    (optionally several #include's separated by newlines), these
-#    directives will be added to the generated test sources.
-#    That allows, e.g., the "TestCompile sizeof" test to check for
-#    types which are not defined in the standard locations.
-#
-#  $TLIB (additional libraries; default=empty)
-#    If set to a list of additional libraries, these libs will be used
-#    in addition to the one tested by the "TestCompile lib" call.
-#    For the other TestCompile tests, it is ignored.
-#
-#
-# Initially written by Jim Jagielski for the Apache configuration mechanism
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-cd ./helpers
-
-#
-# Handle "verbose", "silent" and "runit" flags. Allow for them
-# to be set via the environment
-#
-if [ "x$VERBOSE" = "x" ]; then
-    VERBOSE="no"
-fi
-if [ "x$TCRUNIT" = "x" ]; then
-    TCRUNIT="no";
-fi
-case "$1" in
-    "-v")
-        VERBOSE="yes"
-	shift
-	;;
-    "-s")
-        VERBOSE="no"
-	shift
-	;;
-    "-r")
-        TCRUNIT="yes"
-	shift
-	;;
-esac
-
-#
-# Make sure we have the right arguments
-#
-
-case "$1" in
-    "lib")
-	if [ "x$2" = "x" ]; then
-	    exit
-	fi
-	TLIB="-l$2 $TLIB"
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	if [ "x$3" = "x" ]; then
-	    TARGET='dummy'
-	else
-	    TARGET='testfunc'
-	    echo "int main(void) { $3(); return(0); }" > testfunc.c
-	fi
-	;;
-    "sizeof")
-	if [ "x$2" = "x" ]; then
-	    exit
-	fi
-	TLIB=""
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	TARGET='testfunc'
-	cat <<EOF >testfunc.c
-#include <stdio.h>
-#include <sys/types.h>
-$TCADDINCL
-int main(void) {
-    printf("%d\n", sizeof($2));
-    return(0);
-}
-EOF
-	;;
-    "byteorder")
-	TLIB=""
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	TARGET='testfunc'
-	cat <<EOF >testfunc.c
-#include <stdio.h>
-#include <sys/types.h>
-$TCADDINCL
-int main(void) {
-    /* Are we little or big endian? From Harbison & Steele */
-    union {
-        long l;
-        char c[sizeof(long)];
-    } u;
-    u.l = 1;
-    printf("%s\n", u.c[sizeof(long)-1] == 1 ? "21" : "12");
-    return(0);
-}
-EOF
-	;;
-    "sanity")
-	TLIB=""
-	if [ "x$VERBOSE" = "xno" ]; then
-	    ERRDIR='2>/dev/null'
-	else
-	    ERRDIR=""
-	fi
-	TARGET='dummy'
-	;;
-    "func")
-	if [ "x$2" = "x" ]; then
-	    exit
-	fi
-	TLIB=""
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	TARGET='testfunc'
-	cat <<EOF >testfunc.c
-$TCADDINCL
-int main(void) {
-    $2();
-    return(0);
-}
-EOF
-	;;
-    "header")
-	if [ "x$2" = "x" ]; then
-	    exit
-	fi
-	TLIB=""
-	if [ "x$VERBOSE" = "xyes" ]; then
-	    ERRDIR=""
-	else
-	    ERRDIR='2>/dev/null'
-	fi
-	TARGET='testfunc'
-	cat <<EOF >testfunc.c
-$TCADDINCL
-#include <$2>
-int main(void) {
-    return(0);
-}
-EOF
-	;;
-    *)
-    	exit
-	;;
-esac
-
-#
-# Get makefile settings and build a basic Makefile
-#
-rm -f dummy ../dummy.o testfunc ../testfunc.o
-
-cat ../Makefile.config > Makefile
-cat <<EOF >> Makefile
-CFLAGS=\$(OPTIM) \$(CFLAGS1) \$(EXTRA_CFLAGS)
-LIBS=\$(EXTRA_LIBS) \$(LIBS1)
-INCLUDES=\$(INCLUDES1) \$(EXTRA_INCLUDES)
-LDFLAGS=\$(LDFLAGS1) \$(EXTRA_LDFLAGS)
-
-dummy:
-	cd ..; \$(CC) \$(CFLAGS) \$(INCLUDES) \$(LDFLAGS) -o helpers/dummy helpers/dummy.c $TLIB \$(LIBS)
-
-testfunc:
-	cd ..; \$(CC) \$(CFLAGS) \$(INCLUDES) \$(LDFLAGS) -o helpers/testfunc helpers/testfunc.c $TLIB \$(LIBS)
-EOF
-
-# Now run that Makefile
-eval "${MAKE-make} ${TARGET} $ERRDIR >&2"
-
-# And see if dummy exists and is executable, if so, then we
-# assume the condition we are testing for is good
-#
-# Use our PrintPath helper script using the "-p" option to
-# have PrintPath just search this directory.
-
-if sh PrintPath -s -p`pwd` $TARGET ; then
-    if [ "x$OS" = "xMPE/iX" ]; then
-	# clever hack to check for unresolved externals without actually
-	# executing the test program 
-	if eval "callci run `pwd`/$TARGET\;stdin=\*notfound 2>&1 | /bin/grep ^UNRESOLVED $ERRDIR >&2"; then
-	    exit 1 # there were unresolved externals
-	fi
-    fi
-    if [ "x$TCRUNIT" = "xyes" ]; then
-	`pwd`/$TARGET
-    fi
-    exstat=0
-fi
-
diff --git a/usr.sbin/httpd/src/helpers/binbuild.sh b/usr.sbin/httpd/src/helpers/binbuild.sh
deleted file mode 100644
index 570a7da6a17..00000000000
--- a/usr.sbin/httpd/src/helpers/binbuild.sh
+++ /dev/null
@@ -1,301 +0,0 @@
-#!/bin/sh
-#
-# binbuild.sh - Builds an Apache binary distribution.
-# Initially written by Lars Eilebrecht <lars@apache.org>.
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-OS=`src/helpers/GuessOS`
-case "x$OS" in
-  x*OS390*) CONFIGPARAM="--with-layout=BinaryDistribution --enable-module=most";;
-  *cygwin*) CONFIGPARAM="--with-layout=BinaryDistribution --enable-module=most \
-                         --enable-rule=SHARED_CORE --libexecdir=bin";;
-      *) CONFIGPARAM="--with-layout=BinaryDistribution --enable-module=most --enable-shared=max";;
-esac
-APDIR=`pwd`
-APDIR=`basename $APDIR`
-VER=`echo $APDIR |sed s/apache_//`
-TAR="`src/helpers/PrintPath tar`"
-GTAR="`src/helpers/PrintPath gtar`"
-GZIP="`src/helpers/PrintPath gzip`"
-
-if [ x$1 != x ]
-then
-  USER=$1
-else
-  USER="`src/helpers/buildinfo.sh -n %u@%h%d`"
-fi
-
-if [ ! -f ./ABOUT_APACHE ]
-then
-  echo "ERROR: The current directory contains no valid Apache distribution."
-  echo "Please change the directory to the top level directory of a freshly"
-  echo "unpacked Apache 1.3 source distribution and re-execute the script"
-  echo "'./src/helpers/bindbuild.sh'." 
-  exit 1;
-fi
-
-if [ -d ./CVS ]
-then
-  echo "ERROR: The current directory is a CVS checkout of Apache."
-  echo "Only a standard Apache 1.3 source distribution should be used to"
-  echo "create a binary distribution."
-  exit 1;
-fi
-
-echo "Building Apache $VER binary distribution..."
-echo "Platform is \"$OS\"..."
-
-( echo "Build log for Apache binary distribution" && \
-  echo "----------------------------------------------------------------------" && \
-  ./configure $CONFIGPARAM && \
-  echo "----------------------------------------------------------------------" && \
-  make clean && \
-  rm -rf bindist install-bindist.sh *.bindist
-  echo "----------------------------------------------------------------------" && \
-  make && \
-  echo "----------------------------------------------------------------------" && \
-  make install-quiet root="bindist/" && \
-  echo "----------------------------------------------------------------------" && \
-  make clean && \
-  echo "----------------------------------------------------------------------" && \
-  echo "[EOF]" \
-) > build.log 2>&1
-
-if [ ! -f ./bindist/bin/httpd ]
-then
-  echo "ERROR: Failed to build Apache. See \"build.log\" for details."
-  exit 1;
-fi
-
-echo "Binary image successfully created..."
-
-./bindist/bin/httpd -v
-
-echo "Creating supplementary files..."
-
-( echo " " && \
-  echo "Apache $VER binary distribution" && \
-  echo "================================" && \
-  echo " " && \
-  echo "This binary distribution is usable on a \"$OS\"" && \
-  echo "system and was built by \"$USER\"." && \
-  echo "" && \
-  echo "The distribution contains all standard Apache modules as shared" && \
-  echo "objects. This allows you to enable or disable particular modules" && \
-  echo "with the LoadModule/AddModule directives in the configuration file" && \
-  echo "without the need to re-compile Apache." && \
-  echo "" && \
-  echo "See \"INSTALL.bindist\" on how to install the distribution." && \
-  echo " " && \
-  echo "NOTE: Please do not send support-related mails to the address mentioned" && \
-  echo "      above or to any member of the Apache Group! Support questions" && \
-  echo "      should be directed to the forums mentioned at" && \
-  echo "      http://httpd.apache.org/lists.html#http-users" && \
-  echo "      where some of the Apache team lurk, in the company of many other" && \
-  echo "      Apache gurus who should be able to help." && \
-  echo "      If you think you found a bug in Apache or have a suggestion please" && \
-  echo "      visit the bug report page at http://httpd.apache.org/bug_report.html" && \
-  echo " " && \
-  echo "----------------------------------------------------------------------" && \
-  ./bindist/bin/httpd -V && \
-  echo "----------------------------------------------------------------------" \
-) > README.bindist
-cp README.bindist ../apache_$VER-$OS.README
-
-( echo " " && \
-  echo "Apache $VER binary installation" && \
-  echo "================================" && \
-  echo " " && \
-  echo "To install this binary distribution you have to execute the installation" && \
-  echo "script \"install-bindist.sh\" in the top-level directory of the distribution." && \
-  echo " " && \
-  echo "The script takes the ServerRoot directory into which you want to install" && \
-  echo "Apache as an option. If you ommit the option the default path" && \
-  echo "\"/usr/local/apache\" is used." && \
-  echo "Make sure you have write permissions in the target directory, e.g. switch" && \
-  echo "to user \"root\" before you execute the script." && \
-  echo " " && \
-  echo "See \"README.bindist\" for further details about this distribution." && \
-  echo " " && \
-  echo "Please note that this distribution includes the complete Apache source code." && \
-  echo "Therefore you may compile Apache yourself at any time if you have a compiler" && \
-  echo "installation on your system." && \
-  echo "See \"INSTALL\" for details on how to accomplish this." && \
-  echo " " \
-) > INSTALL.bindist
-
-( echo "#!/bin/sh" && \
-  echo "#" && \
-  echo "# Usage: install-bindist.sh [ServerRoot]" && \
-  echo "# This script installs the Apache binary distribution and" && \
-  echo "# was automatically created by binbuild.sh." && \
-  echo " " && \
-  echo "lmkdir()" && \
-  echo "{" && \
-  echo "  path=\"\"" && \
-  echo "  dirs=\`echo \$1 | sed -e 's%/% %g'\`" && \
-  echo "  mode=\$2" && \
-  echo " " && \
-  echo "  set -- \${dirs}" && \
-  echo " " && \
-  echo "  for d in \${dirs}" && \
-  echo "  do" && \
-  echo "    path=\"\${path}/\$d\"" && \
-  echo "    if test ! -d \"\${path}\" ; then" && \
-  echo "      mkdir \${path}" && \
-  echo "      if test \$? -ne 0 ; then" && \
-  echo "        echo \"Failed to create directory: \${path}\"" && \
-  echo "        exit 1" && \
-  echo "      fi" && \
-  echo "      chmod \${mode} \${path}" && \
-  echo "    fi" && \
-  echo "  done" && \
-  echo "}" && \
-  echo " " && \
-  echo "lcopy()" && \
-  echo "{" && \
-  echo "  from=\$1" && \
-  echo "  to=\$2" && \
-  echo "  dmode=\$3" && \
-  echo "  fmode=\$4" && \
-  echo " " && \
-  echo "  test -d \${to} || lmkdir \${to} \${dmode}" && \
-  echo "  (cd \${from} && tar -cf - *) | (cd \${to} && tar -xf -)" && \
-  echo " " && \
-  echo "  if test \"X\${fmode}\" != X ; then" && \
-  echo "    find \${to} -type f -print | xargs chmod \${fmode}" && \
-  echo "  fi" && \
-  echo "  if test \"X\${dmode}\" != X ; then" && \
-  echo "    find \${to} -type d -print | xargs chmod \${dmode}" && \
-  echo "  fi" && \
-  echo "}" && \
-  echo " " && \
-  echo "##" && \
-  echo "##  determine path to (optional) Perl interpreter" && \
-  echo "##" && \
-  echo "PERL=no-perl5-on-this-system" && \
-  echo "perls='perl5 perl'" && \
-  echo "path=\`echo \$PATH | sed -e 's/:/ /g'\`" && \
-  echo " " && \
-  echo "for dir in \${path} ;  do" && \
-  echo "  for pperl in \${perls} ; do" && \
-  echo "    if test -f \"\${dir}/\${pperl}\" ; then" && \
-  echo "      if \`\${dir}/\${pperl} -v | grep 'version 5\.' >/dev/null 2>&1\` ; then" && \
-  echo "        PERL=\"\${dir}/\${pperl}\"" && \
-  echo "        break" && \
-  echo "      fi" && \
-  echo "    fi" && \
-  echo "  done" && \
-  echo "done" && \
-  echo " " && \
-  echo "if [ .\$1 = . ]" && \
-  echo "then" && \
-  echo "  SR=/usr/local/apache" && \
-  echo "else" && \
-  echo "  SR=\$1" && \
-  echo "fi" && \
-  echo "echo \"Installing binary distribution for platform $OS\"" && \
-  echo "echo \"into directory \$SR ...\"" && \
-  echo "lmkdir \$SR 755" && \
-  echo "lmkdir \$SR/proxy 750" && \
-  echo "lmkdir \$SR/logs 750" && \
-  echo "lcopy bindist/man \$SR/man 755 644" && \
-  echo "lcopy bindist/libexec \$SR/libexec 750 750" && \
-  echo "lcopy bindist/include \$SR/include 755 644" && \
-  echo "lcopy bindist/icons \$SR/icons 755 644" && \
-  echo "lcopy bindist/cgi-bin \$SR/cgi-bin 750 750" && \
-  echo "lcopy bindist/bin \$SR/bin 750 750" && \
-  echo "if [ -d \$SR/conf ]" && \
-  echo "then" && \
-  echo "  echo \"[Preserving existing configuration files.]\"" && \
-  echo "  cp bindist/conf/*.default \$SR/conf/" && \
-  echo "else" && \
-  echo "  lcopy bindist/conf \$SR/conf 750 640" && \
-  echo "fi" && \
-  echo "if [ -d \$SR/htdocs ]" && \
-  echo "then" && \
-  echo "  echo \"[Preserving existing htdocs directory.]\"" && \
-  echo "else" && \
-  echo "  lcopy bindist/htdocs \$SR/htdocs 755 644" && \
-  echo "fi" && \
-  echo " " && \
-  echo "sed -e \"s;^#!/.*;#!\$PERL;\" -e \"s;\@prefix\@;\$SR;\" -e \"s;\@sbindir\@;\$SR/bin;\" \\" && \
-  echo "	-e \"s;\@libexecdir\@;\$SR/libexec;\" -e \"s;\@includedir\@;\$SR/include;\" \\" && \
-  echo "	-e \"s;\@sysconfdir\@;\$SR/conf;\" bindist/bin/apxs > \$SR/bin/apxs" && \
-  echo "sed -e \"s;^#!/.*;#!\$PERL;\" bindist/bin/dbmmanage > \$SR/bin/dbmmanage" && \
-  echo "sed -e \"s%/usr/local/apache%\$SR%\" \$SR/conf/httpd.conf.default > \$SR/conf/httpd.conf" && \
-  echo "sed -e \"s%PIDFILE=%PIDFILE=\$SR/%\" -e \"s%HTTPD=%HTTPD=\\\"\$SR/%\" -e \"s%httpd\$%httpd -d \$SR -R \$SR/libexec\\\"%\" bindist/bin/apachectl > \$SR/bin/apachectl" && \
-  echo " " && \
-  echo "echo \"Ready.\"" && \
-  echo "echo \" +--------------------------------------------------------+\"" && \
-  echo "echo \" | You now have successfully installed the Apache $VER  |\"" && \
-  echo "echo \" | HTTP server. To verify that Apache actually works      |\"" && \
-  echo "echo \" | correctly you should first check the (initially        |\"" && \
-  echo "echo \" | created or preserved) configuration files:             |\"" && \
-  echo "echo \" |                                                        |\"" && \
-  echo "echo \" |   \$SR/conf/httpd.conf\"" && \
-  echo "echo \" |                                                        |\"" && \
-  echo "echo \" | You should then be able to immediately fire up         |\"" && \
-  echo "echo \" | Apache the first time by running:                      |\"" && \
-  echo "echo \" |                                                        |\"" && \
-  echo "echo \" |   \$SR/bin/apachectl start \"" &&\
-  echo "echo \" |                                                        |\"" && \
-  echo "echo \" | Thanks for using Apache.       The Apache Group        |\"" && \
-  echo "echo \" |                                http://www.apache.org/  |\"" && \
-  echo "echo \" +--------------------------------------------------------+\"" && \
-  echo "echo \" \"" \
-) > install-bindist.sh
-chmod 755 install-bindist.sh
-
-sed -e "s%\"htdocs%\"/usr/local/apache/htdocs%" \
-    -e "s%\"icons%\"/usr/local/apache/icons%" \
-    -e "s%\"cgi-bin%\"/usr/local/apache/cgi-bin%" \
-    -e "s%\"proxy%\"/usr/local/apache/proxy%" \
-    -e "s%^ServerAdmin.*%ServerAdmin you@your.address%" \
-    -e "s%#ServerName.*%#ServerName localhost%" \
-    -e "s%Port 8080%Port 80%" \
-    bindist/conf/httpd.conf.default > bindist/conf/httpd.conf
-cp bindist/conf/httpd.conf bindist/conf/httpd.conf.default
-
-echo "Creating distribution archive and readme file..."
- 
-if [ ".`grep -i error build.log > /dev/null`" != . ]
-then
-  echo "ERROR: Failed to build Apache. See \"build.log\" for details."
-  exit 1;
-else
-  if [ "x$GTAR" != "x" ]
-  then
-    $GTAR -zcf ../apache_$VER-$OS.tar.gz -C .. apache_$VER
-  else
-    if [ "x$TAR" != "x" ]
-    then
-      case "x$OS" in
-        x*OS390*) $TAR -cfU ../apache_$VER-$OS.tar -C .. apache_$VER;;
-	    *) (cd .. && $TAR -cf apache_$VER-$OS.tar apache_$VER);;
-      esac
-      if [ "x$GZIP" != "x" ]
-      then
-        $GZIP ../apache_$VER-$OS.tar
-      fi
-    else
-      echo "ERROR: Could not find a 'tar' program!"
-      echo "       Please execute the following commands manually:"
-      echo "         tar -cf ../apache_$VER-$OS.tar ."
-      echo "         gzip ../apache_$VER-$OS.tar"
-    fi
-  fi
-
-  if [ -f ../apache_$VER-$OS.tar.gz ] && [ -f ../apache_$VER-$OS.README ]
-  then
-    echo "Ready."
-    echo "You can find the binary archive (apache_$VER-$OS.tar.gz)"
-    echo "and the readme file (apache_$VER-$OS.README) in the"
-    echo "parent directory."
-    exit 0;
-  else
-    exit 1;
-  fi
-fi
diff --git a/usr.sbin/httpd/src/helpers/buildinfo.sh b/usr.sbin/httpd/src/helpers/buildinfo.sh
deleted file mode 100644
index 5c2a72d6b35..00000000000
--- a/usr.sbin/httpd/src/helpers/buildinfo.sh
+++ /dev/null
@@ -1,160 +0,0 @@
-#!/bin/sh
-##
-##  buildinfo.sh -- Determine Build Information
-##  Initially written by Ralf S. Engelschall <rse@apache.org>
-##  for the Apache's Autoconf-style Interface (APACI) 
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#
-#   argument line handling
-#
-error=no
-if [ $# -ne 1 -a $# -ne 2 ]; then
-    error=yes
-fi
-if [ $# -eq 2 -a "x$1" != "x-n" ]; then
-    error=yes
-fi
-if [ "x$error" = "xyes" ]; then
-    echo "$0:Error: invalid argument line"
-    echo "$0:Usage: $0 [-n] <format-string>"
-    echo "Where <format-string> can contain:"
-    echo "   %u ...... substituted by determined username    (foo)"
-    echo "   %h ...... substituted by determined hostname    (bar)"
-    echo "   %d ...... substituted by determined domainname  (.com)"
-    echo "   %D ...... substituted by determined day         (DD)"
-    echo "   %M ...... substituted by determined month       (MM)"
-    echo "   %Y ...... substituted by determined year        (YYYYY)"
-    echo "   %m ...... substituted by determined monthname   (Jan)"
-    exit 1
-fi
-if [ $# -eq 2 ]; then
-    newline=no
-    format_string="$2"
-else
-    newline=yes
-    format_string="$1"
-fi
-
-#
-#   initialization
-#
-username=''
-hostname=''
-domainname=''
-time_day=''
-time_month=''
-time_year=''
-time_monthname=''
-
-#
-#   determine username
-#
-username="$LOGNAME"
-if [ "x$username" = "x" ]; then
-    username="$USER"
-    if [ "x$username" = "x" ]; then
-        username="`(whoami) 2>/dev/null |\
-                   awk '{ printf("%s", $1); }'`"
-        if [ "x$username" = "x" ]; then
-            username="`(who am i) 2>/dev/null |\
-                       awk '{ printf("%s", $1); }'`"
-            if [ "x$username" = "x" ]; then
-                username='unknown'
-            fi
-        fi
-    fi
-fi
-
-#
-#   determine hostname and domainname
-#
-hostname="`(uname -n) 2>/dev/null |\
-           awk '{ printf("%s", $1); }'`"
-if [ "x$hostname" = "x" ]; then
-    hostname="`(hostname) 2>/dev/null |\
-               awk '{ printf("%s", $1); }'`"
-    if [ "x$hostname" = "x" ]; then
-        hostname='unknown'
-    fi
-fi
-case $hostname in
-    *.* )
-        domainname=".`echo $hostname | cut -d. -f2-`"
-        hostname="`echo $hostname | cut -d. -f1`"
-        ;;
-esac
-if [ "x$domainname" = "x" ]; then
-    if [ -f /etc/resolv.conf ]; then
-        domainname="`egrep '^[ 	]*domain' /etc/resolv.conf | head -1 |\
-                     sed -e 's/.*domain//' \
-                         -e 's/^[ 	]*//' -e 's/^ *//' -e 's/^	*//' \
-                         -e 's/^\.//' -e 's/^/./' |\
-                     awk '{ printf("%s", $1); }'`"
-        if [ "x$domainname" = "x" ]; then
-            domainname="`egrep '^[ 	]*search' /etc/resolv.conf | head -1 |\
-                         sed -e 's/.*search//' \
-                             -e 's/^[ 	]*//' -e 's/^ *//' -e 's/^	*//' \
-                             -e 's/ .*//' -e 's/	.*//' \
-                             -e 's/^\.//' -e 's/^/./' |\
-                         awk '{ printf("%s", $1); }'`"
-        fi
-    fi
-fi
-
-#
-#   determine current time
-#
-time_day="`date '+%d' | awk '{ printf("%s", $1); }'`"
-time_month="`date '+%m' | awk '{ printf("%s", $1); }'`"
-time_year="`date '+%Y' 2>/dev/null | awk '{ printf("%s", $1); }'`"
-if [ "x$time_year" = "x" ]; then
-    time_year="`date '+%y' | awk '{ printf("%s", $1); }'`"
-    case $time_year in
-        [5-9][0-9]) time_year="19$time_year" ;;
-        [0-4][0-9]) time_year="20$time_year" ;;
-    esac
-fi
-case $time_month in
-    1|01) time_monthname='Jan' ;;
-    2|02) time_monthname='Feb' ;;
-    3|03) time_monthname='Mar' ;;
-    4|04) time_monthname='Apr' ;;
-    5|05) time_monthname='May' ;;
-    6|06) time_monthname='Jun' ;;
-    7|07) time_monthname='Jul' ;;
-    8|08) time_monthname='Aug' ;;
-    9|09) time_monthname='Sep' ;;
-      10) time_monthname='Oct' ;;
-      11) time_monthname='Nov' ;;
-      12) time_monthname='Dec' ;;
-esac
-
-#
-#   create result string
-#
-if [ "x$newline" = "xyes" ]; then
-    echo $format_string |\
-    sed -e "s;%u;$username;g" \
-        -e "s;%h;$hostname;g" \
-        -e "s;%d;$domainname;g" \
-        -e "s;%D;$time_day;g" \
-        -e "s;%M;$time_month;g" \
-        -e "s;%Y;$time_year;g" \
-        -e "s;%m;$time_monthname;g"
-else
-    echo "${format_string}&" |\
-    sed -e "s;%u;$username;g" \
-        -e "s;%h;$hostname;g" \
-        -e "s;%d;$domainname;g" \
-        -e "s;%D;$time_day;g" \
-        -e "s;%M;$time_month;g" \
-        -e "s;%Y;$time_year;g" \
-        -e "s;%m;$time_monthname;g" |\
-    awk '-F&' '{ printf("%s", $1); }'
-fi
-
diff --git a/usr.sbin/httpd/src/helpers/checkheader.sh b/usr.sbin/httpd/src/helpers/checkheader.sh
deleted file mode 100644
index 26cd176c682..00000000000
--- a/usr.sbin/httpd/src/helpers/checkheader.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-##
-##  checkheader.sh -- Check whether a C header file exists
-##  Initially written by Ralf S. Engelschall for the Apache
-##   configuration mechanism
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-header=$1
-rc=1
-if [ "x$CPP" = "x" ]; then
-    CPP='NOT-AVAILABLE'
-fi
-if [ "x$CPP" != "xNOT-AVAILABLE" ]; then
-    #   create a test C source
-    cat >conftest.c <<EOF
-#include <$header>
-Syntax Error
-EOF
-    (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-    my_error=`grep -v '^ *+' conftest.out`
-    if [ "x$my_error" = "x" ]; then
-        rc=0
-    fi
-else
-    if [ -f "/usr/include/$header" ]; then
-        rc=0
-    fi
-fi
-rm -f conftest.*
-exit $rc
-    
diff --git a/usr.sbin/httpd/src/helpers/cvstodsp5.pl b/usr.sbin/httpd/src/helpers/cvstodsp5.pl
deleted file mode 100644
index cf2d167c96b..00000000000
--- a/usr.sbin/httpd/src/helpers/cvstodsp5.pl
+++ /dev/null
@@ -1,43 +0,0 @@
-use IO::File;
-use File::Find;
-
-chdir '..';
-find(\&tovc5, '.');
-
-sub tovc5 { 
-
-    if (m|.dsp$|) {
-        $oname = $_;
-	$tname = '.#' . $_;
-        $verchg = 0;
-	$srcfl = new IO::File $oname, "r" || die;
-	$dstfl = new IO::File $tname, "w" || die;
-	while ($src = <$srcfl>) {
-	    if ($src =~ s|Format Version 6\.00|Format Version 5\.00|) {
-		$verchg = -1;
-	    }
-	    if ($src =~ s|^(# ADD CPP .*)/ZI (.*)|$1/Zi $2|) {
-		$verchg = -1;
-	    }
-	    if ($src =~ s|^(# ADD BASE CPP .*)/ZI (.*)|$1/Zi $2|) {
-		$verchg = -1;
-	    }
-	    if ($src !~ m|^# PROP AllowPerConfigDependencies|) {
-		print $dstfl $src; }
-	    else {
-		$verchg = -1;
-
-	    }
-	}
-	undef $srcfl;
-	undef $dstfl;
-	if ($verchg) {
-	    unlink $oname || die;
-	    rename $tname, $oname || die;
-	    print "Converted VC6 project " . $oname . " to VC5 in " . $File::Find::dir . "\n"; 
-	}
-	else {
-	    unlink $tname;
-	}
-    }
-}
diff --git a/usr.sbin/httpd/src/helpers/dsp5tocvs.pl b/usr.sbin/httpd/src/helpers/dsp5tocvs.pl
deleted file mode 100644
index 682ddba9206..00000000000
--- a/usr.sbin/httpd/src/helpers/dsp5tocvs.pl
+++ /dev/null
@@ -1,40 +0,0 @@
-use IO::File;
-use File::Find;
-
-chdir '..';
-find(\&tovc6, '.');
-
-sub tovc6 { 
-
-    if (m|.dsp$|) {
-        $oname = $_;
-	$tname = '.#' . $_;
-	$verchg = 0;
-	$srcfl = new IO::File $_, "r" || die;
-	$dstfl = new IO::File $tname, "w" || die;
-	while ($src = <$srcfl>) {
-	    if ($src =~ s|Format Version 5\.00|Format Version 6\.00|) {
-		$verchg = -1;
-	    }
-	    if ($src =~ s|^(!MESSAGE .*)\\\n|$1|) {
-		$cont = <$srcfl>;
-		$src = $src . $cont;
-		$verchg = -1;
-	    }
-            print $dstfl $src; 
-	    if ($verchg && $src =~ m|^# Begin Project|) {
-		print $dstfl "# PROP AllowPerConfigDependencies 0\n"; 
-	    }
-	}
-	undef $srcfl;
-	undef $dstfl;
-	if ($verchg) {
-	    unlink $oname || die;
-	    rename $tname, $oname || die;
-	    print "Converted VC5 project " . $oname . " to VC6 in " . $File::Find::dir . "\n"; 
-	}
-	else {
-	    unlink $tname;
-	}
-    }
-}
diff --git a/usr.sbin/httpd/src/helpers/dummy.c b/usr.sbin/httpd/src/helpers/dummy.c
deleted file mode 100644
index cf938b8402c..00000000000
--- a/usr.sbin/httpd/src/helpers/dummy.c
+++ /dev/null
@@ -1,12 +0,0 @@
-/* this file is used by TestLib */
-/* the extra decl is to shutup gcc -Wmissing-prototypes */
-extern int foo (const char *c);
-int foo ( const char *c )
-{
-return *c;
-}
-int main(void) {
-    const char *c = "";
-    (void)foo(c);
-    return 0;
-}
diff --git a/usr.sbin/httpd/src/helpers/find-dbm-lib b/usr.sbin/httpd/src/helpers/find-dbm-lib
deleted file mode 100644
index 21a837c37f8..00000000000
--- a/usr.sbin/httpd/src/helpers/find-dbm-lib
+++ /dev/null
@@ -1,74 +0,0 @@
-# Our config tool sucks... if this script decides to modify the
-# LIBS variable it won't be used by any of the other TestCompiles.
-# So unless we protect ourselves with the found_dbm variable
-# we'd end up having to do the work twice... and we'd end up putting
-# two -ldbm -ldbm into the LIBS variable.
-
-if [ "x$found_dbm" = "x" ]; then
-    if sh helpers/TestCompile func dbm_open; then
-	found_dbm=1
-    else
-	found_dbm=0
-	case "$PLAT" in
-  	    *-linux*)
-  		# many systems don't have -ldbm
-  		DBM_LIB=""
-		if ./helpers/TestCompile lib ndbm dbm_open; then
-  		    DBM_LIB="-lndbm"
-		    if ./helpers/TestCompile lib db1 dbm_open; then
-			# Red Hat needs this; ndbm.h lives in db1
-			CFLAGS="$CFLAGS -I/usr/include/db1"
-		    fi
-		elif ./helpers/TestCompile lib db1 dbm_open; then
-		    # For Red Hat 7, if not handled by the ndbm case above
-  		    DBM_LIB="-ldb1"
-  		    CFLAGS="$CFLAGS -I/usr/include/db1"
-                elif ./helpers/TestCompile lib gdbm dbm_open; then
-                    DBM_LIB="-lgdbm"
-                    CFLAGS="$CFLAGS -I/usr/include/gdbm"
-		elif ./helpers/TestCompile lib dbm dbm_open; then
-		    DBM_LIB="-ldbm"
-		fi
-  		if [ "x$DBM_LIB" != "x" ]; then
-  		    LIBS="$LIBS $DBM_LIB"
-  		    found_dbm=1
-  		fi
-  		;;
-        *-cygwin*)
-        # we use the shared DLL version of gdbm if available
-        DBM_LIB=""
-        if ./helpers/TestCompile lib gdbm dbm_open; then
-            DBM_LIB="-lgdbm"
-            LIBS="$LIBS $DBM_LIB"
-            found_dbm=1
-        fi
-        ;;
-	    *)
-		if [ "x$DBM_LIB" != "x" ]; then
-		    oldLIBS="$LIBS"
-		    LIBS="$LIBS $DBM_LIB"
-		    if sh helpers/TestCompile func dbm_open; then
-			found_dbm=1
-		    else
-			found_dbm=0
-			LIBS="$oldLIBS"
-		    fi
-		else
-		    for dblib in dbm ndbm db
-		    do
-			DBM_LIB=""
-			if sh helpers/TestCompile lib $dblib dbm_open; then
-			    DBM_LIB="-l${dblib}"
-			    LIBS="$LIBS $DBM_LIB"
-			    found_dbm=1
-			    break
-			fi
-		    done
-		fi
-		;;
-	esac
-	if [ "x$found_dbm" = "x1" ]; then
-	    echo " + using $DBM_LIB for DBM support"
-	fi
-    fi
-fi
diff --git a/usr.sbin/httpd/src/helpers/findcpp.sh b/usr.sbin/httpd/src/helpers/findcpp.sh
deleted file mode 100644
index 0fb55849226..00000000000
--- a/usr.sbin/httpd/src/helpers/findcpp.sh
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/bin/sh
-##
-##  findcpp.sh -- Find out how to _directly_ run the C Pre-Processor (CPP)
-##  Initially written by Ralf S. Engelschall for the Apache configuration
-##   mechanism
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#   create a test C source:
-#   - has to use extension ".c" because some CPP only accept this one
-#   - uses assert.h because this is a standard header and harmless to include
-#   - contains a Syntax Error to make sure it passes only the preprocessor
-#     but not the real compiler pass
-cat >conftest.c <<EOF
-#include <assert.h>
-Syntax Error
-EOF
-
-#   some braindead systems have a CPP define for a directory :-(
-if [ "x$CPP" != "x" ]; then
-    if [ -d "$CPP" ]; then
-        CPP=''
-    fi
-fi
-if [ "x$CPP" != "x" ]; then
-    #   case 1: user provided a default CPP variable (we only check)
-    (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-    my_error=`grep -v '^ *+' conftest.out`
-    if [ "x$my_error" != "x" ]; then
-        CPP=''
-    fi
-else
-    #   case 2: no default CPP variable (we have to find one)
-    #   1. try the standard -E option
-    CPP="${CC-cc} -E"
-    (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-    my_error=`grep -v '^ *+' conftest.out`
-    if [ "x$my_error" != "x" ]; then
-        #   2. try the -E option and GCC's -traditional-ccp option
-        CPP="${CC-cc} -E -traditional-cpp"
-        (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-        my_error=`grep -v '^ *+' conftest.out`
-        if [ "x$my_error" != "x" ]; then
-            #   3. try a standalone cpp command in $PATH and lib dirs
-            CPP="`sh helpers/PrintPath cpp`"
-            if [ "x$CPP" = "x" ]; then
-                CPP="`sh helpers/PrintPath -p/lib:/usr/lib:/usr/local/lib cpp`"
-            fi
-            if [ "x$CPP" != "x" ]; then
-                (eval "$CPP conftest.c >/dev/null") 2>conftest.out
-                my_error=`grep -v '^ *+' conftest.out`
-                if [ "x$my_error" != "x" ]; then
-                    #   ok, we gave up...
-                    CPP=''
-                fi
-            fi
-        fi
-    fi
-fi
-
-#   cleanup after work
-rm -f conftest.*
-
-#   Ok, empty CPP variable now means it's not available
-if [ "x$CPP" = "x" ]; then
-    CPP='NOT-AVAILABLE'
-fi
-
-echo $CPP
-
diff --git a/usr.sbin/httpd/src/helpers/fixwin32mak.pl b/usr.sbin/httpd/src/helpers/fixwin32mak.pl
deleted file mode 100644
index 756f0a735c8..00000000000
--- a/usr.sbin/httpd/src/helpers/fixwin32mak.pl
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# fixwin32mak.pl ::: Apache/Win32 maintanace program
-#
-# This program, launched from the build/ directory, replaces all nasty absoulute paths
-# in the win32 .mak files with the appropriate relative root.
-#
-# Run this program prior to committing or packaging any newly exported make files.
-
-use Cwd;
-use IO::File;
-use File::Find;
-
-chdir '..';
-$root = cwd;
-$root =~ s|.:(.*)|cd "$1|;
-$root =~ s|/|\\\\|g;
-find(\&fixcwd, '.');
-
-sub fixcwd { 
-    if (m|.mak$|) {
-	$repl = $File::Find::dir;
-        $repl =~ s|^./||;
-        $repl =~ s|[^\./]+|..|g;
-        $repl =~ s|/|\\|;
-        $oname = $_;
-	$tname = '.#' . $_;
-	$verchg = 0;
-	$srcfl = new IO::File $_, "r" || die;
-	$dstfl = new IO::File $tname, "w" || die;
-	while ($src = <$srcfl>) {
-	    if ($src =~ s|^(\s*)$root|$1cd "$repl|) {
-		$verchg = -1;
-	    }
-            print $dstfl $src; 
-	}
-	undef $srcfl;
-	undef $dstfl;
-	if ($verchg) {
-	    unlink $oname || die;
-	    rename $tname, $oname || die;
-	    print "Corrected absolute paths within " . $oname . " in " . $File::Find::dir . "\n"; 
-	}
-	else {
-	    unlink $tname;
-	}
-    }
-}
diff --git a/usr.sbin/httpd/src/helpers/fmn.sh b/usr.sbin/httpd/src/helpers/fmn.sh
deleted file mode 100644
index 2900499da99..00000000000
--- a/usr.sbin/httpd/src/helpers/fmn.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/sh
-##
-##  fmn.sh -- find a modules (structure) name
-##
-##  Extracted from the Configure script for use with
-##  Apache's Autoconf-style Interface (APACI).
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#   input: the modules source file
-modfile=$1
-
-#   the part from the Configure script
-tmpfile=${TMPDIR-/tmp}/fmn.tmp.$$
-rm -f $tmpfile
-modname=''
-ext=`echo $modfile | sed 's/^.*\.//'`
-modbase=`echo $modfile | sed 's/\.[^.]*$//'`
-if [ "x$ext" = "x$modfile" ]; then ext=o; modbase=$modfile; modfile=$modbase.o; fi
-if [ "x$ext" = "x" ] ; then ext=o; modbase=$modfile; fi
-if [ "x$ext" = "xc" ] ; then ext=o; fi
-if [ -r $modbase.module ] ; then
-    cat $modbase.module >$tmpfile
-else
-    if [ -f $modbase.c ] ; then
-        modname=`egrep '^module .*;' $modbase.c | head -1 |\
-                sed 's/^module.*[ 	][ 	]*//' | \
-                sed 's/[ 	]*;[ 	]*$//'`
-        if grep "MODULE-DEFINITION-" $modbase.c >/dev/null; then
-            cat $modbase.c | \
-            sed '1,/MODULE-DEFINITION-START/d;/MODULE-DEFINITION-END/,$d' >$tmpfile
-        fi
-    fi
-fi              
-if [ -r $tmpfile ] ; then
-    modname=`grep "Name:" $tmpfile | sed 's/^.*Name:[ 	]*//'`
-fi
-if [ "x$modname" = "x" ] ; then
-    modname=`echo $modbase | sed 's/^.*\///' | \
-        sed 's/^mod_//' | sed 's/^lib//' | sed 's/$/_module/'`
-fi
-rm -f $tmpfile
-
-#   output: the name of the module structure symbol
-echo "$modname"
-
diff --git a/usr.sbin/httpd/src/helpers/fp2rp b/usr.sbin/httpd/src/helpers/fp2rp
deleted file mode 100644
index 68d5adb6d19..00000000000
--- a/usr.sbin/httpd/src/helpers/fp2rp
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-##
-## fp2rp -- convert a standard forward path to a reverse dotted path
-##
-if [ "x$1" = "x." ]; then
-    rp="."
-else
-    rp=""
-    for pe in `IFS="$IFS/"; echo $1`; do
-        rp="../$rp"
-    done
-fi
-echo $rp | sed -e 's:/$::'
diff --git a/usr.sbin/httpd/src/helpers/getuid.sh b/usr.sbin/httpd/src/helpers/getuid.sh
deleted file mode 100644
index 9b5b3498f5f..00000000000
--- a/usr.sbin/httpd/src/helpers/getuid.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/sh
-# Return the uid of the process being run. If we cannot
-# determine what it is, return '?'.
-#
-# Initially written by Jim Jagielski for the Apache configuration mechanism
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-# First we try 'id'
-if `sh src/helpers/PrintPath -s id` ; then
-    AP_IDPATH=`sh src/helpers/PrintPath id`
-    # See if it's a POSIX 'id'
-    if `$AP_IDPATH -u >/dev/null 2>&1` ; then
-	AP_RETVAL=`$AP_IDPATH -u` 
-	echo $AP_RETVAL
-	exit 0
-    else
-	AP_RETVAL=`$AP_IDPATH | \
-	    sed -e 's/^.*uid[ 	]*=[ 	]*[^0123456789]*//' | \
-	    sed -e 's/[ 	]*(.*$//'`
-	echo $AP_RETVAL
-	exit 0
-    fi
-fi
-
-#
-# Ugg. Now we have to grab the login name of the process, and
-# scan /etc/passwd.
-#
-# Try 'whoami' first, then 'who am i' (making sure to strip away
-# the who crud) and finally just copy $LOGNAME
-#
-if `sh src/helpers/PrintPath -s whoami` ; then
-    AP_WAIPATH=`sh src/helpers/PrintPath whoami`
-    AP_LOGNAME=`$AP_WAIPATH`
-else
-    AP_LOGNAME=`who am i | tail -1 | sed -e 's/[ 	][ 	]*.*$//'`
-fi
-
-#
-# See if we have a valid login name.
-#
-if [ "x$AP_LOGNAME" = "x" ]; then
-    AP_LOGNAME=$LOGNAME
-    if [ "x$AP_LOGNAME" = "x" ]; then
-	echo "?"
-	exit 1
-    fi
-fi
-
-#
-# Ok, now we scan through /etc/passwd
-#
-AP_RETVAL=`egrep \^${AP_LOGNAME}: /etc/passwd | \
-	sed -e 's/[^:]*:[^:]*://' | \
-	sed -e 's/:.*$//'`
-
-if [ "x$AP_RETVAL" = "x" ]; then
-    echo "?"
-    exit 1
-else
-    echo $AP_RETVAL
-    exit 0
-fi
diff --git a/usr.sbin/httpd/src/helpers/install.sh b/usr.sbin/httpd/src/helpers/install.sh
deleted file mode 100644
index dafc26e9cec..00000000000
--- a/usr.sbin/httpd/src/helpers/install.sh
+++ /dev/null
@@ -1,120 +0,0 @@
-#!/bin/sh
-##
-##  install.sh -- install a program, script or datafile
-##
-##  Based on `install-sh' from the X Consortium's X11R5 distribution
-##  as of 89/12/18 which is freely available.
-##  Cleaned up for Apache's Autoconf-style Interface (APACI)
-##  by Ralf S. Engelschall <rse@apache.org>
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#
-#   put in absolute paths if you don't have them in your path; 
-#   or use env. vars.
-#
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-
-#
-#   parse argument line
-#
-instcmd="$mvprog"
-chmodcmd=""
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-ext=""
-src=""
-dst=""
-while [ "x$1" != "x" ]; do
-    case $1 in
-        -c) instcmd="$cpprog"
-            shift; continue
-            ;;
-        -m) chmodcmd="$chmodprog $2"
-            shift; shift; continue
-            ;;
-        -o) chowncmd="$chownprog $2"
-            shift; shift; continue
-            ;;
-        -g) chgrpcmd="$chgrpprog $2"
-            shift; shift; continue
-            ;;
-        -s) stripcmd="$stripprog"
-            shift; continue
-            ;;
-        -S) stripcmd="$stripprog $2"
-            shift; shift; continue
-            ;;
-        -e) ext="$2"
-            shift; shift; continue
-            ;;
-        *)  if [ "x$src" = "x" ]; then
-                src=$1
-            else
-                dst=$1
-            fi
-            shift; continue
-            ;;
-    esac
-done
-if [ "x$src" = "x" ]; then
-     echo "install.sh: no input file specified"
-     exit 1
-fi
-if [ "x$dst" = "x" ]; then
-     echo "install.sh: no destination specified"
-     exit 1
-fi
-
-#
-#  If destination is a directory, append the input filename; if
-#  your system does not like double slashes in filenames, you may
-#  need to add some logic
-#
-if [ -d $dst ]; then
-    dst="$dst/`basename $src`"
-fi
-
-#  Check if we need to add an executable extension (such as ".exe") 
-#  on specific OS to src and dst
-if [ -f "$src.exe" ]; then
-  if [ -f "$src" ]; then
-    : # Cygwin [ test ] is too stupid to do [ -f "$src.exe" ] && [ ! -f "$src" ]
-  else
-    ext=".exe"
-  fi
-fi
-src="$src$ext"
-dst="$dst$ext"
-
-#  Make a temp file name in the proper directory.
-dstdir=`dirname $dst`
-dsttmp=$dstdir/inst.$$
-
-#  Move or copy the file name to the temp name
-$instcmd $src $dsttmp
-
-#  And set any options; do chmod last to preserve setuid bits
-if [ "x$chowncmd" != "x" ]; then $chowncmd $dsttmp; fi
-if [ "x$chgrpcmd" != "x" ]; then $chgrpcmd $dsttmp; fi
-if [ "x$stripcmd" != "x" ]; then $stripcmd $dsttmp; fi
-if [ "x$chmodcmd" != "x" ]; then $chmodcmd $dsttmp; fi
-
-#  Now rename the file to the real destination.
-$rmcmd $dst
-$mvcmd $dsttmp $dst
-
-exit 0
-
diff --git a/usr.sbin/httpd/src/helpers/mfhead b/usr.sbin/httpd/src/helpers/mfhead
deleted file mode 100644
index f33d82492d1..00000000000
--- a/usr.sbin/httpd/src/helpers/mfhead
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-echo "##"
-echo "##  Apache Makefile, automatically generated by Configure script."
-echo "##  Hand-edited changes will be lost if the Configure script is re-run."
-echo "##  Sources: - `sh helpers/fp2rp $1`/Makefile.config (via $2)"
-echo "##           - ./Makefile.tmpl"
-echo "##"
-echo ""
diff --git a/usr.sbin/httpd/src/helpers/mkdir.sh b/usr.sbin/httpd/src/helpers/mkdir.sh
deleted file mode 100644
index 4cd33c5671c..00000000000
--- a/usr.sbin/httpd/src/helpers/mkdir.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-## 
-##  mkdir.sh -- make directory hierarchy
-##
-##  Based on `mkinstalldirs' from Noah Friedman <friedman@prep.ai.mit.edu>
-##  as of 1994-03-25, which was placed in the Public Domain.
-##  Cleaned up for Apache's Autoconf-style Interface (APACI)
-##  by Ralf S. Engelschall <rse@apache.org>
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-umask 022
-errstatus=0
-for file in ${1+"$@"} ; do 
-    set fnord `echo ":$file" |\
-               sed -e 's/^:\//%/' -e 's/^://' -e 's/\// /g' -e 's/^%/\//'`
-    shift
-    pathcomp=
-    for d in ${1+"$@"}; do
-        pathcomp="$pathcomp$d"
-        case "$pathcomp" in
-            -* ) pathcomp=./$pathcomp ;;
-        esac
-        if test ! -d "$pathcomp"; then
-            echo "mkdir $pathcomp" 1>&2
-            mkdir "$pathcomp" || errstatus=$?
-        fi
-        pathcomp="$pathcomp/"
-    done
-done
-exit $errstatus
-
diff --git a/usr.sbin/httpd/src/helpers/mkshadow.sh b/usr.sbin/httpd/src/helpers/mkshadow.sh
deleted file mode 100644
index 00b0e3a2a41..00000000000
--- a/usr.sbin/httpd/src/helpers/mkshadow.sh
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/bin/sh
-##
-##  mkshadow.sh -- create a shadow tree
-##
-##  Initially written by Ralf S. Engelschall <rse@apache.org>
-##  for the shadow tree generation option (--shadow) of 
-##  Apache's Autoconf-style Interface (APACI) 
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-#   default IFS
-DIFS=' 	
-'
-
-#   source and destination directory
-src=`echo $1 | sed -e 's:/$::'`
-dst=`echo $2 | sed -e 's:/$::'`
-
-#   check whether source exists
-if [ ! -d $src ]; then
-    echo "mkshadow.sh:Error: source directory not found" 1>&2
-    exit 1
-fi
-
-#   determine if one of the paths is an absolute path,
-#   because then we have to use an absolute symlink
-oneisabs=0
-case $src in
-    /* ) oneisabs=1 ;;
-esac
-case $dst in
-    /* ) oneisabs=1 ;;
-esac
-
-#   determine reverse directory for destination directory
-dstrevdir=''
-if [ "x$oneisabs" = "x0" ]; then
-    #   (inlined fp2rp)
-    OIFS2="$IFS"; IFS='/'
-    for pe in $dst; do
-        dstrevdir="../$dstrevdir"
-    done
-    IFS="$OIFS2"
-else
-    src="`cd $src; pwd`";
-fi
-
-#   create directory tree at destination
-if [ ! -d $dst ]; then
-    mkdir $dst
-fi
-DIRS="`cd $src; \
-       find . -type d -print |\
-       sed -e '/\/CVS/d' \
-           -e '/^\.$/d' \
-           -e 's:^\./::'`"
-OIFS="$IFS" IFS="$DIFS"
-for dir in $DIRS; do
-    mkdir $dst/$dir
-done
-IFS="$OIFS"
-
-#   fill directory tree with symlinks to files
-FILES="`cd $src; \
-        find . -depth -print |\
-        sed -e '/\.o$/d' \
-            -e '/\.a$/d' \
-            -e '/\.so$/d' \
-            -e '/\.so-o$/d' \
-            -e '/\.cvsignore$/d' \
-            -e '/\/CVS/d' \
-            -e '/\.indent\.pro$/d' \
-            -e '/\.apaci.*/d' \
-            -e '/Makefile$/d' \
-            -e '/\/\.#/d' \
-            -e '/\.orig$/d' \
-            -e 's/^\.\///'`"
-OIFS="$IFS" IFS="$DIFS"
-for file in $FILES; do
-     #  don't use `-type f' above for find because of symlinks
-     if [ -d "$src/$file" ]; then
-         continue
-     fi
-     basename=`echo $file | sed -e 's:^.*/::'`
-     dir=`echo $file | sed -e 's:[^/]*$::' -e 's:/$::' -e 's:$:/:' -e 's:^/$::'`
-     from="$src/$file"
-     to="$dst/$dir$basename"
-     if [ "x$oneisabs" = "x0" ]; then
-         if [ "x$dir" != "x" ]; then
-             subdir=`echo $dir | sed -e 's:/$::'`
-             #   (inlined fp2rp)
-             revdir=''
-             OIFS2="$IFS"; IFS='/'
-             for pe in $subdir; do
-                 revdir="../$revdir"
-             done
-             IFS="$OIFS2"
-             #   finalize from
-             from="$revdir$from"
-         fi
-         from="$dstrevdir$from"
-     fi
-     echo "    $to"
-     ln -s $from $to
-done
-IFS="$OIFS"
-
diff --git a/usr.sbin/httpd/src/helpers/ppl.sh b/usr.sbin/httpd/src/helpers/ppl.sh
deleted file mode 100644
index e83ab4793fc..00000000000
--- a/usr.sbin/httpd/src/helpers/ppl.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/sh
-##
-##  ppl.sh -- pretty print a colon-sperarated list by avoiding 
-##            `tr' and `fmt' because these tools are different
-##            between Unix platforms
-##
-##  Initially written by Ralf S. Engelschall <rse@apache.org>
-##  for pretty printing lists in the --help option of
-##  Apache's Autoconf-style Interface (APACI)
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-list=`
-IFS=:
-for entry in $*; do
-    if [ "x$entry" != "x" ]; then
-        echo $entry
-    fi
-done |\
-sort |\
-awk '
-    BEGIN { list = ""; n = 0; }
-    { 
-        list = list $1;
-        n = n + 1;
-        if (n == 1 || n == 2) {
-            list = list ":";
-        }
-        if (n == 3) {
-            list = list "\n";
-            n = 0;
-        }
-    }
-    END { print list; }
-'`
-IFS='
-'
-for entry in $list; do
-    echo $entry |\
-    awk -F: '
-        { printf("%-15s %-15s %-15s\n", $1, $2, $3); }
-    '
-done |\
-awk '{ 
-    if (length($0) > 48) { 
-        printf("%s\n", substr($0, 0, 47));
-    } else { 
-        print $0; 
-    }
-}' |\
-sed -e 's/^/                        [/' -e 's/$/]/'
-
diff --git a/usr.sbin/httpd/src/helpers/slo.sh b/usr.sbin/httpd/src/helpers/slo.sh
deleted file mode 100644
index e9d0e588134..00000000000
--- a/usr.sbin/httpd/src/helpers/slo.sh
+++ /dev/null
@@ -1,178 +0,0 @@
-#!/bin/sh
-##
-##  slo.h -- (S)eparate (L)inker (O)ptions by library class
-##  Initially written by Ralf S. Engelschall <rse@apache.org>
-##
-#
-# This script falls under the Apache License.
-# See http://www.apache.org/docs/LICENSE
-
-
-DIFS=' 	
-'
-
-#   
-#   parse out -L and -l options from command line
-#
-DIRS=''
-LIBS=''
-ARGV=''
-optprev=""
-OIFS="$IFS" IFS="$DIFS"
-for opt
-do
-    #   concatenate with previous option if exists
-    if [ "x$optprev" != "x" ]; then
-        opt="${optprev}${opt}";
-        optprev=''
-    fi
-    #   remember options for arg when used stand-alone
-    if [ "x$opt" = "x-L" -o "x$opt" = "x-l" ]; then
-        optprev="$opt"
-        continue;
-    fi
-    #   split argument into option plus option argument
-    arg="`echo $opt | cut -c3-`"
-    opt="`echo $opt | cut -c1-2`"
-    #   store into containers
-    case $opt in
-        -L) DIRS="$DIRS:$arg" ;;
-        -l) LIBS="$LIBS:$arg" ;;
-         *) ARGV="$ARGV $opt" ;;
-    esac
-done
-IFS="$OIFS"
-
-#
-#   set linker default directories
-#
-DIRS_DEFAULT='/lib:/usr/lib'
-if [ "x$LD_LIBRARY_PATH" != "x" ]; then
-    DIRS_DEFAULT="$DIRS_DEFAULT:$LD_LIBRARY_PATH"
-fi
-
-#
-#   sort options by class
-#
-DIRS_OBJ=''
-LIBS_OBJ=''
-DIRS_PIC=''
-LIBS_PIC=''
-DIRS_DSO=''
-LIBS_DSO=''
-
-#    for each library...
-OIFS="$IFS" IFS=':'
-for lib in $LIBS; do
-    [ "x$lib" = "x" ] && continue
-
-    found='no'
-    found_indefdir='no'
-    found_type=''
-    found_dir=''
-
-    #    for each directory...
-    OIFS2="$IFS" IFS=":$DIFS"
-    for dir in ${DIRS} switch-to-defdirs ${DIRS_DEFAULT}; do
-        [ "x$dir" = "x" ] && continue
-        [ "x$dir" = "xswitch-to-defdirs" ] && found_indefdir=yes
-        [ ! -d $dir ] && continue
-
-        #    search the file
-        OIFS3="$IFS" IFS="$DIFS"
-        for file in '' `cd $dir && ls lib${lib}.* 2>/dev/null`; do
-             [ "x$file" = "x" ] && continue
-             case $file in
-                 *.so|*.so.[0-9]*|*.sl|*.sl.[0-9]* )
-                      found=yes;
-                      found_type=DSO; 
-                      break 
-                      ;;
-                 *.lo|*.la )
-                      found=yes;
-                      found_type=PIC 
-                      ;;
-                 *.a )
-                      if [ "x$found_type" = "x" ]; then
-                          found=yes
-                          found_type=OBJ 
-                      fi
-                      ;;
-             esac
-        done
-        IFS="$OIFS3"
-        if [ "x$found" = "xyes" ]; then
-            found_dir="$dir"
-            break
-        fi
-    done
-    IFS="$OIFS2"
-
-    if [ "x$found" = "xyes" ]; then
-        if [ "x$found_indefdir" != "xyes" ]; then
-            eval "dirlist=\"\${DIRS_${found_type}}:\""
-            if [ ".`echo \"$dirlist\" | fgrep :$found_dir:`" = . ]; then
-                eval "DIRS_${found_type}=\"\$DIRS_${found_type}:${found_dir}\""
-            fi
-            eval "LIBS_${found_type}=\"\$LIBS_${found_type}:$lib\""
-        else
-            eval "LIBS_${found_type}=\"\$LIBS_${found_type}:$lib\""
-        fi
-    else
-        LIBS_OBJ="$LIBS_OBJ:$lib"
-        #dirlist="`echo $DIRS $DIRS_DEFAULT | sed -e 's/:/ /g'`"
-        #echo "splitlibs:Warning: library \"$lib\" not found in any of the following dirs:" 2>&1
-        #echo "splitlibs:Warning: $dirlist" 1>&1
-    fi
-done
-IFS="$OIFS"
-
-#
-#   also pass-through unused dirs even if it's useless
-#
-OIFS="$IFS" IFS=':'
-for dir in $DIRS; do
-    dirlist="${DIRS_OBJ}:${DIRS_PIC}:${DIRS_DSO}:"
-    if [ ".`echo \"$dirlist\" | fgrep :$dir:`" = . ]; then
-        DIRS_OBJ="$DIRS_OBJ:$dir"
-    fi
-done
-IFS="$OIFS"
-
-#
-#   reassemble the options but seperated by type
-#
-OIFS="$IFS" IFS="$DIFS"
-for type in OBJ PIC DSO; do
-    OIFS2="$IFS" IFS=':'
-    eval "libs=\"\$LIBS_${type}\""
-    opts=''
-    for lib in $libs; do
-        [ "x$lib" = "x" ] && continue
-        opts="$opts -l$lib"
-    done
-    eval "LIBS_${type}=\"$opts\""
-
-    eval "dirs=\"\$DIRS_${type}\""
-    opts=''
-    for dir in $dirs; do
-        [ "x$dir" = "x" ] && continue
-        opts="$opts -L$dir"
-    done
-    eval "DIRS_${type}=\"$opts\""
-    IFS="$OIFS2"
-done
-IFS="$OIFS"
-
-#
-#   give back results
-#
-OIFS="$IFS" IFS="$DIFS"
-for var in ARGV DIRS_OBJ LIBS_OBJ DIRS_PIC LIBS_PIC DIRS_DSO LIBS_DSO; do
-    eval "val=\"\$${var}\""
-    val="`echo $val | sed -e 's/^ *//'`"
-    echo "SLO_${var}=\"${val}\""
-done
-IFS="$OIFS"
-
-##EOF##
diff --git a/usr.sbin/httpd/src/include/.indent.pro b/usr.sbin/httpd/src/include/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/include/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/include/ap.h b/usr.sbin/httpd/src/include/ap.h
deleted file mode 100644
index dbe41bfe83d..00000000000
--- a/usr.sbin/httpd/src/include/ap.h
+++ /dev/null
@@ -1,200 +0,0 @@
-/* $OpenBSD: ap.h,v 1.14 2008/05/09 08:06:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * The ap_vsnprintf/ap_snprintf functions are based on, and used with the
- * permission of, the  SIO stdio-replacement strx_* functions by Panos
- * Tsirigotis <panos@alumni.cs.colorado.edu> for xinetd.
- */
-
-#ifndef APACHE_AP_H
-#define APACHE_AP_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-API_EXPORT(char *) ap_cpystrn(char *, const char *, size_t);
-int ap_slack(int, int);
-int ap_execle(const char *, const char *, ...);
-int ap_execve(const char *, char * const argv[], char * const envp[]);
-API_EXPORT(int) ap_getpass(const char *prompt, char *pwbuf, size_t bufsiz);
-
-#ifndef ap_strtol
-API_EXPORT(long) ap_strtol(const char *nptr, char **endptr, int base);
-#endif
-
-/* small utility macros to make things easier to read */
-
-#define ap_killpg(x, y)         (killpg ((x), (y)))
-
-/* ap_vformatter() is a generic printf-style formatting routine
- * with some extensions.  The extensions are:
- *
- * %pA	takes a struct in_addr *, and prints it as a.b.c.d
- * %pI	takes a struct sockaddr * and prints it as a.b.c.d:port, or
- *	ipv6-numeric-addr:port
- * %pp  takes a void * and outputs it in hex
- *
- * The %p hacks are to force gcc's printf warning code to skip
- * over a pointer argument without complaining.  This does
- * mean that the ANSI-style %p (output a void * in hex format) won't
- * work as expected at all, but that seems to be a fair trade-off
- * for the increased robustness of having printf-warnings work.
- *
- * Additionally, ap_vformatter allows for arbitrary output methods
- * using the ap_vformatter_buff and flush_func.
- *
- * The ap_vformatter_buff has two elements curpos and endpos.
- * curpos is where ap_vformatter will write the next byte of output.
- * It proceeds writing output to curpos, and updating curpos, until
- * either the end of output is reached, or curpos == endpos (i.e. the
- * buffer is full).
- *
- * If the end of output is reached, ap_vformatter returns the
- * number of bytes written.
- *
- * When the buffer is full, the flush_func is called.  The flush_func
- * can return -1 to indicate that no further output should be attempted,
- * and ap_vformatter will return immediately with -1.  Otherwise
- * the flush_func should flush the buffer in whatever manner is
- * appropriate, re-initialize curpos and endpos, and return 0.
- *
- * Note that flush_func is only invoked as a result of attempting to
- * write another byte at curpos when curpos >= endpos.  So for
- * example, it's possible when the output exactly matches the buffer
- * space available that curpos == endpos will be true when
- * ap_vformatter returns.
- *
- * ap_vformatter does not call out to any other code, it is entirely
- * self-contained.  This allows the callers to do things which are
- * otherwise "unsafe".  For example, ap_psprintf uses the "scratch"
- * space at the unallocated end of a block, and doesn't actually
- * complete the allocation until ap_vformatter returns.  ap_psprintf
- * would be completely broken if ap_vformatter were to call anything
- * that used a pool.  Similarly http_bprintf() uses the "scratch"
- * space at the end of its output buffer, and doesn't actually note
- * that the space is in use until it either has to flush the buffer
- * or until ap_vformatter returns.
- */
-
-typedef struct {
-	char *curpos;
-	char *endpos;
-} ap_vformatter_buff;
-
-API_EXPORT(int) ap_vformatter(int (*flush_func)(ap_vformatter_buff *),
-    ap_vformatter_buff *, const char *fmt, va_list ap);
-
-/* These are snprintf implementations based on ap_vformatter().
- *
- * Note that various standards and implementations disagree on the return
- * value of snprintf, and side-effects due to %n in the formatting string.
- * ap_snprintf behaves as follows:
- *
- * Process the format string until the entire string is exhausted, or
- * the buffer fills.  If the buffer fills then stop processing immediately
- * (so no further %n arguments are processed), and return the buffer
- * length.  In all cases the buffer is NUL terminated. The return value
- * is the number of characters placed in the buffer, excluding the
- * terminating NUL. All this implies that, at most, (len-1) characters
- * will be copied over; if the return value is >= len, then truncation
- * occured.
- *
- * In no event does ap_snprintf return a negative number.
- */
-API_EXPORT_NONSTD(int) ap_snprintf(char *buf, size_t len,
-    const char *format,...) __attribute__((format(printf,3,4)));
-API_EXPORT(int) ap_vsnprintf(char *buf, size_t len, const char *format,
-    va_list ap);
-/* Simple BASE64 encode/decode functions.
- * 
- * As we might encode binary strings, hence we require the length of
- * the incoming plain source. And return the length of what we decoded.
- *
- * The decoding function takes any non valid char (i.e. whitespace, \0
- * or anything non A-Z,0-9 etc as terminal.
- * 
- * plain strings/binary sequences are not assumed '\0' terminated. Encoded
- * strings are neither. But propably should.
- *
- */
-API_EXPORT(int) ap_base64encode_len(int len);
-API_EXPORT(int) ap_base64encode(char * coded_dst, const char *plain_src,
-    int len_plain_src);
-API_EXPORT(int) ap_base64encode_binary(char * coded_dst,
-    const unsigned char *plain_src,int len_plain_src);
-
-API_EXPORT(int) ap_base64decode_len(const char * coded_src);
-API_EXPORT(int) ap_base64decode(char * plain_dst, const char *coded_src);
-API_EXPORT(int) ap_base64decode_binary(unsigned char * plain_dst,
-    const char *coded_src);
-
-/* Password validation, as used in AuthType Basic which is able to cope
- * (based on the prefix) with the SHA1, Apache's internal MD5 and (depending
- * on your platform either plain or crypt(3) passwords.
- */
-API_EXPORT(char *) ap_validate_password(const char *passwd, const char *hash);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_AP_H */
diff --git a/usr.sbin/httpd/src/include/ap_alloc.h b/usr.sbin/httpd/src/include/ap_alloc.h
deleted file mode 100644
index b9f24efc062..00000000000
--- a/usr.sbin/httpd/src/include/ap_alloc.h
+++ /dev/null
@@ -1,421 +0,0 @@
-/* $OpenBSD: ap_alloc.h,v 1.8 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_ALLOC_H
-#define APACHE_ALLOC_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Resource allocation routines...
- *
- * designed so that we don't have to keep track of EVERYTHING so that
- * it can be explicitly freed later (a fundamentally unsound strategy ---
- * particularly in the presence of die()).
- *
- * Instead, we maintain pools, and allocate items (both memory and I/O
- * handlers) from the pools --- currently there are two, one for per
- * transaction info, and one for config info.  When a transaction is over,
- * we can delete everything in the per-transaction pool without fear, and
- * without thinking too hard about it either.
- *
- * rst
- */
-
-/* Arenas for configuration info and transaction info
- * --- actual layout of the pool structure is private to
- * alloc.c.
- */
-
-typedef struct pool pool;
-typedef struct pool ap_pool;
-
-API_EXPORT(pool *) ap_init_alloc(void);         /* Set up everything */
-void ap_cleanup_alloc(void);
-API_EXPORT(pool *) ap_make_sub_pool(pool *);    /* All pools are subpools of permanent_pool */
-typedef enum { AP_POOL_RD, AP_POOL_RW } ap_pool_lock_mode;
-int ap_shared_pool_possible(void);
-void ap_init_alloc_shared(int);
-void ap_kill_alloc_shared(void);
-API_EXPORT(pool *) ap_make_shared_sub_pool(pool *);
-API_EXPORT(int) ap_acquire_pool(pool *, ap_pool_lock_mode);
-API_EXPORT(int) ap_release_pool(pool *);
-API_EXPORT(void) ap_destroy_pool(pool *);
-
-/* pools have nested lifetimes -- sub_pools are destroyed when the
- * parent pool is cleared.  We allow certain liberties with operations
- * on things such as tables (and on other structures in a more general
- * sense) where we allow the caller to insert values into a table which
- * were not allocated from the table's pool.  The table's data will
- * remain valid as long as all the pools from which its values are
- * allocated remain valid.
- *
- * For example, if B is a sub pool of A, and you build a table T in
- * pool B, then it's safe to insert data allocated in A or B into T
- * (because B lives at most as long as A does, and T is destroyed when
- * B is cleared/destroyed).  On the other hand, if S is a table in
- * pool A, it is safe to insert data allocated in A into S, but it
- * is *not safe* to insert data allocated from B into S... because
- * B can be cleared/destroyed before A is (which would leave dangling
- * pointers in T's data structures).
- *
- * In general we say that it is safe to insert data into a table T
- * if the data is allocated in any ancestor of T's pool.  This is the
- * basis on which the POOL_DEBUG code works -- it tests these ancestor
- * relationships for all data inserted into tables.  POOL_DEBUG also
- * provides tools (ap_find_pool, and ap_pool_is_ancestor) for other
- * folks to implement similar restrictions for their own data
- * structures.
- *
- * However, sometimes this ancestor requirement is inconvenient --
- * sometimes we're forced to create a sub pool (such as through
- * ap_sub_req_lookup_uri), and the sub pool is guaranteed to have
- * the same lifetime as the parent pool.  This is a guarantee implemented
- * by the *caller*, not by the pool code.  That is, the caller guarantees
- * they won't destroy the sub pool individually prior to destroying the
- * parent pool.
- *
- * In this case the caller must call ap_pool_join() to indicate this
- * guarantee to the POOL_DEBUG code.  There are a few examples spread
- * through the standard modules.
- */
-#ifndef POOL_DEBUG
-#ifdef ap_pool_join
-#undef ap_pool_join
-#endif
-#define ap_pool_join(a,b)
-#else
-API_EXPORT(void) ap_pool_join(pool *p, pool *sub);
-API_EXPORT(pool *) ap_find_pool(const void *ts);
-API_EXPORT(int) ap_pool_is_ancestor(pool *a, pool *b);
-#endif
-
-/* Clearing out EVERYTHING in an pool... destroys any sub-pools */
-
-API_EXPORT(void) ap_clear_pool(struct pool *);
-
-/* Preparing for exec() --- close files, etc., but *don't* flush I/O
- * buffers, *don't* wait for subprocesses, and *don't* free any memory.
- */
-
-API_EXPORT(void) ap_cleanup_for_exec(void);
-
-/* routines to allocate memory from an pool... */
-
-API_EXPORT(void *) ap_palloc(struct pool *, int nbytes);
-API_EXPORT(void *) ap_pcalloc(struct pool *, int nbytes);
-API_EXPORT(char *) ap_pstrdup(struct pool *, const char *s);
-/* make a nul terminated copy of the n characters starting with s */
-API_EXPORT(char *) ap_pstrndup(struct pool *, const char *s, int n);
-API_EXPORT_NONSTD(char *) ap_pstrcat(struct pool *,...);
-/* all '...' must be char* */
-API_EXPORT_NONSTD(char *) ap_psprintf(struct pool *, const char *fmt, ...)
-    __attribute__((format(printf,2,3)));
-API_EXPORT(char *) ap_pvsprintf(struct pool *, const char *fmt, va_list);
-
-/* array and alist management... keeping lists of things.
- * Common enough to want common support code ...
- */
-
-typedef struct {
-	ap_pool *pool;
-	int elt_size;
-	int nelts;
-	int nalloc;
-	char *elts;
-} array_header;
-
-API_EXPORT(array_header *) ap_make_array(pool *p, int nelts, int elt_size);
-API_EXPORT(void *) ap_push_array(array_header *);
-API_EXPORT(void) ap_array_cat(array_header *dst, const array_header *src);
-API_EXPORT(array_header *) ap_append_arrays(pool *, const array_header *,
-    const array_header *);
-
-/* ap_array_pstrcat generates a new string from the pool containing
- * the concatenated sequence of substrings referenced as elements within
- * the array.  The string will be empty if all substrings are empty or null,
- * or if there are no elements in the array.
- * If sep is non-NUL, it will be inserted between elements as a separator.
- */
-API_EXPORT(char *) ap_array_pstrcat(pool *p, const array_header *arr,
-    const char sep);
-
-/* copy_array copies the *entire* array.  copy_array_hdr just copies
- * the header, and arranges for the elements to be copied if (and only
- * if) the code subsequently does a push or arraycat.
- */
-
-API_EXPORT(array_header *) ap_copy_array(pool *p, const array_header *src);
-API_EXPORT(array_header *) ap_copy_array_hdr(pool *p, const array_header *src);
-
-
-/* Tables.  Implemented alist style, for now, though we try to keep
- * it so that imposing a hash table structure on top in the future
- * wouldn't be *too* hard...
- *
- * Note that key comparisons for these are case-insensitive, largely
- * because that's what's appropriate and convenient everywhere they're
- * currently being used...
- */
-
-typedef struct table table;
-
-typedef struct {
-	char *key;      /* maybe NULL in future;
-			 * check when iterating thru table_elts
-			 */
-	char *val;
-} table_entry;
-
-API_EXPORT(table *) ap_make_table(pool *p, int nelts);
-API_EXPORT(table *) ap_copy_table(pool *p, const table *);
-API_EXPORT(void) ap_clear_table(table *);
-API_EXPORT(const char *) ap_table_get(const table *, const char *);
-API_EXPORT(void) ap_table_set(table *, const char *name, const char *val);
-API_EXPORT(void) ap_table_setn(table *, const char *name, const char *val);
-API_EXPORT(void) ap_table_merge(table *, const char *name,
-    const char *more_val);
-API_EXPORT(void) ap_table_mergen(table *, const char *name,
-    const char *more_val);
-API_EXPORT(void) ap_table_unset(table *, const char *key);
-API_EXPORT(void) ap_table_add(table *, const char *name, const char *val);
-API_EXPORT(void) ap_table_addn(table *, const char *name, const char *val);
-API_EXPORT_NONSTD(void) ap_table_do(int (*comp) (void *, const char *,
-    const char *), void *rec, const table *t,...);
-
-API_EXPORT(table *) ap_overlay_tables(pool *p, const table *overlay,
-    const table *base);
-
-/* Conceptually, ap_overlap_tables does this:
-
-    array_header *barr = ap_table_elts(b);
-    table_entry *belt = (table_entry *)barr->elts;
-    int i;
-
-    for (i = 0; i < barr->nelts; ++i) {
-        if (flags & AP_OVERLAP_TABLES_MERGE) {
-            ap_table_mergen(a, belt[i].key, belt[i].val);
-        }
-        else {
-            ap_table_setn(a, belt[i].key, belt[i].val);
-        }
-    }
-
-    Except that it is more efficient (less space and cpu-time) especially
-    when b has many elements.
-
-    Notice the assumptions on the keys and values in b -- they must be
-    in an ancestor of a's pool.  In practice b and a are usually from
-    the same pool.
-*/
-#define AP_OVERLAP_TABLES_SET	(0)
-#define AP_OVERLAP_TABLES_MERGE	(1)
-API_EXPORT(void) ap_overlap_tables(table *a, const table *b, unsigned flags);
-
-/* XXX: these know about the definition of struct table in alloc.c.  That
- * definition is not here because it is supposed to be private, and by not
- * placing it here we are able to get compile-time diagnostics from modules
- * written which assume that a table is the same as an array_header. -djg
- */
-#define ap_table_elts(t) ((array_header *)(t))
-#define ap_is_empty_table(t) \
-    (((t) == NULL)||(((array_header *)(t))->nelts == 0))
-
-/* routines to remember allocation of other sorts of things...
- * generic interface first.  Note that we want to have two separate
- * cleanup functions in the general case, one for exec() preparation,
- * to keep CGI scripts and the like from inheriting access to things
- * they shouldn't be able to touch, and one for actually cleaning up,
- * when the actual server process wants to get rid of the thing,
- * whatever it is.
- *
- * kill_cleanup disarms a cleanup, presumably because the resource in
- * question has been closed, freed, or whatever, and it's scarce
- * enough to want to reclaim (e.g., descriptors).  It arranges for the
- * resource not to be cleaned up a second time (it might have been
- * reallocated).  run_cleanup does the same, but runs it first.
- *
- * Cleanups are identified for purposes of finding & running them off by the
- * plain_cleanup and data, which should presumably be unique.
- *
- * NB any code which invokes register_cleanup or kill_cleanup directly
- * is a critical section which should be guarded by block_alarms() and
- * unblock_alarms() below...
- *
- * ap_register_cleanup_ex provided to allow for an optional "cleanup"
- * to be run at call-time for things like setting CLOSEXEC flags
- * on fd's or whatever else may make sense.
- */
-
-API_EXPORT(void) ap_register_cleanup(pool *p, void *data,
-    void (*plain_cleanup) (void *), void (*child_cleanup) (void *));
-API_EXPORT(void) ap_register_cleanup_ex(pool *p, void *data,
-    void (*plain_cleanup) (void *), void (*child_cleanup) (void *),
-    int (*magic_cleanup) (void *));
-
-API_EXPORT(void) ap_kill_cleanup(pool *p, void *data,
-    void (*plain_cleanup) (void *));
-API_EXPORT(void) ap_run_cleanup(pool *p, void *data,
-    void (*cleanup) (void *));
-
-/* A "do-nothing" cleanup, for register_cleanup; it's faster to do
- * things this way than to test for NULL. */
-API_EXPORT_NONSTD(void) ap_null_cleanup(void *data);
-
-/* The time between when a resource is actually allocated, and when it
- * its cleanup is registered is a critical section, during which the
- * resource could leak if we got interrupted or timed out.  So, anything
- * which registers cleanups should bracket resource allocation and the
- * cleanup registry with these.  (This is done internally by run_cleanup).
- *
- * NB they are actually implemented in http_main.c, since they are bound
- * up with timeout handling in general...
- */
-
-API_EXPORT(void) ap_block_alarms(void);
-API_EXPORT(void) ap_unblock_alarms(void);
-
-/* Common cases which want utility support..
- * the note_cleanups_for_foo routines are for 
- */
-
-API_EXPORT(FILE *) ap_pfopen(struct pool *, const char *name,
-    const char *fmode);
-API_EXPORT(FILE *) ap_pfdopen(struct pool *, int fd,
-    const char *fmode);
-API_EXPORT(int) ap_popenf(struct pool *, const char *name, int flg, int mode);
-API_EXPORT(int) ap_popenf_ex(struct pool *, const char *name, int flg, int mode,
-    int domagic);
-
-API_EXPORT(void) ap_note_cleanups_for_file(pool *, FILE *);
-API_EXPORT(void) ap_note_cleanups_for_file_ex(pool *, FILE *, int);
-API_EXPORT(void) ap_note_cleanups_for_fd(pool *, int);
-API_EXPORT(void) ap_note_cleanups_for_fd_ex(pool *, int, int);
-API_EXPORT(void) ap_kill_cleanups_for_fd(pool *p, int fd);
-
-API_EXPORT(void) ap_note_cleanups_for_socket(pool *, int);
-API_EXPORT(void) ap_note_cleanups_for_socket_ex(pool *, int, int);
-API_EXPORT(void) ap_kill_cleanups_for_socket(pool *p, int sock);
-API_EXPORT(int) ap_psocket(pool *p, int, int, int);
-API_EXPORT(int) ap_psocket_ex(pool *p, int, int, int, int);
-API_EXPORT(int) ap_pclosesocket(pool *a, int sock);
-
-API_EXPORT(regex_t *) ap_pregcomp(pool *p, const char *pattern, int cflags);
-API_EXPORT(void) ap_pregfree(pool *p, regex_t * reg);
-
-/* routines to note closes... file descriptors are constrained enough
- * on some systems that we want to support this.
- */
-
-API_EXPORT(int) ap_pfclose(struct pool *, FILE *);
-API_EXPORT(int) ap_pclosef(struct pool *, int fd);
-
-/* routines to deal with directories */
-API_EXPORT(DIR *) ap_popendir(pool *p, const char *name);
-API_EXPORT(void) ap_pclosedir(pool *p, DIR * d);
-
-/* ... even child processes (which we may want to wait for,
- * or to kill outright, on unexpected termination).
- *
- * ap_spawn_child is a utility routine which handles an awful lot of
- * the rigamarole associated with spawning a child --- it arranges
- * for pipes to the child's stdin and stdout, if desired (if not,
- * set the associated args to NULL).  It takes as args a function
- * to call in the child, and an argument to be passed to the function.
- */
-
-enum kill_conditions {
-	kill_never,             /* process is never sent any signals */
-	kill_always,            /* process is sent SIGKILL on pool cleanup */
-	kill_after_timeout,     /* SIGTERM, wait 3 seconds, SIGKILL */
-	just_wait,              /* wait forever for the process to complete */
-	kill_only_once          /* send SIGTERM and then wait */
-};
-
-typedef struct child_info child_info;
-API_EXPORT(void) ap_note_subprocess(pool *a, pid_t pid,
-    enum kill_conditions how);
-API_EXPORT(int) ap_spawn_child(pool *, int (*)(void *, child_info *),
-   void *, enum kill_conditions, FILE **pipe_in, FILE **pipe_out,
-   FILE **pipe_err);
-int ap_close_fd_on_exec(int fd);
-
-/* magic numbers --- min free bytes to consider a free pool block useable,
- * and the min amount to allocate if we have to go to malloc() */
-
-#ifndef BLOCK_MINFREE
-#define BLOCK_MINFREE 4096
-#endif
-#ifndef BLOCK_MINALLOC
-#define BLOCK_MINALLOC 8192
-#endif
-
-/* Finally, some accounting */
-
-API_EXPORT(long) ap_bytes_in_pool(pool *p);
-API_EXPORT(long) ap_bytes_in_free_blocks(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_ALLOC_H */
diff --git a/usr.sbin/httpd/src/include/ap_compat.h b/usr.sbin/httpd/src/include/ap_compat.h
deleted file mode 100644
index dec73644768..00000000000
--- a/usr.sbin/httpd/src/include/ap_compat.h
+++ /dev/null
@@ -1,431 +0,0 @@
-/*
-**  ap_compat.h -- Apache Backward Compatibility
-**
-**  INCLUDE THIS HEADER FILE ONLY IF YOU REALLY NEED
-**  BACKWARD COMPATIBILITY TO OLD APACHE RESOURCES.
-*/
-
-#ifndef AP_COMPAT_H
-#define AP_COMPAT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* 
- *   Mapping of Apache 1.2 global symbols to the
- *   namespace conflict free variants used in Apache 1.3
- */
-
-#define MD5Final                       ap_MD5Final
-#define MD5Init                        ap_MD5Init
-#define acquire_mutex                  ap_acquire_mutex
-#define add_cgi_vars                   ap_add_cgi_vars
-#define add_common_vars                ap_add_common_vars
-#define add_file_conf                  ap_add_file_conf
-#define add_module                     ap_add_module
-#define add_named_module               ap_add_named_module
-#define add_per_dir_conf               ap_add_per_dir_conf
-#define add_per_url_conf               ap_add_per_url_conf
-#define allow_options                  ap_allow_options
-#define allow_overrides                ap_allow_overrides
-#define apapi_get_server_built         ap_get_server_built
-#define apapi_get_server_version       ap_get_server_version
-#define aplog_error                    ap_log_error
-#define append_arrays                  ap_append_arrays
-#define array_cat                      ap_array_cat
-#define auth_name                      ap_auth_name
-#define auth_type                      ap_auth_type
-#define basic_http_header              ap_basic_http_header
-#define bclose                         ap_bclose
-#define bcreate                        ap_bcreate
-#define bfilbuf                        ap_bfilbuf
-#define bfileno                        ap_bfileno
-#define bflsbuf                        ap_bflsbuf
-#define bflush                         ap_bflush
-#define bgetc                          ap_bgetc
-#define bgetflag                       ap_bgetflag
-#define bgetopt                        ap_bgetopt
-#define bgets                          ap_bgets
-#define bhalfduplex                    ap_bhalfduplex
-#define bind_address                   ap_bind_address
-#define block_alarms                   ap_block_alarms
-#define blookc                         ap_blookc
-#define bnonblock                      ap_bnonblock
-#define bonerror                       ap_bonerror
-#define bprintf                        ap_bprintf
-#define bpushfd                        ap_bpushfd
-#define bputc                          ap_bputc
-#define bputs                          ap_bputs
-#define bread                          ap_bread
-#define bsetflag                       ap_bsetflag
-#define bsetopt                        ap_bsetopt
-#define bskiplf                        ap_bskiplf
-#define bvputs                         ap_bvputs
-#define bwrite                         ap_bwrite
-#define bytes_in_free_blocks           ap_bytes_in_free_blocks
-#define bytes_in_pool                  ap_bytes_in_pool
-#define call_exec                      ap_call_exec
-#define can_exec                       ap_can_exec
-#define cfg_closefile                  ap_cfg_closefile
-#define cfg_getc                       ap_cfg_getc
-#define cfg_getline                    ap_cfg_getline
-#define chdir_file                     ap_chdir_file
-#define check_access                   ap_check_access
-#define check_alarm                    ap_check_alarm
-#define check_auth                     ap_check_auth
-#define check_cmd_context              ap_check_cmd_context
-#define check_user_id                  ap_check_user_id
-#define checkmask                      ap_checkmask
-#define child_exit_modules             ap_child_exit_modules
-#define child_init_modules             ap_child_init_modules
-#define child_terminate                ap_child_terminate
-#define cleanup_for_exec               ap_cleanup_for_exec
-#define clear_module_list              ap_clear_module_list
-#define clear_pool                     ap_clear_pool
-#define clear_table                    ap_clear_table
-#define close_piped_log                ap_close_piped_log
-#define construct_server               ap_construct_server
-#define construct_url                  ap_construct_url
-#define copy_array                     ap_copy_array
-#define copy_array_hdr                 ap_copy_array_hdr
-#define copy_table                     ap_copy_table
-#define core_reorder_directories       ap_core_reorder_directories
-#define coredump_dir                   ap_coredump_dir
-#define count_dirs                     ap_count_dirs
-#define create_environment             ap_create_environment
-#define create_mutex                   ap_create_mutex
-#define create_per_dir_config          ap_create_per_dir_config
-#define create_request_config          ap_create_request_config
-#define daemons_limit                  ap_daemons_limit
-#define daemons_max_free               ap_daemons_max_free
-#define daemons_min_free               ap_daemons_min_free
-#define daemons_to_start               ap_daemons_to_start
-#define day_snames                     ap_day_snames
-#define default_port                   ap_default_port
-#define default_port_for_request       ap_default_port_for_request
-#define default_port_for_scheme        ap_default_port_for_scheme
-#define default_type                   ap_default_type
-#define destroy_mutex                  ap_destroy_mutex
-#define destroy_pool                   ap_destroy_pool
-#define destroy_sub_req                ap_destroy_sub_req
-#define die                            ap_die
-#define discard_request_body           ap_discard_request_body
-#define document_root                  ap_document_root
-#define dummy_mutex                    ap_dummy_mutex
-#define each_byterange                 ap_each_byterange
-#define error_log2stderr               ap_error_log2stderr
-#define escape_html                    ap_escape_html
-#define escape_path_segment            ap_escape_path_segment
-#define escape_shell_cmd               ap_escape_shell_cmd
-#define escape_uri                     ap_escape_uri
-#define excess_requests_per_child      ap_excess_requests_per_child
-#define exists_scoreboard_image        ap_exists_scoreboard_image
-#define finalize_request_protocol      ap_finalize_request_protocol
-#define finalize_sub_req_protocol      ap_finalize_sub_req_protocol
-#define find_command                   ap_find_command
-#define find_command_in_modules        ap_find_command_in_modules
-#define find_last_token                ap_find_last_token
-#define find_linked_module             ap_find_linked_module
-#define find_module_name               ap_find_module_name
-#define find_path_info                 ap_find_path_info
-#define find_pool                      ap_find_pool
-#define find_token                     ap_find_token
-#define find_types                     ap_find_types
-#define fini_vhost_config              ap_fini_vhost_config
-#define fnmatch                        ap_fnmatch
-#define force_library_loading          ap_force_library_loading
-#define get_basic_auth_pw              ap_get_basic_auth_pw
-#define get_client_block               ap_get_client_block
-#define get_gmtoff                     ap_get_gmtoff
-#define get_local_host                 ap_get_local_host
-#define get_module_config              ap_get_module_config
-#define get_remote_host                ap_get_remote_host
-#define get_remote_logname             ap_get_remote_logname
-#define get_server_name                ap_get_server_name
-#define get_server_port                ap_get_server_port
-#define get_time                       ap_get_time
-#define get_token                      ap_get_token
-#define get_virthost_addr              ap_get_virthost_addr
-#define getparents                     ap_getparents
-#define getword                        ap_getword
-#define getword_conf                   ap_getword_conf
-#define getword_conf_nc                ap_getword_conf_nc
-#define getword_nc                     ap_getword_nc
-#define getword_nulls                  ap_getword_nulls
-#define getword_nulls_nc               ap_getword_nulls_nc
-#define getword_white                  ap_getword_white
-#define getword_white_nc               ap_getword_white_nc
-#define gm_timestr_822                 ap_gm_timestr_822
-#define gname2id                       ap_gname2id
-#define group_id                       ap_group_id
-#define handle_command                 ap_handle_command
-#define hard_timeout                   ap_hard_timeout
-#define header_parse                   ap_header_parse
-#define ht_time                        ap_ht_time
-#define http_method                    ap_http_method
-#define ind                            ap_ind
-#define index_of_response              ap_index_of_response
-#define init_alloc                     ap_init_alloc
-#define init_modules                   ap_init_modules
-#define init_vhost_config              ap_init_vhost_config
-#define init_virtual_host              ap_init_virtual_host
-#define internal_redirect              ap_internal_redirect
-#define internal_redirect_handler      ap_internal_redirect_handler
-#define invoke_handler                 ap_invoke_handler
-#define is_default_port                ap_is_default_port
-#define is_directory                   ap_is_directory
-#define is_empty_table                 ap_is_empty_table
-#define is_fnmatch                     ap_is_fnmatch
-#define is_initial_req                 ap_is_initial_req
-#define is_matchexp                    ap_is_matchexp
-#define is_table_empty                 ap_is_table_empty
-#define is_url                         ap_is_url
-#define keepalive_timeout              ap_keepalive_timeout
-#define kill_cleanup                   ap_kill_cleanup
-#define kill_cleanups_for_fd           ap_kill_cleanups_for_fd
-#define kill_cleanups_for_socket       ap_kill_cleanups_for_socket
-#define kill_timeout                   ap_kill_timeout
-#define limit_section                  ap_limit_section
-#define listenbacklog                  ap_listenbacklog
-#define listeners                      ap_listeners
-#define lock_fname                     ap_lock_fname
-#define log_assert                     ap_log_assert
-#define log_error                      ap_log_error_old
-#define log_pid                        ap_log_pid
-#define log_printf                     ap_log_printf
-#define log_reason                     ap_log_reason
-#define log_transaction                ap_log_transaction
-#define log_unixerr                    ap_log_unixerr
-#define make_array                     ap_make_array
-#define make_dirstr                    ap_make_dirstr
-#define make_dirstr_parent             ap_make_dirstr_parent
-#define make_dirstr_prefix             ap_make_dirstr_prefix
-#define make_full_path                 ap_make_full_path
-#define make_sub_pool                  ap_make_sub_pool
-#define make_table                     ap_make_table
-#define matches_request_vhost          ap_matches_request_vhost
-#define max_requests_per_child         ap_max_requests_per_child
-#define max_cpu_per_child              ap_max_cpu_per_child
-#define max_data_per_child             ap_max_data_per_child
-#define max_nofile_per_child           ap_max_nofile_per_child
-#define max_rss_per_child              ap_max_rss_per_child
-#define max_stack_per_child            ap_max_stack_per_child
-#define md5                            ap_md5
-#define meets_conditions               ap_meets_conditions
-#define merge_per_dir_configs          ap_merge_per_dir_configs
-#define month_snames                   ap_month_snames
-#define no2slash                       ap_no2slash
-#define note_auth_failure              ap_note_auth_failure
-#define note_basic_auth_failure        ap_note_basic_auth_failure
-#define note_cleanups_for_fd           ap_note_cleanups_for_fd
-#define note_cleanups_for_file         ap_note_cleanups_for_file
-#define note_cleanups_for_socket       ap_note_cleanups_for_socket
-#define note_digest_auth_failure       ap_note_digest_auth_failure
-#define note_subprocess                ap_note_subprocess
-#define null_cleanup                   ap_null_cleanup
-#define open_logs                      ap_open_logs
-#define open_mutex                     ap_open_mutex
-#define open_piped_log                 ap_open_piped_log
-#define os_canonical_filename          ap_os_canonical_filename
-#define os_dl_load                     ap_os_dso_load
-#define os_dl_unload                   ap_os_dso_unload
-#define os_dl_sym                      ap_os_dso_sym
-#define os_dl_error                    ap_os_dso_error
-#define os_escape_path                 ap_os_escape_path
-#define os_is_path_absolute            ap_os_is_path_absolute
-#define overlay_tables                 ap_overlay_tables
-#define palloc                         ap_palloc
-#define parseHTTPdate                  ap_parseHTTPdate
-#define parse_hostinfo_components      ap_parse_hostinfo_components
-#define parse_htaccess                 ap_parse_htaccess
-#define parse_uri                      ap_parse_uri
-#define parse_uri_components           ap_parse_uri_components
-#define parse_vhost_addrs              ap_parse_vhost_addrs
-#define pcalloc                        ap_pcalloc
-#define pcfg_open_custom               ap_pcfg_open_custom
-#define pcfg_openfile                  ap_pcfg_openfile
-#define pclosedir                      ap_pclosedir
-#define pclosef                        ap_pclosef
-#define pclosesocket                   ap_pclosesocket
-#define pduphostent                    ap_pduphostent
-#define pfclose                        ap_pfclose
-#define pfdopen                        ap_pfdopen
-#define pfopen                         ap_pfopen
-#define pgethostbyname                 ap_pgethostbyname
-#define pid_fname                      ap_pid_fname
-#define piped_log_read_fd              ap_piped_log_read_fd
-#define piped_log_write_fd             ap_piped_log_write_fd
-#define pool_is_ancestor               ap_pool_is_ancestor
-#define pool_join                      ap_pool_join
-#define popendir                       ap_popendir
-#define popenf                         ap_popenf
-#define pregcomp                       ap_pregcomp
-#define pregfree                       ap_pregfree
-#define pregsub                        ap_pregsub
-#define process_request                ap_process_request
-#define process_resource_config        ap_process_resource_config
-#define proxy_add_header               ap_proxy_add_header
-#define proxy_c2hex                    ap_proxy_c2hex
-#define proxy_cache_check              ap_proxy_cache_check
-#define proxy_cache_error              ap_proxy_cache_error
-#define proxy_cache_tidy               ap_proxy_cache_tidy
-#define proxy_cache_update             ap_proxy_cache_update
-#define proxy_canon_netloc             ap_proxy_canon_netloc
-#define proxy_canonenc                 ap_proxy_canonenc
-#define proxy_connect_handler          ap_proxy_connect_handler
-#define proxy_date_canon               ap_proxy_date_canon
-#define proxy_del_header               ap_proxy_del_header
-#define proxy_doconnect                ap_proxy_doconnect
-#define proxy_ftp_canon                ap_proxy_ftp_canon
-#define proxy_ftp_handler              ap_proxy_ftp_handler
-#define proxy_garbage_coll             ap_proxy_garbage_coll
-#define proxy_garbage_init             ap_proxy_garbage_init
-#define proxy_get_header               ap_proxy_get_header
-#define proxy_hash                     ap_proxy_hash
-#define proxy_hex2c                    ap_proxy_hex2c
-#define proxy_hex2sec                  ap_proxy_hex2sec
-#define proxy_host2addr                ap_proxy_host2addr
-#define proxy_http_canon               ap_proxy_http_canon
-#define proxy_http_handler             ap_proxy_http_handler
-#define proxy_is_domainname            ap_proxy_is_domainname
-#define proxy_is_hostname              ap_proxy_is_hostname
-#define proxy_is_ipaddr                ap_proxy_is_ipaddr
-#define proxy_is_word                  ap_proxy_is_word
-#define proxy_liststr                  ap_proxy_liststr
-#define proxy_read_headers             ap_proxy_read_headers
-#define proxy_sec2hex                  ap_proxy_sec2hex
-#define proxy_send_fb                  ap_proxy_send_fb
-#define proxy_send_headers             ap_proxy_send_headers
-#define proxyerror                     ap_proxyerror
-#define psignature                     ap_psignature
-#define psocket                        ap_psocket
-#define psprintf                       ap_psprintf
-#define pstrcat                        ap_pstrcat
-#define pstrdup                        ap_pstrdup
-#define pstrndup                       ap_pstrndup
-#define push_array                     ap_push_array
-#define pvsprintf                      ap_pvsprintf
-#define rationalize_mtime              ap_rationalize_mtime
-#define read_config                    ap_read_config
-#define read_request                   ap_read_request
-#define regexec                        ap_regexec
-#define regerror                       ap_regerror
-#define register_cleanup               ap_register_cleanup
-#define register_other_child           ap_register_other_child
-#define release_mutex                  ap_release_mutex
-#define remove_module                  ap_remove_module
-#define requires                       ap_requires
-#define reset_timeout                  ap_reset_timeout
-#define response_code_string           ap_response_code_string
-#define restart_time                   ap_restart_time
-#define rfc1413                        ap_rfc1413
-#define rfc1413_timeout                ap_rfc1413_timeout
-#define rflush                         ap_rflush
-#define rind                           ap_rind
-#define rprintf                        ap_rprintf
-#define rputc                          ap_rputc
-#define rputs                          ap_rputs
-#define run_cleanup                    ap_run_cleanup
-#define run_fixups                     ap_run_fixups
-#define run_post_read_request          ap_run_post_read_request
-#define run_sub_req                    ap_run_sub_req
-#define rvputs                         ap_rvputs
-#define rwrite                         ap_rwrite
-#define satisfies                      ap_satisfies
-#define scan_script_header(a1,a2)      ap_scan_script_header_err(a1,a2,NULL)
-#define scan_script_header_err         ap_scan_script_header_err
-#define scan_script_header_err_buff    ap_scan_script_header_err_buff
-#define scoreboard_fname               ap_scoreboard_fname
-#define scoreboard_image               ap_scoreboard_image
-#define send_error_response            ap_send_error_response
-#define send_fb                        ap_send_fb
-#define send_fb_length                 ap_send_fb_length
-#define send_fd                        ap_send_fd
-#define send_fd_length                 ap_send_fd_length
-#define send_header_field              ap_send_header_field
-#define send_http_header               ap_send_http_header
-#define send_http_options              ap_send_http_options
-#define send_http_trace                ap_send_http_trace
-#define send_mmap                      ap_send_mmap
-#define send_size                      ap_send_size
-#define server_argv0                   ap_server_argv0
-#define server_confname                ap_server_confname
-#define server_post_read_config        ap_server_post_read_config
-#define server_pre_read_config         ap_server_pre_read_config
-#define server_root                    ap_server_root
-#define server_root_relative           ap_server_root_relative
-#define set_byterange                  ap_set_byterange
-#define set_callback_and_alarm         ap_set_callback_and_alarm
-#define set_config_vectors             ap_set_config_vectors
-#define set_content_length             ap_set_content_length
-#define set_etag                       ap_set_etag
-#define set_file_slot                  ap_set_file_slot
-#define set_flag_slot                  ap_set_flag_slot
-#define set_keepalive                  ap_set_keepalive
-#define set_last_modified              ap_set_last_modified
-#define set_module_config              ap_set_module_config
-#define set_name_virtual_host          ap_set_name_virtual_host
-#define set_string_slot                ap_set_string_slot
-#define set_string_slot_lower          ap_set_string_slot_lower
-#define set_sub_req_protocol           ap_set_sub_req_protocol
-#define setup_client_block             ap_setup_client_block
-#define setup_prelinked_modules        ap_setup_prelinked_modules
-#define should_client_block            ap_should_client_block
-#define show_directives                ap_show_directives
-#define show_modules                   ap_show_modules
-#define soft_timeout                   ap_soft_timeout
-#define some_auth_required             ap_some_auth_required
-#define spawn_child_err                ap_spawn_child
-#define spawn_child_err_buff           ap_bspawn_child
-#define srm_command_loop               ap_srm_command_loop
-#define standalone                     ap_standalone
-#define start_restart                  ap_start_restart
-#define start_shutdown                 ap_start_shutdown
-#define status_drops_connection        ap_status_drops_connection
-#define str_tolower                    ap_str_tolower
-#define strcasecmp_match               ap_strcasecmp_match
-#define strcmp_match                   ap_strcmp_match
-#define sub_req_lookup_file            ap_sub_req_lookup_file
-#define sub_req_lookup_uri             ap_sub_req_lookup_uri
-#define suexec_enabled                 ap_suexec_enabled
-#define table_add                      ap_table_add
-#define table_addn                     ap_table_addn
-#define table_do                       ap_table_do
-#define table_elts                     ap_table_elts
-#define table_get                      ap_table_get
-#define table_merge                    ap_table_merge
-#define table_mergen                   ap_table_mergen
-#define table_set                      ap_table_set
-#define table_setn                     ap_table_setn
-#define table_unset                    ap_table_unset
-#define threads_per_child              ap_threads_per_child
-#define time_process_request           ap_time_process_request
-#define tm2sec                         ap_tm2sec
-#define translate_name                 ap_translate_name
-#define uname2id                       ap_uname2id
-#define unblock_alarms                 ap_unblock_alarms
-#define unescape_url                   ap_unescape_url
-#define unparse_uri_components         ap_unparse_uri_components
-#define unregister_other_child         ap_unregister_other_child
-#define update_child_status            ap_update_child_status
-#define update_mtime                   ap_update_mtime
-#define update_vhost_from_headers      ap_update_vhost_from_headers
-#define update_vhost_given_ip          ap_update_vhost_given_ip
-#define user_id                        ap_user_id
-#define user_name                      ap_user_name
-#define util_init                      ap_util_init
-#define util_uri_init                  ap_util_uri_init
-#define uudecode                       ap_uudecode
-#define vbprintf                       ap_vbprintf
-
-/* 
- *  Macros for routines whose arguments have changed over time.
- */
-#define spawn_child(p,f,v,k,in,out) ap_spawn_child(p,f,v,k,in,out,NULL)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !AP_COMPAT_H */
diff --git a/usr.sbin/httpd/src/include/ap_config.h b/usr.sbin/httpd/src/include/ap_config.h
deleted file mode 100644
index 27c16b1b8e7..00000000000
--- a/usr.sbin/httpd/src/include/ap_config.h
+++ /dev/null
@@ -1,356 +0,0 @@
-/*	$OpenBSD: ap_config.h,v 1.24 2013/01/07 18:43:33 brad Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef AP_CONFIG_H
-#define AP_CONFIG_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * ap_config.h: system-dependant #defines and includes...
- * See PORTING for a listing of what they mean
- */
-
-#include "ap_mmn.h"		/* MODULE_MAGIC_NUMBER_ */
-
-/*
- * Support for platform dependent autogenerated defines
- */
-#include "ap_config_auto.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-
-/* So that we can use inline on some critical functions, and use
- * GNUC attributes (such as to get -Wall warnings for printf-like
- * functions).  Only do this in gcc 2.7 or later ... it may work
- * on earlier stuff, but why chance it.
- */
-#ifdef __GNUC_STDC_INLINE__
-#define ap_inline __inline__ __attribute__((__gnu_inline__))
-#else
-#define ap_inline __inline__
-#endif
-#define USE_GNU_INLINE
-#define ENUM_BITFIELD(e,n,w)  e n : w
-
-#include "os.h"
-
-/* Define these according to OpenBSD system. */
-#define HAVE_GMTOFF 1
-#undef NO_KILLPG
-#undef NO_SETSID
-#define HAVE_SYSLOG 1
-#ifndef DEFAULT_USER
-#define DEFAULT_USER "www"
-#endif
-#ifndef DEFAULT_GROUP
-#define DEFAULT_GROUP "www"
-#endif
-#define HAVE_SHMGET 1
-#define HAVE_MMAP 1
-#define USE_MMAP_SCOREBOARD
-#define USE_MMAP_FILES
-#define HAVE_FLOCK_SERIALIZED_ACCEPT
-#define HAVE_SYSVSEM_SERIALIZED_ACCEPT
-#define USE_SYSVSEM_SERIALIZED_ACCEPT
-#include <sys/param.h>
-#if (OpenBSD >= 199912)
-#define NET_SIZE_T socklen_t
-#endif
-#define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-
-#include <sys/param.h>
-
-/* stuff marked API_EXPORT is part of the API, and intended for use
- * by modules
- */
-#ifndef API_EXPORT
-#define API_EXPORT(type)    type
-#endif
-
-/* Stuff marked API_EXPORT_NONSTD is part of the API, and intended for
- * use by modules.  The difference between API_EXPORT and
- * API_EXPORT_NONSTD is that the latter is required for any functions
- * which use varargs or are used via indirect function call.  This
- * is to accomodate the two calling conventions in windows dlls.
- */
-#ifndef API_EXPORT_NONSTD
-#define API_EXPORT_NONSTD(type)    type
-#endif
-
-#ifndef MODULE_VAR_EXPORT
-#define MODULE_VAR_EXPORT
-#endif
-#ifndef API_VAR_EXPORT
-#define API_VAR_EXPORT
-#endif
-
-/* modules should not used functions marked CORE_EXPORT
- * or CORE_EXPORT_NONSTD */
-#ifndef CORE_EXPORT
-#define CORE_EXPORT	API_EXPORT
-#endif
-#ifndef CORE_EXPORT_NONSTD
-#define CORE_EXPORT_NONSTD	API_EXPORT_NONSTD
-#endif
-
-#define ap_private_extern
-
-/*
- * The particular directory style your system supports. If you have dirent.h
- * in /usr/include (POSIX) or /usr/include/sys (SYSV), #include 
- * that file and define DIR_TYPE to be dirent. Otherwise, if you have 
- * /usr/include/sys/dir.h, define DIR_TYPE to be direct and include that
- * file. If you have neither, I'm confused.
- */
-
-#include <sys/types.h>
-#include <stdarg.h>
-
-#include <dirent.h>
-#define DIR_TYPE dirent
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "ap_ctype.h"
-#include <sys/file.h>
-#include <sys/socket.h>
-#include <sys/select.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <sys/ioctl.h>
-#include <arpa/inet.h>		/* for inet_ntoa */
-#include <sys/wait.h>
-#include <pwd.h>
-#include <grp.h>
-#include <fcntl.h>
-#define closesocket(s) close(s)
-#ifndef O_BINARY
-#define O_BINARY (0)
-#endif
-
-#include <limits.h>
-#include <time.h>		/* for ctime */
-#include <signal.h>
-#include <errno.h>
-#include <memory.h>
-
-#include <regex.h>
-
-#include <sys/resource.h>
-#include <sys/mman.h>
-
-/* A USE_FOO_SERIALIZED_ACCEPT implies a HAVE_FOO_SERIALIZED_ACCEPT */
-#if defined(USE_SYSVSEM_SERIALIZED_ACCEPT) && !defined(HAVE_SYSVSEM_SERIALIZED_ACCEPT)
-#define HAVE_SYSVSEM_SERIALIZED_ACCEPT
-#endif
-#if defined(USE_FLOCK_SERIALIZED_ACCEPT) && !defined(HAVE_FLOCK_SERIALIZED_ACCEPT)
-#define HAVE_FLOCK_SERIALIZED_ACCEPT
-#endif
-
-#ifndef LOGNAME_MAX
-#define LOGNAME_MAX 25
-#endif
-
-#include <unistd.h>
-
-#ifndef S_ISLNK
-#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
-#endif
-
-#ifndef INADDR_NONE
-#define INADDR_NONE ((unsigned long) -1)
-#endif
-
-/*
- * Replace signal function with sigaction equivalent
- */
-typedef void Sigfunc(int);
-
-#if defined(SIG_IGN) && !defined(SIG_ERR)
-#define SIG_ERR ((Sigfunc *)-1)
-#endif
-
-/*
- * For some strange reason, QNX defines signal to signal. Eliminate it.
- */
-#ifdef signal
-#undef signal
-#endif
-#define signal(s,f)	ap_signal(s,f)
-Sigfunc *signal(int signo, Sigfunc * func);
-
-#include <setjmp.h>
-
-#if defined(USE_LONGJMP)
-#define ap_longjmp(x, y)        longjmp((x), (y))
-#define ap_setjmp(x)            setjmp(x)
-#ifndef JMP_BUF
-#define JMP_BUF jmp_buf
-#endif
-#else
-#define ap_longjmp(x, y)        siglongjmp((x), (y))
-#define ap_setjmp(x)            sigsetjmp((x), 1)
-#ifndef JMP_BUF
-#define JMP_BUF sigjmp_buf
-#endif
-#endif
-
-/* Majority of os's want to verify FD_SETSIZE */
-#define CHECK_FD_SETSIZE
-
-#if defined(SELECT_NEEDS_CAST)
-#define ap_select(_a, _b, _c, _d, _e)   \
-    select((_a), (int *)(_b), (int *)(_c), (int *)(_d), (_e))
-#else
-#define ap_select(_a, _b, _c, _d, _e)   \
-	select(_a, _b, _c, _d, _e)
-#endif
-
-#define ap_accept(_fd, _sa, _ln)	accept(_fd, _sa, _ln)
-
-#define ap_check_signals()
-
-#define ap_fdopen(d,m) fdopen((d), (m))
-
-#ifndef ap_inet_addr
-#define ap_inet_addr inet_addr
-#endif
-
-/* Finding offsets of elements within structures.
- * Taken from the X code... they've sweated portability of this stuff
- * so we don't have to.  Sigh...
- */
-
-#if defined(__arm)
-#ifdef __STDC__
-#define XtOffset(p_type,field) _Offsetof(p_type,field)
-#else
-#define XtOffset(p_type,field) ((unsigned int)&(((p_type)NULL)->field))
-#endif /* __STDC__ */
-#else /* ! (__arm) */
-
-#define XtOffset(p_type,field) \
-	((long) (((char *) (&(((p_type)NULL)->field))) - ((char *) NULL)))
-
-#endif /* __arm */
-
-#ifdef offsetof
-#define XtOffsetOf(s_type,field) offsetof(s_type,field)
-#else
-#define XtOffsetOf(s_type,field) XtOffset(s_type*,field)
-#endif
-
-/*
- * NET_SIZE_T exists because of shortsightedness on the POSIX committee.  BSD
- * systems used "int *" as the parameter to accept(), getsockname(),
- * getpeername() et al.  Consequently many unixes took an int * for that
- * parameter.  The POSIX committee decided that "int" was just too generic and
- * had to be replaced with size_t almost everywhere.  There's no problem with
- * that when you're passing by value.  But when you're passing by reference
- * this creates a gross source incompatibility with existing programs.  On
- * 32-bit architectures it creates only a warning.  On 64-bit architectures it
- * creates broken code -- because "int *" is a pointer to a 64-bit quantity and
- * "size_t *" is frequently a pointer to a 32-bit quantity.
- *
- * Some Unixes adopted "size_t *" for the sake of POSIX compliance.  Others
- * ignored it because it was such a broken interface.  Chaos ensued.  POSIX
- * finally woke up and decided that it was wrong and created a new type
- * socklen_t.  The only useful value for socklen_t is int, and that's how
- * everyone who has a clue implements it.  It is almost always the case that
- * NET_SIZE_T should be defined to be an int, unless the system being compiled
- * for was created in the window of POSIX madness.
- */
-#ifndef NET_SIZE_T
-#define NET_SIZE_T int
-#endif
-
-/* The assumption is that when the functions are missing,
- * then there's no matching prototype available either.
- * Declare what is needed exactly as the replacement routines implement it.
- */
-
-#ifndef ap_wait_t
-#define ap_wait_t int
-#endif
-
-#ifndef INET6_ADDRSTRLEN
-#define INET6_ADDRSTRLEN	46
-#endif
-#ifndef INET_ADDRSTRLEN
-#define INET_ADDRSTRLEN		16
-#endif
-#ifndef NI_MAXHOST
-#define NI_MAXHOST		1025
-#endif
-#ifndef NI_MAXSERV
-#define	NI_MAXSERV		32
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !AP_CONFIG_H */
diff --git a/usr.sbin/httpd/src/include/ap_config_auto.h b/usr.sbin/httpd/src/include/ap_config_auto.h
deleted file mode 100644
index 8c460078960..00000000000
--- a/usr.sbin/httpd/src/include/ap_config_auto.h
+++ /dev/null
@@ -1,99 +0,0 @@
-/*
- *  ap_config_auto.h -- Automatically determined configuration stuff
- *  THIS FILE WAS AUTOMATICALLY GENERATED - DO NOT EDIT!
- */
-
-#ifndef AP_CONFIG_AUTO_H
-#define AP_CONFIG_AUTO_H
-
-/* check: #include <dlfcn.h> */
-#ifndef HAVE_DLFCN_H
-#define HAVE_DLFCN_H 1
-#endif
-
-/* check: #include <dl.h> */
-#ifdef HAVE_DL_H
-#undef HAVE_DL_H
-#endif
-
-/* check: #include <bstring.h> */
-#ifdef HAVE_BSTRING_H
-#undef HAVE_BSTRING_H
-#endif
-
-/* check: #include <crypt.h> */
-#ifdef HAVE_CRYPT_H
-#undef HAVE_CRYPT_H
-#endif
-
-/* check: #include <unistd.h> */
-#ifndef HAVE_UNISTD_H
-#define HAVE_UNISTD_H 1
-#endif
-
-/* check: #include <sys/resource.h> */
-#ifndef HAVE_SYS_RESOURCE_H
-#define HAVE_SYS_RESOURCE_H 1
-#endif
-
-/* check: #include <sys/select.h> */
-#ifndef HAVE_SYS_SELECT_H
-#define HAVE_SYS_SELECT_H 1
-#endif
-
-/* check: #include <sys/processor.h> */
-#ifdef HAVE_SYS_PROCESSOR_H
-#undef HAVE_SYS_PROCESSOR_H
-#endif
-
-/* check: #include <sys/param.h> */
-#ifndef HAVE_SYS_PARAM_H
-#define HAVE_SYS_PARAM_H 1
-#endif
-
-/* determine: isinf() found in libc */ 
-#ifndef HAVE_ISINF
-#define HAVE_ISINF 1
-#endif
-
-/* determine: isnan() found in libc */ 
-#ifndef HAVE_ISNAN
-#define HAVE_ISNAN 1
-#endif
-
-/* sizeof(off_t) == sizeof(quad_t) on OpenBSD */
-#ifndef AP_OFF_T_IS_QUAD
-#define AP_OFF_T_IS_QUAD 1
-#endif
-
-/* build flag: -DINET6 */
-#ifndef INET6
-#define INET6 1
-#endif
-
-/* build flag: -Dss_family=__ss_family */
-#ifndef ss_family
-#define ss_family __ss_family
-#endif
-
-/* build flag: -Dss_len=__ss_len */
-#ifndef ss_len
-#define ss_len __ss_len
-#endif
-
-/* build flag: -DHAVE_SOCKADDR_LEN */
-#ifndef HAVE_SOCKADDR_LEN
-#define HAVE_SOCKADDR_LEN 1
-#endif
-
-/* build flag: -DMOD_SSL=208116 */
-#ifndef MOD_SSL
-#define MOD_SSL 208116
-#endif
-
-/* build flag: -DEAPI */
-#ifndef EAPI
-#define EAPI 1
-#endif
-
-#endif /* AP_CONFIG_AUTO_H */
diff --git a/usr.sbin/httpd/src/include/ap_ctx.h b/usr.sbin/httpd/src/include/ap_ctx.h
deleted file mode 100644
index 8f8d8402fcc..00000000000
--- a/usr.sbin/httpd/src/include/ap_ctx.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/* $OpenBSD: ap_ctx.h,v 1.6 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- *
- */
-
-/*
-**  Generic Context Interface for Apache
-**  Written by Ralf S. Engelschall <rse@engelschall.com> 
-*/
-
-#ifndef AP_CTX_H
-#define AP_CTX_H
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE  !FALSE
-#endif
-
-/*
- * Internal Context Record Definition
- */
-
-#define AP_CTX_MAX_ENTRIES 1024
-
-typedef struct {
-	char *ce_key;
-	void *ce_val;
-} ap_ctx_entry;
-
-typedef struct {
-	pool          *cr_pool;
-	ap_ctx_entry **cr_entry;
-} ap_ctx_rec;
-
-typedef ap_ctx_rec ap_ctx;
-
-/*
- * Some convinience macros for storing _numbers_ 0...n in contexts, i.e.
- * treating numbers as pointers but keeping track of the NULL return code of
- * ap_ctx_get.
- */
-#define AP_CTX_NUM2PTR(n) (void *)(((unsigned long)(n))+1)
-#define AP_CTX_PTR2NUM(p) (unsigned long)(((char *)(p))-1)
-
-/*
- * Prototypes for Context Handling Functions
- */
-
-API_EXPORT(ap_ctx *)ap_ctx_new(pool *p);
-API_EXPORT(void)    ap_ctx_set(ap_ctx *ctx, char *key, void *val);
-API_EXPORT(void *)  ap_ctx_get(ap_ctx *ctx, char *key);
-API_EXPORT(ap_ctx *)ap_ctx_overlay(pool *p, ap_ctx *over, ap_ctx *base);
-
-#endif /* AP_CTX_H */
diff --git a/usr.sbin/httpd/src/include/ap_ctype.h b/usr.sbin/httpd/src/include/ap_ctype.h
deleted file mode 100644
index 769ae24b05c..00000000000
--- a/usr.sbin/httpd/src/include/ap_ctype.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/* $OpenBSD: ap_ctype.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef AP_CTYPE_H
-#define AP_CTYPE_H
-
-#include <ctype.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These macros allow correct support of 8-bit characters on systems which
- * support 8-bit characters.  Pretty dumb how the cast is required, but
- * that's legacy libc for ya.  These new macros do not support EOF like
- * the standard macros do.  Tough.
- */
-#define ap_isalnum(c) (isalnum(((unsigned char)(c))))
-#define ap_isalpha(c) (isalpha(((unsigned char)(c))))
-#define ap_iscntrl(c) (iscntrl(((unsigned char)(c))))
-#define ap_isdigit(c) (isdigit(((unsigned char)(c))))
-#define ap_isgraph(c) (isgraph(((unsigned char)(c))))
-#define ap_islower(c) (islower(((unsigned char)(c))))
-#define ap_isprint(c) (isprint(((unsigned char)(c))))
-#define ap_ispunct(c) (ispunct(((unsigned char)(c))))
-#define ap_isspace(c) (isspace(((unsigned char)(c))))
-#define ap_isupper(c) (isupper(((unsigned char)(c))))
-#define ap_isxdigit(c) (isxdigit(((unsigned char)(c))))
-#define ap_tolower(c) (tolower(((unsigned char)(c))))
-#define ap_toupper(c) (toupper(((unsigned char)(c))))
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !AP_CTYPE_H */
diff --git a/usr.sbin/httpd/src/include/ap_ebcdic.h b/usr.sbin/httpd/src/include/ap_ebcdic.h
deleted file mode 100644
index 402309f5274..00000000000
--- a/usr.sbin/httpd/src/include/ap_ebcdic.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* $OpenBSD: ap_ebcdic.h,v 1.4 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
-#ifndef AP_EBCDIC_H
-#define AP_EBCDIC_H  "$Id: ap_ebcdic.h,v 1.4 2005/03/28 23:26:51 niallo Exp $"
-
-#include <sys/types.h>
-
-extern const unsigned char os_toascii[256];
-extern const unsigned char os_toebcdic[256];
-API_EXPORT(void *) ebcdic2ascii(void *dest, const void *srce, size_t count);
-API_EXPORT(void *) ascii2ebcdic(void *dest, const void *srce, size_t count);
-
-#endif /*AP_EBCDIC_H*/
diff --git a/usr.sbin/httpd/src/include/ap_hook.h b/usr.sbin/httpd/src/include/ap_hook.h
deleted file mode 100644
index e36f0f50e2a..00000000000
--- a/usr.sbin/httpd/src/include/ap_hook.h
+++ /dev/null
@@ -1,712 +0,0 @@
-/* $OpenBSD: ap_hook.h,v 1.5 2005/03/28 23:26:51 niallo Exp $ */
-
-#if 0
-=cut
-#endif
-/* ====================================================================
- * Copyright (c) 1998-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- *
- */
-
-/*
-**  Implementation of a Generic Hook Interface for Apache
-**  Written by Ralf S. Engelschall <rse@engelschall.com> 
-**
-**  See POD document at end of this file for description.
-**  View it with the command ``pod2man ap_hook.h | nroff -man | more''
-**
-**  Attention: This header file is a little bit tricky.
-**             It's a combination of a C source and an embedded POD document
-**             The purpose of this is to have both things together at one
-**             place. So you can both pass this file to the C compiler and 
-**             the pod2man translater.
-*/
-
-#ifndef AP_HOOK_H
-#define AP_HOOK_H
-
-/*
- * Function Signature Specification:
- *
- * We encode the complete signature ingredients as a bitfield
- * stored in a single unsigned long integer value, which can be
- * constructed with AP_HOOK_SIGx(...)
- */
-
-/* the type of the signature bitfield */
-typedef unsigned long int ap_hook_sig;
-
-/* the mask (bin) 111 (hex 0x7) for the triples in the bitfield */
-#define AP_HOOK_SIG_TRIPLE_MASK  0x7
-
-/* the position of the triple */
-#define AP_HOOK_SIG_TRIPLE_POS(n) ((n)*3)
-
-/* the constructor for triple #n with value v */
-#define AP_HOOK_SIG_TRIPLE(n,v) \
-        (((ap_hook_sig)(v))<<((AP_HOOK_##n)*3))
-
-/* the check whether triple #n in sig contains value v */
-#define AP_HOOK_SIG_HAS(sig,n,v) \
-        ((((ap_hook_sig)(sig))&AP_HOOK_SIG_TRIPLE(n, AP_HOOK_SIG_TRIPLE_MASK)) == (AP_HOOK_##n##_##v))
-
-/* utility function to get triple #n in sig */
-#define AP_HOOK_SIG_TRIPLE_GET(sig,n) \
-        ((((ap_hook_sig)(sig))>>AP_HOOK_SIG_TRIPLE_POS(n))&(AP_HOOK_SIG_TRIPLE_MASK))
-
-/* utility function to set triple #n in sig to value v */
-#define AP_HOOK_SIG_TRIPLE_SET(sig,n,v) \
-        ((((ap_hook_sig)(sig))&~(AP_HOOK_SIG_TRIPLE_MASK<<AP_HOOK_SIG_TRIPLE_POS(n)))|((v)<<AP_HOOK_SIG_TRIPLE_POS(n)))
-
-/* define the ingredients for the triple #0: id stuff */
-#define AP_HOOK_ID          0
-#define AP_HOOK_ID_ok       AP_HOOK_SIG_TRIPLE(ID,0)
-#define AP_HOOK_ID_undef    AP_HOOK_SIG_TRIPLE(ID,1)
-
-/* define the ingredients for the triple #1: return code */
-#define AP_HOOK_RC          1
-#define AP_HOOK_RC_void     AP_HOOK_SIG_TRIPLE(RC,0)
-#define AP_HOOK_RC_char     AP_HOOK_SIG_TRIPLE(RC,1)
-#define AP_HOOK_RC_int      AP_HOOK_SIG_TRIPLE(RC,2)
-#define AP_HOOK_RC_long     AP_HOOK_SIG_TRIPLE(RC,3)
-#define AP_HOOK_RC_float    AP_HOOK_SIG_TRIPLE(RC,4)
-#define AP_HOOK_RC_double   AP_HOOK_SIG_TRIPLE(RC,5)
-#define AP_HOOK_RC_ptr      AP_HOOK_SIG_TRIPLE(RC,6)
-
-/* define the ingredients for the triple #2: argument 1 */
-#define AP_HOOK_A1          2
-#define AP_HOOK_A1_ctx      AP_HOOK_SIG_TRIPLE(A1,0)
-#define AP_HOOK_A1_char     AP_HOOK_SIG_TRIPLE(A1,1)
-#define AP_HOOK_A1_int      AP_HOOK_SIG_TRIPLE(A1,2)
-#define AP_HOOK_A1_long     AP_HOOK_SIG_TRIPLE(A1,3)
-#define AP_HOOK_A1_float    AP_HOOK_SIG_TRIPLE(A1,4)
-#define AP_HOOK_A1_double   AP_HOOK_SIG_TRIPLE(A1,5)
-#define AP_HOOK_A1_ptr      AP_HOOK_SIG_TRIPLE(A1,6)
-
-/* define the ingredients for the triple #3: argument 2 */
-#define AP_HOOK_A2          3
-#define AP_HOOK_A2_ctx      AP_HOOK_SIG_TRIPLE(A2,0)
-#define AP_HOOK_A2_char     AP_HOOK_SIG_TRIPLE(A2,1)
-#define AP_HOOK_A2_int      AP_HOOK_SIG_TRIPLE(A2,2)
-#define AP_HOOK_A2_long     AP_HOOK_SIG_TRIPLE(A2,3)
-#define AP_HOOK_A2_float    AP_HOOK_SIG_TRIPLE(A2,4)
-#define AP_HOOK_A2_double   AP_HOOK_SIG_TRIPLE(A2,5)
-#define AP_HOOK_A2_ptr      AP_HOOK_SIG_TRIPLE(A2,6)
-
-/* define the ingredients for the triple #4: argument 3 */
-#define AP_HOOK_A3          4
-#define AP_HOOK_A3_ctx      AP_HOOK_SIG_TRIPLE(A3,0)
-#define AP_HOOK_A3_char     AP_HOOK_SIG_TRIPLE(A3,1)
-#define AP_HOOK_A3_int      AP_HOOK_SIG_TRIPLE(A3,2)
-#define AP_HOOK_A3_long     AP_HOOK_SIG_TRIPLE(A3,3)
-#define AP_HOOK_A3_float    AP_HOOK_SIG_TRIPLE(A3,4)
-#define AP_HOOK_A3_double   AP_HOOK_SIG_TRIPLE(A3,5)
-#define AP_HOOK_A3_ptr      AP_HOOK_SIG_TRIPLE(A3,6)
-
-/* define the ingredients for the triple #5: argument 4 */
-#define AP_HOOK_A4          5
-#define AP_HOOK_A4_ctx      AP_HOOK_SIG_TRIPLE(A4,0)
-#define AP_HOOK_A4_char     AP_HOOK_SIG_TRIPLE(A4,1)
-#define AP_HOOK_A4_int      AP_HOOK_SIG_TRIPLE(A4,2)
-#define AP_HOOK_A4_long     AP_HOOK_SIG_TRIPLE(A4,3)
-#define AP_HOOK_A4_float    AP_HOOK_SIG_TRIPLE(A4,4)
-#define AP_HOOK_A4_double   AP_HOOK_SIG_TRIPLE(A4,5)
-#define AP_HOOK_A4_ptr      AP_HOOK_SIG_TRIPLE(A4,6)
-
-/* define the ingredients for the triple #6: argument 5 */
-#define AP_HOOK_A5          6
-#define AP_HOOK_A5_ctx      AP_HOOK_SIG_TRIPLE(A5,0)
-#define AP_HOOK_A5_char     AP_HOOK_SIG_TRIPLE(A5,1)
-#define AP_HOOK_A5_int      AP_HOOK_SIG_TRIPLE(A5,2)
-#define AP_HOOK_A5_long     AP_HOOK_SIG_TRIPLE(A5,3)
-#define AP_HOOK_A5_float    AP_HOOK_SIG_TRIPLE(A5,4)
-#define AP_HOOK_A5_double   AP_HOOK_SIG_TRIPLE(A5,5)
-#define AP_HOOK_A5_ptr      AP_HOOK_SIG_TRIPLE(A5,6)
-
-/* define the ingredients for the triple #7: argument 6 */
-#define AP_HOOK_A6          7
-#define AP_HOOK_A6_ctx      AP_HOOK_SIG_TRIPLE(A6,0)
-#define AP_HOOK_A6_char     AP_HOOK_SIG_TRIPLE(A6,1)
-#define AP_HOOK_A6_int      AP_HOOK_SIG_TRIPLE(A6,2)
-#define AP_HOOK_A6_long     AP_HOOK_SIG_TRIPLE(A6,3)
-#define AP_HOOK_A6_float    AP_HOOK_SIG_TRIPLE(A6,4)
-#define AP_HOOK_A6_double   AP_HOOK_SIG_TRIPLE(A6,5)
-#define AP_HOOK_A6_ptr      AP_HOOK_SIG_TRIPLE(A6,6)
-
-/* define the ingredients for the triple #8: argument 7 */
-#define AP_HOOK_A7          8
-#define AP_HOOK_A7_ctx      AP_HOOK_SIG_TRIPLE(A7,0)
-#define AP_HOOK_A7_char     AP_HOOK_SIG_TRIPLE(A7,1)
-#define AP_HOOK_A7_int      AP_HOOK_SIG_TRIPLE(A7,2)
-#define AP_HOOK_A7_long     AP_HOOK_SIG_TRIPLE(A7,3)
-#define AP_HOOK_A7_float    AP_HOOK_SIG_TRIPLE(A7,4)
-#define AP_HOOK_A7_double   AP_HOOK_SIG_TRIPLE(A7,5)
-#define AP_HOOK_A7_ptr      AP_HOOK_SIG_TRIPLE(A7,6)
-
-/* define the ingredients for the triple #9: argument 8 */
-#define AP_HOOK_A8          9
-#define AP_HOOK_A8_ctx      AP_HOOK_SIG_TRIPLE(9,0)
-#define AP_HOOK_A8_char     AP_HOOK_SIG_TRIPLE(9,1)
-#define AP_HOOK_A8_int      AP_HOOK_SIG_TRIPLE(9,2)
-#define AP_HOOK_A8_long     AP_HOOK_SIG_TRIPLE(9,3)
-#define AP_HOOK_A8_float    AP_HOOK_SIG_TRIPLE(9,4)
-#define AP_HOOK_A8_double   AP_HOOK_SIG_TRIPLE(9,5)
-#define AP_HOOK_A8_ptr      AP_HOOK_SIG_TRIPLE(9,6)
-  
-/* the constructor for unknown signatures */
-#define AP_HOOK_SIG_UNKNOWN AP_HOOK_ID_undef
-
-/* the constructor for signatures with 1 type */
-#define AP_HOOK_SIG1(rc) \
-        (AP_HOOK_RC_##rc)
-
-/* the constructor for signatures with 2 types */
-#define AP_HOOK_SIG2(rc,a1) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1)
-
-/* the constructor for signatures with 3 types */
-#define AP_HOOK_SIG3(rc,a1,a2) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2)
-
-/* the constructor for signatures with 4 types */
-#define AP_HOOK_SIG4(rc,a1,a2,a3) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3)
-
-/* the constructor for signatures with 5 types */
-#define AP_HOOK_SIG5(rc,a1,a2,a3,a4) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4)
-
-/* the constructor for signatures with 6 types */
-#define AP_HOOK_SIG6(rc,a1,a2,a3,a4,a5) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4|AP_HOOK_A5_##a5)
-
-/* the constructor for signatures with 7 types */
-#define AP_HOOK_SIG7(rc,a1,a2,a3,a4,a5,a6) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4|AP_HOOK_A5_##a5|AP_HOOK_A6_##a6)
-
-/* the constructor for signatures with 8 types */
-#define AP_HOOK_SIG8(rc,a1,a2,a3,a4,a5,a6,a7) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4|AP_HOOK_A5_##a5|AP_HOOK_A6_##a6|AP_HOOK_A7_##a7)
-
-/* the constructor for signatures with 9 types */
-#define AP_HOOK_SIG9(rc,a1,a2,a3,a4,a5,a6,a7,a8) \
-        (AP_HOOK_RC_##rc|AP_HOOK_A1_##a1|AP_HOOK_A2_##a2|AP_HOOK_A3_##a3|AP_HOOK_A4_##a4|AP_HOOK_A5_##a5|AP_HOOK_A6_##a6|AP_HOOK_A7_##a7|AP_HOOK_A8_##a8)
-
-/*
- * Return Value Mode Identification
- */
-
-/* the type of the return value modes */
-typedef unsigned int ap_hook_mode;
-
-/* the mode of the return value */
-#define AP_HOOK_MODE_UNKNOWN  0
-#define AP_HOOK_MODE_TOPMOST  1
-#define AP_HOOK_MODE_DECLINE  2
-#define AP_HOOK_MODE_DECLTMP  3
-#define AP_HOOK_MODE_ALL      4
-
-/* the constructors for the return value modes */
-#define AP_HOOK_TOPMOST       AP_HOOK_MODE_TOPMOST
-#define AP_HOOK_DECLINE(val)  AP_HOOK_MODE_DECLINE, (val)   
-#define AP_HOOK_DECLTMP(val)  AP_HOOK_MODE_DECLTMP, (val)   
-#define AP_HOOK_ALL           AP_HOOK_MODE_ALL
-
-/*
- * Hook State Identification
- */
-
-/* the type of the hook state */
-typedef unsigned short int ap_hook_state;
-
-/* the values of the hook state */
-#define AP_HOOK_STATE_UNDEF       0
-#define AP_HOOK_STATE_NOTEXISTANT 1
-#define AP_HOOK_STATE_ESTABLISHED 2
-#define AP_HOOK_STATE_CONFIGURED  3
-#define AP_HOOK_STATE_REGISTERED  4
-
-/*
- * Hook Context Identification
- *
- * Notice: Null is ok here, because AP_HOOK_NOCTX is just a dummy argument
- *         because we know from the signature whether the argument is a
- *         context value or just the dummy value.
- */
-
-#define AP_HOOK_NOCTX  (void *)(0)
-#define AP_HOOK_CTX(v) (void *)(v)
-
-/*
- * Internal Hook Record Definition
- */
-
-/* the union holding the arbitrary decline values */
-typedef union {
-	char   v_char;
-	int    v_int;
-	long   v_long;
-	float  v_float;
-	double v_double;
-	void  *v_ptr;
-} ap_hook_value;
-
-/* the structure holding one hook function and its context */
-typedef struct {
-	void *hf_ptr;              /* function pointer       */
-	void *hf_ctx;              /* function context       */
-} ap_hook_func;
-
-/* the structure holding one hook entry with all its registered functions */
-typedef struct {
-	char          *he_hook;    /* hook name (=unique id) */
-	ap_hook_sig    he_sig;     /* hook signature         */
-	int            he_modeid;  /* hook mode id           */
-	ap_hook_value  he_modeval; /* hook mode value        */
-	ap_hook_func **he_func;    /* hook registered funcs  */
-} ap_hook_entry;
-
-/* the maximum number of hooks and functions per hook */
-#define AP_HOOK_MAX_ENTRIES 512
-#define AP_HOOK_MAX_FUNCS   128
-
-/*
- * Extended Variable Argument (vararg) Support
- *
- * In ANSI C varargs exists, but because the prototypes of function with
- * varargs cannot reflect the types of the varargs, K&R argument passing
- * conventions have to apply for the compiler.  This means mainly a conversion
- * of shorter type variants to the maximum variant (according to sizeof). The
- * above va_type() macro provides this mapping from the wanted types to the
- * physically used ones.
- */
-
-/* the mapping */
-#define VA_TYPE_char   int
-#define VA_TYPE_short  int
-#define VA_TYPE_int    int
-#define VA_TYPE_long   long
-#define VA_TYPE_float  double
-#define VA_TYPE_double double
-#define VA_TYPE_ptr    void *
-#define VA_TYPE_ctx    void *
-
-/* the constructor */
-#ifdef  va_type
-#undef  va_type
-#endif
-#define va_type(type)  VA_TYPE_ ## type
-
-/*
- * Miscellaneous stuff
- */
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE  !FALSE
-#endif
-
-/*
- * Wrapper macros for the callback-function register/unregister calls.  
- * 
- * Background: Strict ANSI C doesn't allow a function pointer to be treated as
- * a void pointer on argument passing, but we cannot declare the argument as a
- * function prototype, because the functions can have arbitrary signatures. So
- * we have to use a void pointer here. But to not require explicit casts on
- * function pointers for every register/unregister call, we smooth the API a
- * little bit by providing these macros.
- */
-
-#define ap_hook_register(hook,func,ctx) ap_hook_register_I(hook,(void *)(func),ctx)
-#define ap_hook_unregister(hook,func)   ap_hook_unregister_I(hook,(void *)(func))
-
-/*
- * Prototypes for the hook API functions
- */
-
-API_EXPORT(void)          ap_hook_init         (void);
-API_EXPORT(void)          ap_hook_kill         (void);
-API_EXPORT(int)           ap_hook_configure    (char *hook, ap_hook_sig sig,
-    ap_hook_mode modeid, ...);
-API_EXPORT(int)           ap_hook_register_I   (char *hook, void *func,
-    void *ctx);
-API_EXPORT(int)           ap_hook_unregister_I (char *hook, void *func);
-API_EXPORT(ap_hook_state) ap_hook_status       (char *hook);
-API_EXPORT(int)           ap_hook_use          (char *hook, ap_hook_sig sig,
-    ap_hook_mode modeid, ...);
-API_EXPORT(int)           ap_hook_call         (char *hook, ...);
-
-#endif /* AP_HOOK_H */
-
-/*
-=pod
-##
-##  Embedded POD document
-##
-
-=head1 NAME
-
-B<ap_hook> - B<Generic Hook Interface for Apache>
-
-=head1 SYNOPSIS
-
-B<Hook Library Setup:>
-
- void ap_hook_init(void);
- void ap_hook_kill(void);
-
-B<Hook Configuration and Registration:>
-
- int ap_hook_configure(char *hook, ap_hook_sig sig, ap_hook_mode mode);
- int ap_hook_register(char *hook, void *func, void *ctx);
- int ap_hook_unregister(char *hook, void *func);
-
-B<Hook Usage:>
-
- ap_hook_state ap_hook_status(char *hook);
- int ap_hook_use(char *hook, ap_hook_sig sig, ap_hook_mode mode, ...);
- int ap_hook_call(char *hook, ...);
-
-B<Hook Signature Constructors> (ap_hook_sig):
-
- AP_HOOK_SIG1(rc)
- AP_HOOK_SIG2(rc,a1)
- AP_HOOK_SIG3(rc,a1,a2)
- AP_HOOK_SIG4(rc,a1,a2,a3)
- AP_HOOK_SIG5(rc,a1,a2,a3,a4)
- AP_HOOK_SIG6(rc,a1,a2,a3,a4,a5)
- AP_HOOK_SIG7(rc,a1,a2,a3,a4,a5,a6)
- AP_HOOK_SIG8(rc,a1,a2,a3,a4,a5,a6,a7)
-
-B<Hook Modes Constructors> (ap_hook_mode):
-
- AP_HOOK_TOPMOST
- AP_HOOK_DECLINE(value)
- AP_HOOK_DECLTMP(value)
- AP_HOOK_ALL
-
-B<Hook States> (ap_hook_state):
-
- AP_HOOK_STATE_UNDEF
- AP_HOOK_STATE_NOTEXISTANT
- AP_HOOK_STATE_ESTABLISHED
- AP_HOOK_STATE_CONFIGURED 
- AP_HOOK_STATE_REGISTERED
-
-=head1 DESCRIPTION
-
-This library implements a generic hook interface for Apache which can be used
-to loosely couple code through arbitrary hooks. There are two use cases for
-this mechanism:
-
-=over 3
-
-=item B<1. Extension and Overrides>
-
-Inside a specific code section you want to perform a specific function call
-for extension reasons.  But you want to allow one or more modules to implement
-this function by registering hooks. Those hooks are registered on a stack and
-can be even configured to have a I<decline> return value. As long as there are
-functions which return the decline value the next function on the stack is
-tried. When the first function doesn't return the decline value the hook call
-stops. 
-
-The original intent of this use case is to provide a flexible extension
-mechanism where modules can override functionality.
-
-=item B<2. Intercommunication>
-
-Inside a specific code you have a function you want to export. But you first
-want to allow other code to override this function.  And second you want to
-export this function without real object file symbol references. Instead you
-want to register the function and let the users call this function by name. 
-
-The original intent of this use case is to allow inter-module communication
-without direct symbol references, which are a big I<no-no> for the I<Dynamic
-Shared Object> (DSO) situation.
-
-=back
-
-And the following design goals existed:
-
-=over 3
-
-=item B<1. Minimum code changes>
-
-The hook calls should look very similar to the corresponding direct function
-call to allow one to easily translate it. And the total amount of changes for
-the hook registration, hook configuration and hook usage should be as small as
-possible to minimize the total code changes. Additionally a shorthand API
-function (ap_hook_use) should be provided which lets one trivially add a hook
-by just changing the code at a single location.
-
-=item B<2. The hook call has to be maximum flexible>
-
-In order to avoid nasty hacks, maximum flexiblity for the hook calls is
-needed, i.e. any function signature (the set of types for the return value and
-the arguments) should be supported.  And it should be possible to
-register always a context (ctx) variable with a function which is passed to
-the corresponding function when the hook call is performed.
-
-=back
-
-The implementation of this library directly followed these two design goals.
-
-=head1 USAGE
-
-Using this hook API is a four-step process:
-
-=over 3
-
-=item B<1. Initialization>
-
-Initialize or destroy the hook mechanism inside your application program:
-
- ap_hook_init();
-    :
- ap_hook_kill();
-
-=item B<2. Configuration>
-
-Configure a particular hook by specifing its name, signature and return type
-semantic:
-
- ap_hook_configure("lookup", AP_HOOK_SIG2(ptr,ptr,ctx), AP_HOOK_DECLINE(NULL));
- ap_hook_configure("setup", AP_HOOK_SIG2(int,ptr,char), AP_HOOK_DECLTMP(FALSE));
- ap_hook_configure("read", AP_HOOK_SIG2(void,ptr), AP_HOOK_TOPMOST);
- ap_hook_configure("logit", AP_HOOK_SIG2(void,ptr), AP_HOOK_ALL);
-
-This configures four hooks: 
-
-A hook named C<lookup> with the signature C<void *lookup(void *, void *)>
-(where the second argument is C<NULL> or the private context pointer of the
-hook function which can be optionally provided at the registration step
-later) and a return code semantic which says: Proceed as long as the
-registered lookup functions return C<NULL> or no more registered functions
-exists. A call for this hook has to provide 2 argument only (a pointer to the
-return variable and the first argument), because the context is
-implicitly provided by the hook mechanism. Sample idea: I<The first function
-who was successful in looking up a variable provides the value>.
-
-A hook named C<setup> with the signature C<int setup(void *, char)" and a
-return code semantic equal to the one of the C<lookup> hook. But the decline
-return value is implemented by a temporay variable of the hook mechanism and
-only used for the decline decision. So a call to this hook has to provide 2
-arguments only (the first and second argument, but no address to a return
-value). Sample idea: I<Any function can handle the setup and when one
-function handled it stops the processing by indicating this with the return
-value>.
-
-A hook named C<read> with the signature C<void read(void *)> and a return code
-semantic which says: Only the top most function on the registered function
-stack is tried (and independet of a possible return value in non-void
-context). A call to this hook has to provide exactly 1 argument (the
-single argument to the hook function). Sample idea: I<We want to
-use a read function and allow others to override it, but independent how much
-registered functions exists, only top most (= last registered) function
-overrides and is used>.
-
-A hook named C<logit> with the signature C<void logit(void *)> and a return
-code semantic which says: All registered functions on the hook functioin stack
-are tried. Sample idea: I<We pass a FILE pointer to the logging functions and
-any function can log whatever it wants>.
-
-=item B<3. Registration>
-
-Register the actual functions which should be used by the hook:
-
- ap_hook_register("lookup", mylookup, mycontext);
- ap_hook_register("setup", mysetup);
- ap_hook_register("read", myread);
- ap_hook_register("logit", mylogit);
-
-This registers the function C<mylookup()> under the C<lookup> hook with the
-private context given by the variable C<mycontext>. And it registers the
-function C<mysetup()> under the C<setup> hook without any context. Same for
-C<myread> and C<mylogit>.
-
-=item B<4. Usage>
-
-Finally use the hooks, i.e. instead of using direct function calls like
-        
- rc = mylookup(a1, a2);
- rc = mysetup(a1, a2);
- myread(a1);
- mylogit(a1);
-
-you now use:
-
- ap_hook_call("lookup", &rc, a1, a2);
- ap_hook_call("setup", &rc, a1, a2);
- ap_hook_call("read", a1);
- ap_hook_call("logit", a1);
-
-which are internally translated to:
-
- rc = mylookup(a1, a2, mycontext);
- rc = mysetup(a1, a2);
- myread(a1);
- mylogit(a1);
-
-Notice two things here: First the context (C<mycontext>) for the C<mylookup()>
-function is automatically added by the hook mechanism. And it is a different
-(and not fixed) context for each registered function, of course.  Second,
-return values always have to be pushed into variables and a pointer to them
-has to be given as the second argument to C<ap_hook_call> (except for
-functions which have a void return type, of course).
-
-BTW, the return value of C<ap_hook_call()> is always C<TRUE> or C<FALSE>.
-C<TRUE> when at least one function call was successful (always the case for
-C<AP_HOOK_TOPMOST> and C<AP_HOOK_ALL>). C<FALSE> when all functions
-returned the decline value or no functions are registered at all.
-
-=back
-
-=head1 RESTRICTIONS
-
-To make the hook implementation efficient and to not bloat up the code too
-much a few restrictions have to make:
-
-=over 3
-
-=item 1.
-
-Only function calls with up to 4 arguments are implemented. When more are
-needed you can either extend the hook implementation by using more bits for
-the signature configuration or you can do a workaround when the function is
-your own one: Put the remaining (N-4-1) arguments into a structure and pass
-only a pointer (one argument) as the forth argument.
-
-=item 2.
-
-Only the following ANSI C variable types are supported:
-
- - For the return value: 
-   void (= none), char, int, float, double, ptr (= void *)
- - For the arguments:
-   ctx  (= context), char, int, float, double, ptr (= void *)
-
-This means in theory that 6^5 (=7776) signature combinations are possible. But
-because we don't need all of them inside Apache and it would bloat up the code
-too dramatically we implement only a subset of those combinations. The
-implemented signatures can be specified inside C<ap_hook.c> and the
-corresponding code can be automatically generated by running ``C<perl
-ap_hook.c>'' (yeah, no joke ;-).  So when you need a hook with a different
-still not implemented signature you either have to again use a workaround as
-above (i.e. use a structure) or just add the signature to the C<ap_hook.c>
-file.
-
-=head1 EXAMPLE
-
-We want to call `C<ssize_t read(int, void *, size_t)>' through hooks in order
-to allow modules to override this call.  So, somewhere we have a replacement
-function for C<read()> defined (same signature, of course):
-
- ssize_t my_read(int, void *, size_t);
-
-We now configure a C<read> hook. Here the C<AP_HOOK_SIGx()> macro defines the
-signature of the C<read()>-like callback functions and has to match the
-prototype of C<read()>. But we have to replace typedefs with the physical
-underlaying ANSI C types. And C<AP_HOOK_DECLINE()> sets the return value of
-the read()-like functions which forces the next hook to be called (here -1).
-And we register the original C<read()> function as the default hook.
-
- ap_hook_configure("read", 
-                   AP_HOOK_SIG4(int,int,ptr,int), 
-                   AP_HOOK_DECLINE(-1));
- ap_hook_register("read", read);
-
-Now a module wants to override the C<read()> call and registers the
-C<my_read()> function:
-
- ap_hook_register("read", my_read);
-
-The function logically gets pushed onto a stack, so the execution order is the
-reverse registering order, i.e. I<last registered - first called>. Now we can
-replace the standard C<read()> call
-
- bytes = read(fd, buf, bufsize);
- if (bytes == -1)
-    ...error...
-
-with the hook based call:
-
-  rc = ap_hook_call("read", &bytes, fd, buf, bufsize);
-  if (rc == FALSE)
-     ...error...
-
-Now internally the following is done: The call `C<bytes = my_read(fd, buf,
-bufsize)>' is done. When it returns not -1 (the decline value) nothing
-more is done. But when C<my_read()> returns -1 the next function is tried:
-`C<bytes = read(fd, buf, bufsize)>'. When this one also returns -1 you get
-`rc == FALSE'. When it finally returns not -1 you get `rc == TRUE'.
-
-=head1 SEE ALSO
-
-ap_ctx(3)
-
-=head1 HISTORY
-
-The ap_hook(3) interface was originally designed and 
-implemented in October 1998 by Ralf S. Engelschall.
-
-=head1 AUTHOR
-
- Ralf S. Engelschall
- rse@engelschall.com
- www.engelschall.com
-
-=cut
-*/
diff --git a/usr.sbin/httpd/src/include/ap_md5.h b/usr.sbin/httpd/src/include/ap_md5.h
deleted file mode 100644
index 91d8e545538..00000000000
--- a/usr.sbin/httpd/src/include/ap_md5.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/* $OpenBSD: ap_md5.h,v 1.9 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_MD5_H
-#define APACHE_MD5_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <md5.h>
-
-#define MD5_DIGESTSIZE 16
-
-/* UINT4 defines a four byte word */
-typedef unsigned int UINT4;
-#define AP_MD5_CTX MD5_CTX
-
-/*
- * Define the Magic String prefix that identifies a password as being
- * hashed using our algorithm.
- */
-#define AP_MD5PW_ID "$apr1$"
-#define AP_MD5PW_IDLEN 6
-
-API_EXPORT(void) ap_MD5Init(AP_MD5_CTX *context);
-API_EXPORT(void) ap_MD5Update(AP_MD5_CTX *context, const unsigned char *input,
-    unsigned int inputLen);
-API_EXPORT(void) ap_MD5Final(unsigned char digest[MD5_DIGESTSIZE],
-    AP_MD5_CTX *context);
-API_EXPORT(void) ap_MD5Encode(const unsigned char *password,
-    const unsigned char *salt, char *result, size_t nbytes);
-API_EXPORT(void) ap_to64(char *s, unsigned long v, int n);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_MD5_H */
diff --git a/usr.sbin/httpd/src/include/ap_mm.h b/usr.sbin/httpd/src/include/ap_mm.h
deleted file mode 100644
index b7d17f5b392..00000000000
--- a/usr.sbin/httpd/src/include/ap_mm.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/* $OpenBSD: ap_mm.h,v 1.4 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * Copyright (c) 1999-2000 The Apache Group.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * 4. The names "Apache Server" and "Apache Group" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache"
- *    nor may "Apache" appear in their names without prior written
- *    permission of the Apache Group.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the Apache Group
- *    for use in the Apache HTTP server project (http://www.apache.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Group and was originally based
- * on public domain software written at the National Center for
- * Supercomputing Applications, University of Illinois, Urbana-Champaign.
- * For more information on the Apache Group and the Apache HTTP server
- * project, please see <http://www.apache.org/>.
- */
-
-/*
-**
-** ap_mm.h -- wrapper code for MM shared memory library
-**
-*/
-
-#ifndef AP_MM_H 
-#define AP_MM_H 1
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE  !FALSE
-#endif
-
-API_EXPORT(int) ap_mm_useable(void);
-
-typedef void AP_MM;
-typedef enum { AP_MM_LOCK_RD, AP_MM_LOCK_RW } ap_mm_lock_mode;
-
-/* Global Malloc-Replacement API */
-API_EXPORT(int)     ap_MM_create(size_t size, char *file);
-API_EXPORT(int)     ap_MM_permission(mode_t mode, uid_t owner, gid_t group);
-API_EXPORT(void)    ap_MM_destroy(void);
-API_EXPORT(int)     ap_MM_lock(ap_mm_lock_mode mode);
-API_EXPORT(int)     ap_MM_unlock(void);
-API_EXPORT(void *)  ap_MM_malloc(size_t size);
-API_EXPORT(void *)  ap_MM_realloc(void *ptr, size_t size);
-API_EXPORT(void)    ap_MM_free(void *ptr);
-API_EXPORT(void *)  ap_MM_calloc(size_t number, size_t size);
-API_EXPORT(char *)  ap_MM_strdup(const char *str);
-API_EXPORT(size_t)  ap_MM_sizeof(void *ptr);
-API_EXPORT(size_t)  ap_MM_maxsize(void);
-API_EXPORT(size_t)  ap_MM_available(void);
-API_EXPORT(char *)  ap_MM_error(void);
-
-/* Standard Malloc-Style API */
-API_EXPORT(AP_MM *) ap_mm_create(size_t size, char *file);
-API_EXPORT(int)     ap_mm_permission(AP_MM *mm, mode_t mode, uid_t owner,
-    gid_t group);
-API_EXPORT(void)    ap_mm_destroy(AP_MM *mm);
-API_EXPORT(int)     ap_mm_lock(AP_MM *mm, ap_mm_lock_mode mode);
-API_EXPORT(int)     ap_mm_unlock(AP_MM *mm);
-API_EXPORT(void *)  ap_mm_malloc(AP_MM *mm, size_t size);
-API_EXPORT(void *)  ap_mm_realloc(AP_MM *mm, void *ptr, size_t size);
-API_EXPORT(void)    ap_mm_free(AP_MM *mm, void *ptr);
-API_EXPORT(void *)  ap_mm_calloc(AP_MM *mm, size_t number, size_t size);
-API_EXPORT(char *)  ap_mm_strdup(AP_MM *mm, const char *str);
-API_EXPORT(size_t)  ap_mm_sizeof(AP_MM *mm, void *ptr);
-API_EXPORT(size_t)  ap_mm_maxsize(void);
-API_EXPORT(size_t)  ap_mm_available(AP_MM *mm);
-API_EXPORT(char *)  ap_mm_error(void);
-API_EXPORT(void)    ap_mm_display_info(AP_MM *mm);
-
-/* Low-Level Shared Memory API */
-API_EXPORT(void *)  ap_mm_core_create(size_t size, char *file);
-API_EXPORT(int)     ap_mm_core_permission(void *core, mode_t mode, uid_t owner,
-    gid_t group);
-API_EXPORT(void)    ap_mm_core_delete(void *core);
-API_EXPORT(size_t)  ap_mm_core_size(void *core);
-API_EXPORT(int)     ap_mm_core_lock(void *core, ap_mm_lock_mode mode);
-API_EXPORT(int)     ap_mm_core_unlock(void *core);
-API_EXPORT(size_t)  ap_mm_core_maxsegsize(void);
-API_EXPORT(size_t)  ap_mm_core_align2page(size_t size);
-API_EXPORT(size_t)  ap_mm_core_align2word(size_t size);
-
-/* Internal Library API */
-API_EXPORT(void)    ap_mm_lib_error_set(unsigned int, const char *str);
-API_EXPORT(char *)  ap_mm_lib_error_get(void);
-API_EXPORT(int)     ap_mm_lib_version(void);
-
-#endif /* AP_MM_H */
diff --git a/usr.sbin/httpd/src/include/ap_mmn.h b/usr.sbin/httpd/src/include/ap_mmn.h
deleted file mode 100644
index 46f2e442dab..00000000000
--- a/usr.sbin/httpd/src/include/ap_mmn.h
+++ /dev/null
@@ -1,289 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_AP_MMN_H
-#define APACHE_AP_MMN_H
-
-/*
- * MODULE_MAGIC_NUMBER_MAJOR
- * Major API changes that could cause compatibility problems for older modules
- * such as structure size changes.  No binary compatibility is possible across
- * a change in the major version.
- *
- * MODULE_MAGIC_NUMBER_MINOR
- * Minor API changes that do not cause binary compatibility problems.
- * Should be reset to 0 when upgrading MODULE_MAGIC_NUMBER_MAJOR.
- *
- * See the MODULE_MAGIC_AT_LEAST macro below for an example.
- */
-
-/*
- * 19950525		- original value
- * 19960512 (1.1b2)	- updated, 1.1, version.
- * 19960526 (1.1b3)	- get_token(), table_unset(), pstrndup()
- *			  functions added
- * 19960725 (1.2-dev)	- HTTP/1.1 compliance
- *			  (new version of read_client_block)
- * 19960806 (1.2-dev)	- scan_script_header_err() added
- * 19961007 (1.2-dev)	- replace read_client_block() with get_client_block()
- * 19961125 (1.2b1)	- change setup_client_block() to Roy's version
- * 19961211 (1.2b3)	- rwrite() added
- * 19970103 (1.2b5-dev)	- header parse API
- * 19970427 (1.2b9-dev)	- port references made unsigned
- * 19970526 (1.2)	- correct vhost walk for multiple requests on a single
- *			  connect
- * 19970623 (1.3-dev)	- NT changes
- * 19970628 (1.3-dev)	- ap_slack (fd fixes) added
- * 19970717 (1.3-dev)	- child_init API hook added
- * 19970719 (1.3-dev)	- discard_request_body() added (to clear the decks
- *			  as needed)
- * 19970728 (1.3a2-dev)	- child_exit API hook added
- * 19970818 (1.3a2-dev)	- post read-request phase added
- * 19970825 (1.3a2-dev)	- r->mtime cell added
- * 19970831 (1.3a2-dev)	- error logging changed to use aplog_error()
- * 19970902 (1.3a2-dev)	- MD5 routines and structures renamed to ap_*
- * 19970912 (1.3b1-dev)	- set_last_modified split into set_last_modified,
- * 			  set_etag and meets_conditions
- *			  register_other_child API
- *			  piped_log API
- *			  short_score split into parent and child pieces
- *			  os_is_absolute_path
- * 19971026 (1.3b3-dev)	- custom config hooks in place
- * 19980126 (1.3b4-dev)	- ap_cpystrn(), table_addn(), table_setn(),
- *			  table_mergen()
- * 19980201 (1.3b4-dev)	- construct_url()
- *			  prototype server_rec * -> request_rec *
- *			  add get_server_name() and get_server_port()
- * 19980207 (1.3b4-dev)	- add dynamic_load_handle to module structure as part
- *			  of the STANDARD_MODULE_STUFF header
- * 19980304 (1.3b6-dev)	- abstraction of SERVER_BUILT and SERVER_VERSION
- * 19980305 (1.3b6-dev)	- ap_config.h added for use by external modules
- * 19980312 (1.3b6-dev)	- parse_uri_components() and its ilk
- *			  remove r->hostlen, add r->unparsed_uri
- *			  set_string_slot_lower()
- *			  clarification: non-RAW_ARGS cmd handlers do not
- *			  need to pstrdup() their arguments
- *			  clarification: request_rec members content_type,
- *			  handler, content_encoding, content_language,
- *			  content_languages MUST all be lowercase strings,
- *			  and MAY NOT be modified in place -- modifications
- *			  require pstrdup().
- * 19980317 (1.3b6-dev)	- CORE_EXPORTs for win32 and <Perl>
- *			  API export basic_http_header, send_header_field,
- *			  set_keepalive, srm_command_loop, check_cmd_context,
- *			  tm2sec
- *			  spacetoplus(), plustospace(), client_to_stdout()
- *			  removed
- * 19980324 (1.3b6-dev)	- API_EXPORT(index_of_response)
- * 19980413 (1.3b6-dev)	- The BIG SYMBOL RENAMING: general ap_ prefix
- *			  (see src/include/compat.h for more details)
- *			  ap_vformatter() API, see src/include/ap.h
- * 19980507 (1.3b7-dev)	- addition of ap_add_version_component() and
- *			  discontinuation of -DSERVER_SUBVERSION support
- * 19980519 (1.3b7-dev)	- add child_info * to spawn function (as passed to
- *			  ap_spawn_child_err_buff) and to ap_call_exec to make
- *			  children work correctly on Win32.
- * 19980527 (1.3b8-dev)	- renamed some more functions to ap_ prefix which were
- *			  missed at the big renaming (they are defines):
- *			  is_default_port, default_port and http_method.
- *			  A new communication method for modules was added:
- *			  they can create customized error messages under the
- *			  "error-notes" key in the request_rec->notes table.
- *			  This string will be printed in place of the canned
- *			  error responses, and will be propagated to
- *			  ErrorDocuments or cgi scripts in the
- *			  (REDIRECT_)ERROR_NOTES variable.
- * 19980627 (1.3.1-dev)	- More renaming that we forgot/bypassed. In particular:
- *			  table_elts --> ap_table_elts
- *			  is_table_empty --> ap_is_table_empty
- * 19980708 (1.3.1-dev)	- ap_isalnum(), ap_isalpha(), ... "8-bit safe" ctype
- *			  macros and apctype.h added
- * 19980713 (1.3.1-dev)	- renaming of C header files:
- *			  1. conf.h      -> ap_config.h
- *			  2. conf_auto.h -> ap_config_auto.h - now merged
- *			  3. ap_config.h -> ap_config_auto.h - now merged
- *			  4. compat.h    -> ap_compat.h
- *			  5. apctype.h   -> ap_ctype.h
- * 19980806 (1.3.2-dev) - add ap_log_rerror()
- *                      - add ap_scan_script_header_err_core()
- *                      - add ap_uuencode()
- *                      - add ap_custom_response()
- * 19980811 (1.3.2-dev)	- added limit_req_line, limit_req_fieldsize, and
- *			  limit_req_fields to server_rec.
- *			  added limit_req_body to core_dir_config and
- *			  ap_get_limit_req_body() to get its value.
- * 19980812 (1.3.2-dev)	- split off MODULE_MAGIC_NUMBER
- * 19980812.2           - add ap_overlap_tables()
- * 19980816 (1.3.2-dev)	- change proxy to use tables for headers, change
- *                        struct cache_req to typedef cache_req.
- *                        Delete ap_proxy_get_header(), ap_proxy_add_header(),
- *                        ap_proxy_del_header(). Change interface of 
- *                        ap_proxy_send_fb() and ap_proxy_cache_error(). 
- *                        Add ap_proxy_send_hdr_line() and ap_proxy_bputs2().
- * 19980825 (1.3.2-dev) - renamed is_HTTP_xxx() macros to ap_is_HTTP_xxx()
- * 19980825.1           - mod_proxy only (minor change): modified interface of
- *                        ap_proxy_read_headers() and rdcache() to use a
- *                        request_rec* instead of pool*
- *                        (for implementing better error reporting).
- * 19980906 (1.3.2-dev) - added ap_md5_binary()
- * 19980917 (1.3.2-dev) - bs2000: changed os_set_authfile() to os_set_account()
- * 19981108 (1.3.4-dev) - added ap_method_number_of()
- *                      - changed value of M_INVALID and added WebDAV methods
- * 19981108.1           - ap_exists_config_define() is now public (minor bump)
- * 19981204             - scoreboard changes -- added generation, changed
- *                        exit_generation to running_generation.  Somewhere
- *                        earlier vhostrec was added, but it's only safe to use
- *                        as of this rev.  See scoreboard.h for documentation.
- * 19981211             - DSO changes -- added ap_single_module_configure()
- *                                    -- added ap_single_module_init()
- * 19981229             - mod_negotiation overhaul -- added ap_make_etag()
- *                        and added vlist_validator to request_rec.
- * 19990101             - renamed macro escape_uri() to ap_escape_uri()
- *                      - added MODULE_MAGIC_COOKIE to identify module structs
- * 19990103 (1.3.4-dev) - added ap_array_pstrcat()
- * 19990105 (1.3.4-dev) - added ap_os_is_filename_valid()
- * 19990106 (1.3.4-dev) - Move MODULE_MAGIC_COOKIE to the end of the
- *                        STANDARD_MODULE_STUFF macro so the version
- *                        numbers and file name remain at invariant offsets
- * 19990108 (1.3.4-dev) - status_drops_connection -> ap_status_drops_connection
- *                        scan_script_header -> ap_scan_script_header_err
- *                      - reordered entries in request_rec that were waiting
- *                        for a non-binary-compatible release.
- *          (1.3.5-dev)
- * 19990108.1           - add ap_MD5Encode() for MD5 password handling.
- * 19990108.2           - add ap_validate_password() and change ap_MD5Encode()
- *                        to use a stronger algorithm.
- * 19990108.4           - add ap_size_list_item(), ap_get_list_item(), and
- *                        ap_find_list_item()
- * 19990108.5           - added ap_sub_req_method_uri() and added const to the
- *                        definition of method in request_rec.
- * 19990108.6           - SIGPIPE is now ignored by the core server.
- * 19990108.7           - ap_isxdigit added
- * 19990320             - METHODS and M_INVALID symbol values modified
- * 19990320.1           - add ap_vrprintf()
- * 19990320.2           - add cmd_parms.context, ap_set_config_vectors, 
- *                        export ap_add_file_conf
- * 19990320.3           - add ap_regexec() and ap_regerror()
- * 19990320.4           - add ap_field_noparam()
- * 19990320.5           - add local_ip/host to conn_rec for mass-vhost
- * 19990320.6           - add ap_SHA1Final(), ap_SHA1Init(),
- *                        ap_SHA1Update_binary(), ap_SHA1Update(),
- *                        ap_base64encode(), ap_base64encode_binary(),
- *                        ap_base64encode_len(), ap_base64decode(),
- *                        ap_base64decode_binary(), ap_base64decode_len(),
- *                        ap_pbase64decode(), ap_pbase64encode()
- * 19990320.7           - add ap_strcasestr()
- * 19990320.8           - add request_rec.case_preserved_filename
- * 19990320.9           - renamed alloc.h to ap_alloc.h
- * 19990320.10          - add ap_is_rdirectory() and ap_stripprefix()
- * 19990320.11          - Add a couple of fields, callback_data and
- *                        filter_callback to the end of buff.h
- * 19990320.11          - Add some fields to the end of the core_dir_config
- *                        structure
- * 19990320.12		- add ap_getline(), ap_get_chunk_size()
- * 19990320.13          - add ap_strtol()
- * 19990320.14          - add ap_register_cleanup_ex(),
- *                        ap_note_cleanups_for_fd_ex(),
- *                        ap_note_cleanups_for_socket_ex(),
- *                        ap_note_cleanups_for_file_ex(),
- *                        ap_popenf_ex() and ap_psocket_ex().
- * 19990320.15          - ap_is_recursion_limit_exceeded()
- */
-
-/* 
- * Under Extended API situations we replace the magic cookie "AP13" with
- * "EAPI" to let us distinguish between the EAPI module structure (which
- * contain additional pointers at the end) and standard module structures
- * (which lack at least NULL's for the pointers at the end).  This is
- * important because standard ("AP13") modules would dump core when we
- * dispatch over the additional hooks because NULL's are missing at the end of
- * the module structure. See also the code in mod_so for details on loading
- * (we accept both "AP13" and "EAPI").
- */
-#define MODULE_MAGIC_COOKIE_AP13 0x41503133UL /* "AP13" */
-#define MODULE_MAGIC_COOKIE_EAPI 0x45415049UL /* "EAPI" */
-#define MODULE_MAGIC_COOKIE      MODULE_MAGIC_COOKIE_EAPI 
-
-#ifndef MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_NUMBER_MAJOR 19990320
-#endif
-#define MODULE_MAGIC_NUMBER_MINOR 15                    /* 0...n */
-
-/* Useful for testing for features. */
-#define AP_MODULE_MAGIC_AT_LEAST(major,minor)		\
-    ((major) < MODULE_MAGIC_NUMBER_MAJOR 		\
-	|| ((major) == MODULE_MAGIC_NUMBER_MAJOR 	\
-	    && (minor) <= MODULE_MAGIC_NUMBER_MINOR))
-
-/*
- * For example, suppose you wish to use the ap_overlap_tables
- * function.  You can do this:
- *
- * #if AP_MODULE_MAGIC_AT_LEAST(19980812,2)
- *    ... use ap_overlap_tables()
- * #else
- *    ... alternative code which doesn't use ap_overlap_tables()
- * #endif
- *
- */
-
-/* deprecated. present for backwards compatibility */
-#define MODULE_MAGIC_NUMBER MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_AT_LEAST old_broken_macro_we_hope_you_are_not_using
-
-#endif /* !APACHE_AP_MMN_H */
diff --git a/usr.sbin/httpd/src/include/ap_sha1.h b/usr.sbin/httpd/src/include/ap_sha1.h
deleted file mode 100644
index 5a0eeadccf5..00000000000
--- a/usr.sbin/httpd/src/include/ap_sha1.h
+++ /dev/null
@@ -1,104 +0,0 @@
-/* $OpenBSD: ap_sha1.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * NIST Secure Hash Algorithm
- * 	heavily modified by Uwe Hollerbach uh@alumni.caltech edu
- * 	from Peter C. Gutmann's implementation as found in
- * 	Applied Cryptography by Bruce Schneier
- * 	This code is hereby placed in the public domain
- */
-
-#ifndef APACHE_SHA1_H
-#define APACHE_SHA1_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <sha1.h>
-
-#define SHA_DIGESTSIZE SHA1_DIGEST_LENGTH
-
-/*
- * Define the Magic String prefix that identifies a password as being
- * hashed using our algorithm.
- */
-#define AP_SHA1PW_ID "{SHA}"
-#define AP_SHA1PW_IDLEN 5
-
-typedef u_int32_t AP_LONG;         /* a 32-bit quantity */
-
-#define AP_SHA1_CTX SHA1_CTX
-
-API_EXPORT(void) ap_sha1_base64(const char *clear, int len, char *out);
-API_EXPORT(void) ap_SHA1Init(AP_SHA1_CTX *context);
-API_EXPORT(void) ap_SHA1Update(AP_SHA1_CTX *context, const char *input,
-    unsigned int inputLen);
-API_EXPORT(void) ap_SHA1Update_binary(AP_SHA1_CTX *context,
-    const unsigned char *input, unsigned int inputLen);
-API_EXPORT(void) ap_SHA1Final(unsigned char digest[SHA_DIGESTSIZE],
-    AP_SHA1_CTX *context);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_SHA1_H */
diff --git a/usr.sbin/httpd/src/include/buff.h b/usr.sbin/httpd/src/include/buff.h
deleted file mode 100644
index 8fd8ff47702..00000000000
--- a/usr.sbin/httpd/src/include/buff.h
+++ /dev/null
@@ -1,193 +0,0 @@
-/* $OpenBSD: buff.h,v 1.13 2010/02/25 07:49:53 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_BUFF_H
-#define APACHE_BUFF_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <stdarg.h>
-
-/* Reading is buffered */
-#define B_RD     (1)
-/* Writing is buffered */
-#define B_WR     (2)
-#define B_RDWR   (3)
-/* At end of file, or closed stream; no further input allowed */
-#define B_EOF    (4)
-/* No further output possible */
-#define B_EOUT   (8)
-/* A read error has occurred */
-#define B_RDERR (16)
-/* A write error has occurred */
-#define B_WRERR (32)
-#ifdef B_ERROR  /* in SVR4: sometimes defined in /usr/include/sys/buf.h */
-#undef B_ERROR
-#endif
-#define B_ERROR (48)
-/* Use chunked writing */
-#define B_CHUNK (64)
-/* bflush() if a read would block */
-#define B_SAFEREAD (128)
-/* buffer is a socket */
-#define B_SOCKET (256)
-
-typedef struct buff_struct BUFF;
-
-struct buff_struct {
-	int flags;			/* flags */
-	unsigned char *inptr;	/* pointer to next location to read */
-	int incnt;		/* number of bytes left to read from input buffer;
-				 * always 0 if had a read error  */
-	int outchunk;		/* location of chunk header when chunking */
-	int outcnt;		/* number of byte put in output buffer */
-	unsigned char *inbase;
-	unsigned char *outbase;
-	int bufsiz;
-	void (*error) (BUFF *fb, int op, void *data);
-	void *error_data;
-	off_t bytes_sent;	/* number of bytes actually written */
-
-	ap_pool *pool;
-
-	/* could also put pointers to the basic I/O routines here */
-	int fd;			/* the file descriptor */
-	int fd_in;		/* input file descriptor, if different */
-
-	/* transport handle, for RPC binding handle or some such */
-	void *t_handle;
-
-	ap_ctx *ctx;
-
-	void *callback_data;
-	void (*filter_callback)(BUFF *, const void *, int );
-};
-
-/* Options to bset/getopt */
-#define BO_BYTECT (1)
-
-/* Stream creation and modification */
-API_EXPORT(BUFF *) ap_bcreate(pool *p, int flags);
-API_EXPORT(void) ap_bpushfd(BUFF *fb, int fd_in, int fd_out);
-API_EXPORT(int) ap_bsetopt(BUFF *fb, int optname, const void *optval);
-API_EXPORT(int) ap_bgetopt(BUFF *fb, int optname, void *optval);
-API_EXPORT(int) ap_bsetflag(BUFF *fb, int flag, int value);
-API_EXPORT(int) ap_bclose(BUFF *fb);
-
-#define ap_bgetflag(fb, flag)	((fb)->flags & (flag))
-
-/* Error handling */
-API_EXPORT(void) ap_bonerror(BUFF *fb, void (*error) (BUFF *, int, void *),
-			  void *data);
-
-/* I/O */
-API_EXPORT(int) ap_bread(BUFF *fb, void *buf, int nbyte);
-API_EXPORT(int) ap_bgets(char *s, int n, BUFF *fb);
-API_EXPORT(int) ap_blookc(char *buff, BUFF *fb);
-API_EXPORT(int) ap_bskiplf(BUFF *fb);
-API_EXPORT(int) ap_bwrite(BUFF *fb, const void *buf, int nbyte);
-API_EXPORT(int) ap_bflush(BUFF *fb);
-API_EXPORT(int) ap_bputs(const char *x, BUFF *fb);
-API_EXPORT_NONSTD(int) ap_bvputs(BUFF *fb,...);
-API_EXPORT_NONSTD(int) ap_bprintf(BUFF *fb, const char *fmt,...)
-				__attribute__((format(printf,2,3)));
-API_EXPORT(int) ap_vbprintf(BUFF *fb, const char *fmt, va_list vlist);
-
-/* Internal routines */
-API_EXPORT(int) ap_bflsbuf(int c, BUFF *fb);
-API_EXPORT(int) ap_bfilbuf(BUFF *fb);
-
-#define ap_bpeekc(fb) ( ((fb)->incnt == 0) ? EOF : *((fb)->inptr) )
-
-#define ap_bgetc(fb)   ( ((fb)->incnt == 0) ? ap_bfilbuf(fb) : \
-		    ((fb)->incnt--, *((fb)->inptr++)) )
-
-#define ap_bputc(c, fb) ((((fb)->flags & (B_EOUT|B_WRERR|B_WR)) != B_WR || \
-		     (fb)->outcnt == (fb)->bufsiz) ? ap_bflsbuf(c, (fb)) : \
-		     ((fb)->outbase[(fb)->outcnt++] = (c), 0))
-
-struct child_info {
-    /* 
-     * We need to put a dummy member in here to avoid compilation
-     * errors under certain Unix compilers, like SGI's and HPUX's,
-     * which fail to compile a zero-sized struct.  Of course
-     * it would be much nicer if there was actually a use for this
-     * structure under Unix.  Aah the joys of x-platform code.
-     */
-    int dummy;
-};
-API_EXPORT(int) ap_bspawn_child(pool *, int (*)(void *, child_info *), void *,
-    enum kill_conditions, BUFF **pipe_in, BUFF **pipe_out, BUFF **pipe_err);
-
-/* enable non-blocking operations */
-API_EXPORT(int) ap_bnonblock(BUFF *fb, int direction);
-/* and get an fd to select() on */
-API_EXPORT(int) ap_bfileno(BUFF *fb, int direction);
-
-/* bflush() if a read now would block, but don't actually read anything */
-API_EXPORT(void) ap_bhalfduplex(BUFF *fb);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_BUFF_H */
diff --git a/usr.sbin/httpd/src/include/compat.h b/usr.sbin/httpd/src/include/compat.h
deleted file mode 100644
index ab21c0fe63e..00000000000
--- a/usr.sbin/httpd/src/include/compat.h
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $OpenBSD: compat.h,v 1.2 2005/03/28 23:26:51 niallo Exp $ */
-
-/*
- *  compat.h -- backward compatibility header for ap_compat.h
- */
-
-#ifdef __GNUC__
-#warning "This header is obsolete, use ap_compat.h instead"
-#endif
-
-#include "ap_compat.h"
diff --git a/usr.sbin/httpd/src/include/conf.h b/usr.sbin/httpd/src/include/conf.h
deleted file mode 100644
index b50b8c852e1..00000000000
--- a/usr.sbin/httpd/src/include/conf.h
+++ /dev/null
@@ -1,11 +0,0 @@
-/* $OpenBSD: conf.h,v 1.2 2005/03/28 23:26:51 niallo Exp $ */
-
-/*
- *  conf.h -- backward compatibility header for ap_config.h
- */
-
-#ifdef __GNUC__
-#warning "This header is obsolete, use ap_config.h instead"
-#endif
-
-#include "ap_config.h"
diff --git a/usr.sbin/httpd/src/include/explain.h b/usr.sbin/httpd/src/include/explain.h
deleted file mode 100644
index 4ab6bc7cbb0..00000000000
--- a/usr.sbin/httpd/src/include/explain.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* $OpenBSD: explain.h,v 1.2 2005/03/28 23:26:51 niallo Exp $ */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef EXPLAIN
-#define DEF_Explain
-#define Explain0(f)
-#define Explain1(f,a1)
-#define Explain2(f,a1,a2)
-#define Explain3(f,a1,a2,a3)
-#define Explain4(f,a1,a2,a3,a4)
-#define Explain5(f,a1,a2,a3,a4,a5)
-#define Explain6(f,a1,a2,a3,a4,a5,a6)
-#else
-#include "http_log.h"
-#define DEF_Explain
-#define Explain0(f) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f)
-#define Explain1(f,a1) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1)
-#define Explain2(f,a1,a2) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2)
-#define Explain3(f,a1,a2,a3) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2,a3)
-#define Explain4(f,a1,a2,a3,a4) \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2,a3,a4)
-#define Explain5(f,a1,a2,a3,a4,a5)  \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2,a3,a4,a5)
-#define Explain6(f,a1,a2,a3,a4,a5,a6)   \
-        ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, \
-                    f,a1,a2,a3,a4,a5,a6)
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/usr.sbin/httpd/src/include/fdcache.h b/usr.sbin/httpd/src/include/fdcache.h
deleted file mode 100644
index 597bde12216..00000000000
--- a/usr.sbin/httpd/src/include/fdcache.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*	$OpenBSD: fdcache.h,v 1.1 2002/07/17 11:17:00 henning Exp $ */
-
-/*
- * Copyright (c) 2002 Henning Brauer
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *    - Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    - Redistributions in binary form must reproduce the above
- *      copyright notice, this list of conditions and the following
- *      disclaimer in the documentation and/or other materials provided
- *      with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-int	fdcache_open(char *, int, mode_t);
-void	fdcache_closeall();
diff --git a/usr.sbin/httpd/src/include/fnmatch.h b/usr.sbin/httpd/src/include/fnmatch.h
deleted file mode 100644
index 5795a2241b5..00000000000
--- a/usr.sbin/httpd/src/include/fnmatch.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/* $OpenBSD: fnmatch.h,v 1.3 2005/03/28 23:26:51 niallo Exp $ */
-
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)fnmatch.h	8.1 (Berkeley) 6/2/93
- */
-
-/* This file has been modified by the Apache Group. */
-
-#include "ap_config.h"
-
-#ifndef	_FNMATCH_H_
-#define	_FNMATCH_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define	FNM_NOMATCH	1	/* Match failed. */
-
-#define	FNM_NOESCAPE	0x01	/* Disable backslash escaping. */
-#define	FNM_PATHNAME	0x02	/* Slash must be matched by slash. */
-#define	FNM_PERIOD	0x04	/* Period must be matched by period. */
-/* This flag is an Apache addition */
-#define FNM_CASE_BLIND  0x08    /* Compare characters case-insensitively. */
-
-API_EXPORT(int) ap_fnmatch(const char *, const char *, int);
-
-/* this function is an Apache addition */
-API_EXPORT(extern int) ap_is_fnmatch(const char *);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !_FNMATCH_H_ */
diff --git a/usr.sbin/httpd/src/include/http_conf_globals.h b/usr.sbin/httpd/src/include/http_conf_globals.h
deleted file mode 100644
index 14ff3b2afcd..00000000000
--- a/usr.sbin/httpd/src/include/http_conf_globals.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/* $OpenBSD: http_conf_globals.h,v 1.17 2008/05/09 08:06:28 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_CONF_GLOBALS_H
-#define APACHE_HTTP_CONF_GLOBALS_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* 
- * Process config --- what the process ITSELF is doing
- */
-
-extern API_VAR_EXPORT int ap_standalone;
-extern API_VAR_EXPORT int ap_configtestonly;
-extern int ap_docrootcheck;
-extern API_VAR_EXPORT uid_t ap_user_id;
-extern API_VAR_EXPORT char *ap_user_name;
-extern API_VAR_EXPORT gid_t ap_group_id;
-extern API_VAR_EXPORT int ap_max_requests_per_child;
-extern API_VAR_EXPORT int ap_max_cpu_per_child;
-extern API_VAR_EXPORT int ap_max_data_per_child;
-extern API_VAR_EXPORT int ap_max_nofile_per_child;
-extern API_VAR_EXPORT int ap_max_rss_per_child;
-extern API_VAR_EXPORT int ap_max_stack_per_child;
-extern API_VAR_EXPORT int ap_threads_per_child;
-extern API_VAR_EXPORT int ap_excess_requests_per_child;
-extern API_VAR_EXPORT struct sockaddr_storage ap_bind_address;
-extern API_VAR_EXPORT int ap_default_family;
-extern listen_rec *ap_listeners;
-extern API_VAR_EXPORT int ap_daemons_to_start;
-extern API_VAR_EXPORT int ap_daemons_min_free;
-extern API_VAR_EXPORT int ap_daemons_max_free;
-extern API_VAR_EXPORT int ap_daemons_limit;
-extern API_VAR_EXPORT int ap_suexec_enabled;
-extern API_VAR_EXPORT int ap_listenbacklog;
-extern int ap_dump_settings;
-extern API_VAR_EXPORT int ap_extended_status;
-extern API_VAR_EXPORT ap_ctx *ap_global_ctx;
-
-extern API_VAR_EXPORT char *ap_pid_fname;
-extern API_VAR_EXPORT char *ap_scoreboard_fname;
-extern API_VAR_EXPORT char *ap_lock_fname;
-extern API_VAR_EXPORT char *ap_server_argv0;
-
-extern enum server_token_type ap_server_tokens;
-
-extern API_VAR_EXPORT int ap_protocol_req_check;
-extern API_VAR_EXPORT int ap_change_shmem_uid;
-
-/* Trying to allocate these in the config pool gets us into some *nasty*
- * chicken-and-egg problems in http_main.c --- where do you stick them
- * when pconf gets cleared?  Better to just allocate a little space
- * statically...
- */
-
-extern API_VAR_EXPORT char ap_server_root[MAX_STRING_LEN];
-extern API_VAR_EXPORT char ap_server_confname[MAX_STRING_LEN];
-
-/* for -C, -c and -D switches */
-extern API_VAR_EXPORT array_header *ap_server_pre_read_config;
-extern API_VAR_EXPORT array_header *ap_server_post_read_config;
-extern API_VAR_EXPORT array_header *ap_server_config_defines;
-
-/* We want this to have the least chance of being corrupted if there
- * is some memory corruption, so we allocate it statically.
- */
-extern API_VAR_EXPORT char ap_coredump_dir[MAX_STRING_LEN];
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_CONF_GLOBALS_H */
diff --git a/usr.sbin/httpd/src/include/http_config.h b/usr.sbin/httpd/src/include/http_config.h
deleted file mode 100644
index 21482a9cc1a..00000000000
--- a/usr.sbin/httpd/src/include/http_config.h
+++ /dev/null
@@ -1,469 +0,0 @@
-/* $OpenBSD: http_config.h,v 1.12 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_CONFIG_H
-#define APACHE_HTTP_CONFIG_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The central data structures around here...
- */
-
-/* Command dispatch structures... */
-
-/* Note that for all of these except RAW_ARGS, the config routine is
- * passed a freshly allocated string which can be modified or stored
- * or whatever... it's only necessary to do pstrdup() stuff with
- * RAW_ARGS.
- */
-enum cmd_how {
-	RAW_ARGS,		/* cmd_func parses command line itself */
-	TAKE1,			/* one argument only */
-	TAKE2,			/* two arguments only */
-	ITERATE,		/* one argument, occuring multiple times
-				 * (e.g., IndexIgnore)
-				 */
-	ITERATE2,		/* two arguments, 2nd occurs multiple times
-				 * (e.g., AddIcon)
-				 */
-	FLAG,			/* One of 'On' or 'Off' */
-	NO_ARGS,		/* No args at all, e.g. </Directory> */
-	TAKE12,			/* one or two arguments */
-	TAKE3,			/* three arguments only */
-	TAKE23,			/* two or three arguments */
-	TAKE123,		/* one, two or three arguments */
-	TAKE13			/* one or three arguments */
-};
-
-typedef struct command_struct {
-	const char *name;		/* Name of this command */
-	const char *(*func) ();	/* Function invoked */
-	void *cmd_data;		/* Extra data, for functions which
-				 * implement multiple commands...
-				 */
-	int req_override;	/* What overrides need to be allowed to
-				 * enable this command.
-				 */
-	enum cmd_how args_how;	/* What the command expects as arguments */
-
-	const char *errmsg;	/* 'usage' message, in case of syntax errors */
-} command_rec;
-
-/* The allowed locations for a configuration directive are the union of
- * those indicated by each set bit in the req_override mask.
- *
- * (req_override & RSRC_CONF)   => *.conf outside <Directory> or <Location>
- * (req_override & ACCESS_CONF) => *.conf inside <Directory> or <Location>
- * (req_override & OR_AUTHCFG)  => *.conf inside <Directory> or <Location>
- *                                 and .htaccess when AllowOverride AuthConfig
- * (req_override & OR_LIMIT)    => *.conf inside <Directory> or <Location>
- *                                 and .htaccess when AllowOverride Limit
- * (req_override & OR_OPTIONS)  => *.conf anywhere
- *                                 and .htaccess when AllowOverride Options
- * (req_override & OR_FILEINFO) => *.conf anywhere
- *                                 and .htaccess when AllowOverride FileInfo
- * (req_override & OR_INDEXES)  => *.conf anywhere
- *                                 and .htaccess when AllowOverride Indexes
- */
-#define OR_NONE 0
-#define OR_LIMIT 1
-#define OR_OPTIONS 2
-#define OR_FILEINFO 4
-#define OR_AUTHCFG 8
-#define OR_INDEXES 16
-#define OR_UNSET 32
-#define ACCESS_CONF 64
-#define RSRC_CONF 128
-#define OR_ALL (OR_LIMIT|OR_OPTIONS|OR_FILEINFO|OR_AUTHCFG|OR_INDEXES)
-
-/* This can be returned by a function if they don't wish to handle
- * a command. Make it something not likely someone will actually use
- * as an error code.
- */
-
-#define DECLINE_CMD "\a\b"
-
-/*
- * This structure is passed to a command which is being invoked,
- * to carry a large variety of miscellaneous data which is all of
- * use to *somebody*...
- */
-
-typedef struct {
-	void *info;		/* Argument to command from cmd_table */
-	int override;		/* Which allow-override bits are set */
-	int limited;		/* Which methods are <Limit>ed */
-
-			      /* Config file structure from pcfg_openfile() */
-	configfile_t *config_file;
-
-	ap_pool *pool;			/* Pool to allocate new storage in */
-	struct pool *temp_pool;	/* Pool for scratch memory; persists during
-				 * configuration, but wiped before the first
-				 * request is served...
-				 */
-	server_rec *server;		/* Server_rec being configured for */
-	char *path;			/* If configuring for a directory,
-				 * pathname of that directory.
-				 * NOPE!  That's what it meant previous to the
-				 * existance of <Files>, <Location> and regex
-				 * matching.  Now the only usefulness that can
-			* be derived from this field is whether a command
-			 * is being called in a server context (path == NULL)
-			 * or being called in a dir context (path != NULL).
-				 */
-	const command_rec *cmd;	/* configuration command */
-	const char *end_token;	/* end token required to end a nested section */
-	void *context;		/* per_dir_config vector passed 
-				 * to handle_command */
-} cmd_parms;
-
-/* This structure records the existence of handlers in a module... */
-
-typedef struct {
-    const char *content_type;	/* MUST be all lower case */
-    int (*handler) (request_rec *);
-} handler_rec;
-
-/*
- * Module structures.  Just about everything is dispatched through
- * these, directly or indirectly (through the command and handler
- * tables).
- */
-
-typedef struct module_struct {
-	int version;		/* API version, *not* module version;
-				 * check that module is compatible with this
-				 * version of the server.
-				 */
-	int minor_version;          /* API minor version. Provides API feature
-				 * milestones. Not checked during module init
-				 */
-	int module_index;	/* Index to this modules structures in
-				 * config vectors.
-				 */
-
-	const char *name;
-	void *dynamic_load_handle;
-
-	struct module_struct *next;
-
-	unsigned long magic;    /* Magic Cookie to identify a module structure;
-				 * It's mainly important for the DSO facility
-				 * (see also mod_so).
-				 */
-
-	/* init() occurs after config parsing, but before any children are
-	* forked.
-	* Modules should not rely on the order in which create_server_config
-	* and create_dir_config are called.
-	*/
-	void (*init) (server_rec *, pool *);
-	void *(*create_dir_config) (pool *p, char *dir);
-	void *(*merge_dir_config) (pool *p, void *base_conf, void *new_conf);
-	void *(*create_server_config) (pool *p, server_rec *s);
-	void *(*merge_server_config) (pool *p, void *base_conf, void *new_conf);
-
-	const command_rec *cmds;
-	const handler_rec *handlers;
-
-	/* Hooks for getting into the middle of server ops...
-
-	* translate_handler --- translate URI to filename
-	* access_checker --- check access by host address, etc.   All of these
-	*                    run; if all decline, that's still OK.
-	* check_user_id --- get and validate user id from the HTTP request
-	* auth_checker --- see if the user (from check_user_id) is OK *here*.
-	*                  If all of *these* decline, the request is rejected
-	*                  (as a SERVER_ERROR, since the module which was
-	*                  supposed to handle this was configured wrong).
-	* type_checker --- Determine MIME type of the requested entity;
-	*                  sets content_type, _encoding and _language fields.
-	* logger --- log a transaction.
-        * post_read_request --- run right after read_request or
-	*                internal_redirect, and not run during any subrequests.
-	*/
-
-	int (*translate_handler) (request_rec *);
-	int (*ap_check_user_id) (request_rec *);
-	int (*auth_checker) (request_rec *);
-	int (*access_checker) (request_rec *);
-	int (*type_checker) (request_rec *);
-	int (*fixer_upper) (request_rec *);
-	int (*logger) (request_rec *);
-	int (*header_parser) (request_rec *);
-
-	/* Regardless of the model the server uses for managing "units of
-	* execution", i.e. multi-process, multi-threaded, hybrids of those,
-	* there is the concept of a "heavy weight process".  That is, a
-	* process with its own memory space, file spaces, etc.  This method,
-	* child_init, is called once for each heavy-weight process before
-	* any requests are served.  Note that no provision is made yet for
-	* initialization per light-weight process (i.e. thread).  The
-	* parameters passed here are the same as those passed to the global
-	* init method above.
-	*/
-	void (*child_init) (server_rec *, pool *);
-	void (*child_exit) (server_rec *, pool *);
-	int (*post_read_request) (request_rec *);
-
-	/*
-	* ANSI C guarantees us that we can at least extend the module structure
-	* with additional hooks without the need to change all existing modules.
-	* Because: ``If there are fewer initializers in the list than members of
-	* the structure, the trailing members are initialized with 0.'' (The C
-	* Programming Language, 2nd Ed., A8.7 Initialization). So we just
-	* have to put our additional hooks here:
-	*
-	* add_module:
-	*     Called from within ap_add_module() right after the module
-	*     structure was linked into the Apache internal module list.
-	*     It is mainly intended to be used to define configuration defines
-	*     (<IfDefine>) which have to be available directly after a
-	*     LoadModule/AddModule. Actually this is the earliest possible
-	*     hook a module can use.
-	*
-	* remove_module:
-	*     Called from within ap_remove_module() right before the module
-	*     structure is kicked out from the Apache internal module list.
-	*     Actually this is last possible hook a module can use and exists
-	*     for consistency with the add_module hook.
-	*
-	* rewrite_command:
-	*     Called right after a configuration directive line was read and
-	*     before it is processed. It is mainly intended to be used for
-	*     rewriting directives in order to provide backward compatibility to
-	*     old directive variants.
-	*
-	* new_connection:
-	*     Called from within the internal new_connection() function, right
-	*     after the conn_rec structure for the new established connection
-	*     was created and before Apache starts processing the request with
-	*     ap_read_request().  It is mainly intended to be used to setup/run
-	*     connection dependent things like sending start headers for
-	*     on-the-fly compression, etc.
-	*
-	* close_connection:
-	*     Called from within the Apache dispatching loop just before any
-	*     ap_bclose() is performed on the socket connection, but a long time
-	*     before any pool cleanups are done for the connection (which can be
-	*     too late for some applications).  It is mainly intended to be used
-	*     to close/finalize connection dependent things like sending end
-	*     headers for on-the-fly compression, etc.
-	*/
-	void  (*add_module) (struct module_struct *);
-	void  (*remove_module) (struct module_struct *);
-	char *(*rewrite_command) (cmd_parms *, void *config, const char *);
-	void  (*new_connection) (conn_rec *);
-	void  (*close_connection) (conn_rec *);
-} module;
-
-/* Initializer for the first few module slots, which are only
- * really set up once we start running.  Note that the first two slots
- * provide a version check; this should allow us to deal with changes to
- * the API. The major number should reflect changes to the API handler table
- * itself or removal of functionality. The minor number should reflect
- * additions of functionality to the existing API. (the server can detect
- * an old-format module, and either handle it back-compatibly, or at least
- * signal an error). See src/include/ap_mmn.h for MMN version history.
- */
-
-#define STANDARD_MODULE_STUFF	MODULE_MAGIC_NUMBER_MAJOR, \
-				MODULE_MAGIC_NUMBER_MINOR, \
-				-1, \
-				__FILE__, \
-				NULL, \
-				NULL, \
-				MODULE_MAGIC_COOKIE
-
-/* Generic accessors for other modules to get at their own module-specific
- * data
- */
-
-API_EXPORT(void *) ap_get_module_config(void *conf_vector, module *m);
-API_EXPORT(void) ap_set_module_config(void *conf_vector, module *m, void *val);
-
-#define ap_get_module_config(v,m)	\
-    (((void **)(v))[(m)->module_index])
-#define ap_set_module_config(v,m,val)	\
-    ((((void **)(v))[(m)->module_index]) = (val))
-
-/* Generic command handling function... */
-
-API_EXPORT_NONSTD(const char *) ap_set_string_slot(cmd_parms *, char *, char *);
-API_EXPORT_NONSTD(const char *) ap_set_string_slot_lower(cmd_parms *, char *,
-    char *);
-API_EXPORT_NONSTD(const char *) ap_set_flag_slot(cmd_parms *, char *, int);
-API_EXPORT_NONSTD(const char *) ap_set_file_slot(cmd_parms *, char *, char *);
-
-/* For modules which need to read config files, open logs, etc. ...
- * this returns the fname argument if it begins with '/'; otherwise
- * it relativizes it wrt server_root.
- */
-
-API_EXPORT(char *) ap_server_root_relative(pool *p, char *fname);
-
-/* Finally, the hook for dynamically loading modules in... */
-
-API_EXPORT(void) ap_add_module(module *m);
-API_EXPORT(void) ap_remove_module(module *m);
-API_EXPORT(void) ap_add_loaded_module(module *mod);
-API_EXPORT(void) ap_remove_loaded_module(module *mod);
-API_EXPORT(int) ap_add_named_module(const char *name);
-API_EXPORT(void) ap_clear_module_list(void);
-API_EXPORT(const char *) ap_find_module_name(module *m);
-API_EXPORT(module *) ap_find_linked_module(const char *name);
-
-/* for implementing subconfigs and customized config files */
-API_EXPORT(const char *) ap_srm_command_loop(cmd_parms *parms, void *config);
-
-#ifdef CORE_PRIVATE
-
-extern API_VAR_EXPORT module *top_module;
-
-extern module *ap_prelinked_modules[];
-extern module *ap_preloaded_modules[];
-extern API_VAR_EXPORT module **ap_loaded_modules;
-
-/* For mod_so.c... */
-
-API_EXPORT(void) ap_single_module_configure(pool *p, server_rec *s, module *m);
-
-/* For http_main.c... */
-
-API_EXPORT(server_rec *) ap_read_config(pool *conf_pool, pool *temp_pool,
-    char *config_name);
-API_EXPORT(void) ap_init_modules(pool *p, server_rec *s);
-API_EXPORT(void) ap_child_init_modules(pool *p, server_rec *s);
-API_EXPORT(void) ap_child_exit_modules(pool *p, server_rec *s);
-API_EXPORT(void) ap_setup_prelinked_modules(void);
-API_EXPORT(void) ap_show_directives(void);
-API_EXPORT(void) ap_show_modules(void);
-void ap_cleanup_method_ptrs(void);
-
-/* For http_request.c... */
-
-CORE_EXPORT(void *) ap_create_request_config(pool *p);
-CORE_EXPORT(void *) ap_create_per_dir_config(pool *p);
-CORE_EXPORT(void *) ap_merge_per_dir_configs(pool *p, void *base, void *new);
-
-/* For http_core.c... (<Directory> command and virtual hosts) */
-
-CORE_EXPORT(int) ap_parse_htaccess(void **result, request_rec *r, int override,
-    const char *path, const char *access_name);
-
-CORE_EXPORT(const char *) ap_init_virtual_host(pool *p, const char *hostname,
-    server_rec *main_server, server_rec **);
-CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname,
-    pool *p, pool *ptemp);
-
-/* ap_check_cmd_context() definitions: */
-API_EXPORT(const char *) ap_check_cmd_context(cmd_parms *cmd,
-    unsigned forbidden);
-
-/* ap_check_cmd_context():              Forbidden in: */
-#define  NOT_IN_VIRTUALHOST     0x01 /* <Virtualhost> */
-#define  NOT_IN_LIMIT           0x02 /* <Limit> */
-#define  NOT_IN_DIRECTORY       0x04 /* <Directory> */
-#define  NOT_IN_LOCATION        0x08 /* <Location> */
-#define  NOT_IN_FILES           0x10 /* <Files> */
-#define  NOT_IN_DIR_LOC_FILE    (NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES) /* <Directory>/<Location>/<Files>*/
-#define  GLOBAL_ONLY      (NOT_IN_VIRTUALHOST|NOT_IN_LIMIT|NOT_IN_DIR_LOC_FILE)
-
-
-/* Module-method dispatchers, also for http_request.c */
-
-API_EXPORT(int) ap_translate_name(request_rec *);
-/* check access on non-auth basis */
-API_EXPORT(int) ap_check_access(request_rec *);
-/* obtain valid username from client auth */
-API_EXPORT(int) ap_check_user_id(request_rec *);
-/* check (validated) user is authorized here */
-API_EXPORT(int) ap_check_auth(request_rec *);
-/* identify MIME type */
-API_EXPORT(int) ap_find_types(request_rec *);
-/* poke around for other metainfo, etc.... */
-API_EXPORT(int) ap_run_fixups(request_rec *);
-API_EXPORT(int) ap_invoke_handler(request_rec *);
-API_EXPORT(int) ap_log_transaction(request_rec *r);
-API_EXPORT(int) ap_header_parse(request_rec *);
-API_EXPORT(int) ap_run_post_read_request(request_rec *);
-
-/* for mod_perl */
-
-CORE_EXPORT(const command_rec *) ap_find_command(const char *name,
-    const command_rec *cmds);
-CORE_EXPORT(const command_rec *) ap_find_command_in_modules(const char
-    *cmd_name, module **mod);
-CORE_EXPORT(void *) ap_set_config_vectors(cmd_parms *parms, void *config,
-    module *mod);
-CORE_EXPORT(const char *) ap_handle_command(cmd_parms *parms, void *config,
-    const char *l);
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_CONFIG_H */
diff --git a/usr.sbin/httpd/src/include/http_core.h b/usr.sbin/httpd/src/include/http_core.h
deleted file mode 100644
index 07fcd1fff11..00000000000
--- a/usr.sbin/httpd/src/include/http_core.h
+++ /dev/null
@@ -1,356 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_CORE_H
-#define APACHE_HTTP_CORE_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*****************************************************************
- *
- * The most basic server code is encapsulated in a single module
- * known as the core, which is just *barely* functional enough to
- * serve documents, though not terribly well.
- *
- * Largely for NCSA back-compatibility reasons, the core needs to
- * make pieces of its config structures available to other modules.
- * The accessors are declared here, along with the interpretation
- * of one of them (allow_options).
- */
-
-#define OPT_NONE 0
-#define OPT_INDEXES 1
-#define OPT_INCLUDES 2
-#define OPT_SYM_LINKS 4
-#define OPT_EXECCGI 8
-#define OPT_UNSET 16
-#define OPT_INCNOEXEC 32
-#define OPT_SYM_OWNER 64
-#define OPT_MULTI 128
-#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_SYM_LINKS|OPT_EXECCGI)
-
-/* options for get_remote_host() */
-/* REMOTE_HOST returns the hostname, or NULL if the hostname
- * lookup fails.  It will force a DNS lookup according to the
- * HostnameLookups setting.
- */
-#define REMOTE_HOST (0)
-
-/* REMOTE_NAME returns the hostname, or the dotted quad if the
- * hostname lookup fails.  It will force a DNS lookup according
- * to the HostnameLookups setting.
- */
-#define REMOTE_NAME (1)
-
-/* REMOTE_NOLOOKUP is like REMOTE_NAME except that a DNS lookup is
- * never forced.
- */
-#define REMOTE_NOLOOKUP (2)
-
-/* REMOTE_DOUBLE_REV will always force a DNS lookup, and also force
- * a double reverse lookup, regardless of the HostnameLookups
- * setting.  The result is the (double reverse checked) hostname,
- * or NULL if any of the lookups fail.
- */
-#define REMOTE_DOUBLE_REV (3)
-
-#define SATISFY_ALL 0
-#define SATISFY_ANY 1
-#define SATISFY_NOSPEC 2
-
-/* default maximum of internal redirects */
-# define AP_DEFAULT_MAX_INTERNAL_REDIRECTS 20
-
-/* default maximum subrequest nesting level */
-# define AP_DEFAULT_MAX_SUBREQ_DEPTH 20
-
-API_EXPORT(int) ap_allow_options (request_rec *);
-API_EXPORT(int) ap_allow_overrides (request_rec *);
-API_EXPORT(const char *) ap_default_type (request_rec *);     
-API_EXPORT(const char *) ap_document_root (request_rec *); /* Don't use this!  If your request went
-				      * through a Userdir, or something like
-				      * that, it'll screw you.  But it's
-				      * back-compatible...
-				      */
-API_EXPORT(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, int type);
-API_EXPORT(const char *) ap_get_remote_logname(request_rec *r);
-
-/* Used for constructing self-referencing URLs, and things like SERVER_PORT,
- * and SERVER_NAME.
- */
-API_EXPORT(char *) ap_construct_url(pool *p, const char *uri, request_rec *r);
-API_EXPORT(const char *) ap_get_server_name(request_rec *r);
-API_EXPORT(unsigned) ap_get_server_port(const request_rec *r);
-API_EXPORT(unsigned long) ap_get_limit_req_body(const request_rec *r);
-API_EXPORT(void) ap_custom_response(request_rec *r, int status, char *string);
-API_EXPORT(int) ap_exists_config_define(char *name);
-
-/* Check if the current request is beyond the configured max. number of redirects or subrequests
- * @param r The current request
- * @return true (is exceeded) or false
- */
-API_EXPORT(int) ap_is_recursion_limit_exceeded(const request_rec *r);
-
-/* Authentication stuff.  This is one of the places where compatibility
- * with the old config files *really* hurts; they don't discriminate at
- * all between different authentication schemes, meaning that we need
- * to maintain common state for all of them in the core, and make it
- * available to the other modules through interfaces.
- */
-    
-typedef struct {
-    int method_mask;
-    char *requirement;
-} require_line;
-     
-API_EXPORT(const char *) ap_auth_type (request_rec *);
-API_EXPORT(const char *) ap_auth_name (request_rec *);     
-API_EXPORT(const char *) ap_auth_nonce (request_rec *);
-API_EXPORT(int) ap_satisfies (request_rec *r);
-API_EXPORT(const array_header *) ap_requires (request_rec *);    
-
-#ifdef CORE_PRIVATE
-
-/*
- * Core is also unlike other modules in being implemented in more than
- * one file... so, data structures are declared here, even though most of
- * the code that cares really is in http_core.c.  Also, another accessor.
- */
-
-API_EXPORT(char *) ap_response_code_string (request_rec *r, int error_index);
-
-extern API_VAR_EXPORT module core_module;
-
-/* Per-directory configuration */
-
-typedef unsigned char allow_options_t;
-typedef unsigned char overrides_t;
-/*
- * Bits of info that go into making an ETag for a file
- * document.  Why a long?  Because char historically
- * proved too short for Options, and int can be different
- * sizes on different platforms.
- */
-typedef unsigned long etag_components_t;
-
-#define ETAG_UNSET 0
-#define ETAG_NONE  (1 << 0)
-#define ETAG_MTIME (1 << 1)
-#define ETAG_INODE (1 << 2)
-#define ETAG_SIZE  (1 << 3)
-#define ETAG_BACKWARD (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
-#define ETAG_ALL   (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
-
-typedef enum {
-    AP_FLAG_UNSET = 0,
-    AP_FLAG_ON = 1,
-    AP_FLAG_OFF = 2
-} ap_flag_e;
-
-typedef struct {
-    /* path of the directory/regex/etc.  see also d_is_fnmatch below */
-    char *d;
-    /* the number of slashes in d */
-    unsigned d_components;
-
-    /* If (opts & OPT_UNSET) then no absolute assignment to options has
-     * been made.
-     * invariant: (opts_add & opts_remove) == 0
-     * Which said another way means that the last relative (options + or -)
-     * assignment made to each bit is recorded in exactly one of opts_add
-     * or opts_remove.
-     */
-    allow_options_t opts;
-    allow_options_t opts_add;
-    allow_options_t opts_remove;
-    overrides_t override;
-    
-    /* MIME typing --- the core doesn't do anything at all with this,
-     * but it does know what to slap on a request for a document which
-     * goes untyped by other mechanisms before it slips out the door...
-     */
-    
-    char *ap_default_type;
-  
-    /* Authentication stuff.  Groan... */
-    
-    int satisfy;
-    char *ap_auth_type;
-    char *ap_auth_name;
-    array_header *ap_requires;
-
-    /* Custom response config. These can contain text or a URL to redirect to.
-     * if response_code_strings is NULL then there are none in the config,
-     * if it's not null then it's allocated to sizeof(char*)*RESPONSE_CODES.
-     * This lets us do quick merges in merge_core_dir_configs().
-     */
-  
-    char **response_code_strings;
-
-    /* Hostname resolution etc */
-#define HOSTNAME_LOOKUP_OFF	0
-#define HOSTNAME_LOOKUP_ON	1
-#define HOSTNAME_LOOKUP_DOUBLE	2
-#define HOSTNAME_LOOKUP_UNSET	3
-    unsigned int hostname_lookups : 4;
-
-    signed int do_rfc1413 : 2;   /* See if client is advertising a username? */
-
-    signed int content_md5 : 2;  /* calculate Content-MD5? */
-
-#define USE_CANONICAL_NAME_OFF   (0)
-#define USE_CANONICAL_NAME_ON    (1)
-#define USE_CANONICAL_NAME_DNS   (2)
-#define USE_CANONICAL_NAME_UNSET (3)
-    unsigned use_canonical_name : 2;
-
-    /* since is_fnmatch(conf->d) was being called so frequently in
-     * directory_walk() and its relatives, this field was created and
-     * is set to the result of that call.
-     */
-    unsigned d_is_fnmatch : 1;
-
-    /* should we force a charset on any outgoing parameterless content-type?
-     * if so, which charset?
-     */
-#define ADD_DEFAULT_CHARSET_OFF   (0)
-#define ADD_DEFAULT_CHARSET_ON    (1)
-#define ADD_DEFAULT_CHARSET_UNSET (2)
-    unsigned add_default_charset : 2;
-    char *add_default_charset_name;
-
-    /* System Resource Control */
-    struct rlimit *limit_cpu;
-    struct rlimit *limit_mem;
-    struct rlimit *limit_nproc;
-    struct rlimit *limit_nofile;
-    unsigned long limit_req_body;  /* limit on bytes in request msg body */
-
-    /* logging options */
-    enum { srv_sig_unset, srv_sig_off, srv_sig_on,
-	    srv_sig_withmail } server_signature;
-    int loglevel;
-    
-    /* Access control */
-    array_header *sec;
-    regex_t *r;
-
-    
-
-    /*
-     * What attributes/data should be included in ETag generation?
-     */
-    etag_components_t etag_bits;
-    etag_components_t etag_add;
-    etag_components_t etag_remove;
-
-    /*
-     * Do we allow ISINDEX CGI scripts to pass their query argument as
-     * direct command line parameters or argv elements?
-     */
-    ap_flag_e cgi_command_args;
-
-    /* Digest auth. */
-    char *ap_auth_nonce;
-
-} core_dir_config;
-
-/* Per-server core configuration */
-
-typedef struct {
-  
-#ifdef GPROF
-    char *gprof_dir;
-#endif
-
-    /* Name translations --- we want the core to be able to do *something*
-     * so it's at least a minimally functional web server on its own (and
-     * can be tested that way).  But let's keep it to the bare minimum:
-     */
-    char *ap_document_root;
-  
-    /* Access control */
-
-    char *access_name;
-    array_header *sec;
-    array_header *sec_url;
-
-    /* recursion backstopper */
-    int recursion_limit_set; /* boolean */
-    int redirect_limit;      /* maximum number of internal redirects */
-    int subreq_limit;        /* maximum nesting level of subrequests */
-} core_server_config;
-
-/* for http_config.c */
-CORE_EXPORT(void) ap_core_reorder_directories(pool *, server_rec *);
-
-/* for mod_perl */
-CORE_EXPORT(void) ap_add_per_dir_conf (server_rec *s, void *dir_config);
-CORE_EXPORT(void) ap_add_per_url_conf (server_rec *s, void *url_config);
-CORE_EXPORT(void) ap_add_file_conf(core_dir_config *conf, void *url_config);
-CORE_EXPORT_NONSTD(const char *) ap_limit_section (cmd_parms *cmd, void *dummy, const char *arg);
-
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_CORE_H */
diff --git a/usr.sbin/httpd/src/include/http_log.h b/usr.sbin/httpd/src/include/http_log.h
deleted file mode 100644
index f6fb9065700..00000000000
--- a/usr.sbin/httpd/src/include/http_log.h
+++ /dev/null
@@ -1,135 +0,0 @@
-/* $OpenBSD: http_log.h,v 1.11 2005/06/15 00:00:16 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_LOG_H
-#define APACHE_HTTP_LOG_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <syslog.h>
-
-#define APLOG_EMERG     LOG_EMERG     /* system is unusable */
-#define APLOG_ALERT     LOG_ALERT     /* action must be taken immediately */
-#define APLOG_CRIT      LOG_CRIT      /* critical conditions */
-#define APLOG_ERR       LOG_ERR       /* error conditions */
-#define APLOG_WARNING   LOG_WARNING   /* warning conditions */
-#define APLOG_NOTICE    LOG_NOTICE    /* normal but significant condition */
-#define APLOG_INFO      LOG_INFO      /* informational */
-#define APLOG_DEBUG     LOG_DEBUG     /* debug-level messages */
-
-#define APLOG_LEVELMASK LOG_PRIMASK   /* mask off the level value */
-
-#define APLOG_NOERRNO		(APLOG_LEVELMASK + 1)
-
-#ifndef DEFAULT_LOGLEVEL
-#define DEFAULT_LOGLEVEL	APLOG_WARNING
-#endif
-
-#define APLOG_MARK	__FILE__,0
-
-API_EXPORT(void) ap_open_logs (server_rec *, pool *p);
-
-/* The two primary logging functions, ap_log_error and ap_log_rerror,
- * use a printf style format string to build the log message.  It is
- * VERY IMPORTANT that you not include any raw data from the network,
- * such as the request-URI or request header fields, within the format
- * string.  Doing so makes the server vulnerable to a denial-of-service
- * attack and other messy behavior.  Instead, use a simple format string
- * like "%s", followed by the string containing the untrusted data.
- */
-API_EXPORT_NONSTD(void) ap_log_error(const char *file, int line, int level,
-    const server_rec *s, const char *fmt, ...)
-   __attribute__((format(printf,5,6)));
-API_EXPORT_NONSTD(void) ap_log_rerror(const char *file, int line, int level,
-    const request_rec *s, const char *fmt, ...)
-    __attribute__((format(printf,5,6)));
-API_EXPORT(void) ap_error_log2stderr (server_rec *);
-
-API_EXPORT(void) ap_log_pid (pool *p, char *fname);
-/* These are for legacy code, new code should use ap_log_error,
- * or ap_log_rerror.
- */
-API_EXPORT(void) ap_log_error_old(const char *err, server_rec *s);
-API_EXPORT(void) ap_log_unixerr(const char *routine, const char *file,
-    const char *msg, server_rec *s);
-API_EXPORT_NONSTD(void) ap_log_printf(const server_rec *s, const char *fmt, ...)
-    __attribute__((format(printf,2,3)));
-API_EXPORT(void) ap_log_reason(const char *reason, const char *fname,
-    request_rec *r);
-
-typedef struct piped_log {
-	pool *p;
-	char *program;
-	int pid;
-	int fds[2];
-} piped_log;
-
-API_EXPORT(piped_log *) ap_open_piped_log (pool *p, const char *program);
-API_EXPORT(void) ap_close_piped_log (piped_log *);
-#define ap_piped_log_read_fd(pl)	((pl)->fds[0])
-#define ap_piped_log_write_fd(pl)	((pl)->fds[1])
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_LOG_H */
diff --git a/usr.sbin/httpd/src/include/http_main.h b/usr.sbin/httpd/src/include/http_main.h
deleted file mode 100644
index 6f3c02aa550..00000000000
--- a/usr.sbin/httpd/src/include/http_main.h
+++ /dev/null
@@ -1,183 +0,0 @@
-/* $OpenBSD: http_main.h,v 1.13 2006/03/22 13:19:19 ray Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_MAIN_H
-#define APACHE_HTTP_MAIN_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Routines in http_main.c which other code --- in particular modules ---
- * may want to call.  Right now, that's limited to timeout handling.
- * There are two functions which modules can call to trigger a timeout
- * (with the per-virtual-server timeout duration); these are hard_timeout
- * and soft_timeout.
- *
- * The difference between the two is what happens when the timeout
- * expires (or earlier than that, if the client connection aborts) ---
- * a soft_timeout just puts the connection to the client in an
- * "aborted" state, which will cause http_protocol.c to stop trying to
- * talk to the client, but otherwise allows the code to continue normally.
- * hard_timeout(), by contrast, logs the request, and then aborts it
- * completely --- longjmp()ing out to the accept() loop in http_main.
- * Any resources tied into the request's resource pool will be cleaned up;
- * everything that isn't will leak.
- *
- * soft_timeout() is recommended as a general rule, because it gives your
- * code a chance to clean up.  However, hard_timeout() may be the most
- * convenient way of dealing with timeouts waiting for some external
- * resource other than the client, if you can live with the restrictions.
- *
- * (When a hard timeout is in scope, critical sections can be guarded
- * with block_alarms() and unblock_alarms() --- these are declared in
- * alloc.c because they are most often used in conjunction with
- * routines to allocate something or other, to make sure that the
- * cleanup does get registered before any alarm is allowed to happen
- * which might require it to be cleaned up; they * are, however,
- * implemented in http_main.c).
- *
- * NOTE!  It's not "fair" for a hard_timeout to be in scope through calls
- * across modules.  Your module code really has no idea what other modules may
- * be present in the server, and they may not take too kindly to having a
- * longjmp() happen -- it could result in corrupted state.  Heck they may not
- * even take to kindly to a soft_timeout()... because it can cause EINTR to
- * happen on pretty much any syscall, and unless all the libraries and modules
- * in use are known to deal well with EINTR it could cause corruption as well.
- * But things are likely to do much better with a soft_timeout in scope than a
- * hard_timeout.
- * 
- * A module MAY NOT use a hard_timeout() across * sub_req_lookup_xxx()
- * functions, or across run_sub_request() functions.  A module SHOULD NOT use a
- * soft_timeout() in either of these cases, but sometimes there's just no
- * choice.
- *
- * kill_timeout() will disarm either variety of timeout.
- *
- * reset_timeout() resets the timeout in progress.
- */
-
-API_EXPORT(void) ap_start_shutdown(void);
-API_EXPORT(void) ap_start_restart(int);
-API_EXPORT(void) ap_hard_timeout(char *, request_rec *);
-API_EXPORT(void) ap_keepalive_timeout(char *, request_rec *);
-API_EXPORT(void) ap_soft_timeout(char *, request_rec *);
-API_EXPORT(void) ap_kill_timeout(request_rec *);
-API_EXPORT(void) ap_reset_timeout(request_rec *);
-
-API_EXPORT(void) ap_child_terminate(request_rec *r);
-API_EXPORT(int) ap_update_child_status(int child_num, int status,
-    request_rec *r);
-void ap_time_process_request(int child_num, int status);
-API_EXPORT(unsigned int) ap_set_callback_and_alarm(void (*fn) (int), int x);
-API_EXPORT(int) ap_check_alarm(void);
-API_EXPORT(void) ap_server_strip_chroot(char *, int);
-API_EXPORT(int) ap_server_is_chrooted(void);
-API_EXPORT(int) ap_server_chroot_desired(void);
-
-void setup_signal_names(char *prefix);
-
-/* functions for determination and setting of accept() mutexing */
-char *ap_default_mutex_method(void);
-char *ap_init_mutex_method(char *t);
-
-/*
- * register an other_child -- a child which the main loop keeps track of
- * and knows it is different than the rest of the scoreboard.
- *
- * pid is the pid of the child.
- *
- * maintenance is a function that is invoked with a reason, the data
- * pointer passed here, and when appropriate a status result from waitpid().
- *
- * write_fd is an fd that is probed for writing by select() if it is ever
- * unwritable, then maintenance is invoked with reason OC_REASON_UNWRITABLE.
- * This is useful for log pipe children, to know when they've blocked.  To
- * disable this feature, use -1 for write_fd.
- */
-API_EXPORT(void) ap_register_other_child(int pid,
-    void (*maintenance) (int reason, void *data, ap_wait_t status),
-    void *data, int write_fd);
-#define OC_REASON_DEATH		0	/* child has died, caller must call
-					 * unregister still */
-#define OC_REASON_UNWRITABLE	1	/* write_fd is unwritable */
-#define OC_REASON_RESTART	2	/* a restart is occuring, perform
-					 * any necessary cleanup (including
-					 * sending a special signal to child)
-					 */
-#define OC_REASON_UNREGISTER	3	/* unregister has been called, do
-					 * whatever is necessary (including
-					 * kill the child) */
-#define OC_REASON_LOST		4	/* somehow the child exited without
-					 * us knowing ... buggy os? */
-
-/*
- * unregister an other_child.  Note that the data pointer is used here, and
- * is assumed to be unique per other_child.  This is because the pid and
- * write_fd are possibly killed off separately.
- */
-API_EXPORT(void) ap_unregister_other_child(void *data);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_MAIN_H */
diff --git a/usr.sbin/httpd/src/include/http_protocol.h b/usr.sbin/httpd/src/include/http_protocol.h
deleted file mode 100644
index d96be72703b..00000000000
--- a/usr.sbin/httpd/src/include/http_protocol.h
+++ /dev/null
@@ -1,233 +0,0 @@
-/* $OpenBSD: http_protocol.h,v 1.13 2010/02/23 08:15:27 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_PROTOCOL_H
-#define APACHE_HTTP_PROTOCOL_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Prototypes for routines which either talk directly back to the user,
- * or control the ones that eventually do.
- */
-
-/* Read a request and fill in the fields. */
-
-API_EXPORT(request_rec *) ap_read_request(conn_rec *c);
-
-/* Send a single HTTP header field */
-
-API_EXPORT_NONSTD(int) ap_send_header_field(request_rec *r,
-    const char *fieldname, const char *fieldval);
-
-/* Send the minimal part of an HTTP response header... but modules should be
- * very careful about using this, and should prefer ap_send_http_header().
- * Much of the HTTP/1.1 implementation correctness depends on code in
- * ap_send_http_header().
- */
-API_EXPORT(void) ap_basic_http_header(request_rec *r);
-
-/* Send the Status-Line and header fields for HTTP response */
-
-API_EXPORT(void) ap_send_http_header(request_rec *l);
-
-/* Send the response to special method requests */
-
-API_EXPORT(int) ap_send_http_trace(request_rec *r);
-API_EXPORT(int) ap_send_http_options(request_rec *r);
-
-/* Finish up stuff after a request */
-
-API_EXPORT(void) ap_finalize_request_protocol(request_rec *r);
-
-/* Send error back to client... last arg indicates error status in case
- * we get an error in the process of trying to deal with an ErrorDocument
- * to handle some other error.  In that case, we print the default report
- * for the first thing that went wrong, and more briefly report on the
- * problem with the ErrorDocument.
- */
-
-API_EXPORT(void) ap_send_error_response(request_rec *r, int recursive_error);
-
-/* Set last modified header line from the lastmod date of the associated file.
- * Also, set content length.
- *
- * May return an error status, typically USE_LOCAL_COPY (that when the
- * permit_cache argument is set to one).
- */
-
-API_EXPORT(int) ap_set_content_length(request_rec *r, off_t length);
-API_EXPORT(int) ap_set_keepalive(request_rec *r);
-API_EXPORT(time_t) ap_rationalize_mtime(request_rec *r, time_t mtime);
-API_EXPORT(char *) ap_make_etag(request_rec *r, int force_weak);
-API_EXPORT(void) ap_set_etag(request_rec *r);
-API_EXPORT(void) ap_set_last_modified(request_rec *r);
-API_EXPORT(int) ap_meets_conditions(request_rec *r);
-
-/* Other ways to send stuff at the client.  All of these keep track
- * of bytes_sent automatically.  This indirection is intended to make
- * it a little more painless to slide things like HTTP-NG packetization
- * underneath the main body of the code later.  In the meantime, it lets
- * us centralize a bit of accounting (bytes_sent).
- *
- * These also return the number of bytes written by the call.
- * They should only be called with a timeout registered, for obvious reaasons.
- * (Ditto the send_header stuff).
- */
-
-API_EXPORT(long) ap_send_fd(FILE *f, request_rec *r);
-API_EXPORT(long) ap_send_fd_length(FILE *f, request_rec *r, long length);
-
-API_EXPORT(long) ap_send_fb(BUFF *f, request_rec *r);
-API_EXPORT(long) ap_send_fb_length(BUFF *f, request_rec *r, long length);
-
-API_EXPORT(off_t) ap_send_mmap(void *mm, request_rec *r, off_t offset,
-                             off_t length);
-
-/* Hmmm... could macrofy these for now, and maybe forever, though the
- * definitions of the macros would get a whole lot hairier.
- */
-
-API_EXPORT(int) ap_rputc(int c, request_rec *r);
-API_EXPORT(int) ap_rputs(const char *str, request_rec *r);
-API_EXPORT(int) ap_rwrite(const void *buf, int nbyte, request_rec *r);
-API_EXPORT_NONSTD(int) ap_rvputs(request_rec *r,...);
-API_EXPORT(int) ap_vrprintf(request_rec *r, const char *fmt, va_list vlist);
-API_EXPORT_NONSTD(int) ap_rprintf(request_rec *r, const char *fmt,...)
-    __attribute__((format(printf,2,3)));
-API_EXPORT(int) ap_rflush(request_rec *r);
-
-/*
- * Index used in custom_responses array for a specific error code
- * (only use outside protocol.c is in getting them configured).
- */
-
-API_EXPORT(int) ap_index_of_response(int status);
-
-/* Reading a block of data from the client connection (e.g., POST arg) */
-
-API_EXPORT(int) ap_setup_client_block(request_rec *r, int read_policy);
-API_EXPORT(int) ap_should_client_block(request_rec *r);
-API_EXPORT(long) ap_get_client_block(request_rec *r, char *buffer, int bufsiz);
-API_EXPORT(int) ap_discard_request_body(request_rec *r);
-
-/* Sending a byterange */
-
-API_EXPORT(int) ap_set_byterange(request_rec *r);
-API_EXPORT(int) ap_each_byterange(request_rec *r, off_t *offset, off_t *length);
-
-/* Support for the Basic authentication protocol.  Note that there's
- * nothing that prevents these from being in mod_auth.c, except that other
- * modules which wanted to provide their own variants on finding users and
- * passwords for Basic auth (a fairly common request) would then require
- * mod_auth to be loaded or they wouldn't work.
- *
- * get_basic_auth_pw returns 0 (OK) if it set the 'pw' argument (and assured
- * a correct value in r->connection->user); otherwise it returns an error
- * code, either SERVER_ERROR if things are really confused, AUTH_REQUIRED
- * if no authentication at all seemed to be in use, or DECLINED if there
- * was authentication but it wasn't Basic (in which case, the caller should
- * presumably decline as well).
- *
- * note_basic_auth_failure arranges for the right stuff to be scribbled on
- * the HTTP return so that the client knows how to authenticate itself the
- * next time. As does note_digest_auth_failure for Digest auth.
- *
- * note_auth_failure does the same thing, but will call the correct one
- * based on the authentication type in use.
- *
- */
-
-API_EXPORT(void) ap_note_auth_failure(request_rec *r);
-API_EXPORT(void) ap_note_basic_auth_failure(request_rec *r);
-API_EXPORT(void) ap_note_digest_auth_failure(request_rec *r);
-API_EXPORT(int) ap_get_basic_auth_pw(request_rec *r, const char **pw);
-
-/*
- * Setting up the protocol fields for subsidiary requests...
- * Also, a wrapup function to keep the internal accounting straight.
- */
-
-API_EXPORT(void) ap_set_sub_req_protocol(request_rec *rnew,
-    const request_rec *r);
-API_EXPORT(void) ap_finalize_sub_req_protocol(request_rec *sub_r);
-
-/* This is also useful for putting sub_reqs and internal_redirects together */
-
-CORE_EXPORT(void) ap_parse_uri(request_rec *r, const char *uri);
-
-/* Get the method number associated with the given string, assumed to
- * contain an HTTP method.  Returns M_INVALID if not recognized.
- */
-API_EXPORT(int) ap_method_number_of(const char *method);
-
-API_EXPORT(int) ap_getline(char *s, int n, BUFF *in, int fold);
-
-API_EXPORT(long) ap_get_chunk_size(char *b);
-
-API_EXPORT(void) ap_init_etag(pool *pconf);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_PROTOCOL_H */
diff --git a/usr.sbin/httpd/src/include/http_request.h b/usr.sbin/httpd/src/include/http_request.h
deleted file mode 100644
index a2463b5290c..00000000000
--- a/usr.sbin/httpd/src/include/http_request.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/* $OpenBSD: http_request.h,v 1.8 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_REQUEST_H
-#define APACHE_HTTP_REQUEST_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* http_request.c is the code which handles the main line of request
- * processing, once a request has been read in (finding the right per-
- * directory configuration, building it if necessary, and calling all
- * the module dispatch functions in the right order).
- *
- * The pieces here which are public to the modules, allow them to learn
- * how the server would handle some other file or URI, or perhaps even
- * direct the server to serve that other file instead of the one the
- * client requested directly.
- *
- * There are two ways to do that.  The first is the sub_request mechanism,
- * which handles looking up files and URIs as adjuncts to some other
- * request (e.g., directory entries for multiviews and directory listings);
- * the lookup functions stop short of actually running the request, but
- * (e.g., for includes), a module may call for the request to be run
- * by calling run_sub_req.  The space allocated to create sub_reqs can be
- * reclaimed by calling destroy_sub_req --- be sure to copy anything you care
- * about which was allocated in its pool elsewhere before doing this.
- */
-
-API_EXPORT(request_rec *) ap_sub_req_lookup_uri(const char *new_file,
-    const request_rec *r);
-API_EXPORT(request_rec *) ap_sub_req_lookup_file(const char *new_file,
-    const request_rec *r);
-API_EXPORT(request_rec *) ap_sub_req_method_uri(const char *method,
-    const char *new_file, const request_rec *r);
-API_EXPORT(int) ap_run_sub_req(request_rec *r);
-API_EXPORT(void) ap_destroy_sub_req(request_rec *r);
-
-/*
- * Then there's the case that you want some other request to be served
- * as the top-level request INSTEAD of what the client requested directly.
- * If so, call this from a handler, and then immediately return OK.
- */
-
-API_EXPORT(void) ap_internal_redirect(const char *new_uri, request_rec *);
-API_EXPORT(void) ap_internal_redirect_handler(const char *new_uri,
-    request_rec *);
-API_EXPORT(int) ap_some_auth_required(request_rec *r);
-API_EXPORT(int) ap_is_initial_req(request_rec *r);
-API_EXPORT(time_t) ap_update_mtime(request_rec *r, time_t dependency_mtime);
-
-#ifdef CORE_PRIVATE
-/* Function called by main.c to handle first-level request */
-API_EXPORT(void) ap_process_request(request_rec *);
-API_EXPORT(void) ap_die(int type, request_rec *r);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_REQUEST_H */
diff --git a/usr.sbin/httpd/src/include/http_vhost.h b/usr.sbin/httpd/src/include/http_vhost.h
deleted file mode 100644
index 1ff99faee40..00000000000
--- a/usr.sbin/httpd/src/include/http_vhost.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/* $OpenBSD: http_vhost.h,v 1.8 2008/05/09 08:06:28 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTP_VHOST_H
-#define APACHE_HTTP_VHOST_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* called before any config is read */
-API_EXPORT(void) ap_init_vhost_config(pool *p);
-
-/* called after the config has been read */
-API_EXPORT(void) ap_fini_vhost_config(pool *p, server_rec *main_server);
-
-/* handle addresses in <VirtualHost> statement */
-API_EXPORT(const char *) ap_parse_vhost_addrs(pool *p, const char *hostname,
-    server_rec *s);
-
-/* handle NameVirtualHost directive */
-API_EXPORT_NONSTD(const char *) ap_set_name_virtual_host (cmd_parms *cmd,
-    void *dummy, char *h, char *p);
-
-/* given an ip address only, give our best guess as to what vhost it is */
-API_EXPORT(void) ap_update_vhost_given_ip(conn_rec *conn);
-
-/* The above is never enough, and this is always called after the headers
- * have been read.  It may change r->server.
- */
-API_EXPORT(void) ap_update_vhost_from_headers(request_rec *r);
-
-/* return 1 if the host:port matches any of the aliases of r->server
- * return 0 otherwise
- */
-API_EXPORT(int) ap_matches_request_vhost(request_rec *r, const char *host,
-    unsigned port);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTP_VHOST_H */
diff --git a/usr.sbin/httpd/src/include/httpd.h b/usr.sbin/httpd/src/include/httpd.h
deleted file mode 100644
index 3d682b339e5..00000000000
--- a/usr.sbin/httpd/src/include/httpd.h
+++ /dev/null
@@ -1,1178 +0,0 @@
-/* $OpenBSD: httpd.h,v 1.30 2010/02/25 07:49:53 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_HTTPD_H
-#define APACHE_HTTPD_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Define APACHE6 so that additional modules depending on Apache can
- * tell if this a pacthed apache-1.3.*. With this definition apache6
- * is working together with e.g. the ap-perl module in NetBSD.
- */
-#define APACHE6 1
-
-/*
- * httpd.h: header for simple (ha! not anymore) http daemon
- */
-
-/* Headers in which EVERYONE has an interest... */
-
-#include "ap_config.h"
-#include "ap_mm.h"
-#include "ap_alloc.h"
-/*
- * Include the Extended API headers.
- * Don't move the position. It has to be after ap_alloc.h because it uses the
- * pool stuff but before buff.h because the buffer stuff uses the EAPI, too.
- */
-#include "ap_hook.h"
-#include "ap_ctx.h"
-#include "buff.h"
-#include "ap.h"
-
-/* ----------------------------- config dir ------------------------------ */
-
-/* Define this to be the default server home dir. Most things later in this
- * file with a relative pathname will have this added.
- */
-#ifndef HTTPD_ROOT
-#define HTTPD_ROOT "/usr/local/apache"
-#endif /* HTTPD_ROOT */
-
-/* Default location of documents.  Can be overridden by the DocumentRoot
- * directive.
- */
-#ifndef DOCUMENT_LOCATION
-#define DOCUMENT_LOCATION  HTTPD_ROOT "/htdocs"
-#endif /* DOCUMENT_LOCATION */
-
-/* Max. number of dynamically loaded modules */
-#ifndef DYNAMIC_MODULE_LIMIT
-#define DYNAMIC_MODULE_LIMIT 64
-#endif
-
-/* Default administrator's address */
-#define DEFAULT_ADMIN "[no address given]"
-
-/* The target name of the installed Apache */
-#ifndef TARGET
-#define TARGET "httpd"
-#endif
-
-/*
- * --------- You shouldn't have to edit anything below this line ----------
- *
- * Any modifications to any defaults not defined above should be done in the 
- * respective config. file.
- *
- */
-
-
-/* -- Internal representation for a HTTP protocol number, e.g., HTTP/1.1 -- */
-
-#define HTTP_VERSION(major,minor) (1000*(major)+(minor))
-#define HTTP_VERSION_MAJOR(number) ((number)/1000)
-#define HTTP_VERSION_MINOR(number) ((number)%1000)
-
-
-/* -------------- Port number for server running standalone --------------- */
-
-#define DEFAULT_HTTP_PORT	80
-#define DEFAULT_HTTPS_PORT	443
-#define ap_is_default_port(port,r)	((port) == ap_default_port(r))
-#define ap_http_method(r)   (((r)->ctx != NULL && ap_ctx_get((r)->ctx, \
-    "ap::http::method") != NULL) ? ((char *)ap_ctx_get((r)->ctx,       \
-    "ap::http::method")) : "http")
-#define ap_default_port(r)  (((r)->ctx != NULL && ap_ctx_get((r)->ctx, \
-    "ap::default::port") != NULL) ? atoi((char *)ap_ctx_get((r)->ctx,  \
-    "ap::default::port")) : DEFAULT_HTTP_PORT)
-
-/* --------- Default user name and group name running standalone ---------- */
-/* --- These may be specified as numbers by placing a # before a number --- */
-
-#ifndef DEFAULT_USER
-#define DEFAULT_USER "#-1"
-#endif
-#ifndef DEFAULT_GROUP
-#define DEFAULT_GROUP "#-1"
-#endif
-
-#ifndef DEFAULT_ERRORLOG
-#define DEFAULT_ERRORLOG "logs/error_log"
-#endif /* DEFAULT_ERRORLOG */
-
-#ifndef DEFAULT_PIDLOG
-#define DEFAULT_PIDLOG "logs/httpd.pid"
-#endif
-#ifndef DEFAULT_SCOREBOARD
-#define DEFAULT_SCOREBOARD "logs/apache_runtime_status"
-#endif
-#ifndef DEFAULT_LOCKFILE
-#define DEFAULT_LOCKFILE "logs/accept.lock"
-#endif
-
-/* Define this to be what your HTML directory content files are called */
-#ifndef DEFAULT_INDEX
-#define DEFAULT_INDEX "index.html"
-#endif
-
-/* Define this to 1 if you want fancy indexing, 0 otherwise */
-#ifndef DEFAULT_INDEXING
-#define DEFAULT_INDEXING 0
-#endif
-
-/* Define this to be what type you'd like returned for files with unknown */
-/* suffixes.  MUST be all lower case. */
-#ifndef DEFAULT_CONTENT_TYPE
-#define DEFAULT_CONTENT_TYPE "text/plain"
-#endif
-
-/* Define this to be what your per-directory security files are called */
-#ifndef DEFAULT_ACCESS_FNAME
-#define DEFAULT_ACCESS_FNAME ".htaccess"
-#endif /* DEFAULT_ACCESS_FNAME */
-
-/* The name of the server config file */
-#ifndef SERVER_CONFIG_FILE
-#define SERVER_CONFIG_FILE "conf/httpd.conf"
-#endif
-
-/* The name of the document config file */
-#ifndef RESOURCE_CONFIG_FILE
-#define RESOURCE_CONFIG_FILE "conf/srm.conf"
-#endif
-
-/* The name of the MIME types file */
-#ifndef TYPES_CONFIG_FILE
-#define TYPES_CONFIG_FILE "conf/mime.types"
-#endif
-
-/* The name of the access file */
-#ifndef ACCESS_CONFIG_FILE
-#define ACCESS_CONFIG_FILE "conf/access.conf"
-#endif
-
-/* Whether we should enable rfc1413 identity checking */
-#ifndef DEFAULT_RFC1413
-#define DEFAULT_RFC1413 0
-#endif
-/* The default directory in user's home dir */
-#ifndef DEFAULT_USER_DIR
-#define DEFAULT_USER_DIR "public_html"
-#endif
-
-/* The default path for CGI scripts if none is currently set */
-#ifndef DEFAULT_PATH
-#define DEFAULT_PATH "/bin:/usr/bin:/usr/ucb:/usr/bsd:/usr/local/bin"
-#endif
-
-/* The path to the shell interpreter, for parsed docs */
-#ifndef SHELL_PATH
-#define SHELL_PATH "/bin/sh"
-#endif /* SHELL_PATH */
-
-/* The path to the suExec wrapper, can be overridden in Configuration */
-#ifndef SUEXEC_BIN
-#define SUEXEC_BIN  HTTPD_ROOT "/bin/suexec"
-#endif
-
-/* The default string lengths */
-#define MAX_STRING_LEN HUGE_STRING_LEN
-#define HUGE_STRING_LEN 8192
-
-/* The timeout for waiting for messages */
-#ifndef DEFAULT_TIMEOUT
-#define DEFAULT_TIMEOUT 300
-#endif
-
-/* The timeout for waiting for keepalive timeout until next request */
-#ifndef DEFAULT_KEEPALIVE_TIMEOUT
-#define DEFAULT_KEEPALIVE_TIMEOUT 15
-#endif
-
-/* The number of requests to entertain per connection */
-#ifndef DEFAULT_KEEPALIVE
-#define DEFAULT_KEEPALIVE 100
-#endif
-
-/* The size of the server's internal read-write buffers */
-#define IOBUFSIZE 8192
-
-/* The max number of regex captures that can be expanded by ap_pregsub */
-#define AP_MAX_REG_MATCH 10
-
-/* Number of servers to spawn off by default --- also, if fewer than
- * this free when the caretaker checks, it will spawn more.
- */
-#ifndef DEFAULT_START_DAEMON
-#define DEFAULT_START_DAEMON 5
-#endif
-
-/* Maximum number of *free* server processes --- more than this, and
- * they will die off.
- */
-
-#ifndef DEFAULT_MAX_FREE_DAEMON
-#define DEFAULT_MAX_FREE_DAEMON 10
-#endif
-
-/* Minimum --- fewer than this, and more will be created */
-
-#ifndef DEFAULT_MIN_FREE_DAEMON
-#define DEFAULT_MIN_FREE_DAEMON 5
-#endif
-
-/* Limit on the total --- clients will be locked out if more servers than
- * this are needed.  It is intended solely to keep the server from crashing
- * when things get out of hand.
- *
- * We keep a hard maximum number of servers, for two reasons --- first off,
- * in case something goes seriously wrong, we want to stop the fork bomb
- * short of actually crashing the machine we're running on by filling some
- * kernel table.  Secondly, it keeps the size of the scoreboard file small
- * enough that we can read the whole thing without worrying too much about
- * the overhead.
- */
-#ifndef HARD_SERVER_LIMIT
-#define HARD_SERVER_LIMIT 256
-#endif
-
-/*
- * Special Apache error codes. These are basically used
- *  in http_main.c so we can keep track of various errors.
- *
- *   APEXIT_OK:
- *     A normal exit
- *   APEXIT_INIT:
- *     A fatal error arising during the server's init sequence
- *   APEXIT_CHILDINIT:
- *     The child died during it's init sequence
- *   APEXIT_CHILDFATAL:
- *     A fatal error, resulting in the whole server aborting.
- *     If a child exits with this error, the parent process
- *     considers this a server-wide fatal error and aborts.
- *
- */
-#define APEXIT_OK		0x0
-#define APEXIT_INIT		0x2
-#define APEXIT_CHILDINIT	0x3
-#define APEXIT_CHILDFATAL	0xf
-
-/*
- * (Unix, OS/2 only)
- * Interval, in microseconds, between scoreboard maintenance.  During
- * each scoreboard maintenance cycle the parent decides if it needs to
- * spawn a new child (to meet MinSpareServers requirements), or kill off
- * a child (to meet MaxSpareServers requirements).  It will only spawn or
- * kill one child per cycle.  Setting this too low will chew cpu.  The
- * default is probably sufficient for everyone.  But some people may want
- * to raise this on servers which aren't dedicated to httpd and where they
- * don't like the httpd waking up each second to see what's going on.
- */
-#ifndef SCOREBOARD_MAINTENANCE_INTERVAL
-#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000
-#endif
-
-/*
- * Unix only:
- * Path to Shared Memory Files
- */
-#ifndef EAPI_MM_CORE_PATH
-#define EAPI_MM_CORE_PATH "logs/mm"
-#endif
-#ifndef EAPI_MM_CORE_MAXSIZE
-#define EAPI_MM_CORE_MAXSIZE 1024*1024*1 /* max. 1MB */
-#endif
-
-/* Number of requests to try to handle in a single process.  If <= 0,
- * the children don't die off.  That's the default here, since I'm still
- * interested in finding and stanching leaks.
- */
-
-#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD
-#define DEFAULT_MAX_REQUESTS_PER_CHILD 0
-#endif
-
-#ifndef DEFAULT_THREADS_PER_CHILD
-#define DEFAULT_THREADS_PER_CHILD 50
-#endif
-#ifndef DEFAULT_EXCESS_REQUESTS_PER_CHILD
-#define DEFAULT_EXCESS_REQUESTS_PER_CHILD 0
-#endif
-
-/* Constrain the rlimits of the child processes */
-#ifndef DEFAULT_MAX_CPU_PER_CHILD
-#define DEFAULT_MAX_CPU_PER_CHILD 0
-#endif
-#ifndef DEFAULT_MAX_DATA_PER_CHILD
-#define DEFAULT_MAX_DATA_PER_CHILD 0
-#endif
-#ifndef DEFAULT_MAX_NOFILE_PER_CHILD
-#define DEFAULT_MAX_NOFILE_PER_CHILD 0
-#endif
-#ifndef DEFAULT_MAX_RSS_PER_CHILD
-#define DEFAULT_MAX_RSS_PER_CHILD 0
-#endif
-#ifndef DEFAULT_MAX_STACK_PER_CHILD
-#define DEFAULT_MAX_STACK_PER_CHILD 0
-#endif
-
-/* The maximum length of the queue of pending connections, as defined
- * by listen(2).  Under some systems, it should be increased if you
- * are experiencing a heavy TCP SYN flood attack.
- *
- * It defaults to 511 instead of 512 because some systems store it
- * as an 8-bit datatype; 512 truncated to 8-bits is 0, while 511 is
- * 255 when truncated.
- */
-
-#ifndef DEFAULT_LISTENBACKLOG
-#define DEFAULT_LISTENBACKLOG 511
-#endif
-
-/* Limits on the size of various request items.  These limits primarily
- * exist to prevent simple denial-of-service attacks on a server based
- * on misuse of the protocol.  The recommended values will depend on the
- * nature of the server resources -- CGI scripts and database backends
- * might require large values, but most servers could get by with much
- * smaller limits than we use below.  The request message body size can
- * be limited by the per-dir config directive LimitRequestBody.
- *
- * Internal buffer sizes are two bytes more than the DEFAULT_LIMIT_REQUEST_LINE
- * and DEFAULT_LIMIT_REQUEST_FIELDSIZE below, which explains the 8190.
- * These two limits can be lowered (but not raised) by the server config
- * directives LimitRequestLine and LimitRequestFieldsize, respectively.
- *
- * DEFAULT_LIMIT_REQUEST_FIELDS can be modified or disabled (set = 0) by
- * the server config directive LimitRequestFields.
- */
-#ifndef DEFAULT_LIMIT_REQUEST_LINE
-#define DEFAULT_LIMIT_REQUEST_LINE 8190
-#endif /* default limit on bytes in Request-Line (Method+URI+HTTP-version) */
-#ifndef DEFAULT_LIMIT_REQUEST_FIELDSIZE
-#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 8190
-#endif /* default limit on bytes in any one header field  */
-#ifndef DEFAULT_LIMIT_REQUEST_FIELDS
-#define DEFAULT_LIMIT_REQUEST_FIELDS 100
-#endif /* default limit on number of request header fields */
-
-/*
- * The default default character set name to add if AddDefaultCharset is
- * enabled.  Overridden with AddDefaultCharsetName.
- */
-#define DEFAULT_ADD_DEFAULT_CHARSET_NAME "iso-8859-1"
-
-/*
- * The below defines the base string of the Server: header. Additional
- * tokens can be added via the ap_add_version_component() API call.
- *
- * The tokens are listed in order of their significance for identifying the
- * application.
- *
- * "Product tokens should be short and to the point -- use of them for
- * advertizing or other non-essential information is explicitly forbidden."
- *
- * Example: "Apache/1.1.0 MrWidget/0.1-alpha" 
- */
-
-#define SERVER_BASEVENDOR   "Apache Group"
-#define SERVER_BASEPRODUCT  "Apache"
-#define SERVER_BASEREVISION "1.3.29"
-#define SERVER_BASEVERSION  SERVER_BASEPRODUCT "/" SERVER_BASEREVISION
-
-#define SERVER_PRODUCT  SERVER_BASEPRODUCT
-#define SERVER_REVISION SERVER_BASEREVISION
-#define SERVER_VERSION  SERVER_PRODUCT "/" SERVER_REVISION
-enum server_token_type {
-	SrvTk_MIN,	   /* eg: Apache/1.3.0 */
-	SrvTk_OS,	   /* eg: Apache/1.3.0 (UNIX) */
-	SrvTk_FULL,	   /* eg: Apache/1.3.0 (UNIX) PHP/3.0 FooBar/1.2b */
-	SrvTk_PRODUCT_ONLY /* eg: Apache */
-};
-
-API_EXPORT(const char *) ap_get_server_version(void);
-API_EXPORT(void) ap_add_version_component(const char *component);
-API_EXPORT(const char *) ap_get_server_built(void);
-API_EXPORT(void) ap_add_config_define(const char *define);
-
-/* Numeric release version identifier: MMNNFFRBB: major minor fix final beta
- * Always increases along the same track as the source branch.
- * For example, Apache 1.4.2 would be '10402100', 2.5b7 would be '20500007'.
- */
-#define APACHE_RELEASE 10329100
-
-#define SERVER_PROTOCOL "HTTP/1.1"
-#ifndef SERVER_SUPPORT
-#define SERVER_SUPPORT "http://www.apache.org/"
-#endif
-
-#define DECLINED -1		/* Module declines to handle */
-#define DONE -2			/* Module has served the response completely
-				 *  - it's safe to die() with no more output
-				 */
-#define OK 0			/* Module has handled this stage. */
-
-
-/* ----------------------- HTTP Status Codes  ------------------------- */
-
-/* The size of the static array in http_protocol.c for storing
- * all of the potential response status-lines (a sparse table).
- * A future version should dynamically generate the table at startup.
- */
-#define RESPONSE_CODES 55
-
-#define HTTP_CONTINUE                      100
-#define HTTP_SWITCHING_PROTOCOLS           101
-#define HTTP_PROCESSING                    102
-#define HTTP_OK                            200
-#define HTTP_CREATED                       201
-#define HTTP_ACCEPTED                      202
-#define HTTP_NON_AUTHORITATIVE             203
-#define HTTP_NO_CONTENT                    204
-#define HTTP_RESET_CONTENT                 205
-#define HTTP_PARTIAL_CONTENT               206
-#define HTTP_MULTI_STATUS                  207
-#define HTTP_MULTIPLE_CHOICES              300
-#define HTTP_MOVED_PERMANENTLY             301
-#define HTTP_MOVED_TEMPORARILY             302
-#define HTTP_SEE_OTHER                     303
-#define HTTP_NOT_MODIFIED                  304
-#define HTTP_USE_PROXY                     305
-#define HTTP_TEMPORARY_REDIRECT            307
-#define HTTP_BAD_REQUEST                   400
-#define HTTP_UNAUTHORIZED                  401
-#define HTTP_PAYMENT_REQUIRED              402
-#define HTTP_FORBIDDEN                     403
-#define HTTP_NOT_FOUND                     404
-#define HTTP_METHOD_NOT_ALLOWED            405
-#define HTTP_NOT_ACCEPTABLE                406
-#define HTTP_PROXY_AUTHENTICATION_REQUIRED 407
-#define HTTP_REQUEST_TIME_OUT              408
-#define HTTP_CONFLICT                      409
-#define HTTP_GONE                          410
-#define HTTP_LENGTH_REQUIRED               411
-#define HTTP_PRECONDITION_FAILED           412
-#define HTTP_REQUEST_ENTITY_TOO_LARGE      413
-#define HTTP_REQUEST_URI_TOO_LARGE         414
-#define HTTP_UNSUPPORTED_MEDIA_TYPE        415
-#define HTTP_RANGE_NOT_SATISFIABLE         416
-#define HTTP_EXPECTATION_FAILED            417
-#define HTTP_UNPROCESSABLE_ENTITY          422
-#define HTTP_LOCKED                        423
-#define HTTP_FAILED_DEPENDENCY             424
-#define HTTP_INTERNAL_SERVER_ERROR         500
-#define HTTP_NOT_IMPLEMENTED               501
-#define HTTP_BAD_GATEWAY                   502
-#define HTTP_SERVICE_UNAVAILABLE           503
-#define HTTP_GATEWAY_TIME_OUT              504
-#define HTTP_VERSION_NOT_SUPPORTED         505
-#define HTTP_VARIANT_ALSO_VARIES           506
-#define HTTP_INSUFFICIENT_STORAGE          507
-#define HTTP_NOT_EXTENDED                  510
-
-#define DOCUMENT_FOLLOWS    HTTP_OK
-#define PARTIAL_CONTENT     HTTP_PARTIAL_CONTENT
-#define MULTIPLE_CHOICES    HTTP_MULTIPLE_CHOICES
-#define MOVED               HTTP_MOVED_PERMANENTLY
-#define REDIRECT            HTTP_MOVED_TEMPORARILY
-#define USE_LOCAL_COPY      HTTP_NOT_MODIFIED
-#define BAD_REQUEST         HTTP_BAD_REQUEST
-#define AUTH_REQUIRED       HTTP_UNAUTHORIZED
-#define FORBIDDEN           HTTP_FORBIDDEN
-#define NOT_FOUND           HTTP_NOT_FOUND
-#define METHOD_NOT_ALLOWED  HTTP_METHOD_NOT_ALLOWED
-#define NOT_ACCEPTABLE      HTTP_NOT_ACCEPTABLE
-#define LENGTH_REQUIRED     HTTP_LENGTH_REQUIRED
-#define PRECONDITION_FAILED HTTP_PRECONDITION_FAILED
-#define SERVER_ERROR        HTTP_INTERNAL_SERVER_ERROR
-#define NOT_IMPLEMENTED     HTTP_NOT_IMPLEMENTED
-#define BAD_GATEWAY         HTTP_BAD_GATEWAY
-#define VARIANT_ALSO_VARIES HTTP_VARIANT_ALSO_VARIES
-
-#define ap_is_HTTP_INFO(x)         (((x) >= 100)&&((x) < 200))
-#define ap_is_HTTP_SUCCESS(x)      (((x) >= 200)&&((x) < 300))
-#define ap_is_HTTP_REDIRECT(x)     (((x) >= 300)&&((x) < 400))
-#define ap_is_HTTP_ERROR(x)        (((x) >= 400)&&((x) < 600))
-#define ap_is_HTTP_CLIENT_ERROR(x) (((x) >= 400)&&((x) < 500))
-#define ap_is_HTTP_SERVER_ERROR(x) (((x) >= 500)&&((x) < 600))
-
-#define ap_status_drops_connection(x) \
-                                   (((x) == HTTP_BAD_REQUEST)           || \
-                                    ((x) == HTTP_REQUEST_TIME_OUT)      || \
-                                    ((x) == HTTP_LENGTH_REQUIRED)       || \
-                                    ((x) == HTTP_REQUEST_ENTITY_TOO_LARGE) || \
-                                    ((x) == HTTP_REQUEST_URI_TOO_LARGE) || \
-                                    ((x) == HTTP_INTERNAL_SERVER_ERROR) || \
-                                    ((x) == HTTP_SERVICE_UNAVAILABLE) || \
-				    ((x) == HTTP_NOT_IMPLEMENTED))
-
-/* Methods recognized (but not necessarily handled) by the server.
- * These constants are used in bit shifting masks of size int, so it is
- * unsafe to have more methods than bits in an int.  HEAD == M_GET.
- */
-#define M_GET        0
-#define M_PUT        1
-#define M_POST       2
-#define M_DELETE     3
-#define M_CONNECT    4
-#define M_OPTIONS    5
-#define M_TRACE      6
-#define M_PATCH      7
-#define M_PROPFIND   8
-#define M_PROPPATCH  9
-#define M_MKCOL     10
-#define M_COPY      11
-#define M_MOVE      12
-#define M_LOCK      13
-#define M_UNLOCK    14
-#define M_INVALID   15
-
-#define METHODS     16
-
-#define CGI_MAGIC_TYPE "application/x-httpd-cgi"
-#define INCLUDES_MAGIC_TYPE "text/x-server-parsed-html"
-#define INCLUDES_MAGIC_TYPE3 "text/x-server-parsed-html3"
-#define MAP_FILE_MAGIC_TYPE "application/x-type-map"
-#define ASIS_MAGIC_TYPE "httpd/send-as-is"
-#define DIR_MAGIC_TYPE "httpd/unix-directory"
-#define STATUS_MAGIC_TYPE "application/x-httpd-status"
-
-/*
- * Define the HTML doctype strings centrally.
- */
-#define DOCTYPE_HTML_2_0  "<!DOCTYPE HTML PUBLIC \"-//IETF//" \
-                          "DTD HTML 2.0//EN\">\n"
-#define DOCTYPE_HTML_3_2  "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
-                          "DTD HTML 3.2 Final//EN\">\n"
-#define DOCTYPE_HTML_4_0S "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
-                          "DTD HTML 4.0//EN\"\n" \
-                          "\"http://www.w3.org/TR/REC-html40/strict.dtd\">\n"
-#define DOCTYPE_HTML_4_0T "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
-                          "DTD HTML 4.0 Transitional//EN\"\n" \
-                          "\"http://www.w3.org/TR/REC-html40/loose.dtd\">\n"
-#define DOCTYPE_HTML_4_0F "<!DOCTYPE HTML PUBLIC \"-//W3C//" \
-                          "DTD HTML 4.0 Frameset//EN\"\n" \
-                          "\"http://www.w3.org/TR/REC-html40/frameset.dtd\">\n"
-
-/* Just in case your linefeed isn't the one the other end is expecting. */
-#define LF 10
-#define CR 13
-#define CRLF "\015\012"
-#define OS_ASC(c) (c)
-
-/* Possible values for request_rec.read_body (set by handling module):
- *    REQUEST_NO_BODY          Send 413 error if message has any body
- *    REQUEST_CHUNKED_ERROR    Send 411 error if body without Content-Length
- *    REQUEST_CHUNKED_DECHUNK  If chunked, remove the chunks for me.
- *    REQUEST_CHUNKED_PASS     Pass the chunks to me without removal.
- */
-#define REQUEST_NO_BODY          0
-#define REQUEST_CHUNKED_ERROR    1
-#define REQUEST_CHUNKED_DECHUNK  2
-#define REQUEST_CHUNKED_PASS     3
-
-/* Things which may vary per file-lookup WITHIN a request ---
- * e.g., state of MIME config.  Basically, the name of an object, info
- * about the object, and any other info we may ahve which may need to
- * change as we go poking around looking for it (e.g., overridden by
- * .htaccess files).
- *
- * Note how the default state of almost all these things is properly
- * zero, so that allocating it with pcalloc does the right thing without
- * a whole lot of hairy initialization... so long as we are willing to
- * make the (fairly) portable assumption that the bit pattern of a NULL
- * pointer is, in fact, zero.
- */
-
-/* This represents the result of calling htaccess; these are cached for
- * each request.
- */
-struct htaccess_result {
-	char *dir;	/* the directory to which this applies */
-	int override;	/* the overrides allowed for the .htaccess file */
-	void *htaccess;	/* the configuration directives */
-	/* the next one, or NULL if no more; N.B. never change this */
-	const struct htaccess_result *next;
-};
-
-typedef struct conn_rec conn_rec;
-typedef struct server_rec server_rec;
-typedef struct request_rec request_rec;
-typedef struct listen_rec listen_rec;
-
-#include "util_uri.h"
-
-enum proxyreqtype {
-    NOT_PROXY=0,
-    STD_PROXY,
-    PROXY_PASS
-};
-
-struct request_rec {
-
-	ap_pool *pool;
-	conn_rec *connection;
-	server_rec *server;
-
-	request_rec *next;		/* If we wind up getting redirected,
-				 * pointer to the request we redirected to.
-				 */
-	request_rec *prev;		/* If this is an internal redirect,
-				 * pointer to where we redirected *from*.
-				 */
-
-	request_rec *main;	/* If this is a sub_request (see request.h) 
-				 * pointer back to the main request.
-				 */
-
-	/* Info about the request itself... we begin with stuff that only
-	* protocol.c should ever touch...
-	*/
-
-	char *the_request;	/* First line of request, so we can log it */
-	int assbackwards;		/* HTTP/0.9, "simple" request */
-	enum proxyreqtype proxyreq;/* A proxy request (calculated during
-				 * post_read_request or translate_name) */
-	int header_only;		/* HEAD request, as opposed to GET */
-	char *protocol;		/* Protocol, as given to us, or HTTP/0.9 */
-	int proto_num;		/* Number version of protocol; 1.1 = 1001 */
-	const char *hostname;	/* Host, as set by full URI or Host: */
-
-	time_t request_time;	/* When the request started */
-
-	const char *status_line;	/* Status line, if set by script */
-	int status;			/* In any case */
-
-	/* Request method, two ways; also, protocol, etc..
-	* Outside of protocol.c,
-	* look, but don't touch.
-	*/
-
-	const char *method;		/* GET, HEAD, POST, etc. */
-	int method_number;		/* M_GET, M_POST, etc. */
-
-	/*
-	allowed is a bitvector of the allowed methods.
-
-	A handler must ensure that the request method is one that
-	it is capable of handling.  Generally modules should DECLINE
-	any request methods they do not handle.  Prior to aborting the
-	handler like this the handler should set r->allowed to the list
-	of methods that it is willing to handle.  This bitvector is used
-	to construct the "Allow:" header required for OPTIONS requests,
-	and METHOD_NOT_ALLOWED and NOT_IMPLEMENTED status codes.
-
-	Since the default_handler deals with OPTIONS, all modules can
-	usually decline to deal with OPTIONS.  TRACE is always allowed,
-	modules don't need to set it explicitly.
-
-	Since the default_handler will always handle a GET, a
-	module which does *not* implement GET should probably return
-	METHOD_NOT_ALLOWED.  Unfortunately this means that a Script GET
-	handler can't be installed by mod_actions.
-	*/
-	int allowed;		/* Allowed methods - for 405, OPTIONS, etc */
-
-	int sent_bodyct;		/* byte count in stream is for body */
-	off_t bytes_sent;		/* body byte count, for easy access */
-	time_t mtime;		/* Time the resource was last modified */
-
-	/* HTTP/1.1 connection-level features */
-
-	int chunked;		/* sending chunked transfer-coding */
-	int byterange;		/* number of byte ranges */
-	char *boundary;		/* multipart/byteranges boundary */
-	const char *range;		/* The Range: header */
-	off_t clength;		/* The "real" content length */
-
-	long remaining;		/* bytes left to read */
-	long read_length;		/* bytes that have been read */
-	int read_body;		/* how the request body should be read */
-	int read_chunked;		/* reading chunked transfer-coding */
-	unsigned expecting_100;	/* is client waiting for a 100 response? */
-
-	/* MIME header environments, in and out.  Also, an array containing
-	* environment variables to be passed to subprocesses, so people can
-	* write modules to add to that environment.
-	*
-	* The difference between headers_out and err_headers_out is that the
-	* latter are printed even on error, and persist across internal
-	* redirects (so the headers printed for ErrorDocument handlers will
-	* have them).
-	*
-	* The 'notes' table is for notes from one module to another, with no
-	* other set purpose in mind...
-	*/
-
-	table *headers_in;
-	table *headers_out;
-	table *err_headers_out;
-	table *subprocess_env;
-	table *notes;
-
-	/* content_type, handler, content_encoding, content_language, and all
-	* content_languages MUST be lowercased strings.  They may be pointers
-	* to static strings; they should not be modified in place.
-	*/
-	const char *content_type;	/* Break these out we dispatch on 'em */
-	const char *handler;	/* What we *really* dispatch on */
-
-	const char *content_encoding;
-	const char *content_language;	/* for back-compat. only- do not use */
-	array_header *content_languages;	/* array of (char*) */
-
-	char *vlist_validator;      /* variant list validator (if negotiated) */
-
-	int no_cache;
-	int no_local_copy;
-
-	/* What object is being requested (either directly, or via include
-	* or content-negotiation mapping).
-	*/
-
-	char *unparsed_uri;	/* the uri without any parsing performed */
-	char *uri;			/* the path portion of the URI */
-	char *filename;		/* filename if found, otherwise NULL */
-	char *path_info;
-	char *args;			/* QUERY_ARGS, if any */
-	struct stat finfo;	/* ST_MODE set to zero if no such file */
-	uri_components parsed_uri;	/* components of uri, dismantled */
-
-	/* Various other config info which may change with .htaccess files
-	* These are config vectors, with one void* pointer for each module
-	* (the thing pointed to being the module's business).
-	*/
-
-	void *per_dir_config;	/* Options set in config files, etc. */
-	void *request_config;	/* Notes on *this* request */
-
-	/*
-	* a linked list of the configuration directives in the .htaccess files
-	* accessed by this request.
-	* N.B. always add to the head of the list, _never_ to the end.
-	* that way, a sub request's list can (temporarily) point to a parent's
-	* list
-	*/
-	const struct htaccess_result *htaccess;
-
-	/* On systems with case insensitive file systems (Windows, OS/2, etc.),
-	* r->filename is case canonicalized (folded to either lower or upper
-	* case, depending on the specific system) to accomodate file access
-	* checking. case_preserved_filename is the same as r->filename
-	* except case is preserved. There is at least one instance where Apache
-	* needs access to the case preserved filename: Java class files
-	* published with WebDAV need to preserve filename case to make the
-	* Java compiler happy.
-	*/
-	char *case_preserved_filename;
-
-	/* Things placed at the end of the record to avoid breaking binary
-	* compatibility.  It would be nice to remember to reorder the entire
-	* record to improve 64bit alignment the next time we need to break
-	* binary compatibility for some other reason.
-	*/
-
-	ap_ctx *ctx;
-};
-
-
-/* Things which are per connection
- */
-
-struct conn_rec {
-
-	ap_pool *pool;
-	server_rec *server;
-	server_rec *base_server;/* Physical vhost this conn come in on */
-	void *vhost_lookup_data;	/* used by http_vhost.c */
-
-	/* Information about the connection itself */
-
-	int child_num;		/* The number of the child handling conn_rec */
-	BUFF *client;		/* Connection to the guy */
-
-	/* Who is the client? */
-
-	struct sockaddr_storage local_addr;	/* local address */
-	struct sockaddr_storage remote_addr;	/* remote address */
-	char *remote_ip;		/* Client's IP address */
-	char *remote_host;		/* Client's DNS name, if known.
-				 * NULL if DNS hasn't been checked,
-				 * "" if it has and no address was found.
-				 * N.B. Only access this though
-				 * get_remote_host() */
-	char *remote_logname;	/* Only ever set if doing rfc1413 lookups.
-				 * N.B. Only access this through
-				 * get_remote_logname() */
-	char *user;			/* If an authentication check was made,
-				 * this gets set to the user name.  We assume
-				 * that there's only one user per connection(!)
-				 */
-	char *ap_auth_type;		/* Ditto. */
-
-	unsigned aborted:1;		/* Are we still talking? */
-	signed int keepalive:2;	/* Are we using HTTP Keep-Alive?
-				 * -1 fatal error, 0 undecided, 1 yes */
-	unsigned keptalive:1;	/* Did we use HTTP Keep-Alive? */
-	signed int double_reverse:2;/* have we done double-reverse DNS?
-				 * -1 yes/failure, 0 not yet, 1 yes/success */
-	int keepalives;		/* How many times have we used it? */
-	char *local_ip;		/* server IP address */
-	char *local_host;		/* used for ap_get_server_name when
-				 * UseCanonicalName is set to DNS
-				 * (ignores setting of HostnameLookups) */
-	ap_ctx *ctx;
-};
-
-/* Per-vhost config... */
-
-/* The address 255.255.255.255, when used as a virtualhost address,
- * will become the "default" server when the ip doesn't match other vhosts.
- */
-#define DEFAULT_VHOST_ADDR 0xfffffffful
-
-typedef struct server_addr_rec server_addr_rec;
-struct server_addr_rec {
-	server_addr_rec *next;
-	struct sockaddr_storage host_addr;	/* The bound address, for this server */
-	unsigned short host_port;	/* The bound port, for this server */
-	char *virthost;			/* The name given in <VirtualHost> */
-};
-
-struct server_rec {
-
-	server_rec *next;
-
-	/* description of where the definition came from */
-	const char *defn_name;
-	unsigned defn_line_number;
-
-	/* Full locations of server config info */
-
-	char *srm_confname;
-	char *access_confname;
-
-	/* Contact information */
-
-	char *server_admin;
-	char *server_hostname;
-	unsigned short port;	/* for redirects, etc. */
-
-	/* Log files --- note that transfer log is now in the modules... */
-
-	char *error_fname;
-	FILE *error_log;
-	int loglevel;
-
-	/* Module-specific configuration for server, and defaults... */
-
-	int is_virtual;		/* true if this is the virtual server */
-	void *module_config;	/* Config vector containing pointers to
-				 * modules' per-server config structures.
-				 */
-	void *lookup_defaults;	/* MIME type info, etc., before we start
-				 * checking per-directory info.
-				 */
-	/* Transaction handling */
-
-	server_addr_rec *addrs;
-	int timeout;		/* Timeout, in seconds, before we give up */
-	int keep_alive_timeout;	/* Seconds we'll wait for another request */
-	int keep_alive_max;		/* Maximum requests per connection */
-	int keep_alive;		/* Use persistent connections? */
-	int send_buffer_size;	/* size of TCP send buffer (in bytes) */
-
-	char *path;			/* Pathname for ServerPath */
-	int pathlen;		/* Length of path */
-
-	array_header *names;	/* Normal names for ServerAlias servers */
-	array_header *wild_names;/* Wildcarded names for ServerAlias servers */
-
-	uid_t server_uid;     /* effective user id when calling exec wrapper */
-	gid_t server_gid;    /* effective group id when calling exec wrapper */
-
-	int limit_req_line;      /* limit on size of the HTTP request line    */
-	int limit_req_fieldsize; /* limit on size of any request header field */
-	int limit_req_fields;    /* limit on number of request header fields  */
-
-	ap_ctx *ctx;
-};
-
-/* These are more like real hosts than virtual hosts */
-struct listen_rec {
-	listen_rec *next;
-	struct sockaddr_storage local_addr;	/* local IP address and port */
-	int fd;
-	int used;			/* Only used during restart */
-	/* more stuff here, like which protocol is bound to the port */
-};
-
-/* Prototypes for utilities... util.c.  */
-extern void ap_util_init(void);
-
-/* Time */
-extern API_VAR_EXPORT const char ap_month_snames[12][4];
-extern API_VAR_EXPORT const char ap_day_snames[7][4];
-
-API_EXPORT(struct tm *) ap_get_gmtoff(int *tz);
-API_EXPORT(char *) ap_get_time(void);
-API_EXPORT(char *) ap_field_noparam(pool *p, const char *intype);
-API_EXPORT(char *) ap_ht_time(pool *p, time_t t, const char *fmt, int gmt);
-API_EXPORT(char *) ap_gm_timestr_822(pool *p, time_t t);
-
-/* String handling. The *_nc variants allow you to use non-const char **s as
-   arguments (unfortunately C won't automatically convert a char ** to a const
-   char **) */
-
-API_EXPORT(char *) ap_getword(pool *p, const char **line, char stop);
-API_EXPORT(char *) ap_getword_nc(pool *p, char **line, char stop);
-API_EXPORT(char *) ap_getword_white(pool *p, const char **line);
-API_EXPORT(char *) ap_getword_white_nc(pool *p, char **line);
-API_EXPORT(char *) ap_getword_nulls(pool *p, const char **line, char stop);
-API_EXPORT(char *) ap_getword_nulls_nc(pool *p, char **line, char stop);
-API_EXPORT(char *) ap_getword_conf(pool *p, const char **line);
-API_EXPORT(char *) ap_getword_conf_nc(pool *p, char **line);
-
-API_EXPORT(const char *) ap_size_list_item(const char **field, int *len);
-API_EXPORT(char *) ap_get_list_item(pool *p, const char **field);
-API_EXPORT(int) ap_find_list_item(pool *p, const char *line, const char *tok);
-
-API_EXPORT(char *) ap_get_token(pool *p, const char **accept_line,
-    int accept_white);
-API_EXPORT(int) ap_find_token(pool *p, const char *line, const char *tok);
-API_EXPORT(int) ap_find_last_token(pool *p, const char *line, const char *tok);
-
-API_EXPORT(int) ap_is_url(const char *u);
-API_EXPORT(int) ap_unescape_url(char *url);
-API_EXPORT(void) ap_no2slash(char *name);
-API_EXPORT(void) ap_getparents(char *name);
-API_EXPORT(char *) ap_escape_path_segment(pool *p, const char *s);
-API_EXPORT(char *) ap_os_escape_path(pool *p, const char *path, int partial);
-#define ap_escape_uri(ppool,path) ap_os_escape_path(ppool,path,1)
-API_EXPORT(char *) ap_escape_html(pool *p, const char *s);
-API_EXPORT(char *) ap_construct_server(pool *p, const char *hostname,
-    unsigned port, const request_rec *r);
-API_EXPORT(char *) ap_escape_logitem(pool *p, const char *str);
-API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
-    size_t buflen);
-API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *s);
-
-API_EXPORT(int) ap_count_dirs(const char *path);
-API_EXPORT(char *) ap_make_dirstr_prefix(char *d, const char *s, int n);
-API_EXPORT(char *) ap_make_dirstr_parent(pool *p, const char *s);
-/* deprecated.  The previous two routines are preferred. */
-API_EXPORT(char *) ap_make_dirstr(pool *a, const char *s, int n);
-API_EXPORT(char *) ap_make_full_path(pool *a, const char *dir, const char *f);
-
-API_EXPORT(int) ap_is_matchexp(const char *str);
-API_EXPORT(int) ap_strcmp_match(const char *str, const char *exp);
-API_EXPORT(int) ap_strcasecmp_match(const char *str, const char *exp);
-API_EXPORT(char *) ap_stripprefix(const char *bigstring, const char *prefix);
-API_EXPORT(char *) ap_strcasestr(const char *s1, const char *s2);
-API_EXPORT(char *) ap_pbase64decode(pool *p, const char *bufcoded);
-API_EXPORT(char *) ap_pbase64encode(pool *p, char *string);
-API_EXPORT(char *) ap_uudecode(pool *p, const char *bufcoded);
-API_EXPORT(char *) ap_uuencode(pool *p, char *string);
-
-API_EXPORT(int)    ap_regexec(const regex_t *preg, const char *string,
-    size_t nmatch, regmatch_t pmatch[], int eflags);
-API_EXPORT(size_t) ap_regerror(int errcode, const regex_t *preg,
-    char *errbuf, size_t errbuf_size);
-API_EXPORT(char *) ap_pregsub(pool *p, const char *input, const char *source,
-    size_t nmatch, regmatch_t pmatch[]);
-
-API_EXPORT(void) ap_content_type_tolower(char *);
-API_EXPORT(void) ap_str_tolower(char *);
-API_EXPORT(int) ap_ind(const char *, char);	/* Sigh... */
-API_EXPORT(int) ap_rind(const char *, char);
-
-API_EXPORT(char *) ap_escape_quotes (pool *p, const char *instring);
-API_EXPORT(void) ap_remove_spaces(char *dest, char *src);
-
-/* Common structure for reading of config files / passwd files etc. */
-typedef struct {
-    int (*getch) (void *param);	/* a getc()-like function */
-    /* a fgets()-like function */
-    void *(*getstr) (void *buf, size_t bufsiz, void *param);
-    int (*close) (void *param);	/* a close hander function */
-    void *param;		/* the argument passed to getch/getstr/close */
-    const char *name;		/* the filename / description */
-    unsigned line_number;	/* current line number, starting at 1 */
-} configfile_t;
-
-/* Open a configfile_t as FILE, return open configfile_t struct pointer */
-API_EXPORT(configfile_t *) ap_pcfg_openfile(pool *p, const char *name);
-
-/* Allocate a configfile_t handle with user defined functions and params */
-API_EXPORT(configfile_t *) ap_pcfg_open_custom(pool *p, const char *descr,
-    void *param, int(*getc_func)(void*),
-    void *(*gets_func) (void *buf, size_t bufsiz, void *param),
-    int(*close_func)(void *param));
-
-/* Read one line from open configfile_t, strip LF, increase line number */
-API_EXPORT(int) ap_cfg_getline(char *buf, size_t bufsize, configfile_t *cfp);
-
-/* Read one char from open configfile_t, increase line number upon LF */
-API_EXPORT(int) ap_cfg_getc(configfile_t *cfp);
-
-/* Detach from open configfile_t, calling the close handler */
-API_EXPORT(int) ap_cfg_closefile(configfile_t *cfp);
-
-/* Misc system hackery */
-
-API_EXPORT(uid_t) ap_uname2id(const char *name);
-API_EXPORT(gid_t) ap_gname2id(const char *name);
-API_EXPORT(int) ap_is_directory(const char *name);
-API_EXPORT(int) ap_is_rdirectory(const char *name);
-API_EXPORT(int) ap_can_exec(const struct stat *);
-API_EXPORT(void) ap_chdir_file(const char *file);
-
-#ifndef HAVE_CANONICAL_FILENAME
-/*
- *  We can't define these in os.h because of dependence on pool pointer.
- */
-#define ap_os_canonical_filename(p,f)  (f)
-#define ap_os_case_canonical_filename(p,f)  (f)
-#define ap_os_systemcase_filename(p,f)  (f)
-#else
-API_EXPORT(char *) ap_os_canonical_filename(pool *p, const char *file);
-#define ap_os_case_canonical_filename(p,f) ap_os_canonical_filename(p,f)
-#define ap_os_systemcase_filename(p,f) ap_os_canonical_filename(p,f)
-#endif
-
-
-API_EXPORT(char *) ap_get_local_host(pool *);
-API_EXPORT(struct sockaddr *) ap_get_virthost_addr(char *hostname,
-    unsigned short *port);
-
-extern API_VAR_EXPORT time_t ap_restart_time;
-
-/*
- * Apache tries to keep all of its long term filehandles (such as log files,
- * and sockets) above this number.  This is to workaround problems in many
- * third party libraries that are compiled with a small FD_SETSIZE.  There
- * should be no reason to lower this, because it's only advisory.  If a file
- * can't be allocated above this number then it will remain in the "slack"
- * area.
- *
- * Only the low slack line is used by default.
- */
-#ifndef LOW_SLACK_LINE
-#define LOW_SLACK_LINE	15
-#endif
-
-/*
- * The ap_slack() function takes a fd, and tries to move it above the indicated
- * line.  It returns an fd which may or may not have moved above the line, and
- * never fails.  If the high line was requested and it fails it will also try
- * the low line.
- */
-int ap_slack(int fd, int line);
-#define AP_SLACK_LOW	1
-#define AP_SLACK_HIGH	2
-
-API_EXPORT(char *) ap_escape_quotes(pool *p, const char *instr);
-
-/*
- * Redefine assert() to something more useful for an Apache...
- */
-API_EXPORT(void) ap_log_assert(const char *szExp, const char *szFile, int nLine)
-    __attribute__((noreturn));
-#define ap_assert(exp) ((exp) ? (void)0 : ap_log_assert(#exp,__FILE__,0))
-
-#define OPTIMIZE_TIMEOUTS
-
-/* A set of flags which indicate places where the server should raise(SIGSTOP).
- * This is useful for debugging, because you can then attach to that process
- * with gdb and continue.  This is important in cases where one_process
- * debugging isn't possible.
- */
-#define SIGSTOP_DETACH			1
-#define SIGSTOP_MAKE_CHILD		2
-#define SIGSTOP_SPAWN_CHILD		4
-#define SIGSTOP_PIPED_LOG_SPAWN		8
-#define SIGSTOP_CGI_CHILD		16
-
-#ifdef DEBUG_SIGSTOP
-extern int raise_sigstop_flags;
-#define RAISE_SIGSTOP(x)	do { \
-	if (raise_sigstop_flags & SIGSTOP_##x) raise(SIGSTOP);\
-    } while (0)
-#else
-#define RAISE_SIGSTOP(x)
-#endif
-
-API_EXPORT(extern const char *) ap_psignature(const char *prefix, request_rec *r);
-
-/* strtoul does not exist on sunos4. */
-#ifdef strtoul
-#undef strtoul
-#endif
-#define strtoul strtoul_is_not_a_portable_function_use_strtol_instead
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_HTTPD_H */
diff --git a/usr.sbin/httpd/src/include/multithread.h b/usr.sbin/httpd/src/include/multithread.h
deleted file mode 100644
index 86a429e7575..00000000000
--- a/usr.sbin/httpd/src/include/multithread.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/* $OpenBSD: multithread.h,v 1.6 2005/03/28 23:26:51 niallo Exp $ */
-
-#ifndef APACHE_MULTITHREAD_H
-#define APACHE_MULTITHREAD_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MULTI_OK (0)
-#define MULTI_TIMEOUT (1)
-#define MULTI_ERR (2)
-
-typedef void mutex;
-typedef void semaphore;
-typedef void thread;
-typedef void event;
-
-/*
- * Ambarish: Need to do the right stuff on multi-threaded unix
- * I believe this is terribly ugly
- */
-#define APACHE_TLS
-/* Only define the ones actually used, for now */
-extern void *ap_dummy_mutex;
-
-#define ap_create_mutex(name)	((mutex *)ap_dummy_mutex)
-#define ap_acquire_mutex(mutex_id)	((int)MULTI_OK)
-#define ap_release_mutex(mutex_id)	((int)MULTI_OK)
-#define ap_destroy_mutex(mutex_id)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !APACHE_MULTITHREAD_H */
diff --git a/usr.sbin/httpd/src/include/rfc1413.h b/usr.sbin/httpd/src/include/rfc1413.h
deleted file mode 100644
index 43e6bfd1707..00000000000
--- a/usr.sbin/httpd/src/include/rfc1413.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/* $OpenBSD: rfc1413.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_RFC1413_H
-#define APACHE_RFC1413_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-API_EXPORT(extern char *) ap_rfc1413(conn_rec *conn, server_rec *srv);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !APACHE_RFC1413_H */
diff --git a/usr.sbin/httpd/src/include/scoreboard.h b/usr.sbin/httpd/src/include/scoreboard.h
deleted file mode 100644
index ff12aab3772..00000000000
--- a/usr.sbin/httpd/src/include/scoreboard.h
+++ /dev/null
@@ -1,184 +0,0 @@
-/* $OpenBSD: scoreboard.h,v 1.13 2010/02/25 07:49:53 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_SCOREBOARD_H
-#define APACHE_SCOREBOARD_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <sys/times.h>
-
-/* Scoreboard info on a process is, for now, kept very brief --- 
- * just status value and pid (the latter so that the caretaker process
- * can properly update the scoreboard when a process dies).  We may want
- * to eventually add a separate set of long_score structures which would
- * give, for each process, the number of requests serviced, and info on
- * the current, or most recent, request.
- *
- * Status values:
- */
-
-#define SERVER_DEAD 0
-#define SERVER_STARTING 1	/* Server Starting up */
-#define SERVER_READY 2		/* Waiting for connection (or accept() lock) */
-#define SERVER_BUSY_READ 3	/* Reading a client request */
-#define SERVER_BUSY_WRITE 4	/* Processing a client request */
-#define SERVER_BUSY_KEEPALIVE 5	/* Waiting for more requests via keepalive */
-#define SERVER_BUSY_LOG 6	/* Logging the request */
-#define SERVER_BUSY_DNS 7	/* Looking up a hostname */
-#define SERVER_GRACEFUL 8	/* server is gracefully finishing request */
-#define SERVER_NUM_STATUS 9	/* number of status settings */
-
-/* A "virtual time" is simply a counter that indicates that a child is
- * making progress.  The parent checks up on each child, and when they have
- * made progress it resets the last_rtime element.  But when the child hasn't
- * made progress in a time that's roughly timeout_len seconds long, it is
- * sent a SIGALRM.
- *
- * vtime is an optimization that is used only when the scoreboard is in
- * shared memory (it's not easy/feasible to do it in a scoreboard file).
- * The essential observation is that timeouts rarely occur, the vast majority
- * of hits finish before any timeout happens.  So it really sucks to have to
- * ask the operating system to set up and destroy alarms many times during
- * a request.
- */
-typedef unsigned vtime_t;
-
-/* Type used for generation indicies.  Startup and every restart cause a
- * new generation of children to be spawned.  Children within the same
- * generation share the same configuration information -- pointers to stuff
- * created at config time in the parent are valid across children.  For
- * example, the vhostrec pointer in the scoreboard below is valid in all
- * children of the same generation.
- *
- * The safe way to access the vhost pointer is like this:
- *
- * short_score *ss = pointer to whichver slot is interesting;
- * parent_score *ps = pointer to whichver slot is interesting;
- * server_rec *vh = ss->vhostrec;
- *
- * if (ps->generation != ap_my_generation) {
- *     vh = NULL;
- * }
- *
- * then if vh is not NULL it's valid in this child.
- *
- * This avoids various race conditions around restarts.
- */
-typedef int ap_generation_t;
-
-/* stuff which the children generally write, and the parent mainly reads */
-typedef struct {
-	vtime_t cur_vtime;		/* the child's current vtime */
-	unsigned short timeout_len;	/* length of the timeout */
-	unsigned char status;
-	unsigned long access_count;
-	unsigned long long bytes_served;
-	unsigned long my_access_count;
-	unsigned long long my_bytes_served;
-	unsigned long long conn_bytes;
-	unsigned short conn_count;
-	struct timeval start_time;
-	struct timeval stop_time;
-	struct tms times;
-	char client[32];		/* Keep 'em small... */
-	char request[64];		/* We just want an idea... */
-	server_rec *vhostrec;	/* What virtual host is being accessed? */
-				/* SEE ABOVE FOR SAFE USAGE! */
-} short_score;
-
-typedef struct {
-	ap_generation_t running_generation;/* the generation of children which
-                                         * should still be serving requests. */
-} global_score;
-
-/* stuff which the parent generally writes and the children rarely read */
-typedef struct {
-	pid_t pid;
-	time_t last_rtime;		/* time(0) of the last change */
-	vtime_t last_vtime;		/* the last vtime the parent has seen */
-	ap_generation_t generation;	/* generation of this child */
-} parent_score;
-
-typedef struct {
-	short_score servers[HARD_SERVER_LIMIT];
-	parent_score parent[HARD_SERVER_LIMIT];
-	global_score global;
-} scoreboard;
-
-#define SCOREBOARD_SIZE		sizeof(scoreboard)
-
-API_EXPORT(int) ap_exists_scoreboard_image(void);
-
-API_VAR_EXPORT extern scoreboard *ap_scoreboard_image;
-
-API_VAR_EXPORT extern ap_generation_t volatile ap_my_generation;
-
-/* for time_process_request() in http_main.c */
-#define START_PREQUEST 1
-#define STOP_PREQUEST  2
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_SCOREBOARD_H */
diff --git a/usr.sbin/httpd/src/include/util_date.h b/usr.sbin/httpd/src/include/util_date.h
deleted file mode 100644
index d9538914655..00000000000
--- a/usr.sbin/httpd/src/include/util_date.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* $OpenBSD: util_date.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_UTIL_DATE_H
-#define APACHE_UTIL_DATE_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * util_date.h: prototypes for date parsing utility routines
- */
-
-#include <time.h>
-
-#define BAD_DATE (time_t)0
-
-API_EXPORT(int) ap_checkmask(const char *data, const char *mask);
-API_EXPORT(time_t) ap_tm2sec(const struct tm *t);
-API_EXPORT(time_t) ap_parseHTTPdate(const char *date);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_UTIL_DATE_H */
diff --git a/usr.sbin/httpd/src/include/util_md5.h b/usr.sbin/httpd/src/include/util_md5.h
deleted file mode 100644
index a9c22a879f6..00000000000
--- a/usr.sbin/httpd/src/include/util_md5.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/* $OpenBSD: util_md5.h,v 1.8 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_UTIL_MD5_H
-#define APACHE_UTIL_MD5_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "ap_md5.h"
-
-API_EXPORT(char *) ap_md5(pool *a, const unsigned char *string);
-API_EXPORT(char *) ap_md5_binary(pool *a, const unsigned char *buf, int len);
-API_EXPORT(char *) ap_md5contextTo64(pool *p, AP_MD5_CTX * context);
-API_EXPORT(char *) ap_md5digest(pool *p, FILE *infile);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_UTIL_MD5_H */
diff --git a/usr.sbin/httpd/src/include/util_script.h b/usr.sbin/httpd/src/include/util_script.h
deleted file mode 100644
index 35d40a6b955..00000000000
--- a/usr.sbin/httpd/src/include/util_script.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/* $OpenBSD: util_script.h,v 1.7 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_UTIL_SCRIPT_H
-#define APACHE_UTIL_SCRIPT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef APACHE_ARG_MAX
-#ifdef _POSIX_ARG_MAX
-#define APACHE_ARG_MAX _POSIX_ARG_MAX
-#else
-#define APACHE_ARG_MAX 512
-#endif
-#endif
-
-API_EXPORT(char **) ap_create_environment(pool *p, table *t);
-API_EXPORT(int) ap_find_path_info(const char *uri, const char *path_info);
-API_EXPORT(void) ap_add_cgi_vars(request_rec *r);
-API_EXPORT(void) ap_add_common_vars(request_rec *r);
-API_EXPORT(int) ap_scan_script_header_err(request_rec *r, FILE *f,
-    char *buffer);
-API_EXPORT(int) ap_scan_script_header_err_buff(request_rec *r, BUFF *f,
-    char *buffer);
-API_EXPORT(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
-    int (*getsfunc) (char *, int, void *), void *getsfunc_data);
-API_EXPORT_NONSTD(int) ap_scan_script_header_err_strs(request_rec *r,
-    char *buffer, const char **termch, int *termarg, ...);
-API_EXPORT(void) ap_send_size(size_t size, request_rec *r);
-API_EXPORT(int) ap_call_exec(request_rec *r, child_info *pinfo, char *argv0,
-    char **env, int shellcmd);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif	/* !APACHE_UTIL_SCRIPT_H */
diff --git a/usr.sbin/httpd/src/include/util_uri.h b/usr.sbin/httpd/src/include/util_uri.h
deleted file mode 100644
index cd47d801980..00000000000
--- a/usr.sbin/httpd/src/include/util_uri.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/* $OpenBSD: util_uri.h,v 1.6 2005/03/28 23:26:51 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * util_uri.h: External Interface of util_uri.c
- */
-
-#ifndef UTIL_URI_H
-#define UTIL_URI_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct {
-	const char *name;
-	unsigned short default_port;
-} schemes_t;
-
-#define	DEFAULT_FTP_DATA_PORT	20
-#define	DEFAULT_FTP_PORT	21
-#define	DEFAULT_GOPHER_PORT	70
-#define	DEFAULT_NNTP_PORT	119
-#define	DEFAULT_WAIS_PORT	210
-#define	DEFAULT_SNEWS_PORT	563
-#define	DEFAULT_PROSPERO_PORT	1525	/* WARNING: conflict w/Oracle */
-
-#define DEFAULT_URI_SCHEME "http"
-
-/* Flags passed to unparse_uri_components(): */
-
-/* suppress "scheme://user@site:port" */
-#define UNP_OMITSITEPART	(1U<<0)	
-/* Just omit user */
-#define	UNP_OMITUSER		(1U<<1)	
-/* Just omit password */
-#define	UNP_OMITPASSWORD	(1U<<2)	
-/* omit "user:password@" part */
-#define	UNP_OMITUSERINFO	(UNP_OMITUSER|UNP_OMITPASSWORD)	
-/* Show plain text password (default: show XXXXXXXX) */
-#define	UNP_REVEALPASSWORD	(1U<<3)	
-/* Show "scheme://user@site:port" only */
-#define UNP_OMITPATHINFO	(1U<<4)	
-/* Omit the "?queryarg" from the path */
-#define UNP_OMITQUERY	        (1U<<5)	
-
-typedef struct {
-	char *scheme;		/* scheme ("http"/"ftp"/...) */
-	char *hostinfo;             /* combined [user[:password]@]host[:port] */
-	char *user;	/* user name, as in http://user:passwd@host:port/ */
-	char *password;	/* password, as in http://user:passwd@host:port/ */
-	char *hostname;	/* hostname from URI (or from Host: header) */
-	char *port_str;	/* port string (integer representation is in "port") */
-	char *path;/* request path (or "/" if only scheme://host was given)*/
-	char *query;	/* Everything after a '?' in the path, if present */
-	char *fragment;		/* Trailing "#fragment" string, if present */
-
-	struct hostent *hostent;
-
-	unsigned short port;	/* The port number, numeric, valid only if
-				 * port_str != NULL
-				 */
-
-	unsigned is_initialized:1;
-
-	unsigned dns_looked_up:1;
-	unsigned dns_resolved:1;
-
-} uri_components;
-
-/* util_uri.c */
-API_EXPORT(unsigned short) ap_default_port_for_scheme(const char *scheme_str);
-API_EXPORT(unsigned short) ap_default_port_for_request(const request_rec *r);
-API_EXPORT(struct hostent *) ap_pduphostent(pool *p, const struct hostent *hp);
-API_EXPORT(struct hostent *) ap_pgethostbyname(pool *p, const char *hostname);
-API_EXPORT(char *) ap_unparse_uri_components(pool *p,
-    const uri_components *uptr, unsigned flags);
-API_EXPORT(int) ap_parse_uri_components(pool *p, const char *uri,
-    uri_components *uptr);
-API_EXPORT(int) ap_parse_hostinfo_components(pool *p, const char *hostinfo,
-    uri_components *uptr);
-/* called by the core in main() */
-extern void ap_util_uri_init(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /*UTIL_URI_H*/
diff --git a/usr.sbin/httpd/src/lib/expat-lite/CHANGES b/usr.sbin/httpd/src/lib/expat-lite/CHANGES
deleted file mode 100644
index 0340d07ee1a..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/CHANGES
+++ /dev/null
@@ -1,65 +0,0 @@
-=== PURPOSE ===
-
-This file documents the changes made by the Apache Group to James
-Clark's Expat parser. The original Expat distribution can be found at
-http://www.jclark.com/xml/expat.html.
-
-
-=== SUBSET INFORMATION ===
-
-Apache does not choose (or need) to use the entire Expat parser
-distribution. The subset that Apache will use will be referred to as
-"expat-lite". In particular, this directory contains the files from
-the following Expat distribution subdirectories:
-
-  expat/xmltok/*
-  expat/xmlparse/*
-
-We also retain expat/expat.html for attribution to James Clark and
-licensing information.
-
-Note that Apache has replaced (with custom versions) the .dsp files
-normally distributed with Expat. Other changes are detailed further
-below.
-
-
-=== FILES ADDED ===
-
-This file (CHANGES) has been added to document changes from the
-original Expat distribution.
-
-Makefile.tmpl has been created from scratch to provide build
-instructions to the Apache build system.
-
-xmlparse.def and xmltok.def have been added.
-
-.cvsignore has been added.
-
-
-=== CHANGES TO ORIGINAL ===
-
-The files, in their original state from the Expat distribution, have
-been tagged within CVS with the "EXPAT_1_1" tag. That tag may be used
-as a reference for changes made by the Apache Group.
-
-The following changes have been made:
-
-June, 1999:
-
-  - modified xmldef.h to define XML_BYTE_ORDER in terms of the
-    AP_BYTE_ORDER symbol.
-  - removed compilation warnings from: xmlparse.c, xmltok.c, xmltok.h, 
-    xmltok_impl.c, xmltok_ns.c
-
-November, 1999:
-
-  - xmlparse.{def,dsp,mak} and xmltok.{def,dsp,mak} were added.
-    NOTE: the .dsp files are different from the standard Expat
-	  distribution.
-  - dllmain.c (from the Expat distribution) was added
-
-January, 2000:
-
-  - Renamed lookup() in hashtable.[ch] to hashTableLookup() to prevent
-    possible conflicts with third-party libraries and modules. Updated
-    calls in xmlparse.c accordingly.
diff --git a/usr.sbin/httpd/src/lib/expat-lite/Makefile.tmpl b/usr.sbin/httpd/src/lib/expat-lite/Makefile.tmpl
deleted file mode 100644
index 646af3b9810..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/Makefile.tmpl
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# default definition of these two. dunno how to get it prepended when the
-# Makefile is built, so we do it manually
-#
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) -DAPACHE
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-
-OBJS=xmltok.o xmlrole.o xmlparse.o hashtable.o
-
-all lib: libexpat.a
-
-libexpat.a: $(OBJS)
-	rm -f libexpat.a
-	ar cr libexpat.a $(OBJS)
-	$(RANLIB) libexpat.a
-
-clean:
-	rm -f $(OBJS) libexpat.a
-
-distclean: clean
-	-rm -f Makefile
-
-.SUFFIXES: .o
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
diff --git a/usr.sbin/httpd/src/lib/expat-lite/asciitab.h b/usr.sbin/httpd/src/lib/expat-lite/asciitab.h
deleted file mode 100644
index 8a8a2dd388d..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/asciitab.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-/* 0x00 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x04 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x08 */ BT_NONXML, BT_S, BT_LF, BT_NONXML,
-/* 0x0C */ BT_NONXML, BT_CR, BT_NONXML, BT_NONXML,
-/* 0x10 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x14 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x18 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x1C */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x20 */ BT_S, BT_EXCL, BT_QUOT, BT_NUM,
-/* 0x24 */ BT_OTHER, BT_PERCNT, BT_AMP, BT_APOS,
-/* 0x28 */ BT_LPAR, BT_RPAR, BT_AST, BT_PLUS,
-/* 0x2C */ BT_COMMA, BT_MINUS, BT_NAME, BT_SOL,
-/* 0x30 */ BT_DIGIT, BT_DIGIT, BT_DIGIT, BT_DIGIT,
-/* 0x34 */ BT_DIGIT, BT_DIGIT, BT_DIGIT, BT_DIGIT,
-/* 0x38 */ BT_DIGIT, BT_DIGIT, BT_COLON, BT_SEMI,
-/* 0x3C */ BT_LT, BT_EQUALS, BT_GT, BT_QUEST,
-/* 0x40 */ BT_OTHER, BT_HEX, BT_HEX, BT_HEX,
-/* 0x44 */ BT_HEX, BT_HEX, BT_HEX, BT_NMSTRT,
-/* 0x48 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x4C */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x50 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x54 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x58 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_LSQB,
-/* 0x5C */ BT_OTHER, BT_RSQB, BT_OTHER, BT_NMSTRT,
-/* 0x60 */ BT_OTHER, BT_HEX, BT_HEX, BT_HEX,
-/* 0x64 */ BT_HEX, BT_HEX, BT_HEX, BT_NMSTRT,
-/* 0x68 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x6C */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x70 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x74 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x78 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_OTHER,
-/* 0x7C */ BT_VERBAR, BT_OTHER, BT_OTHER, BT_OTHER,
diff --git a/usr.sbin/httpd/src/lib/expat-lite/dllmain.c b/usr.sbin/httpd/src/lib/expat-lite/dllmain.c
deleted file mode 100644
index deb7fafc81a..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/dllmain.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#define STRICT 1
-#define WIN32_LEAN_AND_MEAN 1
-
-#include <windows.h>
-
-BOOL WINAPI DllMain(HANDLE hInst, ULONG ul_reason_for_call, LPVOID lpReserved)
-{
-  return TRUE;
-}
-
diff --git a/usr.sbin/httpd/src/lib/expat-lite/expat.html b/usr.sbin/httpd/src/lib/expat-lite/expat.html
deleted file mode 100644
index 3806ca8d0e2..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/expat.html
+++ /dev/null
@@ -1,73 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
-"http://www.w3.org/TR/REC-html40/loose.dtd">
-
-<HTML>
-
-<TITLE>expat
-
-
-
-
expat - XML Parser Toolkit

-
-
Version 1.1

-
-
Copyright (c) 1998, 1999 James Clark.  Expat is subject to the Mozilla Public
-License Version 1.1.  Alternatively you may use expat under the GNU General Public
-License instead.  Please contact me if you wish to negotiate an
-alternative license.

-
-
Expat is an XML 1.0 parser
-written in C. It aims to be fully conforming.  It is currently not a
-validating XML processor.  The current production version of expat can
-be downloaded from ftp://ftp.jclark.com/pub/xml/expat.zip.

-
-
The directory xmltok contains a low-level library for
-tokenizing XML.  The interface is documented in
-xmltok/xmltok.h.

-
-
The directory xmlparse contains an XML parser library
-which is built on top of the xmltok library.  The
-interface is documented in xmlparse/xmlparse.h.  The
-directory sample contains a simple example program using
-this interface; sample/build.bat is a batch file to build
-the example using Visual C++.

-
-
The directory xmlwf contains the xmlwf
-application, which uses the xmlparse library. The
-arguments to xmlwf are one or more files which are each
-to be checked for well-formedness. An option -d
-dir can be specified; for each well-formed input
-file the corresponding canonical XML will
-be written to dir/f, where
-f is the filename (without any path) of the
-input file.  A -x option will cause references to
-external general entities to be processed.  A -s option
-will make documents that are not standalone cause an error (a document
-is considered standalone if either it is intrinsically standalone
-because it has no external subset and no references to parameter
-entities in the internal subset or it is declared as standalone in the
-XML declaration).

-
-
The bin directory contains Win32 executables.  The
-lib directory contains Win32 import libraries.

-
-
Answers to some frequently asked questions about expat can be found
-in the expat
-FAQ.

-
-

-
-

-
-James Clark
-
-

-
-
-
-
diff --git a/usr.sbin/httpd/src/lib/expat-lite/hashtable.c b/usr.sbin/httpd/src/lib/expat-lite/hashtable.c
deleted file mode 100644
index 26a3b444f74..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/hashtable.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-csompliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include "xmldef.h"
-
-#ifdef XML_UNICODE_WCHAR_T
-#ifndef XML_UNICODE
-#define XML_UNICODE
-#endif
-#endif
-
-#include "hashtable.h"
-
-#define INIT_SIZE 64
-
-static
-int keyeq(KEY s1, KEY s2)
-{
-  for (; *s1 == *s2; s1++, s2++)
-    if (*s1 == 0)
-      return 1;
-  return 0;
-}
-
-static
-unsigned long hash(KEY s)
-{
-  unsigned long h = 0;
-  while (*s)
-    h = (h << 5) + h + (unsigned char)*s++;
-  return h;
-}
-
-NAMED *hashTableLookup(HASH_TABLE *table, KEY name, size_t createSize)
-{
-  size_t i;
-  if (table->size == 0) {
-    if (!createSize)
-      return 0;
-    table->v = calloc(INIT_SIZE, sizeof(NAMED *));
-    if (!table->v)
-      return 0;
-    table->size = INIT_SIZE;
-    table->usedLim = INIT_SIZE / 2;
-    i = hash(name) & (table->size - 1);
-  }
-  else {
-    unsigned long h = hash(name);
-    for (i = h & (table->size - 1);
-         table->v[i];
-         i == 0 ? i = table->size - 1 : --i) {
-      if (keyeq(name, table->v[i]->name))
-	return table->v[i];
-    }
-    if (!createSize)
-      return 0;
-    if (table->used == table->usedLim) {
-      /* check for overflow */
-      size_t newSize = table->size * 2;
-      NAMED **newV = calloc(newSize, sizeof(NAMED *));
-      if (!newV)
-	return 0;
-      for (i = 0; i < table->size; i++)
-	if (table->v[i]) {
-	  size_t j;
-	  for (j = hash(table->v[i]->name) & (newSize - 1);
-	       newV[j];
-	       j == 0 ? j = newSize - 1 : --j)
-	    ;
-	  newV[j] = table->v[i];
-	}
-      free(table->v);
-      table->v = newV;
-      table->size = newSize;
-      table->usedLim = newSize/2;
-      for (i = h & (table->size - 1);
-	   table->v[i];
-	   i == 0 ? i = table->size - 1 : --i)
-	;
-    }
-  }
-  table->v[i] = calloc(1, createSize);
-  if (!table->v[i])
-    return 0;
-  table->v[i]->name = name;
-  (table->used)++;
-  return table->v[i];
-}
-
-void hashTableDestroy(HASH_TABLE *table)
-{
-  size_t i;
-  for (i = 0; i < table->size; i++) {
-    NAMED *p = table->v[i];
-    if (p)
-      free(p);
-  }
-  free(table->v);
-}
-
-void hashTableInit(HASH_TABLE *p)
-{
-  p->size = 0;
-  p->usedLim = 0;
-  p->used = 0;
-  p->v = 0;
-}
-
-void hashTableIterInit(HASH_TABLE_ITER *iter, const HASH_TABLE *table)
-{
-  iter->p = table->v;
-  iter->end = iter->p + table->size;
-}
-
-NAMED *hashTableIterNext(HASH_TABLE_ITER *iter)
-{
-  while (iter->p != iter->end) {
-    NAMED *tem = *(iter->p)++;
-    if (tem)
-      return tem;
-  }
-  return 0;
-}
-
diff --git a/usr.sbin/httpd/src/lib/expat-lite/hashtable.h b/usr.sbin/httpd/src/lib/expat-lite/hashtable.h
deleted file mode 100644
index 5c3f38cbb2e..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/hashtable.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-
-#include 
-
-#ifdef XML_UNICODE
-
-#ifdef XML_UNICODE_WCHAR_T
-typedef const wchar_t *KEY;
-#else /* not XML_UNICODE_WCHAR_T */
-typedef const unsigned short *KEY;
-#endif /* not XML_UNICODE_WCHAR_T */
-
-#else /* not XML_UNICODE */
-
-typedef const char *KEY;
-
-#endif /* not XML_UNICODE */
-
-typedef struct {
-  KEY name;
-} NAMED;
-
-typedef struct {
-  NAMED **v;
-  size_t size;
-  size_t used;
-  size_t usedLim;
-} HASH_TABLE;
-
-NAMED *hashTableLookup(HASH_TABLE *table, KEY name, size_t createSize);
-void hashTableInit(HASH_TABLE *);
-void hashTableDestroy(HASH_TABLE *);
-
-typedef struct {
-  NAMED **p;
-  NAMED **end;
-} HASH_TABLE_ITER;
-
-void hashTableIterInit(HASH_TABLE_ITER *, const HASH_TABLE *);
-NAMED *hashTableIterNext(HASH_TABLE_ITER *);
diff --git a/usr.sbin/httpd/src/lib/expat-lite/iasciitab.h b/usr.sbin/httpd/src/lib/expat-lite/iasciitab.h
deleted file mode 100644
index 333d6bb779d..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/iasciitab.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-/* Like asciitab.h, except that 0xD has code BT_S rather than BT_CR */
-/* 0x00 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x04 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x08 */ BT_NONXML, BT_S, BT_LF, BT_NONXML,
-/* 0x0C */ BT_NONXML, BT_S, BT_NONXML, BT_NONXML,
-/* 0x10 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x14 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x18 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x1C */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0x20 */ BT_S, BT_EXCL, BT_QUOT, BT_NUM,
-/* 0x24 */ BT_OTHER, BT_PERCNT, BT_AMP, BT_APOS,
-/* 0x28 */ BT_LPAR, BT_RPAR, BT_AST, BT_PLUS,
-/* 0x2C */ BT_COMMA, BT_MINUS, BT_NAME, BT_SOL,
-/* 0x30 */ BT_DIGIT, BT_DIGIT, BT_DIGIT, BT_DIGIT,
-/* 0x34 */ BT_DIGIT, BT_DIGIT, BT_DIGIT, BT_DIGIT,
-/* 0x38 */ BT_DIGIT, BT_DIGIT, BT_COLON, BT_SEMI,
-/* 0x3C */ BT_LT, BT_EQUALS, BT_GT, BT_QUEST,
-/* 0x40 */ BT_OTHER, BT_HEX, BT_HEX, BT_HEX,
-/* 0x44 */ BT_HEX, BT_HEX, BT_HEX, BT_NMSTRT,
-/* 0x48 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x4C */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x50 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x54 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x58 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_LSQB,
-/* 0x5C */ BT_OTHER, BT_RSQB, BT_OTHER, BT_NMSTRT,
-/* 0x60 */ BT_OTHER, BT_HEX, BT_HEX, BT_HEX,
-/* 0x64 */ BT_HEX, BT_HEX, BT_HEX, BT_NMSTRT,
-/* 0x68 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x6C */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x70 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x74 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0x78 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_OTHER,
-/* 0x7C */ BT_VERBAR, BT_OTHER, BT_OTHER, BT_OTHER,
diff --git a/usr.sbin/httpd/src/lib/expat-lite/latin1tab.h b/usr.sbin/httpd/src/lib/expat-lite/latin1tab.h
deleted file mode 100644
index 48609aa8f9f..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/latin1tab.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-/* 0x80 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x84 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x88 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x8C */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x90 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x94 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x98 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0x9C */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xA0 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xA4 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xA8 */ BT_OTHER, BT_OTHER, BT_NMSTRT, BT_OTHER,
-/* 0xAC */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xB0 */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xB4 */ BT_OTHER, BT_NMSTRT, BT_OTHER, BT_NAME,
-/* 0xB8 */ BT_OTHER, BT_OTHER, BT_NMSTRT, BT_OTHER,
-/* 0xBC */ BT_OTHER, BT_OTHER, BT_OTHER, BT_OTHER,
-/* 0xC0 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xC4 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xC8 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xCC */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xD0 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xD4 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_OTHER,
-/* 0xD8 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xDC */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xE0 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xE4 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xE8 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xEC */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xF0 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xF4 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_OTHER,
-/* 0xF8 */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
-/* 0xFC */ BT_NMSTRT, BT_NMSTRT, BT_NMSTRT, BT_NMSTRT,
diff --git a/usr.sbin/httpd/src/lib/expat-lite/nametab.h b/usr.sbin/httpd/src/lib/expat-lite/nametab.h
deleted file mode 100644
index b05e62c77a6..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/nametab.h
+++ /dev/null
@@ -1,150 +0,0 @@
-static const unsigned namingBitmap[] = {
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0x00000000, 0x04000000, 0x87FFFFFE, 0x07FFFFFE,
-0x00000000, 0x00000000, 0xFF7FFFFF, 0xFF7FFFFF,
-0xFFFFFFFF, 0x7FF3FFFF, 0xFFFFFDFE, 0x7FFFFFFF,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFE00F, 0xFC31FFFF,
-0x00FFFFFF, 0x00000000, 0xFFFF0000, 0xFFFFFFFF,
-0xFFFFFFFF, 0xF80001FF, 0x00000003, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFD740, 0xFFFFFFFB, 0x547F7FFF, 0x000FFFFD,
-0xFFFFDFFE, 0xFFFFFFFF, 0xDFFEFFFF, 0xFFFFFFFF,
-0xFFFF0003, 0xFFFFFFFF, 0xFFFF199F, 0x033FCFFF,
-0x00000000, 0xFFFE0000, 0x027FFFFF, 0xFFFFFFFE,
-0x0000007F, 0x00000000, 0xFFFF0000, 0x000707FF,
-0x00000000, 0x07FFFFFE, 0x000007FE, 0xFFFE0000,
-0xFFFFFFFF, 0x7CFFFFFF, 0x002F7FFF, 0x00000060,
-0xFFFFFFE0, 0x23FFFFFF, 0xFF000000, 0x00000003,
-0xFFF99FE0, 0x03C5FDFF, 0xB0000000, 0x00030003,
-0xFFF987E0, 0x036DFDFF, 0x5E000000, 0x001C0000,
-0xFFFBAFE0, 0x23EDFDFF, 0x00000000, 0x00000001,
-0xFFF99FE0, 0x23CDFDFF, 0xB0000000, 0x00000003,
-0xD63DC7E0, 0x03BFC718, 0x00000000, 0x00000000,
-0xFFFDDFE0, 0x03EFFDFF, 0x00000000, 0x00000003,
-0xFFFDDFE0, 0x03EFFDFF, 0x40000000, 0x00000003,
-0xFFFDDFE0, 0x03FFFDFF, 0x00000000, 0x00000003,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFFFFE, 0x000D7FFF, 0x0000003F, 0x00000000,
-0xFEF02596, 0x200D6CAE, 0x0000001F, 0x00000000,
-0x00000000, 0x00000000, 0xFFFFFEFF, 0x000003FF,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0x00000000, 0xFFFFFFFF, 0xFFFF003F, 0x007FFFFF,
-0x0007DAED, 0x50000000, 0x82315001, 0x002C62AB,
-0x40000000, 0xF580C900, 0x00000007, 0x02010800,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0x0FFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x03FFFFFF,
-0x3F3FFFFF, 0xFFFFFFFF, 0xAAFF3F3F, 0x3FFFFFFF,
-0xFFFFFFFF, 0x5FDFFFFF, 0x0FCF1FDC, 0x1FDC1FFF,
-0x00000000, 0x00004C40, 0x00000000, 0x00000000,
-0x00000007, 0x00000000, 0x00000000, 0x00000000,
-0x00000080, 0x000003FE, 0xFFFFFFFE, 0xFFFFFFFF,
-0x001FFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0x07FFFFFF,
-0xFFFFFFE0, 0x00001FFF, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0xFFFFFFFF, 0x0000003F, 0x00000000, 0x00000000,
-0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
-0xFFFFFFFF, 0x0000000F, 0x00000000, 0x00000000,
-0x00000000, 0x07FF6000, 0x87FFFFFE, 0x07FFFFFE,
-0x00000000, 0x00800000, 0xFF7FFFFF, 0xFF7FFFFF,
-0x00FFFFFF, 0x00000000, 0xFFFF0000, 0xFFFFFFFF,
-0xFFFFFFFF, 0xF80001FF, 0x00030003, 0x00000000,
-0xFFFFFFFF, 0xFFFFFFFF, 0x0000003F, 0x00000003,
-0xFFFFD7C0, 0xFFFFFFFB, 0x547F7FFF, 0x000FFFFD,
-0xFFFFDFFE, 0xFFFFFFFF, 0xDFFEFFFF, 0xFFFFFFFF,
-0xFFFF007B, 0xFFFFFFFF, 0xFFFF199F, 0x033FCFFF,
-0x00000000, 0xFFFE0000, 0x027FFFFF, 0xFFFFFFFE,
-0xFFFE007F, 0xBBFFFFFB, 0xFFFF0016, 0x000707FF,
-0x00000000, 0x07FFFFFE, 0x0007FFFF, 0xFFFF03FF,
-0xFFFFFFFF, 0x7CFFFFFF, 0xFFEF7FFF, 0x03FF3DFF,
-0xFFFFFFEE, 0xF3FFFFFF, 0xFF1E3FFF, 0x0000FFCF,
-0xFFF99FEE, 0xD3C5FDFF, 0xB080399F, 0x0003FFCF,
-0xFFF987E4, 0xD36DFDFF, 0x5E003987, 0x001FFFC0,
-0xFFFBAFEE, 0xF3EDFDFF, 0x00003BBF, 0x0000FFC1,
-0xFFF99FEE, 0xF3CDFDFF, 0xB0C0398F, 0x0000FFC3,
-0xD63DC7EC, 0xC3BFC718, 0x00803DC7, 0x0000FF80,
-0xFFFDDFEE, 0xC3EFFDFF, 0x00603DDF, 0x0000FFC3,
-0xFFFDDFEC, 0xC3EFFDFF, 0x40603DDF, 0x0000FFC3,
-0xFFFDDFEC, 0xC3FFFDFF, 0x00803DCF, 0x0000FFC3,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0xFFFFFFFE, 0x07FF7FFF, 0x03FF7FFF, 0x00000000,
-0xFEF02596, 0x3BFF6CAE, 0x03FF3F5F, 0x00000000,
-0x03000000, 0xC2A003FF, 0xFFFFFEFF, 0xFFFE03FF,
-0xFEBF0FDF, 0x02FE3FFF, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x00000000, 0x00000000,
-0x00000000, 0x00000000, 0x1FFF0000, 0x00000002,
-0x000000A0, 0x003EFFFE, 0xFFFFFFFE, 0xFFFFFFFF,
-0x661FFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0x77FFFFFF,
-};
-static const unsigned char nmstrtPages[] = {
-0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00,
-0x00, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-0x10, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x13,
-0x00, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x15, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x17,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x18,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
-static const unsigned char namePages[] = {
-0x19, 0x03, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x00,
-0x00, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
-0x10, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x13,
-0x26, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x27, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x17,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
-0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x18,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-};
diff --git a/usr.sbin/httpd/src/lib/expat-lite/utf8tab.h b/usr.sbin/httpd/src/lib/expat-lite/utf8tab.h
deleted file mode 100644
index a38fe624e88..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/utf8tab.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-
-/* 0x80 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x84 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x88 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x8C */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x90 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x94 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x98 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0x9C */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xA0 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xA4 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xA8 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xAC */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xB0 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xB4 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xB8 */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xBC */ BT_TRAIL, BT_TRAIL, BT_TRAIL, BT_TRAIL,
-/* 0xC0 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xC4 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xC8 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xCC */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xD0 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xD4 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xD8 */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xDC */ BT_LEAD2, BT_LEAD2, BT_LEAD2, BT_LEAD2,
-/* 0xE0 */ BT_LEAD3, BT_LEAD3, BT_LEAD3, BT_LEAD3,
-/* 0xE4 */ BT_LEAD3, BT_LEAD3, BT_LEAD3, BT_LEAD3,
-/* 0xE8 */ BT_LEAD3, BT_LEAD3, BT_LEAD3, BT_LEAD3,
-/* 0xEC */ BT_LEAD3, BT_LEAD3, BT_LEAD3, BT_LEAD3,
-/* 0xF0 */ BT_LEAD4, BT_LEAD4, BT_LEAD4, BT_LEAD4,
-/* 0xF4 */ BT_LEAD4, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0xF8 */ BT_NONXML, BT_NONXML, BT_NONXML, BT_NONXML,
-/* 0xFC */ BT_NONXML, BT_NONXML, BT_MALFORM, BT_MALFORM,
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmldef.h b/usr.sbin/httpd/src/lib/expat-lite/xmldef.h
deleted file mode 100644
index dc9145c8d71..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmldef.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include 
-#include 
-#include 
-#if _BYTE_ORDER == _BIG_ENDIAN
-#define XML_BYTE_ORDER 21
-#elif _BYTE_ORDER == _LITTLE_ENDIAN
-#define XML_BYTE_ORDER 12
-#else
-#error Unsupported byte order
-#endif
-
-/* This file can be used for any definitions needed in
-particular environments. */
-
-#ifdef MOZILLA
-
-#include "nspr.h"
-#define malloc(x) PR_Malloc(x)
-#define realloc(x, y) PR_Realloc((x), (y))
-#define calloc(x, y) PR_Calloc((x),(y))
-#define free(x) PR_Free(x)
-#define int int32
-
-#endif /* MOZILLA */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.c b/usr.sbin/httpd/src/lib/expat-lite/xmlparse.c
deleted file mode 100644
index 578f95e1fe0..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.c
+++ /dev/null
@@ -1,3209 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include "xmldef.h"
-#include "xmlparse.h"
-
-#ifdef XML_UNICODE
-#define XML_ENCODE_MAX XML_UTF16_ENCODE_MAX
-#define XmlConvert XmlUtf16Convert
-#define XmlGetInternalEncoding XmlGetUtf16InternalEncoding
-#define XmlGetInternalEncodingNS XmlGetUtf16InternalEncodingNS
-#define XmlEncode XmlUtf16Encode
-#define MUST_CONVERT(enc, s) (!(enc)->isUtf16 || (((unsigned long)s) & 1))
-typedef unsigned short ICHAR;
-#else
-#define XML_ENCODE_MAX XML_UTF8_ENCODE_MAX
-#define XmlConvert XmlUtf8Convert
-#define XmlGetInternalEncoding XmlGetUtf8InternalEncoding
-#define XmlGetInternalEncodingNS XmlGetUtf8InternalEncodingNS
-#define XmlEncode XmlUtf8Encode
-#define MUST_CONVERT(enc, s) (!(enc)->isUtf8)
-typedef char ICHAR;
-#endif
-
-
-#ifndef XML_NS
-
-#define XmlInitEncodingNS XmlInitEncoding
-#define XmlInitUnknownEncodingNS XmlInitUnknownEncoding
-#undef XmlGetInternalEncodingNS
-#define XmlGetInternalEncodingNS XmlGetInternalEncoding
-#define XmlParseXmlDeclNS XmlParseXmlDecl
-
-#endif
-
-
-#ifdef XML_UNICODE_WCHAR_T
-#define XML_T(x) L ## x
-#else
-#define XML_T(x) x
-#endif
-
-/* Round up n to be a multiple of sz, where sz is a power of 2. */
-#define ROUND_UP(n, sz) (((n) + ((sz) - 1)) & ~((sz) - 1))
-
-#include "xmltok.h"
-#include "xmlrole.h"
-#include "hashtable.h"
-
-#define INIT_TAG_BUF_SIZE 32  /* must be a multiple of sizeof(XML_Char) */
-#define INIT_DATA_BUF_SIZE 1024
-#define INIT_ATTS_SIZE 16
-#define INIT_BLOCK_SIZE 1024
-#define INIT_BUFFER_SIZE 1024
-
-#define EXPAND_SPARE 24
-
-typedef struct binding {
-  struct prefix *prefix;
-  struct binding *nextTagBinding;
-  struct binding *prevPrefixBinding;
-  const struct attribute_id *attId;
-  XML_Char *uri;
-  int uriLen;
-  int uriAlloc;
-} BINDING;
-
-typedef struct prefix {
-  const XML_Char *name;
-  BINDING *binding;
-} PREFIX;
-
-typedef struct {
-  const XML_Char *str;
-  const XML_Char *localPart;
-  int uriLen;
-} TAG_NAME;
-
-typedef struct tag {
-  struct tag *parent;
-  const char *rawName;
-  int rawNameLength;
-  TAG_NAME name;
-  char *buf;
-  char *bufEnd;
-  BINDING *bindings;
-} TAG;
-
-typedef struct {
-  const XML_Char *name;
-  const XML_Char *textPtr;
-  int textLen;
-  const XML_Char *systemId;
-  const XML_Char *base;
-  const XML_Char *publicId;
-  const XML_Char *notation;
-  char open;
-} ENTITY;
-
-typedef struct block {
-  struct block *next;
-  int size;
-  XML_Char s[1];
-} BLOCK;
-
-typedef struct {
-  BLOCK *blocks;
-  BLOCK *freeBlocks;
-  const XML_Char *end;
-  XML_Char *ptr;
-  XML_Char *start;
-} STRING_POOL;
-
-/* The XML_Char before the name is used to determine whether
-an attribute has been specified. */
-typedef struct attribute_id {
-  XML_Char *name;
-  PREFIX *prefix;
-  char maybeTokenized;
-  char xmlns;
-} ATTRIBUTE_ID;
-
-typedef struct {
-  const ATTRIBUTE_ID *id;
-  char isCdata;
-  const XML_Char *value;
-} DEFAULT_ATTRIBUTE;
-
-typedef struct {
-  const XML_Char *name;
-  PREFIX *prefix;
-  int nDefaultAtts;
-  int allocDefaultAtts;
-  DEFAULT_ATTRIBUTE *defaultAtts;
-} ELEMENT_TYPE;
-
-typedef struct {
-  HASH_TABLE generalEntities;
-  HASH_TABLE elementTypes;
-  HASH_TABLE attributeIds;
-  HASH_TABLE prefixes;
-  STRING_POOL pool;
-  int complete;
-  int standalone;
-  const XML_Char *base;
-  PREFIX defaultPrefix;
-} DTD;
-
-typedef struct open_internal_entity {
-  const char *internalEventPtr;
-  const char *internalEventEndPtr;
-  struct open_internal_entity *next;
-  ENTITY *entity;
-} OPEN_INTERNAL_ENTITY;
-
-typedef enum XML_Error Processor(XML_Parser parser,
-				 const char *start,
-				 const char *end,
-				 const char **endPtr);
-
-static Processor prologProcessor;
-static Processor prologInitProcessor;
-static Processor contentProcessor;
-static Processor cdataSectionProcessor;
-static Processor epilogProcessor;
-static Processor externalEntityInitProcessor;
-static Processor externalEntityInitProcessor2;
-static Processor externalEntityInitProcessor3;
-static Processor externalEntityContentProcessor;
-
-static enum XML_Error
-handleUnknownEncoding(XML_Parser parser, const XML_Char *encodingName);
-static enum XML_Error
-processXmlDecl(XML_Parser parser, int isGeneralTextEntity, const char *, const char *);
-static enum XML_Error
-initializeEncoding(XML_Parser parser);
-static enum XML_Error
-doContent(XML_Parser parser, int startTagLevel, const ENCODING *enc,
-	  const char *start, const char *end, const char **endPtr);
-static enum XML_Error
-doCdataSection(XML_Parser parser, const ENCODING *, const char **startPtr, const char *end, const char **nextPtr);
-static enum XML_Error storeAtts(XML_Parser parser, const ENCODING *, const char *s,
-				TAG_NAME *tagNamePtr, BINDING **bindingsPtr);
-static
-int addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, const XML_Char *uri, BINDING **bindingsPtr);
-static int
-defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *, int isCdata, const XML_Char *dfltValue);
-static enum XML_Error
-storeAttributeValue(XML_Parser parser, const ENCODING *, int isCdata, const char *, const char *,
-		    STRING_POOL *);
-static enum XML_Error
-appendAttributeValue(XML_Parser parser, const ENCODING *, int isCdata, const char *, const char *,
-		    STRING_POOL *);
-static ATTRIBUTE_ID *
-getAttributeId(XML_Parser parser, const ENCODING *enc, const char *start, const char *end);
-static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *);
-static enum XML_Error
-storeEntityValue(XML_Parser parser, const char *start, const char *end);
-static int
-reportProcessingInstruction(XML_Parser parser, const ENCODING *enc, const char *start, const char *end);
-static int
-reportComment(XML_Parser parser, const ENCODING *enc, const char *start, const char *end);
-static void
-reportDefault(XML_Parser parser, const ENCODING *enc, const char *start, const char *end);
-
-static const XML_Char *getContext(XML_Parser parser);
-static int setContext(XML_Parser parser, const XML_Char *context);
-static void normalizePublicId(XML_Char *s);
-static int dtdInit(DTD *);
-static void dtdDestroy(DTD *);
-static int dtdCopy(DTD *newDtd, const DTD *oldDtd);
-static void poolInit(STRING_POOL *);
-static void poolClear(STRING_POOL *);
-static void poolDestroy(STRING_POOL *);
-static XML_Char *poolAppend(STRING_POOL *pool, const ENCODING *enc,
-			    const char *ptr, const char *end);
-static XML_Char *poolStoreString(STRING_POOL *pool, const ENCODING *enc,
-				  const char *ptr, const char *end);
-static int poolGrow(STRING_POOL *pool);
-static const XML_Char *poolCopyString(STRING_POOL *pool, const XML_Char *s);
-static const XML_Char *poolCopyStringN(STRING_POOL *pool, const XML_Char *s, int n);
-
-#define poolStart(pool) ((pool)->start)
-#define poolEnd(pool) ((pool)->ptr)
-#define poolLength(pool) ((pool)->ptr - (pool)->start)
-#define poolChop(pool) ((void)--(pool->ptr))
-#define poolLastChar(pool) (((pool)->ptr)[-1])
-#define poolDiscard(pool) ((pool)->ptr = (pool)->start)
-#define poolFinish(pool) ((pool)->start = (pool)->ptr)
-#define poolAppendChar(pool, c) \
-  (((pool)->ptr == (pool)->end && !poolGrow(pool)) \
-   ? 0 \
-   : ((*((pool)->ptr)++ = c), 1))
-
-typedef struct {
-  /* The first member must be userData so that the XML_GetUserData macro works. */
-  void *m_userData;
-  void *m_handlerArg;
-  char *m_buffer;
-  /* first character to be parsed */
-  const char *m_bufferPtr;
-  /* past last character to be parsed */
-  char *m_bufferEnd;
-  /* allocated end of buffer */
-  const char *m_bufferLim;
-  long m_parseEndByteIndex;
-  const char *m_parseEndPtr;
-  XML_Char *m_dataBuf;
-  XML_Char *m_dataBufEnd;
-  XML_StartElementHandler m_startElementHandler;
-  XML_EndElementHandler m_endElementHandler;
-  XML_CharacterDataHandler m_characterDataHandler;
-  XML_ProcessingInstructionHandler m_processingInstructionHandler;
-  XML_CommentHandler m_commentHandler;
-  XML_StartCdataSectionHandler m_startCdataSectionHandler;
-  XML_EndCdataSectionHandler m_endCdataSectionHandler;
-  XML_DefaultHandler m_defaultHandler;
-  XML_UnparsedEntityDeclHandler m_unparsedEntityDeclHandler;
-  XML_NotationDeclHandler m_notationDeclHandler;
-  XML_StartNamespaceDeclHandler m_startNamespaceDeclHandler;
-  XML_EndNamespaceDeclHandler m_endNamespaceDeclHandler;
-  XML_NotStandaloneHandler m_notStandaloneHandler;
-  XML_ExternalEntityRefHandler m_externalEntityRefHandler;
-  void *m_externalEntityRefHandlerArg;
-  XML_UnknownEncodingHandler m_unknownEncodingHandler;
-  const ENCODING *m_encoding;
-  INIT_ENCODING m_initEncoding;
-  const XML_Char *m_protocolEncodingName;
-  int m_ns;
-  void *m_unknownEncodingMem;
-  void *m_unknownEncodingData;
-  void *m_unknownEncodingHandlerData;
-  void (*m_unknownEncodingRelease)(void *);
-  PROLOG_STATE m_prologState;
-  Processor *m_processor;
-  enum XML_Error m_errorCode;
-  const char *m_eventPtr;
-  const char *m_eventEndPtr;
-  const char *m_positionPtr;
-  OPEN_INTERNAL_ENTITY *m_openInternalEntities;
-  int m_defaultExpandInternalEntities;
-  int m_tagLevel;
-  ENTITY *m_declEntity;
-  const XML_Char *m_declNotationName;
-  const XML_Char *m_declNotationPublicId;
-  ELEMENT_TYPE *m_declElementType;
-  ATTRIBUTE_ID *m_declAttributeId;
-  char m_declAttributeIsCdata;
-  DTD m_dtd;
-  TAG *m_tagStack;
-  TAG *m_freeTagList;
-  BINDING *m_inheritedBindings;
-  BINDING *m_freeBindingList;
-  int m_attsSize;
-  int m_nSpecifiedAtts;
-  ATTRIBUTE *m_atts;
-  POSITION m_position;
-  STRING_POOL m_tempPool;
-  STRING_POOL m_temp2Pool;
-  char *m_groupConnector;
-  unsigned m_groupSize;
-  int m_hadExternalDoctype;
-  XML_Char m_namespaceSeparator;
-} Parser;
-
-#define userData (((Parser *)parser)->m_userData)
-#define handlerArg (((Parser *)parser)->m_handlerArg)
-#define startElementHandler (((Parser *)parser)->m_startElementHandler)
-#define endElementHandler (((Parser *)parser)->m_endElementHandler)
-#define characterDataHandler (((Parser *)parser)->m_characterDataHandler)
-#define processingInstructionHandler (((Parser *)parser)->m_processingInstructionHandler)
-#define commentHandler (((Parser *)parser)->m_commentHandler)
-#define startCdataSectionHandler (((Parser *)parser)->m_startCdataSectionHandler)
-#define endCdataSectionHandler (((Parser *)parser)->m_endCdataSectionHandler)
-#define defaultHandler (((Parser *)parser)->m_defaultHandler)
-#define unparsedEntityDeclHandler (((Parser *)parser)->m_unparsedEntityDeclHandler)
-#define notationDeclHandler (((Parser *)parser)->m_notationDeclHandler)
-#define startNamespaceDeclHandler (((Parser *)parser)->m_startNamespaceDeclHandler)
-#define endNamespaceDeclHandler (((Parser *)parser)->m_endNamespaceDeclHandler)
-#define notStandaloneHandler (((Parser *)parser)->m_notStandaloneHandler)
-#define externalEntityRefHandler (((Parser *)parser)->m_externalEntityRefHandler)
-#define externalEntityRefHandlerArg (((Parser *)parser)->m_externalEntityRefHandlerArg)
-#define unknownEncodingHandler (((Parser *)parser)->m_unknownEncodingHandler)
-#define encoding (((Parser *)parser)->m_encoding)
-#define initEncoding (((Parser *)parser)->m_initEncoding)
-#define unknownEncodingMem (((Parser *)parser)->m_unknownEncodingMem)
-#define unknownEncodingData (((Parser *)parser)->m_unknownEncodingData)
-#define unknownEncodingHandlerData \
-  (((Parser *)parser)->m_unknownEncodingHandlerData)
-#define unknownEncodingRelease (((Parser *)parser)->m_unknownEncodingRelease)
-#define protocolEncodingName (((Parser *)parser)->m_protocolEncodingName)
-#define ns (((Parser *)parser)->m_ns)
-#define prologState (((Parser *)parser)->m_prologState)
-#define processor (((Parser *)parser)->m_processor)
-#define errorCode (((Parser *)parser)->m_errorCode)
-#define eventPtr (((Parser *)parser)->m_eventPtr)
-#define eventEndPtr (((Parser *)parser)->m_eventEndPtr)
-#define positionPtr (((Parser *)parser)->m_positionPtr)
-#define position (((Parser *)parser)->m_position)
-#define openInternalEntities (((Parser *)parser)->m_openInternalEntities)
-#define defaultExpandInternalEntities (((Parser *)parser)->m_defaultExpandInternalEntities)
-#define tagLevel (((Parser *)parser)->m_tagLevel)
-#define buffer (((Parser *)parser)->m_buffer)
-#define bufferPtr (((Parser *)parser)->m_bufferPtr)
-#define bufferEnd (((Parser *)parser)->m_bufferEnd)
-#define parseEndByteIndex (((Parser *)parser)->m_parseEndByteIndex)
-#define parseEndPtr (((Parser *)parser)->m_parseEndPtr)
-#define bufferLim (((Parser *)parser)->m_bufferLim)
-#define dataBuf (((Parser *)parser)->m_dataBuf)
-#define dataBufEnd (((Parser *)parser)->m_dataBufEnd)
-#define dtd (((Parser *)parser)->m_dtd)
-#define declEntity (((Parser *)parser)->m_declEntity)
-#define declNotationName (((Parser *)parser)->m_declNotationName)
-#define declNotationPublicId (((Parser *)parser)->m_declNotationPublicId)
-#define declElementType (((Parser *)parser)->m_declElementType)
-#define declAttributeId (((Parser *)parser)->m_declAttributeId)
-#define declAttributeIsCdata (((Parser *)parser)->m_declAttributeIsCdata)
-#define freeTagList (((Parser *)parser)->m_freeTagList)
-#define freeBindingList (((Parser *)parser)->m_freeBindingList)
-#define inheritedBindings (((Parser *)parser)->m_inheritedBindings)
-#define tagStack (((Parser *)parser)->m_tagStack)
-#define atts (((Parser *)parser)->m_atts)
-#define attsSize (((Parser *)parser)->m_attsSize)
-#define nSpecifiedAtts (((Parser *)parser)->m_nSpecifiedAtts)
-#define tempPool (((Parser *)parser)->m_tempPool)
-#define temp2Pool (((Parser *)parser)->m_temp2Pool)
-#define groupConnector (((Parser *)parser)->m_groupConnector)
-#define groupSize (((Parser *)parser)->m_groupSize)
-#define hadExternalDoctype (((Parser *)parser)->m_hadExternalDoctype)
-#define namespaceSeparator (((Parser *)parser)->m_namespaceSeparator)
-
-XML_Parser XML_ParserCreate(const XML_Char *encodingName)
-{
-  XML_Parser parser = malloc(sizeof(Parser));
-  if (!parser)
-    return parser;
-  processor = prologInitProcessor;
-  XmlPrologStateInit(&prologState);
-  userData = 0;
-  handlerArg = 0;
-  startElementHandler = 0;
-  endElementHandler = 0;
-  characterDataHandler = 0;
-  processingInstructionHandler = 0;
-  commentHandler = 0;
-  startCdataSectionHandler = 0;
-  endCdataSectionHandler = 0;
-  defaultHandler = 0;
-  unparsedEntityDeclHandler = 0;
-  notationDeclHandler = 0;
-  startNamespaceDeclHandler = 0;
-  endNamespaceDeclHandler = 0;
-  notStandaloneHandler = 0;
-  externalEntityRefHandler = 0;
-  externalEntityRefHandlerArg = parser;
-  unknownEncodingHandler = 0;
-  buffer = 0;
-  bufferPtr = 0;
-  bufferEnd = 0;
-  parseEndByteIndex = 0;
-  parseEndPtr = 0;
-  bufferLim = 0;
-  declElementType = 0;
-  declAttributeId = 0;
-  declEntity = 0;
-  declNotationName = 0;
-  declNotationPublicId = 0;
-  memset(&position, 0, sizeof(POSITION));
-  errorCode = XML_ERROR_NONE;
-  eventPtr = 0;
-  eventEndPtr = 0;
-  positionPtr = 0;
-  openInternalEntities = 0;
-  tagLevel = 0;
-  tagStack = 0;
-  freeTagList = 0;
-  freeBindingList = 0;
-  inheritedBindings = 0;
-  attsSize = INIT_ATTS_SIZE;
-  atts = malloc(attsSize * sizeof(ATTRIBUTE));
-  nSpecifiedAtts = 0;
-  dataBuf = malloc(INIT_DATA_BUF_SIZE * sizeof(XML_Char));
-  groupSize = 0;
-  groupConnector = 0;
-  hadExternalDoctype = 0;
-  unknownEncodingMem = 0;
-  unknownEncodingRelease = 0;
-  unknownEncodingData = 0;
-  unknownEncodingHandlerData = 0;
-  namespaceSeparator = '!';
-  ns = 0;
-  poolInit(&tempPool);
-  poolInit(&temp2Pool);
-  protocolEncodingName = encodingName ? poolCopyString(&tempPool, encodingName) : 0;
-  if (!dtdInit(&dtd) || !atts || !dataBuf
-      || (encodingName && !protocolEncodingName)) {
-    XML_ParserFree(parser);
-    return 0;
-  }
-  dataBufEnd = dataBuf + INIT_DATA_BUF_SIZE;
-  XmlInitEncoding(&initEncoding, &encoding, 0);
-  return parser;
-}
-
-XML_Parser XML_ParserCreateNS(const XML_Char *encodingName, XML_Char nsSep)
-{
-  static
-  const XML_Char implicitContext[] = {
-    XML_T('x'), XML_T('m'), XML_T('l'), XML_T('='),
-    XML_T('h'), XML_T('t'), XML_T('t'), XML_T('p'), XML_T(':'),
-    XML_T('/'), XML_T('/'), XML_T('w'), XML_T('w'), XML_T('w'),
-    XML_T('.'), XML_T('w'), XML_T('3'),
-    XML_T('.'), XML_T('o'), XML_T('r'), XML_T('g'),
-    XML_T('/'), XML_T('X'), XML_T('M'), XML_T('L'),
-    XML_T('/'), XML_T('1'), XML_T('9'), XML_T('9'), XML_T('8'),
-    XML_T('/'), XML_T('n'), XML_T('a'), XML_T('m'), XML_T('e'),
-    XML_T('s'), XML_T('p'), XML_T('a'), XML_T('c'), XML_T('e'),
-    XML_T('\0')
-  };
-
-  XML_Parser parser = XML_ParserCreate(encodingName);
-  if (parser) {
-    XmlInitEncodingNS(&initEncoding, &encoding, 0);
-    ns = 1;
-    namespaceSeparator = nsSep;
-  }
-  if (!setContext(parser, implicitContext)) {
-    XML_ParserFree(parser);
-    return 0;
-  }
-  return parser;
-}
-
-int XML_SetEncoding(XML_Parser parser, const XML_Char *encodingName)
-{
-  if (!encodingName)
-    protocolEncodingName = 0;
-  else {
-    protocolEncodingName = poolCopyString(&tempPool, encodingName);
-    if (!protocolEncodingName)
-      return 0;
-  }
-  return 1;
-}
-
-XML_Parser XML_ExternalEntityParserCreate(XML_Parser oldParser,
-					  const XML_Char *context,
-					  const XML_Char *encodingName)
-{
-  XML_Parser parser = oldParser;
-  DTD *oldDtd = &dtd;
-  XML_StartElementHandler oldStartElementHandler = startElementHandler;
-  XML_EndElementHandler oldEndElementHandler = endElementHandler;
-  XML_CharacterDataHandler oldCharacterDataHandler = characterDataHandler;
-  XML_ProcessingInstructionHandler oldProcessingInstructionHandler = processingInstructionHandler;
-  XML_CommentHandler oldCommentHandler = commentHandler;
-  XML_StartCdataSectionHandler oldStartCdataSectionHandler = startCdataSectionHandler;
-  XML_EndCdataSectionHandler oldEndCdataSectionHandler = endCdataSectionHandler;
-  XML_DefaultHandler oldDefaultHandler = defaultHandler;
-  XML_StartNamespaceDeclHandler oldStartNamespaceDeclHandler = startNamespaceDeclHandler;
-  XML_EndNamespaceDeclHandler oldEndNamespaceDeclHandler = endNamespaceDeclHandler;
-  XML_NotStandaloneHandler oldNotStandaloneHandler = notStandaloneHandler;
-  XML_ExternalEntityRefHandler oldExternalEntityRefHandler = externalEntityRefHandler;
-  XML_UnknownEncodingHandler oldUnknownEncodingHandler = unknownEncodingHandler;
-  void *oldUserData = userData;
-  void *oldHandlerArg = handlerArg;
-  int oldDefaultExpandInternalEntities = defaultExpandInternalEntities;
-  void *oldExternalEntityRefHandlerArg = externalEntityRefHandlerArg;
- 
-  parser = (ns
-            ? XML_ParserCreateNS(encodingName, namespaceSeparator)
-	    : XML_ParserCreate(encodingName));
-  if (!parser)
-    return 0;
-  startElementHandler = oldStartElementHandler;
-  endElementHandler = oldEndElementHandler;
-  characterDataHandler = oldCharacterDataHandler;
-  processingInstructionHandler = oldProcessingInstructionHandler;
-  commentHandler = oldCommentHandler;
-  startCdataSectionHandler = oldStartCdataSectionHandler;
-  endCdataSectionHandler = oldEndCdataSectionHandler;
-  defaultHandler = oldDefaultHandler;
-  startNamespaceDeclHandler = oldStartNamespaceDeclHandler;
-  endNamespaceDeclHandler = oldEndNamespaceDeclHandler;
-  notStandaloneHandler = oldNotStandaloneHandler;
-  externalEntityRefHandler = oldExternalEntityRefHandler;
-  unknownEncodingHandler = oldUnknownEncodingHandler;
-  userData = oldUserData;
-  if (oldUserData == oldHandlerArg)
-    handlerArg = userData;
-  else
-    handlerArg = parser;
-  if (oldExternalEntityRefHandlerArg != oldParser)
-    externalEntityRefHandlerArg = oldExternalEntityRefHandlerArg;
-  defaultExpandInternalEntities = oldDefaultExpandInternalEntities;
-  if (!dtdCopy(&dtd, oldDtd) || !setContext(parser, context)) {
-    XML_ParserFree(parser);
-    return 0;
-  }
-  processor = externalEntityInitProcessor;
-  return parser;
-}
-
-static
-void destroyBindings(BINDING *bindings)
-{
-  for (;;) {
-    BINDING *b = bindings;
-    if (!b)
-      break;
-    bindings = b->nextTagBinding;
-    free(b->uri);
-    free(b);
-  }
-}
-
-void XML_ParserFree(XML_Parser parser)
-{
-  for (;;) {
-    TAG *p;
-    if (tagStack == 0) {
-      if (freeTagList == 0)
-	break;
-      tagStack = freeTagList;
-      freeTagList = 0;
-    }
-    p = tagStack;
-    tagStack = tagStack->parent;
-    free(p->buf);
-    destroyBindings(p->bindings);
-    free(p);
-  }
-  destroyBindings(freeBindingList);
-  destroyBindings(inheritedBindings);
-  poolDestroy(&tempPool);
-  poolDestroy(&temp2Pool);
-  dtdDestroy(&dtd);
-  free((void *)atts);
-  free(groupConnector);
-  free(buffer);
-  free(dataBuf);
-  free(unknownEncodingMem);
-  if (unknownEncodingRelease)
-    unknownEncodingRelease(unknownEncodingData);
-  free(parser);
-}
-
-void XML_UseParserAsHandlerArg(XML_Parser parser)
-{
-  handlerArg = parser;
-}
-
-void XML_SetUserData(XML_Parser parser, void *p)
-{
-  if (handlerArg == userData)
-    handlerArg = userData = p;
-  else
-    userData = p;
-}
-
-int XML_SetBase(XML_Parser parser, const XML_Char *p)
-{
-  if (p) {
-    p = poolCopyString(&dtd.pool, p);
-    if (!p)
-      return 0;
-    dtd.base = p;
-  }
-  else
-    dtd.base = 0;
-  return 1;
-}
-
-const XML_Char *XML_GetBase(XML_Parser parser)
-{
-  return dtd.base;
-}
-
-int XML_GetSpecifiedAttributeCount(XML_Parser parser)
-{
-  return nSpecifiedAtts;
-}
-
-void XML_SetElementHandler(XML_Parser parser,
-			   XML_StartElementHandler start,
-			   XML_EndElementHandler end)
-{
-  startElementHandler = start;
-  endElementHandler = end;
-}
-
-void XML_SetCharacterDataHandler(XML_Parser parser,
-				 XML_CharacterDataHandler handler)
-{
-  characterDataHandler = handler;
-}
-
-void XML_SetProcessingInstructionHandler(XML_Parser parser,
-					 XML_ProcessingInstructionHandler handler)
-{
-  processingInstructionHandler = handler;
-}
-
-void XML_SetCommentHandler(XML_Parser parser,
-			   XML_CommentHandler handler)
-{
-  commentHandler = handler;
-}
-
-void XML_SetCdataSectionHandler(XML_Parser parser,
-				XML_StartCdataSectionHandler start,
-			        XML_EndCdataSectionHandler end)
-{
-  startCdataSectionHandler = start;
-  endCdataSectionHandler = end;
-}
-
-void XML_SetDefaultHandler(XML_Parser parser,
-			   XML_DefaultHandler handler)
-{
-  defaultHandler = handler;
-  defaultExpandInternalEntities = 0;
-}
-
-void XML_SetDefaultHandlerExpand(XML_Parser parser,
-				 XML_DefaultHandler handler)
-{
-  defaultHandler = handler;
-  defaultExpandInternalEntities = 1;
-}
-
-void XML_SetUnparsedEntityDeclHandler(XML_Parser parser,
-				      XML_UnparsedEntityDeclHandler handler)
-{
-  unparsedEntityDeclHandler = handler;
-}
-
-void XML_SetNotationDeclHandler(XML_Parser parser,
-				XML_NotationDeclHandler handler)
-{
-  notationDeclHandler = handler;
-}
-
-void XML_SetNamespaceDeclHandler(XML_Parser parser,
-				 XML_StartNamespaceDeclHandler start,
-				 XML_EndNamespaceDeclHandler end)
-{
-  startNamespaceDeclHandler = start;
-  endNamespaceDeclHandler = end;
-}
-
-void XML_SetNotStandaloneHandler(XML_Parser parser,
-				 XML_NotStandaloneHandler handler)
-{
-  notStandaloneHandler = handler;
-}
-
-void XML_SetExternalEntityRefHandler(XML_Parser parser,
-				     XML_ExternalEntityRefHandler handler)
-{
-  externalEntityRefHandler = handler;
-}
-
-void XML_SetExternalEntityRefHandlerArg(XML_Parser parser, void *arg)
-{
-  if (arg)
-    externalEntityRefHandlerArg = arg;
-  else
-    externalEntityRefHandlerArg = parser;
-}
-
-void XML_SetUnknownEncodingHandler(XML_Parser parser,
-				   XML_UnknownEncodingHandler handler,
-				   void *data)
-{
-  unknownEncodingHandler = handler;
-  unknownEncodingHandlerData = data;
-}
-
-int XML_Parse(XML_Parser parser, const char *s, int len, int isFinal)
-{
-  if (len == 0) {
-    if (!isFinal)
-      return 1;
-    positionPtr = bufferPtr;
-    errorCode = processor(parser, bufferPtr, parseEndPtr = bufferEnd, 0);
-    if (errorCode == XML_ERROR_NONE)
-      return 1;
-    eventEndPtr = eventPtr;
-    return 0;
-  }
-  else if (bufferPtr == bufferEnd) {
-    const char *end;
-    int nLeftOver;
-    parseEndByteIndex += len;
-    positionPtr = s;
-    if (isFinal) {
-      errorCode = processor(parser, s, parseEndPtr = s + len, 0);
-      if (errorCode == XML_ERROR_NONE)
-	return 1;
-      eventEndPtr = eventPtr;
-      return 0;
-    }
-    errorCode = processor(parser, s, parseEndPtr = s + len, &end);
-    if (errorCode != XML_ERROR_NONE) {
-      eventEndPtr = eventPtr;
-      return 0;
-    }
-    XmlUpdatePosition(encoding, positionPtr, end, &position);
-    nLeftOver = s + len - end;
-    if (nLeftOver) {
-      if (buffer == 0 || nLeftOver > bufferLim - buffer) {
-	/* FIXME avoid integer overflow */
-	buffer = buffer == 0 ? malloc(len * 2) : realloc(buffer, len * 2);
-	if (!buffer) {
-	  errorCode = XML_ERROR_NO_MEMORY;
-	  eventPtr = eventEndPtr = 0;
-	  return 0;
-	}
-	bufferLim = buffer + len * 2;
-      }
-      memcpy(buffer, end, nLeftOver);
-      bufferPtr = buffer;
-      bufferEnd = buffer + nLeftOver;
-    }
-    return 1;
-  }
-  else {
-    memcpy(XML_GetBuffer(parser, len), s, len);
-    return XML_ParseBuffer(parser, len, isFinal);
-  }
-}
-
-int XML_ParseBuffer(XML_Parser parser, int len, int isFinal)
-{
-  const char *start = bufferPtr;
-  positionPtr = start;
-  bufferEnd += len;
-  parseEndByteIndex += len;
-  errorCode = processor(parser, start, parseEndPtr = bufferEnd,
-			isFinal ? (const char **)0 : &bufferPtr);
-  if (errorCode == XML_ERROR_NONE) {
-    if (!isFinal)
-      XmlUpdatePosition(encoding, positionPtr, bufferPtr, &position);
-    return 1;
-  }
-  else {
-    eventEndPtr = eventPtr;
-    return 0;
-  }
-}
-
-void *XML_GetBuffer(XML_Parser parser, int len)
-{
-  if (len > bufferLim - bufferEnd) {
-    /* FIXME avoid integer overflow */
-    int neededSize = len + (bufferEnd - bufferPtr);
-    if (neededSize  <= bufferLim - buffer) {
-      memmove(buffer, bufferPtr, bufferEnd - bufferPtr);
-      bufferEnd = buffer + (bufferEnd - bufferPtr);
-      bufferPtr = buffer;
-    }
-    else {
-      char *newBuf;
-      int bufferSize = bufferLim - bufferPtr;
-      if (bufferSize == 0)
-	bufferSize = INIT_BUFFER_SIZE;
-      do {
-	bufferSize *= 2;
-      } while (bufferSize < neededSize);
-      newBuf = malloc(bufferSize);
-      if (newBuf == 0) {
-	errorCode = XML_ERROR_NO_MEMORY;
-	return 0;
-      }
-      bufferLim = newBuf + bufferSize;
-      if (bufferPtr) {
-	memcpy(newBuf, bufferPtr, bufferEnd - bufferPtr);
-	free(buffer);
-      }
-      bufferEnd = newBuf + (bufferEnd - bufferPtr);
-      bufferPtr = buffer = newBuf;
-    }
-  }
-  return bufferEnd;
-}
-
-enum XML_Error XML_GetErrorCode(XML_Parser parser)
-{
-  return errorCode;
-}
-
-long XML_GetCurrentByteIndex(XML_Parser parser)
-{
-  if (eventPtr)
-    return parseEndByteIndex - (parseEndPtr - eventPtr);
-  return -1;
-}
-
-int XML_GetCurrentByteCount(XML_Parser parser)
-{
-  if (eventEndPtr && eventPtr)
-    return eventEndPtr - eventPtr;
-  return 0;
-}
-
-int XML_GetCurrentLineNumber(XML_Parser parser)
-{
-  if (eventPtr) {
-    XmlUpdatePosition(encoding, positionPtr, eventPtr, &position);
-    positionPtr = eventPtr;
-  }
-  return position.lineNumber + 1;
-}
-
-int XML_GetCurrentColumnNumber(XML_Parser parser)
-{
-  if (eventPtr) {
-    XmlUpdatePosition(encoding, positionPtr, eventPtr, &position);
-    positionPtr = eventPtr;
-  }
-  return position.columnNumber;
-}
-
-void XML_DefaultCurrent(XML_Parser parser)
-{
-  if (defaultHandler) {
-    if (openInternalEntities)
-      reportDefault(parser,
-	            ns ? XmlGetInternalEncodingNS() : XmlGetInternalEncoding(),
-		    openInternalEntities->internalEventPtr,
-		    openInternalEntities->internalEventEndPtr);
-    else
-      reportDefault(parser, encoding, eventPtr, eventEndPtr);
-  }
-}
-
-const XML_LChar *XML_ErrorString(int code)
-{
-  static const XML_LChar *message[] = {
-    0,
-    XML_T("out of memory"),
-    XML_T("syntax error"),
-    XML_T("no element found"),
-    XML_T("not well-formed"),
-    XML_T("unclosed token"),
-    XML_T("unclosed token"),
-    XML_T("mismatched tag"),
-    XML_T("duplicate attribute"),
-    XML_T("junk after document element"),
-    XML_T("illegal parameter entity reference"),
-    XML_T("undefined entity"),
-    XML_T("recursive entity reference"),
-    XML_T("asynchronous entity"),
-    XML_T("reference to invalid character number"),
-    XML_T("reference to binary entity"),
-    XML_T("reference to external entity in attribute"),
-    XML_T("xml processing instruction not at start of external entity"),
-    XML_T("unknown encoding"),
-    XML_T("encoding specified in XML declaration is incorrect"),
-    XML_T("unclosed CDATA section"),
-    XML_T("error in processing external entity reference"),
-    XML_T("document is not standalone")
-  };
-  if (code > 0 && code < sizeof(message)/sizeof(message[0]))
-    return message[code];
-  return 0;
-}
-
-static
-enum XML_Error contentProcessor(XML_Parser parser,
-				const char *start,
-				const char *end,
-				const char **endPtr)
-{
-  return doContent(parser, 0, encoding, start, end, endPtr);
-}
-
-static
-enum XML_Error externalEntityInitProcessor(XML_Parser parser,
-					   const char *start,
-					   const char *end,
-					   const char **endPtr)
-{
-  enum XML_Error result = initializeEncoding(parser);
-  if (result != XML_ERROR_NONE)
-    return result;
-  processor = externalEntityInitProcessor2;
-  return externalEntityInitProcessor2(parser, start, end, endPtr);
-}
-
-static
-enum XML_Error externalEntityInitProcessor2(XML_Parser parser,
-					    const char *start,
-					    const char *end,
-					    const char **endPtr)
-{
-  const char *next;
-  int tok = XmlContentTok(encoding, start, end, &next);
-  switch (tok) {
-  case XML_TOK_BOM:
-    start = next;
-    break;
-  case XML_TOK_PARTIAL:
-    if (endPtr) {
-      *endPtr = start;
-      return XML_ERROR_NONE;
-    }
-    eventPtr = start;
-    return XML_ERROR_UNCLOSED_TOKEN;
-  case XML_TOK_PARTIAL_CHAR:
-    if (endPtr) {
-      *endPtr = start;
-      return XML_ERROR_NONE;
-    }
-    eventPtr = start;
-    return XML_ERROR_PARTIAL_CHAR;
-  }
-  processor = externalEntityInitProcessor3;
-  return externalEntityInitProcessor3(parser, start, end, endPtr);
-}
-
-static
-enum XML_Error externalEntityInitProcessor3(XML_Parser parser,
-					    const char *start,
-					    const char *end,
-					    const char **endPtr)
-{
-  const char *next;
-  int tok = XmlContentTok(encoding, start, end, &next);
-  switch (tok) {
-  case XML_TOK_XML_DECL:
-    {
-      enum XML_Error result = processXmlDecl(parser, 1, start, next);
-      if (result != XML_ERROR_NONE)
-	return result;
-      start = next;
-    }
-    break;
-  case XML_TOK_PARTIAL:
-    if (endPtr) {
-      *endPtr = start;
-      return XML_ERROR_NONE;
-    }
-    eventPtr = start;
-    return XML_ERROR_UNCLOSED_TOKEN;
-  case XML_TOK_PARTIAL_CHAR:
-    if (endPtr) {
-      *endPtr = start;
-      return XML_ERROR_NONE;
-    }
-    eventPtr = start;
-    return XML_ERROR_PARTIAL_CHAR;
-  }
-  processor = externalEntityContentProcessor;
-  tagLevel = 1;
-  return doContent(parser, 1, encoding, start, end, endPtr);
-}
-
-static
-enum XML_Error externalEntityContentProcessor(XML_Parser parser,
-					      const char *start,
-					      const char *end,
-					      const char **endPtr)
-{
-  return doContent(parser, 1, encoding, start, end, endPtr);
-}
-
-static enum XML_Error
-doContent(XML_Parser parser,
-	  int startTagLevel,
-	  const ENCODING *enc,
-	  const char *s,
-	  const char *end,
-	  const char **nextPtr)
-{
-  const ENCODING *internalEnc = ns ? XmlGetInternalEncodingNS() : XmlGetInternalEncoding();
-  const char **eventPP;
-  const char **eventEndPP;
-  if (enc == encoding) {
-    eventPP = &eventPtr;
-    eventEndPP = &eventEndPtr;
-  }
-  else {
-    eventPP = &(openInternalEntities->internalEventPtr);
-    eventEndPP = &(openInternalEntities->internalEventEndPtr);
-  }
-  *eventPP = s;
-  for (;;) {
-    const char *next = s; /* XmlContentTok doesn't always set the last arg */
-    int tok = XmlContentTok(enc, s, end, &next);
-    *eventEndPP = next;
-    switch (tok) {
-    case XML_TOK_TRAILING_CR:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      *eventEndPP = end;
-      if (characterDataHandler) {
-	XML_Char c = 0xA;
-	characterDataHandler(handlerArg, &c, 1);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, end);
-      if (startTagLevel == 0)
-	return XML_ERROR_NO_ELEMENTS;
-      if (tagLevel != startTagLevel)
-	return XML_ERROR_ASYNC_ENTITY;
-      return XML_ERROR_NONE;
-    case XML_TOK_NONE:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      if (startTagLevel > 0) {
-	if (tagLevel != startTagLevel)
-	  return XML_ERROR_ASYNC_ENTITY;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_NO_ELEMENTS;
-    case XML_TOK_INVALID:
-      *eventPP = next;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_PARTIAL:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_UNCLOSED_TOKEN;
-    case XML_TOK_PARTIAL_CHAR:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_PARTIAL_CHAR;
-    case XML_TOK_ENTITY_REF:
-      {
-	const XML_Char *name;
-	ENTITY *entity;
-	XML_Char ch = XmlPredefinedEntityName(enc,
-					      s + enc->minBytesPerChar,
-					      next - enc->minBytesPerChar);
-	if (ch) {
-	  if (characterDataHandler)
-	    characterDataHandler(handlerArg, &ch, 1);
-	  else if (defaultHandler)
-	    reportDefault(parser, enc, s, next);
-	  break;
-	}
-	name = poolStoreString(&dtd.pool, enc,
-				s + enc->minBytesPerChar,
-				next - enc->minBytesPerChar);
-	if (!name)
-	  return XML_ERROR_NO_MEMORY;
-	entity = (ENTITY *)hashTableLookup(&dtd.generalEntities, name, 0);
-	poolDiscard(&dtd.pool);
-	if (!entity) {
-	  if (dtd.complete || dtd.standalone)
-	    return XML_ERROR_UNDEFINED_ENTITY;
-	  if (defaultHandler)
-	    reportDefault(parser, enc, s, next);
-	  break;
-	}
-	if (entity->open)
-	  return XML_ERROR_RECURSIVE_ENTITY_REF;
-	if (entity->notation)
-	  return XML_ERROR_BINARY_ENTITY_REF;
-	if (entity) {
-	  if (entity->textPtr) {
-	    enum XML_Error result;
-	    OPEN_INTERNAL_ENTITY openEntity;
-	    if (defaultHandler && !defaultExpandInternalEntities) {
-	      reportDefault(parser, enc, s, next);
-	      break;
-	    }
-	    entity->open = 1;
-	    openEntity.next = openInternalEntities;
-	    openInternalEntities = &openEntity;
-	    openEntity.entity = entity;
-	    openEntity.internalEventPtr = 0;
-	    openEntity.internalEventEndPtr = 0;
-	    result = doContent(parser,
-			       tagLevel,
-			       internalEnc,
-			       (char *)entity->textPtr,
-			       (char *)(entity->textPtr + entity->textLen),
-			       0);
-	    entity->open = 0;
-	    openInternalEntities = openEntity.next;
-	    if (result)
-	      return result;
-	  }
-	  else if (externalEntityRefHandler) {
-	    const XML_Char *context;
-	    entity->open = 1;
-	    context = getContext(parser);
-	    entity->open = 0;
-	    if (!context)
-	      return XML_ERROR_NO_MEMORY;
-	    if (!externalEntityRefHandler(externalEntityRefHandlerArg,
-				          context,
-					  dtd.base,
-					  entity->systemId,
-					  entity->publicId))
-	      return XML_ERROR_EXTERNAL_ENTITY_HANDLING;
-	    poolDiscard(&tempPool);
-	  }
-	  else if (defaultHandler)
-	    reportDefault(parser, enc, s, next);
-	}
-	break;
-      }
-    case XML_TOK_START_TAG_WITH_ATTS:
-      if (!startElementHandler) {
-	enum XML_Error result = storeAtts(parser, enc, s, 0, 0);
-	if (result)
-	  return result;
-      }
-      /* fall through */
-    case XML_TOK_START_TAG_NO_ATTS:
-      {
-	TAG *tag;
-	if (freeTagList) {
-	  tag = freeTagList;
-	  freeTagList = freeTagList->parent;
-	}
-	else {
-	  tag = malloc(sizeof(TAG));
-	  if (!tag)
-	    return XML_ERROR_NO_MEMORY;
-	  tag->buf = malloc(INIT_TAG_BUF_SIZE);
-	  if (!tag->buf)
-	    return XML_ERROR_NO_MEMORY;
-	  tag->bufEnd = tag->buf + INIT_TAG_BUF_SIZE;
-	}
-	tag->bindings = 0;
-	tag->parent = tagStack;
-	tagStack = tag;
-	tag->name.localPart = 0;
-	tag->rawName = s + enc->minBytesPerChar;
-	tag->rawNameLength = XmlNameLength(enc, tag->rawName);
-	if (nextPtr) {
-	  /* Need to guarantee that:
-	     tag->buf + ROUND_UP(tag->rawNameLength, sizeof(XML_Char)) <= tag->bufEnd - sizeof(XML_Char) */
-	  if (tag->rawNameLength + (int)(sizeof(XML_Char) - 1) + (int)sizeof(XML_Char) > tag->bufEnd - tag->buf) {
-	    int bufSize = tag->rawNameLength * 4;
-	    bufSize = ROUND_UP(bufSize, sizeof(XML_Char));
-	    tag->buf = realloc(tag->buf, bufSize);
-	    if (!tag->buf)
-	      return XML_ERROR_NO_MEMORY;
-	    tag->bufEnd = tag->buf + bufSize;
-	  }
-	  memcpy(tag->buf, tag->rawName, tag->rawNameLength);
-	  tag->rawName = tag->buf;
-	}
-	++tagLevel;
-	if (startElementHandler) {
-	  enum XML_Error result;
-	  XML_Char *toPtr;
-	  for (;;) {
-	    const char *rawNameEnd = tag->rawName + tag->rawNameLength;
-	    const char *fromPtr = tag->rawName;
-	    int bufSize;
-	    if (nextPtr)
-	      toPtr = (XML_Char *)(tag->buf + ROUND_UP(tag->rawNameLength, sizeof(XML_Char)));
-	    else
-	      toPtr = (XML_Char *)tag->buf;
-	    tag->name.str = toPtr;
-	    XmlConvert(enc,
-		       &fromPtr, rawNameEnd,
-		       (ICHAR **)&toPtr, (ICHAR *)tag->bufEnd - 1);
-	    if (fromPtr == rawNameEnd)
-	      break;
-	    bufSize = (tag->bufEnd - tag->buf) << 1;
-	    tag->buf = realloc(tag->buf, bufSize);
-	    if (!tag->buf)
-	      return XML_ERROR_NO_MEMORY;
-	    tag->bufEnd = tag->buf + bufSize;
-	    if (nextPtr)
-	      tag->rawName = tag->buf;
-	  }
-	  *toPtr = XML_T('\0');
-	  result = storeAtts(parser, enc, s, &(tag->name), &(tag->bindings));
-	  if (result)
-	    return result;
-	  startElementHandler(handlerArg, tag->name.str, (const XML_Char **)atts);
-	  poolClear(&tempPool);
-	}
-	else {
-	  tag->name.str = 0;
-	  if (defaultHandler)
-	    reportDefault(parser, enc, s, next);
-	}
-	break;
-      }
-    case XML_TOK_EMPTY_ELEMENT_WITH_ATTS:
-      if (!startElementHandler) {
-	enum XML_Error result = storeAtts(parser, enc, s, 0, 0);
-	if (result)
-	  return result;
-      }
-      /* fall through */
-    case XML_TOK_EMPTY_ELEMENT_NO_ATTS:
-      if (startElementHandler || endElementHandler) {
-	const char *rawName = s + enc->minBytesPerChar;
-	enum XML_Error result;
-	BINDING *bindings = 0;
-	TAG_NAME name;
-	name.str = poolStoreString(&tempPool, enc, rawName,
-				   rawName + XmlNameLength(enc, rawName));
-	if (!name.str)
-	  return XML_ERROR_NO_MEMORY;
-	poolFinish(&tempPool);
-	result = storeAtts(parser, enc, s, &name, &bindings);
-	if (result)
-	  return result;
-	poolFinish(&tempPool);
-	if (startElementHandler)
-	  startElementHandler(handlerArg, name.str, (const XML_Char **)atts);
-	if (endElementHandler) {
-	  if (startElementHandler)
-	    *eventPP = *eventEndPP;
-	  endElementHandler(handlerArg, name.str);
-	}
-	poolClear(&tempPool);
-	while (bindings) {
-	  BINDING *b = bindings;
-	  if (endNamespaceDeclHandler)
-	    endNamespaceDeclHandler(handlerArg, b->prefix->name);
-	  bindings = bindings->nextTagBinding;
-	  b->nextTagBinding = freeBindingList;
-	  freeBindingList = b;
-	  b->prefix->binding = b->prevPrefixBinding;
-	}
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      if (tagLevel == 0)
-	return epilogProcessor(parser, next, end, nextPtr);
-      break;
-    case XML_TOK_END_TAG:
-      if (tagLevel == startTagLevel)
-        return XML_ERROR_ASYNC_ENTITY;
-      else {
-	int len;
-	const char *rawName;
-	TAG *tag = tagStack;
-	tagStack = tag->parent;
-	tag->parent = freeTagList;
-	freeTagList = tag;
-	rawName = s + enc->minBytesPerChar*2;
-	len = XmlNameLength(enc, rawName);
-	if (len != tag->rawNameLength
-	    || memcmp(tag->rawName, rawName, len) != 0) {
-	  *eventPP = rawName;
-	  return XML_ERROR_TAG_MISMATCH;
-	}
-	--tagLevel;
-	if (endElementHandler && tag->name.str) {
-	  if (tag->name.localPart) {
-	    XML_Char *to = (XML_Char *)tag->name.str + tag->name.uriLen;
-	    const XML_Char *from = tag->name.localPart;
-	    while ((*to++ = *from++) != 0)
-	      ;
-	  }
-	  endElementHandler(handlerArg, tag->name.str);
-	}
-	else if (defaultHandler)
-	  reportDefault(parser, enc, s, next);
-	while (tag->bindings) {
-	  BINDING *b = tag->bindings;
-	  if (endNamespaceDeclHandler)
-	    endNamespaceDeclHandler(handlerArg, b->prefix->name);
-	  tag->bindings = tag->bindings->nextTagBinding;
-	  b->nextTagBinding = freeBindingList;
-	  freeBindingList = b;
-	  b->prefix->binding = b->prevPrefixBinding;
-	}
-	if (tagLevel == 0)
-	  return epilogProcessor(parser, next, end, nextPtr);
-      }
-      break;
-    case XML_TOK_CHAR_REF:
-      {
-	int n = XmlCharRefNumber(enc, s);
-	if (n < 0)
-	  return XML_ERROR_BAD_CHAR_REF;
-	if (characterDataHandler) {
-	  XML_Char buf[XML_ENCODE_MAX];
-	  characterDataHandler(handlerArg, buf, XmlEncode(n, (ICHAR *)buf));
-	}
-	else if (defaultHandler)
-	  reportDefault(parser, enc, s, next);
-      }
-      break;
-    case XML_TOK_XML_DECL:
-      return XML_ERROR_MISPLACED_XML_PI;
-    case XML_TOK_DATA_NEWLINE:
-      if (characterDataHandler) {
-	XML_Char c = 0xA;
-	characterDataHandler(handlerArg, &c, 1);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    case XML_TOK_CDATA_SECT_OPEN:
-      {
-	enum XML_Error result;
-	if (startCdataSectionHandler)
-  	  startCdataSectionHandler(handlerArg);
-	else if (defaultHandler)
-	  reportDefault(parser, enc, s, next);
-	result = doCdataSection(parser, enc, &next, end, nextPtr);
-	if (!next) {
-	  processor = cdataSectionProcessor;
-	  return result;
-	}
-      }
-      break;
-    case XML_TOK_TRAILING_RSQB:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      if (characterDataHandler) {
-	if (MUST_CONVERT(enc, s)) {
-	  ICHAR *dataPtr = (ICHAR *)dataBuf;
-	  XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
-	  characterDataHandler(handlerArg, dataBuf, dataPtr - (ICHAR *)dataBuf);
-	}
-	else
-	  characterDataHandler(handlerArg,
-		  	       (XML_Char *)s,
-			       (XML_Char *)end - (XML_Char *)s);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, end);
-      if (startTagLevel == 0) {
-        *eventPP = end;
-	return XML_ERROR_NO_ELEMENTS;
-      }
-      if (tagLevel != startTagLevel) {
-	*eventPP = end;
-	return XML_ERROR_ASYNC_ENTITY;
-      }
-      return XML_ERROR_NONE;
-    case XML_TOK_DATA_CHARS:
-      if (characterDataHandler) {
-	if (MUST_CONVERT(enc, s)) {
-	  for (;;) {
-	    ICHAR *dataPtr = (ICHAR *)dataBuf;
-	    XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-	    *eventEndPP = s;
-	    characterDataHandler(handlerArg, dataBuf, dataPtr - (ICHAR *)dataBuf);
-	    if (s == next)
-	      break;
-	    *eventPP = s;
-	  }
-	}
-	else
-	  characterDataHandler(handlerArg,
-			       (XML_Char *)s,
-			       (XML_Char *)next - (XML_Char *)s);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    case XML_TOK_PI:
-      if (!reportProcessingInstruction(parser, enc, s, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_COMMENT:
-      if (!reportComment(parser, enc, s, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    default:
-      if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    }
-    *eventPP = s = next;
-  }
-  /* not reached */
-}
-
-/* If tagNamePtr is non-null, build a real list of attributes,
-otherwise just check the attributes for well-formedness. */
-
-static enum XML_Error storeAtts(XML_Parser parser, const ENCODING *enc,
-				const char *s, TAG_NAME *tagNamePtr,
-				BINDING **bindingsPtr)
-{
-  ELEMENT_TYPE *elementType = 0;
-  int nDefaultAtts = 0;
-  const XML_Char **appAtts;
-  int attIndex = 0;
-  int i;
-  int n;
-  int nPrefixes = 0;
-  BINDING *binding;
-  const XML_Char *localPart;
-
-  if (tagNamePtr) {
-    elementType = (ELEMENT_TYPE *)hashTableLookup(&dtd.elementTypes, tagNamePtr->str, 0);
-    if (!elementType) {
-      tagNamePtr->str = poolCopyString(&dtd.pool, tagNamePtr->str);
-      if (!tagNamePtr->str)
-	return XML_ERROR_NO_MEMORY;
-      elementType = (ELEMENT_TYPE *)hashTableLookup(&dtd.elementTypes, tagNamePtr->str, sizeof(ELEMENT_TYPE));
-      if (!elementType)
-        return XML_ERROR_NO_MEMORY;
-      if (ns && !setElementTypePrefix(parser, elementType))
-        return XML_ERROR_NO_MEMORY;
-    }
-    nDefaultAtts = elementType->nDefaultAtts;
-  }
-  n = XmlGetAttributes(enc, s, attsSize, atts);
-  if (n + nDefaultAtts > attsSize) {
-    int oldAttsSize = attsSize;
-    attsSize = n + nDefaultAtts + INIT_ATTS_SIZE;
-    atts = realloc((void *)atts, attsSize * sizeof(ATTRIBUTE));
-    if (!atts)
-      return XML_ERROR_NO_MEMORY;
-    if (n > oldAttsSize)
-      XmlGetAttributes(enc, s, n, atts);
-  }
-  appAtts = (const XML_Char **)atts;
-  for (i = 0; i < n; i++) {
-    ATTRIBUTE_ID *attId = getAttributeId(parser, enc, atts[i].name,
-					 atts[i].name
-					 + XmlNameLength(enc, atts[i].name));
-    if (!attId)
-      return XML_ERROR_NO_MEMORY;
-    if ((attId->name)[-1]) {
-      if (enc == encoding)
-	eventPtr = atts[i].name;
-      return XML_ERROR_DUPLICATE_ATTRIBUTE;
-    }
-    (attId->name)[-1] = 1;
-    appAtts[attIndex++] = attId->name;
-    if (!atts[i].normalized) {
-      enum XML_Error result;
-      int isCdata = 1;
-
-      if (attId->maybeTokenized) {
-	int j;
-	for (j = 0; j < nDefaultAtts; j++) {
-	  if (attId == elementType->defaultAtts[j].id) {
-	    isCdata = elementType->defaultAtts[j].isCdata;
-	    break;
-	  }
-	}
-      }
-
-      result = storeAttributeValue(parser, enc, isCdata,
-				   atts[i].valuePtr, atts[i].valueEnd,
-			           &tempPool);
-      if (result)
-	return result;
-      if (tagNamePtr) {
-	appAtts[attIndex] = poolStart(&tempPool);
-	poolFinish(&tempPool);
-      }
-      else
-	poolDiscard(&tempPool);
-    }
-    else if (tagNamePtr) {
-      appAtts[attIndex] = poolStoreString(&tempPool, enc, atts[i].valuePtr, atts[i].valueEnd);
-      if (appAtts[attIndex] == 0)
-	return XML_ERROR_NO_MEMORY;
-      poolFinish(&tempPool);
-    }
-    if (attId->prefix && tagNamePtr) {
-      if (attId->xmlns) {
-        if (!addBinding(parser, attId->prefix, attId, appAtts[attIndex], bindingsPtr))
-          return XML_ERROR_NO_MEMORY;
-        --attIndex;
-      }
-      else {
-        attIndex++;
-        nPrefixes++;
-        (attId->name)[-1] = 2;
-      }
-    }
-    else
-      attIndex++;
-  }
-  nSpecifiedAtts = attIndex;
-  if (tagNamePtr) {
-    int j;
-    for (j = 0; j < nDefaultAtts; j++) {
-      const DEFAULT_ATTRIBUTE *da = elementType->defaultAtts + j;
-      if (!(da->id->name)[-1] && da->value) {
-        if (da->id->prefix) {
-          if (da->id->xmlns) {
-	    if (!addBinding(parser, da->id->prefix, da->id, da->value, bindingsPtr))
-	      return XML_ERROR_NO_MEMORY;
-	  }
-          else {
-	    (da->id->name)[-1] = 2;
-	    nPrefixes++;
-  	    appAtts[attIndex++] = da->id->name;
-	    appAtts[attIndex++] = da->value;
-	  }
-	}
-	else {
-	  (da->id->name)[-1] = 1;
-	  appAtts[attIndex++] = da->id->name;
-	  appAtts[attIndex++] = da->value;
-	}
-      }
-    }
-    appAtts[attIndex] = 0;
-  }
-  i = 0;
-  if (nPrefixes) {
-    for (; i < attIndex; i += 2) {
-      if (appAtts[i][-1] == 2) {
-        ATTRIBUTE_ID *id;
-        ((XML_Char *)(appAtts[i]))[-1] = 0;
-	id = (ATTRIBUTE_ID *)hashTableLookup(&dtd.attributeIds, appAtts[i], 0);
-	if (id->prefix->binding) {
-	  int j;
-	  const BINDING *b = id->prefix->binding;
-	  const XML_Char *ss = appAtts[i];
-	  for (j = 0; j < b->uriLen; j++) {
-	    if (!poolAppendChar(&tempPool, b->uri[j]))
-	      return XML_ERROR_NO_MEMORY;
-	  }
-	  while (*ss++ != ':')
-	    ;
-	  do {
-	    if (!poolAppendChar(&tempPool, *ss))
-	      return XML_ERROR_NO_MEMORY;
-	  } while (*ss++);
-	  appAtts[i] = poolStart(&tempPool);
-	  poolFinish(&tempPool);
-	}
-	if (!--nPrefixes)
-	  break;
-      }
-      else
-	((XML_Char *)(appAtts[i]))[-1] = 0;
-    }
-  }
-  for (; i < attIndex; i += 2)
-    ((XML_Char *)(appAtts[i]))[-1] = 0;
-  if (!tagNamePtr)
-    return XML_ERROR_NONE;
-  for (binding = *bindingsPtr; binding; binding = binding->nextTagBinding)
-    binding->attId->name[-1] = 0;
-  if (elementType->prefix) {
-    binding = elementType->prefix->binding;
-    if (!binding)
-      return XML_ERROR_NONE;
-    localPart = tagNamePtr->str;
-    while (*localPart++ != XML_T(':'))
-      ;
-  }
-  else if (dtd.defaultPrefix.binding) {
-    binding = dtd.defaultPrefix.binding;
-    localPart = tagNamePtr->str;
-  }
-  else
-    return XML_ERROR_NONE;
-  tagNamePtr->localPart = localPart;
-  tagNamePtr->uriLen = binding->uriLen;
-  i = binding->uriLen;
-  do {
-    if (i == binding->uriAlloc) {
-      binding->uri = realloc(binding->uri, binding->uriAlloc *= 2);
-      if (!binding->uri)
-	return XML_ERROR_NO_MEMORY;
-    }
-    binding->uri[i++] = *localPart;
-  } while (*localPart++);
-  tagNamePtr->str = binding->uri;
-  return XML_ERROR_NONE;
-}
-
-static
-int addBinding(XML_Parser parser, PREFIX *prefix, const ATTRIBUTE_ID *attId, const XML_Char *uri, BINDING **bindingsPtr)
-{
-  BINDING *b;
-  int len;
-  for (len = 0; uri[len]; len++)
-    ;
-  if (namespaceSeparator)
-    len++;
-  if (freeBindingList) {
-    b = freeBindingList;
-    if (len > b->uriAlloc) {
-      b->uri = realloc(b->uri, len + EXPAND_SPARE);
-      if (!b->uri)
-	return 0;
-      b->uriAlloc = len + EXPAND_SPARE;
-    }
-    freeBindingList = b->nextTagBinding;
-  }
-  else {
-    b = malloc(sizeof(BINDING));
-    if (!b)
-      return 0;
-    b->uri = malloc(sizeof(XML_Char) * len + EXPAND_SPARE);
-    if (!b->uri) {
-      free(b);
-      return 0;
-    }
-    b->uriAlloc = len;
-  }
-  b->uriLen = len;
-  memcpy(b->uri, uri, len * sizeof(XML_Char));
-  if (namespaceSeparator)
-    b->uri[len - 1] = namespaceSeparator;
-  b->prefix = prefix;
-  b->attId = attId;
-  b->prevPrefixBinding = prefix->binding;
-  if (*uri == XML_T('\0') && prefix == &dtd.defaultPrefix)
-    prefix->binding = 0;
-  else
-    prefix->binding = b;
-  b->nextTagBinding = *bindingsPtr;
-  *bindingsPtr = b;
-  if (startNamespaceDeclHandler)
-    startNamespaceDeclHandler(handlerArg, prefix->name,
-			      prefix->binding ? uri : 0);
-  return 1;
-}
-
-/* The idea here is to avoid using stack for each CDATA section when
-the whole file is parsed with one call. */
-
-static
-enum XML_Error cdataSectionProcessor(XML_Parser parser,
-				     const char *start,
-			    	     const char *end,
-				     const char **endPtr)
-{
-  enum XML_Error result = doCdataSection(parser, encoding, &start, end, endPtr);
-  if (start) {
-    processor = contentProcessor;
-    return contentProcessor(parser, start, end, endPtr);
-  }
-  return result;
-}
-
-/* startPtr gets set to non-null is the section is closed, and to null if
-the section is not yet closed. */
-
-static
-enum XML_Error doCdataSection(XML_Parser parser,
-			      const ENCODING *enc,
-			      const char **startPtr,
-			      const char *end,
-			      const char **nextPtr)
-{
-  const char *s = *startPtr;
-  const char **eventPP;
-  const char **eventEndPP;
-  if (enc == encoding) {
-    eventPP = &eventPtr;
-    *eventPP = s;
-    eventEndPP = &eventEndPtr;
-  }
-  else {
-    eventPP = &(openInternalEntities->internalEventPtr);
-    eventEndPP = &(openInternalEntities->internalEventEndPtr);
-  }
-  *eventPP = s;
-  *startPtr = 0;
-  for (;;) {
-    const char *next;
-    int tok = XmlCdataSectionTok(enc, s, end, &next);
-    *eventEndPP = next;
-    switch (tok) {
-    case XML_TOK_CDATA_SECT_CLOSE:
-      if (endCdataSectionHandler)
-	endCdataSectionHandler(handlerArg);
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      *startPtr = next;
-      return XML_ERROR_NONE;
-    case XML_TOK_DATA_NEWLINE:
-      if (characterDataHandler) {
-	XML_Char c = 0xA;
-	characterDataHandler(handlerArg, &c, 1);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    case XML_TOK_DATA_CHARS:
-      if (characterDataHandler) {
-	if (MUST_CONVERT(enc, s)) {
-	  for (;;) {
-  	    ICHAR *dataPtr = (ICHAR *)dataBuf;
-	    XmlConvert(enc, &s, next, &dataPtr, (ICHAR *)dataBufEnd);
-	    *eventEndPP = next;
-	    characterDataHandler(handlerArg, dataBuf, dataPtr - (ICHAR *)dataBuf);
-	    if (s == next)
-	      break;
-	    *eventPP = s;
-	  }
-	}
-	else
-	  characterDataHandler(handlerArg,
-		  	       (XML_Char *)s,
-			       (XML_Char *)next - (XML_Char *)s);
-      }
-      else if (defaultHandler)
-	reportDefault(parser, enc, s, next);
-      break;
-    case XML_TOK_INVALID:
-      *eventPP = next;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_PARTIAL_CHAR:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_PARTIAL_CHAR;
-    case XML_TOK_PARTIAL:
-    case XML_TOK_NONE:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_UNCLOSED_CDATA_SECTION;
-    default:
-      abort();
-    }
-    *eventPP = s = next;
-  }
-  /* not reached */
-}
-
-static enum XML_Error
-initializeEncoding(XML_Parser parser)
-{
-  const char *s;
-#ifdef XML_UNICODE
-  char encodingBuf[128];
-  if (!protocolEncodingName)
-    s = 0;
-  else {
-    int i;
-    for (i = 0; protocolEncodingName[i]; i++) {
-      if (i == sizeof(encodingBuf) - 1
-	  || protocolEncodingName[i] >= 0x80
-	  || protocolEncodingName[i] < 0) {
-	encodingBuf[0] = '\0';
-	break;
-      }
-      encodingBuf[i] = (char)protocolEncodingName[i];
-    }
-    encodingBuf[i] = '\0';
-    s = encodingBuf;
-  }
-#else
-  s = protocolEncodingName;
-#endif
-  if ((ns ? XmlInitEncodingNS : XmlInitEncoding)(&initEncoding, &encoding, s))
-    return XML_ERROR_NONE;
-  return handleUnknownEncoding(parser, protocolEncodingName);
-}
-
-static enum XML_Error
-processXmlDecl(XML_Parser parser, int isGeneralTextEntity,
-	       const char *s, const char *next)
-{
-  const char *encodingName = 0;
-  const ENCODING *newEncoding = 0;
-  const char *version;
-  int standalone = -1;
-  if (!(ns
-        ? XmlParseXmlDeclNS
-	: XmlParseXmlDecl)(isGeneralTextEntity,
-		           encoding,
-		           s,
-		           next,
-		           &eventPtr,
-		           &version,
-		           &encodingName,
-		           &newEncoding,
-		           &standalone))
-    return XML_ERROR_SYNTAX;
-  if (!isGeneralTextEntity && standalone == 1)
-    dtd.standalone = 1;
-  if (defaultHandler)
-    reportDefault(parser, encoding, s, next);
-  if (!protocolEncodingName) {
-    if (newEncoding) {
-      if (newEncoding->minBytesPerChar != encoding->minBytesPerChar) {
-	eventPtr = encodingName;
-	return XML_ERROR_INCORRECT_ENCODING;
-      }
-      encoding = newEncoding;
-    }
-    else if (encodingName) {
-      enum XML_Error result;
-      const XML_Char *ss = poolStoreString(&tempPool,
-					  encoding,
-					  encodingName,
-					  encodingName
-					  + XmlNameLength(encoding, encodingName));
-      if (!ss)
-	return XML_ERROR_NO_MEMORY;
-      result = handleUnknownEncoding(parser, ss);
-      poolDiscard(&tempPool);
-      if (result == XML_ERROR_UNKNOWN_ENCODING)
-	eventPtr = encodingName;
-      return result;
-    }
-  }
-  return XML_ERROR_NONE;
-}
-
-static enum XML_Error
-handleUnknownEncoding(XML_Parser parser, const XML_Char *encodingName)
-{
-  if (unknownEncodingHandler) {
-    XML_Encoding info;
-    int i;
-    for (i = 0; i < 256; i++)
-      info.map[i] = -1;
-    info.convert = 0;
-    info.data = 0;
-    info.release = 0;
-    if (unknownEncodingHandler(unknownEncodingHandlerData, encodingName, &info)) {
-      ENCODING *enc;
-      unknownEncodingMem = malloc(XmlSizeOfUnknownEncoding());
-      if (!unknownEncodingMem) {
-	if (info.release)
-	  info.release(info.data);
-	return XML_ERROR_NO_MEMORY;
-      }
-      enc = (ns
-	     ? XmlInitUnknownEncodingNS
-	     : XmlInitUnknownEncoding)(unknownEncodingMem,
-				       info.map,
-				       info.convert,
-				       info.data);
-      if (enc) {
-	unknownEncodingData = info.data;
-	unknownEncodingRelease = info.release;
-	encoding = enc;
-	return XML_ERROR_NONE;
-      }
-    }
-    if (info.release)
-      info.release(info.data);
-  }
-  return XML_ERROR_UNKNOWN_ENCODING;
-}
-
-static enum XML_Error
-prologInitProcessor(XML_Parser parser,
-		    const char *s,
-		    const char *end,
-		    const char **nextPtr)
-{
-  enum XML_Error result = initializeEncoding(parser);
-  if (result != XML_ERROR_NONE)
-    return result;
-  processor = prologProcessor;
-  return prologProcessor(parser, s, end, nextPtr);
-}
-
-static enum XML_Error
-prologProcessor(XML_Parser parser,
-		const char *s,
-		const char *end,
-		const char **nextPtr)
-{
-  for (;;) {
-    const char *next;
-    int tok = XmlPrologTok(encoding, s, end, &next);
-    if (tok <= 0) {
-      if (nextPtr != 0 && tok != XML_TOK_INVALID) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      switch (tok) {
-      case XML_TOK_INVALID:
-	eventPtr = next;
-	return XML_ERROR_INVALID_TOKEN;
-      case XML_TOK_NONE:
-	return XML_ERROR_NO_ELEMENTS;
-      case XML_TOK_PARTIAL:
-	return XML_ERROR_UNCLOSED_TOKEN;
-      case XML_TOK_PARTIAL_CHAR:
-	return XML_ERROR_PARTIAL_CHAR;
-      case XML_TOK_TRAILING_CR:
-	eventPtr = s + encoding->minBytesPerChar;
-	return XML_ERROR_NO_ELEMENTS;
-      default:
-	abort();
-      }
-    }
-    switch (XmlTokenRole(&prologState, tok, s, next, encoding)) {
-    case XML_ROLE_XML_DECL:
-      {
-	enum XML_Error result = processXmlDecl(parser, 0, s, next);
-	if (result != XML_ERROR_NONE)
-	  return result;
-      }
-      break;
-    case XML_ROLE_DOCTYPE_SYSTEM_ID:
-      if (!dtd.standalone
-	  && notStandaloneHandler
-	  && !notStandaloneHandler(handlerArg))
-	return XML_ERROR_NOT_STANDALONE;
-      hadExternalDoctype = 1;
-      break;
-    case XML_ROLE_DOCTYPE_PUBLIC_ID:
-    case XML_ROLE_ENTITY_PUBLIC_ID:
-      if (!XmlIsPublicId(encoding, s, next, &eventPtr))
-	return XML_ERROR_SYNTAX;
-      if (declEntity) {
-	XML_Char *tem = poolStoreString(&dtd.pool,
-	                                encoding,
-					s + encoding->minBytesPerChar,
-	  				next - encoding->minBytesPerChar);
-	if (!tem)
-	  return XML_ERROR_NO_MEMORY;
-	normalizePublicId(tem);
-	declEntity->publicId = tem;
-	poolFinish(&dtd.pool);
-      }
-      break;
-    case XML_ROLE_INSTANCE_START:
-      processor = contentProcessor;
-      if (hadExternalDoctype)
-	dtd.complete = 0;
-      return contentProcessor(parser, s, end, nextPtr);
-    case XML_ROLE_ATTLIST_ELEMENT_NAME:
-      {
-	const XML_Char *name = poolStoreString(&dtd.pool, encoding, s, next);
-	if (!name)
-	  return XML_ERROR_NO_MEMORY;
-	declElementType = (ELEMENT_TYPE *)hashTableLookup(&dtd.elementTypes, name, sizeof(ELEMENT_TYPE));
-	if (!declElementType)
-	  return XML_ERROR_NO_MEMORY;
-	if (declElementType->name != name)
-	  poolDiscard(&dtd.pool);
-	else {
-	  poolFinish(&dtd.pool);
-	  if (!setElementTypePrefix(parser, declElementType))
-            return XML_ERROR_NO_MEMORY;
-	}
-	break;
-      }
-    case XML_ROLE_ATTRIBUTE_NAME:
-      declAttributeId = getAttributeId(parser, encoding, s, next);
-      if (!declAttributeId)
-	return XML_ERROR_NO_MEMORY;
-      declAttributeIsCdata = 0;
-      break;
-    case XML_ROLE_ATTRIBUTE_TYPE_CDATA:
-      declAttributeIsCdata = 1;
-      break;
-    case XML_ROLE_IMPLIED_ATTRIBUTE_VALUE:
-    case XML_ROLE_REQUIRED_ATTRIBUTE_VALUE:
-      if (dtd.complete
-	  && !defineAttribute(declElementType, declAttributeId, declAttributeIsCdata, 0))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_ROLE_DEFAULT_ATTRIBUTE_VALUE:
-    case XML_ROLE_FIXED_ATTRIBUTE_VALUE:
-      {
-	const XML_Char *attVal;
-	enum XML_Error result
-	  = storeAttributeValue(parser, encoding, declAttributeIsCdata,
-				s + encoding->minBytesPerChar,
-			        next - encoding->minBytesPerChar,
-			        &dtd.pool);
-	if (result)
-	  return result;
-	attVal = poolStart(&dtd.pool);
-	poolFinish(&dtd.pool);
-	if (dtd.complete
-	    && !defineAttribute(declElementType, declAttributeId, declAttributeIsCdata, attVal))
-	  return XML_ERROR_NO_MEMORY;
-	break;
-      }
-    case XML_ROLE_ENTITY_VALUE:
-      {
-	enum XML_Error result = storeEntityValue(parser, s, next);
-	if (result != XML_ERROR_NONE)
-	  return result;
-      }
-      break;
-    case XML_ROLE_ENTITY_SYSTEM_ID:
-      if (declEntity) {
-	declEntity->systemId = poolStoreString(&dtd.pool, encoding,
-	                                       s + encoding->minBytesPerChar,
-	  				       next - encoding->minBytesPerChar);
-	if (!declEntity->systemId)
-	  return XML_ERROR_NO_MEMORY;
-	declEntity->base = dtd.base;
-	poolFinish(&dtd.pool);
-      }
-      break;
-    case XML_ROLE_ENTITY_NOTATION_NAME:
-      if (declEntity) {
-	declEntity->notation = poolStoreString(&dtd.pool, encoding, s, next);
-	if (!declEntity->notation)
-	  return XML_ERROR_NO_MEMORY;
-	poolFinish(&dtd.pool);
-	if (unparsedEntityDeclHandler) {
-	  eventPtr = eventEndPtr = s;
-	  unparsedEntityDeclHandler(handlerArg,
-				    declEntity->name,
-				    declEntity->base,
-				    declEntity->systemId,
-				    declEntity->publicId,
-				    declEntity->notation);
-	}
-
-      }
-      break;
-    case XML_ROLE_GENERAL_ENTITY_NAME:
-      {
-	const XML_Char *name;
-	if (XmlPredefinedEntityName(encoding, s, next)) {
-	  declEntity = 0;
-	  break;
-	}
-	name = poolStoreString(&dtd.pool, encoding, s, next);
-	if (!name)
-	  return XML_ERROR_NO_MEMORY;
-	if (dtd.complete) {
-	  declEntity = (ENTITY *)hashTableLookup(&dtd.generalEntities, name, sizeof(ENTITY));
-	  if (!declEntity)
-	    return XML_ERROR_NO_MEMORY;
-	  if (declEntity->name != name) {
-	    poolDiscard(&dtd.pool);
-	    declEntity = 0;
-	  }
-	  else
-	    poolFinish(&dtd.pool);
-	}
-	else {
-	  poolDiscard(&dtd.pool);
-	  declEntity = 0;
-	}
-      }
-      break;
-    case XML_ROLE_PARAM_ENTITY_NAME:
-      declEntity = 0;
-      break;
-    case XML_ROLE_NOTATION_NAME:
-      declNotationPublicId = 0;
-      declNotationName = 0;
-      if (notationDeclHandler) {
-	declNotationName = poolStoreString(&tempPool, encoding, s, next);
-	if (!declNotationName)
-	  return XML_ERROR_NO_MEMORY;
-	poolFinish(&tempPool);
-      }
-      break;
-    case XML_ROLE_NOTATION_PUBLIC_ID:
-      if (!XmlIsPublicId(encoding, s, next, &eventPtr))
-	return XML_ERROR_SYNTAX;
-      if (declNotationName) {
-	XML_Char *tem = poolStoreString(&tempPool,
-	                                encoding,
-					s + encoding->minBytesPerChar,
-	  				next - encoding->minBytesPerChar);
-	if (!tem)
-	  return XML_ERROR_NO_MEMORY;
-	normalizePublicId(tem);
-	declNotationPublicId = tem;
-	poolFinish(&tempPool);
-      }
-      break;
-    case XML_ROLE_NOTATION_SYSTEM_ID:
-      if (declNotationName && notationDeclHandler) {
-	const XML_Char *systemId
-	  = poolStoreString(&tempPool, encoding,
-			    s + encoding->minBytesPerChar,
-	  		    next - encoding->minBytesPerChar);
-	if (!systemId)
-	  return XML_ERROR_NO_MEMORY;
-	eventPtr = eventEndPtr = s;
-	notationDeclHandler(handlerArg,
-			    declNotationName,
-			    dtd.base,
-			    systemId,
-			    declNotationPublicId);
-      }
-      poolClear(&tempPool);
-      break;
-    case XML_ROLE_NOTATION_NO_SYSTEM_ID:
-      if (declNotationPublicId && notationDeclHandler) {
-	eventPtr = eventEndPtr = s;
-	notationDeclHandler(handlerArg,
-			    declNotationName,
-			    dtd.base,
-			    0,
-			    declNotationPublicId);
-      }
-      poolClear(&tempPool);
-      break;
-    case XML_ROLE_ERROR:
-      eventPtr = s;
-      switch (tok) {
-      case XML_TOK_PARAM_ENTITY_REF:
-	return XML_ERROR_PARAM_ENTITY_REF;
-      case XML_TOK_XML_DECL:
-	return XML_ERROR_MISPLACED_XML_PI;
-      default:
-	return XML_ERROR_SYNTAX;
-      }
-    case XML_ROLE_GROUP_OPEN:
-      if (prologState.level >= groupSize) {
-	if (groupSize)
-	  groupConnector = realloc(groupConnector, groupSize *= 2);
-	else
-	  groupConnector = malloc(groupSize = 32);
-	if (!groupConnector)
-	  return XML_ERROR_NO_MEMORY;
-      }
-      groupConnector[prologState.level] = 0;
-      break;
-    case XML_ROLE_GROUP_SEQUENCE:
-      if (groupConnector[prologState.level] == '|') {
-	eventPtr = s;
-	return XML_ERROR_SYNTAX;
-      }
-      groupConnector[prologState.level] = ',';
-      break;
-    case XML_ROLE_GROUP_CHOICE:
-      if (groupConnector[prologState.level] == ',') {
-	eventPtr = s;
-	return XML_ERROR_SYNTAX;
-      }
-      groupConnector[prologState.level] = '|';
-      break;
-    case XML_ROLE_PARAM_ENTITY_REF:
-      if (!dtd.standalone
-	  && notStandaloneHandler
-	  && !notStandaloneHandler(handlerArg))
-	return XML_ERROR_NOT_STANDALONE;
-      dtd.complete = 0;
-      break;
-    case XML_ROLE_NONE:
-      switch (tok) {
-      case XML_TOK_PI:
-	eventPtr = s;
-	eventEndPtr = next;
-	if (!reportProcessingInstruction(parser, encoding, s, next))
-	  return XML_ERROR_NO_MEMORY;
-	break;
-      case XML_TOK_COMMENT:
-	eventPtr = s;
-	eventEndPtr = next;
-	if (!reportComment(parser, encoding, s, next))
-	  return XML_ERROR_NO_MEMORY;
-	break;
-      }
-      break;
-    }
-    if (defaultHandler) {
-      switch (tok) {
-      case XML_TOK_PI:
-      case XML_TOK_COMMENT:
-      case XML_TOK_BOM:
-      case XML_TOK_XML_DECL:
-	break;
-      default:
-	eventPtr = s;
-	eventEndPtr = next;
-	reportDefault(parser, encoding, s, next);
-      }
-    }
-    s = next;
-  }
-  /* not reached */
-}
-
-static
-enum XML_Error epilogProcessor(XML_Parser parser,
-			       const char *s,
-			       const char *end,
-			       const char **nextPtr)
-{
-  processor = epilogProcessor;
-  eventPtr = s;
-  for (;;) {
-    const char *next;
-    int tok = XmlPrologTok(encoding, s, end, &next);
-    eventEndPtr = next;
-    switch (tok) {
-    case XML_TOK_TRAILING_CR:
-      if (defaultHandler) {
-	eventEndPtr = end;
-	reportDefault(parser, encoding, s, end);
-      }
-      /* fall through */
-    case XML_TOK_NONE:
-      if (nextPtr)
-	*nextPtr = end;
-      return XML_ERROR_NONE;
-    case XML_TOK_PROLOG_S:
-      if (defaultHandler)
-	reportDefault(parser, encoding, s, next);
-      break;
-    case XML_TOK_PI:
-      if (!reportProcessingInstruction(parser, encoding, s, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_COMMENT:
-      if (!reportComment(parser, encoding, s, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_INVALID:
-      eventPtr = next;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_PARTIAL:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_UNCLOSED_TOKEN;
-    case XML_TOK_PARTIAL_CHAR:
-      if (nextPtr) {
-	*nextPtr = s;
-	return XML_ERROR_NONE;
-      }
-      return XML_ERROR_PARTIAL_CHAR;
-    default:
-      return XML_ERROR_JUNK_AFTER_DOC_ELEMENT;
-    }
-    eventPtr = s = next;
-  }
-}
-
-static enum XML_Error
-storeAttributeValue(XML_Parser parser, const ENCODING *enc, int isCdata,
-		    const char *ptr, const char *end,
-		    STRING_POOL *pool)
-{
-  enum XML_Error result = appendAttributeValue(parser, enc, isCdata, ptr, end, pool);
-  if (result)
-    return result;
-  if (!isCdata && poolLength(pool) && poolLastChar(pool) == 0x20)
-    poolChop(pool);
-  if (!poolAppendChar(pool, XML_T('\0')))
-    return XML_ERROR_NO_MEMORY;
-  return XML_ERROR_NONE;
-}
-
-static enum XML_Error
-appendAttributeValue(XML_Parser parser, const ENCODING *enc, int isCdata,
-		     const char *ptr, const char *end,
-		     STRING_POOL *pool)
-{
-  const ENCODING *internalEnc = ns ? XmlGetInternalEncodingNS() : XmlGetInternalEncoding();
-  for (;;) {
-    const char *next;
-    int tok = XmlAttributeValueTok(enc, ptr, end, &next);
-    switch (tok) {
-    case XML_TOK_NONE:
-      return XML_ERROR_NONE;
-    case XML_TOK_INVALID:
-      if (enc == encoding)
-	eventPtr = next;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_PARTIAL:
-      if (enc == encoding)
-	eventPtr = ptr;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_CHAR_REF:
-      {
-	XML_Char buf[XML_ENCODE_MAX];
-	int i;
-	int n = XmlCharRefNumber(enc, ptr);
-	if (n < 0) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-      	  return XML_ERROR_BAD_CHAR_REF;
-	}
-	if (!isCdata
-	    && n == 0x20 /* space */
-	    && (poolLength(pool) == 0 || poolLastChar(pool) == 0x20))
-	  break;
-	n = XmlEncode(n, (ICHAR *)buf);
-	if (!n) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-	  return XML_ERROR_BAD_CHAR_REF;
-	}
-	for (i = 0; i < n; i++) {
-	  if (!poolAppendChar(pool, buf[i]))
-	    return XML_ERROR_NO_MEMORY;
-	}
-      }
-      break;
-    case XML_TOK_DATA_CHARS:
-      if (!poolAppend(pool, enc, ptr, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_TRAILING_CR:
-      next = ptr + enc->minBytesPerChar;
-      /* fall through */
-    case XML_TOK_ATTRIBUTE_VALUE_S:
-    case XML_TOK_DATA_NEWLINE:
-      if (!isCdata && (poolLength(pool) == 0 || poolLastChar(pool) == 0x20))
-	break;
-      if (!poolAppendChar(pool, 0x20))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_ENTITY_REF:
-      {
-	const XML_Char *name;
-	ENTITY *entity;
-	XML_Char ch = XmlPredefinedEntityName(enc,
-					      ptr + enc->minBytesPerChar,
-					      next - enc->minBytesPerChar);
-	if (ch) {
-	  if (!poolAppendChar(pool, ch))
-  	    return XML_ERROR_NO_MEMORY;
-	  break;
-	}
-	name = poolStoreString(&temp2Pool, enc,
-			       ptr + enc->minBytesPerChar,
-			       next - enc->minBytesPerChar);
-	if (!name)
-	  return XML_ERROR_NO_MEMORY;
-	entity = (ENTITY *)hashTableLookup(&dtd.generalEntities, name, 0);
-	poolDiscard(&temp2Pool);
-	if (!entity) {
-	  if (dtd.complete) {
-	    if (enc == encoding)
-	      eventPtr = ptr;
-	    return XML_ERROR_UNDEFINED_ENTITY;
-	  }
-	}
-	else if (entity->open) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-	  return XML_ERROR_RECURSIVE_ENTITY_REF;
-	}
-	else if (entity->notation) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-	  return XML_ERROR_BINARY_ENTITY_REF;
-	}
-	else if (!entity->textPtr) {
-	  if (enc == encoding)
-	    eventPtr = ptr;
-  	  return XML_ERROR_ATTRIBUTE_EXTERNAL_ENTITY_REF;
-	}
-	else {
-	  enum XML_Error result;
-	  const XML_Char *textEnd = entity->textPtr + entity->textLen;
-	  entity->open = 1;
-	  result = appendAttributeValue(parser, internalEnc, isCdata, (char *)entity->textPtr, (char *)textEnd, pool);
-	  entity->open = 0;
-	  if (result)
-	    return result;
-	}
-      }
-      break;
-    default:
-      abort();
-    }
-    ptr = next;
-  }
-  /* not reached */
-}
-
-static
-enum XML_Error storeEntityValue(XML_Parser parser,
-				const char *entityTextPtr,
-				const char *entityTextEnd)
-{
-  STRING_POOL *pool = &(dtd.pool);
-  entityTextPtr += encoding->minBytesPerChar;
-  entityTextEnd -= encoding->minBytesPerChar;
-  for (;;) {
-    const char *next;
-    int tok = XmlEntityValueTok(encoding, entityTextPtr, entityTextEnd, &next);
-    switch (tok) {
-    case XML_TOK_PARAM_ENTITY_REF:
-      eventPtr = entityTextPtr;
-      return XML_ERROR_SYNTAX;
-    case XML_TOK_NONE:
-      if (declEntity) {
-	declEntity->textPtr = pool->start;
-	declEntity->textLen = pool->ptr - pool->start;
-	poolFinish(pool);
-      }
-      else
-	poolDiscard(pool);
-      return XML_ERROR_NONE;
-    case XML_TOK_ENTITY_REF:
-    case XML_TOK_DATA_CHARS:
-      if (!poolAppend(pool, encoding, entityTextPtr, next))
-	return XML_ERROR_NO_MEMORY;
-      break;
-    case XML_TOK_TRAILING_CR:
-      next = entityTextPtr + encoding->minBytesPerChar;
-      /* fall through */
-    case XML_TOK_DATA_NEWLINE:
-      if (pool->end == pool->ptr && !poolGrow(pool))
-	return XML_ERROR_NO_MEMORY;
-      *(pool->ptr)++ = 0xA;
-      break;
-    case XML_TOK_CHAR_REF:
-      {
-	XML_Char buf[XML_ENCODE_MAX];
-	int i;
-	int n = XmlCharRefNumber(encoding, entityTextPtr);
-	if (n < 0) {
-	  eventPtr = entityTextPtr;
-	  return XML_ERROR_BAD_CHAR_REF;
-	}
-	n = XmlEncode(n, (ICHAR *)buf);
-	if (!n) {
-	  eventPtr = entityTextPtr;
-	  return XML_ERROR_BAD_CHAR_REF;
-	}
-	for (i = 0; i < n; i++) {
-	  if (pool->end == pool->ptr && !poolGrow(pool))
-	    return XML_ERROR_NO_MEMORY;
-	  *(pool->ptr)++ = buf[i];
-	}
-      }
-      break;
-    case XML_TOK_PARTIAL:
-      eventPtr = entityTextPtr;
-      return XML_ERROR_INVALID_TOKEN;
-    case XML_TOK_INVALID:
-      eventPtr = next;
-      return XML_ERROR_INVALID_TOKEN;
-    default:
-      abort();
-    }
-    entityTextPtr = next;
-  }
-  /* not reached */
-}
-
-static void
-normalizeLines(XML_Char *s)
-{
-  XML_Char *p;
-  for (;; s++) {
-    if (*s == XML_T('\0'))
-      return;
-    if (*s == 0xD)
-      break;
-  }
-  p = s;
-  do {
-    if (*s == 0xD) {
-      *p++ = 0xA;
-      if (*++s == 0xA)
-        s++;
-    }
-    else
-      *p++ = *s++;
-  } while (*s);
-  *p = XML_T('\0');
-}
-
-static int
-reportProcessingInstruction(XML_Parser parser, const ENCODING *enc, const char *start, const char *end)
-{
-  const XML_Char *target;
-  XML_Char *data;
-  const char *tem;
-  if (!processingInstructionHandler) {
-    if (defaultHandler)
-      reportDefault(parser, enc, start, end);
-    return 1;
-  }
-  start += enc->minBytesPerChar * 2;
-  tem = start + XmlNameLength(enc, start);
-  target = poolStoreString(&tempPool, enc, start, tem);
-  if (!target)
-    return 0;
-  poolFinish(&tempPool);
-  data = poolStoreString(&tempPool, enc,
-			XmlSkipS(enc, tem),
-			end - enc->minBytesPerChar*2);
-  if (!data)
-    return 0;
-  normalizeLines(data);
-  processingInstructionHandler(handlerArg, target, data);
-  poolClear(&tempPool);
-  return 1;
-}
-
-static int
-reportComment(XML_Parser parser, const ENCODING *enc, const char *start, const char *end)
-{
-  XML_Char *data;
-  if (!commentHandler) {
-    if (defaultHandler)
-      reportDefault(parser, enc, start, end);
-    return 1;
-  }
-  data = poolStoreString(&tempPool,
-                         enc,
-                         start + enc->minBytesPerChar * 4, 
-			 end - enc->minBytesPerChar * 3);
-  if (!data)
-    return 0;
-  normalizeLines(data);
-  commentHandler(handlerArg, data);
-  poolClear(&tempPool);
-  return 1;
-}
-
-static void
-reportDefault(XML_Parser parser, const ENCODING *enc, const char *s, const char *end)
-{
-  if (MUST_CONVERT(enc, s)) {
-    const char **eventPP;
-    const char **eventEndPP;
-    if (enc == encoding) {
-      eventPP = &eventPtr;
-      eventEndPP = &eventEndPtr;
-    }
-    else {
-      eventPP = &(openInternalEntities->internalEventPtr);
-      eventEndPP = &(openInternalEntities->internalEventEndPtr);
-    }
-    do {
-      ICHAR *dataPtr = (ICHAR *)dataBuf;
-      XmlConvert(enc, &s, end, &dataPtr, (ICHAR *)dataBufEnd);
-      *eventEndPP = s;
-      defaultHandler(handlerArg, dataBuf, dataPtr - (ICHAR *)dataBuf);
-      *eventPP = s;
-    } while (s != end);
-  }
-  else
-    defaultHandler(handlerArg, (XML_Char *)s, (XML_Char *)end - (XML_Char *)s);
-}
-
-
-static int
-defineAttribute(ELEMENT_TYPE *type, ATTRIBUTE_ID *attId, int isCdata, const XML_Char *value)
-{
-  DEFAULT_ATTRIBUTE *att;
-  if (type->nDefaultAtts == type->allocDefaultAtts) {
-    if (type->allocDefaultAtts == 0) {
-      type->allocDefaultAtts = 8;
-      type->defaultAtts = malloc(type->allocDefaultAtts*sizeof(DEFAULT_ATTRIBUTE));
-    }
-    else {
-      type->allocDefaultAtts *= 2;
-      type->defaultAtts = realloc(type->defaultAtts,
-				  type->allocDefaultAtts*sizeof(DEFAULT_ATTRIBUTE));
-    }
-    if (!type->defaultAtts)
-      return 0;
-  }
-  att = type->defaultAtts + type->nDefaultAtts;
-  att->id = attId;
-  att->value = value;
-  att->isCdata = isCdata;
-  if (!isCdata)
-    attId->maybeTokenized = 1;
-  type->nDefaultAtts += 1;
-  return 1;
-}
-
-static int setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
-{
-  const XML_Char *name;
-  for (name = elementType->name; *name; name++) {
-    if (*name == XML_T(':')) {
-      PREFIX *prefix;
-      const XML_Char *s;
-      for (s = elementType->name; s != name; s++) {
-	if (!poolAppendChar(&dtd.pool, *s))
-	  return 0;
-      }
-      if (!poolAppendChar(&dtd.pool, XML_T('\0')))
-	return 0;
-      prefix = (PREFIX *)hashTableLookup(&dtd.prefixes, poolStart(&dtd.pool), sizeof(PREFIX));
-      if (!prefix)
-	return 0;
-      if (prefix->name == poolStart(&dtd.pool))
-	poolFinish(&dtd.pool);
-      else
-	poolDiscard(&dtd.pool);
-      elementType->prefix = prefix;
-
-    }
-  }
-  return 1;
-}
-
-static ATTRIBUTE_ID *
-getAttributeId(XML_Parser parser, const ENCODING *enc, const char *start, const char *end)
-{
-  ATTRIBUTE_ID *id;
-  const XML_Char *name;
-  if (!poolAppendChar(&dtd.pool, XML_T('\0')))
-    return 0;
-  name = poolStoreString(&dtd.pool, enc, start, end);
-  if (!name)
-    return 0;
-  ++name;
-  id = (ATTRIBUTE_ID *)hashTableLookup(&dtd.attributeIds, name, sizeof(ATTRIBUTE_ID));
-  if (!id)
-    return 0;
-  if (id->name != name)
-    poolDiscard(&dtd.pool);
-  else {
-    poolFinish(&dtd.pool);
-    if (!ns)
-      ;
-    else if (name[0] == 'x'
-	&& name[1] == 'm'
-	&& name[2] == 'l'
-	&& name[3] == 'n'
-	&& name[4] == 's'
-	&& (name[5] == XML_T('\0') || name[5] == XML_T(':'))) {
-      if (name[5] == '\0')
-	id->prefix = &dtd.defaultPrefix;
-      else
-	id->prefix = (PREFIX *)hashTableLookup(&dtd.prefixes, name + 6, sizeof(PREFIX));
-      id->xmlns = 1;
-    }
-    else {
-      int i;
-      for (i = 0; name[i]; i++) {
-	if (name[i] == XML_T(':')) {
-	  int j;
-	  for (j = 0; j < i; j++) {
-	    if (!poolAppendChar(&dtd.pool, name[j]))
-	      return 0;
-	  }
-	  if (!poolAppendChar(&dtd.pool, XML_T('\0')))
-	    return 0;
-	  id->prefix = (PREFIX *)hashTableLookup(&dtd.prefixes, poolStart(&dtd.pool), sizeof(PREFIX));
-	  if (id->prefix->name == poolStart(&dtd.pool))
-	    poolFinish(&dtd.pool);
-	  else
-	    poolDiscard(&dtd.pool);
-	  break;
-	}
-      }
-    }
-  }
-  return id;
-}
-
-#define CONTEXT_SEP XML_T('\f')
-
-static
-const XML_Char *getContext(XML_Parser parser)
-{
-  HASH_TABLE_ITER iter;
-  int needSep = 0;
-
-  if (dtd.defaultPrefix.binding) {
-    int i;
-    int len;
-    if (!poolAppendChar(&tempPool, XML_T('=')))
-      return 0;
-    len = dtd.defaultPrefix.binding->uriLen;
-    if (namespaceSeparator != XML_T('\0'))
-      len--;
-    for (i = 0; i < len; i++)
-      if (!poolAppendChar(&tempPool, dtd.defaultPrefix.binding->uri[i]))
-  	return 0;
-    needSep = 1;
-  }
-
-  hashTableIterInit(&iter, &(dtd.prefixes));
-  for (;;) {
-    int i;
-    int len;
-    const XML_Char *s;
-    PREFIX *prefix = (PREFIX *)hashTableIterNext(&iter);
-    if (!prefix)
-      break;
-    if (!prefix->binding)
-      continue;
-    if (needSep && !poolAppendChar(&tempPool, CONTEXT_SEP))
-      return 0;
-    for (s = prefix->name; *s; s++)
-      if (!poolAppendChar(&tempPool, *s))
-        return 0;
-    if (!poolAppendChar(&tempPool, XML_T('=')))
-      return 0;
-    len = prefix->binding->uriLen;
-    if (namespaceSeparator != XML_T('\0'))
-      len--;
-    for (i = 0; i < len; i++)
-      if (!poolAppendChar(&tempPool, prefix->binding->uri[i]))
-        return 0;
-    needSep = 1;
-  }
-
-
-  hashTableIterInit(&iter, &(dtd.generalEntities));
-  for (;;) {
-    const XML_Char *s;
-    ENTITY *e = (ENTITY *)hashTableIterNext(&iter);
-    if (!e)
-      break;
-    if (!e->open)
-      continue;
-    if (needSep && !poolAppendChar(&tempPool, CONTEXT_SEP))
-      return 0;
-    for (s = e->name; *s; s++)
-      if (!poolAppendChar(&tempPool, *s))
-        return 0;
-    needSep = 1;
-  }
-
-  if (!poolAppendChar(&tempPool, XML_T('\0')))
-    return 0;
-  return tempPool.start;
-}
-
-static
-int setContext(XML_Parser parser, const XML_Char *context)
-{
-  const XML_Char *s = context;
-
-  while (*context != XML_T('\0')) {
-    if (*s == CONTEXT_SEP || *s == XML_T('\0')) {
-      ENTITY *e;
-      if (!poolAppendChar(&tempPool, XML_T('\0')))
-	return 0;
-      e = (ENTITY *)hashTableLookup(&dtd.generalEntities, poolStart(&tempPool), 0);
-      if (e)
-	e->open = 1;
-      if (*s != XML_T('\0'))
-	s++;
-      context = s;
-      poolDiscard(&tempPool);
-    }
-    else if (*s == '=') {
-      PREFIX *prefix;
-      if (poolLength(&tempPool) == 0)
-	prefix = &dtd.defaultPrefix;
-      else {
-	if (!poolAppendChar(&tempPool, XML_T('\0')))
-	  return 0;
-	prefix = (PREFIX *)hashTableLookup(&dtd.prefixes, poolStart(&tempPool), sizeof(PREFIX));
-	if (!prefix)
-	  return 0;
-        if (prefix->name == poolStart(&tempPool))
-          poolFinish(&tempPool);
-        else
-	  poolDiscard(&tempPool);
-      }
-      for (context = s + 1; *context != CONTEXT_SEP && *context != XML_T('\0'); context++)
-        if (!poolAppendChar(&tempPool, *context))
-          return 0;
-      if (!poolAppendChar(&tempPool, XML_T('\0')))
-	return 0;
-      if (!addBinding(parser, prefix, 0, poolStart(&tempPool), &inheritedBindings))
-	return 0;
-      poolDiscard(&tempPool);
-      if (*context != XML_T('\0'))
-	++context;
-      s = context;
-    }
-    else {
-      if (!poolAppendChar(&tempPool, *s))
-	return 0;
-      s++;
-    }
-  }
-  return 1;
-}
-
-
-static
-void normalizePublicId(XML_Char *publicId)
-{
-  XML_Char *p = publicId;
-  XML_Char *s;
-  for (s = publicId; *s; s++) {
-    switch (*s) {
-    case 0x20:
-    case 0xD:
-    case 0xA:
-      if (p != publicId && p[-1] != 0x20)
-	*p++ = 0x20;
-      break;
-    default:
-      *p++ = *s;
-    }
-  }
-  if (p != publicId && p[-1] == 0x20)
-    --p;
-  *p = XML_T('\0');
-}
-
-static int dtdInit(DTD *p)
-{
-  poolInit(&(p->pool));
-  hashTableInit(&(p->generalEntities));
-  hashTableInit(&(p->elementTypes));
-  hashTableInit(&(p->attributeIds));
-  hashTableInit(&(p->prefixes));
-  p->complete = 1;
-  p->standalone = 0;
-  p->base = 0;
-  p->defaultPrefix.name = 0;
-  p->defaultPrefix.binding = 0;
-  return 1;
-}
-
-static void dtdDestroy(DTD *p)
-{
-  HASH_TABLE_ITER iter;
-  hashTableIterInit(&iter, &(p->elementTypes));
-  for (;;) {
-    ELEMENT_TYPE *e = (ELEMENT_TYPE *)hashTableIterNext(&iter);
-    if (!e)
-      break;
-    if (e->allocDefaultAtts != 0)
-      free(e->defaultAtts);
-  }
-  hashTableDestroy(&(p->generalEntities));
-  hashTableDestroy(&(p->elementTypes));
-  hashTableDestroy(&(p->attributeIds));
-  hashTableDestroy(&(p->prefixes));
-  poolDestroy(&(p->pool));
-}
-
-/* Do a deep copy of the DTD.  Return 0 for out of memory; non-zero otherwise.
-The new DTD has already been initialized. */
-
-static int dtdCopy(DTD *newDtd, const DTD *oldDtd)
-{
-  HASH_TABLE_ITER iter;
-
-  if (oldDtd->base) {
-    const XML_Char *tem = poolCopyString(&(newDtd->pool), oldDtd->base);
-    if (!tem)
-      return 0;
-    newDtd->base = tem;
-  }
-
-  /* Copy the prefix table. */
-
-  hashTableIterInit(&iter, &(oldDtd->prefixes));
-  for (;;) {
-    const XML_Char *name;
-    const PREFIX *oldP = (PREFIX *)hashTableIterNext(&iter);
-    if (!oldP)
-      break;
-    name = poolCopyString(&(newDtd->pool), oldP->name);
-    if (!name)
-      return 0;
-    if (!hashTableLookup(&(newDtd->prefixes), name, sizeof(PREFIX)))
-      return 0;
-  }
-
-  hashTableIterInit(&iter, &(oldDtd->attributeIds));
-
-  /* Copy the attribute id table. */
-
-  for (;;) {
-    ATTRIBUTE_ID *newA;
-    const XML_Char *name;
-    const ATTRIBUTE_ID *oldA = (ATTRIBUTE_ID *)hashTableIterNext(&iter);
-
-    if (!oldA)
-      break;
-    /* Remember to allocate the scratch byte before the name. */
-    if (!poolAppendChar(&(newDtd->pool), XML_T('\0')))
-      return 0;
-    name = poolCopyString(&(newDtd->pool), oldA->name);
-    if (!name)
-      return 0;
-    ++name;
-    newA = (ATTRIBUTE_ID *)hashTableLookup(&(newDtd->attributeIds), name, sizeof(ATTRIBUTE_ID));
-    if (!newA)
-      return 0;
-    newA->maybeTokenized = oldA->maybeTokenized;
-    if (oldA->prefix) {
-      newA->xmlns = oldA->xmlns;
-      if (oldA->prefix == &oldDtd->defaultPrefix)
-	newA->prefix = &newDtd->defaultPrefix;
-      else
-	newA->prefix = (PREFIX *)hashTableLookup(&(newDtd->prefixes), oldA->prefix->name, 0);
-    }
-  }
-
-  /* Copy the element type table. */
-
-  hashTableIterInit(&iter, &(oldDtd->elementTypes));
-
-  for (;;) {
-    int i;
-    ELEMENT_TYPE *newE;
-    const XML_Char *name;
-    const ELEMENT_TYPE *oldE = (ELEMENT_TYPE *)hashTableIterNext(&iter);
-    if (!oldE)
-      break;
-    name = poolCopyString(&(newDtd->pool), oldE->name);
-    if (!name)
-      return 0;
-    newE = (ELEMENT_TYPE *)hashTableLookup(&(newDtd->elementTypes), name, sizeof(ELEMENT_TYPE));
-    if (!newE)
-      return 0;
-    if (oldE->nDefaultAtts) {
-      newE->defaultAtts = (DEFAULT_ATTRIBUTE *)malloc(oldE->nDefaultAtts * sizeof(DEFAULT_ATTRIBUTE));
-      if (!newE->defaultAtts)
-	return 0;
-    }
-    newE->allocDefaultAtts = newE->nDefaultAtts = oldE->nDefaultAtts;
-    if (oldE->prefix)
-      newE->prefix = (PREFIX *)hashTableLookup(&(newDtd->prefixes), oldE->prefix->name, 0);
-    for (i = 0; i < newE->nDefaultAtts; i++) {
-      newE->defaultAtts[i].id = (ATTRIBUTE_ID *)hashTableLookup(&(newDtd->attributeIds), oldE->defaultAtts[i].id->name, 0);
-      newE->defaultAtts[i].isCdata = oldE->defaultAtts[i].isCdata;
-      if (oldE->defaultAtts[i].value) {
-	newE->defaultAtts[i].value = poolCopyString(&(newDtd->pool), oldE->defaultAtts[i].value);
-	if (!newE->defaultAtts[i].value)
-  	  return 0;
-      }
-      else
-	newE->defaultAtts[i].value = 0;
-    }
-  }
-
-  /* Copy the entity table. */
-
-  hashTableIterInit(&iter, &(oldDtd->generalEntities));
-
-  for (;;) {
-    ENTITY *newE;
-    const XML_Char *name;
-    const ENTITY *oldE = (ENTITY *)hashTableIterNext(&iter);
-    if (!oldE)
-      break;
-    name = poolCopyString(&(newDtd->pool), oldE->name);
-    if (!name)
-      return 0;
-    newE = (ENTITY *)hashTableLookup(&(newDtd->generalEntities), name, sizeof(ENTITY));
-    if (!newE)
-      return 0;
-    if (oldE->systemId) {
-      const XML_Char *tem = poolCopyString(&(newDtd->pool), oldE->systemId);
-      if (!tem)
-	return 0;
-      newE->systemId = tem;
-      if (oldE->base) {
-	if (oldE->base == oldDtd->base)
-	  newE->base = newDtd->base;
-	tem = poolCopyString(&(newDtd->pool), oldE->base);
-	if (!tem)
-	  return 0;
-	newE->base = tem;
-      }
-    }
-    else {
-      const XML_Char *tem = poolCopyStringN(&(newDtd->pool), oldE->textPtr, oldE->textLen);
-      if (!tem)
-	return 0;
-      newE->textPtr = tem;
-      newE->textLen = oldE->textLen;
-    }
-    if (oldE->notation) {
-      const XML_Char *tem = poolCopyString(&(newDtd->pool), oldE->notation);
-      if (!tem)
-	return 0;
-      newE->notation = tem;
-    }
-  }
-
-  newDtd->complete = oldDtd->complete;
-  newDtd->standalone = oldDtd->standalone;
-  return 1;
-}
-
-static
-void poolInit(STRING_POOL *pool)
-{
-  pool->blocks = 0;
-  pool->freeBlocks = 0;
-  pool->start = 0;
-  pool->ptr = 0;
-  pool->end = 0;
-}
-
-static
-void poolClear(STRING_POOL *pool)
-{
-  if (!pool->freeBlocks)
-    pool->freeBlocks = pool->blocks;
-  else {
-    BLOCK *p = pool->blocks;
-    while (p) {
-      BLOCK *tem = p->next;
-      p->next = pool->freeBlocks;
-      pool->freeBlocks = p;
-      p = tem;
-    }
-  }
-  pool->blocks = 0;
-  pool->start = 0;
-  pool->ptr = 0;
-  pool->end = 0;
-}
-
-static
-void poolDestroy(STRING_POOL *pool)
-{
-  BLOCK *p = pool->blocks;
-  while (p) {
-    BLOCK *tem = p->next;
-    free(p);
-    p = tem;
-  }
-  pool->blocks = 0;
-  p = pool->freeBlocks;
-  while (p) {
-    BLOCK *tem = p->next;
-    free(p);
-    p = tem;
-  }
-  pool->freeBlocks = 0;
-  pool->ptr = 0;
-  pool->start = 0;
-  pool->end = 0;
-}
-
-static
-XML_Char *poolAppend(STRING_POOL *pool, const ENCODING *enc,
-		     const char *ptr, const char *end)
-{
-  if (!pool->ptr && !poolGrow(pool))
-    return 0;
-  for (;;) {
-    XmlConvert(enc, &ptr, end, (ICHAR **)&(pool->ptr), (ICHAR *)pool->end);
-    if (ptr == end)
-      break;
-    if (!poolGrow(pool))
-      return 0;
-  }
-  return pool->start;
-}
-
-static const XML_Char *poolCopyString(STRING_POOL *pool, const XML_Char *s)
-{
-  do {
-    if (!poolAppendChar(pool, *s))
-      return 0;
-  } while (*s++);
-  s = pool->start;
-  poolFinish(pool);
-  return s;
-}
-
-static const XML_Char *poolCopyStringN(STRING_POOL *pool, const XML_Char *s, int n)
-{
-  if (!pool->ptr && !poolGrow(pool))
-    return 0;
-  for (; n > 0; --n, s++) {
-    if (!poolAppendChar(pool, *s))
-      return 0;
-
-  }
-  s = pool->start;
-  poolFinish(pool);
-  return s;
-}
-
-static
-XML_Char *poolStoreString(STRING_POOL *pool, const ENCODING *enc,
-			  const char *ptr, const char *end)
-{
-  if (!poolAppend(pool, enc, ptr, end))
-    return 0;
-  if (pool->ptr == pool->end && !poolGrow(pool))
-    return 0;
-  *(pool->ptr)++ = 0;
-  return pool->start;
-}
-
-static
-int poolGrow(STRING_POOL *pool)
-{
-  if (pool->freeBlocks) {
-    if (pool->start == 0) {
-      pool->blocks = pool->freeBlocks;
-      pool->freeBlocks = pool->freeBlocks->next;
-      pool->blocks->next = 0;
-      pool->start = pool->blocks->s;
-      pool->end = pool->start + pool->blocks->size;
-      pool->ptr = pool->start;
-      return 1;
-    }
-    if (pool->end - pool->start < pool->freeBlocks->size) {
-      BLOCK *tem = pool->freeBlocks->next;
-      pool->freeBlocks->next = pool->blocks;
-      pool->blocks = pool->freeBlocks;
-      pool->freeBlocks = tem;
-      memcpy(pool->blocks->s, pool->start, (pool->end - pool->start) * sizeof(XML_Char));
-      pool->ptr = pool->blocks->s + (pool->ptr - pool->start);
-      pool->start = pool->blocks->s;
-      pool->end = pool->start + pool->blocks->size;
-      return 1;
-    }
-  }
-  if (pool->blocks && pool->start == pool->blocks->s) {
-    int blockSize = (pool->end - pool->start)*2;
-    pool->blocks = realloc(pool->blocks, offsetof(BLOCK, s) + blockSize * sizeof(XML_Char));
-    if (!pool->blocks)
-      return 0;
-    pool->blocks->size = blockSize;
-    pool->ptr = pool->blocks->s + (pool->ptr - pool->start);
-    pool->start = pool->blocks->s;
-    pool->end = pool->start + blockSize;
-  }
-  else {
-    BLOCK *tem;
-    int blockSize = pool->end - pool->start;
-    if (blockSize < INIT_BLOCK_SIZE)
-      blockSize = INIT_BLOCK_SIZE;
-    else
-      blockSize *= 2;
-    tem = malloc(offsetof(BLOCK, s) + blockSize * sizeof(XML_Char));
-    if (!tem)
-      return 0;
-    tem->size = blockSize;
-    tem->next = pool->blocks;
-    pool->blocks = tem;
-    memcpy(tem->s, pool->start, (pool->ptr - pool->start) * sizeof(XML_Char));
-    pool->ptr = tem->s + (pool->ptr - pool->start);
-    pool->start = tem->s;
-    pool->end = tem->s + blockSize;
-  }
-  return 1;
-}
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.def b/usr.sbin/httpd/src/lib/expat-lite/xmlparse.def
deleted file mode 100644
index c309076f479..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.def
+++ /dev/null
@@ -1,41 +0,0 @@
-; xmlparse.def
-
-LIBRARY xmlparse
-DESCRIPTION ''
-
-EXPORTS
-   XML_DefaultCurrent                    @1
-   XML_ErrorString                       @2
-   XML_ExternalEntityParserCreate        @3
-   XML_GetBase                           @4
-   XML_GetBuffer                         @5
-   XML_GetCurrentByteCount               @6
-   XML_GetCurrentByteIndex               @7
-   XML_GetCurrentColumnNumber            @8
-   XML_GetCurrentLineNumber              @9
-   XML_GetErrorCode                      @10
-   XML_GetSpecifiedAttributeCount        @11
-   XML_Parse                             @12
-   XML_ParseBuffer                       @13
-   XML_ParserCreate                      @14
-   XML_ParserCreateNS                    @15
-   XML_ParserFree                        @16
-   XML_SetBase                           @17
-   XML_SetCdataSectionHandler            @18
-   XML_SetCharacterDataHandler           @19
-   XML_SetCommentHandler                 @20
-   XML_SetDefaultHandler                 @21
-   XML_SetDefaultHandlerExpand           @22
-   XML_SetElementHandler                 @23
-   XML_SetEncoding                       @24
-   XML_SetExternalEntityRefHandler       @25
-   XML_SetExternalEntityRefHandlerArg    @26
-   XML_SetNamespaceDeclHandler           @27
-   XML_SetNotStandaloneHandler           @28
-   XML_SetNotationDeclHandler            @29
-   XML_SetProcessingInstructionHandler   @30
-   XML_SetUnknownEncodingHandler         @31
-   XML_SetUnparsedEntityDeclHandler      @32
-   XML_SetUserData                       @33
-   XML_UseParserAsHandlerArg             @34
-
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.h b/usr.sbin/httpd/src/lib/expat-lite/xmlparse.h
deleted file mode 100644
index f2f9c9be1c0..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.h
+++ /dev/null
@@ -1,482 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#ifndef XmlParse_INCLUDED
-#define XmlParse_INCLUDED 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef XMLPARSEAPI
-#define XMLPARSEAPI /* as nothing */
-#endif
-
-typedef void *XML_Parser;
-
-#ifdef XML_UNICODE_WCHAR_T
-
-/* XML_UNICODE_WCHAR_T will work only if sizeof(wchar_t) == 2 and wchar_t
-uses Unicode. */
-/* Information is UTF-16 encoded as wchar_ts */
-
-#ifndef XML_UNICODE
-#define XML_UNICODE
-#endif
-
-#include 
-typedef wchar_t XML_Char;
-typedef wchar_t XML_LChar;
-
-#else /* not XML_UNICODE_WCHAR_T */
-
-#ifdef XML_UNICODE
-
-/* Information is UTF-16 encoded as unsigned shorts */
-typedef unsigned short XML_Char;
-typedef char XML_LChar;
-
-#else /* not XML_UNICODE */
-
-/* Information is UTF-8 encoded. */
-typedef char XML_Char;
-typedef char XML_LChar;
-
-#endif /* not XML_UNICODE */
-
-#endif /* not XML_UNICODE_WCHAR_T */
-
-
-/* Constructs a new parser; encoding is the encoding specified by the external
-protocol or null if there is none specified. */
-
-XML_Parser XMLPARSEAPI
-XML_ParserCreate(const XML_Char *encoding);
-
-/* Constructs a new parser and namespace processor.  Element type names
-and attribute names that belong to a namespace will be expanded;
-unprefixed attribute names are never expanded; unprefixed element type
-names are expanded only if there is a default namespace. The expanded
-name is the concatenation of the namespace URI, the namespace separator character,
-and the local part of the name.  If the namespace separator is '\0' then
-the namespace URI and the local part will be concatenated without any
-separator.  When a namespace is not declared, the name and prefix will be
-passed through without expansion. */
-
-XML_Parser XMLPARSEAPI
-XML_ParserCreateNS(const XML_Char *encoding, XML_Char namespaceSeparator);
-
-
-/* atts is array of name/value pairs, terminated by 0;
-   names and values are 0 terminated. */
-
-typedef void (*XML_StartElementHandler)(void *userData,
-					const XML_Char *name,
-					const XML_Char **atts);
-
-typedef void (*XML_EndElementHandler)(void *userData,
-				      const XML_Char *name);
-
-/* s is not 0 terminated. */
-typedef void (*XML_CharacterDataHandler)(void *userData,
-					 const XML_Char *s,
-					 int len);
-
-/* target and data are 0 terminated */
-typedef void (*XML_ProcessingInstructionHandler)(void *userData,
-						 const XML_Char *target,
-						 const XML_Char *data);
-
-/* data is 0 terminated */
-typedef void (*XML_CommentHandler)(void *userData, const XML_Char *data);
-
-typedef void (*XML_StartCdataSectionHandler)(void *userData);
-typedef void (*XML_EndCdataSectionHandler)(void *userData);
-
-/* This is called for any characters in the XML document for
-which there is no applicable handler.  This includes both
-characters that are part of markup which is of a kind that is
-not reported (comments, markup declarations), or characters
-that are part of a construct which could be reported but
-for which no handler has been supplied. The characters are passed
-exactly as they were in the XML document except that
-they will be encoded in UTF-8.  Line boundaries are not normalized.
-Note that a byte order mark character is not passed to the default handler.
-There are no guarantees about how characters are divided between calls
-to the default handler: for example, a comment might be split between
-multiple calls. */
-
-typedef void (*XML_DefaultHandler)(void *userData,
-				   const XML_Char *s,
-				   int len);
-
-/* This is called for a declaration of an unparsed (NDATA)
-entity.  The base argument is whatever was set by XML_SetBase.
-The entityName, systemId and notationName arguments will never be null.
-The other arguments may be. */
-
-typedef void (*XML_UnparsedEntityDeclHandler)(void *userData,
-					      const XML_Char *entityName,
-					      const XML_Char *base,
-					      const XML_Char *systemId,
-					      const XML_Char *publicId,
-					      const XML_Char *notationName);
-
-/* This is called for a declaration of notation.
-The base argument is whatever was set by XML_SetBase.
-The notationName will never be null.  The other arguments can be. */
-
-typedef void (*XML_NotationDeclHandler)(void *userData,
-					const XML_Char *notationName,
-					const XML_Char *base,
-					const XML_Char *systemId,
-					const XML_Char *publicId);
-
-/* When namespace processing is enabled, these are called once for
-each namespace declaration. The call to the start and end element
-handlers occur between the calls to the start and end namespace
-declaration handlers. For an xmlns attribute, prefix will be null.
-For an xmlns="" attribute, uri will be null. */
-
-typedef void (*XML_StartNamespaceDeclHandler)(void *userData,
-					      const XML_Char *prefix,
-					      const XML_Char *uri);
-
-typedef void (*XML_EndNamespaceDeclHandler)(void *userData,
-					    const XML_Char *prefix);
-
-/* This is called if the document is not standalone (it has an
-external subset or a reference to a parameter entity, but does not
-have standalone="yes"). If this handler returns 0, then processing
-will not continue, and the parser will return a
-XML_ERROR_NOT_STANDALONE error. */
-
-typedef int (*XML_NotStandaloneHandler)(void *userData);
-
-/* This is called for a reference to an external parsed general entity.
-The referenced entity is not automatically parsed.
-The application can parse it immediately or later using
-XML_ExternalEntityParserCreate.
-The parser argument is the parser parsing the entity containing the reference;
-it can be passed as the parser argument to XML_ExternalEntityParserCreate.
-The systemId argument is the system identifier as specified in the entity declaration;
-it will not be null.
-The base argument is the system identifier that should be used as the base for
-resolving systemId if systemId was relative; this is set by XML_SetBase;
-it may be null.
-The publicId argument is the public identifier as specified in the entity declaration,
-or null if none was specified; the whitespace in the public identifier
-will have been normalized as required by the XML spec.
-The context argument specifies the parsing context in the format
-expected by the context argument to
-XML_ExternalEntityParserCreate; context is valid only until the handler
-returns, so if the referenced entity is to be parsed later, it must be copied.
-The handler should return 0 if processing should not continue because of
-a fatal error in the handling of the external entity.
-In this case the calling parser will return an XML_ERROR_EXTERNAL_ENTITY_HANDLING
-error.
-Note that unlike other handlers the first argument is the parser, not userData. */
-
-typedef int (*XML_ExternalEntityRefHandler)(XML_Parser parser,
-					    const XML_Char *context,
-					    const XML_Char *base,
-					    const XML_Char *systemId,
-					    const XML_Char *publicId);
-
-/* This structure is filled in by the XML_UnknownEncodingHandler
-to provide information to the parser about encodings that are unknown
-to the parser.
-The map[b] member gives information about byte sequences
-whose first byte is b.
-If map[b] is c where c is >= 0, then b by itself encodes the Unicode scalar value c.
-If map[b] is -1, then the byte sequence is malformed.
-If map[b] is -n, where n >= 2, then b is the first byte of an n-byte
-sequence that encodes a single Unicode scalar value.
-The data member will be passed as the first argument to the convert function.
-The convert function is used to convert multibyte sequences;
-s will point to a n-byte sequence where map[(unsigned char)*s] == -n.
-The convert function must return the Unicode scalar value
-represented by this byte sequence or -1 if the byte sequence is malformed.
-The convert function may be null if the encoding is a single-byte encoding,
-that is if map[b] >= -1 for all bytes b.
-When the parser is finished with the encoding, then if release is not null,
-it will call release passing it the data member;
-once release has been called, the convert function will not be called again.
-
-Expat places certain restrictions on the encodings that are supported
-using this mechanism.
-
-1. Every ASCII character that can appear in a well-formed XML document,
-other than the characters
-
-  $@\^`{}~
-
-must be represented by a single byte, and that byte must be the
-same byte that represents that character in ASCII.
-
-2. No character may require more than 4 bytes to encode.
-
-3. All characters encoded must have Unicode scalar values <= 0xFFFF,
-(ie characters that would be encoded by surrogates in UTF-16
-are  not allowed).  Note that this restriction doesn't apply to
-the built-in support for UTF-8 and UTF-16.
-
-4. No Unicode character may be encoded by more than one distinct sequence
-of bytes. */
-
-typedef struct {
-  int map[256];
-  void *data;
-  int (*convert)(void *data, const char *s);
-  void (*release)(void *data);
-} XML_Encoding;
-
-/* This is called for an encoding that is unknown to the parser.
-The encodingHandlerData argument is that which was passed as the
-second argument to XML_SetUnknownEncodingHandler.
-The name argument gives the name of the encoding as specified in
-the encoding declaration.
-If the callback can provide information about the encoding,
-it must fill in the XML_Encoding structure, and return 1.
-Otherwise it must return 0.
-If info does not describe a suitable encoding,
-then the parser will return an XML_UNKNOWN_ENCODING error. */
-
-typedef int (*XML_UnknownEncodingHandler)(void *encodingHandlerData,
-					  const XML_Char *name,
-					  XML_Encoding *info);
-
-void XMLPARSEAPI
-XML_SetElementHandler(XML_Parser parser,
-		      XML_StartElementHandler start,
-		      XML_EndElementHandler end);
-
-void XMLPARSEAPI
-XML_SetCharacterDataHandler(XML_Parser parser,
-			    XML_CharacterDataHandler handler);
-
-void XMLPARSEAPI
-XML_SetProcessingInstructionHandler(XML_Parser parser,
-				    XML_ProcessingInstructionHandler handler);
-void XMLPARSEAPI
-XML_SetCommentHandler(XML_Parser parser,
-                      XML_CommentHandler handler);
-
-void XMLPARSEAPI
-XML_SetCdataSectionHandler(XML_Parser parser,
-			   XML_StartCdataSectionHandler start,
-			   XML_EndCdataSectionHandler end);
-
-/* This sets the default handler and also inhibits expansion of internal entities.
-The entity reference will be passed to the default handler. */
-
-void XMLPARSEAPI
-XML_SetDefaultHandler(XML_Parser parser,
-		      XML_DefaultHandler handler);
-
-/* This sets the default handler but does not inhibit expansion of internal entities.
-The entity reference will not be passed to the default handler. */
-
-void XMLPARSEAPI
-XML_SetDefaultHandlerExpand(XML_Parser parser,
-		            XML_DefaultHandler handler);
-
-void XMLPARSEAPI
-XML_SetUnparsedEntityDeclHandler(XML_Parser parser,
-				 XML_UnparsedEntityDeclHandler handler);
-
-void XMLPARSEAPI
-XML_SetNotationDeclHandler(XML_Parser parser,
-			   XML_NotationDeclHandler handler);
-
-void XMLPARSEAPI
-XML_SetNamespaceDeclHandler(XML_Parser parser,
-			    XML_StartNamespaceDeclHandler start,
-			    XML_EndNamespaceDeclHandler end);
-
-void XMLPARSEAPI
-XML_SetNotStandaloneHandler(XML_Parser parser,
-			    XML_NotStandaloneHandler handler);
-
-void XMLPARSEAPI
-XML_SetExternalEntityRefHandler(XML_Parser parser,
-				XML_ExternalEntityRefHandler handler);
-
-/* If a non-null value for arg is specified here, then it will be passed
-as the first argument to the external entity ref handler instead
-of the parser object. */
-void XMLPARSEAPI
-XML_SetExternalEntityRefHandlerArg(XML_Parser, void *arg);
-
-void XMLPARSEAPI
-XML_SetUnknownEncodingHandler(XML_Parser parser,
-			      XML_UnknownEncodingHandler handler,
-			      void *encodingHandlerData);
-
-/* This can be called within a handler for a start element, end element,
-processing instruction or character data.  It causes the corresponding
-markup to be passed to the default handler. */
-void XMLPARSEAPI XML_DefaultCurrent(XML_Parser parser);
-
-/* This value is passed as the userData argument to callbacks. */
-void XMLPARSEAPI
-XML_SetUserData(XML_Parser parser, void *userData);
-
-/* Returns the last value set by XML_SetUserData or null. */
-#define XML_GetUserData(parser) (*(void **)(parser))
-
-/* This is equivalent to supplying an encoding argument
-to XML_CreateParser. It must not be called after XML_Parse
-or XML_ParseBuffer. */
-
-int XMLPARSEAPI
-XML_SetEncoding(XML_Parser parser, const XML_Char *encoding);
-
-/* If this function is called, then the parser will be passed
-as the first argument to callbacks instead of userData.
-The userData will still be accessible using XML_GetUserData. */
-
-void XMLPARSEAPI
-XML_UseParserAsHandlerArg(XML_Parser parser);
-
-/* Sets the base to be used for resolving relative URIs in system identifiers in
-declarations.  Resolving relative identifiers is left to the application:
-this value will be passed through as the base argument to the
-XML_ExternalEntityRefHandler, XML_NotationDeclHandler
-and XML_UnparsedEntityDeclHandler. The base argument will be copied.
-Returns zero if out of memory, non-zero otherwise. */
-
-int XMLPARSEAPI
-XML_SetBase(XML_Parser parser, const XML_Char *base);
-
-const XML_Char XMLPARSEAPI *
-XML_GetBase(XML_Parser parser);
-
-/* Returns the number of the attributes passed in last call to the
-XML_StartElementHandler that were specified in the start-tag rather
-than defaulted. */
-
-int XMLPARSEAPI XML_GetSpecifiedAttributeCount(XML_Parser parser);
-
-/* Parses some input. Returns 0 if a fatal error is detected.
-The last call to XML_Parse must have isFinal true;
-len may be zero for this call (or any other). */
-int XMLPARSEAPI
-XML_Parse(XML_Parser parser, const char *s, int len, int isFinal);
-
-void XMLPARSEAPI *
-XML_GetBuffer(XML_Parser parser, int len);
-
-int XMLPARSEAPI
-XML_ParseBuffer(XML_Parser parser, int len, int isFinal);
-
-/* Creates an XML_Parser object that can parse an external general entity;
-context is a '\0'-terminated string specifying the parse context;
-encoding is a '\0'-terminated string giving the name of the externally specified encoding,
-or null if there is no externally specified encoding.
-The context string consists of a sequence of tokens separated by formfeeds (\f);
-a token consisting of a name specifies that the general entity of the name
-is open; a token of the form prefix=uri specifies the namespace for a particular
-prefix; a token of the form =uri specifies the default namespace.
-This can be called at any point after the first call to an ExternalEntityRefHandler
-so longer as the parser has not yet been freed.
-The new parser is completely independent and may safely be used in a separate thread.
-The handlers and userData are initialized from the parser argument.
-Returns 0 if out of memory.  Otherwise returns a new XML_Parser object. */
-XML_Parser XMLPARSEAPI
-XML_ExternalEntityParserCreate(XML_Parser parser,
-			       const XML_Char *context,
-			       const XML_Char *encoding);
-
-enum XML_Error {
-  XML_ERROR_NONE,
-  XML_ERROR_NO_MEMORY,
-  XML_ERROR_SYNTAX,
-  XML_ERROR_NO_ELEMENTS,
-  XML_ERROR_INVALID_TOKEN,
-  XML_ERROR_UNCLOSED_TOKEN,
-  XML_ERROR_PARTIAL_CHAR,
-  XML_ERROR_TAG_MISMATCH,
-  XML_ERROR_DUPLICATE_ATTRIBUTE,
-  XML_ERROR_JUNK_AFTER_DOC_ELEMENT,
-  XML_ERROR_PARAM_ENTITY_REF,
-  XML_ERROR_UNDEFINED_ENTITY,
-  XML_ERROR_RECURSIVE_ENTITY_REF,
-  XML_ERROR_ASYNC_ENTITY,
-  XML_ERROR_BAD_CHAR_REF,
-  XML_ERROR_BINARY_ENTITY_REF,
-  XML_ERROR_ATTRIBUTE_EXTERNAL_ENTITY_REF,
-  XML_ERROR_MISPLACED_XML_PI,
-  XML_ERROR_UNKNOWN_ENCODING,
-  XML_ERROR_INCORRECT_ENCODING,
-  XML_ERROR_UNCLOSED_CDATA_SECTION,
-  XML_ERROR_EXTERNAL_ENTITY_HANDLING,
-  XML_ERROR_NOT_STANDALONE
-};
-
-/* If XML_Parse or XML_ParseBuffer have returned 0, then XML_GetErrorCode
-returns information about the error. */
-
-enum XML_Error XMLPARSEAPI XML_GetErrorCode(XML_Parser parser);
-
-/* These functions return information about the current parse location.
-They may be called when XML_Parse or XML_ParseBuffer return 0;
-in this case the location is the location of the character at which
-the error was detected.
-They may also be called from any other callback called to report
-some parse event; in this the location is the location of the first
-of the sequence of characters that generated the event. */
-
-int XMLPARSEAPI XML_GetCurrentLineNumber(XML_Parser parser);
-int XMLPARSEAPI XML_GetCurrentColumnNumber(XML_Parser parser);
-long XMLPARSEAPI XML_GetCurrentByteIndex(XML_Parser parser);
-
-/* Return the number of bytes in the current event.
-Returns 0 if the event is in an internal entity. */
-
-int XMLPARSEAPI XML_GetCurrentByteCount(XML_Parser parser);
-
-/* For backwards compatibility with previous versions. */
-#define XML_GetErrorLineNumber XML_GetCurrentLineNumber
-#define XML_GetErrorColumnNumber XML_GetCurrentColumnNumber
-#define XML_GetErrorByteIndex XML_GetCurrentByteIndex
-
-/* Frees memory used by the parser. */
-void XMLPARSEAPI
-XML_ParserFree(XML_Parser parser);
-
-/* Returns a string describing the error. */
-const XML_LChar XMLPARSEAPI *XML_ErrorString(int code);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* not XmlParse_INCLUDED */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.imp b/usr.sbin/httpd/src/lib/expat-lite/xmlparse.imp
deleted file mode 100644
index b5bd84ffd90..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparse.imp
+++ /dev/null
@@ -1,34 +0,0 @@
- XML_DefaultCurrent,
- XML_ErrorString,
- XML_ExternalEntityParserCreate,
- XML_GetBase,
- XML_GetBuffer,
- XML_GetCurrentByteCount,
- XML_GetCurrentByteIndex,
- XML_GetCurrentColumnNumber,
- XML_GetCurrentLineNumber,
- XML_GetErrorCode,
- XML_GetSpecifiedAttributeCount,
- XML_Parse,
- XML_ParseBuffer,
- XML_ParserCreate,
- XML_ParserCreateNS,
- XML_ParserFree,
- XML_SetBase,
- XML_SetCdataSectionHandler,
- XML_SetCharacterDataHandler,
- XML_SetCommentHandler,
- XML_SetDefaultHandler,
- XML_SetDefaultHandlerExpand,
- XML_SetElementHandler,
- XML_SetEncoding,
- XML_SetExternalEntityRefHandler,
- XML_SetExternalEntityRefHandlerArg,
- XML_SetNamespaceDeclHandler,
- XML_SetNotStandaloneHandler,
- XML_SetNotationDeclHandler,
- XML_SetProcessingInstructionHandler,
- XML_SetUnknownEncodingHandler,
- XML_SetUnparsedEntityDeclHandler,
- XML_SetUserData,
- XML_UseParserAsHandlerArg
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlparsenw.def b/usr.sbin/httpd/src/lib/expat-lite/xmlparsenw.def
deleted file mode 100644
index ab0141987f3..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlparsenw.def
+++ /dev/null
@@ -1,2 +0,0 @@
-MODULE xmltok
-EXPORT @xmlparse.imp
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlrole.c b/usr.sbin/httpd/src/lib/expat-lite/xmlrole.c
deleted file mode 100644
index 0be7ddae1c0..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlrole.c
+++ /dev/null
@@ -1,1093 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include "xmldef.h"
-#include "xmlrole.h"
-
-/* Doesn't check:
-
- that ,| are not mixed in a model group
- content of literals
-
-*/
-
-#ifndef MIN_BYTES_PER_CHAR
-#define MIN_BYTES_PER_CHAR(enc) ((enc)->minBytesPerChar)
-#endif
-
-typedef int PROLOG_HANDLER(struct prolog_state *state,
-			   int tok,
-			   const char *ptr,
-			   const char *end,
-			   const ENCODING *enc);
-
-static PROLOG_HANDLER
-  prolog0, prolog1, prolog2,
-  doctype0, doctype1, doctype2, doctype3, doctype4, doctype5,
-  internalSubset,
-  entity0, entity1, entity2, entity3, entity4, entity5, entity6,
-  entity7, entity8, entity9,
-  notation0, notation1, notation2, notation3, notation4,
-  attlist0, attlist1, attlist2, attlist3, attlist4, attlist5, attlist6,
-  attlist7, attlist8, attlist9,
-  element0, element1, element2, element3, element4, element5, element6,
-  element7,
-  declClose,
-  error;
-
-static
-int syntaxError(PROLOG_STATE *);
-
-static
-int prolog0(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    state->handler = prolog1;
-    return XML_ROLE_NONE;
-  case XML_TOK_XML_DECL:
-    state->handler = prolog1;
-    return XML_ROLE_XML_DECL;
-  case XML_TOK_PI:
-    state->handler = prolog1;
-    return XML_ROLE_NONE;
-  case XML_TOK_COMMENT:
-    state->handler = prolog1;
-  case XML_TOK_BOM:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_OPEN:
-    if (!XmlNameMatchesAscii(enc,
-			     ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			     "DOCTYPE"))
-      break;
-    state->handler = doctype0;
-    return XML_ROLE_NONE;
-  case XML_TOK_INSTANCE_START:
-    state->handler = error;
-    return XML_ROLE_INSTANCE_START;
-  }
-  return syntaxError(state);
-}
-
-static
-int prolog1(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_PI:
-  case XML_TOK_COMMENT:
-  case XML_TOK_BOM:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_OPEN:
-    if (!XmlNameMatchesAscii(enc,
-			     ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			     "DOCTYPE"))
-      break;
-    state->handler = doctype0;
-    return XML_ROLE_NONE;
-  case XML_TOK_INSTANCE_START:
-    state->handler = error;
-    return XML_ROLE_INSTANCE_START;
-  }
-  return syntaxError(state);
-}
-
-static
-int prolog2(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_PI:
-  case XML_TOK_COMMENT:
-    return XML_ROLE_NONE;
-  case XML_TOK_INSTANCE_START:
-    state->handler = error;
-    return XML_ROLE_INSTANCE_START;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype0(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = doctype1;
-    return XML_ROLE_DOCTYPE_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype1(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_OPEN_BRACKET:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = prolog2;
-    return XML_ROLE_DOCTYPE_CLOSE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "SYSTEM")) {
-      state->handler = doctype3;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "PUBLIC")) {
-      state->handler = doctype2;
-      return XML_ROLE_NONE;
-    }
-    break;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype2(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = doctype3;
-    return XML_ROLE_DOCTYPE_PUBLIC_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype3(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = doctype4;
-    return XML_ROLE_DOCTYPE_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype4(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_OPEN_BRACKET:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = prolog2;
-    return XML_ROLE_DOCTYPE_CLOSE;
-  }
-  return syntaxError(state);
-}
-
-static
-int doctype5(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = prolog2;
-    return XML_ROLE_DOCTYPE_CLOSE;
-  }
-  return syntaxError(state);
-}
-
-static
-int internalSubset(PROLOG_STATE *state,
-		   int tok,
-		   const char *ptr,
-		   const char *end,
-		   const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_OPEN:
-    if (XmlNameMatchesAscii(enc,
-			    ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			    "ENTITY")) {
-      state->handler = entity0;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			    "ATTLIST")) {
-      state->handler = attlist0;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			    "ELEMENT")) {
-      state->handler = element0;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + 2 * MIN_BYTES_PER_CHAR(enc),
-			    "NOTATION")) {
-      state->handler = notation0;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_PI:
-  case XML_TOK_COMMENT:
-    return XML_ROLE_NONE;
-  case XML_TOK_PARAM_ENTITY_REF:
-    return XML_ROLE_PARAM_ENTITY_REF;
-  case XML_TOK_CLOSE_BRACKET:
-    state->handler = doctype5;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity0(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_PERCENT:
-    state->handler = entity1;
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = entity2;
-    return XML_ROLE_GENERAL_ENTITY_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity1(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = entity7;
-    return XML_ROLE_PARAM_ENTITY_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity2(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "SYSTEM")) {
-      state->handler = entity4;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "PUBLIC")) {
-      state->handler = entity3;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_ENTITY_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity3(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = entity4;
-    return XML_ROLE_ENTITY_PUBLIC_ID;
-  }
-  return syntaxError(state);
-}
-
-
-static
-int entity4(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = entity5;
-    return XML_ROLE_ENTITY_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity5(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "NDATA")) {
-      state->handler = entity6;
-      return XML_ROLE_NONE;
-    }
-    break;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity6(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = declClose;
-    return XML_ROLE_ENTITY_NOTATION_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity7(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "SYSTEM")) {
-      state->handler = entity9;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "PUBLIC")) {
-      state->handler = entity8;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_ENTITY_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity8(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = entity9;
-    return XML_ROLE_ENTITY_PUBLIC_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int entity9(PROLOG_STATE *state,
-	    int tok,
-	    const char *ptr,
-	    const char *end,
-	    const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_ENTITY_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation0(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = notation1;
-    return XML_ROLE_NOTATION_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation1(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "SYSTEM")) {
-      state->handler = notation3;
-      return XML_ROLE_NONE;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "PUBLIC")) {
-      state->handler = notation2;
-      return XML_ROLE_NONE;
-    }
-    break;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation2(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = notation4;
-    return XML_ROLE_NOTATION_PUBLIC_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation3(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_NOTATION_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int notation4(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = declClose;
-    return XML_ROLE_NOTATION_SYSTEM_ID;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = internalSubset;
-    return XML_ROLE_NOTATION_NO_SYSTEM_ID;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist0(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = attlist1;
-    return XML_ROLE_ATTLIST_ELEMENT_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist1(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = attlist2;
-    return XML_ROLE_ATTRIBUTE_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist2(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    {
-      static const char *types[] = {
-	"CDATA",
-        "ID",
-        "IDREF",
-        "IDREFS",
-        "ENTITY",
-        "ENTITIES",
-        "NMTOKEN",
-        "NMTOKENS",
-      };
-      int i;
-      for (i = 0; i < (int)(sizeof(types)/sizeof(types[0])); i++)
-	if (XmlNameMatchesAscii(enc, ptr, types[i])) {
-	  state->handler = attlist8;
-	  return XML_ROLE_ATTRIBUTE_TYPE_CDATA + i;
-	}
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "NOTATION")) {
-      state->handler = attlist5;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_OPEN_PAREN:
-    state->handler = attlist3;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist3(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NMTOKEN:
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = attlist4;
-    return XML_ROLE_ATTRIBUTE_ENUM_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist4(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN:
-    state->handler = attlist8;
-    return XML_ROLE_NONE;
-  case XML_TOK_OR:
-    state->handler = attlist3;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist5(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_OPEN_PAREN:
-    state->handler = attlist6;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-
-static
-int attlist6(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    state->handler = attlist7;
-    return XML_ROLE_ATTRIBUTE_NOTATION_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist7(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN:
-    state->handler = attlist8;
-    return XML_ROLE_NONE;
-  case XML_TOK_OR:
-    state->handler = attlist6;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-/* default value */
-static
-int attlist8(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_POUND_NAME:
-    if (XmlNameMatchesAscii(enc,
-			    ptr + MIN_BYTES_PER_CHAR(enc),
-			    "IMPLIED")) {
-      state->handler = attlist1;
-      return XML_ROLE_IMPLIED_ATTRIBUTE_VALUE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + MIN_BYTES_PER_CHAR(enc),
-			    "REQUIRED")) {
-      state->handler = attlist1;
-      return XML_ROLE_REQUIRED_ATTRIBUTE_VALUE;
-    }
-    if (XmlNameMatchesAscii(enc,
-			    ptr + MIN_BYTES_PER_CHAR(enc),
-			    "FIXED")) {
-      state->handler = attlist9;
-      return XML_ROLE_NONE;
-    }
-    break;
-  case XML_TOK_LITERAL:
-    state->handler = attlist1;
-    return XML_ROLE_DEFAULT_ATTRIBUTE_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int attlist9(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_LITERAL:
-    state->handler = attlist1;
-    return XML_ROLE_FIXED_ATTRIBUTE_VALUE;
-  }
-  return syntaxError(state);
-}
-
-static
-int element0(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = element1;
-    return XML_ROLE_ELEMENT_NAME;
-  }
-  return syntaxError(state);
-}
-
-static
-int element1(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-    if (XmlNameMatchesAscii(enc, ptr, "EMPTY")) {
-      state->handler = declClose;
-      return XML_ROLE_CONTENT_EMPTY;
-    }
-    if (XmlNameMatchesAscii(enc, ptr, "ANY")) {
-      state->handler = declClose;
-      return XML_ROLE_CONTENT_ANY;
-    }
-    break;
-  case XML_TOK_OPEN_PAREN:
-    state->handler = element2;
-    state->level = 1;
-    return XML_ROLE_GROUP_OPEN;
-  }
-  return syntaxError(state);
-}
-
-static
-int element2(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_POUND_NAME:
-    if (XmlNameMatchesAscii(enc,
-			    ptr + MIN_BYTES_PER_CHAR(enc),
-			    "PCDATA")) {
-      state->handler = element3;
-      return XML_ROLE_CONTENT_PCDATA;
-    }
-    break;
-  case XML_TOK_OPEN_PAREN:
-    state->level = 2;
-    state->handler = element6;
-    return XML_ROLE_GROUP_OPEN;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT;
-  case XML_TOK_NAME_QUESTION:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_OPT;
-  case XML_TOK_NAME_ASTERISK:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_REP;
-  case XML_TOK_NAME_PLUS:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_PLUS;
-  }
-  return syntaxError(state);
-}
-
-static
-int element3(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN:
-  case XML_TOK_CLOSE_PAREN_ASTERISK:
-    state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_REP;
-  case XML_TOK_OR:
-    state->handler = element4;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int element4(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = element5;
-    return XML_ROLE_CONTENT_ELEMENT;
-  }
-  return syntaxError(state);
-}
-
-static
-int element5(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN_ASTERISK:
-    state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_REP;
-  case XML_TOK_OR:
-    state->handler = element4;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int element6(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_OPEN_PAREN:
-    state->level += 1;
-    return XML_ROLE_GROUP_OPEN;
-  case XML_TOK_NAME:
-  case XML_TOK_PREFIXED_NAME:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT;
-  case XML_TOK_NAME_QUESTION:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_OPT;
-  case XML_TOK_NAME_ASTERISK:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_REP;
-  case XML_TOK_NAME_PLUS:
-    state->handler = element7;
-    return XML_ROLE_CONTENT_ELEMENT_PLUS;
-  }
-  return syntaxError(state);
-}
-
-static
-int element7(PROLOG_STATE *state,
-	     int tok,
-	     const char *ptr,
-	     const char *end,
-	     const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_CLOSE_PAREN:
-    state->level -= 1;
-    if (state->level == 0)
-      state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE;
-  case XML_TOK_CLOSE_PAREN_ASTERISK:
-    state->level -= 1;
-    if (state->level == 0)
-      state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_REP;
-  case XML_TOK_CLOSE_PAREN_QUESTION:
-    state->level -= 1;
-    if (state->level == 0)
-      state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_OPT;
-  case XML_TOK_CLOSE_PAREN_PLUS:
-    state->level -= 1;
-    if (state->level == 0)
-      state->handler = declClose;
-    return XML_ROLE_GROUP_CLOSE_PLUS;
-  case XML_TOK_COMMA:
-    state->handler = element6;
-    return XML_ROLE_GROUP_SEQUENCE;
-  case XML_TOK_OR:
-    state->handler = element6;
-    return XML_ROLE_GROUP_CHOICE;
-  }
-  return syntaxError(state);
-}
-
-static
-int declClose(PROLOG_STATE *state,
-	      int tok,
-	      const char *ptr,
-	      const char *end,
-	      const ENCODING *enc)
-{
-  switch (tok) {
-  case XML_TOK_PROLOG_S:
-    return XML_ROLE_NONE;
-  case XML_TOK_DECL_CLOSE:
-    state->handler = internalSubset;
-    return XML_ROLE_NONE;
-  }
-  return syntaxError(state);
-}
-
-static
-int error(PROLOG_STATE *state,
-	   int tok,
-	   const char *ptr,
-	   const char *end,
-	   const ENCODING *enc)
-{
-  return XML_ROLE_NONE;
-}
-
-static
-int syntaxError(PROLOG_STATE *state)
-{
-  state->handler = error;
-  return XML_ROLE_ERROR;
-}
-
-void XmlPrologStateInit(PROLOG_STATE *state)
-{
-  state->handler = prolog0;
-}
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmlrole.h b/usr.sbin/httpd/src/lib/expat-lite/xmlrole.h
deleted file mode 100644
index 877c40ba1f8..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmlrole.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#ifndef XmlRole_INCLUDED
-#define XmlRole_INCLUDED 1
-
-#include "xmltok.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-enum {
-  XML_ROLE_ERROR = -1,
-  XML_ROLE_NONE = 0,
-  XML_ROLE_XML_DECL,
-  XML_ROLE_INSTANCE_START,
-  XML_ROLE_DOCTYPE_NAME,
-  XML_ROLE_DOCTYPE_SYSTEM_ID,
-  XML_ROLE_DOCTYPE_PUBLIC_ID,
-  XML_ROLE_DOCTYPE_CLOSE,
-  XML_ROLE_GENERAL_ENTITY_NAME,
-  XML_ROLE_PARAM_ENTITY_NAME,
-  XML_ROLE_ENTITY_VALUE,
-  XML_ROLE_ENTITY_SYSTEM_ID,
-  XML_ROLE_ENTITY_PUBLIC_ID,
-  XML_ROLE_ENTITY_NOTATION_NAME,
-  XML_ROLE_NOTATION_NAME,
-  XML_ROLE_NOTATION_SYSTEM_ID,
-  XML_ROLE_NOTATION_NO_SYSTEM_ID,
-  XML_ROLE_NOTATION_PUBLIC_ID,
-  XML_ROLE_ATTRIBUTE_NAME,
-  XML_ROLE_ATTRIBUTE_TYPE_CDATA,
-  XML_ROLE_ATTRIBUTE_TYPE_ID,
-  XML_ROLE_ATTRIBUTE_TYPE_IDREF,
-  XML_ROLE_ATTRIBUTE_TYPE_IDREFS,
-  XML_ROLE_ATTRIBUTE_TYPE_ENTITY,
-  XML_ROLE_ATTRIBUTE_TYPE_ENTITIES,
-  XML_ROLE_ATTRIBUTE_TYPE_NMTOKEN,
-  XML_ROLE_ATTRIBUTE_TYPE_NMTOKENS,
-  XML_ROLE_ATTRIBUTE_ENUM_VALUE,
-  XML_ROLE_ATTRIBUTE_NOTATION_VALUE,
-  XML_ROLE_ATTLIST_ELEMENT_NAME,
-  XML_ROLE_IMPLIED_ATTRIBUTE_VALUE,
-  XML_ROLE_REQUIRED_ATTRIBUTE_VALUE,
-  XML_ROLE_DEFAULT_ATTRIBUTE_VALUE,
-  XML_ROLE_FIXED_ATTRIBUTE_VALUE,
-  XML_ROLE_ELEMENT_NAME,
-  XML_ROLE_CONTENT_ANY,
-  XML_ROLE_CONTENT_EMPTY,
-  XML_ROLE_CONTENT_PCDATA,
-  XML_ROLE_GROUP_OPEN,
-  XML_ROLE_GROUP_CLOSE,
-  XML_ROLE_GROUP_CLOSE_REP,
-  XML_ROLE_GROUP_CLOSE_OPT,
-  XML_ROLE_GROUP_CLOSE_PLUS,
-  XML_ROLE_GROUP_CHOICE,
-  XML_ROLE_GROUP_SEQUENCE,
-  XML_ROLE_CONTENT_ELEMENT,
-  XML_ROLE_CONTENT_ELEMENT_REP,
-  XML_ROLE_CONTENT_ELEMENT_OPT,
-  XML_ROLE_CONTENT_ELEMENT_PLUS,
-  XML_ROLE_PARAM_ENTITY_REF
-};
-
-typedef struct prolog_state {
-  int (*handler)(struct prolog_state *state,
-	         int tok,
-		 const char *ptr,
-		 const char *end,
-		 const ENCODING *enc);
-  unsigned level;
-} PROLOG_STATE;
-
-void XMLTOKAPI XmlPrologStateInit(PROLOG_STATE *);
-
-#define XmlTokenRole(state, tok, ptr, end, enc) \
- (((state)->handler)(state, tok, ptr, end, enc))
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* not XmlRole_INCLUDED */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok.c b/usr.sbin/httpd/src/lib/expat-lite/xmltok.c
deleted file mode 100644
index f0c15b1b7cf..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok.c
+++ /dev/null
@@ -1,1384 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#include "xmldef.h"
-#include "xmltok.h"
-#include "nametab.h"
-
-#define VTABLE1 \
-  { PREFIX(prologTok), PREFIX(contentTok), PREFIX(cdataSectionTok) }, \
-  { PREFIX(attributeValueTok), PREFIX(entityValueTok) }, \
-  PREFIX(sameName), \
-  PREFIX(nameMatchesAscii), \
-  PREFIX(nameLength), \
-  PREFIX(skipS), \
-  PREFIX(getAtts), \
-  PREFIX(charRefNumber), \
-  PREFIX(predefinedEntityName), \
-  PREFIX(updatePosition), \
-  PREFIX(isPublicId)
-
-#define VTABLE VTABLE1, PREFIX(toUtf8), PREFIX(toUtf16)
-
-#define UCS2_GET_NAMING(pages, hi, lo) \
-   (namingBitmap[(pages[hi] << 3) + ((lo) >> 5)] & (1 << ((lo) & 0x1F)))
-
-/* A 2 byte UTF-8 representation splits the characters 11 bits
-between the bottom 5 and 6 bits of the bytes.
-We need 8 bits to index into pages, 3 bits to add to that index and
-5 bits to generate the mask. */
-#define UTF8_GET_NAMING2(pages, byte) \
-    (namingBitmap[((pages)[(((byte)[0]) >> 2) & 7] << 3) \
-                      + ((((byte)[0]) & 3) << 1) \
-                      + ((((byte)[1]) >> 5) & 1)] \
-         & (1 << (((byte)[1]) & 0x1F)))
-
-/* A 3 byte UTF-8 representation splits the characters 16 bits
-between the bottom 4, 6 and 6 bits of the bytes.
-We need 8 bits to index into pages, 3 bits to add to that index and
-5 bits to generate the mask. */
-#define UTF8_GET_NAMING3(pages, byte) \
-  (namingBitmap[((pages)[((((byte)[0]) & 0xF) << 4) \
-                             + ((((byte)[1]) >> 2) & 0xF)] \
-		       << 3) \
-                      + ((((byte)[1]) & 3) << 1) \
-                      + ((((byte)[2]) >> 5) & 1)] \
-         & (1 << (((byte)[2]) & 0x1F)))
-
-#define UTF8_GET_NAMING(pages, p, n) \
-  ((n) == 2 \
-  ? UTF8_GET_NAMING2(pages, (const unsigned char *)(p)) \
-  : ((n) == 3 \
-     ? UTF8_GET_NAMING3(pages, (const unsigned char *)(p)) \
-     : 0))
-
-#define UTF8_INVALID3(p) \
-  ((*p) == 0xED \
-  ? (((p)[1] & 0x20) != 0) \
-  : ((*p) == 0xEF \
-     ? ((p)[1] == 0xBF && ((p)[2] == 0xBF || (p)[2] == 0xBE)) \
-     : 0))
-
-#define UTF8_INVALID4(p) ((*p) == 0xF4 && ((p)[1] & 0x30) != 0)
-
-static
-int isNever(const ENCODING *enc, const char *p)
-{
-  return 0;
-}
-
-static
-int utf8_isName2(const ENCODING *enc, const char *p)
-{
-  return UTF8_GET_NAMING2(namePages, (const unsigned char *)p);
-}
-
-static
-int utf8_isName3(const ENCODING *enc, const char *p)
-{
-  return UTF8_GET_NAMING3(namePages, (const unsigned char *)p);
-}
-
-#define utf8_isName4 isNever
-
-static
-int utf8_isNmstrt2(const ENCODING *enc, const char *p)
-{
-  return UTF8_GET_NAMING2(nmstrtPages, (const unsigned char *)p);
-}
-
-static
-int utf8_isNmstrt3(const ENCODING *enc, const char *p)
-{
-  return UTF8_GET_NAMING3(nmstrtPages, (const unsigned char *)p);
-}
-
-#define utf8_isNmstrt4 isNever
-
-#define utf8_isInvalid2 isNever
-
-static
-int utf8_isInvalid3(const ENCODING *enc, const char *p)
-{
-  return UTF8_INVALID3((const unsigned char *)p);
-}
-
-static
-int utf8_isInvalid4(const ENCODING *enc, const char *p)
-{
-  return UTF8_INVALID4((const unsigned char *)p);
-}
-
-struct normal_encoding {
-  ENCODING enc;
-  unsigned char type[256];
-  int (*isName2)(const ENCODING *, const char *);
-  int (*isName3)(const ENCODING *, const char *);
-  int (*isName4)(const ENCODING *, const char *);
-  int (*isNmstrt2)(const ENCODING *, const char *);
-  int (*isNmstrt3)(const ENCODING *, const char *);
-  int (*isNmstrt4)(const ENCODING *, const char *);
-  int (*isInvalid2)(const ENCODING *, const char *);
-  int (*isInvalid3)(const ENCODING *, const char *);
-  int (*isInvalid4)(const ENCODING *, const char *);
-};
-
-#define STANDARD_VTABLE(E) /* as nothing */
-
-#define NORMAL_VTABLE(E) \
- E ## isName2, \
- E ## isName3, \
- E ## isName4, \
- E ## isNmstrt2, \
- E ## isNmstrt3, \
- E ## isNmstrt4, \
- E ## isInvalid2, \
- E ## isInvalid3, \
- E ## isInvalid4
-
-static int checkCharRefNumber(int);
-
-#include "xmltok_impl.h"
-
-
-/* minimum bytes per character */
-#define MINBPC(enc) 1
-
-#define SB_BYTE_TYPE(enc, p) \
-  (((struct normal_encoding *)(enc))->type[(unsigned char)*(p)])
-
-#define BYTE_TYPE(enc, p) SB_BYTE_TYPE(enc, p)
-
-#define BYTE_TO_ASCII(enc, p) (*p)
-
-#define IS_NAME_CHAR(enc, p, n) \
- (((const struct normal_encoding *)(enc))->isName ## n(enc, p))
-#define IS_NMSTRT_CHAR(enc, p, n) \
- (((const struct normal_encoding *)(enc))->isNmstrt ## n(enc, p))
-#define IS_INVALID_CHAR(enc, p, n) \
- (((const struct normal_encoding *)(enc))->isInvalid ## n(enc, p))
-
-#define IS_NAME_CHAR_MINBPC(enc, p) (0)
-#define IS_NMSTRT_CHAR_MINBPC(enc, p) (0)
-
-/* c is an ASCII character */
-#define CHAR_MATCHES(enc, p, c) (*(p) == c)
-
-#define PREFIX(ident) normal_ ## ident
-#include "xmltok_impl.c"
-
-#undef MINBPC
-#undef BYTE_TYPE
-#undef BYTE_TO_ASCII
-#undef CHAR_MATCHES
-#undef IS_NAME_CHAR
-#undef IS_NAME_CHAR_MINBPC
-#undef IS_NMSTRT_CHAR
-#undef IS_NMSTRT_CHAR_MINBPC
-#undef IS_INVALID_CHAR
-
-enum {  /* UTF8_cvalN is value of masked first byte of N byte sequence */
-  UTF8_cval1 = 0x00,
-  UTF8_cval2 = 0xc0,
-  UTF8_cval3 = 0xe0,
-  UTF8_cval4 = 0xf0
-};
-
-static
-void utf8_toUtf8(const ENCODING *enc,
-		 const char **fromP, const char *fromLim,
-		 char **toP, const char *toLim)
-{
-  char *to;
-  const char *from;
-  if (fromLim - *fromP > toLim - *toP) {
-    /* Avoid copying partial characters. */
-    for (fromLim = *fromP + (toLim - *toP); fromLim > *fromP; fromLim--)
-      if (((unsigned char)fromLim[-1] & 0xc0) != 0x80)
-	break;
-  }
-  for (to = *toP, from = *fromP; from != fromLim; from++, to++)
-    *to = *from;
-  *fromP = from;
-  *toP = to;
-}
-
-static
-void utf8_toUtf16(const ENCODING *enc,
-		  const char **fromP, const char *fromLim,
-		  unsigned short **toP, const unsigned short *toLim)
-{
-  unsigned short *to = *toP;
-  const char *from = *fromP;
-  while (from != fromLim && to != toLim) {
-    switch (((struct normal_encoding *)enc)->type[(unsigned char)*from]) {
-    case BT_LEAD2:
-      *to++ = ((from[0] & 0x1f) << 6) | (from[1] & 0x3f);
-      from += 2;
-      break;
-    case BT_LEAD3:
-      *to++ = ((from[0] & 0xf) << 12) | ((from[1] & 0x3f) << 6) | (from[2] & 0x3f);
-      from += 3;
-      break;
-    case BT_LEAD4:
-      {
-	unsigned long n;
-	if (to + 1 == toLim)
-	  break;
-	n = ((from[0] & 0x7) << 18) | ((from[1] & 0x3f) << 12) | ((from[2] & 0x3f) << 6) | (from[3] & 0x3f);
-	n -= 0x10000;
-	to[0] = (unsigned short)((n >> 10) | 0xD800);
-	to[1] = (unsigned short)((n & 0x3FF) | 0xDC00);
-	to += 2;
-	from += 4;
-      }
-      break;
-    default:
-      *to++ = *from++;
-      break;
-    }
-  }
-  *fromP = from;
-  *toP = to;
-}
-
-#ifdef XML_NS
-static const struct normal_encoding utf8_encoding_ns = {
-  { VTABLE1, utf8_toUtf8, utf8_toUtf16, 1, 1, 0 },
-  {
-#include "asciitab.h"
-#include "utf8tab.h"
-  },
-  STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
-};
-#endif
-
-static const struct normal_encoding utf8_encoding = {
-  { VTABLE1, utf8_toUtf8, utf8_toUtf16, 1, 1, 0 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-#include "utf8tab.h"
-  },
-  STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
-};
-
-#ifdef XML_NS
-
-static const struct normal_encoding internal_utf8_encoding_ns = {
-  { VTABLE1, utf8_toUtf8, utf8_toUtf16, 1, 1, 0 },
-  {
-#include "iasciitab.h"
-#include "utf8tab.h"
-  },
-  STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
-};
-
-#endif
-
-static const struct normal_encoding internal_utf8_encoding = {
-  { VTABLE1, utf8_toUtf8, utf8_toUtf16, 1, 1, 0 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "iasciitab.h"
-#undef BT_COLON
-#include "utf8tab.h"
-  },
-  STANDARD_VTABLE(sb_) NORMAL_VTABLE(utf8_)
-};
-
-static
-void latin1_toUtf8(const ENCODING *enc,
-		   const char **fromP, const char *fromLim,
-		   char **toP, const char *toLim)
-{
-  for (;;) {
-    unsigned char c;
-    if (*fromP == fromLim)
-      break;
-    c = (unsigned char)**fromP;
-    if (c & 0x80) {
-      if (toLim - *toP < 2)
-	break;
-      *(*toP)++ = ((c >> 6) | UTF8_cval2);
-      *(*toP)++ = ((c & 0x3f) | 0x80);
-      (*fromP)++;
-    }
-    else {
-      if (*toP == toLim)
-	break;
-      *(*toP)++ = *(*fromP)++;
-    }
-  }
-}
-
-static
-void latin1_toUtf16(const ENCODING *enc,
-		    const char **fromP, const char *fromLim,
-		    unsigned short **toP, const unsigned short *toLim)
-{
-  while (*fromP != fromLim && *toP != toLim)
-    *(*toP)++ = (unsigned char)*(*fromP)++;
-}
-
-#ifdef XML_NS
-
-static const struct normal_encoding latin1_encoding_ns = {
-  { VTABLE1, latin1_toUtf8, latin1_toUtf16, 1, 0, 0 },
-  {
-#include "asciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(sb_)
-};
-
-#endif
-
-static const struct normal_encoding latin1_encoding = {
-  { VTABLE1, latin1_toUtf8, latin1_toUtf16, 1, 0, 0 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(sb_)
-};
-
-static
-void ascii_toUtf8(const ENCODING *enc,
-		  const char **fromP, const char *fromLim,
-		  char **toP, const char *toLim)
-{
-  while (*fromP != fromLim && *toP != toLim)
-    *(*toP)++ = *(*fromP)++;
-}
-
-#ifdef XML_NS
-
-static const struct normal_encoding ascii_encoding_ns = {
-  { VTABLE1, ascii_toUtf8, latin1_toUtf16, 1, 1, 0 },
-  {
-#include "asciitab.h"
-/* BT_NONXML == 0 */
-  },
-  STANDARD_VTABLE(sb_)
-};
-
-#endif
-
-static const struct normal_encoding ascii_encoding = {
-  { VTABLE1, ascii_toUtf8, latin1_toUtf16, 1, 1, 0 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-/* BT_NONXML == 0 */
-  },
-  STANDARD_VTABLE(sb_)
-};
-
-static int unicode_byte_type(char hi, char lo)
-{
-  switch ((unsigned char)hi) {
-  case 0xD8: case 0xD9: case 0xDA: case 0xDB:
-    return BT_LEAD4;
-  case 0xDC: case 0xDD: case 0xDE: case 0xDF:
-    return BT_TRAIL;
-  case 0xFF:
-    switch ((unsigned char)lo) {
-    case 0xFF:
-    case 0xFE:
-      return BT_NONXML;
-    }
-    break;
-  }
-  return BT_NONASCII;
-}
-
-#define DEFINE_UTF16_TO_UTF8(E) \
-static \
-void E ## toUtf8(const ENCODING *enc, \
-		 const char **fromP, const char *fromLim, \
-		 char **toP, const char *toLim) \
-{ \
-  const char *from; \
-  for (from = *fromP; from != fromLim; from += 2) { \
-    int plane; \
-    unsigned char lo2; \
-    unsigned char lo = GET_LO(from); \
-    unsigned char hi = GET_HI(from); \
-    switch (hi) { \
-    case 0: \
-      if (lo < 0x80) { \
-        if (*toP == toLim) { \
-          *fromP = from; \
-	  return; \
-        } \
-        *(*toP)++ = lo; \
-        break; \
-      } \
-      /* fall through */ \
-    case 0x1: case 0x2: case 0x3: \
-    case 0x4: case 0x5: case 0x6: case 0x7: \
-      if (toLim -  *toP < 2) { \
-        *fromP = from; \
-	return; \
-      } \
-      *(*toP)++ = ((lo >> 6) | (hi << 2) |  UTF8_cval2); \
-      *(*toP)++ = ((lo & 0x3f) | 0x80); \
-      break; \
-    default: \
-      if (toLim -  *toP < 3)  { \
-        *fromP = from; \
-	return; \
-      } \
-      /* 16 bits divided 4, 6, 6 amongst 3 bytes */ \
-      *(*toP)++ = ((hi >> 4) | UTF8_cval3); \
-      *(*toP)++ = (((hi & 0xf) << 2) | (lo >> 6) | 0x80); \
-      *(*toP)++ = ((lo & 0x3f) | 0x80); \
-      break; \
-    case 0xD8: case 0xD9: case 0xDA: case 0xDB: \
-      if (toLim -  *toP < 4) { \
-	*fromP = from; \
-	return; \
-      } \
-      plane = (((hi & 0x3) << 2) | ((lo >> 6) & 0x3)) + 1; \
-      *(*toP)++ = ((plane >> 2) | UTF8_cval4); \
-      *(*toP)++ = (((lo >> 2) & 0xF) | ((plane & 0x3) << 4) | 0x80); \
-      from += 2; \
-      lo2 = GET_LO(from); \
-      *(*toP)++ = (((lo & 0x3) << 4) \
-	           | ((GET_HI(from) & 0x3) << 2) \
-		   | (lo2 >> 6) \
-		   | 0x80); \
-      *(*toP)++ = ((lo2 & 0x3f) | 0x80); \
-      break; \
-    } \
-  } \
-  *fromP = from; \
-}
-
-#define DEFINE_UTF16_TO_UTF16(E) \
-static \
-void E ## toUtf16(const ENCODING *enc, \
-		  const char **fromP, const char *fromLim, \
-		  unsigned short **toP, const unsigned short *toLim) \
-{ \
-  /* Avoid copying first half only of surrogate */ \
-  if (fromLim - *fromP > ((toLim - *toP) << 1) \
-      && (GET_HI(fromLim - 2) & 0xF8) == 0xD8) \
-    fromLim -= 2; \
-  for (; *fromP != fromLim && *toP != toLim; *fromP += 2) \
-    *(*toP)++ = (GET_HI(*fromP) << 8) | GET_LO(*fromP); \
-}
-
-#define SET2(ptr, ch) \
-  (((ptr)[0] = ((ch) & 0xff)), ((ptr)[1] = ((ch) >> 8)))
-#define GET_LO(ptr) ((unsigned char)(ptr)[0])
-#define GET_HI(ptr) ((unsigned char)(ptr)[1])
-
-DEFINE_UTF16_TO_UTF8(little2_)
-DEFINE_UTF16_TO_UTF16(little2_)
-
-#undef SET2
-#undef GET_LO
-#undef GET_HI
-
-#define SET2(ptr, ch) \
-  (((ptr)[0] = ((ch) >> 8)), ((ptr)[1] = ((ch) & 0xFF)))
-#define GET_LO(ptr) ((unsigned char)(ptr)[1])
-#define GET_HI(ptr) ((unsigned char)(ptr)[0])
-
-DEFINE_UTF16_TO_UTF8(big2_)
-DEFINE_UTF16_TO_UTF16(big2_)
-
-#undef SET2
-#undef GET_LO
-#undef GET_HI
-
-#define LITTLE2_BYTE_TYPE(enc, p) \
- ((p)[1] == 0 \
-  ? ((struct normal_encoding *)(enc))->type[(unsigned char)*(p)] \
-  : unicode_byte_type((p)[1], (p)[0]))
-#define LITTLE2_BYTE_TO_ASCII(enc, p) ((p)[1] == 0 ? (p)[0] : -1)
-#define LITTLE2_CHAR_MATCHES(enc, p, c) ((p)[1] == 0 && (p)[0] == c)
-#define LITTLE2_IS_NAME_CHAR_MINBPC(enc, p) \
-  UCS2_GET_NAMING(namePages, (unsigned char)p[1], (unsigned char)p[0])
-#define LITTLE2_IS_NMSTRT_CHAR_MINBPC(enc, p) \
-  UCS2_GET_NAMING(nmstrtPages, (unsigned char)p[1], (unsigned char)p[0])
-
-#undef PREFIX
-#define PREFIX(ident) little2_ ## ident
-#define MINBPC(enc) 2
-/* CHAR_MATCHES is guaranteed to have MINBPC bytes available. */
-#define BYTE_TYPE(enc, p) LITTLE2_BYTE_TYPE(enc, p)
-#define BYTE_TO_ASCII(enc, p) LITTLE2_BYTE_TO_ASCII(enc, p) 
-#define CHAR_MATCHES(enc, p, c) LITTLE2_CHAR_MATCHES(enc, p, c)
-#define IS_NAME_CHAR(enc, p, n) 0
-#define IS_NAME_CHAR_MINBPC(enc, p) LITTLE2_IS_NAME_CHAR_MINBPC(enc, p)
-#define IS_NMSTRT_CHAR(enc, p, n) (0)
-#define IS_NMSTRT_CHAR_MINBPC(enc, p) LITTLE2_IS_NMSTRT_CHAR_MINBPC(enc, p)
-
-#include "xmltok_impl.c"
-
-#undef MINBPC
-#undef BYTE_TYPE
-#undef BYTE_TO_ASCII
-#undef CHAR_MATCHES
-#undef IS_NAME_CHAR
-#undef IS_NAME_CHAR_MINBPC
-#undef IS_NMSTRT_CHAR
-#undef IS_NMSTRT_CHAR_MINBPC
-#undef IS_INVALID_CHAR
-
-#ifdef XML_NS
-
-static const struct normal_encoding little2_encoding_ns = { 
-  { VTABLE, 2, 0,
-#if XML_BYTE_ORDER == 12
-    1
-#else
-    0
-#endif
-  },
-  {
-#include "asciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(little2_)
-};
-
-#endif
-
-static const struct normal_encoding little2_encoding = { 
-  { VTABLE, 2, 0,
-#if XML_BYTE_ORDER == 12
-    1
-#else
-    0
-#endif
-  },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(little2_)
-};
-
-#if XML_BYTE_ORDER != 21
-
-#ifdef XML_NS
-
-static const struct normal_encoding internal_little2_encoding_ns = { 
-  { VTABLE, 2, 0, 1 },
-  {
-#include "iasciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(little2_)
-};
-
-#endif
-
-static const struct normal_encoding internal_little2_encoding = { 
-  { VTABLE, 2, 0, 1 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "iasciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(little2_)
-};
-
-#endif
-
-
-#define BIG2_BYTE_TYPE(enc, p) \
- ((p)[0] == 0 \
-  ? ((struct normal_encoding *)(enc))->type[(unsigned char)(p)[1]] \
-  : unicode_byte_type((p)[0], (p)[1]))
-#define BIG2_BYTE_TO_ASCII(enc, p) ((p)[0] == 0 ? (p)[1] : -1)
-#define BIG2_CHAR_MATCHES(enc, p, c) ((p)[0] == 0 && (p)[1] == c)
-#define BIG2_IS_NAME_CHAR_MINBPC(enc, p) \
-  UCS2_GET_NAMING(namePages, (unsigned char)p[0], (unsigned char)p[1])
-#define BIG2_IS_NMSTRT_CHAR_MINBPC(enc, p) \
-  UCS2_GET_NAMING(nmstrtPages, (unsigned char)p[0], (unsigned char)p[1])
-
-#undef PREFIX
-#define PREFIX(ident) big2_ ## ident
-#define MINBPC(enc) 2
-/* CHAR_MATCHES is guaranteed to have MINBPC bytes available. */
-#define BYTE_TYPE(enc, p) BIG2_BYTE_TYPE(enc, p)
-#define BYTE_TO_ASCII(enc, p) BIG2_BYTE_TO_ASCII(enc, p) 
-#define CHAR_MATCHES(enc, p, c) BIG2_CHAR_MATCHES(enc, p, c)
-#define IS_NAME_CHAR(enc, p, n) 0
-#define IS_NAME_CHAR_MINBPC(enc, p) BIG2_IS_NAME_CHAR_MINBPC(enc, p)
-#define IS_NMSTRT_CHAR(enc, p, n) (0)
-#define IS_NMSTRT_CHAR_MINBPC(enc, p) BIG2_IS_NMSTRT_CHAR_MINBPC(enc, p)
-
-#include "xmltok_impl.c"
-
-#undef MINBPC
-#undef BYTE_TYPE
-#undef BYTE_TO_ASCII
-#undef CHAR_MATCHES
-#undef IS_NAME_CHAR
-#undef IS_NAME_CHAR_MINBPC
-#undef IS_NMSTRT_CHAR
-#undef IS_NMSTRT_CHAR_MINBPC
-#undef IS_INVALID_CHAR
-
-#ifdef XML_NS
-
-static const struct normal_encoding big2_encoding_ns = {
-  { VTABLE, 2, 0,
-#if XML_BYTE_ORDER == 21
-  1
-#else
-  0
-#endif
-  },
-  {
-#include "asciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(big2_)
-};
-
-#endif
-
-static const struct normal_encoding big2_encoding = {
-  { VTABLE, 2, 0,
-#if XML_BYTE_ORDER == 21
-  1
-#else
-  0
-#endif
-  },
-  {
-#define BT_COLON BT_NMSTRT
-#include "asciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(big2_)
-};
-
-#if XML_BYTE_ORDER != 12
-
-#ifdef XML_NS
-
-static const struct normal_encoding internal_big2_encoding_ns = {
-  { VTABLE, 2, 0, 1 },
-  {
-#include "iasciitab.h"
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(big2_)
-};
-
-#endif
-
-static const struct normal_encoding internal_big2_encoding = {
-  { VTABLE, 2, 0, 1 },
-  {
-#define BT_COLON BT_NMSTRT
-#include "iasciitab.h"
-#undef BT_COLON
-#include "latin1tab.h"
-  },
-  STANDARD_VTABLE(big2_)
-};
-
-#endif
-
-#undef PREFIX
-
-static
-int streqci(const char *s1, const char *s2)
-{
-  for (;;) {
-    char c1 = *s1++;
-    char c2 = *s2++;
-    if ('a' <= c1 && c1 <= 'z')
-      c1 += 'A' - 'a';
-    if ('a' <= c2 && c2 <= 'z')
-      c2 += 'A' - 'a';
-    if (c1 != c2)
-      return 0;
-    if (!c1)
-      break;
-  }
-  return 1;
-}
-
-static
-void initUpdatePosition(const ENCODING *enc, const char *ptr,
-			const char *end, POSITION *pos)
-{
-  normal_updatePosition(&utf8_encoding.enc, ptr, end, pos);
-}
-
-static
-int toAscii(const ENCODING *enc, const char *ptr, const char *end)
-{
-  char buf[1];
-  char *p = buf;
-  XmlUtf8Convert(enc, &ptr, end, &p, p + 1);
-  if (p == buf)
-    return -1;
-  else
-    return buf[0];
-}
-
-static
-int isSpace(int c)
-{
-  switch (c) {
-  case 0x20:
-  case 0xD:
-  case 0xA:
-  case 0x9:	
-    return 1;
-  }
-  return 0;
-}
-
-/* Return 1 if there's just optional white space
-or there's an S followed by name=val. */
-static
-int parsePseudoAttribute(const ENCODING *enc,
-			 const char *ptr,
-			 const char *end,
-			 const char **namePtr,
-			 const char **valPtr,
-			 const char **nextTokPtr)
-{
-  int c;
-  char openchar;
-  if (ptr == end) {
-    *namePtr = 0;
-    return 1;
-  }
-  if (!isSpace(toAscii(enc, ptr, end))) {
-    *nextTokPtr = ptr;
-    return 0;
-  }
-  do {
-    ptr += enc->minBytesPerChar;
-  } while (isSpace(toAscii(enc, ptr, end)));
-  if (ptr == end) {
-    *namePtr = 0;
-    return 1;
-  }
-  *namePtr = ptr;
-  for (;;) {
-    c = toAscii(enc, ptr, end);
-    if (c == -1) {
-      *nextTokPtr = ptr;
-      return 0;
-    }
-    if (c == '=')
-      break;
-    if (isSpace(c)) {
-      do {
-	ptr += enc->minBytesPerChar;
-      } while (isSpace(c = toAscii(enc, ptr, end)));
-      if (c != '=') {
-	*nextTokPtr = ptr;
-	return 0;
-      }
-      break;
-    }
-    ptr += enc->minBytesPerChar;
-  }
-  if (ptr == *namePtr) {
-    *nextTokPtr = ptr;
-    return 0;
-  }
-  ptr += enc->minBytesPerChar;
-  c = toAscii(enc, ptr, end);
-  while (isSpace(c)) {
-    ptr += enc->minBytesPerChar;
-    c = toAscii(enc, ptr, end);
-  }
-  if (c != '"' && c != '\'') {
-    *nextTokPtr = ptr;
-    return 0;
-  }
-  openchar = c;
-  ptr += enc->minBytesPerChar;
-  *valPtr = ptr;
-  for (;; ptr += enc->minBytesPerChar) {
-    c = toAscii(enc, ptr, end);
-    if (c == openchar)
-      break;
-    if (!('a' <= c && c <= 'z')
-	&& !('A' <= c && c <= 'Z')
-	&& !('0' <= c && c <= '9')
-	&& c != '.'
-	&& c != '-'
-	&& c != '_') {
-      *nextTokPtr = ptr;
-      return 0;
-    }
-  }
-  *nextTokPtr = ptr + enc->minBytesPerChar;
-  return 1;
-}
-
-static
-int doParseXmlDecl(const ENCODING *(*encodingFinder)(const ENCODING *,
-		                                     const char *,
-						     const char *),
-		   int isGeneralTextEntity,
-		   const ENCODING *enc,
-		   const char *ptr,
-		   const char *end,
-		   const char **badPtr,
-		   const char **versionPtr,
-		   const char **encodingName,
-		   const ENCODING **encoding,
-		   int *standalone)
-{
-  const char *val = 0;
-  const char *name = 0;
-  ptr += 5 * enc->minBytesPerChar;
-  end -= 2 * enc->minBytesPerChar;
-  if (!parsePseudoAttribute(enc, ptr, end, &name, &val, &ptr) || !name) {
-    *badPtr = ptr;
-    return 0;
-  }
-  if (!XmlNameMatchesAscii(enc, name, "version")) {
-    if (!isGeneralTextEntity) {
-      *badPtr = name;
-      return 0;
-    }
-  }
-  else {
-    if (versionPtr)
-      *versionPtr = val;
-    if (!parsePseudoAttribute(enc, ptr, end, &name, &val, &ptr)) {
-      *badPtr = ptr;
-      return 0;
-    }
-    if (!name) {
-      if (isGeneralTextEntity) {
-	/* a TextDecl must have an EncodingDecl */
-	*badPtr = ptr;
-	return 0;
-      }
-      return 1;
-    }
-  }
-  if (XmlNameMatchesAscii(enc, name, "encoding")) {
-    int c = toAscii(enc, val, end);
-    if (!('a' <= c && c <= 'z') && !('A' <= c && c <= 'Z')) {
-      *badPtr = val;
-      return 0;
-    }
-    if (encodingName)
-      *encodingName = val;
-    if (encoding)
-      *encoding = encodingFinder(enc, val, ptr - enc->minBytesPerChar);
-    if (!parsePseudoAttribute(enc, ptr, end, &name, &val, &ptr)) {
-      *badPtr = ptr;
-      return 0;
-    }
-    if (!name)
-      return 1;
-  }
-  if (!XmlNameMatchesAscii(enc, name, "standalone") || isGeneralTextEntity) {
-    *badPtr = name;
-    return 0;
-  }
-  if (XmlNameMatchesAscii(enc, val, "yes")) {
-    if (standalone)
-      *standalone = 1;
-  }
-  else if (XmlNameMatchesAscii(enc, val, "no")) {
-    if (standalone)
-      *standalone = 0;
-  }
-  else {
-    *badPtr = val;
-    return 0;
-  }
-  while (isSpace(toAscii(enc, ptr, end)))
-    ptr += enc->minBytesPerChar;
-  if (ptr != end) {
-    *badPtr = ptr;
-    return 0;
-  }
-  return 1;
-}
-
-static
-int checkCharRefNumber(int result)
-{
-  switch (result >> 8) {
-  case 0xD8: case 0xD9: case 0xDA: case 0xDB:
-  case 0xDC: case 0xDD: case 0xDE: case 0xDF:
-    return -1;
-  case 0:
-    if (latin1_encoding.type[result] == BT_NONXML)
-      return -1;
-    break;
-  case 0xFF:
-    if (result == 0xFFFE || result == 0xFFFF)
-      return -1;
-    break;
-  }
-  return result;
-}
-
-int XmlUtf8Encode(int c, char *buf)
-{
-  enum {
-    /* minN is minimum legal resulting value for N byte sequence */
-    min2 = 0x80,
-    min3 = 0x800,
-    min4 = 0x10000
-  };
-
-  if (c < 0)
-    return 0;
-  if (c < min2) {
-    buf[0] = (c | UTF8_cval1);
-    return 1;
-  }
-  if (c < min3) {
-    buf[0] = ((c >> 6) | UTF8_cval2);
-    buf[1] = ((c & 0x3f) | 0x80);
-    return 2;
-  }
-  if (c < min4) {
-    buf[0] = ((c >> 12) | UTF8_cval3);
-    buf[1] = (((c >> 6) & 0x3f) | 0x80);
-    buf[2] = ((c & 0x3f) | 0x80);
-    return 3;
-  }
-  if (c < 0x110000) {
-    buf[0] = ((c >> 18) | UTF8_cval4);
-    buf[1] = (((c >> 12) & 0x3f) | 0x80);
-    buf[2] = (((c >> 6) & 0x3f) | 0x80);
-    buf[3] = ((c & 0x3f) | 0x80);
-    return 4;
-  }
-  return 0;
-}
-
-int XmlUtf16Encode(int charNum, unsigned short *buf)
-{
-  if (charNum < 0)
-    return 0;
-  if (charNum < 0x10000) {
-    buf[0] = charNum;
-    return 1;
-  }
-  if (charNum < 0x110000) {
-    charNum -= 0x10000;
-    buf[0] = (charNum >> 10) + 0xD800;
-    buf[1] = (charNum & 0x3FF) + 0xDC00;
-    return 2;
-  }
-  return 0;
-}
-
-struct unknown_encoding {
-  struct normal_encoding normal;
-  int (*convert)(void *userData, const char *p);
-  void *userData;
-  unsigned short utf16[256];
-  char utf8[256][4];
-};
-
-int XmlSizeOfUnknownEncoding(void)
-{
-  return sizeof(struct unknown_encoding);
-}
-
-static
-int unknown_isName(const ENCODING *enc, const char *p)
-{
-  int c = ((const struct unknown_encoding *)enc)
-	  ->convert(((const struct unknown_encoding *)enc)->userData, p);
-  if (c & ~0xFFFF)
-    return 0;
-  return UCS2_GET_NAMING(namePages, c >> 8, c & 0xFF);
-}
-
-static
-int unknown_isNmstrt(const ENCODING *enc, const char *p)
-{
-  int c = ((const struct unknown_encoding *)enc)
-	  ->convert(((const struct unknown_encoding *)enc)->userData, p);
-  if (c & ~0xFFFF)
-    return 0;
-  return UCS2_GET_NAMING(nmstrtPages, c >> 8, c & 0xFF);
-}
-
-static
-int unknown_isInvalid(const ENCODING *enc, const char *p)
-{
-  int c = ((const struct unknown_encoding *)enc)
-	   ->convert(((const struct unknown_encoding *)enc)->userData, p);
-  return (c & ~0xFFFF) || checkCharRefNumber(c) < 0;
-}
-
-static
-void unknown_toUtf8(const ENCODING *enc,
-		    const char **fromP, const char *fromLim,
-		    char **toP, const char *toLim)
-{
-  char buf[XML_UTF8_ENCODE_MAX];
-  for (;;) {
-    const char *utf8;
-    int n;
-    if (*fromP == fromLim)
-      break;
-    utf8 = ((const struct unknown_encoding *)enc)->utf8[(unsigned char)**fromP];
-    n = *utf8++;
-    if (n == 0) {
-      int c = ((const struct unknown_encoding *)enc)
-	      ->convert(((const struct unknown_encoding *)enc)->userData, *fromP);
-      n = XmlUtf8Encode(c, buf);
-      if (n > toLim - *toP)
-	break;
-      utf8 = buf;
-      *fromP += ((const struct normal_encoding *)enc)->type[(unsigned char)**fromP]
-	         - (BT_LEAD2 - 2);
-    }
-    else {
-      if (n > toLim - *toP)
-	break;
-      (*fromP)++;
-    }
-    do {
-      *(*toP)++ = *utf8++;
-    } while (--n != 0);
-  }
-}
-
-static
-void unknown_toUtf16(const ENCODING *enc,
-		     const char **fromP, const char *fromLim,
-		     unsigned short **toP, const unsigned short *toLim)
-{
-  while (*fromP != fromLim && *toP != toLim) {
-    unsigned short c
-      = ((const struct unknown_encoding *)enc)->utf16[(unsigned char)**fromP];
-    if (c == 0) {
-      c = (unsigned short)((const struct unknown_encoding *)enc)
-	   ->convert(((const struct unknown_encoding *)enc)->userData, *fromP);
-      *fromP += ((const struct normal_encoding *)enc)->type[(unsigned char)**fromP]
-	         - (BT_LEAD2 - 2);
-    }
-    else
-      (*fromP)++;
-    *(*toP)++ = c;
-  }
-}
-
-ENCODING *
-XmlInitUnknownEncoding(void *mem,
-		       int *table,
-		       int (*convert)(void *userData, const char *p),
-		       void *userData)
-{
-  int i;
-  struct unknown_encoding *e = mem;
-  for (i = 0; i < sizeof(struct normal_encoding); i++)
-    ((char *)mem)[i] = ((char *)&latin1_encoding)[i];
-  for (i = 0; i < 128; i++)
-    if (latin1_encoding.type[i] != BT_OTHER
-        && latin1_encoding.type[i] != BT_NONXML
-	&& table[i] != i)
-      return 0;
-  for (i = 0; i < 256; i++) {
-    int c = table[i];
-    if (c == -1) {
-      e->normal.type[i] = BT_MALFORM;
-      /* This shouldn't really get used. */
-      e->utf16[i] = 0xFFFF;
-      e->utf8[i][0] = 1;
-      e->utf8[i][1] = 0;
-    }
-    else if (c < 0) {
-      if (c < -4)
-	return 0;
-      e->normal.type[i] = BT_LEAD2 - (c + 2);
-      e->utf8[i][0] = 0;
-      e->utf16[i] = 0;
-    }
-    else if (c < 0x80) {
-      if (latin1_encoding.type[c] != BT_OTHER
-	  && latin1_encoding.type[c] != BT_NONXML
-	  && c != i)
-	return 0;
-      e->normal.type[i] = latin1_encoding.type[c];
-      e->utf8[i][0] = 1;
-      e->utf8[i][1] = (char)c;
-      e->utf16[i] = c == 0 ? 0xFFFF : c;
-    }
-    else if (checkCharRefNumber(c) < 0) {
-      e->normal.type[i] = BT_NONXML;
-      /* This shouldn't really get used. */
-      e->utf16[i] = 0xFFFF;
-      e->utf8[i][0] = 1;
-      e->utf8[i][1] = 0;
-    }
-    else {
-      if (c > 0xFFFF)
-	return 0;
-      if (UCS2_GET_NAMING(nmstrtPages, c >> 8, c & 0xff))
-	e->normal.type[i] = BT_NMSTRT;
-      else if (UCS2_GET_NAMING(namePages, c >> 8, c & 0xff))
-	e->normal.type[i] = BT_NAME;
-      else
-	e->normal.type[i] = BT_OTHER;
-      e->utf8[i][0] = (char)XmlUtf8Encode(c, e->utf8[i] + 1);
-      e->utf16[i] = c;
-    }
-  }
-  e->userData = userData;
-  e->convert = convert;
-  if (convert) {
-    e->normal.isName2 = unknown_isName;
-    e->normal.isName3 = unknown_isName;
-    e->normal.isName4 = unknown_isName;
-    e->normal.isNmstrt2 = unknown_isNmstrt;
-    e->normal.isNmstrt3 = unknown_isNmstrt;
-    e->normal.isNmstrt4 = unknown_isNmstrt;
-    e->normal.isInvalid2 = unknown_isInvalid;
-    e->normal.isInvalid3 = unknown_isInvalid;
-    e->normal.isInvalid4 = unknown_isInvalid;
-  }
-  e->normal.enc.utf8Convert = unknown_toUtf8;
-  e->normal.enc.utf16Convert = unknown_toUtf16;
-  return &(e->normal.enc);
-}
-
-/* If this enumeration is changed, getEncodingIndex and encodings
-must also be changed. */
-enum {
-  UNKNOWN_ENC = -1,
-  ISO_8859_1_ENC = 0,
-  US_ASCII_ENC,
-  UTF_8_ENC,
-  UTF_16_ENC,
-  UTF_16BE_ENC,
-  UTF_16LE_ENC,
-  /* must match encodingNames up to here */
-  NO_ENC
-};
-
-static
-int getEncodingIndex(const char *name)
-{
-  static const char *encodingNames[] = {
-    "ISO-8859-1",
-    "US-ASCII",
-    "UTF-8",
-    "UTF-16",
-    "UTF-16BE"
-    "UTF-16LE",
-  };
-  int i;
-  if (name == 0)
-    return NO_ENC;
-  for (i = 0; i < sizeof(encodingNames)/sizeof(encodingNames[0]); i++)
-    if (streqci(name, encodingNames[i]))
-      return i;
-  return UNKNOWN_ENC;
-}
-
-/* For binary compatibility, we store the index of the encoding specified
-at initialization in the isUtf16 member. */
-
-#define INIT_ENC_INDEX(enc) ((enc)->initEnc.isUtf16)
-
-/* This is what detects the encoding.
-encodingTable maps from encoding indices to encodings;
-INIT_ENC_INDEX(enc) is the index of the external (protocol) specified encoding;
-state is XML_CONTENT_STATE if we're parsing an external text entity,
-and XML_PROLOG_STATE otherwise.
-*/
-
-
-static
-int initScan(const ENCODING **encodingTable,
-	     const INIT_ENCODING *enc,
-	     int state,
-	     const char *ptr,
-	     const char *end,
-	     const char **nextTokPtr)
-{
-  const ENCODING **encPtr;
-
-  if (ptr == end)
-    return XML_TOK_NONE;
-  encPtr = enc->encPtr;
-  if (ptr + 1 == end) {
-    /* only a single byte available for auto-detection */
-    /* a well-formed document entity must have more than one byte */
-    if (state != XML_CONTENT_STATE)
-      return XML_TOK_PARTIAL;
-    /* so we're parsing an external text entity... */
-    /* if UTF-16 was externally specified, then we need at least 2 bytes */
-    switch (INIT_ENC_INDEX(enc)) {
-    case UTF_16_ENC:
-    case UTF_16LE_ENC:
-    case UTF_16BE_ENC:
-      return XML_TOK_PARTIAL;
-    }
-    switch ((unsigned char)*ptr) {
-    case 0xFE:
-    case 0xFF:
-    case 0xEF: /* possibly first byte of UTF-8 BOM */
-      if (INIT_ENC_INDEX(enc) == ISO_8859_1_ENC
-	  && state == XML_CONTENT_STATE)
-	break;
-      /* fall through */
-    case 0x00:
-    case 0x3C:
-      return XML_TOK_PARTIAL;
-    }
-  }
-  else {
-    switch (((unsigned char)ptr[0] << 8) | (unsigned char)ptr[1]) {
-    case 0xFEFF:
-      if (INIT_ENC_INDEX(enc) == ISO_8859_1_ENC
-	  && state == XML_CONTENT_STATE)
-	break;
-      *nextTokPtr = ptr + 2;
-      *encPtr = encodingTable[UTF_16BE_ENC];
-      return XML_TOK_BOM;
-    /* 00 3C is handled in the default case */
-    case 0x3C00:
-      if ((INIT_ENC_INDEX(enc) == UTF_16BE_ENC
-	   || INIT_ENC_INDEX(enc) == UTF_16_ENC)
-	  && state == XML_CONTENT_STATE)
-	break;
-      *encPtr = encodingTable[UTF_16LE_ENC];
-      return XmlTok(*encPtr, state, ptr, end, nextTokPtr);
-    case 0xFFFE:
-      if (INIT_ENC_INDEX(enc) == ISO_8859_1_ENC
-	  && state == XML_CONTENT_STATE)
-	break;
-      *nextTokPtr = ptr + 2;
-      *encPtr = encodingTable[UTF_16LE_ENC];
-      return XML_TOK_BOM;
-    case 0xEFBB:
-      /* Maybe a UTF-8 BOM (EF BB BF) */
-      /* If there's an explicitly specified (external) encoding
-         of ISO-8859-1 or some flavour of UTF-16
-         and this is an external text entity,
-	 don't look for the BOM,
-         because it might be a legal data. */
-      if (state == XML_CONTENT_STATE) {
-	int e = INIT_ENC_INDEX(enc);
-	if (e == ISO_8859_1_ENC || e == UTF_16BE_ENC || e == UTF_16LE_ENC || e == UTF_16_ENC)
-	  break;
-      }
-      if (ptr + 2 == end)
-	return XML_TOK_PARTIAL;
-      if ((unsigned char)ptr[2] == 0xBF) {
-	*encPtr = encodingTable[UTF_8_ENC];
-	return XML_TOK_BOM;
-      }
-      break;
-    default:
-      if (ptr[0] == '\0') {
-	/* 0 isn't a legal data character. Furthermore a document entity can only
-	   start with ASCII characters.  So the only way this can fail to be big-endian
-	   UTF-16 if it it's an external parsed general entity that's labelled as
-	   UTF-16LE. */
-	if (state == XML_CONTENT_STATE && INIT_ENC_INDEX(enc) == UTF_16LE_ENC)
-	  break;
-	*encPtr = encodingTable[UTF_16BE_ENC];
-	return XmlTok(*encPtr, state, ptr, end, nextTokPtr);
-      }
-      else if (ptr[1] == '\0') {
-	/* We could recover here in the case:
-	    - parsing an external entity
-	    - second byte is 0
-	    - no externally specified encoding
-	    - no encoding declaration
-	   by assuming UTF-16LE.  But we don't, because this would mean when
-	   presented just with a single byte, we couldn't reliably determine
-	   whether we needed further bytes. */
-	if (state == XML_CONTENT_STATE)
-	  break;
-	*encPtr = encodingTable[UTF_16LE_ENC];
-	return XmlTok(*encPtr, state, ptr, end, nextTokPtr);
-      }
-      break;
-    }
-  }
-  *encPtr = encodingTable[(int)INIT_ENC_INDEX(enc)];
-  return XmlTok(*encPtr, state, ptr, end, nextTokPtr);
-}
-
-
-#define NS(x) x
-#define ns(x) x
-#include "xmltok_ns.c"
-#undef NS
-#undef ns
-
-#ifdef XML_NS
-
-#define NS(x) x ## NS
-#define ns(x) x ## _ns
-
-#include "xmltok_ns.c"
-
-#undef NS
-#undef ns
-
-ENCODING *
-XmlInitUnknownEncodingNS(void *mem,
-		         int *table,
-		         int (*convert)(void *userData, const char *p),
-		         void *userData)
-{
-  ENCODING *enc = XmlInitUnknownEncoding(mem, table, convert, userData);
-  if (enc)
-    ((struct normal_encoding *)enc)->type[':'] = BT_COLON;
-  return enc;
-}
-
-#endif /* XML_NS */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok.def b/usr.sbin/httpd/src/lib/expat-lite/xmltok.def
deleted file mode 100644
index 3be476c555b..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok.def
+++ /dev/null
@@ -1,15 +0,0 @@
-; xmltok.def
-
-LIBRARY xmltok
-DESCRIPTION ''
-
-EXPORTS
-   XmlGetUtf16InternalEncoding  @1
-   XmlGetUtf8InternalEncoding   @2
-   XmlInitEncoding              @3
-   XmlInitUnknownEncoding       @4
-   XmlParseXmlDecl              @5
-   XmlPrologStateInit           @6
-   XmlSizeOfUnknownEncoding     @7
-   XmlUtf16Encode               @8
-   XmlUtf8Encode                @9
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok.h b/usr.sbin/httpd/src/lib/expat-lite/xmltok.h
deleted file mode 100644
index fd0ed08e34b..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok.h
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#ifndef XmlTok_INCLUDED
-#define XmlTok_INCLUDED 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef XMLTOKAPI
-#define XMLTOKAPI /* as nothing */
-#endif
-
-/* The following token may be returned by XmlContentTok */
-#define XML_TOK_TRAILING_RSQB -5 /* ] or ]] at the end of the scan; might be start of
-                                    illegal ]]> sequence */
-/* The following tokens may be returned by both XmlPrologTok and XmlContentTok */
-#define XML_TOK_NONE -4    /* The string to be scanned is empty */
-#define XML_TOK_TRAILING_CR -3 /* A CR at the end of the scan;
-                                  might be part of CRLF sequence */ 
-#define XML_TOK_PARTIAL_CHAR -2 /* only part of a multibyte sequence */
-#define XML_TOK_PARTIAL -1 /* only part of a token */
-#define XML_TOK_INVALID 0
-
-/* The following tokens are returned by XmlContentTok; some are also
-  returned by XmlAttributeValueTok, XmlEntityTok, XmlCdataSectionTok */
-
-#define XML_TOK_START_TAG_WITH_ATTS 1
-#define XML_TOK_START_TAG_NO_ATTS 2
-#define XML_TOK_EMPTY_ELEMENT_WITH_ATTS 3 /* empty element tag  */
-#define XML_TOK_EMPTY_ELEMENT_NO_ATTS 4
-#define XML_TOK_END_TAG 5
-#define XML_TOK_DATA_CHARS 6
-#define XML_TOK_DATA_NEWLINE 7
-#define XML_TOK_CDATA_SECT_OPEN 8
-#define XML_TOK_ENTITY_REF 9
-#define XML_TOK_CHAR_REF 10     /* numeric character reference */
-
-/* The following tokens may be returned by both XmlPrologTok and XmlContentTok */
-#define XML_TOK_PI 11      /* processing instruction */
-#define XML_TOK_XML_DECL 12 /* XML decl or text decl */
-#define XML_TOK_COMMENT 13
-#define XML_TOK_BOM 14     /* Byte order mark */
-
-/* The following tokens are returned only by XmlPrologTok */
-#define XML_TOK_PROLOG_S 15
-#define XML_TOK_DECL_OPEN 16 /*  */
-#define XML_TOK_NAME 18
-#define XML_TOK_NMTOKEN 19
-#define XML_TOK_POUND_NAME 20 /* #name */
-#define XML_TOK_OR 21 /* | */
-#define XML_TOK_PERCENT 22
-#define XML_TOK_OPEN_PAREN 23
-#define XML_TOK_CLOSE_PAREN 24
-#define XML_TOK_OPEN_BRACKET 25
-#define XML_TOK_CLOSE_BRACKET 26
-#define XML_TOK_LITERAL 27
-#define XML_TOK_PARAM_ENTITY_REF 28
-#define XML_TOK_INSTANCE_START 29
-
-/* The following occur only in element type declarations */
-#define XML_TOK_NAME_QUESTION 30 /* name? */
-#define XML_TOK_NAME_ASTERISK 31 /* name* */
-#define XML_TOK_NAME_PLUS 32 /* name+ */
-#define XML_TOK_COND_SECT_OPEN 33 /*  */
-#define XML_TOK_CLOSE_PAREN_QUESTION 35 /* )? */
-#define XML_TOK_CLOSE_PAREN_ASTERISK 36 /* )* */
-#define XML_TOK_CLOSE_PAREN_PLUS 37 /* )+ */
-#define XML_TOK_COMMA 38
-
-/* The following token is returned only by XmlAttributeValueTok */
-#define XML_TOK_ATTRIBUTE_VALUE_S 39
-
-/* The following token is returned only by XmlCdataSectionTok */
-#define XML_TOK_CDATA_SECT_CLOSE 40
-
-/* With namespace processing this is returned by XmlPrologTok
-   for a name with a colon. */
-#define XML_TOK_PREFIXED_NAME 41
-
-#define XML_N_STATES 3
-#define XML_PROLOG_STATE 0
-#define XML_CONTENT_STATE 1
-#define XML_CDATA_SECTION_STATE 2
-
-#define XML_N_LITERAL_TYPES 2
-#define XML_ATTRIBUTE_VALUE_LITERAL 0
-#define XML_ENTITY_VALUE_LITERAL 1
-
-/* The size of the buffer passed to XmlUtf8Encode must be at least this. */
-#define XML_UTF8_ENCODE_MAX 4
-/* The size of the buffer passed to XmlUtf16Encode must be at least this. */
-#define XML_UTF16_ENCODE_MAX 2
-
-typedef struct position {
-  /* first line and first column are 0 not 1 */
-  unsigned long lineNumber;
-  unsigned long columnNumber;
-} POSITION;
-
-typedef struct {
-  const char *name;
-  const char *valuePtr;
-  const char *valueEnd;
-  char normalized;
-} ATTRIBUTE;
-
-struct encoding;
-typedef struct encoding ENCODING;
-
-struct encoding {
-  int (*scanners[XML_N_STATES])(const ENCODING *,
-			        const char *,
-			        const char *,
-			        const char **);
-  int (*literalScanners[XML_N_LITERAL_TYPES])(const ENCODING *,
-					      const char *,
-					      const char *,
-					      const char **);
-  int (*sameName)(const ENCODING *,
-	          const char *, const char *);
-  int (*nameMatchesAscii)(const ENCODING *,
-			  const char *, const char *);
-  int (*nameLength)(const ENCODING *, const char *);
-  const char *(*skipS)(const ENCODING *, const char *);
-  int (*getAtts)(const ENCODING *enc, const char *ptr,
-	         int attsMax, ATTRIBUTE *atts);
-  int (*charRefNumber)(const ENCODING *enc, const char *ptr);
-  int (*predefinedEntityName)(const ENCODING *, const char *, const char *);
-  void (*updatePosition)(const ENCODING *,
-			 const char *ptr,
-			 const char *end,
-			 POSITION *);
-  int (*isPublicId)(const ENCODING *enc, const char *ptr, const char *end,
-		    const char **badPtr);
-  void (*utf8Convert)(const ENCODING *enc,
-		      const char **fromP,
-		      const char *fromLim,
-		      char **toP,
-		      const char *toLim);
-  void (*utf16Convert)(const ENCODING *enc,
-		       const char **fromP,
-		       const char *fromLim,
-		       unsigned short **toP,
-		       const unsigned short *toLim);
-  int minBytesPerChar;
-  char isUtf8;
-  char isUtf16;
-};
-
-/*
-Scan the string starting at ptr until the end of the next complete token,
-but do not scan past eptr.  Return an integer giving the type of token.
-
-Return XML_TOK_NONE when ptr == eptr; nextTokPtr will not be set.
-
-Return XML_TOK_PARTIAL when the string does not contain a complete token;
-nextTokPtr will not be set.
-
-Return XML_TOK_INVALID when the string does not start a valid token; nextTokPtr
-will be set to point to the character which made the token invalid.
-
-Otherwise the string starts with a valid token; nextTokPtr will be set to point
-to the character following the end of that token.
-
-Each data character counts as a single token, but adjacent data characters
-may be returned together.  Similarly for characters in the prolog outside
-literals, comments and processing instructions.
-*/
-
-
-#define XmlTok(enc, state, ptr, end, nextTokPtr) \
-  (((enc)->scanners[state])(enc, ptr, end, nextTokPtr))
-
-#define XmlPrologTok(enc, ptr, end, nextTokPtr) \
-   XmlTok(enc, XML_PROLOG_STATE, ptr, end, nextTokPtr)
-
-#define XmlContentTok(enc, ptr, end, nextTokPtr) \
-   XmlTok(enc, XML_CONTENT_STATE, ptr, end, nextTokPtr)
-
-#define XmlCdataSectionTok(enc, ptr, end, nextTokPtr) \
-   XmlTok(enc, XML_CDATA_SECTION_STATE, ptr, end, nextTokPtr)
-
-/* This is used for performing a 2nd-level tokenization on
-the content of a literal that has already been returned by XmlTok. */ 
-
-#define XmlLiteralTok(enc, literalType, ptr, end, nextTokPtr) \
-  (((enc)->literalScanners[literalType])(enc, ptr, end, nextTokPtr))
-
-#define XmlAttributeValueTok(enc, ptr, end, nextTokPtr) \
-   XmlLiteralTok(enc, XML_ATTRIBUTE_VALUE_LITERAL, ptr, end, nextTokPtr)
-
-#define XmlEntityValueTok(enc, ptr, end, nextTokPtr) \
-   XmlLiteralTok(enc, XML_ENTITY_VALUE_LITERAL, ptr, end, nextTokPtr)
-
-#define XmlSameName(enc, ptr1, ptr2) (((enc)->sameName)(enc, ptr1, ptr2))
-
-#define XmlNameMatchesAscii(enc, ptr1, ptr2) \
-  (((enc)->nameMatchesAscii)(enc, ptr1, ptr2))
-
-#define XmlNameLength(enc, ptr) \
-  (((enc)->nameLength)(enc, ptr))
-
-#define XmlSkipS(enc, ptr) \
-  (((enc)->skipS)(enc, ptr))
-
-#define XmlGetAttributes(enc, ptr, attsMax, atts) \
-  (((enc)->getAtts)(enc, ptr, attsMax, atts))
-
-#define XmlCharRefNumber(enc, ptr) \
-  (((enc)->charRefNumber)(enc, ptr))
-
-#define XmlPredefinedEntityName(enc, ptr, end) \
-  (((enc)->predefinedEntityName)(enc, ptr, end))
-
-#define XmlUpdatePosition(enc, ptr, end, pos) \
-  (((enc)->updatePosition)(enc, ptr, end, pos))
-
-#define XmlIsPublicId(enc, ptr, end, badPtr) \
-  (((enc)->isPublicId)(enc, ptr, end, badPtr))
-
-#define XmlUtf8Convert(enc, fromP, fromLim, toP, toLim) \
-  (((enc)->utf8Convert)(enc, fromP, fromLim, toP, toLim))
-
-#define XmlUtf16Convert(enc, fromP, fromLim, toP, toLim) \
-  (((enc)->utf16Convert)(enc, fromP, fromLim, toP, toLim))
-
-typedef struct {
-  ENCODING initEnc;
-  const ENCODING **encPtr;
-} INIT_ENCODING;
-
-int XMLTOKAPI XmlParseXmlDecl(int isGeneralTextEntity,
-			      const ENCODING *enc,
-			      const char *ptr,
-	  		      const char *end,
-			      const char **badPtr,
-			      const char **versionPtr,
-			      const char **encodingNamePtr,
-			      const ENCODING **namedEncodingPtr,
-			      int *standalonePtr);
-
-int XMLTOKAPI XmlInitEncoding(INIT_ENCODING *, const ENCODING **, const char *name);
-const ENCODING XMLTOKAPI *XmlGetUtf8InternalEncoding(void);
-const ENCODING XMLTOKAPI *XmlGetUtf16InternalEncoding(void);
-int XMLTOKAPI XmlUtf8Encode(int charNumber, char *buf);
-int XMLTOKAPI XmlUtf16Encode(int charNumber, unsigned short *buf);
-
-int XMLTOKAPI XmlSizeOfUnknownEncoding(void);
-ENCODING XMLTOKAPI *
-XmlInitUnknownEncoding(void *mem,
-		       int *table,
-		       int (*conv)(void *userData, const char *p),
-		       void *userData);
-
-int XMLTOKAPI XmlParseXmlDeclNS(int isGeneralTextEntity,
-			        const ENCODING *enc,
-			        const char *ptr,
-	  		        const char *end,
-			        const char **badPtr,
-			        const char **versionPtr,
-			        const char **encodingNamePtr,
-			        const ENCODING **namedEncodingPtr,
-			        int *standalonePtr);
-int XMLTOKAPI XmlInitEncodingNS(INIT_ENCODING *, const ENCODING **, const char *name);
-const ENCODING XMLTOKAPI *XmlGetUtf8InternalEncodingNS(void);
-const ENCODING XMLTOKAPI *XmlGetUtf16InternalEncodingNS(void);
-ENCODING XMLTOKAPI *
-XmlInitUnknownEncodingNS(void *mem,
-		         int *table,
-		         int (*conv)(void *userData, const char *p),
-		         void *userData);
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* not XmlTok_INCLUDED */
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok.imp b/usr.sbin/httpd/src/lib/expat-lite/xmltok.imp
deleted file mode 100644
index 6f3ea1ecd77..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok.imp
+++ /dev/null
@@ -1,9 +0,0 @@
- XmlGetUtf16InternalEncoding,
- XmlGetUtf8InternalEncoding,
- XmlInitEncoding,
- XmlInitUnknownEncoding,
- XmlParseXmlDecl,
- XmlPrologStateInit,
- XmlSizeOfUnknownEncoding,
- XmlUtf16Encode,
- XmlUtf8Encode
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.c b/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.c
deleted file mode 100644
index 5dfe29f1b9e..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.c
+++ /dev/null
@@ -1,1746 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-#ifndef IS_INVALID_CHAR
-#define IS_INVALID_CHAR(enc, ptr, n) (0)
-#endif
-
-#define INVALID_LEAD_CASE(n, ptr, nextTokPtr) \
-    case BT_LEAD ## n: \
-      if (end - ptr < n) \
-	return XML_TOK_PARTIAL_CHAR; \
-      if (IS_INVALID_CHAR(enc, ptr, n)) { \
-        *(nextTokPtr) = (ptr); \
-        return XML_TOK_INVALID; \
-      } \
-      ptr += n; \
-      break;
-
-#define INVALID_CASES(ptr, nextTokPtr) \
-  INVALID_LEAD_CASE(2, ptr, nextTokPtr) \
-  INVALID_LEAD_CASE(3, ptr, nextTokPtr) \
-  INVALID_LEAD_CASE(4, ptr, nextTokPtr) \
-  case BT_NONXML: \
-  case BT_MALFORM: \
-  case BT_TRAIL: \
-    *(nextTokPtr) = (ptr); \
-    return XML_TOK_INVALID;
-
-#define CHECK_NAME_CASE(n, enc, ptr, end, nextTokPtr) \
-   case BT_LEAD ## n: \
-     if (end - ptr < n) \
-       return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NAME_CHAR(enc, ptr, n)) { \
-       *nextTokPtr = ptr; \
-       return XML_TOK_INVALID; \
-     } \
-     ptr += n; \
-     break;
-
-#define CHECK_NAME_CASES(enc, ptr, end, nextTokPtr) \
-  case BT_NONASCII: \
-    if (!IS_NAME_CHAR_MINBPC(enc, ptr)) { \
-      *nextTokPtr = ptr; \
-      return XML_TOK_INVALID; \
-    } \
-  case BT_NMSTRT: \
-  case BT_HEX: \
-  case BT_DIGIT: \
-  case BT_NAME: \
-  case BT_MINUS: \
-    ptr += MINBPC(enc); \
-    break; \
-  CHECK_NAME_CASE(2, enc, ptr, end, nextTokPtr) \
-  CHECK_NAME_CASE(3, enc, ptr, end, nextTokPtr) \
-  CHECK_NAME_CASE(4, enc, ptr, end, nextTokPtr)
-
-#define CHECK_NMSTRT_CASE(n, enc, ptr, end, nextTokPtr) \
-   case BT_LEAD ## n: \
-     if (end - ptr < n) \
-       return XML_TOK_PARTIAL_CHAR; \
-     if (!IS_NMSTRT_CHAR(enc, ptr, n)) { \
-       *nextTokPtr = ptr; \
-       return XML_TOK_INVALID; \
-     } \
-     ptr += n; \
-     break;
-
-#define CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr) \
-  case BT_NONASCII: \
-    if (!IS_NMSTRT_CHAR_MINBPC(enc, ptr)) { \
-      *nextTokPtr = ptr; \
-      return XML_TOK_INVALID; \
-    } \
-  case BT_NMSTRT: \
-  case BT_HEX: \
-    ptr += MINBPC(enc); \
-    break; \
-  CHECK_NMSTRT_CASE(2, enc, ptr, end, nextTokPtr) \
-  CHECK_NMSTRT_CASE(3, enc, ptr, end, nextTokPtr) \
-  CHECK_NMSTRT_CASE(4, enc, ptr, end, nextTokPtr)
-
-#ifndef PREFIX
-#define PREFIX(ident) ident
-#endif
-
-/* ptr points to character following "')) {
-	    *nextTokPtr = ptr;
-	    return XML_TOK_INVALID;
-	  }
-	  *nextTokPtr = ptr + MINBPC(enc);
-	  return XML_TOK_COMMENT;
-	}
-	break;
-      default:
-	ptr += MINBPC(enc);
-	break;
-      }
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-/* ptr points to character following " */
-      switch (BYTE_TYPE(enc, ptr + MINBPC(enc))) {
-      case BT_S: case BT_CR: case BT_LF: case BT_PERCNT:
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      /* fall through */
-    case BT_S: case BT_CR: case BT_LF:
-      *nextTokPtr = ptr;
-      return XML_TOK_DECL_OPEN;
-    case BT_NMSTRT:
-    case BT_HEX:
-      ptr += MINBPC(enc);
-      break;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(checkPiTarget)(const ENCODING *enc, const char *ptr, const char *end, int *tokPtr)
-{
-  int upper = 0;
-  *tokPtr = XML_TOK_PI;
-  if (end - ptr != MINBPC(enc)*3)
-    return 1;
-  switch (BYTE_TO_ASCII(enc, ptr)) {
-  case 'x':
-    break;
-  case 'X':
-    upper = 1;
-    break;
-  default:
-    return 1;
-  }
-  ptr += MINBPC(enc);
-  switch (BYTE_TO_ASCII(enc, ptr)) {
-  case 'm':
-    break;
-  case 'M':
-    upper = 1;
-    break;
-  default:
-    return 1;
-  }
-  ptr += MINBPC(enc);
-  switch (BYTE_TO_ASCII(enc, ptr)) {
-  case 'l':
-    break;
-  case 'L':
-    upper = 1;
-    break;
-  default:
-    return 1;
-  }
-  if (upper)
-    return 0;
-  *tokPtr = XML_TOK_XML_DECL;
-  return 1;
-}
-
-/* ptr points to character following "')) {
-	    *nextTokPtr = ptr + MINBPC(enc);
-	    return tok;
-	  }
-	  break;
-	default:
-	  ptr += MINBPC(enc);
-	  break;
-	}
-      }
-      return XML_TOK_PARTIAL;
-    case BT_QUEST:
-      if (!PREFIX(checkPiTarget)(enc, target, ptr, &tok)) {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      if (CHAR_MATCHES(enc, ptr, '>')) {
-	*nextTokPtr = ptr + MINBPC(enc);
-	return tok;
-      }
-      /* fall through */
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-
-static
-int PREFIX(scanCdataSection)(const ENCODING *enc, const char *ptr, const char *end,
-			     const char **nextTokPtr)
-{
-  int i;
-  /* CDATA[ */
-  if (end - ptr < 6 * MINBPC(enc))
-    return XML_TOK_PARTIAL;
-  for (i = 0; i < 6; i++, ptr += MINBPC(enc)) {
-    if (!CHAR_MATCHES(enc, ptr, "CDATA["[i])) {
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_CDATA_SECT_OPEN;
-}
-
-static
-int PREFIX(cdataSectionTok)(const ENCODING *enc, const char *ptr, const char *end,
-			    const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_NONE;
-  if (MINBPC(enc) > 1) {
-    size_t n = end - ptr;
-    if (n & (MINBPC(enc) - 1)) {
-      n &= ~(MINBPC(enc) - 1);
-      if (n == 0)
-	return XML_TOK_PARTIAL;
-      end = ptr + n;
-    }
-  }
-  switch (BYTE_TYPE(enc, ptr)) {
-  case BT_RSQB:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    if (!CHAR_MATCHES(enc, ptr, ']'))
-      break;
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    if (!CHAR_MATCHES(enc, ptr, '>')) {
-      ptr -= MINBPC(enc);
-      break;
-    }
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_CDATA_SECT_CLOSE;
-  case BT_CR:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    if (BYTE_TYPE(enc, ptr) == BT_LF)
-      ptr += MINBPC(enc);
-    *nextTokPtr = ptr;
-    return XML_TOK_DATA_NEWLINE;
-  case BT_LF:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_DATA_NEWLINE;
-  INVALID_CASES(ptr, nextTokPtr)
-  default:
-    ptr += MINBPC(enc);
-    break;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: \
-      if (end - ptr < n || IS_INVALID_CHAR(enc, ptr, n)) { \
-	*nextTokPtr = ptr; \
-	return XML_TOK_DATA_CHARS; \
-      } \
-      ptr += n; \
-      break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_NONXML:
-    case BT_MALFORM:
-    case BT_TRAIL:
-    case BT_CR:
-    case BT_LF:
-    case BT_RSQB:
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_DATA_CHARS;
-}
-
-/* ptr points to character following "')) {
-	      *nextTokPtr = ptr;
-	      return XML_TOK_INVALID;
-	    }
-	    *nextTokPtr = ptr + MINBPC(enc);
-	    return XML_TOK_EMPTY_ELEMENT_WITH_ATTS;
-	  default:
-	    *nextTokPtr = ptr;
-	    return XML_TOK_INVALID;
-	  }
-	  break;
-	}
-	break;
-      }
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-/* ptr points to character following "<" */
-
-static
-int PREFIX(scanLt)(const ENCODING *enc, const char *ptr, const char *end,
-		   const char **nextTokPtr)
-{
-#ifdef XML_NS
-  int hadColon;
-#endif
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-  case BT_EXCL:
-    if ((ptr += MINBPC(enc)) == end)
-      return XML_TOK_PARTIAL;
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_MINUS:
-      return PREFIX(scanComment)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-    case BT_LSQB:
-      return PREFIX(scanCdataSection)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  case BT_QUEST:
-    return PREFIX(scanPi)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_SOL:
-    return PREFIX(scanEndTag)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-#ifdef XML_NS
-  hadColon = 0;
-#endif
-  /* we have a start-tag */
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-#ifdef XML_NS
-    case BT_COLON:
-      if (hadColon) {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      hadColon = 1;
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      switch (BYTE_TYPE(enc, ptr)) {
-      CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-      default:
-        *nextTokPtr = ptr;
-        return XML_TOK_INVALID;
-      }
-      break;
-#endif
-    case BT_S: case BT_CR: case BT_LF:
-      {
-        ptr += MINBPC(enc);
-	while (ptr != end) {
-	  switch (BYTE_TYPE(enc, ptr)) {
-	  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-	  case BT_GT:
-	    goto gt;
-	  case BT_SOL:
-	    goto sol;
-	  case BT_S: case BT_CR: case BT_LF:
-	    ptr += MINBPC(enc);
-	    continue;
-	  default:
-	    *nextTokPtr = ptr;
-	    return XML_TOK_INVALID;
-	  }
-	  return PREFIX(scanAtts)(enc, ptr, end, nextTokPtr);
-	}
-	return XML_TOK_PARTIAL;
-      }
-    case BT_GT:
-    gt:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_START_TAG_NO_ATTS;
-    case BT_SOL:
-    sol:
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      if (!CHAR_MATCHES(enc, ptr, '>')) {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_EMPTY_ELEMENT_NO_ATTS;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(contentTok)(const ENCODING *enc, const char *ptr, const char *end,
-		       const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_NONE;
-  if (MINBPC(enc) > 1) {
-    size_t n = end - ptr;
-    if (n & (MINBPC(enc) - 1)) {
-      n &= ~(MINBPC(enc) - 1);
-      if (n == 0)
-	return XML_TOK_PARTIAL;
-      end = ptr + n;
-    }
-  }
-  switch (BYTE_TYPE(enc, ptr)) {
-  case BT_LT:
-    return PREFIX(scanLt)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_AMP:
-    return PREFIX(scanRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_CR:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_TRAILING_CR;
-    if (BYTE_TYPE(enc, ptr) == BT_LF)
-      ptr += MINBPC(enc);
-    *nextTokPtr = ptr;
-    return XML_TOK_DATA_NEWLINE;
-  case BT_LF:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_DATA_NEWLINE;
-  case BT_RSQB:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_TRAILING_RSQB;
-    if (!CHAR_MATCHES(enc, ptr, ']'))
-      break;
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_TRAILING_RSQB;
-    if (!CHAR_MATCHES(enc, ptr, '>')) {
-      ptr -= MINBPC(enc);
-      break;
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  INVALID_CASES(ptr, nextTokPtr)
-  default:
-    ptr += MINBPC(enc);
-    break;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: \
-      if (end - ptr < n || IS_INVALID_CHAR(enc, ptr, n)) { \
-	*nextTokPtr = ptr; \
-	return XML_TOK_DATA_CHARS; \
-      } \
-      ptr += n; \
-      break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_RSQB:
-      if (ptr + MINBPC(enc) != end) {
-	 if (!CHAR_MATCHES(enc, ptr + MINBPC(enc), ']')) {
-	   ptr += MINBPC(enc);
-	   break;
-	 }
-	 if (ptr + 2*MINBPC(enc) != end) {
-	   if (!CHAR_MATCHES(enc, ptr + 2*MINBPC(enc), '>')) {
-	     ptr += MINBPC(enc);
-	     break;
-	   }
-	   *nextTokPtr = ptr + 2*MINBPC(enc);
-	   return XML_TOK_INVALID;
-	 }
-      }
-      /* fall through */
-    case BT_AMP:
-    case BT_LT:
-    case BT_NONXML:
-    case BT_MALFORM:
-    case BT_TRAIL:
-    case BT_CR:
-    case BT_LF:
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_DATA_CHARS;
-}
-
-/* ptr points to character following "%" */
-
-static
-int PREFIX(scanPercent)(const ENCODING *enc, const char *ptr, const char *end,
-			const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-  case BT_S: case BT_LF: case BT_CR: case BT_PERCNT:
-    *nextTokPtr = ptr;
-    return XML_TOK_PERCENT;
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-    case BT_SEMI:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_PARAM_ENTITY_REF;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(scanPoundName)(const ENCODING *enc, const char *ptr, const char *end,
-			  const char **nextTokPtr)
-{
-  if (ptr == end)
-    return XML_TOK_PARTIAL;
-  switch (BYTE_TYPE(enc, ptr)) {
-  CHECK_NMSTRT_CASES(enc, ptr, end, nextTokPtr)
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-    case BT_CR: case BT_LF: case BT_S:
-    case BT_RPAR: case BT_GT: case BT_PERCNT: case BT_VERBAR:
-      *nextTokPtr = ptr;
-      return XML_TOK_POUND_NAME;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(scanLit)(int opentype, const ENCODING *enc,
-		    const char *ptr, const char *end,
-		    const char **nextTokPtr)
-{
-  while (ptr != end) {
-    int t = BYTE_TYPE(enc, ptr);
-    switch (t) {
-    INVALID_CASES(ptr, nextTokPtr)
-    case BT_QUOT:
-    case BT_APOS:
-      ptr += MINBPC(enc);
-      if (t != opentype)
-	break;
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      *nextTokPtr = ptr;
-      switch (BYTE_TYPE(enc, ptr)) {
-      case BT_S: case BT_CR: case BT_LF:
-      case BT_GT: case BT_PERCNT: case BT_LSQB:
-	return XML_TOK_LITERAL;
-      default:
-	return XML_TOK_INVALID;
-      }
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(prologTok)(const ENCODING *enc, const char *ptr, const char *end,
-		      const char **nextTokPtr)
-{
-  int tok;
-  if (ptr == end)
-    return XML_TOK_NONE;
-  if (MINBPC(enc) > 1) {
-    size_t n = end - ptr;
-    if (n & (MINBPC(enc) - 1)) {
-      n &= ~(MINBPC(enc) - 1);
-      if (n == 0)
-	return XML_TOK_PARTIAL;
-      end = ptr + n;
-    }
-  }
-  switch (BYTE_TYPE(enc, ptr)) {
-  case BT_QUOT:
-    return PREFIX(scanLit)(BT_QUOT, enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_APOS:
-    return PREFIX(scanLit)(BT_APOS, enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_LT:
-    {
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	return XML_TOK_PARTIAL;
-      switch (BYTE_TYPE(enc, ptr)) {
-      case BT_EXCL:
-	return PREFIX(scanDecl)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      case BT_QUEST:
-	return PREFIX(scanPi)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      case BT_NMSTRT:
-      case BT_HEX:
-      case BT_NONASCII:
-      case BT_LEAD2:
-      case BT_LEAD3:
-      case BT_LEAD4:
-	*nextTokPtr = ptr - MINBPC(enc);
-	return XML_TOK_INSTANCE_START;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  case BT_CR:
-    if (ptr + MINBPC(enc) == end)
-      return XML_TOK_TRAILING_CR;
-    /* fall through */
-  case BT_S: case BT_LF:
-    for (;;) {
-      ptr += MINBPC(enc);
-      if (ptr == end)
-	break;
-      switch (BYTE_TYPE(enc, ptr)) {
-      case BT_S: case BT_LF:
-	break;
-      case BT_CR:
-	/* don't split CR/LF pair */
-	if (ptr + MINBPC(enc) != end)
-	  break;
-	/* fall through */
-      default:
-	*nextTokPtr = ptr;
-	return XML_TOK_PROLOG_S;
-      }
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_PROLOG_S;
-  case BT_PERCNT:
-    return PREFIX(scanPercent)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-  case BT_COMMA:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_COMMA;
-  case BT_LSQB:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_OPEN_BRACKET;
-  case BT_RSQB:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    if (CHAR_MATCHES(enc, ptr, ']')) {
-      if (ptr + MINBPC(enc) == end)
-	return XML_TOK_PARTIAL;
-      if (CHAR_MATCHES(enc, ptr + MINBPC(enc), '>')) {
-	*nextTokPtr = ptr + 2*MINBPC(enc);
-	return XML_TOK_COND_SECT_CLOSE;
-      }
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_CLOSE_BRACKET;
-  case BT_LPAR:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_OPEN_PAREN;
-  case BT_RPAR:
-    ptr += MINBPC(enc);
-    if (ptr == end)
-      return XML_TOK_PARTIAL;
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_AST:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_CLOSE_PAREN_ASTERISK;
-    case BT_QUEST:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_CLOSE_PAREN_QUESTION;
-    case BT_PLUS:
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_CLOSE_PAREN_PLUS;
-    case BT_CR: case BT_LF: case BT_S:
-    case BT_GT: case BT_COMMA: case BT_VERBAR:
-    case BT_RPAR:
-      *nextTokPtr = ptr;
-      return XML_TOK_CLOSE_PAREN;
-    }
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  case BT_VERBAR:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_OR;
-  case BT_GT:
-    *nextTokPtr = ptr + MINBPC(enc);
-    return XML_TOK_DECL_CLOSE;
-  case BT_NUM:
-    return PREFIX(scanPoundName)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-#define LEAD_CASE(n) \
-  case BT_LEAD ## n: \
-    if (end - ptr < n) \
-      return XML_TOK_PARTIAL_CHAR; \
-    if (IS_NMSTRT_CHAR(enc, ptr, n)) { \
-      ptr += n; \
-      tok = XML_TOK_NAME; \
-      break; \
-    } \
-    if (IS_NAME_CHAR(enc, ptr, n)) { \
-      ptr += n; \
-      tok = XML_TOK_NMTOKEN; \
-      break; \
-    } \
-    *nextTokPtr = ptr; \
-    return XML_TOK_INVALID;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-  case BT_NMSTRT:
-  case BT_HEX:
-    tok = XML_TOK_NAME;
-    ptr += MINBPC(enc);
-    break;
-  case BT_DIGIT:
-  case BT_NAME:
-  case BT_MINUS:
-#ifdef XML_NS
-  case BT_COLON:
-#endif
-    tok = XML_TOK_NMTOKEN;
-    ptr += MINBPC(enc);
-    break;
-  case BT_NONASCII:
-    if (IS_NMSTRT_CHAR_MINBPC(enc, ptr)) {
-      ptr += MINBPC(enc);
-      tok = XML_TOK_NAME;
-      break;
-    }
-    if (IS_NAME_CHAR_MINBPC(enc, ptr)) {
-      ptr += MINBPC(enc);
-      tok = XML_TOK_NMTOKEN;
-      break;
-    }
-    /* fall through */
-  default:
-    *nextTokPtr = ptr;
-    return XML_TOK_INVALID;
-  }
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-    case BT_GT: case BT_RPAR: case BT_COMMA:
-    case BT_VERBAR: case BT_LSQB: case BT_PERCNT:
-    case BT_S: case BT_CR: case BT_LF:
-      *nextTokPtr = ptr;
-      return tok;
-#ifdef XML_NS
-    case BT_COLON:
-      ptr += MINBPC(enc);
-      switch (tok) {
-      case XML_TOK_NAME:
-	if (ptr == end)
-	  return XML_TOK_PARTIAL;
-	tok = XML_TOK_PREFIXED_NAME;
-	switch (BYTE_TYPE(enc, ptr)) {
-	CHECK_NAME_CASES(enc, ptr, end, nextTokPtr)
-	default:
-	  tok = XML_TOK_NMTOKEN;
-	  break;
-	}
-	break;
-      case XML_TOK_PREFIXED_NAME:
-	tok = XML_TOK_NMTOKEN;
-	break;
-      }
-      break;
-#endif
-    case BT_PLUS:
-      if (tok == XML_TOK_NMTOKEN)  {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_NAME_PLUS;
-    case BT_AST:
-      if (tok == XML_TOK_NMTOKEN)  {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_NAME_ASTERISK;
-    case BT_QUEST:
-      if (tok == XML_TOK_NMTOKEN)  {
-	*nextTokPtr = ptr;
-	return XML_TOK_INVALID;
-      }
-      *nextTokPtr = ptr + MINBPC(enc);
-      return XML_TOK_NAME_QUESTION;
-    default:
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    }
-  }
-  return XML_TOK_PARTIAL;
-}
-
-static
-int PREFIX(attributeValueTok)(const ENCODING *enc, const char *ptr, const char *end,
-			      const char **nextTokPtr)
-{
-  const char *start;
-  if (ptr == end)
-    return XML_TOK_NONE;
-  start = ptr;
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: ptr += n; break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_AMP:
-      if (ptr == start)
-	return PREFIX(scanRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_LT:
-      /* this is for inside entity references */
-      *nextTokPtr = ptr;
-      return XML_TOK_INVALID;
-    case BT_LF:
-      if (ptr == start) {
-	*nextTokPtr = ptr + MINBPC(enc);
-	return XML_TOK_DATA_NEWLINE;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_CR:
-      if (ptr == start) {
-	ptr += MINBPC(enc);
-	if (ptr == end)
-	  return XML_TOK_TRAILING_CR;
-	if (BYTE_TYPE(enc, ptr) == BT_LF)
-	  ptr += MINBPC(enc);
-	*nextTokPtr = ptr;
-	return XML_TOK_DATA_NEWLINE;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_S:
-      if (ptr == start) {
-	*nextTokPtr = ptr + MINBPC(enc);
-	return XML_TOK_ATTRIBUTE_VALUE_S;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_DATA_CHARS;
-}
-
-static
-int PREFIX(entityValueTok)(const ENCODING *enc, const char *ptr, const char *end,
-			   const char **nextTokPtr)
-{
-  const char *start;
-  if (ptr == end)
-    return XML_TOK_NONE;
-  start = ptr;
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: ptr += n; break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_AMP:
-      if (ptr == start)
-	return PREFIX(scanRef)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_PERCNT:
-      if (ptr == start)
-	return PREFIX(scanPercent)(enc, ptr + MINBPC(enc), end, nextTokPtr);
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_LF:
-      if (ptr == start) {
-	*nextTokPtr = ptr + MINBPC(enc);
-	return XML_TOK_DATA_NEWLINE;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    case BT_CR:
-      if (ptr == start) {
-	ptr += MINBPC(enc);
-	if (ptr == end)
-	  return XML_TOK_TRAILING_CR;
-	if (BYTE_TYPE(enc, ptr) == BT_LF)
-	  ptr += MINBPC(enc);
-	*nextTokPtr = ptr;
-	return XML_TOK_DATA_NEWLINE;
-      }
-      *nextTokPtr = ptr;
-      return XML_TOK_DATA_CHARS;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-  }
-  *nextTokPtr = ptr;
-  return XML_TOK_DATA_CHARS;
-}
-
-static
-int PREFIX(isPublicId)(const ENCODING *enc, const char *ptr, const char *end,
-		       const char **badPtr)
-{
-  ptr += MINBPC(enc);
-  end -= MINBPC(enc);
-  for (; ptr != end; ptr += MINBPC(enc)) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_DIGIT:
-    case BT_HEX:
-    case BT_MINUS:
-    case BT_APOS:
-    case BT_LPAR:
-    case BT_RPAR:
-    case BT_PLUS:
-    case BT_COMMA:
-    case BT_SOL:
-    case BT_EQUALS:
-    case BT_QUEST:
-    case BT_CR:
-    case BT_LF:
-    case BT_SEMI:
-    case BT_EXCL:
-    case BT_AST:
-    case BT_PERCNT:
-    case BT_NUM:
-#ifdef XML_NS
-    case BT_COLON:
-#endif
-      break;
-    case BT_S:
-      if (CHAR_MATCHES(enc, ptr, '\t')) {
-	*badPtr = ptr;
-	return 0;
-      }
-      break;
-    case BT_NAME:
-    case BT_NMSTRT:
-      if (!(BYTE_TO_ASCII(enc, ptr) & ~0x7f))
-	break;
-    default:
-      switch (BYTE_TO_ASCII(enc, ptr)) {
-      case 0x24: /* $ */
-      case 0x40: /* @ */
-	break;
-      default:
-	*badPtr = ptr;
-	return 0;
-      }
-      break;
-    }
-  }
-  return 1;
-}
-
-/* This must only be called for a well-formed start-tag or empty element tag.
-Returns the number of attributes.  Pointers to the first attsMax attributes 
-are stored in atts. */
-
-static
-int PREFIX(getAtts)(const ENCODING *enc, const char *ptr,
-		    int attsMax, ATTRIBUTE *atts)
-{
-  enum { other, inName, inValue } state = inName;
-  int nAtts = 0;
-  int opentype = 0;
-
-  for (ptr += MINBPC(enc);; ptr += MINBPC(enc)) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define START_NAME \
-      if (state == other) { \
-	if (nAtts < attsMax) { \
-	  atts[nAtts].name = ptr; \
-	  atts[nAtts].normalized = 1; \
-	} \
-	state = inName; \
-      }
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: START_NAME ptr += (n - MINBPC(enc)); break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_NONASCII:
-    case BT_NMSTRT:
-    case BT_HEX:
-      START_NAME
-      break;
-#undef START_NAME
-    case BT_QUOT:
-      if (state != inValue) {
-	if (nAtts < attsMax)
-	  atts[nAtts].valuePtr = ptr + MINBPC(enc);
-        state = inValue;
-        opentype = BT_QUOT;
-      }
-      else if (opentype == BT_QUOT) {
-        state = other;
-	if (nAtts < attsMax)
-	  atts[nAtts].valueEnd = ptr;
-	nAtts++;
-      }
-      break;
-    case BT_APOS:
-      if (state != inValue) {
-	if (nAtts < attsMax)
-	  atts[nAtts].valuePtr = ptr + MINBPC(enc);
-        state = inValue;
-        opentype = BT_APOS;
-      }
-      else if (opentype == BT_APOS) {
-        state = other;
-	if (nAtts < attsMax)
-	  atts[nAtts].valueEnd = ptr;
-	nAtts++;
-      }
-      break;
-    case BT_AMP:
-      if (nAtts < attsMax)
-	atts[nAtts].normalized = 0;
-      break;
-    case BT_S:
-      if (state == inName)
-        state = other;
-      else if (state == inValue
-	       && nAtts < attsMax
-	       && atts[nAtts].normalized
-	       && (ptr == atts[nAtts].valuePtr
-		   || BYTE_TO_ASCII(enc, ptr) != ' '
-		   || BYTE_TO_ASCII(enc, ptr + MINBPC(enc)) == ' '
-	           || BYTE_TYPE(enc, ptr + MINBPC(enc)) == opentype))
-	atts[nAtts].normalized = 0;
-      break;
-    case BT_CR: case BT_LF:
-      /* This case ensures that the first attribute name is counted
-         Apart from that we could just change state on the quote. */
-      if (state == inName)
-        state = other;
-      else if (state == inValue && nAtts < attsMax)
-	atts[nAtts].normalized = 0;
-      break;
-    case BT_GT:
-    case BT_SOL:
-      if (state != inValue)
-	return nAtts;
-      break;
-    default:
-      break;
-    }
-  }
-  /* not reached */
-}
-
-static
-int PREFIX(charRefNumber)(const ENCODING *enc, const char *ptr)
-{
-  int result = 0;
-  /* skip &# */
-  ptr += 2*MINBPC(enc);
-  if (CHAR_MATCHES(enc, ptr, 'x')) {
-    for (ptr += MINBPC(enc); !CHAR_MATCHES(enc, ptr, ';'); ptr += MINBPC(enc)) {
-      int c = BYTE_TO_ASCII(enc, ptr);
-      switch (c) {
-      case '0': case '1': case '2': case '3': case '4':
-      case '5': case '6': case '7': case '8': case '9':
-	result <<= 4;
-	result |= (c - '0');
-	break;
-      case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
-	result <<= 4;
-	result += 10 + (c - 'A');
-	break;
-      case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
-	result <<= 4;
-	result += 10 + (c - 'a');
-	break;
-      }
-      if (result >= 0x110000)
-	return -1;
-    }
-  }
-  else {
-    for (; !CHAR_MATCHES(enc, ptr, ';'); ptr += MINBPC(enc)) {
-      int c = BYTE_TO_ASCII(enc, ptr);
-      result *= 10;
-      result += (c - '0');
-      if (result >= 0x110000)
-	return -1;
-    }
-  }
-  return checkCharRefNumber(result);
-}
-
-static
-int PREFIX(predefinedEntityName)(const ENCODING *enc, const char *ptr, const char *end)
-{
-  switch ((end - ptr)/MINBPC(enc)) {
-  case 2:
-    if (CHAR_MATCHES(enc, ptr + MINBPC(enc), 't')) {
-      switch (BYTE_TO_ASCII(enc, ptr)) {
-      case 'l':
-	return '<';
-      case 'g':
-	return '>';
-      }
-    }
-    break;
-  case 3:
-    if (CHAR_MATCHES(enc, ptr, 'a')) {
-      ptr += MINBPC(enc);
-      if (CHAR_MATCHES(enc, ptr, 'm')) {
-	ptr += MINBPC(enc);
-	if (CHAR_MATCHES(enc, ptr, 'p'))
-	  return '&';
-      }
-    }
-    break;
-  case 4:
-    switch (BYTE_TO_ASCII(enc, ptr)) {
-    case 'q':
-      ptr += MINBPC(enc);
-      if (CHAR_MATCHES(enc, ptr, 'u')) {
-	ptr += MINBPC(enc);
-	if (CHAR_MATCHES(enc, ptr, 'o')) {
-	  ptr += MINBPC(enc);
-  	  if (CHAR_MATCHES(enc, ptr, 't'))
-	    return '"';
-	}
-      }
-      break;
-    case 'a':
-      ptr += MINBPC(enc);
-      if (CHAR_MATCHES(enc, ptr, 'p')) {
-	ptr += MINBPC(enc);
-	if (CHAR_MATCHES(enc, ptr, 'o')) {
-	  ptr += MINBPC(enc);
-  	  if (CHAR_MATCHES(enc, ptr, 's'))
-	    return '\'';
-	}
-      }
-      break;
-    }
-  }
-  return 0;
-}
-
-static
-int PREFIX(sameName)(const ENCODING *enc, const char *ptr1, const char *ptr2)
-{
-  for (;;) {
-    switch (BYTE_TYPE(enc, ptr1)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: \
-      if (*ptr1++ != *ptr2++) \
-	return 0;
-    LEAD_CASE(4) LEAD_CASE(3) LEAD_CASE(2)
-#undef LEAD_CASE
-      /* fall through */
-      if (*ptr1++ != *ptr2++)
-	return 0;
-      break;
-    case BT_NONASCII:
-    case BT_NMSTRT:
-#ifdef XML_NS
-    case BT_COLON:
-#endif
-    case BT_HEX:
-    case BT_DIGIT:
-    case BT_NAME:
-    case BT_MINUS:
-      if (*ptr2++ != *ptr1++)
-	return 0;
-      if (MINBPC(enc) > 1) {
-	if (*ptr2++ != *ptr1++)
-	  return 0;
-	if (MINBPC(enc) > 2) {
-	  if (*ptr2++ != *ptr1++)
-	    return 0;
-          if (MINBPC(enc) > 3) {
-	    if (*ptr2++ != *ptr1++)
-      	      return 0;
-	  }
-	}
-      }
-      break;
-    default:
-      if (MINBPC(enc) == 1 && *ptr1 == *ptr2)
-	return 1;
-      switch (BYTE_TYPE(enc, ptr2)) {
-      case BT_LEAD2:
-      case BT_LEAD3:
-      case BT_LEAD4:
-      case BT_NONASCII:
-      case BT_NMSTRT:
-#ifdef XML_NS
-      case BT_COLON:
-#endif
-      case BT_HEX:
-      case BT_DIGIT:
-      case BT_NAME:
-      case BT_MINUS:
-	return 0;
-      default:
-	return 1;
-      }
-    }
-  }
-  /* not reached */
-}
-
-static
-int PREFIX(nameMatchesAscii)(const ENCODING *enc, const char *ptr1, const char *ptr2)
-{
-  for (; *ptr2; ptr1 += MINBPC(enc), ptr2++) {
-    if (!CHAR_MATCHES(enc, ptr1, *ptr2))
-      return 0;
-  }
-  switch (BYTE_TYPE(enc, ptr1)) {
-  case BT_LEAD2:
-  case BT_LEAD3:
-  case BT_LEAD4:
-  case BT_NONASCII:
-  case BT_NMSTRT:
-#ifdef XML_NS
-  case BT_COLON:
-#endif
-  case BT_HEX:
-  case BT_DIGIT:
-  case BT_NAME:
-  case BT_MINUS:
-    return 0;
-  default:
-    return 1;
-  }
-}
-
-static
-int PREFIX(nameLength)(const ENCODING *enc, const char *ptr)
-{
-  const char *start = ptr;
-  for (;;) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: ptr += n; break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_NONASCII:
-    case BT_NMSTRT:
-#ifdef XML_NS
-    case BT_COLON:
-#endif
-    case BT_HEX:
-    case BT_DIGIT:
-    case BT_NAME:
-    case BT_MINUS:
-      ptr += MINBPC(enc);
-      break;
-    default:
-      return ptr - start;
-    }
-  }
-}
-
-static
-const char *PREFIX(skipS)(const ENCODING *enc, const char *ptr)
-{
-  for (;;) {
-    switch (BYTE_TYPE(enc, ptr)) {
-    case BT_LF:
-    case BT_CR:
-    case BT_S:
-      ptr += MINBPC(enc);
-      break;
-    default:
-      return ptr;
-    }
-  }
-}
-
-static
-void PREFIX(updatePosition)(const ENCODING *enc,
-			    const char *ptr,
-			    const char *end,
-			    POSITION *pos)
-{
-  while (ptr != end) {
-    switch (BYTE_TYPE(enc, ptr)) {
-#define LEAD_CASE(n) \
-    case BT_LEAD ## n: \
-      ptr += n; \
-      break;
-    LEAD_CASE(2) LEAD_CASE(3) LEAD_CASE(4)
-#undef LEAD_CASE
-    case BT_LF:
-      pos->columnNumber = (unsigned)-1;
-      pos->lineNumber++;
-      ptr += MINBPC(enc);
-      break;
-    case BT_CR:
-      pos->lineNumber++;
-      ptr += MINBPC(enc);
-      if (ptr != end && BYTE_TYPE(enc, ptr) == BT_LF)
-	ptr += MINBPC(enc);
-      pos->columnNumber = (unsigned)-1;
-      break;
-    default:
-      ptr += MINBPC(enc);
-      break;
-    }
-    pos->columnNumber++;
-  }
-}
-
-#undef DO_LEAD_CASE
-#undef MULTIBYTE_CASES
-#undef INVALID_CASES
-#undef CHECK_NAME_CASE
-#undef CHECK_NAME_CASES
-#undef CHECK_NMSTRT_CASE
-#undef CHECK_NMSTRT_CASES
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.h b/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.h
deleted file mode 100644
index e72b225c838..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok_impl.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
-The contents of this file are subject to the Mozilla Public License
-Version 1.1 (the "License"); you may not use this file except in
-compliance with the License. You may obtain a copy of the License at
-http://www.mozilla.org/MPL/
-
-Software distributed under the License is distributed on an "AS IS"
-basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
-License for the specific language governing rights and limitations
-under the License.
-
-The Original Code is expat.
-
-The Initial Developer of the Original Code is James Clark.
-Portions created by James Clark are Copyright (C) 1998, 1999
-James Clark. All Rights Reserved.
-
-Contributor(s):
-
-Alternatively, the contents of this file may be used under the terms
-of the GNU General Public License (the "GPL"), in which case the
-provisions of the GPL are applicable instead of those above.  If you
-wish to allow use of your version of this file only under the terms of
-the GPL and not to allow others to use your version of this file under
-the MPL, indicate your decision by deleting the provisions above and
-replace them with the notice and other provisions required by the
-GPL. If you do not delete the provisions above, a recipient may use
-your version of this file under either the MPL or the GPL.
-*/
-
-enum {
-  BT_NONXML,
-  BT_MALFORM,
-  BT_LT,
-  BT_AMP,
-  BT_RSQB,
-  BT_LEAD2,
-  BT_LEAD3,
-  BT_LEAD4,
-  BT_TRAIL,
-  BT_CR,
-  BT_LF,
-  BT_GT,
-  BT_QUOT,
-  BT_APOS,
-  BT_EQUALS,
-  BT_QUEST,
-  BT_EXCL,
-  BT_SOL,
-  BT_SEMI,
-  BT_NUM,
-  BT_LSQB,
-  BT_S,
-  BT_NMSTRT,
-  BT_COLON,
-  BT_HEX,
-  BT_DIGIT,
-  BT_NAME,
-  BT_MINUS,
-  BT_OTHER, /* known not to be a name or name start character */
-  BT_NONASCII, /* might be a name or name start character */
-  BT_PERCNT,
-  BT_LPAR,
-  BT_RPAR,
-  BT_AST,
-  BT_PLUS,
-  BT_COMMA,
-  BT_VERBAR
-};
-
-#include 
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltok_ns.c b/usr.sbin/httpd/src/lib/expat-lite/xmltok_ns.c
deleted file mode 100644
index a32c5774580..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltok_ns.c
+++ /dev/null
@@ -1,96 +0,0 @@
-const ENCODING *NS(XmlGetUtf8InternalEncoding)(void)
-{
-  return &ns(internal_utf8_encoding).enc;
-}
-
-const ENCODING *NS(XmlGetUtf16InternalEncoding)(void)
-{
-#if XML_BYTE_ORDER == 12
-  return &ns(internal_little2_encoding).enc;
-#elif XML_BYTE_ORDER == 21
-  return &ns(internal_big2_encoding).enc;
-#else
-  const short n = 1;
-  return *(const char *)&n ? &ns(internal_little2_encoding).enc : &ns(internal_big2_encoding).enc;
-#endif
-}
-
-static
-const ENCODING *NS(encodings)[] = {
-  &ns(latin1_encoding).enc,
-  &ns(ascii_encoding).enc,
-  &ns(utf8_encoding).enc,
-  &ns(big2_encoding).enc,
-  &ns(big2_encoding).enc,
-  &ns(little2_encoding).enc,
-  &ns(utf8_encoding).enc /* NO_ENC */
-};
-
-static
-int NS(initScanProlog)(const ENCODING *enc, const char *ptr, const char *end,
-		       const char **nextTokPtr)
-{
-  return initScan(NS(encodings), (const INIT_ENCODING *)enc, XML_PROLOG_STATE, ptr, end, nextTokPtr);
-}
-
-static
-int NS(initScanContent)(const ENCODING *enc, const char *ptr, const char *end,
-		       const char **nextTokPtr)
-{
-  return initScan(NS(encodings), (const INIT_ENCODING *)enc, XML_CONTENT_STATE, ptr, end, nextTokPtr);
-}
-
-int NS(XmlInitEncoding)(INIT_ENCODING *p, const ENCODING **encPtr, const char *name)
-{
-  int i = getEncodingIndex(name);
-  if (i == UNKNOWN_ENC)
-    return 0;
-  INIT_ENC_INDEX(p) = (char)i;
-  p->initEnc.scanners[XML_PROLOG_STATE] = NS(initScanProlog);
-  p->initEnc.scanners[XML_CONTENT_STATE] = NS(initScanContent);
-  p->initEnc.updatePosition = initUpdatePosition;
-  p->encPtr = encPtr;
-  *encPtr = &(p->initEnc);
-  return 1;
-}
-
-static
-const ENCODING *NS(findEncoding)(const ENCODING *enc, const char *ptr, const char *end)
-{
-#define ENCODING_MAX 128
-  char buf[ENCODING_MAX];
-  char *p = buf;
-  int i;
-  XmlUtf8Convert(enc, &ptr, end, &p, p + ENCODING_MAX - 1);
-  if (ptr != end)
-    return 0;
-  *p = 0;
-  if (streqci(buf, "UTF-16") && enc->minBytesPerChar == 2)
-    return enc;
-  i = getEncodingIndex(buf);
-  if (i == UNKNOWN_ENC)
-    return 0;
-  return NS(encodings)[i];
-}
-
-int NS(XmlParseXmlDecl)(int isGeneralTextEntity,
-			const ENCODING *enc,
-			const char *ptr,
-			const char *end,
-			const char **badPtr,
-			const char **versionPtr,
-			const char **encodingName,
-			const ENCODING **encoding,
-			int *standalone)
-{
-  return doParseXmlDecl(NS(findEncoding),
-			isGeneralTextEntity,
-			enc,
-			ptr,
-			end,
-			badPtr,
-			versionPtr,
-			encodingName,
-			encoding,
-			standalone);
-}
diff --git a/usr.sbin/httpd/src/lib/expat-lite/xmltoknw.def b/usr.sbin/httpd/src/lib/expat-lite/xmltoknw.def
deleted file mode 100644
index 093cda90411..00000000000
--- a/usr.sbin/httpd/src/lib/expat-lite/xmltoknw.def
+++ /dev/null
@@ -1 +0,0 @@
-EXPORT @xmltok.imp
diff --git a/usr.sbin/httpd/src/main/.indent.pro b/usr.sbin/httpd/src/main/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/main/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/main/Makefile.tmpl b/usr.sbin/httpd/src/main/Makefile.tmpl
deleted file mode 100644
index fd59e52b4a3..00000000000
--- a/usr.sbin/httpd/src/main/Makefile.tmpl
+++ /dev/null
@@ -1,166 +0,0 @@
-
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-
-LIB=  libmain.a
-HEADERS= test_char.h uri_delims.h 
-
-OBJS= alloc.o buff.o \
-      http_config.o http_core.o http_log.o \
-      http_main.o http_protocol.o http_request.o http_vhost.o \
-      util.o util_date.o util_script.o util_uri.o util_md5.o \
-      rfc1413.o fdcache.o
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-all: $(HEADERS) $(LIB)
-
-$(LIB): $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-clean:
-	rm -f *.o $(LIB) uri_delims.h gen_uri_delims test_char.h gen_test_char
-
-distclean: clean
-	-rm -f Makefile
-
-uri_delims.h: gen_uri_delims
-	./gen_uri_delims >uri_delims.h
-
-gen_uri_delims: gen_uri_delims.o
-	$(CC) $(CFLAGS) $(LDFLAGS) -o gen_uri_delims gen_uri_delims.o $(LIBS)
-
-test_char.h: gen_test_char
-	./gen_test_char >test_char.h
-
-gen_test_char: gen_test_char.o
-	$(CC) $(CFLAGS) $(LDFLAGS) -o gen_test_char gen_test_char.o $(LIBS)
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-#Dependencies
-
-$(OBJS): Makefile
-
-# DO NOT REMOVE
-alloc.o: alloc.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/multithread.h $(INCDIR)/http_log.h
-buff.o: buff.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h
-gen_test_char.o: gen_test_char.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h
-gen_uri_delims.o: gen_uri_delims.c
-http_config.o: http_config.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_vhost.h $(INCDIR)/explain.h
-http_core.o: http_core.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_vhost.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h $(INCDIR)/rfc1413.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/fnmatch.h
-http_log.o: http_log.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h
-http_main.o: http_main.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_vhost.h $(INCDIR)/util_script.h \
- $(INCDIR)/scoreboard.h $(INCDIR)/multithread.h $(INCDIR)/explain.h
-http_protocol.o: http_protocol.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_vhost.h $(INCDIR)/http_log.h $(INCDIR)/util_date.h \
- $(INCDIR)/http_conf_globals.h
-http_request.o: http_request.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_main.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/fnmatch.h
-http_vhost.o: http_vhost.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_vhost.h \
- $(INCDIR)/http_protocol.h
-rfc1413.o: rfc1413.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_log.h $(INCDIR)/rfc1413.h $(INCDIR)/http_main.h
-util.o: util.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_log.h test_char.h
-util_date.o: util_date.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/util_date.h
-util_md5.o: util_md5.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h
-util_script.o: util_script.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_request.h $(INCDIR)/util_script.h \
- $(INCDIR)/util_date.h
-util_uri.o: util_uri.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/buff.h $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_conf_globals.h uri_delims.h
-fdcache.o: fdcache.c
diff --git a/usr.sbin/httpd/src/main/alloc.c b/usr.sbin/httpd/src/main/alloc.c
deleted file mode 100644
index 2bf4c880344..00000000000
--- a/usr.sbin/httpd/src/main/alloc.c
+++ /dev/null
@@ -1,2681 +0,0 @@
-/*	$OpenBSD: alloc.c,v 1.19 2008/05/23 08:41:48 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Resource allocation code... the code here is responsible for making
- * sure that nothing leaks.
- *
- * rst --- 4/95 --- 6/95
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "multithread.h"
-#include "http_log.h"
-
-#include 
-
-/* debugging support, define this to enable code which helps detect re-use
- * of freed memory and other such nonsense.
- *
- * The theory is simple.  The FILL_BYTE (0xa5) is written over all malloc'd
- * memory as we receive it, and is written over everything that we free up
- * during a clear_pool.  We check that blocks on the free list always
- * have the FILL_BYTE in them, and we check during palloc() that the bytes
- * still have FILL_BYTE in them.  If you ever see garbage URLs or whatnot
- * containing lots of 0xa5s then you know something used data that's been
- * freed or uninitialized.
- */
-/* #define ALLOC_DEBUG */
-
-/* debugging support, if defined all allocations will be done with
- * malloc and free()d appropriately at the end.  This is intended to be
- * used with something like Electric Fence or Purify to help detect
- * memory problems.  Note that if you're using efence then you should also
- * add in ALLOC_DEBUG.  But don't add in ALLOC_DEBUG if you're using Purify
- * because ALLOC_DEBUG would hide all the uninitialized read errors that
- * Purify can diagnose.
- */
-/* #define ALLOC_USE_MALLOC */
-
-/* Pool debugging support.  This is intended to detect cases where the
- * wrong pool is used when assigning data to an object in another pool.
- * In particular, it causes the table_{set,add,merge}n routines to check
- * that their arguments are safe for the table they're being placed in.
- * It currently only works with the unix multiprocess model, but could
- * be extended to others.
- */
-/* #define POOL_DEBUG */
-
-/* Provide diagnostic information about make_table() calls which are
- * possibly too small.  This requires a recent gcc which supports
- * __builtin_return_address().  The error_log output will be a
- * message such as:
- *    table_push: table created by 0x804d874 hit limit of 10
- * Use "l *0x804d874" to find the source that corresponds to.  It
- * indicates that a table allocated by a call at that address has
- * possibly too small an initial table size guess.
- */
-/* #define MAKE_TABLE_PROFILE */
-
-#ifdef POOL_DEBUG
-#ifdef ALLOC_USE_MALLOC
-# error "sorry, no support for ALLOC_USE_MALLOC and POOL_DEBUG at the same time"
-#endif
-#endif
-
-#ifdef ALLOC_USE_MALLOC
-#undef BLOCK_MINFREE
-#undef BLOCK_MINALLOC
-#define BLOCK_MINFREE	0
-#define BLOCK_MINALLOC	0
-#endif
-
-#if defined(EAPI_MM)
-static AP_MM *mm = NULL;
-#endif
-
-/*****************************************************************
- *
- * Managing free storage blocks...
- */
-
-union align {
-	/*
-	 * Types which are likely to have the longest RELEVANT alignment
-	 * restrictions...
-	 */
-	char	*cp;
-	void	(*f)(void);
-	long	 l;
-	FILE	*fp;
-	double	 d;
-};
-
-#define CLICK_SZ (sizeof(union align))
-
-union block_hdr {
-	union align a;
-
-	/* Actual header... */
-
-	struct {
-		char		*endp;
-		union		 block_hdr *next;
-		char		*first_avail;
-#if defined(EAPI_MM)
-		int		 is_shm;
-#endif
-#ifdef POOL_DEBUG
-		union block_hdr	*global_next;
-		struct pool	*owning_pool;
-#endif
-	} h;
-};
-
-static union block_hdr *block_freelist = NULL;
-static mutex *alloc_mutex = NULL;
-static mutex *spawn_mutex = NULL;
-#ifdef POOL_DEBUG
-static char *known_stack_point;
-static int stack_direction;
-static union block_hdr *global_block_list;
-#define FREE_POOL	((struct pool *)(-1))
-#endif
-
-#ifdef ALLOC_DEBUG
-#define FILL_BYTE	((char)(0xa5))
-
-#define debug_fill(ptr,size)	((void)memset((ptr), FILL_BYTE, (size)))
-
-static ap_inline void
-debug_verify_filled(const char *ptr, const char *endp, const char *error_msg)
-{
-	for (; ptr < endp; ++ptr) {
-		if (*ptr != FILL_BYTE) {
-			fputs(error_msg, stderr);
-			abort();
-			exit(1);
-		}
-	}
-}
-
-#else
-#define debug_fill(a,b)
-#define debug_verify_filled(a,b,c)
-#endif
-
-
-/* Get a completely new block from the system pool. Note that we rely on
-   malloc() to provide aligned memory. */
-
-#if defined(EAPI_MM)
-static union block_hdr
-*malloc_block(int size, int is_shm)
-#else
-static union block_hdr
-*malloc_block(int size)
-#endif
-{
-	union block_hdr *blok;
-	int request_size;
-
-#ifdef ALLOC_DEBUG
-	/*
-	 * make some room at the end which we'll fill and expect to be
-	 * always filled
-	 */
-	size += CLICK_SZ;
-#endif
-	request_size = size + sizeof(union block_hdr);
-#if defined(EAPI_MM)
-	if (is_shm)
-		blok = (union block_hdr *)ap_mm_malloc(mm, request_size);
-	else
-#endif
-		blok = (union block_hdr *) malloc(request_size);
-	if (blok == NULL) {
-		fprintf(stderr, "Ouch!  malloc(%d) failed in malloc_block()\n",
-		    request_size);
-		exit(1);
-	}
-	debug_fill(blok, size + sizeof(union block_hdr));
-#if defined(EAPI_MM)
-	blok->h.is_shm = is_shm;
-#endif
-	blok->h.next = NULL;
-	blok->h.first_avail = (char *)(blok + 1);
-	blok->h.endp = size + blok->h.first_avail;
-#ifdef ALLOC_DEBUG
-	blok->h.endp -= CLICK_SZ;
-#endif
-#ifdef POOL_DEBUG
-	blok->h.global_next = global_block_list;
-	global_block_list = blok;
-	blok->h.owning_pool = NULL;
-#endif
-
-	return blok;
-}
-
-#if defined(ALLOC_DEBUG) && !defined(ALLOC_USE_MALLOC)
-static void
-chk_on_blk_list(union block_hdr *blok, union block_hdr *free_blk)
-{
-	debug_verify_filled(blok->h.endp, blok->h.endp + CLICK_SZ,
-	    "Ouch!  Someone trounced the padding at the end of a block!\n");
-	while (free_blk) {
-		if (free_blk == blok) {
-			fprintf(stderr, "Ouch!  Freeing free block\n");
-			abort();
-			exit(1);
-		}
-		free_blk = free_blk->h.next;
-	}
-}
-#else
-#define chk_on_blk_list(_x, _y)
-#endif
-
-/* Free a chain of blocks --- must be called with alarms blocked. */
-static void
-free_blocks(union block_hdr *blok)
-{
-#ifdef ALLOC_USE_MALLOC
-	union block_hdr *next;
-
-	for (; blok; blok = next) {
-		next = blok->h.next;
-		free(blok);
-	}
-#else
-	/*
-	 * First, put new blocks at the head of the free list ---
-	 * we'll eventually bash the 'next' pointer of the last block
-	 * in the chain to point to the free blocks we already had.
-	 */
-	union block_hdr *old_free_list;
-
-	/* Sanity check --- freeing empty pool? */
-	if (blok == NULL)
-		return;
-
-#if defined(EAPI_MM)
-	if (blok->h.is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void) ap_acquire_mutex(alloc_mutex);
-	old_free_list = block_freelist;
-	block_freelist = blok;
-
-	/*
-	 * Next, adjust first_avail pointers of each block --- have to do it
-	 * sooner or later, and it simplifies the search in new_block to do it
-	 * now.
-	 */
-	while (blok->h.next != NULL) {
-		chk_on_blk_list(blok, old_free_list);
-		blok->h.first_avail = (char *)(blok + 1);
-		debug_fill(blok->h.first_avail,
-		    blok->h.endp - blok->h.first_avail);
-#ifdef POOL_DEBUG
-		blok->h.owning_pool = FREE_POOL;
-#endif
-		blok = blok->h.next;
-	}
-
-	chk_on_blk_list(blok, old_free_list);
-	blok->h.first_avail = (char *)(blok + 1);
-	debug_fill(blok->h.first_avail, blok->h.endp - blok->h.first_avail);
-#ifdef POOL_DEBUG
-	blok->h.owning_pool = FREE_POOL;
-#endif
-
-	/* Finally, reset next pointer to get the old free blocks back */
-	blok->h.next = old_free_list;
-
-	(void) ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (blok->h.is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-#endif
-}
-
-
-/* 
- * Get a new block, from our own free list if possible, from the system
- * if necessary.  Must be called with alarms blocked.
- */
-#if defined(EAPI_MM)
-static union block_hdr
-*new_block(int min_size, int is_shm)
-#else
-static union block_hdr
-*new_block(int min_size)
-#endif
-{
-	union block_hdr **lastptr = &block_freelist;
-	union block_hdr *blok = block_freelist;
-
-	/*
-	 * First, see if we have anything of the required size
-	 * on the free list...
-	 */
-	while (blok != NULL) {
-#if defined(EAPI_MM)
-		if (blok->h.is_shm == is_shm &&
-		    min_size + BLOCK_MINFREE <= blok->h.endp -
-		    blok->h.first_avail) {
-#else
-		if (min_size + BLOCK_MINFREE <= blok->h.endp -
-		    blok->h.first_avail) {
-#endif
-			*lastptr = blok->h.next;
-			blok->h.next = NULL;
-			debug_verify_filled(blok->h.first_avail, blok->h.endp,
-			    "Ouch!  Someone trounced a block on the free "
-			    "list!\n");
-			return blok;
-		}
-		else {
-			lastptr = &blok->h.next;
-			blok = blok->h.next;
-		}
-	}
-
-	/* Nope. */
-	min_size += BLOCK_MINFREE;
-#if defined(EAPI_MM)
-	blok = malloc_block((min_size > BLOCK_MINALLOC) ?
-	    min_size : BLOCK_MINALLOC, is_shm);
-#else
-	blok = malloc_block((min_size > BLOCK_MINALLOC) ?
-	    min_size : BLOCK_MINALLOC);
-#endif
-	return blok;
-}
-
-
-/* Accounting */
-static long
-bytes_in_block_list(union block_hdr *blok)
-{
-	long size = 0;
-
-	while (blok) {
-		size += blok->h.endp - (char *)(blok + 1);
-		blok = blok->h.next;
-	}
-
-	return size;
-}
-
-
-/*****************************************************************
- *
- * Pool internals and management...
- * NB that subprocesses are not handled by the generic cleanup code,
- * basically because we don't want cleanups for multiple subprocesses
- * to result in multiple three-second pauses.
- */
-
-struct process_chain;
-struct cleanup;
-
-static void run_cleanups(struct cleanup *);
-static void free_proc_chain(struct process_chain *);
-
-struct pool {
-	union block_hdr		*first;
-	union block_hdr		*last;
-	struct cleanup		*cleanups;
-	struct process_chain	*subprocesses;
-	struct pool		*sub_pools;
-	struct pool		*sub_next;
-	struct pool		*sub_prev;
-	struct pool		*parent;
-	char			*free_first_avail;
-#ifdef ALLOC_USE_MALLOC
-	void			*allocation_list;
-#endif
-#ifdef POOL_DEBUG
-	struct pool		*joined;
-#endif
-#if defined(EAPI_MM)
-	int			 is_shm;
-#endif
-};
-
-static pool *permanent_pool;
-
-/* Each pool structure is allocated in the start of its own first block,
- * so we need to know how many bytes that is (once properly aligned...).
- * This also means that when a pool's sub-pool is destroyed, the storage
- * associated with it is *completely* gone, so we have to make sure it
- * gets taken off the parent's sub-pool list...
- */
-
-#define POOL_HDR_CLICKS (1 + ((sizeof(struct pool) - 1) / CLICK_SZ))
-#define POOL_HDR_BYTES (POOL_HDR_CLICKS * CLICK_SZ)
-
-#if defined(EAPI_MM)
-static struct pool
-*make_sub_pool_internal(struct pool *p, int is_shm)
-#else
-API_EXPORT(struct pool *)
-ap_make_sub_pool(struct pool *p)
-#endif
-{
-	union block_hdr *blok;
-	pool *new_pool;
-
-	ap_block_alarms();
-
-#if defined(EAPI_MM)
-	if (is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void) ap_acquire_mutex(alloc_mutex);
-
-#if defined(EAPI_MM)
-	blok = new_block(POOL_HDR_BYTES, is_shm);
-#else
-	blok = new_block(POOL_HDR_BYTES);
-#endif
-	new_pool = (pool *)blok->h.first_avail;
-	blok->h.first_avail += POOL_HDR_BYTES;
-#ifdef POOL_DEBUG
-	blok->h.owning_pool = new_pool;
-#endif
-
-	memset((char *)new_pool, '\0', sizeof(struct pool));
-	new_pool->free_first_avail = blok->h.first_avail;
-	new_pool->first = new_pool->last = blok;
-
-	if (p) {
-		new_pool->parent = p;
-		new_pool->sub_next = p->sub_pools;
-		if (new_pool->sub_next)
-			new_pool->sub_next->sub_prev = new_pool;
-		p->sub_pools = new_pool;
-	}
-
-#if defined(EAPI_MM)
-	new_pool->is_shm = is_shm;
-#endif
-
-	(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-	ap_unblock_alarms();
-
-	return new_pool;
-}
-
-#if defined(EAPI_MM)
-API_EXPORT(struct pool *)
-ap_make_sub_pool(struct pool *p)
-{
-	return make_sub_pool_internal(p, 0);
-}
-API_EXPORT(struct pool *)
-ap_make_shared_sub_pool(struct pool *p)
-{
-	return make_sub_pool_internal(p, 1);
-}
-#else
-API_EXPORT(struct pool *)
-ap_make_shared_sub_pool(struct pool *p)
-{
-	return NULL;
-}
-#endif
-
-#ifdef POOL_DEBUG
-static void
-stack_var_init(char *s)
-{
-	char t;
-
-	if (s < &t)
-		stack_direction = 1; /* stack grows up */
-	else
-		stack_direction = -1; /* stack grows down */
-}
-#endif
-
-int
-ap_shared_pool_possible(void)
-{
-	return ap_mm_useable();
-}
-
-API_EXPORT(pool *)
-ap_init_alloc(void)
-{
-#ifdef POOL_DEBUG
-	char s;
-
-	known_stack_point = &s;
-	stack_var_init(&s);
-#endif
-	alloc_mutex = ap_create_mutex(NULL);
-	spawn_mutex = ap_create_mutex(NULL);
-	permanent_pool = ap_make_sub_pool(NULL);
-	return permanent_pool;
-}
-
-void
-ap_init_alloc_shared(int early)
-{
-#if defined(EAPI_MM)
-	int mm_size;
-	char *mm_path;
-	char *err1, *err2;
-
-	if (early) {
-		/* process very early on startup */
-		mm_size = ap_mm_maxsize();
-		if (mm_size > EAPI_MM_CORE_MAXSIZE)
-			mm_size = EAPI_MM_CORE_MAXSIZE;
-		mm_path = ap_server_root_relative(permanent_pool, 
-		ap_psprintf(permanent_pool, "%s.%ld", 
-		EAPI_MM_CORE_PATH, (long)getpid()));
-		if ((mm = ap_mm_create(mm_size, mm_path)) == NULL) {
-			fprintf(stderr, "Ouch! ap_mm_create(%d, \"%s\") "
-			    "failed\n", mm_size, mm_path);
-			err1 = ap_mm_error();
-			if (err1 == NULL)
-				err1 = "-unknown-";
-			err2 = strerror(errno);
-			if (err2 == NULL)
-				err2 = "-unknown-";
-			fprintf(stderr, "Error: MM: %s: OS: %s\n", err1, err2);
-			exit(1);
-		}
-	} else {
-		/* process a lot later on startup */
-		ap_mm_permission(mm, (S_IRUSR|S_IWUSR), ap_user_id, -1);
-	}
-#endif /* EAPI_MM */
-	return; 
-}
-
-void
-ap_kill_alloc_shared(void)
-{
-#if defined(EAPI_MM)
-	if (mm != NULL) {
-		ap_mm_destroy(mm);
-		mm = NULL;
-	}
-#endif /* EAPI_MM */
-	return;
-}
-
-void
-ap_cleanup_alloc(void)
-{
-	ap_destroy_mutex(alloc_mutex);
-	ap_destroy_mutex(spawn_mutex);
-}
-
-API_EXPORT(void)
-ap_clear_pool(struct pool *a)
-{
-	ap_block_alarms();
-
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void) ap_acquire_mutex(alloc_mutex);
-	while (a->sub_pools)
-		ap_destroy_pool(a->sub_pools);
-	(void) ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (a->is_shm)
-	(	void)ap_mm_unlock(mm);
-#endif
-	/* Don't hold the mutex during cleanups. */
-	run_cleanups(a->cleanups);
-	a->cleanups = NULL;
-	free_proc_chain(a->subprocesses);
-	a->subprocesses = NULL;
-	free_blocks(a->first->h.next);
-	a->first->h.next = NULL;
-
-	a->last = a->first;
-	a->first->h.first_avail = a->free_first_avail;
-	debug_fill(a->first->h.first_avail,
-	a->first->h.endp - a->first->h.first_avail);
-
-#ifdef ALLOC_USE_MALLOC
-	{
-		void *c, *n;
-
-		for (c = a->allocation_list; c; c = n) {
-			n = *(void **)c;
-			free(c);
-		}
-		a->allocation_list = NULL;
-	}
-#endif
-
-	ap_unblock_alarms();
-}
-
-API_EXPORT(void)
-ap_destroy_pool(pool *a)
-{
-	ap_block_alarms();
-	ap_clear_pool(a);
-
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void)ap_acquire_mutex(alloc_mutex);
-	if (a->parent) {
-		if (a->parent->sub_pools == a)
-			a->parent->sub_pools = a->sub_next;
-		if (a->sub_prev)
-			a->sub_prev->sub_next = a->sub_next;
-		if (a->sub_next)
-			a->sub_next->sub_prev = a->sub_prev;
-	}
-	(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-
-	free_blocks(a->first);
-	ap_unblock_alarms();
-}
-
-API_EXPORT(long)
-ap_bytes_in_pool(pool *p)
-{
-	return bytes_in_block_list(p->first);
-}
-API_EXPORT(long)
-ap_bytes_in_free_blocks(void)
-{
-	return bytes_in_block_list(block_freelist);
-}
-
-API_EXPORT(int)
-ap_acquire_pool(pool *p, ap_pool_lock_mode mode)
-{
-#if defined(EAPI_MM)
-	if (!p->is_shm)
-		return 1;
-	return ap_mm_lock(mm, mode == AP_POOL_RD ?
-	    AP_MM_LOCK_RD : AP_MM_LOCK_RW);
-#else
-	return 1;
-#endif
-}
-
-API_EXPORT(int)
-ap_release_pool(pool *p)
-{
-#if defined(EAPI_MM)
-	if (!p->is_shm)
-		return 1;
-	return ap_mm_unlock(mm);
-#else
-	return 1;
-#endif
-}
-
-/*****************************************************************
- * POOL_DEBUG support
- */
-#ifdef POOL_DEBUG
-
-/* the unix linker defines this symbol as the last byte + 1 of
- * the executable... so it includes TEXT, BSS, and DATA
- */
-extern char _end;
-
-/* is ptr in the range [lo,hi) */
-#define is_ptr_in_range(ptr, lo, hi)	\
-    (((unsigned long)(ptr) - (unsigned long)(lo)) \
-	< \
-	(unsigned long)(hi) - (unsigned long)(lo))
-
-/* Find the pool that ts belongs to, return NULL if it doesn't
- * belong to any pool.
- */
-API_EXPORT(pool *)
-ap_find_pool(const void *ts)
-{
-	const char *s = ts;
-	union block_hdr **pb;
-	union block_hdr *b;
-
-	/* short-circuit stuff which is in TEXT, BSS, or DATA */
-	if (is_ptr_in_range(s, 0, &_end))
-		return NULL;
-
-	/* consider stuff on the stack to also be in the NULL pool...
-	* XXX: there's cases where we don't want to assume this
-	*/
-	if ((stack_direction == -1 &&
-	    is_ptr_in_range(s, &ts, known_stack_point))
-	    || (stack_direction == 1 &&
-	    is_ptr_in_range(s, known_stack_point, &ts))) {
-		abort();
-		return NULL;
-	}
-	ap_block_alarms();
-	/* search the global_block_list */
-	for (pb = &global_block_list; *pb; pb = &b->h.global_next) {
-		b = *pb;
-		if (is_ptr_in_range(s, b, b->h.endp)) {
-			if (b->h.owning_pool == FREE_POOL) {
-				fprintf(stderr,
-				    "Ouch!  find_pool() called on pointer in "
-				    "a free block\n");
-				abort();
-				exit(1);
-			}
-			if (b != global_block_list) {
-				/* 
-				 * promote b to front of list, this is a
-				 * hack to speed up the lookup
-				 */
-				*pb = b->h.global_next;
-				b->h.global_next = global_block_list;
-				global_block_list = b;
-			}
-			ap_unblock_alarms();
-			return b->h.owning_pool;
-		}
-	}
-	ap_unblock_alarms();
-	return NULL;
-}
-
-/* return TRUE iff a is an ancestor of b
- * NULL is considered an ancestor of all pools
- */
-API_EXPORT(int)
-ap_pool_is_ancestor(pool *a, pool *b)
-{
-	if (a == NULL)
-		return 1;
-
-	while (a->joined)
-		a = a->joined;
-
-	while (b) {
-		if (a == b)
-			return 1;
-		b = b->parent;
-	}
-	return 0;
-}
-
-/* All blocks belonging to sub will be changed to point to p
- * instead.  This is a guarantee by the caller that sub will not
- * be destroyed before p is.
- */
-API_EXPORT(void)
-ap_pool_join(pool *p, pool *sub)
-{
-	union block_hdr *b;
-
-	/* We could handle more general cases... but this is it for now. */
-	if (sub->parent != p) {
-		fprintf(stderr, "pool_join: p is not parent of sub\n");
-		abort();
-	}
-	ap_block_alarms();
-	while (p->joined)
-		p = p->joined;
-
-	sub->joined = p;
-	for (b = global_block_list; b; b = b->h.global_next) {
-		if (b->h.owning_pool == sub)
-			b->h.owning_pool = p;
-	}
-	ap_unblock_alarms();
-}
-#endif
-
-/*****************************************************************
- *
- * Allocating stuff...
- */
-
-
-API_EXPORT(void *)
-ap_palloc(struct pool *a, int reqsize)
-{
-#ifdef ALLOC_USE_MALLOC
-	int size = reqsize + CLICK_SZ;
-	void *ptr;
-
-	ap_block_alarms();
-	ptr = malloc(size);
-	if (ptr == NULL) {
-		fputs("Ouch!  Out of memory!\n", stderr);
-		exit(1);
-	}
-	debug_fill(ptr, size); /* might as well get uninitialized protection */
-	*(void **)ptr = a->allocation_list;
-	a->allocation_list = ptr;
-	ap_unblock_alarms();
-	return (char *)ptr + CLICK_SZ;
-#else
-
-	/*
-	 * Round up requested size to an even number of alignment units
-	 * (core clicks)
-	 */
-	int nclicks = 1 + ((reqsize - 1) / CLICK_SZ);
-	int size = nclicks * CLICK_SZ;
-
-	/*
-	 * First, see if we have space in the block most recently
-	 * allocated to this pool
-	 */
-	union block_hdr *blok = a->last;
-	char *first_avail = blok->h.first_avail;
-	char *new_first_avail;
-
-	if (reqsize <= 0)
-		return NULL;
-
-	new_first_avail = first_avail + size;
-
-	if (new_first_avail <= blok->h.endp) {
-		debug_verify_filled(first_avail, blok->h.endp,
-		    "Ouch!  Someone trounced past the end of their "
-		    "allocation!\n");
-		blok->h.first_avail = new_first_avail;
-		return (void *)first_avail;
-	}
-
-	/* Nope --- get a new one that's guaranteed to be big enough */
-	ap_block_alarms();
-
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void) ap_acquire_mutex(alloc_mutex);
-
-#if defined(EAPI_MM)
-	blok = new_block(size, a->is_shm);
-#else
-	blok = new_block(size);
-#endif
-	a->last->h.next = blok;
-	a->last = blok;
-#ifdef POOL_DEBUG
-	blok->h.owning_pool = a;
-#endif
-#if defined(EAPI_MM)
-	blok->h.is_shm = a->is_shm;
-#endif
-
-	(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (a->is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-
-	ap_unblock_alarms();
-
-	first_avail = blok->h.first_avail;
-	blok->h.first_avail += size;
-
-	return (void *)first_avail;
-#endif
-}
-
-API_EXPORT(void *)
-ap_pcalloc(struct pool *a, int size)
-{
-	void *res = ap_palloc(a, size);
-	memset(res, '\0', size);
-	return res;
-}
-
-API_EXPORT(char *)
-ap_pstrdup(struct pool *a, const char *s)
-{
-	char *res;
-	size_t len;
-
-	if (s == NULL)
-		return NULL;
-	len = strlen(s) + 1;
-	res = ap_palloc(a, len);
-	memcpy(res, s, len);
-	return res;
-}
-
-API_EXPORT(char *)
-ap_pstrndup(struct pool *a, const char *s, int n)
-{
-	char *res;
-
-	if (s == NULL)
-		return NULL;
-	res = ap_palloc(a, n + 1);
-	memcpy(res, s, n);
-	res[n] = '\0';
-	return res;
-}
-
-API_EXPORT_NONSTD(char *) ap_pstrcat(pool *a,...)
-{
-	char *cp, *argp, *res;
-
-	/* Pass one --- find length of required string */
-	int len = 0;
-	va_list adummy;
-
-	va_start(adummy, a);
-
-	while ((cp = va_arg(adummy, char *)) != NULL)
-		len += strlen(cp);
-
-	va_end(adummy);
-
-	/* Allocate the required string */
-	res = (char *) ap_palloc(a, len + 1);
-	cp = res;
-	*cp = '\0';
-
-	/* Pass two --- copy the argument strings into the result space */
-	va_start(adummy, a);
-
-	while ((argp = va_arg(adummy, char *)) != NULL) {
-		strlcpy(cp, argp, len + 1);
-		cp += strlen(argp);
-	}
-
-	va_end(adummy);
-
-	/* Return the result string */
-	return res;
-}
-
-/* ap_psprintf is implemented by writing directly into the current
- * block of the pool, starting right at first_avail.  If there's
- * insufficient room, then a new block is allocated and the earlier
- * output is copied over.  The new block isn't linked into the pool
- * until all the output is done.
- *
- * Note that this is completely safe because nothing else can
- * allocate in this pool while ap_psprintf is running.  alarms are
- * blocked, and the only thing outside of alloc.c that's invoked
- * is ap_vformatter -- which was purposefully written to be
- * self-contained with no callouts.
- */
-
-struct psprintf_data {
-	ap_vformatter_buff	 vbuff;
-#ifdef ALLOC_USE_MALLOC
-	char			*base;
-#else
-	union block_hdr		*blok;
-	int			 got_a_new_block;
-#endif
-};
-
-#define AP_PSPRINTF_MIN_SIZE 32  /* Minimum size of allowable avail block */
-
-static int
-psprintf_flush(ap_vformatter_buff *vbuff)
-{
-	struct psprintf_data *ps = (struct psprintf_data *)vbuff;
-#ifdef ALLOC_USE_MALLOC
-	int cur_len, size;
-	char *ptr;
-
-	cur_len = (char *)ps->vbuff.curpos - ps->base;
-	size = cur_len << 1;
-	if (size < AP_PSPRINTF_MIN_SIZE)
-		size = AP_PSPRINTF_MIN_SIZE;
-#if defined(EAPI_MM)
-	if (ps->block->h.is_shm)
-		ptr = ap_mm_realloc(ps->base, size);
-	else
-#endif
-	ptr = realloc(ps->base, size);
-	if (ptr == NULL) {
-		fputs("Ouch!  Out of memory!\n", stderr);
-		exit(1);
-	}
-	ps->base = ptr;
-	ps->vbuff.curpos = ptr + cur_len;
-	ps->vbuff.endpos = ptr + size - 1;
-	return 0;
-#else
-	union block_hdr *blok;
-	union block_hdr *nblok;
-	size_t cur_len, size;
-	char *strp;
-
-	blok = ps->blok;
-	strp = ps->vbuff.curpos;
-	cur_len = strp - blok->h.first_avail;
-	size = cur_len << 1;
-	if (size < AP_PSPRINTF_MIN_SIZE)
-		size = AP_PSPRINTF_MIN_SIZE;
-
-	/* must try another blok */
-#if defined(EAPI_MM)
-	if (blok->h.is_shm)
-		(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-	(void)ap_acquire_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	nblok = new_block(size, blok->h.is_shm);
-#else
-	nblok = new_block(size);
-#endif
-	(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-	if (blok->h.is_shm)
-		(void)ap_mm_unlock(mm);
-#endif
-	memcpy(nblok->h.first_avail, blok->h.first_avail, cur_len);
-	ps->vbuff.curpos = nblok->h.first_avail + cur_len;
-	/* save a byte for the NUL terminator */
-	ps->vbuff.endpos = nblok->h.endp - 1;
-
-	/* did we allocate the current blok? if so free it up */
-	if (ps->got_a_new_block) {
-		debug_fill(blok->h.first_avail,
-		    blok->h.endp - blok->h.first_avail);
-#if defined(EAPI_MM)
-		if (blok->h.is_shm)
-			(void)ap_mm_lock(mm, AP_MM_LOCK_RW);
-#endif
-		(void)ap_acquire_mutex(alloc_mutex);
-		blok->h.next = block_freelist;
-		block_freelist = blok;
-		(void)ap_release_mutex(alloc_mutex);
-#if defined(EAPI_MM)
-		if (blok->h.is_shm)
-			(void)ap_mm_unlock(mm);
-#endif
-	}
-	ps->blok = nblok;
-	ps->got_a_new_block = 1;
-	/*
-	 * note that we've deliberately not linked the new block onto
-	 * the pool yet... because we may need to flush again later, and
-	 * we'd have to spend more effort trying to unlink the block.
-	 */
-	return 0;
-#endif
-}
-
-API_EXPORT(char *)
-ap_pvsprintf(pool *p, const char *fmt, va_list ap)
-{
-#ifdef ALLOC_USE_MALLOC
-	struct psprintf_data ps;
-	void *ptr;
-
-	ap_block_alarms();
-#if defined(EAPI_MM)
-	if (p->is_shm)
-		ps.base = ap_mm_malloc(mm, 512);
-	else
-#endif
-	ps.base = malloc(512);
-	if (ps.base == NULL) {
-		fputs("Ouch!  Out of memory!\n", stderr);
-		exit(1);
-	}
-	/* need room at beginning for allocation_list */
-	ps.vbuff.curpos = ps.base + CLICK_SZ;
-	ps.vbuff.endpos = ps.base + 511;
-	ap_vformatter(psprintf_flush, &ps.vbuff, fmt, ap);
-	*ps.vbuff.curpos++ = '\0';
-	ptr = ps.base;
-	/* shrink */
-#if defined(EAPI_MM)
-	if (p->is_shm)
-		ptr = ap_mm_realloc(ptr, (char *)ps.vbuff.curpos - (char *)ptr);
-	else
-#endif
-	ptr = realloc(ptr, (char *)ps.vbuff.curpos - (char *)ptr);
-	if (ptr == NULL) {
-		fputs("Ouch!  Out of memory!\n", stderr);
-		exit(1);
-	}
-	*(void **)ptr = p->allocation_list;
-	p->allocation_list = ptr;
-	ap_unblock_alarms();
-	return (char *)ptr + CLICK_SZ;
-#else
-	struct psprintf_data ps;
-	char *strp;
-	int size;
-
-	ap_block_alarms();
-	ps.blok = p->last;
-	ps.vbuff.curpos = ps.blok->h.first_avail;
-	ps.vbuff.endpos = ps.blok->h.endp - 1;	/* save one for NUL */
-	ps.got_a_new_block = 0;
-
-	if (ps.blok->h.first_avail == ps.blok->h.endp)
-		psprintf_flush(&ps.vbuff);	/* ensure room for NUL */
-	ap_vformatter(psprintf_flush, &ps.vbuff, fmt, ap);
-
-	strp = ps.vbuff.curpos;
-	*strp++ = '\0';
-
-	size = strp - ps.blok->h.first_avail;
-	size = (1 + ((size - 1) / CLICK_SZ)) * CLICK_SZ;
-	strp = ps.blok->h.first_avail;	/* save away result pointer */
-	ps.blok->h.first_avail += size;
-
-	/* have to link the block in if it's a new one */
-	if (ps.got_a_new_block) {
-		p->last->h.next = ps.blok;
-		p->last = ps.blok;
-#ifdef POOL_DEBUG
-		ps.blok->h.owning_pool = p;
-#endif
-	}
-	ap_unblock_alarms();
-
-	return strp;
-#endif
-}
-
-API_EXPORT_NONSTD(char *)
-ap_psprintf(pool *p, const char *fmt, ...)
-{
-	va_list ap;
-	char *res;
-
-	va_start(ap, fmt);
-	res = ap_pvsprintf(p, fmt, ap);
-	va_end(ap);
-	return res;
-}
-
-/*****************************************************************
- *
- * The 'array' functions...
- */
-
-static void
-make_array_core(array_header *res, pool *p, int nelts, int elt_size)
-{
-	if (nelts < 1)
-		nelts = 1;	/* Assure sanity if someone asks for
-				 * array of zero elts.
-				 */
-
-	res->elts = ap_pcalloc(p, nelts * elt_size);
-
-	res->pool = p;
-	res->elt_size = elt_size;
-	res->nelts = 0;		/* No active elements yet... */
-	res->nalloc = nelts;	/* ...but this many allocated */
-}
-
-API_EXPORT(array_header *)
-ap_make_array(pool *p, int nelts, int elt_size)
-{
-	array_header *res = (array_header *)ap_palloc(p, sizeof(array_header));
-
-	make_array_core(res, p, nelts, elt_size);
-	return res;
-}
-
-API_EXPORT(void *)
-ap_push_array(array_header *arr)
-{
-	if (arr->nelts == arr->nalloc) {
-		int new_size = (arr->nalloc <= 0) ? 1 : arr->nalloc * 2;
-		char *new_data;
-
-		new_data = ap_pcalloc(arr->pool, arr->elt_size * new_size);
-
-		memcpy(new_data, arr->elts, arr->nalloc * arr->elt_size);
-		arr->elts = new_data;
-		arr->nalloc = new_size;
-	}
-
-	++arr->nelts;
-	return arr->elts + (arr->elt_size * (arr->nelts - 1));
-}
-
-API_EXPORT(void)
-ap_array_cat(array_header *dst, const array_header *src)
-{
-	int elt_size = dst->elt_size;
-
-	if (dst->nelts + src->nelts > dst->nalloc) {
-		int new_size = (dst->nalloc <= 0) ? 1 : dst->nalloc * 2;
-		char *new_data;
-
-		while (dst->nelts + src->nelts > new_size)
-			new_size *= 2;
-
-		new_data = ap_pcalloc(dst->pool, elt_size * new_size);
-		memcpy(new_data, dst->elts, dst->nalloc * elt_size);
-
-		dst->elts = new_data;
-		dst->nalloc = new_size;
-	}
-
-	memcpy(dst->elts + dst->nelts * elt_size, src->elts,
-	    elt_size * src->nelts);
-	dst->nelts += src->nelts;
-}
-
-API_EXPORT(array_header *)
-ap_copy_array(pool *p, const array_header *arr)
-{
-	array_header *res = ap_make_array(p, arr->nalloc, arr->elt_size);
-
-	memcpy(res->elts, arr->elts, arr->elt_size * arr->nelts);
-	res->nelts = arr->nelts;
-	return res;
-}
-
-/* This cute function copies the array header *only*, but arranges
- * for the data section to be copied on the first push or arraycat.
- * It's useful when the elements of the array being copied are
- * read only, but new stuff *might* get added on the end; we have the
- * overhead of the full copy only where it is really needed.
- */
-
-static ap_inline void
-copy_array_hdr_core(array_header *res, const array_header *arr)
-{
-	res->elts = arr->elts;
-	res->elt_size = arr->elt_size;
-	res->nelts = arr->nelts;
-	res->nalloc = arr->nelts;	/* Force overflow on push */
-}
-
-API_EXPORT(array_header *)
-ap_copy_array_hdr(pool *p, const array_header *arr)
-{
-	array_header *res = (array_header *) ap_palloc(p, sizeof(array_header));
-
-	res->pool = p;
-	copy_array_hdr_core(res, arr);
-	return res;
-}
-
-/* The above is used here to avoid consing multiple new array bodies... */
-
-API_EXPORT(array_header *)
-ap_append_arrays(pool *p, const array_header *first, const array_header *second)
-{
-	array_header *res = ap_copy_array_hdr(p, first);
-
-	ap_array_cat(res, second);
-	return res;
-}
-
-/* ap_array_pstrcat generates a new string from the pool containing
- * the concatenated sequence of substrings referenced as elements within
- * the array.  The string will be empty if all substrings are empty or null,
- * or if there are no elements in the array.
- * If sep is non-NUL, it will be inserted between elements as a separator.
- */
-API_EXPORT(char *)
-ap_array_pstrcat(pool *p, const array_header *arr, const char sep)
-{
-	char *cp, *res, **strpp;
-	int i, len;
-
-	if (arr->nelts <= 0 || arr->elts == NULL)      /* Empty table? */
-		return (char *)ap_pcalloc(p, 1);
-
-	/* Pass one --- find length of required string */
-	len = 0;
-	for (i = 0, strpp = (char **)arr->elts; ; ++strpp) {
-		if (strpp && *strpp != NULL)
-			len += strlen(*strpp);
-
-		if (++i >= arr->nelts)
-			break;
-		if (sep)
-			++len;
-	}
-
-	/* Allocate the required string */
-	res = (char *)ap_palloc(p, len + 1);
-	cp = res;
-
-	/* Pass two --- copy the argument strings into the result space */
-	for (i = 0, strpp = (char **)arr->elts; ; ++strpp) {
-		if (strpp && *strpp != NULL) {
-			len = strlen(*strpp);
-			memcpy(cp, *strpp, len);
-			cp += len;
-		}
-		if (++i >= arr->nelts)
-			break;
-		if (sep)
-			*cp++ = sep;
-	}
-
-	*cp = '\0';
-
-	/* Return the result string */
-	return res;
-}
-
-
-/*****************************************************************
- *
- * The "table" functions.
- */
-
-/* XXX: if you tweak this you should look at is_empty_table() and table_elts()
- * in ap_alloc.h */
-struct table {
-	/* This has to be first to promote backwards compatibility with
-	 * older modules which cast a table * to an array_header *...
-	 * they should use the table_elts() function for most of the
-	 * cases they do this for.
-	 */
-	array_header	 a;
-#ifdef MAKE_TABLE_PROFILE
-	void		*creator;
-#endif
-};
-
-#ifdef MAKE_TABLE_PROFILE
-static table_entry
-*table_push(table *t)
-{
-	if (t->a.nelts == t->a.nalloc) {
-		fprintf(stderr,
-		    "table_push: table created by %p hit limit of %u\n",
-		    t->creator, t->a.nalloc);
-	}
-	return (table_entry *)ap_push_array(&t->a);
-}
-#else
-#define table_push(t)	((table_entry *)ap_push_array(&(t)->a))
-#endif
-
-API_EXPORT(table *)
-ap_make_table(pool *p, int nelts)
-{
-	table *t = ap_palloc(p, sizeof(table));
-
-	make_array_core(&t->a, p, nelts, sizeof(table_entry));
-#ifdef MAKE_TABLE_PROFILE
-	t->creator = __builtin_return_address(0);
-#endif
-	return t;
-}
-
-API_EXPORT(table *)
-ap_copy_table(pool *p, const table *t)
-{
-	table *new = ap_palloc(p, sizeof(table));
-
-#ifdef POOL_DEBUG
-	/* we don't copy keys and values, so it's necessary that t->a.pool
-	 * have a life span at least as long as p
-	 */
-	if (!ap_pool_is_ancestor(t->a.pool, p)) {
-		fprintf(stderr, "copy_table: t's pool is not an "
-		    "ancestor of p\n");
-		abort();
-	}
-#endif
-	make_array_core(&new->a, p, t->a.nalloc, sizeof(table_entry));
-	memcpy(new->a.elts, t->a.elts, t->a.nelts * sizeof(table_entry));
-	new->a.nelts = t->a.nelts;
-	return new;
-}
-
-API_EXPORT(void)
-ap_clear_table(table *t)
-{
-	t->a.nelts = 0;
-}
-
-API_EXPORT(const char *)
-ap_table_get(const table *t, const char *key)
-{
-	table_entry *elts = (table_entry *) t->a.elts;
-	int i;
-
-	if (key == NULL)
-		return NULL;
-
-	for (i = 0; i < t->a.nelts; ++i)
-		if (!strcasecmp(elts[i].key, key))
-			return elts[i].val;
-
-	return NULL;
-}
-
-API_EXPORT(void)
-ap_table_set(table *t, const char *key, const char *val)
-{
-	int i, j, k;
-	table_entry *elts = (table_entry *) t->a.elts;
-	int done = 0;
-
-	for (i = 0; i < t->a.nelts; ) {
-		if (!strcasecmp(elts[i].key, key)) {
-			if (!done) {
-				elts[i].val = ap_pstrdup(t->a.pool, val);
-				done = 1;
-				++i;
-			} else {	/* delete an extraneous element */
-				for (j = i, k = i + 1; k < t->a.nelts;
-				    ++j, ++k) {
-					elts[j].key = elts[k].key;
-					elts[j].val = elts[k].val;
-				}
-				--t->a.nelts;
-			}
-		} else
-			++i;
-	}
-
-	if (!done) {
-		elts = (table_entry *)table_push(t);
-		elts->key = ap_pstrdup(t->a.pool, key);
-		elts->val = ap_pstrdup(t->a.pool, val);
-	}
-}
-
-API_EXPORT(void)
-ap_table_setn(table *t, const char *key, const char *val)
-{
-	int i, j, k;
-	table_entry *elts = (table_entry *) t->a.elts;
-	int done = 0;
-
-#ifdef POOL_DEBUG
-	if (!ap_pool_is_ancestor(ap_find_pool(key), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-	if (!ap_pool_is_ancestor(ap_find_pool(val), t->a.pool)) {
-		fprintf(stderr, "table_set: val not in ancestor pool of t\n");
-		abort();
-	}
-#endif
-
-	for (i = 0; i < t->a.nelts; ) {
-		if (!strcasecmp(elts[i].key, key)) {
-			if (!done) {
-				elts[i].val = (char *)val;
-				done = 1;
-				++i;
-			} else {	/* delete an extraneous element */
-				for (j = i, k = i + 1; k < t->a.nelts;
-				    ++j, ++k) {
-					elts[j].key = elts[k].key;
-					elts[j].val = elts[k].val;
-				}
-				--t->a.nelts;
-			}
-		} else
-			++i;
-	}
-
-	if (!done) {
-		elts = (table_entry *)table_push(t);
-		elts->key = (char *)key;
-		elts->val = (char *)val;
-	}
-}
-
-API_EXPORT(void)
-ap_table_unset(table *t, const char *key)
-{
-	int i, j, k;
-	table_entry *elts = (table_entry *) t->a.elts;
-
-	for (i = 0; i < t->a.nelts;) {
-		if (!strcasecmp(elts[i].key, key)) {
-
-                        /* found an element to skip over there are any
-			 * number of ways to remove an element from a
-			 * contiguous block of memory.  I've chosen one
-			 * that doesn't do a memcpy/bcopy/array_delete,
-			 * *shrug*...
-                         */
-			for (j = i, k = i + 1; k < t->a.nelts; ++j, ++k) {
-				elts[j].key = elts[k].key;
-				elts[j].val = elts[k].val;
-			}
-			--t->a.nelts;
-		} else
-			++i;
-	}
-}
-
-API_EXPORT(void)
-ap_table_merge(table *t, const char *key, const char *val)
-{
-	table_entry *elts = (table_entry *) t->a.elts;
-	int i;
-
-	for (i = 0; i < t->a.nelts; ++i)
-		if (!strcasecmp(elts[i].key, key)) {
-			elts[i].val = ap_pstrcat(t->a.pool, elts[i].val,
-			    ", ", val, NULL);
-			return;
-		}
-
-	elts = (table_entry *)table_push(t);
-	elts->key = ap_pstrdup(t->a.pool, key);
-	elts->val = ap_pstrdup(t->a.pool, val);
-}
-
-API_EXPORT(void)
-ap_table_mergen(table *t, const char *key, const char *val)
-{
-	table_entry *elts = (table_entry *)t->a.elts;
-	int i;
-
-#ifdef POOL_DEBUG
-	if (!ap_pool_is_ancestor(ap_find_pool(key), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-	if (!ap_pool_is_ancestor(ap_find_pool(val), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-#endif
-
-	for (i = 0; i < t->a.nelts; ++i) {
-		if (!strcasecmp(elts[i].key, key)) {
-			elts[i].val = ap_pstrcat(t->a.pool, elts[i].val,
-			    ", ", val, NULL);
-			return;
-		}
-	}
-
-	elts = (table_entry *)table_push(t);
-	elts->key = (char *)key;
-	elts->val = (char *)val;
-}
-
-API_EXPORT(void)
-ap_table_add(table *t, const char *key, const char *val)
-{
-	table_entry *elts = (table_entry *)t->a.elts;
-
-	elts = (table_entry *)table_push(t);
-	elts->key = ap_pstrdup(t->a.pool, key);
-	elts->val = ap_pstrdup(t->a.pool, val);
-}
-
-API_EXPORT(void)
-ap_table_addn(table *t, const char *key, const char *val)
-{
-	table_entry *elts = (table_entry *) t->a.elts;
-
-#ifdef POOL_DEBUG
-	if (!ap_pool_is_ancestor(ap_find_pool(key), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-	if (!ap_pool_is_ancestor(ap_find_pool(val), t->a.pool)) {
-		fprintf(stderr, "table_set: key not in ancestor pool of t\n");
-		abort();
-	}
-#endif
-
-	elts = (table_entry *)table_push(t);
-	elts->key = (char *)key;
-	elts->val = (char *)val;
-}
-
-API_EXPORT(table *)
-ap_overlay_tables(pool *p, const table *overlay, const table *base)
-{
-	table *res;
-
-#ifdef POOL_DEBUG
-	/* we don't copy keys and values, so it's necessary that
-	 * overlay->a.pool and base->a.pool have a life span at least
-	 * as long as p
-	 */
-	if (!ap_pool_is_ancestor(overlay->a.pool, p)) {
-		fprintf(stderr, "overlay_tables: overlay's pool is not an "
-		    "ancestor of p\n");
-		abort();
-	}
-	if (!ap_pool_is_ancestor(base->a.pool, p)) {
-		fprintf(stderr, "overlay_tables: base's pool is not an "
-		    "ancestor of p\n");
-		abort();
-	}
-#endif
-
-	res = ap_palloc(p, sizeof(table));
-	/* behave like append_arrays */
-	res->a.pool = p;
-	copy_array_hdr_core(&res->a, &overlay->a);
-	ap_array_cat(&res->a, &base->a);
-
-	return res;
-}
-
-/* And now for something completely abstract ...
-
- * For each key value given as a vararg:
- *   run the function pointed to as
- *     int comp(void *r, char *key, char *value);
- *   on each valid key-value pair in the table t that matches the vararg key,
- *   or once for every valid key-value pair if the vararg list is empty,
- *   until the function returns false (0) or we finish the table.
- *
- * Note that we restart the traversal for each vararg, which means that
- * duplicate varargs will result in multiple executions of the function
- * for each matching key.  Note also that if the vararg list is empty,
- * only one traversal will be made and will cut short if comp returns 0.
- *
- * Note that the table_get and table_merge functions assume that each key in
- * the table is unique (i.e., no multiple entries with the same key).  This
- * function does not make that assumption, since it (unfortunately) isn't
- * true for some of Apache's tables.
- *
- * Note that rec is simply passed-on to the comp function, so that the
- * caller can pass additional info for the task.
- */
-API_EXPORT_NONSTD(void)
-ap_table_do(int (*comp)(void *, const char *, const char *), void *rec,
-    const table *t,...)
-{
-	va_list vp;
-	char *argp;
-	table_entry *elts = (table_entry *)t->a.elts;
-	int rv, i;
-
-	va_start(vp, t);
-
-	argp = va_arg(vp, char *);
-
-	do {
-		for (rv = 1, i = 0; rv && (i < t->a.nelts); ++i) {
-			if (elts[i].key && (!argp ||
-			    !strcasecmp(elts[i].key, argp)))
-				rv = (*comp) (rec, elts[i].key, elts[i].val);
-		}
-	} while (argp && ((argp = va_arg(vp, char *)) != NULL));
-
-	va_end(vp);
-}
-
-/* Curse libc and the fact that it doesn't guarantee a stable sort.  We
- * have to enforce stability ourselves by using the order field.  If it
- * provided a stable sort then we wouldn't even need temporary storage to
- * do the work below. -djg
- *
- * ("stable sort" means that equal keys retain their original relative
- * ordering in the output.)
- */
-typedef struct {
-	char	*key;
-	char	*val;
-	int	 order;
-} overlap_key;
-
-static int
-sort_overlap(const void *va, const void *vb)
-{
-	const overlap_key *a = va;
-	const overlap_key *b = vb;
-	int r;
-
-	r = strcasecmp(a->key, b->key);
-	if (r)
-		return r;
-	return a->order - b->order;
-}
-
-/* prefer to use the stack for temp storage for overlaps smaller than this */
-#ifndef AP_OVERLAP_TABLES_ON_STACK
-#define AP_OVERLAP_TABLES_ON_STACK	(512)
-#endif
-
-API_EXPORT(void)
-ap_overlap_tables(table *a, const table *b, unsigned flags)
-{
-	overlap_key cat_keys_buf[AP_OVERLAP_TABLES_ON_STACK];
-	overlap_key *cat_keys;
-	int nkeys;
-	table_entry *e;
-	table_entry *last_e;
-	overlap_key *left;
-	overlap_key *right;
-	overlap_key *last;
-
-	nkeys = a->a.nelts + b->a.nelts;
-	if (nkeys < AP_OVERLAP_TABLES_ON_STACK) {
-		cat_keys = cat_keys_buf;
-	} else {
-		/* XXX: could use scratch free space in a or b's pool instead...
-		* which could save an allocation in b's pool.
-		*/
-		cat_keys = ap_palloc(b->a.pool, sizeof(overlap_key) * nkeys);
-	}
-
-	nkeys = 0;
-
-	/* Create a list of the entries from a concatenated with the entries
-	* from b.
-	*/
-	e = (table_entry *)a->a.elts;
-	last_e = e + a->a.nelts;
-	while (e < last_e) {
-		cat_keys[nkeys].key = e->key;
-		cat_keys[nkeys].val = e->val;
-		cat_keys[nkeys].order = nkeys;
-		++nkeys;
-		++e;
-	}
-
-	e = (table_entry *)b->a.elts;
-	last_e = e + b->a.nelts;
-	while (e < last_e) {
-		cat_keys[nkeys].key = e->key;
-		cat_keys[nkeys].val = e->val;
-		cat_keys[nkeys].order = nkeys;
-		++nkeys;
-		++e;
-	}
-
-	qsort(cat_keys, nkeys, sizeof(overlap_key), sort_overlap);
-
-	/* Now iterate over the sorted list and rebuild a.
-	 * Start by making sure it has enough space.
-	 */
-	a->a.nelts = 0;
-	if (a->a.nalloc < nkeys) {
-		a->a.elts = ap_palloc(a->a.pool, a->a.elt_size * nkeys * 2);
-		a->a.nalloc = nkeys * 2;
-	}
-
-	/*
-	 * In both the merge and set cases we retain the invariant:
-	 *
-	 * left->key, (left+1)->key, (left+2)->key, ..., (right-1)->key
-	 * are all equal keys.  (i.e. strcasecmp returns 0)
-	 *
-	 * We essentially need to find the maximal
-	 * right for each key, then we can do a quick merge or set as
-	 * appropriate.
-	 */
-
-	if (flags & AP_OVERLAP_TABLES_MERGE) {
-		left = cat_keys;
-		last = left + nkeys;
-		while (left < last) {
-			right = left + 1;
-			if (right == last
-			    || strcasecmp(left->key, right->key)) {
-				ap_table_addn(a, left->key, left->val);
-				left = right;
-			} else {
-				char *strp;
-				char *value;
-				size_t len;
-
-				/* Have to merge some headers.  Let's re-use
-				 * the order field, since it's handy... we'll
-				 * store the length of val there.
-				 */
-				left->order = strlen(left->val);
-				len = left->order;
-				do {
-					right->order = strlen(right->val);
-					len += 2 + right->order;
-					++right;
-				} while (right < last
-				&& !strcasecmp(left->key, right->key));
-				/* right points one past the last header to
-				 * merge
-				 */
-				value = ap_palloc(a->a.pool, len + 1);
-				strp = value;
-				for (;;) {
-					memcpy(strp, left->val, left->order);
-					strp += left->order;
-					++left;
-					if (left == right) break;
-					*strp++ = ',';
-					*strp++ = ' ';
-				}
-				*strp = 0;
-				ap_table_addn(a, (left-1)->key, value);
-			}
-		}
-	} else {
-		left = cat_keys;
-		last = left + nkeys;
-		while (left < last) {
-			right = left + 1;
-			while (right < last
-			    && !strcasecmp(left->key, right->key)) {
-				++right;
-			}
-			ap_table_addn(a, (right-1)->key, (right-1)->val);
-			left = right;
-		}
-	}
-}
-
-/*****************************************************************
- *
- * Managing generic cleanups.  
- */
-
-struct cleanup {
-	void		*data;
-	void		(*plain_cleanup)(void *);
-	void		(*child_cleanup)(void *);
-	struct cleanup	*next;
-};
-
-API_EXPORT(void)
-ap_register_cleanup_ex(pool *p, void *data, void (*plain_cleanup)(void *),
-    void (*child_cleanup)(void *), int (*magic_cleanup)(void *))
-{
-	struct cleanup *c;
-	if (p) {
-		c = (struct cleanup *)ap_palloc(p, sizeof(struct cleanup));
-		c->data = data;
-		c->plain_cleanup = plain_cleanup;
-		c->child_cleanup = child_cleanup;
-		c->next = p->cleanups;
-		p->cleanups = c;
-	}
-	/* attempt to do magic even if not passed a pool. Allows us
-	 * to perform the magic, therefore, "whenever" we want/need */
-	if (magic_cleanup) {
-		if (!magic_cleanup(data)) 
-			ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-			    "exec() may not be safe");
-	}
-}
-
-API_EXPORT(void)
-ap_register_cleanup(pool *p, void *data, void (*plain_cleanup)(void *),
-    void (*child_cleanup)(void *))
-{
-	ap_register_cleanup_ex(p, data, plain_cleanup, child_cleanup, NULL);
-}
-
-API_EXPORT(void)
-ap_kill_cleanup(pool *p, void *data, void (*cleanup)(void *))
-{
-	struct cleanup *c = p->cleanups;
-	struct cleanup **lastp = &p->cleanups;
-
-	while (c) {
-		if (c->data == data && c->plain_cleanup == cleanup) {
-			*lastp = c->next;
-			break;
-		}
-
-		lastp = &c->next;
-		c = c->next;
-	}
-}
-
-API_EXPORT(void)
-ap_run_cleanup(pool *p, void *data, void (*cleanup)(void *))
-{
-	ap_block_alarms();		/* Run cleanup only once! */
-	(*cleanup)(data);
-	ap_kill_cleanup(p, data, cleanup);
-	ap_unblock_alarms();
-}
-
-static void
-run_cleanups(struct cleanup *c)
-{
-	while (c) {
-		(*c->plain_cleanup)(c->data);
-		c = c->next;
-	}
-}
-
-static void
-run_child_cleanups(struct cleanup *c)
-{
-	while (c) {
-		(*c->child_cleanup)(c->data);
-		c = c->next;
-	}
-}
-
-static void
-cleanup_pool_for_exec(pool *p)
-{
-	run_child_cleanups(p->cleanups);
-	p->cleanups = NULL;
-
-	for (p = p->sub_pools; p; p = p->sub_next)
-		cleanup_pool_for_exec(p);
-}
-
-API_EXPORT(void)
-ap_cleanup_for_exec(void)
-{
-	/*
-	 * Don't need to do anything on NT, NETWARE or OS/2, because I
-	 * am actually going to spawn the new process - not
-	 * exec it. All handles that are not inheritable, will
-	 * be automajically closed. The only problem is with
-	 * file handles that are open, but there isn't much
-	 * I can do about that (except if the child decides
-	 * to go out and close them
-	 */
-	ap_block_alarms();
-	cleanup_pool_for_exec(permanent_pool);
-	ap_unblock_alarms();
-}
-
-API_EXPORT_NONSTD(void)
-ap_null_cleanup(void *data)
-{
-	/* do nothing cleanup routine */
-}
-
-/*****************************************************************
- *
- * Files and file descriptors; these are just an application of the
- * generic cleanup interface.
- */
-
-int
-ap_close_fd_on_exec(int fd)
-{
-	/* Protect the fd so that it will not be inherited by child processes */
-	if(fcntl(fd, F_SETFD, FD_CLOEXEC) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_ERR, NULL,
-		    "fcntl(%d, F_SETFD, FD_CLOEXEC) failed", fd);
-		return 0;
-	}
-
-	return 1;
-}
-
-static void
-fd_cleanup(void *fdv)
-{
-	close((int)(long)fdv);
-}
-
-static int
-fd_magic_cleanup(void *fdv)
-{
-	return ap_close_fd_on_exec((int)(long)fdv);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_fd_ex(pool *p, int fd, int domagic)
-{
-	ap_register_cleanup_ex(p, (void *)(long)fd, fd_cleanup, fd_cleanup,
-	    domagic ? fd_magic_cleanup : NULL);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_fd(pool *p, int fd)
-{
-	ap_note_cleanups_for_fd_ex(p, fd, 0);
-}
-
-API_EXPORT(void)
-ap_kill_cleanups_for_fd(pool *p, int fd)
-{
-	ap_kill_cleanup(p, (void *)(long)fd, fd_cleanup);
-}
-
-API_EXPORT(int)
-ap_popenf_ex(pool *a, const char *name, int flg, int mode, int domagic)
-{
-	int fd;
-	int save_errno;
-
-	ap_block_alarms();
-	fd = open(name, flg, mode);
-	save_errno = errno;
-	if (fd >= 0) {
-		fd = ap_slack(fd, AP_SLACK_HIGH);
-		ap_note_cleanups_for_fd_ex(a, fd, domagic);
-	}
-	ap_unblock_alarms();
-	errno = save_errno;
-	return fd;
-}
-
-API_EXPORT(int)
-ap_popenf(pool *a, const char *name, int flg, int mode)
-{
-	return ap_popenf_ex(a, name, flg, mode, 0);
-}
-
-API_EXPORT(int)
-ap_pclosef(pool *a, int fd)
-{
-	int res;
-	int save_errno;
-
-	ap_block_alarms();
-	res = close(fd);
-	save_errno = errno;
-	ap_kill_cleanup(a, (void *)(long)fd, fd_cleanup);
-	ap_unblock_alarms();
-	errno = save_errno;
-	return res;
-}
-
-
-/* Note that we have separate plain_ and child_ cleanups for FILE *s,
- * since fclose() would flush I/O buffers, which is extremely undesirable;
- * we just close the descriptor.
- */
-
-static void
-file_cleanup(void *fpv)
-{
-	fclose((FILE *)fpv);
-}
-
-static void
-file_child_cleanup(void *fpv)
-{
-	close(fileno((FILE *)fpv));
-}
-
-static int
-file_magic_cleanup(void *fpv)
-{
-	return ap_close_fd_on_exec(fileno((FILE *)fpv));
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_file_ex(pool *p, FILE *fp, int domagic)
-{
-	ap_register_cleanup_ex(p, (void *)fp, file_cleanup, file_child_cleanup,
-	    domagic ? file_magic_cleanup : NULL);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_file(pool *p, FILE *fp)
-{
-	ap_note_cleanups_for_file_ex(p, fp, 0);
-}
-
-API_EXPORT(FILE *)
-ap_pfopen(pool *a, const char *name, const char *mode)
-{
-	FILE *fd = NULL;
-	int baseFlag, desc;
-	int modeFlags = 0;
-	int saved_errno;
-
-	modeFlags = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
-
-	ap_block_alarms();
-
-	if (*mode == 'a') {
-		/* Work around faulty implementations of fopen */
-		baseFlag = (*(mode + 1) == '+') ? O_RDWR : O_WRONLY;
-		desc = open(name, baseFlag | O_APPEND | O_CREAT,
-		modeFlags);
-		if (desc >= 0) {
-			desc = ap_slack(desc, AP_SLACK_LOW);
-			fd = ap_fdopen(desc, mode);
-		}
-	} else {
-		fd = fopen(name, mode);
-	}
-	saved_errno = errno;
-	if (fd != NULL)
-		ap_note_cleanups_for_file(a, fd);
-	ap_unblock_alarms();
-	errno = saved_errno;
-	return fd;
-}
-
-API_EXPORT(FILE *)
-ap_pfdopen(pool *a, int fd, const char *mode)
-{
-	FILE *f;
-	int saved_errno;
-
-	ap_block_alarms();
-	f = ap_fdopen(fd, mode);
-	saved_errno = errno;
-	if (f != NULL)
-		ap_note_cleanups_for_file(a, f);
-	ap_unblock_alarms();
-	errno = saved_errno;
-	return f;
-}
-
-
-API_EXPORT(int)
-ap_pfclose(pool *a, FILE *fd)
-{
-	int res;
-
-	ap_block_alarms();
-	res = fclose(fd);
-	ap_kill_cleanup(a, (void *)fd, file_cleanup);
-	ap_unblock_alarms();
-	return res;
-}
-
-/*
- * DIR * with cleanup
- */
-
-static void
-dir_cleanup(void *dv)
-{
-	closedir((DIR *) dv);
-}
-
-API_EXPORT(DIR *)
-ap_popendir(pool *p, const char *name)
-{
-	DIR *d;
-	int save_errno;
-
-	ap_block_alarms();
-	d = opendir(name);
-	if (d == NULL) {
-		save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return NULL;
-	}
-	ap_register_cleanup(p, (void *)d, dir_cleanup, dir_cleanup);
-	ap_unblock_alarms();
-	return d;
-}
-
-API_EXPORT(void)
-ap_pclosedir(pool *p, DIR * d)
-{
-	ap_block_alarms();
-	ap_kill_cleanup(p, (void *)d, dir_cleanup);
-	closedir(d);
-	ap_unblock_alarms();
-}
-
-/*****************************************************************
- *
- * Files and file descriptors; these are just an application of the
- * generic cleanup interface.
- */
-
-static void
-socket_cleanup(void *fdv)
-{
-	closesocket((int)(long)fdv);
-}
-
-static int
-socket_magic_cleanup(void *fpv)
-{
-	return ap_close_fd_on_exec((int)(long)fpv);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_socket_ex(pool *p, int fd, int domagic)
-{
-	ap_register_cleanup_ex(p, (void *)(long) fd, socket_cleanup,
-	    socket_cleanup, domagic ? socket_magic_cleanup : NULL);
-}
-
-API_EXPORT(void)
-ap_note_cleanups_for_socket(pool *p, int fd)
-{
-	ap_note_cleanups_for_socket_ex(p, fd, 0);
-}
-
-API_EXPORT(void)
-ap_kill_cleanups_for_socket(pool *p, int sock)
-{
-	ap_kill_cleanup(p, (void *)(long)sock, socket_cleanup);
-}
-
-API_EXPORT(int)
-ap_psocket_ex(pool *p, int domain, int type, int protocol, int domagic)
-{
-	int fd;
-
-	ap_block_alarms();
-	fd = socket(domain, type, protocol);
-	if (fd == -1) {
-		int save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return -1;
-	}
-	ap_note_cleanups_for_socket_ex(p, fd, domagic);
-	ap_unblock_alarms();
-	return fd;
-}
-
-API_EXPORT(int)
-ap_psocket(pool *p, int domain, int type, int protocol)
-{
-	return ap_psocket_ex(p, domain, type, protocol, 0);
-}
-
-API_EXPORT(int)
-ap_pclosesocket(pool *a, int sock)
-{
-	int res;
-	int save_errno;
-
-	ap_block_alarms();
-	res = closesocket(sock);
-	save_errno = errno;
-	ap_kill_cleanup(a, (void *)(long)sock, socket_cleanup);
-	ap_unblock_alarms();
-	errno = save_errno;
-	return res;
-}
-
-
-/*
- * Here's a pool-based interface to POSIX regex's regcomp().
- * Note that we return regex_t instead of being passed one.
- * The reason is that if you use an already-used regex_t structure,
- * the memory that you've already allocated gets forgotten, and
- * regfree() doesn't clear it. So we don't allow it.
- */
-
-static void
-regex_cleanup(void *preg)
-{
-	regfree((regex_t *)preg);
-}
-
-API_EXPORT(regex_t *)
-ap_pregcomp(pool *p, const char *pattern, int cflags)
-{
-	regex_t *preg = ap_palloc(p, sizeof(regex_t));
-
-	if (regcomp(preg, pattern, cflags))
-		return NULL;
-
-	ap_register_cleanup(p, (void *)preg, regex_cleanup, regex_cleanup);
-
-	return preg;
-}
-
-
-API_EXPORT(void)
-ap_pregfree(pool *p, regex_t *reg)
-{
-	ap_block_alarms();
-	regfree(reg);
-	ap_kill_cleanup(p, (void *)reg, regex_cleanup);
-	ap_unblock_alarms();
-}
-
-/*****************************************************************
- *
- * More grotty system stuff... subprocesses.  Frump.  These don't use
- * the generic cleanup interface because I don't want multiple
- * subprocesses to result in multiple three-second pauses; the
- * subprocesses have to be "freed" all at once.  If someone comes
- * along with another resource they want to allocate which has the
- * same property, we might want to fold support for that into the
- * generic interface, but for now, it's a special case
- */
-
-struct process_chain {
-	pid_t			 pid;
-	enum kill_conditions	 kill_how;
-	struct process_chain	*next;
-};
-
-API_EXPORT(void)
-ap_note_subprocess(pool *a, pid_t pid, enum kill_conditions how)
-{
-	struct process_chain *new =
-	    (struct process_chain *)ap_palloc(a, sizeof(struct process_chain));
-
-	new->pid = pid;
-	new->kill_how = how;
-	new->next = a->subprocesses;
-	a->subprocesses = new;
-}
-
-#define os_pipe(fds) pipe(fds)
-
-/* for ap_fdopen, to get binary mode */
-#define BINMODE
-
-static pid_t
-spawn_child_core(pool *p, int (*func)(void *, child_info *), void *data,
-enum kill_conditions kill_how, int *pipe_in, int *pipe_out, int *pipe_err)
-{
-	pid_t pid;
-	int in_fds[2];
-	int out_fds[2];
-	int err_fds[2];
-	int save_errno;
-
-	if (pipe_in && os_pipe(in_fds) < 0)
-		return 0;
-
-	if (pipe_out && os_pipe(out_fds) < 0) {
-		save_errno = errno;
-		if (pipe_in) {
-			close(in_fds[0]);
-			close(in_fds[1]);
-		}
-		errno = save_errno;
-		return 0;
-	}
-
-	if (pipe_err && os_pipe(err_fds) < 0) {
-		save_errno = errno;
-		if (pipe_in) {
-			close(in_fds[0]);
-			close(in_fds[1]);
-		}
-		if (pipe_out) {
-			close(out_fds[0]);
-			close(out_fds[1]);
-		}
-		errno = save_errno;
-		return 0;
-	}
-
-	if ((pid = fork()) < 0) {
-		save_errno = errno;
-		if (pipe_in) {
-			close(in_fds[0]);
-			close(in_fds[1]);
-		}
-		if (pipe_out) {
-			close(out_fds[0]);
-			close(out_fds[1]);
-		}
-		if (pipe_err) {
-			close(err_fds[0]);
-			close(err_fds[1]);
-		}
-		errno = save_errno;
-		return 0;
-	}
-
-	if (!pid) {
-		/* Child process */
-		RAISE_SIGSTOP(SPAWN_CHILD);
-
-		if (pipe_out) {
-			close(out_fds[0]);
-			dup2(out_fds[1], STDOUT_FILENO);
-			close(out_fds[1]);
-		}
-
-		if (pipe_in) {
-			close(in_fds[1]);
-			dup2(in_fds[0], STDIN_FILENO);
-			close(in_fds[0]);
-		}
-
-		if (pipe_err) {
-			close(err_fds[0]);
-			dup2(err_fds[1], STDERR_FILENO);
-			close(err_fds[1]);
-		}
-
-		/* HP-UX SIGCHLD fix goes here, if someone will remind me
-		 * what it is... */
-		signal(SIGCHLD, SIG_DFL);	/* Was that it? */
-
-		func(data, NULL);
-		exit(1);			/* Should only get here if
-						 * the exec in func() failed
-						 */
-	}
-
-	/* Parent process */
-	ap_note_subprocess(p, pid, kill_how);
-
-	if (pipe_out) {
-		close(out_fds[1]);
-		*pipe_out = out_fds[0];
-	}
-
-	if (pipe_in) {
-		close(in_fds[0]);
-		*pipe_in = in_fds[1];
-	}
-
-	if (pipe_err) {
-		close(err_fds[1]);
-		*pipe_err = err_fds[0];
-	}
-
-	return pid;
-}
-
-
-API_EXPORT(int)
-ap_spawn_child(pool *p, int (*func)(void *, child_info *), void *data,
-    enum kill_conditions kill_how, FILE **pipe_in, FILE **pipe_out,
-    FILE **pipe_err)
-{
-	int fd_in, fd_out, fd_err;
-	pid_t pid;
-	int save_errno;
-
-	ap_block_alarms();
-
-	pid = spawn_child_core(p, func, data, kill_how,
-	    pipe_in ? &fd_in : NULL,
-	    pipe_out ? &fd_out : NULL,
-	    pipe_err ? &fd_err : NULL);
-
-	if (pid == 0) {
-		save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return 0;
-	}
-
-	if (pipe_out) {
-		*pipe_out = ap_fdopen(fd_out, "r" BINMODE);
-		if (*pipe_out)
-			ap_note_cleanups_for_file(p, *pipe_out);
-		else
-			close(fd_out);
-	}
-
-	if (pipe_in) {
-		*pipe_in = ap_fdopen(fd_in, "w" BINMODE);
-		if (*pipe_in)
-			ap_note_cleanups_for_file(p, *pipe_in);
-		else
-			close(fd_in);
-	}
-
-	if (pipe_err) {
-		*pipe_err = ap_fdopen(fd_err, "r" BINMODE);
-		if (*pipe_err)
-			ap_note_cleanups_for_file(p, *pipe_err);
-		else
-			close(fd_err);
-	}
-
-	ap_unblock_alarms();
-	return pid;
-}
-
-API_EXPORT(int)
-ap_bspawn_child(pool *p, int (*func)(void *, child_info *), void *data,
-    enum kill_conditions kill_how, BUFF **pipe_in, BUFF **pipe_out,
-    BUFF **pipe_err)
-{
-	int fd_in, fd_out, fd_err;
-	pid_t pid;
-	int save_errno;
-
-	ap_block_alarms();
-
-	pid = spawn_child_core(p, func, data, kill_how,
-	    pipe_in ? &fd_in : NULL,
-	    pipe_out ? &fd_out : NULL,
-	    pipe_err ? &fd_err : NULL);
-
-	if (pid == 0) {
-		save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return 0;
-	}
-
-	if (pipe_out) {
-		*pipe_out = ap_bcreate(p, B_RD);
-		ap_note_cleanups_for_fd_ex(p, fd_out, 0);
-		ap_bpushfd(*pipe_out, fd_out, fd_out);
-	}
-
-	if (pipe_in) {
-		*pipe_in = ap_bcreate(p, B_WR);
-		ap_note_cleanups_for_fd_ex(p, fd_in, 0);
-		ap_bpushfd(*pipe_in, fd_in, fd_in);
-	}
-
-	if (pipe_err) {
-		*pipe_err = ap_bcreate(p, B_RD);
-		ap_note_cleanups_for_fd_ex(p, fd_err, 0);
-		ap_bpushfd(*pipe_err, fd_err, fd_err);
-	}
-
-	ap_unblock_alarms();
-	return pid;
-}
-
-
-/* 
- * Timing constants for killing subprocesses
- * There is a total 3-second delay between sending a SIGINT 
- * and sending of the final SIGKILL.
- * TIMEOUT_INTERVAL should be set to TIMEOUT_USECS / 64
- * for the exponential timeout algorithm.
- */
-#define TIMEOUT_USECS    3000000
-#define TIMEOUT_INTERVAL   46875
-
-static void
-free_proc_chain(struct process_chain *procs)
-{
-	/* Dispose of the subprocesses we've spawned off in the course of
-	* whatever it was we're cleaning up now.  This may involve killing
-	* some of them off...
-	*/
-	struct process_chain *p;
-	int need_timeout = 0;
-	int status;
-	int timeout_interval;
-	struct timeval tv;
-
-	if (procs == NULL)
-		return;			/* No work.  Whew! */
-
-	/* First, check to see if we need to do the SIGTERM, sleep, SIGKILL
-	 * dance with any of the processes we're cleaning up.  If we've got
-	 * any kill-on-sight subprocesses, ditch them now as well, so they
-	 * don't waste any more cycles doing whatever it is that they shouldn't
-	 * be doing anymore.
-	 */
-	/* Pick up all defunct processes */
-	for (p = procs; p; p = p->next) {
-		if (waitpid(p->pid, (int *) 0, WNOHANG) > 0) {
-			p->kill_how = kill_never;
-		}
-	}
-
-	for (p = procs; p; p = p->next) {
-		if ((p->kill_how == kill_after_timeout)
-		    || (p->kill_how == kill_only_once)) {
-			/*
-			 * This is totally bogus, but seems to be the
-			 * only portable (as in reliable) way to accomplish
-			 * this. Note that this implies an unavoidable
-			 * delay.
-			 */
-			ap_os_kill(p->pid, SIGTERM);
-			need_timeout = 1;
-		} else if (p->kill_how == kill_always) {
-			kill(p->pid, SIGKILL);
-		}
-	}
-
-	/* Sleep only if we have to. The sleep algorithm grows
-	 * by a factor of two on each iteration. TIMEOUT_INTERVAL
-	 * is equal to TIMEOUT_USECS / 64.
-	 */
-	if (need_timeout) {
-		timeout_interval = TIMEOUT_INTERVAL;
-		tv.tv_sec = 0;
-		tv.tv_usec = timeout_interval;
-		ap_select(0, NULL, NULL, NULL, &tv);
-
-		do {
-			need_timeout = 0;
-			for (p = procs; p; p = p->next) {
-				if (p->kill_how == kill_after_timeout) {
-					if (waitpid(p->pid, (int *)0,
-					    WNOHANG | WUNTRACED) > 0)
-						p->kill_how = kill_never;
-					else
-						need_timeout = 1;
-				}
-			}
-			if (need_timeout) {
-				if (timeout_interval >= TIMEOUT_USECS)
-					break;
-				tv.tv_sec = timeout_interval / 1000000;
-				tv.tv_usec = timeout_interval % 1000000;
-				ap_select(0, NULL, NULL, NULL, &tv);
-				timeout_interval *= 2;
-			}
-		} while (need_timeout);
-	}
-
-	/* OK, the scripts we just timed out for have had a chance to clean up
-	 * --- now, just get rid of them, and also clean up the system
-	 * accounting goop...
-	 */
-	for (p = procs; p; p = p->next) {
-		if (p->kill_how == kill_after_timeout)
-		kill(p->pid, SIGKILL);
-
-		if (p->kill_how != kill_never)
-			waitpid(p->pid, &status, 0);
-	}
-}
diff --git a/usr.sbin/httpd/src/main/buff.c b/usr.sbin/httpd/src/main/buff.c
deleted file mode 100644
index 91174f5f324..00000000000
--- a/usr.sbin/httpd/src/main/buff.c
+++ /dev/null
@@ -1,1246 +0,0 @@
-/*	$OpenBSD: buff.c,v 1.21 2010/02/25 07:49:53 pyr Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "buff.h"
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#ifndef DEFAULT_BUFSIZE
-#define DEFAULT_BUFSIZE (4096)
-#endif
-/* This must be enough to represent (DEFAULT_BUFSIZE - 3) in hex,
- * plus two extra characters.
- */
-#ifndef CHUNK_HEADER_SIZE
-#define CHUNK_HEADER_SIZE (5)
-#endif
-
-#define ascii_CRLF "\015\012"	/* A CRLF which won't pass the conversion
-				 * machinery */
-
-/* bwrite()s of greater than this size can result in a large_write() call,
- * which can result in a writev().  It's a little more work to set up the
- * writev() rather than copy bytes into the buffer, so we don't do it for small
- * writes.  This is especially important when chunking (which is a very likely
- * source of small writes if it's a module using ap_bputc/ap_bputs)...because we
- * have the expense of actually building two chunks for each writev().
- */
-#ifndef LARGE_WRITE_THRESHOLD
-#define LARGE_WRITE_THRESHOLD 31
-#endif
-
-
-/*
- * Buffered I/O routines.
- * These are a replacement for the stdio routines.
- * Advantages:
- *  Known semantics for handling of file-descriptors (on close etc.)
- *  No problems reading and writing simultanously to the same descriptor
- *  No limits on the number of open file handles.
- *  Only uses memory resources; no need to ensure the close routine
- *  is called.
- *  Extra code could be inserted between the buffered and un-buffered routines.
- *  Timeouts could be handled by using select or poll before read or write.
- *  Extra error handling could be introduced; e.g.
- *   keep an address to which we should longjump(), or
- *   keep a stack of routines to call on error.
- */
-
-/* Notes:
- *  On reading EOF, EOF will set in the flags and no further Input will
- * be done.
- *
- * On an error except for EAGAIN, ERROR will be set in the flags and no
- * further I/O will be done
- */
-
-
-/* the lowest level reading primitive */
-static int
-ap_read(BUFF *fb, void *buf, int nbyte)
-{
-	int rv;
-
-	if (!ap_hook_call("ap::buff::read", &rv, fb, buf, nbyte))
-		rv = read(fb->fd_in, buf, nbyte);
-
-	return rv;
-}
-
-static ap_inline int
-buff_read(BUFF *fb, void *buf, int nbyte)
-{
-	int rv;
-
-	rv = ap_read(fb, buf, nbyte);
-	return rv;
-}
-
-/* the lowest level writing primitive */
-static int
-ap_write(BUFF *fb, const void *buf, int nbyte)
-{
-	int rv;
-
-	if (!ap_hook_call("ap::buff::write", &rv, fb, buf, nbyte))
-		rv = write(fb->fd, buf, nbyte);
-	return rv;
-}
-
-static ap_inline int
-buff_write(BUFF *fb, const void *buf, int nbyte)
-{
-	int rv;
-
-	if (fb->filter_callback != NULL)
-		fb->filter_callback(fb, buf, nbyte);
-
-	rv = ap_write(fb, buf, nbyte);
-	return rv;
-}
-
-static void
-doerror(BUFF *fb, int direction)
-{
-	int errsave = errno;	/* Save errno to prevent overwriting it below */
-
-	fb->flags |= (direction == B_RD ? B_RDERR : B_WRERR);
-	if (fb->error != NULL)
-		(*fb->error)(fb, direction, fb->error_data);
-
-	errno = errsave;
-}
-
-/* Buffering routines */
-/*
- * Create a new buffered stream
- */
-API_EXPORT(BUFF *)
-ap_bcreate(pool *p, int flags)
-{
-	BUFF *fb;
-
-	fb = ap_palloc(p, sizeof(BUFF));
-	fb->pool = p;
-	fb->bufsiz = DEFAULT_BUFSIZE;
-	fb->flags = flags & (B_RDWR | B_SOCKET);
-
-	if (flags & B_RD)
-		fb->inbase = ap_palloc(p, fb->bufsiz);
-	else
-		fb->inbase = NULL;
-
-	/* overallocate so that we can put a chunk trailer of CRLF into this
-	 * buffer
-	 */
-	if (flags & B_WR)
-		fb->outbase = ap_palloc(p, fb->bufsiz + 2);
-	else
-		fb->outbase = NULL;
-
-	fb->inptr = fb->inbase;
-
-	fb->incnt = 0;
-	fb->outcnt = 0;
-	fb->outchunk = -1;
-	fb->error = NULL;
-	fb->bytes_sent = 0LL;
-
-	fb->fd = -1;
-	fb->fd_in = -1;
-
-	fb->callback_data = NULL;
-	fb->filter_callback = NULL;
-
-	fb->ctx = ap_ctx_new(p);
-
-	return fb;
-}
-
-/*
- * Push some I/O file descriptors onto the stream
- */
-API_EXPORT(void)
-ap_bpushfd(BUFF *fb, int fd_in, int fd_out)
-{
-	fb->fd = fd_out;
-	fb->fd_in = fd_in;
-}
-
-API_EXPORT(int)
-ap_bsetopt(BUFF *fb, int optname, const void *optval)
-{
-	if (optname == BO_BYTECT) {
-		fb->bytes_sent = *(off_t *)optval -
-		    (off_t)fb->outcnt;
-		return 0;
-	}
-	else {
-		errno = EINVAL;
-		return -1;
-	}
-}
-
-API_EXPORT(int)
-ap_bgetopt(BUFF *fb, int optname, void *optval)
-{
-	if (optname == BO_BYTECT) {
-		off_t bs = fb->bytes_sent + fb->outcnt;
-		if (bs < 0LL)
-			bs = 0LL;
-		*(off_t *)optval = bs;
-		return 0;
-	}
-	else {
-		errno = EINVAL;
-		return -1;
-	}
-}
-
-static int bflush_core(BUFF *fb);
-
-/*
- * Start chunked encoding.
- *
- * Note that in order for ap_bputc() to be an efficient macro we have to guarantee
- * that start_chunk() has always been called on the buffer before we leave any
- * routine in this file.  Said another way, if a routine here uses end_chunk()
- * and writes something on the wire, then it has to call start_chunk() or set
- * an error condition before returning.
- */
-static void
-start_chunk(BUFF *fb)
-{
-	if (fb->outchunk != -1) {
-		/* already chunking */
-		return;
-	}
-	if ((fb->flags & (B_WRERR | B_EOUT | B_WR)) != B_WR) {
-		/* unbuffered writes */
-		return;
-	}
-
-	/* we need at least the header_len + at least 1 data byte
-	 * remember that we've overallocated fb->outbase so that we can always
-	 * fit the two byte CRLF trailer
-	 */
-	if (fb->bufsiz - fb->outcnt < CHUNK_HEADER_SIZE + 1)
-		bflush_core(fb);
-
-	fb->outchunk = fb->outcnt;
-	fb->outcnt += CHUNK_HEADER_SIZE;
-}
-
-
-/*
- * end a chunk -- tweak the chunk_header from start_chunk, and add a trailer
- */
-static void
-end_chunk(BUFF *fb)
-{
-	int i;
-	unsigned char *strp;
-
-	if (fb->outchunk == -1) {
-		/* not chunking */
-		return;
-	}
-
-	if (fb->outchunk + CHUNK_HEADER_SIZE == fb->outcnt) {
-		/* nothing was written into this chunk, and we can't write a
-		 * 0 size chunk because that signifies EOF, so just erase it
-		 */
-		fb->outcnt = fb->outchunk;
-		fb->outchunk = -1;
-		return;
-	}
-
-	/* we know this will fit because of how we wrote it in start_chunk() */
-	i = ap_snprintf((char *)&fb->outbase[fb->outchunk], CHUNK_HEADER_SIZE,
-	    "%x", fb->outcnt - fb->outchunk - CHUNK_HEADER_SIZE);
-
-	/* we may have to tack some trailing spaces onto the number we just
-	 * wrote in case it was smaller than our estimated size.  We've also
-	 * written a \0 into the buffer with ap_snprintf so we might have to
-	 * put a \r back in.
-	 */
-	strp = &fb->outbase[fb->outchunk + i];
-	while (i < CHUNK_HEADER_SIZE - 2) {
-		*strp++ = ' ';
-		++i;
-	}
-	*strp++ = CR;
-	*strp = LF;
-
-	/* tack on the trailing CRLF, we've reserved room for this */
-	fb->outbase[fb->outcnt++] = CR;
-	fb->outbase[fb->outcnt++] = LF;
-
-	fb->outchunk = -1;
-}
-
-
-/*
- * Set a flag on (1) or off (0).
- */
-API_EXPORT(int)
-ap_bsetflag(BUFF *fb, int flag, int value)
-{
-	if (value) {
-		fb->flags |= flag;
-		if (flag & B_CHUNK)
-			start_chunk(fb);
-	} else {
-		fb->flags &= ~flag;
-		if (flag & B_CHUNK)
-			end_chunk(fb);
-	}
-	return value;
-}
-
-
-API_EXPORT(int)
-ap_bnonblock(BUFF *fb, int direction)
-{
-	int fd;
-
-	fd = (direction == B_RD) ? fb->fd_in : fb->fd;
-	return fcntl(fd, F_SETFL, O_NONBLOCK);
-}
-
-API_EXPORT(int)
-ap_bfileno(BUFF *fb, int direction)
-{
-	return (direction == B_RD) ? fb->fd_in : fb->fd;
-}
-
-/*
- * This is called instead of read() everywhere in here.  It implements
- * the B_SAFEREAD functionality -- which is to force a flush() if a read()
- * would block.  It also deals with the EINTR errno result from read().
- * return code is like read() except EINTR is eliminated.
- */
-
-#define saferead saferead_guts
-
-/* Test the descriptor and flush the output buffer if it looks like
- * we will block on the next read.
- *
- * Note we assume the caller has ensured that fb->fd_in <= FD_SETSIZE
- */
-API_EXPORT(void)
-ap_bhalfduplex(BUFF *fb)
-{
-	int rv;
-	fd_set fds;
-	struct timeval tv;
-
-	/* We don't need to do anything if the connection has been closed
-	* or there is something readable in the incoming buffer
-	* or there is nothing flushable in the output buffer.
-	*/
-	if (fb == NULL || fb->fd_in < 0 || fb->incnt > 0 || fb->outcnt == 0)
-		return;
-
-	/* test for a block */
-	do {
-		FD_ZERO(&fds);
-		FD_SET(fb->fd_in, &fds);
-		tv.tv_sec = 0;
-		tv.tv_usec = 0;
-		rv = ap_select(fb->fd_in + 1, &fds, NULL, NULL, &tv);
-	} while (rv < 0 && errno == EINTR && !(fb->flags & B_EOUT));
-
-	/* treat any error as if it would block as well */
-	if (rv != 1)
-		ap_bflush(fb);
-}
-
-static ap_inline int
-saferead_guts(BUFF *fb, void *buf, int nbyte)
-{
-	int rv;
-
-	if (fb->flags & B_SAFEREAD)
-		ap_bhalfduplex(fb);
-
-	do {
-		rv = buff_read(fb, buf, nbyte);
-	} while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
-	return (rv);
-}
-
-
-/* A wrapper around saferead which does error checking and EOF checking
- * yeah, it's confusing, this calls saferead, which calls buff_read...
- * and then there's the SFIO case.  Note that saferead takes care
- * of EINTR.
- */
-static int
-read_with_errors(BUFF *fb, void *buf, int nbyte)
-{
-	int rv;
-
-	rv = saferead(fb, buf, nbyte);
-	if (rv == 0)
-		fb->flags |= B_EOF;
-	else if (rv == -1 && errno != EAGAIN)
-		doerror(fb, B_RD);
-	return rv;
-}
-
-
-/*
- * Read up to nbyte bytes into buf.
- * If fewer than byte bytes are currently available, then return those.
- * Returns 0 for EOF, -1 for error.
- * NOTE EBCDIC: The readahead buffer _always_ contains *unconverted* data.
- * Only when the caller retrieves data from the buffer (calls bread)
- * is a conversion done, if the conversion flag is set at that time.
- */
-API_EXPORT(int)
-ap_bread(BUFF *fb, void *buf, int nbyte)
-{
-	int i, nrd;
-
-	if (fb->flags & B_RDERR)
-		return -1;
-	if (nbyte == 0)
-		return 0;
-
-	if (!(fb->flags & B_RD)) {
-		/* Unbuffered reading.  First check if there was something in
-		 * the buffer from before we went unbuffered. */
-		if (fb->incnt) {
-			i = (fb->incnt > nbyte) ? nbyte : fb->incnt;
-			memcpy(buf, fb->inptr, i);
-			fb->incnt -= i;
-			fb->inptr += i;
-			return i;
-		}
-		i = read_with_errors(fb, buf, nbyte);
-		return i;
-	}
-
-	nrd = fb->incnt;
-	/* can we fill the buffer */
-	if (nrd >= nbyte) {
-		memcpy(buf, fb->inptr, nbyte);
-		fb->incnt = nrd - nbyte;
-		fb->inptr += nbyte;
-		return nbyte;
-	}
-
-	if (nrd > 0) {
-		memcpy(buf, fb->inptr, nrd);
-		nbyte -= nrd;
-		buf = nrd + (char *)buf;
-		fb->incnt = 0;
-	}
-	if (fb->flags & B_EOF)
-		return nrd;
-
-	/* do a single read */
-	if (nbyte >= fb->bufsiz) {
-		/* read directly into caller's buffer */
-		i = read_with_errors(fb, buf, nbyte);
-		if (i == -1)
-			return nrd ? nrd : -1;
-	}
-	else {
-		/* read into hold buffer, then memcpy */
-		fb->inptr = fb->inbase;
-		i = read_with_errors(fb, fb->inptr, fb->bufsiz);
-		if (i == -1)
-			return nrd ? nrd : -1;
-		fb->incnt = i;
-		if (i > nbyte)
-			i = nbyte;
-		memcpy(buf, fb->inptr, i);
-		fb->incnt -= i;
-		fb->inptr += i;
-	}
-	return nrd + i;
-}
-
-
-/*
- * Reads from the stream into the array pointed to by buff, until
- * a (CR)LF sequence is read, or end-of-file condition is encountered
- * or until n-1 bytes have been stored in buff. If a CRLF sequence is
- * read, it is replaced by a newline character.  The string is then
- * terminated with a null character.
- *
- * Returns the number of bytes stored in buff, or zero on end of
- * transmission, or -1 on an error.
- *
- * Notes:
- *  If null characters are expected in the data stream, then
- * buff should not be treated as a null terminated C string; instead
- * the returned count should be used to determine the length of the
- * string.
- *  CR characters in the byte stream not immediately followed by a LF
- * will be preserved.
- */
-API_EXPORT(int)
-ap_bgets(char *buff, int n, BUFF *fb)
-{
-	int i, ch, ct;
-
-	/* Can't do bgets on an unbuffered stream */
-	if (!(fb->flags & B_RD)) {
-		errno = EINVAL;
-		return -1;
-	}
-	if (fb->flags & B_RDERR)
-		return -1;
-
-	ct = 0;
-	i = 0;
-	for (;;) {
-		if (i == fb->incnt) {
-			/* no characters left */
-			fb->inptr = fb->inbase;
-			fb->incnt = 0;
-			if (fb->flags & B_EOF)
-				break;
-			i = read_with_errors(fb, fb->inptr, fb->bufsiz);
-			if (i == -1) {
-				buff[ct] = '\0';
-				return ct ? ct : -1;
-			}
-			fb->incnt = i;
-			if (i == 0)
-				break;		/* EOF */
-			i = 0;
-			continue;		/* restart with the new data */
-		}
-
-		ch = fb->inptr[i++];
-		if (ch == LF) {  /* got LF */
-			if (ct == 0)
-				buff[ct++] = '\n';
-			/* if just preceded by CR, replace CR with LF */
-			else if (buff[ct - 1] == CR)
-				buff[ct - 1] = '\n';
-			else if (ct < n - 1)
-				buff[ct++] = '\n';
-			else
-				i--;		/* no room for LF */
-			break;
-		}
-		if (ct == n - 1) {
-			i--;		/* push back ch */
-			break;
-		}
-
-		buff[ct++] = ch;
-	}
-	fb->incnt -= i;
-	fb->inptr += i;
-
-	buff[ct] = '\0';
-	return ct;
-}
-
-/*
- * Looks at the stream fb and places the first character into buff
- * without removing it from the stream buffer.
- *
- * Returns 1 on success, zero on end of transmission, or -1 on an error.
- *
- */
-API_EXPORT(int)
-ap_blookc(char *buff, BUFF *fb)
-{
-	int i;
-
-	*buff = '\0';
-
-	if (!(fb->flags & B_RD)) {	/* Can't do blookc on an unbuffered
-					 * stream */
-		errno = EINVAL;
-		return -1;
-	}
-	if (fb->flags & B_RDERR)
-		return -1;
-
-	if (fb->incnt == 0) {	/* no characters left in stream buffer */
-		fb->inptr = fb->inbase;
-		if (fb->flags & B_EOF)
-			return 0;
-
-		i = read_with_errors(fb, fb->inptr, fb->bufsiz);
-		if (i <= 0)
-			return i;
-		fb->incnt = i;
-	}
-
-	*buff = fb->inptr[0];
-	return 1;
-}
-
-/*
- * Skip data until a linefeed character is read
- * Returns 1 on success, 0 if no LF found, or -1 on error
- */
-API_EXPORT(int)
-ap_bskiplf(BUFF *fb)
-{
-	unsigned char *x;
-	int i;
-
-	/* Can't do bskiplf on an unbuffered stream */
-	if (!(fb->flags & B_RD)) {
-		errno = EINVAL;
-		return -1;
-	}
-	if (fb->flags & B_RDERR)
-		return -1;
-
-	for (;;) {
-		x = (unsigned char *)memchr(fb->inptr, '\012', fb->incnt);
-		if (x != NULL) {
-			x++;
-			fb->incnt -= x - fb->inptr;
-			fb->inptr = x;
-			return 1;
-		}
-
-		fb->inptr = fb->inbase;
-		fb->incnt = 0;
-		if (fb->flags & B_EOF)
-			return 0;
-		i = read_with_errors(fb, fb->inptr, fb->bufsiz);
-		if (i <= 0)
-			return i;
-		fb->incnt = i;
-	}
-}
-
-/*
- * output a single character.  Used by ap_bputs when the buffer
- * is full... and so it'll cause the buffer to be flushed first.
- */
-API_EXPORT(int)
-ap_bflsbuf(int c, BUFF *fb)
-{
-	char ss[1];
-
-	ss[0] = c;
-	return ap_bwrite(fb, ss, 1);
-}
-
-/*
- * Fill the buffer and read a character from it
- */
-API_EXPORT(int)
-ap_bfilbuf(BUFF *fb)
-{
-	int i;
-	char buf[1];
-
-	i = ap_bread(fb, buf, 1);
-	if (i == 0)
-		errno = 0;		/* no error; EOF */
-	if (i != 1)
-		return EOF;
-	else
-		return buf[0];
-}
-
-
-/*
- * When doing chunked encodings we really have to write everything in the
- * chunk before proceeding onto anything else.  This routine either writes
- * nbytes and returns 0 or returns -1 indicating a failure.
- *
- * This is *seriously broken* if used on a non-blocking fd.  It will poll.
- *
- * Deals with calling doerror and setting bytes_sent.
- */
-static int
-write_it_all(BUFF *fb, const void *buf, int nbyte)
-{
-	int i;
-
-	if (fb->flags & (B_WRERR | B_EOUT))
-		return -1;
-
-	while (nbyte > 0) {
-		i = buff_write(fb, buf, nbyte);
-		if (i < 0) {
-			if (errno != EAGAIN && errno != EINTR) {
-				doerror(fb, B_WR);
-				return -1;
-			}
-		}
-		else {
-			nbyte -= i;
-			buf = i + (const char *) buf;
-			fb->bytes_sent += i;
-		}
-		if (fb->flags & B_EOUT)
-			return -1;
-	}
-	return 0;
-}
-
-
-/* Similar to previous, but uses writev.  Note that it modifies vec.
- * return 0 if successful, -1 otherwise.
- *
- * Deals with doerror() and bytes_sent.
- */
-static int
-writev_it_all(BUFF *fb, struct iovec *vec, int nvec)
-{
-	int i, rv;
-
-	if (fb->filter_callback != NULL) {
-		for (i = 0; i < nvec; i++)
-			fb->filter_callback(fb, vec[i].iov_base,
-			    vec[i].iov_len);
-	}
-
-	/* while it's nice an easy to build the vector and crud, it's painful
-	 * to deal with a partial writev()
-	 */
-	i = 0;
-	while (i < nvec) {
-		do
-			if (!ap_hook_call("ap::buff::writev", &rv, fb, &vec[i],
-			    nvec -i))
-				rv = writev(fb->fd, &vec[i], nvec - i);
-		while (rv == -1 && (errno == EINTR || errno == EAGAIN)
-		    && !(fb->flags & B_EOUT));
-		if (rv == -1) {
-			if (errno != EINTR && errno != EAGAIN)
-				doerror(fb, B_WR);
-
-			return -1;
-		}
-		fb->bytes_sent += rv;
-		/* recalculate vec to deal with partial writes */
-		while (rv > 0) {
-			if (rv < vec[i].iov_len) {
-				vec[i].iov_base = (char *)vec[i].iov_base + rv;
-				vec[i].iov_len -= rv;
-				rv = 0;
-			} else {
-				rv -= vec[i].iov_len;
-				++i;
-			}
-		}
-		if (fb->flags & B_EOUT)
-			return -1;
-	}
-	/* if we got here, we wrote it all */
-	return 0;
-}
-
-/* A wrapper for buff_write which deals with error conditions and
- * bytes_sent.  Also handles non-blocking writes.
- */
-static int
-write_with_errors(BUFF *fb, const void *buf, int nbyte)
-{
-	int rv;
-
-	do
-		rv = buff_write(fb, buf, nbyte);
-	while (rv == -1 && errno == EINTR && !(fb->flags & B_EOUT));
-	if (rv == -1) {
-		if (errno != EAGAIN)
-			doerror(fb, B_WR);
-		return -1;
-	} else if (rv == 0) {
-		errno = EAGAIN;
-		return -1;
-	}
-	fb->bytes_sent += rv;
-	return rv;
-}
-
-
-/*
- * A hook to write() that deals with chunking. This is really a protocol-
- * level issue, but we deal with it here because it's simpler; this is
- * an interim solution pending a complete rewrite of all this stuff in
- * 2.0, using something like sfio stacked disciplines or BSD's funopen().
- *
- * Can be used on non-blocking descriptors, but only if they're not chunked.
- * Deals with doerror() and bytes_sent.
- */
-static int
-bcwrite(BUFF *fb, const void *buf, int nbyte)
-{
-	char chunksize[16];		/* Big enough for practically anything */
-	struct iovec vec[3];
-
-	if (fb->flags & (B_WRERR | B_EOUT))
-		return -1;
-
-	if (!(fb->flags & B_CHUNK))
-		return write_with_errors(fb, buf, nbyte);
-
-	vec[0].iov_base = chunksize;
-	vec[0].iov_len = ap_snprintf(chunksize, sizeof(chunksize), "%x" CRLF,
-	    nbyte);
-	vec[1].iov_base = (void *)buf;	/* cast is to avoid const warning */
-	vec[1].iov_len = nbyte;
-	vec[2].iov_base = ascii_CRLF;
-	vec[2].iov_len = 2;
-
-	return writev_it_all(fb, vec,
-	    (sizeof(vec) / sizeof(vec[0]))) ? -1 : nbyte;
-}
-
-
-/*
- * Used to combine the contents of the fb buffer, and a large buffer
- * passed in.
- */
-static int
-large_write(BUFF *fb, const void *buf, int nbyte)
-{
-	struct iovec vec[4];
-	int nvec;
-	char chunksize[16];
-
-	/* it's easiest to end the current chunk */
-	if (fb->flags & B_CHUNK)
-		end_chunk(fb);
-
-	nvec = 0;
-	if (fb->outcnt > 0) {
-		vec[nvec].iov_base = (void *)fb->outbase;
-		vec[nvec].iov_len = fb->outcnt;
-		++nvec;
-	}
-	if (fb->flags & B_CHUNK) {
-		vec[nvec].iov_base = chunksize;
-		vec[nvec].iov_len = ap_snprintf(chunksize, sizeof(chunksize),
-		"%x" CRLF, nbyte);
-		++nvec;
-		vec[nvec].iov_base = (void *)buf;
-		vec[nvec].iov_len = nbyte;
-		++nvec;
-		vec[nvec].iov_base = ascii_CRLF;
-		vec[nvec].iov_len = 2;
-		++nvec;
-	} else {
-		vec[nvec].iov_base = (void *)buf;
-		vec[nvec].iov_len = nbyte;
-		++nvec;
-	}
-
-	fb->outcnt = 0;
-	if (writev_it_all(fb, vec, nvec))
-		return -1;
-	else if (fb->flags & B_CHUNK)
-		start_chunk(fb);
-
-	return nbyte;
-}
-
-
-/*
- * Write nbyte bytes.
- * Only returns fewer than nbyte if an error ocurred.
- * Returns -1 if no bytes were written before the error ocurred.
- * It is worth noting that if an error occurs, the buffer is in an unknown
- * state.
- */
-API_EXPORT(int)
-ap_bwrite(BUFF *fb, const void *buf, int nbyte)
-{
-	int i, nwr, useable_bufsiz;
-
-	if (fb->flags & (B_WRERR | B_EOUT))
-		return -1;
-	if (nbyte == 0)
-		return 0;
-
-	if (!(fb->flags & B_WR)) {
-		/* unbuffered write -- have to use bcwrite since we aren't
-		 * taking care of chunking any other way
-		 */
-		return bcwrite(fb, buf, nbyte);
-	}
-
-	/*
-	 * Detect case where we're asked to write a large buffer, and combine our
-	 * current buffer with it in a single writev().  Note we don't consider
-	 * the case nbyte == 1 because modules which use rputc() loops will cause
-	 * us to use writev() too frequently.  In those cases we really should just
-	 * start a new buffer.
-	 */
-	if (fb->outcnt > 0 && nbyte > LARGE_WRITE_THRESHOLD
-	     && nbyte + fb->outcnt >= fb->bufsiz)
-		return large_write(fb, buf, nbyte);
-
-
-	/*
-	 * Whilst there is data in the buffer, keep on adding to it and
-	 * writing it out
-	 */
-	nwr = 0;
-	while (fb->outcnt > 0) {
-		/* can we accept some data? */
-		i = fb->bufsiz - fb->outcnt;
-		if (i > 0) {
-			if (i > nbyte)
-				i = nbyte;
-			memcpy(fb->outbase + fb->outcnt, buf, i);
-			fb->outcnt += i;
-			nbyte -= i;
-			buf = i + (const char *)buf;
-			nwr += i;
-			if (nbyte == 0)
-				return nwr;	/* return if none left */
-		}
-
-		/* the buffer must be full */
-		if (fb->flags & B_CHUNK) {
-			end_chunk(fb);
-			/* it is just too painful to try to re-cram the buffer while
-			* chunking
-			*/
-			if (write_it_all(fb, fb->outbase, fb->outcnt) == -1) {
-				/* we cannot continue after a chunked error */
-				return -1;
-			}
-			fb->outcnt = 0;
-			break;
-		}
-		i = write_with_errors(fb, fb->outbase, fb->outcnt);
-		if (i <= 0)
-			return nwr ? nwr : -1;
-
-		/* deal with a partial write */
-		if (i < fb->outcnt) {
-			int j, n = fb->outcnt;
-			unsigned char *x = fb->outbase;
-			for (j = i; j < n; j++)
-			x[j - i] = x[j];
-			fb->outcnt -= i;
-		} else
-			fb->outcnt = 0;
-
-		if (fb->flags & B_EOUT)
-		return -1;
-	}
-	/* we have emptied the file buffer. Now try to write the data from the
-	 * original buffer until there is less than bufsiz left.  Note that we
-	 * use bcwrite() to do this for us, it will do the chunking so that
-	 * we don't have to dink around building a chunk in our own buffer.
-	 *
-	 * Note also that bcwrite never does a partial write if we're chunking,
-	 * so we're guaranteed to either end in an error state, or make it
-	 * out of this loop and call start_chunk() below.
-	 *
-	 * Remember we may not be able to use the entire buffer if we're
-	 * chunking.
-	 */
-	useable_bufsiz = fb->bufsiz;
-	if (fb->flags & B_CHUNK)
-		useable_bufsiz -= CHUNK_HEADER_SIZE;
-	while (nbyte >= useable_bufsiz) {
-		i = bcwrite(fb, buf, nbyte);
-		if (i <= 0)
-			return nwr ? nwr : -1;
-
-		buf = i + (const char *)buf;
-		nwr += i;
-		nbyte -= i;
-
-		if (fb->flags & B_EOUT)
-			return -1;
-	}
-	/* copy what's left to the file buffer */
-	fb->outcnt = 0;
-	if (fb->flags & B_CHUNK)
-		start_chunk(fb);
-	if (nbyte > 0)
-		memcpy(fb->outbase + fb->outcnt, buf, nbyte);
-	fb->outcnt += nbyte;
-	nwr += nbyte;
-	return nwr;
-}
-
-
-static int
-bflush_core(BUFF *fb)
-{
-	int i;
-
-	while (fb->outcnt > 0) {
-		i = write_with_errors(fb, fb->outbase, fb->outcnt);
-		if (i <= 0)
-			return -1;
-
-		/*
-		 * We should have written all the data, but if the fd was in a
-		 * strange (non-blocking) mode, then we might not have done so.
-		 */
-		if (i < fb->outcnt) {
-			int j, n = fb->outcnt;
-			unsigned char *x = fb->outbase;
-			for (j = i; j < n; j++)
-			x[j - i] = x[j];
-		}
-		fb->outcnt -= i;
-
-		/* If a soft timeout occurs while flushing, the handler should
-		 * have set the buffer flag B_EOUT.
-		 */
-		if (fb->flags & B_EOUT)
-			return -1;
-	}
-	return 0;
-}
-
-/*
- * Flushes the buffered stream.
- * Returns 0 on success or -1 on error
- */
-API_EXPORT(int)
-ap_bflush(BUFF *fb)
-{
-	int ret;
-
-	if ((fb->flags & (B_WRERR | B_EOUT | B_WR)) != B_WR)
-		return -1;
-
-	if (fb->flags & B_CHUNK)
-		end_chunk(fb);
-
-	ret = bflush_core(fb);
-
-	if (ret == 0 && (fb->flags & B_CHUNK))
-		start_chunk(fb);
-
-	return ret;
-}
-
-/*
- * Flushes and closes the file, even if an error occurred.
- * Discards an data that was not read, or not written by bflush()
- * Sets the EOF flag to indicate no further data can be read,
- * and the EOUT flag to indicate no further data can be written.
- */
-API_EXPORT(int)
-ap_bclose(BUFF *fb)
-{
-	int rc1, rc2, rc3;
-
-	if (fb->flags & B_WR)
-		rc1 = ap_bflush(fb);
-	else
-		rc1 = 0;
-	if (fb->flags & B_SOCKET) {
-		rc2 = ap_pclosesocket(fb->pool, fb->fd);
-		if (fb->fd_in != fb->fd)
-			rc3 = ap_pclosesocket(fb->pool, fb->fd_in);
-		else
-			rc3 = 0;
-	} else {
-		rc2 = ap_pclosef(fb->pool, fb->fd);
-		if (fb->fd_in != fb->fd)
-			rc3 = ap_pclosef(fb->pool, fb->fd_in);
-		else
-			rc3 = 0;
-	}
-
-	fb->inptr = fb->inbase;
-	fb->incnt = 0;
-	fb->outcnt = 0;
-
-	fb->flags |= B_EOF | B_EOUT;
-	fb->fd = -1;
-	fb->fd_in = -1;
-
-	if (rc1 != 0)
-		return rc1;
-	else if (rc2 != 0)
-		return rc2;
-	else
-		return rc3;
-}
-
-/*
- * returns the number of bytes written or -1 on error
- */
-API_EXPORT(int)
-ap_bputs(const char *x, BUFF *fb)
-{
-	int i, j = strlen(x);
-	i = ap_bwrite(fb, x, j);
-	if (i != j)
-		return -1;
-	else
-		return j;
-}
-
-/*
- * returns the number of bytes written or -1 on error
- */
-API_EXPORT_NONSTD(int)
-ap_bvputs(BUFF *fb,...)
-{
-	int i, j, k;
-	va_list v;
-	const char *x;
-
-	va_start(v, fb);
-	for (k = 0;;) {
-		x = va_arg(v, const char *);
-		if (x == NULL)
-			break;
-		j = strlen(x);
-		i = ap_bwrite(fb, x, j);
-		if (i != j) {
-			va_end(v);
-			return -1;
-		}
-		k += i;
-	}
-
-	va_end(v);
-
-	return k;
-}
-
-API_EXPORT(void)
-ap_bonerror(BUFF *fb, void (*error) (BUFF *, int, void *), void *data)
-{
-	fb->error = error;
-	fb->error_data = data;
-}
-
-struct bprintf_data {
-    ap_vformatter_buff	 vbuff;
-    BUFF		*fb;
-};
-
-static int
-bprintf_flush(ap_vformatter_buff *vbuff)
-{
-	struct bprintf_data *b = (struct bprintf_data *)vbuff;
-	BUFF *fb = b->fb;
-
-	fb->outcnt += b->vbuff.curpos - (char *)&fb->outbase[fb->outcnt];
-	if (fb->outcnt == fb->bufsiz)
-		if (ap_bflush(fb))
-			return -1;
-
-	vbuff->curpos = (char *)&fb->outbase[fb->outcnt];
-	vbuff->endpos = (char *)&fb->outbase[fb->bufsiz];
-	return 0;
-}
-
-API_EXPORT_NONSTD(int)
-ap_bprintf(BUFF *fb, const char *fmt, ...)
-{
-	va_list ap;
-	int res;
-	struct bprintf_data b;
-
-	/* XXX: only works with buffered writes */
-	if ((fb->flags & (B_WRERR | B_EOUT | B_WR)) != B_WR)
-		return -1;
-	b.vbuff.curpos = (char *)&fb->outbase[fb->outcnt];
-	b.vbuff.endpos = (char *)&fb->outbase[fb->bufsiz];
-	b.fb = fb;
-	va_start(ap, fmt);
-	res = ap_vformatter(bprintf_flush, &b.vbuff, fmt, ap);
-	va_end(ap);
-	if (res != -1)
-		fb->outcnt += b.vbuff.curpos - (char *)&fb->outbase[fb->outcnt];
-	return res;
-}
-
-API_EXPORT(int) 
-ap_vbprintf(BUFF *fb, const char *fmt, va_list ap)
-{
-	struct bprintf_data b;
-	int res;
-
-	/* XXX: only works with buffered writes */
-	if ((fb->flags & (B_WRERR | B_EOUT | B_WR)) != B_WR)
-		return -1;
-	b.vbuff.curpos = (char *)&fb->outbase[fb->outcnt];
-	b.vbuff.endpos = (char *)&fb->outbase[fb->bufsiz];
-	b.fb = fb;
-	res = ap_vformatter(bprintf_flush, &b.vbuff, fmt, ap);
-	if (res != -1)
-		fb->outcnt += b.vbuff.curpos - (char *)&fb->outbase[fb->outcnt];
-	return res;
-}
- 
diff --git a/usr.sbin/httpd/src/main/fdcache.c b/usr.sbin/httpd/src/main/fdcache.c
deleted file mode 100644
index 1ec95f97580..00000000000
--- a/usr.sbin/httpd/src/main/fdcache.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*	$OpenBSD: fdcache.c,v 1.11 2008/05/14 13:47:05 mbalmer Exp $ */
-
-/*
- * Copyright (c) 2002, 2003 Henning Brauer
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *    - Redistributions of source code must retain the above copyright
- *      notice, this list of conditions and the following disclaimer.
- *    - Redistributions in binary form must reproduce the above
- *      copyright notice, this list of conditions and the following
- *      disclaimer in the documentation and/or other materials provided
- *      with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
- * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-struct fdcache {
-	char		*fname;
-	int		 fd;
-	struct fdcache	*next;
-};
-
-struct fdcache	*fdc;
-
-int
-fdcache_open(char *fn, int flags, mode_t mode)
-{
-	struct fdcache *fdcp = NULL, *tmp = NULL;
-
-	for (fdcp = fdc; fdcp && strcmp(fn, fdcp->fname); fdcp = fdcp->next);
-		/* nothing */
-
-	if (fdcp == NULL) {
-		/* need to open */
-		if ((tmp = calloc(1, sizeof(struct fdcache))) == NULL)
-			err(1, "calloc");
-		if ((tmp->fname = strdup(fn)) == NULL)
-			err(1, "strdup");
-		if ((tmp->fd = open(fn, flags, mode)) < 0)
-			err(1, "Cannot open %s", tmp->fname);
-		tmp->next = fdc;
-		fdc = tmp;
-		return(fdc->fd);
-	} else
-		return(fdcp->fd);	/* fd cached */
-}
-
-void
-fdcache_closeall(void)
-{
-	struct fdcache *fdcp = NULL, *tmp = NULL;
-
-	for (fdcp = fdc; fdcp != NULL; ) {
-		tmp = fdcp;
-		fdcp = tmp->next;
-		if (tmp->fd > 0)
-			close(tmp->fd);
-		free(tmp->fname);
-		free(tmp);
-	}
-}
-
diff --git a/usr.sbin/httpd/src/main/gen_test_char.c b/usr.sbin/httpd/src/main/gen_test_char.c
deleted file mode 100644
index b28200d88b8..00000000000
--- a/usr.sbin/httpd/src/main/gen_test_char.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*	$OpenBSD: gen_test_char.c,v 1.6 2008/05/15 06:05:43 mbalmer Exp $ */
-
-/* we need some of the portability definitions... for strchr */
-#include "httpd.h"
-
-/* A bunch of functions in util.c scan strings looking for certain characters.
- * To make that more efficient we encode a lookup table.
- */
-#define T_ESCAPE_SHELL_CMD	(0x01)
-#define T_ESCAPE_PATH_SEGMENT	(0x02)
-#define T_OS_ESCAPE_PATH	(0x04)
-#define T_HTTP_TOKEN_STOP	(0x08)
-#define T_ESCAPE_LOGITEM	(0x10)
-
-int
-main(int argc, char *argv[])
-{
-	unsigned c;
-	unsigned char flags;
-
-	printf(
-	    "/* this file is automatically generated by gen_test_char, "
-	    "do not edit */\n"
-	    "#define T_ESCAPE_SHELL_CMD	0x%02x "
-	    "/* chars with special meaning in the shell */\n"
-	    "#define T_ESCAPE_PATH_SEGMENT	0x%02x "
-	    "/* find path segment, as defined in RFC1808 */\n"
-	    "#define T_OS_ESCAPE_PATH	0x%02x "
-	    "/* escape characters in a path or uri */\n"
-	    "#define T_HTTP_TOKEN_STOP	0x%02x "
-	    "/* find http tokens, as defined in RFC2616 */\n"
-	    "#define T_ESCAPE_LOGITEM	0x%02x "
-	    "/* filter what should go in the log file */\n"
-	    "\n",
-	    T_ESCAPE_SHELL_CMD,
-	    T_ESCAPE_PATH_SEGMENT,
-	    T_OS_ESCAPE_PATH,
-	    T_HTTP_TOKEN_STOP,
-	    T_ESCAPE_LOGITEM);
-
-	/* we explicitly dealt with NUL above
-	 * in case some strchr() do bogosity with it
-	  */
-
-	printf("static const unsigned char test_char_table[256] = {\n"
-	    "    0x00, ");    /* print initial item */
-
-	for (c = 1; c < 256; ++c) {
-		flags = 0;
-
-		/* escape_shell_cmd */
-		if (strchr("&;`'\"|*?~<>^()[]{}$\\\n", c))
-			flags |= T_ESCAPE_SHELL_CMD;
-
-		if (!ap_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c))
-			flags |= T_ESCAPE_PATH_SEGMENT;
-
-		if (!ap_isalnum(c) && !strchr("$-_.+!*'(),:@&=/~", c))
-			flags |= T_OS_ESCAPE_PATH;
-
-		/* these are the "tspecials" from RFC2068 */
-		if (ap_iscntrl(c) || strchr(" \t()<>@,;:\\/[]?={}", c))
-			flags |= T_HTTP_TOKEN_STOP;
-
-		/* For logging, escape all control characters, double quotes
-	         * (because they delimit the request in the log file)
-		 * backslashes (because we use backslash for escaping)
-		 * and 8-bit chars with the high bit set
-		 */
-		if (!ap_isprint(c) || c == '"' || c == '\\' || ap_iscntrl(c))
-			flags |= T_ESCAPE_LOGITEM;
-		printf("0x%02x%s", flags, (c < 255) ? ", " : "  ");
-
-		if ((c % 8) == 7)
-			printf(" /*0x%02x...0x%02x*/\n    ", c-7, c);
-	}
-	printf("\n};\n");
-
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/main/gen_uri_delims.c b/usr.sbin/httpd/src/main/gen_uri_delims.c
deleted file mode 100644
index 8d11e752048..00000000000
--- a/usr.sbin/httpd/src/main/gen_uri_delims.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/*	$OpenBSD: gen_uri_delims.c,v 1.3 2008/05/15 06:05:43 mbalmer Exp $ */
-
-#include 
-
-/* generate a table of 256 values, where certain characters are
- * marked "interesting"... for the uri parsing process.
- */
-
-int
-main(int argc, char *argv[])
-{
-	int i;
-	char *value;
-
-	printf("/* this file is automatically generated by "
-	    "gen_uri_delims, do not edit */\n");
-	printf("static const unsigned char uri_delims[256] = {");
-	for (i = 0; i < 256; ++i) {
-		if (i % 20 == 0)
-			printf("\n    ");
-		switch (i) {
-		case ':': 	value = "T_COLON";	break;
-		case '/': 	value = "T_SLASH";	break;
-		case '?': 	value = "T_QUESTION";	break;
-		case '#': 	value = "T_HASH";	break;
-		case '\0': 	value = "T_NUL";	break;
-		default:	value = "0";		break;
-		}
-		printf("%s%c", value, (i < 255) ? ',' : ' ');
-	}
-	printf("\n};\n");
-
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/main/http_config.c b/usr.sbin/httpd/src/main/http_config.c
deleted file mode 100644
index b9027cfc0a2..00000000000
--- a/usr.sbin/httpd/src/main/http_config.c
+++ /dev/null
@@ -1,1885 +0,0 @@
-/* $OpenBSD: http_config.c,v 1.21 2008/05/14 16:11:22 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_config.c: once was auxillary functions for reading httpd's config
- * file and converting filenames into a namespace
- *
- * Rob McCool 
- * 
- * Wall-to-wall rewrite for Apache... commands which are part of the
- * server core can now be found next door in "http_core.c".  Now contains
- * general command loop, and functions which do bookkeeping for the new
- * Apache config stuff (modules and configuration vectors).
- *
- * rst
- *
- */
-
-#define CORE_PRIVATE
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"		/* for errors in parse_htaccess */
-#include "http_main.h"
-#include "http_request.h"	/* for default_handler (see invoke_handler) */
-#include "http_conf_globals.h"	/* Sigh... */
-#include "http_vhost.h"
-#include "explain.h"
-#include "fnmatch.h"
-
-DEF_Explain
-
-/****************************************************************
- *
- * We begin with the functions which deal with the linked list
- * of modules which control just about all of the server operation.
- */
-
-/* total_modules is the number of modules that have been linked
- * into the server.
- */
-static int total_modules = 0;
-/* dynamic_modules is the number of modules that have been added
- * after the pre-loaded ones have been set up. It shouldn't be larger
- * than DYNAMIC_MODULE_LIMIT.
- */
-static int dynamic_modules = 0;
-API_VAR_EXPORT module *top_module = NULL;
-API_VAR_EXPORT module **ap_loaded_modules=NULL;
-
-typedef int (*handler_func) (request_rec *);
-typedef void *(*dir_maker_func) (pool *, char *);
-typedef void *(*merger_func) (pool *, void *, void *);
-
-/* Dealing with config vectors.  These are associated with per-directory,
- * per-server, and per-request configuration, and have a void* pointer for
- * each modules.  The nature of the structure pointed to is private to the
- * module in question... the core doesn't (and can't) know.  However, there
- * are defined interfaces which allow it to create instances of its private
- * per-directory and per-server structures, and to merge the per-directory
- * structures of a directory and its subdirectory (producing a new one in
- * which the defaults applying to the base directory have been properly
- * overridden).
- */
-
-#ifndef ap_get_module_config
-API_EXPORT(void *)
-ap_get_module_config(void *conf_vector, module *m)
-{
-	void **confv = (void **)conf_vector;
-	return confv[m->module_index];
-}
-#endif
-
-#ifndef ap_set_module_config
-API_EXPORT(void)
-ap_set_module_config(void *conf_vector, module *m, void *val)
-{
-	void **confv = (void **) conf_vector;
-	confv[m->module_index] = val;
-}
-#endif
-
-static void *
-create_empty_config(pool *p)
-{
-	void **conf_vector = (void **)ap_pcalloc(p, sizeof(void *) *
-	    (total_modules + DYNAMIC_MODULE_LIMIT));
-	return (void *)conf_vector;
-}
-
-static void *
-create_default_per_dir_config(pool *p)
-{
-	void **conf_vector = (void **)ap_pcalloc(p, sizeof(void *) * 
-	    (total_modules + DYNAMIC_MODULE_LIMIT));
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		dir_maker_func df = modp->create_dir_config;
-
-		if (df)
-			conf_vector[modp->module_index] = (*df) (p, NULL);
-	}
-
-	return (void *) conf_vector;
-}
-
-CORE_EXPORT(void *)
-ap_merge_per_dir_configs(pool *p, void *base, void *new)
-{
-	void **conf_vector = (void **)ap_palloc(p, sizeof(void *) * total_modules);
-	void **base_vector = (void **)base;
-	void **new_vector = (void **)new;
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		merger_func df = modp->merge_dir_config;
-		int i = modp->module_index;
-
-		if (df && new_vector[i])
-			conf_vector[i] = (*df) (p, base_vector[i],
-			    new_vector[i]);
-		else
-			conf_vector[i] = new_vector[i] ?
-			    new_vector[i] : base_vector[i];
-	}
-
-	return (void *) conf_vector;
-}
-
-static void *
-create_server_config(pool *p, server_rec *s)
-{
-	void **conf_vector = (void **)ap_pcalloc(p, sizeof(void *) *
-	    (total_modules + DYNAMIC_MODULE_LIMIT));
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		if (modp->create_server_config)
-			conf_vector[modp->module_index] =
-			    (*modp->create_server_config) (p, s);
-	}
-
-	return (void *)conf_vector;
-}
-
-static void
-merge_server_configs(pool *p, void *base, void *virt)
-{
-	/* Can reuse the 'virt' vector for the spine of it, since we don't
-	* have to deal with the moral equivalent of .htaccess files here...
-	*/
-
-	void **base_vector = (void **)base;
-	void **virt_vector = (void **)virt;
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		merger_func df = modp->merge_server_config;
-		int i = modp->module_index;
-
-		if (!virt_vector[i])
-			virt_vector[i] = base_vector[i];
-		else if (df)
-			virt_vector[i] = (*df)(p, base_vector[i],
-			    virt_vector[i]);
-	}
-}
-
-CORE_EXPORT(void *)
-ap_create_request_config(pool *p)
-{
-	return create_empty_config(p);
-}
-
-CORE_EXPORT(void *)
-ap_create_per_dir_config(pool *p)
-{
-	return create_empty_config(p);
-}
-
-#ifdef EXPLAIN
-
-struct {
-	int	 offset;
-	char	*method;
-} aMethods[] = {
-#define m(meth)	{ XtOffsetOf(module,meth),#meth }
-	m(translate_handler),
-	m(ap_check_user_id),
-	m(auth_checker),
-	m(type_checker),
-	m(fixer_upper),
-	m(logger),
-	{ -1, "?" },
-#undef m
-};
-
-char *
-ShowMethod(module *modp, int offset)
-{
-	int n;
-	static char buf[200];
-
-	for (n = 0; aMethods[n].offset >= 0; ++n)
-		if (aMethods[n].offset == offset)
-			break;
-	ap_snprintf(buf, sizeof(buf), "%s:%s", modp->name, aMethods[n].method);
-	return buf;
-}
-#else
-#define ShowMethod(modp,offset)
-#endif
-
-/****************************************************************
- *
- * Dispatch through the modules to find handlers for various phases
- * of request handling.  These are invoked by http_request.c to actually
- * do the dirty work of slogging through the module structures.
- */
-
-/*
- * Optimized run_method routines.  The observation here is that many modules
- * have NULL for most of the methods.  So we build optimized lists of
- * everything.  If you think about it, this is really just like a sparse array
- * implementation to avoid scanning the zero entries.
- */
-static const int method_offsets[] =
-{
-	XtOffsetOf(module, translate_handler),
-	XtOffsetOf(module, ap_check_user_id),
-	XtOffsetOf(module, auth_checker),
-	XtOffsetOf(module, access_checker),
-	XtOffsetOf(module, type_checker),
-	XtOffsetOf(module, fixer_upper),
-	XtOffsetOf(module, logger),
-	XtOffsetOf(module, header_parser),
-	XtOffsetOf(module, post_read_request)
-};
-#define NMETHODS	(sizeof (method_offsets)/sizeof (method_offsets[0]))
-
-static struct {
-	int translate_handler;
-	int ap_check_user_id;
-	int auth_checker;
-	int access_checker;
-	int type_checker;
-	int fixer_upper;
-	int logger;
-	int header_parser;
-	int post_read_request;
-} offsets_into_method_ptrs;
-
-/*
- * This is just one big array of method_ptrs.  It's constructed such that,
- * for example, method_ptrs[ offsets_into_method_ptrs.logger ] is the first
- * logger function.  You go one-by-one from there until you hit a NULL.
- * This structure was designed to hopefully maximize cache-coolness.
- */
-static handler_func *method_ptrs;
-
-void
-ap_cleanup_method_ptrs()
-{
-	if (method_ptrs)
-		free(method_ptrs);
-}
-
-/* routine to reconstruct all these shortcuts... called after every
- * add_module.
- * XXX: this breaks if modules dink with their methods pointers
- */
-static void
-build_method_shortcuts(void)
-{
-	module *modp;
-	int how_many_ptrs;
-	int i;
-	int next_ptr;
-	handler_func fp;
-
-	if (method_ptrs)
-		/* free up any previous set of method_ptrs */
-		free(method_ptrs);
-
-	/* first we count how many functions we have */
-	how_many_ptrs = 0;
-	for (modp = top_module; modp; modp = modp->next) {
-		for (i = 0; i < NMETHODS; ++i) {
-			if (*(handler_func *)(method_offsets[i] + (char *)modp))
-				++how_many_ptrs;
-		}
-	}
-	method_ptrs = malloc((how_many_ptrs + NMETHODS) * sizeof(handler_func));
-	if (method_ptrs == NULL)
-		fprintf(stderr, "Ouch!  Out of memory in "
-		    "build_method_shortcuts()!\n");
-
-	next_ptr = 0;
-	for (i = 0; i < NMETHODS; ++i) {
-		/* XXX: This is an itsy bit presumptuous about the alignment
-		* constraints on offsets_into_method_ptrs.  I can't remember if
-		* ANSI says this has to be true... -djg */
-		((int *)&offsets_into_method_ptrs)[i] = next_ptr;
-		for (modp = top_module; modp; modp = modp->next) {
-			fp = *(handler_func *)(method_offsets[i] +
-			    (char *)modp);
-			if (fp)
-				method_ptrs[next_ptr++] = fp;
-		}
-		method_ptrs[next_ptr++] = NULL;
-	}
-}
-
-
-static int
-run_method(request_rec *r, int offset, int run_all)
-{
-	int i;
-
-	for (i = offset; method_ptrs[i]; ++i) {
-		handler_func mod_handler = method_ptrs[i];
-
-		if (mod_handler) {
-			int result;
-
-			result = (*mod_handler) (r);
-
-			if (result != DECLINED && (!run_all || result != OK))
-				return result;
-		}
-	}
-
-	return run_all ? OK : DECLINED;
-}
-
-API_EXPORT(int)
-ap_translate_name(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.translate_handler, 0);
-}
-
-API_EXPORT(int)
-ap_check_access(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.access_checker, 1);
-}
-
-API_EXPORT(int)
-ap_find_types(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.type_checker, 0);
-}
-
-API_EXPORT(int)
-ap_run_fixups(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.fixer_upper, 1);
-}
-
-API_EXPORT(int)
-ap_log_transaction(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.logger, 1);
-}
-
-API_EXPORT(int)
-ap_header_parse(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.header_parser, 1);
-}
-
-API_EXPORT(int)
-ap_run_post_read_request(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.post_read_request, 1);
-}
-
-/* Auth stuff --- anything that defines one of these will presumably
- * want to define something for the other.  Note that check_auth is
- * separate from check_access to make catching some config errors easier.
- */
-
-API_EXPORT(int)
-ap_check_user_id(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.ap_check_user_id, 0);
-}
-
-API_EXPORT(int)
-ap_check_auth(request_rec *r)
-{
-	return run_method(r, offsets_into_method_ptrs.auth_checker, 0);
-}
-
-/*
- * For speed/efficiency we generate a compact list of all the handlers
- * and wildcard handlers.  This means we won't have to scan the entire
- * module list looking for handlers... where we'll find a whole whack
- * of NULLs.
- */
-typedef struct {
-	handler_rec	hr;
-	size_t		len;
-} fast_handler_rec;
-
-static fast_handler_rec *handlers;
-static fast_handler_rec *wildhandlers;
-
-static void
-init_handlers(pool *p)
-{
-	module *modp;
-	int nhandlers = 0;
-	int nwildhandlers = 0;
-	const handler_rec *handp;
-	fast_handler_rec *ph, *pw;
-	char *starp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		if (!modp->handlers)
-			continue;
-		for (handp = modp->handlers; handp->content_type; ++handp) {
-			if (strchr(handp->content_type, '*'))
-				nwildhandlers ++;
-			else
-				nhandlers ++;
-		}
-	}
-	ph = handlers = ap_palloc(p, sizeof(*ph) * (nhandlers + 1));
-	pw = wildhandlers = ap_palloc(p, sizeof(*pw) * (nwildhandlers + 1));
-	for (modp = top_module; modp; modp = modp->next) {
-		if (!modp->handlers)
-			continue;
-		for (handp = modp->handlers; handp->content_type; ++handp) {
-			if ((starp = strchr(handp->content_type, '*'))) {
-				pw->hr.content_type = handp->content_type;
-				pw->hr.handler = handp->handler;
-				pw->len = starp - handp->content_type;
-				pw ++;
-			} else {
-				ph->hr.content_type = handp->content_type;
-				ph->hr.handler = handp->handler;
-				ph->len = strlen(handp->content_type);
-				ph ++;
-			}
-		}
-	}
-	pw->hr.content_type = NULL;
-	pw->hr.handler = NULL;
-	ph->hr.content_type = NULL;
-	ph->hr.handler = NULL;
-}
-
-API_EXPORT(int)
-ap_invoke_handler(request_rec *r)
-{
-	fast_handler_rec *handp;
-	const char *handler;
-	char *p;
-	size_t handler_len;
-	int result = HTTP_INTERNAL_SERVER_ERROR;
-
-	if (r->handler) {
-		handler = r->handler;
-		handler_len = strlen(handler);
-	} else {
-		handler = r->content_type ?
-		    r->content_type : ap_default_type(r);
-		if ((p = strchr(handler, ';')) != NULL) {
-			/* MIME type arguments */
-			while (p > handler && p[-1] == ' ')
-				--p;		/* strip trailing spaces */
-			handler_len = p - handler;
-		} else
-			handler_len = strlen(handler);
-	}
-
-	/* Pass one --- direct matches */
-	for (handp = handlers; handp->hr.content_type; ++handp) {
-		if (handler_len == handp->len
-		    && !strncmp(handler, handp->hr.content_type, handler_len)) {
-			result = (*handp->hr.handler) (r);
-
-			if (result != DECLINED)
-				return result;
-		}
-	}
-
-	/* Pass two --- wildcard matches */
-	for (handp = wildhandlers; handp->hr.content_type; ++handp) {
-		if (handler_len >= handp->len
-		    && !strncmp(handler, handp->hr.content_type, handp->len)) {
-			result = (*handp->hr.handler) (r);
-
-			if (result != DECLINED)
-				return result;
-		}
-	}
-
-	if (result == HTTP_INTERNAL_SERVER_ERROR && r->handler && r->filename) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
-		    "handler \"%s\" not found for: %s", r->handler,
-		    r->filename);
-	}
-	return HTTP_INTERNAL_SERVER_ERROR;
-}
-
-/* One-time setup for precompiled modules --- NOT to be done on restart */
-
-API_EXPORT(void)
-ap_add_module(module *m)
-{
-	/* This could be called from an AddModule httpd.conf command,
-	* after the file has been linked and the module structure within it
-	* teased out...
-	*/
-
-	if (m->version != MODULE_MAGIC_NUMBER_MAJOR) {
-		fprintf(stderr, "%s: module \"%s\" is not compatible with this "
-		    "version of Apache.\n", ap_server_argv0, m->name);
-		fprintf(stderr, "Please contact the vendor for the correct "
-		    "version.\n");
-		exit(1);
-	}
-
-	if (m->next == NULL) {
-		m->next = top_module;
-		top_module = m;
-	}
-	if (m->module_index == -1) {
-		m->module_index = total_modules++;
-		dynamic_modules++;
-
-		if (dynamic_modules > DYNAMIC_MODULE_LIMIT) {
-			fprintf(stderr, "%s: module \"%s\" could not be "
-			    "loaded, because the dynamic\n", ap_server_argv0,
-			    m->name);
-			fprintf(stderr, "module limit was reached. Please "
-			    "increase DYNAMIC_MODULE_LIMIT and recompile.\n");
-			exit(1);
-		}
-	}
-
-	/* Some C compilers put a complete path into __FILE__, but we want
-	* only the filename (e.g. mod_includes.c). So check for path
-	* components (Unix and DOS), and remove them.
-	*/
-
-	if (strrchr(m->name, '/'))
-		m->name = 1 + strrchr(m->name, '/');
-	if (strrchr(m->name, '\\'))
-		m->name = 1 + strrchr(m->name, '\\');
-
-	/*
-	* Invoke the `add_module' hook inside the now existing set
-	* of modules to let them all now that this module was added.
-	*/
-	{
-		module *m2;
-		for (m2 = top_module; m2 != NULL; m2 = m2->next)
-			if (m2->magic == MODULE_MAGIC_COOKIE_EAPI)
-				if (m2->add_module != NULL)
-					(*m2->add_module)(m);
-	}
-}
-
-/* 
- * remove_module undoes what add_module did. There are some caveats:
- * when the module is removed, its slot is lost so all the current
- * per-dir and per-server configurations are invalid. So we should
- * only ever call this function when you are invalidating almost
- * all our current data. I.e. when doing a restart.
- */
-
-API_EXPORT(void)
-ap_remove_module(module *m)
-{
-	module *modp;
-
-	/*
-	* Invoke the `remove_module' hook inside the now existing
-	* set of modules to let them all now that this module is
-	* beeing removed.
-	*/
-	{
-		module *m2;
-		for (m2 = top_module; m2 != NULL; m2 = m2->next)
-			if (m2->magic == MODULE_MAGIC_COOKIE_EAPI)
-				if (m2->remove_module != NULL)
-					(*m2->remove_module)(m);
-	}
-
-	modp = top_module;
-	if (modp == m) {
-		/* We are the top module, special case */
-		top_module = modp->next;
-		m->next = NULL;
-	} else {
-		/* Not the top module, find use. When found modp will
-		* point to the module _before_ us in the list
-		*/
-
-		while (modp && modp->next != m)
-			modp = modp->next;
-
-		if (!modp) {
-			/* Uh-oh, this module doesn't exist */
-			ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, NULL,
-			    "Cannot remove module %s: not found in module list",
-			    m->name);
-			return;
-		}
-		/* Eliminate us from the module list */
-		modp->next = modp->next->next;
-	}
-
-	m->module_index = -1;	/* simulate being unloaded, should
-	 * be unnecessary */
-	dynamic_modules--;
-	total_modules--;
-}
-
-API_EXPORT(void)
-ap_add_loaded_module(module *mod)
-{
-	module **m;
-
-	/* 
-	*  Add module pointer to top of chained module list 
-	*/
-	ap_add_module(mod);
-
-	/* 
-	*  And module pointer to list of loaded modules 
-	*
-	*  Notes: 1. ap_add_module() would already complain if no more space
-	*            exists for adding a dynamically loaded module
-	*         2. ap_add_module() accepts double-inclusion, so we have
-	*            to accept this, too.
-	*/
-	for (m = ap_loaded_modules; *m != NULL; m++)
-		;
-	*m++ = mod;
-	*m = NULL;
-}
-
-API_EXPORT(void)
-ap_remove_loaded_module(module *mod)
-{
-	module **m;
-	module **m2;
-	int done;
-
-	/* 
-	*  Remove module pointer from chained module list 
-	*/
-	ap_remove_module(mod);
-
-	/* 
-	*  Remove module pointer from list of loaded modules
-	*
-	*  Note: 1. We cannot determine if the module was successfully
-	*           removed by ap_remove_module().
-	*        2. We have not to complain explicity when the module
-	*           is not found because ap_remove_module() did it
-	*           for us already.
-	*/
-	for (m = m2 = ap_loaded_modules, done = 0; *m2 != NULL; m2++) {
-		if (*m2 == mod && done == 0)
-			done = 1;
-		else
-			*m++ = *m2;
-	}
-	*m = NULL;
-}
-
-API_EXPORT(void)
-ap_setup_prelinked_modules(void)
-{
-	module **m;
-	module **m2;
-
-	/*
-	*  Initialise total_modules variable and module indices
-	*/
-	total_modules = 0;
-	for (m = ap_preloaded_modules; *m != NULL; m++)
-		(*m)->module_index = total_modules++;
-
-	/* 
-	*  Initialise list of loaded modules
-	*/
-	ap_loaded_modules = (module **)malloc(
-	sizeof(module *)*(total_modules+DYNAMIC_MODULE_LIMIT+1));
-	if (ap_loaded_modules == NULL) {
-		fprintf(stderr, "Ouch!  Out of memory in "
-		    "ap_setup_prelinked_modules()!\n");
-		exit(1);
-	}
-	for (m = ap_preloaded_modules, m2 = ap_loaded_modules; *m != NULL; )
-		*m2++ = *m++;
-	*m2 = NULL;
-
-	/*
-	*   Initialize chain of linked (=activate) modules
-	*/
-	for (m = ap_prelinked_modules; *m != NULL; m++)
-		ap_add_module(*m);
-}
-
-API_EXPORT(const char *)
-ap_find_module_name(module *m)
-{
-	return m->name;
-}
-
-API_EXPORT(module *)
-ap_find_linked_module(const char *name)
-{
-	module *modp;
-
-	for (modp = top_module; modp; modp = modp->next) {
-		if (strcmp(modp->name, name) == 0)
-			return modp;
-	}
-	return NULL;
-}
-
-/* Add a named module.  Returns 1 if module found, 0 otherwise.  */
-API_EXPORT(int)
-ap_add_named_module(const char *name)
-{
-	module *modp;
-	int i = 0;
-
-	for (modp = ap_loaded_modules[i]; modp; modp = ap_loaded_modules[++i]) {
-		if (strcmp(modp->name, name) == 0) {
-			/* Only add modules that are not already enabled.  */
-			if (modp->next == NULL)
-				ap_add_module(modp);
-			return 1;
-		}
-	}
-	return 0;
-}
-
-/* Clear the internal list of modules, in preparation for starting over. */
-API_EXPORT(void)
-ap_clear_module_list()
-{
-	module **m = &top_module;
-	module **next_m;
-
-	while (*m) {
-		next_m = &((*m)->next);
-		*m = NULL;
-		m = next_m;
-	}
-
-	/* This is required; so we add it always.  */
-	ap_add_named_module("http_core.c");
-}
-
-/*****************************************************************
- *
- * Resource, access, and .htaccess config files now parsed by a common
- * command loop.
- *
- * Let's begin with the basics; parsing the line and
- * invoking the function...
- */
-
-static const char *
-invoke_cmd(const command_rec *cmd, cmd_parms *parms, void *mconfig,
-    const char *args)
-{
-	char *w, *w2, *w3;
-	const char *errmsg;
-
-	if ((parms->override & cmd->req_override) == 0)
-		return ap_pstrcat(parms->pool, cmd->name, " not allowed here",
-		    NULL);
-
-	parms->info = cmd->cmd_data;
-	parms->cmd = cmd;
-
-	switch (cmd->args_how) {
-	case RAW_ARGS:
-		return ((const char *(*)(cmd_parms *, void *, const char *))
-		    (cmd->func))(parms, mconfig, args);
-
-	case NO_ARGS:
-		if (*args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes no arguments", NULL);
-
-		return ((const char *(*)(cmd_parms *, void *))
-		    (cmd->func))(parms, mconfig);
-
-	case TAKE1:
-		w = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes one argument", cmd->errmsg ? ", " : NULL,
-			    cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *))
-		    (cmd->func))(parms, mconfig, w);
-
-	case TAKE2:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *w2 == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes two arguments", cmd->errmsg ? ", " : NULL,
-			    cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *))(cmd->func))(parms, mconfig, w, w2);
-
-	case TAKE12:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes 1-2 arguments", cmd->errmsg ? ", " : NULL,
-			    cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *))(cmd->func))(parms, mconfig, w,
-		    *w2 ? w2 : NULL);
-
-	case TAKE3:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = ap_getword_conf(parms->pool, &args);
-		w3 = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *w2 == '\0' || *w3 == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes three arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *, const char *))(cmd->func))(parms, mconfig,
-		    w, w2, w3);
-
-	case TAKE23:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = ap_getword_conf(parms->pool, &args);
-		w3 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-
-		if (*w == '\0' || *w2 == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes two or three arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *, const char *)) (cmd->func)) (parms,
-		    mconfig, w, w2, w3);
-
-	case TAKE123:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-		w3 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-
-		if (*w == '\0' || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes one, two or three arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *, const char *))(cmd->func))(parms, mconfig,
-		    w, w2, w3);
-
-	case TAKE13:
-		w = ap_getword_conf(parms->pool, &args);
-		w2 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-		w3 = *args ? ap_getword_conf(parms->pool, &args) : NULL;
-
-		if (*w == '\0' || (w2 && *w2 && !w3) || *args != 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " takes one or three arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, const char *,
-		    const char *, const char *))(cmd->func))(parms,
-		    mconfig, w, w2, w3);
-
-	case ITERATE:
-		while (*(w = ap_getword_conf(parms->pool, &args)) != '\0')
-			if ((errmsg = ((const char *(*)(cmd_parms *, void *,
-			    const char *))(cmd->func))(parms, mconfig, w)))
-				return errmsg;
-
-		return NULL;
-
-	case ITERATE2:
-		w = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || *args == 0)
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " requires at least two arguments",
-			    cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL);
-
-
-		while (*(w2 = ap_getword_conf(parms->pool, &args)) != '\0')
-			if   ((errmsg = ((const char *(*)(cmd_parms *, void *,
-			    const char *, const char *)) (cmd->func)) (parms,
-			    mconfig, w, w2)))
-				return errmsg;
-
-		return NULL;
-
-	case FLAG:
-		w = ap_getword_conf(parms->pool, &args);
-
-		if (*w == '\0' || (strcasecmp(w, "on") && strcasecmp(w, "off")))
-			return ap_pstrcat(parms->pool, cmd->name,
-			    " must be On or Off", NULL);
-
-		return ((const char *(*)(cmd_parms *, void *, int))
-		    (cmd->func))(parms, mconfig, strcasecmp(w, "off") != 0);
-
-	default:
-		return ap_pstrcat(parms->pool, cmd->name,
-		    " is improperly configured internally (server bug)", NULL);
-	}
-}
-
-CORE_EXPORT(const command_rec *)
-ap_find_command(const char *name, const command_rec *cmds)
-{
-	while (cmds->name)
-		if (!strcasecmp(name, cmds->name))
-			return cmds;
-		else
-			++cmds;
-
-	return NULL;
-}
-
-CORE_EXPORT(const command_rec *)
-ap_find_command_in_modules(const char *cmd_name, module **mod)
-{
-	const command_rec *cmdp;
-	module *modp;
-
-	for (modp = *mod; modp; modp = modp->next)
-		if (modp->cmds &&
-		    (cmdp = ap_find_command(cmd_name, modp->cmds))) {
-			*mod = modp;
-			return cmdp;
-		}
-
-	return NULL;
-}
-
-CORE_EXPORT(void *)
-ap_set_config_vectors(cmd_parms *parms, void *config, module *mod)
-{
-	void *mconfig = ap_get_module_config(config, mod);
-	void *sconfig = ap_get_module_config(parms->server->module_config, mod);
-
-	if (!mconfig && mod->create_dir_config) {
-		mconfig = (*mod->create_dir_config)(parms->pool, parms->path);
-		ap_set_module_config(config, mod, mconfig);
-	}
-
-	if (!sconfig && mod->create_server_config) {
-		sconfig = (*mod->create_server_config)(parms->pool,
-		    parms->server);
-		ap_set_module_config(parms->server->module_config, mod,
-		    sconfig);
-	}
-	return mconfig;
-}
-
-CORE_EXPORT(const char *)
-ap_handle_command(cmd_parms *parms, void *config, const char *l)
-{
-	void *oldconfig;
-	const char *args, *cmd_name, *retval;
-	const command_rec *cmd;
-	module *mod = top_module;
-
-	/*
-	* Invoke the `rewrite_command' of modules to allow
-	* they to rewrite the directive line before we
-	* process it.
-	*/
-	{
-		module *m;
-		char *cp;
-		for (m = top_module; m != NULL; m = m->next) {
-			if (m->magic == MODULE_MAGIC_COOKIE_EAPI) {
-				if (m->rewrite_command != NULL) {
-					cp = (m->rewrite_command)(parms,
-					    config, l);
-					if (cp != NULL)
-						l = cp;
-				}
-			}
-		}
-	}
-
-	if ((l[0] == '#') || (!l[0]))
-		return NULL;
-
-	args = l;
-	cmd_name = ap_getword_conf(parms->temp_pool, &args);
-	if (*cmd_name == '\0')
-		return NULL;
-
-	oldconfig = parms->context;
-	parms->context = config;
-	do {
-		if (!(cmd = ap_find_command_in_modules(cmd_name, &mod))) {
-			errno = EINVAL;
-			return ap_pstrcat(parms->pool, "Invalid command '",
-			    cmd_name, "', perhaps mis-spelled or defined by "
-			    "a module not included in the server configuration",
-			    NULL);
-		} else {
-			void *mconfig = ap_set_config_vectors(parms,config,
-			    mod);
-
-			retval = invoke_cmd(cmd, parms, mconfig, args);
-			mod = mod->next;	/* Next time around, 
-						 * skip this one
-						 */
-		}
-	} while (retval && !strcmp(retval, DECLINE_CMD));
-	parms->context = oldconfig;
-
-	return retval;
-}
-
-API_EXPORT(const char *)
-ap_srm_command_loop(cmd_parms *parms, void *config)
-{
-	char l[MAX_STRING_LEN];
-
-	while (!(ap_cfg_getline(l, MAX_STRING_LEN, parms->config_file))) {
-		const char *errmsg = ap_handle_command(parms, config, l);
-		if (errmsg)
-			return errmsg;
-	}
-
-	return NULL;
-}
-
-/*
- * Generic command functions...
- */
-
-API_EXPORT_NONSTD(const char *)
-ap_set_string_slot(cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-	/* This one's pretty generic... */
-
-	int offset = (int)(long)cmd->info;
-	*(char **)(struct_ptr + offset) = arg;
-	return NULL;
-}
-
-API_EXPORT_NONSTD(const char *)
-ap_set_string_slot_lower(cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-	/* This one's pretty generic... */
-
-	int offset = (int)(long)cmd->info;
-	ap_str_tolower(arg);
-	*(char **)(struct_ptr + offset) = arg;
-	return NULL;
-}
-
-API_EXPORT_NONSTD(const char *)
-ap_set_flag_slot(cmd_parms *cmd, char *struct_ptr, int arg)
-{
-	/* This one's pretty generic too... */
-
-	int offset = (int)(long)cmd->info;
-	*(int *)(struct_ptr + offset) = arg ? 1 : 0;
-	return NULL;
-}
-
-API_EXPORT_NONSTD(const char *)
-ap_set_file_slot(cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-	/* Prepend server_root to relative arg.
-	This allows .htaccess to be independent of server_root,
-	so the server can be moved or mirrored with less pain.  */
-	char *p;
-	int offset = (int)(long)cmd->info;
-	arg = ap_os_canonical_filename(cmd->pool, arg);
-	if (ap_os_is_path_absolute(arg))
-		p = arg;
-	else
-		p = ap_make_full_path(cmd->pool, ap_server_root, arg);
-	*(char **)(struct_ptr + offset) = p;
-	return NULL;
-}
-
-/*****************************************************************
- *
- * Reading whole config files...
- */
-
-static cmd_parms default_parms =
-    {NULL, 0, -1, NULL, NULL, NULL, NULL, NULL, NULL, NULL};
-
-API_EXPORT(char *)
-ap_server_root_relative(pool *p, char *file)
-{
-	file = ap_os_canonical_filename(p, file);
-	if(ap_os_is_path_absolute(file))
-		return file;
-	return ap_make_full_path(p, ap_server_root, file);
-}
-
-
-/* This structure and the following functions are needed for the
- * table-based config file reading. They are passed to the
- * cfg_open_custom() routine.
- */
-
-/* Structure to be passed to cfg_open_custom(): it contains an
- * index which is incremented from 0 to nelts on each call to
- * cfg_getline() (which in turn calls arr_elts_getstr())
- * and an array_header pointer for the string array.
- */
-typedef struct {
-	array_header	*array;
-	int		 curr_idx;
-} arr_elts_param_t;
-
-
-/* arr_elts_getstr() returns the next line from the string array. */
-static void *
-arr_elts_getstr(void *buf, size_t bufsiz, void *param)
-{
-	arr_elts_param_t *arr_param = (arr_elts_param_t *) param;
-
-	/* End of array reached? */
-	if (++arr_param->curr_idx > arr_param->array->nelts)
-		return NULL;
-
-	/* return the line */
-	ap_cpystrn(buf,
-	    ((char **)arr_param->array->elts)[arr_param->curr_idx - 1], bufsiz);
-
-	return buf;
-}
-
-
-/* arr_elts_close(): dummy close routine (makes sure no more lines can be read) */
-static int
-arr_elts_close(void *param)
-{
-	arr_elts_param_t *arr_param = (arr_elts_param_t *)param;
-	arr_param->curr_idx = arr_param->array->nelts;
-	return 0;
-}
-
-static void
-process_command_config(server_rec *s, array_header *arr, pool *p, pool *ptemp)
-{
-	const char *errmsg;
-	cmd_parms parms;
-	arr_elts_param_t arr_parms;
-
-	arr_parms.curr_idx = 0;
-	arr_parms.array = arr;
-
-	parms = default_parms;
-	parms.pool = p;
-	parms.temp_pool = ptemp;
-	parms.server = s;
-	parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
-	parms.config_file = ap_pcfg_open_custom(p, "-c/-C directives",
-	    &arr_parms, NULL, arr_elts_getstr, arr_elts_close);
-
-	errmsg = ap_srm_command_loop(&parms, s->lookup_defaults);
-
-	if (errmsg) {
-		fprintf(stderr, "Syntax error in -C/-c directive:\n%s\n",
-		    errmsg);
-		exit(1);
-	}
-
-	ap_cfg_closefile(parms.config_file);
-}
-
-typedef struct {
-	char *fname;
-} fnames;
-
-static int
-fname_alphasort(const void *fn1, const void *fn2)
-{
-	const fnames *f1 = fn1;
-	const fnames *f2 = fn2;
-
-	return strcmp(f1->fname,f2->fname);
-}
-
-CORE_EXPORT(void)
-ap_process_resource_config(server_rec *s, char *fname, pool *p, pool *ptemp)
-{
-	const char *errmsg;
-	cmd_parms parms;
-	struct stat finfo;
-	int ispatt;
-	fname = ap_server_root_relative(p, fname);
-
-	if (!(strcmp(fname, ap_server_root_relative(p, RESOURCE_CONFIG_FILE)))
-	    || !(strcmp(fname, ap_server_root_relative(p, ACCESS_CONFIG_FILE))))
-		if (stat(fname, &finfo) == -1)
-			return;
-
-	/* if we are already chrooted here, it's a restart. strip chroot
-	 * then. */
-	ap_server_strip_chroot(fname, 0);
-
-	/* don't require conf/httpd.conf if we have a -C or -c switch */
-	if((ap_server_pre_read_config->nelts
-	    || ap_server_post_read_config->nelts)
-	    && !(strcmp(fname, ap_server_root_relative(p, SERVER_CONFIG_FILE))))
-		if (stat(fname, &finfo) == -1)
-			return;
-
-	/* 
-	* here we want to check if the candidate file is really a
-	* directory, and most definitely NOT a symlink (to prevent
-	* horrible loops).  If so, let's recurse and toss it back into
-	* the function.
-	*/
-	ispatt = ap_is_fnmatch(fname);
-	if (ispatt || ap_is_rdirectory(fname)) {
-		DIR *dirp;
-		struct DIR_TYPE *dir_entry;
-		int current;
-		array_header *candidates = NULL;
-		fnames *fnew;
-		char *path = ap_pstrdup(p,fname);
-		char *pattern = NULL;
-
-		if(ispatt && (pattern = strrchr(path, '/')) != NULL) {
-			*pattern++ = '\0';
-			if (ap_is_fnmatch(path)) {
-				fprintf(stderr, "%s: wildcard patterns not "
-				    "allowed in Include %s\n", ap_server_argv0,
-				    fname);
-				exit(1);
-			}
-
-			if (!ap_is_rdirectory(path)){ 
-				fprintf(stderr, "%s: Include directory '%s' "
-				    "not found", ap_server_argv0, path);
-				exit(1);
-			}
-			if (!ap_is_fnmatch(pattern)) {
-				fprintf(stderr, "%s: must include a wildcard "
-				    "pattern for Include %s\n", ap_server_argv0,
-				    fname);
-				exit(1);
-			}
-		}
-
-
-		/*
-		* first course of business is to grok all the directory
-		* entries here and store 'em away. Recall we need full
-		* pathnames for this.
-		*/
-		if (ap_configtestonly)
-			fprintf(stdout, "Processing config directory: %s\n",
-			    fname);
-		dirp = ap_popendir(p, path);
-		if (dirp == NULL) {
-			perror("fopen");
-			fprintf(stderr, "%s: could not open config directory "
-			    "%s\n", ap_server_argv0, path);
-			exit(1);
-		}
-		candidates = ap_make_array(p, 1, sizeof(fnames));
-		while ((dir_entry = readdir(dirp)) != NULL) {
-			/* strip out '.' and '..' */
-			if (strcmp(dir_entry->d_name, ".") &&
-			strcmp(dir_entry->d_name, "..") &&
-			(!ispatt ||
-			!ap_fnmatch(pattern,dir_entry->d_name, FNM_PERIOD))) {
-				fnew = (fnames *) ap_push_array(candidates);
-				fnew->fname = ap_make_full_path(p, path,
-				    dir_entry->d_name);
-			}
-		}
-		ap_pclosedir(p, dirp);
-		if (candidates->nelts != 0) {
-			qsort((void *)candidates->elts, candidates->nelts,
-			    sizeof(fnames), fname_alphasort);
-			/*
-			* Now recurse these... we handle errors and
-			* subdirectories via the recursion, which is nice
-			*/
-			for (current = 0; current < candidates->nelts;
-			    ++current) {
-				fnew = &((fnames *) candidates->elts)[current];
-				if (ap_configtestonly)
-					fprintf(stdout, " Processing config "
-					    "file: %s\n", fnew->fname);
-				ap_process_resource_config(s, fnew->fname, p,
-				    ptemp);
-			}
-		}
-		return;
-	}
-    
-	/* GCC's initialization extensions are soooo nice here... */
-
-	parms = default_parms;
-	parms.pool = p;
-	parms.temp_pool = ptemp;
-	parms.server = s;
-	parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
-
-	if (!(parms.config_file = ap_pcfg_openfile(p,fname))) {
-		perror("fopen");
-		fprintf(stderr, "%s: could not open document config file %s\n",
-		    ap_server_argv0, fname);
-		exit(1);
-	}
-
-	errmsg = ap_srm_command_loop(&parms, s->lookup_defaults);
-
-	if (errmsg) {
-		fprintf(stderr, "Syntax error on line %d of %s:\n",
-		    parms.config_file->line_number, parms.config_file->name);
-		fprintf(stderr, "%s\n", errmsg);
-		exit(1);
-	}
-
-	ap_cfg_closefile(parms.config_file);
-}
-
-CORE_EXPORT(int)
-ap_parse_htaccess(void **result, request_rec *r, int override, const char *d,
-const char *access_name)
-	{
-	configfile_t *f = NULL;
-	cmd_parms parms;
-	const char *errmsg;
-	char *filename = NULL;
-	const struct htaccess_result *cache;
-	struct htaccess_result *new;
-	void *dc = NULL;
-
-	/* firstly, search cache */
-	for (cache = r->htaccess; cache != NULL; cache = cache->next)
-		if (cache->override == override && strcmp(cache->dir, d) == 0) {
-			if (cache->htaccess != NULL)
-				*result = cache->htaccess;
-			return OK;
-		}
-
-	parms = default_parms;
-	parms.override = override;
-	parms.pool = r->pool;
-	parms.temp_pool = r->pool;
-	parms.server = r->server;
-	parms.path = ap_pstrdup(r->pool, d);
-
-	/* loop through the access names and find the first one */
-
-	while (access_name[0]) {
-		filename = ap_make_full_path(r->pool, d,
-		    ap_getword_conf(r->pool, &access_name));
-
-		if ((f = ap_pcfg_openfile(r->pool, filename)) != NULL) {
-
-			dc = ap_create_per_dir_config(r->pool);
-
-			parms.config_file = f;
-
-			errmsg = ap_srm_command_loop(&parms, dc);
-
-			ap_cfg_closefile(f);
-
-			if (errmsg) {
-				ap_log_rerror(APLOG_MARK,
-				    APLOG_ALERT|APLOG_NOERRNO, r,
-				    "%s: %s", filename, errmsg);
-				return HTTP_INTERNAL_SERVER_ERROR;
-			}
-			*result = dc;
-			break;
-		} else if (errno != ENOENT && errno != ENOTDIR) {
-			ap_log_rerror(APLOG_MARK, APLOG_CRIT, r,
-			    "%s pcfg_openfile: unable to check htaccess file, "
-			    "ensure it is readable",
-			    filename);
-			ap_table_setn(r->notes, "error-notes",
-			    "Server unable to read htaccess file, denying "
-			    "access to be safe");
-			return HTTP_FORBIDDEN;
-		}
-	}
-
-	/* cache it */
-	new = ap_palloc(r->pool, sizeof(struct htaccess_result));
-	new->dir = parms.path;
-	new->override = override;
-	new->htaccess = dc;
-	/* add to head of list */
-	new->next = r->htaccess;
-	r->htaccess = new;
-
-	return OK;
-}
-
-
-CORE_EXPORT(const char *)
-ap_init_virtual_host(pool *p, const char *hostname, server_rec *main_server,
-    server_rec **ps)
-{
-	server_rec *s = (server_rec *) ap_pcalloc(p, sizeof(server_rec));
-
-	struct rlimit limits;
-
-	getrlimit(RLIMIT_NOFILE, &limits);
-	if (limits.rlim_cur < limits.rlim_max) {
-		limits.rlim_cur += 2;
-		if (setrlimit(RLIMIT_NOFILE, &limits) < 0) {
-			perror("setrlimit(RLIMIT_NOFILE)");
-			fprintf(stderr, "Cannot exceed hard limit for open "
-			    "files");
-		}
-	}
-
-	s->server_admin = NULL;
-	s->server_hostname = NULL;
-	s->error_fname = NULL;
-	s->srm_confname = NULL;
-	s->access_confname = NULL;
-	s->timeout = 0;
-	s->keep_alive_timeout = 0;
-	s->keep_alive = -1;
-	s->keep_alive_max = -1;
-	s->error_log = main_server->error_log;
-	s->loglevel = main_server->loglevel;
-	/* useful default, otherwise we get a port of 0 on redirects */
-	s->port = main_server->port;
-	s->next = NULL;
-
-	s->is_virtual = 1;
-	s->names = ap_make_array(p, 4, sizeof(char **));
-	s->wild_names = ap_make_array(p, 4, sizeof(char **));
-
-	s->module_config = create_empty_config(p);
-	s->lookup_defaults = ap_create_per_dir_config(p);
-
-	s->server_uid = ap_user_id;
-	s->server_gid = ap_group_id;
-
-	s->limit_req_line = main_server->limit_req_line;
-	s->limit_req_fieldsize = main_server->limit_req_fieldsize;
-	s->limit_req_fields = main_server->limit_req_fields;
-
-	s->ctx = ap_ctx_new(p);
-
-	*ps = s;
-
-	return ap_parse_vhost_addrs(p, hostname, s);
-}
-
-
-static void
-fixup_virtual_hosts(pool *p, server_rec *main_server)
-{
-	server_rec *virt;
-
-	for (virt = main_server->next; virt; virt = virt->next) {
-		merge_server_configs(p, main_server->module_config,
-		    virt->module_config);
-
-		virt->lookup_defaults =
-		    ap_merge_per_dir_configs(p, main_server->lookup_defaults,
-		    virt->lookup_defaults);
-
-		if (virt->server_admin == NULL)
-			virt->server_admin = main_server->server_admin;
-
-		if (virt->srm_confname == NULL)
-			virt->srm_confname = main_server->srm_confname;
-
-		if (virt->access_confname == NULL)
-			virt->access_confname = main_server->access_confname;
-
-		if (virt->timeout == 0)
-			virt->timeout = main_server->timeout;
-
-		if (virt->keep_alive_timeout == 0)
-			virt->keep_alive_timeout =
-			    main_server->keep_alive_timeout;
-
-		if (virt->keep_alive == -1)
-			virt->keep_alive = main_server->keep_alive;
-
-		if (virt->keep_alive_max == -1)
-			virt->keep_alive_max = main_server->keep_alive_max;
-
-		if (virt->send_buffer_size == 0)
-			virt->send_buffer_size = main_server->send_buffer_size;
-
-		/* XXX: this is really something that should be dealt with
-		 * by a post-config api phase */
-		ap_core_reorder_directories(p, virt);
-	}
-	ap_core_reorder_directories(p, main_server);
-}
-
-/*****************************************************************
- *
- * Getting *everything* configured... 
- */
-
-static void
-init_config_globals(pool *p)
-{
-	/* ServerRoot, server_confname set in httpd.c */
-
-	ap_standalone = 1;
-	ap_user_name = DEFAULT_USER;
-	if (!ap_server_is_chrooted()) { 
-		/* can't work, just keep old setting */
-		ap_user_id = ap_uname2id(DEFAULT_USER);
-		ap_group_id = ap_gname2id(DEFAULT_GROUP);
-	}
-	ap_daemons_to_start = DEFAULT_START_DAEMON;
-	ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON;
-	ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON;
-	ap_daemons_limit = HARD_SERVER_LIMIT;
-	ap_pid_fname = DEFAULT_PIDLOG;
-	ap_scoreboard_fname = DEFAULT_SCOREBOARD;
-	ap_lock_fname = DEFAULT_LOCKFILE;
-	ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD;
-	ap_max_cpu_per_child = DEFAULT_MAX_CPU_PER_CHILD;
-	ap_max_data_per_child = DEFAULT_MAX_DATA_PER_CHILD;
-	ap_max_nofile_per_child = DEFAULT_MAX_NOFILE_PER_CHILD;
-	ap_max_rss_per_child = DEFAULT_MAX_RSS_PER_CHILD;
-	ap_max_stack_per_child = DEFAULT_MAX_STACK_PER_CHILD;
-	ap_listeners = NULL;
-	ap_listenbacklog = DEFAULT_LISTENBACKLOG;
-	ap_extended_status = 0;
-
-	/* Global virtual host hash bucket pointers.  Init to null. */
-	ap_init_vhost_config(p);
-
-	ap_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir));
-}
-
-static server_rec *init_server_config(pool *p)
-{
-	server_rec *s = (server_rec *)ap_pcalloc(p, sizeof(server_rec));
-
-	s->port = 0;
-	s->server_admin = DEFAULT_ADMIN;
-	s->server_hostname = NULL;
-	s->error_fname = DEFAULT_ERRORLOG;
-	s->error_log = stderr;
-	s->loglevel = DEFAULT_LOGLEVEL;
-	s->srm_confname = RESOURCE_CONFIG_FILE;
-	s->access_confname = ACCESS_CONFIG_FILE;
-	s->limit_req_line = DEFAULT_LIMIT_REQUEST_LINE;
-	s->limit_req_fieldsize = DEFAULT_LIMIT_REQUEST_FIELDSIZE;
-	s->limit_req_fields = DEFAULT_LIMIT_REQUEST_FIELDS;
-	s->timeout = DEFAULT_TIMEOUT;
-	s->keep_alive_timeout = DEFAULT_KEEPALIVE_TIMEOUT;
-	s->keep_alive_max = DEFAULT_KEEPALIVE;
-	s->keep_alive = 1;
-	s->next = NULL;
-	s->addrs = ap_pcalloc(p, sizeof(server_addr_rec));
-	/* NOT virtual host; don't match any real network interface */
-	memset(&s->addrs->host_addr, 0, sizeof(s->addrs->host_addr));
-#if 0
-	s->addrs->host_addr.ss_family = ap_default_family;
-	/* XXX: needed?, XXX: PF_xxx can be different from AF_xxx */
-#endif
-#ifdef HAVE_SOCKADDR_LEN
-	s->addrs->host_addr.ss_len = sizeof(s->addrs->host_addr); 
-	/* XXX: needed ? */
-#endif
-	s->addrs->host_port = 0;	/* matches any port */
-	s->addrs->virthost = "";	/* must be non-NULL */
-	s->names = s->wild_names = NULL;
-
-	s->module_config = create_server_config(p, s);
-	s->lookup_defaults = create_default_per_dir_config(p);
-
-	s->ctx = ap_ctx_new(p);
-
-	return s;
-}
-
-
-static void
-default_listeners(pool *p, server_rec *s)
-{
-	listen_rec *new;
-	struct addrinfo hints, *res0, *res;
-	int gai;
-	char servbuf[NI_MAXSERV];
-
-	if (ap_listeners != NULL)
-		return;
-
-	ap_snprintf(servbuf, sizeof(servbuf), "%d", s->port ?
-	    s->port : DEFAULT_HTTP_PORT);
-	memset (&hints, 0, sizeof(hints));
-	hints.ai_family = ap_default_family;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_flags = AI_PASSIVE;
-	gai = getaddrinfo(NULL, servbuf, &hints, &res0);
-	if (gai){
-		fprintf(stderr, "default_listeners(): getaddrinfo(PASSIVE) "
-		    "for family %u: %s\n", ap_default_family,
-		    gai_strerror(gai));
-		exit (1);
-	}
-	/* allocate a default listener */
-	new = ap_pcalloc(p, sizeof(listen_rec));
-	memcpy(&new->local_addr, res0->ai_addr, res0->ai_addrlen);
-	new->fd = -1;
-	new->used = 0;
-	new->next = NULL;
-	ap_listeners = new;
-
-	freeaddrinfo(res0);
-}
-
-
-API_EXPORT(server_rec *)
-ap_read_config(pool *p, pool *ptemp, char *confname)
-{
-	server_rec *s = init_server_config(p);
-
-	init_config_globals(p);
-
-	/* All server-wide config files now have the SAME syntax... */
-
-	process_command_config(s, ap_server_pre_read_config, p, ptemp);
-
-	ap_process_resource_config(s, confname, p, ptemp);
-	ap_process_resource_config(s, s->srm_confname, p, ptemp);
-	ap_process_resource_config(s, s->access_confname, p, ptemp);
-
-	process_command_config(s, ap_server_post_read_config, p, ptemp);
-
-	fixup_virtual_hosts(p, s);
-	default_listeners(p, s);
-	ap_fini_vhost_config(p, s);
-
-	return s;
-}
-
-API_EXPORT(void)
-ap_single_module_configure(pool *p, server_rec *s, module *m)
-{
-	if (m->create_server_config)
-		ap_set_module_config(s->module_config, m,
-		    (*m->create_server_config)(p, s));
-	if (m->create_dir_config)
-		ap_set_module_config(s->lookup_defaults, m,
-		    (*m->create_dir_config)(p, NULL));
-}
-
-API_EXPORT(void)
-ap_init_modules(pool *p, server_rec *s)
-{
-	module *m;
-
-	for (m = top_module; m; m = m->next)
-		if (m->init)
-			(*m->init) (s, p);
-	build_method_shortcuts();
-	init_handlers(p);
-}
-
-API_EXPORT(void)
-ap_child_init_modules(pool *p, server_rec *s)
-{
-	module *m;
-
-	for (m = top_module; m; m = m->next)
-		if (m->child_init)
-			(*m->child_init) (s, p);
-}
-
-API_EXPORT(void)
-ap_child_exit_modules(pool *p, server_rec *s)
-{
-	module *m;
-
-	signal(SIGHUP, SIG_IGN);
-	signal(SIGUSR1, SIG_IGN);
-
-	for (m = top_module; m; m = m->next)
-		if (m->child_exit)
-			(*m->child_exit) (s, p);
-
-}
-
-/********************************************************************
- * Configuration directives are restricted in terms of where they may
- * appear in the main configuration files and/or .htaccess files according
- * to the bitmask req_override in the command_rec structure.
- * If any of the overrides set in req_override are also allowed in the
- * context in which the command is read, then the command is allowed.
- * The context is determined as follows:
- *
- *    inside *.conf --> override = (RSRC_CONF|OR_ALL)&~(OR_AUTHCFG|OR_LIMIT);
- *    within  or  --> override = OR_ALL|ACCESS_CONF;
- *    within .htaccess --> override = AllowOverride for current directory;
- *
- * the result is, well, a rather confusing set of possibilities for when
- * a particular directive is allowed to be used.  This procedure prints
- * in English where the given (pc) directive can be used.
- */
-static void
-show_overrides(const command_rec *pc, module *pm)
-{
-	int n = 0;
-
-	printf("\tAllowed in *.conf ");
-	if ((pc->req_override & (OR_OPTIONS | OR_FILEINFO | OR_INDEXES)) ||
-	    ((pc->req_override & RSRC_CONF) &&
-	    ((pc->req_override & (ACCESS_CONF | OR_AUTHCFG | OR_LIMIT)))))
-		printf("anywhere");
-	else if (pc->req_override & RSRC_CONF)
-		printf("only outside ,  or ");
-	else
-		printf("only inside ,  or ");
-
-	/* Warn if the directive is allowed inside  or .htaccess
-	 * but module doesn't support per-dir configuration */
-
-	if ((pc->req_override & (OR_ALL | ACCESS_CONF))
-	    && !pm->create_dir_config)
-		printf(" [no per-dir config]");
-
-	if (pc->req_override & OR_ALL) {
-		printf(" and in .htaccess\n\twhen AllowOverride");
-
-		if ((pc->req_override & OR_ALL) == OR_ALL)
-			printf(" isn't None");
-		else {
-			printf(" includes ");
-
-			if (pc->req_override & OR_AUTHCFG) {
-				if (n++)
-					printf(" or ");
-				printf("AuthConfig");
-			}
-			if (pc->req_override & OR_LIMIT) {
-				if (n++)
-					printf(" or ");
-				printf("Limit");
-			}
-			if (pc->req_override & OR_OPTIONS) {
-				if (n++)
-					printf(" or ");
-				printf("Options");
-			}
-			if (pc->req_override & OR_FILEINFO) {
-				if (n++)
-					printf(" or ");
-				printf("FileInfo");
-			}
-			if (pc->req_override & OR_INDEXES) {
-				if (n++)
-					printf(" or ");
-				printf("Indexes");
-			}
-		}
-	}
-	printf("\n");
-}
-
-/* Show the preloaded configuration directives, the help string explaining
- * the directive arguments, in what module they are handled, and in
- * what parts of the configuration they are allowed.  Used for httpd -L.
- */
-API_EXPORT(void)
-ap_show_directives(void)
-{
-	const command_rec *pc;
-	int n;
-
-	for (n = 0; ap_loaded_modules[n]; ++n)
-		for (pc = ap_loaded_modules[n]->cmds; pc && pc->name; ++pc) {
-			printf("%s (%s)\n", pc->name,
-			    ap_loaded_modules[n]->name);
-			if (pc->errmsg)
-				printf("\t%s\n", pc->errmsg);
-			show_overrides(pc, ap_loaded_modules[n]);
-		}
-}
-
-/* Show the preloaded module names.  Used for httpd -l. */
-API_EXPORT(void)
-ap_show_modules(void)
-{
-	int n;
-
-	printf("Compiled-in modules:\n");
-	for (n = 0; ap_loaded_modules[n]; ++n)
-		printf("  %s\n", ap_loaded_modules[n]->name);
-
-	printf("suexec: %s\n", ap_suexec_enabled
-	    ? "enabled; valid wrapper " SUEXEC_BIN
-	    : "disabled; invalid wrapper " SUEXEC_BIN);
-}
diff --git a/usr.sbin/httpd/src/main/http_core.c b/usr.sbin/httpd/src/main/http_core.c
deleted file mode 100644
index 5f416f0ea3a..00000000000
--- a/usr.sbin/httpd/src/main/http_core.c
+++ /dev/null
@@ -1,3545 +0,0 @@
-/* $OpenBSD: http_core.c,v 1.27 2010/05/10 02:00:50 krw Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_protocol.h"	/* For index_of_response().  Grump. */
-#include "http_request.h"
-#include "http_conf_globals.h"
-#include "http_vhost.h"
-#include "http_main.h"		/* For the default_handler below... */
-#include "http_log.h"
-#include "rfc1413.h"
-#include "util_md5.h"
-#include "scoreboard.h"
-#include "fnmatch.h"
-
-#include 
-
-/* mmap support for static files based on ideas from John Heidemann's
- * patch against 1.0.5.  See
- * .
- */
-
-/* Files have to be at least this big before they're mmap()d.  This is to deal
- * with systems where the expense of doing an mmap() and an munmap() outweighs
- * the benefit for small files.  It shouldn't be set lower than 1.
- */
-#ifndef MMAP_THRESHOLD
-#define MMAP_THRESHOLD		1
-#endif
-#ifndef MMAP_LIMIT
-#define MMAP_LIMIT              (4*1024*1024)
-#endif
-
-/* Server core module... This module provides support for really basic
- * server operations, including options and commands which control the
- * operation of other modules.  Consider this the bureaucracy module.
- *
- * The core module also defines handlers, etc., do handle just enough
- * to allow a server with the core module ONLY to actually serve documents
- * (though it slaps DefaultType on all of 'em); this was useful in testing,
- * but may not be worth preserving.
- *
- * This file could almost be mod_core.c, except for the stuff which affects
- * the http_conf_globals.
- */
-
-static void *
-create_core_dir_config(pool *a, char *dir)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_pcalloc(a, sizeof(core_dir_config));
-	if (!dir || dir[strlen(dir) - 1] == '/')
-		conf->d = dir;
-	else if (strncmp(dir, "proxy:", 6) == 0)
-		conf->d = ap_pstrdup(a, dir);
-	else
-		conf->d = ap_pstrcat(a, dir, "/", NULL);
-
-	conf->d_is_fnmatch = conf->d ? (ap_is_fnmatch(conf->d) != 0) : 0;
-	conf->d_components = conf->d ? ap_count_dirs(conf->d) : 0;
-
-	conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL;
-	conf->opts_add = conf->opts_remove = OPT_NONE;
-	conf->override = dir ? OR_UNSET : OR_UNSET|OR_ALL;
-
-	conf->content_md5 = 2;
-
-	conf->use_canonical_name = USE_CANONICAL_NAME_UNSET;
-
-	conf->hostname_lookups = HOSTNAME_LOOKUP_UNSET;
-	conf->do_rfc1413 = DEFAULT_RFC1413 | 2; /* set bit 1 to indicate
-						 * default
-						 */
-	conf->satisfy = SATISFY_NOSPEC;
-
-	conf->limit_cpu = NULL;
-	conf->limit_mem = NULL;
-	conf->limit_nproc = NULL;
-	conf->limit_nofile = NULL;
-
-	conf->limit_req_body = 0;
-	conf->sec = ap_make_array(a, 2, sizeof(void *));
-
-	conf->server_signature = srv_sig_unset;
-
-	conf->add_default_charset = ADD_DEFAULT_CHARSET_UNSET;
-	conf->add_default_charset_name = DEFAULT_ADD_DEFAULT_CHARSET_NAME;
-
-	/* Flag for use of inodes in ETags. */
-	conf->etag_bits = ETAG_UNSET;
-	conf->etag_add = ETAG_UNSET;
-	conf->etag_remove = ETAG_UNSET;
-
-	return (void *)conf;
-}
-
-static void *
-merge_core_dir_configs(pool *a, void *basev, void *newv)
-{
-	core_dir_config *base = (core_dir_config *)basev;
-	core_dir_config *new = (core_dir_config *)newv;
-	core_dir_config *conf;
-	int i;
-
-	conf = (core_dir_config *)ap_palloc(a, sizeof(core_dir_config));
-	memcpy((char *)conf, (const char *)base, sizeof(core_dir_config));
-	if (base->response_code_strings) {
-		conf->response_code_strings =
-		ap_palloc(a, sizeof(*conf->response_code_strings)
-		    * RESPONSE_CODES);
-		memcpy(conf->response_code_strings, base->response_code_strings,
-		    sizeof(*conf->response_code_strings) * RESPONSE_CODES);
-	}
-
-	conf->d = new->d;
-	conf->d_is_fnmatch = new->d_is_fnmatch;
-	conf->d_components = new->d_components;
-	conf->r = new->r;
-
-	if (new->opts & OPT_UNSET) {
-		/* there was no explicit setting of new->opts, so we merge
-		* preserve the invariant (opts_add & opts_remove) == 0
-		*/
-		conf->opts_add = (conf->opts_add & ~new->opts_remove) |
-		    new->opts_add;
-		conf->opts_remove = (conf->opts_remove & ~new->opts_add) |
-		    new->opts_remove;
-		conf->opts = (conf->opts & ~conf->opts_remove) | conf->opts_add;
-		if ((base->opts & OPT_INCNOEXEC) && (new->opts & OPT_INCLUDES))
-			conf->opts = (conf->opts & ~OPT_INCNOEXEC) |
-			    OPT_INCLUDES;
-	} else {
-		/* otherwise we just copy, because an explicit opts setting
-		* overrides all earlier +/- modifiers
-		*/
-		conf->opts = new->opts;
-		conf->opts_add = new->opts_add;
-		conf->opts_remove = new->opts_remove;
-	}
-
-	if (!(new->override & OR_UNSET))
-		conf->override = new->override;
-	if (new->ap_default_type)
-		conf->ap_default_type = new->ap_default_type;
-	if (new->ap_auth_type)
-		conf->ap_auth_type = new->ap_auth_type;
-	if (new->ap_auth_name)
-		conf->ap_auth_name = new->ap_auth_name;
-	if (new->ap_auth_nonce)
-		conf->ap_auth_nonce = new->ap_auth_nonce;
-	if (new->ap_requires)
-		conf->ap_requires = new->ap_requires;
-
-	if (new->response_code_strings) {
-		if (conf->response_code_strings == NULL) {
-			conf->response_code_strings = ap_palloc(a,
-			    sizeof(*conf->response_code_strings) *
-			    RESPONSE_CODES);
-			memcpy(conf->response_code_strings,
-			    new->response_code_strings,
-			    sizeof(*conf->response_code_strings) *
-			    RESPONSE_CODES);
-		} else {
-			for (i = 0; i < RESPONSE_CODES; ++i) {
-				if (new->response_code_strings[i] != NULL)
-					conf->response_code_strings[i]
-					    = new->response_code_strings[i];
-			}
-		}
-	}
-	if (new->hostname_lookups != HOSTNAME_LOOKUP_UNSET)
-		conf->hostname_lookups = new->hostname_lookups;
-	if ((new->do_rfc1413 & 2) == 0)
-		conf->do_rfc1413 = new->do_rfc1413;
-	if ((new->content_md5 & 2) == 0)
-		conf->content_md5 = new->content_md5;
-	if (new->use_canonical_name != USE_CANONICAL_NAME_UNSET)
-		conf->use_canonical_name = new->use_canonical_name;
-
-	if (new->limit_cpu)
-		conf->limit_cpu = new->limit_cpu;
-	if (new->limit_mem)
-		conf->limit_mem = new->limit_mem;
-	if (new->limit_nproc)
-		conf->limit_nproc = new->limit_nproc;
-	if (new->limit_nofile)
-		conf->limit_nofile = new->limit_nofile;
-
-	if (new->limit_req_body)
-		conf->limit_req_body = new->limit_req_body;
-
-	conf->sec = ap_append_arrays(a, base->sec, new->sec);
-
-	if (new->satisfy != SATISFY_NOSPEC)
-		conf->satisfy = new->satisfy;
-
-	if (new->server_signature != srv_sig_unset)
-		conf->server_signature = new->server_signature;
-
-	if (new->add_default_charset != ADD_DEFAULT_CHARSET_UNSET) {
-		conf->add_default_charset = new->add_default_charset;
-		if (new->add_default_charset_name)
-			conf->add_default_charset_name =
-			    new->add_default_charset_name;
-	}
-
-	/* Now merge the setting of the FileETag directive. */
-	if (new->etag_bits == ETAG_UNSET) {
-		conf->etag_add =
-		    (conf->etag_add & (~ new->etag_remove)) | new->etag_add;
-		conf->etag_remove =
-		    (conf->opts_remove & (~ new->etag_add)) | new->etag_remove;
-		conf->etag_bits =
-		    (conf->etag_bits & (~ conf->etag_remove)) | conf->etag_add;
-	} else {
-		conf->etag_bits = new->etag_bits;
-		conf->etag_add = new->etag_add;
-		conf->etag_remove = new->etag_remove;
-	}
-	if (conf->etag_bits != ETAG_NONE)
-		conf->etag_bits &= (~ ETAG_NONE);
-
-	if (new->cgi_command_args != AP_FLAG_UNSET)
-		conf->cgi_command_args = new->cgi_command_args;
-	ap_server_strip_chroot(conf->d, 0);
-
-	return (void*)conf;
-}
-
-static void *
-create_core_server_config(pool *a, server_rec *s)
-{
-	core_server_config *conf;
-	int is_virtual = s->is_virtual;
-
-	conf = (core_server_config *)ap_pcalloc(a, sizeof(core_server_config));
-#ifdef GPROF
-	conf->gprof_dir = NULL;
-#endif
-	conf->access_name = is_virtual ? NULL : DEFAULT_ACCESS_FNAME;
-	conf->ap_document_root = is_virtual ? NULL : DOCUMENT_LOCATION;
-	conf->sec = ap_make_array(a, 40, sizeof(void *));
-	conf->sec_url = ap_make_array(a, 40, sizeof(void *));
-
-	/* recursion stopper */
-	conf->redirect_limit = 0;
-	conf->subreq_limit = 0;
-	conf->recursion_limit_set = 0;
-
-	return (void *)conf;
-}
-
-static void *
-merge_core_server_configs(pool *p, void *basev, void *virtv)
-{
-	core_server_config *base = (core_server_config *)basev;
-	core_server_config *virt = (core_server_config *)virtv;
-	core_server_config *conf;
-
-	conf = (core_server_config *)ap_pcalloc(p, sizeof(core_server_config));
-	*conf = *virt;
-	if (!conf->access_name)
-		conf->access_name = base->access_name;
-	if (!conf->ap_document_root)
-		conf->ap_document_root = base->ap_document_root;
-
-	conf->sec = ap_append_arrays(p, base->sec, virt->sec);
-	conf->sec_url = ap_append_arrays(p, base->sec_url, virt->sec_url);
-
-	conf->redirect_limit = virt->recursion_limit_set
-	    ? virt->redirect_limit : base->redirect_limit;
-
-	conf->subreq_limit = virt->recursion_limit_set
-	    ? virt->subreq_limit : base->subreq_limit;
-
-	return conf;
-}
-
-/* Add per-directory configuration entry (for  section);
- * these are part of the core server config.
- */
-
-CORE_EXPORT(void)
-ap_add_per_dir_conf(server_rec *s, void *dir_config)
-{
-	core_server_config *sconf = ap_get_module_config(s->module_config,
-	    &core_module);
-	void **new_space = (void **)ap_push_array(sconf->sec);
-
-	*new_space = dir_config;
-}
-
-CORE_EXPORT(void)
-ap_add_per_url_conf(server_rec *s, void *url_config)
-{
-	core_server_config *sconf = ap_get_module_config(s->module_config,
-	    &core_module);
-	void **new_space = (void **)ap_push_array(sconf->sec_url);
-
-	*new_space = url_config;
-}
-
-CORE_EXPORT(void)
-ap_add_file_conf(core_dir_config *conf, void *url_config)
-{
-	void **new_space = (void **)ap_push_array(conf->sec);
-
-	*new_space = url_config;
-}
-
-/* core_reorder_directories reorders the directory sections such that the
- * 1-component sections come first, then the 2-component, and so on, finally
- * followed by the "special" sections.  A section is "special" if it's a regex,
- * or if it doesn't start with / -- consider proxy: matching.  All movements
- * are in-order to preserve the ordering of the sections from the config files.
- * See directory_walk().
- */
-
-#define IS_SPECIAL(entry_core)	\
-    ((entry_core)->r != NULL || (entry_core)->d[0] != '/')
-
-/* We need to do a stable sort, qsort isn't stable.  So to make it stable
- * we'll be maintaining the original index into the list, and using it
- * as the minor key during sorting.  The major key is the number of
- * components (where a "special" section has infinite components).
- */
-struct reorder_sort_rec {
-	void	*elt;
-	int	 orig_index;
-};
-
-static int
-reorder_sorter(const void *va, const void *vb)
-{
-	const struct reorder_sort_rec *a = va;
-	const struct reorder_sort_rec *b = vb;
-	core_dir_config *core_a;
-	core_dir_config *core_b;
-
-	core_a = (core_dir_config *)ap_get_module_config(a->elt, &core_module);
-	core_b = (core_dir_config *)ap_get_module_config(b->elt, &core_module);
-	if (IS_SPECIAL(core_a)) {
-		if (!IS_SPECIAL(core_b))
-			return 1;
-	} else if (IS_SPECIAL(core_b))
-		return -1;
-	else {
-		/* we know they're both not special */
-		if (core_a->d_components < core_b->d_components)
-			return -1;
-		else if (core_a->d_components > core_b->d_components)
-			return 1;
-	}
-	/* Either they're both special, or they're both not special and have the
-	* same number of components.  In any event, we now have to compare
-	* the minor key. */
-	return a->orig_index - b->orig_index;
-}
-
-CORE_EXPORT(void)
-ap_core_reorder_directories(pool *p, server_rec *s)
-{
-	core_server_config *sconf;
-	array_header *sec;
-	struct reorder_sort_rec *sortbin;
-	int nelts;
-	void **elts;
-	int i;
-	pool *tmp;
-
-	sconf = ap_get_module_config(s->module_config, &core_module);
-	sec = sconf->sec;
-	nelts = sec->nelts;
-	elts = (void **)sec->elts;
-
-	/* we have to allocate tmp space to do a stable sort */
-	tmp = ap_make_sub_pool(p);
-	sortbin = ap_palloc(tmp, sec->nelts * sizeof(*sortbin));
-	for (i = 0; i < nelts; ++i) {
-		sortbin[i].orig_index = i;
-		sortbin[i].elt = elts[i];
-	}
-
-	qsort(sortbin, nelts, sizeof(*sortbin), reorder_sorter);
-
-	/* and now copy back to the original array */
-	for (i = 0; i < nelts; ++i)
-		elts[i] = sortbin[i].elt;
-
-	ap_destroy_pool(tmp);
-}
-
-/*****************************************************************
- *
- * There are some elements of the core config structures in which
- * other modules have a legitimate interest (this is ugly, but necessary
- * to preserve NCSA back-compatibility).  So, we have a bunch of accessors
- * here...
- */
-
-API_EXPORT(int)
-ap_allow_options(request_rec *r)
-{
-	core_dir_config *conf = 
-	    (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-
-	return conf->opts; 
-} 
-
-API_EXPORT(int)
-ap_allow_overrides(request_rec *r) 
-{ 
-	core_dir_config *conf;
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-
-	return conf->override; 
-} 
-
-API_EXPORT(const char *)
-ap_auth_type(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-	return conf->ap_auth_type;
-}
-
-API_EXPORT(const char *)
-ap_auth_name(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-	return conf->ap_auth_name;
-}
-
-API_EXPORT(const char *)
-ap_auth_nonce(request_rec *r)
-{
-	core_dir_config *conf;
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-	if (conf->ap_auth_nonce)
-		return conf->ap_auth_nonce;
-
-	/* Ideally we'd want to mix in some per-directory style
-	 * information; as we are likely to want to detect replay
-	 * across those boundaries and some randomness. But that
-	 * is harder due to the adhoc nature of .htaccess memory
-	 * structures, restarts and forks.
-	 *
-	 * But then again - you should use AuthDigestRealmSeed in your config
-	 * file if you care. So the adhoc value should do.
-	 */
-	return ap_psprintf(r->pool,"%pp%pp%pp%pp%pp",
-	    (void *)&(r->connection->local_host),
-	    (void *)ap_user_name,
-	    (void *)ap_listeners,
-	    (void *)ap_server_argv0,
-	    (void *)ap_pid_fname);
-}
-
-API_EXPORT(const char *)
-ap_default_type(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-	return conf->ap_default_type 
-	    ? conf->ap_default_type : DEFAULT_CONTENT_TYPE;
-}
-
-API_EXPORT(const char *)
-ap_document_root(request_rec *r) /* Don't use this! */
-{
-	core_server_config *conf;
-
-	conf =
-	    (core_server_config *)ap_get_module_config(r->server->module_config,
-	    &core_module); 
-	return conf->ap_document_root;
-}
-
-API_EXPORT(const array_header *)
-ap_requires(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-	return conf->ap_requires;
-}
-
-API_EXPORT(int)
-ap_satisfies(request_rec *r)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	return conf->satisfy;
-}
-
-/* Should probably just get rid of this... the only code that cares is
- * part of the core anyway (and in fact, it isn't publicised to other
- * modules).
- */
-API_EXPORT(char *)
-ap_response_code_string(request_rec *r, int error_index)
-{
-	core_dir_config *conf;
-
-	conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module); 
-
-	if (conf->response_code_strings == NULL)
-		return NULL;
-
-	return conf->response_code_strings[error_index];
-}
-
-
-/* Code from Harald Hanche-Olsen  */
-/* Note: the function returns its result in conn->double_reverse:
- *       +1: forward lookup of the previously reverse-looked-up
- *           hostname in conn->remote_host succeeded, and at
- *           least one of its IP addresses matches the client.
- *       -1: forward lookup of conn->remote_host failed, or
- *           none of the addresses found matches the client connection
- *           (possible DNS spoof in the reverse zone!)
- *       If do_double_reverse() returns -1, then it also invalidates
- *       conn->remote_host to prevent an invalid name from appearing
- *       in the log files. Conn->remote_host is set to "", because
- *       a setting of NULL would allow another reverse lookup,
- *       depending on the flags given to ap_get_remote_host().
- */
-static ap_inline void
-do_double_reverse(conn_rec *conn)
-{
-	struct addrinfo hints, *res, *res0;
-	char hostbuf1[128], hostbuf2[128]; /* INET6_ADDRSTRLEN(=46) is enough */
-	int ok = 0;
-
-	if (conn->double_reverse)
-		/* already done */
-		return;
-
-	if (conn->remote_host == NULL || conn->remote_host[0] == '\0') {
-		/* single reverse failed, so don't bother */
-		conn->double_reverse = -1;
-		conn->remote_host = ""; /* prevent another lookup */
-		return;
-	}
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	if (getaddrinfo(conn->remote_host, NULL, &hints, &res0)) {
-		conn->double_reverse = -1;
-		return;
-	}
-	for (res = res0; res; res = res->ai_next) {
-		if (res->ai_addr->sa_family != conn->remote_addr.ss_family ||
-		    !(res->ai_family == AF_INET 
-		    || res->ai_family == AF_INET6))
-			continue;
-#ifndef HAVE_SOCKADDR_LEN
-		if (res->ai_addrlen !=
-		    SA_LEN((struct sockaddr *)&conn->remote_addr))
-#else
-		if (res->ai_addr->sa_len != conn->remote_addr.ss_len)
-#endif
-			continue;
-		if (getnameinfo(res->ai_addr, res->ai_addrlen,
-		    hostbuf1, sizeof(hostbuf1), NULL, 0, NI_NUMERICHOST))
-			continue;
-		if (getnameinfo(((struct sockaddr *)&conn->remote_addr),
-		    res->ai_addrlen, hostbuf2, sizeof(hostbuf2), NULL, 0,
-		    NI_NUMERICHOST))
-			continue;
-		if (strcmp(hostbuf1, hostbuf2) == 0){
-			ok = 1;
-			break;
-		}
-	}
-	conn->double_reverse = ok ? 1 : -1;
-	freeaddrinfo(res0);
-}
-
-API_EXPORT(const char *)
-ap_get_remote_host(conn_rec *conn, void *dir_config, int type)
-{
-	int hostname_lookups;
-	int old_stat = SERVER_DEAD;	/* we shouldn't ever be in this state */
-	char hostnamebuf[MAXHOSTNAMELEN];
-
-	/* If we haven't checked the host name, and we want to */
-	if (dir_config) {
-		hostname_lookups =
-		    ((core_dir_config *)ap_get_module_config(dir_config,
-		    &core_module))->hostname_lookups;
-		if (hostname_lookups == HOSTNAME_LOOKUP_UNSET)
-			hostname_lookups = HOSTNAME_LOOKUP_OFF;
-
-	} else
-		/* the default */
-		hostname_lookups = HOSTNAME_LOOKUP_OFF;
-
-	if (type != REMOTE_NOLOOKUP && conn->remote_host == NULL
-	    && (type == REMOTE_DOUBLE_REV
-	    || hostname_lookups != HOSTNAME_LOOKUP_OFF)) {
-		old_stat = ap_update_child_status(conn->child_num,
-		    SERVER_BUSY_DNS, (request_rec*)NULL);
-		if (!getnameinfo((struct sockaddr *)&conn->remote_addr,
-		    conn->remote_addr.ss_len,
-		    hostnamebuf, sizeof(hostnamebuf), NULL, 0, 0)) {
-			conn->remote_host = ap_pstrdup(conn->pool,
-			    (void *)hostnamebuf);
-			ap_str_tolower(conn->remote_host);
-
-			if (hostname_lookups == HOSTNAME_LOOKUP_DOUBLE)
-				do_double_reverse(conn);
-		}
-		/* if failed, set it to the NULL string to indicate error */
-		if (conn->remote_host == NULL)
-			conn->remote_host = "";
-	}
-	if (type == REMOTE_DOUBLE_REV) {
-		do_double_reverse(conn);
-		if (conn->double_reverse == -1)
-			return NULL;
-	}
-	if (old_stat != SERVER_DEAD)
-		(void)ap_update_child_status(conn->child_num, old_stat,
-		    (request_rec*)NULL);
-
-	/*
-	 * Return the desired information; either the remote DNS name, if found,
-	 * or either NULL (if the hostname was requested) or the IP address
-	 * (if any identifier was requested).
-	 */
-	if (conn->remote_host != NULL && conn->remote_host[0] != '\0')
-		return conn->remote_host;
-	else {
-		if (type == REMOTE_HOST || type == REMOTE_DOUBLE_REV)
-			return NULL;
-		else
-			return conn->remote_ip;
-	}
-}
-
-API_EXPORT(const char *)
-ap_get_remote_logname(request_rec *r)
-{
-	core_dir_config *dir_conf;
-
-	if (r->connection->remote_logname != NULL)
-		return r->connection->remote_logname;
-
-	/* If we haven't checked the identity, and we want to */
-	dir_conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	if (dir_conf->do_rfc1413 & 1)
-		return ap_rfc1413(r->connection, r->server);
-	else
-		return NULL;
-}
-
-/* There are two options regarding what the "name" of a server is.  The
- * "canonical" name as defined by ServerName and Port, or the "client's
- * name" as supplied by a possible Host: header or full URI.  We never
- * trust the port passed in the client's headers, we always use the
- * port of the actual socket.
- *
- * The DNS option to UseCanonicalName causes this routine to do a
- * reverse lookup on the local IP address of the connectiona and use
- * that for the ServerName. This makes its value more reliable while
- * at the same time allowing Demon's magic virtual hosting to work.
- * The assumption is that DNS lookups are sufficiently quick...
- * -- fanf 1998-10-03
- */
-API_EXPORT(const char *)
-ap_get_server_name(request_rec *r)
-{
-	conn_rec *conn = r->connection;
-	core_dir_config *d;
-	char hbuf[MAXHOSTNAMELEN];
-
-	d = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	if (d->use_canonical_name == USE_CANONICAL_NAME_OFF)
-		return r->hostname ? r->hostname : r->server->server_hostname;
-
-	if (d->use_canonical_name == USE_CANONICAL_NAME_DNS) {
-		if (conn->local_host == NULL) {
-			int old_stat;
-			old_stat = ap_update_child_status(conn->child_num,
-			    SERVER_BUSY_DNS, r);
-			if (getnameinfo((struct sockaddr *)&conn->local_addr,
-			    conn->local_addr.ss_len,
-			    hbuf, sizeof(hbuf), NULL, 0, 0) == 0)
-				conn->local_host = ap_pstrdup(conn->pool, hbuf);
-			else
-				conn->local_host = ap_pstrdup(conn->pool,
-				    r->server->server_hostname);
-			ap_str_tolower(conn->local_host);
-			(void)ap_update_child_status(conn->child_num, old_stat,
-			    r);
-		}
-		return conn->local_host;
-	}
-	/* default */
-	return r->server->server_hostname;
-}
-
-API_EXPORT(unsigned)
-ap_get_server_port(const request_rec *r)
-{
-	unsigned port;
-	core_dir_config *d =
-	    (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	port = r->server->port ? r->server->port : ap_default_port(r);
-
-	if (d->use_canonical_name == USE_CANONICAL_NAME_OFF
-	    || d->use_canonical_name == USE_CANONICAL_NAME_DNS) {
-		return r->hostname
-		    ? ntohs(((struct sockaddr_in *)
-		    &r->connection->local_addr)->sin_port)
-		    : port;
-	}
-	return r->hostname
-	    ? ntohs(((struct sockaddr_in *)
-	    &r->connection->local_addr)->sin_port)
-	    : port;
-}
-
-API_EXPORT(char *)
-ap_construct_url(pool *p, const char *uri, request_rec *r)
-{
-	unsigned port = ap_get_server_port(r);
-	const char *host = ap_get_server_name(r);
-
-	if (ap_is_default_port(port, r))
-		return ap_pstrcat(p, ap_http_method(r), "://", host, uri, NULL);
-	return ap_psprintf(p, "%s://%s:%u%s", ap_http_method(r), host, port,
-	    uri);
-}
-
-API_EXPORT(unsigned long)
-ap_get_limit_req_body(const request_rec *r)
-{
-	core_dir_config *d =
-	    (core_dir_config *)ap_get_module_config(r->per_dir_config,
-	    &core_module);
-
-	return d->limit_req_body;
-}
-
-
-/*****************************************************************
- *
- * Commands... this module handles almost all of the NCSA httpd.conf
- * commands, but most of the old srm.conf is in the the modules.
- */
-
-static const char end_directory_section[] = "";
-static const char end_directorymatch_section[] = "";
-static const char end_location_section[] = "";
-static const char end_locationmatch_section[] = "";
-static const char end_files_section[] = "";
-static const char end_filesmatch_section[] = "";
-static const char end_virtualhost_section[] = "";
-static const char end_ifmodule_section[] = "";
-static const char end_ifdefine_section[] = "";
-
-
-API_EXPORT(const char *) ap_check_cmd_context(cmd_parms *cmd,
-					      unsigned forbidden)
-{
-    const char *gt = (cmd->cmd->name[0] == '<'
-		      && cmd->cmd->name[strlen(cmd->cmd->name)-1] != '>')
-                         ? ">" : "";
-
-    if ((forbidden & NOT_IN_VIRTUALHOST) && cmd->server->is_virtual) {
-	return ap_pstrcat(cmd->pool, cmd->cmd->name, gt,
-			  " cannot occur within  section", NULL);
-    }
-
-    if ((forbidden & NOT_IN_LIMIT) && cmd->limited != -1) {
-	return ap_pstrcat(cmd->pool, cmd->cmd->name, gt,
-			  " cannot occur within  section", NULL);
-    }
-
-    if ((forbidden & NOT_IN_DIR_LOC_FILE) == NOT_IN_DIR_LOC_FILE
-	&& cmd->path != NULL) {
-	return ap_pstrcat(cmd->pool, cmd->cmd->name, gt,
-			  " cannot occur within  "
-			  "section", NULL);
-    }
-    
-    if (((forbidden & NOT_IN_DIRECTORY)
-	 && (cmd->end_token == end_directory_section
-	     || cmd->end_token == end_directorymatch_section)) 
-	|| ((forbidden & NOT_IN_LOCATION)
-	    && (cmd->end_token == end_location_section
-		|| cmd->end_token == end_locationmatch_section)) 
-	|| ((forbidden & NOT_IN_FILES)
-	    && (cmd->end_token == end_files_section
-		|| cmd->end_token == end_filesmatch_section))) {
-	return ap_pstrcat(cmd->pool, cmd->cmd->name, gt,
-			  " cannot occur within <", cmd->end_token+2,
-			  " section", NULL);
-    }
-
-    return NULL;
-}
-
-static const char *set_access_name(cmd_parms *cmd, void *dummy, char *arg)
-{
-    void *sconf = cmd->server->module_config;
-    core_server_config *conf = ap_get_module_config(sconf, &core_module);
-
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    conf->access_name = ap_pstrdup(cmd->pool, arg);
-    return NULL;
-}
-
-#ifdef GPROF
-static const char *set_gprof_dir(cmd_parms *cmd, void *dummy, char *arg)
-{
-    void *sconf = cmd->server->module_config;
-    core_server_config *conf = ap_get_module_config(sconf, &core_module);
-
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    conf->gprof_dir = ap_pstrdup(cmd->pool, arg);
-    return NULL;
-}
-#endif /*GPROF*/
-
-static const char *set_add_default_charset(cmd_parms *cmd, 
-	core_dir_config *d, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-    if (!strcasecmp(arg, "Off")) {
-       d->add_default_charset = ADD_DEFAULT_CHARSET_OFF;
-    }
-    else if (!strcasecmp(arg, "On")) {
-       d->add_default_charset = ADD_DEFAULT_CHARSET_ON;
-       d->add_default_charset_name = DEFAULT_ADD_DEFAULT_CHARSET_NAME;
-    }
-    else {
-       d->add_default_charset = ADD_DEFAULT_CHARSET_ON;
-       d->add_default_charset_name = arg;
-    }
-    return NULL;
-}
-static const char *set_accept_mutex(cmd_parms *cmd, void *dummy, char *arg)
-{
-	return ap_init_mutex_method(arg);
-}
-
-static const char *set_document_root(cmd_parms *cmd, void *dummy, char *arg)
-{
-    void *sconf = cmd->server->module_config;
-    core_server_config *conf = ap_get_module_config(sconf, &core_module);
-  
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    arg = ap_os_canonical_filename(cmd->pool, arg);
-    if (ap_configtestonly && ap_docrootcheck && !ap_is_directory(arg)) {
-	if (cmd->server->is_virtual) {
-	    fprintf(stderr, "Warning: DocumentRoot [%s] does not exist\n",
-		    arg);
-	}
-	else {
-	    return "DocumentRoot must be a directory";
-	}
-    }
-    ap_server_strip_chroot(arg, 1);
-    conf->ap_document_root = arg;
-    return NULL;
-}
-
-API_EXPORT(void) ap_custom_response(request_rec *r, int status, char *string)
-{
-    core_dir_config *conf = 
-	ap_get_module_config(r->per_dir_config, &core_module);
-    int idx;
-
-    ap_server_strip_chroot(conf->d, 0);
-    if(conf->response_code_strings == NULL) {
-        conf->response_code_strings = 
-	    ap_pcalloc(r->pool,
-		    sizeof(*conf->response_code_strings) * 
-		    RESPONSE_CODES);
-    }
-
-    idx = ap_index_of_response(status);
-
-    conf->response_code_strings[idx] = 
-       ((ap_is_url(string) || (*string == '/')) && (*string != '"')) ? 
-       ap_pstrdup(r->pool, string) : ap_pstrcat(r->pool, "\"", string, NULL);
-}
-
-static const char *set_error_document(cmd_parms *cmd, core_dir_config *conf,
-				      char *line)
-{
-    int error_number, index_number, idx500;
-    char *w;
-                
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /* 1st parameter should be a 3 digit number, which we recognize;
-     * convert it into an array index
-     */
-  
-    w = ap_getword_conf_nc(cmd->pool, &line);
-    error_number = atoi(w);
-
-    idx500 = ap_index_of_response(HTTP_INTERNAL_SERVER_ERROR);
-
-    if (error_number == HTTP_INTERNAL_SERVER_ERROR) {
-        index_number = idx500;
-    }
-    else if ((index_number = ap_index_of_response(error_number)) == idx500) {
-        return ap_pstrcat(cmd->pool, "Unsupported HTTP response code ",
-			  w, NULL);
-    }
-
-    /* The entry should be ignored if it is a full URL for a 401 error */
-
-    if (error_number == 401 &&
-	line[0] != '/' && line[0] != '"') { /* Ignore it... */
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, cmd->server,
-		     "cannot use a full URL in a 401 ErrorDocument "
-		     "directive --- ignoring!");
-    }
-    else { /* Store it... */
-    	if (conf->response_code_strings == NULL) {
-	    conf->response_code_strings =
-		ap_pcalloc(cmd->pool,
-			   sizeof(*conf->response_code_strings) * RESPONSE_CODES);
-        }
-        conf->response_code_strings[index_number] = ap_pstrdup(cmd->pool, line);
-    }   
-
-    return NULL;
-}
-
-/* access.conf commands...
- *
- * The *only* thing that can appear in access.conf at top level is a
- *  section.  NB we need to have a way to cut the srm_command_loop
- * invoked by dirsection (i.e., ) short when  is seen.
- * We do that by returning an error, which dirsection itself recognizes and
- * discards as harmless.  Cheesy, but it works.
- */
-
-static const char *set_override(cmd_parms *cmd, core_dir_config *d,
-				const char *l)
-{
-    char *w;
-  
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    d->override = OR_NONE;
-    while (l[0]) {
-        w = ap_getword_conf(cmd->pool, &l);
-	if (!strcasecmp(w, "Limit")) {
-	    d->override |= OR_LIMIT;
-	}
-	else if (!strcasecmp(w, "Options")) {
-	    d->override |= OR_OPTIONS;
-	}
-	else if (!strcasecmp(w, "FileInfo")) {
-            d->override |= OR_FILEINFO;
-	}
-	else if (!strcasecmp(w, "AuthConfig")) {
-	    d->override |= OR_AUTHCFG;
-	}
-	else if (!strcasecmp(w, "Indexes")) {
-            d->override |= OR_INDEXES;
-	}
-	else if (!strcasecmp(w, "None")) {
-	    d->override = OR_NONE;
-	}
-	else if (!strcasecmp(w, "All")) {
-	    d->override = OR_ALL;
-	}
-	else {
-	    return ap_pstrcat(cmd->pool, "Illegal override option ", w, NULL);
-	}
-	d->override &= ~OR_UNSET;
-    }
-
-    return NULL;
-}
-
-static const char *set_options(cmd_parms *cmd, core_dir_config *d,
-			       const char *l)
-{
-    allow_options_t opt;
-    int first = 1;
-    char action;
-
-    while (l[0]) {
-        char *w = ap_getword_conf(cmd->pool, &l);
-	action = '\0';
-
-	if (*w == '+' || *w == '-') {
-	    action = *(w++);
-	}
-	else if (first) {
-  	    d->opts = OPT_NONE;
-            first = 0;
-        }
-	    
-	if (!strcasecmp(w, "Indexes")) {
-	    opt = OPT_INDEXES;
-	}
-	else if (!strcasecmp(w, "Includes")) {
-	    opt = OPT_INCLUDES;
-	}
-	else if (!strcasecmp(w, "IncludesNOEXEC")) {
-	    opt = (OPT_INCLUDES | OPT_INCNOEXEC);
-	}
-	else if (!strcasecmp(w, "FollowSymLinks")) {
-	    opt = OPT_SYM_LINKS;
-	}
-	else if (!strcasecmp(w, "SymLinksIfOwnerMatch")) {
-	    opt = OPT_SYM_OWNER;
-	}
-	else if (!strcasecmp(w, "execCGI")) {
-	    opt = OPT_EXECCGI;
-	}
-	else if (!strcasecmp(w, "MultiViews")) {
-	    opt = OPT_MULTI;
-	}
-	else if (!strcasecmp(w, "RunScripts")) { /* AI backcompat. Yuck */
-	    opt = OPT_MULTI|OPT_EXECCGI;
-	}
-	else if (!strcasecmp(w, "None")) {
-	    opt = OPT_NONE;
-	}
-	else if (!strcasecmp(w, "All")) {
-	    opt = OPT_ALL;
-	}
-	else {
-	    return ap_pstrcat(cmd->pool, "Illegal option ", w, NULL);
-	}
-
-	/* we ensure the invariant (d->opts_add & d->opts_remove) == 0 */
-	if (action == '-') {
-	    d->opts_remove |= opt;
-	    d->opts_add &= ~opt;
-	    d->opts &= ~opt;
-	}
-	else if (action == '+') {
-	    d->opts_add |= opt;
-	    d->opts_remove &= ~opt;
-	    d->opts |= opt;
-	}
-	else {
-	    d->opts |= opt;
-	}
-    }
-
-    return NULL;
-}
-
-static const char *satisfy(cmd_parms *cmd, core_dir_config *c, char *arg)
-{
-    if (!strcasecmp(arg, "all")) {
-        c->satisfy = SATISFY_ALL;
-    }
-    else if (!strcasecmp(arg, "any")) {
-        c->satisfy = SATISFY_ANY;
-    }
-    else {
-        return "Satisfy either 'any' or 'all'.";
-    }
-    return NULL;
-}
-
-static const char *require(cmd_parms *cmd, core_dir_config *c, char *arg)
-{
-    require_line *r;
-  
-    if (!c->ap_requires) {
-        c->ap_requires = ap_make_array(cmd->pool, 2, sizeof(require_line));
-    }
-    r = (require_line *)ap_push_array(c->ap_requires);
-    r->requirement = ap_pstrdup(cmd->pool, arg);
-    r->method_mask = cmd->limited;
-    return NULL;
-}
-
-CORE_EXPORT_NONSTD(const char *) ap_limit_section(cmd_parms *cmd, void *dummy,
-						  const char *arg)
-{
-    const char *limited_methods = ap_getword(cmd->pool, &arg, '>');
-    void *tog = cmd->cmd->cmd_data;
-    int limited = 0;
-  
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /* XXX: NB: Currently, we have no way of checking
-     * whether  or  sections are closed properly.
-     * (If we would add a srm_command_loop() here we might...)
-     */
-    
-    while (limited_methods[0]) {
-        char *method = ap_getword_conf(cmd->pool, &limited_methods);
-        int  methnum = ap_method_number_of(method);
-
-        if (methnum == M_TRACE && !tog) {
-            return "TRACE cannot be controlled by ";
-        }
-        else if (methnum == M_INVALID) {
-            return ap_pstrcat(cmd->pool, "unknown method \"", method,
-                              "\" in " : ">", NULL);
-        }
-        else {
-            limited |= (1 << methnum);
-        }
-    }
-
-    /* Killing two features with one function,
-     * if (tog == NULL) , else 
-     */
-    cmd->limited = tog ? ~limited : limited;
-    return NULL;
-}
-
-static const char *endlimit_section(cmd_parms *cmd, void *dummy, void *dummy2)
-{
-    void *tog = cmd->cmd->cmd_data;
-
-    if (cmd->limited == -1) {
-        return tog ? " unexpected" : " unexpected";
-    }
-    
-    cmd->limited = -1;
-    return NULL;
-}
-
-/*
- * When a section is not closed properly when end-of-file is reached,
- * then an error message should be printed:
- */
-static const char *missing_endsection(cmd_parms *cmd, int nest)
-{
-    if (nest < 2) {
-	return ap_psprintf(cmd->pool, "Missing %s directive at end-of-file",
-			   cmd->end_token);
-    }
-    return ap_psprintf(cmd->pool, "%d missing %s directives at end-of-file",
-		       nest, cmd->end_token);
-}
-
-/* We use this in  and , to ensure that 
- * people don't get bitten by wrong-cased regex matches
- */
-
-#define USE_ICASE 0
-
-static const char *end_nested_section(cmd_parms *cmd, void *dummy)
-{
-    if (cmd->end_token == NULL) {
-        return ap_pstrcat(cmd->pool, cmd->cmd->name,
-			  " without matching <", cmd->cmd->name + 2, 
-			  " section", NULL);
-    }
-    /*
-     * This '!=' may look weird on a string comparison, but it's correct --
-     * it's been set up so that checking for two pointers to the same datum
-     * is valid here.  And faster.
-     */
-    if (cmd->cmd->name != cmd->end_token) {
-	return ap_pstrcat(cmd->pool, "Expected ", cmd->end_token, " but saw ",
-			  cmd->cmd->name, NULL);
-    }
-    return cmd->end_token;
-}
-
-/*
- * Report a missing-'>' syntax error.
- */
-static char *unclosed_directive(cmd_parms *cmd)
-{
-    return ap_pstrcat(cmd->pool, cmd->cmd->name,
-		      "> directive missing closing '>'", NULL);
-}
-
-static const char *dirsection(cmd_parms *cmd, void *dummy, const char *arg)
-{
-    const char *errmsg;
-    char *endp = strrchr(arg, '>');
-    int old_overrides = cmd->override;
-    char *old_path = cmd->path;
-    core_dir_config *conf;
-    void *new_dir_conf = ap_create_per_dir_config(cmd->pool);
-    regex_t *r = NULL;
-    const char *old_end_token;
-    const command_rec *thiscmd = cmd->cmd;
-
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    cmd->path = ap_getword_conf(cmd->pool, &arg);
-    ap_server_strip_chroot(cmd->path, 1);
-    cmd->override = OR_ALL|ACCESS_CONF;
-
-    if (thiscmd->cmd_data) { /*  */
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
-    }
-    else if (!strcmp(cmd->path, "~")) {
-	cmd->path = ap_getword_conf(cmd->pool, &arg);
-	ap_server_strip_chroot(cmd->path, 1);
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
-    }
-    else {
-	/* Ensure that the pathname is canonical */
-	cmd->path = ap_os_canonical_filename(cmd->pool, cmd->path);
-    }
-
-    old_end_token = cmd->end_token;
-    cmd->end_token = thiscmd->cmd_data ? end_directorymatch_section : end_directory_section;
-    errmsg = ap_srm_command_loop(cmd, new_dir_conf);
-    if (errmsg == NULL) {
-	errmsg = missing_endsection(cmd, 1);
-    }
-    cmd->end_token = old_end_token;
-    if (errmsg != (thiscmd->cmd_data 
-		       ? end_directorymatch_section 
-		   : end_directory_section)) {
-	return errmsg;
-    }
-
-    conf = (core_dir_config *)ap_get_module_config(new_dir_conf, &core_module);
-    conf->r = r;
-
-    ap_add_per_dir_conf(cmd->server, new_dir_conf);
-
-    if (*arg != '\0') {
-	return ap_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
-			  "> arguments not (yet) supported.", NULL);
-    }
-
-    cmd->path = old_path;
-    cmd->override = old_overrides;
-
-    return NULL;
-}
-
-static const char *urlsection(cmd_parms *cmd, void *dummy, const char *arg)
-{
-    const char *errmsg;
-    char *endp = strrchr(arg, '>');
-    int old_overrides = cmd->override;
-    char *old_path = cmd->path;
-    core_dir_config *conf;
-    regex_t *r = NULL;
-    const char *old_end_token;
-    const command_rec *thiscmd = cmd->cmd;
-
-    void *new_url_conf = ap_create_per_dir_config(cmd->pool);
-
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    cmd->path = ap_getword_conf(cmd->pool, &arg);
-    ap_server_strip_chroot(cmd->path, 0);
-    cmd->override = OR_ALL|ACCESS_CONF;
-
-    if (thiscmd->cmd_data) { /*  */
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED);
-    }
-    else if (!strcmp(cmd->path, "~")) {
-	cmd->path = ap_getword_conf(cmd->pool, &arg);
-	ap_server_strip_chroot(cmd->path, 0);
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED);
-    }
-
-    old_end_token = cmd->end_token;
-    cmd->end_token = thiscmd->cmd_data ? end_locationmatch_section
-                                       : end_location_section;
-    errmsg = ap_srm_command_loop(cmd, new_url_conf);
-    if (errmsg == NULL) {
-	errmsg = missing_endsection(cmd, 1);
-    }
-    cmd->end_token = old_end_token;
-    if (errmsg != (thiscmd->cmd_data 
-		       ? end_locationmatch_section 
-		       : end_location_section)) {
-	return errmsg;
-    }
-
-    conf = (core_dir_config *)ap_get_module_config(new_url_conf, &core_module);
-    conf->d = ap_pstrdup(cmd->pool, cmd->path);	/* No mangling, please */
-    conf->d_is_fnmatch = ap_is_fnmatch(conf->d) != 0;
-    conf->r = r;
-
-    ap_add_per_url_conf(cmd->server, new_url_conf);
-    
-    if (*arg != '\0') {
-	return ap_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
-			  "> arguments not (yet) supported.", NULL);
-    }
-
-    cmd->path = old_path;
-    cmd->override = old_overrides;
-
-    return NULL;
-}
-
-static const char *filesection(cmd_parms *cmd, core_dir_config *c,
-			       const char *arg)
-{
-    const char *errmsg;
-    char *endp = strrchr(arg, '>');
-    int old_overrides = cmd->override;
-    char *old_path = cmd->path;
-    core_dir_config *conf;
-    regex_t *r = NULL;
-    const char *old_end_token;
-    const command_rec *thiscmd = cmd->cmd;
-
-    void *new_file_conf = ap_create_per_dir_config(cmd->pool);
-
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT|NOT_IN_LOCATION);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    cmd->path = ap_getword_conf(cmd->pool, &arg);
-    ap_server_strip_chroot(cmd->path, 1);
-    /* Only if not an .htaccess file */
-    if (!old_path) {
-	cmd->override = OR_ALL|ACCESS_CONF;
-    }
-
-    if (thiscmd->cmd_data) { /*  */
-        r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
-    }
-    else if (!strcmp(cmd->path, "~")) {
-	cmd->path = ap_getword_conf(cmd->pool, &arg);
-	ap_server_strip_chroot(cmd->path, 1);
-	r = ap_pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
-    }
-    else {
-	/* Ensure that the pathname is canonical */
-	cmd->path = ap_os_canonical_filename(cmd->pool, cmd->path);
-    }
-
-    old_end_token = cmd->end_token;
-    cmd->end_token = thiscmd->cmd_data ? end_filesmatch_section : end_files_section;
-    errmsg = ap_srm_command_loop(cmd, new_file_conf);
-    if (errmsg == NULL) {
-	errmsg = missing_endsection(cmd, 1);
-    }
-    cmd->end_token = old_end_token;
-    if (errmsg != (thiscmd->cmd_data 
-		       ? end_filesmatch_section 
-		   : end_files_section)) {
-	return errmsg;
-    }
-
-    conf = (core_dir_config *)ap_get_module_config(new_file_conf,
-						   &core_module);
-    conf->d = cmd->path;
-    conf->d_is_fnmatch = ap_is_fnmatch(conf->d) != 0;
-    conf->r = r;
-
-    ap_add_file_conf(c, new_file_conf);
-
-    if (*arg != '\0') {
-	return ap_pstrcat(cmd->pool, "Multiple ", thiscmd->name,
-			  "> arguments not (yet) supported.", NULL);
-    }
-
-    cmd->path = old_path;
-    cmd->override = old_overrides;
-
-    return NULL;
-}
-
-/* XXX: NB: Currently, we have no way of checking
- * whether  sections are closed properly.
- * Extra (redundant, unpaired)  directives are
- * simply silently ignored.
- */
-static const char *end_ifmod(cmd_parms *cmd, void *dummy)
-{
-    return NULL;
-}
-
-static const char *start_ifmod(cmd_parms *cmd, void *dummy, char *arg)
-{
-    char *endp = strrchr(arg, '>');
-    char l[MAX_STRING_LEN];
-    int not = (arg[0] == '!');
-    module *found;
-    int nest = 1;
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    if (not) {
-        arg++;
-    }
-
-    found = ap_find_linked_module(arg);
-
-    if ((!not && found) || (not && !found)) {
-        return NULL;
-    }
-
-    while (nest && !(ap_cfg_getline(l, MAX_STRING_LEN, cmd->config_file))) {
-        if (!strncasecmp(l, "")) {
-	  nest--;
-	}
-    }
-
-    if (nest) {
-	cmd->end_token = end_ifmodule_section;
-	return missing_endsection(cmd, nest);
-    }
-    return NULL;
-}
-
-API_EXPORT(int) ap_exists_config_define(char *name)
-{
-    char **defines;
-    int i;
-
-    defines = (char **)ap_server_config_defines->elts;
-    for (i = 0; i < ap_server_config_defines->nelts; i++) {
-        if (strcmp(defines[i], name) == 0) {
-            return 1;
-	}
-    }
-    return 0;
-}
-
-static const char *end_ifdefine(cmd_parms *cmd, void *dummy) 
-{
-    return NULL;
-}
-
-static const char *start_ifdefine(cmd_parms *cmd, void *dummy, char *arg)
-{
-    char *endp;
-    char l[MAX_STRING_LEN];
-    int defined;
-    int not = 0;
-    int nest = 1;
-
-    endp = strrchr(arg, '>');
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-
-    if (arg[0] == '!') {
-        not = 1;
-	arg++;
-    }
-
-    defined = ap_exists_config_define(arg);
-
-    if ((!not && defined) || (not && !defined)) {
-	return NULL;
-    }
-
-    while (nest && !(ap_cfg_getline(l, MAX_STRING_LEN, cmd->config_file))) {
-        if (!strncasecmp(l, "")) {
-	    nest--;
-	}
-    }
-    if (nest) {
-	cmd->end_token = end_ifdefine_section;
-	return missing_endsection(cmd, nest);
-    }
-    return NULL;
-}
-
-/* httpd.conf commands... beginning with the  business */
-
-static const char *virtualhost_section(cmd_parms *cmd, void *dummy, char *arg)
-{
-    server_rec *main_server = cmd->server, *s;
-    const char *errmsg;
-    char *endp = strrchr(arg, '>');
-    pool *p = cmd->pool, *ptemp = cmd->temp_pool;
-    const char *old_end_token;
-
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (endp == NULL) {
-	return unclosed_directive(cmd);
-    }
-
-    *endp = '\0';
-    
-    /* FIXME: There's another feature waiting to happen here -- since you
-	can now put multiple addresses/names on a single 
-	you might want to use it to group common definitions and then
-	define other "subhosts" with their individual differences.  But
-	personally I'd rather just do it with a macro preprocessor. -djg */
-    if (main_server->is_virtual) {
-	return " doesn't nest!";
-    }
-    
-    errmsg = ap_init_virtual_host(p, arg, main_server, &s);
-    if (errmsg) {
-	return errmsg;
-    }
-
-    s->next = main_server->next;
-    main_server->next = s;
-
-    s->defn_name = cmd->config_file->name;
-    s->defn_line_number = cmd->config_file->line_number;
-
-    old_end_token = cmd->end_token;
-    cmd->end_token = end_virtualhost_section;
-    cmd->server = s;
-    errmsg = ap_srm_command_loop(cmd, s->lookup_defaults);
-    cmd->server = main_server;
-    if (errmsg == NULL) {
-	errmsg = missing_endsection(cmd, 1);
-    }
-    cmd->end_token = old_end_token;
-
-    if (s->srm_confname) {
-	ap_process_resource_config(s, s->srm_confname, p, ptemp);
-    }
-
-    if (s->access_confname) {
-	ap_process_resource_config(s, s->access_confname, p, ptemp);
-    }
-    
-    if (errmsg == end_virtualhost_section) {
-	return NULL;
-    }
-    return errmsg;
-}
-
-static const char *set_server_alias(cmd_parms *cmd, void *dummy,
-				    const char *arg)
-{
-    if (!cmd->server->names) {
-	return "ServerAlias only used in ";
-    }
-    while (*arg) {
-	char **item, *name = ap_getword_conf(cmd->pool, &arg);
-	if (ap_is_matchexp(name)) {
-	    item = (char **)ap_push_array(cmd->server->wild_names);
-	}
-	else {
-	    item = (char **)ap_push_array(cmd->server->names);
-	}
-	*item = name;
-    }
-    return NULL;
-}
-
-static const char *add_module_command(cmd_parms *cmd, void *dummy, char *arg)
-{
-    module *modp;
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    for (modp = top_module; modp; modp = modp->next) {
-        if (modp->name != NULL && strcmp(modp->name, arg) == 0) {
-            ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, cmd->server,
-                          "module %s is already added, skipping", arg);
-            return NULL;
-        }
-    }
-
-    if (!ap_add_named_module(arg)) {
-	return ap_pstrcat(cmd->pool, "Cannot add module via name '", arg, 
-			  "': not in list of loaded modules", NULL);
-    }
-    return NULL;
-}
-
-static const char *clear_module_list_command(cmd_parms *cmd, void *dummy)
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_clear_module_list();
-    return NULL;
-}
-
-static const char *set_server_string_slot(cmd_parms *cmd, void *dummy,
-					  char *arg)
-{
-    /* This one's pretty generic... */
-  
-    int offset = (int)(long)cmd->info;
-    char *struct_ptr = (char *)cmd->server;
-    
-    const char *err = ap_check_cmd_context(cmd, 
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    *(char **)(struct_ptr + offset) = arg;
-    return NULL;
-}
-
-static const char *server_type(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (!strcasecmp(arg, "inetd")) {
-        ap_standalone = 0;
-    }
-    else if (!strcasecmp(arg, "standalone")) {
-        ap_standalone = 1;
-    }
-    else {
-        return "ServerType must be either 'inetd' or 'standalone'";
-    }
-
-    return NULL;
-}
-
-static const char *server_port(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    int port;
-
-    if (err != NULL) {
-	return err;
-    }
-    port = atoi(arg);
-    if (port <= 0 || port >= 65536) { /* 65536 == 1<<16 */
-	return ap_pstrcat(cmd->temp_pool, "The port number \"", arg, 
-			  "\" is outside the appropriate range "
-			  "(i.e., 1..65535).", NULL);
-    }
-    cmd->server->port = port;
-    return NULL;
-}
-
-static const char *set_signature_flag(cmd_parms *cmd, core_dir_config *d, 
-				      char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (strcasecmp(arg, "On") == 0) {
-	d->server_signature = srv_sig_on;
-    }
-    else if (strcasecmp(arg, "Off") == 0) {
-        d->server_signature = srv_sig_off;
-    }
-    else if (strcasecmp(arg, "EMail") == 0) {
-	d->server_signature = srv_sig_withmail;
-    }
-    else {
-	return "ServerSignature: use one of: off | on | email";
-    }
-    return NULL;
-}
-
-static const char *set_send_buffer_size(cmd_parms *cmd, void *dummy, char *arg)
-{
-    int s = atoi(arg);
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (s < 512 && s != 0) {
-        return "SendBufferSize must be >= 512 bytes, or 0 for system default.";
-    }
-    cmd->server->send_buffer_size = s;
-    return NULL;
-}
-
-static const char *set_user(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /*
-     * This is, again, tricky. on restarts, we cannot use uname2id.
-     * keep the old settings for the main server.
-     * barf out on user directives in  sections.
-     */ 
-
-    if (!cmd->server->is_virtual) {
-	if (!ap_server_is_chrooted()) {
-	    ap_user_name = arg;
-	    ap_user_id = ap_uname2id(arg);
-	}
-	cmd->server->server_uid = ap_user_id;
-    }
-    else {
-        if (ap_suexec_enabled) {
-	    if (ap_server_is_chrooted()) {
-		fprintf(stderr, "cannot look up uids once chrooted. Thus, User "
-		    "directives inside  and restarts aren't "
-		    "possible together. Please stop httpd and start a new "
-		    "one\n");
-		exit(1);
-	    } else
-		cmd->server->server_uid = ap_uname2id(arg);
-	}
-	else {
-	    cmd->server->server_uid = ap_user_id;
-	    fprintf(stderr,
-		    "Warning: User directive in  "
-		    "requires SUEXEC wrapper.\n");
-	}
-    }
-#if !defined (BIG_SECURITY_HOLE)
-    if (cmd->server->server_uid == 0) {
-	fprintf(stderr,
-		"Error:\tApache has not been designed to serve pages while\n"
-		"\trunning as root.  There are known race conditions that\n"
-		"\twill allow any local user to read any file on the system.\n"
-		"\tIf you still desire to serve pages as root then\n"
-		"\tadd -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your\n"
-		"\tsrc/Configuration file and rebuild the server.  It is\n"
-		"\tstrongly suggested that you instead modify the User\n"
-		"\tdirective in your httpd.conf file to list a non-root\n"
-		"\tuser.\n");
-	exit (1);
-    }
-#endif
-
-    return NULL;
-}
-
-static const char *set_group(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (!cmd->server->is_virtual) {
-	if (!ap_server_is_chrooted()) {
-	    ap_group_id = ap_gname2id(arg);
-	}
-	cmd->server->server_gid = ap_group_id;
-    }
-    else {
-        if (ap_suexec_enabled) {
-	    if (ap_server_is_chrooted()) {
-		fprintf(stderr, "cannot look up gids once chrooted. Thus, Group"
-		    " directives inside  and restarts aren't "
-		    "possible together. Please stop httpd and start a new "
-		    "one\n");
-		exit(1);
-	    } else
-		cmd->server->server_gid = ap_gname2id(arg);
-	}
-	else {
-	    cmd->server->server_gid = ap_group_id;
-	    fprintf(stderr,
-		    "Warning: Group directive in  requires "
-		    "SUEXEC wrapper.\n");
-	}
-    }
-
-    return NULL;
-}
-
-static const char *set_server_root(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-
-    if (err != NULL) {
-        return err;
-    }
-
-    arg = ap_os_canonical_filename(cmd->pool, arg);
-
-    /*
-     * This is a bit tricky. On startup we are not chrooted here.
-     * On restarts (graceful or not) we are (unless we're in unsecure mode).
-     * if we would strip off the chroot prefix, nothing (not even "/")
-     * would last.
-     * it's pointless to test whether ServerRoot is a directory if we are
-     * already chrooted into that. 
-     * Of course it's impossible to change ServerRoot without a full restart.
-     * should we abort with an error if ap_server_root != arg?
-     */
-
-    if (!ap_server_is_chrooted()) {
-	if (!ap_is_directory(arg)) {
-	    return "ServerRoot must be a valid directory";
-	}
-	/* ServerRoot is never '/' terminated */
-	while (strlen(ap_server_root) > 1 && ap_server_root[strlen(ap_server_root)-1] == '/')
-	    ap_server_root[strlen(ap_server_root)-1] = '\0';
-	ap_cpystrn(ap_server_root, arg, sizeof(ap_server_root));
-    }
-    return NULL;
-}
-
-static const char *set_timeout(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    cmd->server->timeout = atoi(arg);
-    return NULL;
-}
-
-static const char *set_keep_alive_timeout(cmd_parms *cmd, void *dummy,
-					  char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    cmd->server->keep_alive_timeout = atoi(arg);
-    return NULL;
-}
-
-static const char *set_keep_alive(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /* We've changed it to On/Off, but used to use numbers
-     * so we accept anything but "Off" or "0" as "On"
-     */
-    if (!strcasecmp(arg, "off") || !strcmp(arg, "0")) {
-	cmd->server->keep_alive = 0;
-    }
-    else {
-	cmd->server->keep_alive = 1;
-    }
-    return NULL;
-}
-
-static const char *set_keep_alive_max(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    cmd->server->keep_alive_max = atoi(arg);
-    return NULL;
-}
-
-static const char *set_pidfile(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (cmd->server->is_virtual) {
-	return "PidFile directive not allowed in ";
-    }
-    ap_pid_fname = arg;
-    return NULL;
-}
-
-static const char *set_scoreboard(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_scoreboard_fname = arg;
-    return NULL;
-}
-
-static const char *set_lockfile(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_lock_fname = arg;
-    return NULL;
-}
-
-static const char *set_idcheck(cmd_parms *cmd, core_dir_config *d, int arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    d->do_rfc1413 = arg != 0;
-    return NULL;
-}
-
-static const char *set_hostname_lookups(cmd_parms *cmd, core_dir_config *d,
-					char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (!strcasecmp(arg, "on")) {
-	d->hostname_lookups = HOSTNAME_LOOKUP_ON;
-    }
-    else if (!strcasecmp(arg, "off")) {
-	d->hostname_lookups = HOSTNAME_LOOKUP_OFF;
-    }
-    else if (!strcasecmp(arg, "double")) {
-	d->hostname_lookups = HOSTNAME_LOOKUP_DOUBLE;
-    }
-    else {
-	return "parameter must be 'on', 'off', or 'double'";
-    }
-    return NULL;
-}
-
-static const char *set_serverpath(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    cmd->server->path = arg;
-    cmd->server->pathlen = strlen(arg);
-    return NULL;
-}
-
-static const char *set_content_md5(cmd_parms *cmd, core_dir_config *d, int arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    d->content_md5 = arg != 0;
-    return NULL;
-}
-
-static const char *set_use_canonical_name(cmd_parms *cmd, core_dir_config *d, 
-					  char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-	return err;
-    }
-
-    if (strcasecmp(arg, "on") == 0) {
-        d->use_canonical_name = USE_CANONICAL_NAME_ON;
-    }
-    else if (strcasecmp(arg, "off") == 0) {
-        d->use_canonical_name = USE_CANONICAL_NAME_OFF;
-    }
-    else if (strcasecmp(arg, "dns") == 0) {
-        d->use_canonical_name = USE_CANONICAL_NAME_DNS;
-    }
-    else {
-        return "parameter must be 'on', 'off', or 'dns'";
-    }
-    return NULL;
-}
-
-static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_daemons_to_start = atoi(arg);
-    return NULL;
-}
-
-static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_daemons_min_free = atoi(arg);
-    if (ap_daemons_min_free <= 0) {
-       fprintf(stderr, "WARNING: detected MinSpareServers set to non-positive.\n");
-       fprintf(stderr, "Resetting to 1 to avoid almost certain Apache failure.\n");
-       fprintf(stderr, "Please read the documentation.\n");
-       ap_daemons_min_free = 1;
-    }
-       
-    return NULL;
-}
-
-static const char *set_max_free_servers(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_daemons_max_free = atoi(arg);
-    return NULL;
-}
-
-static const char *set_server_limit (cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_daemons_limit = atoi(arg);
-    if (ap_daemons_limit > HARD_SERVER_LIMIT) {
-       fprintf(stderr, "WARNING: MaxClients of %d exceeds compile time limit "
-           "of %d servers,\n", ap_daemons_limit, HARD_SERVER_LIMIT);
-       fprintf(stderr, " lowering MaxClients to %d.  To increase, please "
-           "see the\n", HARD_SERVER_LIMIT);
-       fprintf(stderr, " HARD_SERVER_LIMIT define in src/include/httpd.h.\n");
-       ap_daemons_limit = HARD_SERVER_LIMIT;
-    } 
-    else if (ap_daemons_limit < 1) {
-	fprintf(stderr, "WARNING: Require MaxClients > 0, setting to 1\n");
-	ap_daemons_limit = 1;
-    }
-    return NULL;
-}
-
-static const char *set_child_rl_cpu(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_cpu_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_child_rl_data(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_data_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_child_rl_nofile(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_nofile_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_child_rl_rss(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_rss_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_child_rl_stack(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_stack_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_max_requests(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_max_requests_per_child = atoi(arg);
-    return NULL;
-}
-
-static const char *set_threads(cmd_parms *cmd, void *dummy, char *arg) {
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_threads_per_child = atoi(arg);
-    if (ap_threads_per_child > HARD_SERVER_LIMIT) {
-        fprintf(stderr, "WARNING: ThreadsPerChild of %d exceeds compile time limit "
-                "of %d threads,\n", ap_threads_per_child, HARD_SERVER_LIMIT);
-        fprintf(stderr, " lowering ThreadsPerChild to %d.  To increase, please "
-                "see the\n", HARD_SERVER_LIMIT);
-        fprintf(stderr, " HARD_SERVER_LIMIT define in src/include/httpd.h.\n");
-        ap_threads_per_child = HARD_SERVER_LIMIT;
-    } 
-    else if (ap_threads_per_child < 1) {
-	fprintf(stderr, "WARNING: Require ThreadsPerChild > 0, setting to 1\n");
-	ap_threads_per_child = 1;
-    }
-
-    return NULL;
-}
-
-static const char *set_excess_requests(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_excess_requests_per_child = atoi(arg);
-    return NULL;
-}
-
-
-static void set_rlimit(cmd_parms *cmd, struct rlimit **plimit, const char *arg,
-                       const char * arg2, int type)
-{
-    char *str;
-    struct rlimit *limit;
-    /* If your platform doesn't define rlim_t then typedef it in ap_config.h */
-    rlim_t cur = 0;
-    rlim_t max = 0;
-
-    *plimit = (struct rlimit *)ap_pcalloc(cmd->pool, sizeof(**plimit));
-    limit = *plimit;
-    if ((getrlimit(type, limit)) != 0)	{
-	*plimit = NULL;
-	ap_log_error(APLOG_MARK, APLOG_ERR, cmd->server,
-		     "%s: getrlimit failed", cmd->cmd->name);
-	return;
-    }
-
-    if ((str = ap_getword_conf(cmd->pool, &arg))) {
-	if (!strcasecmp(str, "max")) {
-	    cur = limit->rlim_max;
-	}
-	else {
-	    cur = atol(str);
-	}
-    }
-    else {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, cmd->server,
-		     "Invalid parameters for %s", cmd->cmd->name);
-	return;
-    }
-    
-    if (arg2 && (str = ap_getword_conf(cmd->pool, &arg2))) {
-	max = atol(str);
-    }
-
-    /* if we aren't running as root, cannot increase max */
-    if (geteuid()) {
-	limit->rlim_cur = cur;
-	if (max) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, cmd->server,
-			 "Must be uid 0 to raise maximum %s", cmd->cmd->name);
-	}
-    }
-    else {
-        if (cur) {
-	    limit->rlim_cur = cur;
-	}
-        if (max) {
-	    limit->rlim_max = max;
-	}
-    }
-}
-
-static const char *set_limit_cpu(cmd_parms *cmd, core_dir_config *conf, 
-				 char *arg, char *arg2)
-{
-    set_rlimit(cmd, &conf->limit_cpu, arg, arg2, RLIMIT_CPU);
-    return NULL;
-}
-
-static const char *set_limit_mem(cmd_parms *cmd, core_dir_config *conf, 
-				 char *arg, char * arg2)
-{
-    set_rlimit(cmd, &conf->limit_mem, arg, arg2, RLIMIT_DATA);
-    return NULL;
-}
-
-static const char *set_limit_nproc(cmd_parms *cmd, core_dir_config *conf,  
-				   char *arg, char * arg2)
-{
-    set_rlimit(cmd, &conf->limit_nproc, arg, arg2, RLIMIT_NPROC);
-    return NULL;
-}
-
-static const char *set_limit_nofile(cmd_parms *cmd, core_dir_config *conf,  
-				   char *arg, char * arg2)
-{
-    set_rlimit(cmd, &conf->limit_nofile, arg, arg2, RLIMIT_NOFILE);
-    return NULL;
-}
-
-static const char *set_bind_address(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    struct addrinfo hints, *res;
-    struct sockaddr *sa;
-    size_t sa_len;
-    int error;
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (strcmp(arg, "*") == 0)
-      arg = NULL;
-
-    sa = ap_get_virthost_addr(arg, NULL);
-#ifdef HAVE_SOCKADDR_LEN
-    sa_len = sa->sa_len;
-#else
-    sa_len = SA_LEN(sa);
-#endif
-    memcpy(&ap_bind_address, &sa, sa_len);
-    return NULL;
-}
-
-
-/* Though the AcceptFilter functionality is not available across
- * all platforms - we still allow the config directive to appear
- * on all platforms and do intentionally not tie it to the compile
- * time flag SO_ACCEPTFILTER. This makes configuration files significantly
- * more portable; especially as an  or some
- * other construct is not possible.
- */
-static const char *set_acceptfilter(cmd_parms *cmd, void *dummy, int flag)
-{
-    return NULL;
-}
-
-static const char *set_listener(cmd_parms *cmd, void *dummy, char *h, char *p)
-{
-    listen_rec *new;
-    char *host, *port, *endptr;
-    struct addrinfo hints, *res;
-    int error;
-    
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    host = port = NULL;
-    if (!p) {
-      port = strrchr(h, ':');
-      if (port != NULL) {
-	if (port == h) {
-	    return "Missing IP address";
-	}
-	else if (port[1] == '\0') {
-	    return "Address must end in :";
-	}
-	*(port++) = '\0';
-	if (*h)
-	    host = h;
-      } else {
-	host = NULL;
-	port = h;
-      }
-    } else {
-      host = h;
-      port = p;
-    }
-
-    /* strip [] for ipv6 before calling getaddrinfo */
-    if (host && host[0] == '[') {
-      if (strlen(host) < 2 || host[strlen(host) - 1] != ']')
-        return "Malformed IPv6 Address in :";
-      host[strlen(host) - 1] = 0;
-      host++;
-    }
-
-    if (host && strcmp(host, "*") == 0)
-      host = NULL;
-
-    new = ap_pcalloc(cmd->pool, sizeof(listen_rec));
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = host ? PF_UNSPEC : ap_default_family;
-    hints.ai_flags = AI_PASSIVE;
-    hints.ai_socktype = SOCK_STREAM;
-    error = getaddrinfo(host, port, &hints, &res);
-    if (error || !res) {
-      fprintf(stderr, "could not resolve ");
-      if (host)
-	fprintf(stderr, "host \"%s\" ", host);
-      if (port)
-        fprintf(stderr, "port \"%s\" ", port);
-      fprintf(stderr, "--- %s\n", gai_strerror(error));
-      exit(1);
-    }
-    if (res->ai_next) {
-	if (host)
-	  fprintf(stderr, "host \"%s\" ", host);
-	if (port)
-	  fprintf(stderr, "port \"%s\" ", port);
-	fprintf(stderr, "resolved to multiple addresses, ambiguous.\n");
-	exit(1);
-    }
-
-    memcpy(&new->local_addr, res->ai_addr, res->ai_addrlen);
-
-    new->fd = -1;
-    new->used = 0;
-    new->next = ap_listeners;
-    ap_listeners = new;
-    return NULL;
-}
-
-static const char *set_listenbacklog(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    int b;
-
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    b = atoi(arg);
-    if (b < 1) {
-        return "ListenBacklog must be > 0";
-    }
-    ap_listenbacklog = b;
-    return NULL;
-}
-
-static const char *set_coredumpdir (cmd_parms *cmd, void *dummy, char *arg) 
-{
-    struct stat finfo;
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    arg = ap_server_root_relative(cmd->pool, arg);
-    if ((stat(arg, &finfo) == -1) || !S_ISDIR(finfo.st_mode)) {
-	return ap_pstrcat(cmd->pool, "CoreDumpDirectory ", arg, 
-			  " does not exist or is not a directory", NULL);
-    }
-    ap_cpystrn(ap_coredump_dir, arg, sizeof(ap_coredump_dir));
-    return NULL;
-}
-
-static const char *include_config (cmd_parms *cmd, void *dummy, char *name)
-{
-    name = ap_server_root_relative(cmd->pool, name);
-    
-    ap_process_resource_config(cmd->server, name, cmd->pool, cmd->temp_pool);
-
-    return NULL;
-}
-
-static const char *set_loglevel(cmd_parms *cmd, void *dummy, const char *arg) 
-{
-    char *str;
-    
-    const char *err = ap_check_cmd_context(cmd,
-					   NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    if ((str = ap_getword_conf(cmd->pool, &arg))) {
-        if (!strcasecmp(str, "emerg")) {
-	    cmd->server->loglevel = APLOG_EMERG;
-	}
-	else if (!strcasecmp(str, "alert")) {
-	    cmd->server->loglevel = APLOG_ALERT;
-	}
-	else if (!strcasecmp(str, "crit")) {
-	    cmd->server->loglevel = APLOG_CRIT;
-	}
-	else if (!strcasecmp(str, "error")) {
-	    cmd->server->loglevel = APLOG_ERR;
-	}
-	else if (!strcasecmp(str, "warn")) {
-	    cmd->server->loglevel = APLOG_WARNING;
-	}
-	else if (!strcasecmp(str, "notice")) {
-	    cmd->server->loglevel = APLOG_NOTICE;
-	}
-	else if (!strcasecmp(str, "info")) {
-	    cmd->server->loglevel = APLOG_INFO;
-	}
-	else if (!strcasecmp(str, "debug")) {
-	    cmd->server->loglevel = APLOG_DEBUG;
-	}
-	else {
-            return "LogLevel requires level keyword: one of "
-	           "emerg/alert/crit/error/warn/notice/info/debug";
-	}
-    }
-    else {
-        return "LogLevel requires level keyword";
-    }
-
-    return NULL;
-}
-
-API_EXPORT(const char *) ap_psignature(const char *prefix, request_rec *r)
-{
-    char sport[20];
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-						   &core_module);
-    if ((conf->server_signature == srv_sig_off)
-	    || (conf->server_signature == srv_sig_unset)) {
-	return "";
-    }
-
-    ap_snprintf(sport, sizeof sport, "%u", (unsigned) ap_get_server_port(r));
-
-    if (conf->server_signature == srv_sig_withmail) {
-	return ap_pstrcat(r->pool, prefix, "
" SERVER_BASEVERSION
-			  " Server at server->server_admin, "\">",
-			  ap_escape_html(r->pool, ap_get_server_name(r)),
-                          " Port ", sport,
-			  "
\n", NULL);
-    }
-    return ap_pstrcat(r->pool, prefix, "
" SERVER_BASEVERSION
-		      " Server at ",
-                      ap_escape_html(r->pool, ap_get_server_name(r)),
-                      " Port ", sport,
-		      "
\n", NULL);
-}
-
-/*
- * Load an authorisation realm into our location configuration, applying the
- * usual rules that apply to realms.
- */
-static const char *set_authname(cmd_parms *cmd, void *mconfig, char *word1)
-{
-    core_dir_config *aconfig = (core_dir_config *)mconfig;
-
-    aconfig->ap_auth_name = ap_escape_quotes(cmd->pool, word1);
-    return NULL;
-}
-
-/*
- * Load an authorisation nonce into our location configuration, and
- * force it to be in the 0-9/A-Z realm.
- */
-static const char *set_authnonce (cmd_parms *cmd, void *mconfig, char *word1)
-{
-    core_dir_config *aconfig = (core_dir_config *)mconfig;
-    size_t i;
-
-    aconfig->ap_auth_nonce = ap_escape_quotes(cmd->pool, word1);
-
-    if (strlen(aconfig->ap_auth_nonce) > 510)
-       return "AuthDigestRealmSeed length limited to 510 chars for browser compatibility";
-
-    for(i=0;iap_auth_nonce );i++)
-       if (!ap_isalnum(aconfig->ap_auth_nonce [i]))
-         return "AuthDigestRealmSeed limited to 0-9 and A-Z range for browser compatibility";
-
-    return NULL;
-}
-
-
-static const char *set_protocol_req_check(cmd_parms *cmd,
-                                              core_dir_config *d, int arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_protocol_req_check = arg != 0;
-    return NULL;
-}
-
-static const char *set_change_shmem_uid(cmd_parms *cmd,
-                                              core_dir_config *d, int arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    ap_change_shmem_uid = arg != 0;
-    return NULL;
-}
-
-/*
- * Handle a request to include the server's OS platform in the Server
- * response header field (the ServerTokens directive).  Unfortunately
- * this requires a new global in order to communicate the setting back to
- * http_main so it can insert the information in the right place in the
- * string.
- */
-static const char *set_serv_tokens(cmd_parms *cmd, void *dummy, char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-
-    if (!strcasecmp(arg, "OS")) {
-        ap_server_tokens = SrvTk_OS;
-    }
-    else if (!strcasecmp(arg, "Min") || !strcasecmp(arg, "Minimal")) {
-        ap_server_tokens = SrvTk_MIN;
-    }
-    else if (!strcasecmp(arg, "Full")) {
-        ap_server_tokens = SrvTk_FULL;
-    }
-    else if (!strcasecmp(arg, "Prod") || !strcasecmp(arg, "ProductOnly")) {
-        ap_server_tokens = SrvTk_PRODUCT_ONLY;
-    }
-    else {
-	return ap_pstrcat(cmd->pool, "Unrecognised ServerTokens keyword: ",
-			  arg, NULL);
-    }
-    return NULL;
-}
-
-static const char *set_limit_req_line(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd,
-                                           NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    int lim;
-
-    if (err != NULL) {
-        return err;
-    }
-    lim = atoi(arg);
-    if (lim < 0) {
-        return ap_pstrcat(cmd->temp_pool, "LimitRequestLine \"", arg, 
-                          "\" must be a non-negative integer", NULL);
-    }
-    if (lim > DEFAULT_LIMIT_REQUEST_LINE) {
-        return ap_psprintf(cmd->temp_pool, "LimitRequestLine \"%s\" "
-                           "must not exceed the precompiled maximum of %d",
-                           arg, DEFAULT_LIMIT_REQUEST_LINE);
-    }
-    cmd->server->limit_req_line = lim;
-    return NULL;
-}
-
-static const char *set_limit_req_fieldsize(cmd_parms *cmd, void *dummy,
-                                           char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd,
-                                           NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    int lim;
-
-    if (err != NULL) {
-        return err;
-    }
-    lim = atoi(arg);
-    if (lim < 0) {
-        return ap_pstrcat(cmd->temp_pool, "LimitRequestFieldsize \"", arg, 
-                          "\" must be a non-negative integer (0 = no limit)",
-                          NULL);
-    }
-    if (lim > DEFAULT_LIMIT_REQUEST_FIELDSIZE) {
-        return ap_psprintf(cmd->temp_pool, "LimitRequestFieldsize \"%s\" "
-                          "must not exceed the precompiled maximum of %d",
-                           arg, DEFAULT_LIMIT_REQUEST_FIELDSIZE);
-    }
-    cmd->server->limit_req_fieldsize = lim;
-    return NULL;
-}
-
-static const char *set_limit_req_fields(cmd_parms *cmd, void *dummy, char *arg)
-{
-    const char *err = ap_check_cmd_context(cmd,
-                                           NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    int lim;
-
-    if (err != NULL) {
-        return err;
-    }
-    lim = atoi(arg);
-    if (lim < 0) {
-        return ap_pstrcat(cmd->temp_pool, "LimitRequestFields \"", arg, 
-                          "\" must be a non-negative integer (0 = no limit)",
-                          NULL);
-    }
-    cmd->server->limit_req_fields = lim;
-    return NULL;
-}
-
-static const char *set_limit_req_body(cmd_parms *cmd, core_dir_config *conf,
-                                      char *arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
-    if (err != NULL) {
-        return err;
-    }
-
-    /* WTF: If strtoul is not portable, then write a replacement.
-     *      Instead we have an idiotic define in httpd.h that prevents
-     *      it from being used even when it is available. Sheesh.
-     */
-    conf->limit_req_body = (unsigned long)ap_strtol(arg, (char **)NULL, 10);
-    return NULL;
-}
-
-
-static const char *set_cgi_command_args(cmd_parms *cmd,
-                                              void *mconfig,
-                                              int arg)
-{
-    core_dir_config *cfg = (core_dir_config *)mconfig;
-    cfg->cgi_command_args = arg ? AP_FLAG_ON : AP_FLAG_OFF;
-    return NULL;
-}
-
-/*
- * Note what data should be used when forming file ETag values.
- * It would be nicer to do this as an ITERATE, but then we couldn't
- * remember the +/- state properly.
- */
-static const char *set_etag_bits(cmd_parms *cmd, void *mconfig,
-                                 const char *args_p)
-{
-    core_dir_config *cfg;
-    etag_components_t bit;
-    char action;
-    char *token;
-    const char *args;
-    int valid;
-    int first;
-    int explicit;
-
-    cfg = (core_dir_config *) mconfig;
-
-    args = args_p;
-    first = 1;
-    explicit = 0;
-    while (args[0] != '\0') {
-        action = '*';
-        bit = ETAG_UNSET;
-        valid = 1;
-        token = ap_getword_conf(cmd->pool, &args);
-        if ((*token == '+') || (*token == '-')) {
-            action = *token;
-            token++;
-        }
-        else {
-            /*
-             * The occurrence of an absolute setting wipes
-             * out any previous relative ones.  The first such
-             * occurrence forgets any inherited ones, too.
-             */
-            if (first) {
-                cfg->etag_bits = ETAG_UNSET;
-                cfg->etag_add = ETAG_UNSET;
-                cfg->etag_remove = ETAG_UNSET;
-                first = 0;
-            }
-        }
-
-        if (strcasecmp(token, "None") == 0) {
-            if (action != '*') {
-                valid = 0;
-            }
-            else {
-                cfg->etag_bits = bit = ETAG_NONE;
-                explicit = 1;
-            }
-        }
-        else if (strcasecmp(token, "All") == 0) {
-            if (action != '*') {
-                valid = 0;
-            }
-            else {
-                explicit = 1;
-                cfg->etag_bits = bit = ETAG_ALL;
-            }
-        }
-        else if (strcasecmp(token, "Size") == 0) {
-            bit = ETAG_SIZE;
-        }
-        else if ((strcasecmp(token, "LMTime") == 0)
-                 || (strcasecmp(token, "MTime") == 0)
-                 || (strcasecmp(token, "LastModified") == 0)) {
-            bit = ETAG_MTIME;
-        }
-        else if (strcasecmp(token, "INode") == 0) {
-            bit = ETAG_INODE;
-        }
-        else {
-            return ap_pstrcat(cmd->pool, "Unknown keyword '",
-                              token, "' for ", cmd->cmd->name,
-                              " directive", NULL);
-        }
-
-        if (! valid) {
-            return ap_pstrcat(cmd->pool, cmd->cmd->name, " keyword '",
-                              token, "' cannot be used with '+' or '-'",
-                              NULL);
-        }
-
-        if (action == '+') {
-            /*
-             * Make sure it's in the 'add' list and absent from the
-             * 'subtract' list.
-             */
-            cfg->etag_add |= bit;
-            cfg->etag_remove &= (~ bit);
-        }
-        else if (action == '-') {
-            cfg->etag_remove |= bit;
-            cfg->etag_add &= (~ bit);
-        }
-        else {
-            /*
-             * Non-relative values wipe out any + or - values
-             * accumulated so far.
-             */
-            cfg->etag_bits |= bit;
-            cfg->etag_add = ETAG_UNSET;
-            cfg->etag_remove = ETAG_UNSET;
-            explicit = 1;
-        }
-    }
-
-    /*
-     * Any setting at all will clear the 'None' and 'Unset' bits.
-     */
-
-    if (cfg->etag_add != ETAG_UNSET) {
-        cfg->etag_add &= (~ ETAG_UNSET);
-    }
-    if (cfg->etag_remove != ETAG_UNSET) {
-        cfg->etag_remove &= (~ ETAG_UNSET);
-    }
-    if (explicit) {
-        cfg->etag_bits &= (~ ETAG_UNSET);
-        if ((cfg->etag_bits & ETAG_NONE) != ETAG_NONE) {
-            cfg->etag_bits &= (~ ETAG_NONE);
-        }
-    }
-    return NULL;
-}
-
-static const char *set_recursion_limit(cmd_parms *cmd, void *dummy,
-                                       const char *arg1, const char *arg2)
-{
-    core_server_config *conf = ap_get_module_config(cmd->server->module_config,
-                                                    &core_module);
-    int limit = atoi(arg1);
-
-    if (limit < 0) {
-        return "The redirect recursion limit cannot be less than zero.";
-    }
-    if (limit && limit < 4) {
-        ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, cmd->server,
-                     "Limiting internal redirects to very low numbers may "
-                     "cause normal requests to fail.");
-    }
-
-    conf->redirect_limit = limit;
-
-    if (arg2) {
-        limit = atoi(arg2);
-
-        if (limit < 0) {
-            return "The subrequest recursion limit cannot be less than zero.";
-        }
-        if (limit && limit < 4) {
-            ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, cmd->server,
-                         "Limiting the subrequest depth to a very low level may"
-                         " cause normal requests to fail.");
-        }
-    }
-
-    conf->subreq_limit = limit;
-    conf->recursion_limit_set = 1;
-
-    return NULL;
-}
-
-static void log_backtrace(const request_rec *r)
-{
-    const request_rec *top = r;
-
-    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                  "r->uri = %s", r->uri ? r->uri : "(unexpectedly NULL)");
-
-    while (top && (top->prev || top->main)) {
-        if (top->prev) {
-            top = top->prev;
-            ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                          "redirected from r->uri = %s",
-                          top->uri ? top->uri : "(unexpectedly NULL)");
-        }
-
-        if (!top->prev && top->main) {
-            top = top->main;
-            ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                          "subrequested from r->uri = %s",
-                          top->uri ? top->uri : "(unexpectedly NULL)");
-        }
-    }
-}
-
-/*
- * check whether redirect limit is reached
- */
-API_EXPORT(int) ap_is_recursion_limit_exceeded(const request_rec *r)
-{
-    core_server_config *conf = ap_get_module_config(r->server->module_config,
-                                                    &core_module);
-    const request_rec *top = r;
-    int redirects = 0, subreqs = 0;
-    int rlimit = conf->recursion_limit_set
-                 ? conf->redirect_limit
-                 : AP_DEFAULT_MAX_INTERNAL_REDIRECTS;
-    int slimit = conf->recursion_limit_set
-                 ? conf->subreq_limit
-                 : AP_DEFAULT_MAX_SUBREQ_DEPTH;
-
-    /* fast exit (unlimited) */
-    if (!rlimit && !slimit) {
-        return 0;
-    }
-
-    while (top->prev || top->main) {
-        if (top->prev) {
-            if (rlimit && ++redirects >= rlimit) {
-                /* uuh, too much. */
-                ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-                              "Request exceeded the limit of %d internal "
-                              "redirects due to probable configuration error. "
-                              "Use 'LimitInternalRecursion' to increase the "
-                              "limit if necessary. Use 'LogLevel debug' to get "
-                              "a backtrace.", rlimit);
-
-                /* post backtrace */
-                log_backtrace(r);
-
-                /* return failure */
-                return 1;
-            }
-
-            top = top->prev;
-        }
-
-        if (!top->prev && top->main) {
-            if (slimit && ++subreqs >= slimit) {
-                /* uuh, too much. */
-                ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-                              "Request exceeded the limit of %d subrequest "
-                              "nesting levels due to probable confguration "
-                              "error. Use 'LimitInternalRecursion' to increase "
-                              "the limit if necessary. Use 'LogLevel debug' to "
-                              "get a backtrace.", slimit);
-
-                /* post backtrace */
-                log_backtrace(r);
-
-                /* return failure */
-                return 1;
-            }
-
-            top = top->main;
-        }
-    }
-
-    /* recursion state: ok */
-    return 0;
-}
-
-/* Note --- ErrorDocument will now work from .htaccess files.  
- * The AllowOverride of Fileinfo allows webmasters to turn it off
- */
-
-static const command_rec core_cmds[] = {
-
-/* Old access config file commands */
-
-{ "" },
-{ "" },
-{ "" },
-{ "" },
-{ "", endlimit_section, NULL, OR_ALL, NO_ARGS,
-  "Marks end of " },
-{ "", endlimit_section, (void*)1, OR_ALL, NO_ARGS,
-  "Marks end of " },
-{ "" },
-{ "" },
-{ "" },
-{ "" },
-{ "" },
-{ "AuthType", ap_set_string_slot,
-  (void*)XtOffsetOf(core_dir_config, ap_auth_type), OR_AUTHCFG, TAKE1,
-  "An HTTP authorization type (e.g., \"Basic\")" },
-{ "AuthName", set_authname, NULL, OR_AUTHCFG, TAKE1,
-  "The authentication realm (e.g. \"Members Only\")" },
-{ "AuthDigestRealmSeed", set_authnonce, NULL, OR_AUTHCFG, TAKE1,
-  "An authentication token which should be different for each logical realm. "\
-  "A random value or the servers IP may be a good choise.\n" },
-{ "Require", require, NULL, OR_AUTHCFG, RAW_ARGS,
-  "Selects which authenticated users or groups may access a protected space" },
-{ "Satisfy", satisfy, NULL, OR_AUTHCFG, TAKE1,
-  "access policy if both allow and require used ('all' or 'any')" },    
-#ifdef GPROF
-{ "GprofDir", set_gprof_dir, NULL, RSRC_CONF, TAKE1,
-  "Directory to plop gmon.out files" },
-#endif
-{ "AddDefaultCharset", set_add_default_charset, NULL, OR_FILEINFO, 
-  TAKE1, "The name of the default charset to add to any Content-Type without one or 'Off' to disable" },
-
-/* Old resource config file commands */
-  
-{ "AccessFileName", set_access_name, NULL, RSRC_CONF, RAW_ARGS,
-  "Name(s) of per-directory config files (default: .htaccess)" },
-{ "DocumentRoot", set_document_root, NULL, RSRC_CONF, TAKE1,
-  "Root directory of the document tree"  },
-{ "ErrorDocument", set_error_document, NULL, OR_FILEINFO, RAW_ARGS,
-  "Change responses for HTTP errors" },
-{ "AllowOverride", set_override, NULL, ACCESS_CONF, RAW_ARGS,
-  "Controls what groups of directives can be configured by per-directory "
-  "config files" },
-{ "Options", set_options, NULL, OR_OPTIONS, RAW_ARGS,
-  "Set a number of attributes for a given directory" },
-{ "DefaultType", ap_set_string_slot,
-  (void*)XtOffsetOf (core_dir_config, ap_default_type),
-  OR_FILEINFO, TAKE1, "the default MIME type for untypable files" },
-
-/* Old server config file commands */
-
-{ "ServerType", server_type, NULL, RSRC_CONF, TAKE1,
-  "'inetd' or 'standalone'"},
-{ "Port", server_port, NULL, RSRC_CONF, TAKE1, "A TCP port number"},
-{ "HostnameLookups", set_hostname_lookups, NULL, ACCESS_CONF|RSRC_CONF, TAKE1,
-  "\"on\" to enable, \"off\" to disable reverse DNS lookups, or \"double\" to "
-  "enable double-reverse DNS lookups" },
-{ "User", set_user, NULL, RSRC_CONF, TAKE1,
-  "Effective user id for this server"},
-{ "Group", set_group, NULL, RSRC_CONF, TAKE1,
-  "Effective group id for this server"},
-{ "ServerAdmin", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, server_admin), RSRC_CONF, TAKE1,
-  "The email address of the server administrator" },
-{ "ServerName", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, server_hostname), RSRC_CONF, TAKE1,
-  "The hostname of the server" },
-{ "ServerSignature", set_signature_flag, NULL, OR_ALL, TAKE1,
-  "En-/disable server signature (on|off|email)" },
-{ "ServerRoot", set_server_root, NULL, RSRC_CONF, TAKE1,
-  "Common directory of server-related files (logs, confs, etc.)" },
-{ "ErrorLog", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, error_fname), RSRC_CONF, TAKE1,
-  "The filename of the error log" },
-{ "PidFile", set_pidfile, NULL, RSRC_CONF, TAKE1,
-    "A file for logging the server process ID"},
-{ "ScoreBoardFile", set_scoreboard, NULL, RSRC_CONF, TAKE1,
-    "A file for Apache to maintain runtime process management information"},
-{ "LockFile", set_lockfile, NULL, RSRC_CONF, TAKE1,
-    "The lockfile used when Apache needs to lock the accept() call"},
-{ "AccessConfig", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, access_confname), RSRC_CONF, TAKE1,
-  "The filename of the access config file" },
-{ "ResourceConfig", set_server_string_slot,
-  (void *)XtOffsetOf (server_rec, srm_confname), RSRC_CONF, TAKE1,
-  "The filename of the resource config file" },
-{ "ServerAlias", set_server_alias, NULL, RSRC_CONF, RAW_ARGS,
-  "A name or names alternately used to access the server" },
-{ "ServerPath", set_serverpath, NULL, RSRC_CONF, TAKE1,
-  "The pathname the server can be reached at" },
-{ "Timeout", set_timeout, NULL, RSRC_CONF, TAKE1, "Timeout duration (sec)" },
-{ "KeepAliveTimeout", set_keep_alive_timeout, NULL, RSRC_CONF, TAKE1,
-  "Keep-Alive timeout duration (sec)"},
-{ "MaxKeepAliveRequests", set_keep_alive_max, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of Keep-Alive requests per connection, or 0 for infinite" },
-{ "KeepAlive", set_keep_alive, NULL, RSRC_CONF, TAKE1,
-  "Whether persistent connections should be On or Off" },
-{ "IdentityCheck", set_idcheck, NULL, RSRC_CONF|ACCESS_CONF, FLAG,
-  "Enable identd (RFC 1413) user lookups - SLOW" },
-{ "ContentDigest", set_content_md5, NULL, OR_OPTIONS,
-  FLAG, "whether or not to send a Content-MD5 header with each request" },
-{ "UseCanonicalName", set_use_canonical_name, NULL,
-  RSRC_CONF|ACCESS_CONF, TAKE1,
-  "How to work out the ServerName : Port when constructing URLs" },
-{ "StartServers", set_daemons_to_start, NULL, RSRC_CONF, TAKE1,
-  "Number of child processes launched at server startup" },
-{ "MinSpareServers", set_min_free_servers, NULL, RSRC_CONF, TAKE1,
-  "Minimum number of idle children, to handle request spikes" },
-{ "MaxSpareServers", set_max_free_servers, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of idle children" },
-{ "MaxServers", set_max_free_servers, NULL, RSRC_CONF, TAKE1,
-  "Deprecated equivalent to MaxSpareServers" },
-{ "ServersSafetyLimit", set_server_limit, NULL, RSRC_CONF, TAKE1,
-  "Deprecated equivalent to MaxClients" },
-{ "MaxClients", set_server_limit, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of children alive at the same time" },
-{ "MaxRequestsPerChild", set_max_requests, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of requests a particular child serves before dying." },
-{ "MaxCPUPerChild", set_child_rl_cpu, NULL, RSRC_CONF, TAKE1,
-  "Maximum amount of CPU time a child can use (rlimit)." },
-{ "MaxDATAPerChild", set_child_rl_data, NULL, RSRC_CONF, TAKE1,
-  "Maximum size of the data segment for a child process (rlimit)." },
-{ "MaxNOFILEPerChild", set_child_rl_nofile, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of open file descriptors a child can have (rlimit)." },
-{ "MaxRSSPerChild", set_child_rl_rss, NULL, RSRC_CONF, TAKE1,
-  "Maximum amount of physical memory a child can use (rlimit)." },
-{ "MaxSTACKPerChild", set_child_rl_stack, NULL, RSRC_CONF, TAKE1,
-  "Maximum amount of stack space a child can use (rlimit)." },
-{ "RLimitCPU",
-  set_limit_cpu, (void*)XtOffsetOf(core_dir_config, limit_cpu),
-  OR_ALL, TAKE12, "Soft/hard limits for max CPU usage in seconds" },
-{ "RLimitMEM",
-  set_limit_mem, (void*)XtOffsetOf(core_dir_config, limit_mem),
-  OR_ALL, TAKE12, "Soft/hard limits for max memory usage per process" },
-{ "RLimitNPROC",
-  set_limit_nproc, (void*)XtOffsetOf(core_dir_config, limit_nproc),
-   OR_ALL, TAKE12, "soft/hard limits for max number of processes per uid" },
-{ "RLimitNOFILE",
-  set_limit_nofile, (void*)XtOffsetOf(core_dir_config, limit_nofile),
-   OR_ALL, TAKE12, "soft/hard limits for max number of files per process" },
-{ "BindAddress", set_bind_address, NULL, RSRC_CONF, TAKE1,
-  "'*', a numeric IP address, or the name of a host with a unique IP address"},
-{ "Listen", set_listener, NULL, RSRC_CONF, TAKE12,
-  "A port number or a numeric IP address and a port number"},
-{ "SendBufferSize", set_send_buffer_size, NULL, RSRC_CONF, TAKE1,
-  "Send buffer size in bytes"},
-{ "AddModule", add_module_command, NULL, RSRC_CONF, ITERATE,
-  "The name of a module" },
-{ "ClearModuleList", clear_module_list_command, NULL, RSRC_CONF, NO_ARGS, 
-  NULL },
-{ "ThreadsPerChild", set_threads, NULL, RSRC_CONF, TAKE1,
-  "Number of threads a child creates" },
-{ "ExcessRequestsPerChild", set_excess_requests, NULL, RSRC_CONF, TAKE1,
-  "Maximum number of requests a particular child serves after it is ready "
-  "to die." },
-{ "ListenBacklog", set_listenbacklog, NULL, RSRC_CONF, TAKE1,
-  "Maximum length of the queue of pending connections, as used by listen(2)" },
-{ "AcceptFilter", set_acceptfilter, NULL, RSRC_CONF, FLAG,
-  "Switch AcceptFiltering on/off (default is "
-	"on"
-	")."
-	"This feature is currently not compiled in; so this directive "
-	"is ignored."
-   },
-{ "CoreDumpDirectory", set_coredumpdir, NULL, RSRC_CONF, TAKE1,
-  "The location of the directory Apache changes to before dumping core" },
-{ "Include", include_config, NULL, (RSRC_CONF | ACCESS_CONF), TAKE1,
-  "Name of the config file to be included" },
-{ "LogLevel", set_loglevel, NULL, RSRC_CONF, TAKE1,
-  "Level of verbosity in error logging" },
-{ "NameVirtualHost", ap_set_name_virtual_host, NULL, RSRC_CONF, TAKE12,
-  "A numeric IP address:port, or the name of a host" },
-{ "CGICommandArgs", set_cgi_command_args, NULL, OR_OPTIONS, FLAG,
-  "Allow or Disallow CGI requests to pass args on the command line" },
-{ "ServerTokens", set_serv_tokens, NULL, RSRC_CONF, TAKE1,
-  "Tokens displayed in the Server: header - Min[imal], OS, Prod[uctOnly], Full" },
-{ "LimitRequestLine", set_limit_req_line, NULL, RSRC_CONF, TAKE1,
-  "Limit on maximum size of an HTTP request line"},
-{ "LimitRequestFieldsize", set_limit_req_fieldsize, NULL, RSRC_CONF, TAKE1,
-  "Limit on maximum size of an HTTP request header field"},
-{ "LimitRequestFields", set_limit_req_fields, NULL, RSRC_CONF, TAKE1,
-  "Limit (0 = unlimited) on max number of header fields in a request message"},
-{ "LimitRequestBody", set_limit_req_body,
-  (void*)XtOffsetOf(core_dir_config, limit_req_body),
-  OR_ALL, TAKE1,
-  "Limit (in bytes) on maximum size of request message body" },
-{ "ProtocolReqCheck", set_protocol_req_check, NULL, RSRC_CONF, FLAG,
-  "Enable strict checking of Protocol type in requests" },
-{ "ShmemUIDisUser", set_change_shmem_uid, NULL, RSRC_CONF, FLAG,
-  "Enable the setting of SysV shared memory scoreboard uid/gid to User/Group" },
-{ "AcceptMutex", set_accept_mutex, NULL, RSRC_CONF, TAKE1,
-  "Serialized Accept Mutex; the methods " 
-    "'sysvsem' "
-    "'flock' "
-    "are compiled in"
-},
-
-{ "FileETag", set_etag_bits, NULL, OR_FILEINFO, RAW_ARGS,
-  "Specify components used to construct a file's ETag"},
-
-{ "LimitInternalRecursion", set_recursion_limit, NULL, RSRC_CONF, TAKE12,
-  "maximum recursion depth of internal redirects and subrequests"},
-
-{ NULL }
-};
-
-/*****************************************************************
- *
- * Core handlers for various phases of server operation...
- */
-
-static int core_translate(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    core_server_config *conf = ap_get_module_config(sconf, &core_module);
-  
-    if (r->proxyreq != NOT_PROXY) {
-        return HTTP_FORBIDDEN;
-    }
-    if ((r->uri[0] != '/') && strcmp(r->uri, "*")) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		     "Invalid URI in request %s", r->the_request);
-	return BAD_REQUEST;
-    }
-    
-    if (r->server->path 
-	&& !strncmp(r->uri, r->server->path, r->server->pathlen)
-	&& (r->server->path[r->server->pathlen - 1] == '/'
-	    || r->uri[r->server->pathlen] == '/'
-	    || r->uri[r->server->pathlen] == '\0')) {
-        r->filename = ap_pstrcat(r->pool, conf->ap_document_root,
-				 (r->uri + r->server->pathlen), NULL);
-    }
-    else {
-	/*
-         * Make sure that we do not mess up the translation by adding two
-         * /'s in a row.  This happens under windows when the document
-         * root ends with a /
-         */
-        if ((conf->ap_document_root[strlen(conf->ap_document_root)-1] == '/')
-	    && (*(r->uri) == '/')) {
-	    r->filename = ap_pstrcat(r->pool, conf->ap_document_root, r->uri+1,
-				     NULL);
-	}
-	else {
-	    r->filename = ap_pstrcat(r->pool, conf->ap_document_root, r->uri,
-				     NULL);
-	}
-    }
-
-    return OK;
-}
-
-static int do_nothing(request_rec *r) { return OK; }
-
-struct mmap_rec {
-    void *mm;
-    size_t length;
-};
-
-static void mmap_cleanup(void *mmv)
-{
-    struct mmap_rec *mmd = mmv;
-
-    if (munmap(mmd->mm, mmd->length) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, NULL,
-                     "Failed to munmap memory of length %ld at 0x%lx",
-                     (long) mmd->length, (long) mmd->mm);
-    }
-}
-
-/*
- * Default handler for MIME types without other handlers.  Only GET
- * and OPTIONS at this point... anyone who wants to write a generic
- * handler for PUT or POST is free to do so, but it seems unwise to provide
- * any defaults yet... So, for now, we assume that this will always be
- * the last handler called and return 405 or 501.
- */
-
-static int default_handler(request_rec *r)
-{
-    core_dir_config *d =
-      (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module);
-    int rangestatus, errstatus;
-    FILE *f;
-    caddr_t mm;
-
-    /* This handler has no use for a request body (yet), but we still
-     * need to read and discard it if the client sent one.
-     */
-    if ((errstatus = ap_discard_request_body(r)) != OK) {
-        return errstatus;
-    }
-
-    r->allowed |= (1 << M_GET) | (1 << M_OPTIONS);
-
-    if (r->method_number == M_INVALID) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "Invalid method in request %s",
-		    ap_escape_logitem(r->pool, r->the_request));
-	return NOT_IMPLEMENTED;
-    }
-    if (r->method_number == M_OPTIONS) {
-        return ap_send_http_options(r);
-    }
-    if (r->method_number == M_PUT) {
-        return METHOD_NOT_ALLOWED;
-    }
-
-    if (r->finfo.st_mode == 0 || (r->path_info && *r->path_info)) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-		      "File does not exist: %s",r->path_info ?
-		      ap_pstrcat(r->pool, r->filename, r->path_info, NULL)
-		      : r->filename);
-	return HTTP_NOT_FOUND;
-    }
-    if (r->method_number != M_GET) {
-        return METHOD_NOT_ALLOWED;
-    }
-	
-    f = ap_pfopen(r->pool, r->filename, "r");
-
-    if (f == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		     "file permissions deny server access: %s", r->filename);
-        return FORBIDDEN;
-    }
-	
-    ap_update_mtime(r, r->finfo.st_mtime);
-    ap_set_last_modified(r);
-    ap_set_etag(r);
-    ap_table_setn(r->headers_out, "Accept-Ranges", "bytes");
-    if (((errstatus = ap_meets_conditions(r)) != OK)
-	|| (errstatus = ap_set_content_length(r, r->finfo.st_size))) {
-        return errstatus;
-    }
-
-    ap_block_alarms();
-    if ((r->finfo.st_size >= MMAP_THRESHOLD)
-	&& (r->finfo.st_size < MMAP_LIMIT)
-	&& (!r->header_only || (d->content_md5 & 1))) {
-	/* we need to protect ourselves in case we die while we've got the
- 	 * file mmapped */
-	mm = mmap(NULL, r->finfo.st_size, PROT_READ, MAP_PRIVATE,
-		  fileno(f), 0);
-	if (mm == (caddr_t)-1) {
-	    ap_log_rerror(APLOG_MARK, APLOG_CRIT, r,
-			 "default_handler: mmap failed: %s", r->filename);
-	}
-    }
-    else {
-	mm = (caddr_t)-1;
-    }
-
-    if (mm == (caddr_t)-1) {
-	ap_unblock_alarms();
-
-	if (d->content_md5 & 1) {
-	    ap_table_setn(r->headers_out, "Content-MD5",
-			  ap_md5digest(r->pool, f));
-	}
-
-	rangestatus = ap_set_byterange(r);
-
-	ap_send_http_header(r);
-	
-	if (!r->header_only) {
-	    if (!rangestatus) {
-		ap_send_fd(f, r);
-	    }
-	    else {
-		off_t offset, length;
-		while (ap_each_byterange(r, &offset, &length)) {
-		    /*
-		     * Non zero returns are more portable than checking
-		     * for a return of -1.
-		     */
-		    if (fseeko(f, offset, SEEK_SET)) {
-			ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-			      "Failed to fseeko for byterange (%qd, %qd): %s",
-			      offset, length, r->filename);
-		    }
-		    else {
-			ap_send_fd_length(f, r, length);
-		    }
-		}
-	    }
-	}
-
-    }
-    else {
-	struct mmap_rec *mmd;
-
-	mmd = ap_palloc(r->pool, sizeof(*mmd));
-	mmd->mm = mm;
-	mmd->length = r->finfo.st_size;
-	ap_register_cleanup(r->pool, (void *)mmd, mmap_cleanup, mmap_cleanup);
-	ap_unblock_alarms();
-
-	if (d->content_md5 & 1) {
-	    AP_MD5_CTX context;
-	    
-	    ap_MD5Init(&context);
-	    ap_MD5Update(&context, (void *)mm, (unsigned int)r->finfo.st_size);
-	    ap_table_setn(r->headers_out, "Content-MD5",
-			  ap_md5contextTo64(r->pool, &context));
-	}
-
-	rangestatus = ap_set_byterange(r);
-	ap_send_http_header(r);
-	
-	if (!r->header_only) {
-	    if (!rangestatus) {
-		ap_send_mmap(mm, r, 0, r->finfo.st_size);
-	    }
-	    else {
-		off_t offset, length;
-		while (ap_each_byterange(r, &offset, &length)) {
-		    ap_send_mmap(mm, r, offset, length);
-		}
-	    }
-	}
-    }
-
-    ap_pfclose(r->pool, f);
-    return OK;
-}
-
-static const handler_rec core_handlers[] = {
-{ "*/*", default_handler },
-{ "default-handler", default_handler },
-{ NULL, NULL }
-};
-
-API_VAR_EXPORT module core_module = {
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_core_dir_config,	/* create per-directory config structure */
-    merge_core_dir_configs,	/* merge per-directory config structures */
-    create_core_server_config,	/* create per-server config structure */
-    merge_core_server_configs,	/* merge per-server config structures */
-    core_cmds,			/* command table */
-    core_handlers,		/* handlers */
-    core_translate,		/* translate_handler */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    do_nothing,			/* check access */
-    do_nothing,			/* type_checker */
-    NULL,			/* pre-run fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post_read_request */
-};
diff --git a/usr.sbin/httpd/src/main/http_log.c b/usr.sbin/httpd/src/main/http_log.c
deleted file mode 100644
index 81ba126074b..00000000000
--- a/usr.sbin/httpd/src/main/http_log.c
+++ /dev/null
@@ -1,585 +0,0 @@
-/*	$OpenBSD: http_log.c,v 1.20 2013/08/18 16:32:24 guenther Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_log.c: Dealing with the logs and errors
- * 
- * Rob McCool
- * 
- */
-
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_conf_globals.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-
-#include 
-
-typedef struct {
-	char	*t_name;
-	int	 t_val;
-} TRANS;
-
-static const TRANS facilities[] = {
-	{"auth",	LOG_AUTH},
-	{"authpriv",	LOG_AUTHPRIV},
-	{"cron", 	LOG_CRON},
-	{"daemon",	LOG_DAEMON},
-	{"ftp",		LOG_FTP},
-	{"kern",	LOG_KERN},
-	{"lpr",		LOG_LPR},
-	{"mail",	LOG_MAIL},
-	{"news",	LOG_NEWS},
-	{"syslog",	LOG_SYSLOG},
-	{"user",	LOG_USER},
-	{"uucp",	LOG_UUCP},
-	{"local0",	LOG_LOCAL0},
-	{"local1",	LOG_LOCAL1},
-	{"local2",	LOG_LOCAL2},
-	{"local3",	LOG_LOCAL3},
-	{"local4",	LOG_LOCAL4},
-	{"local5",	LOG_LOCAL5},
-	{"local6",	LOG_LOCAL6},
-	{"local7",	LOG_LOCAL7},
-	{NULL,				-1},
-};
-
-static const TRANS priorities[] = {
-	{"emerg",	APLOG_EMERG},
-	{"alert",	APLOG_ALERT},
-	{"crit",	APLOG_CRIT},
-	{"error",	APLOG_ERR},
-	{"warn",	APLOG_WARNING},
-	{"notice",	APLOG_NOTICE},
-	{"info",	APLOG_INFO},
-	{"debug",	APLOG_DEBUG},
-	{NULL,		-1},
-};
-
-static int
-error_log_child(void *cmd, child_info *pinfo)
-{
-	/* Child process code for 'ErrorLog "|..."';
-	 * may want a common framework for this, since I expect it will
-	 * be common for other foo-loggers to want this sort of thing...
-	 */
-	int child_pid = 0;
-
-	ap_cleanup_for_exec();
-	/* No concept of a child process on Win32 */
-	signal(SIGHUP, SIG_IGN);
-	execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, (char *)NULL);
-	exit(1);
-	/* NOT REACHED */
-	return(child_pid);
-}
-
-static void
-open_error_log(server_rec *s, pool *p)
-{
-	char *fname;
-
-	if (*s->error_fname == '|') {
-		FILE *dummy;
-		if (!ap_spawn_child(p, error_log_child,
-		    (void *)(s->error_fname+1), kill_after_timeout, &dummy,
-		    NULL, NULL)) {
-			perror("ap_spawn_child");
-			fprintf(stderr, "Couldn't fork child for ErrorLog "
-			    "process\n");
-			exit(1);
-		}
-
-		s->error_log = dummy;
-	} else if (!strncasecmp(s->error_fname, "syslog", 6)) {
-		if ((fname = strchr(s->error_fname, ':'))) {
-			const TRANS *fac;
-
-			fname++;
-			for (fac = facilities; fac->t_name; fac++) {
-				if (!strcasecmp(fname, fac->t_name)) {
-					openlog(ap_server_argv0,
-					    LOG_NDELAY|LOG_CONS|LOG_PID,
-					    fac->t_val);
-					s->error_log = NULL;
-					return;
-				}
-			}
-		} else
-			openlog(ap_server_argv0, LOG_NDELAY|LOG_CONS|LOG_PID,
-			    LOG_LOCAL7);
-
-		s->error_log = NULL;
-	} else {
-		fname = ap_server_root_relative(p, s->error_fname);
-		if (!(s->error_log = ap_pfopen(p, fname, "a"))) {
-			perror("fopen");
-			fprintf(stderr, "%s: could not open error log file "
-			    "%s.\n", ap_server_argv0, fname);
-			exit(1);
-		}
-	}
-}
-
-API_EXPORT(void)
-ap_open_logs(server_rec *s_main, pool *p)
-{
-	server_rec *virt, *q;
-	int replace_stderr;
-
-
-	open_error_log(s_main, p);
-
-	replace_stderr = 1;
-	if (s_main->error_log) {
-		/* replace stderr with this new log */
-		fflush(stderr);
-		if (dup2(fileno(s_main->error_log), STDERR_FILENO) == -1)
-			ap_log_error(APLOG_MARK, APLOG_CRIT, s_main,
-			    "unable to replace stderr with error_log");
-		else
-			replace_stderr = 0;
-	}
-	/* note that stderr may still need to be replaced with something
-	 * because it points to the old error log, or back to the tty
-	 * of the submitter.
-	 */
-	if (replace_stderr && freopen("/dev/null", "w", stderr) == NULL)
-		ap_log_error(APLOG_MARK, APLOG_CRIT, s_main,
-		    "unable to replace stderr with /dev/null");
-
-	for (virt = s_main->next; virt; virt = virt->next) {
-		if (virt->error_fname) {
-			for (q=s_main; q != virt; q = q->next)
-				if (q->error_fname != NULL &&
-				    strcmp(q->error_fname, virt->error_fname)
-				    == 0)
-					break;
-			if (q == virt)
-				open_error_log(virt, p);
-			else 
-				virt->error_log = q->error_log;
-		} else
-			virt->error_log = s_main->error_log;
-	}
-}
-
-API_EXPORT(void)
-ap_error_log2stderr(server_rec *s)
-{
-	if (s->error_log != NULL && fileno(s->error_log) != STDERR_FILENO)
-		dup2(fileno(s->error_log), STDERR_FILENO);
-}
-
-static void
-log_error_core(const char *file, int line, int level, const server_rec *s,
-    const request_rec *r, const char *fmt, va_list args)
-{
-	char errstr[MAX_STRING_LEN];
-	char scratch[MAX_STRING_LEN];
-	size_t len;
-	int save_errno = errno;
-	FILE *logf;
-
-	if (s == NULL) {
-		/*
-		 * If we are doing stderr logging (startup), don't log messages
-		 * that are above the default server log level unless it is a
-		 * startup/shutdown notice
-		 */
-		if (((level & APLOG_LEVELMASK) != APLOG_NOTICE) &&
-		    ((level & APLOG_LEVELMASK) > DEFAULT_LOGLEVEL))
-			return;
-		logf = stderr;
-	} else if (s->error_log) {
-		/*
-		 * If we are doing normal logging, don't log messages that are
-		 * above the server log level unless it is a startup/shutdown
-		 * notice
-		 */
-		if (((level & APLOG_LEVELMASK) != APLOG_NOTICE) &&
-		    ((level & APLOG_LEVELMASK) > s->loglevel))
-			return;
-		logf = s->error_log;
-	} else {
-		/*
-		 * If we are doing syslog logging, don't log messages that are
-		 * above the server log level (including a startup/shutdown
-		 * notice)
-		 */
-		if ((level & APLOG_LEVELMASK) > s->loglevel)
-			return;
-		logf = NULL;
-	}
-
-	if (logf)
-		len = ap_snprintf(errstr, sizeof(errstr), "[%s] ",
-		    ap_get_time());
-	else
-		len = 0;
-
-	len += ap_snprintf(errstr + len, sizeof(errstr) - len,
-			"[%s] ", priorities[level & APLOG_LEVELMASK].t_name);
-
-	if (file && (level & APLOG_LEVELMASK) == APLOG_DEBUG)
-		len += ap_snprintf(errstr + len, sizeof(errstr) - len,
-		    "%s(%d): ", file, line);
-	if (r)
-		/* XXX: TODO: add a method of selecting whether logged client
-		 * addresses are in dotted quad or resolved form... dotted
-		 * quad is the most secure, which is why I'm implementing it
-		 * first. -djg
-		 */
-		len += ap_snprintf(errstr + len, sizeof(errstr) - len,
-		    "[client %s] ", r->connection->remote_ip);
-
-	if (!(level & APLOG_NOERRNO) && (save_errno != 0))
-		len += ap_snprintf(errstr + len, sizeof(errstr) - len,
-		    "(%d)%s: ", save_errno, strerror(save_errno));
-
-	if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args))
-		len += ap_escape_errorlog_item(errstr + len, scratch,
-		    sizeof(errstr) - len);
-
-	/* NULL if we are logging to syslog */
-	if (logf) {
-		fputs(errstr, logf);
-		fputc('\n', logf);
-		fflush(logf);
-	} else
-		syslog(level & APLOG_LEVELMASK, "%s", errstr);
-}
-	
-API_EXPORT_NONSTD(void)
-ap_log_error(const char *file, int line, int level, const server_rec *s,
-    const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	log_error_core(file, line, level, s, NULL, fmt, args);
-	va_end(args);
-}
-
-API_EXPORT_NONSTD(void)
-ap_log_rerror(const char *file, int line, int level, const request_rec *r,
-    const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	log_error_core(file, line, level, r->server, r, fmt, args);
-	/*
-	 * IF the error level is 'warning' or more severe,
-	 * AND there isn't already error text associated with this request,
-	 * THEN make the message text available to ErrorDocument and
-	 * other error processors.  This can be disabled by stuffing
-	 * something, even an empty string, into the "error-notes" cell
-	 * before calling this routine.
-	 */
-	va_end(args);
-	va_start(args,fmt); 
-	if (((level & APLOG_LEVELMASK) <= APLOG_WARNING)
-		&& (ap_table_get(r->notes, "error-notes") == NULL)) {
-		ap_table_setn(r->notes, "error-notes",
-		    ap_escape_html(r->pool, ap_pvsprintf(r->pool, fmt, args)));
-	}
-	va_end(args);
-}
-
-API_EXPORT(void)
-ap_log_pid(pool *p, char *fname)
-{
-	FILE *pid_file;
-	struct stat finfo;
-	static pid_t saved_pid = -1;
-	pid_t mypid;
-	mode_t u;
-
-	if (!fname) 
-		return;
-
-	fname = ap_server_root_relative(p, fname);
-	mypid = getpid();
-	if (!ap_server_chroot_desired() && mypid != saved_pid 
-	    && stat(fname, &finfo) == 0)
-	  /* USR1 and HUP call this on each restart.
-	   * Only warn on first time through for this pid.
-	   *
-	   * XXX: Could just write first time through too, although
-	   *	  that may screw up scripts written to do something
-	   *	  based on the last modification time of the pid file.
-	   */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL, "%s",
-		    ap_psprintf(p, "pid file %s overwritten -- Unclean shutdown"
-		    " of previous Apache run?", fname));
-
-	u = umask(022);
-	(void)umask(u | 022);
-	if(!(pid_file = fopen(fname, "w"))) {
-		perror("fopen");
-		fprintf(stderr, "%s: could not log pid to file %s\n",
-		    ap_server_argv0, fname);
-		exit(1);
-	}
-	(void)umask(u);
-	fprintf(pid_file, "%ld\n", (long)mypid);
-	fclose(pid_file);
-	saved_pid = mypid;
-}
-
-API_EXPORT(void)
-ap_log_error_old(const char *err, server_rec *s)
-{
-	ap_log_error(APLOG_MARK, APLOG_ERR, s, "%s", err);
-}
-
-API_EXPORT(void)
-ap_log_unixerr(const char *routine, const char *file, const char *msg,
-    server_rec *s)
-{
-	ap_log_error(file, 0, APLOG_ERR, s, "%s", msg);
-}
-
-API_EXPORT_NONSTD(void)
-ap_log_printf(const server_rec *s, const char *fmt, ...)
-{
-	va_list args;
-	
-	va_start(args, fmt);
-	log_error_core(APLOG_MARK, APLOG_ERR, s, NULL, fmt, args);
-	va_end(args);
-}
-
-API_EXPORT(void)
-ap_log_reason(const char *reason, const char *file, request_rec *r) 
-{
-	ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-	    "access to %s failed for %s, reason: %s", file,
-	    ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME),
-	    reason);
-}
-
-API_EXPORT(void)
-ap_log_assert(const char *szExp, const char *szFile, int nLine)
-{
-	fprintf(stderr, "[%s] file %s, line %d, assertion \"%s\" failed\n",
-	    ap_get_time(), szFile, nLine, szExp);
-	/* unix assert does an abort leading to a core dump */
-	abort();
-}
-
-/* piped log support */
-
-/* forward declaration */
-static void piped_log_maintenance(int reason, void *data, ap_wait_t status);
-
-static int
-piped_log_spawn(piped_log *pl)
-{
-	int pid;
-
-	ap_block_alarms();
-	pid = fork();
-	if (pid == 0) {
-		/* XXX: need to check what open fds the logger is actually
-		 *      passed,
-		 * XXX: and CGIs for that matter ... cleanup_for_exec *should*
-		 * XXX: close all the relevant stuff, but hey, it could be
-		 *      broken. */
-		RAISE_SIGSTOP(PIPED_LOG_SPAWN);
-		/* we're now in the child */
-		close(STDIN_FILENO);
-		dup2(pl->fds[0], STDIN_FILENO);
-
-		ap_cleanup_for_exec();
-		signal(SIGCHLD, SIG_DFL);	/* for HPUX */
-		signal(SIGHUP, SIG_IGN);
-		execl(SHELL_PATH, SHELL_PATH, "-c", pl->program, (char *)NULL);
-		fprintf(stderr,
-		    "piped_log_spawn: unable to exec %s -c '%s': %s\n",
-		    SHELL_PATH, pl->program, strerror (errno));
-		exit(1);
-	}
-	if (pid == -1) {
-		fprintf(stderr,
-		    "piped_log_spawn: unable to fork(): %s\n", strerror(errno));
-		ap_unblock_alarms();
-		return -1;
-	}
-	ap_unblock_alarms();
-	pl->pid = pid;
-	ap_register_other_child(pid, piped_log_maintenance, pl, pl->fds[1]);
-	return 0;
-}
-
-
-static void
-piped_log_maintenance(int reason, void *data, ap_wait_t status)
-{
-	piped_log *pl = data;
-
-	switch (reason) {
-	case OC_REASON_DEATH:
-	case OC_REASON_LOST:
-		pl->pid = -1;
-		ap_unregister_other_child(pl);
-		if (pl->program == NULL)
-			/* during a restart */
-			break;
-		if (piped_log_spawn(pl) == -1)
-			/* what can we do?  This could be the error log we're having
-			 * problems opening up... */
-			fprintf(stderr,
-			    "piped_log_maintenance: unable to respawn '%s': %s\n",
-			    pl->program, strerror(errno));
-		break;
-	case OC_REASON_UNWRITABLE:
-		/* We should not kill off the pipe here, since it may only be
-		 * full. If it really is locked, we should kill it off manually.
-		 */
-		break;
-	case OC_REASON_RESTART:
-		pl->program = NULL;
-		if (pl->pid != -1)
-			kill(pl->pid, SIGTERM);
-		break;
-	case OC_REASON_UNREGISTER:
-		break;
-	}
-}
-
-
-static void
-piped_log_cleanup(void *data)
-{
-	piped_log *pl = data;
-
-	if (pl->pid != -1)
-		kill(pl->pid, SIGTERM);
-	
-	ap_unregister_other_child(pl);
-	close(pl->fds[0]);
-	close(pl->fds[1]);
-}
-
-
-static void
-piped_log_cleanup_for_exec(void *data)
-{
-	piped_log *pl = data;
-
-	close(pl->fds[0]);
-	close(pl->fds[1]);
-}
-
-static int
-piped_log_magic_cleanup(void *data)
-{
-	piped_log *pl = data;
-
-	/* Yes, I _do_ mean a binary and */
-	return ap_close_fd_on_exec(pl->fds[0]) &
-	    ap_close_fd_on_exec(pl->fds[1]);
-}
-
-API_EXPORT(piped_log *)
-ap_open_piped_log(pool *p, const char *program)
-{
-	piped_log *pl;
-
-	pl = ap_palloc(p, sizeof (*pl));
-	pl->p = p;
-	pl->program = ap_pstrdup(p, program);
-	pl->pid = -1;
-	ap_block_alarms ();
-	if (pipe(pl->fds) == -1) {
-		int save_errno = errno;
-		ap_unblock_alarms();
-		errno = save_errno;
-		return NULL;
-	}
-	ap_register_cleanup_ex(p, pl, piped_log_cleanup,
-	    piped_log_cleanup_for_exec, piped_log_magic_cleanup);
-	if (piped_log_spawn(pl) == -1) {
-		int save_errno = errno;
-		ap_kill_cleanup(p, pl, piped_log_cleanup);
-		close(pl->fds[0]);
-		close(pl->fds[1]);
-		ap_unblock_alarms();
-		errno = save_errno;
-		return NULL;
-	}
-	ap_unblock_alarms();
-	return pl;
-}
-
-API_EXPORT(void)
-ap_close_piped_log(piped_log *pl)
-{
-	ap_block_alarms();
-	piped_log_cleanup(pl);
-	ap_kill_cleanup(pl->p, pl, piped_log_cleanup);
-	ap_unblock_alarms();
-}
diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c
deleted file mode 100644
index 62937f77dac..00000000000
--- a/usr.sbin/httpd/src/main/http_main.c
+++ /dev/null
@@ -1,3465 +0,0 @@
-/* $OpenBSD: http_main.c,v 1.55 2011/07/17 17:32:35 jcs Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * httpd.c: simple http daemon for answering WWW file requests
- *
- * 
- * 03-21-93  Rob McCool wrote original code (up to NCSA HTTPd 1.3)
- * 
- * 03-06-95  blong
- *  changed server number for child-alone processes to 0 and changed name
- *   of processes
- *
- * 03-10-95  blong
- *      Added numerous speed hacks proposed by Robert S. Thau (rst@ai.mit.edu) 
- *      including set group before fork, and call gettime before to fork
- *      to set up libraries.
- *
- * 04-14-95  rst / rh
- *      Brandon's code snarfed from NCSA 1.4, but tinkered to work with the
- *      Apache server, and also to have child processes do accept() directly.
- *
- * April-July '95 rst
- *      Extensive rework for Apache.
- */
-
-#define REALMAIN main
-
-#define CORE_PRIVATE
-
-#include "httpd.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "http_config.h"	/* for read_config */
-#include "http_protocol.h"	/* for read_request */
-#include "http_request.h"	/* for process_request */
-#include "http_conf_globals.h"
-#include "http_core.h"		/* for get_remote_host */
-#include "http_vhost.h"
-#include "util_script.h"	/* to force util_script.c linking */
-#include "util_uri.h"
-#include "fdcache.h"
-#include "scoreboard.h"
-#include "multithread.h"
-#include 
-#include 
-#include 
-#include 
-#ifdef MOD_SSL
-#include 
-#endif
-
-/* This next function is never used. It is here to ensure that if we
- * make all the modules into shared libraries that core httpd still
- * includes the full Apache API. Without this function the objects in
- * main/util_script.c would not be linked into a minimal httpd.
- * And the extra prototype is to make gcc -Wmissing-prototypes quiet.
- */
-API_EXPORT(void) ap_force_library_loading(void);
-API_EXPORT(void) ap_force_library_loading(void) {
-    ap_add_cgi_vars(NULL);
-}
-
-#include "explain.h"
-
-#if !defined(max)
-#define max(a,b)        (a > b ? a : b)
-#endif
-
-#define PATHSEPARATOR '/'
-
-DEF_Explain
-
-/* Defining GPROF when compiling uses the moncontrol() function to
- * disable gprof profiling in the parent, and enable it only for
- * request processing in children (or in one_process mode).  It's
- * absolutely required to get useful gprof results under linux
- * because the profile itimers and such are disabled across a
- * fork().  It's probably useful elsewhere as well.
- */
-#ifdef GPROF
-extern void moncontrol(int);
-#define MONCONTROL(x) moncontrol(x)
-#else
-#define MONCONTROL(x)
-#endif
-
-/* this just need to be anything non-NULL */
-void *ap_dummy_mutex = &ap_dummy_mutex;
-
-/*
- * Actual definitions of config globals... here because this is
- * for the most part the only code that acts on 'em.  (Hmmm... mod_main.c?)
- */
-int ap_thread_count = 0;
-API_VAR_EXPORT int ap_standalone=0;
-API_VAR_EXPORT int ap_configtestonly=0;
-int ap_docrootcheck=1;
-API_VAR_EXPORT uid_t ap_user_id=0;
-API_VAR_EXPORT char *ap_user_name=NULL;
-API_VAR_EXPORT gid_t ap_group_id=0;
-API_VAR_EXPORT int ap_max_requests_per_child=0;
-API_VAR_EXPORT int ap_max_cpu_per_child=0;
-API_VAR_EXPORT int ap_max_data_per_child=0;
-API_VAR_EXPORT int ap_max_nofile_per_child=0;
-API_VAR_EXPORT int ap_max_rss_per_child=0;
-API_VAR_EXPORT int ap_max_stack_per_child=0;
-API_VAR_EXPORT int ap_threads_per_child=0;
-API_VAR_EXPORT int ap_excess_requests_per_child=0;
-API_VAR_EXPORT char *ap_pid_fname=NULL;
-API_VAR_EXPORT char *ap_scoreboard_fname=NULL;
-API_VAR_EXPORT char *ap_lock_fname=NULL;
-API_VAR_EXPORT char *ap_server_argv0=NULL;
-API_VAR_EXPORT int ap_default_family = PF_INET;
-API_VAR_EXPORT struct sockaddr_storage ap_bind_address;
-API_VAR_EXPORT int ap_daemons_to_start=0;
-API_VAR_EXPORT int ap_daemons_min_free=0;
-API_VAR_EXPORT int ap_daemons_max_free=0;
-API_VAR_EXPORT int ap_daemons_limit=0;
-API_VAR_EXPORT time_t ap_restart_time=0;
-API_VAR_EXPORT int ap_suexec_enabled = 0;
-API_VAR_EXPORT int ap_listenbacklog=0;
-
-struct accept_mutex_methods_s {
-    void (*child_init)(pool *p);
-    void (*init)(pool *p);
-    void (*on)(void);
-    void (*off)(void);
-    char *name;
-};
-typedef struct accept_mutex_methods_s accept_mutex_methods_s;
-accept_mutex_methods_s *amutex;
-
-int ap_dump_settings = 0;
-API_VAR_EXPORT int ap_extended_status = 0;
-API_VAR_EXPORT ap_ctx *ap_global_ctx;
-
-/*
- * The max child slot ever assigned, preserved across restarts.  Necessary
- * to deal with MaxClients changes across SIGUSR1 restarts.  We use this
- * value to optimize routines that have to scan the entire scoreboard.
- */
-static int max_daemons_limit = -1;
-
-/*
- * During config time, listeners is treated as a NULL-terminated list.
- * child_main previously would start at the beginning of the list each time
- * through the loop, so a socket early on in the list could easily starve out
- * sockets later on in the list.  The solution is to start at the listener
- * after the last one processed.  But to do that fast/easily in child_main it's
- * way more convenient for listeners to be a ring that loops back on itself.
- * The routine setup_listeners() is called after config time to both open up
- * the sockets and to turn the NULL-terminated list into a ring that loops back
- * on itself.
- *
- * head_listener is used by each child to keep track of what they consider
- * to be the "start" of the ring.  It is also set by make_child to ensure
- * that new children also don't starve any sockets.
- *
- * Note that listeners != NULL is ensured by read_config().
- */
-listen_rec *ap_listeners=NULL;
-static listen_rec *head_listener;
-
-API_VAR_EXPORT char ap_server_root[MAX_STRING_LEN]="";
-API_VAR_EXPORT char ap_server_confname[MAX_STRING_LEN]="";
-API_VAR_EXPORT char ap_coredump_dir[MAX_STRING_LEN]="";
-
-API_VAR_EXPORT array_header *ap_server_pre_read_config=NULL;
-API_VAR_EXPORT array_header *ap_server_post_read_config=NULL;
-API_VAR_EXPORT array_header *ap_server_config_defines=NULL;
-
-API_VAR_EXPORT int ap_server_chroot=1;
-API_VAR_EXPORT int is_chrooted=0;
-
-/* *Non*-shared http_main globals... */
-
-static server_rec *server_conf;
-static JMP_BUF APACHE_TLS jmpbuffer;
-static int sd;
-static fd_set listenfds;
-static int listenmaxfd;
-static pid_t pgrp;
-
-/* one_process --- debugging mode variable; can be set from the command line
- * with the -X flag.  If set, this gets you the child_main loop running
- * in the process which originally started up (no detach, no make_child),
- * which is a pretty nice debugging environment.  (You'll get a SIGHUP
- * early in standalone_main; just continue through.  This is the server
- * trying to kill off any child processes which it might have lying
- * around --- Apache doesn't keep track of their pids, it just sends
- * SIGHUP to the process group, ignoring it in the root process.
- * Continue through and you'll be fine.).
- */
-
-static int one_process = 0;
-
-static int do_detach = 1;
-
-/* set if timeouts are to be handled by the children and not by the parent.
- * i.e. child_timeouts = !standalone || one_process.
- */
-static int child_timeouts;
-
-#ifdef DEBUG_SIGSTOP
-int raise_sigstop_flags;
-#endif
-
-/* used to maintain list of children which aren't part of the scoreboard */
-typedef struct other_child_rec other_child_rec;
-struct other_child_rec {
-    other_child_rec *next;
-    int pid;
-    void (*maintenance) (int, void *, ap_wait_t);
-    void *data;
-    int write_fd;
-};
-static other_child_rec *other_children;
-
-static pool *pglobal;		/* Global pool */
-static pool *pconf;		/* Pool for config stuff */
-static pool *plog;		/* Pool for error-logging files */
-static pool *ptrans;		/* Pool for per-transaction stuff */
-static pool *pchild;		/* Pool for httpd child stuff */
-static pool *pmutex;            /* Pool for accept mutex in child */
-static pool *pcommands;	/* Pool for -C and -c switches */
-
-static int APACHE_TLS my_pid;	/* it seems silly to call getpid all the time */
-static int my_child_num;
-
-
-scoreboard *ap_scoreboard_image = NULL;
-
-/*
- * Pieces for managing the contents of the Server response header
- * field.
- */
-static char *server_version = NULL;
-static int version_locked = 0;
-
-/* Global, alas, so http_core can talk to us */
-enum server_token_type ap_server_tokens = SrvTk_PRODUCT_ONLY;
-
-/* Also global, for http_core and http_protocol */
-API_VAR_EXPORT int ap_protocol_req_check = 1;
-
-API_VAR_EXPORT int ap_change_shmem_uid = 0;
-
-/*
- * This routine is called when the pconf pool is vacuumed.  It resets the
- * server version string to a known value and [re]enables modifications
- * (which are disabled by configuration completion). 
- */
-static void reset_version(void *dummy)
-{
-    version_locked = 0;
-    ap_server_tokens = SrvTk_PRODUCT_ONLY;
-    server_version = NULL;
-}
-
-API_EXPORT(const char *) ap_get_server_version(void)
-{
-    return (server_version ? server_version : SERVER_BASEVERSION);
-}
-
-API_EXPORT(void) ap_add_version_component(const char *component)
-{
-    if (! version_locked) {
-        /*
-         * If the version string is null, register our cleanup to reset the
-         * pointer on pool destruction. We also know that, if NULL,
-	 * we are adding the original SERVER_BASEVERSION string.
-         */
-        if (server_version == NULL) {
-	    ap_register_cleanup(pconf, NULL, (void (*)(void *))reset_version, 
-				ap_null_cleanup);
-	    server_version = ap_pstrdup(pconf, component);
-	}
-	else {
-	    /*
-	     * Tack the given component identifier to the end of
-	     * the existing string.
-	     */
-	    server_version = ap_pstrcat(pconf, server_version, " ",
-					component, NULL);
-	}
-    }
-}
-
-/*
- * This routine adds the real server base identity to the version string,
- * and then locks out changes until the next reconfig.
- */
-static void ap_set_version(void)
-{
-    if (ap_server_tokens == SrvTk_PRODUCT_ONLY) {
-	ap_add_version_component(SERVER_PRODUCT);
-    }
-    else if (ap_server_tokens == SrvTk_MIN) {
-	ap_add_version_component(SERVER_BASEVERSION);
-    }
-    else {
-	ap_add_version_component(SERVER_BASEVERSION " (" PLATFORM ")");
-    }
-    /*
-     * Lock the server_version string if we're not displaying
-     * the full set of tokens
-     */
-    if (ap_server_tokens != SrvTk_FULL) {
-	version_locked++;
-    }
-}
-
-API_EXPORT(void) ap_add_config_define(const char *define)
-{
-    char **var;
-    var = (char **)ap_push_array(ap_server_config_defines);
-    *var = ap_pstrdup(pcommands, define);
-    return;
-}
-
-/*
- * Invoke the `close_connection' hook of modules to let them do
- * some connection dependent actions before we close it.
- */
-static void ap_call_close_connection_hook(conn_rec *c)
-{
-    module *m;
-    for (m = top_module; m != NULL; m = m->next)
-        if (m->magic == MODULE_MAGIC_COOKIE_EAPI)
-            if (m->close_connection != NULL)
-                (*m->close_connection)(c);
-    return;
-}
-
-static APACHE_TLS int volatile exit_after_unblock = 0;
-
-#ifdef GPROF
-/* 
- * change directory for gprof to plop the gmon.out file
- * configure in httpd.conf:
- * GprofDir logs/   -> $ServerRoot/logs/gmon.out
- * GprofDir logs/%  -> $ServerRoot/logs/gprof.$pid/gmon.out
- */
-static void chdir_for_gprof(void)
-{
-    core_server_config *sconf = 
-	ap_get_module_config(server_conf->module_config, &core_module);    
-    char *dir = sconf->gprof_dir;
-
-    if(dir) {
-	char buf[512];
-	int len = strlen(sconf->gprof_dir) - 1;
-	if(*(dir + len) == '%') {
-	    dir[len] = '\0';
-	    ap_snprintf(buf, sizeof(buf), "%sgprof.%d", dir, (int)getpid());
-	} 
-	dir = ap_server_root_relative(pconf, buf[0] ? buf : dir);
-	if(mkdir(dir, 0755) < 0 && errno != EEXIST) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
-			 "gprof: error creating directory %s", dir);
-	}
-    }
-    else {
-	dir = ap_server_root_relative(pconf, "logs");
-    }
-
-    chdir(dir);
-}
-#else
-#define chdir_for_gprof()
-#endif
-
-/* a clean exit from a child with proper cleanup */
-static void clean_child_exit(int code) __attribute__ ((noreturn));
-static void clean_child_exit(int code)
-{
-    if (pchild) {
-        /* make sure the accept mutex is released before calling child
-         * exit hooks and cleanups...  otherwise, modules can segfault
-         * in such code and, depending on the mutex mechanism, leave
-         * the server deadlocked...  even if the module doesn't segfault,
-         * if it performs extensive processing it can temporarily prevent
-         * the server from accepting new connections
-         */
-        ap_clear_pool(pmutex);
-	ap_child_exit_modules(pchild, server_conf);
-	ap_destroy_pool(pchild);
-    }
-    chdir_for_gprof();
-    exit(code);
-}
-
-/*
- * Start of accept() mutex fluff:
- *  Concept: Each method has it's own distinct set of mutex functions,
- *   which it shoves in a nice struct for us. We then pick
- *   which struct to use. We tell Apache which methods we
- *   support via HAVE_FOO_SERIALIZED_ACCEPT. We can
- *   specify the default via USE_FOO_SERIALIZED_ACCEPT
- *   (this pre-1.3.21 builds which use that at the command-
- *   line during builds work as expected). Without a set
- *   method, we pick the 1st from the following order:
- *   uslock, pthread, sysvsem, fcntl, flock, os2sem, tpfcore and none.
- */
-
-static void expand_lock_fname(pool *p)
-{
-    /* XXXX possibly bogus cast */
-    ap_lock_fname = ap_psprintf(p, "%s.%lu",
-	ap_server_root_relative(p, ap_lock_fname), (unsigned long)getpid());
-}
-
-#include 
-#include 
-#include 
-
-static int sem_id = -1;
-static struct sembuf op_on;
-static struct sembuf op_off;
-
-/* We get a random semaphore ... the lame sysv semaphore interface
- * means we have to be sure to clean this up or else we'll leak
- * semaphores.
- */
-static void accept_mutex_cleanup_sysvsem(void *foo)
-{
-    union semun ick;
-
-    if (sem_id < 0)
-	return;
-    /* this is ignored anyhow */
-    ick.val = 0;
-    semctl(sem_id, 0, IPC_RMID, ick);
-}
-
-#define accept_mutex_child_init_sysvsem(x)
-
-static void accept_mutex_init_sysvsem(pool *p)
-{
-    union semun ick;
-    struct semid_ds buf;
-
-    /* acquire the semaphore */
-    sem_id = semget(IPC_PRIVATE, 1, IPC_CREAT | 0600);
-    if (sem_id < 0) {
-	perror("semget");
-	exit(APEXIT_INIT);
-    }
-    ick.val = 1;
-    if (semctl(sem_id, 0, SETVAL, ick) < 0) {
-	perror("semctl(SETVAL)");
-	exit(APEXIT_INIT);
-    }
-    if (!getuid()) {
-	/* restrict it to use only by the appropriate user_id ... not that this
-	 * stops CGIs from acquiring it and dinking around with it.
-	 */
-	buf.sem_perm.uid = ap_user_id;
-	buf.sem_perm.gid = ap_group_id;
-	buf.sem_perm.mode = 0600;
-	ick.buf = &buf;
-	if (semctl(sem_id, 0, IPC_SET, ick) < 0) {
-	    perror("semctl(IPC_SET)");
-	    exit(APEXIT_INIT);
-	}
-    }
-    ap_register_cleanup(p, NULL, accept_mutex_cleanup_sysvsem, ap_null_cleanup);
-
-    /* pre-initialize these */
-    op_on.sem_num = 0;
-    op_on.sem_op = -1;
-    op_on.sem_flg = SEM_UNDO;
-    op_off.sem_num = 0;
-    op_off.sem_op = 1;
-    op_off.sem_flg = SEM_UNDO;
-}
-
-static void accept_mutex_on_sysvsem(void)
-{
-    while (semop(sem_id, &op_on, 1) < 0) {
-	if (errno != EINTR) {
-	    perror("accept_mutex_on");
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-}
-
-static void accept_mutex_off_sysvsem(void)
-{
-    while (semop(sem_id, &op_off, 1) < 0) {
-	if (errno != EINTR) {
-	    perror("accept_mutex_off");
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-}
-
-accept_mutex_methods_s accept_mutex_sysvsem_s = {
-    NULL,
-    accept_mutex_init_sysvsem,
-    accept_mutex_on_sysvsem,
-    accept_mutex_off_sysvsem,
-    "sysvsem"
-};
-
-static int flock_fd = -1;
-
-static void accept_mutex_cleanup_flock(void *foo)
-{
-    unlink(ap_lock_fname);
-}
-
-/*
- * Initialize mutex lock.
- * Done by each child at it's birth
- */
-static void accept_mutex_child_init_flock(pool *p)
-{
-
-    flock_fd = ap_popenf_ex(p, ap_lock_fname, O_WRONLY, 0600, 1);
-    if (flock_fd == -1) {
-	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-		    "Child cannot open lock file: %s", ap_lock_fname);
-	clean_child_exit(APEXIT_CHILDINIT);
-    }
-}
-
-/*
- * Initialize mutex lock.
- * Must be safe to call this on a restart.
- */
-static void accept_mutex_init_flock(pool *p)
-{
-    expand_lock_fname(p);
-    ap_server_strip_chroot(ap_lock_fname, 0);
-    unlink(ap_lock_fname);
-    flock_fd = ap_popenf_ex(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0600, 1);
-    if (flock_fd == -1) {
-	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-		    "Parent cannot open lock file: %s", ap_lock_fname);
-	exit(APEXIT_INIT);
-    }
-    ap_register_cleanup(p, NULL, accept_mutex_cleanup_flock, ap_null_cleanup);
-}
-
-static void accept_mutex_on_flock(void)
-{
-    int ret;
-
-    while ((ret = flock(flock_fd, LOCK_EX)) < 0 && errno == EINTR)
-	continue;
-
-    if (ret < 0) {
-	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-		    "flock: LOCK_EX: Error getting accept lock. Exiting!");
-	clean_child_exit(APEXIT_CHILDFATAL);
-    }
-}
-
-static void accept_mutex_off_flock(void)
-{
-    if (flock(flock_fd, LOCK_UN) < 0) {
-	ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-		    "flock: LOCK_UN: Error freeing accept lock. Exiting!");
-	clean_child_exit(APEXIT_CHILDFATAL);
-    }
-}
-
-accept_mutex_methods_s accept_mutex_flock_s = {
-    accept_mutex_child_init_flock,
-    accept_mutex_init_flock,
-    accept_mutex_on_flock,
-    accept_mutex_off_flock,
-    "flock"
-};
-
-#define AP_FPTR1(x,y)	{ if (x) ((* x)(y)); }
-#define AP_FPTR0(x)	{ if (x) ((* x)()); }
-
-#define accept_mutex_child_init(x) 	AP_FPTR1(amutex->child_init,x)
-#define accept_mutex_init(x) 		AP_FPTR1(amutex->init,x)
-#define accept_mutex_off() 		AP_FPTR0(amutex->off)
-#define accept_mutex_on() 		AP_FPTR0(amutex->on)
-
-char *ap_default_mutex_method(void)
-{
-    char *t;
-    t = "sysvsem";
-    if ((!(strcasecmp(t,"default"))) || (!(strcasecmp(t,"sysvsem"))))
-    	return "sysvsem";
-    if ((!(strcasecmp(t,"default"))) || (!(strcasecmp(t,"flock"))))
-    	return "flock";
-    fprintf(stderr, "No default accept serialization known!!\n");
-    exit(APEXIT_INIT);
-    /*NOTREACHED */
-    return "unknown";
-}
-
-char *ap_init_mutex_method(char *t)
-{
-    if (!(strcasecmp(t,"default")))
-	t = ap_default_mutex_method();
-
-    if (!(strcasecmp(t,"sysvsem"))) {
-    	amutex = &accept_mutex_sysvsem_s;
-    } else 
-    if (!(strcasecmp(t,"flock"))) {
-    	amutex = &accept_mutex_flock_s;
-    } else 
-    {
-/* Ignore this directive on Windows */
-    if (server_conf) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-                    "Requested serialization method '%s' not available",t);
-        exit(APEXIT_INIT);
-    } else {
-        fprintf(stderr, "Requested serialization method '%s' not available\n", t);
-        exit(APEXIT_INIT);
-    }
-    }
-    return NULL;
-}
-
-/* On some architectures it's safe to do unserialized accept()s in the single
- * Listen case.  But it's never safe to do it in the case where there's
- * multiple Listen statements.  Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
- * when it's safe in the single Listen case.
- */
-#define SAFE_ACCEPT(stmt) do {if(ap_listeners->next != ap_listeners) {stmt;}} while(0)
-
-static void usage(char *bin)
-{
-    char pad[MAX_STRING_LEN];
-    unsigned i;
-
-    for (i = 0; i < strlen(bin); i++)
-	pad[i] = ' ';
-    pad[i] = '\0';
-    fprintf(stderr, "Usage: %s [-46FhLlSTtUuVvX] [-C directive] [-c directive] [-D parameter]\n", bin);
-    fprintf(stderr, "       %s [-d serverroot] [-f config]\n", pad);
-    fprintf(stderr, "Options:\n");
-    fprintf(stderr, "  -C directive     : process directive before reading config files\n");
-    fprintf(stderr, "  -c directive     : process directive after  reading config files\n");
-    fprintf(stderr, "  -D parameter     : define a parameter for use in  directives\n");
-    fprintf(stderr, "  -d serverroot    : specify an alternate initial ServerRoot\n");
-    fprintf(stderr, "  -4               : assume IPv4 for ambiguous directives (default)\n");
-    fprintf(stderr, "  -6               : assume IPv6 for ambiguous directives\n");
-    fprintf(stderr, "  -F               : run main process in foreground, for process supervisors\n");
-    fprintf(stderr, "  -f config        : specify an alternate ServerConfigFile\n");
-    fprintf(stderr, "  -h               : list available command line options (this page)\n");
-    fprintf(stderr, "  -L               : list available configuration directives\n");
-    fprintf(stderr, "  -l               : list compiled-in modules\n");
-    fprintf(stderr, "  -S               : show parsed settings (currently only vhost settings)\n");
-    fprintf(stderr, "  -T               : run syntax check for config files (without docroot check)\n");
-    fprintf(stderr, "  -t               : run syntax check for config files (with docroot check)\n");
-    fprintf(stderr, "  -U               : unspecified address family for ambiguous directives\n"); 
-    fprintf(stderr, "  -u               : unsecure mode: do not chroot into ServerRoot\n");
-    fprintf(stderr, "  -V               : show compile settings\n");
-    fprintf(stderr, "  -v               : show version number\n");
-    fprintf(stderr, "  -X               : run in single-process mode\n");
-
-    exit(1);
-}
-
-
-/*****************************************************************
- *
- * Timeout handling.  DISTINCTLY not thread-safe, but all this stuff
- * has to change for threads anyway.  Note that this code allows only
- * one timeout in progress at a time...
- */
-
-static APACHE_TLS conn_rec *volatile current_conn;
-static APACHE_TLS request_rec *volatile timeout_req;
-static APACHE_TLS const char *volatile timeout_name = NULL;
-static APACHE_TLS int volatile alarms_blocked = 0;
-static APACHE_TLS int volatile alarm_pending = 0;
-
-
-static void timeout(int sig)
-{
-    void *dirconf;
-    if (alarms_blocked) {
-	alarm_pending = 1;
-	return;
-    }
-    if (exit_after_unblock) {
-	clean_child_exit(0);
-    }
-
-    if (!current_conn) {
-	ap_longjmp(jmpbuffer, 1);
-    }
-
-    if (timeout_req != NULL)
-	dirconf = timeout_req->per_dir_config;
-    else
-	dirconf = current_conn->server->lookup_defaults;
-    if (!current_conn->keptalive) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
-		     current_conn->server, "[client %s] %s timed out",
-		     current_conn->remote_ip,
-		     timeout_name ? timeout_name : "request");
-    }
-
-    if (timeout_req) {
-	/* Someone has asked for this transaction to just be aborted
-	 * if it times out...
-	 */
-	request_rec *log_req = timeout_req;
-	request_rec *save_req = timeout_req;
-
-	/* avoid looping... if ap_log_transaction started another
-	 * timer (say via rfc1413.c) we could loop...
-	 */
-	timeout_req = NULL;
-
-	while (log_req->main || log_req->prev) {
-	    /* Get back to original request... */
-	    if (log_req->main)
-		log_req = log_req->main;
-	    else
-		log_req = log_req->prev;
-	}
-
-	if (!current_conn->keptalive) {
-	    /* in some cases we come here before setting the time */
-	    if (log_req->request_time == 0) {
-                log_req->request_time = time(NULL);
-	    }
-	    ap_log_transaction(log_req);
-	}
-
-	ap_call_close_connection_hook(save_req->connection);
-
-	ap_bsetflag(save_req->connection->client, B_EOUT, 1);
-	ap_bclose(save_req->connection->client);
-	
-	if (!ap_standalone)
-	    exit(0);
-        ap_longjmp(jmpbuffer, 1);
-    }
-    else {			/* abort the connection */
-	ap_call_close_connection_hook(current_conn);
-	ap_bsetflag(current_conn->client, B_EOUT, 1);
-	ap_bclose(current_conn->client);
-	current_conn->aborted = 1;
-    }
-}
-
-
-/*
- * These two called from alloc.c to protect its critical sections...
- * Note that they can nest (as when destroying the sub_pools of a pool
- * which is itself being cleared); we have to support that here.
- */
-
-API_EXPORT(void) ap_block_alarms(void)
-{
-    ++alarms_blocked;
-}
-
-API_EXPORT(void) ap_unblock_alarms(void)
-{
-    --alarms_blocked;
-    if (alarms_blocked == 0) {
-	if (exit_after_unblock) {
-	    /* We have a couple race conditions to deal with here, we can't
-	     * allow a timeout that comes in this small interval to allow
-	     * the child to jump back to the main loop.  Instead we block
-	     * alarms again, and then note that exit_after_unblock is
-	     * being dealt with.  We choose this way to solve this so that
-	     * the common path through unblock_alarms() is really short.
-	     */
-	    ++alarms_blocked;
-	    exit_after_unblock = 0;
-	    clean_child_exit(0);
-	}
-	if (alarm_pending) {
-	    alarm_pending = 0;
-	    timeout(0);
-	}
-    }
-}
-
-static APACHE_TLS void (*volatile alarm_fn) (int) = NULL;
-
-static void alrm_handler(int sig)
-{
-    if (alarm_fn) {
-	(*alarm_fn) (sig);
-    }
-}
-
-API_EXPORT(unsigned int) ap_set_callback_and_alarm(void (*fn) (int), int x)
-{
-    unsigned int old;
-
-    if (alarm_fn && x && fn != alarm_fn) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, NULL,
-	    "ap_set_callback_and_alarm: possible nested timer!");
-    }
-    alarm_fn = fn;
-    if (child_timeouts) {
-	old = alarm(x);
-    }
-    else {
-	/* Just note the timeout in our scoreboard, no need to call the system.
-	 * We also note that the virtual time has gone forward.
-	 */
-	ap_check_signals();
-	old = ap_scoreboard_image->servers[my_child_num].timeout_len;
-	ap_scoreboard_image->servers[my_child_num].timeout_len = x;
-	++ap_scoreboard_image->servers[my_child_num].cur_vtime;
-    }
-    return (old);
-}
-
-
-/* reset_timeout (request_rec *) resets the timeout in effect,
- * as long as it hasn't expired already.
- */
-
-API_EXPORT(void) ap_reset_timeout(request_rec *r)
-{
-    int i;
-    if (timeout_name) {		/* timeout has been set */
-	i = ap_set_callback_and_alarm(alarm_fn, r->server->timeout);
-	if (i == 0)		/* timeout already expired, so set it back to 0 */
-	    ap_set_callback_and_alarm(alarm_fn, 0);
-    }
-}
-
-
-
-
-API_EXPORT(void) ap_keepalive_timeout(char *name, request_rec *r)
-{
-    unsigned int to;
-    timeout_req = r;
-    timeout_name = name;
-    if (r->connection->keptalive)
-	to = r->server->keep_alive_timeout;
-    else
-	to = r->server->timeout;
-    ap_set_callback_and_alarm(timeout, to);
-}
-
-API_EXPORT(void) ap_hard_timeout(char *name, request_rec *r)
-{
-    timeout_req = r;
-    timeout_name = name;
-    ap_set_callback_and_alarm(timeout, r->server->timeout);
-}
-
-API_EXPORT(void) ap_soft_timeout(char *name, request_rec *r)
-{
-    timeout_name = name;
-    ap_set_callback_and_alarm(timeout, r->server->timeout);
-}
-
-API_EXPORT(void) ap_kill_timeout(request_rec *dummy)
-{
-    ap_check_signals();
-    ap_set_callback_and_alarm(NULL, 0);
-    timeout_req = NULL;
-    timeout_name = NULL;
-}
-
-
-/*
- * More machine-dependent networking gooo... on some systems,
- * you've got to be *really* sure that all the packets are acknowledged
- * before closing the connection, since the client will not be able
- * to see the last response if their TCP buffer is flushed by a RST
- * packet from us, which is what the server's TCP stack will send
- * if it receives any request data after closing the connection.
- *
- * In an ideal world, this function would be accomplished by simply
- * setting the socket option SO_LINGER and handling it within the
- * server's TCP stack while the process continues on to the next request.
- * Unfortunately, it seems that most (if not all) operating systems
- * block the server process on close() when SO_LINGER is used.
- * For those that don't, see USE_SO_LINGER below.  For the rest,
- * we have created a home-brew lingering_close.
- *
- * Many operating systems tend to block, puke, or otherwise mishandle
- * calls to shutdown only half of the connection.
- */
-#ifndef MAX_SECS_TO_LINGER
-#define MAX_SECS_TO_LINGER 30
-#endif
-
-#define sock_enable_linger(s)	/* NOOP */
-
-/* Special version of timeout for lingering_close */
-
-static void lingerout(int sig)
-{
-    if (alarms_blocked) {
-	alarm_pending = 1;
-	return;
-    }
-
-    if (!current_conn) {
-	ap_longjmp(jmpbuffer, 1);
-    }
-    ap_bsetflag(current_conn->client, B_EOUT, 1);
-    current_conn->aborted = 1;
-}
-
-static void linger_timeout(void)
-{
-    timeout_name = "lingering close";
-    ap_set_callback_and_alarm(lingerout, MAX_SECS_TO_LINGER);
-}
-
-/* Since many clients will abort a connection instead of closing it,
- * attempting to log an error message from this routine will only
- * confuse the webmaster.  There doesn't seem to be any portable way to
- * distinguish between a dropped connection and something that might be
- * worth logging.
- */
-static void lingering_close(request_rec *r)
-{
-    char dummybuf[512];
-    struct timeval tv;
-    fd_set lfds;
-    int select_rv;
-    int lsd;
-
-    /* Prevent a slow-drip client from holding us here indefinitely */
-
-    linger_timeout();
-
-    /* Send any leftover data to the client, but never try to again */
-
-    if (ap_bflush(r->connection->client) == -1) {
-	ap_call_close_connection_hook(r->connection);
-	ap_kill_timeout(r);
-	ap_bclose(r->connection->client);
-	return;
-    }
-    ap_call_close_connection_hook(r->connection);
-    ap_bsetflag(r->connection->client, B_EOUT, 1);
-
-    /* Close our half of the connection --- send the client a FIN */
-
-    lsd = r->connection->client->fd;
-
-    if ((shutdown(lsd, 1) != 0) || r->connection->aborted) {
-	ap_kill_timeout(r);
-	ap_bclose(r->connection->client);
-	return;
-    }
-
-    /* Set up to wait for readable data on socket... */
-
-    FD_ZERO(&lfds);
-
-    /* Wait for readable data or error condition on socket;
-     * slurp up any data that arrives...  We exit when we go for an
-     * interval of tv length without getting any more data, get an error
-     * from select(), get an error or EOF on a read, or the timer expires.
-     */
-
-    do {
-	/* We use a 2 second timeout because current (Feb 97) browsers
-	 * fail to close a connection after the server closes it.  Thus,
-	 * to avoid keeping the child busy, we are only lingering long enough
-	 * for a client that is actively sending data on a connection.
-	 * This should be sufficient unless the connection is massively
-	 * losing packets, in which case we might have missed the RST anyway.
-	 * These parameters are reset on each pass, since they might be
-	 * changed by select.
-	 */
-
-	FD_SET(lsd, &lfds);
-	tv.tv_sec = 2;
-	tv.tv_usec = 0;
-
-	select_rv = ap_select(lsd + 1, &lfds, NULL, NULL, &tv);
-
-    } while ((select_rv > 0) &&
-             (read(lsd, dummybuf, sizeof(dummybuf)) > 0));
-
-    /* Should now have seen final ack.  Safe to finally kill socket */
-
-    ap_bclose(r->connection->client);
-
-    ap_kill_timeout(r);
-}
-
-/*****************************************************************
- * dealing with other children
- */
-
-API_EXPORT(void) ap_register_other_child(int pid,
-		       void (*maintenance) (int reason, void *, ap_wait_t status),
-			  void *data, int write_fd)
-{
-    other_child_rec *ocr;
-
-    ocr = ap_palloc(pconf, sizeof(*ocr));
-    ocr->pid = pid;
-    ocr->maintenance = maintenance;
-    ocr->data = data;
-    ocr->write_fd = write_fd;
-    ocr->next = other_children;
-    other_children = ocr;
-}
-
-/* note that since this can be called by a maintenance function while we're
- * scanning the other_children list, all scanners should protect themself
- * by loading ocr->next before calling any maintenance function.
- */
-API_EXPORT(void) ap_unregister_other_child(void *data)
-{
-    other_child_rec **pocr, *nocr;
-
-    for (pocr = &other_children; *pocr; pocr = &(*pocr)->next) {
-	if ((*pocr)->data == data) {
-	    nocr = (*pocr)->next;
-	    (*(*pocr)->maintenance) (OC_REASON_UNREGISTER, (*pocr)->data, (ap_wait_t)-1);
-	    *pocr = nocr;
-	    /* XXX: um, well we've just wasted some space in pconf ? */
-	    return;
-	}
-    }
-}
-
-/* test to ensure that the write_fds are all still writable, otherwise
- * invoke the maintenance functions as appropriate */
-static void probe_writable_fds(void)
-{
-    fd_set writable_fds;
-    int fd_max;
-    other_child_rec *ocr, *nocr;
-    struct timeval tv;
-    int rc;
-
-    if (other_children == NULL)
-	return;
-
-    fd_max = 0;
-    FD_ZERO(&writable_fds);
-    do {
-	for (ocr = other_children; ocr; ocr = ocr->next) {
-	    if (ocr->write_fd == -1)
-		continue;
-	    FD_SET(ocr->write_fd, &writable_fds);
-	    if (ocr->write_fd > fd_max) {
-		fd_max = ocr->write_fd;
-	    }
-	}
-	if (fd_max == 0)
-	    return;
-
-	tv.tv_sec = 0;
-	tv.tv_usec = 0;
-	rc = ap_select(fd_max + 1, NULL, &writable_fds, NULL, &tv);
-    } while (rc == -1 && errno == EINTR);
-
-    if (rc == -1) {
-	/* XXX: uhh this could be really bad, we could have a bad file
-	 * descriptor due to a bug in one of the maintenance routines */
-	ap_log_unixerr("probe_writable_fds", "select",
-		    "could not probe writable fds", server_conf);
-	return;
-    }
-    if (rc == 0)
-	return;
-
-    for (ocr = other_children; ocr; ocr = nocr) {
-	nocr = ocr->next;
-	if (ocr->write_fd == -1)
-	    continue;
-	if (FD_ISSET(ocr->write_fd, &writable_fds))
-	    continue;
-	(*ocr->maintenance) (OC_REASON_UNWRITABLE, ocr->data, (ap_wait_t)-1);
-    }
-}
-
-/* possibly reap an other_child, return 0 if yes, -1 if not */
-static int reap_other_child(int pid, ap_wait_t status)
-{
-    other_child_rec *ocr, *nocr;
-
-    for (ocr = other_children; ocr; ocr = nocr) {
-	nocr = ocr->next;
-	if (ocr->pid != pid)
-	    continue;
-	ocr->pid = -1;
-	(*ocr->maintenance) (OC_REASON_DEATH, ocr->data, status);
-	return 0;
-    }
-    return -1;
-}
-
-/*****************************************************************
- *
- * Dealing with the scoreboard... a lot of these variables are global
- * only to avoid getting clobbered by the longjmp() that happens when
- * a hard timeout expires...
- *
- * We begin with routines which deal with the file itself... 
- */
-
-static void setup_shared_mem(pool *p)
-{
-    caddr_t m;
-
-/* BSD style */
-    m = mmap((caddr_t) 0, SCOREBOARD_SIZE,
-	     PROT_READ | PROT_WRITE, MAP_ANON | MAP_SHARED, -1, 0);
-    if (m == (caddr_t) - 1) {
-	perror("mmap");
-	fprintf(stderr, "%s: Could not mmap memory\n", ap_server_argv0);
-	exit(APEXIT_INIT);
-    }
-    ap_scoreboard_image = (scoreboard *) m;
-    ap_scoreboard_image->global.running_generation = 0;
-}
-
-/* Called by parent process */
-static void reinit_scoreboard(pool *p)
-{
-    int running_gen = 0;
-    if (ap_scoreboard_image)
-	running_gen = ap_scoreboard_image->global.running_generation;
-
-    if (ap_scoreboard_image == NULL) {
-	setup_shared_mem(p);
-    }
-    memset(ap_scoreboard_image, 0, SCOREBOARD_SIZE);
-    ap_scoreboard_image->global.running_generation = running_gen;
-}
-
-/* Routines called to deal with the scoreboard image
- * --- note that we do *not* need write locks, since update_child_status
- * only updates a *single* record in place, and only one process writes to
- * a given scoreboard slot at a time (either the child process owning that
- * slot, or the parent, noting that the child has died).
- *
- * As a final note --- setting the score entry to getpid() is always safe,
- * since when the parent is writing an entry, it's only noting SERVER_DEAD
- * anyway.
- */
-
-API_EXPORT(int) ap_exists_scoreboard_image(void)
-{
-    return (ap_scoreboard_image ? 1 : 0);
-}
-
-/* a clean exit from the parent with proper cleanup */
-static void clean_parent_exit(int code) __attribute__((noreturn));
-static void clean_parent_exit(int code)
-{
-    /* Clear the pool - including any registered cleanups */
-    ap_destroy_pool(pglobal);
-    ap_kill_alloc_shared();
-    fdcache_closeall();
-    exit(code);
-}
-
-API_EXPORT(int) ap_update_child_status(int child_num, int status, request_rec *r)
-{
-    int old_status;
-    short_score *ss;
-
-    if (child_num < 0)
-	return -1;
-
-    ap_check_signals();
-
-    ss = &ap_scoreboard_image->servers[child_num];
-    old_status = ss->status;
-    ss->status = status;
-
-    ++ss->cur_vtime;
-
-    if (ap_extended_status) {
-	if (status == SERVER_READY || status == SERVER_DEAD) {
-	    /*
-	     * Reset individual counters
-	     */
-	    if (status == SERVER_DEAD) {
-		ss->my_access_count = 0L;
-		ss->my_bytes_served = 0ULL;
-	    }
-	    ss->conn_count = (unsigned short) 0;
-	    ss->conn_bytes = 0ULL;
-	}
-        else if (status == SERVER_STARTING) {
-            /* clean out the start_time so that mod_status will print Req=0 */
-            /* Use memset to be independent from the type (struct timeval vs. clock_t) */
-            memset (&ss->start_time, '\0', sizeof ss->start_time);
-        }
-	if (r) {
-	    conn_rec *c = r->connection;
-	    ap_cpystrn(ss->client, ap_get_remote_host(c, r->per_dir_config,
-				  REMOTE_NOLOOKUP), sizeof(ss->client));
-	    if (r->the_request == NULL) {
-		    ap_cpystrn(ss->request, "NULL", sizeof(ss->request));
-	    } else if (r->parsed_uri.password == NULL) {
-		    ap_cpystrn(ss->request, r->the_request, sizeof(ss->request));
-	    } else {
-		/* Don't reveal the password in the server-status view */
-		    ap_cpystrn(ss->request, ap_pstrcat(r->pool, r->method, " ",
-					       ap_unparse_uri_components(r->pool, &r->parsed_uri, UNP_OMITPASSWORD),
-					       r->assbackwards ? NULL : " ", r->protocol, NULL),
-				       sizeof(ss->request));
-	    }
-	    ss->vhostrec =  r->server;
-	}
-    }
-    if (status == SERVER_STARTING && r == NULL) {
-	/* clean up the slot's vhostrec pointer (maybe re-used)
-	 * and mark the slot as belonging to a new generation.
-	 */
-	ss->vhostrec = NULL;
-	ap_scoreboard_image->parent[child_num].generation = ap_my_generation;
-    }
-
-    return old_status;
-}
-
-void ap_time_process_request(int child_num, int status)
-{
-    short_score *ss;
-
-    if (child_num < 0)
-	return;
-
-    ss = &ap_scoreboard_image->servers[child_num];
-
-    if (status == START_PREQUEST) {
-	if (gettimeofday(&ss->start_time, (struct timezone *) 0) < 0)
-	    ss->start_time.tv_sec =
-		ss->start_time.tv_usec = 0L;
-    }
-    else if (status == STOP_PREQUEST) {
-	if (gettimeofday(&ss->stop_time, (struct timezone *) 0) < 0)
-	    ss->stop_time.tv_sec =
-		ss->stop_time.tv_usec =
-		ss->start_time.tv_sec =
-		ss->start_time.tv_usec = 0L;
-
-    }
-}
-
-static void increment_counts(int child_num, request_rec *r)
-{
-    off_t bs = 0;
-    short_score *ss;
-
-    ss = &ap_scoreboard_image->servers[child_num];
-
-    if (r->sent_bodyct)
-	ap_bgetopt(r->connection->client, BO_BYTECT, &bs);
-
-    times(&ss->times);
-    ss->access_count++;
-    ss->my_access_count++;
-    ss->conn_count++;
-    ss->bytes_served += bs;
-    ss->my_bytes_served += bs;
-    ss->conn_bytes += bs;
-}
-
-static int find_child_by_pid(int pid)
-{
-    int i;
-
-    for (i = 0; i < max_daemons_limit; ++i)
-	if (ap_scoreboard_image->parent[i].pid == pid)
-	    return i;
-
-    return -1;
-}
-
-static int safe_child_kill(pid_t pid, int sig)
-{
-    if (getpgid(pid) == getpgrp()) {
-        return kill(pid, sig);
-    }
-    else {
-        errno = EINVAL;
-        return -1;
-    }
-}
-
-static void reclaim_child_processes(int terminate)
-{
-    int i, status;
-    long int waittime = 1024 * 16;	/* in usecs */
-    struct timeval tv;
-    int waitret, tries;
-    int not_dead_yet;
-    int ret;
-    other_child_rec *ocr, *nocr;
-
-    for (tries = terminate ? 4 : 1; tries <= 12; ++tries) {
-	/* don't want to hold up progress any more than 
-	 * necessary, but we need to allow children a few moments to exit.
-	 * Set delay with an exponential backoff. NOTE: if we get
- 	 * interrupted, we'll wait longer than expected...
-	 */
-	tv.tv_sec = waittime / 1000000;
-	tv.tv_usec = waittime % 1000000;
-	waittime = waittime * 4;
-	do {
-	    ret = ap_select(0, NULL, NULL, NULL, &tv);
-	} while (ret == -1 && errno == EINTR);
-
-	/* now see who is done */
-	not_dead_yet = 0;
-	for (i = 0; i < max_daemons_limit; ++i) {
-	    int pid = ap_scoreboard_image->parent[i].pid;
-
-	    if (pid == my_pid || pid == 0)
-		continue;
-
-	    waitret = waitpid(pid, &status, WNOHANG);
-	    if (waitret == pid || waitret == -1) {
-		ap_scoreboard_image->parent[i].pid = 0;
-		continue;
-	    }
-	    ++not_dead_yet;
-	    switch (tries) {
-	    case 1:     /*  16ms */
-	    case 2:     /*  82ms */
-		break;
-	    case 3:     /* 344ms */
-		/* perhaps it missed the SIGHUP, lets try again */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
-			    server_conf,
-		    "child process %d did not exit, sending another SIGHUP",
-			    pid);
-		safe_child_kill(pid, SIGHUP);
-		waittime = 1024 * 16;
-		break;
-	    case 4:     /*  16ms */
-	    case 5:     /*  82ms */
-	    case 6:     /* 344ms */
-		break;
-	    case 7:     /* 1.4sec */
-		/* ok, now it's being annoying */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
-			    server_conf,
-		   "child process %d still did not exit, sending a SIGTERM",
-			    pid);
-		safe_child_kill(pid, SIGTERM);
-		break;
-	    case 8:     /*  6 sec */
-		/* die child scum */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
-		   "child process %d still did not exit, sending a SIGKILL",
-			    pid);
-		safe_child_kill(pid, SIGKILL);
-		waittime = 1024 * 16; /* give them some time to die */
-		break;
-	    case 9:     /*   6 sec */
-	    case 10:    /* 6.1 sec */
-	    case 11:    /* 6.4 sec */
-		break;
-	    case 12:    /* 7.4 sec */
-		/* gave it our best shot, but alas...  If this really 
-		 * is a child we are trying to kill and it really hasn't
-		 * exited, we will likely fail to bind to the port
-		 * after the restart.
-		 */
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
-			    "could not make child process %d exit, "
-			    "attempting to continue anyway", pid);
-		break;
-	    }
-	}
-	for (ocr = other_children; ocr; ocr = nocr) {
-	    nocr = ocr->next;
-	    if (ocr->pid == -1)
-		continue;
-
-	    waitret = waitpid(ocr->pid, &status, WNOHANG);
-	    if (waitret == ocr->pid) {
-		ocr->pid = -1;
-		(*ocr->maintenance) (OC_REASON_RESTART, ocr->data, (ap_wait_t)status);
-	    }
-	    else if (waitret == 0) {
-		(*ocr->maintenance) (OC_REASON_RESTART, ocr->data, (ap_wait_t)-1);
-		++not_dead_yet;
-	    }
-	    else if (waitret == -1) {
-		/* uh what the heck? they didn't call unregister? */
-		ocr->pid = -1;
-		(*ocr->maintenance) (OC_REASON_LOST, ocr->data, (ap_wait_t)-1);
-	    }
-	}
-	if (!not_dead_yet) {
-	    /* nothing left to wait for */
-	    break;
-	}
-    }
-}
-
-
-/* Finally, this routine is used by the caretaker process to wait for
- * a while...
- */
-
-/* number of calls to wait_or_timeout between writable probes */
-#ifndef INTERVAL_OF_WRITABLE_PROBES
-#define INTERVAL_OF_WRITABLE_PROBES 10
-#endif
-static int wait_or_timeout_counter;
-
-static int wait_or_timeout(ap_wait_t *status)
-{
-    struct timeval tv;
-    int ret;
-
-    ++wait_or_timeout_counter;
-    if (wait_or_timeout_counter == INTERVAL_OF_WRITABLE_PROBES) {
-	wait_or_timeout_counter = 0;
-	probe_writable_fds();
-    }
-    ret = waitpid(-1, status, WNOHANG);
-    if (ret == -1 && errno == EINTR) {
-	return -1;
-    }
-    if (ret > 0) {
-	return ret;
-    }
-    tv.tv_sec = SCOREBOARD_MAINTENANCE_INTERVAL / 1000000;
-    tv.tv_usec = SCOREBOARD_MAINTENANCE_INTERVAL % 1000000;
-    ap_select(0, NULL, NULL, NULL, &tv);
-    return -1;
-}
-
-#if defined(NSIG)
-#define NumSIG NSIG
-#elif defined(_NSIG)
-#define NumSIG _NSIG
-#elif defined(__NSIG)
-#define NumSIG __NSIG
-#else
-#define NumSIG 32   /* for 1998's unixes, this is still a good assumption */
-#endif
-
-#define SYS_SIGLIST ap_sys_siglist
-#define INIT_SIGLIST() siglist_init();
-
-const char *ap_sys_siglist[NumSIG];
-
-static void siglist_init(void)
-{
-    int sig;
-
-    ap_sys_siglist[0] = "Signal 0";
-    ap_sys_siglist[SIGHUP] = "Hangup";
-    ap_sys_siglist[SIGINT] = "Interrupt";
-    ap_sys_siglist[SIGQUIT] = "Quit";
-    ap_sys_siglist[SIGILL] = "Illegal instruction";
-    ap_sys_siglist[SIGTRAP] = "Trace/BPT trap";
-    ap_sys_siglist[SIGIOT] = "IOT instruction";
-    ap_sys_siglist[SIGABRT] = "Abort";
-    ap_sys_siglist[SIGEMT] = "Emulator trap";
-    ap_sys_siglist[SIGFPE] = "Arithmetic exception";
-    ap_sys_siglist[SIGKILL] = "Killed";
-    ap_sys_siglist[SIGBUS] = "Bus error";
-    ap_sys_siglist[SIGSEGV] = "Segmentation fault";
-    ap_sys_siglist[SIGSYS] = "Bad system call";
-    ap_sys_siglist[SIGPIPE] = "Broken pipe";
-    ap_sys_siglist[SIGALRM] = "Alarm clock";
-    ap_sys_siglist[SIGTERM] = "Terminated";
-    ap_sys_siglist[SIGUSR1] = "User defined signal 1";
-    ap_sys_siglist[SIGUSR2] = "User defined signal 2";
-    ap_sys_siglist[SIGCHLD] = "Child status change";
-    ap_sys_siglist[SIGWINCH] = "Window changed";
-    ap_sys_siglist[SIGURG] = "urgent socket condition";
-    ap_sys_siglist[SIGIO] = "socket I/O possible";
-    ap_sys_siglist[SIGSTOP] = "Stopped (signal)";
-    ap_sys_siglist[SIGTSTP] = "Stopped";
-    ap_sys_siglist[SIGCONT] = "Continued";
-    ap_sys_siglist[SIGTTIN] = "Stopped (tty input)";
-    ap_sys_siglist[SIGTTOU] = "Stopped (tty output)";
-    ap_sys_siglist[SIGVTALRM] = "virtual timer expired";
-    ap_sys_siglist[SIGPROF] = "profiling timer expired";
-    ap_sys_siglist[SIGXCPU] = "exceeded cpu limit";
-    ap_sys_siglist[SIGXFSZ] = "exceeded file size limit";
-    for (sig=0; sig < sizeof(ap_sys_siglist)/sizeof(ap_sys_siglist[0]); ++sig)
-        if (ap_sys_siglist[sig] == NULL)
-            ap_sys_siglist[sig] = "";
-}
-
-/* handle all varieties of core dumping signals */
-static void sig_coredump(int sig)
-{
-    chdir(ap_coredump_dir);
-    signal(sig, SIG_DFL);
-    kill(getpid(), sig);
-    /* At this point we've got sig blocked, because we're still inside
-     * the signal handler.  When we leave the signal handler it will
-     * be unblocked, and we'll take the signal... and coredump or whatever
-     * is appropriate for this particular Unix.  In addition the parent
-     * will see the real signal we received -- whereas if we called
-     * abort() here, the parent would only see SIGABRT.
-     */
-}
-
-/*****************************************************************
- * Connection structures and accounting...
- */
-
-static void just_die(int sig)
-{				/* SIGHUP to child process??? */
-    /* if alarms are blocked we have to wait to die otherwise we might
-     * end up with corruption in alloc.c's internal structures */
-    if (alarms_blocked) {
-	exit_after_unblock = 1;
-    }
-    else {
-	clean_child_exit(0);
-    }
-}
-
-static int volatile usr1_just_die = 1;
-static int volatile deferred_die;
-
-static void usr1_handler(int sig)
-{
-    if (usr1_just_die) {
-	just_die(sig);
-    }
-    deferred_die = 1;
-}
-
-/* volatile just in case */
-static int volatile shutdown_pending;
-static int volatile restart_pending;
-static int volatile is_graceful;
-API_VAR_EXPORT ap_generation_t volatile ap_my_generation=0;
-
-
-/*
- * ap_start_shutdown() and ap_start_restart(), below, are a first stab at
- * functions to initiate shutdown or restart without relying on signals. 
- * Previously this was initiated in sig_term() and restart() signal handlers, 
- * but we want to be able to start a shutdown/restart from other sources --
- * e.g. on Win32, from the service manager. Now the service manager can
- * call ap_start_shutdown() or ap_start_restart() as appropiate.  Note that
- * these functions can also be called by the child processes, since global
- * variables are no longer used to pass on the required action to the parent.
- */
-
-API_EXPORT(void) ap_start_shutdown(void)
-{
-    if (shutdown_pending == 1) {
-	/* Um, is this _probably_ not an error, if the user has
-	 * tried to do a shutdown twice quickly, so we won't
-	 * worry about reporting it.
-	 */
-	return;
-    }
-    shutdown_pending = 1;
-}
-
-/* do a graceful restart if graceful == 1 */
-API_EXPORT(void) ap_start_restart(int graceful)
-{
-    if (restart_pending == 1) {
-	/* Probably not an error - don't bother reporting it */
-	return;
-    }
-    restart_pending = 1;
-    is_graceful = graceful;
-}
-
-static void sig_term(int sig)
-{
-    ap_start_shutdown();
-}
-
-static void restart(int sig)
-{
-    ap_start_restart(sig == SIGUSR1);
-}
-
-static void set_signals(void)
-{
-    struct sigaction sa;
-
-    sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-
-    if (!one_process) {
-	sa.sa_handler = sig_coredump;
-	sa.sa_flags = SA_RESETHAND;
-	if (sigaction(SIGBUS, &sa, NULL) < 0)
-	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGBUS)");
-	if (sigaction(SIGABRT, &sa, NULL) < 0)
-	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGABRT)");
-	if (sigaction(SIGILL, &sa, NULL) < 0)
-	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGILL)");
-	sa.sa_flags = 0;
-    }
-    sa.sa_handler = sig_term;
-    if (sigaction(SIGTERM, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGTERM)");
-    if (sigaction(SIGINT, &sa, NULL) < 0)
-        ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGINT)");
-    sa.sa_handler = SIG_DFL;
-    if (sigaction(SIGXCPU, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGXCPU)");
-    sa.sa_handler = SIG_DFL;
-    if (sigaction(SIGXFSZ, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGXFSZ)");
-    sa.sa_handler = SIG_IGN;
-    if (sigaction(SIGPIPE, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGPIPE)");
-
-    /* we want to ignore HUPs and USR1 while we're busy processing one */
-    sigaddset(&sa.sa_mask, SIGHUP);
-    sigaddset(&sa.sa_mask, SIGUSR1);
-    sa.sa_handler = restart;
-    if (sigaction(SIGHUP, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGHUP)");
-    if (sigaction(SIGUSR1, &sa, NULL) < 0)
-	ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "sigaction(SIGUSR1)");
-}
-
-
-/*****************************************************************
- * Here follows a long bunch of generic server bookkeeping stuff...
- */
-
-static void detach(void)
-{
-    int x;
-
-    chdir("/");
-    if (do_detach) {
-        if ((x = fork()) > 0)
-            exit(0);
-        else if (x == -1) {
-            perror("fork");
-	    fprintf(stderr, "%s: unable to fork new process\n", ap_server_argv0);
-	    exit(1);
-        }
-        RAISE_SIGSTOP(DETACH);
-    }
-    if ((pgrp = setsid()) == -1) {
-	perror("setsid");
-	fprintf(stderr, "%s: setsid failed\n", ap_server_argv0);
-	if (!do_detach) 
-	    fprintf(stderr, "setsid() failed probably because you aren't "
-		"running under a process management tool like daemontools\n");
-	exit(1);
-    }
-
-    /* close out the standard file descriptors */
-    if (freopen("/dev/null", "r", stdin) == NULL) {
-	fprintf(stderr, "%s: unable to replace stdin with /dev/null: %s\n",
-		ap_server_argv0, strerror(errno));
-	/* continue anyhow -- note we can't close out descriptor 0 because we
-	 * have nothing to replace it with, and if we didn't have a descriptor
-	 * 0 the next file would be created with that value ... leading to
-	 * havoc.
-	 */
-    }
-    if (freopen("/dev/null", "w", stdout) == NULL) {
-	fprintf(stderr, "%s: unable to replace stdout with /dev/null: %s\n",
-		ap_server_argv0, strerror(errno));
-    }
-    /* stderr is a tricky one, we really want it to be the error_log,
-     * but we haven't opened that yet.  So leave it alone for now and it'll
-     * be reopened moments later.
-     */
-}
-
-/* Set group privileges.
- *
- * Note that we use the username as set in the config files, rather than
- * the lookup of to uid --- the same uid may have multiple passwd entries,
- * with different sets of groups for each.
- */
-
-static void set_group_privs(void)
-{
-    if (!geteuid()) {
-	char *name;
-
-	/* Get username if passed as a uid */
-
-	if (ap_user_name[0] == '#') {
-	    struct passwd *ent;
-	    uid_t uid = atoi(&ap_user_name[1]);
-
-	    if ((ent = getpwuid(uid)) == NULL) {
-		ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-			 "getpwuid: couldn't determine user name from uid %u, "
-			 "you probably need to modify the User directive",
-			 (unsigned)uid);
-		clean_child_exit(APEXIT_CHILDFATAL);
-	    }
-
-	    name = ent->pw_name;
-	}
-	else
-	    name = ap_user_name;
-
-	/*
-	 * Set the GID before initgroups(), since on some platforms
-	 * setgid() is known to zap the group list.
-	 */
-	if (setgid(ap_group_id) == -1) {
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-			"setgid: unable to set group id to Group %u",
-			(unsigned)ap_group_id);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-
-	/* Reset `groups' attributes. */
-
-	if (initgroups(name, ap_group_id) == -1) {
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-			"initgroups: unable to set groups for User %s "
-			"and Group %u", name, (unsigned)ap_group_id);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-}
-
-/* check to see if we have the 'suexec' setuid wrapper installed */
-static int init_suexec(void)
-{
-    int result = 0;
-
-    struct stat wrapper;
-
-    if ((stat(SUEXEC_BIN, &wrapper)) != 0) {
-	result = 0;
-    }
-    else if ((wrapper.st_mode & S_ISUID) && (wrapper.st_uid == 0)) {
-	result = 1;
-    }
-    return result;
-}
-
-/*****************************************************************
- * Connection structures and accounting...
- */
-
-
-static conn_rec *new_connection(pool *p, server_rec *server, BUFF *inout,
-			     const struct sockaddr *remaddr,
-			     const struct sockaddr *saddr,
-			     int child_num)
-{
-    conn_rec *conn = (conn_rec *) ap_pcalloc(p, sizeof(conn_rec));
-    char hostnamebuf[MAXHOSTNAMELEN];
-    size_t addr_len;
-
-    /* Got a connection structure, so initialize what fields we can
-     * (the rest are zeroed out by pcalloc).
-     */
-
-    conn->child_num = child_num;
-
-    conn->pool = p;
-    addr_len = saddr->sa_len;
-    memcpy(&conn->local_addr, saddr, addr_len);
-    getnameinfo((struct sockaddr *)&conn->local_addr, addr_len,
-	hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
-    conn->local_ip = ap_pstrdup(conn->pool, hostnamebuf);
-    conn->server = server; /* just a guess for now */
-    ap_update_vhost_given_ip(conn);
-    conn->base_server = conn->server;
-    conn->client = inout;
-
-    addr_len = remaddr->sa_len;
-    memcpy(&conn->remote_addr, remaddr, addr_len);
-    getnameinfo((struct sockaddr *)&conn->remote_addr, addr_len,
-      hostnamebuf, sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
-    conn->remote_ip = ap_pstrdup(conn->pool, hostnamebuf);
-    conn->ctx = ap_ctx_new(conn->pool);
-
-    /*
-     * Invoke the `new_connection' hook of modules to let them do
-     * some connection dependent actions before we go on with
-     * processing the request on this connection.
-     */
-    {
-        module *m;
-        for (m = top_module; m != NULL; m = m->next)
-            if (m->magic == MODULE_MAGIC_COOKIE_EAPI)
-                if (m->new_connection != NULL)
-                    (*m->new_connection)(conn);
-    }
-
-    return conn;
-}
-
-static void sock_disable_nagle(int s, struct sockaddr_in *sin_client)
-{
-    /* The Nagle algorithm says that we should delay sending partial
-     * packets in hopes of getting more data.  We don't want to do
-     * this; we are not telnet.  There are bad interactions between
-     * persistent connections and Nagle's algorithm that have very severe
-     * performance penalties.  (Failing to disable Nagle is not much of a
-     * problem with simple HTTP.)
-     *
-     * In spite of these problems, failure here is not a shooting offense.
-     */
-    int just_say_no = 1;
-
-    if (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, (char *) &just_say_no,
-		   sizeof(int)) < 0) {
-        if (sin_client) {
-            ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
-                         "setsockopt: (TCP_NODELAY), client %pA probably "
-                         "dropped the connection", &sin_client->sin_addr);
-        }
-        else {
-            ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf,
-                         "setsockopt: (TCP_NODELAY)");
-        }
-    }
-}
-
-static int make_sock(pool *p, const struct sockaddr *server)
-{
-    int s;
-    int one = 1;
-    char addr[INET6_ADDRSTRLEN + 128];
-    char a0[INET6_ADDRSTRLEN];
-    char p0[NI_MAXSERV];
-
-    switch(server->sa_family){
-    case AF_INET:
-    case AF_INET6:
-      break;
-    default:
-      ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-                   "make_sock: unsupported address family %u", 
-		   server->sa_family);
-      ap_unblock_alarms();
-      exit(1);
-    }
-    
-    getnameinfo(server, server->sa_len, a0, sizeof(a0), p0, sizeof(p0),
-   	NI_NUMERICHOST | NI_NUMERICSERV);
-    ap_snprintf(addr, sizeof(addr), "address %s port %s", a0, p0);
-#ifdef MPE
-    if (atoi(p0) < 1024)
-      privport++;
-#endif
-
-    /* note that because we're about to slack we don't use psocket */
-    ap_block_alarms();
-    if ((s = socket(server->sa_family, SOCK_STREAM, IPPROTO_TCP)) == -1) {
-	    ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-		    "make_sock: failed to get a socket for %s", addr);
-
-	    ap_unblock_alarms();
-	    exit(1);
-    }
-
-    s = ap_slack(s, AP_SLACK_HIGH);
-
-    ap_note_cleanups_for_socket_ex(p, s, 1);	/* arrange to close on exec or restart */
-
-    if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &one, sizeof(int)) < 0) {
-	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-		    "make_sock: for %s, setsockopt: (SO_REUSEADDR)", addr);
-	closesocket(s);
-	ap_unblock_alarms();
-	exit(1);
-    }
-    one = 1;
-    if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *) &one, sizeof(int)) < 0) {
-	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-		    "make_sock: for %s, setsockopt: (SO_KEEPALIVE)", addr);
-	closesocket(s);
-
-	ap_unblock_alarms();
-	exit(1);
-    }
-
-    sock_disable_nagle(s, NULL);
-    sock_enable_linger(s);
-
-    /*
-     * To send data over high bandwidth-delay connections at full
-     * speed we must force the TCP window to open wide enough to keep the
-     * pipe full.  The default window size on many systems
-     * is only 4kB.  Cross-country WAN connections of 100ms
-     * at 1Mb/s are not impossible for well connected sites.
-     * If we assume 100ms cross-country latency,
-     * a 4kB buffer limits throughput to 40kB/s.
-     *
-     * To avoid this problem I've added the SendBufferSize directive
-     * to allow the web master to configure send buffer size.
-     *
-     * The trade-off of larger buffers is that more kernel memory
-     * is consumed.  YMMV, know your customers and your network!
-     *
-     * -John Heidemann  25-Oct-96
-     *
-     * If no size is specified, use the kernel default.
-     */
-    if (server_conf->send_buffer_size) {
-	if (setsockopt(s, SOL_SOCKET, SO_SNDBUF,
-		(char *) &server_conf->send_buffer_size, sizeof(int)) < 0) {
-	    ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf,
-			"make_sock: failed to set SendBufferSize for %s, "
-			"using default", addr);
-	    /* not a fatal error */
-	}
-    }
-
-    if (bind(s, server, server->sa_len) == -1) {
-	ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-	    "make_sock: could not bind to %s", addr);
-
-	closesocket(s);
-	ap_unblock_alarms();
-	exit(1);
-    }
-
-    if (listen(s, ap_listenbacklog) == -1) {
-	ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
-	    "make_sock: unable to listen for connections on %s", addr);
-	closesocket(s);
-	ap_unblock_alarms();
-	exit(1);
-    }
-
-    ap_unblock_alarms();
-
-    /* protect various fd_sets */
-    if (s >= FD_SETSIZE) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
-	    "make_sock: problem listening on %s, filedescriptor (%u) "
-	    "larger than FD_SETSIZE (%u) "
-	    "found, you probably need to rebuild Apache with a "
-	    "larger FD_SETSIZE", addr, s, FD_SETSIZE);
-	closesocket(s);
-	exit(1);
-    }
-
-    return s;
-}
-
-
-/*
- * During a restart we keep track of the old listeners here, so that we
- * can re-use the sockets.  We have to do this because we won't be able
- * to re-open the sockets ("Address already in use").
- *
- * Unlike the listeners ring, old_listeners is a NULL terminated list.
- *
- * copy_listeners() makes the copy, find_listener() finds an old listener
- * and close_unused_listener() cleans up whatever wasn't used.
- */
-static listen_rec *old_listeners;
-
-/* unfortunately copy_listeners may be called before listeners is a ring */
-static void copy_listeners(pool *p)
-{
-    listen_rec *lr;
-
-    ap_assert(old_listeners == NULL);
-    if (ap_listeners == NULL) {
-	return;
-    }
-    lr = ap_listeners;
-    do {
-	listen_rec *nr = malloc(sizeof *nr);
-
-        if (nr == NULL) {
-            fprintf(stderr, "Ouch!  malloc failed in copy_listeners()\n");
-            exit(1);
-        }
-	*nr = *lr;
-	ap_kill_cleanups_for_socket(p, nr->fd);
-	nr->next = old_listeners;
-	ap_assert(!nr->used);
-	old_listeners = nr;
-	lr = lr->next;
-    } while (lr && lr != ap_listeners);
-}
-
-
-static int find_listener(listen_rec *lr)
-{
-    listen_rec *or;
-
-    for (or = old_listeners; or; or = or->next) {
-	if (!memcmp(&or->local_addr, &lr->local_addr, sizeof(or->local_addr))) {
-	    or->used = 1;
-	    return or->fd;
-	}
-    }
-    return -1;
-}
-
-
-static void close_unused_listeners(void)
-{
-    listen_rec *or, *next;
-
-    for (or = old_listeners; or; or = next) {
-	next = or->next;
-	if (!or->used)
-	    closesocket(or->fd);
-	free(or);
-    }
-    old_listeners = NULL;
-}
-
-
-/* open sockets, and turn the listeners list into a singly linked ring */
-static void setup_listeners(pool *p)
-{
-    listen_rec *lr;
-    int fd;
-
-    listenmaxfd = -1;
-    FD_ZERO(&listenfds);
-    lr = ap_listeners;
-    for (;;) {
-	fd = find_listener(lr);
-	if (fd < 0) {
-		fd = make_sock(p, (struct sockaddr *)&lr->local_addr);
-	}
-	else {
-	    ap_note_cleanups_for_socket_ex(p, fd, 1);
-	}
-	/* if we get here, (fd >= 0) && (fd < FD_SETSIZE) */
-	if (fd >= 0) {
-	    FD_SET(fd, &listenfds);
-	    if (fd > listenmaxfd)
-		listenmaxfd = fd;
-	}
-	lr->fd = fd;
-	if (lr->next == NULL)
-	    break;
-	lr = lr->next;
-    }
-    /* turn the list into a ring */
-    lr->next = ap_listeners;
-    head_listener = ap_listeners;
-    close_unused_listeners();
-
-}
-
-
-/*
- * Find a listener which is ready for accept().  This advances the
- * head_listener global.
- */
-static ap_inline listen_rec *find_ready_listener(fd_set * main_fds)
-{
-    listen_rec *lr;
-
-    lr = head_listener;
-    do {
-	if (FD_ISSET(lr->fd, main_fds)) {
-	    head_listener = lr->next;
-	    return (lr);
-	}
-	lr = lr->next;
-    } while (lr != head_listener);
-    return NULL;
-}
-
-
-static void show_compile_settings(void)
-{
-    printf("Server version: %s\n", ap_get_server_version());
-    printf("Server's Module Magic Number: %u:%u\n",
-	   MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR);
-    printf("Server compiled with....\n");
-    printf(" -D EAPI\n");
-#ifdef EAPI_MM
-    printf(" -D EAPI_MM\n");
-#ifdef EAPI_MM_CORE_PATH
-    printf(" -D EAPI_MM_CORE_PATH=\"" EAPI_MM_CORE_PATH "\"\n");
-#endif
-#endif
-    printf(" -D HAVE_MMAP\n");
-    printf(" -D HAVE_SHMGET\n");
-    printf(" -D USE_MMAP_SCOREBOARD\n");
-    printf(" -D USE_MMAP_FILES\n");
-#ifdef MMAP_SEGMENT_SIZE
-	printf(" -D MMAP_SEGMENT_SIZE=%ld\n",(long)MMAP_SEGMENT_SIZE);
-#endif
-    printf(" -D HAVE_FLOCK_SERIALIZED_ACCEPT\n");
-    printf(" -D HAVE_SYSVSEM_SERIALIZED_ACCEPT\n");
-    printf(" -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT\n");
-#ifdef BUFFERED_LOGS
-    printf(" -D BUFFERED_LOGS\n");
-#ifdef PIPE_BUF
-	printf(" -D PIPE_BUF=%ld\n",(long)PIPE_BUF);
-#endif
-#endif
-    printf(" -D DYNAMIC_MODULE_LIMIT=%ld\n",(long)DYNAMIC_MODULE_LIMIT);
-    printf(" -D HARD_SERVER_LIMIT=%ld\n",(long)HARD_SERVER_LIMIT);
-
-/* This list displays the compiled-in default paths: */
-#ifdef HTTPD_ROOT
-    printf(" -D HTTPD_ROOT=\"" HTTPD_ROOT "\"\n");
-#endif
-#if defined(SUEXEC_BIN)
-    printf(" -D SUEXEC_BIN=\"" SUEXEC_BIN "\"\n");
-#endif
-#ifdef DEFAULT_PIDLOG
-    printf(" -D DEFAULT_PIDLOG=\"" DEFAULT_PIDLOG "\"\n");
-#endif
-#ifdef DEFAULT_SCOREBOARD
-    printf(" -D DEFAULT_SCOREBOARD=\"" DEFAULT_SCOREBOARD "\"\n");
-#endif
-#ifdef DEFAULT_LOCKFILE
-    printf(" -D DEFAULT_LOCKFILE=\"" DEFAULT_LOCKFILE "\"\n");
-#endif
-#ifdef DEFAULT_ERRORLOG
-    printf(" -D DEFAULT_ERRORLOG=\"" DEFAULT_ERRORLOG "\"\n");
-#endif
-#ifdef TYPES_CONFIG_FILE
-    printf(" -D TYPES_CONFIG_FILE=\"" TYPES_CONFIG_FILE "\"\n");
-#endif
-#ifdef SERVER_CONFIG_FILE
-    printf(" -D SERVER_CONFIG_FILE=\"" SERVER_CONFIG_FILE "\"\n");
-#endif
-#ifdef ACCESS_CONFIG_FILE
-    printf(" -D ACCESS_CONFIG_FILE=\"" ACCESS_CONFIG_FILE "\"\n");
-#endif
-#ifdef RESOURCE_CONFIG_FILE
-    printf(" -D RESOURCE_CONFIG_FILE=\"" RESOURCE_CONFIG_FILE "\"\n");
-#endif
-}
-
-
-/* Some init code that's common between win32 and unix... well actually
- * some of it is #ifdef'd but was duplicated before anyhow.  This stuff
- * is still a mess.
- */
-static void common_init(void)
-{
-    INIT_SIGLIST()
-
-
-    pglobal = ap_init_alloc();
-    pconf = ap_make_sub_pool(pglobal);
-    plog = ap_make_sub_pool(pglobal);
-    ptrans = ap_make_sub_pool(pconf);
-
-    ap_util_init();
-    ap_util_uri_init();
-
-    pcommands = ap_make_sub_pool(NULL);
-    ap_server_pre_read_config  = ap_make_array(pcommands, 1, sizeof(char *));
-    ap_server_post_read_config = ap_make_array(pcommands, 1, sizeof(char *));
-    ap_server_config_defines   = ap_make_array(pcommands, 1, sizeof(char *));
-
-    ap_hook_init();
-    ap_hook_configure("ap::buff::read", 
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_configure("ap::buff::write",  
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_configure("ap::buff::writev",  
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_configure("ap::buff::sendwithtimeout", 
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_configure("ap::buff::recvwithtimeout", 
-                      AP_HOOK_SIG4(int,ptr,ptr,int), AP_HOOK_TOPMOST);
-
-    ap_global_ctx = ap_ctx_new(NULL);
-}
-
-/*****************************************************************
- * Child process main loop.
- * The following vars are static to avoid getting clobbered by longjmp();
- * they are really private to child_main.
- */
-
-static int srv;
-static int csd;
-static int dupped_csd;
-static int requests_this_child;
-static fd_set main_fds;
-
-API_EXPORT(void) ap_child_terminate(request_rec *r)
-{
-    r->connection->keepalive = 0;
-    requests_this_child = ap_max_requests_per_child = 1;
-}
-
-static void child_main(int child_num_arg)
-{
-    NET_SIZE_T clen;
-    struct sockaddr_storage sa_server;
-    struct sockaddr_storage sa_client;
-    listen_rec *lr;
-    struct rlimit rlp;
-
-    /* All of initialization is a critical section, we don't care if we're
-     * told to HUP or USR1 before we're done initializing.  For example,
-     * we could be half way through child_init_modules() when a restart
-     * signal arrives, and we'd have no real way to recover gracefully
-     * and exit properly.
-     *
-     * I suppose a module could take forever to initialize, but that would
-     * be either a broken module, or a broken configuration (i.e. network
-     * problems, file locking problems, whatever). -djg
-     */
-    ap_block_alarms();
-
-    my_pid = getpid();
-    csd = -1;
-    dupped_csd = -1;
-    my_child_num = child_num_arg;
-    requests_this_child = 0;
-
-    setproctitle("child");
-
-    /*
-     * set up rlimits to keep apache+scripting from leaking horribly
-     */
-    if (ap_max_cpu_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_cpu_per_child;
-	if (setrlimit(RLIMIT_CPU, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set CPU limit to %d",
-		ap_max_cpu_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-    if (ap_max_data_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_data_per_child;
-	if (setrlimit(RLIMIT_DATA, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set data limit to %d",
-		ap_max_data_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-    if (ap_max_nofile_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_nofile_per_child;
-	if (setrlimit(RLIMIT_NOFILE, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set open file limit to %d",
-		ap_max_nofile_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-    if (ap_max_rss_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_rss_per_child;
-	if (setrlimit(RLIMIT_RSS, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set RSS limit to %d",
-		ap_max_rss_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-    if (ap_max_stack_per_child != 0){
-	rlp.rlim_cur = rlp.rlim_max = ap_max_stack_per_child;
-	if (setrlimit(RLIMIT_STACK, &rlp) == -1){
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		"setrlimit: unable to set stack size limit to %d",
-		ap_max_stack_per_child);
-	    clean_child_exit(APEXIT_CHILDFATAL);
-	}
-    }
-
-    /* Get a sub pool for global allocations in this child, so that
-     * we can have cleanups occur when the child exits.
-     */
-    pchild = ap_make_sub_pool(pconf);
-    /* associate accept mutex cleanup with a subpool of pchild so we can
-     * make sure the mutex is released before calling module code at
-     * termination
-     */
-    pmutex = ap_make_sub_pool(pchild);
-
-    /* needs to be done before we switch UIDs so we have permissions */
-    SAFE_ACCEPT(accept_mutex_child_init(pmutex));
-
-    set_group_privs();
-    /* 
-     * Only try to switch if we're running as root
-     * In case of Cygwin we have the special super-user named SYSTEM
-     */
-    if (!geteuid() && (
-	setuid(ap_user_id) == -1)) {
-	ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-		    "setuid: unable to change to uid: %u", ap_user_id);
-	clean_child_exit(APEXIT_CHILDFATAL);
-    }
-
-    ap_child_init_modules(pchild, server_conf);
-
-    /* done with the initialization critical section */
-    ap_unblock_alarms();
-
-    (void) ap_update_child_status(my_child_num, SERVER_READY, (request_rec *) NULL);
-
-    /*
-     * Setup the jump buffers so that we can return here after a timeout 
-     */
-    ap_setjmp(jmpbuffer);
-    signal(SIGURG, timeout);
-    if (signal(SIGALRM, alrm_handler) == SIG_ERR) {
-	   fprintf(stderr, "installing signal handler for SIGALRM failed, errno %u\n", errno);
-	}
-
-
-    while (1) {
-	BUFF *conn_io;
-	request_rec *r;
-
-	/* Prepare to receive a SIGUSR1 due to graceful restart so that
-	 * we can exit cleanly.  Since we're between connections right
-	 * now it's the right time to exit, but we might be blocked in a
-	 * system call when the graceful restart request is made. */
-	usr1_just_die = 1;
-	signal(SIGUSR1, usr1_handler);
-
-	/*
-	 * (Re)initialize this child to a pre-connection state.
-	 */
-
-	ap_kill_timeout(0);	/* Cancel any outstanding alarms. */
-	current_conn = NULL;
-
-	ap_clear_pool(ptrans);
-
-	if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
-	    clean_child_exit(0);
-	}
-
-	if ((ap_max_requests_per_child > 0
-	     && requests_this_child++ >= ap_max_requests_per_child)) {
-	    clean_child_exit(0);
-	}
-
-	(void) ap_update_child_status(my_child_num, SERVER_READY, (request_rec *) NULL);
-
-	/*
-	 * Wait for an acceptable connection to arrive.
-	 */
-
-	/* Lock around "accept", if necessary */
-	SAFE_ACCEPT(accept_mutex_on());
-
-	for (;;) {
-	    if (ap_listeners->next != ap_listeners) {
-		/* more than one socket */
-		memcpy(&main_fds, &listenfds, sizeof(fd_set));
-		srv = ap_select(listenmaxfd + 1, &main_fds, NULL, NULL, NULL);
-
-		if (srv < 0 && errno != EINTR) {
-		    /* Single Unix documents select as returning errnos
-		     * EBADF, EINTR, and EINVAL... and in none of those
-		     * cases does it make sense to continue.  In fact
-		     * on Linux 2.0.x we seem to end up with EFAULT
-		     * occasionally, and we'd loop forever due to it.
-		     */
-		    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf, "select: (listen)");
-		    clean_child_exit(1);
-		}
-
-		if (srv <= 0)
-		    continue;
-
-		lr = find_ready_listener(&main_fds);
-		if (lr == NULL)
-		    continue;
-		sd = lr->fd;
-	    }
-	    else {
-		/* only one socket, just pretend we did the other stuff */
-		sd = ap_listeners->fd;
-	    }
-
-	    /* if we accept() something we don't want to die, so we have to
-	     * defer the exit
-	     */
-	    deferred_die = 0;
-	    usr1_just_die = 0;
-	    for (;;) {
-		clen = sizeof(sa_client);
-		csd = ap_accept(sd, (struct sockaddr *)&sa_client, &clen);
-		if (csd >= 0 || errno != EINTR)
-		    break;
-		if (deferred_die) {
-		    /* we didn't get a socket, and we were told to die */
-		    clean_child_exit(0);
-		}
-	    }
-
-	    if (csd >= 0)
-		break;		/* We have a socket ready for reading */
-	    else {
-
-		/* Our old behaviour here was to continue after accept()
-		 * errors.  But this leads us into lots of troubles
-		 * because most of the errors are quite fatal.  For
-		 * example, EMFILE can be caused by slow descriptor
-		 * leaks (say in a 3rd party module, or libc).  It's
-		 * foolish for us to continue after an EMFILE.  We also
-		 * seem to tickle kernel bugs on some platforms which
-		 * lead to never-ending loops here.  So it seems best
-		 * to just exit in most cases.
-		 */
-                switch (errno) {
-
-                case ECONNABORTED:
-		    /* Linux generates the rest of these, other tcp
-		     * stacks (i.e. bsd) tend to hide them behind
-		     * getsockopt() interfaces.  They occur when
-		     * the net goes sour or the client disconnects
-		     * after the three-way handshake has been done
-		     * in the kernel but before userland has picked
-		     * up the socket.
-		     */
-                case ECONNRESET:
-                case ETIMEDOUT:
-		case EHOSTUNREACH:
-		case ENETUNREACH:
-                    break;
-		case ENETDOWN:
-		     /*
-		      * When the network layer has been shut down, there
-		      * is not much use in simply exiting: the parent
-		      * would simply re-create us (and we'd fail again).
-		      * Use the CHILDFATAL code to tear the server down.
-		      * @@@ Martin's idea for possible improvement:
-		      * A different approach would be to define
-		      * a new APEXIT_NETDOWN exit code, the reception
-		      * of which would make the parent shutdown all
-		      * children, then idle-loop until it detected that
-		      * the network is up again, and restart the children.
-		      * Ben Hyde noted that temporary ENETDOWN situations
-		      * occur in mobile IP.
-		      */
-		    ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-			"accept: giving up.");
-		    clean_child_exit(APEXIT_CHILDFATAL);
-
-		default:
-		    ap_log_error(APLOG_MARK, APLOG_ERR, server_conf,
-				"accept: (client socket)");
-		    clean_child_exit(1);
-		}
-	    }
-
-	    /* go around again, safe to die */
-	    usr1_just_die = 1;
-	    if (deferred_die) {
-		/* ok maybe not, see ya later */
-		clean_child_exit(0);
-	    }
-	    /* or maybe we missed a signal, you never know on systems
-	     * without reliable signals
-	     */
-	    if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
-		clean_child_exit(0);
-	    }
-	}
-
-	SAFE_ACCEPT(accept_mutex_off());	/* unlock after "accept" */
-
-
-	/* We've got a socket, let's at least process one request off the
-	 * socket before we accept a graceful restart request.
-	 */
-	signal(SIGUSR1, SIG_IGN);
-
-	ap_note_cleanups_for_socket_ex(ptrans, csd, 1);
-
-	/* protect various fd_sets */
-	if (csd >= FD_SETSIZE) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
-		"[csd] filedescriptor (%u) larger than FD_SETSIZE (%u) "
-		"found, you probably need to rebuild Apache with a "
-		"larger FD_SETSIZE", csd, FD_SETSIZE);
-	    continue;
-	}
-
-	/*
-	 * We now have a connection, so set it up with the appropriate
-	 * socket options, file descriptors, and read/write buffers.
-	 */
-
-	clen = sizeof(sa_server);
-	if (getsockname(csd, (struct sockaddr *)&sa_server, &clen) < 0) {
-	    ap_log_error(APLOG_MARK, APLOG_DEBUG, server_conf, 
-                         "getsockname, client %pA probably dropped the "
-                         "connection", 
-                         &((struct sockaddr_in *)&sa_client)->sin_addr);
-	    continue;
-	}
-
-	sock_disable_nagle(csd, (struct sockaddr_in *)&sa_client);
-
-	(void) ap_update_child_status(my_child_num, SERVER_BUSY_READ,
-				   (request_rec *) NULL);
-
-	conn_io = ap_bcreate(ptrans, B_RDWR | B_SOCKET);
-
-	dupped_csd = csd;
-	ap_bpushfd(conn_io, csd, dupped_csd);
-
-	current_conn = new_connection(ptrans, server_conf, conn_io,
-				          (struct sockaddr *)&sa_client,
-				          (struct sockaddr *)&sa_server,
-				          my_child_num);
-
-	/*
-	 * Read and process each request found on our connection
-	 * until no requests are left or we decide to close.
-	 */
-
-	while ((r = ap_read_request(current_conn)) != NULL) {
-
-	    /* read_request_line has already done a
-	     * signal (SIGUSR1, SIG_IGN);
-	     */
-
-	    (void) ap_update_child_status(my_child_num, SERVER_BUSY_WRITE, r);
-
-	    /* process the request if it was read without error */
-
-	    if (r->status == HTTP_OK)
-		ap_process_request(r);
-
-	    if(ap_extended_status)
-		increment_counts(my_child_num, r);
-
-	    if (!current_conn->keepalive || current_conn->aborted)
-		break;
-
-	    ap_destroy_pool(r->pool);
-	    (void) ap_update_child_status(my_child_num, SERVER_BUSY_KEEPALIVE,
-				       (request_rec *) NULL);
-
-	    if (ap_scoreboard_image->global.running_generation != ap_my_generation) {
-		ap_call_close_connection_hook(current_conn);
-		ap_bclose(conn_io);
-		clean_child_exit(0);
-	    }
-
-	    /* In case we get a graceful restart while we're blocked
-	     * waiting for the request.
-	     *
-	     * XXX: This isn't perfect, we might actually read the
-	     * request and then just die without saying anything to
-	     * the client.  This can be fixed by using deferred_die
-	     * but you have to teach buff.c about it so that it can handle
-	     * the EINTR properly.
-	     *
-	     * In practice though browsers (have to) expect keepalive
-	     * connections to close before receiving a response because
-	     * of network latencies and server timeouts.
-	     */
-	    usr1_just_die = 1;
-	    signal(SIGUSR1, usr1_handler);
-	}
-
-	/*
-	 * Close the connection, being careful to send out whatever is still
-	 * in our buffers.  If possible, try to avoid a hard close until the
-	 * client has ACKed our FIN and/or has stopped sending us data.
-	 */
-
-	if (r && r->connection
-	    && !r->connection->aborted
-	    && r->connection->client
-	    && (r->connection->client->fd >= 0)) {
-
-	    lingering_close(r);
-	}
-	else {
-	    ap_call_close_connection_hook(current_conn);
-	    ap_bsetflag(conn_io, B_EOUT, 1);
-	    ap_bclose(conn_io);
-	}
-    }
-}
-
-
-static int make_child(server_rec *s, int slot, time_t now)
-{
-    int pid;
-
-    if (slot + 1 > max_daemons_limit) {
-	max_daemons_limit = slot + 1;
-    }
-
-    if (one_process) {
-	signal(SIGHUP, just_die);
-	signal(SIGINT, just_die);
-	signal(SIGQUIT, SIG_DFL);
-	signal(SIGTERM, just_die);
-	child_main(slot);
-    }
-
-    /* avoid starvation */
-    head_listener = head_listener->next;
-
-    Explain1("Starting new child in slot %d", slot);
-    (void) ap_update_child_status(slot, SERVER_STARTING, (request_rec *) NULL);
-
-
-    if ((pid = fork()) == -1) {
-	ap_log_error(APLOG_MARK, APLOG_ERR, s, "fork: Unable to fork new process");
-
-	/* fork didn't succeed. Fix the scoreboard or else
-	 * it will say SERVER_STARTING forever and ever
-	 */
-	(void) ap_update_child_status(slot, SERVER_DEAD, (request_rec *) NULL);
-
-	/* In case system resources are maxxed out, we don't want
-	   Apache running away with the CPU trying to fork over and
-	   over and over again. */
-	sleep(10);
-
-	return -1;
-    }
-
-    if (!pid) {
-	RAISE_SIGSTOP(MAKE_CHILD);
-	MONCONTROL(1);
-	/* Disable the restart signal handlers and enable the just_die stuff.
-	 * Note that since restart() just notes that a restart has been
-	 * requested there's no race condition here.
-	 */
-	signal(SIGHUP, just_die);
-	signal(SIGUSR1, just_die);
-	signal(SIGTERM, just_die);
-	child_main(slot);
-    }
-
-    ap_scoreboard_image->parent[slot].last_rtime = now;
-    ap_scoreboard_image->parent[slot].pid = pid;
-    return 0;
-}
-
-
-/* start up a bunch of children */
-static void startup_children(int number_to_start)
-{
-    int i;
-    time_t now = time(NULL);
-
-    for (i = 0; number_to_start && i < ap_daemons_limit; ++i) {
-	if (ap_scoreboard_image->servers[i].status != SERVER_DEAD) {
-	    continue;
-	}
-	if (make_child(server_conf, i, now) < 0) {
-	    break;
-	}
-	--number_to_start;
-    }
-}
-
-
-/*
- * idle_spawn_rate is the number of children that will be spawned on the
- * next maintenance cycle if there aren't enough idle servers.  It is
- * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by
- * without the need to spawn.
- */
-static int idle_spawn_rate = 1;
-#ifndef MAX_SPAWN_RATE
-#define MAX_SPAWN_RATE	(32)
-#endif
-static int hold_off_on_exponential_spawning;
-
-/*
- * Define the signal that is used to kill off children if idle_count
- * is greater then ap_daemons_max_free. Usually we will use SIGUSR1
- * to gracefully shutdown, but unfortunatly some OS will need other 
- * signals to ensure that the child process is terminated and the 
- * scoreboard pool is not growing to infinity. Also set the signal we
- * use to kill of childs that exceed timeout. This effect has been
-* seen at least on Cygwin 1.x. -- Stipe Tolj 
- */
-#define SIG_IDLE_KILL SIGUSR1
-#define SIG_TIMEOUT_KILL SIGALRM
-
-static void perform_idle_server_maintenance(void)
-{
-    int i;
-    int to_kill;
-    int idle_count;
-    short_score *ss;
-    time_t now = time(NULL);
-    int free_length;
-    int free_slots[MAX_SPAWN_RATE];
-    int last_non_dead;
-    int total_non_dead;
-
-    /* initialize the free_list */
-    free_length = 0;
-
-    to_kill = -1;
-    idle_count = 0;
-    last_non_dead = -1;
-    total_non_dead = 0;
-
-    for (i = 0; i < ap_daemons_limit; ++i) {
-	int status;
-
-	if (i >= max_daemons_limit && free_length == idle_spawn_rate)
-	    break;
-	ss = &ap_scoreboard_image->servers[i];
-	status = ss->status;
-	if (status == SERVER_DEAD) {
-	    /* try to keep children numbers as low as possible */
-	    if (free_length < idle_spawn_rate) {
-		free_slots[free_length] = i;
-		++free_length;
-	    }
-	}
-	else {
-	    /* We consider a starting server as idle because we started it
-	     * at least a cycle ago, and if it still hasn't finished starting
-	     * then we're just going to swamp things worse by forking more.
-	     * So we hopefully won't need to fork more if we count it.
-	     * This depends on the ordering of SERVER_READY and SERVER_STARTING.
-	     */
-	    if (status <= SERVER_READY) {
-		++ idle_count;
-		/* always kill the highest numbered child if we have to...
-		 * no really well thought out reason ... other than observing
-		 * the server behaviour under linux where lower numbered children
-		 * tend to service more hits (and hence are more likely to have
-		 * their data in cpu caches).
-		 */
-		to_kill = i;
-	    }
-
-	    ++total_non_dead;
-	    last_non_dead = i;
-	    if (ss->timeout_len) {
-		/* if it's a live server, with a live timeout then
-		 * start checking its timeout */
-		parent_score *ps = &ap_scoreboard_image->parent[i];
-		if (ss->cur_vtime != ps->last_vtime) {
-		    /* it has made progress, so update its last_rtime,
-		     * last_vtime */
-		    ps->last_rtime = now;
-		    ps->last_vtime = ss->cur_vtime;
-		}
-		else if (ps->last_rtime + ss->timeout_len < now) {
-		    /* no progress, and the timeout length has been exceeded */
-		    ss->timeout_len = 0;
-		    safe_child_kill(ps->pid, SIG_TIMEOUT_KILL);
-		}
-	    }
-	}
-    }
-    max_daemons_limit = last_non_dead + 1;
-    if (idle_count > ap_daemons_max_free) {
-	/* kill off one child... we use SIGUSR1 because that'll cause it to
-	 * shut down gracefully, in case it happened to pick up a request
-	 * while we were counting. Use the define SIG_IDLE_KILL to reflect
-	 * which signal should be used on the specific OS.
-	 */
-	safe_child_kill(ap_scoreboard_image->parent[to_kill].pid, SIG_IDLE_KILL);
-	idle_spawn_rate = 1;
-    }
-    else if (idle_count < ap_daemons_min_free) {
-	/* terminate the free list */
-	if (free_length == 0) {
-	    /* only report this condition once */
-	    static int reported = 0;
-
-	    if (!reported) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, server_conf,
-			    "server reached MaxClients setting, consider"
-			    " raising the MaxClients setting");
-		reported = 1;
-	    }
-	    idle_spawn_rate = 1;
-	}
-	else {
-	    if (idle_spawn_rate >= 8) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, server_conf,
-		    "server seems busy, (you may need "
-		    "to increase StartServers, or Min/MaxSpareServers), "
-		    "spawning %d children, there are %d idle, and "
-		    "%d total children", idle_spawn_rate,
-		    idle_count, total_non_dead);
-	    }
-	    for (i = 0; i < free_length; ++i) {
-		make_child(server_conf, free_slots[i], now);
-	    }
-	    /* the next time around we want to spawn twice as many if this
-	     * wasn't good enough, but not if we've just done a graceful
-	     */
-	    if (hold_off_on_exponential_spawning) {
-		--hold_off_on_exponential_spawning;
-	    }
-	    else if (idle_spawn_rate < MAX_SPAWN_RATE) {
-		idle_spawn_rate *= 2;
-	    }
-	}
-    }
-    else {
-	idle_spawn_rate = 1;
-    }
-}
-
-
-static void process_child_status(int pid, ap_wait_t status)
-{
-    /* Child died... if it died due to a fatal error,
-	* we should simply bail out.
-	*/
-    if ((WIFEXITED(status)) &&
-	WEXITSTATUS(status) == APEXIT_CHILDFATAL) {
-        /* cleanup pid file -- it is useless after our exiting */
-        const char *pidfile = NULL;
-        pidfile = ap_server_root_relative (pconf, ap_pid_fname);
-        if ( pidfile != NULL && unlink(pidfile) == 0)
-            ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
-                         server_conf,
-                         "removed PID file %s (pid=%ld)",
-                         pidfile, (long)getpid());
-	ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, server_conf,
-			"Child %d returned a Fatal error... \n"
-			"Apache is exiting!",
-			pid);
-	exit(APEXIT_CHILDFATAL);
-    }
-    if (WIFSIGNALED(status)) {
-	switch (WTERMSIG(status)) {
-	case SIGTERM:
-	case SIGHUP:
-	case SIGUSR1:
-	case SIGKILL:
-	    break;
-	default:
-	    if (WCOREDUMP(status)) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
-			     server_conf,
-			     "child pid %d exit signal %s (%d), "
-			     "possible coredump in %s",
-			     pid, (WTERMSIG(status) >= NumSIG) ? "" : 
-			     SYS_SIGLIST[WTERMSIG(status)], WTERMSIG(status),
-			     ap_coredump_dir);
-	    }
-	    else {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
-			     server_conf,
-			     "child pid %d exit signal %s (%d)", pid,
-			     SYS_SIGLIST[WTERMSIG(status)], WTERMSIG(status));
-	    }
-	}
-    }
-}
-
-
-/*****************************************************************
- * Executive routines.
- */
-
-#ifndef STANDALONE_MAIN
-#define STANDALONE_MAIN standalone_main
-
-static void standalone_main(int argc, char **argv)
-{
-    int remaining_children_to_start;
-
-
-    ap_standalone = 1;
-
-    is_graceful = 0;
-
-    if (!one_process) {
-	detach();
-    }
-    else {
-	MONCONTROL(1);
-    }
-
-    my_pid = getpid();
-
-    do {
-	copy_listeners(pconf);
-	if (!is_graceful) {
-	    ap_restart_time = time(NULL);
-	}
-	ap_clear_pool(pconf);
-	ptrans = ap_make_sub_pool(pconf);
-
-	ap_init_mutex_method(ap_default_mutex_method());
-
-	server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
-	setup_listeners(pconf);
-	ap_clear_pool(plog);
-
-	/* 
-	 * we cannot reopen the logfiles once we dropped permissions, 
-	 * we cannot write the pidfile (pointless anyway), and we can't
-	 * reload & reinit the modules.
-	 */
-
-	if (!is_chrooted) {
-	    ap_open_logs(server_conf, plog);
-	    ap_log_pid(pconf, ap_pid_fname);
-	}
-	ap_set_version();	/* create our server_version string */
-	ap_init_modules(pconf, server_conf);
-	ap_init_etag(pconf);
-	version_locked++;	/* no more changes to server_version */
-
-	if(!is_graceful && !is_chrooted)
-	    if (ap_server_chroot) {
-		if (geteuid()) {
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_EMERG, 
-			server_conf, "can't run in secure mode if not "
-			"started with root privs.");
-		    exit(1);
-		}
-
-		/* initialize /dev/crypto, XXX check for -DSSL option */
-#ifdef MOD_SSL
-		OpenSSL_add_all_algorithms();
-#endif
-
-		if (initgroups(ap_user_name, ap_group_id)) {
-		    ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-			"initgroups: unable to set groups for User %s "
-			"and Group %u", ap_user_name, (unsigned)ap_group_id);
-		    exit(1);
-		}
-
-		if (chroot(ap_server_root) < 0) {
-		    ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
-			"unable to chroot into %s!", ap_server_root);
-		    exit(1);
-		}
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, 
-		    server_conf, "chrooted in %s", ap_server_root);
-		chdir("/");
-		is_chrooted = 1;
-		setproctitle("parent [chroot %s]", ap_server_root);
-
-		if (setresgid(ap_group_id, ap_group_id, ap_group_id) != 0 ||
-		    setresuid(ap_user_id, ap_user_id, ap_user_id) != 0) {
-			ap_log_error(APLOG_MARK, APLOG_CRIT, server_conf,
-			    "can't drop privileges!");
-			exit(1);
-		} else
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
-			server_conf, "changed to uid %u, gid %u",
-			ap_user_id, ap_group_id);
-		} else
-		    setproctitle("parent");
-
-
-	SAFE_ACCEPT(accept_mutex_init(pconf));
-	if (!is_graceful) {
-	    reinit_scoreboard(pconf);
-	}
-	set_signals();
-
-	if (ap_daemons_max_free < ap_daemons_min_free + 1)	/* Don't thrash... */
-	    ap_daemons_max_free = ap_daemons_min_free + 1;
-
-	/* If we're doing a graceful_restart then we're going to see a lot
-	 * of children exiting immediately when we get into the main loop
-	 * below (because we just sent them SIGUSR1).  This happens pretty
-	 * rapidly... and for each one that exits we'll start a new one until
-	 * we reach at least daemons_min_free.  But we may be permitted to
-	 * start more than that, so we'll just keep track of how many we're
-	 * supposed to start up without the 1 second penalty between each fork.
-	 */
-	remaining_children_to_start = ap_daemons_to_start;
-	if (remaining_children_to_start > ap_daemons_limit) {
-	    remaining_children_to_start = ap_daemons_limit;
-	}
-	if (!is_graceful) {
-	    startup_children(remaining_children_to_start);
-	    remaining_children_to_start = 0;
-	}
-	else {
-	    /* give the system some time to recover before kicking into
-	     * exponential mode */
-	    hold_off_on_exponential_spawning = 10;
-	}
-
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-		    "%s configured -- resuming normal operations",
-		    ap_get_server_version());
-	if (ap_suexec_enabled) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-		         "suEXEC mechanism enabled (wrapper: %s)", SUEXEC_BIN);
-	}
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-		    "Accept mutex: %s (Default: %s)",
-		     amutex->name, ap_default_mutex_method());
-	restart_pending = shutdown_pending = 0;
-
-	while (!restart_pending && !shutdown_pending) {
-	    int child_slot;
-	    ap_wait_t status;
-	    int pid = wait_or_timeout(&status);
-
-	    /* XXX: if it takes longer than 1 second for all our children
-	     * to start up and get into IDLE state then we may spawn an
-	     * extra child
-	     */
-	    if (pid >= 0) {
-		process_child_status(pid, status);
-		/* non-fatal death... note that it's gone in the scoreboard. */
-		child_slot = find_child_by_pid(pid);
-		Explain2("Reaping child %d slot %d", pid, child_slot);
-		if (child_slot >= 0) {
-		    (void) ap_update_child_status(child_slot, SERVER_DEAD,
-					       (request_rec *) NULL);
-		    if (remaining_children_to_start
-			&& child_slot < ap_daemons_limit) {
-			/* we're still doing a 1-for-1 replacement of dead
-			 * children with new children
-			 */
-			make_child(server_conf, child_slot, time(NULL));
-			--remaining_children_to_start;
-		    }
-		}
-		else if (reap_other_child(pid, status) == 0) {
-		    /* handled */
-		}
-		else if (is_graceful) {
-		    /* Great, we've probably just lost a slot in the
-		     * scoreboard.  Somehow we don't know about this
-		     * child.
-		     */
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, server_conf,
-				"long lost child came home! (pid %d)", pid);
-		}
-		/* Don't perform idle maintenance when a child dies,
-		 * only do it when there's a timeout.  Remember only a
-		 * finite number of children can die, and it's pretty
-		 * pathological for a lot to die suddenly.
-		 */
-		continue;
-	    }
-	    else if (remaining_children_to_start) {
-		/* we hit a 1 second timeout in which none of the previous
-		 * generation of children needed to be reaped... so assume
-		 * they're all done, and pick up the slack if any is left.
-		 */
-		startup_children(remaining_children_to_start);
-		remaining_children_to_start = 0;
-		/* In any event we really shouldn't do the code below because
-		 * few of the servers we just started are in the IDLE state
-		 * yet, so we'd mistakenly create an extra server.
-		 */
-		continue;
-	    }
-
-	    perform_idle_server_maintenance();
-	}
-
-	if (shutdown_pending) {
-	    /* Time to gracefully shut down:
-	     * Kill child processes, tell them to call child_exit, etc...
-	     */
-	    if (ap_killpg(pgrp, SIGTERM) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGTERM");
-	    }
-	    reclaim_child_processes(1);		/* Start with SIGTERM */
-
-	    /* cleanup pid file on normal shutdown */
-	    {
-		char *pidfile = NULL;
-		pidfile = ap_server_root_relative (pconf, ap_pid_fname);
-		ap_server_strip_chroot(pidfile, 0);
-		if ( pidfile != NULL && unlink(pidfile) == 0)
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO,
-				 server_conf,
-				 "removed PID file %s (pid=%u)",
-				 pidfile, getpid());
-	    }
-
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-			"caught SIGTERM, shutting down");
-	    clean_parent_exit(0);
-	}
-
-	/* we've been told to restart */
-	signal(SIGHUP, SIG_IGN);
-	signal(SIGUSR1, SIG_IGN);
-
-	if (one_process) {
-	    /* not worth thinking about */
-	    clean_parent_exit(0);
-	}
-
-	/* advance to the next generation */
-	/* XXX: we really need to make sure this new generation number isn't in
-	 * use by any of the children.
-	 */
-	++ap_my_generation;
-	ap_scoreboard_image->global.running_generation = ap_my_generation;
-
-	if (is_graceful) {
-	    int i;
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-			"SIGUSR1 received.  Doing graceful restart");
-
-	    /* kill off the idle ones */
-	    if (ap_killpg(pgrp, SIGUSR1) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGUSR1");
-	    }
-	    /* This is mostly for debugging... so that we know what is still
-	     * gracefully dealing with existing request.  But we can't really
-	     * do it if we're in a SCOREBOARD_FILE because it'll cause
-	     * corruption too easily.
-	     */
-	    for (i = 0; i < ap_daemons_limit; ++i) {
-		if (ap_scoreboard_image->servers[i].status != SERVER_DEAD) {
-		    ap_scoreboard_image->servers[i].status = SERVER_GRACEFUL;
-		}
-	    }
-	}
-	else {
-	    /* Kill 'em off */
-	    if (ap_killpg(pgrp, SIGHUP) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, server_conf, "killpg SIGHUP");
-	    }
-	    reclaim_child_processes(0);		/* Not when just starting up */
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, server_conf,
-			"SIGHUP received.  Attempting to restart");
-	}
-    } while (restart_pending);
-
-    /*add_common_vars(NULL);*/
-}				/* standalone_main */
-#else
-/* prototype */
-void STANDALONE_MAIN(int argc, char **argv);
-#endif /* STANDALONE_MAIN */
-
-extern char *optarg;
-extern int optind;
-
-int REALMAIN(int argc, char *argv[])
-{
-    int c;
-    int sock_in;
-    int sock_out;
-    char *s;
-    
-    MONCONTROL(0);
-
-    common_init();
-    
-    if ((s = strrchr(argv[0], PATHSEPARATOR)) != NULL) {
-	ap_server_argv0 = ++s;
-    }
-    else {
-	ap_server_argv0 = argv[0];
-    }
-    
-    ap_cpystrn(ap_server_root, HTTPD_ROOT, sizeof(ap_server_root));
-    ap_cpystrn(ap_server_confname, SERVER_CONFIG_FILE, sizeof(ap_server_confname));
-
-    ap_setup_prelinked_modules();
-
-    while ((c = getopt(argc, argv,
-				    "D:C:c:xXd:Ff:vVlLR:StThUu46"
-#ifdef DEBUG_SIGSTOP
-				    "Z:"
-#endif
-			)) != -1) {
-	char **new;
-	switch (c) {
-	case 'c':
-	    new = (char **)ap_push_array(ap_server_post_read_config);
-	    *new = ap_pstrdup(pcommands, optarg);
-	    break;
-	case 'C':
-	    new = (char **)ap_push_array(ap_server_pre_read_config);
-	    *new = ap_pstrdup(pcommands, optarg);
-	    break;
-	case 'D':
-	    new = (char **)ap_push_array(ap_server_config_defines);
-	    *new = ap_pstrdup(pcommands, optarg);
-	    break;
-	case 'd':
-	    ap_cpystrn(ap_server_root, optarg, sizeof(ap_server_root));
-	    break;
-	case 'F':
-	    do_detach = 0;
-	    break;
-	case 'f':
-	    ap_cpystrn(ap_server_confname, optarg, sizeof(ap_server_confname));
-	    break;
-	case 'v':
-	    ap_server_tokens = SrvTk_FULL;
-	    ap_set_version();
-	    printf("Server version: %s\n", ap_get_server_version());
-	    exit(0);
-	case 'V':
-	    ap_server_tokens = SrvTk_FULL;
-	    ap_set_version();
-	    show_compile_settings();
-	    exit(0);
-	case 'l':
-	    ap_suexec_enabled = init_suexec();
-	    ap_show_modules();
-	    exit(0);
-	case 'L':
-	    ap_show_directives();
-	    exit(0);
-	case 'X':
-	    ++one_process;	/* Weird debugging mode. */
-	    break;
-#ifdef DEBUG_SIGSTOP
-	case 'Z':
-	    raise_sigstop_flags = atoi(optarg);
-	    break;
-#endif
-	case 'S':
-	    ap_dump_settings = 1;
-	    break;
-	case 't':
-	    ap_configtestonly = 1;
-	    ap_docrootcheck = 1;
-	    break;
-	case 'T':
-	    ap_configtestonly = 1;
-	    ap_docrootcheck = 0;
-	    break;
-	case 'h':
-	    usage(argv[0]);
-	    break;
-	case '4':
-	    ap_default_family = PF_INET;
-	    break;
-	case '6':
-	    ap_default_family = PF_INET6;
-	    break;
-	case 'u':
-	    ap_server_chroot = 0;
-	    break;
-	case 'U':
-	    ap_default_family = PF_UNSPEC;
-	    break;
-	case '?':
-	    usage(argv[0]);
-	}
-    }
-    ap_init_alloc_shared(TRUE);
-
-    ap_suexec_enabled = init_suexec();
-    server_conf = ap_read_config(pconf, ptrans, ap_server_confname);
-
-    ap_init_alloc_shared(FALSE);
-
-    if (ap_configtestonly) {
-        fprintf(stderr, "Syntax OK\n");
-        clean_parent_exit(0);
-    }
-    if (ap_dump_settings) {
-        clean_parent_exit(0);
-    }
-
-    child_timeouts = !ap_standalone || one_process;
-
-
-    if (ap_standalone) {
-	ap_open_logs(server_conf, plog);
-	ap_set_version();
-	ap_init_modules(pconf, server_conf);
-	version_locked++;
-	STANDALONE_MAIN(argc, argv);
-    }
-    else {
-	conn_rec *conn;
-	request_rec *r;
-	BUFF *cio;
-	struct sockaddr_storage sa_server, sa_client;
-	NET_SIZE_T l;
-	char servbuf[NI_MAXSERV];
-
-	ap_set_version();
-	/* Yes this is called twice. */
-	ap_init_modules(pconf, server_conf);
-	version_locked++;
-	ap_open_logs(server_conf, plog);
-	ap_init_modules(pconf, server_conf);
-	set_group_privs();
-
-    /* 
-     * Only try to switch if we're running as root
-     * In case of Cygwin we have the special super-user named SYSTEM
-     * with a pre-defined uid.
-     */
-	if (!geteuid() && setuid(ap_user_id) == -1) {
-	    ap_log_error(APLOG_MARK, APLOG_ALERT, server_conf,
-			"setuid: unable to change to uid: %u",
-			ap_user_id);
-	    exit(1);
-	}
-	if (ap_setjmp(jmpbuffer)) {
-	    exit(0);
-	}
-
-    sock_in = fileno(stdin);
-    sock_out = fileno(stdout);
-
-	l = sizeof(sa_client);
-	if ((getpeername(sock_in, (struct sockaddr *)&sa_client, &l)) < 0) {
-/* get peername will fail if the input isn't a socket */
-	    perror("getpeername");
-	    memset(&sa_client, '\0', sizeof(sa_client));
-	}
-
-	l = sizeof(sa_server);
-	if (getsockname(sock_in, (struct sockaddr *)&sa_server, &l) < 0) {
-	    perror("getsockname");
-	    fprintf(stderr, "Error getting local address\n");
-	    exit(1);
-	}
-	if (getnameinfo(((struct sockaddr *)&sa_server), l,
-			NULL, 0, servbuf, sizeof(servbuf), 
-			NI_NUMERICSERV)){
-	    fprintf(stderr, "getnameinfo(): family=%d\n", sa_server.ss_family);
-	    exit(1);
-	}
-	servbuf[sizeof(servbuf)-1] = '\0';
-	server_conf->port = atoi(servbuf);
-	cio = ap_bcreate(ptrans, B_RDWR | B_SOCKET);
-        cio->fd = sock_out;
-        cio->fd_in = sock_in;
-	conn = new_connection(ptrans, server_conf, cio,
-			          (struct sockaddr *)&sa_client,
-			          (struct sockaddr *)&sa_server, -1);
-
-	while ((r = ap_read_request(conn)) != NULL) {
-
-	    if (r->status == HTTP_OK)
-		ap_process_request(r);
-
-	    if (!conn->keepalive || conn->aborted)
-		break;
-
-	    ap_destroy_pool(r->pool);
-	}
-
-	ap_call_close_connection_hook(conn);
-
-	ap_bclose(cio);
-    }
-    exit(0);
-}
-
-#include "httpd.h"
-/*
- * Force ap_validate_password() into the image so that modules like
- * mod_auth can use it even if they're dynamically loaded.
- */
-void suck_in_ap_validate_password(void);
-void suck_in_ap_validate_password(void)
-{
-    ap_validate_password("a", "b");
-}
-
-/* force Expat to be linked into the server executable */
-#if defined(USE_EXPAT)
-#include "xmlparse.h"
-const XML_LChar *suck_in_expat(void);
-const XML_LChar *suck_in_expat(void)
-{
-    return XML_ErrorString(XML_ERROR_NONE);
-}
-#endif /* USE_EXPAT */
-
-API_EXPORT(void) ap_server_strip_chroot(char *src, int force)
-{
-    char buf[MAX_STRING_LEN];
-
-    if(src != NULL && ap_server_chroot && (is_chrooted || force)) {
-	if (strncmp(ap_server_root, src, strlen(ap_server_root)) == 0) {
-	    strlcpy(buf, src+strlen(ap_server_root), MAX_STRING_LEN);
-	    strlcpy(src, buf, strlen(src));
-	} 
-    }
-}
-
-API_EXPORT(int) ap_server_is_chrooted()
-{
-    return(is_chrooted);
-}
-
-API_EXPORT(int) ap_server_chroot_desired()
-{
-    return(ap_server_chroot);
-}
diff --git a/usr.sbin/httpd/src/main/http_protocol.c b/usr.sbin/httpd/src/main/http_protocol.c
deleted file mode 100644
index f2a91318257..00000000000
--- a/usr.sbin/httpd/src/main/http_protocol.c
+++ /dev/null
@@ -1,3182 +0,0 @@
-/*	$OpenBSD: http_protocol.c,v 1.39 2013/08/22 04:43:41 guenther Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_protocol.c --- routines which directly communicate with the client.
- *
- * Code originally by Rob McCool; much redone by Robert S. Thau
- * and the Apache Group.
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_main.h"
-#include "http_request.h"
-#include "http_vhost.h"
-#include "http_log.h"           /* For errors detected in basic auth common
-                                 * support code... */
-#include "util_date.h"          /* For parseHTTPdate and BAD_DATE */
-#include 
-#include "http_conf_globals.h"
-#include "util_md5.h"           /* For digestAuth */
-#include "ap_sha1.h"
-
-#define SET_BYTES_SENT(r) \
-  do { if (r->sent_bodyct) \
-          ap_bgetopt (r->connection->client, BO_BYTECT, &r->bytes_sent); \
-  } while (0)
-
-/*
- * Builds the content-type that should be sent to the client from the
- * content-type specified.  The following rules are followed:
- *    - if type is NULL, type is set to ap_default_type(r)
- *    - if charset adding is disabled, stop processing and return type.
- *    - then, if there are no parameters on type, add the default charset
- *    - return type
- */
-static const char *make_content_type(request_rec *r, const char *type) {
-    char *needcset[] = {
-	"text/plain",
-	"text/html",
-	NULL };
-    char **pcset;
-    core_dir_config *conf;
-
-    conf = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                   &core_module);
-    if (!type) {
-        type = ap_default_type(r);
-    }
-    if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) {
-        return type;
-    }
-
-    if (ap_strcasestr(type, "charset=") != NULL) {
-	/* already has parameter, do nothing */
-	/* XXX we don't check the validity */
-	;
-    }
-    else {
-    	/* see if it makes sense to add the charset. At present,
-	 * we only add it if the Content-type is one of needcset[]
-	 */
-	for (pcset = needcset; *pcset ; pcset++) {
-	    if (ap_strcasestr(type, *pcset) != NULL) {
-		type = ap_pstrcat(r->pool, type, "; charset=", 
-                                  conf->add_default_charset_name, NULL);
-		break;
-	    }
-        }
-    }
-    return type;
-}
-
-enum byterange_token {
-    BYTERANGE_OK,
-    BYTERANGE_EMPTY,
-    BYTERANGE_BADSYNTAX,
-    BYTERANGE_UNSATISFIABLE
-};
-
-static enum byterange_token
-    parse_byterange(request_rec *r, off_t *start, off_t *end)
-{
-    const char *estr;
-    /* parsing first, semantics later */
-
-    while (ap_isspace(*r->range))
-        ++r->range;
-
-    /* check for an empty range, which is OK */
-    if (*r->range == '\0') {
-	return BYTERANGE_EMPTY;
-    }
-    else if (*r->range == ',') {
-	++r->range;
-	return BYTERANGE_EMPTY;
-    }
-
-    if (ap_isdigit(*r->range))
-        *start = strtoll(r->range, (char **)&r->range, 10);
-    else
-        *start = -1;
-
-    while (ap_isspace(*r->range))
-        ++r->range;
-
-    if (*r->range != '-')
-	return BYTERANGE_BADSYNTAX;
-    ++r->range;
-
-    while (ap_isspace(*r->range))
-        ++r->range;
-
-    if (ap_isdigit(*r->range))
-        *end = strtoll(r->range, (char **)&r->range, 10);
-    else
-        *end = -1;
-
-    while (ap_isspace(*r->range))
-        ++r->range;
-
-    /* check the end of the range */
-    if (*r->range == ',') {
-	++r->range;
-    }
-    else if (*r->range != '\0') {
-	return BYTERANGE_BADSYNTAX;
-    }
-
-    /* parsing done; now check the numbers */
-
-    if (*start < 0) { /* suffix-byte-range-spec */
-	if (*end < 0) /* no numbers */
-	    return BYTERANGE_BADSYNTAX;
-	*start = r->clength - *end;
-	if (*start < 0)
-	    *start = 0;
-	*end = r->clength - 1;
-    }
-    else {
-	if (*end >= 0 && *start > *end) /* out-of-order range */
-	    return BYTERANGE_BADSYNTAX;
-	if (*end < 0 || *end >= r->clength)
-	    *end = r->clength - 1;
-    }
-    /* RFC 2616 is somewhat unclear about what we should do if the end
-     * is missing and the start is after the clength. The robustness
-     * principle says we should accept it as an unsatisfiable range.
-     * We accept suffix-byte-range-specs like -0 for the same reason.
-     */
-    if (*start >= r->clength)
-	return BYTERANGE_UNSATISFIABLE;
-
-    return BYTERANGE_OK;
-}
-
-/* If this function is called with output=1, it will spit out the
- * correct headers for a byterange chunk. If output=0 it will not
- * output anything but just return the number of bytes it would have
- * output. If start or end are less than 0 then it will do a byterange
- * chunk trailer instead of a header.
- */
-static int byterange_boundary(request_rec *r, off_t start , off_t end, int output)
-{
-    int length = 0;
-
-    if (start < 0 || end < 0) {
-	if (output)
-	    ap_rvputs(r, CRLF "--", r->boundary, "--" CRLF, NULL);
-	else
-	    length = 4 + strlen(r->boundary) + 4;
-    }
-    else {
-	const char *ct = make_content_type(r, r->content_type);
-	char ts[MAX_STRING_LEN];
-
-	ap_snprintf(ts, sizeof(ts), "%qd-%qd/%qd", start, end, r->clength);
-	if (output)
-	    ap_rvputs(r, CRLF "--", r->boundary, CRLF "Content-type: ",
-		      ct, CRLF "Content-range: bytes ", ts, CRLF CRLF,
-		      NULL);
-	else
-	    length = 4 + strlen(r->boundary) + 16
-		+ strlen(ct) + 23 + strlen(ts) + 4;
-    }
-
-    return length;
-}
-
-API_EXPORT(int) ap_set_byterange(request_rec *r)
-{
-    const char *range, *if_range, *match;
-    char *bbuf, *b;
-    u_int32_t rbuf[12]; /* 48 bytes yields 64 base64 chars */
-    off_t length, start, end, one_start = 0, one_end = 0;
-    size_t u;
-    int ranges, empty;
-    
-    if (!r->clength || r->assbackwards)
-        return 0;
-
-    /* Check for Range request-header (HTTP/1.1) or Request-Range for
-     * backwards-compatibility with second-draft Luotonen/Franks
-     * byte-ranges (e.g. Netscape Navigator 2-3).
-     *
-     * We support this form, with Request-Range, and (farther down) we
-     * send multipart/x-byteranges instead of multipart/byteranges for
-     * Request-Range based requests to work around a bug in Netscape
-     * Navigator 2-3 and MSIE 3.
-     */
-
-    if (!(range = ap_table_get(r->headers_in, "Range")))
-        range = ap_table_get(r->headers_in, "Request-Range");
-
-    if (!range || strncasecmp(range, "bytes=", 6)) {
-        return 0;
-    }
-    range += 6;
-
-    /* Check the If-Range header for Etag or Date.
-     * Note that this check will return false (as required) if either
-     * of the two etags are weak.
-     */
-    if ((if_range = ap_table_get(r->headers_in, "If-Range"))) {
-        if (if_range[0] == '"') {
-            if (!(match = ap_table_get(r->headers_out, "Etag")) ||
-                (strcmp(if_range, match) != 0))
-                return 0;
-        }
-        else if (!(match = ap_table_get(r->headers_out, "Last-Modified")) ||
-                 (strcmp(if_range, match) != 0))
-            return 0;
-    }
-
-    /*
-     * Parse the byteranges, counting how many of them there are and
-     * the total number of bytes we will send to the client. This is a
-     * dummy run for the while(ap_each_byterange()) loop that the
-     * caller will perform if we return 1.
-     */
-    r->range = range;
-    for (u = 0; u < sizeof(rbuf)/sizeof(rbuf[0]); u++)
-        rbuf[u] = htonl(arc4random());
-
-    bbuf = ap_palloc(r->pool, ap_base64encode_len(sizeof(rbuf)));
-    ap_base64encode(bbuf, (const unsigned char *)rbuf, sizeof(rbuf));
-    for (b = bbuf; *b != '\0'; b++) {
-        if (((b - bbuf) + 1) % 7 == 0)
-            *b = '-';
-        else if (!isalnum(*b))
-            *b = 'a';
-    }
-
-    r->boundary = bbuf;
-
-    length = 0;
-    ranges = 0;
-    empty = 1;
-    do {
-	switch (parse_byterange(r, &start, &end)) {
-	case BYTERANGE_UNSATISFIABLE:
-	    empty = 0;
-	    break;
-	default:
-	    /* be more defensive here? */
-	case BYTERANGE_BADSYNTAX:
-	    r->boundary = NULL;
-	    r->range = NULL;
-	    return 0;
-	case BYTERANGE_EMPTY:
-	    break;
-	case BYTERANGE_OK:
-	    ++ranges;
-	    length += byterange_boundary(r, start, end, 0)
-		+ end - start + 1;
-	    /* save in case of unsatisfiable ranges */
-	    one_start = start;
-	    one_end = end;
-	    break;
-	}
-    } while (*r->range != '\0');
-
-    if (ranges == 0) {
-	/* no ranges or only unsatisfiable ranges */
-	if (empty || if_range) {
-	    r->boundary = NULL;
-	    r->range = NULL;
-	    return 0;
-	}
-	else {
-	    ap_table_setn(r->headers_out, "Content-Range",
-		ap_psprintf(r->pool, "bytes */%qd", r->clength));
-	    ap_set_content_length(r, 0);			  
-	    r->boundary = NULL;
-	    r->range = range;
-	    r->header_only = 1;
-	    r->status = HTTP_RANGE_NOT_SATISFIABLE;
-	    return 1;
-	}
-    }
-    else if (ranges == 1) {
-	/* simple handling of a single range -- no boundaries */
-        ap_table_setn(r->headers_out, "Content-Range",
-	    ap_psprintf(r->pool, "bytes %qd-%qd/%qd",
-		one_start, one_end, r->clength));
-	ap_table_setn(r->headers_out, "Content-Length",
-	    ap_psprintf(r->pool, "%qd", one_end - one_start + 1LL));
-	r->boundary = NULL;
-	r->byterange = 1;
-	r->range = range;
-	r->status = PARTIAL_CONTENT;
-	return 1;
-    }
-    else {
-	/* multiple ranges */
-	length += byterange_boundary(r, -1, -1, 0);
-	ap_table_setn(r->headers_out, "Content-Length",
-	    ap_psprintf(r->pool, "%qd", length));
-	r->byterange = 2;
-	r->range = range;
-	r->status = PARTIAL_CONTENT;
-	return 1;
-    }
-}
-
-API_EXPORT(int) ap_each_byterange(request_rec *r, off_t *offset, off_t *length)
-{
-    off_t start, end;
-
-    do {
-	if (parse_byterange(r, &start, &end) == BYTERANGE_OK) {
-	    if (r->byterange > 1)
-		byterange_boundary(r, start, end, 1);
-	    *offset = start;
-	    *length = end - start + 1;
-	    return 1;
-	}
-    } while (*r->range != '\0');
-    if (r->byterange > 1)
-	byterange_boundary(r, -1, -1, 1);
-    return 0;
-}
-
-API_EXPORT(int) ap_set_content_length(request_rec *r, off_t clength)
-{
-    r->clength = clength;
-    ap_table_setn(r->headers_out, "Content-Length", ap_psprintf(r->pool, "%qd", clength));
-    return 0;
-}
-
-API_EXPORT(int) ap_set_keepalive(request_rec *r)
-{
-    int ka_sent = 0;
-    int wimpy = ap_find_token(r->pool,
-                           ap_table_get(r->headers_out, "Connection"), "close");
-    const char *conn = ap_table_get(r->headers_in, "Connection");
-
-    /* The following convoluted conditional determines whether or not
-     * the current connection should remain persistent after this response
-     * (a.k.a. HTTP Keep-Alive) and whether or not the output message
-     * body should use the HTTP/1.1 chunked transfer-coding.  In English,
-     *
-     *   IF  we have not marked this connection as errored;
-     *   and the response body has a defined length due to the status code
-     *       being 304 or 204, the request method being HEAD, already
-     *       having defined Content-Length or Transfer-Encoding: chunked, or
-     *       the request version being HTTP/1.1 and thus capable of being set
-     *       as chunked [we know the (r->chunked = 1) side-effect is ugly];
-     *   and the server configuration enables keep-alive;
-     *   and the server configuration has a reasonable inter-request timeout;
-     *   and there is no maximum # requests or the max hasn't been reached;
-     *   and the response status does not require a close;
-     *   and the response generator has not already indicated close;
-     *   and the client did not request non-persistence (Connection: close);
-     *   and    we haven't been configured to ignore the buggy twit
-     *       or they're a buggy twit coming through a HTTP/1.1 proxy
-     *   and    the client is requesting an HTTP/1.0-style keep-alive
-     *       or the client claims to be HTTP/1.1 compliant (perhaps a proxy);
-     *   THEN we can be persistent, which requires more headers be output.
-     *
-     * Note that the condition evaluation order is extremely important.
-     */
-    if ((r->connection->keepalive != -1) &&
-        ((r->status == HTTP_NOT_MODIFIED) ||
-         (r->status == HTTP_NO_CONTENT) ||
-         r->header_only ||
-         ap_table_get(r->headers_out, "Content-Length") ||
-         ap_find_last_token(r->pool,
-                         ap_table_get(r->headers_out, "Transfer-Encoding"),
-                         "chunked") ||
-         ((r->proto_num >= HTTP_VERSION(1,1)) &&
-	  (r->chunked = 1))) && /* THIS CODE IS CORRECT, see comment above. */
-        r->server->keep_alive &&
-        (r->server->keep_alive_timeout > 0) &&
-        ((r->server->keep_alive_max == 0) ||
-         (r->server->keep_alive_max > r->connection->keepalives)) &&
-        !ap_status_drops_connection(r->status) &&
-        !wimpy &&
-        !ap_find_token(r->pool, conn, "close") &&
-        (!ap_table_get(r->subprocess_env, "nokeepalive") ||
-         ap_table_get(r->headers_in, "Via")) &&
-        ((ka_sent = ap_find_token(r->pool, conn, "keep-alive")) ||
-         (r->proto_num >= HTTP_VERSION(1,1)))
-       ) {
-        int left = r->server->keep_alive_max - r->connection->keepalives;
-
-        r->connection->keepalive = 1;
-        r->connection->keepalives++;
-
-        /* If they sent a Keep-Alive token, send one back */
-        if (ka_sent) {
-            if (r->server->keep_alive_max)
-		ap_table_setn(r->headers_out, "Keep-Alive",
-		    ap_psprintf(r->pool, "timeout=%d, max=%d",
-                            r->server->keep_alive_timeout, left));
-            else
-		ap_table_setn(r->headers_out, "Keep-Alive",
-		    ap_psprintf(r->pool, "timeout=%d",
-                            r->server->keep_alive_timeout));
-            ap_table_mergen(r->headers_out, "Connection", "Keep-Alive");
-        }
-
-        return 1;
-    }
-
-    /* Otherwise, we need to indicate that we will be closing this
-     * connection immediately after the current response.
-     *
-     * We only really need to send "close" to HTTP/1.1 clients, but we
-     * always send it anyway, because a broken proxy may identify itself
-     * as HTTP/1.0, but pass our request along with our HTTP/1.1 tag
-     * to a HTTP/1.1 client. Better safe than sorry.
-     */
-    if (!wimpy)
-	ap_table_mergen(r->headers_out, "Connection", "close");
-
-    r->connection->keepalive = 0;
-
-    return 0;
-}
-
-/*
- * Return the latest rational time from a request/mtime (modification time)
- * pair.  We return the mtime unless it's in the future, in which case we
- * return the current time.  We use the request time as a reference in order
- * to limit the number of calls to time().  We don't check for futurosity
- * unless the mtime is at least as new as the reference.
- */
-API_EXPORT(time_t) ap_rationalize_mtime(request_rec *r, time_t mtime)
-{
-    time_t now;
-
-    /* For all static responses, it's almost certain that the file was
-     * last modified before the beginning of the request.  So there's
-     * no reason to call time(NULL) again.  But if the response has been
-     * created on demand, then it might be newer than the time the request
-     * started.  In this event we really have to call time(NULL) again
-     * so that we can give the clients the most accurate Last-Modified.  If we
-     * were given a time in the future, we return the current time - the
-     * Last-Modified can't be in the future.
-     */
-    now = (mtime < r->request_time) ? r->request_time : time(NULL);
-    return (mtime > now) ? now : mtime;
-}
-
-API_EXPORT(int) ap_meets_conditions(request_rec *r)
-{
-    const char *etag = ap_table_get(r->headers_out, "ETag");
-    const char *if_match, *if_modified_since, *if_unmodified, *if_nonematch;
-    time_t mtime;
-
-    /* Check for conditional requests --- note that we only want to do
-     * this if we are successful so far and we are not processing a
-     * subrequest or an ErrorDocument.
-     *
-     * The order of the checks is important, since ETag checks are supposed
-     * to be more accurate than checks relative to the modification time.
-     * However, not all documents are guaranteed to *have* ETags, and some
-     * might have Last-Modified values w/o ETags, so this gets a little
-     * complicated.
-     */
-
-    if (!ap_is_HTTP_SUCCESS(r->status) || r->no_local_copy) {
-        return OK;
-    }
-
-    mtime = (r->mtime != 0) ? r->mtime : time(NULL);
-
-    /* If an If-Match request-header field was given
-     * AND the field value is not "*" (meaning match anything)
-     * AND if our strong ETag does not match any entity tag in that field,
-     *     respond with a status of 412 (Precondition Failed).
-     */
-    if ((if_match = ap_table_get(r->headers_in, "If-Match")) != NULL) {
-        if (if_match[0] != '*' &&
-            (etag == NULL || etag[0] == 'W' ||
-             !ap_find_list_item(r->pool, if_match, etag))) {
-            return HTTP_PRECONDITION_FAILED;
-        }
-    }
-    else {
-        /* Else if a valid If-Unmodified-Since request-header field was given
-         * AND the requested resource has been modified since the time
-         * specified in this field, then the server MUST
-         *     respond with a status of 412 (Precondition Failed).
-         */
-        if_unmodified = ap_table_get(r->headers_in, "If-Unmodified-Since");
-        if (if_unmodified != NULL) {
-            time_t ius = ap_parseHTTPdate(if_unmodified);
-
-            if ((ius != BAD_DATE) && (mtime > ius)) {
-                return HTTP_PRECONDITION_FAILED;
-            }
-        }
-    }
-
-    /* If an If-None-Match request-header field was given
-     * AND the field value is "*" (meaning match anything)
-     *     OR our ETag matches any of the entity tags in that field, fail.
-     *
-     * If the request method was GET or HEAD, failure means the server
-     *    SHOULD respond with a 304 (Not Modified) response.
-     * For all other request methods, failure means the server MUST
-     *    respond with a status of 412 (Precondition Failed).
-     *
-     * GET or HEAD allow weak etag comparison, all other methods require
-     * strong comparison.  We can only use weak if it's not a range request.
-     */
-    if_nonematch = ap_table_get(r->headers_in, "If-None-Match");
-    if (if_nonematch != NULL) {
-        if (r->method_number == M_GET) {
-            if (if_nonematch[0] == '*')
-                return HTTP_NOT_MODIFIED;
-            if (etag != NULL) {
-                if (ap_table_get(r->headers_in, "Range")) {
-                    if (etag[0] != 'W' &&
-                        ap_find_list_item(r->pool, if_nonematch, etag)) {
-                        return HTTP_NOT_MODIFIED;
-                    }
-                }
-                else if (strstr(if_nonematch, etag)) {
-                    return HTTP_NOT_MODIFIED;
-                }
-            }
-        }
-        else if (if_nonematch[0] == '*' ||
-                 (etag != NULL &&
-                  ap_find_list_item(r->pool, if_nonematch, etag))) {
-            return HTTP_PRECONDITION_FAILED;
-        }
-    }
-    /* Else if a valid If-Modified-Since request-header field was given
-     * AND it is a GET or HEAD request
-     * AND the requested resource has not been modified since the time
-     * specified in this field, then the server MUST
-     *    respond with a status of 304 (Not Modified).
-     * A date later than the server's current request time is invalid.
-     */
-    else if ((r->method_number == M_GET)
-             && ((if_modified_since =
-                  ap_table_get(r->headers_in, "If-Modified-Since")) != NULL)) {
-        time_t ims = ap_parseHTTPdate(if_modified_since);
-
-        if ((ims >= mtime) && (ims <= r->request_time)) {
-            return HTTP_NOT_MODIFIED;
-        }
-    }
-    return OK;
-}
-
-/*
- * Construct an entity tag (ETag) from resource information.  If it's a real
- * file, build in some of the file characteristics.  If the modification time
- * is newer than (request-time minus 1 second), mark the ETag as weak - it
- * could be modified again in as short an interval.  We rationalize the
- * modification time we're given to keep it from being in the future.
- */
-API_EXPORT(char *) ap_make_etag_orig(request_rec *r, int force_weak)
-{
-    char *etag;
-    char *weak;
-    core_dir_config *cfg;
-    etag_components_t etag_bits;
-
-    cfg = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-                                                  &core_module);
-    etag_bits = (cfg->etag_bits & (~ cfg->etag_remove)) | cfg->etag_add;
-    if (etag_bits == ETAG_UNSET) {
-        etag_bits = ETAG_BACKWARD;
-    }
-    /*
-     * Make an ETag header out of various pieces of information. We use
-     * the last-modified date and, if we have a real file, the
-     * length and inode number - note that this doesn't have to match
-     * the content-length (i.e. includes), it just has to be unique
-     * for the file.
-     *
-     * If the request was made within a second of the last-modified date,
-     * we send a weak tag instead of a strong one, since it could
-     * be modified again later in the second, and the validation
-     * would be incorrect.
-     */
-    
-    weak = ((r->request_time - r->mtime > 1) && !force_weak) ? "" : "W/";
-
-    if (r->finfo.st_mode != 0) {
-        char **ent;
-        array_header *components;
-        int i;
-
-        /*
-         * If it's a file (or we wouldn't be here) and no ETags
-         * should be set for files, return an empty string and
-         * note it for ap_send_header_field() to ignore.
-         */
-        if (etag_bits & ETAG_NONE) {
-            ap_table_setn(r->notes, "no-etag", "omit");
-            return "";
-        }
-
-        components = ap_make_array(r->pool, 4, sizeof(char *));
-        if (etag_bits & ETAG_INODE) {
-            ent = (char **) ap_push_array(components);
-            *ent = ap_psprintf(r->pool, "%qx",
-                               (unsigned long long) r->finfo.st_ino);
-        }
-        if (etag_bits & ETAG_SIZE) {
-            ent = (char **) ap_push_array(components);
-            *ent = ap_psprintf(r->pool, "%lx",
-                               (unsigned long) r->finfo.st_size);
-        }
-        if (etag_bits & ETAG_MTIME) {
-            ent = (char **) ap_push_array(components);
-            *ent = ap_psprintf(r->pool, "%lx", (unsigned long) r->mtime);
-        }
-        ent = (char **) components->elts;
-        etag = ap_pstrcat(r->pool, weak, "\"", NULL);
-        for (i = 0; i < components->nelts; ++i) {
-            etag = ap_psprintf(r->pool, "%s%s%s", etag,
-                               (i == 0 ? "" : "-"),
-                               ent[i]);
-        }
-        etag = ap_pstrcat(r->pool, etag, "\"", NULL);
-    }
-    else {
-        etag = ap_psprintf(r->pool, "%s\"%lx\"", weak,
-                    (unsigned long) r->mtime);
-    }
-
-    return etag;
-}
-
-API_EXPORT(void) ap_set_etag(request_rec *r)
-{
-    char *etag;
-    char *variant_etag, *vlv;
-    int vlv_weak;
-
-    if (!r->vlist_validator) {
-        etag = ap_make_etag(r, 0);
-
-        /* If we get a blank etag back, don't set the header. */
-        if (!etag[0]) {
-            return;
-        }
-    }
-    else {
-        /* If we have a variant list validator (vlv) due to the
-         * response being negotiated, then we create a structured
-         * entity tag which merges the variant etag with the variant
-         * list validator (vlv).  This merging makes revalidation
-         * somewhat safer, ensures that caches which can deal with
-         * Vary will (eventually) be updated if the set of variants is
-         * changed, and is also a protocol requirement for transparent
-         * content negotiation.
-         */
-
-        /* if the variant list validator is weak, we make the whole
-         * structured etag weak.  If we would not, then clients could
-         * have problems merging range responses if we have different
-         * variants with the same non-globally-unique strong etag.
-         */
-
-        vlv = r->vlist_validator;
-        vlv_weak = (vlv[0] == 'W');
-               
-        variant_etag = ap_make_etag(r, vlv_weak);
-
-        /* If we get a blank etag back, don't append vlv and stop now. */
-        if (!variant_etag[0]) {
-            return;
-        }
-
-        /* merge variant_etag and vlv into a structured etag */
-        variant_etag[strlen(variant_etag) - 1] = '\0';
-        if (vlv_weak)
-            vlv += 3;
-        else
-            vlv++;
-        etag = ap_pstrcat(r->pool, variant_etag, ";", vlv, NULL);
-    }
-
-    ap_table_setn(r->headers_out, "ETag", etag);
-}
-
-/*
- * This function sets the Last-Modified output header field to the value
- * of the mtime field in the request structure - rationalized to keep it from
- * being in the future.
- */
-API_EXPORT(void) ap_set_last_modified(request_rec *r)
-{
-    time_t mod_time = ap_rationalize_mtime(r, r->mtime);
-
-    ap_table_setn(r->headers_out, "Last-Modified",
-              ap_gm_timestr_822(r->pool, mod_time));
-}
-
-/* Get the method number associated with the given string, assumed to
- * contain an HTTP method.  Returns M_INVALID if not recognized.
- *
- * This is the first step toward placing method names in a configurable
- * list.  Hopefully it (and other routines) can eventually be moved to
- * something like a mod_http_methods.c, complete with config stuff.
- */
-API_EXPORT(int) ap_method_number_of(const char *method)
-{
-    switch (*method) {
-        case 'H':
-           if (strcmp(method, "HEAD") == 0)
-               return M_GET;   /* see header_only in request_rec */
-           break;
-        case 'G':
-           if (strcmp(method, "GET") == 0)
-               return M_GET;
-           break;
-        case 'P':
-           if (strcmp(method, "POST") == 0)
-               return M_POST;
-           if (strcmp(method, "PUT") == 0)
-               return M_PUT;
-           if (strcmp(method, "PATCH") == 0)
-               return M_PATCH;
-           if (strcmp(method, "PROPFIND") == 0)
-               return M_PROPFIND;
-           if (strcmp(method, "PROPPATCH") == 0)
-               return M_PROPPATCH;
-           break;
-        case 'D':
-           if (strcmp(method, "DELETE") == 0)
-               return M_DELETE;
-           break;
-        case 'C':
-           if (strcmp(method, "CONNECT") == 0)
-               return M_CONNECT;
-           if (strcmp(method, "COPY") == 0)
-               return M_COPY;
-           break;
-        case 'M':
-           if (strcmp(method, "MKCOL") == 0)
-               return M_MKCOL;
-           if (strcmp(method, "MOVE") == 0)
-               return M_MOVE;
-           break;
-        case 'O':
-           if (strcmp(method, "OPTIONS") == 0)
-               return M_OPTIONS;
-           break;
-        case 'L':
-           if (strcmp(method, "LOCK") == 0)
-               return M_LOCK;
-           break;
-        case 'U':
-           if (strcmp(method, "UNLOCK") == 0)
-               return M_UNLOCK;
-           break;
-    }
-    return M_INVALID;
-}
-
-/* Get a line of protocol input, including any continuation lines
- * caused by MIME folding (or broken clients) if fold != 0, and place it
- * in the buffer s, of size n bytes, without the ending newline.
- *
- * Returns -1 on error, or the length of s.
- *
- * Note: Because bgets uses 1 char for newline and 1 char for NUL,
- *       the most we can get is (n - 2) actual characters if it
- *       was ended by a newline, or (n - 1) characters if the line
- *       length exceeded (n - 1).  So, if the result == (n - 1),
- *       then the actual input line exceeded the buffer length,
- *       and it would be a good idea for the caller to puke 400 or 414.
- */
-API_EXPORT(int) ap_getline(char *s, int n, BUFF *in, int fold)
-{
-    char *pos, next;
-    int retval;
-    int total = 0;
-
-    pos = s;
-
-    do {
-        retval = ap_bgets(pos, n, in);     /* retval == -1 if error, 0 if EOF */
-
-        if (retval <= 0) {
-            total = ((retval < 0) && (total == 0)) ? -1 : total;
-            break;
-        }
-
-        /* retval is the number of characters read, not including NUL      */
-
-        n -= retval;            /* Keep track of how much of s is full     */
-        pos += (retval - 1);    /* and where s ends                        */
-        total += retval;        /* and how long s has become               */
-
-        if (*pos == '\n') {     /* Did we get a full line of input?        */
-            /*
-             * Trim any extra trailing spaces or tabs except for the first
-             * space or tab at the beginning of a blank string.  This makes
-             * it much easier to check field values for exact matches, and
-             * saves memory as well.  Terminate string at end of line.
-             */
-            while (pos > (s + 1) && (*(pos - 1) == ' ' || *(pos - 1) == '\t')) {
-                --pos;          /* trim extra trailing spaces or tabs      */
-                --total;        /* but not one at the beginning of line    */
-                ++n;
-            }
-            *pos = '\0';
-            --total;
-            ++n;
-        }
-        else
-            break;       /* if not, input line exceeded buffer size */
-
-        /* Continue appending if line folding is desired and
-         * the last line was not empty and we have room in the buffer and
-         * the next line begins with a continuation character.
-         */
-    } while (fold && (retval != 1) && (n > 1)
-                  && (ap_blookc(&next, in) == 1)
-                  && ((next == ' ') || (next == '\t')));
-
-    return total;
-}
-
-/* parse_uri: break apart the uri
- * Side Effects:
- * - sets r->args to rest after '?' (or NULL if no '?')
- * - sets r->uri to request uri (without r->args part)
- * - sets r->hostname (if not set already) from request (scheme://host:port)
- */
-CORE_EXPORT(void) ap_parse_uri(request_rec *r, const char *uri)
-{
-    int status = HTTP_OK;
-
-    r->unparsed_uri = ap_pstrdup(r->pool, uri);
-
-    if (r->method_number == M_CONNECT) {
-	status = ap_parse_hostinfo_components(r->pool, uri, &r->parsed_uri);
-    } else {
-	/* Simple syntax Errors in URLs are trapped by parse_uri_components(). */
-	status = ap_parse_uri_components(r->pool, uri, &r->parsed_uri);
-    }
-
-    if (ap_is_HTTP_SUCCESS(status)) {
-	/* if it has a scheme we may need to do absoluteURI vhost stuff */
-	if (r->parsed_uri.scheme
-	    && !strcasecmp(r->parsed_uri.scheme, ap_http_method(r))) {
-	    r->hostname = r->parsed_uri.hostname;
-	} else if (r->method_number == M_CONNECT) {
-	    r->hostname = r->parsed_uri.hostname;
-	}
-	r->args = r->parsed_uri.query;
-	r->uri = r->parsed_uri.path ? r->parsed_uri.path
-				    : ap_pstrdup(r->pool, "/");
-    }
-    else {
-	r->args = NULL;
-	r->hostname = NULL;
-	r->status = status;             /* set error status */
-	r->uri = ap_pstrdup(r->pool, uri);
-    }
-}
-
-static int read_request_line(request_rec *r)
-{
-    char l[DEFAULT_LIMIT_REQUEST_LINE + 2]; /* ap_getline's two extra for \n\0 */
-    const char *ll = l;
-    const char *uri;
-    conn_rec *conn = r->connection;
-    unsigned int major = 1, minor = 0;   /* Assume HTTP/1.0 if non-"HTTP" protocol */
-    int len = 0;
-    int valid_protocol = 1;
-
-    /* Read past empty lines until we get a real request line,
-     * a read error, the connection closes (EOF), or we timeout.
-     *
-     * We skip empty lines because browsers have to tack a CRLF on to the end
-     * of POSTs to support old CERN webservers.  But note that we may not
-     * have flushed any previous response completely to the client yet.
-     * We delay the flush as long as possible so that we can improve
-     * performance for clients that are pipelining requests.  If a request
-     * is pipelined then we won't block during the (implicit) read() below.
-     * If the requests aren't pipelined, then the client is still waiting
-     * for the final buffer flush from us, and we will block in the implicit
-     * read().  B_SAFEREAD ensures that the BUFF layer flushes if it will
-     * have to block during a read.
-     */
-    ap_bsetflag(conn->client, B_SAFEREAD, 1);
-    while ((len = ap_getline(l, sizeof(l), conn->client, 0)) <= 0) {
-        if ((len < 0) || ap_bgetflag(conn->client, B_EOF)) {
-            ap_bsetflag(conn->client, B_SAFEREAD, 0);
-	    /* this is a hack to make sure that request time is set,
-	     * it's not perfect, but it's better than nothing 
-	     */
-	    r->request_time = time(0);
-            return 0;
-        }
-    }
-    /* we've probably got something to do, ignore graceful restart requests */
-    signal(SIGUSR1, SIG_IGN);
-
-    ap_bsetflag(conn->client, B_SAFEREAD, 0);
-
-    r->request_time = time(NULL);
-    r->the_request = ap_pstrdup(r->pool, l);
-    r->method = ap_getword_white(r->pool, &ll);
-    uri = ap_getword_white(r->pool, &ll);
-
-    /* Provide quick information about the request method as soon as known */
-
-    r->method_number = ap_method_number_of(r->method);
-    if (r->method_number == M_GET && r->method[0] == 'H') {
-        r->header_only = 1;
-    }
-
-    ap_parse_uri(r, uri);
-
-    /* ap_getline returns (size of max buffer - 1) if it fills up the
-     * buffer before finding the end-of-line.  This is only going to
-     * happen if it exceeds the configured limit for a request-line.
-     */
-    if (len > r->server->limit_req_line) {
-        r->status    = HTTP_REQUEST_URI_TOO_LARGE;
-        r->proto_num = HTTP_VERSION(1,0);
-        r->protocol  = ap_pstrdup(r->pool, "HTTP/1.0");
-        return 0;
-    }
-
-    r->assbackwards = (ll[0] == '\0');
-    r->protocol = ap_pstrdup(r->pool, ll[0] ? ll : "HTTP/0.9");
-
-    /* Avoid sscanf in the common case */
-    if (strlen(r->protocol) == 8
-        && r->protocol[0] == 'H' && r->protocol[1] == 'T'
-	&& r->protocol[2] == 'T' && r->protocol[3] == 'P'
-        && r->protocol[4] == '/' && ap_isdigit(r->protocol[5])
-	&& r->protocol[6] == '.' && ap_isdigit(r->protocol[7])) {
-        r->proto_num = HTTP_VERSION(r->protocol[5] - '0', r->protocol[7] - '0');
-    }
-    else {
-        char lint[2];
-        char http[5];
-	if (3 == sscanf(r->protocol, "%4s/%u.%u%1s", http, &major, &minor, lint)
-            && (strcasecmp("http", http) == 0)
-	    && (minor < HTTP_VERSION(1,0)) ) /* don't allow HTTP/0.1000 */
-	    r->proto_num = HTTP_VERSION(major, minor);
-	else {
-	    r->proto_num = HTTP_VERSION(1,0);
-	    valid_protocol = 0;
-	}
-    }
-
-    /* Check for a valid protocol, and disallow everything but whitespace
-     * after the protocol string. A protocol string of nothing but
-     * whitespace is considered valid */
-    if (ap_protocol_req_check && !valid_protocol) {
-        int n = 0;
-	while (ap_isspace(r->protocol[n]))
-	    ++n;
-	if (r->protocol[n] != '\0') {
-	    r->status    = HTTP_BAD_REQUEST;
-	    r->proto_num = HTTP_VERSION(1,0);
-	    r->protocol  = ap_pstrdup(r->pool, "HTTP/1.0");
-	    ap_table_setn(r->notes, "error-notes",
-                     "The request line contained invalid characters "
-                     "following the protocol string.
\n");
-	    return 0;
-	}
-    }
-
-    return 1;
-}
-
-static void get_mime_headers(request_rec *r)
-{
-    char field[DEFAULT_LIMIT_REQUEST_FIELDSIZE + 2]; /* ap_getline's two extra */
-    conn_rec *c = r->connection;
-    char *value;
-    char *copy;
-    int len;
-    int fields_read = 0;
-    table *tmp_headers;
-
-    /* We'll use ap_overlap_tables later to merge these into r->headers_in. */
-    tmp_headers = ap_make_table(r->pool, 50);
-
-    /*
-     * Read header lines until we get the empty separator line, a read error,
-     * the connection closes (EOF), reach the server limit, or we timeout.
-     */
-    while ((len = ap_getline(field, sizeof(field), c->client, 1)) > 0) {
-
-        if (r->server->limit_req_fields &&
-            (++fields_read > r->server->limit_req_fields)) {
-            r->status = HTTP_BAD_REQUEST;
-            ap_table_setn(r->notes, "error-notes",
-                          "The number of request header fields exceeds "
-                          "this server's limit.
\n");
-            return;
-        }
-        /* ap_getline returns (size of max buffer - 1) if it fills up the
-         * buffer before finding the end-of-line.  This is only going to
-         * happen if it exceeds the configured limit for a field size.
-         */
-        if (len > r->server->limit_req_fieldsize) {
-            r->status = HTTP_BAD_REQUEST;
-            ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool,
-                "Size of a request header field exceeds server limit.
\n"
-                "
\n", ap_escape_html(r->pool, field), "
\n", NULL));
-            return;
-        }
-        copy = ap_palloc(r->pool, len + 1);
-        memcpy(copy, field, len + 1);
-
-        if (!(value = strchr(copy, ':'))) {     /* Find the colon separator */
-            r->status = HTTP_BAD_REQUEST;       /* or abort the bad request */
-            ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool,
-                "Request header field is missing colon separator.
\n"
-                "
\n", ap_escape_html(r->pool, copy), "
\n", NULL));
-            return;
-        }
-
-        *value = '\0';
-        ++value;
-        while (*value == ' ' || *value == '\t')
-            ++value;            /* Skip to start of value   */
-
-	ap_table_addn(tmp_headers, copy, value);
-    }
-
-    ap_overlap_tables(r->headers_in, tmp_headers, AP_OVERLAP_TABLES_MERGE);
-}
-
-API_EXPORT(request_rec *) ap_read_request(conn_rec *conn)
-{
-    request_rec *r;
-    pool *p;
-    const char *expect;
-    int access_status;
-
-    p = ap_make_sub_pool(conn->pool);
-    r = ap_pcalloc(p, sizeof(request_rec));
-    r->pool            = p;
-    r->connection      = conn;
-    conn->server       = conn->base_server;
-    r->server          = conn->server;
-
-    conn->keptalive    = conn->keepalive == 1;
-    conn->keepalive    = 0;
-
-    conn->user         = NULL;
-    conn->ap_auth_type    = NULL;
-
-    r->headers_in      = ap_make_table(r->pool, 50);
-    r->subprocess_env  = ap_make_table(r->pool, 50);
-    r->headers_out     = ap_make_table(r->pool, 12);
-    r->err_headers_out = ap_make_table(r->pool, 5);
-    r->notes           = ap_make_table(r->pool, 5);
-
-    r->request_config  = ap_create_request_config(r->pool);
-    r->per_dir_config  = r->server->lookup_defaults;
-
-    r->sent_bodyct     = 0;                      /* bytect isn't for body */
-
-    r->read_length     = 0;
-    r->read_body       = REQUEST_NO_BODY;
-
-    r->status          = HTTP_REQUEST_TIME_OUT;  /* Until we get a request */
-    r->the_request     = NULL;
-
-    r->ctx = ap_ctx_new(r->pool);
-
-    /* Get the request... */
-
-    ap_keepalive_timeout("read request line", r);
-    if (!read_request_line(r)) {
-        ap_kill_timeout(r);
-        if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
-
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                         "request failed: URI too long");
-            ap_send_error_response(r, 0);
-            ap_log_transaction(r);
-            return r;
-        }
-        else if (r->status == HTTP_BAD_REQUEST) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                         "request failed: erroneous characters after protocol string: %s",
-			 ap_escape_logitem(r->pool, r->the_request));
-            ap_send_error_response(r, 0);
-            ap_log_transaction(r);
-            return r;
-        }
-        return NULL;
-    }
-    if (!r->assbackwards) {
-        ap_hard_timeout("read request headers", r);
-        get_mime_headers(r);
-        ap_kill_timeout(r);
-        if (r->status != HTTP_REQUEST_TIME_OUT) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                         "request failed: error reading the headers");
-            ap_send_error_response(r, 0);
-            ap_log_transaction(r);
-            return r;
-        }
-    }
-    else {
-        ap_kill_timeout(r);
-
-        if (r->header_only) {
-            /*
-             * Client asked for headers only with HTTP/0.9, which doesn't send
-             * headers! Have to dink things just to make sure the error message
-             * comes through...
-             */
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                          "client sent invalid HTTP/0.9 request: HEAD %s",
-                          r->uri);
-            r->header_only = 0;
-            r->status = HTTP_BAD_REQUEST;
-            ap_send_error_response(r, 0);
-            ap_log_transaction(r);
-            return r;
-        }
-    }
-
-    r->status = HTTP_OK;                         /* Until further notice. */
-
-    /* update what we think the virtual host is based on the headers we've
-     * now read. may update status.
-     */
-    ap_update_vhost_from_headers(r);
-
-    /* we may have switched to another server */
-    r->per_dir_config = r->server->lookup_defaults;
-
-    conn->keptalive = 0;        /* We now have a request to play with */
-
-    if ((!r->hostname && (r->proto_num >= HTTP_VERSION(1,1))) ||
-        ((r->proto_num == HTTP_VERSION(1,1)) &&
-         !ap_table_get(r->headers_in, "Host"))) {
-        /*
-         * Client sent us an HTTP/1.1 or later request without telling us the
-         * hostname, either with a full URL or a Host: header. We therefore
-         * need to (as per the 1.1 spec) send an error.  As a special case,
-         * HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain
-         * a Host: header, and the server MUST respond with 400 if it doesn't.
-         */
-        r->status = HTTP_BAD_REQUEST;
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                      "client sent HTTP/1.1 request without hostname "
-                      "(see RFC2616 section 14.23): %s", r->uri);
-    }
-    if (r->status != HTTP_OK) {
-        ap_send_error_response(r, 0);
-        ap_log_transaction(r);
-        return r;
-    }
-
-    if ((access_status = ap_run_post_read_request(r))) {
-        ap_die(access_status, r);
-        ap_log_transaction(r);
-        return NULL;
-    }
-
-    if (((expect = ap_table_get(r->headers_in, "Expect")) != NULL) &&
-        (expect[0] != '\0')) {
-        /*
-         * The Expect header field was added to HTTP/1.1 after RFC 2068
-         * as a means to signal when a 100 response is desired and,
-         * unfortunately, to signal a poor man's mandatory extension that
-         * the server must understand or return 417 Expectation Failed.
-         */
-        if (strcasecmp(expect, "100-continue") == 0) {
-            r->expecting_100 = 1;
-        }
-        else {
-            r->status = HTTP_EXPECTATION_FAILED;
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-                          "client sent an unrecognized expectation value of "
-                          "Expect: %s", expect);
-            ap_send_error_response(r, 0);
-            (void) ap_discard_request_body(r);
-            ap_log_transaction(r);
-            return r;
-        }
-    }
-
-    return r;
-}
-
-/*
- * A couple of other functions which initialize some of the fields of
- * a request structure, as appropriate for adjuncts of one kind or another
- * to a request in progress.  Best here, rather than elsewhere, since
- * *someone* has to set the protocol-specific fields...
- */
-
-API_EXPORT(void) ap_set_sub_req_protocol(request_rec *rnew, const request_rec *r)
-{
-    rnew->the_request     = r->the_request;  /* Keep original request-line */
-
-    rnew->assbackwards    = 1;   /* Don't send headers from this. */
-    rnew->no_local_copy   = 1;   /* Don't try to send USE_LOCAL_COPY for a
-                                  * fragment. */
-    rnew->method          = "GET";
-    rnew->method_number   = M_GET;
-    rnew->protocol        = "INCLUDED";
-
-    rnew->status          = HTTP_OK;
-
-    rnew->headers_in      = r->headers_in;
-    rnew->subprocess_env  = ap_copy_table(rnew->pool, r->subprocess_env);
-    rnew->headers_out     = ap_make_table(rnew->pool, 5);
-    rnew->err_headers_out = ap_make_table(rnew->pool, 5);
-    rnew->notes           = ap_make_table(rnew->pool, 5);
-
-    rnew->expecting_100   = r->expecting_100;
-    rnew->read_length     = r->read_length;
-    rnew->read_body       = REQUEST_NO_BODY;
-
-    rnew->main = (request_rec *) r;
-
-    rnew->ctx = r->ctx;
-
-}
-
-API_EXPORT(void) ap_finalize_sub_req_protocol(request_rec *sub)
-{
-    SET_BYTES_SENT(sub->main);
-}
-
-/*
- * Support for the Basic authentication protocol, and a bit for Digest.
- */
-
-API_EXPORT(void) ap_note_auth_failure(request_rec *r)
-{
-    if (!strcasecmp(ap_auth_type(r), "Basic"))
-        ap_note_basic_auth_failure(r);
-    else if (!strcasecmp(ap_auth_type(r), "Digest"))
-        ap_note_digest_auth_failure(r);
-}
-
-API_EXPORT(void) ap_note_basic_auth_failure(request_rec *r)
-{
-    if (strcasecmp(ap_auth_type(r), "Basic"))
-        ap_note_auth_failure(r);
-    else
-        ap_table_setn(r->err_headers_out,
-                  r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
-		      : "WWW-Authenticate",
-                  ap_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r), "\"",
-                          NULL));
-}
-
-API_EXPORT(void) ap_note_digest_auth_failure(request_rec *r)
-{
-    /* We need to create a nonce which:
-     * a) changes all the time (see r->request_time)
-     *    below and
-     * b) of which we can verify that it is our own
-     *    fairly easily when it comes to veryfing
-     *    the digest coming back in the response.
-     * c) and which as a whole should not
-     *    be unlikely to be in use anywhere else.
-     */
-    char * nonce_prefix = ap_md5(r->pool,
-           (unsigned char *)
-           ap_psprintf(r->pool, "%s%lld",
-                       ap_auth_nonce(r), (long long)r->request_time));
-
-    ap_table_setn(r->err_headers_out,
-	    r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
-		  : "WWW-Authenticate",
-           ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s%lld\"",
-               ap_auth_name(r), nonce_prefix, (long long)r->request_time));
-}
-
-API_EXPORT(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
-{
-    const char *auth_line = ap_table_get(r->headers_in,
-					 r->proxyreq == STD_PROXY
-					 ? "Proxy-Authorization"
-					 : "Authorization");
-    const char *t;
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Basic"))
-        return DECLINED;
-
-    if (!ap_auth_name(r)) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
-		    r, "need AuthName: %s", r->uri);
-        return SERVER_ERROR;
-    }
-
-    if (!auth_line) {
-        ap_note_basic_auth_failure(r);
-        return AUTH_REQUIRED;
-    }
-
-    if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
-        /* Client tried to authenticate using wrong auth scheme */
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "client used wrong authentication scheme: %s", r->uri);
-        ap_note_basic_auth_failure(r);
-        return AUTH_REQUIRED;
-    }
-
-    while (*auth_line== ' ' || *auth_line== '\t')
-        auth_line++;
-
-    t = ap_pbase64decode(r->pool, auth_line);
-    /* Note that this allocation has to be made from r->connection->pool
-     * because it has the lifetime of the connection.  The other allocations
-     * are temporary and can be tossed away any time.
-     */
-    r->connection->user = ap_getword_nulls (r->connection->pool, &t, ':');
-    r->connection->ap_auth_type = "Basic";
-
-    *pw = t;
-
-    return OK;
-}
-
-/* New Apache routine to map status codes into array indicies
- *  e.g.  100 -> 0,  101 -> 1,  200 -> 2 ...
- * The number of status lines must equal the value of RESPONSE_CODES (httpd.h)
- * and must be listed in order.
- */
-
-static const char * const status_lines[RESPONSE_CODES] =
-{
-    "100 Continue",
-    "101 Switching Protocols",
-    "102 Processing",
-#define LEVEL_200  3
-    "200 OK",
-    "201 Created",
-    "202 Accepted",
-    "203 Non-Authoritative Information",
-    "204 No Content",
-    "205 Reset Content",
-    "206 Partial Content",
-    "207 Multi-Status",
-#define LEVEL_300 11
-    "300 Multiple Choices",
-    "301 Moved Permanently",
-    "302 Found",
-    "303 See Other",
-    "304 Not Modified",
-    "305 Use Proxy",
-    "306 unused",
-    "307 Temporary Redirect",
-#define LEVEL_400 19
-    "400 Bad Request",
-    "401 Authorization Required",
-    "402 Payment Required",
-    "403 Forbidden",
-    "404 Not Found",
-    "405 Method Not Allowed",
-    "406 Not Acceptable",
-    "407 Proxy Authentication Required",
-    "408 Request Time-out",
-    "409 Conflict",
-    "410 Gone",
-    "411 Length Required",
-    "412 Precondition Failed",
-    "413 Request Entity Too Large",
-    "414 Request-URI Too Large",
-    "415 Unsupported Media Type",
-    "416 Requested Range Not Satisfiable",
-    "417 Expectation Failed",
-    "418 unused",
-    "419 unused",
-    "420 unused",
-    "421 unused",
-    "422 Unprocessable Entity",
-    "423 Locked",
-    "424 Failed Dependency",
-#define LEVEL_500 44
-    "500 Internal Server Error",
-    "501 Method Not Implemented",
-    "502 Bad Gateway",
-    "503 Service Temporarily Unavailable",
-    "504 Gateway Time-out",
-    "505 HTTP Version Not Supported",
-    "506 Variant Also Negotiates",
-    "507 Insufficient Storage",
-    "508 unused",
-    "509 unused",
-    "510 Not Extended"
-};
-
-/* The index is found by its offset from the x00 code of each level.
- * Although this is fast, it will need to be replaced if some nutcase
- * decides to define a high-numbered code before the lower numbers.
- * If that sad event occurs, replace the code below with a linear search
- * from status_lines[shortcut[i]] to status_lines[shortcut[i+1]-1];
- */
-API_EXPORT(int) ap_index_of_response(int status)
-{
-    static int shortcut[6] = {0, LEVEL_200, LEVEL_300, LEVEL_400,
-    LEVEL_500, RESPONSE_CODES};
-    int i, pos;
-
-    if (status < 100)           /* Below 100 is illegal for HTTP status */
-        return LEVEL_500;
-
-    for (i = 0; i < 5; i++) {
-        status -= 100;
-        if (status < 100) {
-            pos = (status + shortcut[i]);
-            if (pos < shortcut[i + 1])
-                return pos;
-            else
-                return LEVEL_500;       /* status unknown (falls in gap) */
-        }
-    }
-    return LEVEL_500;           /* 600 or above is also illegal */
-}
-
-/* Send a single HTTP header field to the client.  Note that this function
- * is used in calls to table_do(), so their interfaces are co-dependent.
- * In other words, don't change this one without checking table_do in alloc.c.
- * It returns true unless there was a write error of some kind.
- */
-API_EXPORT_NONSTD(int) ap_send_header_field(request_rec *r,
-                                            const char *fieldname,
-                                            const char *fieldval)
-{
-    if (strcasecmp(fieldname, "ETag") == 0) {
-        if (ap_table_get(r->notes, "no-etag") != NULL) {
-            return 1;
-        }
-    }
-    return (0 < ap_rvputs(r, fieldname, ": ", fieldval, CRLF, NULL));
-}
-
-API_EXPORT(void) ap_basic_http_header(request_rec *r)
-{
-    char *protocol;
-
-    if (r->assbackwards)
-        return;
-
-    if (!r->status_line)
-        r->status_line = status_lines[ap_index_of_response(r->status)];
-
-    /* kluge around broken browsers when indicated by force-response-1.0
-     */
-    if (r->proto_num == HTTP_VERSION(1,0)
-       && ap_table_get(r->subprocess_env, "force-response-1.0")) {
-
-        protocol = "HTTP/1.0";
-        r->connection->keepalive = -1;
-    }
-    else
-        protocol = SERVER_PROTOCOL;
-
-    /* output the HTTP/1.x Status-Line */
-    ap_rvputs(r, protocol, " ", r->status_line, CRLF, NULL);
-
-    /* output the date header */
-    ap_send_header_field(r, "Date", ap_gm_timestr_822(r->pool, r->request_time));
-
-    /* keep the set-by-proxy server header, otherwise
-     * generate a new server header */
-    if (r->proxyreq) {
-        const char *server = ap_table_get(r->headers_out, "Server");
-        if (server) {
-            ap_send_header_field(r, "Server", server);
-        }
-    }
-    else {
-        ap_send_header_field(r, "Server", ap_get_server_version());
-    }
-
-    /* unset so we don't send them again */
-    ap_table_unset(r->headers_out, "Date");        /* Avoid bogosity */
-    ap_table_unset(r->headers_out, "Server");
-}
-
-/* Navigator versions 2.x, 3.x and 4.0 betas up to and including 4.0b2
- * have a header parsing bug.  If the terminating \r\n occur starting
- * at offset 256, 257 or 258 of output then it will not properly parse
- * the headers.  Curiously it doesn't exhibit this problem at 512, 513.
- * We are guessing that this is because their initial read of a new request
- * uses a 256 byte buffer, and subsequent reads use a larger buffer.
- * So the problem might exist at different offsets as well.
- *
- * This should also work on keepalive connections assuming they use the
- * same small buffer for the first read of each new request.
- *
- * At any rate, we check the bytes written so far and, if we are about to
- * tickle the bug, we instead insert a bogus padding header.  Since the bug
- * manifests as a broken image in Navigator, users blame the server.  :(
- * It is more expensive to check the User-Agent than it is to just add the
- * bytes, so we haven't used the BrowserMatch feature here.
- */
-static void terminate_header(BUFF *client)
-{
-    off_t bs;
-
-    ap_bgetopt(client, BO_BYTECT, &bs);
-    if (bs >= 255 && bs <= 257)
-        ap_bputs("X-Pad: avoid browser bug" CRLF, client);
-
-    ap_bputs(CRLF, client);  /* Send the terminating empty line */
-}
-
-/* Build the Allow field-value from the request handler method mask.
- * Note that we always allow TRACE, since it is handled below.
- */
-static char *make_allow(request_rec *r)
-{
-    return 2 + ap_pstrcat(r->pool,
-                   (r->allowed & (1 << M_GET))       ? ", GET, HEAD" : "",
-                   (r->allowed & (1 << M_POST))      ? ", POST"      : "",
-                   (r->allowed & (1 << M_PUT))       ? ", PUT"       : "",
-                   (r->allowed & (1 << M_DELETE))    ? ", DELETE"    : "",
-                   (r->allowed & (1 << M_CONNECT))   ? ", CONNECT"   : "",
-                   (r->allowed & (1 << M_OPTIONS))   ? ", OPTIONS"   : "",
-                   (r->allowed & (1 << M_PATCH))     ? ", PATCH"     : "",
-                   (r->allowed & (1 << M_PROPFIND))  ? ", PROPFIND"  : "",
-                   (r->allowed & (1 << M_PROPPATCH)) ? ", PROPPATCH" : "",
-                   (r->allowed & (1 << M_MKCOL))     ? ", MKCOL"     : "",
-                   (r->allowed & (1 << M_COPY))      ? ", COPY"      : "",
-                   (r->allowed & (1 << M_MOVE))      ? ", MOVE"      : "",
-                   (r->allowed & (1 << M_LOCK))      ? ", LOCK"      : "",
-                   (r->allowed & (1 << M_UNLOCK))    ? ", UNLOCK"    : "",
-                   ", TRACE",
-                   NULL);
-}
-
-API_EXPORT(int) ap_send_http_trace(request_rec *r)
-{
-    int rv;
-
-    /* Get the original request */
-    while (r->prev)
-        r = r->prev;
-
-    if ((rv = ap_setup_client_block(r, REQUEST_NO_BODY)))
-        return rv;
-
-    ap_hard_timeout("send TRACE", r);
-
-    r->content_type = "message/http";
-    ap_send_http_header(r);
-
-    /* Now we recreate the request, and echo it back */
-
-    ap_rvputs(r, r->the_request, CRLF, NULL);
-
-    ap_table_do((int (*) (void *, const char *, const char *))
-                ap_send_header_field, (void *) r, r->headers_in, NULL);
-    ap_rputs(CRLF, r);
-
-    ap_kill_timeout(r);
-    return OK;
-}
-
-API_EXPORT(int) ap_send_http_options(request_rec *r)
-{
-    const off_t zero = 0LL;
-
-    if (r->assbackwards)
-        return DECLINED;
-
-    ap_hard_timeout("send OPTIONS", r);
-
-    ap_basic_http_header(r);
-
-    ap_table_setn(r->headers_out, "Content-Length", "0");
-    ap_table_setn(r->headers_out, "Allow", make_allow(r));
-    ap_set_keepalive(r);
-
-    ap_table_do((int (*) (void *, const char *, const char *)) ap_send_header_field,
-             (void *) r, r->headers_out, NULL);
-
-    terminate_header(r->connection->client);
-
-    ap_kill_timeout(r);
-    ap_bsetopt(r->connection->client, BO_BYTECT, &zero);
-
-    return OK;
-}
-
-/*
- * Here we try to be compatible with clients that want multipart/x-byteranges
- * instead of multipart/byteranges (also see above), as per HTTP/1.1. We
- * look for the Request-Range header (e.g. Netscape 2 and 3) as an indication
- * that the browser supports an older protocol. We also check User-Agent
- * for Microsoft Internet Explorer 3, which needs this as well.
- */
-static int use_range_x(request_rec *r)
-{
-    const char *ua;
-    return (ap_table_get(r->headers_in, "Request-Range") ||
-            ((ua = ap_table_get(r->headers_in, "User-Agent"))
-             && strstr(ua, "MSIE 3")));
-}
-
-/* This routine is called by ap_table_do and merges all instances of
- * the passed field values into a single array that will be further
- * processed by some later routine.  Originally intended to help split
- * and recombine multiple Vary fields, though it is generic to any field
- * consisting of comma/space-separated tokens.
- */
-static int uniq_field_values(void *d, const char *key, const char *val)
-{
-    array_header *values;
-    char *start;
-    char *e;
-    char **strpp;
-    int  i;
-
-    values = (array_header *)d;
-
-    e = ap_pstrdup(values->pool, val);
-
-    do {
-        /* Find a non-empty fieldname */
-
-        while (*e == ',' || ap_isspace(*e)) {
-            ++e;
-        }
-        if (*e == '\0') {
-            break;
-        }
-        start = e;
-        while (*e != '\0' && *e != ',' && !ap_isspace(*e)) {
-            ++e;
-        }
-        if (*e != '\0') {
-            *e++ = '\0';
-        }
-
-        /* Now add it to values if it isn't already represented.
-         * Could be replaced by a ap_array_strcasecmp() if we had one.
-         */
-        for (i = 0, strpp = (char **) values->elts; i < values->nelts;
-             ++i, ++strpp) {
-            if (*strpp && strcasecmp(*strpp, start) == 0) {
-                break;
-            }
-        }
-        if (i == values->nelts) {  /* if not found */
-           *(char **)ap_push_array(values) = start;
-        }
-    } while (*e != '\0');
-
-    return 1;
-}
-
-/*
- * Since some clients choke violently on multiple Vary fields, or
- * Vary fields with duplicate tokens, combine any multiples and remove
- * any duplicates.
- */
-static void fixup_vary(request_rec *r)
-{
-    array_header *varies;
-
-    varies = ap_make_array(r->pool, 5, sizeof(char *));
-
-    /* Extract all Vary fields from the headers_out, separate each into
-     * its comma-separated fieldname values, and then add them to varies
-     * if not already present in the array.
-     */
-    ap_table_do((int (*)(void *, const char *, const char *))uniq_field_values,
-		(void *) varies, r->headers_out, "Vary", NULL);
-
-    /* If we found any, replace old Vary fields with unique-ified value */
-
-    if (varies->nelts > 0) {
-	ap_table_setn(r->headers_out, "Vary",
-		      ap_array_pstrcat(r->pool, varies, ','));
-    }
-}
-
-API_EXPORT(void) ap_send_http_header(request_rec *r)
-{
-    int i;
-    const off_t zero = 0LL;
-
-    if (r->assbackwards) {
-        if (!r->main)
-            ap_bsetopt(r->connection->client, BO_BYTECT, &zero);
-        r->sent_bodyct = 1;
-        return;
-    }
-
-    /*
-     * Now that we are ready to send a response, we need to combine the two
-     * header field tables into a single table.  If we don't do this, our
-     * later attempts to set or unset a given fieldname might be bypassed.
-     */
-    if (!ap_is_empty_table(r->err_headers_out))
-        r->headers_out = ap_overlay_tables(r->pool, r->err_headers_out,
-                                        r->headers_out);
-
-    /*
-     * Remove the 'Vary' header field if the client can't handle it.
-     * Since this will have nasty effects on HTTP/1.1 caches, force
-     * the response into HTTP/1.0 mode.
-     */
-    if (ap_table_get(r->subprocess_env, "force-no-vary") != NULL) {
-	ap_table_unset(r->headers_out, "Vary");
-	r->proto_num = HTTP_VERSION(1,0);
-	ap_table_set(r->subprocess_env, "force-response-1.0", "1");
-    }
-    else {
-	fixup_vary(r);
-    }
-
-    ap_hard_timeout("send headers", r);
-
-    ap_basic_http_header(r);
-
-    ap_set_keepalive(r);
-
-    if (r->chunked) {
-        ap_table_mergen(r->headers_out, "Transfer-Encoding", "chunked");
-        ap_table_unset(r->headers_out, "Content-Length");
-    }
-
-    if (r->byterange > 1)
-        ap_table_setn(r->headers_out, "Content-Type",
-                  ap_pstrcat(r->pool, "multipart", use_range_x(r) ? "/x-" : "/",
-                          "byteranges; boundary=", r->boundary, NULL));
-    else ap_table_setn(r->headers_out, "Content-Type", make_content_type(r, 
-	r->content_type));
-
-    if (r->content_encoding)
-        ap_table_setn(r->headers_out, "Content-Encoding", r->content_encoding);
-
-    if (r->content_languages && r->content_languages->nelts) {
-        for (i = 0; i < r->content_languages->nelts; ++i) {
-            ap_table_mergen(r->headers_out, "Content-Language",
-                        ((char **) (r->content_languages->elts))[i]);
-        }
-    }
-    else if (r->content_language)
-        ap_table_setn(r->headers_out, "Content-Language", r->content_language);
-
-    /*
-     * Control cachability for non-cachable responses if not already set by
-     * some other part of the server configuration.
-     */
-    if (r->no_cache && !ap_table_get(r->headers_out, "Expires"))
-        ap_table_addn(r->headers_out, "Expires",
-                  ap_gm_timestr_822(r->pool, r->request_time));
-
-    /* Send the entire table of header fields, terminated by an empty line. */
-
-    ap_table_do((int (*) (void *, const char *, const char *)) ap_send_header_field,
-             (void *) r, r->headers_out, NULL);
-
-    terminate_header(r->connection->client);
-
-    ap_kill_timeout(r);
-
-    ap_bsetopt(r->connection->client, BO_BYTECT, &zero);
-    r->sent_bodyct = 1;         /* Whatever follows is real body stuff... */
-
-    /* Set buffer flags for the body */
-    if (r->chunked)
-        ap_bsetflag(r->connection->client, B_CHUNK, 1);
-}
-
-/* finalize_request_protocol is called at completion of sending the
- * response.  It's sole purpose is to send the terminating protocol
- * information for any wrappers around the response message body
- * (i.e., transfer encodings).  It should have been named finalize_response.
- */
-API_EXPORT(void) ap_finalize_request_protocol(request_rec *r)
-{
-    if (r->chunked && !r->connection->aborted) {
-        /*
-         * Turn off chunked encoding --- we can only do this once.
-         */
-        r->chunked = 0;
-        ap_bsetflag(r->connection->client, B_CHUNK, 0);
-
-        ap_soft_timeout("send ending chunk", r);
-        ap_rputs("0" CRLF, r);
-        /* If we had footer "headers", we'd send them now */
-        ap_rputs(CRLF, r);
-        ap_kill_timeout(r);
-
-    }
-}
-
-/* Here we deal with getting the request message body from the client.
- * Whether or not the request contains a body is signaled by the presence
- * of a non-zero Content-Length or by a Transfer-Encoding: chunked.
- *
- * Note that this is more complicated than it was in Apache 1.1 and prior
- * versions, because chunked support means that the module does less.
- *
- * The proper procedure is this:
- *
- * 1. Call setup_client_block() near the beginning of the request
- *    handler. This will set up all the necessary properties, and will
- *    return either OK, or an error code. If the latter, the module should
- *    return that error code. The second parameter selects the policy to
- *    apply if the request message indicates a body, and how a chunked
- *    transfer-coding should be interpreted. Choose one of
- *
- *    REQUEST_NO_BODY          Send 413 error if message has any body
- *    REQUEST_CHUNKED_ERROR    Send 411 error if body without Content-Length
- *    REQUEST_CHUNKED_DECHUNK  If chunked, remove the chunks for me.
- *    REQUEST_CHUNKED_PASS     Pass the chunks to me without removal.
- *
- *    In order to use the last two options, the caller MUST provide a buffer
- *    large enough to hold a chunk-size line, including any extensions.
- *
- * 2. When you are ready to read a body (if any), call should_client_block().
- *    This will tell the module whether or not to read input. If it is 0,
- *    the module should assume that there is no message body to read.
- *    This step also sends a 100 Continue response to HTTP/1.1 clients,
- *    so should not be called until the module is *definitely* ready to
- *    read content. (otherwise, the point of the 100 response is defeated).
- *    Never call this function more than once.
- *
- * 3. Finally, call get_client_block in a loop. Pass it a buffer and its size.
- *    It will put data into the buffer (not necessarily a full buffer), and
- *    return the length of the input block. When it is done reading, it will
- *    return 0 if EOF, or -1 if there was an error.
- *    If an error occurs on input, we force an end to keepalive.
- */
-
-API_EXPORT(int) ap_setup_client_block(request_rec *r, int read_policy)
-{
-    const char *tenc = ap_table_get(r->headers_in, "Transfer-Encoding");
-    const char *lenp = ap_table_get(r->headers_in, "Content-Length");
-    unsigned long max_body;
-
-    r->read_body = read_policy;
-    r->read_chunked = 0;
-    r->remaining = 0;
-
-    if (tenc) {
-        if (strcasecmp(tenc, "chunked")) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Unknown Transfer-Encoding %s", tenc);
-            return HTTP_NOT_IMPLEMENTED;
-        }
-        if (r->read_body == REQUEST_CHUNKED_ERROR) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "chunked Transfer-Encoding forbidden: %s", r->uri);
-            return (lenp) ? HTTP_BAD_REQUEST : HTTP_LENGTH_REQUIRED;
-        }
-
-        r->read_chunked = 1;
-    }
-    else if (lenp) {
-        const char *pos = lenp;
-        int conversion_error = 0;
-
-        while (ap_isspace(*pos))
-            ++pos;
-
-        if (*pos == '\0') {
-            /* special case test - a C-L field NULL or all blanks is
-             * assumed OK and defaults to 0. Otherwise, we do a
-             * strict check of the field */
-            r->remaining = 0;
-        }
-        else {
-            char *endstr;
-            errno = 0;
-            r->remaining = ap_strtol(lenp, &endstr, 10);
-            if (errno || (endstr && *endstr) || (r->remaining < 0)) {
-                conversion_error = 1;
-            }
-        }
-
-        if (conversion_error) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Invalid Content-Length");
-            return HTTP_BAD_REQUEST;
-        }
-    }
-
-    if ((r->read_body == REQUEST_NO_BODY) &&
-        (r->read_chunked || (r->remaining > 0))) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "%s with body is not allowed for %s", r->method, r->uri);
-        return HTTP_REQUEST_ENTITY_TOO_LARGE;
-    }
-
-    max_body = ap_get_limit_req_body(r);
-    if (max_body && ((unsigned long)r->remaining > max_body)
-                 && (r->remaining >= 0)) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-          "Request content-length of %s is larger than the configured "
-          "limit of %lu", lenp, max_body);
-        return HTTP_REQUEST_ENTITY_TOO_LARGE;
-    }
-
-    return OK;
-}
-
-API_EXPORT(int) ap_should_client_block(request_rec *r)
-{
-    /* First check if we have already read the request body */
-
-    if (r->read_length || (!r->read_chunked && (r->remaining <= 0)))
-        return 0;
-
-    if (r->expecting_100 && r->proto_num >= HTTP_VERSION(1,1)) {
-        /* sending 100 Continue interim response */
-        ap_rvputs(r, SERVER_PROTOCOL, " ", status_lines[0], CRLF CRLF,
-                  NULL);
-        ap_rflush(r);
-    }
-
-    return 1;
-}
-
-/**
- * Parse a chunk extension, detect overflow.
- * There are two error cases:
- *  1) If the conversion would require too many bits, a -1 is returned.
- *  2) If the conversion used the correct number of bits, but an overflow
- *     caused only the sign bit to flip, then that negative number is
- *     returned.
- * In general, any negative number can be considered an overflow error.
- */
-API_EXPORT(long) ap_get_chunk_size(char *b)
-{
-    long chunksize = 0;
-    long chunkbits = sizeof(long) * 8;
-
-    /* Skip leading zeros */
-    while (*b == '0') {
-        ++b;
-    }
-
-    while (ap_isxdigit(*b) && (chunkbits > 0)) {
-        int xvalue = 0;
-
-        if (*b >= '0' && *b <= '9') {
-            xvalue = *b - '0';
-        }
-        else if (*b >= 'A' && *b <= 'F') {
-            xvalue = *b - 'A' + 0xa;
-        }
-        else if (*b >= 'a' && *b <= 'f') {
-            xvalue = *b - 'a' + 0xa;
-        }
-
-        chunksize = (chunksize << 4) | xvalue;
-        chunkbits -= 4;
-        ++b;
-    }
-    if (ap_isxdigit(*b) && (chunkbits <= 0)) {
-        /* overflow */
-        return -1;
-    }
-
-    return chunksize;
-}
-
-/* get_client_block is called in a loop to get the request message body.
- * This is quite simple if the client includes a content-length
- * (the normal case), but gets messy if the body is chunked. Note that
- * r->remaining is used to maintain state across calls and that
- * r->read_length is the total number of bytes given to the caller
- * across all invocations.  It is messy because we have to be careful not
- * to read past the data provided by the client, since these reads block.
- * Returns 0 on End-of-body, -1 on error or premature chunk end.
- *
- * Reading the chunked encoding requires a buffer size large enough to
- * hold a chunk-size line, including any extensions. For now, we'll leave
- * that to the caller, at least until we can come up with a better solution.
- */
-API_EXPORT(long) ap_get_client_block(request_rec *r, char *buffer, int bufsiz)
-{
-    int c;
-    long len_read, len_to_read;
-    long chunk_start = 0;
-    unsigned long max_body;
-
-    if (!r->read_chunked) {     /* Content-length read */
-        len_to_read = (r->remaining > bufsiz) ? bufsiz : r->remaining;
-        len_read = ap_bread(r->connection->client, buffer, len_to_read);
-        if (len_read <= 0) {
-            if (len_read < 0)
-                r->connection->keepalive = -1;
-            return len_read;
-        }
-        r->read_length += len_read;
-        r->remaining -= len_read;
-        return len_read;
-    }
-
-    /*
-     * Handle chunked reading Note: we are careful to shorten the input
-     * bufsiz so that there will always be enough space for us to add a CRLF
-     * (if necessary).
-     */
-    if (r->read_body == REQUEST_CHUNKED_PASS)
-        bufsiz -= 2;
-    if (bufsiz <= 0)
-        return -1;              /* Cannot read chunked with a small buffer */
-
-    /* Check to see if we have already read too much request data.
-     * For efficiency reasons, we only check this at the top of each
-     * caller read pass, since the limit exists just to stop infinite
-     * length requests and nobody cares if it goes over by one buffer.
-     */
-    max_body = ap_get_limit_req_body(r);
-    if (max_body && ((unsigned long) r->read_length > max_body)
-                 && (r->read_length >= 0)) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-            "Chunked request body is larger than the configured limit of %lu",
-            max_body);
-        r->connection->keepalive = -1;
-        return -1;
-    }
-
-    if (r->remaining == 0) {    /* Start of new chunk */
-
-        chunk_start = ap_getline(buffer, bufsiz, r->connection->client, 0);
-        if ((chunk_start <= 0) || (chunk_start >= (bufsiz - 1))
-            || !ap_isxdigit(*buffer)) {
-            r->connection->keepalive = -1;
-            return -1;
-        }
-
-        len_to_read = ap_get_chunk_size(buffer);
-
-        if (len_to_read == 0) { /* Last chunk indicated, get footers */
-            if (r->read_body == REQUEST_CHUNKED_DECHUNK) {
-                get_mime_headers(r);
-                ap_snprintf(buffer, bufsiz, "%ld", r->read_length);
-                ap_table_unset(r->headers_in, "Transfer-Encoding");
-                ap_table_setn(r->headers_in, "Content-Length",
-                    ap_pstrdup(r->pool, buffer));
-                return 0;
-            }
-            r->remaining = -1;  /* Indicate footers in-progress */
-        }
-        else if (len_to_read < 0) {
-            r->connection->keepalive = -1;
-            return -1;
-        }
-        else {
-            r->remaining = len_to_read;
-        }
-        if (r->read_body == REQUEST_CHUNKED_PASS) {
-            buffer[chunk_start++] = CR; /* Restore chunk-size line end  */
-            buffer[chunk_start++] = LF;
-            buffer += chunk_start;      /* and pass line on to caller   */
-            bufsiz -= chunk_start;
-        }
-        else {
-            /* REQUEST_CHUNKED_DECHUNK -- do not include the length of the
-             * header in the return value
-             */
-            chunk_start = 0;
-        }
-    }
-                                /* When REQUEST_CHUNKED_PASS, we are */
-    if (r->remaining == -1) {   /* reading footers until empty line  */
-        len_read = chunk_start;
-
-        while ((bufsiz > 1) && ((len_read =
-                  ap_getline(buffer, bufsiz, r->connection->client, 1)) > 0)) {
-
-            if (len_read != (bufsiz - 1)) {
-                buffer[len_read++] = CR;        /* Restore footer line end  */
-                buffer[len_read++] = LF;
-            }
-            chunk_start += len_read;
-            buffer += len_read;
-            bufsiz -= len_read;
-        }
-        if (len_read < 0) {
-            r->connection->keepalive = -1;
-            return -1;
-        }
-
-        if (len_read == 0) {    /* Indicates an empty line */
-            buffer[0] = CR;
-            buffer[1] = LF;
-            chunk_start += 2;
-            r->remaining = -2;
-        }
-        r->read_length += chunk_start;
-        return chunk_start;
-    }
-                                /* When REQUEST_CHUNKED_PASS, we     */
-    if (r->remaining == -2) {   /* finished footers when last called */
-        r->remaining = 0;       /* so now we must signal EOF         */
-        return 0;
-    }
-
-    /* Otherwise, we are in the midst of reading a chunk of data */
-
-    len_to_read = (r->remaining > bufsiz) ? bufsiz : r->remaining;
-
-    len_read = ap_bread(r->connection->client, buffer, len_to_read);
-    if (len_read <= 0) {
-        r->connection->keepalive = -1;
-        return -1;
-    }
-
-    r->remaining -= len_read;
-
-    if (r->remaining == 0) {    /* End of chunk, get trailing CRLF */
-
-        if ((c = ap_bgetc(r->connection->client)) == CR) {
-            c = ap_bgetc(r->connection->client);
-        }
-
-        if (c != LF) {
-            r->connection->keepalive = -1;
-            return -1;
-        }
-        if (r->read_body == REQUEST_CHUNKED_PASS) {
-            buffer[len_read++] = CR;
-            buffer[len_read++] = LF;
-        }
-    }
-    r->read_length += (chunk_start + len_read);
-
-    return (chunk_start + len_read);
-}
-
-/* In HTTP/1.1, any method can have a body.  However, most GET handlers
- * wouldn't know what to do with a request body if they received one.
- * This helper routine tests for and reads any message body in the request,
- * simply discarding whatever it receives.  We need to do this because
- * failing to read the request body would cause it to be interpreted
- * as the next request on a persistent connection.
- *
- * Since we return an error status if the request is malformed, this
- * routine should be called at the beginning of a no-body handler, e.g.,
- *
- *    if ((retval = ap_discard_request_body(r)) != OK)
- *        return retval;
- */
-API_EXPORT(int) ap_discard_request_body(request_rec *r)
-{
-    int rv;
-
-    if ((rv = ap_setup_client_block(r, REQUEST_CHUNKED_PASS)))
-        return rv;
-
-    /* In order to avoid sending 100 Continue when we already know the
-     * final response status, and yet not kill the connection if there is
-     * no request body to be read, we need to duplicate the test from
-     * ap_should_client_block() here negated rather than call it directly.
-     */
-    if ((r->read_length == 0) && (r->read_chunked || (r->remaining > 0))) {
-        char dumpbuf[HUGE_STRING_LEN];
-
-        if (r->expecting_100) {
-            r->connection->keepalive = -1;
-            return OK;
-        }
-        ap_hard_timeout("reading request body", r);
-        while ((rv = ap_get_client_block(r, dumpbuf, HUGE_STRING_LEN)) > 0)
-            continue;
-        ap_kill_timeout(r);
-
-        if (rv < 0)
-            return HTTP_BAD_REQUEST;
-    }
-    return OK;
-}
-
-/*
- * Send the body of a response to the client.
- */
-API_EXPORT(long) ap_send_fd(FILE *f, request_rec *r)
-{
-    return ap_send_fd_length(f, r, -1);
-}
-
-API_EXPORT(long) ap_send_fd_length(FILE *f, request_rec *r, long length)
-{
-    char buf[IOBUFSIZE];
-    long total_bytes_sent = 0;
-    int n, w, o, len;
-
-    if (length == 0)
-        return 0;
-
-    ap_soft_timeout("send body", r);
-
-    while (!r->connection->aborted) {
-        if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)
-            len = length - total_bytes_sent;
-        else
-            len = IOBUFSIZE;
-
-        while ((n = fread(buf, sizeof(char), len, f)) < 1
-               && ferror(f) && errno == EINTR && !r->connection->aborted)
-            continue;
-
-        if (n < 1) {
-            break;
-        }
-        o = 0;
-
-        while (n && !r->connection->aborted) {
-            w = ap_bwrite(r->connection->client, &buf[o], n);
-            if (w > 0) {
-                ap_reset_timeout(r); /* reset timeout after successful write */
-                total_bytes_sent += w;
-                n -= w;
-                o += w;
-            }
-            else if (w < 0) {
-                if (!r->connection->aborted) {
-                    ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                     "client stopped connection before send body completed");
-                    ap_bsetflag(r->connection->client, B_EOUT, 1);
-                    r->connection->aborted = 1;
-                }
-                break;
-            }
-        }
-    }
-
-    ap_kill_timeout(r);
-    SET_BYTES_SENT(r);
-    return total_bytes_sent;
-}
-
-/*
- * Send the body of a response to the client.
- */
-API_EXPORT(long) ap_send_fb(BUFF *fb, request_rec *r)
-{
-    return ap_send_fb_length(fb, r, -1);
-}
-
-API_EXPORT(long) ap_send_fb_length(BUFF *fb, request_rec *r, long length)
-{
-    char buf[IOBUFSIZE];
-    long total_bytes_sent = 0;
-    int n, w, o, len, fd;
-    fd_set fds;
-
-    if (length == 0)
-        return 0;
-
-    /* Make fb unbuffered and non-blocking */
-    ap_bsetflag(fb, B_RD, 0);
-    ap_bnonblock(fb, B_RD);
-    fd = ap_bfileno(fb, B_RD);
-    if (fd >= FD_SETSIZE) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, NULL,
-	    "send body: filedescriptor (%u) larger than FD_SETSIZE (%u) "
-	    "found, you probably need to rebuild Apache with a "
-	    "larger FD_SETSIZE", fd, FD_SETSIZE);
-	return 0;
-    }
-
-    ap_soft_timeout("send body", r);
-
-    FD_ZERO(&fds);
-    while (!r->connection->aborted) {
-        if ((length > 0) && (total_bytes_sent + IOBUFSIZE) > length)
-            len = length - total_bytes_sent;
-        else
-            len = IOBUFSIZE;
-
-        do {
-            n = ap_bread(fb, buf, len);
-            if (n >= 0)
-                break;
-            if (r->connection->aborted)
-                break;
-            if (n < 0 && errno != EAGAIN)
-                break;
-
-            /* we need to block, so flush the output first */
-            if (ap_bflush(r->connection->client) < 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                    "client stopped connection before send body completed");
-                ap_bsetflag(r->connection->client, B_EOUT, 1);
-                r->connection->aborted = 1;
-                break;
-            }
-            FD_SET(fd, &fds);
-            /*
-             * we don't care what select says, we might as well loop back
-             * around and try another read
-             */
-            ap_select(fd + 1, &fds, NULL, NULL, NULL);
-        } while (!r->connection->aborted);
-
-        if (n < 1 || r->connection->aborted) {
-            break;
-        }
-        o = 0;
-
-        while (n && !r->connection->aborted) {
-            w = ap_bwrite(r->connection->client, &buf[o], n);
-            if (w > 0) {
-                ap_reset_timeout(r); /* reset timeout after successful write */
-                total_bytes_sent += w;
-                n -= w;
-                o += w;
-            }
-            else if (w < 0) {
-                if (!r->connection->aborted) {
-                    ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                       "client stopped connection before send body completed");
-                    ap_bsetflag(r->connection->client, B_EOUT, 1);
-                    r->connection->aborted = 1;
-                }
-                break;
-            }
-        }
-    }
-
-    ap_kill_timeout(r);
-    SET_BYTES_SENT(r);
-    return total_bytes_sent;
-}
-
-
-
-/* The code writes MMAP_SEGMENT_SIZE bytes at a time.  This is due to Apache's
- * timeout model, which is a timeout per-write rather than a time for the
- * entire transaction to complete.  Essentially this should be small enough
- * so that in one Timeout period, your slowest clients should be reasonably
- * able to receive this many bytes.
- *
- * To take advantage of zero-copy TCP under Solaris 2.6 this should be a
- * multiple of 16k.  (And you need a SunATM2.0 network card.)
- */
-#ifndef MMAP_SEGMENT_SIZE
-#define MMAP_SEGMENT_SIZE       32768
-#endif
-
-/* send data from an in-memory buffer */
-API_EXPORT(off_t) ap_send_mmap(void *mm, request_rec *r, off_t offset,
-                             off_t length)
-{
-    off_t total_bytes_sent = 0;
-    off_t n, w;
-
-    if (length == 0)
-        return 0;
-
-    ap_soft_timeout("send mmap", r);
-
-    length += offset;
-    while (!r->connection->aborted && offset < length) {
-        if (length - offset > MMAP_SEGMENT_SIZE) {
-            n = MMAP_SEGMENT_SIZE;
-        }
-        else {
-            n = length - offset;
-        }
-
-        while (n && !r->connection->aborted) {
-            w = ap_bwrite(r->connection->client, (char *) mm + offset, n);
-            if (w > 0) {
-                ap_reset_timeout(r); /* reset timeout after successful write */
-                total_bytes_sent += w;
-                n -= w;
-                offset += w;
-            }
-            else if (w < 0) {
-                if (!r->connection->aborted) {
-                    ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                       "client stopped connection before send mmap completed");
-                    ap_bsetflag(r->connection->client, B_EOUT, 1);
-                    r->connection->aborted = 1;
-                }
-                break;
-            }
-        }
-    }
-
-    ap_kill_timeout(r);
-    SET_BYTES_SENT(r);
-    return total_bytes_sent;
-}
-
-API_EXPORT(int) ap_rputc(int c, request_rec *r)
-{
-    if (r->connection->aborted)
-        return EOF;
-
-    if (ap_bputc(c, r->connection->client) < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rputc completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return EOF;
-    }
-    SET_BYTES_SENT(r);
-    return c;
-}
-
-API_EXPORT(int) ap_rputs(const char *str, request_rec *r)
-{
-    int rcode;
-
-    if (r->connection->aborted)
-        return EOF;
-    
-    rcode = ap_bputs(str, r->connection->client);
-    if (rcode < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rputs completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return EOF;
-    }
-    SET_BYTES_SENT(r);
-    return rcode;
-}
-
-API_EXPORT(int) ap_rwrite(const void *buf, int nbyte, request_rec *r)
-{
-    int n;
-
-    if (r->connection->aborted)
-        return -1;
-
-    n = ap_bwrite(r->connection->client, buf, nbyte);
-    if (n < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rwrite completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return -1;
-    }
-    SET_BYTES_SENT(r);
-    return n;
-}
-
-API_EXPORT(int) ap_vrprintf(request_rec *r, const char *fmt, va_list ap)
-{
-    int n;
-
-    if (r->connection->aborted)
-        return -1;
-
-    n = ap_vbprintf(r->connection->client, fmt, ap);
-
-    if (n < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before vrprintf completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return -1;
-    }
-    SET_BYTES_SENT(r);
-    return n;
-}
-
-API_EXPORT_NONSTD(int) ap_rprintf(request_rec *r, const char *fmt,...)
-{
-    va_list vlist;
-    int n;
-
-    if (r->connection->aborted)
-        return -1;
-
-    va_start(vlist, fmt);
-    n = ap_vbprintf(r->connection->client, fmt, vlist);
-    va_end(vlist);
-
-    if (n < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rprintf completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return -1;
-    }
-    SET_BYTES_SENT(r);
-    return n;
-}
-
-API_EXPORT_NONSTD(int) ap_rvputs(request_rec *r,...)
-{
-    va_list args;
-    int i, j, k;
-    const char *x;
-    BUFF *fb = r->connection->client;
-
-    if (r->connection->aborted)
-        return EOF;
-
-    va_start(args, r);
-    for (k = 0;;) {
-        x = va_arg(args, const char *);
-        if (x == NULL)
-            break;
-        j = strlen(x);
-        i = ap_bwrite(fb, x, j);
-        if (i != j) {
-            va_end(args);
-            if (!r->connection->aborted) {
-                ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                    "client stopped connection before rvputs completed");
-                ap_bsetflag(r->connection->client, B_EOUT, 1);
-                r->connection->aborted = 1;
-            }
-            return EOF;
-        }
-        k += i;
-    }
-    va_end(args);
-
-    SET_BYTES_SENT(r);
-    return k;
-}
-
-API_EXPORT(int) ap_rflush(request_rec *r)
-{
-    if (ap_bflush(r->connection->client) < 0) {
-        if (!r->connection->aborted) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, r,
-                "client stopped connection before rflush completed");
-            ap_bsetflag(r->connection->client, B_EOUT, 1);
-            r->connection->aborted = 1;
-        }
-        return EOF;
-    }
-    return 0;
-}
-
-/* We should have named this send_canned_response, since it is used for any
- * response that can be generated by the server from the request record.
- * This includes all 204 (no content), 3xx (redirect), 4xx (client error),
- * and 5xx (server error) messages that have not been redirected to another
- * handler via the ErrorDocument feature.
- */
-API_EXPORT(void) ap_send_error_response(request_rec *r, int recursive_error)
-{
-    int status = r->status;
-    int idx = ap_index_of_response(status);
-    char *custom_response;
-    const char *location = ap_table_get(r->headers_out, "Location");
-
-    /*
-     * It's possible that the Location field might be in r->err_headers_out
-     * instead of r->headers_out; use the latter if possible, else the
-     * former.
-     */
-    if (location == NULL) {
-	location = ap_table_get(r->err_headers_out, "Location");
-    }
-    /* We need to special-case the handling of 204 and 304 responses,
-     * since they have specific HTTP requirements and do not include a
-     * message body.  Note that being assbackwards here is not an option.
-     */
-    if (status == HTTP_NOT_MODIFIED) {
-        if (!ap_is_empty_table(r->err_headers_out))
-            r->headers_out = ap_overlay_tables(r->pool, r->err_headers_out,
-                                               r->headers_out);
-        ap_hard_timeout("send 304", r);
-
-        ap_basic_http_header(r);
-        ap_set_keepalive(r);
-
-        ap_table_do((int (*)(void *, const char *, const char *)) ap_send_header_field,
-                    (void *) r, r->headers_out,
-                    "Connection",
-                    "Keep-Alive",
-                    "ETag",
-                    "Content-Location",
-                    "Expires",
-                    "Cache-Control",
-                    "Vary",
-                    "Warning",
-                    "WWW-Authenticate",
-                    "Proxy-Authenticate",
-                    NULL);
-
-        terminate_header(r->connection->client);
-
-        ap_kill_timeout(r);
-        return;
-    }
-
-    if (status == HTTP_NO_CONTENT) {
-        ap_send_http_header(r);
-        ap_finalize_request_protocol(r);
-        return;
-    }
-
-    if (!r->assbackwards) {
-        table *tmp = r->headers_out;
-
-        /* For all HTTP/1.x responses for which we generate the message,
-         * we need to avoid inheriting the "normal status" header fields
-         * that may have been set by the request handler before the
-         * error or redirect, except for Location on external redirects.
-         */
-        r->headers_out = r->err_headers_out;
-        r->err_headers_out = tmp;
-        ap_clear_table(r->err_headers_out);
-
-        if (ap_is_HTTP_REDIRECT(status) || (status == HTTP_CREATED)) {
-            if ((location != NULL) && *location) {
-	        ap_table_setn(r->headers_out, "Location", location);
-            }
-            else {
-                location = "";   /* avoids coredump when printing, below */
-            }
-        }
-
-        r->content_language = NULL;
-        r->content_languages = NULL;
-        r->content_encoding = NULL;
-        r->clength = 0;
-        if (ap_table_get(r->subprocess_env,
-                         "suppress-error-charset") != NULL) {
-            r->content_type = "text/html";
-        }
-        else {
-            r->content_type = "text/html; charset=iso-8859-1";
-        }
-
-        if ((status == METHOD_NOT_ALLOWED) || (status == NOT_IMPLEMENTED))
-            ap_table_setn(r->headers_out, "Allow", make_allow(r));
-
-        ap_send_http_header(r);
-
-        if (r->header_only) {
-            ap_finalize_request_protocol(r);
-            ap_rflush(r);
-            return;
-        }
-    }
-
-    ap_hard_timeout("send error body", r);
-
-    if ((custom_response = ap_response_code_string(r, idx))) {
-        /*
-         * We have a custom response output. This should only be
-         * a text-string to write back. But if the ErrorDocument
-         * was a local redirect and the requested resource failed
-         * for any reason, the custom_response will still hold the
-         * redirect URL. We don't really want to output this URL
-         * as a text message, so first check the custom response
-         * string to ensure that it is a text-string (using the
-         * same test used in ap_die(), i.e. does it start with a ").
-         * If it doesn't, we've got a recursive error, so find
-         * the original error and output that as well.
-         */
-        if (custom_response[0] == '\"') {
-            ap_rputs(custom_response + 1, r);
-            ap_kill_timeout(r);
-            ap_finalize_request_protocol(r);
-            ap_rflush(r);
-            return;
-        }
-        /*
-         * Redirect failed, so get back the original error
-         */
-        while (r->prev && (r->prev->status != HTTP_OK))
-            r = r->prev;
-    }
-    {
-        const char *title = status_lines[idx];
-        const char *h1;
-        const char *error_notes;
-
-        /* Accept a status_line set by a module, but only if it begins
-         * with the 3 digit status code
-         */
-        if (r->status_line != NULL
-            && strlen(r->status_line) > 4       /* long enough */
-            && ap_isdigit(r->status_line[0])
-            && ap_isdigit(r->status_line[1])
-            && ap_isdigit(r->status_line[2])
-            && ap_isspace(r->status_line[3])
-            && ap_isalnum(r->status_line[4])) {
-            title = r->status_line;
-        }
-
-        /* folks decided they didn't want the error code in the H1 text */
-        h1 = &title[4];
-
-        ap_rvputs(r,
-                  DOCTYPE_HTML_2_0
-                  "\n", title,
-                  "\n\n
", h1, "
\n",
-                  NULL);
-
-	switch (status) {
-	case HTTP_MOVED_PERMANENTLY:
-	case HTTP_MOVED_TEMPORARILY:
-	case HTTP_TEMPORARY_REDIRECT:
-	    ap_rvputs(r, "The document has moved pool, location), "\">here.
\n",
-		      NULL);
-	    break;
-	case HTTP_SEE_OTHER:
-	    ap_rvputs(r, "The answer to your request is located pool, location), "\">here.
\n",
-		      NULL);
-	    break;
-	case HTTP_USE_PROXY:
-	    ap_rvputs(r, "This resource is only accessible "
-		      "through the proxy\n",
-		      ap_escape_html(r->pool, location),
-		      "
\nYou will need to ",
-		      "configure your client to use that proxy.
\n", NULL);
-	    break;
-	case HTTP_PROXY_AUTHENTICATION_REQUIRED:
-	case AUTH_REQUIRED:
-	    ap_rputs("This server could not verify that you\n"
-	             "are authorized to access the document\n"
-	             "requested.  Either you supplied the wrong\n"
-	             "credentials (e.g., bad password), or your\n"
-	             "browser doesn't understand how to supply\n"
-	             "the credentials required.
\n", r);
-	    break;
-	case BAD_REQUEST:
-	    ap_rputs("Your browser sent a request that "
-	             "this server could not understand.
\n", r);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "
\n", NULL);
-	    }
-	    break;
-	case HTTP_FORBIDDEN:
-	    ap_rvputs(r, "You don't have permission to access ",
-		      ap_escape_html(r->pool, r->uri),
-		      "\non this server.
\n", NULL);
-	    break;
-	case NOT_FOUND:
-	    ap_rvputs(r, "The requested URL ",
-		      ap_escape_html(r->pool, r->uri),
-		      " was not found on this server.
\n", NULL);
-	    break;
-	case METHOD_NOT_ALLOWED:
-	    ap_rvputs(r, "The requested method ", r->method,
-		      " is not allowed "
-		      "for the URL ", ap_escape_html(r->pool, r->uri),
-		      ".
\n", NULL);
-	    break;
-	case NOT_ACCEPTABLE:
-	    ap_rvputs(r,
-		      "An appropriate representation of the "
-		      "requested resource ",
-		      ap_escape_html(r->pool, r->uri),
-		      " could not be found on this server.
\n", NULL);
-	    /* fall through */
-	case MULTIPLE_CHOICES:
-	    {
-		const char *list;
-		if ((list = ap_table_get(r->notes, "variant-list")))
-		    ap_rputs(list, r);
-	    }
-	    break;
-	case LENGTH_REQUIRED:
-	    ap_rvputs(r, "A request of the requested method ", r->method,
-		      " requires a valid Content-length.
\n", NULL);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "
\n", NULL);
-	    }
-	    break;
-	case PRECONDITION_FAILED:
-	    ap_rvputs(r, "The precondition on the request for the URL ",
-		      ap_escape_html(r->pool, r->uri),
-		      " evaluated to false.
\n", NULL);
-	    break;
-	case HTTP_NOT_IMPLEMENTED:
-	    ap_rvputs(r, ap_escape_html(r->pool, r->method), " to ",
-		      ap_escape_html(r->pool, r->uri),
-		      " not supported.
\n", NULL);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "
\n", NULL);
-	    }
-	    break;
-	case BAD_GATEWAY:
-	    ap_rputs("The proxy server received an invalid" CRLF
-	             "response from an upstream server.
" CRLF, r);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "
\n", NULL);
-	    }
-	    break;
-	case VARIANT_ALSO_VARIES:
-	    ap_rvputs(r, "A variant for the requested resource\n
\n",
-		      ap_escape_html(r->pool, r->uri),
-		      "\n
\nis itself a negotiable resource. "
-		      "This indicates a configuration error.
\n", NULL);
-	    break;
-	case HTTP_REQUEST_TIME_OUT:
-	    ap_rputs("Server timeout waiting for the HTTP request from the client.\n", r);
-	    break;
-	case HTTP_GONE:
-	    ap_rvputs(r, "The requested resource
",
-		      ap_escape_html(r->pool, r->uri),
-		      "
\nis no longer available on this server ",
-		      "and there is no forwarding address.\n",
-		      "Please remove all references to this resource.\n",
-		      NULL);
-	    break;
-	case HTTP_REQUEST_ENTITY_TOO_LARGE:
-	    ap_rvputs(r, "The requested resource
",
-		      ap_escape_html(r->pool, r->uri), "
\n",
-		      "does not allow request data with ", r->method,
-		      " requests, or the amount of data provided in\n",
-		      "the request exceeds the capacity limit.\n", NULL);
-	    break;
-	case HTTP_REQUEST_URI_TOO_LARGE:
-	    ap_rputs("The requested URL's length exceeds the capacity\n"
-	             "limit for this server.
\n", r);
-	    if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-		ap_rvputs(r, error_notes, "
\n", NULL);
-	    }
-	    break;
-	case HTTP_UNSUPPORTED_MEDIA_TYPE:
-	    ap_rputs("The supplied request data is not in a format\n"
-	             "acceptable for processing by this resource.\n", r);
-	    break;
-	case HTTP_RANGE_NOT_SATISFIABLE:
-	    ap_rputs("None of the range-specifier values in the Range\n"
-	             "request-header field overlap the current extent\n"
-	             "of the selected resource.\n", r);
-	    break;
-	case HTTP_EXPECTATION_FAILED:
-	    ap_rvputs(r, "The expectation given in the Expect request-header"
-	              "\nfield could not be met by this server.
\n"
-	              "The client sent
\n    Expect: ",
-	              ap_escape_html(r->pool, ap_table_get(r->headers_in,
-		      "Expect")), "\n
\n"
-	              "but we only allow the 100-continue expectation.\n",
-	              NULL);
-	    break;
-	case HTTP_UNPROCESSABLE_ENTITY:
-	    ap_rputs("The server understands the media type of the\n"
-	             "request entity, but was unable to process the\n"
-	             "contained instructions.\n", r);
-	    break;
-	case HTTP_LOCKED:
-	    ap_rputs("The requested resource is currently locked.\n"
-	             "The lock must be released or proper identification\n"
-	             "given before the method can be applied.\n", r);
-	    break;
-	case HTTP_FAILED_DEPENDENCY:
-	    ap_rputs("The method could not be performed on the resource\n"
-	             "because the requested action depended on another\n"
-	             "action and that other action failed.\n", r);
-	    break;
-	case HTTP_INSUFFICIENT_STORAGE:
-	    ap_rputs("The method could not be performed on the resource\n"
-	             "because the server is unable to store the\n"
-	             "representation needed to successfully complete the\n"
-	             "request.  There is insufficient free space left in\n"
-	             "your storage allocation.\n", r);
-	    break;
-	case HTTP_SERVICE_UNAVAILABLE:
-	    ap_rputs("The server is temporarily unable to service your\n"
-	             "request due to maintenance downtime or capacity\n"
-	             "problems. Please try again later.\n", r);
-	    break;
-	case HTTP_GATEWAY_TIME_OUT:
-	    ap_rputs("The proxy server did not receive a timely response\n"
-	             "from the upstream server.\n", r);
-	    break;
-	case HTTP_NOT_EXTENDED:
-	    ap_rputs("A mandatory extension policy in the request is not\n"
-	             "accepted by the server for this resource.\n", r);
-	    break;
-	default:            /* HTTP_INTERNAL_SERVER_ERROR */
-	    /*
-	     * This comparison to expose error-notes could be modified to
-	     * use a configuration directive and export based on that 
-	     * directive.  For now "*" is used to designate an error-notes
-	     * that is totally safe for any user to see (ie lacks paths,
-	     * database passwords, etc.)
-	     */
-	    if (((error_notes = ap_table_get(r->notes, "error-notes")) != NULL)
-		&& (h1 = ap_table_get(r->notes, "verbose-error-to")) != NULL
-		&& (strcmp(h1, "*") == 0)) {
-	        ap_rvputs(r, error_notes, "
\n", NULL);
-	    }
-	    else {
-	        ap_rvputs(r, "The server encountered an internal error or\n"
-	             "misconfiguration and was unable to complete\n"
-	             "your request.
\n"
-	             "Please contact the server administrator,\n ",
-	             ap_escape_html(r->pool, r->server->server_admin),
-	             " and inform them of the time the error occurred,\n"
-	             "and anything you might have done that may have\n"
-	             "caused the error.
\n"
-		     "More information about this error may be available\n"
-		     "in the server error log.
\n", NULL);
-	    }
-	 /*
-	  * It would be nice to give the user the information they need to
-	  * fix the problem directly since many users don't have access to
-	  * the error_log (think University sites) even though they can easily
-	  * get this error by misconfiguring an htaccess file.  However, the
-	  * error notes tend to include the real file pathname in this case,
-	  * which some people consider to be a breach of privacy.  Until we
-	  * can figure out a way to remove the pathname, leave this commented.
-	  *
-	  * if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) {
-	  *     ap_rvputs(r, error_notes, "
\n", NULL);
-	  * }
-	  */
-	    break;
-	}
-
-        if (recursive_error) {
-            ap_rvputs(r, "
Additionally, a ",
-                      status_lines[ap_index_of_response(recursive_error)],
-                      "\nerror was encountered while trying to use an "
-                      "ErrorDocument to handle the request.\n", NULL);
-        }
-        ap_rputs(ap_psignature("
\n", r), r);
-        ap_rputs("\n", r);
-    }
-    ap_kill_timeout(r);
-    ap_finalize_request_protocol(r);
-    ap_rflush(r);
-}
-
-/*
- * The shared hash context, copies of which are used by all children for
- * etag generation.  ap_init_etag() must be called once before all the
- * children are created.  We use a secret hash initialization value
- * so that people can't brute-force inode numbers.
- */
-static AP_SHA1_CTX baseCtx;
-
-int ap_create_etag_state(pool *pconf)
-{
-    u_int32_t rnd;
-    unsigned int u;
-    int fd;
-    char* filename;
-
-    filename = ap_server_root_relative(pconf, "logs/etag-state");
-    ap_server_strip_chroot(filename, 0);
-
-    if ((fd = open(filename, O_CREAT|O_WRONLY|O_TRUNC|O_NOFOLLOW, 0640)) ==
-      -1) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-          "could not create %s", filename);
-        exit(-1);
-    }
-
-    if (fchown(fd, -1, ap_group_id) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-          "could not chown %s", filename);
-        exit(-1);
-    }
-
-    /* generate random bytes and write them */
-    for (u = 0; u < 4; u++) {
-        rnd = arc4random();
-        if (write(fd, &rnd, sizeof(rnd)) == -1) {
-            ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-              "could not write to %s", filename);
-            exit(-1);
-        }
-    }
-
-    close (fd);
-    return (0);
-}
-
-int ap_read_etag_state(pool *pconf)
-{
-    struct stat st;
-    u_int32_t rnd;
-    unsigned int u;
-    int fd;
-    char* filename;
-
-    ap_SHA1Init(&baseCtx);
-
-    filename = ap_server_root_relative(pconf, "logs/etag-state");
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, NULL,
-      "Initializing etag from %s", filename);
-
-    ap_server_strip_chroot(filename, 0);
-
-    if ((fd = open(filename, O_RDONLY|O_NOFOLLOW, 0640)) == -1)
-	return (-1);
-
-    fchmod(fd, S_IRUSR|S_IWUSR|S_IRGRP);
-    fchown(fd, -1, ap_group_id);
-
-    if (fstat(fd, &st) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-          "could not fstat %s", filename);
-        exit(-1);
-    }
-
-    if (st.st_size != sizeof(rnd)*4) {
-	return (-1);
-    }
-
-    /* read 4 random 32-bit uints from file and update the hash context */
-    for (u = 0; u < 4; u++) {
-        if (read(fd, &rnd, sizeof(rnd)) != sizeof(rnd))
-            return (-1);
-
-        ap_SHA1Update_binary(&baseCtx, (const unsigned char *)&rnd,
-          sizeof(rnd));
-    }
-
-    if (close(fd) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-          "could not properly close %s", filename);
-        exit(-1);
-    }
-    return (0);
-}
-
-API_EXPORT(void) ap_init_etag(pool *pconf)
-{
-    if (ap_read_etag_state(pconf) == -1) {
-        ap_create_etag_state(pconf);
-        if (ap_read_etag_state(pconf) == -1) {
-            ap_log_error(APLOG_MARK, APLOG_CRIT, NULL,
-              "could not initialize etag state");
-            exit(-1);
-        }
-    }			
-}
-
-API_EXPORT(char *) ap_make_etag(request_rec *r, int force_weak)
-{
-    AP_SHA1_CTX hashCtx;
-    core_dir_config *cfg;
-    etag_components_t etag_bits;
-    int weak;
-    unsigned char md[SHA_DIGESTSIZE];
-    unsigned int i;
-    
-    memcpy(&hashCtx, &baseCtx, sizeof(hashCtx));
-    
-    cfg = (core_dir_config *)ap_get_module_config(r->per_dir_config,
-      &core_module);
-    etag_bits = (cfg->etag_bits & (~ cfg->etag_remove)) | cfg->etag_add;
-    if (etag_bits == ETAG_UNSET)
-        etag_bits = ETAG_BACKWARD;
-    
-    weak = ((r->request_time - r->mtime <= 1) || force_weak);
-    
-    if (r->finfo.st_mode != 0) {
-        if (etag_bits & ETAG_NONE) {
-            ap_table_setn(r->notes, "no-etag", "omit");
-            return "";
-        }
-        if (etag_bits & ETAG_INODE) {
-            ap_SHA1Update_binary(&hashCtx,
-              (const unsigned char *)&r->finfo.st_dev,
-              sizeof(r->finfo.st_dev));
-            ap_SHA1Update_binary(&hashCtx,
-              (const unsigned char *)&r->finfo.st_ino,
-              sizeof(r->finfo.st_ino));
-        }
-        if (etag_bits & ETAG_SIZE)
-            ap_SHA1Update_binary(&hashCtx,
-              (const unsigned char *)&r->finfo.st_size,
-              sizeof(r->finfo.st_size));
-        if (etag_bits & ETAG_MTIME)
-            ap_SHA1Update_binary(&hashCtx,
-              (const unsigned char *)&r->mtime,
-              sizeof(r->mtime));
-    }
-    else {
-        weak = 1;
-        ap_SHA1Update_binary(&hashCtx, (const unsigned char *)&r->mtime,
-          sizeof(r->mtime));
-    }
-    ap_SHA1Final(md, &hashCtx);
-    return ap_psprintf(r->pool, "%s\""
-      "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
-        "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x"
-        "\"", weak ? "W/" : "",
-      md[0], md[1], md[2], md[3], md[4], md[5], md[6], md[7],
-      md[8], md[9], md[10], md[11], md[12], md[13], md[14], md[15],
-      md[16], md[17], md[18], md[19]);
-}
diff --git a/usr.sbin/httpd/src/main/http_request.c b/usr.sbin/httpd/src/main/http_request.c
deleted file mode 100644
index 07f7c98e28b..00000000000
--- a/usr.sbin/httpd/src/main/http_request.c
+++ /dev/null
@@ -1,1384 +0,0 @@
-/*	$OpenBSD: http_request.c,v 1.16 2008/05/14 09:25:38 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_request.c: functions to get and process requests
- *
- * Rob McCool 3/21/93
- *
- * Thoroughly revamped by rst for Apache.  NB this file reads
- * best from the bottom up.
- *
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_conf_globals.h"		/* for ap_extended_status */
-#include "http_log.h"
-#include "http_main.h"
-#include "scoreboard.h"
-#include "fnmatch.h"
-
-/*****************************************************************
- *
- * Getting and checking directory configuration.  Also checks the
- * FollowSymlinks and FollowSymOwner stuff, since this is really the
- * only place that can happen (barring a new mid_dir_walk callout).
- *
- * We can't do it as an access_checker module function which gets
- * called with the final per_dir_config, since we could have a directory
- * with FollowSymLinks disabled, which contains a symlink to another
- * with a .htaccess file which turns FollowSymLinks back on --- and
- * access in such a case must be denied.  So, whatever it is that
- * checks FollowSymLinks needs to know the state of the options as
- * they change, all the way down.
- */
-
-/*
- * We don't want people able to serve up pipes, or unix sockets, or other
- * scary things.  Note that symlink tests are performed later.
- */
-static int
-check_safe_file(request_rec *r)
-{
-	if (r->finfo.st_mode == 0		 /* doesn't exist */
-	    || S_ISDIR(r->finfo.st_mode)
-	    || S_ISREG(r->finfo.st_mode)
-	    || S_ISLNK(r->finfo.st_mode))
-		return OK;
-
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-	    "object is not a file, directory or symlink: %s", r->filename);
-	return HTTP_FORBIDDEN;
-}
-
-
-static int
-check_symlinks(char *d, int opts)
-{
-	struct stat lfi, fi;
-	char *lastp;
-	int res;
-
-	if (opts & OPT_SYM_LINKS)
-		return OK;
-
-	/*
-	 * Strip trailing '/', if any, off what we're checking; trailing
-	 * slashes make some systems follow symlinks to directories even in
-	 * lstat(). After we've done the lstat, put it back.  Also, don't
-	 * bother checking '/' at all...
-	 * 
-	 * Note that we don't have to worry about multiple slashes here
-	 * because of no2slash() below...
-	 */
-
-	lastp = d + strlen(d) - 1;
-	if (lastp == d)
-		return OK;	/* Root directory, '/' */
-
-	if (*lastp == '/')
-		*lastp = '\0';
-	else
-		lastp = NULL;
-
-	res = lstat(d, &lfi);
-
-	if (lastp)
-		*lastp = '/';
-
-	/*
-	 * Note that we don't reject accesses to nonexistent files (multiviews
-	 * or the like may cons up a way to run the transaction anyway)...
-	 */
-
-	if (!(res >= 0) || !S_ISLNK(lfi.st_mode))
-		return OK;
-
-	/* OK, it's a symlink.  May still be OK with OPT_SYM_OWNER */
-	if (!(opts & OPT_SYM_OWNER))
-		return HTTP_FORBIDDEN;
-
-	if (stat(d, &fi) < 0)
-		return HTTP_FORBIDDEN;
-
-	return (fi.st_uid == lfi.st_uid) ? OK : HTTP_FORBIDDEN;
-
-}
-
-/* Dealing with the file system to get PATH_INFO */
-static int
-get_path_info(request_rec *r)
-{
-	char *cp;
-	char *path = r->filename;
-	char *end = &path[strlen(path)];
-	char *last_cp = NULL;
-	int rv;
-
-	if (r->finfo.st_mode)
-		/* assume path_info already set */
-		return OK;
-
-	/* Advance over trailing slashes ... NOT part of filename 
-	 * if file is not a UNC name (Win32 only).
-	 */
-	for (cp = end; cp > path && cp[-1] == '/'; --cp)
-		continue;
-
-	while (cp > path) {
-
-		/* See if the pathname ending here exists... */
-
-		*cp = '\0';
-
-		/* We must not stat() filenames that may cause os-specific
-		 * system problems, such as "/file/aux" on DOS-abused
-		 * filesystems. So pretend that they do not exist by returning
-		 * an ENOENT error. This will force us to drop that part of
-		 * the path and keep looking back for a "real" file that
-		 * exists, while still allowing the "invalid" path parts within
-		 * the PATH_INFO.
-		 */
-		if (!ap_os_is_filename_valid(path)) {
-			errno = ENOENT;
-			rv = -1;
-		} else {
-			errno = 0;
-			rv = stat(path, &r->finfo);
-		}
-
-		if (cp != end)
-			*cp = '/';
-
-		if (!rv) {
-
-			/*
-			 * Aha!  Found something.  If it was a
-			 * directory, we will search contents of
-			 * that directory for a multi_match, so the
-			 * PATH_INFO argument starts with the
-			 * component after that.
-			 */
-			if (S_ISDIR(r->finfo.st_mode) && last_cp) {
-				r->finfo.st_mode = 0;   /* No such file... */
-				cp = last_cp;
-			}
-
-			r->path_info = ap_pstrdup(r->pool, cp);
-			*cp = '\0';
-			return OK;
-		}
-		/* must set this to zero, some stat()s may have corrupted it
-		 * even if they returned an error.
-		 */
-		r->finfo.st_mode = 0;
-		if (errno == ENOENT || errno == ENOTDIR) {
-			last_cp = cp;
-
-			while (--cp > path && *cp != '/')
-				continue;
-
-			while (cp > path && cp[-1] == '/')
-				--cp;
-		} else {
-			if (errno == EACCES)
-				ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-				    "access to %s failed because search "
-				    "permissions are missing on a component "
-				    "of the path", r->uri);
-			else
-				ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-				    "access to %s failed", r->uri);
-			return HTTP_FORBIDDEN;
-		}
-	}
-	return OK;
-}
-
-static int
-directory_walk(request_rec *r)
-{
-	core_server_config *sconf =
-	    ap_get_module_config(r->server->module_config, &core_module);
-	void *per_dir_defaults = r->server->lookup_defaults;
-	void **sec = (void **)sconf->sec->elts;
-	int num_sec = sconf->sec->nelts;
-	char *test_filename;
-	char *test_dirname;
-	int res;
-	unsigned i, num_dirs;
-	int j, test_filename_len;
-
-	/*
-	 * Are we dealing with a file? If not, we can (hopefuly)
-	 * safely assume we have a handler that doesn't require one,
-	 * but for safety's sake, and so we have something find_types()
-	 * can get something out of, fake one. But don't run through
-	 * the directory entries.
-	 */
-
-	if (r->filename == NULL) {
-		r->filename = ap_pstrdup(r->pool, r->uri);
-		r->finfo.st_mode = 0;   /* Not really a file... */
-		r->per_dir_config = per_dir_defaults;
-
-		return OK;
-	}
-
-	/*
-	 * Go down the directory hierarchy.  Where we have to check
-	 * for symlinks, do so.  Where a .htaccess file has permission
-	 * to override anything, try to find one.  If either of these
-	 * things fails, we could poke around, see why, and adjust
-	 * the lookup_rec accordingly --- this might save us a call
-	 * to get_path_info (with the attendant stat()s); however,
-	 * for the moment, that's not worth the trouble.
-	 *
-	 * Fake filenames (i.e. proxy:) only match Directory sections.
-	 */
-	if (!ap_os_is_path_absolute(r->filename)) {
-		void *this_conf, *entry_config;
-		core_dir_config *entry_core;
-		char *entry_dir;
-
-		for (j = 0; j < num_sec; ++j) {
-
-			entry_config = sec[j];
-
-			entry_core = (core_dir_config *)
-			    ap_get_module_config(entry_config, &core_module);
-			entry_dir = entry_core->d;
-
-			this_conf = NULL;
-			if (entry_core->r) {
-				if (!ap_regexec(entry_core->r, r->filename, 0,
-				    NULL, 0))
-					this_conf = entry_config;
-
-			} else if (entry_core->d_is_fnmatch) {
-				if (!ap_fnmatch(entry_dir, r->filename, 0))
-					this_conf = entry_config;
-			} else if (!strncmp(r->filename, entry_dir,
-			    strlen(entry_dir)))
-				this_conf = entry_config;
-
-			if (this_conf)
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-				    per_dir_defaults, this_conf);
-		}
-
-		r->per_dir_config = per_dir_defaults;
-
-		return OK;
-	}
-
-	r->filename   = ap_os_case_canonical_filename(r->pool, r->filename);
-
-	res = get_path_info(r);
-	if (res != OK)
-		return res;
-
-	r->case_preserved_filename = r->filename;
-
-	r->filename   = ap_os_canonical_filename(r->pool, r->filename);
-
-	test_filename = ap_pstrdup(r->pool, r->filename);
-
-	ap_no2slash(test_filename);
-	num_dirs = ap_count_dirs(test_filename);
-
-	if (!ap_os_is_filename_valid(r->filename) &&
-	    !(r->method_number == M_OPTIONS && !strcmp(r->uri, "*"))) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "Filename is not valid: %s", r->filename);
-		return HTTP_FORBIDDEN;
-	}
-
-	if ((res = check_safe_file(r)))
-		return res;
-
-	test_filename_len = strlen(test_filename);
-	if (test_filename[test_filename_len - 1] == '/')
-		--num_dirs;
-
-	if (S_ISDIR(r->finfo.st_mode))
-		++num_dirs;
-
-	/*
-	 * We will use test_dirname as scratch space while we build directory
-	 * names during the walk.  Profiling shows directory_walk to be a busy
-	 * function so we try to avoid allocating lots of extra memory here.
-	 * We need 2 extra bytes, one for trailing \0 and one because
-	 * make_dirstr_prefix will add potentially one extra /.
-	 */
-	test_dirname = ap_palloc(r->pool, test_filename_len + 2);
-
-
-	/* Normal File Systems are rooted at / */
-	i = 1;
-
-	/* j keeps track of which section we're on, see
-	 * core_reorder_directories */
-	j = 0;
-	for (; i <= num_dirs; ++i) {
-		int overrides_here;
-		core_dir_config *core_dir = (core_dir_config *)
-		    ap_get_module_config(per_dir_defaults, &core_module);
-
-		/*
-		 * XXX: this could be made faster by only copying the next
-		 * component rather than copying the entire thing all over.
-		 */
-		ap_make_dirstr_prefix(test_dirname, test_filename, i);
-
-		/*
-		 * Do symlink checks first, because they are done with the
-		 * permissions appropriate to the *parent* directory...
-		 */
-
-		if ((res = check_symlinks(test_dirname, core_dir->opts))) {
-			ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "Symbolic link not allowed: %s", test_dirname);
-			return res;
-		}
-
-		/*
-		 * Begin *this* level by looking for matching  sections
-		 * from access.conf.
-		 */
-
-		for (; j < num_sec; ++j) {
-			void *entry_config = sec[j];
-			core_dir_config *entry_core;
-			char *entry_dir;
-			void *this_conf;
-
-			entry_core = (core_dir_config *)
-			    ap_get_module_config(entry_config, &core_module);
-			entry_dir = entry_core->d;
-
-			if (entry_core->r
-			    || !ap_os_is_path_absolute(entry_dir)
-			    || entry_core->d_components > i)
-				break;
-
-			this_conf = NULL;
-			if (entry_core->d_is_fnmatch) {
-				if (!ap_fnmatch(entry_dir, test_dirname,
-				    FNM_PATHNAME))
-					this_conf = entry_config;
-			} else if (!strcmp(test_dirname, entry_dir))
-				this_conf = entry_config;
-
-			if (this_conf) {
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-														 per_dir_defaults,
-														 this_conf);
-				core_dir = (core_dir_config *)
-				    ap_get_module_config(per_dir_defaults,
-				    &core_module);
-			}
-		}
-		overrides_here = core_dir->override;
-
-		/* If .htaccess files are enabled, check for one. */
-
-		if (overrides_here) {
-			void *htaccess_conf = NULL;
-
-			res = ap_parse_htaccess(&htaccess_conf, r,
-			    overrides_here, ap_pstrdup(r->pool, test_dirname),
-			    sconf->access_name);
-			if (res)
-				return res;
-
-			if (htaccess_conf) {
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-				    per_dir_defaults,
-															htaccess_conf);
-				r->per_dir_config = per_dir_defaults;
-			}
-		}
-	}
-
-	/*
-	 * There's two types of IS_SPECIAL sections (see http_core.c), and
-	 * we've already handled the proxy:-style stuff.  Now we'll deal with
-	 * the regexes.
-	 */
-	for (; j < num_sec; ++j) {
-		void *entry_config = sec[j];
-		core_dir_config *entry_core;
-
-		entry_core = (core_dir_config *)
-		    ap_get_module_config(entry_config, &core_module);
-
-		if (entry_core->r) {
-			if (!ap_regexec(entry_core->r, test_dirname, 0, NULL,
-			    REG_NOTEOL))
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-				    per_dir_defaults, entry_config);
-		}
-	}
-	r->per_dir_config = per_dir_defaults;
-
-	/*
-	 * Symlink permissions are determined by the parent.  If the request is
-	 * for a directory then applying the symlink test here would use the
-	 * permissions of the directory as opposed to its parent.  Consider a
-	 * symlink pointing to a dir with a .htaccess disallowing symlinks.  If
-	 * you access /symlink (or /symlink/) you would get a 403 without this
-	 * S_ISDIR test.  But if you accessed /symlink/index.html, for example,
-	 * you would *not* get the 403.
-	 */
-	if (!S_ISDIR(r->finfo.st_mode)
-	    && (res = check_symlinks(r->filename, ap_allow_options(r)))) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		     "Symbolic link not allowed: %s", r->filename);
-		return res;
-	}
-	return OK;  /* Can only "fail" if access denied by the
-		     * symlink goop. */
-}
-
-static int
-location_walk(request_rec *r)
-{
-	core_server_config *sconf =
-	     ap_get_module_config(r->server->module_config, &core_module);
-	void *per_dir_defaults = r->per_dir_config;
-	void **url = (void **) sconf->sec_url->elts;
-	int len, num_url = sconf->sec_url->nelts;
-	char *test_location;
-	void *this_conf, *entry_config;
-	core_dir_config *entry_core;
-	char *entry_url;
-	int j;
-
-	if (!num_url)
-		return OK;
-
-	/* Location and LocationMatch differ on their behaviour w.r.t. multiple
-	 * slashes.  Location matches multiple slashes with a single slash,
-	 * LocationMatch doesn't.  An exception, for backwards brokenness is
-	 * absoluteURIs... in which case neither match multiple slashes.
-	 */
-	if (r->uri[0] != '/')
-		test_location = r->uri;
-	else {
-		test_location = ap_pstrdup(r->pool, r->uri);
-		ap_no2slash(test_location);
-	}
-
-	/* Go through the location entries, and check for matches. */
-
-	/* we apply the directive sections in some order;
-	 * should really try them with the most general first.
-	 */
-	for (j = 0; j < num_url; ++j) {
-
-		entry_config = url[j];
-
-		entry_core = (core_dir_config *)
-		    ap_get_module_config(entry_config, &core_module);
-		entry_url = entry_core->d;
-
-		len = strlen(entry_url);
-
-		this_conf = NULL;
-
-		if (entry_core->r) {
-			if (!ap_regexec(entry_core->r, r->uri, 0, NULL, 0))
-				this_conf = entry_config;
-		} else if (entry_core->d_is_fnmatch) {
-			if (!ap_fnmatch(entry_url, test_location, FNM_PATHNAME))
-				this_conf = entry_config;
-		} else if (!strncmp(test_location, entry_url, len) &&
-		    (entry_url[len - 1] == '/' ||
-		    test_location[len] == '/' || test_location[len] == '\0'))
-			this_conf = entry_config;
-
-		if (this_conf)
-			per_dir_defaults = ap_merge_per_dir_configs(r->pool,
-			    per_dir_defaults, this_conf);
-	}
-	r->per_dir_config = per_dir_defaults;
-
-	return OK;
-}
-
-static int
-file_walk(request_rec *r)
-{
-	core_dir_config *conf =
-	    ap_get_module_config(r->per_dir_config, &core_module);
-	void *per_dir_defaults = r->per_dir_config;
-	void **file = (void **) conf->sec->elts;
-	int num_files = conf->sec->nelts;
-	char *test_file;
-
-	/* get the basename */
-	test_file = strrchr(r->filename, '/');
-	if (test_file == NULL)
-		test_file = r->filename;
-	else
-		++test_file;
-
-	/* Go through the file entries, and check for matches. */
-
-	if (num_files) {
-		void *this_conf, *entry_config;
-		core_dir_config *entry_core;
-		char *entry_file;
-		int j;
-
-		/* we apply the directive sections in some order;
-		 * should really try them with the most general first.
-		 */
-		for (j = 0; j < num_files; ++j) {
-
-			entry_config = file[j];
-
-			entry_core = (core_dir_config *)
-			     ap_get_module_config(entry_config, &core_module);
-			entry_file = entry_core->d;
-
-			this_conf = NULL;
-
-			if (entry_core->r) {
-				if (!ap_regexec(entry_core->r, test_file, 0,
-				    NULL, 0))
-					this_conf = entry_config;
-			} else if (entry_core->d_is_fnmatch) {
-				if (!ap_fnmatch(entry_file, test_file,
-				    FNM_PATHNAME))
-					this_conf = entry_config;
-			} else if (!strcmp(test_file, entry_file))
-				this_conf = entry_config;
-
-			if (this_conf)
-				per_dir_defaults =
-				    ap_merge_per_dir_configs(r->pool,
-				    per_dir_defaults, this_conf);
-		}
-		r->per_dir_config = per_dir_defaults;
-	}
-	return OK;
-}
-
-/*****************************************************************
- *
- * The sub_request mechanism.
- *
- * Fns to look up a relative URI from, e.g., a map file or SSI document.
- * These do all access checks, etc., but don't actually run the transaction
- * ... use run_sub_req below for that.  Also, be sure to use destroy_sub_req
- * as appropriate if you're likely to be creating more than a few of these.
- * (An early Apache version didn't destroy the sub_reqs used in directory
- * indexing.  The result, when indexing a directory with 800-odd files in
- * it, was massively excessive storage allocation).
- *
- * Note more manipulation of protocol-specific vars in the request
- * structure...
- */
-
-static request_rec *
-make_sub_request(const request_rec *r)
-{
-	pool *rrp = ap_make_sub_pool(r->pool);
-	request_rec *rr = ap_pcalloc(rrp, sizeof(request_rec));
-
-	rr->pool = rrp;
-	return rr;
-}
-
-API_EXPORT(request_rec *)
-ap_sub_req_method_uri(const char *method, const char *new_file,
-    const request_rec *r)
-{
-	request_rec *rnew;
-	int res;
-	char *udir;
-
-	rnew = make_sub_request(r);
-	rnew->hostname = r->hostname;
-	rnew->request_time = r->request_time;
-	rnew->connection = r->connection;
-	rnew->server = r->server;
-	rnew->request_config = ap_create_request_config(rnew->pool);
-	rnew->htaccess = r->htaccess;
-	rnew->per_dir_config = r->server->lookup_defaults;
-
-	ap_set_sub_req_protocol(rnew, r);
-
-	/* would be nicer to pass "method" to ap_set_sub_req_protocol */
-	rnew->method = method;
-	rnew->method_number = ap_method_number_of(method);
-
-	if (new_file[0] == '/')
-		ap_parse_uri(rnew, new_file);
-	else {
-		udir = ap_make_dirstr_parent(rnew->pool, r->uri);
-		udir = ap_escape_uri(rnew->pool, udir);	/* re-escape it */
-		ap_parse_uri(rnew,
-		    ap_make_full_path(rnew->pool, udir, new_file));
-	}
-
-	/* We cannot return NULL without violating the API. So just turn this
-	 * subrequest into a 500 to indicate the failure. */
-	if (ap_is_recursion_limit_exceeded(r)) {
-		rnew->status = HTTP_INTERNAL_SERVER_ERROR;
-		return rnew;
-	}
-
-	res = ap_unescape_url(rnew->uri);
-	if (res) {
-		rnew->status = res;
-		return rnew;
-	}
-
-	ap_getparents(rnew->uri);
-
-	if ((res = location_walk(rnew))) {
-		rnew->status = res;
-		return rnew;
-	}
-
-	res = ap_translate_name(rnew);
-	if (res) {
-		rnew->status = res;
-		return rnew;
-	}
-
-	/*
-	 * We could be clever at this point, and avoid calling directory_walk,
-	 * etc. However, we'd need to test that the old and new filenames
-	 * contain the same directory components, so it would require
-	 * duplicating the start of translate_name. Instead we rely on the
-	 * cache of .htaccess results.
-	 *
-	 * NB: directory_walk() clears the per_dir_config, so we don't inherit
-	 * from location_walk() above
-	 */
-	/* XXX: This should be display a we bit better... */
-	if ((res = directory_walk(rnew))
-	    || (res = file_walk(rnew))
-	    || (res = location_walk(rnew))
-	    || ((ap_satisfies(rnew) == SATISFY_ALL
-	    || ap_satisfies(rnew) == SATISFY_NOSPEC)
-		? ((res = ap_check_access(rnew))
-			   || (ap_some_auth_required(rnew)
-				   && ((res = ap_check_user_id(rnew))
-					   || (res = ap_check_auth(rnew)))))
-			: ((res = ap_check_access(rnew))
-			   && (!ap_some_auth_required(rnew)
-				   || ((res = ap_check_user_id(rnew))
-					   || (res = ap_check_auth(rnew)))))
-		   )
-		|| (res = ap_find_types(rnew))
-		|| (res = ap_run_fixups(rnew))
-	    ) {
-		rnew->status = res;
-	}
-	return rnew;
-}
-
-API_EXPORT(request_rec *)
-ap_sub_req_lookup_uri(const char *new_file, const request_rec *r)
-{
-	return ap_sub_req_method_uri("GET", new_file, r);
-}
-
-API_EXPORT(request_rec *)
-ap_sub_req_lookup_file(const char *new_file, const request_rec *r)
-{
-	request_rec *rnew;
-	int res;
-	char *fdir;
-
-	rnew = make_sub_request(r);
-	rnew->hostname = r->hostname;
-	rnew->request_time = r->request_time;
-	rnew->connection = r->connection;
-	rnew->server = r->server;
-	rnew->request_config = ap_create_request_config(rnew->pool);
-	rnew->htaccess = r->htaccess;
-
-	ap_set_sub_req_protocol(rnew, r);
-	fdir = ap_make_dirstr_parent(rnew->pool, r->filename);
-
-	/* We cannot return NULL without violating the API. So just turn this
-	 * subrequest into a 500. */
-	if (ap_is_recursion_limit_exceeded(r)) {
-		rnew->status = HTTP_INTERNAL_SERVER_ERROR;
-		return rnew;
-	}
-
-	/*
-	 * Check for a special case... if there are no '/' characters in
-	 * new_file at all, then we are looking at a relative lookup in the
-	 * same directory. That means we won't have to redo directory_walk,
-	 * and we may not even have to redo access checks.
-	 */
-
-	if (strchr(new_file, '/') == NULL) {
-		char *udir = ap_make_dirstr_parent(rnew->pool, r->uri);
-
-		rnew->uri = ap_make_full_path(rnew->pool, udir, new_file);
-		rnew->filename = ap_make_full_path(rnew->pool, fdir, new_file);
-		ap_parse_uri(rnew, rnew->uri);	/* fill in parsed_uri values */
-		if (stat(rnew->filename, &rnew->finfo) < 0) {
-			rnew->finfo.st_mode = 0;
-			/* Special case for filenames which exceed the maximum
-			 * limit imposed by the operating system (~1024). These
-			 * should NOT be treated like "file not found", because
-			 * there is a difference between "the file is not there"
-			 * and "the file exists, but you tried to access it
-			 * using a path which exceeds the path length limit".
-			 * The idea here is to handle DoS attacks with long
-			 * runs of //////'s in a graceful and secure manner.
-			 */
-			if (errno == ENAMETOOLONG) {
-				ap_log_rerror(APLOG_MARK, APLOG_CRIT, r,
-				    "Possible DoS attempt? Path=%s",
-				    r->filename);
-				rnew->status = HTTP_FORBIDDEN;
-				return rnew;
-			}
-		}
-
-		if ((res = check_safe_file(rnew))) {
-			rnew->status = res;
-			return rnew;
-		}
-
-		rnew->per_dir_config = r->per_dir_config;
-
-		/*
-		 * no matter what, if it's a subdirectory, we need to re-run
-		 * directory_walk
-		 */
-		if (S_ISDIR(rnew->finfo.st_mode)) {
-			res = directory_walk(rnew);
-			if (!res)
-				res = file_walk(rnew);
-		} else {
-			if ((res = check_symlinks(rnew->filename,
-			    ap_allow_options(rnew)))) {
-				ap_log_rerror(APLOG_MARK,
-				    APLOG_NOERRNO|APLOG_ERR, rnew,
-				    "Symbolic link not allowed: %s",
-				    rnew->filename);
-				rnew->status = res;
-				return rnew;
-			}
-			/*
-			 * do a file_walk, if it doesn't change the
-			 * per_dir_config then we know that we don't have to
-			 * redo all the access checks
-			 */
-			if ((res = file_walk(rnew))) {
-				rnew->status = res;
-				return rnew;
-			}
-			if (rnew->per_dir_config == r->per_dir_config) {
-				if ((res = ap_find_types(rnew))
-				    || (res = ap_run_fixups(rnew)))
-					rnew->status = res;
-				return rnew;
-			}
-		}
-	} else {
-		/* XXX: @@@: What should be done with the parsed_uri values? */
-		ap_parse_uri(rnew, new_file);	/* fill in parsed_uri values */
-		/*
-		 * XXX: this should be set properly like it is in the same-dir
-		 * case but it's actually sometimes to impossible to do it...
-		 * because the file may not have a uri associated with it -djg
-		 */
-		rnew->uri = "INTERNALLY GENERATED file-relative req";
-		rnew->filename = ((ap_os_is_path_absolute(new_file)) ?
-		    ap_pstrdup(rnew->pool, new_file) :
-		    ap_make_full_path(rnew->pool, fdir, new_file));
-		rnew->per_dir_config = r->server->lookup_defaults;
-		res = directory_walk(rnew);
-		if (!res)
-			res = file_walk(rnew);
-	}
-
-	/* XXX: horrid...*/
-	if (res
-		|| ((ap_satisfies(rnew) == SATISFY_ALL
-			 || ap_satisfies(rnew) == SATISFY_NOSPEC)
-			? ((res = ap_check_access(rnew))
-			   || (ap_some_auth_required(rnew)
-				   && ((res = ap_check_user_id(rnew))
-					   || (res = ap_check_auth(rnew)))))
-			: ((res = ap_check_access(rnew))
-			   && (!ap_some_auth_required(rnew)
-				   || ((res = ap_check_user_id(rnew))
-					   || (res = ap_check_auth(rnew)))))
-		   )
-		|| (res = ap_find_types(rnew))
-		|| (res = ap_run_fixups(rnew))
-	   ) {
-		rnew->status = res;
-	}
-	return rnew;
-}
-
-API_EXPORT(int)
-ap_run_sub_req(request_rec *r)
-{
-	int retval = ap_invoke_handler(r);
-	ap_finalize_sub_req_protocol(r);
-	return retval;
-}
-
-API_EXPORT(void)
-ap_destroy_sub_req(request_rec *r)
-{
-	/* Reclaim the space */
-	ap_destroy_pool(r->pool);
-}
-
-/*****************************************************************
- *
- * Mainline request processing...
- */
-
-API_EXPORT(void)
-ap_die(int type, request_rec *r)
-{
-	int error_index = ap_index_of_response(type);
-	char *custom_response = ap_response_code_string(r, error_index);
-	int recursive_error = 0;
-
-	if (type == DONE) {
-		ap_finalize_request_protocol(r);
-		return;
-	}
-
-	/*
-	 * The following takes care of Apache redirects to custom response URLs
-	 * Note that if we are already dealing with the response to some other
-	 * error condition, we just report on the original error, and give up on
-	 * any attempt to handle the other thing "intelligently"...
-	 */
-
-	if (r->status != HTTP_OK) {
-		recursive_error = type;
-
-		while (r->prev && (r->prev->status != HTTP_OK))
-			r = r->prev;	/* Get back to original error */
-
-		type = r->status;
-		custom_response = NULL; /* Do NOT retry the custom thing! */
-	}
-
-	r->status = type;
-
-	/*
-	 * This test is done here so that none of the auth modules needs to know
-	 * about proxy authentication.  They treat it like normal auth, and then
-	 * we tweak the status.
-	 */
-	if (r->status == AUTH_REQUIRED && r->proxyreq == STD_PROXY)
-		r->status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
-
-	/*
-	 * If we want to keep the connection, be sure that the request body
-	 * (if any) has been read.
-	 */
-	if ((r->status != HTTP_NOT_MODIFIED) && (r->status != HTTP_NO_CONTENT)
-	    && !ap_status_drops_connection(r->status)
-	    && r->connection && (r->connection->keepalive != -1))
-		(void)ap_discard_request_body(r);
-
-	/*
-	 * Two types of custom redirects --- plain text, and URLs. Plain text
-	 * has a leading '"', so the URL code, here, is triggered on its absence
-	 */
-
-	if (custom_response && custom_response[0] != '"') {
-
-		if (ap_is_url(custom_response)) {
-			/*
-			 * The URL isn't local, so lets drop through the rest
-			 * of this apache code, and continue with the usual
-			 * REDIRECT handler. But note that the client will
-			 * ultimately see the wrong status...
-			 *
-			 * Also, before updating r->status, we may need to
-			 * ensure that the connection is dropped.  For example,
-			 * there may be unread request body that would confuse
-			 * us if we try to read another request.
-			 */
-			if (ap_status_drops_connection(r->status))
-				r->connection->keepalive = -1;
-			r->status = REDIRECT;
-			ap_table_setn(r->headers_out, "Location",
-			    custom_response);
-		} else if (custom_response[0] == '/') {
-			const char *error_notes;
-			r->no_local_copy = 1;	/* Do NOT send USE_LOCAL_COPY
-						 * for error documents! */
-			/*
-			 * This redirect needs to be a GET no matter what the
-			 * original method was.
-			 */
-			ap_table_setn(r->subprocess_env, "REQUEST_METHOD",
-			    r->method);
-
-			/*
-			 * Provide a special method for modules to communicate
-			 * more informative (than the plain canned) messages to
-			 * us. Propagate them to ErrorDocuments via the
-			 * ERROR_NOTES variable:
-			 */
-			if ((error_notes = 
-			    ap_table_get(r->notes, "error-notes")) != NULL)
-				ap_table_setn(r->subprocess_env, "ERROR_NOTES",
-				    error_notes);
-
-			/* 
-			 * If it is already a GET or a HEAD, don't change it 
-			 * (method_number for GET and HEAD is the same) 
-			 */
-			if(r->method_number!=M_GET) { 
-				r->method = ap_pstrdup(r->pool, "GET");
-				r->method_number = M_GET;
-			}
-			ap_internal_redirect(custom_response, r);
-			return;
-		} else {
-			/*
-			 * Dumb user has given us a bad url to redirect to --- 
-			 * fake up dying with a recursive server error...
-			 */
-			recursive_error = SERVER_ERROR;
-			ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "Invalid error redirection directive: %s",
-			    custom_response);
-		}
-	}
-	ap_send_error_response(r, recursive_error);
-}
-
-static void
-decl_die(int status, char *phase, request_rec *r)
-{
-	if (status == DECLINED) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_CRIT, r,
-		    "configuration error:  couldn't %s: %s", phase, r->uri);
-		ap_die(SERVER_ERROR, r);
-	} else
-		ap_die(status, r);
-}
-
-API_EXPORT(int)
-ap_some_auth_required(request_rec *r)
-{
-	/* Is there a require line configured for the type of *this* req? */
-
-	const array_header *reqs_arr = ap_requires(r);
-	require_line *reqs;
-	int i;
-
-	if (!reqs_arr)
-		return 0;
-
-	reqs = (require_line *)reqs_arr->elts;
-
-	for (i = 0; i < reqs_arr->nelts; ++i)
-		if (reqs[i].method_mask & (1 << r->method_number))
-			return 1;
-
-	return 0;
-}
-
-static void
-process_request_internal(request_rec *r)
-{
-	int access_status;
-
-	/* Ignore embedded %2F's in path for proxy requests */
-	if (r->proxyreq == NOT_PROXY && r->parsed_uri.path) {
-		access_status = ap_unescape_url(r->parsed_uri.path);
-		if (access_status) {
-			ap_die(access_status, r);
-			return;
-		}
-	}
-
-	ap_getparents(r->uri);	 /* OK --- shrinking transformations... */
-
-	if ((access_status = location_walk(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = ap_translate_name(r))) {
-		decl_die(access_status, "translate", r);
-		return;
-	}
-
-	if (r->proxyreq == NOT_PROXY) {
-		/*
-		 * We don't want TRACE to run through the normal handler set, we
-		 * handle it specially.
-		 */
-		if (r->method_number == M_TRACE) {
-			if ((access_status = ap_send_http_trace(r)))
-				ap_die(access_status, r);
-			else
-				ap_finalize_request_protocol(r);
-			return;
-		}
-	}
-
-	if (r->proto_num > HTTP_VERSION(1,0) && ap_table_get(r->subprocess_env,
-	    "downgrade-1.0"))
-		r->proto_num = HTTP_VERSION(1,0);
-
-	/*
-	 * NB: directory_walk() clears the per_dir_config, so we don't inherit
-	 * from location_walk() above
-	 */
-
-	if ((access_status = directory_walk(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = file_walk(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = location_walk(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = ap_header_parse(r))) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	switch (ap_satisfies(r)) {
-	case SATISFY_ALL:
-	case SATISFY_NOSPEC:
-		if ((access_status = ap_check_access(r)) != 0) {
-			decl_die(access_status, "check access", r);
-			return;
-		}
-		if (ap_some_auth_required(r)) {
-			if (((access_status = ap_check_user_id(r)) != 0)
-			    || !ap_auth_type(r)) {
-				decl_die(access_status, ap_auth_type(r)
-				    ? "check user.  No user file?"
-				    : "perform authentication. AuthType not "
-				    "set!", r);
-				return;
-			}
-			if (((access_status = ap_check_auth(r)) != 0)
-			    || !ap_auth_type(r)) {
-				decl_die(access_status, ap_auth_type(r)
-				    ? "check access.  No groups file?"
-				    : "perform authentication. AuthType not "
-				    "set!", r);
-				return;
-			}
-		}
-		break;
-	case SATISFY_ANY:
-		if (((access_status = ap_check_access(r)) != 0)) {
-			if (!ap_some_auth_required(r)) {
-				decl_die(access_status, "check access", r);
-				return;
-			}
-			if (((access_status = ap_check_user_id(r)) != 0)
-			    || !ap_auth_type(r)) {
-				decl_die(access_status, ap_auth_type(r)
-				    ? "check user.  No user file?"
-				    : "perform authentication. AuthType not "
-				    "set!", r);
-				return;
-			}
-			if (((access_status = ap_check_auth(r)) != 0)
-			    || !ap_auth_type(r)) {
-				decl_die(access_status, ap_auth_type(r)
-				    ? "check access.  No groups file?"
-				    : "perform authentication. AuthType not "
-				    "set!", r);
-				return;
-			}
-		}
-		break;
-	}
-
-	if (! (r->proxyreq != NOT_PROXY
-	    && r->parsed_uri.scheme != NULL
-	    && strcmp(r->parsed_uri.scheme, "http") == 0) ) {
-		if ((access_status = ap_find_types(r)) != 0) {
-			decl_die(access_status, "find types", r);
-			return;
-		}
-	}
-
-	if ((access_status = ap_run_fixups(r)) != 0) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	if ((access_status = ap_invoke_handler(r)) != 0) {
-		ap_die(access_status, r);
-		return;
-	}
-
-	/* Take care of little things that need to happen when we're done */
-	ap_finalize_request_protocol(r);
-}
-
-API_EXPORT(void)
-ap_process_request(request_rec *r)
-{
-	int old_stat;
-
-	if (ap_extended_status)
-		ap_time_process_request(r->connection->child_num,
-		    START_PREQUEST);
-
-	process_request_internal(r);
-
-	old_stat = ap_update_child_status(r->connection->child_num,
-	    SERVER_BUSY_LOG, r);
-
-	/*
-	 * We want to flush the last packet if this isn't a pipelining
-	 * connection *before* we start into logging.  Suppose that the
-	 * logging causes a DNS lookup to occur, which may have a high
-	 * latency.  If we hold off on this packet, then it'll appear
-	 * like the link is stalled when really it's the application
-	 * that's stalled.
-	 */
-	ap_bhalfduplex(r->connection->client);
-	ap_log_transaction(r);
-
-	(void)ap_update_child_status(r->connection->child_num, old_stat, r);
-	if (ap_extended_status)
-		ap_time_process_request(r->connection->child_num,
-		    STOP_PREQUEST);
-}
-
-static table *
-rename_original_env(pool *p, table *t)
-{
-	array_header *env_arr = ap_table_elts(t);
-	table_entry *elts = (table_entry *)env_arr->elts;
-	table *new = ap_make_table(p, env_arr->nalloc);
-	int i;
-
-	for (i = 0; i < env_arr->nelts; ++i) {
-		if (!elts[i].key)
-			continue;
-		ap_table_setn(new, ap_pstrcat(p, "REDIRECT_", elts[i].key,
-		    NULL),  elts[i].val);
-	}
-
-	return new;
-}
-
-static request_rec *
-internal_internal_redirect(const char *new_uri, request_rec *r)
-{
-	int access_status;
-	request_rec *new;
-
-	if (ap_is_recursion_limit_exceeded(r)) {
-		ap_die(HTTP_INTERNAL_SERVER_ERROR, r);
-		return NULL;
-	}
-
-	new = (request_rec *)ap_pcalloc(r->pool, sizeof(request_rec));
-
-	new->connection = r->connection;
-	new->server = r->server;
-	new->pool = r->pool;
-
-	/*
-	 * A whole lot of this really ought to be shared with http_protocol.c...
-	 * another missing cleanup.  It's particularly inappropriate to be
-	 * setting header_only, etc., here.
-	 */
-
-	new->method = r->method;
-	new->method_number = r->method_number;
-	/* initialize context _BEFORE_ ap_parse_uri() call */
-	new->ctx = r->ctx;
-	ap_parse_uri(new, new_uri);
-	new->request_config = ap_create_request_config(r->pool);
-	new->per_dir_config = r->server->lookup_defaults;
-
-	new->prev = r;
-	r->next = new;
-
-	/* Inherit the rest of the protocol info... */
-
-	new->the_request = r->the_request;
-
-	new->allowed = r->allowed;
-
-	new->status = r->status;
-	new->assbackwards = r->assbackwards;
-	new->header_only = r->header_only;
-	new->protocol = r->protocol;
-	new->proto_num = r->proto_num;
-	new->hostname = r->hostname;
-	new->request_time = r->request_time;
-	new->main = r->main;
-
-	new->headers_in = r->headers_in;
-	new->headers_out = ap_make_table(r->pool, 12);
-	new->err_headers_out = r->err_headers_out;
-	new->subprocess_env = rename_original_env(r->pool, r->subprocess_env);
-	new->notes = ap_make_table(r->pool, 5);
-
-	new->htaccess = r->htaccess;
-	new->no_cache = r->no_cache;
-	new->expecting_100 = r->expecting_100;
-	new->no_local_copy = r->no_local_copy;
-	new->read_length = r->read_length;	 /* We can only read it once */
-	new->vlist_validator = r->vlist_validator;
-
-	ap_table_setn(new->subprocess_env, "REDIRECT_STATUS",
-		ap_psprintf(r->pool, "%d", r->status));
-
-	/*
-	 * XXX: hmm.  This is because mod_setenvif and mod_unique_id really need
-	 * to do their thing on internal redirects as well.  Perhaps this is a
-	 * misnamed function.
-	 */
-	if ((access_status = ap_run_post_read_request(new))) {
-		ap_die(access_status, new);
-		return NULL;
-	}
-
-	return new;
-}
-
-API_EXPORT(void)
-ap_internal_redirect(const char *new_uri, request_rec *r)
-{
-	request_rec *new = internal_internal_redirect(new_uri, r);
-
-	if (new)
-		process_request_internal(new);
-}
-
-/* This function is designed for things like actions or CGI scripts, when
- * using AddHandler, and you want to preserve the content type across
- * an internal redirect.
- */
-API_EXPORT(void)
-ap_internal_redirect_handler(const char *new_uri, request_rec *r)
-{
-	request_rec *new = internal_internal_redirect(new_uri, r);
-
-	if (new) {
-		if (r->handler)
-			new->content_type = r->content_type;
-		process_request_internal(new);
-	}
-}
-
-/*
- * Is it the initial main request, which we only get *once* per HTTP request?
- */
-API_EXPORT(int)
-ap_is_initial_req(request_rec *r)
-{
-	return
-	    (r->main == NULL)   /* otherwise, this is a sub-request */
-	    &&
-	    (r->prev == NULL);  /* otherwise, this is an internal redirect */
-}
-
-/*
- * Function to set the r->mtime field to the specified value if it's later
- * than what's already there.
- */
-API_EXPORT(time_t)
-ap_update_mtime(request_rec *r, time_t dependency_mtime)
-{
-	if (r->mtime < dependency_mtime)
-		r->mtime = dependency_mtime;
-	return r->mtime;
-}
diff --git a/usr.sbin/httpd/src/main/http_vhost.c b/usr.sbin/httpd/src/main/http_vhost.c
deleted file mode 100644
index c0434c496ef..00000000000
--- a/usr.sbin/httpd/src/main/http_vhost.c
+++ /dev/null
@@ -1,1228 +0,0 @@
-/*	$OpenBSD: http_vhost.c,v 1.11 2008/05/21 11:28:48 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_vhost.c: functions pertaining to virtual host addresses
- *		(configuration and run-time)
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_log.h"
-#include "http_vhost.h"
-#include "http_protocol.h"
-
-/*
- * After all the definitions there's an explanation of how it's all put
- * together.
- */
-
-/* meta-list of name-vhosts.  Each server_rec can be in possibly multiple
- * lists of name-vhosts.
- */
-typedef struct name_chain name_chain;
-struct name_chain {
-	name_chain	*next;
-	server_addr_rec	*sar;		/* the record causing it to be in
-					 * this chain (needed for port
-					 * comparisons)  */
-	server_rec	*server;	/* the server to use on a match */
-};
-
-/* meta-list of ip addresses.  Each server_rec can be in possibly multiple
- * hash chains since it can have multiple ips.
- */
-typedef struct ipaddr_chain ipaddr_chain;
-struct ipaddr_chain {
-	ipaddr_chain	*next;
-	server_addr_rec	*sar;		/* the record causing it to be in
-					 * this chain (need for both ip addr 
-					 * and port comparisons) */
-	server_rec	*server;	/* the server to use if this matches */
-	name_chain	*names;		/* if non-NULL then a list of
-					 * name-vhosts sharing this address */
-};
-
-/* This defines the size of the hash table used for hashing ip addresses
- * of virtual hosts.  It must be a power of two.
- */
-#ifndef IPHASH_TABLE_SIZE
-#define IPHASH_TABLE_SIZE 256
-#endif
-
-/* A (n) bucket hash table, each entry has a pointer to a server rec and
- * a pointer to the other entries in that bucket.  Each individual address,
- * even for virtualhosts with multiple addresses, has an entry in this hash
- * table.  There are extra buckets for _default_, and name-vhost entries.
- *
- * Note that after config time this is constant, so it is thread-safe.
- */
-static ipaddr_chain *iphash_table[IPHASH_TABLE_SIZE];
-
-/* dump out statistics about the hash function */
-/* #define IPHASH_STATISTICS */
-
-/* list of the _default_ servers */
-static ipaddr_chain *default_list;
-
-/* list of the NameVirtualHost addresses */
-static server_addr_rec *name_vhost_list;
-static server_addr_rec **name_vhost_list_tail;
-
-/*
- * How it's used:
- *
- * The ip address determines which chain in iphash_table is interesting, then
- * a comparison is done down that chain to find the first ipaddr_chain whose
- * sar matches the address:port pair.
- *
- * If that ipaddr_chain has names == NULL then you're done, it's an ip-vhost.
- *
- * Otherwise it's a name-vhost list, and the default is the server in the
- * ipaddr_chain record.  We tuck away the ipaddr_chain record in the
- * conn_rec field vhost_lookup_data.  Later on after the headers we get a
- * second chance, and we use the name_chain to figure out what name-vhost
- * matches the headers.
- *
- * If there was no ip address match in the iphash_table then do a lookup
- * in the default_list.
- *
- * How it's put together ... well you should be able to figure that out
- * from how it's used.  Or something like that.
- */
-
-
-/* called at the beginning of the config */
-API_EXPORT(void)
-ap_init_vhost_config(pool *p)
-{
-	memset(iphash_table, 0, sizeof(iphash_table));
-	default_list = NULL;
-	name_vhost_list = NULL;
-	name_vhost_list_tail = &name_vhost_list;
-}
-
-
-/*
- * Parses a host of the form 
[:port]
- * paddr is used to create a list in the order of input
- * **paddr is the ->next pointer of the last entry (or s->addrs)
- * *paddr is the variable used to keep track of **paddr between calls
- * port is the default port to assume
- */
-static const char *
-get_addresses(pool *p, char *w, char *pstr, server_addr_rec ***paddr,
-    unsigned port)
-{
-	struct addrinfo hints, *res, *res0;
-	server_addr_rec *sar;
-	char *t = NULL, *u = NULL, *v = NULL;
-	char *hoststr = NULL, *portstr = NULL;
-	char portpool[10];
-	int error;
-	char servbuf[NI_MAXSERV];
-
-	if (w == 0 || *w == 0)
-		return NULL;
-
-	portstr = portpool;
-	ap_snprintf(portpool, sizeof(portpool), "%u", port);
-	if (!pstr) {
-		v = w;
-		u = NULL;
-		if (*w == '['){
-			u = strrchr(w, ']');
-			if (u) {		/* [host]:port or [host] */
-				w++;
-				*u = '\0';
-				v = u + 1;
-			}
-		}
-		/*    w   uv     ,       w=v            , w=v  */  
-		/* u!=0: [host]:port , u==0: [host:port , host */
-		t = strchr(v, ':');
-		if (t != NULL && strchr(t+1, ':') == NULL) {
-			/* [host]:port-w/o-colons,
-			 * host-without-colons:port-w/o-colons
-			 */
-			*t = '\0';
-			portstr = t + 1;
-		} else
-			portstr = "0";
-	} else 
-		portstr = pstr;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	if (strcmp(w, "*") == 0 || strlen(w) == 0) {
-		hoststr = NULL;
-		hints.ai_family = ap_default_family; /* XXX was PF_UNSPEC */
-		hints.ai_flags = AI_PASSIVE;
-	} else if (strcasecmp(w, "_default4_") == 0 ||
-	    ((ap_default_family == PF_INET || ap_default_family == PF_UNSPEC)
-	    && strcasecmp(w, "_default_") == 0)) {
-		hoststr = "255.255.255.255";
-		hints.ai_family = PF_INET;
-	} else if (strcasecmp(w, "_default6_") == 0 ||
-	    ((ap_default_family == PF_INET6 || ap_default_family == PF_UNSPEC)
-	    && strcasecmp(w, "_default_") == 0)) {
-		hoststr = "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff";
-		hints.ai_family = PF_INET6;
-	} else {
-		hoststr = w;
-		hints.ai_family = ap_default_family; /* XXX was PF_UNSPEC */
-	}
-
-	error = getaddrinfo(hoststr, portstr, &hints, &res0);
-	if (error || !res0) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL,
-		    "Cannot resolve host %s port %s --- ignoring!", hoststr,
-		    portstr);
-		if (t != NULL)
-			*t = ':';
-		if (u != NULL)
-			*u = ']';
-		return NULL;
-	}
-	for (res=res0; res; res=res->ai_next) {
-		switch (res->ai_addr->sa_family) {
-		case AF_INET:
-		case AF_INET6:
-			break;
-		default:
-			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, NULL,
-			    "Unsupported address family %u, for host %s "
-			    "port %s --- ignoring!", res->ai_addr->sa_family,
-			    hoststr, portstr);
-			continue;
-		}
-		sar = ap_pcalloc(p, sizeof(server_addr_rec));
-		**paddr = sar;
-		*paddr = &sar->next;
-		memcpy(&sar->host_addr, res->ai_addr, res->ai_addrlen);
-		if (getnameinfo(res->ai_addr, res->ai_addrlen, NULL, 0,
-		    servbuf, sizeof(servbuf), NI_NUMERICSERV) == 0)
-			sar->host_port = atoi(servbuf);
-		else
-			sar->host_port = 0;
-		sar->virthost = ap_pstrdup(p, w);
-	}
-
-	freeaddrinfo(res0);
-	if (t != NULL)
-		*t = ':';
-	if (u != NULL)
-		*u = ']';
-	return NULL;
-}
-
-/* parse the  addresses */
-API_EXPORT(const char *)
-ap_parse_vhost_addrs(pool *p, const char *hostname, server_rec *s)
-{
-	server_addr_rec **addrs;
-	const char *err;
-
-	/* start the list of addreses */
-	addrs = &s->addrs;
-	while (hostname[0]) {
-		err = get_addresses(p, ap_getword_conf(p, &hostname), NULL,
-		    &addrs, s->port);
-		if (err) {
-			*addrs = NULL;
-			return err;
-		}
-	}
-	/* terminate the list */
-	*addrs = NULL;
-	if (s->addrs) {
-		if (s->addrs->host_port)
-			/* override the default port which is
-			 * inherited from main_server
-			 */
-			s->port = s->addrs->host_port;
-	}
-	return NULL;
-}
-
-
-API_EXPORT_NONSTD(const char *)
-ap_set_name_virtual_host (cmd_parms *cmd, void *dummy, char *h, char *p)
-{
-	/* use whatever port the main server has at this point */
-	return get_addresses(cmd->pool, h, p, &name_vhost_list_tail,
-	    cmd->server->port);
-}
-
-
-/* hash table statistics, keep this in here for the beta period so
- * we can find out if the hash function is ok
- */
-#ifdef IPHASH_STATISTICS
-static int
-iphash_compare(const void *a, const void *b)
-{
-	return (*(const int *)b - *(const int *)a);
-}
-
-
-static void
-dump_iphash_statistics(server_rec *main_s)
-{
-	unsigned count[IPHASH_TABLE_SIZE];
-	int i;
-	ipaddr_chain *src;
-	unsigned total;
-	char buf[HUGE_STRING_LEN];
-	char *p;
-
-	total = 0;
-	for (i = 0; i < IPHASH_TABLE_SIZE; ++i) {
-		count[i] = 0;
-		for (src = iphash_table[i]; src; src = src->next) {
-			++count[i];
-			if (i < IPHASH_TABLE_SIZE)
-				/* don't count the slop buckets in the total */
-				++total;
-		}
-	}
-	qsort(count, IPHASH_TABLE_SIZE, sizeof(count[0]), iphash_compare);
-	p = buf + ap_snprintf(buf, sizeof(buf),
-	    "iphash: total hashed = %u, avg chain = %u, "
-	    "chain lengths (count x len):",
-	    total, total / IPHASH_TABLE_SIZE);
-	total = 1;
-	for (i = 1; i < IPHASH_TABLE_SIZE; ++i) {
-		if (count[i - 1] != count[i]) {
-			p += ap_snprintf(p, sizeof(buf) - (p - buf), " %ux%u",
-			    total, count[i - 1]);
-			total = 1;
-		} else
-			++total;
-	}
-	p += ap_snprintf(p, sizeof(buf) - (p - buf), " %ux%u",
-					 total, count[IPHASH_TABLE_SIZE - 1]);
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, main_s, buf);
-}
-#endif
-
-
-/* This hashing function is designed to get good distribution in the cases
- * where the server is handling entire "networks" of servers.  i.e. a
- * whack of /24s.  This is probably the most common configuration for
- * ISPs with large virtual servers.
- *
- * NOTE: This function is symmetric (i.e. collapses all 4 octets
- * into one), so machine byte order (big/little endianness) does not matter.
- *
- * Hash function provided by David Hankins.
- */
-static ap_inline unsigned
-hash_inaddr(unsigned key)
-{
-	key ^= (key >> 16);
-	return ((key >> 8) ^ key) % IPHASH_TABLE_SIZE;
-}
-
-static unsigned
-hash_addr(struct sockaddr *sa)
-{
-	switch (sa->sa_family) {
-	case AF_INET:
-		return hash_inaddr(((struct sockaddr_in *)sa)->sin_addr.s_addr);
-	case AF_INET6:
-		return hash_inaddr(
-		    ((struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[12]);
-	default:
-		return hash_inaddr(sa->sa_family);
-	}
-}
-
-
-static ipaddr_chain *
-new_ipaddr_chain(pool *p, server_rec *s, server_addr_rec *sar)
-{
-	ipaddr_chain *new;
-
-	new = ap_palloc(p, sizeof(*new));
-	new->names = NULL;
-	new->server = s;
-	new->sar = sar;
-	new->next = NULL;
-	return new;
-}
-
-
-static name_chain *
-new_name_chain(pool *p, server_rec *s, server_addr_rec *sar)
-{
-	name_chain *new;
-
-	new = ap_palloc(p, sizeof(*new));
-	new->server = s;
-	new->sar = sar;
-	new->next = NULL;
-	return new;
-}
-
-static ap_inline ipaddr_chain *
-find_ipaddr(struct sockaddr *sa)
-{
-	unsigned bucket;
-	ipaddr_chain *trav;
-	char a[NI_MAXHOST], b[NI_MAXHOST];
-
-#ifdef CFGDEBUG
-	printf("looking for an %s address\n", sa->sa_family == AF_INET ?
-	    "IPv4" : "IPv6");
-#endif
-	/* scan the hash table for an exact match first */
-	bucket = hash_addr(sa);
-	for (trav = iphash_table[bucket]; trav; trav = trav->next) {
-		server_addr_rec *sar = trav->sar;
-		if (sar->host_addr.ss_family != sa->sa_family)
-			continue;
-		switch (sa->sa_family) {
-		case AF_INET:
-		{
-			struct sockaddr_in *sin1, *sin2;
-			sin1 = (struct sockaddr_in *)&sar->host_addr;
-			sin2 = (struct sockaddr_in *)sa;
-			if (sin1->sin_port == 0 || sin2->sin_port == 0
-			    || sin1->sin_port == sin2->sin_port) {
-				if (memcmp(&sin1->sin_addr, &sin2->sin_addr,
-				    sizeof(sin1->sin_addr)) == 0)
-					return trav;
-			}
-			break;
-		}
-		case AF_INET6:
-		{
-			struct sockaddr_in6 *sin1, *sin2;
-#ifdef CFGDEBUG
-			printf("comparing two IPv6 addresses\n");
-#endif
-			sin1 = (struct sockaddr_in6 *)&sar->host_addr;
-			sin2 = (struct sockaddr_in6 *)sa;
-			if (sin1->sin6_port == 0 || sin2->sin6_port == 0
-			    || sin1->sin6_port == sin2->sin6_port) {
-				if (memcmp(&sin1->sin6_addr, &sin2->sin6_addr,
-				    sizeof(sin1->sin6_addr)) == 0)
-					return trav;
-			}
-			break;
-		}
-		default: /*unsupported*/
-			break;
-		}
-	}
-#ifdef CFGDEBUG
-	printf("no matching address found\n");
-#endif
-	return NULL;
-}
-
-
-static ipaddr_chain *
-find_default_server(unsigned port)
-{
-	server_addr_rec *sar;
-	ipaddr_chain *trav;
-
-	for (trav = default_list; trav; trav = trav->next) {
-		sar = trav->sar;
-		if (sar->host_port == 0 || sar->host_port == port)
-			/* match! */
-			return trav;
-	}
-	return NULL;
-}
-
-static void
-dump_a_vhost(FILE *f, ipaddr_chain *ic)
-{
-	name_chain *nc;
-	int len;
-	char buf[MAX_STRING_LEN];
-
-	len = ap_snprintf(buf, sizeof(buf), "%pI", &ic->sar->host_addr);
-	if (ic->names == NULL) {
-		if (ic->server == NULL)
-			fprintf(f, "%-22s WARNING: No  defined "
-			    "for this NameVirtualHost!\n", buf);
-		else
-			fprintf(f, "%-22s %s (%s:%u)\n", buf,
-			    ic->server->server_hostname, ic->server->defn_name,
-			    ic->server->defn_line_number);
-		return;
-	}
-	fprintf(f, "%-22s is a NameVirtualHost\n"
-	    "%22s default server %s (%s:%u)\n", buf, "",
-	    ic->server->server_hostname, ic->server->defn_name,
-	    ic->server->defn_line_number);
-	for (nc = ic->names; nc; nc = nc->next) {
-		if (nc->sar->host_port)
-			fprintf(f, "%22s port %u ", "", nc->sar->host_port);
-		else
-			fprintf(f, "%22s port * ", "");
-		fprintf(f, "namevhost %s (%s:%u)\n",
-		    nc->server->server_hostname, nc->server->defn_name,
-		    nc->server->defn_line_number);
-	}
-}
-
-static void
-dump_vhost_config(FILE *f)
-{
-	ipaddr_chain *ic;
-	int i;
-
-	fprintf(f, "VirtualHost configuration:\n");
-	for (i = 0; i < IPHASH_TABLE_SIZE; ++i) {
-		for (ic = iphash_table[i]; ic; ic = ic->next)
-			dump_a_vhost(f, ic);
-	}
-	if (default_list) {
-		fprintf(f, "wildcard NameVirtualHosts and _default_ "
-		    "servers:\n");
-		for (ic = default_list; ic; ic = ic->next)
-			dump_a_vhost(f, ic);
-	}
-}
-
-/* Helper functions for ap_fini_vhost_config() */
-static int
-add_name_vhost_config(pool *p, server_rec *main_s, server_rec *s,
-    server_addr_rec *sar, ipaddr_chain *ic)
-{
-	/*
-	 * the first time we encounter a NameVirtualHost address
-	 * ic->server will be NULL, on subsequent encounters
-	 * ic->names will be non-NULL.
-	 */
-#ifdef CFGDEBUG
-	printf("add_name_vhost_config: ic: %p\n", ic);
-	printf("add_name_vhost_config: sar->virhost: %s, sar->host_port: %u\n",
-	    sar->virthost, sar->host_port);
-	printf("add_name_vhost_config: ic->names: %s, ic->server: %s\n",
-	    ic->names != NULL ? "set" : "null",
-	    ic->server != NULL ? "set" : "null");
-#endif
-	if (ic->names || ic->server == NULL) {
-		name_chain *nc = new_name_chain(p, s, sar);
-#ifdef CFGDEBUG
-		printf("new_name_chain returns %s\n", nc == NULL ? "null" :
-		    "non-null");
-#endif
-		nc->next = ic->names;
-		ic->names = nc;
-		ic->server = s;
-		if (sar->host_port != ic->sar->host_port) {
-			/* one of the two is a * port, the other isn't */
-			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
-			    main_s,
-			    "VirtualHost %s:%u -- mixing * ports and non-* "
-			    "ports with a NameVirtualHost address is not "
-			    "supported, proceeding with undefined results",
-			    sar->virthost, sar->host_port);
-		}
-		return 1;
-	} else 
-		/* IP-based vhosts are handled by the caller */
-		return 0;
-}
-
-static void
-remove_unused_name_vhosts(server_rec *main_s, ipaddr_chain **pic)
-{
-	while (*pic) {
-		ipaddr_chain *ic = *pic;
-		
-		if (ic->server == NULL) {
-			ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
-			    main_s, "NameVirtualHost %s:%u has no VirtualHosts",
-			    ic->sar->virthost, ic->sar->host_port);
-			*pic = ic->next;
-		} else if (ic->names == NULL)
-			/* if server != NULL and names == NULL then we're done
-			 * looking at NameVirtualHosts
-			 */
-			break;
-		else 
-			pic = &ic->next;
-	}
-}
-
-/* compile the tables and such we need to do the run-time vhost lookups */
-API_EXPORT(void)
-ap_fini_vhost_config(pool *p, server_rec *main_s)
-{
-	server_addr_rec *sar;
-	int has_default_vhost_addr;
-	server_rec *s;
-	int i;
-	ipaddr_chain **iphash_table_tail[IPHASH_TABLE_SIZE];
-
-	/* terminate the name_vhost list */
-	*name_vhost_list_tail = NULL;
-
-	/* Main host first */
-	s = main_s;
-
-	if (!s->server_hostname)
-		s->server_hostname = ap_get_local_host(p);
-
-	/* initialize the tails */
-	for (i = 0; i < IPHASH_TABLE_SIZE; ++i)
-		iphash_table_tail[i] = &iphash_table[i];
-
-	/* The first things to go into the hash table are the NameVirtualHosts
-	 * Since name_vhost_list is in the same order that the directives
-	 * occured in the config file, we'll copy it in that order.
-	 */
-	for (sar = name_vhost_list; sar; sar = sar->next) {
-		unsigned bucket = hash_addr((struct sockaddr *)&sar->host_addr);
-		ipaddr_chain *ic = new_ipaddr_chain(p, NULL, sar);
-		int wildcard;
-
-		wildcard = 0;
-		switch (sar->host_addr.ss_family) {
-		case AF_INET:
-		{
-			struct sockaddr_in *sin;
-			sin = (struct sockaddr_in *)&sar->host_addr;
-			if (sin->sin_addr.s_addr == INADDR_ANY)
-				wildcard++;
-			break;
-		}
-		case AF_INET6:
-		{
-			struct sockaddr_in6 *sin6;
-			sin6 = (struct sockaddr_in6 *)&sar->host_addr;
-			if (*(uint32_t *)&sin6->sin6_addr.s6_addr[0] == 0
-			    && *(uint32_t *)&sin6->sin6_addr.s6_addr[4] == 0
-			    && *(uint32_t *)&sin6->sin6_addr.s6_addr[8] == 0
-			    && *(uint32_t *)&sin6->sin6_addr.s6_addr[12] == 0)
-				wildcard++;
-			break;
-		}
-		}
-
-		if (!wildcard) {
-			*iphash_table_tail[bucket] = ic;
-			iphash_table_tail[bucket] = &ic->next;
-		} else {
-			/*
-			 * A wildcard NameVirtualHost goes on the default_list
-			 * so that it can catch incoming requests on any
-			 * address.
-			 */
-			ic->next = default_list;
-			default_list = ic;
-		}
-		/* Notice that what we've done is insert an ipaddr_chain with
-		 * both server and names NULL. This fact is used to spot name-
-		 * based vhosts in add_name_vhost_config().
-		 */
-	}
-
-	/* The next things to go into the hash table are the virtual hosts
-	 * themselves.  They're listed off of main_s->next in the reverse
-	 * order they occured in the config file, so we insert them at
-	 * the iphash_table_tail but don't advance the tail.
-	 */
-
-	for (s = main_s->next; s; s = s->next) {
-		has_default_vhost_addr = 0;
-		for (sar = s->addrs; sar; sar = sar->next) {
-			ipaddr_chain *ic;
-			int wildcard;
-
-			wildcard = 0;
-			switch (sar->host_addr.ss_family) {
-			case AF_INET:
-			{
-				struct sockaddr_in *sin;
-#ifdef CFGDEBUG
-				printf("adding an IPv4 vhost\n");
-#endif
-				sin = (struct sockaddr_in *)&sar->host_addr;
-				if (sin->sin_addr.s_addr == DEFAULT_VHOST_ADDR)
-					wildcard++;
-				else if (sin->sin_addr.s_addr == INADDR_ANY)
-					wildcard++;
-				break;
-			}
-			case AF_INET6:
-			{
-				struct sockaddr_in6 *sin6;
-#ifdef CFGDEBUG
-				printf("adding an IPv6 vhost\n");
-#endif
-				sin6 = (struct sockaddr_in6 *)&sar->host_addr;
-				if (*(uint32_t *)&sin6->sin6_addr.s6_addr[0]
-				    == ~0
-				    && *(uint32_t *)&sin6->sin6_addr.s6_addr[4]
-				    == ~0
-				    && *(uint32_t *)&sin6->sin6_addr.s6_addr[8]
-				    == ~0
-				    && *(uint32_t *)&sin6->sin6_addr.s6_addr[12]
-				    == ~0)
-					wildcard++;
-				break;
-			}
-			}
-
-			if (wildcard) {
-				/* add it to default bucket for each
-				 * appropriate sar since we need to do a port
-				 * test
-				 */
-				ipaddr_chain *other;
-
-				other = find_default_server(sar->host_port);
-				if (!other ||
-				    !add_name_vhost_config(p, main_s, s, sar,
-				    other)) {
-					if (other && other->sar->host_port != 0)
-						ap_log_error(APLOG_MARK,
-						    APLOG_NOERRNO|APLOG_WARNING,
-						    main_s,
-						    "_default_ VirtualHost "
-						    "overlap on port %u,"
-						    " the first has precedence",
-						    sar->host_port);
-					ic = new_ipaddr_chain(p, s, sar);
-					ic->next = default_list;
-					default_list = ic;
-				}
-				has_default_vhost_addr = 1;
-			} else {
-				/*
-				 * see if it matches something we've already
-				 * got
-				 */
-				ic = find_ipaddr(
-				    (struct sockaddr *)&sar->host_addr);
-
-				if (!ic) {
-					unsigned bucket =
-					    hash_addr(
-					    (struct sockaddr *)&sar->host_addr);
-
-					ic = new_ipaddr_chain(p, s, sar);
-					ic->next = *iphash_table_tail[bucket];
-					*iphash_table_tail[bucket] = ic;
-				} else if (!add_name_vhost_config(p, main_s, s,
-				    sar, ic)) {
-					ap_log_error(APLOG_MARK,
-					    APLOG_NOERRNO|APLOG_WARNING, main_s,
-					    "VirtualHost %s:%u overlaps with "
-					    "VirtualHost %s:%u, the first has "
-					    "precedence, perhaps you need a "
-					    "NameVirtualHost directive",
-					    sar->virthost, sar->host_port,
-					    ic->sar->virthost,
-					    ic->sar->host_port);
-					ic->sar = sar;
-					ic->server = s;
-				}
-			}
-		}
-
-		/*
-		 * Ok now we want to set up a server_hostname if the user was
-		 * silly enough to forget one.
-		 * XXX: This is silly we should just crash and burn.
-		 */
-		if (!s->server_hostname) {
-			if (has_default_vhost_addr)
-				s->server_hostname = main_s->server_hostname;
-			else if (!s->addrs) {
-				/* what else can we do?  at this point this
-				 * vhost has no configured name, probably
-				 * because they used DNS in the VirtualHost
-				 * statement.  It's disabled anyhow by the
-				 * host matching code.  -djg
-				 */
-				s->server_hostname =
-				    ap_pstrdup(p,
-				    "bogus_host_without_forward_dns");
-			} else {
-				struct hostent *h;
-				char hostnamebuf[MAXHOSTNAMELEN];
-
-				if (!getnameinfo(
-				    (struct sockaddr *)&s->addrs->host_addr,
-				    s->addrs->host_addr.ss_len,
-				    hostnamebuf, sizeof(hostnamebuf),
-				    NULL, 0, 0))
-					s->server_hostname =
-					    ap_pstrdup(p, hostnamebuf);
-				else {
-					/* again, what can we do?  They didn't
-					 * specify a ServerName, and their DNS
-					 * isn't working. -djg */
-					getnameinfo((struct sockaddr *)
-					    &s->addrs->host_addr,
-					    s->addrs->host_addr.ss_len,
-					    hostnamebuf,
-					    sizeof(hostnamebuf),
-					    NULL, 0, NI_NUMERICHOST);
-					ap_log_error(APLOG_MARK,
-					    APLOG_NOERRNO|APLOG_ERR, main_s,
-					    "Failed to resolve server name "
-					    "for %s (check DNS) -- or specify "
-					    "an explicit ServerName",
-					    hostnamebuf);
-					s->server_hostname =
-					    ap_pstrdup(p,
-					    "bogus_host_without_reverse_dns");
-				}
-			}
-		}
-	}
-
-	/*
-	 * now go through and delete any NameVirtualHosts that didn't have any
-	 * hosts associated with them.  Lamers.
-	 */
-	for (i = 0; i < IPHASH_TABLE_SIZE; ++i)
-		remove_unused_name_vhosts(main_s, &iphash_table[i]);
-	remove_unused_name_vhosts(main_s, &default_list);
-
-#ifdef IPHASH_STATISTICS
-	dump_iphash_statistics(main_s);
-#endif
-	if (ap_dump_settings)
-		dump_vhost_config(stderr);
-}
-
-
-/*****************************************************************************
- * run-time vhost matching functions
- */
-
-/* Lowercase and remove any trailing dot and/or :port from the hostname,
- * and check that it is sane.
- *
- * In most configurations the exact syntax of the hostname isn't
- * important so strict sanity checking isn't necessary. However, in
- * mass hosting setups (using mod_vhost_alias or mod_rewrite) where
- * the hostname is interpolated into the filename, we need to be sure
- * that the interpolation doesn't expose parts of the filesystem.
- * We don't do strict RFC 952 / RFC 1123 syntax checking in order
- * to support iDNS and people who erroneously use underscores.
- * Instead we just check for filesystem metacharacters: directory
- * separators / and \ and sequences of more than one dot.
- */
-static void
-fix_hostname(request_rec *r)
-{
-	char *host = ap_palloc(r->pool, strlen(r->hostname) + 1);
-	const char *src;
-	char *dst;
-	const char *u = NULL, *v = NULL;
-
-	/* check and copy the host part */
-	u = src = r->hostname;
-
-	dst = host;
-	if (*u == '[') { /* IPv6 numeral address in brackets */
-		v = strchr(u, ']');
-		if (v == NULL)
-			/* missing closing bracket */
-			goto bad;
-
-		if (v == (u + 1))
-			/* bad empty address */
-			goto bad;
-
-		for (src = u+1; src < v; src++)  /* copy IPv6 adress */
-			*dst = *src;
-		v++;
-		if (*v == ':') {
-			v++;
-			while (*v) {  /* check if portnum is correct */
-				if (!ap_isdigit(*v++))
-					goto bad;
-			}
-		}
-	} else {
-		while (*src) {
-			if (*src == '.') {
-				*dst++ = *src++;
-				if (*src == '.')
-					goto bad;
-				else
-					continue;
-			}
-			if (*src == '/' || *src == '\\')
-				goto bad;
-			if (*src == ':') {
-				/* sheck the port part */
-				while (*++src) {
-					if (!ap_isdigit(*src))
-						goto bad;
-				}
-				if (src[-1] == ':')
-					goto bad;
-				else
-					break;
-			}
-			*dst++ = *src++;
-		}
-	}
-	/* strip trailing gubbins */
-	if (dst > host && dst[-1] == '.')
-		dst[-1] = '\0';
-	else
-		dst[0] = '\0';
-
-	r->hostname = host;
-	return;
-
-bad:
-	r->status = HTTP_BAD_REQUEST;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-	    "Client sent malformed Host header <<%s>>",u);
-	return;
-}
-
-
-/* return 1 if host matches ServerName or ServerAliases */
-static int
-matches_aliases(server_rec *s, const char *host)
-{
-	int i;
-	array_header *names;
-
-	/* match ServerName */
-	if (!strcasecmp(host, s->server_hostname))
-		return 1;
-
-	/* search all the aliases from ServerAlias directive */
-	names = s->names;
-	if (names) {
-		char **name = (char **) names->elts;
-		for (i = 0; i < names->nelts; ++i) {
-			if(!name[i])
-				continue;
-			if (!strcasecmp(host, name[i]))
-				return 1;
-		}
-	}
-	names = s->wild_names;
-	if (names) {
-		char **name = (char **) names->elts;
-		for (i = 0; i < names->nelts; ++i) {
-			if(!name[i])
-				continue;
-			if (!ap_strcasecmp_match(host, name[i]))
-				return 1;
-		}
-	}
-	return 0;
-}
-
-
-/* Suppose a request came in on the same socket as this r, and included
- * a header "Host: host:port", would it map to r->server?  It's more
- * than just that though.  When we do the normal matches for each request
- * we don't even bother considering Host: etc on non-namevirtualhosts,
- * we just call it a match.  But here we require the host:port to match
- * the ServerName and/or ServerAliases.
- */
-API_EXPORT(int)
-ap_matches_request_vhost(request_rec *r, const char *host, unsigned port)
-{
-	server_rec *s;
-	server_addr_rec *sar;
-
-	s = r->server;
-
-	/* search all the  values */
-	/* XXX: If this is a NameVirtualHost then we may not be doing the
-	 * Right Thing, consider: 
-	 *
-	 *	 NameVirtualHost 10.1.1.1
-	 *	 
-	 *	 ServerName v1
-	 *	 
-	 *	 
-	 *	 ServerName v2
-	 *	 
-	 *
-	 * Suppose r->server is v2, and we're asked to match "10.1.1.1". 
-	 * We'll say "yup it's v2", when really it isn't... if a request
-	 * came in for 10.1.1.1 it would really go to v1.
-	 */
-	for (sar = s->addrs; sar; sar = sar->next)
-		if ((sar->host_port == 0 || port == sar->host_port)
-		    && !strcasecmp(host, sar->virthost))
-			return 1;
-
-	/* the Port has to match now, because the rest don't have ports
-	 * associated with them.
-	 */
-	if (port != s->port)
-		return 0;
-
-	return matches_aliases(s, host);
-}
-
-
-static void
-check_hostalias(request_rec *r)
-{
-	/*
-	 * Even if the request has a Host: header containing a port we ignore
-	 * that port.  We always use the physical port of the socket.  There
-	 * are a few reasons for this:
-	 *
-	 * - the default of 80 or 443 for SSL is easier to handle this way
-	 * - there is less of a possibility of a security problem
-	 * - it simplifies the data structure
-	 * - the client may have no idea that a proxy somewhere along the way
-	 *   translated the request to another ip:port
-	 * - except for the addresses from the VirtualHost line, none of the
-	 *   other names we'll match have ports associated with them
-	 */
-	const char *host = r->hostname;
-	unsigned port;
-	server_rec *s;
-	server_rec *last_s;
-	name_chain *src;
-
-	switch (r->connection->local_addr.ss_family) {
-	case AF_INET:
-		port = ntohs(((struct sockaddr_in *)
-		    &r->connection->local_addr)->sin_port);
-		break;
-	case AF_INET6:
-		port = ntohs(((struct sockaddr_in6 *)
-		    &r->connection->local_addr)->sin6_port);
-		break;
-	default:
-		port = 0;		/*XXX*/
-	}
-	last_s = NULL;
-
-	/* Recall that the name_chain is a list of server_addr_recs, some of
-	 * whose ports may not match.  Also each server may appear more than
-	 * once in the chain -- specifically, it will appear once for each
-	 * address from its VirtualHost line which matched.  We only want to
-	 * do the full ServerName/ServerAlias comparisons once for each
-	 * server, fortunately we know that all the VirtualHost addresses for
-	 * a single server are adjacent to each other.
-	 */
-
-	for (src = r->connection->vhost_lookup_data; src; src = src->next) {
-		server_addr_rec *sar;
-
-		/* We only consider addresses on the name_chain which have a
-		 * matching port
-		 */
-		sar = src->sar;
-		if (sar->host_port != 0 && port != sar->host_port)
-			continue;
-
-		s = src->server;
-
-		/* does it match the virthost from the sar? */
-		if (!strcasecmp(host, sar->virthost))
-			goto found;
-
-		if (s == last_s)
-			/* we've already done ServerName and ServerAlias checks
-			 * for this vhost
-			 */
-			continue;
-
-		last_s = s;
-
-		if (matches_aliases(s, host))
-			goto found;
-	}
-	return;
-
-found:
-	/* s is the first matching server, we're done */
-	r->server = r->connection->server = s;
-}
-
-
-static void
-check_serverpath(request_rec *r)
-{
-	server_rec *s;
-	server_rec *last_s;
-	name_chain *src;
-	unsigned port;
-
-	switch (r->connection->local_addr.ss_family) {
-	case AF_INET:
-		port = ntohs(((struct sockaddr_in *)
-		    &r->connection->local_addr)->sin_port);
-		break;
-	case AF_INET6:
-		port = ntohs(((struct sockaddr_in6 *)
-		    &r->connection->local_addr)->sin6_port);
-		break;
-	default:
-		port = 0;		/*XXX*/
-	}
-
-	/*
-	 * This is in conjunction with the ServerPath code in http_core, so we
-	 * get the right host attached to a non- Host-sending request.
-	 *
-	 * See the comment in check_hostalias about how each vhost can be
-	 * listed multiple times.
-	 */
-
-	last_s = NULL;
-	for (src = r->connection->vhost_lookup_data; src; src = src->next) {
-		/* We only consider addresses on the name_chain which have a
-		 * matching port
-		 */
-		if (src->sar->host_port != 0 && port != src->sar->host_port)
-			continue;
-
-		s = src->server;
-		if (s == last_s)
-			continue;
-		last_s = s;
-
-		if (s->path && !strncmp(r->uri, s->path, s->pathlen) &&
-		    (s->path[s->pathlen - 1] == '/' ||
-		    r->uri[s->pathlen] == '/' ||
-		    r->uri[s->pathlen] == '\0')) {
-			r->server = r->connection->server = s;
-			return;
-		}
-	}
-}
-
-
-API_EXPORT(void)
-ap_update_vhost_from_headers(request_rec *r)
-{
-	/* must set this for HTTP/1.1 support */
-	if (r->hostname ||
-	    (r->hostname = ap_table_get(r->headers_in, "Host"))) {
-		fix_hostname(r);
-		if (r->status != HTTP_OK)
-			return;
-	}
-	/* check if we tucked away a name_chain */
-	if (r->connection->vhost_lookup_data) {
-		if (r->hostname)
-			check_hostalias(r);
-		else
-			check_serverpath(r);
-	}
-}
-
-
-/* Called for a new connection which has a known local_addr.  Note that the
- * new connection is assumed to have conn->server == main server.
- */
-API_EXPORT(void)
-ap_update_vhost_given_ip(conn_rec *conn)
-{
-	ipaddr_chain *trav;
-	char portbuf[NI_MAXSERV];
-	unsigned port;
-
-	if (getnameinfo((struct sockaddr *)&conn->local_addr,
-	    conn->local_addr.ss_len,
-	    NULL, 0, portbuf, sizeof(portbuf), NI_NUMERICSERV) != 0)
-		goto fail;
-
-	port = atoi(portbuf);
-
-	/* scan the hash table for an exact match first */
-	trav = find_ipaddr((struct sockaddr *)&conn->local_addr);
-	if (trav) {
-		/* save the name_chain for later in case this is a name-vhost */
-		conn->vhost_lookup_data = trav->names;
-		conn->server = trav->server;
-		return;
-	}
-
-	/* maybe there's a default server or wildcard name-based vhost
-	 * matching this port
-	 */
-	trav = find_default_server(port);
-	if (trav) {
-		conn->vhost_lookup_data = trav->names;
-		conn->server = trav->server;
-		return;
-	}
-
-fail:
-	/* otherwise we're stuck with just the main server
-	 * and no name-based vhosts
-	 */
-	conn->vhost_lookup_data = NULL;
-}
diff --git a/usr.sbin/httpd/src/main/rfc1413.c b/usr.sbin/httpd/src/main/rfc1413.c
deleted file mode 100644
index 39c9fe38b6e..00000000000
--- a/usr.sbin/httpd/src/main/rfc1413.c
+++ /dev/null
@@ -1,271 +0,0 @@
-/*	$OpenBSD: rfc1413.c,v 1.14 2008/05/21 11:28:48 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * rfc1413() speaks a common subset of the RFC 1413, AUTH, TAP and IDENT
- * protocols. The code queries an RFC 1413 etc. compatible daemon on a remote
- * host to look up the owner of a connection. The information should not be
- * used for authentication purposes. This routine intercepts alarm signals.
- * 
- * Diagnostics are reported through syslog(3).
- * 
- * Author: Wietse Venema, Eindhoven University of Technology,
- * The Netherlands.
- */
-
-/* Some small additions for Apache --- ditch the "sccsid" var if
- * compiling with gcc (it *has* changed), include ap_config.h for the
- * prototypes it defines on at least one system (SunlOSs) which has
- * them missing from the standard header files, and one minor change
- * below (extra parens around assign "if (foo = bar) ..." to shut up
- * gcc -Wall).
- */
-
-/* Rewritten by David Robinson */
-
-#include "httpd.h"		/* for server_rec, conn_rec, ap_longjmp, etc. */
-#include "http_log.h"		/* for aplog_error */
-#include "rfc1413.h"
-#include "http_main.h"		/* set_callback_and_alarm */
-
-/* Local stuff. */
-/* Semi-well-known port */
-#define	RFC1413_PORT	113
-/* maximum allowed length of userid */
-#define RFC1413_USERLEN 512
-/* rough limit on the amount of data we accept. */
-#define RFC1413_MAXDATA 1000
-
-#ifndef RFC1413_TIMEOUT
-#define RFC1413_TIMEOUT	30
-#endif
-#define	ANY_PORT	0	/* Any old port will do */
-#define FROM_UNKNOWN  "unknown"
-
-int ap_rfc1413_timeout = RFC1413_TIMEOUT;	/* Global so it can be changed */
-
-#define RFC_USER_STATIC static
-static JMP_BUF timebuf;
-
-/* ident_timeout - handle timeouts */
-static void
-ident_timeout(int sig)
-{
-	ap_longjmp(timebuf, sig);
-}
-
-/* bind_connect - bind both ends of a socket */
-/* Ambarish fix this. Very broken */
-static int
-get_rfc1413(int sock, const struct sockaddr *our_sin,
-    const struct sockaddr *rmt_sin, char user[RFC1413_USERLEN+1],
-    server_rec *srv)
-{
-	struct sockaddr_storage rmt_query_sin, our_query_sin;
-	unsigned int o_rmt_port, o_our_port;	/* original port pair */
-	unsigned int rmt_port, our_port;	/* replied port pair */
-	int i;
-	char *cp;
-	char buffer[RFC1413_MAXDATA + 1];
-	int buflen;
-
-	/*
-	 * Bind the local and remote ends of the query socket to the same
-	 * IP addresses as the connection under investigation. We go
-	 * through all this trouble because the local or remote system
-	 * might have more than one network address. The RFC1413 etc.
-	 * client sends only port numbers; the server takes the IP
-	 * addresses from the query socket.
-	 */
-
-	memcpy(&our_query_sin, our_sin, our_sin->sa_len);
-	memcpy(&rmt_query_sin, rmt_sin, rmt_sin->sa_len);
-	switch (our_sin->sa_family) {
-	case AF_INET:
-		((struct sockaddr_in *)&our_query_sin)->sin_port =
-		    htons(ANY_PORT);
-		o_our_port = ntohs(((struct sockaddr_in *)our_sin)->sin_port);
-		((struct sockaddr_in *)&rmt_query_sin)->sin_port =
-		    htons(RFC1413_PORT);
-		o_rmt_port = ntohs(((struct sockaddr_in *)rmt_sin)->sin_port);
-		break;
-	case AF_INET6:
-		((struct sockaddr_in6 *)&our_query_sin)->sin6_port =
-		    htons(ANY_PORT);
-		o_our_port =
-		    ntohs(((struct sockaddr_in6 *)our_sin)->sin6_port);
-		((struct sockaddr_in6 *)&rmt_query_sin)->sin6_port =
-		    htons(RFC1413_PORT);
-		o_rmt_port =
-		    ntohs(((struct sockaddr_in6 *)rmt_sin)->sin6_port);
-		break;
-	default:
-		/* unsupported AF */
-		return -1;
-	}
-
-	if (bind(sock, (struct sockaddr *) &our_query_sin,
-	    our_query_sin.ss_len) < 0) {
-		ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
-		    "bind: rfc1413: Error binding to local port");
-		return -1;
-	}
-
-	/*
-	 * errors from connect usually imply the remote machine doesn't
-	 * support the service
-	 */
-	if (connect(sock, (struct sockaddr *) &rmt_query_sin,
-	    rmt_query_sin.ss_len) < 0)
-		return -1;
-
-	/* send the data */
-	buflen = ap_snprintf(buffer, sizeof(buffer), "%u,%u\r\n", o_rmt_port,
-	    o_our_port);
-
-	/* send query to server. Handle short write. */
-	i = 0;
-	while(i < (int)strlen(buffer)) {
-		int j;
-		j = write(sock, buffer+i, (strlen(buffer+i)));
-		if (j < 0 && errno != EINTR) {
-			ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
-			    "write: rfc1413: error sending request");
-			return -1;
-		} else if (j > 0)
-			i+=j; 
-	}
-
-	/*
-	 * Read response from server. - the response should be newline 
-	 * terminated according to rfc - make sure it doesn't stomp it's
-	 * way out of the buffer.
-	 */
-	i = 0;
-	memset(buffer, '\0', sizeof(buffer));
-	/*
-	 * Note that the strchr function below checks for \012 instead of '\n'
-	 * this allows it to work on both ASCII and EBCDIC machines.
-	 */
-	while((cp = strchr(buffer, '\012')) == NULL &&
-	    i < sizeof(buffer) - 1) {
-		int j;
-
-		j = read(sock, buffer+i, (sizeof(buffer) - 1) - i);
-		if (j < 0 && errno != EINTR) {
-			ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
-			    "read: rfc1413: error reading response");
-			return -1;
-		}
-		else if (j > 0)
-			i+=j; 
-	}
-
-	/* RFC1413_USERLEN = 512 */
-	if (sscanf(buffer, "%u , %u : USERID :%*[^:]:%512s", &rmt_port,
-	    &our_port, user) != 3 || o_rmt_port != rmt_port ||
-	    o_our_port != our_port)
-		return -1;
-
-	/*
-	* Strip trailing carriage return. It is part of the
-	* protocol, not part of the data.
-	*/
-	if ((cp = strchr(user, '\r')))
-		*cp = '\0';
-
-	return 0;
-}
-
-/* rfc1413 - return remote user name, given socket structures */
-API_EXPORT(char *)
-ap_rfc1413(conn_rec *conn, server_rec *srv)
-{
-	RFC_USER_STATIC char user[RFC1413_USERLEN + 1];	/* XXX */
-	RFC_USER_STATIC char *result;
-	RFC_USER_STATIC int sock;
-
-	result = FROM_UNKNOWN;
-
-	sock = ap_psocket_ex(conn->pool, conn->remote_addr.ss_family,
-	    SOCK_STREAM, IPPROTO_TCP, 1);
-	if (sock < 0) {
-		ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
-		    "socket: rfc1413: error creating socket");
-		conn->remote_logname = result;
-	}
-
-	/*
-	* Set up a timer so we won't get stuck while waiting for the server.
-	*/
-	if (ap_setjmp(timebuf) == 0) {
-		ap_set_callback_and_alarm(ident_timeout, ap_rfc1413_timeout);
-
-		if (get_rfc1413(sock, (struct sockaddr *)&conn->local_addr,
-		    (struct sockaddr *)&conn->remote_addr, user, srv) >= 0)
-			result = user;
-	}
-	ap_set_callback_and_alarm(NULL, 0);
-	ap_pclosesocket(conn->pool, sock);
-	conn->remote_logname = result;
-
-	return conn->remote_logname;
-}
-
diff --git a/usr.sbin/httpd/src/main/util.c b/usr.sbin/httpd/src/main/util.c
deleted file mode 100644
index 2b35e2dc271..00000000000
--- a/usr.sbin/httpd/src/main/util.c
+++ /dev/null
@@ -1,2224 +0,0 @@
-/*	$OpenBSD: util.c,v 1.28 2008/05/23 08:41:48 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * util.c: string utility things
- * 
- * 3/21/93 Rob McCool
- * 1995-96 Many changes by the Apache Group
- * 
- */
-
-/* 
- * Debugging aid:
- * #define DEBUG            to trace all cfg_open*()/cfg_closefile() calls
- * #define DEBUG_CFG_LINES  to trace every line read from the config files
- */
-
-#include "httpd.h"
-#include "http_conf_globals.h"	/* for user_id & group_id */
-#include "http_log.h"
-
-/* 
- * A bunch of functions in util.c scan strings looking for certain characters.
- * To make that more efficient we encode a lookup table.  The test_char_table
- * is generated automatically by gen_test_char.c.
- */
-#include "test_char.h"
-
-/*
- * we assume the folks using this ensure 0 <= c < 256... which means
- * you need a cast to (unsigned char) first, you can't just plug a
- * char in here and get it to work, because if char is signed then it
- * will first be sign extended.
- */
-#define TEST_CHAR(c, f)	(test_char_table[(unsigned)(c)] & (f))
-
-void
-ap_util_init(void)
-{
-	/* 
-	 * nothing to do... previously there was run-time initialization of
-	 * test_char_table here
-	 */
-}
-
-
-API_VAR_EXPORT const char ap_month_snames[12][4] =
-{
-	"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul",
-	    "Aug", "Sep", "Oct", "Nov", "Dec"
-};
-API_VAR_EXPORT const char ap_day_snames[7][4] =
-{
-    "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
-};
-
-API_EXPORT(char *)
-ap_get_time(void)
-{
-	time_t t;
-	char *time_string;
-
-	t = time(NULL);
-	time_string = ctime(&t);
-	time_string[strlen(time_string) - 1] = '\0';
-	return (time_string);
-}
-
-/*
- * Examine a field value (such as a media-/content-type) string and return
- * it sans any parameters; e.g., strip off any ';charset=foo' and the like.
- */
-API_EXPORT(char *)
-ap_field_noparam(pool *p, const char *intype)
-{
-	const char *semi;
-
-	if (intype == NULL) return NULL;
-
-	semi = strchr(intype, ';');
-	if (semi == NULL)
-		return ap_pstrdup(p, intype);
-	else {
-		while ((semi > intype) && ap_isspace(semi[-1]))
-			semi--;
-
-		return ap_pstrndup(p, intype, semi - intype);
-	}
-}
-
-API_EXPORT(char *)
-ap_ht_time(pool *p, time_t t, const char *fmt, int gmt)
-{
-	char ts[MAX_STRING_LEN];
-	char tf[MAX_STRING_LEN];
-	struct tm *tms;
-
-	tms = (gmt ? gmtime(&t) : localtime(&t));
-	if(gmt) {
-		/*
-		 * Convert %Z to "GMT" and %z to "+0000";
-		 * on hosts that do not have a time zone string in struct tm,
-		 * strftime must assume its argument is local time.
-		 */
-		const char *f;
-		char *strp;
-		for(strp = tf, f = fmt; strp < tf + sizeof(tf) - 6
-		    && (*strp = *f); f++, strp++) {
-			if (*f != '%')
-				continue;
-			switch (f[1]) {
-			case '%':
-				*++strp = *++f;
-				break;
-			case 'Z':
-				*strp++ = 'G';
-				*strp++ = 'M';
-				*strp = 'T';
-				f++;
-				break;
-			case 'z': /* common extension */
-				*strp++ = '+';
-				*strp++ = '0';
-				*strp++ = '0';
-				*strp++ = '0';
-				*strp = '0';
-				f++;
-				break;
-			}
-		}
-		*strp = '\0';
-		fmt = tf;
-	}
-
-	/* check return code? */
-	strftime(ts, MAX_STRING_LEN, fmt, tms);
-	ts[MAX_STRING_LEN - 1] = '\0';
-	return ap_pstrdup(p, ts);
-}
-
-API_EXPORT(char *)
-ap_gm_timestr_822(pool *p, time_t sec)
-{
-	struct tm *tms;
-
-	tms = gmtime(&sec);
-
-	/* RFC date format; as strftime '%a, %d %b %Y %T GMT' */
-	return ap_psprintf(p, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT",
-	    ap_day_snames[tms->tm_wday], tms->tm_mday,
-	    ap_month_snames[tms->tm_mon], tms->tm_year + 1900,
-	    tms->tm_hour, tms->tm_min, tms->tm_sec);
-}
-
-/* What a pain in the ass. */
-API_EXPORT(struct tm *)
-ap_get_gmtoff(int *tz)
-{
-	time_t tt = time(NULL);
-	struct tm *t;
-
-	t = localtime(&tt);
-	*tz = (int)(t->tm_gmtoff / 60);
-	return t;
-}
-
-/* Roy owes Rob beer. */
-/* Rob owes Roy dinner. */
-
-/*
- * These legacy comments would make a lot more sense if Roy hadn't
- * replaced the old later_than() routine with util_date.c.
- *
- * Well, okay, they still wouldn't make any sense.
- */
-
-/*
- * Match = 0, NoMatch = 1, Abort = -1
- * Based loosely on sections of wildmat.c by Rich Salz
- * Hmmm... shouldn't this really go component by component?
- */
-API_EXPORT(int)
-ap_strcmp_match(const char *str, const char *exp)
-{
-	int x, y;
-
-	for (x = 0, y = 0; exp[y]; ++y, ++x) {
-		if ((!str[x]) && (exp[y] != '*'))
-			return -1;
-		if (exp[y] == '*') {
-			while (exp[++y] == '*');
-				if (!exp[y])
-					return 0;
-			while (str[x]) {
-				int ret;
-				if ((ret = ap_strcmp_match(&str[x++],
-				    &exp[y])) != 1)
-					return ret;
-			}
-			return -1;
-		} else if ((exp[y] != '?') && (str[x] != exp[y]))
-			return 1;
-	}
-	return (str[x] != '\0');
-}
-
-API_EXPORT(int)
-ap_strcasecmp_match(const char *str, const char *exp)
-{
-	int x, y;
-
-	for (x = 0, y = 0; exp[y]; ++y, ++x) {
-		if ((!str[x]) && (exp[y] != '*'))
-			return -1;
-		if (exp[y] == '*') {
-			while (exp[++y] == '*');
-				if (!exp[y])
-					return 0;
-			while (str[x]) {
-				int ret;
-				if ((ret = ap_strcasecmp_match(&str[x++],
-				    &exp[y])) != 1)
-					return ret;
-			}
-			return -1;
-		} else if ((exp[y] != '?') &&
-		    (ap_tolower(str[x]) != ap_tolower(exp[y])))
-			return 1;
-	}
-	return (str[x] != '\0');
-}
-
-API_EXPORT(int)
-ap_is_matchexp(const char *str)
-{
-	int x;
-
-	for (x = 0; str[x]; x++)
-		if ((str[x] == '*') || (str[x] == '?'))
-			return 1;
-	return 0;
-}
-
-/*
- * Similar to standard strstr() but we ignore case in this version.
- * Based on the strstr() implementation further below.
- */
-API_EXPORT(char *)
-ap_strcasestr(const char *s1, const char *s2)
-{
-	char *p1, *p2;
-	if (*s2 == '\0') {
-		/* an empty s2 */
-		return((char *)s1);
-	}
-	while(1) {
-		for ( ; (*s1 != '\0') && (ap_tolower(*s1) != ap_tolower(*s2));
-		    s1++);
-		if (*s1 == '\0')
-			return(NULL);
-		/* found first character of s2, see if the rest matches */
-		p1 = (char *)s1;
-		p2 = (char *)s2;
-		while (ap_tolower(*++p1) == ap_tolower(*++p2)) {
-			if (*p1 == '\0')
-				/* both strings ended together */
-				return((char *)s1);
-		}
-		if (*p2 == '\0')
-			/* second string ended, a match */
-			break;
-
-		/*
-		 * didn't find a match here, try starting at next character
-		 * in s1
-		 */
-		s1++;
-	}
-	return((char *)s1);
-}
-
-/*
- * Returns an offsetted pointer in bigstring immediately after
- * prefix. Returns bigstring if bigstring doesn't start with
- * prefix or if prefix is longer than bigstring while still matching.
- * NOTE: pointer returned is relative to bigstring, so we
- * can use standard pointer comparisons in the calling function
- * (eg: test if ap_stripprefix(a,b) == a)
- */
-API_EXPORT(char *)
-ap_stripprefix(const char *bigstring, const char *prefix)
-{
-	char *p1;
-	if (*prefix == '\0')
-		return( (char *)bigstring);
-
-	p1 = (char *)bigstring;
-	while(*p1 && *prefix)
-		if (*p1++ != *prefix++)
-			return( (char *)bigstring);
-
-	if (*prefix == '\0')
-		return(p1);
-	else /* hit the end of bigstring! */
-		return((char *)bigstring);
-}
-
-/* 
- * Apache stub function for the regex libraries regexec() to make sure the
- * whole regex(3) API is available through the Apache (exported) namespace.
- * This is especially important for the DSO situations of modules.
- * DO NOT MAKE A MACRO OUT OF THIS FUNCTION!
- */
-API_EXPORT(int)
-ap_regexec(const regex_t *preg, const char *string, size_t nmatch,
-    regmatch_t pmatch[], int eflags)
-{
-	return regexec(preg, string, nmatch, pmatch, eflags);
-}
-
-API_EXPORT(size_t)
-ap_regerror(int errcode, const regex_t *preg, char *errbuf, size_t errbuf_size)
-{
-	return regerror(errcode, preg, errbuf, errbuf_size);
-}
-
-
-/*
- * This function substitutes for $0-$9, filling in regular expression
- * submatches. Pass it the same nmatch and pmatch arguments that you
- * passed ap_regexec(). pmatch should not be greater than the maximum number
- * of subexpressions - i.e. one more than the re_nsub member of regex_t.
- *
- * input should be the string with the $-expressions, source should be the
- * string that was matched against.
- *
- * It returns the substituted string, or NULL on error.
- *
- * Parts of this code are based on Henry Spencer's regsub(), from his
- * AT&T V8 regexp package.
- */
-API_EXPORT(char *)
-ap_pregsub(pool *p, const char *input, const char *source, size_t nmatch,
-regmatch_t pmatch[])
-{
-	const char *src = input;
-	char *dest, *dst;
-	char c;
-	size_t no;
-	int len;
-
-	if (!source)
-	return NULL;
-	if (!nmatch)
-	return ap_pstrdup(p, src);
-
-	/* First pass, find the size */
-
-	len = 0;
-
-	while ((c = *src++) != '\0') {
-		if (c == '&')
-			no = 0;
-		else if (c == '$' && ap_isdigit(*src))
-			no = *src++ - '0';
-		else
-			no = 10;
-
-		if (no > 9) {		/* Ordinary character. */
-			if (c == '\\' && (*src == '$' || *src == '&'))
-				c = *src++;
-			len++;
-		} else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo)
-			len += pmatch[no].rm_eo - pmatch[no].rm_so;
-	}
-
-	dest = dst = ap_pcalloc(p, len + 1);
-
-	/* Now actually fill in the string */
-	src = input;
-
-	while ((c = *src++) != '\0') {
-		if (c == '&')
-			no = 0;
-		else if (c == '$' && ap_isdigit(*src))
-			no = *src++ - '0';
-		else
-			no = 10;
-
-		if (no > 9) {		/* Ordinary character. */
-			if (c == '\\' && (*src == '$' || *src == '&'))
-				c = *src++;
-			*dst++ = c;
-		} else if (no < nmatch && pmatch[no].rm_so <
-		    pmatch[no].rm_eo) {
-			len = pmatch[no].rm_eo - pmatch[no].rm_so;
-			memcpy(dst, source + pmatch[no].rm_so, len);
-			dst += len;
-		}
-	}
-	*dst = '\0';
-
-	return dest;
-}
-
-/* Parse .. so we don't compromise security */
-API_EXPORT(void)
-ap_getparents(char *name)
-{
-	int l, w;
-
-	/* Four passes, as per RFC 1808 */
-	/* a) remove ./ path segments */
-
-	for (l = 0, w = 0; name[l] != '\0';) {
-		if (name[l] == '.' && name[l + 1] == '/' &&
-		    (l == 0 || name[l - 1] == '/'))
-			l += 2;
-		else
-			name[w++] = name[l++];
-	}
-
-	/* b) remove trailing . path, segment */
-	if (w == 1 && name[0] == '.')
-		w--;
-	else if (w > 1 && name[w - 1] == '.' && name[w - 2] == '/')
-		w--;
-	name[w] = '\0';
-
-	/* c) remove all xx/../ segments. (including leading ../ and /../) */
-	l = 0;
-
-	while (name[l] != '\0') {
-		if (name[l] == '.' && name[l + 1] == '.' && name[l + 2] == '/'
-		    && (l == 0 || name[l - 1] == '/')) {
-			int m = l + 3, n;
-
-			l = l - 2;
-			if (l >= 0) {
-				while (l >= 0 && name[l] != '/')
-					l--;
-				l++;
-			} else
-				l = 0;
-			n = l;
-			while ((name[n] = name[m]))
-				(++n, ++m);
-		} else
-			++l;
-	}
-
-	/* d) remove trailing xx/.. segment. */
-	if (l == 2 && name[0] == '.' && name[1] == '.')
-		name[0] = '\0';
-	else if (l > 2 && name[l - 1] == '.' && name[l - 2] == '.'
-	    && name[l - 3] == '/') {
-		l = l - 4;
-		if (l >= 0) {
-			while (l >= 0 && name[l] != '/')
-				l--;
-			l++;
-		} else
-			l = 0;
-		name[l] = '\0';
-	}
-}
-
-API_EXPORT(void)
-ap_no2slash(char *name)
-{
-	char *d, *s;
-
-	s = d = name;
-
-	while (*s) {
-		if ((*d++ = *s) == '/') {
-			do {
-				++s;
-			} while (*s == '/');
-		} else
-			++s;
-	}
-	*d = '\0';
-}
-
-
-/*
- * copy at most n leading directories of s into d
- * d should be at least as large as s plus 1 extra byte
- * assumes n > 0
- * the return value is the ever useful pointer to the trailing \0 of d
- *
- * examples:
- *    /a/b, 1  ==> /
- *    /a/b, 2  ==> /a/
- *    /a/b, 3  ==> /a/b/
- *    /a/b, 4  ==> /a/b/
- *
- * MODIFIED FOR HAVE_DRIVE_LETTERS and NETWARE environments, 
- * so that if n == 0, "/" is returned in d with n == 1 
- * and s == "e:/test.html", "e:/" is returned in d
- * *** See also directory_walk in src/main/http_request.c
- */
-API_EXPORT(char *)
-ap_make_dirstr_prefix(char *d, const char *s, int n)
-{
-	for (;;) {
-		*d = *s;
-		if (*d == '\0') {
-			*d = '/';
-			break;
-		}
-		if (*d == '/' && (--n) == 0)
-			break;
-		++d;
-		++s;
-	}
-	*++d = 0;
-	return (d);
-}
-
-
-/* return the parent directory name including trailing / of the file s */
-API_EXPORT(char *)
-ap_make_dirstr_parent(pool *p, const char *s)
-{
-	char *last_slash = strrchr(s, '/');
-	char *d;
-	int l;
-
-	if (last_slash == NULL) {
-		/* XXX: well this is really broken if this happens */
-		return (ap_pstrdup(p, "/"));
-	}
-	l = (last_slash - s) + 1;
-	d = ap_palloc(p, l + 1);
-	memcpy(d, s, l);
-	d[l] = 0;
-	return (d);
-}
-
-
-/*
- * This function is deprecated.  Use one of the preceding two functions
- * which are faster.
- */
-API_EXPORT(char *)
-ap_make_dirstr(pool *p, const char *s, int n)
-{
-	int x, f;
-	char *res;
-
-	for (x = 0, f = 0; s[x]; x++) {
-		if (s[x] == '/')
-			if ((++f) == n) {
-				res = ap_palloc(p, x + 2);
-				memcpy(res, s, x);
-				res[x] = '/';
-				res[x + 1] = '\0';
-				return res;
-			}
-	}
-
-	if (s[strlen(s) - 1] == '/')
-		return ap_pstrdup(p, s);
-	else
-		return ap_pstrcat(p, s, "/", NULL);
-}
-
-API_EXPORT(int)
-ap_count_dirs(const char *path)
-{
-	int x, n;
-
-	for (x = 0, n = 0; path[x]; x++)
-		if (path[x] == '/')
-			n++;
-	return n;
-}
-
-
-API_EXPORT(void)
-ap_chdir_file(const char *file)
-{
-	const char *x;
-	char buf[HUGE_STRING_LEN];
-
-	x = strrchr(file, '/');
-	if (x == NULL)
-		chdir(file);
-	else if (x - file < sizeof(buf) - 1) {
-		memcpy(buf, file, x - file);
-		buf[x - file] = '\0';
-		chdir(buf);
-	}
-	/*
-	 * XXX: well, this is a silly function, no method of reporting an
-	 * error... ah well.
-	 */
-}
-
-API_EXPORT(char *)
-ap_getword_nc(pool *atrans, char **line, char stop)
-{
-	return ap_getword(atrans, (const char **)line, stop);
-}
-
-API_EXPORT(char *)
-ap_getword(pool *atrans, const char **line, char stop)
-{
-	char *pos = strchr(*line, stop);
-	char *res;
-
-	if (!pos) {
-		res = ap_pstrdup(atrans, *line);
-		*line += strlen(*line);
-		return res;
-	}
-
-	res = ap_pstrndup(atrans, *line, pos - *line);
-
-	while (*pos == stop)
-		++pos;
-
-	*line = pos;
-
-	return res;
-}
-
-API_EXPORT(char *)
-ap_getword_white_nc(pool *atrans, char **line)
-{
-	return ap_getword_white(atrans, (const char **)line);
-}
-
-API_EXPORT(char *)
-ap_getword_white(pool *atrans, const char **line)
-{
-	int pos = -1, x;
-	char *res;
-
-	for (x = 0; (*line)[x]; x++) {
-		if (ap_isspace((*line)[x])) {
-			pos = x;
-			break;
-		}
-	}
-
-	if (pos == -1) {
-		res = ap_pstrdup(atrans, *line);
-		*line += strlen(*line);
-		return res;
-	}
-
-	res = ap_palloc(atrans, pos + 1);
-	ap_cpystrn(res, *line, pos + 1);
-
-	while (ap_isspace((*line)[pos]))
-		++pos;
-
-	*line += pos;
-
-	return res;
-}
-
-API_EXPORT(char *)
-ap_getword_nulls_nc(pool *atrans, char **line, char stop)
-{
-	return ap_getword_nulls(atrans, (const char **)line, stop);
-}
-
-API_EXPORT(char *)
-ap_getword_nulls(pool *atrans, const char **line, char stop)
-{
-	char *pos = strchr(*line, stop);
-	char *res;
-
-	if (!pos) {
-		res = ap_pstrdup(atrans, *line);
-		*line += strlen(*line);
-		return res;
-	}
-
-	res = ap_pstrndup(atrans, *line, pos - *line);
-
-	++pos;
-
-	*line = pos;
-
-	return res;
-}
-
-/*
- * Get a word, (new) config-file style --- quoted strings and backslashes
- * all honored
- */
-static char
-*substring_conf(pool *p, const char *start, int len, char quote)
-{
-	char *result = ap_palloc(p, len + 2);
-	char *resp = result;
-	int i;
-
-	for (i = 0; i < len; ++i) {
-		if (start[i] == '\\' && (start[i + 1] == '\\'
-		    || (quote && start[i + 1] == quote)))
-			*resp++ = start[++i];
-		else
-		*resp++ = start[i];
-	}
-
-	*resp++ = '\0';
-	return result;
-}
-
-API_EXPORT(char *)
-ap_getword_conf_nc(pool *p, char **line)
-{
-	return ap_getword_conf(p, (const char **)line);
-}
-
-API_EXPORT(char *)
-ap_getword_conf(pool *p, const char **line)
-{
-	const char *str = *line, *strend;
-	char *res;
-	char quote;
-
-	while (ap_isspace(*str))
-		++str;
-
-	if (!*str) {
-		*line = str;
-		return "";
-	}
-
-	if ((quote = *str) == '"' || quote == '\'') {
-		strend = str + 1;
-		while (*strend && *strend != quote) {
-			if (*strend == '\\' && strend[1] && strend[1] == quote)
-				strend += 2;
-			else
-				++strend;
-		}
-		res = substring_conf(p, str + 1, strend - str - 1, quote);
-
-		if (*strend == quote)
-			++strend;
-	} else {
-		if (*str == '#')
-			ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO,
-			    NULL, "Apache does not support line-end comments. "
-			    "Consider using quotes around argument: \"%s\"",
-			    str);
-		strend = str;
-		while (*strend && !ap_isspace(*strend))
-			++strend;
-
-		res = substring_conf(p, str, strend - str, 0);
-	}
-
-	while (ap_isspace(*strend))
-		++strend;
-	*line = strend;
-	return res;
-}
-
-API_EXPORT(int)
-ap_cfg_closefile(configfile_t *cfp)
-{
-#ifdef DEBUG
-	ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL, 
-	    "Done with config file %s", cfp->name);
-#endif
-	return (cfp->close == NULL) ? 0 : cfp->close(cfp->param);
-}
-
-/* Common structure that holds the file and pool for ap_pcfg_openfile */
-typedef struct {
-	struct pool	*pool;
-	FILE		*file;
-} poolfile_t;
-
-static int
-cfg_close(void *param)
-{
-	poolfile_t *cfp = (poolfile_t *)param;
-	return (ap_pfclose(cfp->pool, cfp->file));
-}
-
-static int
-cfg_getch(void *param)
-{
-	poolfile_t *cfp = (poolfile_t *)param;
-	return (fgetc(cfp->file));
-}
-
-static void
-*cfg_getstr(void *buf, size_t bufsiz, void *param)
-{
-	poolfile_t *cfp = (poolfile_t *)param;
-	return (fgets(buf, bufsiz, cfp->file));
-}
-
-/* Open a configfile_t as FILE, return open configfile_t struct pointer */
-API_EXPORT(configfile_t *)
-ap_pcfg_openfile(pool *p, const char *name)
-{
-	configfile_t *new_cfg;
-	poolfile_t *new_pfile;
-	FILE *file;
-	struct stat stbuf;
-	int saved_errno;
-
-	if (name == NULL) {
-		ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, NULL,
-		    "Internal error: pcfg_openfile() called with NULL "
-		    "filename");
-		return NULL;
-	}
-
-	if (!ap_os_is_filename_valid(name)) {
-		ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, NULL,
-		    "Access to config file %s denied: not a valid filename",
-		    name);
-		errno = EACCES;
-		return NULL;
-	}
-
-	file = ap_pfopen(p, name, "r");
-#ifdef DEBUG
-	saved_errno = errno;
-	ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, NULL,
-	    "Opening config file %s (%s)",
-	    name, (file == NULL) ? strerror(errno) : "successful");
-	errno = saved_errno;
-#endif
-	if (file == NULL)
-		return NULL;
-
-	if (fstat(fileno(file), &stbuf) == 0 &&
-	    !S_ISREG(stbuf.st_mode) &&
-	    strcmp(name, "/dev/null") != 0) {
-		saved_errno = errno;
-		ap_log_error(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, NULL,
-		    "Access to file %s denied by server: not a regular file",
-		    name);
-		ap_pfclose(p, file);
-		errno = saved_errno;
-		return NULL;
-	}
-
-	new_cfg = ap_palloc(p, sizeof(*new_cfg));
-	new_pfile = ap_palloc(p, sizeof(*new_pfile));
-	new_pfile->file = file;
-	new_pfile->pool = p;
-	new_cfg->param = new_pfile;
-	new_cfg->name = ap_pstrdup(p, name);
-	new_cfg->getch = (int (*)(void *))cfg_getch;
-	new_cfg->getstr = (void *(*)(void *, size_t, void *))cfg_getstr;
-	new_cfg->close = (int (*)(void *))cfg_close;
-	new_cfg->line_number = 0;
-	return new_cfg;
-}
-
-
-/* Allocate a configfile_t handle with user defined functions and params */
-API_EXPORT(configfile_t *)
-ap_pcfg_open_custom(pool *p, const char *descr, void *param,
-    int(*getch)(void *param), void *(*getstr) (void *buf, size_t bufsiz,
-    void *param), int(*close_func)(void *param))
-{
-	configfile_t *new_cfg = ap_palloc(p, sizeof(*new_cfg));
-#ifdef DEBUG
-	ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, NULL,
-	    "Opening config handler %s", descr);
-#endif
-	new_cfg->param = param;
-	new_cfg->name = descr;
-	new_cfg->getch = getch;
-	new_cfg->getstr = getstr;
-	new_cfg->close = close_func;
-	new_cfg->line_number = 0;
-	return new_cfg;
-}
-
-
-/* Read one character from a configfile_t */
-API_EXPORT(int)
-ap_cfg_getc(configfile_t *cfp)
-{
-	int ch = cfp->getch(cfp->param);
-	if (ch == LF) 
-		++cfp->line_number;
-	return ch;
-}
-
-
-/* Read one line from open configfile_t, strip LF, increase line number */
-/* If custom handler does not define a getstr() function, read char by char */
-API_EXPORT(int)
-ap_cfg_getline(char *buf, size_t bufsize, configfile_t *cfp)
-{
-	/* If a "get string" function is defined, use it */
-	if (cfp->getstr != NULL) {
-		char *src, *dst;
-		char *cp;
-		char *cbuf = buf;
-		size_t cbufsize = bufsize;
-
-		while (1) {
-			++cfp->line_number;
-			if (cfp->getstr(cbuf, cbufsize, cfp->param) == NULL)
-				return 1;
-
-			/*
-			 * check for line continuation,
-			 * i.e. match [^\\]\\[\r]\n only
-			 */
-			cp = cbuf;
-			while (cp < cbuf+cbufsize && *cp != '\0')
-				cp++;
-			if (cp > cbuf && cp[-1] == LF) {
-				cp--;
-				if (cp > cbuf && cp[-1] == CR)
-					cp--;
-				if (cp > cbuf && cp[-1] == '\\') {
-					cp--;
-					if (!(cp > cbuf && cp[-1] == '\\')) {
-						/*
-						 * line continuation
-						 * requested -
-						 * then remove backslash and
-						 * continue
-						 */
-						cbufsize -= (cp-cbuf);
-						cbuf = cp;
-						continue;
-					} else {
-						/* 
-						 * no real continuation because
-						 * escaped - then just remove
-						 * escape character
-						 */
-						for ( ; cp < cbuf+cbufsize &&
-						    *cp != '\0'; cp++)
-							cp[0] = cp[1];
-					}   
-				}
-			}
-			break;
-		}
-
-		/* Leading and trailing white space is eliminated completely */
-		src = buf;
-		while (ap_isspace(*src))
-			++src;
-		/* blast trailing whitespace */
-		dst = &src[strlen(src)];
-		while (--dst >= src && ap_isspace(*dst))
-			*dst = '\0';
-		/* Zap leading whitespace by shifting */
-		if (src != buf)
-			for (dst = buf; (*dst++ = *src++) != '\0'; )
-			;
-
-#ifdef DEBUG_CFG_LINES
-		ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL,
-		    "Read config: %s", buf);
-#endif
-		return 0;
-	} else {
-		/*
-		 * No "get string" function defined; read character by
-		 * character
-		 */
-		int c;
-		size_t i = 0;
-
-		buf[0] = '\0';
-		/* skip leading whitespace */
-		do {
-			c = cfp->getch(cfp->param);
-		} while (c == '\t' || c == ' ');
-
-		if (c == EOF)
-			return 1;
-
-		if(bufsize < 2)
-			/* too small, assume caller is crazy */
-			return 1;
-
-		while (1) {
-			if ((c == '\t') || (c == ' ')) {
-				buf[i++] = ' ';
-				while ((c == '\t') || (c == ' '))
-					c = cfp->getch(cfp->param);
-			}
-			if (c == CR)
-				/*
-				 * silently ignore CR (_assume_ that a LF
-				 * follows)
-				 */
-				c = cfp->getch(cfp->param);
-
-			if (c == LF)
-				/* increase line number and return on LF */
-				++cfp->line_number;
-
-			if (c == EOF || c == 0x4 || c == LF
-			    || i >= (bufsize - 2)) {
-				/* 
-				 *  check for line continuation
-				 */
-				if (i > 0 && buf[i-1] == '\\') {
-					i--;
-					if (!(i > 0 && buf[i-1] == '\\')) {
-						/* line is continued */
-						c = cfp->getch(cfp->param);
-						continue;
-					}
-					/*
-					 * else nothing needs be done because
-					 * then the backslash is escaped and
-					 * we just strip to a single one
-					 */
-				}
-				/* blast trailing whitespace */
-				while (i > 0 && ap_isspace(buf[i - 1]))
-					--i;
-				buf[i] = '\0';
-#ifdef DEBUG_CFG_LINES
-				ap_log_error(APLOG_MARK,
-				    APLOG_DEBUG|APLOG_NOERRNO, NULL,
-				    "Read config: %s", buf);
-#endif
-				return 0;
-			}
-			buf[i] = c;
-			++i;
-			c = cfp->getch(cfp->param);
-		}
-	}
-}
-
-/*
- * Size an HTTP header field list item, as separated by a comma.
- * The return value is a pointer to the beginning of the non-empty list item
- * within the original string (or NULL if there is none) and the address
- * of field is shifted to the next non-comma, non-whitespace character.
- * len is the length of the item excluding any beginning whitespace.
- */
-API_EXPORT(const char *)
-ap_size_list_item(const char **field, int *len)
-{
-	const unsigned char *ptr = (const unsigned char *)*field;
-	const unsigned char *token;
-	int in_qpair, in_qstr, in_com;
-
-	/* Find first non-comma, non-whitespace byte */
-	while (*ptr == ',' || ap_isspace(*ptr))
-		++ptr;
-
-	token = ptr;
-
-	/* Find the end of this item, skipping over dead bits */
-	for (in_qpair = in_qstr = in_com = 0;
-	    *ptr && (in_qpair || in_qstr || in_com || *ptr != ',');
-	    ++ptr) {
-
-		if (in_qpair)
-			in_qpair = 0;
-		else {
-			switch (*ptr) {
-			case '\\':
-				in_qpair = 1;	/* quoted-pair */
-				break;
-			case '"':
-				if (!in_com)	/* quoted string delim */
-					in_qstr = !in_qstr;
-				break;
-			case '(':
-				if (!in_qstr)	/* comment (may nest) */
-					++in_com;
-				break;
-			case ')':
-				if (in_com)	/* end comment */
-					--in_com;
-				break;
-			}
-		}
-	}
-
-	if ((*len = (ptr - token)) == 0) {
-		*field = (const char *)ptr;
-		return NULL;
-	}
-
-	/* Advance field pointer to the next non-comma, non-white byte */
-	while (*ptr == ',' || ap_isspace(*ptr))
-		++ptr;
-
-	*field = (const char *)ptr;
-	return (const char *)token;
-}
-
-/*
- * Retrieve an HTTP header field list item, as separated by a comma,
- * while stripping insignificant whitespace and lowercasing anything not in
- * a quoted string or comment.  The return value is a new string containing
- * the converted list item (or NULL if none) and the address pointed to by
- * field is shifted to the next non-comma, non-whitespace.
- */
-API_EXPORT(char *)
-ap_get_list_item(pool *p, const char **field)
-{
-	const char *tok_start;
-	const unsigned char *ptr;
-	unsigned char *pos;
-	char *token;
-	int addspace = 0, in_qpair = 0, in_qstr = 0, in_com = 0, tok_len = 0;
-
-	/*
-	 * Find the beginning and maximum length of the list item so that
-	 * we can allocate a buffer for the new string and reset the field.
-	 */
-	if ((tok_start = ap_size_list_item(field, &tok_len)) == NULL)
-		return NULL;
-
-	token = ap_palloc(p, tok_len + 1);
-
-	/*
-	 * Scan the token again, but this time copy only the good bytes.
-	 * We skip extra whitespace and any whitespace around a '=', '/',
-	 * or ';' and lowercase normal characters not within a comment,
-	 * quoted-string or quoted-pair.
-	 */
-	for (ptr = (const unsigned char *)tok_start,
-	    pos = (unsigned char *)token;
-	    *ptr && (in_qpair || in_qstr || in_com || *ptr != ',');
-	    ++ptr) {
-
-		if (in_qpair) {
-			in_qpair = 0;
-			*pos++ = *ptr;
-		} else {
-			switch (*ptr) {
-			case '\\':
-				in_qpair = 1;
-				if (addspace == 1)
-					*pos++ = ' ';
-				*pos++ = *ptr;
-				addspace = 0;
-				break;
-			case '"':
-				if (!in_com)
-					in_qstr = !in_qstr;
-				if (addspace == 1)
-					*pos++ = ' ';
-				*pos++ = *ptr;
-				addspace = 0;
-				break;
-			case '(':
-				if (!in_qstr)
-					++in_com;
-				if (addspace == 1)
-				*pos++ = ' ';
-				*pos++ = *ptr;
-				addspace = 0;
-				break;
-			case ')':
-				if (in_com)
-					--in_com;
-				*pos++ = *ptr;
-				addspace = 0;
-				break;
-			case ' ':
-			case '\t':
-				if (addspace)
-					break;
-				if (in_com || in_qstr)
-					*pos++ = *ptr;
-				else
-					addspace = 1;
-				break;
-			case '=':
-			case '/':
-			case ';':
-				if (!(in_com || in_qstr))
-					addspace = -1;
-				*pos++ = *ptr;
-				break;
-			default:
-				if (addspace == 1)
-					*pos++ = ' ';
-				*pos++ = (in_com || in_qstr) ? *ptr
-				    : ap_tolower(*ptr);
-				addspace = 0;
-				break;
-			}
-		}
-	}
-	*pos = '\0';
-
-	return token;
-}
-
-/*
- * Find an item in canonical form (lowercase, no extra spaces) within
- * an HTTP field value list.  Returns 1 if found, 0 if not found.
- * This would be much more efficient if we stored header fields as
- * an array of list items as they are received instead of a plain string.
- */
-API_EXPORT(int)
-ap_find_list_item(pool *p, const char *line, const char *tok)
-{
-	const unsigned char *pos;
-	const unsigned char *ptr = (const unsigned char *)line;
-	int good = 0, addspace = 0, in_qpair = 0, in_qstr = 0, in_com = 0;
-
-	if (!line || !tok)
-	return 0;
-
-	do {  /* loop for each item in line's list */
-
-		/* Find first non-comma, non-whitespace byte */
-		while (*ptr == ',' || ap_isspace(*ptr))
-		++ptr;
-
-		if (*ptr)
-		good = 1;  /* until proven otherwise for this item */
-		else
-		break;     /* no items left and nothing good found */
-
-		/*
-		 * We skip extra whitespace and whitespace around a '=', '/',
-		 * or ';' and lowercase normal characters not within a comment,
-		 * quoted-string or quoted-pair.
-		 */
-		for (pos = (const unsigned char *)tok;
-		    *ptr && (in_qpair || in_qstr || in_com || *ptr != ',');
-		    ++ptr) {
-
-			if (in_qpair) {
-				in_qpair = 0;
-				if (good)
-					good = (*pos++ == *ptr);
-			} else {
-				switch (*ptr) {
-				case '\\':
-					in_qpair = 1;
-					if (addspace == 1)
-						good = good && (*pos++ == ' ');
-					good = good && (*pos++ == *ptr);
-					addspace = 0;
-					break;
-				case '"':
-					if (!in_com)
-						in_qstr = !in_qstr;
-					if (addspace == 1)
-						good = good && (*pos++ == ' ');
-					good = good && (*pos++ == *ptr);
-					addspace = 0;
-					break;
-				case '(':
-					if (!in_qstr)
-						++in_com;
-					if (addspace == 1)
-						good = good && (*pos++ == ' ');
-					good = good && (*pos++ == *ptr);
-					addspace = 0;
-					break;
-				case ')':
-					if (in_com)
-						--in_com;
-					good = good && (*pos++ == *ptr);
-					addspace = 0;
-					break;
-				case ' ':
-				case '\t':
-					if (addspace || !good)
-						break;
-					if (in_com || in_qstr)
-						good = (*pos++ == *ptr);
-					else
-						addspace = 1;
-					break;
-				case '=':
-				case '/':
-				case ';':
-					if (!(in_com || in_qstr))
-						addspace = -1;
-					good = good && (*pos++ == *ptr);
-					break;
-				default:
-					if (!good)
-						break;
-					if (addspace == 1)
-						good = (*pos++ == ' ');
-					if (in_com || in_qstr)
-						good = good && (*pos++ == *ptr);
-					else
-						good = good && (*pos++ ==
-						    ap_tolower(*ptr));
-					addspace = 0;
-					break;
-				}
-			}
-		}
-		if (good && *pos)
-			good = 0; /* not good if only a prefix was matched */
-
-	} while (*ptr && !good);
-
-	return good;
-}
-
-
-/*
- * Retrieve a token, spacing over it and returning a pointer to
- * the first non-white byte afterwards.  Note that these tokens
- * are delimited by semis and commas; and can also be delimited
- * by whitespace at the caller's option.
- */
-API_EXPORT(char *)
-ap_get_token(pool *p, const char **accept_line, int accept_white)
-{
-	const char *ptr = *accept_line;
-	const char *tok_start;
-	char *token;
-	int tok_len;
-
-	/* Find first non-white byte */
-	while (ap_isspace(*ptr))
-		++ptr;
-
-	tok_start = ptr;
-
-	/*
-	 * find token end, skipping over quoted strings.
-	 * (comments are already gone).
-	 * XXX weird:  unconditional break in a while loop
-	 */
-	while (*ptr && (accept_white || !ap_isspace(*ptr))
-	    && *ptr != ';' && *ptr != ',') {
-		if (*ptr++ == '"')
-			while (*ptr)
-				if (*ptr++ == '"')
-					break;
-	}
-
-	tok_len = ptr - tok_start;
-	token = ap_pstrndup(p, tok_start, tok_len);
-
-	/* Advance accept_line pointer to the next non-white byte */
-	while (ap_isspace(*ptr))
-		++ptr;
-
-	*accept_line = ptr;
-	return token;
-}
-
-
-/* find http tokens, see the definition of token from RFC2068 */
-API_EXPORT(int)
-ap_find_token(pool *p, const char *line, const char *tok)
-{
-	const unsigned char *start_token;
-	const unsigned char *s;
-
-	if (!line)
-		return 0;
-
-	s = (const unsigned char *)line;
-	for (;;) {
-		/*
-		 * find start of token, skip all stop characters, note NUL
-		 * isn't a token stop, so we don't need to test for it
-		 */
-		while (TEST_CHAR(*s, T_HTTP_TOKEN_STOP))
-			++s;
-
-		if (!*s)
-			return 0;
-
-		start_token = s;
-		/* find end of the token */
-		while (*s && !TEST_CHAR(*s, T_HTTP_TOKEN_STOP))
-			++s;
-
-		if (!strncasecmp((const char *)start_token, (const char *)tok,
-		    s - start_token))
-			return 1;
-
-		if (!*s)
-			return 0;
-	}
-}
-
-API_EXPORT(int)
-ap_find_last_token(pool *p, const char *line, const char *tok)
-{
-	int llen, tlen, lidx;
-
-	if (!line)
-		return 0;
-
-	llen = strlen(line);
-	tlen = strlen(tok);
-	lidx = llen - tlen;
-
-	if ((lidx < 0) ||
-	    ((lidx > 0) && !(ap_isspace(line[lidx - 1])
-	    || line[lidx - 1] == ',')))
-		return 0;
-
-	return (strncasecmp(&line[lidx], tok, tlen) == 0);
-}
-
-/*
- * c2x takes an unsigned, and expects the caller has guaranteed that
- * 0 <= what < 256... which usually means that you have to cast to
- * unsigned char first, because (unsigned)(char)(x) first goes through
- * signed extension to an int before the unsigned cast.
- *
- * The reason for this assumption is to assist gcc code generation --
- * the unsigned char -> unsigned extension is already done earlier in
- * both uses of this code, so there's no need to waste time doing it
- * again.
- */
-static const char c2x_table[] = "0123456789abcdef";
-
-static ap_inline unsigned char
-*c2x(unsigned what, unsigned char *where)
-{
-	*where++ = '%';
-	*where++ = c2x_table[what >> 4];
-	*where++ = c2x_table[what & 0xf];
-	return where;
-}
-
-/* escape a string for logging */
-API_EXPORT(char *)
-ap_escape_logitem(pool *p, const char *str)
-{
-	char *ret;
-	unsigned char *d;
-	const unsigned char *s;
-
-	if (str == NULL)
-		return NULL;
-
-	ret = ap_palloc(p, 4 * strlen(str) + 1);	/* Be safe */
-	d = (unsigned char *)ret;
-	s = (const unsigned char *)str;
-	for (; *s; ++s) {
-
-		if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
-			*d++ = '\\';
-			switch(*s) {
-			case '\b':
-				*d++ = 'b';
-				break;
-			case '\n':
-				*d++ = 'n';
-				break;
-			case '\r':
-				*d++ = 'r';
-				break;
-			case '\t':
-				*d++ = 't';
-				break;
-			case '\v':
-				*d++ = 'v';
-				break;
-			case '\\':
-				case '"':
-				*d++ = *s;
-				break;
-			default:
-				c2x(*s, d);
-				*d = 'x';
-				d += 3;
-			}
-		} else
-			*d++ = *s;
-	}
-	*d = '\0';
-
-	return ret;
-}
-
-API_EXPORT(size_t)
-ap_escape_errorlog_item(char *dest, const char *source, size_t buflen)
-{
-	unsigned char *d, *ep;
-	const unsigned char *s;
-
-	if (!source || !buflen)	/* be safe */
-		return 0;
-
-	d = (unsigned char *)dest;
-	s = (const unsigned char *)source;
-	ep = d + buflen - 1;
-
-	for (; d < ep && *s; ++s) {
-
-		if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
-			*d++ = '\\';
-			if (d >= ep) {
-				--d;
-				break;
-			}
-
-			switch(*s) {
-			case '\b':
-				*d++ = 'b';
-				break;
-			case '\n':
-				*d++ = 'n';
-				break;
-			case '\r':
-				*d++ = 'r';
-				break;
-			case '\t':
-				*d++ = 't';
-				break;
-			case '\v':
-				*d++ = 'v';
-				break;
-			case '\\':
-				*d++ = *s;
-				break;
-			case '"': /* no need for this in error log */
-				d[-1] = *s;
-				break;
-			default:
-				if (d >= ep - 2) {
-					ep = --d;
-					/* break the for loop as well */
-					break;
-				}
-				c2x(*s, d);
-				*d = 'x';
-				d += 3;
-			}
-		} else
-			*d++ = *s;
-	}
-	*d = '\0';
-
-	return (d - (unsigned char *)dest);
-}
-
-API_EXPORT(char *)
-ap_escape_shell_cmd(pool *p, const char *str)
-{
-	char *cmd;
-	unsigned char *d;
-	const unsigned char *s;
-
-	cmd = ap_palloc(p, 2 * strlen(str) + 1);	/* Be safe */
-	d = (unsigned char *)cmd;
-	s = (const unsigned char *)str;
-	for (; *s; ++s) {
-		if (TEST_CHAR(*s, T_ESCAPE_SHELL_CMD))
-			*d++ = '\\';
-
-		*d++ = *s;
-	}
-	*d = '\0';
-
-	return cmd;
-}
-
-static char
-x2c(const char *what)
-{
-	char digit;
-
-	digit = ((what[0] >= 'A') ?
-	    ((what[0] & 0xdf) - 'A') + 10 : (what[0] - '0'));
-	digit *= 16;
-	digit += (what[1] >= 'A' ?
-	    ((what[1] & 0xdf) - 'A') + 10 : (what[1] - '0'));
-	return (digit);
-}
-
-/*
- * Unescapes a URL.
- * Returns 0 on success, non-zero on error
- * Failure is due to
- *   bad % escape       returns BAD_REQUEST
- *
- *   decoding %00 -> \0  (the null character)
- *   decoding %2f -> /   (a special character)
- *                      returns NOT_FOUND
- */
-API_EXPORT(int)
-ap_unescape_url(char *url)
-{
-	int x, y, badesc, badpath;
-
-	badesc = 0;
-	badpath = 0;
-	for (x = 0, y = 0; url[y]; ++x, ++y) {
-		if (url[y] != '%')
-			url[x] = url[y];
-		else {
-			if (!ap_isxdigit(url[y + 1]) || !ap_isxdigit(url[y + 2])) {
-				badesc = 1;
-				url[x] = '%';
-			} else {
-				url[x] = x2c(&url[y + 1]);
-				y += 2;
-				if (url[x] == '/' || url[x] == '\0')
-					badpath = 1;
-			}
-		}
-	}
-	url[x] = '\0';
-	if (badesc)
-		return BAD_REQUEST;
-	else if (badpath)
-		return NOT_FOUND;
-	else
-		return OK;
-}
-
-API_EXPORT(char *)
-ap_construct_server(pool *p, const char *hostname, unsigned port,
-    const request_rec *r)
-{
-	if (ap_is_default_port(port, r))
-		return ap_pstrdup(p, hostname);
-	else
-		return ap_psprintf(p, "%s:%u", hostname, port);
-}
-
-/*
- * escape_path_segment() escapes a path segment, as defined in RFC 1808. This
- * routine is (should be) OS independent.
- *
- * os_escape_path() converts an OS path to a URL, in an OS dependent way. In all
- * cases if a ':' occurs before the first '/' in the URL, the URL should be
- * prefixed with "./" (or the ':' escaped). In the case of Unix, this means
- * leaving '/' alone, but otherwise doing what escape_path_segment() does. For
- * efficiency reasons, we don't use escape_path_segment(), which is provided for
- * reference. Again, RFC 1808 is where this stuff is defined.
- *
- * If partial is set, os_escape_path() assumes that the path will be appended to
- * something with a '/' in it (and thus does not prefix "./").
- */
-API_EXPORT(char *)
-ap_escape_path_segment(pool *p, const char *segment)
-{
-	char *copy = ap_palloc(p, 3 * strlen(segment) + 1);
-	const unsigned char *s = (const unsigned char *)segment;
-	unsigned char *d = (unsigned char *)copy;
-	unsigned c;
-
-	while ((c = *s)) {
-		if (TEST_CHAR(c, T_ESCAPE_PATH_SEGMENT))
-			d = c2x(c, d);
-		else
-			*d++ = c;
-		++s;
-	}
-	*d = '\0';
-	return copy;
-}
-
-API_EXPORT(char *)
-ap_os_escape_path(pool *p, const char *path, int partial)
-{
-	char *copy = ap_palloc(p, 3 * strlen(path) + 3);
-	const unsigned char *s = (const unsigned char *)path;
-	unsigned char *d = (unsigned char *)copy;
-	unsigned c;
-
-	if (!partial) {
-		char *colon = strchr(path, ':');
-		char *slash = strchr(path, '/');
-
-		if (colon && (!slash || colon < slash)) {
-			*d++ = '.';
-			*d++ = '/';
-		}
-	}
-	while ((c = *s)) {
-		if (TEST_CHAR(c, T_OS_ESCAPE_PATH))
-			d = c2x(c, d);
-		else
-			*d++ = c;
-		++s;
-	}
-	*d = '\0';
-	return copy;
-}
-
-/* ap_escape_uri is now a macro for os_escape_path */
-API_EXPORT(char *)
-ap_escape_html(pool *p, const char *s)
-{
-	int i, j;
-	char *x;
-
-	/* first, count the number of extra characters */
-	for (i = 0, j = 0; s[i] != '\0'; i++)
-		if (s[i] == '<' || s[i] == '>')
-			j += 3;
-		else if (s[i] == '&')
-			j += 4;
-		else if (s[i] == '"')
-			j += 5; 
-
-	if (j == 0)
-		return ap_pstrndup(p, s, i);
-
-	x = ap_palloc(p, i + j + 1);
-	for (i = 0, j = 0; s[i] != '\0'; i++, j++)
-		if (s[i] == '<') {
-			memcpy(&x[j], "<", 4);
-			j += 3;
-		} else if (s[i] == '>') {
-			memcpy(&x[j], ">", 4);
-			j += 3;
-		} else if (s[i] == '&') {
-			memcpy(&x[j], "&", 5);
-			j += 4;
-		} else if (s[i] == '"') {
-			memcpy(&x[j], """, 6);
-			j += 5;
-		} else
-			x[j] = s[i];
-
-	x[j] = '\0';
-	return x;
-}
-
-API_EXPORT(int)
-ap_is_directory(const char *path)
-{
-	struct stat finfo;
-
-	if (stat(path, &finfo) == -1)
-		return 0;	/* in error condition, just return no */
-
-	return (S_ISDIR(finfo.st_mode));
-}
-
-/*
- * see ap_is_directory() except this one is symlink aware, so it
- * checks for a "real" directory
- */
-API_EXPORT(int)
-ap_is_rdirectory(const char *path)
-{
-	struct stat finfo;
-
-	if (lstat(path, &finfo) == -1)
-		return 0;	/* in error condition, just return no */
-
-	return ((!(S_ISLNK(finfo.st_mode))) && (S_ISDIR(finfo.st_mode)));
-}
-
-API_EXPORT(char *)
-ap_make_full_path(pool *a, const char *src1, const char *src2)
-{
-	int x;
-
-	x = strlen(src1);
-	if (x == 0)
-		return ap_pstrcat(a, "/", src2, NULL);
-
-	if (src1[x - 1] != '/')
-		return ap_pstrcat(a, src1, "/", src2, NULL);
-	else
-		return ap_pstrcat(a, src1, src2, NULL);
-}
-
-/* Check for an absoluteURI syntax (see section 3.2 in RFC2068). */
-API_EXPORT(int)
-ap_is_url(const char *u)
-{
-	int x;
-
-	for (x = 0; u[x] != ':'; x++) {
-		if ((!u[x]) ||
-		    ((!ap_isalpha(u[x])) && (!ap_isdigit(u[x])) &&
-		    (u[x] != '+') && (u[x] != '-') && (u[x] != '.')))
-			return 0;
-	}
-
-	return (x ? 1 : 0);	/*
-				 * If the first character is ':',
-				 * it's broken, too
-				 */
-}
-
-API_EXPORT(int)
-ap_can_exec(const struct stat *finfo)
-{
-	if (ap_user_id == finfo->st_uid)
-		if (finfo->st_mode & S_IXUSR)
-			return 1;
-	if (ap_group_id == finfo->st_gid)
-		if (finfo->st_mode & S_IXGRP)
-			return 1;
-	return ((finfo->st_mode & S_IXOTH) != 0);
-}
-
-API_EXPORT(int)
-ap_ind(const char *s, char c)
-{
-	int x;
-
-	for (x = 0; s[x]; x++)
-		if (s[x] == c)
-		return x;
-
-	return -1;
-}
-
-API_EXPORT(int)
-ap_rind(const char *s, char c)
-{
-	int x;
-
-	for (x = strlen(s) - 1; x != -1; x--)
-		if (s[x] == c)
-		return x;
-
-	return -1;
-}
-
-API_EXPORT(void)
-ap_str_tolower(char *str)
-{
-	while (*str) {
-		*str = ap_tolower(*str);
-		++str;
-	}
-}
-
-API_EXPORT(uid_t)
-ap_uname2id(const char *name)
-{
-	struct passwd *ent;
-
-	if (name[0] == '#')
-		return (atoi(&name[1]));
-
-	if (!(ent = getpwnam(name))) {
-		fprintf(stderr, "%s: bad user name %s\n", ap_server_argv0,
-		    name);
-		exit(1);
-	}
-	return (ent->pw_uid);
-}
-
-API_EXPORT(gid_t)
-ap_gname2id(const char *name)
-{
-	struct group *ent;
-
-	if (name[0] == '#')
-		return (atoi(&name[1]));
-
-	if (!(ent = getgrnam(name))) {
-		fprintf(stderr, "%s: bad group name %s\n", ap_server_argv0,
-		    name);
-		exit(1);
-	}
-	return (ent->gr_gid);
-}
-
-
-/*
- * Parses a host of the form 
[:port]
- * :port is permitted if 'port' is not NULL
- */
-API_EXPORT(struct sockaddr *)
-ap_get_virthost_addr(char *w, unsigned short *ports)
-{
-	static struct sockaddr_storage ss;
-	struct addrinfo hints, *res;
-	char *p, *r;
-	char *host;
-	char *port = "0";
-	int error;
-	char servbuf[NI_MAXSERV];
-
-	if (w == NULL)
-		w = "*";
-	p = r = NULL;
-	if (*w == '['){
-		if (r = strrchr(w+1, ']')){
-			*r = '\0';
-			p = r + 1;
-			switch(*p){
-			case ':':
-				p++;
-				/* fallthrough; */
-			case '\0':
-				w++;
-				break;
-			default:
-				p = NULL;
-			}
-		}
-	} else {
-		p = strchr(w, ':');
-		if (p != NULL && strchr(p+1, ':') != NULL)
-			p = NULL;
-	}
-	if (ports != NULL)
-		if (p != NULL && *p && strcmp(p + 1, "*") != 0)
-			port = p + 1;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_STREAM;
-	if (p != NULL)
-		*p = '\0';
-	if (strcmp(w, "*") == 0) {
-		host = NULL;
-		hints.ai_flags = AI_PASSIVE;
-		hints.ai_family = ap_default_family;
-	} else {
-		host = w;
-		hints.ai_family = PF_UNSPEC;
-	}
-
-	error = getaddrinfo(host, port, &hints, &res);
-
-	if (error || !res) {
-		fprintf(stderr, "ap_get_vitrhost_addr(): getaddrinfo(%s):%s "
-		    "--- exiting!\n", w, gai_strerror(error));
-		exit(1);
-	}
-
-	if (res->ai_next) {
-		fprintf(stderr, "ap_get_vitrhost_addr(): Host %s has multiple "
-		    "addresses ---\n", w);
-		fprintf(stderr, "you must choose one explicitly for use as\n");
-		fprintf(stderr, "a virtual host.  Exiting!!!\n");
-		exit(1);
-	}
-
-	if (r != NULL)
-		*r = ']';
-	if (p != NULL)
-		*p = ':';
-
-	memcpy(&ss, res->ai_addr, res->ai_addrlen);
-	if (getnameinfo(res->ai_addr, res->ai_addrlen,
-	    NULL, 0, servbuf, sizeof(servbuf),
-	    NI_NUMERICSERV)){
-		fprintf(stderr, "ap_get_virthost_addr(): getnameinfo() failed "
-		    "--- Exiting!!!\n");
-		exit(1);
-	}
-	if (ports) *ports = atoi(servbuf);
-		freeaddrinfo(res);
-	return (struct sockaddr *)&ss;
-}
-
-
-static char *
-find_fqdn(pool *a, struct hostent *p)
-{
-	int x;
-
-	if (!strchr(p->h_name, '.')) {
-		if (p->h_aliases) {
-			for (x = 0; p->h_aliases[x]; ++x) {
-				if (p->h_aliases[x]
-				    && strchr(p->h_aliases[x], '.')
-				    && (!strncasecmp(p->h_aliases[x],
-				    p->h_name, strlen(p->h_name))))
-					return ap_pstrdup(a, p->h_aliases[x]);
-			}
-		}
-		return NULL;
-	}
-	return ap_pstrdup(a, (void *)p->h_name);
-}
-
-API_EXPORT(char *)
-ap_get_local_host(pool *a)
-{
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 256
-#endif
-	char str[MAXHOSTNAMELEN];
-	char *server_hostname = NULL;
-	struct addrinfo hints, *res;
-	int error;
-
-	if (gethostname(str, sizeof(str) - 1) != 0) {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		    "%s: gethostname() failed to determine ServerName\n",
-		    ap_server_argv0);
-	} else {
-		str[sizeof(str) - 1] = '\0';
-		memset(&hints, 0, sizeof(hints));
-		hints.ai_family = PF_UNSPEC;
-		hints.ai_flags = AI_CANONNAME;
-		res = NULL;
-		error = getaddrinfo(str, NULL, &hints, &res);
-		if (error == 0 && res) {
-			/*
-			 * Since we found a fqdn, return it with no
-			 * logged message.
-			 */
-			server_hostname = ap_pstrdup(a, res->ai_canonname);
-			freeaddrinfo(res);
-			return server_hostname;
-		} else {
-			/* Recovery - return the default server by IP: */
-			server_hostname = ap_pstrdup(a, str);
-			/* We will drop through to report the IP-named server */
-		}
-	}
-
-	/* If we don't have an fqdn or IP, fall back to the loopback addr */
-	if (!server_hostname) 
-		server_hostname = ap_pstrdup(a, "127.0.0.1");
-
-	ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, NULL,
-	    "%s: Could not determine the server's fully qualified "
-	    "domain name, using %s for ServerName",
-	    ap_server_argv0, server_hostname);
-
-	if (res)
-		freeaddrinfo(res);
-	return server_hostname;
-}
-
-/* simple 'pool' alloc()ing glue to ap_base64.c */
-API_EXPORT(char *)
-ap_pbase64decode(pool *p, const char *bufcoded)
-{
-	char *decoded;
-	int l;
-
-	decoded = (char *)ap_palloc(p, 1 + ap_base64decode_len(bufcoded));
-	l = ap_base64decode(decoded, bufcoded);
-	decoded[l] = '\0'; /* make binary sequence into string */
-
-	return decoded;
-}
-
-API_EXPORT(char *)
-ap_pbase64encode(pool *p, char *string) 
-{ 
-	char *encoded;
-	int l = strlen(string);
-
-	encoded = (char *) ap_palloc(p, 1 + ap_base64encode_len(l));
-	l = ap_base64encode(encoded, string, l);
-	encoded[l] = '\0'; /* make binary sequence into string */
-
-	return encoded;
-}
-
-/* deprecated names for the above two functions, here for compatibility */
-API_EXPORT(char *)
-ap_uudecode(pool *p, const char *bufcoded)
-{
-	return ap_pbase64decode(p, bufcoded);
-}
-
-API_EXPORT(char *)
-ap_uuencode(pool *p, char *string) 
-{ 
-	return ap_pbase64encode(p, string);
-}
-
-
-/*
- * we want to downcase the type/subtype for comparison purposes
- * but nothing else because ;parameter=foo values are case sensitive.
- * XXX: in truth we want to downcase parameter names... but really,
- * apache has never handled parameters and such correctly.  You
- * also need to compress spaces and such to be able to compare
- * properly. -djg
- */
-API_EXPORT(void)
-ap_content_type_tolower(char *str)
-{
-	char *semi;
-
-	semi = strchr(str, ';');
-	if (semi)
-		*semi = '\0';
-
-	while (*str) {
-		*str = ap_tolower(*str);
-		++str;
-	}
-	if (semi)
-		*semi = ';';
-}
-
-/* Given a string, replace any bare " with \" . */
-API_EXPORT(char *)
-ap_escape_quotes (pool *p, const char *instring)
-{
-	int newlen = 0;
-	const char *inchr = instring;
-	char *outchr, *outstring;
-
-	/*
-	 * Look through the input string, jogging the length of the output
-	 * string up by an extra byte each time we find an unescaped ".
-	 */
-	while (*inchr != '\0') {
-		newlen++;
-		if (*inchr == '"')
-			newlen++;
-
-		/*
-		 * If we find a slosh, and it's not the last byte in the string,
-		 * it's escaping something - advance past both bytes.
-		 */
-		if ((*inchr == '\\') && (inchr[1] != '\0')) {
-			inchr++;
-			newlen++;
-		}
-		inchr++;
-	}
-	outstring = ap_palloc(p, newlen + 1);
-	inchr = instring;
-	outchr = outstring;
-	/*
-	 * Now copy the input string to the output string, inserting a slosh
-	 * in front of every " that doesn't already have one.
-	 */
-	while (*inchr != '\0') {
-		if ((*inchr == '\\') && (inchr[1] != '\0')) {
-			*outchr++ = *inchr++;
-			*outchr++ = *inchr++;
-		}
-		if (*inchr == '"')
-			*outchr++ = '\\';
-		if (*inchr != '\0')
-			*outchr++ = *inchr++;
-	}
-	*outchr = '\0';
-	return outstring;
-}
-
-/*
- * dest = src with whitespace removed
- * length of dest assumed >= length of src
- */
-API_EXPORT(void)
-ap_remove_spaces(char *dest, char *src)
-{
-	while (*src) {
-		if (!ap_isspace(*src)) 
-			*dest++ = *src;
-		src++;
-	}
-	*dest = 0;
-}
diff --git a/usr.sbin/httpd/src/main/util_date.c b/usr.sbin/httpd/src/main/util_date.c
deleted file mode 100644
index c5e92eeb98d..00000000000
--- a/usr.sbin/httpd/src/main/util_date.c
+++ /dev/null
@@ -1,326 +0,0 @@
-/*	$OpenBSD: util_date.c,v 1.9 2008/05/15 06:05:43 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * util_date.c: date parsing utility routines
- *     These routines are (hopefully) platform-independent.
- * 
- * 27 Oct 1996  Roy Fielding
- *     Extracted (with many modifications) from mod_proxy.c and
- *     tested with over 50,000 randomly chosen valid date strings
- *     and several hundred variations of invalid date strings.
- * 
- */
-
-#include "ap_config.h"
-#include "util_date.h"
-#include 
-#include 
-
-/*
- * Compare a string to a mask
- * Mask characters (arbitrary maximum is 256 characters, just in case):
- *   @ - uppercase letter
- *   $ - lowercase letter
- *   & - hex digit
- *   # - digit
- *   ~ - digit or space
- *   * - swallow remaining characters 
- *   - exact match for any other character
- */
-API_EXPORT(int)
-ap_checkmask(const char *data, const char *mask)
-{
-	int i;
-	char d;
-
-	for (i = 0; i < 256; i++) {
-		d = data[i];
-		switch (mask[i]) {
-		case '\0':
-			return (d == '\0');
-		case '*':
-			return 1;
-		case '@':
-			if (!ap_isupper(d))
-				return 0;
-			break;
-		case '$':
-			if (!ap_islower(d))
-				return 0;
-			break;
-		case '#':
-			if (!ap_isdigit(d))
-				return 0;
-			break;
-		case '&':
-			if (!ap_isxdigit(d))
-				return 0;
-			break;
-		case '~':
-			if ((d != ' ') && !ap_isdigit(d))
-				return 0;
-			break;
-		default:
-			if (mask[i] != d)
-				return 0;
-			break;
-		}
-	}
-	return 0; /* We only get here if mask is corrupted (exceeds 256) */
-}
-
-/*
- * tm2sec converts a GMT tm structure into the number of seconds since
- * 1st January 1970 UT.  Note that we ignore tm_wday, tm_yday, and tm_dst.
- * 
- * The return value is always a valid time_t value -- (time_t)0 is returned
- * if the input date is outside that capable of being represented by time(),
- * i.e., before Thu, 01 Jan 1970 00:00:00 for all systems and 
- * beyond 2038 for 32bit systems.
- *
- * This routine is intended to be very fast, much faster than mktime().
- */
-API_EXPORT(time_t)
-ap_tm2sec(const struct tm * t)
-{
-	int year;
-	time_t days;
-	static const int dayoffset[12] =
-	    { 306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275 };
-
-	year = t->tm_year;
-
-	if (year < 70 || ((sizeof(time_t) <= 4) && (year >= 138)))
-		return BAD_DATE;
-
-	/* shift new year to 1st March in order to make leap year calc easy */
-
-	if (t->tm_mon < 2)
-		year--;
-
-	/* Find number of days since 1st March 1900 (in the Gregorian calendar). */
-
-	days = year * 365 + year / 4 - year / 100 + (year / 100 + 3) / 4;
-	days += dayoffset[t->tm_mon] + t->tm_mday - 1;
-	days -= 25508;		/* 1 jan 1970 is 25508 days since 1 mar 1900 */
-
-	days = ((days * 24 + t->tm_hour) * 60 + t->tm_min) * 60 + t->tm_sec;
-
-	if (days < 0)
-		return BAD_DATE;	/* must have overflowed */
-	else
-		return days;		/* must be a valid time */
-}
-
-/*
- * Parses an HTTP date in one of three standard forms:
- *
- *     Sun, 06 Nov 1994 08:49:37 GMT  ; RFC 822, updated by RFC 1123
- *     Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036
- *     Sun Nov  6 08:49:37 1994       ; ANSI C's asctime() format
- *
- * and returns the time_t number of seconds since 1 Jan 1970 GMT, or
- * 0 if this would be out of range or if the date is invalid.
- *
- * The restricted HTTP syntax is
- * 
- *     HTTP-date    = rfc1123-date | rfc850-date | asctime-date
- *
- *     rfc1123-date = wkday "," SP date1 SP time SP "GMT"
- *     rfc850-date  = weekday "," SP date2 SP time SP "GMT"
- *     asctime-date = wkday SP date3 SP time SP 4DIGIT
- *
- *     date1        = 2DIGIT SP month SP 4DIGIT
- *                    ; day month year (e.g., 02 Jun 1982)
- *     date2        = 2DIGIT "-" month "-" 2DIGIT
- *                    ; day-month-year (e.g., 02-Jun-82)
- *     date3        = month SP ( 2DIGIT | ( SP 1DIGIT ))
- *                    ; month day (e.g., Jun  2)
- *
- *     time         = 2DIGIT ":" 2DIGIT ":" 2DIGIT
- *                    ; 00:00:00 - 23:59:59
- *
- *     wkday        = "Mon" | "Tue" | "Wed"
- *                  | "Thu" | "Fri" | "Sat" | "Sun"
- *
- *     weekday      = "Monday" | "Tuesday" | "Wednesday"
- *                  | "Thursday" | "Friday" | "Saturday" | "Sunday"
- *
- *     month        = "Jan" | "Feb" | "Mar" | "Apr"
- *                  | "May" | "Jun" | "Jul" | "Aug"
- *                  | "Sep" | "Oct" | "Nov" | "Dec"
- *
- * However, for the sake of robustness (and Netscapeness), we ignore the
- * weekday and anything after the time field (including the timezone).
- *
- * This routine is intended to be very fast; 10x faster than using sscanf.
- *
- * Originally from Andrew Daviel , 29 Jul 96
- * but many changes since then.
- *
- */
-API_EXPORT(time_t)
-ap_parseHTTPdate(const char *date)
-{
-	struct tm ds;
-	int mint, mon;
-	const char *monstr, *timstr;
-	static const int months[12] = {
-	    ('J' << 16) | ('a' << 8) | 'n', ('F' << 16) | ('e' << 8) | 'b',
-	    ('M' << 16) | ('a' << 8) | 'r', ('A' << 16) | ('p' << 8) | 'r',
-	    ('M' << 16) | ('a' << 8) | 'y', ('J' << 16) | ('u' << 8) | 'n',
-	    ('J' << 16) | ('u' << 8) | 'l', ('A' << 16) | ('u' << 8) | 'g',
-	    ('S' << 16) | ('e' << 8) | 'p', ('O' << 16) | ('c' << 8) | 't',
-	    ('N' << 16) | ('o' << 8) | 'v', ('D' << 16) | ('e' << 8) | 'c'};
-
-	if (!date)
-		return BAD_DATE;
-
-	while (ap_isspace(*date))	/* Find first non-whitespace char */
-		++date;
-
-	if (*date == '\0')
-		return BAD_DATE;
-
-	if ((date = strchr(date, ' ')) == NULL)	/* Find space after weekday */
-		return BAD_DATE;
-
-	++date;	/* Now pointing to first char after space, which should be
-		 * start of the actual date information for all 3 formats.
-		 */
-
-	if (ap_checkmask(date, "## @$$ #### ##:##:## *")) {
-		/* RFC 1123 format */
-		ds.tm_year = ((date[7] - '0') * 10 + (date[8] - '0') - 19) *
-		    100;
-		if (ds.tm_year < 0)
-			return BAD_DATE;
-
-		ds.tm_year += ((date[9] - '0') * 10) + (date[10] - '0');
-		ds.tm_mday = ((date[0] - '0') * 10) + (date[1] - '0');
-
-		monstr = date + 3;
-		timstr = date + 12;
-	} else if (ap_checkmask(date, "##-@$$-## ##:##:## *")) {
-		/* RFC 850 format  */
-		ds.tm_year = ((date[7] - '0') * 10) + (date[8] - '0');
-		if (ds.tm_year < 70)
-			ds.tm_year += 100;
-
-		ds.tm_mday = ((date[0] - '0') * 10) + (date[1] - '0');
-
-		monstr = date + 3;
-		timstr = date + 10;
-	} else if (ap_checkmask(date, "@$$ ~# ##:##:## ####*")) {
-		/* asctime format  */
-		ds.tm_year = ((date[16] - '0') * 10 + (date[17] - '0') - 19) *
-		    100;
-		if (ds.tm_year < 0)
-			return BAD_DATE;
-
-		ds.tm_year += ((date[18] - '0') * 10) + (date[19] - '0');
-
-		if (date[4] == ' ')
-			ds.tm_mday = 0;
-		else
-			ds.tm_mday = (date[4] - '0') * 10;
-
-		ds.tm_mday += (date[5] - '0');
-
-		monstr = date;
-		timstr = date + 7;
-	} else
-		return BAD_DATE;
-
-	if (ds.tm_mday <= 0 || ds.tm_mday > 31)
-		return BAD_DATE;
-
-	ds.tm_hour = ((timstr[0] - '0') * 10) + (timstr[1] - '0');
-	ds.tm_min = ((timstr[3] - '0') * 10) + (timstr[4] - '0');
-	ds.tm_sec = ((timstr[6] - '0') * 10) + (timstr[7] - '0');
-
-	if ((ds.tm_hour > 23) || (ds.tm_min > 59) || (ds.tm_sec > 61))
-		return BAD_DATE;
-
-	mint = (monstr[0] << 16) | (monstr[1] << 8) | monstr[2];
-	for (mon = 0; mon < 12; mon++)
-		if (mint == months[mon])
-			break;
-	if (mon == 12)
-		return BAD_DATE;
-
-	if ((ds.tm_mday == 31) && (mon == 3 || mon == 5 || mon == 8 ||
-	    mon == 10))
-		return BAD_DATE;
-
-	/* February gets special check for leapyear */
-	if ((mon == 1) &&
-	    ((ds.tm_mday > 29)
-	    || ((ds.tm_mday == 29)
-	    && ((ds.tm_year & 3)
-	    || (((ds.tm_year % 100) == 0)
-	    && (((ds.tm_year % 400) != 100)))))))
-		return BAD_DATE;
-
-	ds.tm_mon = mon;
-
-	return ap_tm2sec(&ds);
-}
diff --git a/usr.sbin/httpd/src/main/util_md5.c b/usr.sbin/httpd/src/main/util_md5.c
deleted file mode 100644
index 0a1d29399c1..00000000000
--- a/usr.sbin/httpd/src/main/util_md5.c
+++ /dev/null
@@ -1,210 +0,0 @@
-/*	$OpenBSD: util_md5.c,v 1.10 2008/05/15 06:05:43 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/************************************************************************
- * NCSA HTTPd Server
- * Software Development Group
- * National Center for Supercomputing Applications
- * University of Illinois at Urbana-Champaign
- * 605 E. Springfield, Champaign, IL 61820
- * httpd@ncsa.uiuc.edu
- *
- * Copyright  (C)  1995, Board of Trustees of the University of Illinois
- *
- ************************************************************************
- *
- * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code
- *
- *  Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc.
- *  Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon
- *     University (see Copyright below).
- *  Portions of Content-MD5 code Copyright (C) 1991 Bell Communications 
- *     Research, Inc. (Bellcore) (see Copyright below).
- *  Portions extracted from mpack, John G. Myers - jgm+@cmu.edu
- *  Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk)
- *
- */
-
-
-
-/* md5.c --Module Interface to MD5. */
-/* Jeff Hostetler, Spyglass, Inc., 1994. */
-
-#include "httpd.h"
-#include "util_md5.h"
-
-API_EXPORT(char *)
-ap_md5_binary(pool *p, const unsigned char *buf, int length)
-{
-	const char *hex = "0123456789abcdef";
-	AP_MD5_CTX my_md5;
-	unsigned char hash[16];
-	char *r, result[33];
-	int i;
-
-	/*
-	 * Take the MD5 hash of the string argument.
-	 */
-	ap_MD5Init(&my_md5);
-	ap_MD5Update(&my_md5, buf, (unsigned int)length);
-	ap_MD5Final(hash, &my_md5);
-
-	for (i = 0, r = result; i < 16; i++) {
-		*r++ = hex[hash[i] >> 4];
-		*r++ = hex[hash[i] & 0xF];
-	}
-	*r = '\0';
-
-	return ap_pstrdup(p, result);
-}
-
-API_EXPORT(char *)
-ap_md5(pool *p, const unsigned char *string)
-{
-	return ap_md5_binary(p, string, (int) strlen((char *)string));
-}
-
-/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */
-
-/* (C) Copyright 1993,1994 by Carnegie Mellon University
- * All Rights Reserved.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without
- * fee, provided that the above copyright notice appear in all copies
- * and that both that copyright notice and this permission notice
- * appear in supporting documentation, and that the name of Carnegie
- * Mellon University not be used in advertising or publicity
- * pertaining to distribution of the software without specific,
- * written prior permission.  Carnegie Mellon University makes no
- * representations about the suitability of this software for any
- * purpose.  It is provided "as is" without express or implied
- * warranty.
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/*
- * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore)
- *
- * Permission to use, copy, modify, and distribute this material
- * for any purpose and without fee is hereby granted, provided
- * that the above copyright notice and this permission notice
- * appear in all copies, and that the name of Bellcore not be
- * used in advertising or publicity pertaining to this
- * material without the specific, prior written permission
- * of an authorized representative of Bellcore.  BELLCORE
- * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY
- * OF THIS MATERIAL FOR ANY PURPOSE.  IT IS PROVIDED "AS IS",
- * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.  
- */
-
-static char basis_64[] =
-"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-API_EXPORT(char *)
-ap_md5contextTo64(pool *a, AP_MD5_CTX * context)
-{
-	unsigned char digest[18];
-	char *encodedDigest;
-	int i;
-	char *p;
-
-	encodedDigest = (char *)ap_pcalloc(a, 25 * sizeof(char));
-
-	ap_MD5Final(digest, context);
-	digest[sizeof(digest) - 1] = digest[sizeof(digest) - 2] = 0;
-
-	p = encodedDigest;
-	for (i = 0; i < sizeof(digest); i += 3) {
-		*p++ = basis_64[digest[i] >> 2];
-		*p++ = basis_64[((digest[i] & 0x3) << 4) |
-		    ((int)(digest[i + 1] & 0xF0) >> 4)];
-		*p++ = basis_64[((digest[i + 1] & 0xF) << 2) |
-		    ((int)(digest[i + 2] & 0xC0) >> 6)];
-		*p++ = basis_64[digest[i + 2] & 0x3F];
-	}
-	*p-- = '\0';
-	*p-- = '=';
-	*p-- = '=';
-	return encodedDigest;
-}
-
-API_EXPORT(char *)
-ap_md5digest(pool *p, FILE *infile)
-{
-	AP_MD5_CTX context;
-	unsigned char buf[1000];
-	unsigned int nbytes;
-
-	ap_MD5Init(&context);
-	while ((nbytes = fread(buf, 1, sizeof(buf), infile)))
-		ap_MD5Update(&context, buf, nbytes);
-
-	rewind(infile);
-	return ap_md5contextTo64(p, &context);
-}
diff --git a/usr.sbin/httpd/src/main/util_script.c b/usr.sbin/httpd/src/main/util_script.c
deleted file mode 100644
index db55216c381..00000000000
--- a/usr.sbin/httpd/src/main/util_script.c
+++ /dev/null
@@ -1,802 +0,0 @@
-/*	$OpenBSD: util_script.c,v 1.18 2008/05/15 06:05:43 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_core.h"		/* For document_root.  Sigh... */
-#include "http_request.h"	/* for sub_req_lookup_uri() */
-#include "util_script.h"
-#include "util_date.h"		/* For parseHTTPdate() */
-
-
-/*
- * Various utility functions which are common to a whole lot of
- * script-type extensions mechanisms, and might as well be gathered
- * in one place (if only to avoid creating inter-module dependancies
- * where there don't have to be).
- */
-
-#define MALFORMED_MESSAGE "malformed header from script. Bad header="
-#define MALFORMED_HEADER_LENGTH_TO_SHOW 30
-
-/* If a request includes query info in the URL (stuff after "?"), and
- * the query info does not contain "=" (indicative of a FORM submission),
- * then this routine is called to create the argument list to be passed
- * to the CGI script.  When suexec is enabled, the suexec path, user, and
- * group are the first three arguments to be passed; if not, all three
- * must be NULL.  The query info is split into separate arguments, where
- * "+" is the separator between keyword arguments.
- */
-static char **create_argv(pool *p, char *path, char *user, char *group,
-			  char *av0, const char *args)
-{
-    int x, numwords;
-    char **av;
-    char *w;
-    int idx = 0;
-
-    /* count the number of keywords */
-
-    for (x = 0, numwords = 1; args[x]; x++) {
-        if (args[x] == '+') {
-	    ++numwords;
-	}
-    }
-
-    if (numwords > APACHE_ARG_MAX - 5) {
-	numwords = APACHE_ARG_MAX - 5;	/* Truncate args to prevent overrun */
-    }
-    av = (char **) ap_palloc(p, (numwords + 5) * sizeof(char *));
-
-    if (path) {
-	av[idx++] = path;
-    }
-    if (user) {
-	av[idx++] = user;
-    }
-    if (group) {
-	av[idx++] = group;
-    }
-
-    av[idx++] = av0;
-
-    for (x = 1; x <= numwords; x++) {
-	w = ap_getword_nulls(p, &args, '+');
-	ap_unescape_url(w);
-	av[idx++] = ap_escape_shell_cmd(p, w);
-    }
-    av[idx] = NULL;
-    return av;
-}
-
-
-static char *http2env(pool *a, char *w)
-{
-    char *res = ap_pstrcat(a, "HTTP_", w, NULL);
-    char *cp = res;
-
-    while (*++cp) {
-	if (!ap_isalnum(*cp) && *cp != '_') {
-	    *cp = '_';
-	}
-	else {
-	    *cp = ap_toupper(*cp);
-	}
-    }
-
-    return res;
-}
-
-API_EXPORT(char **) ap_create_environment(pool *p, table *t)
-{
-    array_header *env_arr = ap_table_elts(t);
-    table_entry *elts = (table_entry *) env_arr->elts;
-    char **env = (char **) ap_palloc(p, (env_arr->nelts + 2) * sizeof(char *));
-    int i, j;
-    char *tz;
-    char *whack;
-
-    j = 0;
-    if (!ap_table_get(t, "TZ")) {
-	tz = getenv("TZ");
-	if (tz != NULL) {
-	    env[j++] = ap_pstrcat(p, "TZ=", tz, NULL);
-	}
-    }
-    for (i = 0; i < env_arr->nelts; ++i) {
-        if (!elts[i].key) {
-	    continue;
-	}
-	env[j] = ap_pstrcat(p, elts[i].key, "=", elts[i].val, NULL);
-	whack = env[j];
-	if (ap_isdigit(*whack)) {
-	    *whack++ = '_';
-	}
-	while (*whack != '=') {
-	    if (!ap_isalnum(*whack) && *whack != '_') {
-		*whack = '_';
-	    }
-	    ++whack;
-	}
-	++j;
-    }
-
-    env[j] = NULL;
-    return env;
-}
-
-API_EXPORT(void) ap_add_common_vars(request_rec *r)
-{
-    table *e;
-    server_rec *s = r->server;
-    conn_rec *c = r->connection;
-    const char *rem_logname;
-    char *env_path;
-    const char *host;
-    array_header *hdrs_arr = ap_table_elts(r->headers_in);
-    table_entry *hdrs = (table_entry *) hdrs_arr->elts;
-    int i;
-    char servbuf[NI_MAXSERV];
-
-    /* use a temporary table which we'll overlap onto
-     * r->subprocess_env later
-     */
-    e = ap_make_table(r->pool, 25 + hdrs_arr->nelts);
-
-    /* First, add environment vars from headers... this is as per
-     * CGI specs, though other sorts of scripting interfaces see
-     * the same vars...
-     */
-
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-        if (!hdrs[i].key) {
-	    continue;
-	}
-
-	/* A few headers are special cased --- Authorization to prevent
-	 * rogue scripts from capturing passwords; content-type and -length
-	 * for no particular reason.
-	 */
-
-	if (!strcasecmp(hdrs[i].key, "Content-type")) {
-	    ap_table_addn(e, "CONTENT_TYPE", hdrs[i].val);
-	}
-	else if (!strcasecmp(hdrs[i].key, "Content-length")) {
-	    ap_table_addn(e, "CONTENT_LENGTH", hdrs[i].val);
-	}
-	/*
-	 * You really don't want to disable this check, since it leaves you
-	 * wide open to CGIs stealing passwords and people viewing them
-	 * in the environment with "ps -e".  But, if you must...
-	 */
-	else if (!strcasecmp(hdrs[i].key, "Authorization") 
-		 || !strcasecmp(hdrs[i].key, "Proxy-Authorization")) {
-	    continue;
-	}
-	else {
-	    ap_table_addn(e, http2env(r->pool, hdrs[i].key), hdrs[i].val);
-	}
-    }
-
-    if (!(env_path = ap_pstrdup(r->pool, getenv("PATH")))) {
-	env_path = DEFAULT_PATH;
-    }
-
-    ap_table_addn(e, "PATH", env_path);
-    ap_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
-    ap_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version());
-    ap_table_addn(e, "SERVER_NAME", 
-		  ap_escape_html(r->pool,ap_get_server_name(r)));
-    ap_table_addn(e, "SERVER_ADDR", r->connection->local_ip);	/* Apache */
-    ap_table_addn(e, "SERVER_PORT",
-		  ap_psprintf(r->pool, "%u", ap_get_server_port(r)));
-    host = ap_get_remote_host(c, r->per_dir_config, REMOTE_HOST);
-    if (host) {
-	ap_table_addn(e, "REMOTE_HOST", host);
-    }
-    ap_table_addn(e, "REMOTE_ADDR", c->remote_ip);
-    ap_table_addn(e, "DOCUMENT_ROOT", ap_document_root(r));	/* Apache */
-    ap_table_addn(e, "SERVER_ADMIN", s->server_admin);	/* Apache */
-    ap_table_addn(e, "SCRIPT_FILENAME", r->filename);	/* Apache */
-
-    servbuf[0] = '\0';
-    if (!getnameinfo((struct sockaddr *)&c->remote_addr,
-#ifndef HAVE_SOCKADDR_LEN
-		     SA_LEN((struct sockaddr *)&c->remote_addr),
-#else
-		     c->remote_addr.ss_len,
-#endif
-		     NULL, 0, servbuf, sizeof(servbuf), NI_NUMERICSERV)){
-	ap_table_addn(e, "REMOTE_PORT", ap_pstrdup(r->pool, servbuf));
-    }
-
-    if (c->user) {
-	ap_table_addn(e, "REMOTE_USER", c->user);
-    }
-    if (c->ap_auth_type) {
-	ap_table_addn(e, "AUTH_TYPE", c->ap_auth_type);
-    }
-    rem_logname = ap_get_remote_logname(r);
-    if (rem_logname) {
-	ap_table_addn(e, "REMOTE_IDENT", ap_pstrdup(r->pool, rem_logname));
-    }
-
-    /* Apache custom error responses. If we have redirected set two new vars */
-
-    if (r->prev) {
-        if (r->prev->args) {
-	    ap_table_addn(e, "REDIRECT_QUERY_STRING", r->prev->args);
-	}
-	if (r->prev->uri) {
-	    ap_table_addn(e, "REDIRECT_URL", r->prev->uri);
-	}
-    }
-
-    ap_overlap_tables(r->subprocess_env, e, AP_OVERLAP_TABLES_SET);
-}
-
-/* This "cute" little function comes about because the path info on
- * filenames and URLs aren't always the same. So we take the two,
- * and find as much of the two that match as possible.
- */
-
-API_EXPORT(int) ap_find_path_info(const char *uri, const char *path_info)
-{
-    int lu = strlen(uri);
-    int lp = strlen(path_info);
-
-    while (lu-- && lp-- && uri[lu] == path_info[lp]);
-
-    if (lu == -1) {
-	lu = 0;
-    }
-
-    while (uri[lu] != '\0' && uri[lu] != '/') {
-        lu++;
-    }
-    return lu;
-}
-
-/* Obtain the Request-URI from the original request-line, returning
- * a new string from the request pool containing the URI or "".
- */
-static char *original_uri(request_rec *r)
-{
-    char *first, *last;
-
-    if (r->the_request == NULL) {
-	return (char *) ap_pcalloc(r->pool, 1);
-    }
-
-    first = r->the_request;	/* use the request-line */
-
-    while (*first && !ap_isspace(*first)) {
-	++first;		/* skip over the method */
-    }
-    while (ap_isspace(*first)) {
-	++first;		/*   and the space(s)   */
-    }
-
-    last = first;
-    while (*last && !ap_isspace(*last)) {
-	++last;			/* end at next whitespace */
-    }
-
-    return ap_pstrndup(r->pool, first, last - first);
-}
-
-API_EXPORT(void) ap_add_cgi_vars(request_rec *r)
-{
-    table *e = r->subprocess_env;
-
-    ap_table_setn(e, "GATEWAY_INTERFACE", "CGI/1.1");
-    ap_table_setn(e, "SERVER_PROTOCOL", r->protocol);
-    ap_table_setn(e, "REQUEST_METHOD", r->method);
-    ap_table_setn(e, "QUERY_STRING", r->args ? r->args : "");
-    ap_table_setn(e, "REQUEST_URI", original_uri(r));
-
-    /* Note that the code below special-cases scripts run from includes,
-     * because it "knows" that the sub_request has been hacked to have the
-     * args and path_info of the original request, and not any that may have
-     * come with the script URI in the include command.  Ugh.
-     */
-
-    if (!strcmp(r->protocol, "INCLUDED")) {
-	ap_table_setn(e, "SCRIPT_NAME", r->uri);
-	if (r->path_info && *r->path_info) {
-	    ap_table_setn(e, "PATH_INFO", r->path_info);
-	}
-    }
-    else if (!r->path_info || !*r->path_info) {
-	ap_table_setn(e, "SCRIPT_NAME", r->uri);
-    }
-    else {
-	int path_info_start = ap_find_path_info(r->uri, r->path_info);
-
-	ap_table_setn(e, "SCRIPT_NAME",
-		      ap_pstrndup(r->pool, r->uri, path_info_start));
-
-	ap_table_setn(e, "PATH_INFO", r->path_info);
-    }
-
-    if (r->path_info && r->path_info[0]) {
-	/*
-	 * To get PATH_TRANSLATED, treat PATH_INFO as a URI path.
-	 * Need to re-escape it for this, since the entire URI was
-	 * un-escaped before we determined where the PATH_INFO began.
-	 */
-	request_rec *pa_req;
-
-	pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info), r);
-
-	if (pa_req->filename) {
-	    char *pt = ap_pstrcat(r->pool, pa_req->filename, pa_req->path_info,
-				  NULL);
-	    ap_table_setn(e, "PATH_TRANSLATED", pt);
-	}
-	ap_destroy_sub_req(pa_req);
-    }
-}
-
-
-static int set_cookie_doo_doo(void *v, const char *key, const char *val)
-{
-    ap_table_addn(v, key, val);
-    return 1;
-}
-
-API_EXPORT(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
-				       int (*getsfunc) (char *, int, void *),
-				       void *getsfunc_data)
-{
-    char x[MAX_STRING_LEN];
-    char *w, *l;
-    int p;
-    int cgi_status = HTTP_OK;
-    table *merge;
-    table *cookie_table;
-
-    if (buffer) {
-	*buffer = '\0';
-    }
-    w = buffer ? buffer : x;
-
-    ap_hard_timeout("read script header", r);
-
-    /* temporary place to hold headers to merge in later */
-    merge = ap_make_table(r->pool, 10);
-
-    /* The HTTP specification says that it is legal to merge duplicate
-     * headers into one.  Some browsers that support Cookies don't like
-     * merged headers and prefer that each Set-Cookie header is sent
-     * separately.  Lets humour those browsers by not merging.
-     * Oh what a pain it is.
-     */
-    cookie_table = ap_make_table(r->pool, 2);
-    ap_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, "Set-Cookie", NULL);
-
-    while (1) {
-
-	if ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data) == 0) {
-	    ap_kill_timeout(r);
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Premature end of script headers: %s", r->filename);
-	    return HTTP_INTERNAL_SERVER_ERROR;
-	}
-
-	/* Delete terminal (CR?)LF */
-
-	p = strlen(w);
-        /* Indeed, the host's '\n':
-           '\012' for UNIX; '\015' for MacOS; '\025' for OS/390
-           -- whatever the script generates.
-        */
-	if (p > 0 && w[p - 1] == '\n') {
-	    if (p > 1 && w[p - 2] == CR) {
-		w[p - 2] = '\0';
-	    }
-	    else {
-		w[p - 1] = '\0';
-	    }
-	}
-
-	/*
-	 * If we've finished reading the headers, check to make sure any
-	 * HTTP/1.1 conditions are met.  If so, we're done; normal processing
-	 * will handle the script's output.  If not, just return the error.
-	 * The appropriate thing to do would be to send the script process a
-	 * SIGPIPE to let it know we're ignoring it, close the channel to the
-	 * script process, and *then* return the failed-to-meet-condition
-	 * error.  Otherwise we'd be waiting for the script to finish
-	 * blithering before telling the client the output was no good.
-	 * However, we don't have the information to do that, so we have to
-	 * leave it to an upper layer.
-	 */
-	if (w[0] == '\0') {
-	    int cond_status = OK;
-
-	    ap_kill_timeout(r);
-	    if ((cgi_status == HTTP_OK) && (r->method_number == M_GET)) {
-		cond_status = ap_meets_conditions(r);
-	    }
-	    ap_overlap_tables(r->err_headers_out, merge,
-		AP_OVERLAP_TABLES_MERGE);
-	    if (!ap_is_empty_table(cookie_table)) {
-		/* the cookies have already been copied to the cookie_table */
-		ap_table_unset(r->err_headers_out, "Set-Cookie");
-		r->err_headers_out = ap_overlay_tables(r->pool,
-		    r->err_headers_out, cookie_table);
-	    }
-	    return cond_status;
-	}
-
-	/* if we see a bogus header don't ignore it. Shout and scream */
-
-	if (!(l = strchr(w, ':'))) {
-	    char malformed[(sizeof MALFORMED_MESSAGE) + 1
-			   + MALFORMED_HEADER_LENGTH_TO_SHOW];
-
-	    strlcpy(malformed, MALFORMED_MESSAGE, sizeof(malformed));
-	    strncat(malformed, w, MALFORMED_HEADER_LENGTH_TO_SHOW);
-
-	    if (!buffer) {
-		/* Soak up all the script output - may save an outright kill */
-	        while ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data)) {
-		    continue;
-		}
-	    }
-
-	    ap_kill_timeout(r);
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "%s: %s", malformed, r->filename);
-	    return HTTP_INTERNAL_SERVER_ERROR;
-	}
-
-	*l++ = '\0';
-	while (ap_isspace(*l)) {
-	    ++l;
-	}
-
-	if (!strcasecmp(w, "Content-type")) {
-	    char *tmp;
-
-	    /* Nuke trailing whitespace */
-
-	    char *endp = l + strlen(l) - 1;
-	    while (endp > l && ap_isspace(*endp)) {
-		*endp-- = '\0';
-	    }
-
-	    tmp = ap_pstrdup(r->pool, l);
-	    ap_content_type_tolower(tmp);
-	    r->content_type = tmp;
-	}
-	/*
-	 * If the script returned a specific status, that's what
-	 * we'll use - otherwise we assume 200 OK.
-	 */
-	else if (!strcasecmp(w, "Status")) {
-	    r->status = cgi_status = atoi(l);
-	    r->status_line = ap_pstrdup(r->pool, l);
-	}
-	else if (!strcasecmp(w, "Location")) {
-	    ap_table_set(r->headers_out, w, l);
-	}
-	else if (!strcasecmp(w, "Content-Length")) {
-	    ap_table_set(r->headers_out, w, l);
-	}
-	else if (!strcasecmp(w, "Transfer-Encoding")) {
-	    ap_table_set(r->headers_out, w, l);
-	}
-	/*
-	 * If the script gave us a Last-Modified header, we can't just
-	 * pass it on blindly because of restrictions on future values.
-	 */
-	else if (!strcasecmp(w, "Last-Modified")) {
-	    time_t mtime = ap_parseHTTPdate(l);
-
-	    ap_update_mtime(r, mtime);
-	    ap_set_last_modified(r);
-	}
-	else if (!strcasecmp(w, "Set-Cookie")) {
-	    ap_table_add(cookie_table, w, l);
-	}
-	else {
-	    ap_table_add(merge, w, l);
-	}
-    }
-}
-
-static int getsfunc_FILE(char *buf, int len, void *f)
-{
-    return fgets(buf, len, (FILE *) f) != NULL;
-}
-
-API_EXPORT(int) ap_scan_script_header_err(request_rec *r, FILE *f,
-					  char *buffer)
-{
-    return ap_scan_script_header_err_core(r, buffer, getsfunc_FILE, f);
-}
-
-static int getsfunc_BUFF(char *w, int len, void *fb)
-{
-    return ap_bgets(w, len, (BUFF *) fb) > 0;
-}
-
-API_EXPORT(int) ap_scan_script_header_err_buff(request_rec *r, BUFF *fb,
-					       char *buffer)
-{
-    return ap_scan_script_header_err_core(r, buffer, getsfunc_BUFF, fb);
-}
-
-struct vastrs {
-    va_list args;
-    int arg;
-    const char *curpos;
-};
-
-static int getsfunc_STRING(char *w, int len, void *pvastrs)
-{
-    struct vastrs *strs = (struct vastrs*) pvastrs;
-    char *p;
-    int t;
-    
-    if (!strs->curpos || !*strs->curpos) 
-        return 0;
-    p = strchr(strs->curpos, '\n');
-    if (p)
-        ++p;
-    else
-        p = strchr(strs->curpos, '\0');
-    t = p - strs->curpos;
-    if (t > len)
-        t = len;
-    strncpy (w, strs->curpos, t);
-    w[t] = '\0';
-    if (!strs->curpos[t]) {
-        ++strs->arg;
-        strs->curpos = va_arg(strs->args, const char *);
-    }
-    else
-        strs->curpos += t;
-    return t;    
-}
-
-/* ap_scan_script_header_err_strs() accepts additional const char* args...
- * each is treated as one or more header lines, and the first non-header
- * character is returned to **arg, **data.  (The first optional arg is
- * counted as 0.)
- */
-API_EXPORT_NONSTD(int) ap_scan_script_header_err_strs(request_rec *r, 
-                                                      char *buffer, 
-                                                      const char **termch,
-                                                      int *termarg, ...)
-{
-    struct vastrs strs;
-    int res;
-
-    va_start(strs.args, termarg);
-    strs.arg = 0;
-    strs.curpos = va_arg(strs.args, char*);
-    res = ap_scan_script_header_err_core(r, buffer, getsfunc_STRING, (void *) &strs);
-    if (termch)
-        *termch = strs.curpos;
-    if (termarg)
-        *termarg = strs.arg;
-    va_end(strs.args);
-    return res;
-}
-
-API_EXPORT(void) ap_send_size(size_t size, request_rec *r)
-{
-    /* XXX: this -1 thing is a gross hack */
-    if (size == (size_t)-1) {
-	ap_rputs("    -", r);
-    }
-    else if (!size) {
-	ap_rputs("   0k", r);
-    }
-    else if (size < 1024) {
-	ap_rputs("   1k", r);
-    }
-    else if (size < 1048576) {
-	ap_rprintf(r, "%4dk", (int)((size + 512) / 1024));
-    }
-    else if (size < 103809024) {
-	ap_rprintf(r, "%4.1fM", size / 1048576.0);
-    }
-    else {
-	ap_rprintf(r, "%4dM", (int)((size + 524288) / 1048576));
-    }
-}
-
-API_EXPORT(int) ap_call_exec(request_rec *r, child_info *pinfo, char *argv0,
-			     char **env, int shellcmd)
-{
-    int pid = 0;
-    core_dir_config *conf;
-    conf = (core_dir_config *) ap_get_module_config(r->per_dir_config,
-						    &core_module);
-
-    /* the fd on r->server->error_log is closed, but we need somewhere to
-     * put the error messages from the log_* functions. So, we use stderr,
-     * since that is better than allowing errors to go unnoticed.  Don't do
-     * this on Win32, though, since we haven't fork()'d.
-     */
-    r->server->error_log = stderr;
-
-    if (conf->limit_cpu != NULL) {
-        if ((setrlimit(RLIMIT_CPU, conf->limit_cpu)) != 0) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-			 "setrlimit: failed to set CPU usage limit");
-	}
-    }
-    if (conf->limit_nproc != NULL) {
-        if ((setrlimit(RLIMIT_NPROC, conf->limit_nproc)) != 0) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-			 "setrlimit: failed to set process limit");
-	}
-    }
-    if (conf->limit_mem != NULL) {
-        if ((setrlimit(RLIMIT_DATA, conf->limit_mem)) != 0) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-			 "setrlimit(RLIMIT_DATA): failed to set memory "
-			 "usage limit");
-	}
-    }
-    if (ap_suexec_enabled
-	&& ((r->server->server_uid != ap_user_id)
-	    || (r->server->server_gid != ap_group_id)
-	    || (!strncmp("/~", r->uri, 2)))) {
-
-	char *execuser, *grpname;
-	struct passwd *pw;
-	struct group *gr;
-
-	if (!strncmp("/~", r->uri, 2)) {
-	    gid_t user_gid;
-	    char *username = ap_pstrdup(r->pool, r->uri + 2);
-	    char *pos = strchr(username, '/');
-
-	    if (pos) {
-		*pos = '\0';
-	    }
-
-	    if ((pw = getpwnam(username)) == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-			     "getpwnam: invalid username %s", username);
-		return (pid);
-	    }
-	    execuser = ap_pstrcat(r->pool, "~", pw->pw_name, NULL);
-	    user_gid = pw->pw_gid;
-
-	    if ((gr = getgrgid(user_gid)) == NULL) {
-	        if ((grpname = ap_palloc(r->pool, 16)) == NULL) {
-		    return (pid);
-		}
-		else {
-		    ap_snprintf(grpname, 16, "%ld", (long) user_gid);
-		}
-	    }
-	    else {
-		grpname = gr->gr_name;
-	    }
-	}
-	else {
-	    if ((pw = getpwuid(r->server->server_uid)) == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-			     "getpwuid: invalid userid %ld",
-			     (long) r->server->server_uid);
-		return (pid);
-	    }
-	    execuser = ap_pstrdup(r->pool, pw->pw_name);
-
-	    if ((gr = getgrgid(r->server->server_gid)) == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-			     "getgrgid: invalid groupid %ld",
-			     (long) r->server->server_gid);
-		return (pid);
-	    }
-	    grpname = gr->gr_name;
-	}
-
-	if (shellcmd) {
-	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0,
-		   (char *)NULL, env);
-	}
-
-	else if ((conf->cgi_command_args == AP_FLAG_OFF)
-            || (!r->args) || (!r->args[0])
-            || strchr(r->args, '=')) {
-	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0,
-		   (char *)NULL, env);
-	}
-
-	else {
-	    execve(SUEXEC_BIN,
-		   create_argv(r->pool, SUEXEC_BIN, execuser, grpname,
-			       argv0, r->args),
-		   env);
-	}
-    }
-    else {
-        if (shellcmd) {
-	    execle(SHELL_PATH, SHELL_PATH, "-c", argv0, (char *)NULL, env);
-	}
-
-	else if ((conf->cgi_command_args == AP_FLAG_OFF)
-            || (!r->args) || (!r->args[0])
-            || strchr(r->args, '=')) {
-	    execle(r->filename, argv0, (void*)NULL, env);
-	}
-
-	else {
-	    execve(r->filename,
-		   create_argv(r->pool, NULL, NULL, NULL, argv0, r->args),
-		   env);
-	}
-    }
-    return (pid);
-}
diff --git a/usr.sbin/httpd/src/main/util_uri.c b/usr.sbin/httpd/src/main/util_uri.c
deleted file mode 100644
index 5865a2163a9..00000000000
--- a/usr.sbin/httpd/src/main/util_uri.c
+++ /dev/null
@@ -1,507 +0,0 @@
-/*	$OpenBSD: util_uri.c,v 1.11 2008/05/15 06:05:44 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * util_uri.c: URI related utility things
- * 
- */
-
-#include "httpd.h"
-#include "http_log.h"
-#include "http_conf_globals.h"  /* for user_id & group_id */
-#include "util_uri.h"
-
-/* 
- * Some WWW schemes and their default ports; this is basically /etc/services
- * This will become global when the protocol abstraction comes
- * As the schemes are searched by a linear search,
- * they are sorted by their expected frequency
- */
-static schemes_t schemes[] = {
-	{"http", DEFAULT_HTTP_PORT},
-	{"ftp", DEFAULT_FTP_PORT},
-	{"https", DEFAULT_HTTPS_PORT},
-	{"gopher", DEFAULT_GOPHER_PORT},
-	{"wais", DEFAULT_WAIS_PORT},
-	{"nntp", DEFAULT_NNTP_PORT},
-	{"snews", DEFAULT_SNEWS_PORT},
-	{"prospero", DEFAULT_PROSPERO_PORT},
-	{NULL, 0xFFFF}              /* unknown port */
-};
-
-
-API_EXPORT(unsigned short)
-ap_default_port_for_scheme(const char *scheme_str)
-{
-	schemes_t *scheme;
-
-	if (scheme_str == NULL)
-		return 0;
-
-	for (scheme = schemes; scheme->name != NULL; ++scheme)
-		if (strcasecmp(scheme_str, scheme->name) == 0)
-			return scheme->default_port;
-
-	return 0;
-}
-
-API_EXPORT(unsigned short)
-ap_default_port_for_request(const request_rec *r)
-{
-	return (r->parsed_uri.scheme)
-	    ? ap_default_port_for_scheme(r->parsed_uri.scheme) : 0;
-}
-
-/* 
- * Create a copy of a "struct hostent" record; it was presumably returned
- * from a call to gethostbyname() and lives in static storage.
- * By creating a copy we can tuck it away for later use.
- */
-API_EXPORT(struct hostent *)
-ap_pduphostent(pool *p, const struct hostent *hp)
-{
-	struct hostent *newent;
-	char **ptrs;
-	char **aliases;
-	struct in_addr *addrs;
-	int i = 0, j = 0;
-
-	if (hp == NULL)
-		return NULL;
-
-	/* Count number of alias entries */
-	if (hp->h_aliases != NULL)
-		for (; hp->h_aliases[j] != NULL; ++j)
-			continue;
-
-	/* Count number of in_addr entries */
-	if (hp->h_addr_list != NULL)
-		for (; hp->h_addr_list[i] != NULL; ++i)
-			continue;
-
-	/* Allocate hostent structure, alias ptrs, addr ptrs, addrs */
-	newent = (struct hostent *)ap_palloc(p, sizeof(*hp));
-	aliases = (char **)ap_palloc(p, (j + 1) * sizeof(char *));
-	ptrs = (char **)ap_palloc(p, (i + 1) * sizeof(char *));
-	addrs = (struct in_addr *)ap_palloc(p, (i + 1) * sizeof(struct in_addr));
-
-	*newent = *hp;
-	newent->h_name = ap_pstrdup(p, hp->h_name);
-	newent->h_aliases = aliases;
-	newent->h_addr_list = (char **)ptrs;
-
-	/* Copy Alias Names: */
-	for (j = 0; hp->h_aliases[j] != NULL; ++j)
-		aliases[j] = ap_pstrdup(p, hp->h_aliases[j]);
-	aliases[j] = NULL;
-
-	/* Copy address entries */
-	for (i = 0; hp->h_addr_list[i] != NULL; ++i) {
-		ptrs[i] = (char *)&addrs[i];
-		addrs[i] = *(struct in_addr *)hp->h_addr_list[i];
-	}
-	ptrs[i] = NULL;
-
-	return newent;
-}
-
-
-/*
- * pgethostbyname(): resolve hostname, if successful return an ALLOCATED
- * COPY OF the hostent structure, intended to be stored and used later.
- * (gethostbyname() uses static storage that would be overwritten on each call)
- */
-API_EXPORT(struct hostent *)
-ap_pgethostbyname(pool *p, const char *hostname)
-{
-	struct hostent *hp = gethostbyname(hostname);
-	return (hp == NULL) ? NULL : ap_pduphostent(p, hp);
-}
-
-
-/* Unparse a uri_components structure to an URI string.
- * Optionally suppress the password for security reasons.
- * See also RFC 2396.
- */
-API_EXPORT(char *)
-ap_unparse_uri_components(pool *p, const uri_components * uptr, unsigned flags)
-{
-	char *parts[16];     /* 16 distinct parts of a URI */
-	char *scheme = NULL; /* to hold the scheme without modifying const
-			     /* args */
-	int j = 0;           /* an index into parts */
-
-	memset(parts, 0, sizeof(parts));
-
-	/*
-	 * If suppressing the site part, omit all of
-	 * scheme://user:pass@host:port
-	 */
-	if (!(flags & UNP_OMITSITEPART)) {
-
-		/* 
-		 * if the user passes in a scheme, we'll assume an
-		 * absoluteURI
-		 */
-		if (uptr->scheme) {
-			scheme = uptr->scheme;
-
-			parts[j++] = uptr->scheme;
-			parts[j++] = ":";
-		}
-
-		/* handle the hier_part */
-		if (uptr->user || uptr->password || uptr->hostname) {
-			/* this stuff requires absoluteURI, so we have to
-			 * add the scheme
-			 */
-			if (!uptr->scheme) {
-				scheme = DEFAULT_URI_SCHEME;
-
-				parts[j++] = DEFAULT_URI_SCHEME;
-				parts[j++] = ":";
-			}
-
-			parts[j++] = "//";
-
-			/* userinfo requires hostport */
-			if (uptr->hostname && (uptr->user || uptr->password)) {
-				if (uptr->user && !(flags & UNP_OMITUSER))
-					parts[j++] = uptr->user;
-
-				if (uptr->password &&
-				    !(flags & UNP_OMITPASSWORD)) {
-					parts[j++] = ":";
-
-					if (flags & UNP_REVEALPASSWORD)
-						parts[j++] = uptr->password;
-					else
-						parts[j++] = "XXXXXXXX";
-				}    
-
-				parts[j++] = "@";
-			}                
-
-			/* If we get here, there must be a hostname. */
-			parts[j++] = uptr->hostname;
-
-			/*
-			 * Emit the port.  A small beautification
-			 * prevents http://host:80/ and similar visual blight.
-			 */
-			if (uptr->port_str && !(uptr->port && scheme &&
-			    uptr->port == ap_default_port_for_scheme(scheme))) {
-				parts[j++] = ":";
-				parts[j++] = uptr->port_str;
-			}
-		}
-	}
-
-	if (!(flags & UNP_OMITPATHINFO)) {
-
-
-		/* We must ensure we don't put out a hier_part and a rel_path */
-		if (j && uptr->path && *uptr->path != '/')
-			parts[j++] = "/";
-
-		if (uptr->path != NULL)
-			parts[j++] = uptr->path;
-
-		if (!(flags & UNP_OMITQUERY)) {
-			if (uptr->query) {
-				parts[j++] = "?";
-				parts[j++] = uptr->query;
-			}
-
-			if (uptr->fragment) {
-				parts[j++] = "#";
-				parts[j++] = uptr->fragment;
-			}
-		}
-	}
-
-	/* Ugly, but correct and probably faster than ap_vsnprintf. */
-	return ap_pstrcat(p, parts[0], parts[1], parts[2], parts[3], parts[4],
-	    parts[5], parts[6], parts[7], parts[8], parts[9], parts[10],
-	    parts[11], parts[12], parts[13], parts[14], parts[15], NULL);
-}
-
-/*
- * Here is the hand-optimized parse_uri_components().  There are some wild
- * tricks we could pull in assembly language that we don't pull here... like we
- * can do word-at-time scans for delimiter characters using the same technique
- * that fast memchr()s use.  But that would be way non-portable. -djg
- */
-
-/* 
- * We have a table that we can index by character and it tells us if the
- * character is one of the interesting delimiters.  Note that we even get
- * compares for NUL for free -- it's just another delimiter.
- */
-
-#define T_COLON         0x01    /* ':' */
-#define T_SLASH         0x02    /* '/' */
-#define T_QUESTION      0x04    /* '?' */
-#define T_HASH          0x08    /* '#' */
-#define T_NUL           0x80    /* '\0' */
-
-/* the uri_delims.h file is autogenerated by gen_uri_delims.c */
-#include "uri_delims.h"
-
-/* it works like this:
-    if (uri_delims[ch] & NOTEND_foobar) {
-        then we're not at a delimiter for foobar
-    }
-*/
-
-/* Note that we optimize the scheme scanning here, we cheat and let the
- * compiler know that it doesn't have to do the & masking.
- */
-#define NOTEND_SCHEME   (0xff)
-#define NOTEND_HOSTINFO (T_SLASH | T_QUESTION | T_HASH | T_NUL)
-#define NOTEND_PATH     (T_QUESTION | T_HASH | T_NUL)
-
-void
-ap_util_uri_init(void)
-{
-	/*
-	 * Nothing to do - except....
-	 * UTIL_URI_REGEX was removed, but third parties may depend on this
-	 * symbol being present. So, we'll leave it in.... - vjo
-	 */
-}
-
-/* parse_uri_components():
- * Parse a given URI, fill in all supplied fields of a uri_components
- * structure. This eliminates the necessity of extracting host, port,
- * path, query info repeatedly in the modules.
- * Side effects:
- *  - fills in fields of uri_components *uptr
- *  - none on any of the r->* fields
- */
-API_EXPORT(int)
-ap_parse_uri_components(pool *p, const char *uri, uri_components * uptr)
-{
-	const char *s;
-	const char *s1;
-	const char *hostinfo;
-	char *endstr;
-	int port;
-
-	/* Initialize the structure. parse_uri() and parse_uri_components()
-	 * can be called more than once per request.
-	 */
-	memset(uptr, '\0', sizeof(*uptr));
-	uptr->is_initialized = 1;
-
-	/* We assume the processor has a branch predictor like most --
-	 * it assumes forward branches are untaken and backwards are taken.
-	 * That's the reason for the gotos.  -djg
-	 */
-	if (uri[0] == '/') {
-		deal_with_path:
-		/* we expect uri to point to first character of path ...
-		 * remember that the path could be empty -- 
-		 * http://foobar?query for example
-		 */
-		s = uri;
-		while ((uri_delims[*(unsigned char *)s] & NOTEND_PATH) == 0)
-			++s;
-
-		if (s != uri)
-			uptr->path = ap_pstrndup(p, uri, s - uri);
-
-		if (*s == 0)
-			return HTTP_OK;
-
-		if (*s == '?') {
-			++s;
-			s1 = strchr(s, '#');
-			if (s1) {
-				uptr->fragment = ap_pstrdup(p, s1 + 1);
-				uptr->query = ap_pstrndup(p, s, s1 - s);
-			} else
-				uptr->query = ap_pstrdup(p, s);
-
-			return HTTP_OK;
-		}
-		/* otherwise it's a fragment */
-		uptr->fragment = ap_pstrdup(p, s + 1);
-		return HTTP_OK;
-	}
-
-	/* find the scheme: */
-	s = uri;
-	while ((uri_delims[*(unsigned char *) s] & NOTEND_SCHEME) == 0)
-		++s;
-
-	/* scheme must be non-empty and followed by :// */
-	if (s == uri || s[0] != ':' || s[1] != '/' || s[2] != '/')
-		goto deal_with_path;    /* backwards predicted taken! */
-
-
-	uptr->scheme = ap_pstrndup(p, uri, s - uri);
-	s += 3;
-	hostinfo = s;
-	while ((uri_delims[*(unsigned char *) s] & NOTEND_HOSTINFO) == 0)
-		++s;
-
-	uri = s;	/* whatever follows hostinfo is start of uri */
-	uptr->hostinfo = ap_pstrndup(p, hostinfo, uri - hostinfo);
-
-	/* If there's a username:password@host:port, the @ we want is
-	 * the last @...too bad there's no memrchr()... For the C purists,
-	 * note that hostinfo is definately not the first character of the
-	 * original uri so therefore &hostinfo[-1] < &hostinfo[0] ...
-	 *  and this loop is valid C.
-	 */
-	do {
-		--s;
-	} while (s >= hostinfo && *s != '@');
-	if (s < hostinfo) {
-		/* again we want the common case to be fall through */
-		deal_with_host:
-		/* We expect hostinfo to point to the first character of
-		 * the hostname.  If there's a port it is the first colon.
-		 */
-		if (*hostinfo == '[') {
-			s = memchr(hostinfo+1, ']', uri - hostinfo - 1);
-			if (s)
-				s = strchr(s, ':');
-		} else
-			s = memchr(hostinfo, ':', uri - hostinfo);
-		if (s == NULL) {
-			/* we expect the common case to have no port */
-			uptr->hostname = ap_pstrndup(p, hostinfo,
-			    uri - hostinfo);
-			goto deal_with_path;
-		}
-		uptr->hostname = ap_pstrndup(p, hostinfo, s - hostinfo);
-		++s;
-		uptr->port_str = ap_pstrndup(p, s, uri - s);
-		if (uri != s) {
-			port = ap_strtol(uptr->port_str, &endstr, 10);
-			uptr->port = port;
-			if (*endstr == '\0')
-				goto deal_with_path;
-
-			/* Invalid characters after ':' found */
-			return HTTP_BAD_REQUEST;
-		}
-		uptr->port = ap_default_port_for_scheme(uptr->scheme);
-		goto deal_with_path;
-	}
-
-	/* first colon delimits username:password */
-	s1 = memchr(hostinfo, ':', s - hostinfo);
-	if (s1) {
-		uptr->user = ap_pstrndup(p, hostinfo, s1 - hostinfo);
-		++s1;
-		uptr->password = ap_pstrndup(p, s1, s - s1);
-	} else
-		uptr->user = ap_pstrndup(p, hostinfo, s - hostinfo);
-	hostinfo = s + 1;
-	goto deal_with_host;
-}
-
-/* Special case for CONNECT parsing: it comes with the hostinfo part only */
-/* See the INTERNET-DRAFT document "Tunneling SSL Through a WWW Proxy"
- * currently at http://www.mcom.com/newsref/std/tunneling_ssl.html
- * for the format of the "CONNECT host:port HTTP/1.0" request
- */
-API_EXPORT(int)
-ap_parse_hostinfo_components(pool *p, const char *hostinfo,
-    uri_components *uptr)
-{
-	const char *s;
-	char *endstr;
-
-	/* Initialize the structure. parse_uri() and parse_uri_components()
-	 * can be called more than once per request.
-	 */
-	memset(uptr, '\0', sizeof(*uptr));
-	uptr->is_initialized = 1;
-	uptr->hostinfo = ap_pstrdup(p, hostinfo);
-
-	/* We expect hostinfo to point to the first character of
-	 * the hostname.  There must be a port, separated by a colon
-	 */
-	if (*hostinfo == '[') {
-		s = strchr(hostinfo+1, ']');
-		if (s)
-			s = strchr(s, ':');
-	} else
-		s = strchr(hostinfo, ':');
-	if (s == NULL)
-		return HTTP_BAD_REQUEST;
-
-	uptr->hostname = ap_pstrndup(p, hostinfo, s - hostinfo);
-	++s;
-	uptr->port_str = ap_pstrdup(p, s);
-	if (*s != '\0') {
-		uptr->port = (unsigned short)ap_strtol(uptr->port_str,
-		    &endstr, 10);
-		if (*endstr == '\0')
-			return HTTP_OK;
-
-	/* Invalid characters after ':' found */
-	}
-	return HTTP_BAD_REQUEST;
-}
diff --git a/usr.sbin/httpd/src/modules/README b/usr.sbin/httpd/src/modules/README
deleted file mode 100644
index df25f051f25..00000000000
--- a/usr.sbin/httpd/src/modules/README
+++ /dev/null
@@ -1,34 +0,0 @@
-The directory structure for this level is as follows:
-
-standard/
-
-  In this directory are the standard supported modules for 
-  Apache.  Not all are compiled by default.
-
-proxy/
-
-  This houses the code for the proxy module for Apache.
-
-experimental/
-
-  In this directory we've placed some modules which we think
-  provide some pretty interesting functionality, but which
-  are still in the early stages of development and could
-  evolve radically in the future.  This code isn't supported
-  officially.
-
-extra/
-
-  This is the directory for third-party modules, such as mod_jserv.
-
-test/
-
-  This directory houses modules which test various components 
-  of Apache.  You should not compile these into a production
-  server.  
-
-example/
-
-  This directory houses example modules, to help module authors
-  figure their way around the Apache API and module concept.
-
diff --git a/usr.sbin/httpd/src/modules/example/.indent.pro b/usr.sbin/httpd/src/modules/example/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/modules/example/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/modules/example/Makefile b/usr.sbin/httpd/src/modules/example/Makefile
deleted file mode 100644
index 9bec391a3bf..00000000000
--- a/usr.sbin/httpd/src/modules/example/Makefile
+++ /dev/null
@@ -1,107 +0,0 @@
-# ====================================================================
-# Copyright (c) 1995-1997 The Apache Group.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# 3. All advertising materials mentioning features or use of this
-#    software must display the following acknowledgment:
-#    "This product includes software developed by the Apache Group
-#    for use in the Apache HTTP server project (http://www.apache.org/)."
-#
-# 4. The names "Apache Server" and "Apache Group" must not be used to
-#    endorse or promote products derived from this software without
-#    prior written permission.
-#
-# 5. Redistributions of any form whatsoever must retain the following
-#    acknowledgment:
-#    "This product includes software developed by the Apache Group
-#    for use in the Apache HTTP server project (http://www.apache.org/)."
-#
-# THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
-# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE APACHE GROUP OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
-# ====================================================================
-#
-# This software consists of voluntary contributions made by many
-# individuals on behalf of the Apache Group and was originally based
-# on public domain software written at the National Center for
-# Supercomputing Applications, University of Illinois, Urbana-Champaign.
-# For more information on the Apache Group and the Apache HTTP server
-# project, please see .
-# 
-# Makefile for the Apache example module
-# 
-
-#
-# This normally lives in modules/example under the Apache source
-# directory.  If the depth or relationship changes, the following line
-# may need to be changed.
-#
-INCDIR=../..
-
-#
-# Everything below this point should be invariant.
-#
-SHELL=/bin/sh
-
-#
-# We inherit the definitions of CC, AUX_CFLAGS, and RANLIB from an
-# upline make(1) call.
-#
-CFLAGS=-I$(INCDIR) $(AUX_CFLAGS)
-
-MODULES=mod_example.o
-OBJS= \
-    $(MODULES)
-
-#
-# Now the rules saying how things are built.
-#
-.c.o:
-	$(CC) -c $(CFLAGS) $<
-
-all:	$(OBJS)
-
-clean:
-	rm -f $(OBJS) 
-
-#
-# Finally, what depnds upon which, so make can figure out what it needs
-# to do.
-#
-
-#
-# Make sure that things get rebuilt if the Makefiles are changed.
-#
-$(OBJS): \
-    Makefile \
-    $(INCDIR)/Makefile
-
-mod_example.o: \
-    $(INCDIR)/httpd.h \
-    $(INCDIR)/http_config.h \
-    $(INCDIR)/http_core.h \
-    $(INCDIR)/http_log.h \
-    $(INCDIR)/http_main.h \
-    $(INCDIR)/http_protocol.h \
-    $(INCDIR)/util_script.h \
-    mod_example.c
diff --git a/usr.sbin/httpd/src/modules/example/Makefile.tmpl b/usr.sbin/httpd/src/modules/example/Makefile.tmpl
deleted file mode 100644
index 017cffb799a..00000000000
--- a/usr.sbin/httpd/src/modules/example/Makefile.tmpl
+++ /dev/null
@@ -1,15 +0,0 @@
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_example.o: mod_example.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/util_script.h
diff --git a/usr.sbin/httpd/src/modules/example/README b/usr.sbin/httpd/src/modules/example/README
deleted file mode 100644
index 77abc097c00..00000000000
--- a/usr.sbin/httpd/src/modules/example/README
+++ /dev/null
@@ -1,53 +0,0 @@
-README for Apache 1.2 Example Module
-[April, 1997]
-
-The files in the src/modules/example directory under the Apache
-distribution directory tree are provided as an example to those that
-wish to write modules that use the Apache API.
-
-The main file is mod_example.c, which illustrates all the different
-callback mechanisms and call syntaces.  By no means does an add-on
-module need to include routines for all of the callbacks - quite the
-contrary!
-
-The example module is an actual working module.  If you link it into
-your server, enable the "example-handler" handler for a location, and then
-browse to that location, you will see a display of some of the tracing
-the example module did as the various callbacks were made.
-
-To include the example module in your server, follow the steps below:
-
-    1. Uncomment the "Module example_module" line near the bottom of
-       the src/Configuration file.  If there isn't one, add it; it
-       should look like this:
-
-       Module example_module        modules/example/mod_example.o
-
-    2. Run the src/Configure script ("cd src; ./Configure").  This will
-       build the Makefile for the server itself, and update the
-       src/modules/Makefile for any additional modules you have
-       requested from beneath that subdirectory.
-
-    3. Make the server (run "make" in the src directory).
-
-To add another module of your own:
-
-    A. mkdir src/modules/mymodule
-    B. cp src/modules/example/* src/modules/mymodule
-    C. Modify the files in the new directory
-    D. Follow steps [1] through [3] above, with appropriate changes.
-
-To activate the example module, include a block similar to the
-following in your srm.conf file:
-
-    
-	SetHandler example-handler
-    
-
-As an alternative, you can put the following into a .htaccess file and
-then request the file "test.example" from that location:
-
-    AddHandler example-handler .example
-
-After reloading/restarting your server, you should be able to browse
-to this location and see the brief display mentioned earlier.
diff --git a/usr.sbin/httpd/src/modules/example/mod_example.c b/usr.sbin/httpd/src/modules/example/mod_example.c
deleted file mode 100644
index 7830c4dfed7..00000000000
--- a/usr.sbin/httpd/src/modules/example/mod_example.c
+++ /dev/null
@@ -1,1152 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* 
- * Apache example module.  Provide demonstrations of how modules do things.
- *
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include "util_script.h"
-
-#include 
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Data declarations.                                                       */
-/*                                                                          */
-/* Here are the static cells and structure declarations private to our      */
-/* module.                                                                  */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-
-/*
- * Sample configuration record.  Used for both per-directory and per-server
- * configuration data.
- *
- * It's perfectly reasonable to have two different structures for the two
- * different environments.  The same command handlers will be called for
- * both, though, so the handlers need to be able to tell them apart.  One
- * possibility is for both structures to start with an int which is zero for
- * one and 1 for the other.
- *
- * Note that while the per-directory and per-server configuration records are
- * available to most of the module handlers, they should be treated as
- * READ-ONLY by all except the command and merge handlers.  Sometimes handlers
- * are handed a record that applies to the current location by implication or
- * inheritance, and modifying it will change the rules for other locations.
- */
-typedef struct excfg {
-    int cmode;                  /* Environment to which record applies (directory,
-                                 * server, or combination).
-                                 */
-#define CONFIG_MODE_SERVER 1
-#define CONFIG_MODE_DIRECTORY 2
-#define CONFIG_MODE_COMBO 3     /* Shouldn't ever happen. */
-    int local;                  /* Boolean: "Example" directive declared here? */
-    int congenital;             /* Boolean: did we inherit an "Example"? */
-    char *trace;                /* Pointer to trace string. */
-    char *loc;                  /* Location to which this record applies. */
-} excfg;
-
-/*
- * Let's set up a module-local static cell to point to the accreting callback
- * trace.  As each API callback is made to us, we'll tack on the particulars
- * to whatever we've already recorded.  To avoid massive memory bloat as
- * directories are walked again and again, we record the routine/environment
- * the first time (non-request context only), and ignore subsequent calls for
- * the same routine/environment.
- */
-static const char *trace = NULL;
-static table *static_calls_made = NULL;
-
-/*
- * To avoid leaking memory from pools other than the per-request one, we
- * allocate a module-private pool, and then use a sub-pool of that which gets
- * freed each time we modify the trace.  That way previous layers of trace
- * data don't get lost.
- */
-static pool *example_pool = NULL;
-static pool *example_subpool = NULL;
-
-/*
- * Declare ourselves so the configuration routines can find and know us.
- * We'll fill it in at the end of the module.
- */
-module MODULE_VAR_EXPORT example_module;
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* The following pseudo-prototype declarations illustrate the parameters    */
-/* passed to command handlers for the different types of directive          */
-/* syntax.  If an argument was specified in the directive definition        */
-/* (look for "command_rec" below), it's available to the command handler    */
-/* via the (void *) info field in the cmd_parms argument passed to the      */
-/* handler (cmd->info for the examples below).                              */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-
-/*
- * Command handler for a NO_ARGS directive.
- *
- * static const char *handle_NO_ARGS(cmd_parms *cmd, void *mconfig);
- */
-
-/*
- * Command handler for a RAW_ARGS directive.  The "args" argument is the text
- * of the commandline following the directive itself.
- *
- * static const char *handle_RAW_ARGS(cmd_parms *cmd, void *mconfig,
- *                                    const char *args);
- */
-
-/*
- * Command handler for a FLAG directive.  The single parameter is passed in
- * "bool", which is either zero or not for Off or On respectively.
- *
- * static const char *handle_FLAG(cmd_parms *cmd, void *mconfig, int bool);
- */
-
-/*
- * Command handler for a TAKE1 directive.  The single parameter is passed in
- * "word1".
- *
- * static const char *handle_TAKE1(cmd_parms *cmd, void *mconfig,
- *                                 char *word1);
- */
-
-/*
- * Command handler for a TAKE2 directive.  TAKE2 commands must always have
- * exactly two arguments.
- *
- * static const char *handle_TAKE2(cmd_parms *cmd, void *mconfig,
- *                                 char *word1, char *word2);
- */
-
-/*
- * Command handler for a TAKE3 directive.  Like TAKE2, these must have exactly
- * three arguments, or the parser complains and doesn't bother calling us.
- *
- * static const char *handle_TAKE3(cmd_parms *cmd, void *mconfig,
- *                                 char *word1, char *word2, char *word3);
- */
-
-/*
- * Command handler for a TAKE12 directive.  These can take either one or two
- * arguments.
- * - word2 is a NULL pointer if no second argument was specified.
- *
- * static const char *handle_TAKE12(cmd_parms *cmd, void *mconfig,
- *                                  char *word1, char *word2);
- */
-
-/*
- * Command handler for a TAKE123 directive.  A TAKE123 directive can be given,
- * as might be expected, one, two, or three arguments.
- * - word2 is a NULL pointer if no second argument was specified.
- * - word3 is a NULL pointer if no third argument was specified.
- *
- * static const char *handle_TAKE123(cmd_parms *cmd, void *mconfig,
- *                                   char *word1, char *word2, char *word3);
- */
-
-/*
- * Command handler for a TAKE13 directive.  Either one or three arguments are
- * permitted - no two-parameters-only syntax is allowed.
- * - word2 and word3 are NULL pointers if only one argument was specified.
- *
- * static const char *handle_TAKE13(cmd_parms *cmd, void *mconfig,
- *                                  char *word1, char *word2, char *word3);
- */
-
-/*
- * Command handler for a TAKE23 directive.  At least two and as many as three
- * arguments must be specified.
- * - word3 is a NULL pointer if no third argument was specified.
- *
- * static const char *handle_TAKE23(cmd_parms *cmd, void *mconfig,
- *                                  char *word1, char *word2, char *word3);
- */
-
-/*
- * Command handler for a ITERATE directive.
- * - Handler is called once for each of n arguments given to the directive.
- * - word1 points to each argument in turn.
- *
- * static const char *handle_ITERATE(cmd_parms *cmd, void *mconfig,
- *                                   char *word1);
- */
-
-/*
- * Command handler for a ITERATE2 directive.
- * - Handler is called once for each of the second and subsequent arguments
- *   given to the directive.
- * - word1 is the same for each call for a particular directive instance (the
- *   first argument).
- * - word2 points to each of the second and subsequent arguments in turn.
- *
- * static const char *handle_ITERATE2(cmd_parms *cmd, void *mconfig,
- *                                    char *word1, char *word2);
- */
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* These routines are strictly internal to this module, and support its     */
-/* operation.  They are not referenced by any external portion of the       */
-/* server.                                                                  */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-
-/*
- * Locate our directory configuration record for the current request.
- */
-static excfg *our_dconfig(request_rec *r)
-{
-
-    return (excfg *) ap_get_module_config(r->per_dir_config, &example_module);
-}
-
-#if 0
-/*
- * Locate our server configuration record for the specified server.
- */
-static excfg *our_sconfig(server_rec *s)
-{
-
-    return (excfg *) ap_get_module_config(s->module_config, &example_module);
-}
-
-/*
- * Likewise for our configuration record for the specified request.
- */
-static excfg *our_rconfig(request_rec *r)
-{
-
-    return (excfg *) ap_get_module_config(r->request_config, &example_module);
-}
-#endif
-
-/*
- * This routine sets up some module-wide cells if they haven't been already.
- */
-static void setup_module_cells()
-{
-    /*
-     * If we haven't already allocated our module-private pool, do so now.
-     */
-    if (example_pool == NULL) {
-        example_pool = ap_make_sub_pool(NULL);
-    };
-    /*
-     * Likewise for the table of routine/environment pairs we visit outside of
-     * request context.
-     */
-    if (static_calls_made == NULL) {
-        static_calls_made = ap_make_table(example_pool, 16);
-    };
-}
-
-/*
- * This routine is used to add a trace of a callback to the list.  We're
- * passed the server record (if available), the request record (if available),
- * a pointer to our private configuration record (if available) for the
- * environment to which the callback is supposed to apply, and some text.  We
- * turn this into a textual representation and add it to the tail of the list.
- * The list can be displayed by the example_handler() routine.
- *
- * If the call occurs within a request context (i.e., we're passed a request
- * record), we put the trace into the request pool and attach it to the
- * request via the notes mechanism.  Otherwise, the trace gets added
- * to the static (non-request-specific) list.
- *
- * Note that the r->notes table is only for storing strings; if you need to
- * maintain per-request data of any other type, you need to use another
- * mechanism.
- */
-
-#define TRACE_NOTE "example-trace"
-
-static void trace_add(server_rec *s, request_rec *r, excfg *mconfig,
-                      const char *note)
-{
-
-    const char *sofar;
-    char *addon;
-    char *where;
-    pool *p;
-    const char *trace_copy;
-
-    /*
-     * Make sure our pools and tables are set up - we need 'em.
-     */
-    setup_module_cells();
-    /*
-     * Now, if we're in request-context, we use the request pool.
-     */
-    if (r != NULL) {
-        p = r->pool;
-        if ((trace_copy = ap_table_get(r->notes, TRACE_NOTE)) == NULL) {
-            trace_copy = "";
-        }
-    }
-    else {
-        /*
-         * We're not in request context, so the trace gets attached to our
-         * module-wide pool.  We do the create/destroy every time we're called
-         * in non-request context; this avoids leaking memory in some of
-         * the subsequent calls that allocate memory only once (such as the
-         * key formation below).
-         *
-         * Make a new sub-pool and copy any existing trace to it.  Point the
-         * trace cell at the copied value.
-         */
-        p = ap_make_sub_pool(example_pool);
-        if (trace != NULL) {
-            trace = ap_pstrdup(p, trace);
-        }
-        /*
-         * Now, if we have a sub-pool from before, nuke it and replace with
-         * the one we just allocated.
-         */
-        if (example_subpool != NULL) {
-            ap_destroy_pool(example_subpool);
-        }
-        example_subpool = p;
-        trace_copy = trace;
-    }
-    /*
-     * If we weren't passed a configuration record, we can't figure out to
-     * what location this call applies.  This only happens for co-routines
-     * that don't operate in a particular directory or server context.  If we
-     * got a valid record, extract the location (directory or server) to which
-     * it applies.
-     */
-    where = (mconfig != NULL) ? mconfig->loc : "nowhere";
-    where = (where != NULL) ? where : "";
-    /*
-     * Now, if we're not in request context, see if we've been called with
-     * this particular combination before.  The table is allocated in the
-     * module's private pool, which doesn't get destroyed.
-     */
-    if (r == NULL) {
-        char *key;
-
-        key = ap_pstrcat(p, note, ":", where, NULL);
-        if (ap_table_get(static_calls_made, key) != NULL) {
-            /*
-             * Been here, done this.
-             */
-            return;
-        }
-        else {
-            /*
-             * First time for this combination of routine and environment -
-             * log it so we don't do it again.
-             */
-            ap_table_set(static_calls_made, key, "been here");
-        }
-    }
-    addon = ap_pstrcat(p, "   
  • \n", "    
    \n", "     
    ",
-                    note, "\n", "     
    \n", "     
    [",
-                    where, "]\n", "     
    \n", "    
    \n",
-                    "   
    • \n", NULL);
-    sofar = (trace_copy == NULL) ? "" : trace_copy;
-    trace_copy = ap_pstrcat(p, sofar, addon, NULL);
-    if (r != NULL) {
-        ap_table_set(r->notes, TRACE_NOTE, trace_copy);
-    }
-    else {
-        trace = trace_copy;
-    }
-    /*
-     * You *could* change the following if you wanted to see the calling
-     * sequence reported in the server's error_log, but beware - almost all of
-     * these co-routines are called for every single request, and the impact
-     * on the size (and readability) of the error_log is considerable.
-     */
-#define EXAMPLE_LOG_EACH 0
-#if EXAMPLE_LOG_EACH
-    if (s != NULL) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, s, "mod_example: %s", note);
-    }
-#endif
-}
-
-/*--------------------------------------------------------------------------*/
-/* We prototyped the various syntax for command handlers (routines that     */
-/* are called when the configuration parser detects a directive declared    */
-/* by our module) earlier.  Now we actually declare a "real" routine that   */
-/* will be invoked by the parser when our "real" directive is               */
-/* encountered.                                                             */
-/*                                                                          */
-/* If a command handler encounters a problem processing the directive, it   */
-/* signals this fact by returning a non-NULL pointer to a string            */
-/* describing the problem.                                                  */
-/*                                                                          */
-/* The magic return value DECLINE_CMD is used to deal with directives       */
-/* that might be declared by multiple modules.  If the command handler      */
-/* returns NULL, the directive was processed; if it returns DECLINE_CMD,    */
-/* the next module (if any) that declares the directive is given a chance   */
-/* at it.  If it returns any other value, it's treated as the text of an    */
-/* error message.                                                           */
-/*--------------------------------------------------------------------------*/
-/* 
- * Command handler for the NO_ARGS "Example" directive.  All we do is mark the
- * call in the trace log, and flag the applicability of the directive to the
- * current location in that location's configuration record.
- */
-static const char *cmd_example(cmd_parms *cmd, void *mconfig)
-{
-
-    excfg *cfg = (excfg *) mconfig;
-
-    /*
-     * "Example Wuz Here"
-     */
-    cfg->local = 1;
-    trace_add(cmd->server, NULL, cfg, "cmd_example()");
-    return NULL;
-}
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Now we declare our content handlers, which are invoked when the server   */
-/* encounters a document which our module is supposed to have a chance to   */
-/* see.  (See mod_mime's SetHandler and AddHandler directives, and the      */
-/* mod_info and mod_status examples, for more details.)                     */
-/*                                                                          */
-/* Since content handlers are dumping data directly into the connexion      */
-/* (using the r*() routines, such as rputs() and rprintf()) without         */
-/* intervention by other parts of the server, they need to make             */
-/* sure any accumulated HTTP headers are sent first.  This is done by       */
-/* calling send_http_header().  Otherwise, no header will be sent at all,   */
-/* and the output sent to the client will actually be HTTP-uncompliant.     */
-/*--------------------------------------------------------------------------*/
-/* 
- * Sample content handler.  All this does is display the call list that has
- * been built up so far.
- *
- * The return value instructs the caller concerning what happened and what to
- * do next:
- *  OK ("we did our thing")
- *  DECLINED ("this isn't something with which we want to get involved")
- *  HTTP_mumble ("an error status should be reported")
- */
-static int example_handler(request_rec *r)
-{
-
-    excfg *dcfg;
-
-    dcfg = our_dconfig(r);
-    trace_add(r->server, r, dcfg, "example_handler()");
-    /*
-     * We're about to start sending content, so we need to force the HTTP
-     * headers to be sent at this point.  Otherwise, no headers will be sent
-     * at all.  We can set any we like first, of course.  **NOTE** Here's
-     * where you set the "Content-type" header, and you do so by putting it in
-     * r->content_type, *not* r->headers_out("Content-type").  If you don't
-     * set it, it will be filled in with the server's default type (typically
-     * "text/plain").  You *must* also ensure that r->content_type is lower
-     * case.
-     *
-     * We also need to start a timer so the server can know if the connexion
-     * is broken.
-     */
-    r->content_type = "text/html";
-
-    ap_soft_timeout("send example call trace", r);
-    ap_send_http_header(r);
-
-    /*
-     * If we're only supposed to send header information (HEAD request), we're
-     * already there.
-     */
-    if (r->header_only) {
-        ap_kill_timeout(r);
-        return OK;
-    }
-
-    /*
-     * Now send our actual output.  Since we tagged this as being
-     * "text/html", we need to embed any HTML.
-     */
-    ap_rputs(DOCTYPE_HTML_3_2, r);
-    ap_rputs("\n", r);
-    ap_rputs(" \n", r);
-    ap_rputs("  mod_example Module Content-Handler Output\n", r);
-    ap_rputs("  \n", r);
-    ap_rputs(" \n", r);
-    ap_rputs(" \n", r);
-    ap_rputs("  
    mod_example Module Content-Handler Output\n", r);
-    ap_rputs("  
    \n", r);
-    ap_rputs("  
    \n", r);
-    ap_rprintf(r, "  Apache HTTP Server version: \"%s\"\n",
-	    ap_get_server_version());
-    ap_rputs("  
    \n", r);
-    ap_rputs("  
    \n", r);
-    ap_rputs("  The format for the callback trace is:\n", r);
-    ap_rputs("  
    \n", r);
-    ap_rputs("  
    \n", r);
-    ap_rputs("   
    n.<routine-name>", r);
-    ap_rputs("(<routine-data>)\n", r);
-    ap_rputs("   
    \n", r);
-    ap_rputs("   
    [<applies-to>]\n", r);
-    ap_rputs("   
    \n", r);
-    ap_rputs("  
    \n", r);
-    ap_rputs("  
    \n", r);
-    ap_rputs("  The <routine-data> is supplied by\n", r);
-    ap_rputs("  the routine when it requests the trace,\n", r);
-    ap_rputs("  and the <applies-to> is extracted\n", r);
-    ap_rputs("  from the configuration record at the time of the trace.\n", r);
-    ap_rputs("  SVR() indicates a server environment\n", r);
-    ap_rputs("  (blank means the main or default server, otherwise it's\n", r);
-    ap_rputs("  the name of the VirtualHost); DIR()\n", r);
-    ap_rputs("  indicates a location in the URL or filesystem\n", r);
-    ap_rputs("  namespace.\n", r);
-    ap_rputs("  
    \n", r);
-    ap_rprintf(r, "  
    Static callbacks so far:
    \n  
      \n%s  
    \n",
-            trace);
-    ap_rputs("  
    Request-specific callbacks so far:
    \n", r);
-    ap_rprintf(r, "  
      \n%s  
    \n", ap_table_get(r->notes, TRACE_NOTE));
-    ap_rputs("  
    Environment for this call:
    \n", r);
-    ap_rputs("  
      \n", r);
-    ap_rprintf(r, "   
    • Applies-to: %s\n   
      • \n", dcfg->loc);
-    ap_rprintf(r, "   
    • \"Example\" directive declared here: %s\n   
      • \n",
-            (dcfg->local ? "YES" : "NO"));
-    ap_rprintf(r, "   
    • \"Example\" inherited: %s\n   
      • \n",
-            (dcfg->congenital ? "YES" : "NO"));
-    ap_rputs("  
    \n", r);
-    ap_rputs(" \n", r);
-    ap_rputs("\n", r);
-    /*
-     * We're all done, so cancel the timeout we set.  Since this is probably
-     * the end of the request we *could* assume this would be done during
-     * post-processing - but it's possible that another handler might be
-     * called and inherit our outstanding timer.  Not good; to each its own.
-     */
-    ap_kill_timeout(r);
-    /*
-     * We did what we wanted to do, so tell the rest of the server we
-     * succeeded.
-     */
-    return OK;
-}
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Now let's declare routines for each of the callback phase in order.      */
-/* (That's the order in which they're listed in the callback list, *not     */
-/* the order in which the server calls them!  See the command_rec           */
-/* declaration near the bottom of this file.)  Note that these may be       */
-/* called for situations that don't relate primarily to our function - in   */
-/* other words, the fixup handler shouldn't assume that the request has     */
-/* to do with "example" stuff.                                              */
-/*                                                                          */
-/* With the exception of the content handler, all of our routines will be   */
-/* called for each request, unless an earlier handler from another module   */
-/* aborted the sequence.                                                    */
-/*                                                                          */
-/* Handlers that are declared as "int" can return the following:            */
-/*                                                                          */
-/*  OK          Handler accepted the request and did its thing with it.     */
-/*  DECLINED    Handler took no action.                                     */
-/*  HTTP_mumble Handler looked at request and found it wanting.             */
-/*                                                                          */
-/* What the server does after calling a module handler depends upon the     */
-/* handler's return value.  In all cases, if the handler returns            */
-/* DECLINED, the server will continue to the next module with an handler    */
-/* for the current phase.  However, if the handler return a non-OK,         */
-/* non-DECLINED status, the server aborts the request right there.  If      */
-/* the handler returns OK, the server's next action is phase-specific;      */
-/* see the individual handler comments below for details.                   */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-/* 
- * This function is called during server initialisation.  Any information
- * that needs to be recorded must be in static cells, since there's no
- * configuration record.
- *
- * There is no return value.
- */
-
-/*
- * All our module-initialiser does is add its trace to the log.
- */
-static void example_init(server_rec *s, pool *p)
-{
-
-    char *note;
-    char *sname = s->server_hostname;
-
-    /*
-     * Set up any module cells that ought to be initialised.
-     */
-    setup_module_cells();
-    /*
-     * The arbitrary text we add to our trace entry indicates for which server
-     * we're being called.
-     */
-    sname = (sname != NULL) ? sname : "";
-    note = ap_pstrcat(p, "example_init(", sname, ")", NULL);
-    trace_add(s, NULL, NULL, note);
-}
-
-/* 
- * This function is called during server initialisation when an heavy-weight
- * process (such as a child) is being initialised.  As with the
- * module-initialisation function, any information that needs to be recorded
- * must be in static cells, since there's no configuration record.
- *
- * There is no return value.
- */
-
-/*
- * All our process-initialiser does is add its trace to the log.
- */
-static void example_child_init(server_rec *s, pool *p)
-{
-
-    char *note;
-    char *sname = s->server_hostname;
-
-    /*
-     * Set up any module cells that ought to be initialised.
-     */
-    setup_module_cells();
-    /*
-     * The arbitrary text we add to our trace entry indicates for which server
-     * we're being called.
-     */
-    sname = (sname != NULL) ? sname : "";
-    note = ap_pstrcat(p, "example_child_init(", sname, ")", NULL);
-    trace_add(s, NULL, NULL, note);
-}
-
-/* 
- * This function is called when an heavy-weight process (such as a child) is
- * being run down or destroyed.  As with the child-initialisation function,
- * any information that needs to be recorded must be in static cells, since
- * there's no configuration record.
- *
- * There is no return value.
- */
-
-/*
- * All our process-death routine does is add its trace to the log.
- */
-static void example_child_exit(server_rec *s, pool *p)
-{
-
-    char *note;
-    char *sname = s->server_hostname;
-
-    /*
-     * The arbitrary text we add to our trace entry indicates for which server
-     * we're being called.
-     */
-    sname = (sname != NULL) ? sname : "";
-    note = ap_pstrcat(p, "example_child_exit(", sname, ")", NULL);
-    trace_add(s, NULL, NULL, note);
-}
-
-/*
- * This function gets called to create a per-directory configuration
- * record.  This will be called for the "default" server environment, and for
- * each directory for which the parser finds any of our directives applicable.
- * If a directory doesn't have any of our directives involved (i.e., they
- * aren't in the .htaccess file, or a , , or related
- * block), this routine will *not* be called - the configuration for the
- * closest ancestor is used.
- *
- * The return value is a pointer to the created module-specific
- * structure.
- */
-static void *example_create_dir_config(pool *p, char *dirspec)
-{
-
-    excfg *cfg;
-    char *dname = dirspec;
-
-    /*
-     * Allocate the space for our record from the pool supplied.
-     */
-    cfg = (excfg *) ap_pcalloc(p, sizeof(excfg));
-    /*
-     * Now fill in the defaults.  If there are any `parent' configuration
-     * records, they'll get merged as part of a separate callback.
-     */
-    cfg->local = 0;
-    cfg->congenital = 0;
-    cfg->cmode = CONFIG_MODE_DIRECTORY;
-    /*
-     * Finally, add our trace to the callback list.
-     */
-    dname = (dname != NULL) ? dname : "";
-    cfg->loc = ap_pstrcat(p, "DIR(", dname, ")", NULL);
-    trace_add(NULL, NULL, cfg, "example_create_dir_config()");
-    return (void *) cfg;
-}
-
-/*
- * This function gets called to merge two per-directory configuration
- * records.  This is typically done to cope with things like .htaccess files
- * or  directives for directories that are beneath one for which a
- * configuration record was already created.  The routine has the
- * responsibility of creating a new record and merging the contents of the
- * other two into it appropriately.  If the module doesn't declare a merge
- * routine, the record for the closest ancestor location (that has one) is
- * used exclusively.
- *
- * The routine MUST NOT modify any of its arguments!
- *
- * The return value is a pointer to the created module-specific structure
- * containing the merged values.
- */
-static void *example_merge_dir_config(pool *p, void *parent_conf,
-                                      void *newloc_conf)
-{
-
-    excfg *merged_config = (excfg *) ap_pcalloc(p, sizeof(excfg));
-    excfg *pconf = (excfg *) parent_conf;
-    excfg *nconf = (excfg *) newloc_conf;
-    char *note;
-
-    /*
-     * Some things get copied directly from the more-specific record, rather
-     * than getting merged.
-     */
-    merged_config->local = nconf->local;
-    merged_config->loc = ap_pstrdup(p, nconf->loc);
-    /*
-     * Others, like the setting of the `congenital' flag, get ORed in.  The
-     * setting of that particular flag, for instance, is TRUE if it was ever
-     * true anywhere in the upstream configuration.
-     */
-    merged_config->congenital = (pconf->congenital | pconf->local);
-    /*
-     * If we're merging records for two different types of environment (server
-     * and directory), mark the new record appropriately.  Otherwise, inherit
-     * the current value.
-     */
-    merged_config->cmode =
-        (pconf->cmode == nconf->cmode) ? pconf->cmode : CONFIG_MODE_COMBO;
-    /*
-     * Now just record our being called in the trace list.  Include the
-     * locations we were asked to merge.
-     */
-    note = ap_pstrcat(p, "example_merge_dir_config(\"", pconf->loc, "\",\"",
-                   nconf->loc, "\")", NULL);
-    trace_add(NULL, NULL, merged_config, note);
-    return (void *) merged_config;
-}
-
-/*
- * This function gets called to create a per-server configuration
- * record.  It will always be called for the "default" server.
- *
- * The return value is a pointer to the created module-specific
- * structure.
- */
-static void *example_create_server_config(pool *p, server_rec *s)
-{
-
-    excfg *cfg;
-    char *sname = s->server_hostname;
-
-    /*
-     * As with the example_create_dir_config() reoutine, we allocate and fill
-     * in an empty record.
-     */
-    cfg = (excfg *) ap_pcalloc(p, sizeof(excfg));
-    cfg->local = 0;
-    cfg->congenital = 0;
-    cfg->cmode = CONFIG_MODE_SERVER;
-    /*
-     * Note that we were called in the trace list.
-     */
-    sname = (sname != NULL) ? sname : "";
-    cfg->loc = ap_pstrcat(p, "SVR(", sname, ")", NULL);
-    trace_add(s, NULL, cfg, "example_create_server_config()");
-    return (void *) cfg;
-}
-
-/*
- * This function gets called to merge two per-server configuration
- * records.  This is typically done to cope with things like virtual hosts and
- * the default server configuration  The routine has the responsibility of
- * creating a new record and merging the contents of the other two into it
- * appropriately.  If the module doesn't declare a merge routine, the more
- * specific existing record is used exclusively.
- *
- * The routine MUST NOT modify any of its arguments!
- *
- * The return value is a pointer to the created module-specific structure
- * containing the merged values.
- */
-static void *example_merge_server_config(pool *p, void *server1_conf,
-                                         void *server2_conf)
-{
-
-    excfg *merged_config = (excfg *) ap_pcalloc(p, sizeof(excfg));
-    excfg *s1conf = (excfg *) server1_conf;
-    excfg *s2conf = (excfg *) server2_conf;
-    char *note;
-
-    /*
-     * Our inheritance rules are our own, and part of our module's semantics.
-     * Basically, just note whence we came.
-     */
-    merged_config->cmode =
-        (s1conf->cmode == s2conf->cmode) ? s1conf->cmode : CONFIG_MODE_COMBO;
-    merged_config->local = s2conf->local;
-    merged_config->congenital = (s1conf->congenital | s1conf->local);
-    merged_config->loc = ap_pstrdup(p, s2conf->loc);
-    /*
-     * Trace our call, including what we were asked to merge.
-     */
-    note = ap_pstrcat(p, "example_merge_server_config(\"", s1conf->loc, "\",\"",
-                   s2conf->loc, "\")", NULL);
-    trace_add(NULL, NULL, merged_config, note);
-    return (void *) merged_config;
-}
-
-/*
- * This routine is called after the request has been read but before any other
- * phases have been processed.  This allows us to make decisions based upon
- * the input header fields.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, no
- * further modules are called for this phase.
- */
-static int example_post_read_request(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * We don't actually *do* anything here, except note the fact that we were
-     * called.
-     */
-    trace_add(r->server, r, cfg, "example_post_read_request()");
-    return DECLINED;
-}
-
-/*
- * This routine gives our module an opportunity to translate the URI into an
- * actual filename.  If we don't do anything special, the server's default
- * rules (Alias directives and the like) will continue to be followed.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, no
- * further modules are called for this phase.
- */
-static int example_translate_handler(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * We don't actually *do* anything here, except note the fact that we were
-     * called.
-     */
-    trace_add(r->server, r, cfg, "example_translate_handler()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to check the authentication information sent with
- * the request (such as looking up the user in a database and verifying that
- * the [encrypted] password sent matches the one in the database).
- *
- * The return value is OK, DECLINED, or some HTTP_mumble error (typically
- * HTTP_UNAUTHORIZED).  If we return OK, no other modules are given a chance
- * at the request during this phase.
- */
-static int example_check_user_id(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * Don't do anything except log the call.
-     */
-    trace_add(r->server, r, cfg, "example_check_user_id()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to check to see if the resource being requested
- * requires authorisation.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, no
- * other modules are called during this phase.
- *
- * If *all* modules return DECLINED, the request is aborted with a server
- * error.
- */
-static int example_auth_checker(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * Log the call and return OK, or access will be denied (even though we
-     * didn't actually do anything).
-     */
-    trace_add(r->server, r, cfg, "example_auth_checker()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to check for any module-specific restrictions placed
- * upon the requested resource.  (See the mod_access module for an example.)
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  All modules with an
- * handler for this phase are called regardless of whether their predecessors
- * return OK or DECLINED.  The first one to return any other status, however,
- * will abort the sequence (and the request) as usual.
- */
-static int example_access_checker(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    trace_add(r->server, r, cfg, "example_access_checker()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to determine and/or set the various document type
- * information bits, like Content-type (via r->content_type), language, et
- * cetera.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, no
- * further modules are given a chance at the request for this phase.
- */
-static int example_type_checker(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * Log the call, but don't do anything else - and report truthfully that
-     * we didn't do anything.
-     */
-    trace_add(r->server, r, cfg, "example_type_checker()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to perform any module-specific fixing of header
- * fields, et cetera.  It is invoked just before any content-handler.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, the
- * server will still call any remaining modules with an handler for this
- * phase.
- */
-static int example_fixer_upper(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    /*
-     * Log the call and exit.
-     */
-    trace_add(r->server, r, cfg, "example_fixer_upper()");
-    return OK;
-}
-
-/*
- * This routine is called to perform any module-specific logging activities
- * over and above the normal server things.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, any
- * remaining modules with an handler for this phase will still be called.
- */
-static int example_logger(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    trace_add(r->server, r, cfg, "example_logger()");
-    return DECLINED;
-}
-
-/*
- * This routine is called to give the module a chance to look at the request
- * headers and take any appropriate specific actions early in the processing
- * sequence.
- *
- * The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, any
- * remaining modules with handlers for this phase will still be called.
- */
-static int example_header_parser(request_rec *r)
-{
-
-    excfg *cfg;
-
-    cfg = our_dconfig(r);
-    trace_add(r->server, r, cfg, "example_header_parser()");
-    return DECLINED;
-}
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* All of the routines have been declared now.  Here's the list of          */
-/* directives specific to our module, and information about where they      */
-/* may appear and how the command parser should pass them to us for         */
-/* processing.  Note that care must be taken to ensure that there are NO    */
-/* collisions of directive names between modules.                           */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-/* 
- * List of directives specific to our module.
- */
-static const command_rec example_cmds[] =
-{
-    {
-        "Example",              /* directive name */
-        cmd_example,            /* config action routine */
-        NULL,                   /* argument to include in call */
-        OR_OPTIONS,             /* where available */
-        NO_ARGS,                /* arguments */
-        "Example directive - no arguments"
-                                /* directive description */
-    },
-    {NULL}
-};
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Now the list of content handlers available from this module.             */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-/* 
- * List of content handlers our module supplies.  Each handler is defined by
- * two parts: a name by which it can be referenced (such as by
- * {Add,Set}Handler), and the actual routine name.  The list is terminated by
- * a NULL block, since it can be of variable length.
- *
- * Note that content-handlers are invoked on a most-specific to least-specific
- * basis; that is, a handler that is declared for "text/plain" will be
- * invoked before one that was declared for "text / *".  Note also that
- * if a content-handler returns anything except DECLINED, no other
- * content-handlers will be called.
- */
-static const handler_rec example_handlers[] =
-{
-    {"example-handler", example_handler},
-    {NULL}
-};
-
-/*--------------------------------------------------------------------------*/
-/*                                                                          */
-/* Finally, the list of callback routines and data structures that          */
-/* provide the hooks into our module from the other parts of the server.    */
-/*                                                                          */
-/*--------------------------------------------------------------------------*/
-/* 
- * Module definition for configuration.  If a particular callback is not
- * needed, replace its routine name below with the word NULL.
- *
- * The number in brackets indicates the order in which the routine is called
- * during request processing.  Note that not all routines are necessarily
- * called (such as if a resource doesn't have access restrictions).
- */
-module MODULE_VAR_EXPORT example_module =
-{
-    STANDARD_MODULE_STUFF,
-    example_init,               /* module initializer */
-    example_create_dir_config,  /* per-directory config creator */
-    example_merge_dir_config,   /* dir config merger */
-    example_create_server_config,       /* server config creator */
-    example_merge_server_config,        /* server config merger */
-    example_cmds,               /* command table */
-    example_handlers,           /* [9] list of handlers */
-    example_translate_handler,  /* [2] filename-to-URI translation */
-    example_check_user_id,      /* [5] check/validate user_id */
-    example_auth_checker,       /* [6] check user_id is valid *here* */
-    example_access_checker,     /* [4] check access by host address */
-    example_type_checker,       /* [7] MIME type checker/setter */
-    example_fixer_upper,        /* [8] fixups */
-    example_logger,             /* [10] logger */
-#if MODULE_MAGIC_NUMBER >= 19970103
-    example_header_parser,      /* [3] header parser */
-#endif
-#if MODULE_MAGIC_NUMBER >= 19970719
-    example_child_init,         /* process initializer */
-#endif
-#if MODULE_MAGIC_NUMBER >= 19970728
-    example_child_exit,         /* process exit/cleanup */
-#endif
-#if MODULE_MAGIC_NUMBER >= 19970902
-    example_post_read_request   /* [1] post read_request handling */
-#endif
-};
diff --git a/usr.sbin/httpd/src/modules/experimental/.indent.pro b/usr.sbin/httpd/src/modules/experimental/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/modules/experimental/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/modules/experimental/Makefile.tmpl b/usr.sbin/httpd/src/modules/experimental/Makefile.tmpl
deleted file mode 100644
index cd9d415c8be..00000000000
--- a/usr.sbin/httpd/src/modules/experimental/Makefile.tmpl
+++ /dev/null
@@ -1,23 +0,0 @@
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_mmap_static.o: mod_mmap_static.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h
-mod_auth_digest.o: mod_auth_digest.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/util_md5.h \
- $(INCDIR)/ap_md5.h
diff --git a/usr.sbin/httpd/src/modules/experimental/mod_auth_digest.c b/usr.sbin/httpd/src/modules/experimental/mod_auth_digest.c
deleted file mode 100644
index 3aaef8eb29d..00000000000
--- a/usr.sbin/httpd/src/modules/experimental/mod_auth_digest.c
+++ /dev/null
@@ -1,1534 +0,0 @@
-/*	$OpenBSD: mod_auth_digest.c,v 1.23 2013/08/22 04:43:41 guenther Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_auth_digest: MD5 digest authentication
- *
- * Originally by Alexei Kosut 
- * Updated to RFC-2617 by Ronald Tschalär 
- * based on mod_auth, by Rob McCool and Robert S. Thau
- *
- * This module an updated version of modules/standard/mod_digest.c
- * However, it has not been extensively tested yet, and is therefore
- * currently marked experimental. Send problem reports to me
- * (ronald@innovation.ch)
- *
- * Requires either /dev/random (or equivalent) or the truerand library,
- * available for instance from
- * ftp://research.att.com/dist/mab/librand.shar
- *
- * Open Issues:
- *   - qop=auth-int (when streams and trailer support available)
- *   - nonce-format configurability
- *   - Proxy-Authorization-Info header is set by this module, but is
- *     currently ignored by mod_proxy (needs patch to mod_proxy)
- *   - generating the secret takes a while (~ 8 seconds) if using the
- *     truerand library
- *   - The source of the secret should be run-time directive (with server
- *     scope: RSRC_CONF). However, that could be tricky when trying to
- *     choose truerand vs. file...
- *   - shared-mem not completely tested yet. Seems to work ok for me,
- *     but... (definitely won't work on Windoze)
- *   - Sharing a realm among multiple servers has following problems:
- *     o Server name and port can't be included in nonce-hash
- *       (we need two nonce formats, which must be configured explicitly)
- *     o Nonce-count check can't be for equal, or then nonce-count checking
- *       must be disabled. What we could do is the following:
- *       (expected < received) ? set expected = received : issue error
- *       The only problem is that it allows replay attacks when somebody
- *       captures a packet sent to one server and sends it to another
- *       one. Should we add "AuthDigestNcCheck Strict"?
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_core.h"
-#include "http_request.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include "ap_config.h"
-#include "ap_ctype.h"
-#include "util_uri.h"
-#include "util_md5.h"
-#include "ap_sha1.h"
-
-
-/* struct to hold the configuration info */
-
-typedef struct digest_config_struct {
-    const char  *dir_name;
-    const char  *pwfile;
-    const char  *grpfile;
-    const char  *realm;
-    const char **qop_list;
-    AP_SHA1_CTX  nonce_ctx;
-    long         nonce_lifetime;
-    const char  *nonce_format;
-    int          check_nc;
-    const char  *algorithm;
-    char        *uri_list;
-    const char  *ha1;
-} digest_config_rec;
-
-
-#define	DFLT_ALGORITHM	"MD5"
-
-#define	DFLT_NONCE_LIFE	300L
-#define NEXTNONCE_DELTA	30
-
-
-#define NONCE_TIME_LEN	(((sizeof(time_t)+2)/3)*4)
-#define NONCE_HASH_LEN	(2*SHA_DIGESTSIZE)
-#define NONCE_LEN	(NONCE_TIME_LEN + NONCE_HASH_LEN)
-
-#define	SECRET_LEN	20
-
-
-/* client list definitions */
-
-typedef struct hash_entry {
-    unsigned long      key;			/* the key for this entry    */
-    struct hash_entry *next;			/* next entry in the bucket  */
-    unsigned long      nonce_count;		/* for nonce-count checking  */
-    char               ha1[2*MD5_DIGESTSIZE+1];	/* for algorithm=MD5-sess    */
-    char               last_nonce[NONCE_LEN+1];	/* for one-time nonce's      */
-} client_entry;
-
-static struct hash_table {
-    client_entry  **table;
-    unsigned long   tbl_len;
-    unsigned long   num_entries;
-    unsigned long   num_created;
-    unsigned long   num_removed;
-    unsigned long   num_renewed;
-} *client_list;
-
-
-/* struct to hold a parsed Authorization header */
-
-enum hdr_sts { NO_HEADER, NOT_DIGEST, INVALID, VALID };
-
-typedef struct digest_header_struct {
-    const char           *scheme;
-    const char           *realm;
-    const char           *username;
-          char           *nonce;
-    const char           *uri;
-    const char           *digest;
-    const char           *algorithm;
-    const char           *cnonce;
-    const char           *opaque;
-    unsigned long         opaque_num;
-    const char           *message_qop;
-    const char           *nonce_count;
-    /* the following fields are not (directly) from the header */
-    time_t                nonce_time;
-    enum hdr_sts          auth_hdr_sts;
-    const char           *raw_request_uri;
-    uri_components       *psd_request_uri;
-    int                   needed_auth;
-    client_entry         *client;
-} digest_header_rec;
-
-
-/* (mostly) nonce stuff */
-
-typedef union time_union {
-    time_t	  time;
-    unsigned char arr[sizeof(time_t)];
-} time_rec;
-
-
-static unsigned char secret[SECRET_LEN];
-static int call_cnt = 0;
-
-
-static void          *client_mm = NULL;
-
-module MODULE_VAR_EXPORT digest_auth_module;
-
-/*
- * initialization code
- */
-
-static void initialize_secret(server_rec *s)
-{
-    u_int32_t rnd = 0, i;
-
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, s,
-		 "Digest: generating secret for digest authentication ...");
-
-    for (i = 0; i < sizeof(secret); i++) {
-	if (i % 4 == 0)
-	    rnd = arc4random();
-	secret[i] = rnd;
-	rnd >>= 8;
-    }
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE, s,
-		 "Digest: done");
-}
-
-static void initialize_module(server_rec *s, pool *p)
-{
-    /* keep from doing the init more than once at startup, and delay
-     * the init until the second round
-     */
-    if (++call_cnt < 2)
-	return;
-
-    /* only initialize the secret on startup, not on restarts */
-    if (call_cnt == 2)
-	initialize_secret(s);
-}
-
-
-/*
- * configuration code
- */
-
-static void *create_digest_dir_config(pool *p, char *dir)
-{
-    digest_config_rec *conf;
-
-    if (dir == NULL)  return NULL;
-
-    conf = (digest_config_rec *) ap_pcalloc(p, sizeof(digest_config_rec));
-    if (conf) {
-	conf->qop_list       = ap_palloc(p, sizeof(char*));
-	conf->qop_list[0]    = NULL;
-	conf->nonce_lifetime = DFLT_NONCE_LIFE;
-	conf->dir_name       = ap_pstrdup(p, dir);
-	conf->algorithm      = DFLT_ALGORITHM;
-    }
-
-    return conf;
-}
-
-static const char *set_realm(cmd_parms *cmd, void *config, const char *realm)
-{
-    digest_config_rec *conf = (digest_config_rec *) config;
-
-    /* The core already handles the realm, but it's just too convenient to
-     * grab it ourselves too and cache some setups. However, we need to
-     * let the core get at it too, which is why we decline at the end -
-     * this relies on the fact that http_core is last in the list.
-     */
-    conf->realm = realm;
-
-    /* we precompute the part of the nonce hash that is constant (well,
-     * the host:port would be too, but that varies for .htaccess files
-     * and directives outside a virtual host section)
-     */
-    ap_SHA1Init(&conf->nonce_ctx);
-    ap_SHA1Update_binary(&conf->nonce_ctx, secret, sizeof(secret));
-    ap_SHA1Update_binary(&conf->nonce_ctx, (const unsigned char *) realm,
-			 strlen(realm));
-
-    return DECLINE_CMD;
-}
-
-static const char *set_digest_file(cmd_parms *cmd, void *config,
-				   const char *file)
-{
-    ((digest_config_rec *) config)->pwfile = file;
-    ap_server_strip_chroot(((digest_config_rec *) config)->pwfile, 1);
-    return NULL;
-}
-
-static const char *set_group_file(cmd_parms *cmd, void *config,
-				  const char *file)
-{
-    ((digest_config_rec *) config)->grpfile = file;
-    ap_server_strip_chroot(((digest_config_rec *) config)->grpfile, 1);
-    return NULL;
-}
-
-static const char *set_qop(cmd_parms *cmd, void *config, const char *op)
-{
-    digest_config_rec *conf = (digest_config_rec *) config;
-    char **tmp;
-    int cnt;
-
-    if (!strcasecmp(op, "none")) {
-	if (conf->qop_list[0] == NULL) {
-	    conf->qop_list = ap_palloc(cmd->pool, 2 * sizeof(char*));
-	    conf->qop_list[1] = NULL;
-	}
-	conf->qop_list[0] = "none";
-	return NULL;
-    }
-
-    if (!strcasecmp(op, "auth-int"))
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, cmd->server,
-		     "Digest: WARNING: qop `auth-int' currently only works "
-		     "correctly for responses with no entity");
-    else if (strcasecmp(op, "auth"))
-	return ap_pstrcat(cmd->pool, "Unrecognized qop: ", op, NULL);
-
-    for (cnt=0; conf->qop_list[cnt] != NULL; cnt++)
-	;
-    tmp = ap_palloc(cmd->pool, (cnt+2)*sizeof(char*));
-    memcpy(tmp, conf->qop_list, cnt*sizeof(char*));
-    tmp[cnt]   = ap_pstrdup(cmd->pool, op);
-    tmp[cnt+1] = NULL;
-    conf->qop_list = (const char **)tmp;
-
-    return NULL;
-}
-
-static const char *set_nonce_lifetime(cmd_parms *cmd, void *config,
-				      const char *t)
-{
-    char *endptr;
-    long  lifetime;
-
-    lifetime = ap_strtol(t, &endptr, 10);
-    if (endptr < (t+strlen(t)) && !ap_isspace(*endptr))
-	return ap_pstrcat(cmd->pool, "Invalid time in AuthDigestNonceLifetime: ", t, NULL);
-
-    ((digest_config_rec *) config)->nonce_lifetime = lifetime;
-    return NULL;
-}
-
-static const char *set_nonce_format(cmd_parms *cmd, void *config,
-				    const char *fmt)
-{
-    ((digest_config_rec *) config)->nonce_format = fmt;
-    return "AuthDigestNonceFormat is not implemented (yet)";
-}
-
-static const char *set_nc_check(cmd_parms *cmd, void *config, int flag)
-{
-    ((digest_config_rec *) config)->check_nc = flag;
-    return NULL;
-}
-
-static const char *set_algorithm(cmd_parms *cmd, void *config, const char *alg)
-{
-    if (!strcasecmp(alg, "MD5-sess"))
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, cmd->server,
-		     "Digest: WARNING: algorithm `MD5-sess' is currently not "
-		     "correctly implemented");
-    else if (strcasecmp(alg, "MD5"))
-	return ap_pstrcat(cmd->pool, "Invalid algorithm in AuthDigestAlgorithm: ", alg, NULL);
-
-    ((digest_config_rec *) config)->algorithm = alg;
-    return NULL;
-}
-
-static const char *set_uri_list(cmd_parms *cmd, void *config, const char *uri)
-{
-    digest_config_rec *c = (digest_config_rec *) config;
-    if (c->uri_list) {
-	c->uri_list[strlen(c->uri_list)-1] = '\0';
-	c->uri_list = ap_pstrcat(cmd->pool, c->uri_list, " ", uri, "\"", NULL);
-    }
-    else
-	c->uri_list = ap_pstrcat(cmd->pool, ", domain=\"", uri, "\"", NULL);
-    return NULL;
-}
-
-static const command_rec digest_cmds[] =
-{
-    {"AuthName", set_realm, NULL, OR_AUTHCFG, TAKE1,
-     "The authentication realm (e.g. \"Members Only\")"},
-    {"AuthDigestFile", set_digest_file, NULL, OR_AUTHCFG, TAKE1,
-     "The name of the file containing the usernames and password hashes"},
-    {"AuthDigestGroupFile", set_group_file, NULL, OR_AUTHCFG, TAKE1,
-     "The name of the file containing the group names and members"},
-    {"AuthDigestQop", set_qop, NULL, OR_AUTHCFG, ITERATE,
-     "A list of quality-of-protection options"},
-    {"AuthDigestNonceLifetime", set_nonce_lifetime, NULL, OR_AUTHCFG, TAKE1,
-     "Maximum lifetime of the server nonce (seconds)"},
-    {"AuthDigestNonceFormat", set_nonce_format, NULL, OR_AUTHCFG, TAKE1,
-     "The format to use when generating the server nonce"},
-    {"AuthDigestNcCheck", set_nc_check, NULL, OR_AUTHCFG, FLAG,
-     "Whether or not to check the nonce-count sent by the client"},
-    {"AuthDigestAlgorithm", set_algorithm, NULL, OR_AUTHCFG, TAKE1,
-     "The algorithm used for the hash calculation"},
-    {"AuthDigestDomain", set_uri_list, NULL, OR_AUTHCFG, ITERATE,
-     "A list of URI's which belong to the same protection space as the current URI"},
-    {NULL, NULL, NULL, 0, 0, NULL}
-};
-
-static client_entry *get_client(unsigned long key, const request_rec *r)
-{
-    return NULL;
-}
-
-/*
- * Authorization header parser code
- */
-
-/* Parse the Authorization header, if it exists */
-static int get_digest_rec(request_rec *r, digest_header_rec *resp)
-{
-    const char *auth_line;
-    size_t l;
-    int vk = 0, vv = 0;
-    char *key, *value;
-
-    auth_line = ap_table_get(r->headers_in,
-			     r->proxyreq == STD_PROXY ? "Proxy-Authorization"
-						      : "Authorization");
-    if (!auth_line) {
-	resp->auth_hdr_sts = NO_HEADER;
-	return !OK;
-    }
-
-    resp->scheme = ap_getword_white(r->pool, &auth_line);
-    if (strcasecmp(resp->scheme, "Digest")) {
-	resp->auth_hdr_sts = NOT_DIGEST;
-	return !OK;
-    }
-
-    l = strlen(auth_line);
-
-    key   = ap_palloc(r->pool, l+1);
-    value = ap_palloc(r->pool, l+1);
-
-    while (auth_line[0] != '\0') {
-
-	/* find key */
-
-	while (ap_isspace(auth_line[0])) auth_line++;
-	vk = 0;
-	while (auth_line[0] != '=' && auth_line[0] != ','
-	       && auth_line[0] != '\0' && !ap_isspace(auth_line[0]))
-	    key[vk++] = *auth_line++;
-	key[vk] = '\0';
-	while (ap_isspace(auth_line[0])) auth_line++;
-
-	/* find value */
-
-	if (auth_line[0] == '=') {
-	    auth_line++;
-	    while (ap_isspace(auth_line[0])) auth_line++;
-
-	    vv = 0;
-	    if (auth_line[0] == '\"') {		/* quoted string */
-		auth_line++;
-		while (auth_line[0] != '\"' && auth_line[0] != '\0') {
-		    if (auth_line[0] == '\\' && auth_line[1] != '\0')
-			auth_line++;		/* escaped char */
-		    value[vv++] = *auth_line++;
-		}
-		if (auth_line[0] != '\0') auth_line++;
-	    }
-	    else {				 /* token */
-		while (auth_line[0] != ',' && auth_line[0] != '\0'
-		       && !ap_isspace(auth_line[0]))
-		    value[vv++] = *auth_line++;
-	    }
-	    value[vv] = '\0';
-	}
-
-	while (auth_line[0] != ',' && auth_line[0] != '\0')  auth_line++;
-	if (auth_line[0] != '\0') auth_line++;
-
-	if (!strcasecmp(key, "username"))
-	    resp->username = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "realm"))
-	    resp->realm = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "nonce"))
-	    resp->nonce = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "uri"))
-	    resp->uri = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "response"))
-	    resp->digest = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "algorithm"))
-	    resp->algorithm = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "cnonce"))
-	    resp->cnonce = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "opaque"))
-	    resp->opaque = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "qop"))
-	    resp->message_qop = ap_pstrdup(r->pool, value);
-	else if (!strcasecmp(key, "nc"))
-	    resp->nonce_count = ap_pstrdup(r->pool, value);
-    }
-
-    if (!resp->username || !resp->realm || !resp->nonce || !resp->uri
-	|| !resp->digest
-	|| (resp->message_qop && (!resp->cnonce || !resp->nonce_count))) {
-	resp->auth_hdr_sts = INVALID;
-	return !OK;
-    }
-
-    if (resp->opaque)
-	resp->opaque_num = (unsigned long) ap_strtol(resp->opaque, NULL, 16);
-
-    resp->auth_hdr_sts = VALID;
-    return OK;
-}
-
-
-/* Because the browser may preemptively send auth info, incrementing the
- * nonce-count when it does, and because the client does not get notified
- * if the URI didn't need authentication after all, we need to be sure to
- * update the nonce-count each time we receive an Authorization header no
- * matter what the final outcome of the request. Furthermore this is a
- * convenient place to get the request-uri (before any subrequests etc
- * are initiated) and to initialize the request_config.
- *
- * Note that this must be called after mod_proxy had its go so that
- * r->proxyreq is set correctly.
- */
-static int update_nonce_count(request_rec *r)
-{
-    digest_header_rec *resp;
-    int res;
-
-    if (!ap_is_initial_req(r))
-	return DECLINED;
-
-    resp = ap_pcalloc(r->pool, sizeof(digest_header_rec));
-    resp->raw_request_uri = r->unparsed_uri;
-    resp->psd_request_uri = &r->parsed_uri;
-    resp->needed_auth = 0;
-    ap_set_module_config(r->request_config, &digest_auth_module, resp);
-
-    res = get_digest_rec(r, resp);
-    resp->client = get_client(resp->opaque_num, r);
-    if (res == OK && resp->client)
-	resp->client->nonce_count++;
-
-    return DECLINED;
-}
-
-
-/*
- * Nonce generation code
- */
-
-/* The hash part of the nonce is a SHA-1 hash of the time, realm, server host
- * and port, opaque, and our secret.
- */
-static void gen_nonce_hash(char *hash, const char *timestr, const char *opaque,
-			   const server_rec *server,
-			   const digest_config_rec *conf)
-{
-    const char *hex = "0123456789abcdef";
-    unsigned char sha1[SHA_DIGESTSIZE];
-    AP_SHA1_CTX ctx;
-    int idx;
-
-    memcpy(&ctx, &conf->nonce_ctx, sizeof(ctx));
-    /*
-    ap_SHA1Update_binary(&ctx, (const unsigned char *) server->server_hostname,
-			 strlen(server->server_hostname));
-    ap_SHA1Update_binary(&ctx, (const unsigned char *) &server->port,
-			 sizeof(server->port));
-     */
-    ap_SHA1Update_binary(&ctx, (const unsigned char *) timestr, strlen(timestr));
-    if (opaque)
-	ap_SHA1Update_binary(&ctx, (const unsigned char *) opaque,
-			     strlen(opaque));
-    ap_SHA1Final(sha1, &ctx);
-
-    for (idx=0; idx> 4];
-	*hash++ = hex[sha1[idx] & 0xF];
-    }
-
-    *hash++ = '\0';
-}
-
-
-/* The nonce has the format b64(time)+hash .
- */
-static const char *gen_nonce(pool *p, time_t now, const char *opaque,
-			     const server_rec *server,
-			     const digest_config_rec *conf)
-{
-    char *nonce = ap_palloc(p, NONCE_LEN+1);
-    time_rec t;
-
-    if (conf->nonce_lifetime != 0)
-	t.time = now;
-    else
-	t.time = 42;
-    ap_base64encode_binary(nonce, t.arr, sizeof(t.arr));
-    gen_nonce_hash(nonce+NONCE_TIME_LEN, nonce, opaque, server, conf);
-
-    return nonce;
-}
-
-
-/*
- * Opaque and hash-table management
- */
-
-static client_entry *gen_client(const request_rec *r) { return NULL; }
-
-
-
-/*
- * MD5-sess code.
- *
- * If you want to use algorithm=MD5-sess you must write get_userpw_hash()
- * yourself (see below). The dummy provided here just uses the hash from
- * the auth-file, i.e. it is only useful for testing client implementations
- * of MD5-sess .
- */
-
-/*
- * get_userpw_hash() will be called each time a new session needs to be
- * generated and is expected to return the equivalent of
- *
- * h_urp = ap_md5(r->pool,
- *         ap_pstrcat(r->pool, username, ":", ap_auth_name(r), ":", passwd))
- * ap_md5(r->pool,
- *         (unsigned char *) ap_pstrcat(r->pool, h_urp, ":", resp->nonce, ":",
- *                                      resp->cnonce, NULL));
- *
- * or put differently, it must return
- *
- *   MD5(MD5(username ":" realm ":" password) ":" nonce ":" cnonce)
- *
- * If something goes wrong, the failure must be logged and NULL returned.
- *
- * You must implement this yourself, which will probably consist of code
- * contacting the password server with the necessary information (typically
- * the username, realm, nonce, and cnonce) and receiving the hash from it.
- *
- * TBD: This function should probably be in a seperate source file so that
- * people need not modify mod_auth_digest.c each time they install a new
- * version of apache.
- */
-static const char *get_userpw_hash(const request_rec *r,
-				   const digest_header_rec *resp,
-				   const digest_config_rec *conf)
-{
-    return ap_md5(r->pool,
-	     (unsigned char *) ap_pstrcat(r->pool, conf->ha1, ":", resp->nonce,
-					  ":", resp->cnonce, NULL));
-}
-
-
-/* Retrieve current session H(A1). If there is none and "generate" is
- * true then a new session for MD5-sess is generated and stored in the
- * client struct; if generate is false, or a new session could not be
- * generated then NULL is returned (in case of failure to generate the
- * failure reason will have been logged already).
- */
-static const char *get_session_HA1(const request_rec *r,
-				   digest_header_rec *resp,
-				   const digest_config_rec *conf,
-				   int generate)
-{
-    const char *ha1 = NULL;
-
-    /* return the current sessions if there is one */
-    if (resp->opaque && resp->client && resp->client->ha1[0])
-	return resp->client->ha1;
-    else if (!generate)
-	return NULL;
-
-    /* generate a new session */
-    if (!resp->client)
-	resp->client = gen_client(r);
-    if (resp->client) {
-	ha1 = get_userpw_hash(r, resp, conf);
-	if (ha1)
-	    memcpy(resp->client->ha1, ha1, sizeof(resp->client->ha1));
-    }
-
-    return ha1;
-}
-
-
-static void clear_session(const digest_header_rec *resp)
-{
-    if (resp->client)
-	resp->client->ha1[0] = '\0';
-}
-
-/*
- * Authorization challenge generation code (for WWW-Authenticate)
- */
-
-static const char *ltox(pool *p, unsigned long num)
-{
-    if (num != 0)
-	return ap_psprintf(p, "%lx", num);
-    else
-	return "";
-}
-
-static void note_digest_auth_failure(request_rec *r,
-				     const digest_config_rec *conf,
-				     digest_header_rec *resp, int stale)
-{
-    const char   *qop, *opaque, *opaque_param, *domain, *nonce;
-    int           cnt;
-
-
-    /* Setup qop */
-
-    if (conf->qop_list[0] == NULL)
-	qop = ", qop=\"auth\"";
-    else if (!strcasecmp(conf->qop_list[0], "none"))
-	qop = "";
-    else {
-	qop = ap_pstrcat(r->pool, ", qop=\"", conf->qop_list[0], NULL);
-	for (cnt=1; conf->qop_list[cnt] != NULL; cnt++)
-	    qop = ap_pstrcat(r->pool, qop, ",", conf->qop_list[cnt], NULL);
-	qop = ap_pstrcat(r->pool, qop, "\"", NULL);
-    }
-
-    /* Setup opaque */
-
-    if (resp->opaque == NULL) {
-	/* new client */
-	if ((conf->check_nc || conf->nonce_lifetime == 0
-	     || !strcasecmp(conf->algorithm, "MD5-sess"))
-	    && (resp->client = gen_client(r)) != NULL)
-	    opaque = ltox(r->pool, resp->client->key);
-	else
-	    opaque = "";		/* opaque not needed */
-    }
-    else if (resp->client == NULL) {
-	/* client info was gc'd */
-	resp->client = gen_client(r);
-	if (resp->client != NULL) {
-	    opaque = ltox(r->pool, resp->client->key);
-	    stale = 1;
-	    client_list->num_renewed++;
-	}
-	else
-	    opaque = "";		/* ??? */
-    }
-    else {
-	opaque = resp->opaque;
-	/* we're generating a new nonce, so reset the nonce-count */
-	resp->client->nonce_count = 0;
-    }
-
-    if (opaque[0])
-	opaque_param = ap_pstrcat(r->pool, ", opaque=\"", opaque, "\"", NULL);
-    else
-	opaque_param = NULL;
-
-    /* Setup nonce */
-
-    nonce = gen_nonce(r->pool, r->request_time, opaque, r->server, conf);
-    if (resp->client && conf->nonce_lifetime == 0)
-	memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1);
-
-    /* Setup MD5-sess stuff. Note that we just clear out the session
-     * info here, since we can't generate a new session until the request
-     * from the client comes in with the cnonce.
-     */
-
-    if (!strcasecmp(conf->algorithm, "MD5-sess"))
-	clear_session(resp);
-
-    /* setup domain attribute. We want to send this attribute wherever
-     * possible so that the client won't send the Authorization header
-     * unnecessarily (it's usually > 200 bytes!).
-     */
-
-    /* don't send domain
-     * - for proxy requests
-     * - if it's no specified
-     */
-    if (r->proxyreq || !conf->uri_list) {
-        domain = NULL;  
-    }
-    else {
-        domain = conf->uri_list;
-    }
-
-    ap_table_mergen(r->err_headers_out,
-		    r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
-					     : "WWW-Authenticate",
-		    ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s\", "
-					 "algorithm=%s%s%s%s%s",
-				ap_auth_name(r), nonce, conf->algorithm,
-				opaque_param ? opaque_param : "",
-				domain ? domain : "",
-				stale ? ", stale=true" : "", qop));
-}
-
-
-/*
- * Authorization header verification code
- */
-
-static const char *get_hash(request_rec *r, const char *user,
-			    const char *realm, const char *auth_pwfile)
-{
-    configfile_t *f;
-    char l[MAX_STRING_LEN];
-    const char *rpw;
-    char *w, *x;
-
-    if (!(f = ap_pcfg_openfile(r->pool, auth_pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		      "Digest: Could not open password file: %s", auth_pwfile);
-	return NULL;
-    }
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	rpw = l;
-	w = ap_getword(r->pool, &rpw, ':');
-	x = ap_getword(r->pool, &rpw, ':');
-
-	if (x && w && !strcmp(user, w) && !strcmp(realm, x)) {
-	    ap_cfg_closefile(f);
-	    return ap_pstrdup(r->pool, rpw);
-	}
-    }
-    ap_cfg_closefile(f);
-    return NULL;
-}
-
-static int check_nc(const request_rec *r, const digest_header_rec *resp,
-		    const digest_config_rec *conf)
-{
-    unsigned long nc;
-    const char *snc = resp->nonce_count;
-    char *endptr;
-
-    if (!conf->check_nc || !client_mm)
-	return OK;
-
-    nc = ap_strtol(snc, &endptr, 16);
-    if (endptr < (snc+strlen(snc)) && !ap_isspace(*endptr)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: invalid nc %s received - not a number", snc);
-	return !OK;
-    }
-
-    if (!resp->client)
-	return !OK;
-
-    if (nc != resp->client->nonce_count) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: Warning, possible replay attack: nonce-count "
-		      "check failed: %lu != %lu", nc,
-		      resp->client->nonce_count);
-	return !OK;
-    }
-
-    return OK;
-}
-
-static int check_nonce(request_rec *r, digest_header_rec *resp,
-		       const digest_config_rec *conf)
-{
-    double dt;
-    time_rec nonce_time;
-    char tmp, hash[NONCE_HASH_LEN+1];
-
-    if (strlen(resp->nonce) != NONCE_LEN) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: invalid nonce %s received - length is not %zu",
-		      resp->nonce, NONCE_LEN);
-	note_digest_auth_failure(r, conf, resp, 1);
-	return AUTH_REQUIRED;
-    }
-
-    tmp = resp->nonce[NONCE_TIME_LEN];
-    resp->nonce[NONCE_TIME_LEN] = '\0';
-    ap_base64decode_binary(nonce_time.arr, resp->nonce);
-    gen_nonce_hash(hash, resp->nonce, resp->opaque, r->server, conf);
-    resp->nonce[NONCE_TIME_LEN] = tmp;
-    resp->nonce_time = nonce_time.time;
-
-    if (strcmp(hash, resp->nonce+NONCE_TIME_LEN)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: invalid nonce %s received - hash is not %s",
-		      resp->nonce, hash);
-	note_digest_auth_failure(r, conf, resp, 1);
-	return AUTH_REQUIRED;
-    }
-
-    dt = difftime(r->request_time, nonce_time.time);
-    if (conf->nonce_lifetime > 0 && dt < 0) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: invalid nonce %s received - user attempted "
-		      "time travel", resp->nonce);
-	note_digest_auth_failure(r, conf, resp, 1);
-	return AUTH_REQUIRED;
-    }
-
-    if (conf->nonce_lifetime > 0) {
-	if (dt > conf->nonce_lifetime) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-			  "Digest: user %s: nonce expired - sending new nonce",
-			  r->connection->user);
-	    note_digest_auth_failure(r, conf, resp, 1);
-	    return AUTH_REQUIRED;
-	}
-    }
-    else if (conf->nonce_lifetime == 0 && resp->client) {
-	if (memcmp(resp->client->last_nonce, resp->nonce, NONCE_LEN)) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-			  "Digest: user %s: one-time-nonce mismatch - sending "
-			  "new nonce", r->connection->user);
-	    note_digest_auth_failure(r, conf, resp, 1);
-	    return AUTH_REQUIRED;
-	}
-    }
-    /* else (lifetime < 0) => never expires */
-
-    return OK;
-}
-
-/* The actual MD5 code... whee */
-
-/* RFC-2069 */
-static const char *old_digest(const request_rec *r,
-			      const digest_header_rec *resp, const char *ha1)
-{
-    const char *ha2;
-
-    ha2 = ap_md5(r->pool, (unsigned char *)ap_pstrcat(r->pool, r->method, ":",
-						      resp->uri, NULL));
-    return ap_md5(r->pool,
-		  (unsigned char *)ap_pstrcat(r->pool, ha1, ":", resp->nonce,
-					      ":", ha2, NULL));
-}
-
-/* RFC-2617 */
-static const char *new_digest(const request_rec *r,
-			      digest_header_rec *resp,
-			      const digest_config_rec *conf)
-{
-    const char *ha1, *ha2, *a2;
-
-    if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) {
-	ha1 = get_session_HA1(r, resp, conf, 1);
-	if (!ha1)
-	    return NULL;
-    }
-    else
-	ha1 = conf->ha1;
-
-    if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int"))
-	a2 = ap_pstrcat(r->pool, r->method, ":", resp->uri, ":",
-			ap_md5(r->pool, (const unsigned char*) ""), NULL); /* TBD */
-    else
-	a2 = ap_pstrcat(r->pool, r->method, ":", resp->uri, NULL);
-    ha2 = ap_md5(r->pool, (const unsigned char *)a2);
-
-    return ap_md5(r->pool,
-		  (unsigned char *)ap_pstrcat(r->pool, ha1, ":", resp->nonce,
-					      ":", resp->nonce_count, ":",
-					      resp->cnonce, ":",
-					      resp->message_qop, ":", ha2,
-					      NULL));
-}
-
-
-static void copy_uri_components(uri_components *dst, uri_components *src,
-				request_rec *r)
-{
-    if (src->scheme && src->scheme[0] != '\0')
-	dst->scheme = src->scheme;
-    else
-	dst->scheme = (char *) "http";
-
-    if (src->hostname && src->hostname[0] != '\0') {
-	dst->hostname = ap_pstrdup(r->pool, src->hostname);
-	ap_unescape_url(dst->hostname);
-    }
-    else
-	dst->hostname = (char *) ap_get_server_name(r);
-
-    if (src->port_str && src->port_str[0] != '\0')
-	dst->port = src->port;
-    else
-	dst->port = ap_get_server_port(r);
-
-    if (src->path && src->path[0] != '\0') {
-	dst->path = ap_pstrdup(r->pool, src->path);
-	ap_unescape_url(dst->path);
-    }
-    else
-	dst->path = src->path;
-
-    if (src->query && src->query[0] != '\0') {
-	dst->query = ap_pstrdup(r->pool, src->query);
-	ap_unescape_url(dst->query);
-    }
-    else
-	dst->query = src->query;
-}
-
-/* This handles non-FQDN's. If h1 is empty, the comparison succeeds. Else
- * if h1 is a FQDN (i.e. contains a '.') then normal strcasecmp() is done.
- * Else only the first part of h2 (up to the first '.') is compared.
- */
-static int compare_hostnames(const char *h1, const char *h2)
-{
-    const char *dot;
-
-    /* if no hostname given, then ok */
-    if (!h1 || h1[0] == '\0')
-	return 1;
-
-    /* handle FQDN's in h1 */
-    dot = strchr(h1, '.');
-    if (dot != NULL)
-	return !strcasecmp(h1, h2);
-
-    /* handle non-FQDN's in h1 */
-    dot = strchr(h2, '.');
-    if (dot == NULL)
-	return !strcasecmp(h1, h2);
-    else
-	return (strlen(h1) == (size_t) (dot - h2)) && !strncasecmp(h1, h2, dot-h2);
-}
-
-/* These functions return 0 if client is OK, and proper error status
- * if not... either AUTH_REQUIRED, if we made a check, and it failed, or
- * SERVER_ERROR, if things are so totally confused that we couldn't
- * figure out how to tell if the client is authorized or not.
- *
- * If they return DECLINED, and all other modules also decline, that's
- * treated by the server core as a configuration error, logged and
- * reported as such.
- */
-
-/* Determine user ID, and check if the attributes are correct, if it
- * really is that user, if the nonce is correct, etc.
- */
-
-static int authenticate_digest_user(request_rec *r)
-{
-    digest_config_rec *conf;
-    digest_header_rec *resp;
-    request_rec       *mainreq;
-    conn_rec          *conn = r->connection;
-    const char        *t;
-    int                res;
-
-
-    /* do we require Digest auth for this URI? */
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest"))
-	return DECLINED;
-
-    if (!ap_auth_name(r)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: need AuthName: %s", r->uri);
-	return SERVER_ERROR;
-    }
-
-
-    /* get the client response and mark */
-
-    mainreq = r;
-    while (mainreq->main != NULL)  mainreq = mainreq->main;
-    while (mainreq->prev != NULL)  mainreq = mainreq->prev;
-    resp = (digest_header_rec *) ap_get_module_config(mainreq->request_config,
-						      &digest_auth_module);
-    resp->needed_auth = 1;
-
-
-    /* get our conf */
-
-    conf = (digest_config_rec *) ap_get_module_config(r->per_dir_config,
-						      &digest_auth_module);
-
-
-    /* check for existence and syntax of Auth header */
-
-    if (resp->auth_hdr_sts != VALID) {
-	if (resp->auth_hdr_sts == NOT_DIGEST)
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: client used wrong authentication scheme "
-			  "`%s': %s", resp->scheme, r->uri);
-	else if (resp->auth_hdr_sts == INVALID)
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: missing user, realm, nonce, uri, digest, "
-			  "cnonce, or nonce_count in authorization header: %s",
-			  r->uri);
-	/* else (resp->auth_hdr_sts == NO_HEADER) */
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    r->connection->user         = (char *) resp->username;
-    r->connection->ap_auth_type = (char *) "Digest";
-
-
-    /* check the auth attributes */
-
-    if (strcmp(resp->uri, resp->raw_request_uri)) {
-	/* Hmm, the simple match didn't work (probably a proxy modified the
-	 * request-uri), so lets do a more sophisticated match
-	 */
-	uri_components r_uri, d_uri;
-
-	copy_uri_components(&r_uri, resp->psd_request_uri, r);
-	if (ap_parse_uri_components(r->pool, resp->uri, &d_uri) != HTTP_OK) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: invalid uri <%s> in Authorization header",
-			  resp->uri);
-	    return BAD_REQUEST;
-	}
-
-	if (d_uri.hostname)
-	    ap_unescape_url(d_uri.hostname);
-	if (d_uri.path)
-	    ap_unescape_url(d_uri.path);
-	if (d_uri.query)
-	    ap_unescape_url(d_uri.query);
-
-	if (r->method_number == M_CONNECT) {
-	    if (strcmp(resp->uri, r_uri.hostinfo)) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			      "Digest: uri mismatch - <%s> does not match "
-			      "request-uri <%s>", resp->uri, r_uri.hostinfo);
-		return BAD_REQUEST;
-	    }
-	}
-	else if (
-	    /* check hostname matches, if present */
-	    !compare_hostnames(d_uri.hostname, r_uri.hostname)
-	    /* check port matches, if present */
-	    || (d_uri.port_str && d_uri.port != r_uri.port)
-	    /* check that server-port is default port if no port present */
-	    || (d_uri.hostname && d_uri.hostname[0] != '\0'
-		&& !d_uri.port_str && r_uri.port != ap_default_port(r))
-	    /* check that path matches */
-	    || (d_uri.path != r_uri.path
-		/* either exact match */
-	        && (!d_uri.path || !r_uri.path
-		    || strcmp(d_uri.path, r_uri.path))
-		/* or '*' matches empty path in scheme://host */
-	        && !(d_uri.path && !r_uri.path && resp->psd_request_uri->hostname
-		    && d_uri.path[0] == '*' && d_uri.path[1] == '\0'))
-	    ) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: uri mismatch - <%s> does not match "
-			  "request-uri <%s>", resp->uri, resp->raw_request_uri);
-	    return BAD_REQUEST;
-	}
-    }
-
-    if (resp->opaque && resp->opaque_num == 0) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: received invalid opaque - got `%s'",
-		      resp->opaque);
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    if (strcmp(resp->realm, conf->realm)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: realm mismatch - got `%s' but expected `%s'",
-		      resp->realm, conf->realm);
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    if (resp->algorithm != NULL
-	&& strcasecmp(resp->algorithm, "MD5")
-	&& strcasecmp(resp->algorithm, "MD5-sess")) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: unknown algorithm `%s' received: %s",
-		      resp->algorithm, r->uri);
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    if (!conf->pwfile)
-	return DECLINED;
-
-    if (!(conf->ha1 = get_hash(r, conn->user, conf->realm, conf->pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "Digest: user `%s' in realm `%s' not found: %s",
-		      conn->user, conf->realm, r->uri);
-	note_digest_auth_failure(r, conf, resp, 0);
-	return AUTH_REQUIRED;
-    }
-
-    if (resp->message_qop == NULL) {
-	/* old (rfc-2069) style digest */
-	if (strcmp(resp->digest, old_digest(r, resp, conf->ha1))) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: user %s: password mismatch: %s", conn->user,
-			  r->uri);
-	    note_digest_auth_failure(r, conf, resp, 0);
-	    return AUTH_REQUIRED;
-	}
-    }
-    else {
-	const char *exp_digest;
-	int match = 0, idx;
-	for (idx=0; conf->qop_list[idx] != NULL; idx++) {
-	    if (!strcasecmp(conf->qop_list[idx], resp->message_qop)) {
-		match = 1;
-		break;
-	    }
-	}
-
-	if (!match
-	    && !(conf->qop_list[0] == NULL
-		 && !strcasecmp(resp->message_qop, "auth"))) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: invalid qop `%s' received: %s",
-			  resp->message_qop, r->uri);
-	    note_digest_auth_failure(r, conf, resp, 0);
-	    return AUTH_REQUIRED;
-	}
-
-	if (check_nc(r, resp, conf) != OK) {
-	    note_digest_auth_failure(r, conf, resp, 0);
-	    return AUTH_REQUIRED;
-	}
-
-	exp_digest = new_digest(r, resp, conf);
-	if (!exp_digest) {
-	    /* we failed to allocate a client struct */
-	    return SERVER_ERROR;
-	}
-	if (strcmp(resp->digest, exp_digest)) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			  "Digest: user %s: password mismatch: %s", conn->user,
-			  r->uri);
-	    note_digest_auth_failure(r, conf, resp, 0);
-	    return AUTH_REQUIRED;
-	}
-    }
-
-    /* Note: this check is done last so that a "stale=true" can be
-       generated if the nonce is old */
-    if ((res = check_nonce(r, resp, conf)))
-	return res;
-
-    return OK;
-}
-
-
-/*
- * Checking ID
- */
-
-static table *groups_for_user(request_rec *r, const char *user,
-			      const char *grpfile)
-{
-    configfile_t *f;
-    table *grps = ap_make_table(r->pool, 15);
-    pool *sp;
-    char l[MAX_STRING_LEN];
-    const char *group_name, *ll, *w;
-
-    if (!(f = ap_pcfg_openfile(r->pool, grpfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		      "Digest: Could not open group file: %s", grpfile);
-	return NULL;
-    }
-
-    sp = ap_make_sub_pool(r->pool);
-
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	ll = l;
-	ap_clear_pool(sp);
-
-	group_name = ap_getword(sp, &ll, ':');
-
-	while (ll[0]) {
-	    w = ap_getword_conf(sp, &ll);
-	    if (!strcmp(w, user)) {
-		ap_table_setn(grps, ap_pstrdup(r->pool, group_name), "in");
-		break;
-	    }
-	}
-    }
-
-    ap_cfg_closefile(f);
-    ap_destroy_pool(sp);
-    return grps;
-}
-
-
-static int digest_check_auth(request_rec *r)
-{
-    const digest_config_rec *conf =
-		(digest_config_rec *) ap_get_module_config(r->per_dir_config,
-							   &digest_auth_module);
-    const char *user = r->connection->user;
-    int m = r->method_number;
-    int method_restricted = 0;
-    int x;
-    const char *t, *w;
-    table *grpstatus;
-    const array_header *reqs_arr;
-    require_line *reqs;
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest"))
-	return DECLINED;
-
-    reqs_arr = ap_requires(r);
-    /* If there is no "requires" directive, then any user will do.
-     */
-    if (!reqs_arr)
-	return OK;
-    reqs = (require_line *) reqs_arr->elts;
-
-    if (conf->grpfile)
-	grpstatus = groups_for_user(r, user, conf->grpfile);
-    else
-	grpstatus = NULL;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-	if (!(reqs[x].method_mask & (1 << m)))
-	    continue;
-
-	method_restricted = 1;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-	if (!strcasecmp(w, "valid-user"))
-	    return OK;
-	else if (!strcasecmp(w, "user")) {
-	    while (t[0]) {
-		w = ap_getword_conf(r->pool, &t);
-		if (!strcmp(user, w))
-		    return OK;
-	    }
-	}
-	else if (!strcasecmp(w, "group")) {
-	    if (!grpstatus)
-		return DECLINED;
-
-	    while (t[0]) {
-		w = ap_getword_conf(r->pool, &t);
-		if (ap_table_get(grpstatus, w))
-		    return OK;
-	    }
-	}
-	else {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		"Digest: access to %s failed, reason: unknown require "
-		"directive \"%s\"", r->uri, reqs[x].requirement);
-	    return DECLINED;
-	}
-    }
-
-    if (!method_restricted)
-	return OK;
-
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-	"Digest: access to %s failed, reason: user %s not allowed access",
-	r->uri, user);
-
-    note_digest_auth_failure(r, conf,
-	(digest_header_rec *) ap_get_module_config(r->request_config,
-						   &digest_auth_module),
-	0);
-    return AUTH_REQUIRED;
-}
-
-
-/*
- * Authorization-Info header code
- */
-
-static int add_auth_info(request_rec *r)
-{
-    const digest_config_rec *conf =
-		(digest_config_rec *) ap_get_module_config(r->per_dir_config,
-							   &digest_auth_module);
-    digest_header_rec *resp =
-		(digest_header_rec *) ap_get_module_config(r->request_config,
-							   &digest_auth_module);
-    const char *ai = NULL, *digest = NULL, *nextnonce = "";
-
-    if (resp == NULL || !resp->needed_auth || conf == NULL)
-	return OK;
-
-
-    /* rfc-2069 digest
-     */
-    if (resp->message_qop == NULL) {
-	/* old client, so calc rfc-2069 digest */
-
-    }
-
-
-    /* setup nextnonce
-     */
-    if (conf->nonce_lifetime > 0) {
-	/* send nextnonce if current nonce will expire in less than 30 secs */
-	if (difftime(r->request_time, resp->nonce_time) > (conf->nonce_lifetime-NEXTNONCE_DELTA)) {
-	    nextnonce = ap_pstrcat(r->pool, ", nextnonce=\"",
-				   gen_nonce(r->pool, r->request_time,
-					     resp->opaque, r->server, conf),
-				   "\"", NULL);
-	    if (resp->client)
-		resp->client->nonce_count = 0;
-	}
-    }
-    else if (conf->nonce_lifetime == 0 && resp->client) {
-        const char *nonce = gen_nonce(r->pool, 0, resp->opaque, r->server,
-				      conf);
-	nextnonce = ap_pstrcat(r->pool, ", nextnonce=\"", nonce, "\"", NULL);
-	memcpy(resp->client->last_nonce, nonce, NONCE_LEN+1);
-    }
-    /* else nonce never expires, hence no nextnonce */
-
-
-    /* do rfc-2069 digest
-     */
-    if (conf->qop_list[0] && !strcasecmp(conf->qop_list[0], "none")
-	&& resp->message_qop == NULL) {
-	/* use only RFC-2069 format */
-	if (digest)
-	    ai = ap_pstrcat(r->pool, "digest=\"", digest, "\"", nextnonce,NULL);
-	else
-	    ai = nextnonce;
-    }
-    else {
-	const char *resp_dig, *ha1, *a2, *ha2;
-
-	/* calculate rspauth attribute
-	 */
-	if (resp->algorithm && !strcasecmp(resp->algorithm, "MD5-sess")) {
-	    ha1 = get_session_HA1(r, resp, conf, 0);
-	    if (!ha1) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			      "Digest: internal error: couldn't find session "
-			      "info for user %s", resp->username);
-		return !OK;
-	    }
-	}
-	else
-	    ha1 = conf->ha1;
-
-	if (resp->message_qop && !strcasecmp(resp->message_qop, "auth-int"))
-	    a2 = ap_pstrcat(r->pool, ":", resp->uri, ":",
-			    ap_md5(r->pool, (const unsigned char *) ""), NULL); /* TBD */
-	else
-	    a2 = ap_pstrcat(r->pool, ":", resp->uri, NULL);
-	ha2 = ap_md5(r->pool, (const unsigned char *)a2);
-
-	resp_dig = ap_md5(r->pool,
-		         (unsigned char *)ap_pstrcat(r->pool, ha1, ":",
-						     resp->nonce, ":",
-						     resp->nonce_count, ":",
-						     resp->cnonce, ":",
-						     resp->message_qop ?
-							 resp->message_qop : "",
-						     ":", ha2, NULL));
-
-	/* assemble Authentication-Info header
-	 */
-	ai = ap_pstrcat(r->pool,
-			"rspauth=\"", resp_dig, "\"",
-			nextnonce,
-		        resp->cnonce ? ", cnonce=\"" : "",
-		        resp->cnonce ? ap_escape_quotes(r->pool, resp->cnonce) :
-					"",
-		        resp->cnonce ? "\"" : "",
-		        resp->nonce_count ? ", nc=" : "",
-		        resp->nonce_count ? resp->nonce_count : "",
-		        resp->message_qop ? ", qop=" : "",
-		        resp->message_qop ? resp->message_qop : "",
-			digest ? "digest=\"" : "",
-			digest ? digest : "",
-			digest ? "\"" : "",
-			NULL);
-    }
-
-    if (ai && ai[0])
-	ap_table_mergen(r->headers_out,
-			r->proxyreq == STD_PROXY ? "Proxy-Authentication-Info"
-						 : "Authentication-Info",
-			ai);
-    return OK;
-}
-
-
-module MODULE_VAR_EXPORT digest_auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    initialize_module,		/* initializer */
-    create_digest_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    digest_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    authenticate_digest_user,	/* check_user_id */
-    digest_check_auth,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    add_auth_info,		/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    update_nonce_count		/* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/experimental/mod_mmap_static.c b/usr.sbin/httpd/src/modules/experimental/mod_mmap_static.c
deleted file mode 100644
index 7aa901d96d1..00000000000
--- a/usr.sbin/httpd/src/modules/experimental/mod_mmap_static.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_mmap_static: mmap a config-time list of files for faster serving
- *
- * v0.04
- * 
- * Author: Dean Gaudet 
- *
- * v0.01: initial implementation
- * v0.02: get rid of the extra stat() in the core by filling in what we know
- * v0.03: get rid of the cached match from the xlat routine since there are
- *        many cases where the request is modified between it and the
- *        handler... so we do the binary search twice, but the second time
- *        we can use st_ino and st_dev to speed it up.
- * v0.04: work around mod_rewrite, which sets r->filename to the uri first
- */
-
-/*
-    Documentation:
-
-    The concept is simple.  Some sites have a set of static files that are
-    really busy, and change infrequently (or even on a regular schedule).
-    Save time by mmap()ing these files into memory and avoid a lot of the
-    crap required to do normal file serving.  Place directives such as:
-
-	mmapfile /path/to/file1
-	mmapfile /path/to/file2
-	...
-
-    into your configuration.  These files are only mmap()d when the server
-    is restarted, so if you change the list, or if the files are changed,
-    then you'll need to restart the server.
-
-    To reiterate that point:  if the files are modified *in place*
-    without restarting the server you may end up serving requests that
-    are completely bogus.  You should update files by unlinking the old
-    copy and putting a new copy in place.  Most tools such as rdist and
-    mv do this.
-
-    There's no such thing as inheriting these files across vhosts or
-    whatever... place the directives in the main server only.
-
-    Known problems:
-
-    Don't use Alias or RewriteRule to move these files around...  unless
-    you feel like paying for an extra stat() on each request.  This is
-    a deficiency in the Apache API that will hopefully be solved some day.
-    The file will be served out of the mmap cache, but there will be
-    an extra stat() that's a waste.
-*/
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#define CORE_PRIVATE
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_request.h"
-#include "http_core.h"
-
-module MODULE_VAR_EXPORT mmap_static_module;
-
-typedef struct {
-    char *filename;
-    void *mm;
-    struct stat finfo;
-} a_file;
-
-typedef struct {
-    array_header *files;
-    array_header *inode_sorted;
-} a_server_config;
-
-
-static void *create_server_config(pool *p, server_rec *s)
-{
-    a_server_config *sconf = ap_palloc(p, sizeof(*sconf));
-
-    sconf->files = ap_make_array(p, 20, sizeof(a_file));
-    sconf->inode_sorted = NULL;
-    return sconf;
-}
-
-static void cleanup_mmap(void *sconfv)
-{
-    a_server_config *sconf = sconfv;
-    size_t n;
-    a_file *file;
-
-    n = sconf->files->nelts;
-    file = (a_file *)sconf->files->elts;
-    while(n) {
-	munmap(file->mm, file->finfo.st_size);
-	++file;
-	--n;
-    }
-}
-
-static const char *mmapfile(cmd_parms *cmd, void *dummy, char *filename)
-{
-    a_server_config *sconf;
-    a_file *new_file;
-    a_file tmp;
-    int fd;
-    caddr_t mm;
-
-    if (stat(filename, &tmp.finfo) == -1) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, cmd->server,
-	    "mmap_static: unable to stat(%s), skipping", filename);
-	return NULL;
-    }
-    if ((tmp.finfo.st_mode & S_IFMT) != S_IFREG) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, cmd->server,
-	    "mmap_static: %s isn't a regular file, skipping", filename);
-	return NULL;
-    }
-    ap_block_alarms();
-    fd = open(filename, O_RDONLY, 0);
-    if (fd == -1) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, cmd->server,
-	    "mmap_static: unable to open(%s, O_RDONLY), skipping", filename);
-	return NULL;
-    }
-    mm = mmap(NULL, tmp.finfo.st_size, PROT_READ, MAP_SHARED, fd, 0);
-    if (mm == (caddr_t)-1) {
-	int save_errno = errno;
-	close(fd);
-	ap_unblock_alarms();
-	errno = save_errno;
-	ap_log_error(APLOG_MARK, APLOG_WARNING, cmd->server,
-	    "mmap_static: unable to mmap %s, skipping", filename);
-	return NULL;
-    }
-    close(fd);
-    tmp.mm = mm;
-    tmp.filename = ap_pstrdup(cmd->pool, filename);
-    sconf = ap_get_module_config(cmd->server->module_config, &mmap_static_module);
-    new_file = ap_push_array(sconf->files);
-    *new_file = tmp;
-    if (sconf->files->nelts == 1) {
-	/* first one, register the cleanup */
-	ap_register_cleanup(cmd->pool, sconf, cleanup_mmap, ap_null_cleanup);
-    }
-    ap_unblock_alarms();
-    return NULL;
-}
-
-static command_rec mmap_static_cmds[] =
-{
-    {
-	"mmapfile", mmapfile, NULL, RSRC_CONF, ITERATE,
-	"A space separated list of files to mmap at config time"
-    },
-    {
-	NULL
-    }
-};
-
-static int file_compare(const void *av, const void *bv)
-{
-    const a_file *a = av;
-    const a_file *b = bv;
-
-    return strcmp(a->filename, b->filename);
-}
-
-static int inode_compare(const void *av, const void *bv)
-{
-    const a_file *a = *(a_file **)av;
-    const a_file *b = *(a_file **)bv;
-
-    if (a->finfo.st_ino < b->finfo.st_ino)
-	return -1;
-    if (a->finfo.st_ino > b->finfo.st_ino)
-	return 1;
-    if (a->finfo.st_dev < b->finfo.st_dev)
-	return -1;
-    return a->finfo.st_dev > b->finfo.st_dev;
-}
-
-static void mmap_init(server_rec *s, pool *p)
-{
-    a_server_config *sconf;
-    array_header *inodes;
-    a_file *elts;
-    int nelts;
-    int i;
-    
-    /* sort the elements of the main_server, by filename */
-    sconf = ap_get_module_config(s->module_config, &mmap_static_module);
-    elts = (a_file *)sconf->files->elts;
-    nelts = sconf->files->nelts;
-    qsort(elts, nelts, sizeof(a_file), file_compare);
-
-    /* build an index by inode as well, speeds up the search in the handler */
-    inodes = ap_make_array(p, nelts, sizeof(a_file *));
-    sconf->inode_sorted = inodes;
-    for (i = 0; i < nelts; ++i) {
-	*(a_file **)ap_push_array(inodes) = &elts[i];
-    }
-    qsort(inodes->elts, nelts, sizeof(a_file *), inode_compare);
-
-    /* and make the virtualhosts share the same thing */
-    for (s = s->next; s; s = s->next) {
-	ap_set_module_config(s->module_config, &mmap_static_module, sconf);
-    }
-}
-
-/* If it's one of ours, fill in r->finfo now to avoid extra stat()... this is a
- * bit of a kludge, because we really want to run after core_translate runs.
- */
-
-static int mmap_static_xlat(request_rec *r)
-{
-    a_server_config *sconf;
-    a_file tmp;
-    a_file *match;
-    int res;
-
-    sconf = ap_get_module_config(r->server->module_config, &mmap_static_module);
-
-    /* we only operate when at least one mmapfile directive was used */
-    if (ap_is_empty_table(sconf->files))
-	return DECLINED;
-
-    /* we require other modules to first set up a filename */
-    res = core_module.translate_handler(r);
-    if (res == DECLINED || !r->filename) {
-	return res;
-    }
-    tmp.filename = r->filename;
-    match = (a_file *)bsearch(&tmp, sconf->files->elts, sconf->files->nelts,
-	sizeof(a_file), file_compare);
-    if (match == NULL) {
-	return DECLINED;
-    }
-
-    /* shortcircuit the get_path_info() stat() calls and stuff */
-    r->finfo = match->finfo;
-    return OK;
-}
-
-
-static int mmap_static_handler(request_rec *r)
-{
-    a_server_config *sconf;
-    a_file tmp;
-    a_file *ptmp;
-    a_file **pmatch;
-    a_file *match;
-    int rangestatus, errstatus;
-
-    /* we don't handle anything but GET */
-    if (r->method_number != M_GET) return DECLINED;
-
-    /* file doesn't exist, we won't be dealing with it */
-    if (r->finfo.st_mode == 0) return DECLINED;
-
-    sconf = ap_get_module_config(r->server->module_config, &mmap_static_module);
-    tmp.finfo.st_dev = r->finfo.st_dev;
-    tmp.finfo.st_ino = r->finfo.st_ino;
-    ptmp = &tmp;
-    pmatch = (a_file **)bsearch(&ptmp, sconf->inode_sorted->elts,
-	sconf->inode_sorted->nelts, sizeof(a_file *), inode_compare);
-    if (pmatch == NULL) {
-	return DECLINED;
-    }
-    match = *pmatch;
-
-    /* note that we would handle GET on this resource */
-    r->allowed |= (1 << M_GET);
-
-    /* This handler has no use for a request body (yet), but we still
-     * need to read and discard it if the client sent one.
-     */
-    if ((errstatus = ap_discard_request_body(r)) != OK)
-        return errstatus;
-
-    ap_update_mtime(r, match->finfo.st_mtime);
-    ap_set_last_modified(r);
-    ap_set_etag(r);
-    if (((errstatus = ap_meets_conditions(r)) != OK)
-	|| (errstatus = ap_set_content_length (r, match->finfo.st_size))) {
-	    return errstatus;
-    }
-
-    rangestatus = ap_set_byterange(r);
-    ap_send_http_header(r);
-
-    if (!r->header_only) {
-	if (!rangestatus) {
-	    ap_send_mmap (match->mm, r, 0, match->finfo.st_size);
-	}
-	else {
-	    off_t offset, length;
-	    while (ap_each_byterange(r, &offset, &length)) {
-		ap_send_mmap(match->mm, r, offset, length);
-	    }
-	}
-    }
-    return OK;
-}
-
-
-static const handler_rec mmap_static_handlers[] =
-{
-    { "*/*", mmap_static_handler },
-    { NULL }
-};
-
-module MODULE_VAR_EXPORT mmap_static_module =
-{
-    STANDARD_MODULE_STUFF,
-    mmap_init,			/* initializer */
-    NULL,			/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    create_server_config,	/* server config */
-    NULL,			/* merge server config */
-    mmap_static_cmds,		/* command handlers */
-    mmap_static_handlers,	/* handlers */
-    mmap_static_xlat,		/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/extra/.indent.pro b/usr.sbin/httpd/src/modules/extra/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/modules/extra/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/modules/extra/Makefile.tmpl b/usr.sbin/httpd/src/modules/extra/Makefile.tmpl
deleted file mode 100644
index 67c70fab94c..00000000000
--- a/usr.sbin/httpd/src/modules/extra/Makefile.tmpl
+++ /dev/null
@@ -1,6 +0,0 @@
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
diff --git a/usr.sbin/httpd/src/modules/extra/mod_define.c b/usr.sbin/httpd/src/modules/extra/mod_define.c
deleted file mode 100644
index 88fb3f3d299..00000000000
--- a/usr.sbin/httpd/src/modules/extra/mod_define.c
+++ /dev/null
@@ -1,413 +0,0 @@
-/*
-**  mod_define.c - Apache module for configuration defines ($xxx)
-**
-**  Copyright (c) 1998-2000 Ralf S. Engelschall 
-**  Copyright (c) 1998-2000 Christian Reiber 
-**
-**  Permission to use, copy, modify, and distribute this software for
-**  any purpose with or without fee is hereby granted, provided that
-**  the above copyright notice and this permission notice appear in all
-**  copies.
-**
-**  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-**  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-**  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-**  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
-**  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-**  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-**  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-**  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-**  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-**  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-**  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-**  SUCH DAMAGE.
-*/
-
-/*
- *  HISTORY
- *
- *  v1.0: Originally written in December 1998 by
- *        Ralf S. Engelschall  and
- *        Christian Reiber 
- *
- *  v1.1: Completely Overhauled in August 1999 by
- *        Ralf S. Engelschall 
- */
-
-#include "ap_config.h"
-#include "ap_ctype.h"
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_core.h"
-#include "http_log.h"
-
-
-/*
- * The global table of defines
- */
-
-static table *tDefines         = NULL;   /* global table of defines */
-static int    bOnceSeenADefine = FALSE;  /* optimization flag */
-
-/*
- * Forward declaration
- */
-static int   DefineIndex      (pool *, char *, int *, int *, char **);
-static char *DefineFetch      (pool *, char *);
-static char *DefineExpand     (pool *, char *, int, char *);
-static void  DefineInit       (pool *);
-static void  DefineCleanup    (void *);
-static char *DefineRewriteHook(cmd_parms *, void *, const char *);
-
-/*
- * Character classes for scanner function
- */
-typedef enum {
-    CC_ESCAPE, CC_DOLLAR, CC_BRACEOPEN, CC_BRACECLOSE,
-    CC_IDCHAR1, CC_IDCHAR, CC_OTHER, CC_EOS
-} CharClass;
-
-/*
- * Scanner states for scanner function
- */
-typedef enum {
-    SS_NONE, SS_SKIP, SS_DOLLAR, SS_TOKEN_BRACED,
-    SS_TOKEN_UNBRACED, SS_ERROR, SS_FOUND
-} ScanState;
-
-/*
- * Default meta characters
- */
-#define DEFAULT_MC_ESCAPE      "\\"
-#define DEFAULT_MC_DOLLAR      "$"
-#define DEFAULT_MC_BRACEOPEN   "{"
-#define DEFAULT_MC_BRACECLOSE  "}"
-
-/*
- * Scanner for variable constructs $xxx and ${xxx}
- */
-static int DefineIndex(pool *p, char *cpLine, int *pos, int *len, char **cpVar)
-{
-    int rc;
-    char *cp;
-    char *cp2;
-    CharClass cc;
-    char cEscape;
-    char cDefine;
-    char cBraceOpen;
-    char cBraceClose;
-    char *cpError;
-    ScanState s;
-
-    cEscape = DEFAULT_MC_ESCAPE[0];
-    if ((cp = DefineFetch(p, "mod_define::escape")) != NULL)
-        cEscape = cp[0];
-    cDefine = DEFAULT_MC_DOLLAR[0];
-    if ((cp = DefineFetch(p, "mod_define::dollar")) != NULL)
-        cDefine = cp[0];
-    cBraceOpen = DEFAULT_MC_BRACEOPEN[0];
-    if ((cp = DefineFetch(p, "mod_define::braceopen")) != NULL)
-        cBraceOpen = cp[0];
-    cBraceClose = DEFAULT_MC_BRACECLOSE[0];
-    if ((cp = DefineFetch(p, "mod_define::braceclose")) != NULL)
-        cBraceClose = cp[0];
-
-    rc = 0;
-    *len = 0;
-    cc = CC_OTHER;
-    s = SS_NONE;
-    for (cp = cpLine+(*pos); cc != CC_EOS; cp++) {
-        if (*cp == cEscape)
-            cc = CC_ESCAPE;
-        else if (*cp == cDefine)
-            cc = CC_DOLLAR;
-        else if (*cp == cBraceOpen)
-            cc = CC_BRACEOPEN;
-        else if (*cp == cBraceClose)
-            cc = CC_BRACECLOSE;
-        else if (ap_isalpha(*cp))
-            cc = CC_IDCHAR1;
-        else if (ap_isdigit(*cp) || *cp == '_' || *cp == ':')
-            cc = CC_IDCHAR;
-        else if (*cp == '\0')
-            cc = CC_EOS;
-        else
-            cc = CC_OTHER;
-        switch (s) {
-            case SS_NONE:
-                switch (cc) {
-                    case CC_ESCAPE:
-                        s = SS_SKIP;
-                        break;
-                    case CC_DOLLAR:
-                        s = SS_DOLLAR;
-                        break;
-                    default:
-                        break;
-                }
-                break;
-            case SS_SKIP:
-                s = SS_NONE;
-                continue;
-                break;
-            case SS_DOLLAR:
-                switch (cc) {
-                    case CC_BRACEOPEN:
-                        s = SS_TOKEN_BRACED;
-                        *pos = cp-cpLine-1;
-                        (*len) = 2;
-                        *cpVar = cp+1;
-                        break;
-                    case CC_IDCHAR1:
-                        s = SS_TOKEN_UNBRACED;
-                        *pos = cp-cpLine-1;
-                        (*len) = 2;
-                        *cpVar = cp;
-                        break;
-                    case CC_ESCAPE:
-                        s = SS_SKIP;
-                        break;
-                    default:
-                        s = SS_NONE;
-                        break;
-                }
-                break;
-            case SS_TOKEN_BRACED:
-                switch (cc) {
-                    case CC_IDCHAR1:
-                    case CC_IDCHAR:
-                        (*len)++;
-                        break;
-                    case CC_BRACECLOSE:
-                        (*len)++;
-                        cp2 = ap_palloc(p, cp-*cpVar+1);
-                        ap_cpystrn(cp2, *cpVar, cp-*cpVar+1);
-                        *cpVar = cp2;
-                        s = SS_FOUND;
-                        break;
-                    default:
-                        cpError = ap_psprintf(p, "Illegal character '%c' in identifier", *cp);
-                        s = SS_ERROR;
-                        break;
-                }
-                break;
-            case SS_TOKEN_UNBRACED:
-                switch (cc) {
-                    case CC_IDCHAR1:
-                    case CC_IDCHAR:
-                        (*len)++;
-                        break;
-                    default:
-                        cp2 = ap_palloc(p, cp-*cpVar+1);
-                        ap_cpystrn(cp2, *cpVar, cp-*cpVar+1);
-                        *cpVar = cp2;
-                        s = SS_FOUND;
-                        break;
-                }
-                break;
-            case SS_FOUND:
-            case SS_ERROR:
-                break;
-        }
-        if (s == SS_ERROR) {
-            fprintf(stderr, "Error\n");
-            break;
-        }
-        else if (s == SS_FOUND) {
-            rc = 1;
-            break;
-        }
-    }
-    return rc;
-}
-
-/*
- * Determine the value of a variable
- */
-static char *DefineFetch(pool *p, char *cpVar)
-{
-    char *cpVal;
-
-    /* first try out table */
-    if ((cpVal = (char *)ap_table_get(tDefines, (char *)cpVar)) != NULL)
-        return cpVal;
-    /* second try the environment */
-    if ((cpVal = getenv(cpVar)) != NULL)
-        return cpVal;
-    return NULL;
-}
-
-/*
- * Expand a variable
- */
-static char *DefineExpand(pool *p, char *cpToken, int tok_len, char *cpVal)
-{
-    char *cp;
-    int val_len, rest_len;
-
-    val_len  = strlen(cpVal);
-    rest_len = strlen(cpToken+tok_len);
-    if (val_len < tok_len)
-        memcpy(cpToken+val_len, cpToken+tok_len, rest_len+1);
-    else if (val_len > tok_len)
-        for (cp = cpToken+strlen(cpToken); cp > cpToken+tok_len-1; cp--)
-            *(cp+(val_len-tok_len)) = *cp;
-    memcpy(cpToken, cpVal, val_len);
-    return NULL;
-}
-
-/*
- * The EAPI hook which is called after Apache has read a
- * configuration line and before it's actually processed
- */
-static char *DefineRewriteHook(cmd_parms *cmd, void *config, const char *line)
-{
-    pool *p;
-    char *cpBuf;
-    char *cpLine;
-    int pos;
-    int len;
-    char *cpError;
-    char *cpVar;
-    char *cpVal;
-    server_rec *s;
-
-    /* runtime optimization */
-    if (!bOnceSeenADefine)
-        return NULL;
-
-    p  = cmd->pool;
-    s  = cmd->server;
-
-    /*
-     * Search for:
-     *  ....\$[a-zA-Z][:_a-zA-Z0-9]*....
-     *  ....\${[a-zA-Z][:_a-zA-Z0-9]*}....
-     */
-    cpBuf = NULL;
-    cpLine = (char *)line;
-    pos = 0;
-    while (DefineIndex(p, cpLine, &pos, &len, &cpVar)) {
-#ifdef DEFINE_DEBUG
-        {
-        char prefix[1024];
-        char marker[1024];
-        int i;
-        for (i = 0; i < pos; i++)
-            prefix[i] = ' ';
-        prefix[i] = '\0';
-        for (i = 0; i < len; i++)
-            marker[i] = '^';
-        marker[i] = '\0';
-        fprintf(stderr,
-                "Found variable `%s' (pos: %d, len: %d)\n"
-                "  %s\n"
-                "  %s%s\n",
-                cpVar, pos, len, cpLine, prefix, marker);
-        }
-#endif
-        if (cpBuf == NULL) {
-            cpBuf = ap_palloc(p, MAX_STRING_LEN);
-            ap_cpystrn(cpBuf, line, MAX_STRING_LEN);
-            cpLine = cpBuf;
-        }
-        if ((cpVal = DefineFetch(p, cpVar)) == NULL) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "mod_define: Variable '%s' not defined: file %s, line %d",
-                         cpVar, cmd->config_file->name,
-                         cmd->config_file->line_number);
-            cpBuf = NULL;
-            break;
-        }
-        if ((cpError = DefineExpand(p, cpLine+pos, len, cpVal)) != NULL) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "mod_define: %s: file %s, line %d",
-                         cpError, cmd->config_file->name,
-                         cmd->config_file->line_number);
-            cpBuf = NULL;
-            break;
-        }
-    }
-    return cpBuf;
-}
-
-/*
- * Implementation of the `Define' configuration directive
- */
-static const char *cmd_define(cmd_parms *cmd, void *config,
-                              char *cpVar, char *cpVal)
-{
-    if (tDefines == NULL)
-        DefineInit(cmd->pool);
-    ap_table_set(tDefines, cpVar, cpVal);
-    bOnceSeenADefine = TRUE;
-    return NULL;
-}
-
-/*
- * Module Initialization
- */
-
-static void DefineInit(pool *p)
-{
-    tDefines = ap_make_table(p, 10);
-    /* predefine delimiters */
-    ap_table_set(tDefines, "mod_define::escape", DEFAULT_MC_ESCAPE);
-    ap_table_set(tDefines, "mod_define::dollar", DEFAULT_MC_DOLLAR);
-    ap_table_set(tDefines, "mod_define::open",   DEFAULT_MC_BRACEOPEN);
-    ap_table_set(tDefines, "mod_define::close",  DEFAULT_MC_BRACECLOSE);
-    ap_register_cleanup(p, NULL, DefineCleanup, ap_null_cleanup);
-    return;
-}
-
-/*
- * Module Cleanup
- */
-
-static void DefineCleanup(void *data)
-{
-    /* reset private variables when config pool is cleared */
-    tDefines         = NULL;
-    bOnceSeenADefine = FALSE;
-    return;
-}
-
-/*
- * Module Directive lists
- */
-static const command_rec DefineDirectives[] = {
-    { "Define", cmd_define, NULL, RSRC_CONF|ACCESS_CONF, TAKE2,
-      "Define a configuration variable" },
-    { NULL }
-};
-
-/*
- * Module API dispatch list
- */
-module MODULE_VAR_EXPORT define_module = {
-    STANDARD_MODULE_STUFF,
-    NULL,                  /* module initializer                  */
-    NULL,                  /* create per-dir    config structures */
-    NULL,                  /* merge  per-dir    config structures */
-    NULL,                  /* create per-server config structures */
-    NULL,                  /* merge  per-server config structures */
-    DefineDirectives,      /* table of config file commands       */
-    NULL,                  /* [#8] MIME-typed-dispatched handlers */
-    NULL,                  /* [#1] URI to filename translation    */
-    NULL,                  /* [#4] validate user id from request  */
-    NULL,                  /* [#5] check if the user is ok _here_ */
-    NULL,                  /* [#2] check access by host address   */
-    NULL,                  /* [#6] determine MIME type            */
-    NULL,                  /* [#7] pre-run fixups                 */
-    NULL,                  /* [#9] log a transaction              */
-    NULL,                  /* [#3] header parser                  */
-    NULL,                  /* child_init                          */
-    NULL,                  /* child_exit                          */
-    NULL,                  /* [#0] post read-request              */
-    NULL,                  /* EAPI: add_module                    */
-    NULL,                  /* EAPI: del_module                    */
-    DefineRewriteHook,     /* EAPI: rewrite_command               */
-    NULL                   /* EAPI: new_connection                */
-};
-
diff --git a/usr.sbin/httpd/src/modules/keynote/Makefile.tmpl b/usr.sbin/httpd/src/modules/keynote/Makefile.tmpl
deleted file mode 100644
index 97a3f3425cd..00000000000
--- a/usr.sbin/httpd/src/modules/keynote/Makefile.tmpl
+++ /dev/null
@@ -1,14 +0,0 @@
-EXTRA_INCLUDES= -I$(SRCDIR)/modules/ssl
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_keynote.o: mod_keynote.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h
diff --git a/usr.sbin/httpd/src/modules/keynote/mod_keynote.c b/usr.sbin/httpd/src/modules/keynote/mod_keynote.c
deleted file mode 100644
index 4ef5ae8c3e6..00000000000
--- a/usr.sbin/httpd/src/modules/keynote/mod_keynote.c
+++ /dev/null
@@ -1,905 +0,0 @@
-/*
- * Copyright (c) 1998, 1999 Niels Provos.  All rights reserved.
- * Copyright (c) 1999, 2000, 2001 Niklas Hallqvist.  All rights reserved.
- * Copyright (c) 1999, 2000, 2001 Angelos D. Keromytis.  All rights reserved.
- * Copyright (c) 2001 Todd C. Miller.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Effort sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F39502-99-1-0512.
- */
-
-#include 
-#include 
-#include 
-
-MODULE_VAR_EXPORT module keynote_module;
-
-/*
- * This function gets called to create a per-directory configuration
- * record.  This will be called for the "default" server environment, and for
- * each directory for which the parser finds any of our directives applicable.
- * If a directory doesn't have any of our directives involved (i.e., they
- * aren't in the .htaccess file, or a , , or related
- * block), this routine will *not* be called - the configuration for the
- * closest ancestor is used.
- *
- * The return value is a pointer to the created module-specific
- * structure.
- */
-static void *
-create_keynote_dir_config(pool *p, char *d)
-{
-    return(ap_make_array(p, 1, sizeof(char **)));
-}
-
-/*
- * This function gets called to merge two per-directory configuration
- * records.  This is typically done to cope with things like .htaccess files
- * or  directives for directories that are beneath one for which a
- * configuration record was already created.  The routine has the
- * responsibility of creating a new record and merging the contents of the
- * other two into it appropriately.  If the module doesn't declare a merge
- * routine, the record for the closest ancestor location (that has one) is
- * used exclusively.
- *
- * The routine MUST NOT modify any of its arguments!
- *
- * The return value is a pointer to the created module-specific structure
- * containing the merged values.
- */
-static void *
-merge_keynote_dir_config(pool *p, void *basev, void *addv)
-{
-    array_header *base = (array_header *)basev;
-    array_header *add = (array_header *)addv;
-
-    return(ap_append_arrays(p, base, add));
-}
-
-/*
- * Add an action attribute to the environment of the specified session
- * and log any errors we get, apache style.
- */
-static void
-add_action_attribute(int sessid, char *name, char *value, request_rec *r)
-{
-    if (kn_add_action(sessid, name, value, 0) == 0)
-	return;
-
-    /* Got an error */
-    switch (keynote_errno) {
-    case ERROR_SYNTAX:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Invalid action attribute name \"%s\"", name);
-	break;
-    case ERROR_MEMORY:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Out of memory adding action attribute [%s = \"%s\"]",
-	    name, value);
-	break;
-    case ERROR_NOTFOUND:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Session %d not found while adding action attribute "
-	    "[%s = \"%s\"]", sessid, name, value);
-	break;
-    default:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server, "Unspecified error %d (shouldn't happen)"
-	    " while adding action attribute [%s = \"%s\"]", keynote_errno,
-	    name, value);
-	break;
-    }
-}
-
-/*
- * Add action attributes to the environment.
- * Currently adds:
- *  app_domain	-> apache
- *  method	-> GET, HEAD, POST, etc.
- *  uri		-> the URI that got us here
- *  protocol	-> access protocol
- *  GMTTimeOfDay	-> GMT time of day, in YYYYmmddHHMMSS format
- *  LocalTimeOfDay	-> Local time of day, in YYYYmmddHHMMSS format
- *  filename	-> last component of URI, or "" if not found
- *  local address
- *  remote address
- *  remote hostname, if known/resolved
- *  local hostname
- *  remote username (RFC 1413)
- *  local username (if authentication was done)
- *  authentication type -> Basic, Digest, etc.
- *
- *  SSL information is set at check_keynote_assertions()
- *
- * XXX IPsec information (if any)
- */
-static void
-add_action_attributes(int sessid, request_rec *r)
-{
-    time_t tt;
-    char mytimeofday[15];
-
-    add_action_attribute(sessid, "app_domain", "apache", r);
-    add_action_attribute(sessid, "method", (char *)r->method, r);
-    add_action_attribute(sessid, "protocol", r->protocol, r);
-    add_action_attribute(sessid, "filename", r->filename, r);
-
-    tt = time((time_t *) NULL);
-    strftime (mytimeofday, 14, "%Y%m%d%H%M%S", gmtime (&tt));
-    add_action_attribute(sessid, "GMTTimeOfDay", mytimeofday, r);
-
-    strftime (mytimeofday, 14, "%Y%m%d%H%M%S", localtime (&tt));
-    add_action_attribute(sessid, "LocalTimeOfDay", mytimeofday, r);
-
-    add_action_attribute(sessid, "local_address", r->connection->local_ip, r);
-    add_action_attribute(sessid, "remote_address", r->connection->remote_ip, r);
-
-    if (r->connection->local_host != NULL)
-	add_action_attribute(sessid, "local_hostname",
-	    r->connection->local_host, r);
-
-    if (r->connection->remote_host != NULL)
-	add_action_attribute(sessid, "remote_hostname",
-	    r->connection->remote_host, r);
-
-    if (r->connection->user != NULL)
-	add_action_attribute(sessid, "local_username", r->connection->user, r);
-
-    if (r->connection->remote_logname != NULL)
-	add_action_attribute(sessid, "remote_username",
-	    r->connection->remote_logname, r);
-
-    /* XXX - make the split URI components available too? */
-    add_action_attribute(sessid, "uri", r->unparsed_uri, r);
-}
-
-static int
-keynote_add_authorizer(request_rec *r, int sessid, X509 *cert)
-{
-    struct keynote_deckey dc;
-    EVP_PKEY *key;
-    X509_NAME *subject;
-    char *akey, *principals[3], *cp;
-    int i;
-
-    key = X509_get_pubkey(cert);
-    subject = X509_get_subject_name(cert);
-    if (!key || (key->type != EVP_PKEY_RSA && key->type != EVP_PKEY_DSA)) {
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-	    "Unable to get public key from client's certificate");
-	return(1);
-    }
-
-    /* Get ascii-encoded version of the key and add as an authorizer. */
-    if (key->type == EVP_PKEY_RSA) {
-	dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;
-	dc.dec_key = key->pkey.rsa;
-    } else {
-	dc.dec_algorithm = KEYNOTE_ALGORITHM_DSA;
-	dc.dec_key = key->pkey.dsa;
-    }
-    akey = kn_encode_key(&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
-	KEYNOTE_PUBLIC_KEY);
-    if (akey == NULL) {
-	if (keynote_errno == ERROR_MEMORY) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server, "Out of memory storing public key");
-	    return(-1);
-	} else {
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server, "Error storing public key");
-	    return(1);
-	}
-    } else {
-	i = 0;
-	principals[i++] = ap_pstrcat(r->pool, "rsa-hex:", akey, NULL);
-	free(akey);
-
-	/* Generate a "DN:" principal */
-	if (subject && (cp = X509_NAME_oneline(subject, NULL, 0)) != NULL) {
-	    principals[i++] = ap_pstrcat(r->pool, "DN:", cp, NULL);
-	    free(cp);
-	}
-	principals[i] = NULL;
-    }
-
-    for (i = 0; principals[i]; i++) {
-	if (kn_add_authorizer(sessid, principals[i]) == -1) {
-	    switch (keynote_errno) {
-	    case ERROR_MEMORY:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Out of memory while adding action authorizer %s",
-		    principals[i]);
-		break;
-	    case ERROR_SYNTAX:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Malformed action authorizer %s", principals[i]);
-		break;
-	    case ERROR_NOTFOUND:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, 
-		    "Session %d not found while adding action "
-		    "authorizer %s", sessid, principals[i]);
-	    default:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Unspecified error %d (shouldn't happen) "
-		    "while adding action authorizer %s",
-		    keynote_errno, principals[i]);
-		break;
-	    }
-	}
-    }
-
-    return(0);
-}
-
-static int
-keynote_get_valid_times(request_rec *r, X509 *cert, char *before, size_t beforelen, char **timecomp, char *after, size_t afterlen, char **timecomp2)
-{
-    ASN1_TIME *tm;
-    time_t tt;
-    int i;
-
-    if (((tm = X509_get_notBefore(cert)) == NULL) ||
-	(tm->type != V_ASN1_UTCTIME && tm->type != V_ASN1_GENERALIZEDTIME)) {
-	tt = time((time_t *) NULL);
-	strftime(before, 14, "%G%m%d%H%M%S", localtime(&tt));
-	*timecomp = "LocalTimeOfDay";
-    } else {
-	if (tm->data[tm->length - 1] == 'Z') {
-	    *timecomp = "GMTTimeOfDay";
-	    i = tm->length - 2;
-	} else {
-	    *timecomp = "LocalTimeOfDay";
-	    i = tm->length - 1;
-	}
-
-	for (; i >= 0; i--) {
-	    if (tm->data[i] < '0' || tm->data[i] > '9') {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid data in certificate's NotValidBefore time field");
-	        return(-1);
-	    }
-	}
-
-	if (tm->type == V_ASN1_UTCTIME) {
-	    if (tm->length < 10 || tm->length > 13) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid length of certificate's NotValidBefore time field (%d)",
-		    tm->length);
-		return(-1);
-	    }
-
-	    /* Validity checks.  */
-	    if ((tm->data[2] != '0' && tm->data[2] != '1')
-		|| (tm->data[2] == '0' && tm->data[3] == '0')
-		|| (tm->data[2] == '1' && tm->data[3] > '2')
-		|| (tm->data[4] > '3')
-		|| (tm->data[4] == '0' && tm->data[5] == '0')
-		|| (tm->data[4] == '3' && tm->data[5] > '1')
-		|| (tm->data[6] > '2')
-		|| (tm->data[6] == '2' && tm->data[7] > '3')
-		|| (tm->data[8] > '5')) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid value in certificate's NotValidBefore time field");
-		return(-1);
-	    }
-
-	    /* Stupid UTC tricks.  */
-	    if (tm->data[0] < '5')
-		snprintf(before, beforelen, "20%s", tm->data);
-	    else
-		snprintf(before, beforelen, "19%s", tm->data);
-	} else {
-	    /* V_ASN1_GENERICTIME */
-	    if (tm->length < 12 || tm->length > 15) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid length of certificate's NotValidBefore time field (%d)",
-		    tm->length);
-	        return(-1);
-	    }
-
-	    /* Validity checks.  */
-	    if ((tm->data[4] != '0' && tm->data[4] != '1')
-		|| (tm->data[4] == '0' && tm->data[5] == '0')
-	        || (tm->data[4] == '1' && tm->data[5] > '2')
-	        || (tm->data[6] > '3')
-	        || (tm->data[6] == '0' && tm->data[7] == '0')
-	        || (tm->data[6] == '3' && tm->data[7] > '1')
-	        || (tm->data[8] > '2')
-	        || (tm->data[8] == '2' && tm->data[9] > '3')
-	        || (tm->data[10] > '5')) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid value in certificate's NotValidBefore time field");
-	        return(-1);
-	    }
-	    snprintf(before, beforelen, "%s", tm->data);
-	}
-
-	/* Fix missing seconds.  */
-	if (tm->length < 12) {
-	    before[12] = '0';
-	    before[13] = '0';
-	}
-
-	/* This will overwrite trailing 'Z'.  */
-	before[14] = '\0';
-    }
-
-    tm = X509_get_notAfter(cert);
-    if (tm == NULL &&
-	(tm->type != V_ASN1_UTCTIME && tm->type != V_ASN1_GENERALIZEDTIME)) {
-	tt = time(0);
-	strftime(after, 14, "%G%m%d%H%M%S", localtime(&tt));
-	*timecomp2 = "LocalTimeOfDay";
-    } else {
-	if (tm->data[tm->length - 1] == 'Z') {
-	    *timecomp2 = "GMTTimeOfDay";
-	    i = tm->length - 2;
-	} else {
-	    *timecomp2 = "LocalTimeOfDay";
-	    i = tm->length - 1;
-	}
-
-	for (; i >= 0; i--) {
-	    if (tm->data[i] < '0' || tm->data[i] > '9') {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid data in certificate's NotValidAfter time field");
-		return(-1);
-	    }
-	}
-
-	if (tm->type == V_ASN1_UTCTIME) {
-	    if (tm->length < 10 || tm->length > 13) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid length of certificate's NotValidAfter time field (%d)",
-		    tm->length);
-		return(-1);
-	    }
-
-	    /* Validity checks. */
-	    if ((tm->data[2] != '0' && tm->data[2] != '1')
-	        || (tm->data[2] == '0' && tm->data[3] == '0')
-	        || (tm->data[2] == '1' && tm->data[3] > '2')
-	        || (tm->data[4] > '3')
-	        || (tm->data[4] == '0' && tm->data[5] == '0')
-	        || (tm->data[4] == '3' && tm->data[5] > '1')
-	        || (tm->data[6] > '2')
-	        || (tm->data[6] == '2' && tm->data[7] > '3')
-	        || (tm->data[8] > '5')) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid value in certificate's NotValidAfter time field");
-	        return(-1);
-	    }
-
-	    /* Stupid UTC tricks.  */
-	    if (tm->data[0] < '5')
-	      snprintf(after, afterlen, "20%s", tm->data);
-	    else
-	      snprintf(after, afterlen, "19%s", tm->data);
-	} else {
-	    /* V_ASN1_GENERICTIME */
-	    if (tm->length < 12 || tm->length > 15) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid length of certificate's NotValidAfter time field (%d)",
-		    tm->length);
-		return(-1);
-	    }
-
-	    /* Validity checks.  */
-	    if ((tm->data[4] != '0' && tm->data[4] != '1')
-		|| (tm->data[4] == '0' && tm->data[5] == '0')
-		|| (tm->data[4] == '1' && tm->data[5] > '2')
-		|| (tm->data[6] > '3')
-		|| (tm->data[6] == '0' && tm->data[7] == '0')
-		|| (tm->data[6] == '3' && tm->data[7] > '1')
-		|| (tm->data[8] > '2')
-		|| (tm->data[8] == '2' && tm->data[9] > '3')
-		|| (tm->data[10] > '5')) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Invalid value in certificate's NotValidAfter time field");
-		return(-1);
-	    }
-	    snprintf(after, afterlen, "%s", tm->data);
-        }
-
-	/* Fix missing seconds.  */
-	if (tm->length < 12) {
-	    after[12] = '0';
-	    after[13] = '0';
-	}
-	after[14] = '\0'; /* This will overwrite trailing 'Z' */
-    }
-    return(0);
-}
-
-static int
-keynote_fake_assertion(request_rec *r, int sessid, X509 *cert, EVP_PKEY *pkey, X509_NAME *name)
-{
-    struct keynote_deckey dc;
-    EVP_PKEY *key;
-    X509_NAME *issuer, *subject;
-    char *akey, *ikey, *buf, *stext, *itext;
-    char before[15], after[15];
-    char *timecomp, *timecomp2;
-    static const char fmt[] = "Authorizer: \"%s%s\"\nLicensees: \"%s%s\"\n"
-	"Conditions: %s >= \"%s\" && %s <= \"%s\";\n";
-
-    if (pkey && pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_DSA) {
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-	    "Issuer's public key is invalid");
-	return(1);
-    }
-
-    issuer = X509_get_issuer_name(cert);
-    subject = X509_get_subject_name(cert);
-    if (X509_NAME_cmp(issuer, name) != 0) {
-	itext = X509_NAME_oneline(issuer, NULL, 0);
-	stext = X509_NAME_oneline(name, NULL, 0);
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-	    "Subject doesn't match issuer's certificate: %s != %s", itext, stext);
-	free(itext);
-	free(stext);
-	return(1);
-    }
-
-    key = X509_get_pubkey(cert);
-    if (!key || (key->type != EVP_PKEY_RSA && key->type != EVP_PKEY_DSA)) {
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-	    "Unable to get public key from client's certificate");
-	return(1);
-    }
-
-    /* Get ascii-encoded version of the public key */
-    if (key->type == EVP_PKEY_RSA) {
-	dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;
-	dc.dec_key = key->pkey.rsa;
-    } else {
-	dc.dec_algorithm = KEYNOTE_ALGORITHM_DSA;
-	dc.dec_key = key->pkey.dsa;
-    }
-    akey = kn_encode_key(&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
-	KEYNOTE_PUBLIC_KEY);
-    if (akey == NULL) {
-	if (keynote_errno == ERROR_MEMORY) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server, "Out of memory storing public key");
-	    return(-1);
-	} else {
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server, "Error storing public key");
-	    return(1);
-	}
-    }
-
-    /* Get ascii-encoded version of the issuer's public key */
-    if (pkey) {
-	if (pkey->type == EVP_PKEY_RSA) {
-	    dc.dec_algorithm = KEYNOTE_ALGORITHM_RSA;
-	    dc.dec_key = pkey->pkey.rsa;
-	} else {
-	    dc.dec_algorithm = KEYNOTE_ALGORITHM_DSA;
-	    dc.dec_key = pkey->pkey.dsa;
-	}
-	ikey = kn_encode_key(&dc, INTERNAL_ENC_PKCS1, ENCODING_HEX,
-	    KEYNOTE_PUBLIC_KEY);
-	if (ikey == NULL) {
-	    free(akey);
-	    if (keynote_errno == ERROR_MEMORY) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Out of memory storing public key");
-		return(-1);
-	    } else {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Error storing public key");
-		return(1);
-	    }
-	}
-    } else
-	ikey = NULL;
-
-    if (keynote_get_valid_times(r, cert, before, sizeof(before), &timecomp, after, sizeof(after), &timecomp2) == -1) {
-	free(akey);
-	if (ikey)
-	    free(ikey);
-	return(-1);
-    }
-
-    itext = X509_NAME_oneline(issuer, NULL, 0);
-    stext = X509_NAME_oneline(subject, NULL, 0);
-
-    if (ikey)
-	buf = ap_psprintf(r->pool, fmt, "rsa-hex:", ikey, "rsa-hex:", akey,
-	    timecomp, before, timecomp2, after);
-    else
-	buf = ap_psprintf(r->pool, fmt, "DN:", itext, "rsa-hex:", akey,
-	    timecomp, before, timecomp2, after);
-    if (kn_add_assertion(sessid, buf, strlen(buf), ASSERT_FLAG_LOCAL) == -1) {
-	free(stext);
-	free(itext);
-	free(akey);
-	if (ikey)
-	    free(ikey);
-	goto assert_failed;
-    }
-
-    buf = ap_psprintf(r->pool, fmt, "DN:", itext, "DN:", stext,
-	timecomp, before, timecomp2, after);
-    free(stext);
-    free(itext);
-    free(akey);
-    if (ikey)
-	free(ikey);
-    if (kn_add_assertion(sessid, buf, strlen(buf), ASSERT_FLAG_LOCAL) != -1)
-	return(0);
-
-assert_failed:
-    switch (keynote_errno) {
-    case ERROR_MEMORY:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Out of memory, trying to add policy assertion %s", buf);
-	break;
-    case ERROR_SYNTAX:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server, "Syntax error parsing policy assertion %s",
-	    buf);
-	break;
-    default:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "Unspecified error %d (shouldn't happen) "
-	    "while adding policy assertion %s", keynote_errno, buf);
-	break;
-    }
-    return(-1);
-}
-
-static int
-check_keynote_assertions(request_rec *r)
-{
-    array_header *policy_asserts = (array_header *)ap_get_module_config(r->per_dir_config, &keynote_module);
-    int sessid, res, i, noclientcert = 0;
-    int rval = OK;
-    size_t authLen;
-    char **assertions;
-    SSL_CTX *ctx;
-    SSL *ssl;
-    X509 *cert, *icert;
-    STACK_OF(X509) *certstack;
-    STACK_OF(X509_NAME) *CA_list;
-    X509_NAME *issuer, *subject;
-    static char *return_values[] = { "false", "true" };
-    AP_SHA1_CTX context;
-    unsigned char digest[SHA_DIGESTSIZE];
-    char *pwauth;
-    const char *sent_pw;
-
-    /* If there are no KeyNote assertions we have nothing to do. */
-    if (policy_asserts->nelts == 0)
-	return(DECLINED);
-
-    /* Initialize keynote session.  */
-    sessid = kn_init();
-    if (sessid == -1) {
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server,
-	    "keynote init failed: keynote_errno=%d",
-	    keynote_errno);
-	return(FORBIDDEN);
-    }
-
-    /* If this is an SSL session, see if client certs were used. */
-    if ((ssl = ap_ctx_get(r->connection->client->ctx, "ssl")) != NULL) {
-	ctx = SSL_get_SSL_CTX(ssl);
-
-	/* XXX Initialize SSL-related action attributes */
-
-	/* Get client's certificate or deny them */
-	certstack = SSL_get_peer_cert_chain(ssl);
-	if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
-	    /* Missing or self-signed, deny them */
-	    issuer = X509_get_issuer_name(cert);
-	    subject = X509_get_subject_name(cert);
-	    if (!issuer || !subject || X509_name_cmp(issuer, subject) == 0) {
-		rval = FORBIDDEN;
-		goto done;
-	    }
-
-	    /* Build a set of fake assertions corresponding to the certificate chain. */
-	    for (i = 0; i < sk_X509_num(certstack) && (icert = sk_X509_value(certstack, i)); i++) {
-		if (keynote_fake_assertion(r, sessid, cert, X509_get_pubkey(icert), X509_get_subject_name(icert)) == -1) {
-		    rval = FORBIDDEN;
-		    goto done;
-		}
-		cert = icert;
-	    }
-
-	    /* The issuer of the last cert in the chain should be in the CA list. */
-	    issuer = X509_get_issuer_name(cert);
-	    CA_list = SSL_CTX_get_client_CA_list(ctx);
-	    for (i = 0; i < sk_X509_num(CA_list); i++) {
-		subject = sk_X509_NAME_value(CA_list, i);
-		if (subject && X509_NAME_cmp(issuer, subject) == 0) {
-		    /* An X509_NAME does not contain the public key. */
-		    if (keynote_fake_assertion(r, sessid, cert, NULL, subject) == -1) {
-			rval = FORBIDDEN;
-			goto done;
-		    }
-		    break;
-		}
-	    }
-
-	    if (i >= sk_X509_num(CA_list))
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r->connection->server,
-		    "didn't find CA for issuer of last cert in chain");
-
-	    /* Add the user's public key as an authorizer. */
-	    if (keynote_add_authorizer(r, sessid, cert) == -1) {
-		rval = FORBIDDEN;
-		goto done;
-	    }
-	} else
-	    noclientcert = 1; /* No client certificates used. */
-    } else
-	noclientcert = 1; /* SSL was not used. */
-
-    /* See if we have a passphrase.  */
-    if (noclientcert == 1) {
-	if ((res = ap_get_basic_auth_pw(r, &sent_pw)) == 0) {
-	    /* Add passphrase as the authorizer. */
-	    ap_SHA1Init(&context);
-	    ap_SHA1Update(&context, sent_pw, strlen(sent_pw));
-	    ap_SHA1Final(digest, &context);
-
-	    pwauth = calloc(120, sizeof(char));
-	    if (pwauth == NULL) {
-		rval = FORBIDDEN;
-		goto done;
-	    }
-	    res = strlen("passphrase-sha1-base64:");
-	    strlcpy(pwauth, "passphrase-sha1-base64:", res + 1);
-	    ap_base64encode_binary(pwauth + strlen(pwauth), digest,
-		sizeof(digest));
-
-	    /* Add passphrase authorizer directly to the session. */
-	    kn_add_authorizer(sessid, pwauth);
-	    free(pwauth);
-
-	    /* Add username as a principal too. */
-	    if (r->connection->user != NULL) {
-		int n;
-
-		authLen = strlen(r->connection->user) + 1 + strlen("username:");
-		pwauth = calloc(authLen, sizeof(char));
-		if (pwauth == NULL) {
-		    rval = FORBIDDEN;
-		    goto done;
-		}
-
-		n = snprintf(pwauth, authLen, "username:%s",
-		    r->connection->user);
-		if (n == -1 || n >= authLen) {
-		    rval = FORBIDDEN;
-		    free(pwauth);
-		    goto done;
-		}
-
-		kn_add_authorizer(sessid, pwauth);
-		free(pwauth);
-	    }
-	} else {
-	    kn_add_authorizer(sessid, "");
-	}
-    }
-
-    /* Setup our environment.  */
-    add_action_attributes(sessid, r);
-
-    /* Add our policy assertions (as specified in the config file). */
-    assertions = (char **)policy_asserts->elts;
-    for (i = 0; i < policy_asserts->nelts; i++) {
-	if (kn_add_assertion(sessid, assertions[i],
-	    strlen(assertions[i]), ASSERT_FLAG_LOCAL) == -1) {
-	    switch (keynote_errno) {
-	    case ERROR_MEMORY:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Out of memory, trying to add policy assertion %s",
-		    assertions[i]);
-		break;
-	    case ERROR_SYNTAX:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Syntax error "
-		    "parsing policy assertion %s", assertions[i]);
-		break;
-	    default:
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server,
-		    "Unspecified error %d (shouldn't happen) "
-		    "while adding policy assertion %s",
-		    keynote_errno, assertions[i]);
-		break;
-	    }
-	    rval = FORBIDDEN;
-	    goto done;
-	}
-    }
-
-    /* Now do the actual query. */
-    switch ((res = kn_do_query(sessid, return_values, 2))) {
-    case 0:
-	rval = FORBIDDEN;
-
-	/* Log failed assertions */
-	for (i = 0; i < policy_asserts->nelts; i++) {
-	    if (kn_get_failed(sessid, KEYNOTE_ERROR_SYNTAX, i) != -1) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Assertion failed "
-		    "due to a syntax error: %s", assertions[i]);
-	    } else if (kn_get_failed(sessid, KEYNOTE_ERROR_SIGNATURE, i) != -1) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Failed to verify "
-		    "signature on assertion: %s", assertions[i]);
-	    } else if (kn_get_failed(sessid, KEYNOTE_ERROR_ANY, i) != -1) {
-		ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		    r->connection->server, "Unspecified error "
-		    "when processing assertion: %s", assertions[i]);
-	    }
-	}
-	break;
-    case 1:
-	rval = OK;
-	break;
-    case -1:
-	rval = FORBIDDEN;
-	switch (keynote_errno) {
-	case ERROR_MEMORY:
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server,
-		"Out of memory while performing authorization "
-		"query.");
-	    break;
-	case ERROR_NOTFOUND:
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server,
-		"Session %d not found while performing "
-		"authorization query.", sessid);
-	    break;
-	default:
-	    ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-		r->connection->server,
-		"Unspecified error %d (shouldn't happen) while "
-		"performing authorization query.", keynote_errno);
-	    break;
-	}
-default:
-	ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO,
-	    r->connection->server, "Weird KeyNote result=%d", res);
-	break;
-    }
-
-done:
-    kn_close(sessid);
-
-    return(rval);
-}
-
-/*
- * Take an assertion stored in a file and push it (verbatim) into 
- * the policy_asserts array.
- */
-static const char *
-store_assertion(cmd_parms *cmd, void *policy_assertsv, char *filename)
-{
-    int fd, serrno, nelts = 0;
-    ssize_t nread;
-    struct stat sb;
-    char *assert, **asrts;
-    array_header *policy_asserts = (array_header *)policy_assertsv;
-
-    filename = ap_server_root_relative(cmd->pool, filename);
-    if ((fd = open(filename, O_RDONLY)) == -1)
-	return(ap_pstrcat(cmd->pool, "Can't open ", filename, ": ",
-	    strerror(errno), NULL));
-
-    if (fstat(fd, &sb) == -1)
-	return(ap_pstrcat(cmd->pool, "Can't fstat ", filename, ": ",
-	    strerror(errno), NULL));
-    
-    assert = calloc(sb.st_size + 1, sizeof(char));
-    nread = read(fd, assert, sb.st_size);
-    serrno = errno;
-    close(fd);
-    if (nread != sb.st_size) {
-	if (nread == -1)
-	    return(ap_pstrcat(cmd->pool, "Can't read ", filename, ": ",
-		strerror(serrno), NULL));
-	else
-	    return(ap_pstrcat(cmd->pool, "Short read from", filename, NULL));
-    }
-
-    /* Break up into constituent assertions */
-    asrts = kn_read_asserts(assert, sb.st_size, &nelts);
-    free(assert);
-
-    while (--nelts >= 0) {
-	/* Now store the individual assertions in the array */
-	 *(char **)ap_push_array(policy_asserts) = ap_pstrdup(cmd->pool, asrts[nelts]);
-	 free(asrts[nelts]);
-    }
-
-    /* We don't need this anymore */
-    if (asrts)
-	free(asrts);
-
-    return(NULL);
-}
-
-static command_rec keynote_cmds[] = {
-    {
-	"KeyNotePolicy",		/* directive name */
-	store_assertion,		/* config action routine */
-	NULL,				/* arg to include in call */
-	OR_FILEINFO,			/* where available (FileInfo) */
-	ITERATE,			/* call once for each arg */
-	"Add a KeyNote policy file"	/* directive description */
-    },
-    { NULL }
-};
-
-module MODULE_VAR_EXPORT keynote_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* module initializer */
-    create_keynote_dir_config,	/* per-directory config creator */
-    merge_keynote_dir_config,	/* dir config merger */
-    NULL,			/* server config creator */
-    NULL,			/* server config merger */
-    keynote_cmds,		/* command table */
-    NULL,			/* list of handlers */
-    NULL,			/* filename-to-URI translation */
-    NULL,			/* check/validate user_id */
-    NULL,			/* check user_id is valid *here* */
-    check_keynote_assertions,	/* check access by host address */
-    NULL,			/* MIME type checker/setter */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-};
diff --git a/usr.sbin/httpd/src/modules/keynote/mod_keynote.module b/usr.sbin/httpd/src/modules/keynote/mod_keynote.module
deleted file mode 100644
index 44d8e036c30..00000000000
--- a/usr.sbin/httpd/src/modules/keynote/mod_keynote.module
+++ /dev/null
@@ -1,4 +0,0 @@
-Name: keynote_module
-ConfigStart
-    LIBS="$LIBS -lkeynote -lm"
-ConfigEnd
diff --git a/usr.sbin/httpd/src/modules/proxy/.indent.pro b/usr.sbin/httpd/src/modules/proxy/.indent.pro
deleted file mode 100644
index 64099d767f5..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/.indent.pro
+++ /dev/null
@@ -1,64 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcache_req
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tdirconn_entry
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tin_addr
--Tjoblist_s
--Tlisten_rec
--Tlong61_t
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Toff_t
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tper_thread_data
--Tpid_t
--Tpiped_log
--Tpool
--Tproxy_alias
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Tsockaddr
--Tsockaddr_in
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
--Tproxy_server_conf
diff --git a/usr.sbin/httpd/src/modules/proxy/Makefile.libdir b/usr.sbin/httpd/src/modules/proxy/Makefile.libdir
deleted file mode 100644
index 7b5254013a3..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/Makefile.libdir
+++ /dev/null
@@ -1,4 +0,0 @@
-This is a place-holder which indicates to Configure that it shouldn't
-provide the default targets when building the Makefile in this directory.
-Instead it'll just prepend all the important variable definitions, and
-copy the Makefile.tmpl onto the end.
diff --git a/usr.sbin/httpd/src/modules/proxy/Makefile.tmpl b/usr.sbin/httpd/src/modules/proxy/Makefile.tmpl
deleted file mode 100644
index c13bf6b427c..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/Makefile.tmpl
+++ /dev/null
@@ -1,121 +0,0 @@
-
-LIB=libproxy.$(LIBEXT)
-
-OBJS=\
-     mod_proxy.o \
-     proxy_cache.o proxy_connect.o proxy_ftp.o proxy_http.o proxy_util.o
-OBJS_PIC=\
-     mod_proxy.lo \
-     proxy_cache.lo proxy_connect.lo proxy_ftp.lo proxy_http.lo proxy_util.lo
-
-all: lib
-
-lib: $(LIB)
-
-libproxy.a: $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-libproxy.so: $(OBJS_PIC)
-	rm -f $@
-	$(LD_SHLIB) $(LDFLAGS_SHLIB) -o $@ $(OBJS_PIC) $(LIBS_SHLIB)
-
-libproxy.dll: $(OBJS_PIC) mod_proxy.def 
-	if [ "x$(OS)" = "xCygwin" ]; then \
-	    rm -f $@; \
-	    if [ -f "$(SRCDIR)/$(SHCORE_IMPLIB)" ]; then \
-	    $(LD_SHLIB) $(LDFLAGS_SHLIB) -o $*.dll $(OBJS_PIC) $(LIBS_SHLIB) \
-	    $(SRCDIR)/$(SHCORE_IMPLIB) $(LIBS1); \
-	    fi \
-	else \
-	    $(LD_SHLIB) $(LDFLAGS_SHLIB) -o $* $(OBJS_PIC) $(LIBS_SHLIB); \
-	    emxbind -b -q -s -h0 -dmod_proxy.def $* && \
-	    rm $*; \
-	fi
-
-.SUFFIXES: .o .lo .dll
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-.c.lo:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $(CFLAGS_SHLIB) $< && mv $*.o $*.lo
-
-clean:
-	rm -f $(OBJS) $(OBJS_PIC) $(LIB)
-
-distclean: clean
-	-rm -f Makefile
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_proxy.o: mod_proxy.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_vhost.h \
- $(INCDIR)/http_request.h
-proxy_cache.o: proxy_cache.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_main.h \
- $(INCDIR)/util_date.h $(INCDIR)/multithread.h \
- $(INCDIR)/ap_md5.h
-proxy_connect.o: proxy_connect.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_main.h
-proxy_ftp.o: proxy_ftp.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_log.h
-proxy_http.o: proxy_http.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_core.h $(INCDIR)/util_date.h
-proxy_util.o: proxy_util.c mod_proxy.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/explain.h \
- $(INCDIR)/http_main.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/multithread.h $(INCDIR)/http_log.h \
- $(INCDIR)/util_date.h
diff --git a/usr.sbin/httpd/src/modules/proxy/mod_proxy.c b/usr.sbin/httpd/src/modules/proxy/mod_proxy.c
deleted file mode 100644
index 1be9812093a..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/mod_proxy.c
+++ /dev/null
@@ -1,1102 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "mod_proxy.h"
-
-#define CORE_PRIVATE
-
-#include "http_log.h"
-#include "http_main.h"
-#include "http_vhost.h"
-#include "http_request.h"
-
-/* Some WWW schemes and their default ports; this is basically /etc/services */
-/* This will become global when the protocol abstraction comes */
-static struct proxy_services defports[] =
-{
-    {"http", DEFAULT_HTTP_PORT},
-    {"ftp", DEFAULT_FTP_PORT},
-    {"https", DEFAULT_HTTPS_PORT},
-    {"gopher", DEFAULT_GOPHER_PORT},
-    {"nntp", DEFAULT_NNTP_PORT},
-    {"wais", DEFAULT_WAIS_PORT},
-    {"snews", DEFAULT_SNEWS_PORT},
-    {"prospero", DEFAULT_PROSPERO_PORT},
-    {NULL, -1}                  /* unknown port */
-};
-
-/*
- * A Web proxy module. Stages:
- *
- *  translate_name: set filename to proxy:
- *  type_checker:   set type to PROXY_MAGIC_TYPE if filename begins proxy:
- *  fix_ups:        convert the URL stored in the filename to the
- *                  canonical form.
- *  handler:        handle proxy requests
- */
-
-/* -------------------------------------------------------------- */
-/* Translate the URL into a 'filename' */
-
-static int alias_match(const char *uri, const char *alias_fakename)
-{
-    const char *end_fakename = alias_fakename + strlen(alias_fakename);
-    const char *aliasp = alias_fakename, *urip = uri;
-
-    while (aliasp < end_fakename) {
-        if (*aliasp == '/') {
-            /*
-             * any number of '/' in the alias matches any number in the
-             * supplied URI, but there must be at least one...
-             */
-            if (*urip != '/')
-                return 0;
-
-            while (*aliasp == '/')
-                ++aliasp;
-            while (*urip == '/')
-                ++urip;
-        }
-        else {
-            /* Other characters are compared literally */
-            if (*urip++ != *aliasp++)
-                return 0;
-        }
-    }
-
-    /* Check last alias path component matched all the way */
-
-    if (aliasp[-1] != '/' && *urip != '\0' && *urip != '/')
-        return 0;
-
-    /*
-     * Return number of characters from URI which matched (may be greater
-     * than length of alias, since we may have matched doubled slashes)
-     */
-
-    return urip - uri;
-}
-
-/* Detect if an absoluteURI should be proxied or not.  Note that we
- * have to do this during this phase because later phases are
- * "short-circuiting"... i.e. translate_names will end when the first
- * module returns OK.  So for example, if the request is something like:
- *
- * GET http://othervhost/cgi-bin/printenv HTTP/1.0
- *
- * mod_alias will notice the /cgi-bin part and ScriptAlias it and
- * short-circuit the proxy... just because of the ordering in the
- * configuration file.
- */
-static int proxy_detect(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf;
-
-    conf = (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-
-    if (conf->req && r->parsed_uri.scheme) {
-        /* but it might be something vhosted */
-        if (!(r->parsed_uri.hostname
-              && !strcasecmp(r->parsed_uri.scheme, ap_http_method(r))
-              && ap_matches_request_vhost(r, r->parsed_uri.hostname,
-        r->parsed_uri.port_str ? r->parsed_uri.port : ap_default_port(r)))) {
-            r->proxyreq = STD_PROXY;
-            r->uri = r->unparsed_uri;
-            r->filename = ap_pstrcat(r->pool, "proxy:", r->uri, NULL);
-            r->handler = "proxy-server";
-        }
-    }
-    /* We need special treatment for CONNECT proxying: it has no scheme part */
-    else if (conf->req && r->method_number == M_CONNECT
-             && r->parsed_uri.hostname
-             && r->parsed_uri.port_str) {
-        r->proxyreq = STD_PROXY;
-        r->uri = r->unparsed_uri;
-        r->filename = ap_pstrcat(r->pool, "proxy:", r->uri, NULL);
-        r->handler = "proxy-server";
-    }
-    return DECLINED;
-}
-
-static int proxy_trans(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    int i, len;
-    struct proxy_alias *ent = (struct proxy_alias *)conf->aliases->elts;
-
-    if (r->proxyreq != NOT_PROXY) {
-        /*
-         * someone has already set up the proxy, it was possibly ourselves in
-         * proxy_detect
-         */
-        return OK;
-    }
-
-    /*
-     * XXX: since r->uri has been manipulated already we're not really
-     * compliant with RFC1945 at this point.  But this probably isn't an
-     * issue because this is a hybrid proxy/origin server.
-     */
-
-    for (i = 0; i < conf->aliases->nelts; i++) {
-        len = alias_match(r->uri, ent[i].fake);
-
-        if (len > 0) {
-            if (ent[i].real[0] == '!' && ent[i].real[1] == '\0')
-                return DECLINED;
-
-            r->filename = ap_pstrcat(r->pool, "proxy:", ent[i].real,
-                                     r->uri + len, NULL);
-            r->handler = "proxy-server";
-            r->proxyreq = PROXY_PASS;
-            return OK;
-        }
-    }
-    return DECLINED;
-}
-
-/* -------------------------------------------------------------- */
-/* Fixup the filename */
-
-/*
- * Canonicalise the URL
- */
-static int proxy_fixup(request_rec *r)
-{
-    char *url, *p;
-    int rc;
-
-    if (r->proxyreq == NOT_PROXY || strncmp(r->filename, "proxy:", 6) != 0)
-        return DECLINED;
-
-    url = &r->filename[6];
-
-/* canonicalise each specific scheme */
-    if (ap_hook_use("ap::mod_proxy::canon",
-                    AP_HOOK_SIG3(int,ptr,ptr),
-                    AP_HOOK_DECLINE(DECLINED),
-                    &rc, r, url) && rc != DECLINED)
-        return rc;  
-    else
-    if (strncasecmp(url, "http:", 5) == 0)
-        return ap_proxy_http_canon(r, url + 5, "http", DEFAULT_HTTP_PORT);
-    else if (strncasecmp(url, "ftp:", 4) == 0)
-        return ap_proxy_ftp_canon(r, url + 4);
-
-    p = strchr(url, ':');
-    if (p == NULL || p == url)
-        return HTTP_BAD_REQUEST;
-
-    return OK;                  /* otherwise; we've done the best we can */
-}
-
-static void proxy_init(server_rec *r, pool *p)
-{
-    ap_proxy_garbage_init(r, p);
-    ap_hook_use("ap::mod_proxy::init", 
-                AP_HOOK_SIG3(void,ptr,ptr), AP_HOOK_ALL, r, p);
-}
-
-static void proxy_addmod(module *m)
-{
-    /* export: ap_proxy_http_canon() as `ap::mod_proxy::http::canon' */
-    ap_hook_configure("ap::mod_proxy::http::canon", 
-                      AP_HOOK_SIG5(int,ptr,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_register("ap::mod_proxy::http::canon", 
-                     ap_proxy_http_canon, AP_HOOK_NOCTX);
-
-    /* export: ap_proxy_http_handler() as `ap::mod_proxy::http::handler' */
-    ap_hook_configure("ap::mod_proxy::http::handler", 
-                      AP_HOOK_SIG6(int,ptr,ptr,ptr,ptr,int), AP_HOOK_TOPMOST);
-    ap_hook_register("ap::mod_proxy::http::handler", 
-                     ap_proxy_http_handler, AP_HOOK_NOCTX);
-
-    /* export: ap_proxyerror() as `ap::mod_proxy::error' */
-    ap_hook_configure("ap::mod_proxy::error", 
-                      AP_HOOK_SIG3(int,ptr,ptr), AP_HOOK_TOPMOST);
-    ap_hook_register("ap::mod_proxy::error", 
-                     ap_proxyerror, AP_HOOK_NOCTX);
-    return;
-}
-
-static void proxy_remmod(module *m)
-{
-	/* remove the hook references */
-    ap_hook_unregister("ap::mod_proxy::http::canon", ap_proxy_http_canon);
-    ap_hook_unregister("ap::mod_proxy::http::handler", ap_proxy_http_handler);
-    ap_hook_unregister("ap::mod_proxy::error", ap_proxyerror);
-    return;
-}
-
-/* Send a redirection if the request contains a hostname which is not */
-/* fully qualified, i.e. doesn't have a domain name appended. Some proxy */
-/* servers like Netscape's allow this and access hosts from the local */
-/* domain in this case. I think it is better to redirect to a FQDN, since */
-/* these will later be found in the bookmarks files. */
-/* The "ProxyDomain" directive determines what domain will be appended */
-static int proxy_needsdomain(request_rec *r, const char *url, const char *domain)
-{
-    char *nuri;
-    const char *ref;
-
-    /* We only want to worry about GETs */
-    if (r->proxyreq == NOT_PROXY || r->method_number != M_GET || !r->parsed_uri.hostname)
-        return DECLINED;
-
-    /* If host does contain a dot already, or it is "localhost", decline */
-    if (strchr(r->parsed_uri.hostname, '.') != NULL
-        || strcasecmp(r->parsed_uri.hostname, "localhost") == 0)
-        return DECLINED;        /* host name has a dot already */
-
-    ref = ap_table_get(r->headers_in, "Referer");
-
-    /* Reassemble the request, but insert the domain after the host name */
-    /* Note that the domain name always starts with a dot */
-    r->parsed_uri.hostname = ap_pstrcat(r->pool, r->parsed_uri.hostname,
-                                        domain, NULL);
-    nuri = ap_unparse_uri_components(r->pool,
-                                     &r->parsed_uri,
-                                     UNP_REVEALPASSWORD);
-
-    ap_table_set(r->headers_out, "Location", nuri);
-    ap_log_rerror(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, r,
-                  "Domain missing: %s sent to %s%s%s", r->uri,
-                  ap_unparse_uri_components(r->pool, &r->parsed_uri,
-                                            UNP_OMITUSERINFO),
-                  ref ? " from " : "", ref ? ref : "");
-
-    return HTTP_MOVED_PERMANENTLY;
-}
-
-/* -------------------------------------------------------------- */
-/* Invoke handler */
-
-static int proxy_handler(request_rec *r)
-{
-    char *url, *scheme, *p;
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    array_header *proxies = conf->proxies;
-    struct proxy_remote *ents = (struct proxy_remote *) proxies->elts;
-    int i, rc;
-    cache_req *cr;
-    int direct_connect = 0;
-    const char *maxfwd_str;
-
-    if (r->proxyreq == NOT_PROXY || strncmp(r->filename, "proxy:", 6) != 0)
-        return DECLINED;
-
-    if (r->method_number == M_TRACE &&
-        (maxfwd_str = ap_table_get(r->headers_in, "Max-Forwards")) != NULL) {
-        long maxfwd = ap_strtol(maxfwd_str, NULL, 10);
-        if (maxfwd < 1) {
-            int access_status;
-            r->proxyreq = NOT_PROXY;
-            if ((access_status = ap_send_http_trace(r)))
-                ap_die(access_status, r);
-            else
-                ap_finalize_request_protocol(r);
-            return OK;
-        }
-        ap_table_setn(r->headers_in, "Max-Forwards",
-                ap_psprintf(r->pool, "%ld", (maxfwd > 0) ? maxfwd - 1 : 0));
-    }
-
-    if ((rc = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)))
-        return rc;
-
-    url = r->filename + 6;
-    p = strchr(url, ':');
-    if (p == NULL)
-        return HTTP_BAD_REQUEST;
-
-    /* Try serve the request from the cache. If we succeed, we leave. */
-    rc = ap_proxy_cache_check(r, url, &conf->cache, &cr);
-    if (rc != DECLINED)
-        return rc;
-
-    /* If the host doesn't have a domain name, add one and redirect. */
-    if (conf->domain != NULL) {
-        rc = proxy_needsdomain(r, url, conf->domain);
-        if (ap_is_HTTP_REDIRECT(rc))
-            return HTTP_MOVED_PERMANENTLY;
-    }
-
-    *p = '\0';
-    scheme = ap_pstrdup(r->pool, url);
-    *p = ':';
-
-    /* Check URI's destination host against NoProxy hosts */
-    /* Bypass ProxyRemote server lookup if configured as NoProxy */
-    /* we only know how to handle communication to a proxy via http */
-    /* if (strcasecmp(scheme, "http") == 0) */
-    {
-        int ii;
-        struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts;
-
-        for (direct_connect = ii = 0; ii < conf->dirconn->nelts && !direct_connect; ii++) {
-            direct_connect = list[ii].matcher(&list[ii], r);
-        }
-#if DEBUGGING
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r,
-                    (direct_connect) ? "NoProxy for %s" : "UseProxy for %s",
-                      r->uri);
-#endif
-    }
-
-/* firstly, try a proxy, unless a NoProxy directive is active */
-
-    if (!direct_connect)
-        for (i = 0; i < proxies->nelts; i++) {
-            p = strchr(ents[i].scheme, ':');    /* is it a partial URL? */
-            if (strcmp(ents[i].scheme, "*") == 0 ||
-                (p == NULL && strcasecmp(scheme, ents[i].scheme) == 0) ||
-                (p != NULL &&
-            strncasecmp(url, ents[i].scheme, strlen(ents[i].scheme)) == 0)) {
-                /*
-                 * CONNECT is a special method that bypasses the normal proxy
-                 * code.
-                 */
-		if (!ap_hook_use("ap::mod_proxy::handler",
-				 AP_HOOK_SIG7(int,ptr,ptr,ptr,ptr,int,ptr),
-				 AP_HOOK_DECLINE(DECLINED),
-				 &rc, r, cr, url, 
-				 ents[i].hostname, ents[i].port, 
-				 ents[i].protocol) || rc == DECLINED) {
-                if (r->method_number == M_CONNECT)
-                    rc = ap_proxy_connect_handler(r, cr, url, ents[i].hostname,
-                                                  ents[i].port);
-/* we only know how to handle communication to a proxy via http */
-                else if (strcasecmp(ents[i].protocol, "http") == 0)
-                    rc = ap_proxy_http_handler(r, cr, url, ents[i].hostname,
-                                               ents[i].port);
-                else
-                    rc = DECLINED;
-		}
-
-                /* an error or success */
-                if (rc != DECLINED && rc != HTTP_BAD_GATEWAY)
-                    return rc;
-                /* we failed to talk to the upstream proxy */
-            }
-        }
-
-    /* otherwise, try it direct */
-    /* N.B. what if we're behind a firewall, where we must use a proxy or
-     * give up??
-     */
-
-    /* handle the scheme */
-    if (ap_hook_use("ap::mod_proxy::handler",
-		    AP_HOOK_SIG7(int,ptr,ptr,ptr,ptr,int,ptr),
-		    AP_HOOK_DECLINE(DECLINED),
-		    &rc, r, cr, url, 
-                    NULL, 0, scheme) && rc != DECLINED)
-        return rc;
-    if (r->method_number == M_CONNECT) {
-        return ap_proxy_connect_handler(r, cr, url, NULL, 0);
-    }
-    if (strcasecmp(scheme, "http") == 0) {
-        return ap_proxy_http_handler(r, cr, url, NULL, 0);
-    }
-    if (strcasecmp(scheme, "ftp") == 0) {
-        return ap_proxy_ftp_handler(r, cr, url);
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r,
-                    "proxy: No protocol handler was valid for the URL %s. "
-                    "If you are using a DSO version of mod_proxy, make sure "
-                    "the proxy submodules are included in the configuration "
-                    "using LoadModule.", r->uri);
-        return HTTP_FORBIDDEN;
-    }
-}
-
-/* -------------------------------------------------------------- */
-/* Setup configurable data */
-
-static void *
-     create_proxy_config(pool *p, server_rec *s)
-{
-    proxy_server_conf *ps = ap_pcalloc(p, sizeof(proxy_server_conf));
-
-    ps->proxies = ap_make_array(p, 10, sizeof(struct proxy_remote));
-    ps->aliases = ap_make_array(p, 10, sizeof(struct proxy_alias));
-    ps->raliases = ap_make_array(p, 10, sizeof(struct proxy_alias));
-    ps->noproxies = ap_make_array(p, 10, sizeof(struct noproxy_entry));
-    ps->dirconn = ap_make_array(p, 10, sizeof(struct dirconn_entry));
-    ps->nocaches = ap_make_array(p, 10, sizeof(struct nocache_entry));
-    ps->allowed_connect_ports = ap_make_array(p, 10, sizeof(int));
-    ps->domain = NULL;
-    ps->viaopt = via_off;       /* initially backward compatible with 1.3.1 */
-    ps->viaopt_set = 0;         /* 0 means default */
-    ps->req = 0;
-    ps->req_set = 0;
-    ps->recv_buffer_size = 0;   /* this default was left unset for some
-                                 * reason */
-    ps->recv_buffer_size_set = 0;
-    ps->io_buffer_size = IOBUFSIZE;
-    ps->io_buffer_size_set = 0;
-    ps->preserve_host = 0;
-    ps->preserve_host_set = 0;
-
-    ps->cache.root = NULL;
-    ps->cache.space = DEFAULT_CACHE_SPACE;
-    ps->cache.space_set = 0;
-    ps->cache.maxexpire = DEFAULT_CACHE_MAXEXPIRE;
-    ps->cache.maxexpire_set = 0;
-    ps->cache.defaultexpire = DEFAULT_CACHE_EXPIRE;
-    ps->cache.defaultexpire_set = 0;
-    ps->cache.lmfactor = DEFAULT_CACHE_LMFACTOR;
-    ps->cache.lmfactor_set = 0;
-    ps->cache.gcinterval = DEFAULT_CACHE_GCINTERVAL;
-    ps->cache.gcinterval_set = 1;
-    /* at these levels, the cache can have 2^18 directories (256,000)  */
-    ps->cache.dirlevels = 3;
-    ps->cache.dirlevels_set = 0;
-    ps->cache.dirlength = 1;
-    ps->cache.dirlength_set = 0;
-    ps->cache.cache_completion = (float)DEFAULT_CACHE_COMPLETION;
-    ps->cache.cache_completion_set = 0;
-
-    return ps;
-}
-
-static void *
-     merge_proxy_config(pool *p, void *basev,
-                             void *overridesv)
-{
-    proxy_server_conf *ps = ap_pcalloc(p, sizeof(proxy_server_conf));
-    proxy_server_conf *base = (proxy_server_conf *)basev;
-    proxy_server_conf *overrides = (proxy_server_conf *)overridesv;
-
-    ps->proxies = ap_append_arrays(p, base->proxies, overrides->proxies);
-    ps->aliases = ap_append_arrays(p, base->aliases, overrides->aliases);
-    ps->raliases = ap_append_arrays(p, base->raliases, overrides->raliases);
-    ps->noproxies = ap_append_arrays(p, base->noproxies, overrides->noproxies);
-    ps->dirconn = ap_append_arrays(p, base->dirconn, overrides->dirconn);
-    ps->nocaches = ap_append_arrays(p, base->nocaches, overrides->nocaches);
-    ps->allowed_connect_ports = ap_append_arrays(p, base->allowed_connect_ports, overrides->allowed_connect_ports);
-
-    ps->domain = (overrides->domain == NULL) ? base->domain : overrides->domain;
-    ps->viaopt = (overrides->viaopt_set == 0) ? base->viaopt : overrides->viaopt;
-    ps->req = (overrides->req_set == 0) ? base->req : overrides->req;
-    ps->recv_buffer_size = (overrides->recv_buffer_size_set == 0) ? base->recv_buffer_size : overrides->recv_buffer_size;
-    ps->io_buffer_size = (overrides->io_buffer_size_set == 0) ? base->io_buffer_size : overrides->io_buffer_size;
-
-    ps->preserve_host = (overrides->preserve_host_set == 0) ? base->preserve_host : overrides->preserve_host;
-
-    ps->cache.root = (overrides->cache.root == NULL) ? base->cache.root : overrides->cache.root;
-    ps->cache.space = (overrides->cache.space_set == 0) ? base->cache.space : overrides->cache.space;
-    ps->cache.maxexpire = (overrides->cache.maxexpire_set == 0) ? base->cache.maxexpire : overrides->cache.maxexpire;
-    ps->cache.defaultexpire = (overrides->cache.defaultexpire_set == 0) ? base->cache.defaultexpire : overrides->cache.defaultexpire;
-    ps->cache.lmfactor = (overrides->cache.lmfactor_set == 0) ? base->cache.lmfactor : overrides->cache.lmfactor;
-    ps->cache.gcinterval = (overrides->cache.gcinterval_set == 0) ? base->cache.gcinterval : overrides->cache.gcinterval;
-    /* at these levels, the cache can have 2^18 directories (256,000)  */
-    ps->cache.dirlevels = (overrides->cache.dirlevels_set == 0) ? base->cache.dirlevels : overrides->cache.dirlevels;
-    ps->cache.dirlength = (overrides->cache.dirlength_set == 0) ? base->cache.dirlength : overrides->cache.dirlength;
-    ps->cache.cache_completion = (overrides->cache.cache_completion_set == 0) ? base->cache.cache_completion : overrides->cache.cache_completion;
-
-    return ps;
-}
-
-static const char *
-     add_proxy(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    server_rec *s = cmd->server;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(s->module_config, &proxy_module);
-    struct proxy_remote *new;
-    char *p, *q;
-    int port;
-    char *bl = NULL, *br = NULL;
-
-    p = strchr(r, ':');
-    if (p == NULL || p[1] != '/' || p[2] != '/' || p[3] == '\0')
-	return "ProxyRemote: Bad syntax for a remote proxy server";
-    bl = p + 3;
-    if (*bl == '['){
-	br = strrchr(bl+1, ']');
-	if (br){
-	    bl++;
-	    *br = '\0';
-	    if (*(br+1) == ':'){	/* [host]:xx */
-		q = br+1;
-	    }
-	    else if (*(br+1) == '\0'){	/* [host] */
-		q = NULL;
-	    }
-	    else
-		q = strrchr(br, ':');	/* XXX */
-	}
-	else
-	    q = strrchr(bl, ':');	/* XXX */
-    }
-    else
-	q = strrchr(bl, ':');
-    if (q != NULL) {
-        if (sscanf(q + 1, "%u", &port) != 1 || port > 65535)
-            return "ProxyRemote: Bad syntax for a remote proxy server (bad port number)";
-        *q = '\0';
-    }
-    else
-        port = -1;
-    *p = '\0';
-    if (strchr(f, ':') == NULL)
-        ap_str_tolower(f);      /* lowercase scheme */
-    ap_str_tolower(bl);         /* lowercase hostname */
-
-    if (port == -1) {
-        int i;
-        for (i = 0; defports[i].scheme != NULL; i++)
-            if (strcasecmp(defports[i].scheme, r) == 0)
-                break;
-        port = defports[i].port;
-    }
-
-    new = ap_push_array(conf->proxies);
-    new->scheme = f;
-    new->protocol = r;
-    new->hostname = bl;
-    new->port = port;
-    return NULL;
-}
-
-static const char *
-     add_pass(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    server_rec *s = cmd->server;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(s->module_config, &proxy_module);
-    struct proxy_alias *new;
-
-    new = ap_push_array(conf->aliases);
-    new->fake = f;
-    new->real = r;
-    return NULL;
-}
-
-static const char *
-     add_pass_reverse(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    server_rec *s = cmd->server;
-    proxy_server_conf *conf;
-    struct proxy_alias *new;
-
-    conf = (proxy_server_conf *)ap_get_module_config(s->module_config,
-                                                     &proxy_module);
-    new = ap_push_array(conf->raliases);
-    new->fake = f;
-    new->real = r;
-    return NULL;
-}
-
-static const char *
-     set_proxy_exclude(cmd_parms *parms, void *dummy, char *arg)
-{
-    server_rec *s = parms->server;
-    proxy_server_conf *conf =
-    ap_get_module_config(s->module_config, &proxy_module);
-    struct noproxy_entry *new;
-    struct noproxy_entry *list = (struct noproxy_entry *) conf->noproxies->elts;
-    struct hostent hp;
-    int found = 0;
-    int i;
-
-    /* Don't duplicate entries */
-    for (i = 0; i < conf->noproxies->nelts; i++) {
-        if (strcasecmp(arg, list[i].name) == 0) /* ignore case for host names */
-            found = 1;
-    }
-
-    if (!found) {
-        new = ap_push_array(conf->noproxies);
-        new->name = arg;
-        /* Don't do name lookups on things that aren't dotted */
-        if (strchr(arg, '.') != NULL && ap_proxy_host2addr(new->name, &hp) == NULL)
-            /*
-             * @@@FIXME: This copies only the first of (possibly many) IP
-             * addrs
-             */
-            memcpy(&new->addr, hp.h_addr, sizeof(struct in_addr));
-        else
-            new->addr.s_addr = 0;
-    }
-    return NULL;
-}
-
-/*
- * Set the ports CONNECT can use
- */
-static const char *
-     set_allowed_ports(cmd_parms *parms, void *dummy, char *arg)
-{
-    server_rec *s = parms->server;
-    proxy_server_conf *conf =
-    ap_get_module_config(s->module_config, &proxy_module);
-    int *New;
-
-    if (!ap_isdigit(arg[0]))
-        return "AllowCONNECT: port number must be numeric";
-
-    New = ap_push_array(conf->allowed_connect_ports);
-    *New = atoi(arg);
-    return NULL;
-}
-
-/* Similar to set_proxy_exclude(), but defining directly connected hosts,
- * which should never be accessed via the configured ProxyRemote servers
- */
-static const char *
-     set_proxy_dirconn(cmd_parms *parms, void *dummy, char *arg)
-{
-    server_rec *s = parms->server;
-    proxy_server_conf *conf =
-    ap_get_module_config(s->module_config, &proxy_module);
-    struct dirconn_entry *New;
-    struct dirconn_entry *list = (struct dirconn_entry *)conf->dirconn->elts;
-    int found = 0;
-    int i;
-
-    /* Don't duplicate entries */
-    for (i = 0; i < conf->dirconn->nelts; i++) {
-        if (strcasecmp(arg, list[i].name) == 0)
-            found = 1;
-    }
-
-    if (!found) {
-        New = ap_push_array(conf->dirconn);
-        New->name = arg;
-        New->hostentry = NULL;
-
-        if (ap_proxy_is_ipaddr(New, parms->pool)) {
-#if DEBUGGING
-            fprintf(stderr, "Parsed addr %s\n", inet_ntoa(New->addr));
-            fprintf(stderr, "Parsed mask %s\n", inet_ntoa(New->mask));
-#endif
-        }
-        else if (ap_proxy_is_domainname(New, parms->pool)) {
-            ap_str_tolower(New->name);
-#if DEBUGGING
-            fprintf(stderr, "Parsed domain %s\n", New->name);
-#endif
-        }
-        else if (ap_proxy_is_hostname(New, parms->pool)) {
-            ap_str_tolower(New->name);
-#if DEBUGGING
-            fprintf(stderr, "Parsed host %s\n", New->name);
-#endif
-        }
-        else {
-            ap_proxy_is_word(New, parms->pool);
-#if DEBUGGING
-            fprintf(stderr, "Parsed word %s\n", New->name);
-#endif
-        }
-    }
-    return NULL;
-}
-
-static const char *
-     set_proxy_domain(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    if (arg[0] != '.')
-        return "ProxyDomain: domain name must start with a dot.";
-
-    psf->domain = arg;
-    return NULL;
-}
-
-static const char *
-     set_proxy_req(cmd_parms *parms, void *dummy, int flag)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    psf->req = flag;
-    psf->req_set = 1;
-    return NULL;
-}
-
-
-static const char *
-     set_cache_size(cmd_parms *parms, char *struct_ptr, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int val;
-
-    if (sscanf(arg, "%d", &val) != 1)
-        return "CacheSize value must be an integer (kBytes)";
-    psf->cache.space = val;
-    psf->cache.space_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_root(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    psf->cache.root = arg;
-    ap_server_strip_chroot(psf->cache.root, 1);
-
-    return NULL;
-}
-
-static const char *
-     set_cache_factor(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    double val;
-
-    if (sscanf(arg, "%lg", &val) != 1)
-        return "CacheLastModifiedFactor value must be a float";
-    psf->cache.lmfactor = val;
-    psf->cache.lmfactor_set = 1;
-
-    return NULL;
-}
-
-static const char *
-     set_cache_maxex(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    double val;
-
-    if (sscanf(arg, "%lg", &val) != 1)
-        return "CacheMaxExpire value must be a float";
-    psf->cache.maxexpire = (int)(val * (double)SEC_ONE_HR);
-    psf->cache.maxexpire_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_defex(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    double val;
-
-    if (sscanf(arg, "%lg", &val) != 1)
-        return "CacheDefaultExpire value must be a float";
-    psf->cache.defaultexpire = (int)(val * (double)SEC_ONE_HR);
-    psf->cache.defaultexpire_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_gcint(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    double val;
-
-    if (sscanf(arg, "%lg", &val) != 1)
-        return "CacheGcInterval value must be a float";
-    psf->cache.gcinterval = (int)(val * (double)SEC_ONE_HR);
-    psf->cache.gcinterval_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_dirlevels(cmd_parms *parms, char *struct_ptr, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int val;
-
-    val = atoi(arg);
-    if (val < 1)
-        return "CacheDirLevels value must be an integer greater than 0";
-    if (val * psf->cache.dirlength > CACHEFILE_LEN)
-        return "CacheDirLevels*CacheDirLength value must not be higher than 20";
-    psf->cache.dirlevels = val;
-    psf->cache.dirlevels_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_dirlength(cmd_parms *parms, char *struct_ptr, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int val;
-
-    val = atoi(arg);
-    if (val < 1)
-        return "CacheDirLength value must be an integer greater than 0";
-    if (val * psf->cache.dirlevels > CACHEFILE_LEN)
-        return "CacheDirLevels*CacheDirLength value must not be higher than 20";
-    psf->cache.dirlength = val;
-    psf->cache.dirlength_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_exclude(cmd_parms *parms, void *dummy, char *arg)
-{
-    server_rec *s = parms->server;
-    proxy_server_conf *conf =
-    ap_get_module_config(s->module_config, &proxy_module);
-    struct nocache_entry *new;
-    struct nocache_entry *list = (struct nocache_entry *) conf->nocaches->elts;
-    struct hostent hp;
-    int found = 0;
-    int i;
-
-    /* Don't duplicate entries */
-    for (i = 0; i < conf->nocaches->nelts; i++) {
-        if (strcasecmp(arg, list[i].name) == 0) /* ignore case for host names */
-            found = 1;
-    }
-
-    if (!found) {
-        new = ap_push_array(conf->nocaches);
-        new->name = arg;
-        /* Don't do name lookups on things that aren't dotted */
-        if (strchr(arg, '.') != NULL && ap_proxy_host2addr(new->name, &hp) == NULL)
-            /*
-             * @@@FIXME: This copies only the first of (possibly many) IP
-             * addrs
-             */
-            memcpy(&new->addr, hp.h_addr, sizeof(struct in_addr));
-        else
-            new->addr.s_addr = 0;
-    }
-    return NULL;
-}
-
-static const char *
-     set_recv_buffer_size(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int s = atoi(arg);
-    if (s < 512 && s != 0) {
-        return "ProxyReceiveBufferSize must be >= 512 bytes, or 0 for system default.";
-    }
-
-    psf->recv_buffer_size = s;
-    psf->recv_buffer_size_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_io_buffer_size(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    long s = atol(arg);
-
-    psf->io_buffer_size = ((s > IOBUFSIZE) ? s : IOBUFSIZE);
-    psf->io_buffer_size_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_cache_completion(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-    int s = atoi(arg);
-    if (s > 100 || s < 0) {
-        return "CacheForceCompletion must be <= 100 percent, "
-            "or 0 for system default.";
-    }
-
-    if (s > 0)
-        psf->cache.cache_completion = ((float)s / 100);
-
-    psf->cache.cache_completion_set = 1;
-    return NULL;
-}
-
-static const char *
-     set_via_opt(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    if (strcasecmp(arg, "Off") == 0)
-        psf->viaopt = via_off;
-    else if (strcasecmp(arg, "On") == 0)
-        psf->viaopt = via_on;
-    else if (strcasecmp(arg, "Block") == 0)
-        psf->viaopt = via_block;
-    else if (strcasecmp(arg, "Full") == 0)
-        psf->viaopt = via_full;
-    else {
-        return "ProxyVia must be one of: "
-            "off | on | full | block";
-    }
-
-    psf->viaopt_set = 1;
-    return NULL;
-}
-
-static const char *
-    set_preserve_host(cmd_parms *parms, void *dummy, char *arg)
-{
-    proxy_server_conf *psf =
-    ap_get_module_config(parms->server->module_config, &proxy_module);
-
-    if (strcasecmp(arg, "Off") == 0)
-        psf->preserve_host = 0;
-    else if (strcasecmp(arg, "On") == 0)
-        psf->preserve_host = 1;
-    else {
-        return "ProxyPreserveHost must be one of: "
-            "off | on";
-    }
-
-    psf->preserve_host_set = 1;
-    return NULL;
-}
-
-static const handler_rec proxy_handlers[] =
-{
-    {"proxy-server", proxy_handler},
-    {NULL}
-};
-
-static const command_rec proxy_cmds[] =
-{
-    {"ProxyRequests", set_proxy_req, NULL, RSRC_CONF, FLAG,
-    "on if the true proxy requests should be accepted"},
-    {"ProxyRemote", add_proxy, NULL, RSRC_CONF, TAKE2,
-    "a scheme, partial URL or '*' and a proxy server"},
-    {"ProxyPass", add_pass, NULL, RSRC_CONF, TAKE2,
-    "a virtual path and a URL"},
-    {"ProxyPassReverse", add_pass_reverse, NULL, RSRC_CONF, TAKE2,
-    "a virtual path and a URL for reverse proxy behaviour"},
-    {"ProxyBlock", set_proxy_exclude, NULL, RSRC_CONF, ITERATE,
-    "A list of names, hosts or domains to which the proxy will not connect"},
-    {"ProxyReceiveBufferSize", set_recv_buffer_size, NULL, RSRC_CONF, TAKE1,
-    "Receive buffer size for outgoing HTTP and FTP connections in bytes"},
-    {"ProxyIOBufferSize", set_io_buffer_size, NULL, RSRC_CONF, TAKE1,
-    "IO buffer size for outgoing HTTP and FTP connections in bytes"},
-    {"NoProxy", set_proxy_dirconn, NULL, RSRC_CONF, ITERATE,
-    "A list of domains, hosts, or subnets to which the proxy will connect directly"},
-    {"ProxyDomain", set_proxy_domain, NULL, RSRC_CONF, TAKE1,
-    "The default intranet domain name (in absence of a domain in the URL)"},
-    {"AllowCONNECT", set_allowed_ports, NULL, RSRC_CONF, ITERATE,
-    "A list of ports which CONNECT may connect to"},
-    {"ProxyPreserveHost", set_preserve_host, NULL, RSRC_CONF, TAKE1,
-    "on if the host header should be preserved while proxying"},
-    {"CacheRoot", set_cache_root, NULL, RSRC_CONF, TAKE1,
-    "The directory to store cache files"},
-    {"CacheSize", set_cache_size, NULL, RSRC_CONF, TAKE1,
-    "The maximum disk space used by the cache in Kb"},
-    {"CacheMaxExpire", set_cache_maxex, NULL, RSRC_CONF, TAKE1,
-    "The maximum time in hours to cache a document"},
-    {"CacheDefaultExpire", set_cache_defex, NULL, RSRC_CONF, TAKE1,
-    "The default time in hours to cache a document"},
-    {"CacheLastModifiedFactor", set_cache_factor, NULL, RSRC_CONF, TAKE1,
-    "The factor used to estimate Expires date from LastModified date"},
-    {"CacheGcInterval", set_cache_gcint, NULL, RSRC_CONF, TAKE1,
-    "The interval between garbage collections, in hours"},
-    {"CacheDirLevels", set_cache_dirlevels, NULL, RSRC_CONF, TAKE1,
-    "The number of levels of subdirectories in the cache"},
-    {"CacheDirLength", set_cache_dirlength, NULL, RSRC_CONF, TAKE1,
-    "The number of characters in subdirectory names"},
-    {"NoCache", set_cache_exclude, NULL, RSRC_CONF, ITERATE,
-    "A list of names, hosts or domains for which caching is *not* provided"},
-    {"CacheForceCompletion", set_cache_completion, NULL, RSRC_CONF, TAKE1,
-    "Force a http cache completion after this percentage is loaded"},
-    {"ProxyVia", set_via_opt, NULL, RSRC_CONF, TAKE1,
-    "Configure Via: proxy header header to one of: on | off | block | full"},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT proxy_module =
-{
-    STANDARD_MODULE_STUFF,
-    proxy_init,                 /* initializer */
-    NULL,                       /* create per-directory config structure */
-    NULL,                       /* merge per-directory config structures */
-    create_proxy_config,        /* create per-server config structure */
-    merge_proxy_config,         /* merge per-server config structures */
-    proxy_cmds,                 /* command table */
-    proxy_handlers,             /* handlers */
-    proxy_trans,                /* translate_handler */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    proxy_fixup,                /* pre-run fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    proxy_detect                /* post read-request */
-   ,proxy_addmod,		/* EAPI: add_module */
-    proxy_remmod,		/* EAPI: remove_module */
-    NULL,			/* EAPI: rewrite_command */
-    NULL			/* EAPI: new_connection  */
-};
diff --git a/usr.sbin/httpd/src/modules/proxy/mod_proxy.h b/usr.sbin/httpd/src/modules/proxy/mod_proxy.h
deleted file mode 100644
index adacd729449..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/mod_proxy.h
+++ /dev/null
@@ -1,348 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef MOD_PROXY_H
-#define MOD_PROXY_H 
-
-/*
- * Main include file for the Apache proxy
- */
-
-/*
-
-   Note numerous FIXMEs and CHECKMEs which should be eliminated.
-
-   If TESTING is set, then garbage collection doesn't delete ... probably a good
-   idea when hacking.
-
- */
-
-#define TESTING 0
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_protocol.h"
-
-#include "explain.h"
-
-extern module MODULE_VAR_EXPORT proxy_module;
-
-
-/* for proxy_canonenc() */
-enum enctype {
-    enc_path, enc_search, enc_user, enc_fpath, enc_parm
-};
-
-#define HDR_APP (0)             /* append header, for proxy_add_header() */
-#define HDR_REP (1)             /* replace header, for proxy_add_header() */
-
-/* number of characters in the hash */
-#define HASH_LEN (22*2)
-
-/* maximum  'CacheDirLevels*CacheDirLength' value */
-#define CACHEFILE_LEN 20        /* must be less than HASH_LEN/2 */
-
-#define SEC_ONE_DAY             86400   /* one day, in seconds */
-#define SEC_ONE_HR              3600    /* one hour, in seconds */
-
-#define DEFAULT_FTP_DATA_PORT   20
-#define DEFAULT_FTP_PORT        21
-#define DEFAULT_GOPHER_PORT     70
-#define DEFAULT_NNTP_PORT       119
-#define DEFAULT_WAIS_PORT       210
-#define DEFAULT_HTTPS_PORT      443
-#define DEFAULT_SNEWS_PORT      563
-#define DEFAULT_PROSPERO_PORT   1525    /* WARNING: conflict w/Oracle */
-
-/* Some WWW schemes and their default ports; this is basically /etc/services */
-struct proxy_services {
-    const char *scheme;
-    int port;
-};
-
-/* static information about a remote proxy */
-struct proxy_remote {
-    const char *scheme;         /* the schemes handled by this proxy, or '*' */
-    const char *protocol;       /* the scheme used to talk to this proxy */
-    const char *hostname;       /* the hostname of this proxy */
-    int port;                   /* the port for this proxy */
-};
-
-struct proxy_alias {
-    char *real;
-    char *fake;
-};
-
-struct dirconn_entry {
-    char *name;
-    struct in_addr addr, mask;
-    struct hostent *hostentry;
-    int (*matcher) (struct dirconn_entry * This, request_rec *r);
-};
-
-struct noproxy_entry {
-    char *name;
-    struct in_addr addr;
-};
-
-struct nocache_entry {
-    char *name;
-    struct in_addr addr;
-};
-
-#define DEFAULT_CACHE_SPACE 5
-#define DEFAULT_CACHE_MAXEXPIRE SEC_ONE_DAY
-#define DEFAULT_CACHE_EXPIRE    SEC_ONE_HR
-#define DEFAULT_CACHE_LMFACTOR (0.1)
-#define DEFAULT_CACHE_COMPLETION (0.9)
-#define DEFAULT_CACHE_GCINTERVAL SEC_ONE_HR
-
-#ifndef MAX
-#define MAX(a,b)                ((a) > (b) ? (a) : (b))
-#endif
-#ifndef MIN
-#define MIN(a,b)                ((a) < (b) ? (a) : (b))
-#endif
-
-/* static information about the local cache */
-struct cache_conf {
-    const char *root;           /* the location of the cache directory */
-    off_t space;                /* Maximum cache size (in 1024 bytes) */
-    char space_set;
-    time_t maxexpire;           /* Maximum time to keep cached files in secs */
-    char maxexpire_set;
-    time_t defaultexpire;       /* default time to keep cached file in secs */
-    char defaultexpire_set;
-    double lmfactor;            /* factor for estimating expires date */
-    char lmfactor_set;
-    time_t gcinterval;          /* garbage collection interval, in seconds */
-    char gcinterval_set;
-    int dirlevels;              /* Number of levels of subdirectories */
-    char dirlevels_set;
-    int dirlength;              /* Length of subdirectory names */
-    char dirlength_set;
-    float cache_completion;     /* Force cache completion after this point */
-    char cache_completion_set;
-};
-
-typedef struct {
-    struct cache_conf cache;    /* cache configuration */
-    array_header *proxies;
-    array_header *aliases;
-    array_header *raliases;
-    array_header *noproxies;
-    array_header *dirconn;
-    array_header *nocaches;
-    array_header *allowed_connect_ports;
-    char *domain;               /* domain name to use in absence of a domain name in the request */
-    int req;                    /* true if proxy requests are enabled */
-    char req_set;
-    enum {
-      via_off,
-      via_on,
-      via_block,
-      via_full
-    } viaopt;                   /* how to deal with proxy Via: headers */
-    char viaopt_set;
-    size_t recv_buffer_size;
-    char recv_buffer_size_set;
-    size_t io_buffer_size;
-    char io_buffer_size_set;
-    int preserve_host;
-    int preserve_host_set;
-} proxy_server_conf;
-
-struct hdr_entry {
-    const char *field;
-    const char *value;
-};
-
-/* caching information about a request */
-typedef struct {
-    request_rec *req;           /* the request */
-    char *url;                  /* the URL requested */
-    char *filename;             /* name of the cache file,
-                                   or NULL if no cache */
-    char *tempfile;             /* name of the temporary file,
-                                   or NULL if not caching */
-    time_t ims;                 /* if-Modified-Since date of request,
-                                   -1 if no header */
-    time_t ius;                 /* if-Unmodified-Since date of request,
-                                   -1 if no header */
-    const char *im;             /* if-Match etag of request,
-                                   NULL if no header */
-    const char *inm;            /* if-None-Match etag of request,
-                                   NULL if no header */
-    BUFF *fp;                   /* the cache file descriptor if the file
-                                   is cached and may be returned,
-                                   or NULL if the file is not cached
-                                   (or must be reloaded) */
-    BUFF *origfp;               /* the old cache file descriptor if the file has
-                                   been revalidated and is being rewritten to
-                                   disk */
-    time_t expire;              /* calculated expire date of cached entity */
-    time_t lmod;                /* last-modified date of cached entity */
-    time_t date;                /* the date the cached file was last touched */
-    time_t req_time;            /* the time the request started */
-    time_t resp_time;           /* the time the response was received */
-    int version;                /* update count of the file */
-    off_t len;                  /* content length */
-    char *protocol;             /* Protocol, and major/minor number,
-                                   e.g. HTTP/1.1 */
-    int status;                 /* the status of the cached file */
-    unsigned int written;       /* total *content* bytes written to cache */
-    float cache_completion;     /* specific to this request */
-    char *resp_line;            /* the whole status line
-                                   (protocol, code + message) */
-    table *req_hdrs;            /* the original request headers */
-    table *hdrs;                /* the original HTTP response headers
-                                   of the file */
-    char *xcache;               /* the X-Cache header value
-                                   to be sent to client */
-} cache_req;
-
-struct per_thread_data {
-    struct hostent hpbuf;
-    in_addr_t ipaddr;
-    char *charpbuf[2];
-};
-/* Function prototypes */
-
-/* proxy_cache.c */
-
-void ap_proxy_cache_tidy(cache_req *c);
-int ap_proxy_cache_check(request_rec *r, char *url, struct cache_conf *conf,
-                      cache_req **cr);
-int ap_proxy_cache_update(cache_req *c, table *resp_hdrs,
-                       const int is_HTTP1, int nocache);
-void ap_proxy_garbage_coll(request_rec *r);
-
-/* proxy_connect.c */
-
-int ap_proxy_connect_handler(request_rec *r, cache_req *c, char *url,
-                          const char *proxyhost, int proxyport);
-
-/* proxy_ftp.c */
-
-int ap_proxy_ftp_canon(request_rec *r, char *url);
-int ap_proxy_ftp_handler(request_rec *r, cache_req *c, char *url);
-
-/* proxy_http.c */
-
-int ap_proxy_http_canon(request_rec *r, char *url, const char *scheme,
-                     int def_port);
-int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
-                       const char *proxyhost, int proxyport);
-
-/* proxy_util.c */
-
-int ap_proxy_hex2c(const char *x);
-void ap_proxy_c2hex(int ch, char *x);
-char *ap_proxy_canonenc(pool *p, const char *x, int len, enum enctype t,
-                        enum proxyreqtype isenc);
-char *ap_proxy_canon_netloc(pool *p, char **const urlp, char **userp,
-                         char **passwordp, char **hostp, int *port);
-const char *ap_proxy_date_canon(pool *p, const char *x);
-table *ap_proxy_read_headers(request_rec *r, char *buffer, int size, BUFF *f);
-long int ap_proxy_send_fb(BUFF *f, request_rec *r, cache_req *c, off_t len, int nowrite, int chunked, size_t recv_buffer_size);
-void ap_proxy_write_headers(cache_req *c, const char *respline, table *t);
-int ap_proxy_liststr(const char *list, const char *key, char **val);
-void ap_proxy_hash(const char *it, char *val, int ndepth, int nlength);
-int ap_proxy_hex2sec(const char *x);
-int ap_proxy_sec2hex(int t, char *y, int len);
-cache_req *ap_proxy_cache_error(cache_req *r);
-int ap_proxyerror(request_rec *r, int statuscode, const char *message);
-const char *ap_proxy_host2addr(const char *host, struct hostent *reqhp);
-int ap_proxy_is_ipaddr(struct dirconn_entry *This, pool *p);
-int ap_proxy_is_domainname(struct dirconn_entry *This, pool *p);
-int ap_proxy_is_hostname(struct dirconn_entry *This, pool *p);
-int ap_proxy_is_word(struct dirconn_entry *This, pool *p);
-int ap_proxy_doconnect(int sock, struct sockaddr *addr, request_rec *r);
-int ap_proxy_garbage_init(server_rec *, pool *);
-/* This function is called by ap_table_do() for all header lines */
-int ap_proxy_send_hdr_line(void *p, const char *key, const char *value);
-unsigned ap_proxy_bputs2(const char *data, BUFF *client, cache_req *cache);
-time_t ap_proxy_current_age(cache_req *c, const time_t age_value);
-BUFF *ap_proxy_open_cachefile(request_rec *r, char *filename);
-BUFF *ap_proxy_create_cachefile(request_rec *r, char *filename);
-void ap_proxy_clear_connection(pool *p, table *headers);
-int ap_proxy_table_replace(table *base, table *overlay);
-void ap_proxy_table_unmerge(pool *p, table *t, char *key);
-int ap_proxy_read_response_line(BUFF *f, request_rec *r, char *buffer, int size, int *backasswards, int *major, int *minor);
-
-/* WARNING - PRIVATE DEFINITION BELOW */
-
-/* XXX: if you tweak this you should look at is_empty_table() and table_elts()
- * in ap_alloc.h
- *
- * NOTE: this private definition is a duplicate of the one in alloc.c
- * It's here for ap_proxy_table_replace() to avoid breaking binary compat
- */
-struct table {
-    /* This has to be first to promote backwards compatibility with
-     * older modules which cast a table * to an array_header *...
-     * they should use the table_elts() function for most of the
-     * cases they do this for.
-     */
-    array_header a;
-#ifdef MAKE_TABLE_PROFILE
-    void *creator;
-#endif
-};
-
-#endif /*MOD_PROXY_H*/
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_cache.c b/usr.sbin/httpd/src/modules/proxy/proxy_cache.c
deleted file mode 100644
index 75eb0094294..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_cache.c
+++ /dev/null
@@ -1,1670 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* Cache and garbage collection routines for Apache proxy */
-
-#include "mod_proxy.h"
-#include "http_conf_globals.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_core.h"
-#include "util_date.h"
-#include 
-#include "multithread.h"
-#include "ap_md5.h"
-
-struct gc_ent {
-    unsigned long int len;
-    time_t expire;
-    char file[HASH_LEN + 1];
-};
-
-/* Poor man's 61 bit arithmetic */
-typedef struct {
-    long lower;                 /* lower 30 bits of result */
-    long upper;                 /* upper 31 bits of result */
-} long61_t;
-
-/* FIXME: The block size can be different on a `per file system' base.
- * This would make automatic detection highly OS specific.
- * In the GNU fileutils code for du(1), you can see how complicated it can
- * become to detect the block size. And, with BSD-4.x fragments, it
- * it even more difficult to get precise results.
- * As a compromise (and to improve on the incorrect counting of cache
- * size on byte level, omitting directory sizes entirely, which was
- * used up to apache-1.3b7) we're rounding to multiples of 512 here.
- * Your file system may be using larger blocks (I certainly hope so!)
- * but it will hardly use smaller blocks.
- * (So this approximation is still closer to reality than the old behavior).
- * The best solution would be automatic detection, the next best solution
- * IMHO is a sensible default and the possibility to override it.
- */
-
-#define ROUNDUP2BLOCKS(_bytes) (((_bytes)+block_size-1) & ~(block_size-1))
-static long block_size = 512;   /* this must be a power of 2 */
-static long61_t curbytes, cachesize;
-static time_t garbage_now, garbage_expire;
-static mutex *garbage_mutex = NULL;
-
-
-int ap_proxy_garbage_init(server_rec *r, pool *p)
-{
-    if (!garbage_mutex)
-        garbage_mutex = ap_create_mutex(NULL);
-
-    return (0);
-}
-
-
-static int sub_garbage_coll(request_rec *r, array_header *files,
-                             const char *cachedir, const char *cachesubdir);
-static void help_proxy_garbage_coll(request_rec *r);
-static int should_proxy_garbage_coll(request_rec *r);
-static void detached_proxy_garbage_coll(request_rec *r);
-
-
-void ap_proxy_garbage_coll(request_rec *r)
-{
-    static int inside = 0;
-
-    (void)ap_acquire_mutex(garbage_mutex);
-    if (inside == 1) {
-        (void)ap_release_mutex(garbage_mutex);
-        return;
-    }
-    else
-        inside = 1;
-    (void)ap_release_mutex(garbage_mutex);
-
-    ap_block_alarms();          /* avoid SIGALRM on big cache cleanup */
-    if (should_proxy_garbage_coll(r))
-        detached_proxy_garbage_coll(r);
-    ap_unblock_alarms();
-
-    (void)ap_acquire_mutex(garbage_mutex);
-    inside = 0;
-    (void)ap_release_mutex(garbage_mutex);
-}
-
-
-static void add_long61(long61_t *accu, long val)
-{
-    /* Add in lower 30 bits */
-    accu->lower += (val & 0x3FFFFFFFL);
-    /* add in upper bits, and carry */
-    accu->upper += (val >> 30) + ((accu->lower & ~0x3FFFFFFFL) != 0L);
-    /* Clear carry */
-    accu->lower &= 0x3FFFFFFFL;
-}
-
-static void sub_long61(long61_t *accu, long val)
-{
-    int carry = (val & 0x3FFFFFFFL) > accu->lower;
-    /* Subtract lower 30 bits */
-    accu->lower = accu->lower - (val & 0x3FFFFFFFL) + ((carry) ? 0x40000000 : 0);
-    /* add in upper bits, and carry */
-    accu->upper -= (val >> 30) + carry;
-}
-
-/* Compare two long61's:
- * return <0 when left < right
- * return  0 when left == right
- * return >0 when left > right
- */
-static long cmp_long61(long61_t *left, long61_t *right)
-{
-    return (left->upper == right->upper) ? (left->lower - right->lower)
-    : (left->upper - right->upper);
-}
-
-/* Compare two gc_ent's, sort them by expiration date */
-static int gcdiff(const void *ap, const void *bp)
-{
-    const struct gc_ent *a = (const struct gc_ent *) ap;
-    const struct gc_ent *b = (const struct gc_ent *) bp;
-
-    if (a->expire > b->expire)
-        return 1;
-    else if (a->expire < b->expire)
-        return -1;
-    else
-        return 0;
-}
-
-static void detached_proxy_garbage_coll(request_rec *r)
-{
-    pid_t pid;
-    int status;
-    pid_t pgrp;
-
-    switch (pid = fork()) {
-    case -1:
-        ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                     "proxy: fork() for cache cleanup failed");
-        return;
-
-    case 0:                     /* Child */
-
-        /* close all sorts of things, including the socket fd */
-        ap_cleanup_for_exec();
-
-        /* Fork twice to disassociate from the child */
-        switch (pid = fork()) {
-        case -1:
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy: fork(2nd) for cache cleanup failed");
-            exit(1);
-
-        case 0:         /* Child */
-            /* The setpgrp() stuff was snarfed from http_main.c */
-            if ((pgrp = setsid()) == -1) {
-                perror("setsid");
-                fprintf(stderr, "%s: setsid failed\n",
-                        ap_server_argv0);
-                exit(1);
-            }
-            help_proxy_garbage_coll(r);
-            exit(0);
-
-        default:                /* Father */
-            /* After grandson has been forked off, */
-            /* there's nothing else to do. */
-            exit(0);
-        }
-    default:
-        /* Wait until grandson has been forked off */
-        /* (without wait we'd leave a zombie) */
-        waitpid(pid, &status, 0);
-        return;
-    }
-}
-
-#define DOT_TIME "/.time"       /* marker */
-
-static int should_proxy_garbage_coll(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    proxy_server_conf *pconf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    const struct cache_conf *conf = &pconf->cache;
-
-    const char *cachedir = conf->root;
-    char *filename;
-    size_t fnlen;
-    struct stat buf;
-    int timefd;
-    time_t every = conf->gcinterval;
-    static time_t lastcheck = BAD_DATE; /* static (per-process) data!!! */
-
-    if (cachedir == NULL || every == -1)
-        return 0;
-
-    fnlen = strlen(cachedir) + strlen(DOT_TIME) + 1;
-    filename = ap_palloc(r->pool, fnlen);
-
-    garbage_now = time(NULL);
-    /*
-     * Usually, the modification time of /.time can only increase.
-     * Thus, even with several child processes having their own copy of
-     * lastcheck, if time(NULL) still < lastcheck then it's not time for GC
-     * yet.
-     */
-    if (garbage_now != -1 && lastcheck != BAD_DATE && garbage_now < lastcheck + every)
-        return 0;
-
-    strlcpy(filename, cachedir, fnlen);
-    strlcat(filename, DOT_TIME, fnlen);
-
-    /*
-     * At this point we have a bit of an engineering compromise. We could
-     * either create and/or mark the .time file  (prior to the fork which
-     * might fail on a resource issue) or wait until we are safely forked.
-     * The advantage of doing it now in this process is that we get some
-     * usefull live out of the global last check variable. (XXX which should
-     * go scoreboard IMHO.) Note that the actual counting is at a later
-     * moment.
-     */
-    if (stat(filename, &buf) == -1) {   /* does not exist */
-        if (errno != ENOENT) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy: stat(%s)", filename);
-            return 0;
-        }
-        if ((timefd = creat(filename, 0666)) == -1) {
-            if (errno != EEXIST)
-                ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                             "proxy: creat(%s)", filename);
-            else
-                lastcheck = garbage_now;        /* someone else got in there */
-            return 0;
-        }
-        close(timefd);
-    }
-    else {
-        lastcheck = buf.st_mtime;       /* save the time */
-        if (garbage_now < lastcheck + every) {
-            return 0;
-        }
-        if (utime(filename, NULL) == -1)
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy: utimes(%s)", filename);
-    }
-
-    return 1;
-}
-
-static void help_proxy_garbage_coll(request_rec *r)
-{
-    const char *cachedir;
-    void *sconf = r->server->module_config;
-    proxy_server_conf *pconf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    const struct cache_conf *conf = &pconf->cache;
-    array_header *files;
-    struct gc_ent *fent;
-    char *filename;
-    int i;
-
-    cachedir = conf->root;
-    filename = ap_palloc(r->pool, strlen(cachedir) + HASH_LEN + 2);
-    /* configured size is given in kB. Make it bytes, convert to long61_t: */
-    cachesize.lower = cachesize.upper = 0;
-    add_long61(&cachesize, conf->space << 10);
-
-    ap_block_alarms();          /* avoid SIGALRM on big cache cleanup */
-
-    files = ap_make_array(r->pool, 100, sizeof(struct gc_ent));
-    curbytes.upper = curbytes.lower = 0L;
-
-    sub_garbage_coll(r, files, cachedir, "/");
-
-    if (cmp_long61(&curbytes, &cachesize) < 0L) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "proxy GC: Cache is %ld%% full (nothing deleted)",
-                     (long)(((curbytes.upper << 20) | (curbytes.lower >> 10)) * 100 / conf->space));
-        ap_unblock_alarms();
-        return;
-    }
-
-    /* sort the files we found by expiration date */
-    qsort(files->elts, files->nelts, sizeof(struct gc_ent), gcdiff);
-
-    for (i = 0; i < files->nelts; i++) {
-        fent = &((struct gc_ent *) files->elts)[i];
-        snprintf(filename, sizeof(fent->file), "%s%s", cachedir, fent->file);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "GC Unlinking %s (expiry %ld, garbage_now %ld)", filename, (long)fent->expire, (long)garbage_now);
-#if TESTING
-        fprintf(stderr, "Would unlink %s\n", filename);
-#else
-        if (unlink(filename) == -1) {
-            if (errno != ENOENT)
-                ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                             "proxy gc: unlink(%s)", filename);
-        }
-        else
-#endif
-        {
-            sub_long61(&curbytes, ROUNDUP2BLOCKS(fent->len));
-            if (cmp_long61(&curbytes, &cachesize) < 0)
-                break;
-        }
-    }
-
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                 "proxy GC: Cache is %ld%% full (%d deleted)",
-                 (long)(((curbytes.upper << 20) | (curbytes.lower >> 10)) * 100 / conf->space), i);
-    ap_unblock_alarms();
-}
-
-static int sub_garbage_coll(request_rec *r, array_header *files,
-                          const char *cachebasedir, const char *cachesubdir)
-{
-    char line[17 * (3)];
-    char cachedir[HUGE_STRING_LEN];
-    struct stat buf;
-    int fd, i;
-    DIR *dir;
-    struct dirent *ent;
-    struct gc_ent *fent;
-    int nfiles = 0;
-    char *filename;
-    size_t fnlen;
-
-    ap_snprintf(cachedir, sizeof(cachedir), "%s%s", cachebasedir, cachesubdir);
-    fnlen = strlen(cachedir) + HASH_LEN + 2;
-    filename = ap_palloc(r->pool, fnlen);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "GC Examining directory %s", cachedir);
-    dir = opendir(cachedir);
-    if (dir == NULL) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                     "proxy gc: opendir(%s)", cachedir);
-        return 0;
-    }
-
-    while ((ent = readdir(dir)) != NULL) {
-        if (ent->d_name[0] == '.')
-            continue;
-        snprintf(filename, fnlen, "%s%s", cachedir, ent->d_name);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "GC Examining file %s", filename);
-/* is it a temporary file? */
-        if (strncmp(ent->d_name, "tmp", 3) == 0) {
-/* then stat it to see how old it is; delete temporary files > 1 day old */
-            if (stat(filename, &buf) == -1) {
-                if (errno != ENOENT)
-                    ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                                 "proxy gc: stat(%s)", filename);
-            }
-            else if (garbage_now != -1 && buf.st_atime < garbage_now - SEC_ONE_DAY &&
-                     buf.st_mtime < garbage_now - SEC_ONE_DAY) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "GC unlink %s", filename);
-                ap_log_error(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, r->server,
-                     "proxy gc: deleting orphaned cache file %s", filename);
-#if TESTING
-                fprintf(stderr, "Would unlink %s\n", filename);
-#else
-                unlink(filename);
-#endif
-            }
-            continue;
-        }
-        ++nfiles;
-	/* is it another file? */
-        /* FIXME: Shouldn't any unexpected files be deleted? */
-        /* if (strlen(ent->d_name) != HASH_LEN) continue; */
-
-	/* read the file */
-        fd = open(filename, O_RDONLY | O_BINARY);
-        if (fd == -1) {
-            if (errno != ENOENT)
-                ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                             "proxy gc: open(%s)", filename);
-            continue;
-        }
-        if (fstat(fd, &buf) == -1) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy gc: fstat(%s)", filename);
-            close(fd);
-            continue;
-        }
-
-        if (S_ISDIR(buf.st_mode)) {
-            char newcachedir[HUGE_STRING_LEN];
-            close(fd);
-            ap_snprintf(newcachedir, sizeof(newcachedir),
-                        "%s%s/", cachesubdir, ent->d_name);
-            if (!sub_garbage_coll(r, files, cachebasedir, newcachedir)) {
-                ap_snprintf(newcachedir, sizeof(newcachedir),
-                            "%s%s", cachedir, ent->d_name);
-#if TESTING
-                fprintf(stderr, "Would remove directory %s\n", newcachedir);
-#else
-                rmdir(newcachedir);
-#endif
-                --nfiles;
-            }
-            else {
-                /* Directory is not empty. Account for its size: */
-                add_long61(&curbytes, ROUNDUP2BLOCKS(buf.st_size));
-            }
-            continue;
-        }
-
-
-        i = read(fd, line, 17 * (3) - 1);
-        close(fd);
-        if (i == -1) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
-                         "proxy gc: read(%s)", filename);
-            continue;
-        }
-        line[i] = '\0';
-        garbage_expire = ap_proxy_hex2sec(line + 17 * (2));
-        if (!ap_checkmask(line, "&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&") ||
-            garbage_expire == BAD_DATE) {
-            /* bad file */
-            if (garbage_now != -1 && buf.st_atime > garbage_now + SEC_ONE_DAY &&
-                buf.st_mtime > garbage_now + SEC_ONE_DAY) {
-                ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r->server,
-                             "proxy: deleting bad cache file with future date: %s", filename);
-#if TESTING
-                fprintf(stderr, "Would unlink bad file %s\n", filename);
-#else
-                unlink(filename);
-#endif
-            }
-            continue;
-        }
-
-/*
- * we need to calculate an 'old' factor, and remove the 'oldest' files
- * so that the space requirement is met; sort by the expires date of the
- * file.
- *
- */
-        fent = (struct gc_ent *) ap_push_array(files);
-        fent->len = buf.st_size;
-        fent->expire = garbage_expire;
-        strlcpy(fent->file, cachesubdir, sizeof(fent->file));
-        strlcat(fent->file, ent->d_name, sizeof(fent->file));
-
-/* accumulate in blocks, to cope with directories > 4Gb */
-        add_long61(&curbytes, ROUNDUP2BLOCKS(buf.st_size));
-    }
-
-    closedir(dir);
-
-    return nfiles;
-
-}
-
-
-/*
- * Read a cache file;
- * returns 1 on success,
- *         0 on failure (bad file or wrong URL)
- *        -1 on UNIX error
- *
- * We read the cache hex header, then the message response line and
- * response headers, and finally we return with the filepointer
- * pointing at the start of the message body itself, ready to be
- * shipped to the client later on, if appropriate.
- */
-static int rdcache(request_rec *r, BUFF *cachefp, cache_req *c)
-{
-    char urlbuff[HUGE_STRING_LEN], *strp;
-    int len;
-
-    /* read the data from the cache file */
-
-    /*
-     * Format:
-     * 
-     * The cache needs to keep track of the following information: - Date,
-     * LastMod, Version, ReqTime, RespTime, ContentLength - The original
-     * request headers (for Vary) - The original response headers (for
-     * returning with a cached response) - The body of the message
-     * 
-     * date SP lastmod SP expire SP count SP request-time SP response-time SP
-     * content-lengthCRLF (dates are stored as hex seconds since 1970)
-     * Original URLCRLF Original Request Headers CRLF Original Response
-     * Headers CRLF Body
-     * 
-     */
-
-    /* retrieve cachefile information values */
-    len = ap_bgets(urlbuff, sizeof urlbuff, cachefp);
-    if (len == -1) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-    if (len == 0 || urlbuff[len - 1] != '\n')
-        return 0;
-    urlbuff[len - 1] = '\0';
-
-    if (!ap_checkmask(urlbuff,
-                      "&&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&& &&&&&&&&&&&&&&&&"))
-        return 0;
-
-    c->date = ap_proxy_hex2sec(urlbuff + 17 * (0));
-    c->lmod = ap_proxy_hex2sec(urlbuff + 17 * (1));
-    c->expire = ap_proxy_hex2sec(urlbuff + 17 * (2));
-    c->version = ap_proxy_hex2sec(urlbuff + 17 * (3));
-    c->req_time = ap_proxy_hex2sec(urlbuff + 17 * (4));
-    c->resp_time = ap_proxy_hex2sec(urlbuff + 17 * (5));
-    c->len = ap_proxy_hex2sec(urlbuff + 17 * (6));
-
-    /* check that we have the same URL */
-    len = ap_bgets(urlbuff, sizeof urlbuff, cachefp);
-    if (len == -1) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-    if (len == 0 || strncmp(urlbuff, "X-URL: ", 7) != 0 ||
-        urlbuff[len - 1] != '\n')
-        return 0;
-    urlbuff[len - 1] = '\0';
-    if (strcmp(urlbuff + 7, c->url) != 0)
-        return 0;
-
-    /* then the original request headers */
-    c->req_hdrs = ap_proxy_read_headers(r, urlbuff, sizeof urlbuff, cachefp);
-    if (c->req_hdrs == NULL) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-
-    /* then the original response headers */
-    len = ap_bgets(urlbuff, sizeof urlbuff, cachefp);
-    if (len == -1) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-    if (len == 0 || urlbuff[len - 1] != '\n')
-        return 0;
-    urlbuff[--len] = '\0';
-
-    c->resp_line = ap_pstrdup(r->pool, urlbuff);
-    strp = strchr(urlbuff, ' ');
-    if (strp == NULL)
-        return 0;
-
-    c->status = atoi(strp);
-    c->hdrs = ap_proxy_read_headers(r, urlbuff, sizeof urlbuff, cachefp);
-    if (c->hdrs == NULL) {
-        /* Delete broken cache file */
-        unlink(c->filename);
-        return -1;
-    }
-    if (c->len != -1)           /* add a content-length header */
-        if (ap_table_get(c->hdrs, "Content-Length") == NULL) {
-            ap_table_set(c->hdrs, "Content-Length",
-                         ap_psprintf(r->pool, "%lu", (unsigned long)c->len));
-        }
-
-
-    return 1;
-}
-
-/*
- * Call this to check the possible conditional status of
- * the client request, and return the response from the cache
- *
- * Conditionals include If-Modified-Since, If-Match, If-Unmodified-Since
- * and If-None-Match.
- *
- * We don't yet understand If-Range, but we will...
- */
-int ap_proxy_cache_conditional(request_rec *r, cache_req *c, BUFF *cachefp)
-{
-    const char *etag, *wetag = NULL;
-
-    /* get etag */
-    if ((etag = ap_table_get(c->hdrs, "Etag"))) {
-        wetag = ap_pstrcat(r->pool, "W/", etag, NULL);
-    }
-
-    /* check for If-Match, If-Unmodified-Since */
-    while (1) {
-
-        /*
-         * check If-Match and If-Unmodified-Since exist
-         * 
-         * If neither of these exist, the request is not conditional, and we
-         * serve it normally
-         */
-        if (!c->im && BAD_DATE == c->ius) {
-            break;
-        }
-
-        /*
-         * check If-Match
-         * 
-         * we check if the Etag on the cached file is in the list of Etags in
-         * the If-Match field. The comparison must be a strong comparison, so
-         * the Etag cannot be marked as weak. If the comparision fails we
-         * return 412 Precondition Failed.
-         * 
-         * if If-Match is specified AND If-Match is not a "*" AND Etag is
-         * missing or weak or not in the list THEN return 412 Precondition
-         * Failed
-         */
-
-        if (c->im) {
-            if (strcmp(c->im, "*") &&
-                (!etag || (strlen(etag) > 1 && 'W' == etag[0] && '/' == etag[1]) || !ap_proxy_liststr(c->im, etag, NULL))) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Match specified, and it didn't - return 412");
-            }
-            else {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Match specified, and it matched");
-                break;
-            }
-        }
-
-        /*
-         * check If-Unmodified-Since
-         * 
-         * if If-Unmodified-Since is specified AND Last-Modified is specified
-         * somewhere AND If-Unmodified-Since is in the past compared to
-         * Last-Modified THEN return 412 Precondition Failed
-         */
-        if (BAD_DATE != c->ius && BAD_DATE != c->lmod) {
-            if (c->ius < c->lmod) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Unmodified-Since specified, but it wasn't - return 412");
-            }
-            else {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Unmodified-Since specified, and it was unmodified");
-                break;
-            }
-        }
-
-        /* if cache file is being updated */
-        if (c->origfp) {
-            ap_proxy_write_headers(c, c->resp_line, c->hdrs);
-            ap_proxy_send_fb(c->origfp, r, c, c->len, 1, 0, IOBUFSIZE);
-            ap_proxy_cache_tidy(c);
-        }
-        else
-            ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Use your cached copy, conditional precondition failed.");
-        return HTTP_PRECONDITION_FAILED;
-    }
-
-
-    /* check for If-None-Match, If-Modified-Since */
-    while (1) {
-
-        /*
-         * check for existance of If-None-Match and If-Modified-Since
-         * 
-         * if neither of these headers have been set, then the request is not
-         * conditional, and we just send the cached response and be done with
-         * it.
-         */
-        if (!c->inm && BAD_DATE == c->ims) {
-            break;
-        }
-
-        /*
-         * check If-None-Match
-         * 
-         * we check if the Etag on the cached file is in the list of Etags in
-         * the If-None-Match field. The comparison must be a strong
-         * comparison, so the Etag cannot be marked as weak. If the
-         * comparision fails we return 412 Precondition Failed.
-         * 
-         * if If-None-Match is specified: if If-None-Match is a "*" THEN 304
-         * else if Etag is specified AND we get a match THEN 304 else if Weak
-         * Etag is specified AND we get a match THEN 304 else sent the
-         * original object
-         */
-        if (c->inm) {
-            if (!strcmp(c->inm, "*")) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-None-Match: * specified, return 304");
-            }
-            else if (etag && ap_proxy_liststr(c->inm, etag, NULL)) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-None-Match: specified and we got a strong match - return 304");
-            }
-            else if (wetag && ap_proxy_liststr(c->inm, wetag, NULL)) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-None-Match specified, and we got a weak match - return 304");
-            }
-            else
-                break;
-        }
-
-        /*
-         * check If-Modified-Since
-         * 
-         * if If-Modified-Since is specified AND Last-Modified is specified
-         * somewhere: if last modification date is earlier than
-         * If-Modified-Since THEN 304 else send the original object
-         */
-        if (BAD_DATE != c->ims && BAD_DATE != c->lmod) {
-            if (c->ims >= c->lmod) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "If-Modified-Since specified and not modified, try return 304");
-            }
-            else
-                break;
-        }
-
-
-        /* are we updating the cache file? */
-        if (c->origfp) {
-            ap_proxy_write_headers(c, c->resp_line, c->hdrs);
-            ap_proxy_send_fb(c->origfp, r, c, c->len, 1, 0, IOBUFSIZE);
-            ap_proxy_cache_tidy(c);
-        }
-        else
-            ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Use local copy, cached file hasn't changed");
-        return HTTP_NOT_MODIFIED;
-    }
-
-
-    /* No conditional - just send it cousin! */
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Local copy modified, send it");
-    r->status_line = strchr(c->resp_line, ' ') + 1;
-    r->status = c->status;
-
-    /* Prepare and send headers to client */
-    ap_proxy_table_replace(r->headers_out, c->hdrs);
-    /* make sure our X-Cache header does not stomp on a previous header */
-    ap_table_mergen(r->headers_out, "X-Cache", c->xcache);
-
-    /* content type is already set in the headers */
-    r->content_type = ap_table_get(r->headers_out, "Content-Type");
-
-    ap_send_http_header(r);
-
-    /* are we rewriting the cache file? */
-    if (c->origfp) {
-        ap_proxy_write_headers(c, c->resp_line, c->hdrs);
-        ap_proxy_send_fb(c->origfp, r, c, c->len, r->header_only, 0, IOBUFSIZE);
-        ap_proxy_cache_tidy(c);
-        return OK;
-    }
-
-    /* no, we not */
-    if (!r->header_only) {
-        ap_proxy_send_fb(cachefp, r, NULL, c->len, 0, 0, IOBUFSIZE);
-    }
-    else {
-        ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-    }
-
-    return OK;
-}
-
-
-/*
- * Call this to test for a resource in the cache
- * Returns DECLINED if we need to check the remote host
- * or an HTTP status code if successful
- *
- * Functions:
- *   if URL is cached then
- *      if cached file is not expired then
- *         if last modified after if-modified-since then send body
- *         else send 304 Not modified
- *      else if cached file is expired then
- *         if last modified after if-modified-since then add
- *            last modified date to request
- */
-int ap_proxy_cache_check(request_rec *r, char *url, struct cache_conf * conf,
-                             cache_req **cr)
-{
-    const char *datestr, *pragma_req = NULL, *pragma_cresp = NULL, *cc_req = NULL,
-        *cc_cresp = NULL;
-    cache_req *c;
-    BUFF *cachefp;
-    int i;
-    void *sconf = r->server->module_config;
-    proxy_server_conf *pconf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    const char *agestr = NULL;
-    char *val;
-    time_t age_c = 0;
-    time_t age, maxage_req, maxage_cresp, maxage, smaxage, maxstale, minfresh;
-
-    c = ap_pcalloc(r->pool, sizeof(cache_req));
-    *cr = c;
-    c->req = r;
-    c->url = ap_pstrdup(r->pool, url);
-    c->filename = NULL;
-    c->tempfile = NULL;
-    c->fp = NULL;
-    c->origfp = NULL;
-    c->version = 0;
-    c->len = -1;
-    c->req_hdrs = NULL;
-    c->hdrs = NULL;
-    c->xcache = NULL;
-
-    /* get the If-Modified-Since date of the request, if it exists */
-    c->ims = BAD_DATE;
-    datestr = ap_table_get(r->headers_in, "If-Modified-Since");
-    if (datestr != NULL) {
-        /* this may modify the value in the original table */
-        datestr = ap_proxy_date_canon(r->pool, datestr);
-        c->ims = ap_parseHTTPdate(datestr);
-        if (c->ims == BAD_DATE) /* bad or out of range date; remove it */
-            ap_table_unset(r->headers_in, "If-Modified-Since");
-    }
-
-/* get the If-Unmodified-Since date of the request, if it exists */
-    c->ius = BAD_DATE;
-    datestr = ap_table_get(r->headers_in, "If-Unmodified-Since");
-    if (datestr != NULL) {
-        /* this may modify the value in the original table */
-        datestr = ap_proxy_date_canon(r->pool, datestr);
-        c->ius = ap_parseHTTPdate(datestr);
-        if (c->ius == BAD_DATE) /* bad or out of range date; remove it */
-            ap_table_unset(r->headers_in, "If-Unmodified-Since");
-    }
-
-/* get the If-Match of the request, if it exists */
-    c->im = ap_table_get(r->headers_in, "If-Match");
-
-/* get the If-None-Match of the request, if it exists */
-    c->inm = ap_table_get(r->headers_in, "If-None-Match");
-
-/* find the filename for this cache entry */
-    if (conf->root != NULL) {
-        char hashfile[66];
-        ap_proxy_hash(url, hashfile, pconf->cache.dirlevels, pconf->cache.dirlength);
-        c->filename = ap_pstrcat(r->pool, conf->root, "/", hashfile, NULL);
-    }
-    else {
-        c->filename = NULL;
-        c->fp = NULL;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "No CacheRoot, so no caching. Declining.");
-        return DECLINED;
-    }
-
-/* find certain cache controlling headers */
-    pragma_req = ap_table_get(r->headers_in, "Pragma");
-    cc_req = ap_table_get(r->headers_in, "Cache-Control");
-
-/* first things first - does the request allow us to return
- * cached information at all? If not, just decline the request.
- *
- * Note that there is a big difference between not being allowed
- * to cache a request (no-store) and not being allowed to return
- * a cached request without revalidation (max-age=0).
- *
- * Caching is forbidden under the following circumstances:
- *
- * - RFC2616 14.9.2 Cache-Control: no-store
- * we are not supposed to store this request at all. Behave as a tunnel.
- *
- */
-    if (ap_proxy_liststr(cc_req, "no-store", NULL)) {
-
-/* delete the previously cached file */
-        if (c->filename)
-            unlink(c->filename);
-        c->fp = NULL;
-        c->filename = NULL;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "no-store forbids caching. Declining.");
-        return DECLINED;
-    }
-
-/* if the cache file exists, open it */
-    cachefp = NULL;
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Request for %s, pragma_req=%s, ims=%ld", url,
-                 (pragma_req == NULL) ? "(unset)" : pragma_req, (long)c->ims);
-/* find out about whether the request can access the cache */
-    if (c->filename != NULL && r->method_number == M_GET &&
-        strlen(url) < 1024) {
-        cachefp = ap_proxy_open_cachefile(r, c->filename);
-    }
-
-
-    /*
-     * if a cache file exists, try reading body and headers from cache file
-     */
-    if (cachefp != NULL) {
-        i = rdcache(r, cachefp, c);
-        if (i == -1)
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "proxy: error reading cache file %s",
-                          c->filename);
-        else if (i == 0)
-            ap_log_rerror(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, r,
-                          "proxy: bad (short?) cache file: %s", c->filename);
-        if (i != 1) {
-            ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-            cachefp = NULL;
-        }
-        if (c->hdrs) {
-            cc_cresp = ap_table_get(c->hdrs, "Cache-Control");
-            pragma_cresp = ap_table_get(c->hdrs, "Pragma");
-            if ((agestr = ap_table_get(c->hdrs, "Age"))) {
-                age_c = atoi(agestr);
-            }
-        }
-    }
-
-    /* if a cache file does not exist, create empty header array */
-/* fixed?  in this case, we want to get the headers from the remote server
-   it will be handled later if we don't do this (I hope ;-)
-
-    if (cachefp == NULL)
-        c->hdrs = ap_make_table(r->pool, 20);
-*/
-    /* FIXME: Shouldn't we check the URL somewhere? */
-
-    /*
-     * Check Content-Negotiation - Vary
-     * 
-     * At this point we need to make sure that the object we found in the cache
-     * is the same object that would be delivered to the client, when the
-     * effects of content negotiation are taken into effect.
-     * 
-     * In plain english, we want to make sure that a language-negotiated
-     * document in one language is not given to a client asking for a
-     * language negotiated document in a different language by mistake.
-     * 
-     * RFC2616 13.6 and 14.44 describe the Vary mechanism.
-     */
-    if (c->hdrs && c->req_hdrs) {
-        char *vary = ap_pstrdup(r->pool, ap_table_get(c->hdrs, "Vary"));
-
-        while (vary && *vary) {
-            char *name = vary;
-            const char *h1, *h2;
-
-            /* isolate header name */
-            while (*vary && !ap_isspace(*vary) && (*vary != ','))
-                ++vary;
-            while (ap_isspace(*vary) || (*vary == ',')) {
-                *vary = '\0';
-                ++vary;
-            }
-
-            /*
-             * is this header in the request and the header in the cached
-             * request identical? If not, we give up and do a straight get
-             */
-            h1 = ap_table_get(r->headers_in, name);
-            h2 = ap_table_get(c->req_hdrs, name);
-            if (h1 == h2) {
-                /* both headers NULL, so a match - do nothing */
-            }
-            else if (h1 && h2 && !strcmp(h1, h2)) {
-                /* both headers exist and are equal - do nothing */
-            }
-            else {
-
-                /* headers do not match, so Vary failed */
-                c->fp = cachefp;
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Vary header mismatch - object must be fetched from scratch. Declining.");
-                return DECLINED;
-            }
-        }
-    }
-
-
-    /*
-     * We now want to check if our cached data is still fresh. This depends
-     * on a few things, in this order:
-     * 
-     * - RFC2616 14.9.4 End to end reload, Cache-Control: no-cache no-cache in
-     * either the request or the cached response means that we must
-     * revalidate the request unconditionally, overriding any expiration
-     * mechanism. It's equivalent to max-age=0,must-revalidate.
-     * 
-     * - RFC2616 14.32 Pragma: no-cache This is treated the same as
-     * Cache-Control: no-cache.
-     * 
-     * - RFC2616 14.9.3 Cache-Control: max-stale, must-revalidate,
-     * proxy-revalidate if the max-stale request header exists, modify the
-     * stale calculations below so that an object can be at most 
-     * seconds stale before we request a revalidation, _UNLESS_ a
-     * must-revalidate or proxy-revalidate cached response header exists to
-     * stop us doing this.
-     * 
-     * - RFC2616 14.9.3 Cache-Control: s-maxage the origin server specifies the
-     * maximum age an object can be before it is considered stale. This
-     * directive has the effect of proxy|must revalidate, which in turn means
-     * simple ignore any max-stale setting.
-     * 
-     * - RFC2616 14.9.4 Cache-Control: max-age this header can appear in both
-     * requests and responses. If both are specified, the smaller of the two
-     * takes priority.
-     * 
-     * - RFC2616 14.21 Expires: if this request header exists in the cached
-     * entity, and it's value is in the past, it has expired.
-     * 
-     */
-
-    /* calculate age of object */
-    age = ap_proxy_current_age(c, age_c);
-
-    /* extract s-maxage */
-    if (cc_cresp && ap_proxy_liststr(cc_cresp, "s-maxage", &val))
-        smaxage = atoi(val);
-    else
-        smaxage = -1;
-
-    /* extract max-age from request */
-    if (cc_req && ap_proxy_liststr(cc_req, "max-age", &val))
-        maxage_req = atoi(val);
-    else
-        maxage_req = -1;
-
-    /* extract max-age from response */
-    if (cc_cresp && ap_proxy_liststr(cc_cresp, "max-age", &val))
-        maxage_cresp = atoi(val);
-    else
-        maxage_cresp = -1;
-
-    /*
-     * if both maxage request and response, the smaller one takes priority
-     */
-    if (-1 == maxage_req)
-        maxage = maxage_cresp;
-    else if (-1 == maxage_cresp)
-        maxage = maxage_req;
-    else
-        maxage = MIN(maxage_req, maxage_cresp);
-
-    /* extract max-stale */
-    if (cc_req && ap_proxy_liststr(cc_req, "max-stale", &val))
-        maxstale = atoi(val);
-    else
-        maxstale = 0;
-
-    /* extract min-fresh */
-    if (cc_req && ap_proxy_liststr(cc_req, "min-fresh", &val))
-        minfresh = atoi(val);
-    else
-        minfresh = 0;
-
-    /* override maxstale if must-revalidate or proxy-revalidate */
-    if (maxstale && ((cc_cresp && ap_proxy_liststr(cc_cresp, "must-revalidate", NULL)) || (cc_cresp && ap_proxy_liststr(cc_cresp, "proxy-revalidate", NULL))))
-        maxstale = 0;
-
-    if (cachefp != NULL &&
-
-    /* handle no-cache */
-        !((cc_req && ap_proxy_liststr(cc_req, "no-cache", NULL)) ||
-          (pragma_req && ap_proxy_liststr(pragma_req, "no-cache", NULL)) ||
-          (cc_cresp && ap_proxy_liststr(cc_cresp, "no-cache", NULL)) ||
-      (pragma_cresp && ap_proxy_liststr(pragma_cresp, "no-cache", NULL))) &&
-
-    /* handle expiration */
-        ((-1 < smaxage && age < (smaxage - minfresh)) ||
-         (-1 < maxage && age < (maxage + maxstale - minfresh)) ||
-         (c->expire != BAD_DATE && age < (c->expire - c->date + maxstale - minfresh)))
-        ) {
-
-        /* it's fresh darlings... */
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Unexpired data available");
-
-        /* set age header on response */
-        ap_table_set(c->hdrs, "Age",
-                     ap_psprintf(r->pool, "%lu", (unsigned long)age));
-
-        /* add warning if maxstale overrode freshness calculation */
-        if (!((-1 < smaxage && age < smaxage) ||
-              (-1 < maxage && age < maxage) ||
-              (c->expire != BAD_DATE && (c->expire - c->date) > age))) {
-            /* make sure we don't stomp on a previous warning */
-            ap_table_merge(c->hdrs, "Warning", "110 Response is stale");
-        }
-
-        /* check conditionals (If-Modified-Since, etc) */
-        c->xcache = ap_pstrcat(r->pool, "HIT from ", ap_get_server_name(r), NULL);
-        return ap_proxy_cache_conditional(r, c, cachefp);
-
-
-    }
-
-    /*
-     * at this point we have determined our cached data needs revalidation
-     * but first - we check 1 thing:
-     * 
-     * RFC2616 14.9.4 - if "only-if-cached" specified, send a 504 Gateway
-     * Timeout - we're not allowed to revalidate the object
-     */
-    if (ap_proxy_liststr(cc_req, "only-if-cached", NULL)) {
-        if (cachefp)
-            ap_pclosef(r->pool, ap_bfileno(cachefp, B_WR));
-        return HTTP_GATEWAY_TIME_OUT;
-    }
-
-
-    /*
-     * If we already have cached data and a last-modified date, and it is not
-     * a head request, then add an If-Modified-Since.
-     * 
-     * If we also have an Etag, then the object must have come from an HTTP/1.1
-     * server. Add an If-None-Match as well.
-     * 
-     * See RFC2616 13.3.4
-     */
-
-    if (cachefp != NULL && !r->header_only) {
-
-        const char *etag = ap_table_get(c->hdrs, "Etag");
-
-        /* If-Modified-Since */
-        if (c->lmod != BAD_DATE) {
-            /*
-             * use the later of the one from the request and the
-             * last-modified date from the cache
-             */
-            if (c->ims == BAD_DATE || c->ims < c->lmod) {
-                const char *q;
-
-                if ((q = ap_table_get(c->hdrs, "Last-Modified")) != NULL)
-                    ap_table_set(r->headers_in, "If-Modified-Since", (char *)q);
-            }
-        }
-
-        /* If-None-Match */
-        if (etag) {
-            ap_table_set(r->headers_in, "If-None-Match", etag);
-        }
-
-    }
-
-
-    c->fp = cachefp;
-
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Local copy not present or expired. Declining.");
-
-    return DECLINED;
-}
-
-/*
- * Having read the response from the client, decide what to do
- * If the response is not cachable, then delete any previously cached
- * response, and copy data from remote server to client.
- * Functions:
- *  parse dates
- *  check for an uncachable response
- *  calculate an expiry date, if one is not provided
- *  if the remote file has not been modified, then return the document
- *  from the cache, maybe updating the header line
- *  otherwise, delete the old cached file and open a new temporary file
- */
-int ap_proxy_cache_update(cache_req *c, table *resp_hdrs,
-                              const int is_HTTP1, int nocache)
-{
-    request_rec *r = c->req;
-    char *p;
-    const char *expire, *lmods, *dates, *clen;
-    time_t expc, date, lmod, now;
-    char buff[17 * 7 + 1];
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    const char *cc_resp;
-    table *req_hdrs;
-    size_t tflen;
-
-    cc_resp = ap_table_get(resp_hdrs, "Cache-Control");
-
-    c->tempfile = NULL;
-
-    /* we've received the response from the origin server */
-
-    /*
-     * read expiry date; if a bad date, then leave it so the client can read
-     * it
-     */
-    expire = ap_table_get(resp_hdrs, "Expires");
-    if (expire != NULL)
-        expc = ap_parseHTTPdate(expire);
-    else
-        expc = BAD_DATE;
-
-    /* read the last-modified date; if the date is bad, then delete it */
-    lmods = ap_table_get(resp_hdrs, "Last-Modified");
-    if (lmods != NULL) {
-        lmod = ap_parseHTTPdate(lmods);
-        if (lmod == BAD_DATE) {
-            /* kill last modified date */
-            lmods = NULL;
-        }
-    }
-    else
-        lmod = BAD_DATE;
-
-
-    /*
-     * what responses should we not cache?
-     * 
-     * At this point we decide based on the response headers whether it is
-     * appropriate _NOT_ to cache the data from the server. There are a whole
-     * lot of conditions that prevent us from caching this data. They are
-     * tested here one by one to be clear and unambiguous.
-     */
-
-    /*
-     * RFC2616 13.4 we are allowed to cache 200, 203, 206, 300, 301 or 410 We
-     * don't cache 206, because we don't (yet) cache partial responses. We
-     * include 304 Not Modified here too as this is the origin server telling
-     * us to serve the cached copy.
-     */
-    if ((r->status != HTTP_OK && r->status != HTTP_NON_AUTHORITATIVE && r->status != HTTP_MULTIPLE_CHOICES && r->status != HTTP_MOVED_PERMANENTLY && r->status != HTTP_NOT_MODIFIED) ||
-
-    /* if a broken Expires header is present, don't cache it */
-        (expire != NULL && expc == BAD_DATE) ||
-
-    /*
-     * if the server said 304 Not Modified but we have no cache file - pass
-     * this untouched to the user agent, it's not for us.
-     */
-        (r->status == HTTP_NOT_MODIFIED && (c == NULL || c->fp == NULL)) ||
-
-    /*
-     * 200 OK response from HTTP/1.0 and up without a Last-Modified header
-     */
-        (r->status == HTTP_OK && lmods == NULL && is_HTTP1) ||
-
-    /* HEAD requests */
-        r->header_only ||
-
-    /*
-     * RFC2616 14.9.2 Cache-Control: no-store response indicating do not
-     * cache, or stop now if you are trying to cache it
-     */
-        ap_proxy_liststr(cc_resp, "no-store", NULL) ||
-
-    /*
-     * RFC2616 14.9.1 Cache-Control: private this object is marked for this
-     * user's eyes only. Behave as a tunnel.
-     */
-        ap_proxy_liststr(cc_resp, "private", NULL) ||
-
-    /*
-     * RFC2616 14.8 Authorisation: if authorisation is included in the
-     * request, we don't cache, but we can cache if the following exceptions
-     * are true: 1) If Cache-Control: s-maxage is included 2) If
-     * Cache-Control: must-revalidate is included 3) If Cache-Control: public
-     * is included
-     */
-        (ap_table_get(r->headers_in, "Authorization") != NULL
-
-         && !(ap_proxy_liststr(cc_resp, "s-maxage", NULL) || ap_proxy_liststr(cc_resp, "must-revalidate", NULL) || ap_proxy_liststr(cc_resp, "public", NULL))
-         ) ||
-
-    /* or we've been asked not to cache it above */
-        nocache) {
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Response is not cacheable, unlinking %s", c->filename);
-
-        /* close the file */
-        if (c->fp != NULL) {
-            ap_pclosef(r->pool, ap_bfileno(c->fp, B_WR));
-            c->fp = NULL;
-        }
-
-        /* delete the previously cached file */
-        if (c->filename)
-            unlink(c->filename);
-        return DECLINED;        /* send data to client but not cache */
-    }
-
-
-    /*
-     * It's safe to cache the response.
-     * 
-     * We now want to update the cache file header information with the new
-     * date, last modified, expire and content length and write it away to
-     * our cache file. First, we determine these values from the response,
-     * using heuristics if appropriate.
-     * 
-     * In addition, we make HTTP/1.1 age calculations and write them away too.
-     */
-
-    /* Read the date. Generate one if one is not supplied */
-    dates = ap_table_get(resp_hdrs, "Date");
-    if (dates != NULL)
-        date = ap_parseHTTPdate(dates);
-    else
-        date = BAD_DATE;
-
-    now = time(NULL);
-
-    if (date == BAD_DATE) {     /* No, or bad date */
-/* no date header! */
-/* add one; N.B. use the time _now_ rather than when we were checking the cache
- */
-        date = now;
-        dates = ap_gm_timestr_822(r->pool, now);
-        ap_table_set(resp_hdrs, "Date", dates);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Added date header");
-    }
-
-/* set response_time for HTTP/1.1 age calculations */
-    c->resp_time = now;
-
-/* check last-modified date */
-    if (lmod != BAD_DATE && lmod > date)
-/* if its in the future, then replace by date */
-    {
-        lmod = date;
-        lmods = dates;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Last modified is in the future, replacing with now");
-    }
-/* if the response did not contain the header, then use the cached version */
-    if (lmod == BAD_DATE && c->fp != NULL) {
-        lmod = c->lmod;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Reusing cached last modified");
-    }
-
-/* we now need to calculate the expire data for the object. */
-    if (expire == NULL && c->fp != NULL) {      /* no expiry data sent in
-                                                 * response */
-        expire = ap_table_get(c->hdrs, "Expires");
-        if (expire != NULL)
-            expc = ap_parseHTTPdate(expire);
-    }
-/* so we now have the expiry date */
-/* if no expiry date then
- *   if lastmod
- *      expiry date = now + min((date - lastmod) * factor, maxexpire)
- *   else
- *      expire date = now + defaultexpire
- */
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Expiry date is %ld", (long)expc);
-    if (expc == BAD_DATE) {
-        if (lmod != BAD_DATE) {
-            double x = (double)(date - lmod) * conf->cache.lmfactor;
-            double maxex = conf->cache.maxexpire;
-            if (x > maxex)
-                x = maxex;
-            expc = now + (int)x;
-        }
-        else
-            expc = now + conf->cache.defaultexpire;
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Expiry date calculated %ld", (long)expc);
-    }
-
-/* get the content-length header */
-    clen = ap_table_get(resp_hdrs, "Content-Length");
-    if (clen == NULL)
-        c->len = -1;
-    else
-        c->len = ap_strtol(clen, NULL, 10);
-
-/* we have all the header information we need - write it to the cache file */
-    c->version++;
-    ap_proxy_sec2hex(date, buff + 17 * (0), sizeof(buff) - 17 * 0);
-    buff[17 * (1) - 1] = ' ';
-    ap_proxy_sec2hex(lmod, buff + 17 * (1), sizeof(buff) - 17 * 1);
-    buff[17 * (2) - 1] = ' ';
-    ap_proxy_sec2hex(expc, buff + 17 * (2), sizeof(buff) - 17 * 2);
-    buff[17 * (3) - 1] = ' ';
-    ap_proxy_sec2hex(c->version, buff + 17 * (3), sizeof(buff) - 17 * 3);
-    buff[17 * (4) - 1] = ' ';
-    ap_proxy_sec2hex(c->req_time, buff + 17 * (4), sizeof(buff) - 17 * 4);
-    buff[17 * (5) - 1] = ' ';
-    ap_proxy_sec2hex(c->resp_time, buff + 17 * (5), sizeof(buff) - 17 * 5);
-    buff[17 * (6) - 1] = ' ';
-    ap_proxy_sec2hex(c->len, buff + 17 * (6), sizeof(buff) - 17 * 6);
-    buff[17 * (7) - 1] = '\n';
-    buff[17 * (7)] = '\0';
-
-/* Was the server response a 304 Not Modified?
- *
- * If it was, it means that we requested a revalidation, and that
- * the result of that revalidation was that the object was fresh.
- *
- */
-
-/* if response from server 304 not modified */
-    if (r->status == HTTP_NOT_MODIFIED) {
-
-/* Have the headers changed?
- *
- * if not - we fulfil the request and return now.
- */
-
-        if (c->hdrs) {
-            /* recall at this point that c->len is already set from resp_hdrs.
-               If Content-Length was NULL, then c->len is -1, otherwise it's
-               set to whatever the value was. */
-            if (c->len == 0 || c->len == -1) {
-                const char *c_clen_str;
-                off_t c_clen;
-                if ( (c_clen_str = ap_table_get(c->hdrs, "Content-Length")) &&
-                   ( (c_clen = ap_strtol(c_clen_str, NULL, 10)) > 0) ) {
-                        ap_table_set(resp_hdrs, "Content-Length", c_clen_str);
-                        c->len = c_clen;
-                        ap_proxy_sec2hex(c->len, buff + 17 * (6),
-			    sizeof(buff) - 17 * 6);
-                        buff[17 * (7) - 1] = '\n';
-                        buff[17 * (7)] = '\0';
-                }
-            }
-            if (!ap_proxy_table_replace(c->hdrs, resp_hdrs)) {
-                c->xcache = ap_pstrcat(r->pool, "HIT from ", ap_get_server_name(r), " (with revalidation)", NULL);
-                return ap_proxy_cache_conditional(r, c, c->fp);
-            }
-        }
-        else
-            c->hdrs = resp_hdrs;
-/* if we get here - the headers have changed. Go through the motions
- * of creating a new temporary cache file below, we'll then serve
- * the request like we would have in ap_proxy_cache_conditional()
- * above, and at the same time we will also rewrite the contents
- * to the new temporary file.
- */
-    }
-
-/*
- * Ok - lets prepare and open the cached file
- *
- * If a cached file (in c->fp) is already open, then we want to
- * update that cached file. Copy the c->fp to c->origfp and open
- * up a new one.
- *
- * If the cached file (in c->fp) is NULL, we must open a new cached
- * file from scratch.
- *
- * The new cache file will be moved to it's final location in the
- * directory tree later, overwriting the old cache file should it exist.
- */
-
-/* if a cache file was already open */
-    if (c->fp != NULL) {
-        c->origfp = c->fp;
-    }
-
-    while (1) {
-/* create temporary filename */
-#define TMPFILESTR    "/tmpXXXXXXXXXX"
-        if (conf->cache.root == NULL) {
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-        tflen = strlen(conf->cache.root) + sizeof(TMPFILESTR);
-        c->tempfile = ap_palloc(r->pool, tflen);
-        strlcpy(c->tempfile, conf->cache.root, tflen);
-        strlcat(c->tempfile, TMPFILESTR, tflen);
-#undef TMPFILESTR
-        p = mktemp(c->tempfile);
-        if (p == NULL) {
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Create temporary file %s", c->tempfile);
-
-/* create the new file */
-        c->fp = ap_proxy_create_cachefile(r, c->tempfile);
-        if (NULL == c->fp) {
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-
-/* write away the cache header and the URL */
-        if (ap_bvputs(c->fp, buff, "X-URL: ", c->url, "\n", NULL) == -1) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                        "proxy: error writing cache file(%s)", c->tempfile);
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-
-/* get original request headers */
-        if (c->req_hdrs)
-            req_hdrs = ap_copy_table(r->pool, c->req_hdrs);
-        else
-            req_hdrs = ap_copy_table(r->pool, r->headers_in);
-
-/* remove hop-by-hop headers */
-        ap_proxy_clear_connection(r->pool, req_hdrs);
-
-/* save original request headers */
-        if (c->req_hdrs)
-            ap_table_do(ap_proxy_send_hdr_line, c, c->req_hdrs, NULL);
-        else
-            ap_table_do(ap_proxy_send_hdr_line, c, r->headers_in, NULL);
-        if (ap_bputs(CRLF, c->fp) == -1) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                          "proxy: error writing request headers terminating CRLF to %s", c->tempfile);
-            c = ap_proxy_cache_error(c);
-            break;
-        }
-        break;
-    }
-
-/* Was the server response a 304 Not Modified?
- *
- * If so, we have some work to do that we didn't do when we first
- * checked above. We need to fulfil the request, and we need to
- * copy the body from the old object to the new one.
- */
-
-/* if response from server 304 not modified */
-    if (r->status == HTTP_NOT_MODIFIED) {
-
-/* fulfil the request */
-        c->xcache = ap_pstrcat(r->pool, "HIT from ", ap_get_server_name(r), " (with revalidation)", NULL);
-        return ap_proxy_cache_conditional(r, c, c->fp);
-
-    }
-    return DECLINED;
-}
-
-void ap_proxy_cache_tidy(cache_req *c)
-{
-    server_rec *s;
-    off_t bc;
-
-    if (!c || !c->fp)
-        return;
-
-    s = c->req->server;
-
-/* don't care how much was sent, but rather how much was written to cache
-    ap_bgetopt(c->req->connection->client, BO_BYTECT, &bc);
- */
-    bc = c->written;
-
-    if (c->len != -1) {
-/* file lengths don't match; don't cache it */
-        if (bc != c->len) {
-            ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR));  /* no need to flush */
-            unlink(c->tempfile);
-            return;
-        }
-    }
-/* don't care if aborted, cache it if fully retrieved from host!
-    else if (c->req->connection->aborted) {
-        ap_pclosef(c->req->pool, c->fp->fd);    / no need to flush /
-        unlink(c->tempfile);
-        return;
-    }
-*/
-    else {
-/* update content-length of file */
-        char buff[17];
-        off_t curpos;
-
-        c->len = bc;
-        ap_bflush(c->fp);
-        ap_proxy_sec2hex(c->len, buff, sizeof(buff));
-        curpos = lseek(ap_bfileno(c->fp, B_WR), 17 * 6, SEEK_SET);
-        if (curpos == -1)
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                      "proxy: error seeking on cache file %s", c->tempfile);
-        else if (write(ap_bfileno(c->fp, B_WR), buff, sizeof(buff) - 1) == -1)
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "proxy: error updating cache file %s", c->tempfile);
-    }
-
-    if (ap_bflush(c->fp) == -1) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "proxy: error writing to cache file %s",
-                     c->tempfile);
-        ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR));
-        unlink(c->tempfile);
-        return;
-    }
-
-    if (ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR))== -1) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "proxy: error closing cache file %s", c->tempfile);
-        unlink(c->tempfile);
-        return;
-    }
-
-    if (unlink(c->filename) == -1 && errno != ENOENT) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "proxy: error deleting old cache file %s",
-                     c->filename);
-        (void)unlink(c->tempfile);
-    }
-    else {
-        char *p;
-        proxy_server_conf *conf =
-        (proxy_server_conf *)ap_get_module_config(s->module_config, &proxy_module);
-
-        for (p = c->filename + strlen(conf->cache.root) + 1;;) {
-            p = strchr(p, '/');
-            if (!p)
-                break;
-            *p = '\0';
-            if (mkdir(c->filename, S_IREAD | S_IWRITE | S_IEXEC) < 0 && errno != EEXIST)
-                ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                             "proxy: error creating cache directory %s",
-                             c->filename);
-            *p = '/';
-            ++p;
-        }
-        if (link(c->tempfile, c->filename) == -1)
-            ap_log_error(APLOG_MARK, APLOG_INFO, s,
-                         "proxy: error linking cache file %s to %s",
-                         c->tempfile, c->filename);
-        if (unlink(c->tempfile) == -1)
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "proxy: error deleting temp file %s", c->tempfile);
-    }
-}
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_connect.c b/usr.sbin/httpd/src/modules/proxy/proxy_connect.c
deleted file mode 100644
index 42b39a33bfc..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_connect.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* CONNECT method for Apache proxy */
-
-#include "mod_proxy.h"
-#include "http_log.h"
-#include "http_main.h"
-
-/*
- * This handles Netscape CONNECT method secure proxy requests.
- * A connection is opened to the specified host and data is
- * passed through between the WWW site and the browser.
- *
- * This code is based on the INTERNET-DRAFT document
- * "Tunneling SSL Through a WWW Proxy" currently at
- * http://www.mcom.com/newsref/std/tunneling_ssl.html.
- *
- * If proxyhost and proxyport are set, we send a CONNECT to
- * the specified proxy..
- *
- * FIXME: this is bad, because it does its own socket I/O
- *        instead of using the I/O in buff.c.  However,
- *        the I/O in buff.c blocks on reads, and because
- *        this function doesn't know how much data will
- *        be sent either way (or when) it can't use blocking
- *        I/O.  This may be very implementation-specific
- *        (to Linux).  Any suggestions?
- * FIXME: this doesn't log the number of bytes sent, but
- *        that may be okay, since the data is supposed to
- *        be transparent. In fact, this doesn't log at all
- *        yet. 8^)
- * FIXME: doesn't check any headers initally sent from the
- *        client.
- * FIXME: should allow authentication, but hopefully the
- *        generic proxy authentication is good enough.
- * FIXME: no check for r->assbackwards, whatever that is.
- */
-
-static int allowed_port(proxy_server_conf *conf, int port)
-{
-    int i;
-    int *list = (int *)conf->allowed_connect_ports->elts;
-
-    for (i = 0; i < conf->allowed_connect_ports->nelts; i++) {
-        if (port == list[i])
-            return 1;
-    }
-    return 0;
-}
-
-
-int ap_proxy_connect_handler(request_rec *r, cache_req *c, char *url,
-                                 const char *proxyhost, int proxyport)
-{
-    struct sockaddr_in server;
-    struct addrinfo hints, *res, *res0;
-    const char *hoststr;
-    const char *portstr = NULL;
-    char *p;
-    int port, sock;
-    char buffer[HUGE_STRING_LEN];
-    int nbytes, i;
-    fd_set fds;
-    int error;
-
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
-
-    memset(&server, '\0', sizeof(server));
-#ifdef HAVE_SOCKADDR_LEN
-    server.sin_len = sizeof(server);
-#endif
-    server.sin_family = AF_INET;
-
-    /* Break the URL into host:port pairs */
-
-    hoststr = url;
-    p = strchr(url, ':');
-    if (p == NULL) {
-	char pbuf[32];
-	ap_snprintf(pbuf, sizeof(pbuf), "%d", DEFAULT_HTTPS_PORT);
-	portstr = pbuf;
-    } else {
-	portstr = p + 1;
-	*p = '\0';
-    }
-    port = atoi(portstr);
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    error = getaddrinfo(hoststr, portstr, &hints, &res0);
-    if (error && proxyhost == NULL) {
-	return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-		    gai_strerror(error));       /* give up */
-    }
-
-/* check if ProxyBlock directive on this host */
-    for (i = 0; i < conf->noproxies->nelts; i++) {
-	int fail;
-	struct sockaddr_in *sin;
-
-	fail = 0;
-	if (npent[i].name != NULL && strstr(hoststr, npent[i].name))
-	    fail++;
-	if (npent[i].name != NULL && strcmp(npent[i].name, "*") == 0)
-	    fail++;
-	for (res = res0; res; res = res->ai_next) {
-	    switch (res->ai_family) {
-	    case AF_INET:
-		sin = (struct sockaddr_in *)res->ai_addr;
-		if (sin->sin_addr.s_addr == npent[i].addr.s_addr)
-		    fail++;
-		break;
-	    }
-	}
-	if (fail) {
-	    if (res0 != NULL)
-		freeaddrinfo(res0);
-	    return ap_proxyerror(r, HTTP_FORBIDDEN,
-				 "Connect to remote machine blocked");
-	}
-    }
-
-    /* Check if it is an allowed port */
-    if (conf->allowed_connect_ports->nelts == 0) {
-        /* Default setting if not overridden by AllowCONNECT */
-        switch (port) {
-        case DEFAULT_HTTPS_PORT:
-        case DEFAULT_SNEWS_PORT:
-            break;
-        default:
-	    if (res0 != NULL)
-		freeaddrinfo(res0);
-            return HTTP_FORBIDDEN;
-        }
-    }
-    else if(!allowed_port(conf, port)) {
-	if (res0 != NULL)
-		freeaddrinfo(res0);
-        return HTTP_FORBIDDEN;
-    }
-
-    if (proxyhost) {
-	char pbuf[10];
-
-	if (res0 != NULL)
-		freeaddrinfo(res0);
-	ap_snprintf(pbuf, sizeof(pbuf), "%d", proxyport);
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-	error = getaddrinfo(proxyhost, pbuf, &hints, &res0);
-	if (error)
-		return HTTP_INTERNAL_SERVER_ERROR;  /* XXX */
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-		"CONNECT to remote proxy %s on port %d", proxyhost, proxyport);
-    }
-    else {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "CONNECT to %s on port %d", hoststr, port);
-    }
-
-    sock = i = -1;
-    for (res = res0; res; res = res->ai_next) {
-      sock = ap_psocket(r->pool, res->ai_family, res->ai_socktype, res->ai_protocol);
-      if (sock == -1)
-	continue;
-
-	if (sock >= FD_SETSIZE) {
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_WARNING, NULL,
-			"proxy_connect_handler: filedescriptor (%u) "
-			"larger than FD_SETSIZE (%u) "
-			"found, you probably need to rebuild Apache with a "
-			"larger FD_SETSIZE", sock, FD_SETSIZE);
-		ap_pclosesocket(r->pool, sock);
-		return HTTP_INTERNAL_SERVER_ERROR;
-	}
-
-      i = ap_proxy_doconnect(sock, res->ai_addr, r);
-      if (i == 0)
-	break;
-    }
-    freeaddrinfo(res0);
-    if (i == -1) {
-        ap_pclosesocket(r->pool, sock);
-        return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, ap_pstrcat(r->pool,
-        "Could not connect to remote machine:
    ", strerror(errno), NULL));
-    }
-
-    /*
-     * If we are connecting through a remote proxy, we need to pass the
-     * CONNECT request on to it.
-     */
-    if (proxyport) {
-        /*
-         * FIXME: We should not be calling write() directly, but we currently
-         * have no alternative.  Error checking ignored.  Also, we force a
-         * HTTP/1.0 request to keep things simple.
-         */
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "Sending the CONNECT request to the remote proxy");
-        ap_snprintf(buffer, sizeof(buffer), "CONNECT %s HTTP/1.0" CRLF, r->uri);
-        send(sock, buffer, strlen(buffer), 0);
-        ap_snprintf(buffer, sizeof(buffer),
-                    "Proxy-agent: %s" CRLF CRLF, ap_get_server_version());
-        send(sock, buffer, strlen(buffer), 0);
-    }
-    else {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "Returning 200 OK Status");
-        ap_rvputs(r, "HTTP/1.0 200 Connection established" CRLF, NULL);
-        ap_rvputs(r, "Proxy-agent: ", ap_get_server_version(), CRLF CRLF, NULL);
-        ap_bflush(r->connection->client);
-    }
-
-    while (1) {                 /* Infinite loop until error (one side closes
-                                 * the connection) */
-        FD_ZERO(&fds);
-        FD_SET(sock, &fds);
-        FD_SET(ap_bfileno(r->connection->client, B_WR), &fds);
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "Going to sleep (select)");
-        i = ap_select((ap_bfileno(r->connection->client, B_WR) > sock ?
-                       ap_bfileno(r->connection->client, B_WR) + 1 :
-                       sock + 1), &fds, NULL, NULL, NULL);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                     "Woke from select(), i=%d", i);
-
-        if (i) {
-            if (FD_ISSET(sock, &fds)) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                             "sock was set");
-                if ((nbytes = recv(sock, buffer, HUGE_STRING_LEN, 0)) != 0) {
-                    if (nbytes == -1)
-                        break;
-                    if (send(ap_bfileno(r->connection->client, B_WR), buffer,
-                             nbytes, 0) == EOF)
-                        break;
-                    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO,
-                             r->server, "Wrote %d bytes to client", nbytes);
-                }
-                else
-                    break;
-            }
-            else if (FD_ISSET(ap_bfileno(r->connection->client, B_WR), &fds)) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server,
-                             "client->fd was set");
-                if ((nbytes = recv(ap_bfileno(r->connection->client, B_WR),
-                                   buffer, HUGE_STRING_LEN, 0)) != 0) {
-                    if (nbytes == -1)
-                        break;
-                    if (send(sock, buffer, nbytes, 0) == EOF)
-                        break;
-                    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO,
-                             r->server, "Wrote %d bytes to server", nbytes);
-                }
-                else
-                    break;
-            }
-            else
-                break;          /* Must be done waiting */
-        }
-        else
-            break;
-    }
-
-    ap_pclosesocket(r->pool, sock);
-
-    return OK;
-}
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_ftp.c b/usr.sbin/httpd/src/modules/proxy/proxy_ftp.c
deleted file mode 100644
index f9910b226c5..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_ftp.c
+++ /dev/null
@@ -1,1479 +0,0 @@
-/*	$OpenBSD: proxy_ftp.c,v 1.18 2011/04/06 11:35:33 miod Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* FTP routines for Apache proxy */
-
-#include "mod_proxy.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "http_core.h"
-
-#define AUTODETECT_PWD
-
-/*
- * Decodes a '%' escaped string, and returns the number of characters
- */
-static int decodeenc(char *x)
-{
-    int i, j, ch;
-
-    if (x[0] == '\0')
-        return 0;               /* special case for no characters */
-    for (i = 0, j = 0; x[i] != '\0'; i++, j++) {
-/* decode it if not already done */
-        ch = x[i];
-        if (ch == '%' && ap_isxdigit(x[i + 1]) && ap_isxdigit(x[i + 2])) {
-            ch = ap_proxy_hex2c(&x[i + 1]);
-            i += 2;
-        }
-        x[j] = ch;
-    }
-    x[j] = '\0';
-    return j;
-}
-
-/*
- * checks an encoded ftp string for bad characters, namely, CR, LF or
- * non-ascii character
- */
-static int ftp_check_string(const char *x)
-{
-    int i, ch;
-
-    for (i = 0; x[i] != '\0'; i++) {
-        ch = x[i];
-        if (ch == '%' && ap_isxdigit(x[i + 1]) && ap_isxdigit(x[i + 2])) {
-            ch = ap_proxy_hex2c(&x[i + 1]);
-            i += 2;
-        }
-        if (ch == CR || ch == LF || (OS_ASC(ch) & 0x80))
-            return 0;
-    }
-    return 1;
-}
-
-/*
- * Canonicalise ftp URLs.
- */
-int ap_proxy_ftp_canon(request_rec *r, char *url)
-{
-    char *user, *password, *host, *path, *parms, *strp, sport[7];
-    pool *p = r->pool;
-    const char *err;
-    int port;
-
-    port = DEFAULT_FTP_PORT;
-    err = ap_proxy_canon_netloc(p, &url, &user, &password, &host, &port);
-    if (err)
-        return HTTP_BAD_REQUEST;
-    if (user != NULL && !ftp_check_string(user))
-        return HTTP_BAD_REQUEST;
-    if (password != NULL && !ftp_check_string(password))
-        return HTTP_BAD_REQUEST;
-
-/* now parse path/parameters args, according to rfc1738 */
-/* N.B. if this isn't a true proxy request, then the URL path
- * (but not query args) has already been decoded.
- * This gives rise to the problem of a ; being decoded into the
- * path.
- */
-    strp = strchr(url, ';');
-    if (strp != NULL) {
-        *(strp++) = '\0';
-        parms = ap_proxy_canonenc(p, strp, strlen(strp), enc_parm,
-                                  r->proxyreq);
-        if (parms == NULL)
-            return HTTP_BAD_REQUEST;
-    }
-    else
-        parms = "";
-
-    path = ap_proxy_canonenc(p, url, strlen(url), enc_path, r->proxyreq);
-    if (path == NULL)
-        return HTTP_BAD_REQUEST;
-    if (!ftp_check_string(path))
-        return HTTP_BAD_REQUEST;
-
-    if (r->proxyreq == NOT_PROXY && r->args != NULL) {
-        if (strp != NULL) {
-            strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_parm, STD_PROXY);
-            if (strp == NULL)
-                return HTTP_BAD_REQUEST;
-            parms = ap_pstrcat(p, parms, "?", strp, NULL);
-        }
-        else {
-            strp = ap_proxy_canonenc(p, r->args, strlen(r->args), enc_fpath, STD_PROXY);
-            if (strp == NULL)
-                return HTTP_BAD_REQUEST;
-            path = ap_pstrcat(p, path, "?", strp, NULL);
-        }
-        r->args = NULL;
-    }
-
-/* now, rebuild URL */
-
-    if (port != DEFAULT_FTP_PORT)
-        ap_snprintf(sport, sizeof(sport), ":%d", port);
-    else
-        sport[0] = '\0';
-
-    r->filename = ap_pstrcat(p, "proxy:ftp://", (user != NULL) ? user : "",
-                             (password != NULL) ? ":" : "",
-                             (password != NULL) ? password : "",
-                          (user != NULL) ? "@" : "", host, sport, "/", path,
-                             (parms[0] != '\0') ? ";" : "", parms, NULL);
-
-    return OK;
-}
-
-/*
- * Returns the ftp status code;
- *  or -1 on I/O error, 0 on data error
- */
-static int ftp_getrc(BUFF *ctrl)
-{
-    int len, status;
-    char linebuff[100], buff[5];
-
-    len = ap_bgets(linebuff, sizeof linebuff, ctrl);
-    if (len == -1)
-        return -1;
-/* check format */
-    if (len < 5 || !ap_isdigit(linebuff[0]) || !ap_isdigit(linebuff[1]) ||
-     !ap_isdigit(linebuff[2]) || (linebuff[3] != ' ' && linebuff[3] != '-'))
-        status = 0;
-    else
-        status = 100 * linebuff[0] + 10 * linebuff[1] + linebuff[2] - 111 * '0';
-
-    if (linebuff[len - 1] != '\n') {
-        (void)ap_bskiplf(ctrl);
-    }
-
-/* skip continuation lines */
-    if (linebuff[3] == '-') {
-        memcpy(buff, linebuff, 3);
-        buff[3] = ' ';
-        do {
-            len = ap_bgets(linebuff, sizeof linebuff, ctrl);
-            if (len == -1)
-                return -1;
-            if (linebuff[len - 1] != '\n') {
-                (void)ap_bskiplf(ctrl);
-            }
-        } while (memcmp(linebuff, buff, 4) != 0);
-    }
-
-    return status;
-}
-
-/*
- * Like ftp_getrc but returns both the ftp status code and
- * remembers the response message in the supplied buffer
- */
-static int ftp_getrc_msg(BUFF *ctrl, char *msgbuf, int msglen)
-{
-    int len, status;
-    char linebuff[100], buff[5];
-    char *mb = msgbuf, *me = &msgbuf[msglen];
-
-    len = ap_bgets(linebuff, sizeof linebuff, ctrl);
-    if (len == -1)
-        return -1;
-    if (len < 5 || !ap_isdigit(linebuff[0]) || !ap_isdigit(linebuff[1]) ||
-     !ap_isdigit(linebuff[2]) || (linebuff[3] != ' ' && linebuff[3] != '-'))
-        status = 0;
-    else
-        status = 100 * linebuff[0] + 10 * linebuff[1] + linebuff[2] - 111 * '0';
-
-    mb = ap_cpystrn(mb, linebuff + 4, me - mb);
-
-    if (linebuff[len - 1] != '\n')
-        (void)ap_bskiplf(ctrl);
-
-    if (linebuff[3] == '-') {
-        memcpy(buff, linebuff, 3);
-        buff[3] = ' ';
-        do {
-            len = ap_bgets(linebuff, sizeof linebuff, ctrl);
-            if (len == -1)
-                return -1;
-            if (linebuff[len - 1] != '\n') {
-                (void)ap_bskiplf(ctrl);
-            }
-            mb = ap_cpystrn(mb, linebuff + 4, me - mb);
-        } while (memcmp(linebuff, buff, 4) != 0);
-    }
-    return status;
-}
-
-static long int send_dir(BUFF *data, request_rec *r, cache_req *c, char *cwd)
-{
-    char *buf, *buf2;
-    size_t buf_size;
-    char *filename;
-    int searchidx = 0;
-    char *searchptr = NULL;
-    int firstfile = 1;
-    unsigned long total_bytes_sent = 0;
-    int n;
-    conn_rec *con = r->connection;
-    pool *p = r->pool;
-    char *dir, *path, *reldir, *site, *type = NULL;
-    char *basedir = "";         /* By default, path is relative to the $HOME
-                                 * dir */
-
-    /* create default sized buffers for the stuff below */
-    buf_size = IOBUFSIZE;
-    buf = ap_palloc(r->pool, buf_size);
-    buf2 = ap_palloc(r->pool, buf_size);
-
-    /* Save "scheme://site" prefix without password */
-    site = ap_unparse_uri_components(p, &r->parsed_uri, UNP_OMITPASSWORD | UNP_OMITPATHINFO);
-    /* ... and path without query args */
-    path = ap_unparse_uri_components(p, &r->parsed_uri, UNP_OMITSITEPART | UNP_OMITQUERY);
-
-    /* If path began with /%2f, change the basedir */
-    if (strncasecmp(path, "/%2f", 4) == 0) {
-        basedir = "/%2f";
-    }
-
-    /* Strip off a type qualifier. It is ignored for dir listings */
-    if ((type = strstr(path, ";type=")) != NULL)
-        *type++ = '\0';
-
-    (void)decodeenc(path);
-
-    while (path[1] == '/')      /* collapse multiple leading slashes to one */
-        ++path;
-
-    /* Copy path, strip (all except the last) trailing slashes */
-    /* (the trailing slash is needed for the dir component loop below) */
-    path = dir = ap_pstrcat(r->pool, path, "/", NULL);
-    for (n = strlen(path); n > 1 && path[n - 1] == '/' && path[n - 2] == '/'; --n)
-        path[n - 1] = '\0';
-
-    /* print "ftp://host/" */
-    n = ap_snprintf(buf, buf_size, DOCTYPE_HTML_3_2
-                    "%s%s%s\n"
-                    "\n"
-                    "
    Directory of "
-                    "%s/",
-                    site, basedir, ap_escape_html(p, path),
-                    site, basedir, ap_escape_uri(p, path),
-                    site);
-    total_bytes_sent += ap_proxy_bputs2(buf, con->client, c);
-
-    /* Add a link to the root directory (if %2f hack was used) */
-    if (basedir[0] != '\0') {
-        total_bytes_sent += ap_proxy_bputs2("%2f/", con->client, c);
-    }
-
-    for (dir = path + 1; (dir = strchr(dir, '/')) != NULL;) {
-        *dir = '\0';
-        if ((reldir = strrchr(path + 1, '/')) == NULL) {
-            reldir = path + 1;
-        }
-        else
-            ++reldir;
-        /* print "path/" component */
-        ap_snprintf(buf, buf_size, "%s/",
-                    basedir,
-                    ap_escape_uri(p, path),
-                    ap_escape_html(p, reldir));
-        total_bytes_sent += ap_proxy_bputs2(buf, con->client, c);
-        *dir = '/';
-        while (*dir == '/')
-            ++dir;
-    }
-
-    /* If the caller has determined the current directory, and it differs */
-    /* from what the client requested, then show the real name */
-    if (cwd == NULL || strncmp(cwd, path, strlen(cwd)) == 0) {
-        ap_snprintf(buf, buf_size, "
    \n
    ");
-    }
-    else {
-        ap_snprintf(buf, buf_size, "\n(%s)\n
    ",
-                    ap_escape_html(p, cwd));
-    }
-    total_bytes_sent += ap_proxy_bputs2(buf, con->client, c);
-
-    while (!con->aborted) {
-        n = ap_bgets(buf, buf_size, data);
-        if (n == -1) {          /* input error */
-            if (c != NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                              "proxy: error reading from %s", c->url);
-                c = ap_proxy_cache_error(c);
-            }
-            break;
-        }
-        if (n == 0)
-            break;              /* EOF */
-
-        if (buf[n - 1] == '\n') /* strip trailing '\n' */
-            buf[--n] = '\0';
-        if (buf[n - 1] == '\r') /* strip trailing '\r' if present */
-            buf[--n] = '\0';
-
-        /* Handle unix-style symbolic link */
-        if (buf[0] == 'l' && (filename = strstr(buf, " -> ")) != NULL) {
-            char *link_ptr = filename;
-
-            do {
-                filename--;
-            } while (filename[0] != ' ' && filename > buf);
-            if (filename != buf)
-                *(filename++) = '\0';
-            *(link_ptr++) = '\0';
-            ap_snprintf(buf2, buf_size, "%s %s %s\n",
-                        ap_escape_html(p, buf),
-                        ap_escape_uri(p, filename),
-                        ap_escape_html(p, filename),
-                        ap_escape_html(p, link_ptr));
-            ap_cpystrn(buf, buf2, buf_size);
-            n = strlen(buf);
-        }
-        /* Handle unix style or DOS style directory  */
-        else if (buf[0] == 'd' || buf[0] == '-' || buf[0] == 'l' || ap_isdigit(buf[0])) {
-            if (ap_isdigit(buf[0])) {   /* handle DOS dir */
-                searchptr = strchr(buf, '<');
-                if (searchptr != NULL)
-                    *searchptr = '[';
-                searchptr = strchr(buf, '>');
-                if (searchptr != NULL)
-                    *searchptr = ']';
-            }
-
-            filename = strrchr(buf, ' ');
-            *(filename++) = 0;
-
-            /* handle filenames with spaces in 'em */
-            if (!strcmp(filename, ".") || !strcmp(filename, "..") || firstfile) {
-                firstfile = 0;
-                searchidx = filename - buf;
-            }
-            else if (searchidx != 0 && buf[searchidx] != 0) {
-                *(--filename) = ' ';
-                buf[searchidx - 1] = 0;
-                filename = &buf[searchidx];
-            }
-
-            /* Special handling for '.' and '..': append slash to link */
-            if (!strcmp(filename, ".") || !strcmp(filename, "..") || buf[0] == 'd') {
-                ap_snprintf(buf2, buf_size, "%s %s\n",
-                         ap_escape_html(p, buf), ap_escape_uri(p, filename),
-                            ap_escape_html(p, filename));
-            }
-            else {
-                ap_snprintf(buf2, buf_size, "%s %s\n",
-                            ap_escape_html(p, buf),
-                            ap_escape_uri(p, filename),
-                            ap_escape_html(p, filename));
-            }
-            ap_cpystrn(buf, buf2, buf_size);
-            n = strlen(buf);
-        }
-        /* else??? What about other OS's output formats? */
-        else {
-            strlcat(buf, "\n", buf_size);  /* re-append the newline char */
-            ap_cpystrn(buf, ap_escape_html(p, buf), buf_size);
-        }
-
-        total_bytes_sent += ap_proxy_bputs2(buf, con->client, c);
-
-        ap_reset_timeout(r);    /* reset timeout after successfule write */
-    }
-
-    total_bytes_sent += ap_proxy_bputs2("
    \n", con->client, c);
-    total_bytes_sent += ap_proxy_bputs2(ap_psignature("", r), con->client, c);
-    total_bytes_sent += ap_proxy_bputs2("\n", con->client, c);
-
-    ap_bclose(data);
-
-    ap_bflush(con->client);
-
-    return total_bytes_sent;
-}
-
-/* Common routine for failed authorization (i.e., missing or wrong password)
- * to an ftp service. This causes most browsers to retry the request
- * with username and password (which was presumably queried from the user)
- * supplied in the Authorization: header.
- * Note that we "invent" a realm name which consists of the
- * ftp://user@host part of the reqest (sans password -if supplied but invalid-)
- */
-static int ftp_unauthorized(request_rec *r, int log_it)
-{
-    r->proxyreq = NOT_PROXY;
-    /*
-     * Log failed requests if they supplied a password (log username/password
-     * guessing attempts)
-     */
-    if (log_it)
-        ap_log_rerror(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, r,
-                      "proxy: missing or failed auth to %s",
-                      ap_unparse_uri_components(r->pool,
-                                         &r->parsed_uri, UNP_OMITPATHINFO));
-
-    ap_table_setn(r->err_headers_out, "WWW-Authenticate",
-                  ap_pstrcat(r->pool, "Basic realm=\"",
-                          ap_unparse_uri_components(r->pool, &r->parsed_uri,
-                                       UNP_OMITPASSWORD | UNP_OMITPATHINFO),
-                             "\"", NULL));
-
-    return HTTP_UNAUTHORIZED;
-}
-
-/* Set ftp server to TYPE {A,I,E} before transfer of a directory or file */
-static int ftp_set_TYPE(request_rec *r, BUFF *ctrl, char xfer_type)
-{
-    static char old_type[2] = {'A', '\0'};      /* After logon, mode is ASCII */
-    int ret = HTTP_OK;
-    int rc;
-
-    if (xfer_type == old_type[0])
-        return ret;
-
-    /* set desired type */
-    old_type[0] = xfer_type;
-    ap_bvputs(ctrl, "TYPE ", old_type, CRLF, NULL);
-    ap_bflush(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: TYPE %s", old_type);
-
-/* responses: 200, 421, 500, 501, 504, 530 */
-    /* 200 Command okay. */
-    /* 421 Service not available, closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 504 Command not implemented for that parameter. */
-    /* 530 Not logged in. */
-    rc = ftp_getrc(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", rc);
-    if (rc == -1 || rc == 421) {
-        ap_kill_timeout(r);
-        ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                            "Error reading from remote server");
-    }
-    else if (rc != 200 && rc != 504) {
-        ap_kill_timeout(r);
-        ret = ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                            "Unable to set transfer type");
-    }
-/* Allow not implemented */
-    else if (rc == 504)
-         /* ignore it silently */ ;
-
-    return ret;
-}
-
-/* Common cleanup routine: close open BUFFers or sockets, and return an error */
-static int ftp_cleanup_and_return(request_rec *r, BUFF *ctrl, BUFF *data, int csock, int dsock, int rc)
-{
-    if (ctrl != NULL)
-        ap_bclose(ctrl);
-    else if (csock != -1)
-        ap_pclosesocket(r->pool, csock);
-
-    if (data != NULL)
-        ap_bclose(data);
-    else if (dsock != -1)
-        ap_pclosesocket(r->pool, dsock);
-
-    ap_kill_timeout(r);
-
-    return rc;
-}
-
-/*
- * Handles direct access of ftp:// URLs
- * Original (Non-PASV) version from
- * Troy Morrison 
- * PASV added by Chuck
- */
-int ap_proxy_ftp_handler(request_rec *r, cache_req *c, char *url)
-{
-    char *desthost, *path, *strp, *parms;
-    char *strp2;
-    char *cwd = NULL;
-    char *user = NULL;
-/*    char *account = NULL; how to supply an account in a URL? */
-    const char *password = NULL;
-    const char *err;
-    int destport, i, j, len, rc, nocache = 0;
-    int csd = 0, sock = -1, dsock = -1;
-    struct sockaddr_storage server;
-    struct addrinfo hints, *res, *res0;
-    char portbuf[10];
-    int error;
-    struct in_addr destaddr;
-    table *resp_hdrs;
-    BUFF *ctrl = NULL;
-    BUFF *data = NULL;
-    pool *p = r->pool;
-    char *destportstr = NULL;
-    const char *urlptr = NULL;
-    int one = 1;
-    NET_SIZE_T clen;
-    char xfer_type = 'A';       /* after ftp login, the default is ASCII */
-    int get_dirlisting = 0;
-
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
-    struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
-
-/* stuff for PASV mode */
-    unsigned int presult, h0, h1, h2, h3, p0, p1;
-    unsigned int paddr;
-    unsigned short pport;
-    struct sockaddr_storage data_addr;
-    struct sockaddr_in *sin;
-    int pasvmode = 0;
-    char pasv[64];
-    char *pstr, *host;
-    int port;
-
-/* stuff for LPSV/EPSV */
-    unsigned int paf, holen, ho[16], polen, po[2];
-    struct sockaddr_in6 *sin6;
-    int lpsvmode = 0;
-    char *cmd;
-
-/* stuff for responses */
-    char resp[MAX_STRING_LEN];
-    char *size = NULL;
-
-/* we only support GET and HEAD */
-
-    if (r->method_number != M_GET)
-        return HTTP_NOT_IMPLEMENTED;
-
-/* We break the URL into host, port, path-search */
-
-    host = r->parsed_uri.hostname;
-    port = (r->parsed_uri.port != 0)
-        ? r->parsed_uri.port
-        : ap_default_port_for_request(r);
-    path = ap_pstrdup(p, r->parsed_uri.path);
-    if (path == NULL)
-        path = "";
-    else
-        while (*path == '/')
-            ++path;
-
-    urlptr = strstr(url, "://");
-    if (urlptr == NULL)
-        return HTTP_BAD_REQUEST;
-    urlptr += 3;
-    destport = 21;
-    strp = strchr(urlptr, '/');
-    if (strp == NULL) {
-        desthost = ap_pstrdup(p, urlptr);
-        urlptr = "/";
-    }
-    else {
-        char *q = ap_palloc(p, strp - urlptr + 1);
-        memcpy(q, urlptr, strp - urlptr);
-        q[strp - urlptr] = '\0';
-        urlptr = strp;
-        desthost = q;
-    }
-
-    strp2 = strchr(desthost, ':');
-    if (strp2 != NULL) {
-        *(strp2++) = '\0';
-        if (ap_isdigit(*strp2)) {
-            destport = atoi(strp2);
-            destportstr = strp2;
-        }
-    }
-    path = strchr(urlptr, '/')+1;
-    
-    /*
-     * The "Authorization:" header must be checked first. We allow the user
-     * to "override" the URL-coded user [ & password ] in the Browsers'
-     * User&Password Dialog. NOTE that this is only marginally more secure
-     * than having the password travel in plain as part of the URL, because
-     * Basic Auth simply uuencodes the plain text password. But chances are
-     * still smaller that the URL is logged regularly.
-     */
-    if ((password = ap_table_get(r->headers_in, "Authorization")) != NULL
-        && strcasecmp(ap_getword(r->pool, &password, ' '), "Basic") == 0
-        && (password = ap_pbase64decode(r->pool, password))[0] != ':') {
-        /*
-         * Note that this allocation has to be made from r->connection->pool
-         * because it has the lifetime of the connection.  The other
-         * allocations are temporary and can be tossed away any time.
-         */
-        user = ap_getword_nulls(r->connection->pool, &password, ':');
-        r->connection->ap_auth_type = "Basic";
-        r->connection->user = r->parsed_uri.user = user;
-        nocache = 1;            /* This resource only accessible with
-                                 * username/password */
-    }
-    else if ((user = r->parsed_uri.user) != NULL) {
-        user = ap_pstrdup(p, user);
-        decodeenc(user);
-        if ((password = r->parsed_uri.password) != NULL) {
-            char *tmp = ap_pstrdup(p, password);
-            decodeenc(tmp);
-            password = tmp;
-        }
-        nocache = 1;            /* This resource only accessible with
-                                 * username/password */
-    }
-    else {
-        user = "anonymous";
-        password = "apache_proxy@";
-    }
-
-    /* check if ProxyBlock directive on this host */
-    destaddr.s_addr = ap_inet_addr(desthost);
-    for (i = 0; i < conf->noproxies->nelts; i++) {
-        if (destaddr.s_addr == npent[i].addr.s_addr ||
-            (npent[i].name != NULL &&
-          (npent[i].name[0] == '*' || strstr(desthost, npent[i].name) != NULL)))
-            return ap_proxyerror(r, HTTP_FORBIDDEN,
-                                 "Connect to remote machine blocked");
-    }
-
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: connect to %s:%d", desthost, destport);
-
-    parms = strchr(url, ';');
-    if (parms != NULL)
-        *(parms++) = '\0';
-
-    ap_snprintf(portbuf, sizeof(portbuf), "%d", port);
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    error = getaddrinfo(host, portbuf, &hints, &res0);
-    if (error) {
-        return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-           gai_strerror(error));
-    }
-
-    i = -1;
-    for (res = res0; res; res = res->ai_next) {
-      dsock = ap_psocket(p, server.ss_family, SOCK_STREAM, res->ai_protocol);
-       if (sock == -1)
-           continue;
-
-    if (conf->recv_buffer_size > 0
-        && setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-                      (const char *)&conf->recv_buffer_size, sizeof(int))
-        == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                      "setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
-    }
-
-    if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
-                   sizeof(one)) == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-         "proxy: error setting reuseaddr option: setsockopt(SO_REUSEADDR)");
-        ap_pclosesocket(p, sock);
-            freeaddrinfo(res0);
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-        i = ap_proxy_doconnect(sock, res->ai_addr, r);
-        if (i == 0){
-            memcpy(&server, res->ai_addr, res->ai_addrlen);
-            break;
-        }
-        ap_pclosesocket(p, sock);
-    }
-    freeaddrinfo(res0);
-    if (i == -1) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                      ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
-                                    "Could not connect to remote machine: ",
-                                                   strerror(errno), NULL)));
-    }
-
-    /* record request_time for HTTP/1.1 age calculation */
-    c->req_time = time(NULL);
-
-    ctrl = ap_bcreate(p, B_RDWR | B_SOCKET);
-    ap_bpushfd(ctrl, sock, sock);
-/* shouldn't we implement telnet control options here? */
-
-
-    /* possible results: */
-    /* 120 Service ready in nnn minutes. */
-    /* 220 Service ready for new user. */
-    /* 421 Service not available, closing control connection. */
-    ap_hard_timeout("proxy ftp", r);
-    i = ftp_getrc_msg(ctrl, resp, sizeof resp);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-    if (i == -1 || i == 421) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    }
-    if (i != 220) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                  ap_proxyerror(r, HTTP_BAD_GATEWAY, resp));
-    }
-
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: connected.");
-
-    ap_bvputs(ctrl, "USER ", user, CRLF, NULL);
-    ap_bflush(ctrl);            /* capture any errors */
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: USER %s", user);
-
-    /* possible results; 230, 331, 332, 421, 500, 501, 530 */
-    /* states: 1 - error, 2 - success; 3 - send password, 4,5 fail */
-    /* 230 User logged in, proceed. */
-    /* 331 User name okay, need password. */
-    /* 332 Need account for login. */
-    /* 421 Service not available, closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    /* (This may include errors such as command line too long.) */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 530 Not logged in. */
-    i = ftp_getrc(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-    if (i == -1 || i == 421) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    }
-    if (i == 530) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ftp_unauthorized(r, 1));
-    }
-    if (i != 230 && i != 331) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      HTTP_BAD_GATEWAY);
-    }
-
-    if (i == 331) {             /* send password */
-        if (password == NULL) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ftp_unauthorized(r, 0));
-        }
-        ap_bvputs(ctrl, "PASS ", password, CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PASS %s", password);
-        /* possible results 202, 230, 332, 421, 500, 501, 503, 530 */
-        /* 230 User logged in, proceed. */
-        /* 332 Need account for login. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 503 Bad sequence of commands. */
-        /* 530 Not logged in. */
-        i = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-        if (i == -1 || i == 421) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        }
-        if (i == 332) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_UNAUTHORIZED,
-                                                 "Need account for login"));
-        }
-        /* @@@ questionable -- we might as well return a 403 Forbidden here */
-        if (i == 530)           /* log it: passwd guessing attempt? */
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ftp_unauthorized(r, 1));
-        if (i != 230 && i != 202)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-    }
-
-    /*
-     * Special handling for leading "%2f": this enforces a "cwd /" out of the
-     * $HOME directory which was the starting point after login
-     */
-    if (strncasecmp(path, "%2f", 3) == 0) {
-        path += 3;
-        while (*path == '/')    /* skip leading '/' (after root %2f) */
-            ++path;
-        ap_bputs("CWD /" CRLF, ctrl);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: CWD /");
-
-        /* possible results: 250, 421, 500, 501, 502, 530, 550 */
-        /* 250 Requested file action okay, completed. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        /* 530 Not logged in. */
-        /* 550 Requested action not taken. */
-        i = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-        if (i == -1 || i == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        else if (i == 550)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_NOT_FOUND);
-        else if (i != 250)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-    }
-
-/* set the directory (walk directory component by component):
- * this is what we must do if we don't know the OS type of the remote
- * machine
- */
-    for (; (strp = strchr(path, '/')) != NULL; path = strp + 1) {
-        char *slash = strp;
-
-        *slash = '\0';
-
-        /* Skip multiple '/' (or trailing '/') to avoid 500 errors */
-        while (strp[1] == '/')
-            ++strp;
-        if (strp[1] == '\0')
-            break;
-
-        len = decodeenc(path);  /* Note! This decodes a %2f -> "/" */
-        if (strchr(path, '/'))  /* were there any '/' characters? */
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_REQUEST,
-                       "Use of %2F is only allowed at the base directory"));
-
-        ap_bvputs(ctrl, "CWD ", path, CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: CWD %s", path);
-        *slash = '/';
-
-/* responses: 250, 421, 500, 501, 502, 530, 550 */
-        /* 250 Requested file action okay, completed. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        /* 530 Not logged in. */
-        /* 550 Requested action not taken. */
-        i = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-        if (i == -1 || i == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        if (i == 550)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_NOT_FOUND);
-        if (i == 500 || i == 501)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_REQUEST,
-                      "Syntax error in filename (reported by ftp server)"));
-        if (i != 250)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-    }
-
-    if (parms != NULL && strncmp(parms, "type=", 5) == 0
-        && ap_isalpha(parms[5])) {
-        /*
-         * "type=d" forces a dir listing. The other types (i|a|e) are
-         * directly used for the ftp TYPE command
-         */
-        if (!(get_dirlisting = (parms[5] == 'd')))
-            xfer_type = ap_toupper(parms[5]);
-
-        /* Check valid types, rather than ignoring invalid types silently: */
-        if (strchr("AEI", xfer_type) == NULL)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                      ap_proxyerror(r, HTTP_BAD_REQUEST, ap_pstrcat(r->pool,
-                       "ftp proxy supports only types 'a', 'i', or 'e': \"",
-                                           parms, "\" is invalid.", NULL)));
-    }
-    else {
-        /* make binary transfers the default */
-        xfer_type = 'I';
-    }
-
-/* try to set up PASV data connection first */
-    dsock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
-    if (dsock == -1) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                                      "proxy: error creating PASV socket"));
-    }
-
-    if (conf->recv_buffer_size) {
-        if (setsockopt(dsock, SOL_SOCKET, SO_RCVBUF,
-                (const char *)&conf->recv_buffer_size, sizeof(int)) == -1) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
-        }
-    }
-
-lpsvagain:
-    if (server.ss_family == AF_INET)
-      cmd = "PASV";
-    else if (lpsvmode)
-      cmd = "LPSV";
-    else
-      cmd = "EPSV";
-    ap_bputs(cmd, ctrl);
-    ap_bputs(CRLF, ctrl);
-    ap_bflush(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: passive command issued");
-/* possible results: 227, 421, 500, 501, 502, 530 */
-    /* 227 Entering Passive Mode (h1,h2,h3,h4,p1,p2). */
-    /* 228 Entering Long Passive Mode (...). */
-    /* 229 Entering Extended Passive Mode (...). */
-    /* 421 Service not available, closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 502 Command not implemented. */
-    /* 530 Not logged in. */
-
-    i = ap_bgets(pasv, sizeof(pasv), ctrl);
-    if (i == -1 || i == 421) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                               "proxy: passive: control connection is toast"));
-    }
-    else {
-        pasv[i - 1] = '\0';
-        pstr = strtok(pasv, " ");       /* separate result code */
-        if (pstr != NULL) {
-            presult = atoi(pstr);
-            if (*(pstr + strlen(pstr) + 1) == '=')
-                pstr += strlen(pstr) + 2;
-            else {
-                pstr = strtok(NULL, "(");       /* separate address & port
-                                                 * params */
-                if (pstr != NULL)
-                    pstr = strtok(NULL, ")");
-            }
-        }
-        else
-            presult = atoi(pasv);
-
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", presult);
-
-        if (presult == 227 && pstr != NULL && (sscanf(pstr,
-                 "%d,%d,%d,%d,%d,%d", &h3, &h2, &h1, &h0, &p1, &p0) == 6)) {
-            /* pardon the parens, but it makes gcc happy */
-            paddr = (((((h3 << 8) + h2) << 8) + h1) << 8) + h0;
-            pport = (p1 << 8) + p0;
-            ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: contacting host %d.%d.%d.%d:%d",
-                         h3, h2, h1, h0, pport);
-            sin = (struct sockaddr_in *)&data_addr;
-            sin->sin_family = AF_INET;
-            sin->sin_len = sizeof(*sin);
-            sin->sin_addr.s_addr = htonl(paddr);
-            sin->sin_port = htons(pport);
-            i = ap_proxy_doconnect(dsock, (struct sockaddr *)&data_addr, r);
-
-            if (i == -1) {
-                return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                                        ap_pstrcat(r->pool,
-                                    "Could not connect to remote machine: ",
-                                                   strerror(errno), NULL)));
-            }
-            pasvmode = 1;
-	} else if (presult == 228 && pstr != NULL
-		&& sscanf(pstr,
-"%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u",
-		    &paf, &holen, &ho[0], &ho[1], &ho[2], &ho[3],
-		    &ho[4], &ho[5], &ho[6], &ho[7], &ho[8], &ho[9], &ho[10], &ho[11],
-		    &ho[12], &ho[13], &ho[14], &ho[15], &polen, &po[0], &po[1]) == 21
-		&& paf == 6 && holen == 16 && polen == 2) {
-	    int i;
-	    sin6 = (struct sockaddr_in6 *)&data_addr;
-	    sin6->sin6_family = AF_INET6;
-	    sin6->sin6_len = sizeof(*sin6);
-	    for (i = 0; i < 16; i++)
-		sin6->sin6_addr.s6_addr[i] = ho[i] & 0xff;
-	    sin6->sin6_port = htons(((po[0] & 0xff) << 8) | (po[1] & 0xff));
-	    i = ap_proxy_doconnect(dsock, (struct sockaddr *)&data_addr, r);
-
-	    if (i == -1) {
-		ap_kill_timeout(r);
-		return ap_proxyerror(r, HTTP_BAD_GATEWAY,
-				     ap_pstrcat(r->pool,
-						"Could not connect to remote machine: ",
-						strerror(errno), NULL));
-	    }
- 	    pasvmode = 1;
-	} else if (presult == 229 && pstr != NULL
-		&& pstr[0] == pstr[1] && pstr[0] == pstr[2]
-		&& pstr[0] == pstr[strlen(pstr) - 1]) {
-	    /* expect "|||port|" */
-	    memcpy(&data_addr, &server, server.ss_len);
-	    switch (data_addr.ss_family) {
-	    case AF_INET:
-		sin = (struct sockaddr_in *)&data_addr;
-		sin->sin_port = htons(atoi(pstr + 3));
-		break;
-	    case AF_INET6:
-		sin6 = (struct sockaddr_in6 *)&data_addr;
-		sin6->sin6_port = htons(atoi(pstr + 3));
-		break;
-	    }
-	    i = ap_proxy_doconnect(dsock, (struct sockaddr *)&data_addr, r);
-
-	    if (i == -1) {
-		ap_kill_timeout(r);
-		return ap_proxyerror(r, HTTP_BAD_GATEWAY,
-				     ap_pstrcat(r->pool,
-						"Could not connect to remote machine: ",
-						strerror(errno), NULL));
-	    }
-	    pasvmode = 1;
-	} else if (!lpsvmode && strcmp(cmd, "EPSV") == 0) {
-	    lpsvmode = 1;
-	    goto lpsvagain;
-        }
-        else {
-            ap_pclosesocket(p, dsock);  /* and try the regular way */
-            dsock = -1;
-        }
-    }
-
-    if (!pasvmode) {            /* set up data connection */
-	clen = sizeof(server);
-        if (getsockname(sock, (struct sockaddr *)&server, &clen) < 0) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                                    "proxy: error getting socket address"));
-        }
-
-        dsock = ap_psocket_ex(p, server.ss_family, SOCK_STREAM, IPPROTO_TCP, 1);
-        if (dsock == -1) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                                           "proxy: error creating socket"));
-        }
-
-        if (setsockopt(dsock, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
-                       sizeof(one)) == -1) {
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                                  "proxy: error setting reuseaddr option"));
-        }
-
-	if (bind(dsock, (struct sockaddr *) &server, server.ss_len) == -1)
-	{
-	    char hostnamebuf[MAXHOSTNAMELEN], portnamebuf[MAXHOSTNAMELEN];
-
-	    getnameinfo((struct sockaddr *)&server,
-		    server.ss_len,
-		hostnamebuf, sizeof(hostnamebuf),
-		portnamebuf, sizeof(portnamebuf),
-		NI_NUMERICHOST | NI_NUMERICSERV);
-
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, 
-             ap_psprintf(p, "proxy: error binding to ftp data socket %s:%s",
-                         hostnamebuf, portnamebuf)));
-        }
-        listen(dsock, 2);       /* only need a short queue */
-    }
-
-/* set request; "path" holds last path component */
-    len = decodeenc(path);
-    if (strchr(path, '/'))      /* were there any '/' characters? */
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_REQUEST,
-                       "Use of %2F is only allowed at the base directory"));
-
-    /* TM - if len == 0 then it must be a directory (you can't RETR nothing) */
-
-    if (len == 0) {
-        get_dirlisting = 1;
-    }
-    else {
-        ap_bvputs(ctrl, "SIZE ", path, CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: SIZE %s", path);
-        i = ftp_getrc_msg(ctrl, resp, sizeof resp);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d with response %s", i, resp);
-        if (i != 500) {         /* Size command not recognized */
-            if (i == 550) {     /* Not a regular file */
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: SIZE shows this is a directory");
-                get_dirlisting = 1;
-                ap_bvputs(ctrl, "CWD ", path, CRLF, NULL);
-                ap_bflush(ctrl);
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: CWD %s", path);
-
-                /* possible results: 250, 421, 500, 501, 502, 530, 550 */
-                /* 250 Requested file action okay, completed. */
-                /* 421 Service not available, closing control connection. */
-                /* 500 Syntax error, command unrecognized. */
-                /* 501 Syntax error in parameters or arguments. */
-                /* 502 Command not implemented. */
-                /* 530 Not logged in. */
-                /* 550 Requested action not taken. */
-                i = ftp_getrc(ctrl);
-                ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-                if (i == -1 || i == 421)
-                    return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-                if (i == 550)
-                    return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                                  HTTP_NOT_FOUND);
-                if (i != 250)
-                    return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                                  HTTP_BAD_GATEWAY);
-                path = "";
-                len = 0;
-            }
-            else if (i == 213) {/* Size command ok */
-                for (j = 0; j < sizeof(resp)-1 && ap_isdigit(resp[j]); j++);
-                resp[j] = '\0';
-                if (resp[0] != '\0')
-                    size = ap_pstrdup(p, resp);
-            }
-        }
-    }
-
-#ifdef AUTODETECT_PWD
-    ap_bvputs(ctrl, "PWD", CRLF, NULL);
-    ap_bflush(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PWD");
-/* responses: 257, 500, 501, 502, 421, 550 */
-    /* 257 ""  */
-    /* 421 Service not available, closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 502 Command not implemented. */
-    /* 550 Requested action not taken. */
-    i = ftp_getrc_msg(ctrl, resp, sizeof resp);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PWD returned status %d", i);
-    if (i == -1 || i == 421)
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    if (i == 550)
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      HTTP_NOT_FOUND);
-    if (i == 257) {
-        const char *dirp = resp;
-        cwd = ap_getword_conf(r->pool, &dirp);
-    }
-#endif                          /* AUTODETECT_PWD */
-
-    if (get_dirlisting) {
-        if (len != 0)
-            ap_bvputs(ctrl, "LIST ", path, CRLF, NULL);
-        else
-            ap_bputs("LIST -lag" CRLF, ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: LIST %s", (len == 0 ? "" : path));
-    }
-    else {
-        ftp_set_TYPE(r, ctrl, xfer_type);
-        ap_bvputs(ctrl, "RETR ", path, CRLF, NULL);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: RETR %s", path);
-    }
-    ap_bflush(ctrl);
-/* RETR: 110, 125, 150, 226, 250, 421, 425, 426, 450, 451, 500, 501, 530, 550
-   NLST: 125, 150, 226, 250, 421, 425, 426, 450, 451, 500, 501, 502, 530 */
-    /* 110 Restart marker reply. */
-    /* 125 Data connection already open; transfer starting. */
-    /* 150 File status okay; about to open data connection. */
-    /* 226 Closing data connection. */
-    /* 250 Requested file action okay, completed. */
-    /* 421 Service not available, closing control connection. */
-    /* 425 Can't open data connection. */
-    /* 426 Connection closed; transfer aborted. */
-    /* 450 Requested file action not taken. */
-    /* 451 Requested action aborted. Local error in processing. */
-    /* 500 Syntax error, command unrecognized. */
-    /* 501 Syntax error in parameters or arguments. */
-    /* 530 Not logged in. */
-    /* 550 Requested action not taken. */
-    rc = ftp_getrc(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", rc);
-    if (rc == -1 || rc == 421)
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    if (rc == 550) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: RETR failed, trying LIST instead");
-        get_dirlisting = 1;
-        ftp_set_TYPE(r, ctrl, 'A');     /* directories must be transferred in
-                                         * ASCII */
-
-        ap_bvputs(ctrl, "CWD ", path, CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: CWD %s", path);
-        /* possible results: 250, 421, 500, 501, 502, 530, 550 */
-        /* 250 Requested file action okay, completed. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        /* 530 Not logged in. */
-        /* 550 Requested action not taken. */
-        rc = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", rc);
-        if (rc == -1 || rc == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        if (rc == 550)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_NOT_FOUND);
-        if (rc != 250)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-
-#ifdef AUTODETECT_PWD
-        ap_bvputs(ctrl, "PWD", CRLF, NULL);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PWD");
-/* responses: 257, 500, 501, 502, 421, 550 */
-        /* 257 ""  */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        /* 550 Requested action not taken. */
-        i = ftp_getrc_msg(ctrl, resp, sizeof resp);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: PWD returned status %d", i);
-        if (i == -1 || i == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-        if (i == 550)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_NOT_FOUND);
-        if (i == 257) {
-            const char *dirp = resp;
-            cwd = ap_getword_conf(r->pool, &dirp);
-        }
-#endif                          /* AUTODETECT_PWD */
-
-        ap_bputs("LIST -lag" CRLF, ctrl);
-        ap_bflush(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: LIST -lag");
-        rc = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", rc);
-        if (rc == -1 || rc == 421)
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                                       "Error reading from remote server"));
-    }
-    ap_kill_timeout(r);
-    if (rc != 125 && rc != 150 && rc != 226 && rc != 250)
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                      HTTP_BAD_GATEWAY);
-
-    r->status = HTTP_OK;
-    r->status_line = "200 OK";
-
-    resp_hdrs = ap_make_table(p, 2);
-    c->hdrs = resp_hdrs;
-
-    ap_table_setn(resp_hdrs, "Date", ap_gm_timestr_822(r->pool, r->request_time));
-    ap_table_setn(resp_hdrs, "Server", ap_get_server_version());
-
-    if (get_dirlisting) {
-        ap_table_setn(resp_hdrs, "Content-Type", "text/html");
-    }
-    else {
-        if (r->content_type != NULL) {
-            ap_table_setn(resp_hdrs, "Content-Type", r->content_type);
-            ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: Content-Type set to %s", r->content_type);
-        }
-        else {
-            ap_table_setn(resp_hdrs, "Content-Type", ap_default_type(r));
-        }
-        if (xfer_type != 'A' && size != NULL) {
-            /* We "trust" the ftp server to really serve (size) bytes... */
-            ap_table_set(resp_hdrs, "Content-Length", size);
-            ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: Content-Length set to %s", size);
-        }
-    }
-    if (r->content_encoding != NULL && r->content_encoding[0] != '\0') {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: Content-Encoding set to %s", r->content_encoding);
-        ap_table_setn(resp_hdrs, "Content-Encoding", r->content_encoding);
-    }
-
-/* check if NoCache directive on this host */
-    if (nocache == 0) {
-        for (i = 0; i < conf->nocaches->nelts; i++) {
-            if (destaddr.s_addr == ncent[i].addr.s_addr ||
-                (ncent[i].name != NULL &&
-                 (ncent[i].name[0] == '*' ||
-                  strstr(desthost, ncent[i].name) != NULL))) {
-                nocache = 1;
-                break;
-            }
-        }
-    }
-
-    i = ap_proxy_cache_update(c, resp_hdrs, 0, nocache);
-
-    if (i != DECLINED) {
-        return ftp_cleanup_and_return(r, ctrl, data, sock, dsock, i);
-    }
-
-    if (!pasvmode) {            /* wait for connection */
-        ap_hard_timeout("proxy ftp data connect", r);
-        clen = sizeof(server);
-        do
-            csd = accept(dsock, (struct sockaddr *)&server, &clen);
-        while (csd == -1 && errno == EINTR);
-        if (csd == -1) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "proxy: failed to accept data connection");
-            if (c != NULL)
-                c = ap_proxy_cache_error(c);
-            return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
-                                          HTTP_BAD_GATEWAY);
-        }
-        data = ap_bcreate(p, B_RDWR | B_SOCKET);
-        ap_bpushfd(data, csd, -1);
-        ap_kill_timeout(r);
-    }
-    else {
-        data = ap_bcreate(p, B_RDWR | B_SOCKET);
-        ap_bpushfd(data, dsock, dsock);
-    }
-
-    ap_hard_timeout("proxy receive", r);
-
-    /* send response */
-    /* write status line and headers to the cache file */
-    ap_proxy_write_headers(c, ap_pstrcat(p, "HTTP/1.1 ", r->status_line, NULL), resp_hdrs);
-
-    /* Setup the headers for our client from upstreams response-headers */
-    ap_overlap_tables(r->headers_out, resp_hdrs, AP_OVERLAP_TABLES_SET);
-    /* Add X-Cache header */
-    ap_table_setn(r->headers_out, "X-Cache",
-                  ap_pstrcat(r->pool, "MISS from ",
-                             ap_get_server_name(r), NULL));
-    /* The Content-Type of this response is the upstream one. */
-    r->content_type = ap_table_get(r->headers_out, "Content-Type");
-    /* finally output the headers to the client */
-    ap_send_http_header(r);
-
-/* send body */
-    if (!r->header_only) {
-        if (!get_dirlisting) {
-/* we need to set this for ap_proxy_send_fb()... */
-            if (c != NULL)
-                c->cache_completion = 0;
-            ap_proxy_send_fb(data, r, c, -1, 0, 0, conf->io_buffer_size);
-        }
-        else {
-            send_dir(data, r, c, cwd);
-        }
-        /* ap_proxy_send_fb() closes the socket */
-        data = NULL;
-        dsock = -1;
-
-        /*
-         * We checked for 125||150||226||250 above. See if another rc is
-         * pending, and fetch it:
-         */
-        if (rc == 125 || rc == 150)
-            rc = ftp_getrc(ctrl);
-    }
-    else {
-/* abort the transfer: we send the header only */
-        ap_bputs("ABOR" CRLF, ctrl);
-        ap_bflush(ctrl);
-        if (data != NULL) {
-            ap_bclose(data);
-            data = NULL;
-            dsock = -1;
-        }
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: ABOR");
-/* responses: 225, 226, 421, 500, 501, 502 */
-        /* 225 Data connection open; no transfer in progress. */
-        /* 226 Closing data connection. */
-        /* 421 Service not available, closing control connection. */
-        /* 500 Syntax error, command unrecognized. */
-        /* 501 Syntax error in parameters or arguments. */
-        /* 502 Command not implemented. */
-        i = ftp_getrc(ctrl);
-        ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: returned status %d", i);
-    }
-
-    ap_kill_timeout(r);
-    ap_proxy_cache_tidy(c);
-
-/* finish */
-    ap_bputs("QUIT" CRLF, ctrl);
-    ap_bflush(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: QUIT");
-/* responses: 221, 500 */
-    /* 221 Service closing control connection. */
-    /* 500 Syntax error, command unrecognized. */
-    i = ftp_getrc(ctrl);
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "FTP: QUIT: status %d", i);
-
-    ap_bclose(ctrl);
-
-    ap_rflush(r);               /* flush before garbage collection */
-
-    ap_proxy_garbage_coll(r);
-
-    return OK;
-}
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_http.c b/usr.sbin/httpd/src/modules/proxy/proxy_http.c
deleted file mode 100644
index fadbbb4046e..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_http.c
+++ /dev/null
@@ -1,721 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* HTTP routines for Apache proxy */
-
-#include "mod_proxy.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_core.h"
-#include "util_date.h"
-
-/*
- * Canonicalise http-like URLs.
- *  scheme is the scheme for the URL
- *  url    is the URL starting with the first '/'
- *  def_port is the default port for this scheme.
- */
-int ap_proxy_http_canon(request_rec *r, char *url, const char *scheme, int def_port)
-{
-    char *host, *path, *search, sport[7];
-    const char *err;
-    int port;
-
-    /*
-     * do syntatic check. We break the URL into host, port, path, search
-     */
-    port = def_port;
-    err = ap_proxy_canon_netloc(r->pool, &url, NULL, NULL, &host, &port);
-    if (err)
-        return HTTP_BAD_REQUEST;
-
-    /* now parse path/search args, according to rfc1738 */
-    /*
-     * N.B. if this isn't a true proxy request, then the URL _path_ has
-     * already been decoded.  True proxy requests have r->uri ==
-     * r->unparsed_uri, and no others have that property.
-     */
-    if (r->uri == r->unparsed_uri) {
-        search = strchr(url, '?');
-        if (search != NULL)
-            *(search++) = '\0';
-    }
-    else
-        search = r->args;
-
-    /* process path */
-    path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path,
-                             r->proxyreq);
-    if (path == NULL)
-        return HTTP_BAD_REQUEST;
-
-    if (port != def_port)
-        ap_snprintf(sport, sizeof(sport), ":%d", port);
-    else
-        sport[0] = '\0';
-
-    r->filename = ap_pstrcat(r->pool, "proxy:", scheme, "://", host, sport, "/",
-                   path, (search) ? "?" : "", (search) ? search : "", NULL);
-    return OK;
-}
-
-/* handle the conversion of URLs in the ProxyPassReverse function */
-static const char *proxy_location_reverse_map(request_rec *r, const char *url)
-{
-    void *sconf;
-    proxy_server_conf *conf;
-    struct proxy_alias *ent;
-    int i, l1, l2;
-    char *u;
-
-    sconf = r->server->module_config;
-    conf = (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    l1 = strlen(url);
-    ent = (struct proxy_alias *)conf->raliases->elts;
-    for (i = 0; i < conf->raliases->nelts; i++) {
-        l2 = strlen(ent[i].real);
-        if (l1 >= l2 && strncmp(ent[i].real, url, l2) == 0) {
-            u = ap_pstrcat(r->pool, ent[i].fake, &url[l2], NULL);
-            return ap_construct_url(r->pool, u, r);
-        }
-    }
-    return url;
-}
-
-/*
- * This handles http:// URLs, and other URLs using a remote proxy over http
- * If proxyhost is NULL, then contact the server directly, otherwise
- * go via the proxy.
- * Note that if a proxy is used, then URLs other than http: can be accessed,
- * also, if we have trouble which is clearly specific to the proxy, then
- * we return DECLINED so that we can try another proxy. (Or the direct
- * route.)
- */
-int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url,
-                              const char *proxyhost, int proxyport)
-{
-    const char *strp;
-    char *strp2;
-    const char *err, *desthost;
-    int i, j, sock,/* len,*/ backasswards;
-    table *req_hdrs, *resp_hdrs;
-    array_header *reqhdrs_arr;
-    table_entry *reqhdrs_elts;
-    BUFF *f;
-    char buffer[HUGE_STRING_LEN];
-    char portstr[32];
-    pool *p = r->pool;
-    int chunked = 0, destport = 0;
-    char *destportstr = NULL;
-    const char *urlptr = NULL;
-    const char *datestr, *urlstr;
-    struct addrinfo hints, *res, *res0;
-    int error;
-    int result, major, minor;
-    const char *content_length;
-    const char *peer;
-    int destportstrtonum;
-    const char *errstr;
-
-    void *sconf = r->server->module_config;
-    proxy_server_conf *conf =
-    (proxy_server_conf *)ap_get_module_config(sconf, &proxy_module);
-    struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
-    struct nocache_entry *ncent = (struct nocache_entry *) conf->nocaches->elts;
-    int nocache = 0;
-
-    if (conf->cache.root == NULL)
-        nocache = 1;
-
-    /* We break the URL into host, port, path-search */
-
-    urlptr = strstr(url, "://");
-    if (urlptr == NULL)
-        return HTTP_BAD_REQUEST;
-    destport = DEFAULT_HTTP_PORT;
-    urlptr += 3;
-    ap_hook_use("ap::mod_proxy::http::handler::set_destport", 
-                AP_HOOK_SIG2(int,ptr), 
-                AP_HOOK_TOPMOST,
-                &destport, r);
-    ap_snprintf(portstr, sizeof(portstr), "%d", destport);
-    destportstr = portstr;
-    strp = strchr(urlptr, '/');
-    if (strp == NULL) {
-        desthost = ap_pstrdup(p, urlptr);
-        urlptr = "/";
-    }
-    else {
-        char *q = ap_palloc(p, strp - urlptr + 1);
-        memcpy(q, urlptr, strp - urlptr);
-        q[strp - urlptr] = '\0';
-        urlptr = strp;
-        desthost = q;
-    }
-    if (*desthost == '['){
-      char *u = strrchr(desthost+1, ']');
-      if (u){
-          desthost++;
-          *u = '\0';
-          if (*(u+1) == ':'){ /* [host]:xx */
-              strp2 = u+1;
-          }
-          else if (*(u+1) == '\0'){   /* [host] */
-              strp2 = NULL;
-          }
-          else
-              return HTTP_BAD_REQUEST;
-      }
-      else
-          return HTTP_BAD_REQUEST;
-    }
-    else
-       strp2 = strrchr(desthost, ':');
-
-    if (strp2 != NULL) {
-        *(strp2++) = '\0';
-        if (ap_isdigit(*strp2))
-            destportstr = strp2;
-    }
-
-    /* Make sure peer is always set to prevent a segfault in the SSL handler */
-    peer = desthost;
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    error = getaddrinfo(desthost, destportstr, &hints, &res0);
-    if (error && proxyhost == NULL) {
-      return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
-                  gai_strerror(error));       /* give up */
-     }
- 
-      /* check if ProxyBlock directive on this host */
-      for (i = 0; i < conf->noproxies->nelts; i++) {
-      int fail;
-      struct sockaddr_in *sin;
-
-      fail = 0;
-      if (npent[i].name != NULL && strstr(desthost, npent[i].name))
-          fail++;
-      if (npent[i].name != NULL && strcmp(npent[i].name, "*") == 0)
-          fail++;
-      for (res = res0; res; res = res->ai_next) {
-          switch (res->ai_family) {
-          case AF_INET:
-              sin = (struct sockaddr_in *)res->ai_addr;
-              if (sin->sin_addr.s_addr == npent[i].addr.s_addr)
-                  fail++;
-              break;
-		
-          }
-      }
-      if (fail) {
-          if (res0 != NULL)
-              freeaddrinfo(res0);
-          return ap_proxyerror(r, HTTP_FORBIDDEN,
-                               "Connect to remote machine blocked");
-      }
-    }
-    if (proxyhost != NULL) {
-      char pbuf[10];
-
-      if (res0 != NULL)
-          freeaddrinfo(res0);
-
-      ap_snprintf(pbuf, sizeof(pbuf), "%d", proxyport);
-      memset(&hints, 0, sizeof(hints));
-      hints.ai_family = PF_UNSPEC;
-      hints.ai_socktype = SOCK_STREAM;
-      hints.ai_protocol = IPPROTO_TCP;
-      error = getaddrinfo(proxyhost, pbuf, &hints, &res0);
-      if (error)
-          return DECLINED;    /* try another */
-    }
-
-    /* check if ProxyBlock directive on this host */
-    for (i = 0; i < conf->noproxies->nelts; i++) {
-	peer =  ap_psprintf(p, "%s:%s", desthost, destportstr);  
-    }
-
-
-    /*
-     * we have worked out who exactly we are going to connect to, now make
-     * that connection...
-     */
-     sock = i = -1;
-     for (res = res0; res; res = res->ai_next) {
-       sock = ap_psocket(p, res->ai_family, res->ai_socktype,
-           res->ai_protocol);
-       if (sock < 0)
-           continue;
-
-      if (conf->recv_buffer_size) {
-          if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF,
-                         (const char *)&conf->recv_buffer_size, sizeof(int))
-              == -1) {
-              ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                            "setsockopt(SO_RCVBUF): Failed to set ProxyReceiveBufferSize, using default");
-          }
-      }
-
-      i = ap_proxy_doconnect(sock, res->ai_addr, r);
-      if (i == 0)
-          break;
-      ap_pclosesocket(p, sock);
-    }
-    freeaddrinfo(res0);
-
-    if (i == -1) {
-        if (proxyhost != NULL)
-            return DECLINED;    /* try again another way */
-        else
-            return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
-                                    "Could not connect to remote machine: ",
-                                                    strerror(errno), NULL));
-    }
-
-    /* record request_time for HTTP/1.1 age calculation */
-    c->req_time = time(NULL);
-
-    /*
-     * build upstream-request headers by stripping r->headers_in from
-     * connection specific headers. We must not remove the Connection: header
-     * from r->headers_in, we still have to react to Connection: close
-     */
-    req_hdrs = ap_copy_table(r->pool, r->headers_in);
-    ap_proxy_clear_connection(r->pool, req_hdrs);
-
-    /*
-     * At this point, we start sending the HTTP/1.1 request to the remote
-     * server (proxy or otherwise).
-     */
-    f = ap_bcreate(p, B_RDWR | B_SOCKET);
-    ap_bpushfd(f, sock, sock);
-
-    {
-        char *errmsg = NULL;
-        ap_hook_use("ap::mod_proxy::http::handler::new_connection", 
-                    AP_HOOK_SIG4(ptr,ptr,ptr,ptr), 
-                    AP_HOOK_DECLINE(NULL),
-                    &errmsg, r, f, peer);
-        if (errmsg != NULL)
-            return ap_proxyerror(r, HTTP_BAD_GATEWAY, errmsg);
-    }
-
-    ap_hard_timeout("proxy send", r);
-    ap_bvputs(f, r->method, " ", proxyhost ? url : urlptr, " HTTP/1.1" CRLF,
-              NULL);
-    {
-	int rc = DECLINED;
-	ap_hook_use("ap::mod_proxy::http::handler::write_host_header", 
-		    AP_HOOK_SIG6(int,ptr,ptr,ptr,ptr,ptr), 
-		    AP_HOOK_DECLINE(DECLINED),
-		    &rc, r, f, desthost, destportstr, destportstr);
-        if (rc == DECLINED) {
-	    destportstrtonum = strtonum(destportstr, 0, 65535, &errstr);
-	    if (errstr)
-		errx(1, "The destination port is %s: %s", errstr, destportstr);
-
-	    if (destportstr != NULL && destportstrtonum != destport)
-		ap_bvputs(f, "Host: ", desthost, ":", destportstr, CRLF, NULL);
-	    else
-		ap_bvputs(f, "Host: ", desthost, CRLF, NULL);
-        }
-    }
-
-    if (conf->viaopt == via_block) {
-        /* Block all outgoing Via: headers */
-        ap_table_unset(req_hdrs, "Via");
-    }
-    else if (conf->viaopt != via_off) {
-        /* Create a "Via:" request header entry and merge it */
-        i = ap_get_server_port(r);
-        if (ap_is_default_port(i, r)) {
-            strlcpy(portstr, "", sizeof(portstr));
-        }
-        else {
-            ap_snprintf(portstr, sizeof portstr, ":%d", i);
-        }
-        /* Generate outgoing Via: header with/without server comment: */
-        ap_table_mergen(req_hdrs, "Via",
-                        (conf->viaopt == via_full)
-                        ? ap_psprintf(p, "%d.%d %s%s (%s)",
-                                      HTTP_VERSION_MAJOR(r->proto_num),
-                                      HTTP_VERSION_MINOR(r->proto_num),
-                                      ap_get_server_name(r), portstr,
-                                      SERVER_BASEVERSION)
-                        : ap_psprintf(p, "%d.%d %s%s",
-                                      HTTP_VERSION_MAJOR(r->proto_num),
-                                      HTTP_VERSION_MINOR(r->proto_num),
-                                      ap_get_server_name(r), portstr)
-            );
-    }
-
-    /* the X-* headers are only added if we are a reverse
-     * proxy, otherwise we would be giving away private information.
-     */
-    if (r->proxyreq == PROXY_PASS) {
-        const char *buf;
-
-        /*
-         * Add X-Forwarded-For: so that the upstream has a chance to determine,
-         * where the original request came from.
-         */
-        ap_table_mergen(req_hdrs, "X-Forwarded-For", r->connection->remote_ip);
-
-        /* Add X-Forwarded-Host: so that upstream knows what the
-         * original request hostname was.
-         */
-        if ((buf = ap_table_get(r->headers_in, "Host"))) {
-            ap_table_mergen(req_hdrs, "X-Forwarded-Host", buf);
-        }
-
-        /* Add X-Forwarded-Server: so that upstream knows what the
-         * name of this proxy server is (if there are more than one)
-         * XXX: This duplicates Via: - do we strictly need it?
-         */
-        ap_table_mergen(req_hdrs, "X-Forwarded-Server", r->server->server_hostname);
-    } 
-
-    /* we don't yet support keepalives - but we will soon, I promise! */
-    ap_table_set(req_hdrs, "Connection", "close");
-
-    reqhdrs_arr = ap_table_elts(req_hdrs);
-    reqhdrs_elts = (table_entry *)reqhdrs_arr->elts;
-    for (i = 0; i < reqhdrs_arr->nelts; i++) {
-        if (reqhdrs_elts[i].key == NULL || reqhdrs_elts[i].val == NULL
-
-        /*
-         * Clear out hop-by-hop request headers not to send: RFC2616 13.5.1
-         * says we should strip these headers:
-         */
-            || !strcasecmp(reqhdrs_elts[i].key, "Host") /* Already sent */
-            || !strcasecmp(reqhdrs_elts[i].key, "Keep-Alive")
-            || !strcasecmp(reqhdrs_elts[i].key, "TE")
-            || !strcasecmp(reqhdrs_elts[i].key, "Trailer")
-            || !strcasecmp(reqhdrs_elts[i].key, "Transfer-Encoding")
-            || !strcasecmp(reqhdrs_elts[i].key, "Upgrade")
-        /*
-         * XXX: @@@ FIXME: "Proxy-Authorization" should *only* be suppressed
-         * if THIS server requested the authentication, not when a frontend
-         * proxy requested it!
-         * 
-         * The solution to this problem is probably to strip out the
-         * Proxy-Authorisation header in the authorisation code itself, not
-         * here. This saves us having to signal somehow whether this request
-         * was authenticated or not.
-         */
-            || !strcasecmp(reqhdrs_elts[i].key, "Proxy-Authorization"))
-            continue;
-        ap_bvputs(f, reqhdrs_elts[i].key, ": ", reqhdrs_elts[i].val, CRLF, NULL);
-    }
-
-    /* the obligatory empty line to mark the end of the headers */
-    ap_bputs(CRLF, f);
-
-    /* and flush the above away */
-    ap_bflush(f);
-
-    /* and kill the send timeout */
-    ap_kill_timeout(r);
-
-
-    /* read the request data, and pass it to the backend.
-     * we might encounter a stray 100-continue reponse from a PUT or POST,
-     * if this happens we ignore the 100 continue status line and read the
-     * response again.
-     */
-    {
-        /* send the request data, if any. */
-        ap_hard_timeout("proxy receive request data", r);
-        if (ap_should_client_block(r)) {
-            while ((i = ap_get_client_block(r, buffer, sizeof buffer)) > 0) {
-                ap_reset_timeout(r);
-                ap_bwrite(f, buffer, i);
-            }
-        }
-        ap_bflush(f);
-        ap_kill_timeout(r);
-
-
-        /* then, read a response line */
-        ap_hard_timeout("proxy receive response status line", r);
-        result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
-        ap_kill_timeout(r);
-
-        /* trap any errors */
-        if (result != OK) {
-            ap_bclose(f);
-            return result;
-        }
-
-        /* if this response was 100-continue, a stray response has been caught.
-         * read the line again for the real response
-         */
-        if (r->status == 100) {
-            ap_hard_timeout("proxy receive response status line", r);
-            result = ap_proxy_read_response_line(f, r, buffer, sizeof(buffer)-1, &backasswards, &major, &minor);
-            ap_kill_timeout(r);
-
-            /* trap any errors */
-            if (result != OK) {
-                ap_bclose(f);
-                return result;
-            }
-        }
-    }
-
-
-    /*
-     * We have our response status line from the convoluted code above,
-     * now we read the headers to continue.
-     */
-    ap_hard_timeout("proxy receive response headers", r);
-
-    /*
-     * Is it an HTTP/1 response? Do some sanity checks on the response. (This
-     * is buggy if we ever see an HTTP/1.10)
-     */
-    if (backasswards == 0) {
-
-        /* read the response headers. */
-        /* N.B. for HTTP/1.0 clients, we have to fold line-wrapped headers */
-        /* Also, take care with headers with multiple occurences. */
-
-        resp_hdrs = ap_proxy_read_headers(r, buffer, sizeof(buffer), f);
-        if (resp_hdrs == NULL) {
-            ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r->server,
-                         "proxy: Bad HTTP/%d.%d header returned by %s (%s)",
-                         major, minor, r->uri, r->method);
-            resp_hdrs = ap_make_table(p, 20);
-            nocache = 1;        /* do not cache this broken file */
-        }
-
-        /* handle Via header in the response */
-        if (conf->viaopt != via_off && conf->viaopt != via_block) {
-            /* Create a "Via:" response header entry and merge it */
-            i = ap_get_server_port(r);
-            if (ap_is_default_port(i, r)) {
-                strlcpy(portstr, "", sizeof(portstr));
-            }
-            else {
-                ap_snprintf(portstr, sizeof portstr, ":%d", i);
-            }
-            ap_table_mergen((table *)resp_hdrs, "Via",
-                            (conf->viaopt == via_full)
-                            ? ap_psprintf(p, "%d.%d %s%s (%s)",
-                                          major, minor,
-                                          ap_get_server_name(r), portstr,
-                                          SERVER_BASEVERSION)
-                            : ap_psprintf(p, "%d.%d %s%s",
-                                          major, minor,
-                                          ap_get_server_name(r), portstr)
-                );
-        }
-
-        /* is this content chunked? */
-        chunked = ap_find_last_token(r->pool,
-                                     ap_table_get(resp_hdrs, "Transfer-Encoding"),
-                                     "chunked");
-
-        /* strip hop-by-hop headers defined by Connection and RFC2616 */
-        ap_proxy_clear_connection(p, resp_hdrs);
-
-        content_length = ap_table_get(resp_hdrs, "Content-Length");
-        if (content_length != NULL) {
-            c->len = ap_strtol(content_length, NULL, 10);
-
-	    if (c->len < 0) {
-		ap_kill_timeout(r);
-		return ap_proxyerror(r, HTTP_BAD_GATEWAY, ap_pstrcat(r->pool,
-				     "Invalid Content-Length from remote server",
-                                      NULL));
-	    }
-        }
-
-    }
-    else {
-        /* an http/0.9 response */
-
-        /* no headers */
-        resp_hdrs = ap_make_table(p, 20);
-    }
-
-    ap_kill_timeout(r);
-
-    /*
-     * HTTP/1.1 requires us to accept 3 types of dates, but only generate one
-     * type
-     */
-    /*
-     * we SET the dates here, obliterating possible multiple dates, as only
-     * one of each date makes sense in each response.
-     */
-    if ((datestr = ap_table_get(resp_hdrs, "Date")) != NULL)
-        ap_table_set(resp_hdrs, "Date", ap_proxy_date_canon(p, datestr));
-    if ((datestr = ap_table_get(resp_hdrs, "Last-Modified")) != NULL)
-        ap_table_set(resp_hdrs, "Last-Modified", ap_proxy_date_canon(p, datestr));
-    if ((datestr = ap_table_get(resp_hdrs, "Expires")) != NULL)
-        ap_table_set(resp_hdrs, "Expires", ap_proxy_date_canon(p, datestr));
-
-    /* handle the ProxyPassReverse mappings */
-    if ((urlstr = ap_table_get(resp_hdrs, "Location")) != NULL)
-        ap_table_set(resp_hdrs, "Location", proxy_location_reverse_map(r, urlstr));
-    if ((urlstr = ap_table_get(resp_hdrs, "URI")) != NULL)
-        ap_table_set(resp_hdrs, "URI", proxy_location_reverse_map(r, urlstr));
-    if ((urlstr = ap_table_get(resp_hdrs, "Content-Location")) != NULL)
-        ap_table_set(resp_hdrs, "Content-Location", proxy_location_reverse_map(r, urlstr));
-
-/* check if NoCache directive on this host */
-  {
-    struct sockaddr_in *sin;
-    struct sockaddr_in6 *sin6;
-
-    if (nocache == 0) {
-	for (i = 0; i < conf->nocaches->nelts; i++) {
-	    if (ncent[i].name != NULL && 
-		(ncent[i].name[0] == '*' ||
-		 strstr(desthost, ncent[i].name) != NULL)) {
-		nocache = 1;
-		break;
-	    }
-	    switch (res->ai_addr->sa_family) {
-	    case AF_INET:
-		sin = (struct sockaddr_in *)res->ai_addr;
-		if (sin->sin_addr.s_addr == ncent[i].addr.s_addr) {
-		    nocache = 1;
-		    break;
-		}
-	    }
-	}
-
-        /* update the cache file, possibly even fulfilling the request if
-         * it turns out a conditional allowed us to serve the object from the
-         * cache...
-         */
-        i = ap_proxy_cache_update(c, resp_hdrs, !backasswards, nocache);
-        if (i != DECLINED) {
-            ap_bclose(f);
-            return i;
-        }
-
-        /* write status line and headers to the cache file */
-        ap_proxy_write_headers(c, ap_pstrcat(p, "HTTP/1.1 ", r->status_line, NULL), resp_hdrs);
-    }
-  }
-
-    /* Setup the headers for our client from upstreams response-headers */
-    ap_proxy_table_replace(r->headers_out, resp_hdrs);
-    /* Add X-Cache header - be careful not to obliterate any upstream headers */
-    ap_table_mergen(r->headers_out, "X-Cache",
-                    ap_pstrcat(r->pool, "MISS from ",
-                               ap_get_server_name(r), NULL));
-    /* The Content-Type of this response is the upstream one. */
-    r->content_type = ap_table_get(r->headers_out, "Content-Type");
-    ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "Content-Type: %s", r->content_type);
-
-    /* finally output the headers to the client */
-    ap_send_http_header(r);
-
-    /*
-     * Is it an HTTP/0.9 respose? If so, send the extra data we read from
-     * upstream as the start of the reponse to client
-     */
-/* FIXME: This code is broken: we try and write a buffer and length that
- * were never intelligently initialised. Rather have a bit of broken protocol
- * handling for now than broken code.
- */
-/*
-    if (backasswards) {
-        ap_hard_timeout("proxy send assbackward", r);
-
-        ap_bwrite(r->connection->client, buffer, len);
-        if (c != NULL && c->fp != NULL && ap_bwrite(c->fp, buffer, len) != len) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                      "proxy: error writing extra data to %s", c->tempfile);
-            c = ap_proxy_cache_error(c);
-        }
-        ap_kill_timeout(r);
-    }
-*/
-
-/* send body */
-/* if header only, then cache will be NULL */
-/* HTTP/1.0 tells us to read to EOF, rather than content-length bytes */
-/* XXX CHANGEME: We want to eventually support keepalives, which means
- * we must read content-length bytes... */
-    if (!r->header_only) {
-/* we need to set this for ap_proxy_send_fb()... */
-        c->cache_completion = conf->cache.cache_completion;
-
-/* XXX CHECKME: c->len should be the expected content length, or -1 if the
- * content length is not known. We need to make 100% sure c->len is always
- * set correctly before we get here to correctly do keepalive.
- */
-        ap_proxy_send_fb(f, r, c, c->len, 0, chunked, conf->io_buffer_size);
-    }
-
-    /* ap_proxy_send_fb() closes the socket f for us */
-
-    ap_proxy_cache_tidy(c);
-
-    ap_proxy_garbage_coll(r);
-    return OK;
-}
diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_util.c b/usr.sbin/httpd/src/modules/proxy/proxy_util.c
deleted file mode 100644
index e0702b7d8fc..00000000000
--- a/usr.sbin/httpd/src/modules/proxy/proxy_util.c
+++ /dev/null
@@ -1,1577 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* Utility routines for Apache proxy */
-#include "mod_proxy.h"
-#include "http_main.h"
-#include "ap_md5.h"
-#include "multithread.h"
-#include "http_log.h"
-#include "util_uri.h"
-#include "util_date.h"          /* get ap_checkmask() decl. */
-
-static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r);
-static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r);
-static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r);
-static int proxy_match_word(struct dirconn_entry *This, request_rec *r);
-static struct per_thread_data *get_per_thread_data(void);
-/* already called in the knowledge that the characters are hex digits */
-int ap_proxy_hex2c(const char *x)
-{
-    int i;
-    int ch;
-
-    ch = x[0];
-    if (ap_isdigit(ch))
-        i = ch - '0';
-    else if (ap_isupper(ch))
-        i = ch - ('A' - 10);
-    else
-        i = ch - ('a' - 10);
-    i <<= 4;
-
-    ch = x[1];
-    if (ap_isdigit(ch))
-        i += ch - '0';
-    else if (ap_isupper(ch))
-        i += ch - ('A' - 10);
-    else
-        i += ch - ('a' - 10);
-    return i;
-}
-
-void ap_proxy_c2hex(int ch, char *x)
-{
-    int i;
-
-    x[0] = '%';
-    i = (ch & 0xF0) >> 4;
-    if (i >= 10)
-        x[1] = ('A' - 10) + i;
-    else
-        x[1] = '0' + i;
-
-    i = ch & 0x0F;
-    if (i >= 10)
-        x[2] = ('A' - 10) + i;
-    else
-        x[2] = '0' + i;
-}
-
-/*
- * canonicalise a URL-encoded string
- */
-
-/*
- * Convert a URL-encoded string to canonical form.
- * It decodes characters which need not be encoded,
- * and encodes those which must be encoded, and does not touch
- * those which must not be touched.
- */
-char *ap_proxy_canonenc(pool *p, const char *x, int len, enum enctype t,
-                             enum proxyreqtype isenc)
-{
-    int i, j, ch;
-    char *y;
-    const char *allowed;        /* characters which should not be encoded */
-    const char *reserved;       /* characters which much not be en/de-coded */
-
-/* N.B. in addition to :@&=, this allows ';' in an http path
- * and '?' in an ftp path -- this may be revised
- *
- * Also, it makes a '+' character in a search string reserved, as
- * it may be form-encoded. (Although RFC 1738 doesn't allow this -
- * it only permits ; / ? : @ = & as reserved chars.)
- */
-    if (t == enc_path)
-        allowed = "$-_.+!*'(),;:@&=";
-    else if (t == enc_search)
-        allowed = "$-_.!*'(),;:@&=";
-    else if (t == enc_user)
-        allowed = "$-_.+!*'(),;@&=";
-    else if (t == enc_fpath)
-        allowed = "$-_.+!*'(),?:@&=";
-    else                        /* if (t == enc_parm) */
-        allowed = "$-_.+!*'(),?/:@&=";
-
-    if (t == enc_path)
-        reserved = "/";
-    else if (t == enc_search)
-        reserved = "+";
-    else
-        reserved = "";
-
-    y = ap_palloc(p, 3 * len + 1);
-
-    for (i = 0, j = 0; i < len; i++, j++) {
-/* always handle '/' first */
-        ch = x[i];
-        if (strchr(reserved, ch)) {
-            y[j] = ch;
-            continue;
-        }
-/* decode it if not already done */
-        if (isenc != NOT_PROXY && ch == '%') {
-            if (!ap_isxdigit(x[i + 1]) || !ap_isxdigit(x[i + 2]))
-                return NULL;
-            ch = ap_proxy_hex2c(&x[i + 1]);
-            i += 2;
-            if (ch != 0 && strchr(reserved, ch)) {      /* keep it encoded */
-                ap_proxy_c2hex(ch, &y[j]);
-                j += 2;
-                continue;
-            }
-        }
-/* recode it, if necessary */
-        if (!ap_isalnum(ch) && !strchr(allowed, ch)) {
-            ap_proxy_c2hex(ch, &y[j]);
-            j += 2;
-        }
-        else
-            y[j] = ch;
-    }
-    y[j] = '\0';
-    return y;
-}
-
-/*
- * Parses network-location.
- *    urlp           on input the URL; on output the path, after the leading /
- *    user           NULL if no user/password permitted
- *    password       holder for password
- *    host           holder for host
- *    port           port number; only set if one is supplied.
- *
- * Returns an error string.
- */
-char *
-     ap_proxy_canon_netloc(pool *p, char **const urlp, char **userp,
-                                char **passwordp, char **hostp, int *port)
-{
-    int i;
-    char *strp, *host, *url = *urlp;
-    char *user = NULL, *password = NULL;
-    char *t = NULL, *u = NULL, *v = NULL;
-
-    if (url[0] != '/' || url[1] != '/')
-        return "Malformed URL";
-    host = url + 2;
-    url = strchr(host, '/');
-    if (url == NULL)
-        url = "";
-    else
-        *(url++) = '\0';        /* skip seperating '/' */
-
-    /* find _last_ '@' since it might occur in user/password part */
-    strp = strrchr(host, '@');
-
-    if (strp != NULL) {
-        *strp = '\0';
-        user = host;
-        host = strp + 1;
-
-/* find password */
-        strp = strchr(user, ':');
-        if (strp != NULL) {
-            *strp = '\0';
-            password = ap_proxy_canonenc(p, strp + 1, strlen(strp + 1), enc_user, STD_PROXY);
-            if (password == NULL)
-                return "Bad %-escape in URL (password)";
-        }
-
-        user = ap_proxy_canonenc(p, user, strlen(user), enc_user, STD_PROXY);
-        if (user == NULL)
-            return "Bad %-escape in URL (username)";
-    }
-    if (userp != NULL) {
-        *userp = user;
-    }
-    if (passwordp != NULL) {
-        *passwordp = password;
-    }
-
-    v = host;
-    if (*host == '['){
-	u = strrchr(host, ']');
-	if (u){
-	    host++;
-	    *u = '\0';
-	    v = u + 1;
-	}
-    }
-    t = strrchr(v, ':');
-    if (t){
-	*t = '\0';
-	strp = t + 1;
-    }
-    if (strp){
-	for (i=0; strp[i] != '\0'; i++)
-	    if (!ap_isdigit(strp[i]))
-		break;
-
-	/* if (i == 0) the no port was given; keep default */
-	if (strp[i] != '\0') {
-	    return "Bad port number in URL";
-	}
-        else if (i > 0) {
-	    *port = atoi(strp);
-	    if (*port > 65535)
-		return "Port number in URL > 65535";
-	}
-    }
-    ap_str_tolower(host);       /* DNS names are case-insensitive */
-    if (*host == '\0')
-        return "Missing host in URL";
-/* check hostname syntax */
-    for (i = 0; host[i] != '\0'; i++)
-	if (!ap_isxdigit(host[i]) && host[i] != '.' && host[i] != ':')
-	    break;
-    /* must be an IP address */
-    if (host[i] == '\0') {
-	struct addrinfo hints, *res0;
-	int gai;
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_flags = AI_NUMERICHOST;
-	if (gai = getaddrinfo(host, NULL, &hints, &res0)) {
-#if 0
-	    return gai_strerror(gai);
-#else
-	    return "Bad IP address in URL";
-#endif
-	}
-	freeaddrinfo(res0);
-    }
-
-/*    if (strchr(host,'.') == NULL && domain != NULL)
-   host = pstrcat(p, host, domain, NULL);
- */
-    *urlp = url;
-    *hostp = host;
-
-    return NULL;
-}
-
-static const char *const lwday[7] =
-{"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"};
-
-/*
- * If the date is a valid RFC 850 date or asctime() date, then it
- * is converted to the RFC 1123 format, otherwise it is not modified.
- * This routine is not very fast at doing conversions, as it uses
- * sscanf and sprintf. However, if the date is already correctly
- * formatted, then it exits very quickly.
- */
-const char *
-     ap_proxy_date_canon(pool *p, const char *x)
-{
-    int wk, mday, year, hour, min, sec, mon;
-    char *q, month[4], zone[4], week[4];
-
-    q = strchr(x, ',');
-    /* check for RFC 850 date */
-    if (q != NULL && q - x > 3 && q[1] == ' ') {
-        *q = '\0';
-        for (wk = 0; wk < 7; wk++)
-            if (strcmp(x, lwday[wk]) == 0)
-                break;
-        *q = ',';
-        if (wk == 7)
-            return x;           /* not a valid date */
-        if (q[4] != '-' || q[8] != '-' || q[11] != ' ' || q[14] != ':' ||
-            q[17] != ':' || strcmp(&q[20], " GMT") != 0)
-            return x;
-        if (sscanf(q + 2, "%u-%3s-%u %u:%u:%u %3s", &mday, month, &year,
-                   &hour, &min, &sec, zone) != 7)
-            return x;
-        if (year < 70)
-            year += 2000;
-        else
-            year += 1900;
-    }
-    else {
-/* check for acstime() date */
-        if (x[3] != ' ' || x[7] != ' ' || x[10] != ' ' || x[13] != ':' ||
-            x[16] != ':' || x[19] != ' ' || x[24] != '\0')
-            return x;
-        if (sscanf(x, "%3s %3s %u %u:%u:%u %u", week, month, &mday, &hour,
-                   &min, &sec, &year) != 7)
-            return x;
-        for (wk = 0; wk < 7; wk++)
-            if (strcmp(week, ap_day_snames[wk]) == 0)
-                break;
-        if (wk == 7)
-            return x;
-    }
-
-/* check date */
-    for (mon = 0; mon < 12; mon++)
-        if (strcmp(month, ap_month_snames[mon]) == 0)
-            break;
-    if (mon == 12)
-        return x;
-
-    q = ap_palloc(p, 30);
-    ap_snprintf(q, 30, "%s, %.2d %s %d %.2d:%.2d:%.2d GMT", ap_day_snames[wk], mday,
-                ap_month_snames[mon], year, hour, min, sec);
-    return q;
-}
-
-
-/*
- * Reads headers from a buffer and returns an array of headers.
- * Returns NULL on file error
- * This routine tries to deal with too long lines and continuation lines.
- *
- * Note: Currently the headers are passed through unmerged. This has to be
- * done so that headers which react badly to merging (such as Set-Cookie
- * headers, which contain commas within the date field) do not get stuffed
- * up.
- */
-table *ap_proxy_read_headers(request_rec *r, char *buffer, int size, BUFF *f)
-{
-    table *resp_hdrs;
-    int len;
-    char *value, *end;
-    char field[MAX_STRING_LEN];
-
-    resp_hdrs = ap_make_table(r->pool, 20);
-
-    /*
-     * Read header lines until we get the empty separator line, a read error,
-     * the connection closes (EOF), or we timeout.
-     */
-    while ((len = ap_getline(buffer, size, f, 1)) > 0) {
-
-        if (!(value = strchr(buffer, ':'))) {   /* Find the colon separator */
-
-            /*
-             * Buggy MS IIS servers sometimes return invalid headers (an
-             * extra "HTTP/1.0 200, OK" line sprinkled in between the usual
-             * MIME headers). Try to deal with it in a sensible way, but log
-             * the fact. XXX: The mask check is buggy if we ever see an
-             * HTTP/1.10
-             */
-
-            if (!ap_checkmask(buffer, "HTTP/#.# ###*")) {
-                /* Nope, it wasn't even an extra HTTP header. Give up. */
-                return NULL;
-            }
-
-            ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, r->server,
-                         "proxy: Ignoring duplicate HTTP status line "
-                         "returned by buggy server %s (%s)", r->uri, r->method);
-            continue;
-        }
-
-        *value = '\0';
-        ++value;
-        /*
-         * XXX: RFC2068 defines only SP and HT as whitespace, this test is
-         * wrong... and so are many others probably.
-         */
-        while (ap_isspace(*value))
-            ++value;            /* Skip to start of value   */
-
-        /* should strip trailing whitespace as well */
-        for (end = &value[strlen(value) - 1]; end > value && ap_isspace(*end); --end)
-            *end = '\0';
-
-        /* make sure we add so as not to destroy duplicated headers */
-        ap_table_add(resp_hdrs, buffer, value);
-
-        /* the header was too long; at the least we should skip extra data */
-        if (len >= size - 1) {
-            while ((len = ap_getline(field, MAX_STRING_LEN, f, 1))
-                   >= MAX_STRING_LEN - 1) {
-                /* soak up the extra data */
-            }
-            if (len == 0)       /* time to exit the larger loop as well */
-                break;
-        }
-    }
-    return resp_hdrs;
-}
-
-/* read data from (socket BUFF*) f, write it to:
- * - c->fp, if it is open
- * - r->connection->client, if nowrite == 0
- */
-
-long int ap_proxy_send_fb(BUFF *f, request_rec *r, cache_req *c, off_t len, int nowrite, int chunked, size_t recv_buffer_size)
-{
-    int ok, end_of_chunk;
-    char *buf;
-    size_t buf_size;
-    long remaining = 0;
-    long total_bytes_rcvd;
-    register int n = 0, o, w;
-    conn_rec *con = r->connection;
-    int alternate_timeouts = 1; /* 1 if we alternate between soft & hard
-                                 * timeouts */
-
-    /* allocate a buffer to store the bytes in */
-    /*
-     * make sure it is at least IOBUFSIZE, as recv_buffer_size may be zero
-     * for system default
-     */
-    buf_size = MAX(recv_buffer_size, IOBUFSIZE);
-    buf = ap_palloc(r->pool, buf_size);
-
-    total_bytes_rcvd = 0;
-    if (c != NULL)
-        c->written = 0;
-
-    /*
-     * Since we are reading from one buffer and writing to another, it is
-     * unsafe to do a soft_timeout here, at least until the proxy has its own
-     * timeout handler which can set both buffers to EOUT.
-     */
-
-    ap_kill_timeout(r);
-
-    /*
-     * CHECKME! Since hard_timeout won't work in unix on sends with partial
-     * cache completion, we have to alternate between hard_timeout for reads,
-     * and soft_timeout for send.  This is because we need to get a return
-     * from ap_bwrite to be able to continue caching. BUT, if we *can't*
-     * continue anyway, just use hard_timeout. (Also, if no cache file is
-     * written, use hard timeouts)
-     */
-
-    if (c == NULL || c->len <= 0 || c->cache_completion == 1.0) {
-        ap_hard_timeout("proxy send body", r);
-        alternate_timeouts = 0;
-    }
-
-    /*
-     * Loop and ap_bread() while we can successfully read and write, or
-     * (after the client aborted) while we can successfully read and finish
-     * the configured cache_completion.
-     */
-    for (end_of_chunk = ok = 1; ok;) {
-        if (alternate_timeouts)
-            ap_hard_timeout("proxy recv body from upstream server", r);
-
-
-        /* read a chunked block */
-        if (chunked) {
-            long chunk_start = 0;
-            n = 0;
-
-            /* start of a new chunk */
-            if (end_of_chunk) {
-                end_of_chunk = 0;
-                /* get the chunk size from the stream */
-                chunk_start = ap_getline(buf, buf_size, f, 0);
-                if ((chunk_start <= 0) || ((size_t)chunk_start + 1 >= buf_size) || !ap_isxdigit(*buf)) {
-                    n = -1;
-                }
-                /* parse the chunk size */
-                else {
-                    remaining = ap_get_chunk_size(buf);
-                    if (remaining == 0) { /* Last chunk indicated, get footers */
-                        /* as we are a proxy, we discard the footers, as the headers
-                         * have already been sent at this point.
-                         */
-                        if (NULL == ap_proxy_read_headers(r, buf, buf_size, f)) {
-                            n = -1;
-                        }
-                    }
-                    else if (remaining < 0) {
-                        n = -1;
-                        ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                                      "proxy: remote protocol error, invalid chunk size");
-
-                    }
-                }
-            }
-
-            /* read the chunk */
-            if (remaining > 0) {
-	    	n = ap_bread(f, buf, (int) MIN(buf_size, remaining));
-                if (n > -1) {
-                    remaining -= n;
-                    end_of_chunk = (remaining == 0);
-                }
-            }
-
-            /* soak up trailing CRLF */
-            if (end_of_chunk) {
-                int ch; /* int because it may hold an EOF */
-                /*
-                 * For EBCDIC, the proxy has configured the BUFF layer to
-                 * transparently pass the ascii characters thru (also writing
-                 * an ASCII copy to the cache, where appropriate).
-                 * Therefore, we see here an ASCII-CRLF (\015\012),
-                 * not an EBCDIC-CRLF (\r\n).
-                 */
-                if ((ch = ap_bgetc(f)) == EOF) {
-                    /* Protocol error: EOF detected within chunk */
-                    n = -1;
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                                  "proxy: remote protocol error, eof while reading chunked from proxy");
-                }
-                else
-                {
-                    if (ch == '\015') { /* _ASCII_ CR */
-                        ch = ap_bgetc(f);
-                    }
-                    if (ch != '\012') {
-                        n = -1;
-                    }
-                }
-            }
-        }
-
-        /* otherwise read block normally */
-        else {
-            if (-1 == len) {
-                n = ap_bread(f, buf, buf_size);
-            }
-            else {
-                n = ap_bread(f, buf, (int) MIN(buf_size,
-                                               (len - total_bytes_rcvd)));
-            }
-        }
-
-
-        if (alternate_timeouts)
-            ap_kill_timeout(r);
-        else
-            ap_reset_timeout(r);
-
-        if (n == -1) {          /* input error */
-            if (c != NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                              "proxy: error reading from %s", c->url);
-                c = ap_proxy_cache_error(c);
-            }
-            break;
-        }
-        if (n == 0)
-            break;              /* EOF */
-        o = 0;
-        total_bytes_rcvd += n;
-
-        /* if we've received everything... */
-        /*
-         * in the case of slow frontends and expensive backends, we want to
-         * avoid leaving a backend connection hanging while the frontend
-         * takes it's time to absorb the bytes. so: if we just read the last
-         * block, we close the backend connection now instead of later - it's
-         * no longer needed.
-         */
-        if (total_bytes_rcvd == len) {
-            ap_bclose(f);
-            f = NULL;
-        }
-
-        /* Write to cache first. */
-        /*
-         * @@@ XXX FIXME: Assuming that writing the cache file won't time
-         * out?!!?
-         */
-        if (c != NULL && c->fp != NULL) {
-            if (ap_bwrite(c->fp, &buf[0], n) != n) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                              "proxy: error writing to %s", c->tempfile);
-                c = ap_proxy_cache_error(c);
-            }
-            else {
-                c->written += n;
-            }
-        }
-
-        /* Write the block to the client, detect aborted transfers */
-        while (!nowrite && !con->aborted && n > 0) {
-            if (alternate_timeouts)
-                ap_soft_timeout("proxy send body", r);
-
-            w = ap_bwrite(con->client, &buf[o], n);
-
-            if (alternate_timeouts)
-                ap_kill_timeout(r);
-            else
-                ap_reset_timeout(r);
-
-            if (w <= 0) {
-                if (c != NULL) {
-                    /*
-                     * when a send failure occurs, we need to decide whether
-                     * to continue loading and caching the document, or to
-                     * abort the whole thing
-                     */
-                    ok = (c->len > 0) &&
-                        (c->cache_completion > 0) &&
-                        (c->len * c->cache_completion < total_bytes_rcvd);
-
-                    if (!ok) {
-                        if (c->fp != NULL) {
-                            ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR));
-                            c->fp = NULL;
-                        }
-                        unlink(c->tempfile);
-                        c = NULL;
-                    }
-                }
-                con->aborted = 1;
-                break;
-            }
-            n -= w;
-            o += w;
-        }                       /* while client alive and more data to send */
-
-        /* if we've received everything, leave now */
-        if (total_bytes_rcvd == len)
-            break;
-
-    }                           /* loop and ap_bread while "ok" */
-
-    /* if the backend connection is still open, close it */
-    if (f) {
-        ap_bclose(f);
-    }
-
-    if (!con->aborted) {
-        ap_bflush(con->client);
-    }
-
-    ap_kill_timeout(r);
-
-    r->bytes_sent += total_bytes_rcvd;
-
-    return total_bytes_rcvd;
-}
-
-/*
- * Writes response line and headers to the cache file.
- *
- * If respline is NULL, no response line will be written.
- */
-void ap_proxy_write_headers(cache_req *c, const char *respline, table *t)
-{
-    /* write status line */
-    if (respline && c->fp != NULL &&
-        ap_bvputs(c->fp, respline, CRLF, NULL) == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                      "proxy: error writing status line to %s", c->tempfile);
-        c = ap_proxy_cache_error(c);
-        return;
-    }
-
-    /* write response headers to the cache file */
-    ap_table_do(ap_proxy_send_hdr_line, c, t, NULL);
-
-    /* write terminating CRLF */
-    if (c->fp != NULL && ap_bputs(CRLF, c->fp) == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                      "proxy: error writing CRLF to %s", c->tempfile);
-        c = ap_proxy_cache_error(c);
-    }
-}
-
-
-/*
- * list is a comma-separated list of case-insensitive tokens, with
- * optional whitespace around the tokens.
- * The return returns 1 if the token val is found in the list, or 0
- * otherwise.
- */
-int ap_proxy_liststr(const char *list, const char *key, char **val)
-{
-    int len, i;
-    const char *p;
-    char valbuf[HUGE_STRING_LEN];
-    valbuf[sizeof(valbuf) - 1] = 0;     /* safety terminating zero */
-
-    len = strlen(key);
-
-    while (list != NULL) {
-        p = strchr(list, ',');
-        if (p != NULL) {
-            i = p - list;
-            do
-                p++;
-            while (ap_isspace(*p));
-        }
-        else
-            i = strlen(list);
-
-        while (i > 0 && ap_isspace(list[i - 1]))
-            i--;
-        if (i == len && strncasecmp(list, key, len) == 0) {
-            if (val) {
-                p = strchr(list, ',');
-                while (ap_isspace(*list)) {
-                    list++;
-                }
-                if ('=' == list[0])
-                    list++;
-                while (ap_isspace(*list)) {
-                    list++;
-                }
-                strncpy(valbuf, list, MIN(p - list, sizeof(valbuf) - 1));
-                *val = valbuf;
-            }
-            return 1;
-        }
-        list = p;
-    }
-    return 0;
-}
-
-void ap_proxy_hash(const char *it, char *val, int ndepth, int nlength)
-{
-    AP_MD5_CTX context;
-    unsigned char digest[16];
-    char tmp[22];
-    int i, k, d;
-    unsigned int x;
-    static const char enc_table[64] =
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_@";
-
-    ap_MD5Init(&context);
-    ap_MD5Update(&context, (const unsigned char *)it, strlen(it));
-    ap_MD5Final(digest, &context);
-
-/* encode 128 bits as 22 characters, using a modified uuencoding */
-/* the encoding is 3 bytes -> 4 characters
- * i.e. 128 bits is 5 x 3 bytes + 1 byte -> 5 * 4 characters + 2 characters
- */
-    for (i = 0, k = 0; i < 15; i += 3) {
-        x = (digest[i] << 16) | (digest[i + 1] << 8) | digest[i + 2];
-        tmp[k++] = enc_table[x >> 18];
-        tmp[k++] = enc_table[(x >> 12) & 0x3f];
-        tmp[k++] = enc_table[(x >> 6) & 0x3f];
-        tmp[k++] = enc_table[x & 0x3f];
-    }
-/* one byte left */
-    x = digest[15];
-    tmp[k++] = enc_table[x >> 2];       /* use up 6 bits */
-    tmp[k++] = enc_table[(x << 4) & 0x3f];
-    /* now split into directory levels */
-
-    for (i = k = d = 0; d < ndepth; ++d) {
-        memcpy(&val[i], &tmp[k], nlength);
-        k += nlength;
-        val[i + nlength] = '/';
-        i += nlength + 1;
-    }
-    memcpy(&val[i], &tmp[k], 22 - k);
-    val[i + 22 - k] = '\0';
-}
-
-/*
- * Converts 16 hex digits to a time integer
- */
-int ap_proxy_hex2sec(const char *x)
-{
-    int i, ch;
-    unsigned int j;
-
-    for (i = 0, j = 0; i < 16; i++) {
-        ch = x[i];
-        j <<= 4;
-        if (ap_isdigit(ch))
-            j |= ch - '0';
-        else if (ap_isupper(ch))
-            j |= ch - ('A' - 10);
-        else
-            j |= ch - ('a' - 10);
-    }
-/* no longer necessary, as the source hex is 8-byte int */
-/*    if (j == 0xffffffff)*/
-    /*      return -1;*//* so that it works with 8-byte ints */
-/*    else */
-    return j;
-}
-
-/*
- * Converts a time integer to 16 hex digits
- */
-int ap_proxy_sec2hex(int t, char *y, int len)
-{
-    int i, ch;
-    unsigned int j = t;
-
-    if (-1 == t) {
-        if (strlcpy(y, "FFFFFFFFFFFFFFFF", len) > len)
-		return (-1);
-        return (0);
-    }
-
-    if (len < 17)
-	return (-1);
-
-    for (i = 15; i >= 0; i--) {
-        ch = j & 0xF;
-        j >>= 4;
-        if (ch >= 10)
-            y[i] = ch + ('A' - 10);
-        else
-            y[i] = ch + '0';
-    }
-    y[16] = '\0';
-    return (0);
-}
-
-
-cache_req *ap_proxy_cache_error(cache_req *c)
-{
-    if (c != NULL) {
-        if (c->fp != NULL) {
-            ap_pclosef(c->req->pool, ap_bfileno(c->fp, B_WR));
-            c->fp = NULL;
-        }
-        if (c->origfp != NULL) {
-            ap_pclosef(c->req->pool, ap_bfileno(c->origfp, B_WR));
-            c->origfp = NULL;
-        }
-        if (c->tempfile)
-            unlink(c->tempfile);
-    }
-    return NULL;
-}
-
-int ap_proxyerror(request_rec *r, int statuscode, const char *message)
-{
-    ap_table_setn(r->notes, "error-notes",
-                  ap_pstrcat(r->pool,
-                             "The proxy server could not handle the request "
-                           "pool, r->uri),
-                             "\">", ap_escape_html(r->pool, r->method),
-                             " ",
-                          ap_escape_html(r->pool, r->uri), ".
    \n"
-                             "Reason: ",
-                             ap_escape_html(r->pool, message),
-                             "", NULL));
-
-    /* Allow "error-notes" string to be printed by ap_send_error_response() */
-    ap_table_setn(r->notes, "verbose-error-to", ap_pstrdup(r->pool, "*"));
-
-    r->status_line = ap_psprintf(r->pool, "%3.3u Proxy Error", statuscode);
-    return statuscode;
-}
-
-/*
- * This routine returns its own error message
- */
-const char *
-     ap_proxy_host2addr(const char *host, struct hostent * reqhp)
-{
-    int i;
-    struct hostent *hp;
-    struct per_thread_data *ptd = get_per_thread_data();
-
-    for (i = 0; host[i] != '\0'; i++)
-        if (!ap_isdigit(host[i]) && host[i] != '.')
-            break;
-
-    if (host[i] != '\0') {
-        hp = gethostbyname(host);
-        if (hp == NULL)
-            return "Host not found";
-    }
-    else {
-        ptd->ipaddr = ap_inet_addr(host);
-        hp = gethostbyaddr((char *)&ptd->ipaddr, sizeof(ptd->ipaddr), AF_INET);
-        if (hp == NULL) {
-            memset(&ptd->hpbuf, 0, sizeof(ptd->hpbuf));
-            ptd->hpbuf.h_name = 0;
-            ptd->hpbuf.h_addrtype = AF_INET;
-            ptd->hpbuf.h_length = sizeof(ptd->ipaddr);
-            ptd->hpbuf.h_addr_list = ptd->charpbuf;
-            ptd->hpbuf.h_addr_list[0] = (char *)&ptd->ipaddr;
-            ptd->hpbuf.h_addr_list[1] = 0;
-            hp = &ptd->hpbuf;
-        }
-    }
-    *reqhp = *hp;
-    return NULL;
-}
-
-static const char *
-     proxy_get_host_of_request(request_rec *r)
-{
-    char *url, *user = NULL, *password = NULL, *err, *host;
-    int port = -1;
-
-    if (r->hostname != NULL)
-        return r->hostname;
-
-    /* Set url to the first char after "scheme://" */
-    if ((url = strchr(r->uri, ':')) == NULL
-        || url[1] != '/' || url[2] != '/')
-        return NULL;
-
-    url = ap_pstrdup(r->pool, &url[1]); /* make it point to "//", which is
-                                         * what proxy_canon_netloc expects */
-
-    err = ap_proxy_canon_netloc(r->pool, &url, &user, &password, &host, &port);
-
-    if (err != NULL)
-        ap_log_rerror(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, r,
-                      "%s", err);
-
-    r->hostname = host;
-
-    return host;                /* ought to return the port, too */
-}
-
-/* Return TRUE if addr represents an IP address (or an IP network address) */
-int ap_proxy_is_ipaddr(struct dirconn_entry *This, pool *p)
-{
-    const char *addr = This->name;
-    long ip_addr[4];
-    int i, quads;
-    long bits;
-
-    /* if the address is given with an explicit netmask, use that */
-    /* Due to a deficiency in ap_inet_addr(), it is impossible to parse */
-    /* "partial" addresses (with less than 4 quads) correctly, i.e.  */
-    /* 192.168.123 is parsed as 192.168.0.123, which is not what I want. */
-    /* I therefore have to parse the IP address manually: */
-    /*
-     * if (proxy_readmask(This->name, &This->addr.s_addr, &This->mask.s_addr)
-     * == 0)
-     */
-    /* addr and mask were set by proxy_readmask() */
-    /* return 1; */
-
-    /* Parse IP addr manually, optionally allowing */
-    /* abbreviated net addresses like 192.168. */
-
-    /* Iterate over up to 4 (dotted) quads. */
-    for (quads = 0; quads < 4 && *addr != '\0'; ++quads) {
-        char *tmp;
-
-        if (*addr == '/' && quads > 0)  /* netmask starts here. */
-            break;
-
-        if (!ap_isdigit(*addr))
-            return 0;           /* no digit at start of quad */
-
-        ip_addr[quads] = ap_strtol(addr, &tmp, 0);
-
-        if (tmp == addr)        /* expected a digit, found something else */
-            return 0;
-
-        if (ip_addr[quads] < 0 || ip_addr[quads] > 255) {
-            /* invalid octet */
-            return 0;
-        }
-
-        addr = tmp;
-
-        if (*addr == '.' && quads != 3)
-            ++addr;             /* after the 4th quad, a dot would be illegal */
-    }
-
-    for (This->addr.s_addr = 0, i = 0; i < quads; ++i)
-        This->addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
-
-    if (addr[0] == '/' && ap_isdigit(addr[1])) {        /* net mask follows: */
-        char *tmp;
-
-        ++addr;
-
-        bits = ap_strtol(addr, &tmp, 0);
-
-        if (tmp == addr)        /* expected a digit, found something else */
-            return 0;
-
-        addr = tmp;
-
-        if (bits < 0 || bits > 32)      /* netmask must be between 0 and 32 */
-            return 0;
-
-    }
-    else {
-        /* Determine (i.e., "guess") netmask by counting the */
-        /* number of trailing .0's; reduce #quads appropriately */
-        /* (so that 192.168.0.0 is equivalent to 192.168.)        */
-        while (quads > 0 && ip_addr[quads - 1] == 0)
-            --quads;
-
-        /*
-         * "IP Address should be given in dotted-quad form, optionally
-         * followed by a netmask (e.g., 192.168.111.0/24)";
-         */
-        if (quads < 1)
-            return 0;
-
-        /* every zero-byte counts as 8 zero-bits */
-        bits = 8 * quads;
-
-        if (bits != 32)         /* no warning for fully qualified IP address */
-            fprintf(stderr, "Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld\n",
-                    inet_ntoa(This->addr), bits);
-    }
-
-    This->mask.s_addr = htonl(INADDR_NONE << (32 - bits));
-
-    if (*addr == '\0' && (This->addr.s_addr & ~This->mask.s_addr) != 0) {
-        fprintf(stderr, "Warning: NetMask and IP-Addr disagree in %s/%ld\n",
-                inet_ntoa(This->addr), bits);
-        This->addr.s_addr &= This->mask.s_addr;
-        fprintf(stderr, "         Set to %s/%ld\n",
-                inet_ntoa(This->addr), bits);
-    }
-
-    if (*addr == '\0') {
-        This->matcher = proxy_match_ipaddr;
-        return 1;
-    }
-    else
-        return (*addr == '\0'); /* okay iff we've parsed the whole string */
-}
-
-/* Return TRUE if addr represents an IP address (or an IP network address) */
-static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r)
-{
-    int i;
-    int ip_addr[4];
-    struct in_addr addr;
-    struct in_addr *ip_list;
-    char **ip_listptr;
-    const char *found;
-    const char *host = proxy_get_host_of_request(r);
-
-    if (host == NULL)           /* oops! */
-        return 0;
-
-    memset(&addr, '\0', sizeof addr);
-    memset(ip_addr, '\0', sizeof ip_addr);
-
-    if (4 == sscanf(host, "%d.%d.%d.%d", &ip_addr[0], &ip_addr[1], &ip_addr[2], &ip_addr[3])) {
-        for (addr.s_addr = 0, i = 0; i < 4; ++i)
-            addr.s_addr |= htonl(ip_addr[i] << (24 - 8 * i));
-
-        if (This->addr.s_addr == (addr.s_addr & This->mask.s_addr)) {
-#if DEBUGGING
-            fprintf(stderr, "1)IP-Match: %s[%s] <-> ", host, inet_ntoa(addr));
-            fprintf(stderr, "%s/", inet_ntoa(This->addr));
-            fprintf(stderr, "%s\n", inet_ntoa(This->mask));
-#endif
-            return 1;
-        }
-#if DEBUGGING
-        else {
-            fprintf(stderr, "1)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(addr));
-            fprintf(stderr, "%s/", inet_ntoa(This->addr));
-            fprintf(stderr, "%s\n", inet_ntoa(This->mask));
-        }
-#endif
-    }
-    else {
-        struct hostent the_host;
-
-        memset(&the_host, '\0', sizeof the_host);
-        found = ap_proxy_host2addr(host, &the_host);
-
-        if (found != NULL) {
-#if DEBUGGING
-            fprintf(stderr, "2)IP-NoMatch: hostname=%s msg=%s\n", host, found);
-#endif
-            return 0;
-        }
-
-        if (the_host.h_name != NULL)
-            found = the_host.h_name;
-        else
-            found = host;
-
-        /* Try to deal with multiple IP addr's for a host */
-        for (ip_listptr = the_host.h_addr_list; *ip_listptr; ++ip_listptr) {
-            ip_list = (struct in_addr *)*ip_listptr;
-            if (This->addr.s_addr == (ip_list->s_addr & This->mask.s_addr)) {
-#if DEBUGGING
-                fprintf(stderr, "3)IP-Match: %s[%s] <-> ", found, inet_ntoa(*ip_list));
-                fprintf(stderr, "%s/", inet_ntoa(This->addr));
-                fprintf(stderr, "%s\n", inet_ntoa(This->mask));
-#endif
-                return 1;
-            }
-#if DEBUGGING
-            else {
-                fprintf(stderr, "3)IP-NoMatch: %s[%s] <-> ", found, inet_ntoa(*ip_list));
-                fprintf(stderr, "%s/", inet_ntoa(This->addr));
-                fprintf(stderr, "%s\n", inet_ntoa(This->mask));
-            }
-#endif
-        }
-    }
-
-    return 0;
-}
-
-/* Return TRUE if addr represents a domain name */
-int ap_proxy_is_domainname(struct dirconn_entry *This, pool *p)
-{
-    char *addr = This->name;
-    int i;
-
-    /* Domain name must start with a '.' */
-    if (addr[0] != '.')
-        return 0;
-
-    /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
-    for (i = 0; ap_isalnum(addr[i]) || addr[i] == '-' || addr[i] == '.'; ++i)
-        continue;
-
-    if (addr[i] != '\0')
-        return 0;
-
-    /* Strip trailing dots */
-    for (i = strlen(addr) - 1; i > 0 && addr[i] == '.'; --i)
-        addr[i] = '\0';
-
-    This->matcher = proxy_match_domainname;
-    return 1;
-}
-
-/* Return TRUE if host "host" is in domain "domain" */
-static int proxy_match_domainname(struct dirconn_entry *This, request_rec *r)
-{
-    const char *host = proxy_get_host_of_request(r);
-    int d_len = strlen(This->name), h_len;
-
-    if (host == NULL)           /* some error was logged already */
-        return 0;
-
-    h_len = strlen(host);
-
-    /* @@@ do this within the setup? */
-    /* Ignore trailing dots in domain comparison: */
-    while (d_len > 0 && This->name[d_len - 1] == '.')
-        --d_len;
-    while (h_len > 0 && host[h_len - 1] == '.')
-        --h_len;
-    return h_len > d_len
-        && strncasecmp(&host[h_len - d_len], This->name, d_len) == 0;
-}
-
-/* Return TRUE if addr represents a host name */
-int ap_proxy_is_hostname(struct dirconn_entry *This, pool *p)
-{
-    struct hostent host;
-    char *addr = This->name;
-    int i;
-
-    /* Host names must not start with a '.' */
-    if (addr[0] == '.')
-        return 0;
-
-    /* rfc1035 says DNS names must consist of "[-a-zA-Z0-9]" and '.' */
-    for (i = 0; ap_isalnum(addr[i]) || addr[i] == '-' || addr[i] == '.'; ++i);
-
-    if (addr[i] != '\0' || ap_proxy_host2addr(addr, &host) != NULL)
-        return 0;
-
-    This->hostentry = ap_pduphostent(p, &host);
-
-    /* Strip trailing dots */
-    for (i = strlen(addr) - 1; i > 0 && addr[i] == '.'; --i)
-        addr[i] = '\0';
-
-    This->matcher = proxy_match_hostname;
-    return 1;
-}
-
-/* Return TRUE if host "host" is equal to host2 "host2" */
-static int proxy_match_hostname(struct dirconn_entry *This, request_rec *r)
-{
-    char *host = This->name;
-    const char *host2 = proxy_get_host_of_request(r);
-    int h2_len;
-    int h1_len;
-
-    if (host == NULL || host2 == NULL)
-        return 0;               /* oops! */
-
-    h2_len = strlen(host2);
-    h1_len = strlen(host);
-
-    /* Ignore trailing dots in host2 comparison: */
-    while (h2_len > 0 && host2[h2_len - 1] == '.')
-        --h2_len;
-    while (h1_len > 0 && host[h1_len - 1] == '.')
-        --h1_len;
-    return h1_len == h2_len
-        && strncasecmp(host, host2, h1_len) == 0;
-}
-
-/* Return TRUE if addr is to be matched as a word */
-int ap_proxy_is_word(struct dirconn_entry *This, pool *p)
-{
-    This->matcher = proxy_match_word;
-    return 1;
-}
-
-/* Return TRUE if string "str2" occurs literally in "str1" */
-static int proxy_match_word(struct dirconn_entry *This, request_rec *r)
-{
-    const char *host = proxy_get_host_of_request(r);
-    return host != NULL && strstr(host, This->name) != NULL;
-}
-
-int ap_proxy_doconnect(int sock, struct sockaddr *addr, request_rec *r)
-{
-    int i;
-    int salen;
-    char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
-#ifdef NI_WITHSCOPEID
-    const int niflags = NI_NUMERICHOST | NI_NUMERICSERV | NI_WITHSCOPEID;
-#else
-    const int niflags = NI_NUMERICHOST | NI_NUMERICSERV;
-#endif
-
-    ap_hard_timeout("proxy connect", r);
-#ifdef HAVE_SOCKADDR_LEN
-    salen = addr->sa_len;
-#else
-    switch (addr->sa_family) {
-    case AF_INET6:
-	salen = sizeof(struct sockaddr_in6);
-	break;
-    default:
-	salen = sizeof(struct sockaddr_in);
-	break;
-    }
-#endif
-    do {
-	i = connect(sock,  addr, salen);
-    } while (i == -1 && errno == EINTR);
-    if (i == -1) {
-	if (getnameinfo(addr, salen, hbuf, sizeof(hbuf), pbuf, sizeof(pbuf),
-		niflags) != 0) {
-	    strcpy(hbuf, "?");
-	    strcpy(pbuf, "?");
-	}
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                      "proxy connect to %s port %s failed", hbuf, pbuf);
-    }
-    ap_kill_timeout(r);
-
-    return i;
-}
-
-/* This function is called by ap_table_do() for all header lines
- * (from proxy_http.c and proxy_ftp.c)
- * It is passed a cache_req struct pointer and a MIME field and value pair
- */
-int ap_proxy_send_hdr_line(void *p, const char *key, const char *value)
-{
-    cache_req *c = (cache_req *)p;
-
-    if (key == NULL || value == NULL || value[0] == '\0')
-        return 1;
-    if (c->fp != NULL &&
-        ap_bvputs(c->fp, key, ": ", value, CRLF, NULL) == -1) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, c->req,
-                      "proxy: error writing header to %s", c->tempfile);
-        c = ap_proxy_cache_error(c);
-        return 0;               /* no need to continue, it failed already */
-    }
-    return 1;                   /* tell ap_table_do() to continue calling us
-                                 * for more headers */
-}
-
-/* send a text line to one or two BUFF's; return line length */
-unsigned ap_proxy_bputs2(const char *data, BUFF *client, cache_req *cache)
-{
-    unsigned len = ap_bputs(data, client);
-    if (cache != NULL && cache->fp != NULL)
-        ap_bputs(data, cache->fp);
-    return len;
-}
-
-/* do a HTTP/1.1 age calculation */
-time_t ap_proxy_current_age(cache_req *c, const time_t age_value)
-{
-    time_t apparent_age, corrected_received_age, response_delay, corrected_initial_age,
-           resident_time, current_age;
-
-    /* Perform an HTTP/1.1 age calculation. (RFC2616 13.2.3) */
-
-    apparent_age = MAX(0, c->resp_time - c->date);
-    corrected_received_age = MAX(apparent_age, age_value);
-    response_delay = c->resp_time - c->req_time;
-    corrected_initial_age = corrected_received_age + response_delay;
-    resident_time = time(NULL) - c->resp_time;
-    current_age = corrected_initial_age + resident_time;
-
-    return (current_age);
-}
-
-/* open a cache file and return a pointer to a BUFF */
-BUFF *ap_proxy_open_cachefile(request_rec *r, char *filename)
-{
-    BUFF *cachefp = NULL;
-    int cfd;
-
-    if (filename != NULL) {
-        cfd = open(filename, O_RDWR | O_BINARY);
-        if (cfd != -1) {
-            ap_note_cleanups_for_fd(r->pool, cfd);
-            cachefp = ap_bcreate(r->pool, B_RD | B_WR);
-            ap_bpushfd(cachefp, cfd, cfd);
-        }
-        else if (errno != ENOENT)
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "proxy: error opening cache file %s",
-                          filename);
-        else
-            ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, r->server, "File %s not found", filename);
-
-    }
-    return cachefp;
-}
-
-/* create a cache file and return a pointer to a BUFF */
-BUFF *ap_proxy_create_cachefile(request_rec *r, char *filename)
-{
-    BUFF *cachefp = NULL;
-    int cfd;
-
-    if (filename != NULL) {
-        cfd = open(filename, O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0622);
-        if (cfd != -1) {
-            ap_note_cleanups_for_fd(r->pool, cfd);
-            cachefp = ap_bcreate(r->pool, B_WR);
-            ap_bpushfd(cachefp, -1, cfd);
-        }
-        else if (errno != ENOENT)
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                          "proxy: error creating cache file %s",
-                          filename);
-    }
-    return cachefp;
-}
-
-/* Clear all connection-based headers from headers table */
-void ap_proxy_clear_connection(pool *p, table *headers)
-{
-    const char *name;
-    char *next = ap_pstrdup(p, ap_table_get(headers, "Connection"));
-
-    /* Some proxies (Squid, ICS) use the non-standard "Proxy-Connection" header. */
-    ap_table_unset(headers, "Proxy-Connection");
-
-    if (next != NULL) {
-        while (*next) {
-            name = next;
-            while (*next && !ap_isspace(*next) && (*next != ','))
-                ++next;
-            while (ap_isspace(*next) || (*next == ',')) {
-                *next = '\0';
-                ++next;
-            }
-            ap_table_unset(headers, name);
-        }
-        ap_table_unset(headers, "Connection");
-    }
-
-    /* unset hop-by-hop headers defined in RFC2616 13.5.1 */
-    ap_table_unset(headers,"Keep-Alive");
-    /*
-     * XXX: @@@ FIXME: "Proxy-Authenticate" should IMO *not* be stripped
-     * because in a chain of proxies some "front" proxy might need
-     * proxy authentication, while a "back-end" proxy which needs none can
-     * simply pass the "Proxy-Authenticate" back to the client, and pass
-     * the client's "Proxy-Authorization" to the front-end proxy.
-     * (See the note in proxy_http.c for the "Proxy-Authorization" case.)
-     *
-     *   MnKr 04/2002
-     */
-    ap_table_unset(headers,"Proxy-Authenticate");
-    ap_table_unset(headers,"TE");
-    ap_table_unset(headers,"Trailer");
-    /* it is safe to just chop the transfer-encoding header
-     * here, because proxy doesn't support any other encodings
-     * to the backend other than chunked.
-     */
-    ap_table_unset(headers,"Transfer-Encoding");
-    ap_table_unset(headers,"Upgrade");
-
-}
-
-/* overlay one table on another
- * keys in base will be replaced by keys in overlay
- *
- * Note: this has to be done in a special way, due
- * to some nastiness when it comes to having multiple
- * headers in the overlay table. First, we remove all
- * the headers in the base table that are found in the
- * overlay table, then we simply concatenate the
- * tables together.
- *
- * The base and overlay tables need not be in the same
- * pool (and probably won't be).
- *
- * If the base table is changed in any way through
- * being overlayed with the overlay table, this
- * function returns a 1.
- */
-int ap_proxy_table_replace(table *base, table *overlay)
-{
-    table_entry *elts = (table_entry *)overlay->a.elts;
-    int i, q = 0;
-    const char *val;
-
-    /* remove overlay's keys from base */
-    for (i = 0; i < overlay->a.nelts; ++i) {
-        val = ap_table_get(base, elts[i].key);
-        if (!val || strcmp(val, elts[i].val)) {
-            q = 1;
-        }
-        if (val) {
-            ap_table_unset(base, elts[i].key);
-        }
-    }
-
-    /* add overlay to base */
-    for (i = 0; i < overlay->a.nelts; ++i) {
-        ap_table_add(base, elts[i].key, elts[i].val);
-    }
-
-    return q;
-}
-
-/* read the response line
- * This function reads a single line of response from the server,
- * and returns a status code.
- * It also populates the request_rec with the resultant status, and
- * returns backasswards status (HTTP/0.9).
- */
-int ap_proxy_read_response_line(BUFF *f, request_rec *r, char *buffer, int size, int *backasswards, int *major, int *minor) {
-
-    long len;
-
-    len = ap_getline(buffer, size-1, f, 0);
-    if (len == -1) {
-        ap_bclose(f);
-        ap_kill_timeout(r);
-        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                             "Error reading from remote server");
-    }
-    else if (len == 0) {
-        ap_bclose(f);
-        ap_kill_timeout(r);
-        return ap_proxyerror(r, HTTP_BAD_GATEWAY,
-                             "Document contains no data");
-    }
-
-    /*
-     * Is it an HTTP/1 response? Do some sanity checks on the response. (This
-     * is buggy if we ever see an HTTP/1.10)
-     */
-    if (ap_checkmask(buffer, "HTTP/#.# ###*")) {
-
-        if (2 != sscanf(buffer, "HTTP/%u.%u", major, minor)) {
-            /* if no response, default to HTTP/1.1 - is this correct? */
-            *major = 1;
-            *minor = 1;
-        }
-
-        /* If not an HTTP/1 message */
-        if (*major < 1) {
-            ap_bclose(f);
-            ap_kill_timeout(r);
-            return HTTP_BAD_GATEWAY;
-        }
-        *backasswards = 0;
-
-        /* there need not be a reason phrase in the response,
-	 * and ap_getline() already deleted trailing whitespace.
-	 * But RFC2616 requires a SP after the Status-Code. Add one:
-	 */
-	if (strlen(buffer) < sizeof("HTTP/1.x 200 ")-1)
-	  buffer = ap_pstrcat(r->pool, buffer, " ", NULL);
-        buffer[12] = '\0';
-        r->status = atoi(&buffer[9]);
-        buffer[12] = ' ';
-        r->status_line = ap_pstrdup(r->pool, &buffer[9]);
-
-        /* if the response was 100 continue, soak up any headers */
-        if (r->status == 100) {
-            ap_proxy_read_headers(r, buffer, size, f);
-        }
-
-    }
-    else {
-
-        /* an http/0.9 response */
-        *backasswards = 1;
-        r->status = 200;
-        r->status_line = "200 OK";
-        *major = 0;
-        *minor = 9;
-
-    }
-
-    return OK;
-
-}
-
-static struct per_thread_data *get_per_thread_data(void)
-{
-    static APACHE_TLS struct per_thread_data sptd;
-    return &sptd;
-}
diff --git a/usr.sbin/httpd/src/modules/ssl/Makefile.libdir b/usr.sbin/httpd/src/modules/ssl/Makefile.libdir
deleted file mode 100644
index a4a4c32080a..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/Makefile.libdir
+++ /dev/null
@@ -1,15 +0,0 @@
-##                      _             _ 
-##  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-## | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-## | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-## |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-##                      |_____|         
-##  Makefile.libdir 
-##  Apache 1.3 Configuration mechanism indicator file
-##
-
-This is a place-holder which indicates to Apache's Configure script that it
-shouldn't provide the default targets when building the Makefile in this
-directory.  Instead it'll just prepend all the important variable definitions,
-and copy the Makefile.tmpl onto the end.
-
diff --git a/usr.sbin/httpd/src/modules/ssl/Makefile.tmpl b/usr.sbin/httpd/src/modules/ssl/Makefile.tmpl
deleted file mode 100644
index b0dd6a2203f..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/Makefile.tmpl
+++ /dev/null
@@ -1,537 +0,0 @@
-##                      _             _ 
-##  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-## | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-## | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-## |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-##                      |_____|         
-##  Makefile.tmpl 
-##  Apache 1.3 Makefile template for SSL module (Unix environment)
-##
-
-##  ====================================================================
-##  Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
-## 
-##  Redistribution and use in source and binary forms, with or without
-##  modification, are permitted provided that the following conditions
-##  are met:
-## 
-##  1. Redistributions of source code must retain the above copyright
-##     notice, this list of conditions and the following disclaimer. 
-## 
-##  2. Redistributions in binary form must reproduce the above copyright
-##     notice, this list of conditions and the following
-##     disclaimer in the documentation and/or other materials
-##     provided with the distribution.
-## 
-##  3. All advertising materials mentioning features or use of this
-##     software must display the following acknowledgment:
-##     "This product includes software developed by 
-##      Ralf S. Engelschall  for use in the
-##      mod_ssl project (http://www.modssl.org/)."
-## 
-##  4. The names "mod_ssl" must not be used to endorse or promote
-##     products derived from this software without prior written
-##     permission. For written permission, please contact
-##     rse@engelschall.com.
-## 
-##  5. Products derived from this software may not be called "mod_ssl"
-##     nor may "mod_ssl" appear in their names without prior
-##     written permission of Ralf S. Engelschall.
-## 
-##  6. Redistributions of any form whatsoever must retain the following
-##     acknowledgment:
-##     "This product includes software developed by 
-##      Ralf S. Engelschall  for use in the
-##      mod_ssl project (http://www.modssl.org/)."
-## 
-##  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-##  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-##  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-##  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-##  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-##  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-##  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-##  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-##  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-##  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-##  OF THE POSSIBILITY OF SUCH DAMAGE.
-##  ====================================================================
-##
-                             #
-                             # ``I cannot write a program which is
-                             #   as popular as one from Larry Wall.
-                             #   But I can write one which is from me.''
-                             #                     -- RSE
-
-LIB=libssl.$(LIBEXT)
-
-OBJS=\
- mod_ssl.o\
- ssl_engine_config.o\
- ssl_engine_compat.o\
- ssl_engine_ds.o\
- ssl_engine_dh.o\
- ssl_engine_init.o\
- ssl_engine_kernel.o\
- ssl_engine_rand.o\
- ssl_engine_io.o\
- ssl_engine_log.o\
- ssl_engine_mutex.o\
- ssl_engine_pphrase.o\
- ssl_engine_vars.o\
- ssl_engine_ext.o\
- ssl_scache.o\
- ssl_scache_dbm.o\
- ssl_scache_shmht.o\
- ssl_scache_shmcb.o\
- ssl_expr.o\
- ssl_expr_scan.o\
- ssl_expr_parse.o\
- ssl_expr_eval.o\
- ssl_util.o\
- ssl_util_ssl.o\
- ssl_util_table.o\
- $(SSL_VENDOR_OBJS)
-
-OBJS_PIC=\
- mod_ssl.lo\
- ssl_engine_config.lo\
- ssl_engine_compat.lo\
- ssl_engine_ds.lo\
- ssl_engine_dh.lo\
- ssl_engine_init.lo\
- ssl_engine_kernel.lo\
- ssl_engine_rand.lo\
- ssl_engine_io.lo\
- ssl_engine_log.lo\
- ssl_engine_mutex.lo\
- ssl_engine_pphrase.lo\
- ssl_engine_vars.lo\
- ssl_engine_ext.lo\
- ssl_scache.lo\
- ssl_scache_dbm.lo\
- ssl_scache_shmht.lo\
- ssl_scache_shmcb.lo\
- ssl_expr.lo\
- ssl_expr_scan.lo\
- ssl_expr_parse.lo\
- ssl_expr_eval.lo\
- ssl_util.lo\
- ssl_util_ssl.lo\
- ssl_util_table.lo\
- $(SSL_VENDOR_OBJS_PIC)
-
-##
-##  END-USER AREA
-##
-
-all: lib
-
-lib: $(LIB)
-
-libssl.a: $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-libssl.so: $(OBJS_PIC)
-	rm -f $@
-	$(LD_SHLIB) $(SSL_LDFLAGS) $(LDFLAGS_SHLIB) -o $@ $(OBJS_PIC) $(SSL_LIBS) $(LIBS_SHLIB) 
-
-.SUFFIXES: .o .lo
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $(SSL_CFLAGS) $(SSL_VERSION) $<
-
-.c.lo:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $(CFLAGS_SHLIB) $(SSL_CFLAGS) $(SSL_VERSION) $< && mv $*.o $*.lo
-
-clean:
-	rm -f $(OBJS) $(OBJS_PIC) 
-	rm -f libssl.a libssl.so
-
-realclean: clean
-	rm -f ssl_expr_parse.c ssl_expr_parse.h
-	rm -f ssl_expr_scan.c
-	rm -f stamp_parse
-
-distclean: clean
-	-rm -f Makefile
-
-##
-##  DEVELOPER AREA
-##  We really don't expect end users to use these targets!
-##
-
-ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h
-	flex -Pssl_expr_yy -s -B ssl_expr_scan.l
-	sed -e '/$$Header:/d' ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
-
-stamp_parse: ssl_expr_parse.y
-	yacc -d ssl_expr_parse.y
-	touch $@
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
-	    ssl_expr_parse.c && rm -f y.tab.c
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    ssl_expr_parse.h && rm -f y.tab.h
-
-ssl_expr_parse.c ssl_expr_parse.h: stamp_parse
-	yacc -d ssl_expr_parse.y
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
-	    ssl_expr_parse.c && rm -f y.tab.c
-	sed -e 's;yy;ssl_expr_yy;g' \
-	    ssl_expr_parse.h && rm -f y.tab.h
-
-nocons:
-	@$(MAKE) $(MFLAGS) $(MFLAGS_STATIC) \
-	     SSL_CFLAGS="`echo $(SSL_CFLAGS) |\
-	     sed -e 's;-DSSL_CONSERVATIVE;;'`" all
-
-cons:
-	@$(MAKE) $(MFLAGS) $(MFLAGS_STATIC) \
-	     SSL_CFLAGS="`echo $(SSL_CFLAGS) |\
-	     sed -e 's;-DSSL_CONSERVATIVE;;' \
-	         -e 's;^;-DSSL_CONSERVATIVE ;'`" all
-noexp:
-	@$(MAKE) $(MFLAGS) $(MFLAGS_STATIC) \
-	     SSL_CFLAGS="`echo $(SSL_CFLAGS) |\
-	     sed -e 's;-DSSL_EXPERIMENTAL;;'`" all
-
-exp:
-	@$(MAKE) $(MFLAGS) $(MFLAGS_STATIC) \
-	     SSL_CFLAGS="`echo $(SSL_CFLAGS) |\
-	     sed -e 's;-DSSL_EXPERIMENTAL;;' \
-	         -e 's;^;-DSSL_EXPERIMENTAL ;'`" all
-
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) $(SSL_CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s; $(INCDIR)/; $$(INCDIR)/;g' \
-	           -e '1,$$s; $(OSDIR)/; $$(OSDIR)/;g' \
-	           -e '1,$$s;^\([a-z0-9_]*\)\.o:;\1.o \1.lo:;g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-##
-##  DEPENDENCY AREA
-##
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_ssl.o mod_ssl.lo: mod_ssl.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_compat.o ssl_engine_compat.lo: ssl_engine_compat.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_config.o ssl_engine_config.lo: ssl_engine_config.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_dh.o ssl_engine_dh.lo: ssl_engine_dh.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_ds.o ssl_engine_ds.lo: ssl_engine_ds.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_ext.o ssl_engine_ext.lo: ssl_engine_ext.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_init.o ssl_engine_init.lo: ssl_engine_init.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_io.o ssl_engine_io.lo: ssl_engine_io.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_kernel.o ssl_engine_kernel.lo: ssl_engine_kernel.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_log.o ssl_engine_log.lo: ssl_engine_log.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_mutex.o ssl_engine_mutex.lo: ssl_engine_mutex.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_pphrase.o ssl_engine_pphrase.lo: ssl_engine_pphrase.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_rand.o ssl_engine_rand.lo: ssl_engine_rand.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_engine_vars.o ssl_engine_vars.lo: ssl_engine_vars.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_expr.o ssl_expr.lo: ssl_expr.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_expr_eval.o ssl_expr_eval.lo: ssl_expr_eval.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_expr_parse.o ssl_expr_parse.lo: ssl_expr_parse.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_expr_scan.o ssl_expr_scan.lo: ssl_expr_scan.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h \
- ssl_expr_parse.h
-ssl_scache.o ssl_scache.lo: ssl_scache.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_scache_dbm.o ssl_scache_dbm.lo: ssl_scache_dbm.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_scache_shmcb.o ssl_scache_shmcb.lo: ssl_scache_shmcb.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_scache_shmht.o ssl_scache_shmht.lo: ssl_scache_shmht.c mod_ssl.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_util.o ssl_util.lo: ssl_util.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_util_sdbm.o ssl_util_sdbm.lo: ssl_util_sdbm.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_util_ssl.o ssl_util_ssl.lo: ssl_util_ssl.c mod_ssl.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(OSDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
- $(INCDIR)/httpd.h $(INCDIR)/ap_mm.h $(INCDIR)/ap_alloc.h \
- $(INCDIR)/ap_hook.h $(INCDIR)/ap_ctx.h $(INCDIR)/buff.h \
- $(INCDIR)/ap.h $(INCDIR)/util_uri.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_conf_globals.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/util_md5.h $(INCDIR)/ap_md5.h \
- $(INCDIR)/fnmatch.h ssl_expr.h ssl_util_ssl.h ssl_util_table.h
-ssl_util_table.o ssl_util_table.lo: ssl_util_table.c ssl_util_table.h
diff --git a/usr.sbin/httpd/src/modules/ssl/README b/usr.sbin/httpd/src/modules/ssl/README
deleted file mode 100644
index ca9e225bf83..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/README
+++ /dev/null
@@ -1,163 +0,0 @@
-                      _             _ 
-  _ __ ___   ___   __| |    ___ ___| |
- | '_ ` _ \ / _ \ / _` |   / __/ __| | 
- | | | | | | (_) | (_| |   \__ \__ \ | ``mod_ssl combines the flexibility of
- |_| |_| |_|\___/ \__,_|___|___/___/_|   Apache with the security of OpenSSL.''
-                      |_____|                                           
- mod_ssl                               ``Ralf Engelschall has released an
- Apache Interface to OpenSSL             excellent module that integrates
- http://www.modssl.org/                  Apache and SSLeay.''                 
- Version 2.8                                               -- Tim J. Hudson
-
- SYNOPSIS
-
- This Apache module provides strong cryptography for the Apache 1.3 webserver
- via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
- v1) protocols by the help of the SSL/TLS implementation library OpenSSL which
- is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package
- was created in April 1998 by Ralf S. Engelschall and was originally derived
- from software developed by Ben Laurie for use in the Apache-SSL HTTP server
- project. 
-
- SOURCES
-
- Here is a short overview of the source files:
-
-   Makefile.libdir ......... dummy for Apache config mechanism
-   Makefile.tmpl ........... Makefile template for Unix  platform
-   Makefile.win32 .......... Makefile template for Win32 platform
-   libssl.module ........... stub called from the Apache config mechanism
-   libssl.version .......... file containing the mod_ssl version information
-   mod_ssl.c ............... main source file containing API structures
-   mod_ssl.h ............... common header file of mod_ssl
-   ssl_engine_compat.c ..... backward compatibility support
-   ssl_engine_config.c ..... module configuration handling
-   ssl_engine_dh.c ......... DSA/DH support
-   ssl_engine_ds.c ......... data structures
-   ssl_engine_ext.c ........ Extensions to other Apache parts
-   ssl_engine_init.c ....... module initialization
-   ssl_engine_io.c ......... I/O support
-   ssl_engine_kernel.c ..... SSL engine kernel
-   ssl_engine_log.c ........ logfile support
-   ssl_engine_mutex.c ...... mutual exclusion support
-   ssl_engine_pphrase.c .... pass-phrase handling
-   ssl_engine_rand.c ....... PRNG support
-   ssl_engine_vars.c ....... Variable Expansion support
-   ssl_expr.c .............. expression handling main source
-   ssl_expr.h .............. expression handling common header
-   ssl_expr_scan.c ......... expression scanner automaton (pre-generated)
-   ssl_expr_scan.l ......... expression scanner source
-   ssl_expr_parse.c ........ expression parser automaton  (pre-generated)
-   ssl_expr_parse.h ........ expression parser header     (pre-generated)
-   ssl_expr_parse.y ........ expression parser source
-   ssl_expr_eval.c ......... expression machine evaluation
-   ssl_scache.c ............ session cache abstraction layer
-   ssl_scache_dbm.c ........ session cache via DBM file
-   ssl_scache_shmcb.c ...... session cache via shared memory cyclic buffer
-   ssl_scache_shmht.c ...... session cache via shared memory hash table
-   ssl_util.c .............. utility functions
-   ssl_util_ssl.c .......... the OpenSSL companion source
-   ssl_util_ssl.h .......... the OpenSSL companion header
-   ssl_util_sdbm.c ......... the SDBM library source
-   ssl_util_sdbm.h ......... the SDBM library header
-   ssl_util_table.c ........ the hash table library source
-   ssl_util_table.h ........ the hash table library header
-
- The source files are written in clean ANSI C and pass the ``gcc -O -g
- -ggdb3 -Wall -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
- -Wmissing-declarations -Wnested-externs -Winline'' compiler test
- (assuming `gcc' is GCC 2.95.2 or newer) without any complains. When
- you make changes or additions make sure the source still passes this
- compiler test.
-
- FUNCTIONS
-  
- Inside the source code you will be confronted with the following types of
- functions which can be identified by their prefixes:
-
-   ap_xxxx() ............... Apache API function
-   ssl_xxxx() .............. mod_ssl function
-   SSL_xxxx() .............. OpenSSL function (SSL library)
-   OpenSSL_xxxx() .......... OpenSSL function (SSL library)
-   X509_xxxx() ............. OpenSSL function (Crypto library)
-   PEM_xxxx() .............. OpenSSL function (Crypto library)
-   EVP_xxxx() .............. OpenSSL function (Crypto library)
-   RSA_xxxx() .............. OpenSSL function (Crypto library)
-
- DATA STRUCTURES
-
- Inside the source code you will be confronted with the following
- data structures:
-
-   ap_ctx .................. Apache EAPI Context
-   server_rec .............. Apache (Virtual) Server
-   conn_rec ................ Apache Connection
-   BUFF .................... Apache Connection Buffer
-   request_rec ............. Apache Request
-   SSLModConfig ............ mod_ssl (Global)  Module Configuration
-   SSLSrvConfig ............ mod_ssl (Virtual) Server Configuration
-   SSLDirConfig ............ mod_ssl Directory Configuration
-   SSL_CTX ................. OpenSSL Context
-   SSL_METHOD .............. OpenSSL Protocol Method
-   SSL_CIPHER .............. OpenSSL Cipher
-   SSL_SESSION ............. OpenSSL Session
-   SSL ..................... OpenSSL Connection
-   BIO ..................... OpenSSL Connection Buffer
-
- For an overview how these are related and chained together have a look at the
- page in README.dsov.{fig,ps}. It contains overview diagrams for those data
- structures. It's designed for DIN A4 paper size, but you can easily generate
- a smaller version inside XFig by specifing a magnification on the Export
- panel.
-
- EXPERIMENTAL CODE
-
- Experimental code is always encapsulated as following:
-
-   | #ifdef SSL_EXPERIMENTAL_xxxx
-   | ...
-   | #endif
-
- This way it is only compiled in when this define is enabled with
- the APACI --enable-rule=SSL_EXPERIMENTAL option and as long as the
- C pre-processor variable SSL_EXPERIMENTAL_xxxx_IGNORE is _NOT_
- defined (via CFLAGS). Or in other words: SSL_EXPERIMENTAL enables all
- SSL_EXPERIMENTAL_xxxx variables, except if SSL_EXPERIMENTAL_xxxx_IGNORE
- is already defined. Currently the following features are experimental:
-
-   o SSL_EXPERIMENTAL_PERDIRCA
-     The ability to use SSLCACertificateFile and SSLCACertificatePath
-     in a per-directory context (.htaccess). This is provided by some nasty
-     reconfiguration hacks until OpenSSL has better support for this. It
-     should work on non-multithreaded platforms (all but Win32).
-
-   o SSL_EXPERIMENTAL_PROXY
-     The ability to use various additional SSLProxyXXX directives in
-     oder to control extended client functionality in the HTTPS proxy
-     code.
-
-   o SSL_EXPERIMENTAL_ENGINE
-     The ability to support the new forthcoming OpenSSL ENGINE stuff.
-     Until this development branch of OpenSSL is merged into the main
-     stream, you have to use openssl-engine-0.9.x.tar.gz for this.
-     mod_ssl automatically recognizes this OpenSSL variant and then can
-     activate external crypto devices through SSLCryptoDevice directive.
-
- VENDOR EXTENSIONS
-
- Inside the mod_ssl sources you can enable various EAPI vendor hooks
- (`ap::mod_ssl::vendor::xxxx') by using the APACI --enable-rule=SSL_VENDOR
- option.  These hooks can be used to change or extend mod_ssl by a vendor
- without patching the source code. Grep for `ap::mod_ssl::vendor::'.
- Additionally vendors can add their own source code to files named
- ssl_vendor.c, ssl_vendor_XXX.c, etc.  The libssl.module script automatically
- picks these up under configuration time and mod_ssl under run-time calls the
- functions `void ssl_vendor_register(void)' and `void
- ssl_vendor_unregister(void)' inside these objects to bootstrap them.
-
- An ssl_vendor.c should at least contain the following contents:
-
-   |  #include "mod_ssl.h"
-   |  void ssl_vendor_register(void) { return; }
-   |  void ssl_vendor_unregister(void) { return; }
-
diff --git a/usr.sbin/httpd/src/modules/ssl/README.dsov.fig b/usr.sbin/httpd/src/modules/ssl/README.dsov.fig
deleted file mode 100644
index d8d03db247c..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/README.dsov.fig
+++ /dev/null
@@ -1,346 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Metric
-Letter  
-100.00
-Single
--2
-1200 2
-0 32 #616561
-0 33 #b6b2b6
-0 34 #f7f3f7
-0 35 #cfcfcf
-0 36 #ffffff
-6 6345 2835 7155 3150
-6 6345 2970 7110 3150
-4 0 0 200 0 20 8 0.0000 4 120 585 6345 3105 "ssl_module")\001
--6
-4 0 0 200 0 20 8 0.0000 4 120 660 6345 2970 ap_ctx_get(...,\001
--6
-6 10800 2610 12240 3060
-4 0 0 200 0 20 8 0.0000 4 120 1170 10800 2745 ap_get_module_config(...\001
-4 0 0 200 0 20 8 0.0000 4 120 795 10800 2880 ->per_dir_config,\001
-4 0 0 200 0 20 8 0.0000 4 120 585 10800 3015 &ssl_module)\001
--6
-6 7920 4770 9135 4995
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 9135 4995 7920 4995 7920 4770 9135 4770 9135 4995
-4 0 0 100 0 18 12 0.0000 4 180 1065 8010 4950 request_rec\001
--6
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 6975 3330 7425 2520
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 7200 4230 9450 2520
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 7875 4905 7200 5220
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 6750 5130 6750 4545
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 6705 5445 7155 6120
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 7875 4815 7200 4590
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9585 2565 11475 4230
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 10170 5130 11835 4545
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 7920 6075 9855 5400
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9990 5445 10935 5625
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 10215 5310 10935 5310
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 11925 4590 11925 5085
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9810 5490 9810 6840
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9945 5445 10935 6030
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 8865 4725 10800 2565
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 675 6075 5850 6075
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 675 6525 675 6075
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 5850 6075 5850 6525
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 900 5625 5625 5625
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 1125 5175 5400 5175
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 1350 4725 5175 4725
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 1575 4275 4950 4275
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 1800 3825 4725 3825
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2025 3375 4500 3375
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2250 2925 4275 2925
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2475 2475 4050 2475
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2700 2025 3825 2025
-2 1 0 3 0 34 200 0 20 0.000 0 0 -1 0 0 2
-	 2925 1575 3600 1575
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 900 6075 900 5625
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 1125 6525 1125 5175
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 1350 5175 1350 4725
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 1575 4725 1575 4275
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 1800 6525 1800 3825
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2025 3825 2025 3375
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2250 3375 2250 2925
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2475 2925 2475 2475
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 5625 5625 5625 6075
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 5400 5175 5400 6525
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 5175 4725 5175 5175
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4950 4275 4950 4725
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4725 3825 4725 6525
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4500 3375 4500 3825
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4275 2925 4275 3375
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 4050 2475 4050 2925
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2700 6525 2700 2025
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 3825 2025 3825 6525
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 0 1.00 60.00 120.00
-	 3600 1575 3600 2025
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 2925 2025 2925 1575
-2 1 0 4 0 0 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 4.00 60.00 120.00
-	 540 6525 6300 6525
-2 3 0 1 7 7 800 0 20 0.000 0 0 -1 0 0 9
-	 675 6525 5850 6525 5850 6075 5625 6075 5625 5625 900 5625
-	 900 6075 675 6075 675 6525
-2 3 0 1 34 34 700 0 20 0.000 0 0 -1 0 0 13
-	 1125 6525 5355 6525 5400 5175 5175 5175 5175 4725 4950 4725
-	 4950 4275 1575 4275 1575 4725 1350 4725 1350 5175 1125 5175
-	 1125 6525
-2 3 0 1 35 35 500 0 20 0.000 0 0 -1 0 0 17
-	 1800 6525 4725 6525 4725 3825 4500 3825 4500 3375 4275 3375
-	 4275 2925 4050 2925 4050 2475 2475 2475 2475 2925 2250 2925
-	 2250 3375 2025 3375 2025 3825 1800 3825 1800 6525
-2 3 0 1 33 33 400 0 20 0.000 0 0 -1 0 0 9
-	 2700 6525 3825 6525 3825 2025 3600 2025 3600 1575 2925 1575
-	 2925 2025 2700 2025 2700 6525
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
-	2 0 1.00 60.00 120.00
-	2 0 1.00 60.00 120.00
-	 2700 6750 3825 6750
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
-	2 0 1.00 60.00 120.00
-	2 0 1.00 60.00 120.00
-	 1125 7200 5400 7200
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
-	2 0 1.00 60.00 120.00
-	2 0 1.00 60.00 120.00
-	 1800 6975 4725 6975
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 1 2
-	2 0 1.00 60.00 120.00
-	2 0 1.00 60.00 120.00
-	 675 7425 5850 7425
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 675 6570 675 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 1125 6570 1125 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 1800 6570 1800 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 2700 6570 2700 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 3825 6570 3825 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 4725 6570 4725 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 5400 6570 5400 7650
-2 1 2 1 0 34 200 0 20 3.000 0 1 -1 0 0 2
-	 5850 6570 5850 7650
-2 4 0 2 0 7 100 0 -1 0.000 0 0 20 0 0 5
-	 12600 8550 450 8550 450 225 12600 225 12600 8550
-2 4 0 1 0 34 200 0 20 0.000 0 0 20 0 0 5
-	 12600 1350 450 1350 450 225 12600 225 12600 1350
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 10170 2475 8775 2475 8775 2250 10170 2250 10170 2475
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 11925 2475 10575 2475 10575 2250 11925 2250 11925 2475
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12375 4500 11430 4500 11430 4275 12375 4275 12375 4500
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12375 5400 10980 5400 10980 5175 12375 5175 12375 5400
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 10170 5400 9675 5400 9675 5175 10170 5175 10170 5400
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 7875 6300 7200 6300 7200 6075 7875 6075 7875 6300
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 8190 2475 6750 2475 6750 2250 8190 2250 8190 2475
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 7605 3600 6300 3600 6300 3375 7605 3375 7605 3600
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 7335 4500 6300 4500 6300 4275 7335 4275 7335 4500
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 7200 5400 6300 5400 6300 5175 7200 5175 7200 5400
-2 1 0 6 7 7 600 0 -1 0.000 0 0 -1 0 0 2
-	 9450 4500 6075 1935
-2 1 0 6 7 7 600 0 -1 0.000 0 0 4 0 0 2
-	 9450 4500 12465 2205
-2 1 0 6 7 7 600 0 -1 0.000 0 0 4 0 0 2
-	 9450 4500 9450 7785
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9630 5310 7245 5310
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 11385 4365 7380 4365
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12240 5805 10980 5805 10980 5580 12240 5580 12240 5805
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12375 6210 10980 6210 10980 5985 12375 5985 12375 6210
-2 1 0 1 0 34 200 0 20 0.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 11205 6885 9900 5445
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 12285 7155 10530 7155 10530 6930 12285 6930 12285 7155
-2 4 0 1 35 35 200 0 20 0.000 0 0 4 0 0 5
-	 10170 7155 9630 7155 9630 6930 10170 6930 10170 7155
-2 1 0 6 7 7 600 0 -1 0.000 0 0 4 0 0 2
-	 12510 6435 9450 6435
-2 1 0 1 0 34 300 0 20 0.000 0 0 7 1 0 4
-	1 1 1.00 60.00 120.00
-	 12375 4455 12510 4635 12510 6210 11970 6885
-2 1 2 1 0 34 200 0 20 1.000 0 0 -1 1 0 2
-	1 1 1.00 60.00 120.00
-	 9850 5143 9175 4918
-3 1 0 1 34 34 800 0 20 0.000 0 0 0 41
-	 7380 1710 6390 2115 5535 2115 6075 3015 5670 3465 6165 3915
-	 5715 4410 6030 5040 6030 5310 6480 5715 6390 6255 6975 6300
-	 7065 6975 7965 6750 8100 7560 8955 7290 9360 7740 9720 7560
-	 10755 8145 12060 8280 12375 7650 12420 7200 12510 7065 12330 6660
-	 12510 6390 12420 5940 12375 5400 12510 5220 12510 4725 12600 4275
-	 12375 3645 12105 3240 12150 2745 12375 2700 12330 1980 11790 1575
-	 11250 1935 10125 1485 8955 2070 7785 1620 7695 1575
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
-	 1.000
-4 0 0 100 0 0 12 0.0000 4 180 1440 10575 675 Ralf S. Engelschall\001
-4 0 0 100 0 18 20 0.0000 4 270 3840 4275 675 Apache+mod_ssl+OpenSSL\001
-4 0 0 100 0 0 10 0.0000 4 135 1320 10575 855 rse@engelschall.com\001
-4 0 0 100 0 0 10 0.0000 4 135 1410 10575 1035 www.engelschall.com\001
-4 0 0 100 0 0 12 0.0000 4 135 870 900 675 Version 1.3\001
-4 0 0 100 0 0 12 0.0000 4 180 1035 900 855 12-Apr-1999\001
-4 0 0 200 0 20 8 0.0000 4 60 390 6210 4680 ->server\001
-4 0 0 200 0 20 8 0.0000 4 120 855 8280 6120 ap_ctx_get(...,"ssl")\001
-4 0 0 200 0 20 8 0.0000 4 120 1170 7740 2700 ap_get_module_config(...\001
-4 0 0 200 0 20 8 0.0000 4 120 810 7740 2835 ->module_config,\001
-4 0 0 200 0 20 8 0.0000 4 120 585 7740 2970 &ssl_module)\001
-4 0 0 100 0 18 20 0.0000 4 270 1200 9000 8100 Chaining\001
-4 0 0 100 0 18 20 0.0000 4 210 1095 2745 8100 Lifetime\001
-4 0 0 100 0 18 12 0.0000 4 180 1215 810 6255 ap_global_ctx\001
-4 0 0 100 0 18 12 0.0000 4 180 1305 990 5805 SSLModConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 840 4050 4455 SSL_CTX\001
-4 0 0 100 0 18 12 0.0000 4 150 975 4455 5355 server_rec\001
-4 0 0 100 0 18 12 0.0000 4 180 1260 3870 4905 SSLSrvConfig\001
-4 0 0 100 0 18 12 0.0000 4 135 480 1845 4005 BUFF\001
-4 0 0 100 0 18 12 0.0000 4 150 810 2070 3555 conn_rec\001
-4 0 0 100 0 18 12 0.0000 4 135 345 2295 3105 BIO\001
-4 0 0 100 0 18 12 0.0000 4 135 375 2565 2655 SSL\001
-4 0 0 100 0 18 12 0.0000 4 180 1185 3645 1620 SSLDirConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 1065 3915 2070 request_rec\001
-4 0 0 200 0 0 8 0.0000 4 120 1440 900 7560 Startup, Runtime, Shutdown\001
-4 0 0 200 0 0 8 0.0000 4 105 975 1350 7335 Configuration Time\001
-4 0 0 200 0 0 8 0.0000 4 90 1050 2025 7110 Connection Duration\001
-4 0 0 200 0 0 8 0.0000 4 120 885 2835 6885 Request Duration\001
-4 0 0 200 0 18 20 0.0000 4 195 90 6345 6795 t\001
-4 0 0 200 0 20 8 0.0000 4 90 345 7110 5985 ->client\001
-4 0 0 100 0 18 12 0.0000 4 180 1305 6795 2430 SSLModConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 1260 8865 2430 SSLSrvConfig\001
-4 0 0 100 0 18 12 0.0000 4 180 1215 6345 3555 ap_global_ctx\001
-4 0 0 100 0 18 12 0.0000 4 150 975 6345 4455 server_rec\001
-4 0 0 100 0 18 12 0.0000 4 150 810 6345 5355 conn_rec\001
-4 0 0 100 0 18 12 0.0000 4 135 375 9720 5355 SSL\001
-4 0 0 100 0 18 12 0.0000 4 180 1185 10665 2430 SSLDirConfig\001
-4 0 0 100 0 18 12 0.0000 4 135 480 7290 6255 BUFF\001
-4 0 0 100 0 18 12 0.0000 4 180 1305 11025 5355 SSL_METHOD\001
-4 0 0 100 0 18 12 0.0000 4 180 840 11475 4455 SSL_CTX\001
-4 0 0 100 0 18 24 0.0000 4 285 4365 3915 1080 Data Structure Overview\001
-4 0 0 200 0 20 8 0.0000 4 90 615 7065 5085 ->connection\001
-4 0 0 200 0 20 8 0.0000 4 60 390 7065 4770 ->server\001
-4 0 0 200 0 20 8 0.0000 4 120 960 8010 5445 SSL_get_app_data()\001
-4 0 0 200 0 20 8 0.0000 4 120 510 10530 4050 ->pSSLCtx\001
-4 0 0 200 0 20 8 0.0000 4 120 1215 7875 4275 SSL_CTX_get_app_data()\001
-4 0 0 200 0 20 8 0.0000 4 120 1155 10305 5535 SSL_get_current_cipher()\001
-4 0 0 100 0 18 12 0.0000 4 180 1170 11025 5760 SSL_CIPHER\001
-4 0 0 100 0 18 12 0.0000 4 180 1350 10980 6165 SSL_SESSION\001
-4 0 0 200 0 20 8 0.0000 4 120 840 10440 5940 SSL_get_session()\001
-4 0 0 100 0 18 12 0.0000 4 180 1665 10575 7110 X509_STORE_CTX\001
-4 0 0 100 0 18 12 0.0000 4 135 345 9720 7110 BIO\001
-4 0 0 200 0 20 8 0.0000 4 120 840 9540 7335 SSL_get_{r,w}bio()\001
-4 0 0 100 0 18 20 0.0000 4 270 1170 8730 3465 mod_ssl\001
-4 0 0 100 0 18 20 0.0000 4 270 1050 8145 6750 Apache\001
-4 0 0 200 0 20 8 0.0000 4 120 945 10125 4680 SSL_get_SSL_CTX()\001
-4 0 0 200 0 20 8 0.0000 4 120 1170 10350 5175 SSL_get_SSL_METHOD()\001
-4 0 0 200 0 20 8 0.0000 4 90 465 11745 4770 ->method\001
-4 0 0 200 0 20 8 0.0000 4 120 1665 9945 6480 X509_STORE_CTX_get_app_data()\001
-4 0 0 200 0 20 8 0.0000 4 120 1215 10980 6705 SSL_CTX_get_cert_store()\001
-4 0 0 200 0 20 8 0.0000 4 120 1020 8280 5130 SSL_get_app_data2()\001
-4 0 0 100 0 18 20 0.0000 4 270 1290 10710 7605 OpenSSL\001
-4 0 0 100 0 18 12 0.0000 4 180 720 10710 7785 [Crypto]\001
-4 0 0 100 0 18 20 0.0000 4 270 1290 10935 3645 OpenSSL\001
-4 0 0 100 0 18 12 0.0000 4 180 495 10935 3825 [SSL]\001
diff --git a/usr.sbin/httpd/src/modules/ssl/README.dsov.ps b/usr.sbin/httpd/src/modules/ssl/README.dsov.ps
deleted file mode 100644
index def19dbecfa..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/README.dsov.ps
+++ /dev/null
@@ -1,1138 +0,0 @@
-%!PS-Adobe-2.0
-%%Title: README.dsov.ps
-%%Creator: fig2dev Version 3.2 Patchlevel 1
-%%CreationDate: Mon Apr 12 17:09:11 1999
-%%For: rse@en1.engelschall.com (Ralf S. Engelschall)
-%%Orientation: Landscape
-%%BoundingBox: 59 37 553 755
-%%Pages: 1
-%%BeginSetup
-%%IncludeFeature: *PageSize Letter
-%%EndSetup
-%%Magnification: 0.9340
-%%EndComments
-/$F2psDict 200 dict def
-$F2psDict begin
-$F2psDict /mtrx matrix put
-/col-1 {0 setgray} bind def
-/col0 {0.000 0.000 0.000 srgb} bind def
-/col1 {0.000 0.000 1.000 srgb} bind def
-/col2 {0.000 1.000 0.000 srgb} bind def
-/col3 {0.000 1.000 1.000 srgb} bind def
-/col4 {1.000 0.000 0.000 srgb} bind def
-/col5 {1.000 0.000 1.000 srgb} bind def
-/col6 {1.000 1.000 0.000 srgb} bind def
-/col7 {1.000 1.000 1.000 srgb} bind def
-/col8 {0.000 0.000 0.560 srgb} bind def
-/col9 {0.000 0.000 0.690 srgb} bind def
-/col10 {0.000 0.000 0.820 srgb} bind def
-/col11 {0.530 0.810 1.000 srgb} bind def
-/col12 {0.000 0.560 0.000 srgb} bind def
-/col13 {0.000 0.690 0.000 srgb} bind def
-/col14 {0.000 0.820 0.000 srgb} bind def
-/col15 {0.000 0.560 0.560 srgb} bind def
-/col16 {0.000 0.690 0.690 srgb} bind def
-/col17 {0.000 0.820 0.820 srgb} bind def
-/col18 {0.560 0.000 0.000 srgb} bind def
-/col19 {0.690 0.000 0.000 srgb} bind def
-/col20 {0.820 0.000 0.000 srgb} bind def
-/col21 {0.560 0.000 0.560 srgb} bind def
-/col22 {0.690 0.000 0.690 srgb} bind def
-/col23 {0.820 0.000 0.820 srgb} bind def
-/col24 {0.500 0.190 0.000 srgb} bind def
-/col25 {0.630 0.250 0.000 srgb} bind def
-/col26 {0.750 0.380 0.000 srgb} bind def
-/col27 {1.000 0.500 0.500 srgb} bind def
-/col28 {1.000 0.630 0.630 srgb} bind def
-/col29 {1.000 0.750 0.750 srgb} bind def
-/col30 {1.000 0.880 0.880 srgb} bind def
-/col31 {1.000 0.840 0.000 srgb} bind def
-/col32 {0.380 0.396 0.380 srgb} bind def
-/col33 {0.714 0.698 0.714 srgb} bind def
-/col34 {0.969 0.953 0.969 srgb} bind def
-/col35 {0.812 0.812 0.812 srgb} bind def
-/col36 {1.000 1.000 1.000 srgb} bind def
-
-end
-save
-48.0 12.0 translate
- 90 rotate
-1 -1 scale
-
-/cp {closepath} bind def
-/ef {eofill} bind def
-/gr {grestore} bind def
-/gs {gsave} bind def
-/sa {save} bind def
-/rs {restore} bind def
-/l {lineto} bind def
-/m {moveto} bind def
-/rm {rmoveto} bind def
-/n {newpath} bind def
-/s {stroke} bind def
-/sh {show} bind def
-/slc {setlinecap} bind def
-/slj {setlinejoin} bind def
-/slw {setlinewidth} bind def
-/srgb {setrgbcolor} bind def
-/rot {rotate} bind def
-/sc {scale} bind def
-/sd {setdash} bind def
-/ff {findfont} bind def
-/sf {setfont} bind def
-/scf {scalefont} bind def
-/sw {stringwidth} bind def
-/tr {translate} bind def
-/tnt {dup dup currentrgbcolor
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add
-  4 -2 roll dup 1 exch sub 3 -1 roll mul add srgb}
-  bind def
-/shd {dup dup currentrgbcolor 4 -2 roll mul 4 -2 roll mul
-  4 -2 roll mul srgb} bind def
-/reencdict 12 dict def /ReEncode { reencdict begin
-/newcodesandnames exch def /newfontname exch def /basefontname exch def
-/basefontdict basefontname findfont def /newfont basefontdict maxlength dict def
-basefontdict { exch dup /FID ne { dup /Encoding eq
-{ exch dup length array copy newfont 3 1 roll put }
-{ exch newfont 3 1 roll put } ifelse } { pop pop } ifelse } forall
-newfont /FontName newfontname put newcodesandnames aload pop
-128 1 255 { newfont /Encoding get exch /.notdef put } for
-newcodesandnames length 2 idiv { newfont /Encoding get 3 1 roll put } repeat
-newfontname newfont definefont pop end } def
-/isovec [
-8#200 /grave 8#201 /acute 8#202 /circumflex 8#203 /tilde
-8#204 /macron 8#205 /breve 8#206 /dotaccent 8#207 /dieresis
-8#210 /ring 8#211 /cedilla 8#212 /hungarumlaut 8#213 /ogonek 8#214 /caron
-8#220 /dotlessi 8#230 /oe 8#231 /OE
-8#240 /space 8#241 /exclamdown 8#242 /cent 8#243 /sterling
-8#244 /currency 8#245 /yen 8#246 /brokenbar 8#247 /section 8#250 /dieresis
-8#251 /copyright 8#252 /ordfeminine 8#253 /guillemotleft 8#254 /logicalnot
-8#255 /endash 8#256 /registered 8#257 /macron 8#260 /degree 8#261 /plusminus
-8#262 /twosuperior 8#263 /threesuperior 8#264 /acute 8#265 /mu 8#266 /paragraph
-8#267 /periodcentered 8#270 /cedilla 8#271 /onesuperior 8#272 /ordmasculine
-8#273 /guillemotright 8#274 /onequarter 8#275 /onehalf
-8#276 /threequarters 8#277 /questiondown 8#300 /Agrave 8#301 /Aacute
-8#302 /Acircumflex 8#303 /Atilde 8#304 /Adieresis 8#305 /Aring
-8#306 /AE 8#307 /Ccedilla 8#310 /Egrave 8#311 /Eacute
-8#312 /Ecircumflex 8#313 /Edieresis 8#314 /Igrave 8#315 /Iacute
-8#316 /Icircumflex 8#317 /Idieresis 8#320 /Eth 8#321 /Ntilde 8#322 /Ograve
-8#323 /Oacute 8#324 /Ocircumflex 8#325 /Otilde 8#326 /Odieresis 8#327 /multiply
-8#330 /Oslash 8#331 /Ugrave 8#332 /Uacute 8#333 /Ucircumflex
-8#334 /Udieresis 8#335 /Yacute 8#336 /Thorn 8#337 /germandbls 8#340 /agrave
-8#341 /aacute 8#342 /acircumflex 8#343 /atilde 8#344 /adieresis 8#345 /aring
-8#346 /ae 8#347 /ccedilla 8#350 /egrave 8#351 /eacute
-8#352 /ecircumflex 8#353 /edieresis 8#354 /igrave 8#355 /iacute
-8#356 /icircumflex 8#357 /idieresis 8#360 /eth 8#361 /ntilde 8#362 /ograve
-8#363 /oacute 8#364 /ocircumflex 8#365 /otilde 8#366 /odieresis 8#367 /divide
-8#370 /oslash 8#371 /ugrave 8#372 /uacute 8#373 /ucircumflex
-8#374 /udieresis 8#375 /yacute 8#376 /thorn 8#377 /ydieresis] def
-/Times-Roman /Times-Roman-iso isovec ReEncode
-/Helvetica-Bold /Helvetica-Bold-iso isovec ReEncode
-/Helvetica-Narrow /Helvetica-Narrow-iso isovec ReEncode
-/$F2psBegin {$F2psDict begin /$F2psEnteredState save def} def
-/$F2psEnd {$F2psEnteredState restore end} def
-%%EndProlog
-
-$F2psBegin
-10 setmiterlimit
-n -1000 9572 m -1000 -1000 l 13622 -1000 l 13622 9572 l cp clip
- 0.05883 0.05883 sc
-%%Page: 1 1
-% Polyline
-7.500 slw
-n 6413 2048 m 6380 2054 l 6348 2061 l 6315 2067 l 6283 2073 l 6250 2079 l
- 6217 2084 l 6185 2090 l 6152 2095 l 6120 2101 l 6088 2107 l
- 6057 2113 l 6027 2120 l 5998 2126 l 5970 2134 l 5943 2141 l
- 5918 2149 l 5894 2158 l 5873 2167 l 5853 2177 l 5835 2187 l
- 5819 2198 l 5805 2210 l 5793 2222 l 5782 2235 l 5774 2250 l
- 5768 2265 l 5763 2281 l 5760 2299 l 5759 2318 l 5759 2339 l
- 5761 2360 l 5764 2383 l 5768 2408 l 5774 2433 l 5780 2460 l
- 5788 2488 l 5797 2516 l 5806 2546 l 5815 2575 l 5825 2606 l
- 5836 2636 l 5846 2666 l 5856 2696 l 5866 2726 l 5875 2755 l
- 5884 2784 l 5892 2812 l 5899 2839 l 5905 2866 l 5910 2891 l
- 5915 2916 l 5918 2940 l 5919 2968 l 5920 2995 l 5919 3022 l
- 5916 3048 l 5912 3075 l 5908 3101 l 5902 3127 l 5895 3153 l
- 5887 3179 l 5880 3205 l 5871 3230 l 5863 3254 l 5855 3278 l
- 5848 3302 l 5841 3324 l 5834 3346 l 5829 3367 l 5824 3388 l
- 5821 3408 l 5819 3427 l 5819 3446 l 5820 3465 l 5823 3484 l
- 5827 3503 l 5833 3522 l 5840 3542 l 5848 3562 l 5858 3582 l
- 5868 3603 l 5880 3625 l 5891 3647 l 5904 3669 l 5916 3691 l
- 5929 3713 l 5941 3736 l 5953 3758 l 5964 3779 l 5974 3801 l
- 5983 3822 l 5991 3843 l 5997 3863 l 6002 3883 l 6006 3903 l
- 6008 3923 l 6008 3942 l 6006 3962 l 6003 3983 l 5998 4004 l
- 5992 4025 l 5985 4048 l 5977 4070 l 5968 4094 l 5958 4118 l
- 5947 4142 l 5936 4167 l 5925 4192 l 5913 4216 l 5902 4241 l
- 5892 4266 l 5882 4291 l 5872 4315 l 5864 4339 l 5857 4362 l
- 5851 4386 l 5846 4409 l 5843 4433 l 5840 4456 l 5840 4480 l
- 5840 4505 l 5842 4530 l 5845 4556 l 5849 4582 l 5854 4609 l
- 5860 4636 l 5867 4664 l 5875 4692 l 5883 4720 l 5892 4747 l
- 5901 4774 l 5910 4801 l 5920 4827 l 5929 4852 l 5938 4875 l
- 5947 4898 l 5955 4920 l 5963 4941 l 5971 4961 l 5978 4980 l
- 5985 5002 l 5992 5024 l 5999 5046 l 6005 5067 l 6010 5088 l
- 6016 5109 l 6022 5129 l 6027 5150 l 6033 5170 l 6039 5190 l
- 6045 5209 l 6052 5228 l 6059 5246 l 6067 5264 l 6075 5281 l
- 6084 5298 l 6094 5315 l 6105 5333 l 6115 5347 l 6125 5361 l
- 6137 5376 l 6149 5392 l 6162 5408 l 6176 5425 l 6191 5443 l
- 6206 5461 l 6221 5480 l 6237 5499 l 6253 5519 l 6269 5539 l
- 6284 5559 l 6299 5579 l 6313 5599 l 6327 5619 l 6340 5639 l
- 6352 5659 l 6363 5679 l 6373 5698 l 6382 5718 l 6390 5738 l
- 6398 5759 l 6404 5782 l 6410 5805 l 6415 5828 l 6420 5852 l
- 6424 5877 l 6428 5902 l 6431 5927 l 6435 5952 l 6438 5977 l
- 6442 6001 l 6446 6025 l 6450 6048 l 6455 6069 l 6461 6090 l
- 6467 6109 l 6474 6127 l 6483 6143 l 6492 6159 l 6503 6173 l
- 6515 6185 l 6528 6197 l 6543 6209 l 6560 6220 l 6578 6230 l
- 6598 6240 l 6619 6250 l 6641 6260 l 6663 6270 l 6687 6281 l
- 6710 6291 l 6733 6302 l 6757 6312 l 6779 6324 l 6801 6335 l
- 6821 6348 l 6841 6361 l 6859 6374 l 6876 6389 l 6893 6405 l
- 6906 6421 l 6919 6437 l 6932 6455 l 6944 6475 l 6955 6495 l
- 6967 6516 l 6979 6538 l 6991 6561 l 7003 6584 l 7015 6608 l
- 7027 6631 l 7040 6654 l 7053 6677 l 7067 6699 l 7081 6720 l
- 7096 6739 l 7111 6758 l 7127 6774 l 7144 6789 l 7161 6803 l
- 7180 6815 l 7200 6825 l 7220 6833 l 7240 6840 l 7263 6845 l
- 7286 6850 l 7311 6854 l 7338 6857 l 7365 6859 l 7394 6861 l
- 7424 6862 l 7454 6864 l 7485 6865 l 7516 6866 l 7547 6867 l
- 7578 6868 l 7609 6870 l 7639 6872 l 7668 6875 l 7696 6879 l
- 7723 6883 l 7748 6889 l 7773 6895 l 7795 6903 l 7817 6912 l
- 7838 6923 l 7857 6934 l 7875 6948 l 7892 6963 l 7909 6980 l
- 7926 6998 l 7941 7017 l 7957 7038 l 7972 7060 l 7987 7083 l
- 8002 7106 l 8017 7130 l 8031 7154 l 8046 7178 l 8061 7202 l
- 8075 7225 l 8090 7247 l 8105 7269 l 8120 7289 l 8135 7308 l
- 8151 7326 l 8167 7342 l 8184 7356 l 8202 7369 l 8220 7380 l
- 8239 7390 l 8260 7397 l 8282 7404 l 8305 7409 l 8330 7413 l
- 8356 7416 l 8383 7418 l 8412 7420 l 8441 7420 l 8471 7419 l
- 8502 7418 l 8534 7417 l 8565 7415 l 8597 7413 l 8629 7411 l
- 8660 7409 l 8690 7407 l 8720 7405 l 8749 7404 l 8777 7404 l
- 8804 7404 l 8830 7405 l 8856 7407 l 8880 7410 l 8906 7414 l
- 8931 7420 l 8956 7427 l 8981 7435 l 9005 7444 l 9029 7455 l
- 9053 7466 l 9077 7478 l 9100 7491 l 9123 7504 l 9146 7517 l
- 9168 7531 l 9190 7544 l 9210 7557 l 9230 7570 l 9250 7582 l
- 9268 7593 l 9286 7604 l 9304 7613 l 9320 7621 l 9336 7629 l
- 9353 7635 l 9370 7641 l 9388 7645 l 9406 7648 l 9425 7650 l
- 9444 7652 l 9464 7653 l 9485 7653 l 9508 7653 l 9531 7653 l
- 9555 7653 l 9579 7653 l 9605 7654 l 9631 7655 l 9658 7656 l
- 9685 7659 l 9713 7662 l 9742 7666 l 9771 7672 l 9801 7679 l
- 9833 7688 l 9853 7694 l 9874 7700 l 9895 7708 l 9918 7716 l
- 9941 7725 l 9966 7734 l 9991 7745 l 10017 7755 l 10045 7767 l
- 10073 7779 l 10102 7791 l 10132 7804 l 10163 7818 l 10194 7831 l
- 10227 7845 l 10259 7860 l 10293 7874 l 10326 7889 l 10360 7903 l
- 10394 7918 l 10429 7932 l 10463 7947 l 10497 7961 l 10531 7974 l
- 10565 7988 l 10599 8001 l 10633 8013 l 10667 8025 l 10700 8037 l
- 10733 8049 l 10767 8059 l 10800 8070 l 10834 8080 l 10868 8090 l
- 10902 8099 l 10937 8108 l 10973 8117 l 11009 8125 l 11045 8133 l
- 11083 8141 l 11120 8148 l 11158 8155 l 11197 8161 l 11236 8167 l
- 11275 8172 l 11313 8177 l 11352 8181 l 11391 8184 l 11429 8187 l
- 11467 8190 l 11504 8191 l 11540 8192 l 11576 8192 l 11610 8192 l
- 11644 8191 l 11676 8189 l 11707 8187 l 11738 8184 l 11767 8180 l
- 11794 8176 l 11821 8171 l 11847 8165 l 11871 8159 l 11895 8153 l
- 11923 8143 l 11950 8133 l 11976 8122 l 12001 8109 l 12025 8096 l
- 12048 8081 l 12071 8065 l 12092 8048 l 12113 8031 l 12133 8012 l
- 12153 7992 l 12171 7972 l 12188 7951 l 12205 7930 l 12220 7909 l
- 12235 7887 l 12248 7865 l 12260 7843 l 12272 7822 l 12282 7800 l
- 12292 7779 l 12301 7759 l 12309 7739 l 12316 7719 l 12323 7699 l
- 12330 7680 l 12338 7655 l 12345 7631 l 12352 7607 l 12359 7582 l
- 12365 7558 l 12371 7533 l 12377 7508 l 12382 7484 l 12388 7460 l
- 12392 7436 l 12397 7414 l 12401 7391 l 12405 7370 l 12409 7350 l
- 12412 7331 l 12415 7313 l 12418 7297 l 12421 7281 l 12424 7266 l
- 12428 7253 l 12432 7234 l 12437 7216 l 12442 7199 l 12446 7183 l
- 12451 7166 l 12456 7150 l 12460 7134 l 12463 7117 l 12466 7101 l
- 12468 7086 l 12469 7070 l 12469 7054 l 12467 7037 l 12465 7020 l
- 12462 7006 l 12459 6991 l 12455 6975 l 12450 6958 l 12445 6940 l
- 12440 6921 l 12434 6901 l 12428 6880 l 12422 6859 l 12416 6838 l
- 12411 6817 l 12406 6796 l 12401 6776 l 12397 6756 l 12394 6736 l
- 12392 6718 l 12390 6700 l 12390 6683 l 12390 6665 l 12392 6649 l
- 12394 6631 l 12397 6614 l 12401 6597 l 12406 6579 l 12411 6561 l
- 12416 6542 l 12422 6524 l 12428 6505 l 12434 6487 l 12440 6468 l
- 12445 6450 l 12450 6432 l 12455 6414 l 12459 6396 l 12462 6378 l
- 12465 6360 l 12467 6343 l 12468 6326 l 12469 6308 l 12469 6289 l
- 12468 6269 l 12468 6249 l 12466 6227 l 12464 6205 l 12462 6182 l
- 12460 6159 l 12457 6135 l 12454 6111 l 12451 6087 l 12447 6063 l
- 12444 6040 l 12441 6016 l 12437 5993 l 12434 5970 l 12431 5948 l
- 12428 5925 l 12424 5902 l 12421 5879 l 12419 5855 l 12416 5831 l
- 12413 5806 l 12411 5781 l 12408 5755 l 12406 5729 l 12404 5702 l
- 12403 5676 l 12401 5651 l 12400 5625 l 12400 5601 l 12399 5578 l
- 12399 5555 l 12400 5534 l 12401 5514 l 12402 5495 l 12403 5477 l
- 12405 5460 l 12408 5440 l 12411 5421 l 12416 5402 l 12420 5384 l
- 12426 5365 l 12431 5347 l 12437 5329 l 12444 5311 l 12450 5293 l
- 12456 5275 l 12462 5258 l 12468 5240 l 12474 5222 l 12479 5205 l
- 12483 5186 l 12488 5168 l 12490 5152 l 12493 5135 l 12496 5117 l
- 12498 5099 l 12500 5079 l 12502 5058 l 12504 5036 l 12506 5014 l
- 12507 4990 l 12509 4966 l 12510 4942 l 12512 4918 l 12513 4893 l
- 12515 4869 l 12516 4845 l 12518 4822 l 12520 4799 l 12521 4776 l
- 12523 4754 l 12525 4733 l 12527 4713 l 12529 4693 l 12531 4673 l
- 12534 4653 l 12536 4632 l 12539 4610 l 12541 4588 l 12543 4566 l
- 12546 4543 l 12548 4520 l 12550 4497 l 12552 4473 l 12553 4450 l
- 12554 4426 l 12555 4403 l 12555 4380 l 12555 4357 l 12555 4334 l
- 12554 4312 l 12552 4290 l 12550 4267 l 12548 4245 l 12545 4224 l
- 12541 4203 l 12537 4181 l 12533 4159 l 12528 4136 l 12523 4112 l
- 12517 4088 l 12510 4064 l 12503 4038 l 12496 4013 l 12488 3987 l
- 12479 3961 l 12471 3935 l 12462 3909 l 12452 3884 l 12443 3859 l
- 12434 3835 l 12424 3811 l 12415 3788 l 12405 3766 l 12396 3744 l
- 12386 3723 l 12377 3702 l 12368 3683 l 12357 3661 l 12347 3640 l
- 12336 3619 l 12325 3598 l 12314 3576 l 12303 3555 l 12291 3533 l
- 12280 3511 l 12269 3489 l 12257 3467 l 12246 3446 l 12235 3424 l
- 12225 3402 l 12215 3381 l 12206 3360 l 12197 3340 l 12189 3320 l
- 12181 3301 l 12174 3281 l 12168 3262 l 12162 3244 l 12158 3225 l
- 12153 3204 l 12149 3183 l 12145 3162 l 12142 3139 l 12140 3117 l
- 12138 3094 l 12137 3071 l 12137 3047 l 12138 3024 l 12139 3001 l
- 12141 2978 l 12143 2956 l 12146 2935 l 12150 2915 l 12154 2896 l
- 12158 2879 l 12163 2862 l 12168 2847 l 12174 2833 l 12180 2820 l
- 12188 2805 l 12197 2792 l 12206 2779 l 12216 2766 l 12227 2754 l
- 12238 2742 l 12249 2730 l 12260 2717 l 12272 2704 l 12282 2691 l
- 12292 2676 l 12302 2661 l 12310 2645 l 12318 2627 l 12324 2608 l
- 12330 2588 l 12334 2571 l 12336 2553 l 12339 2534 l 12341 2513 l
- 12342 2491 l 12343 2467 l 12343 2442 l 12342 2416 l 12340 2389 l
- 12338 2360 l 12335 2332 l 12331 2303 l 12326 2273 l 12320 2244 l
- 12314 2215 l 12307 2187 l 12299 2159 l 12290 2132 l 12280 2106 l
- 12270 2081 l 12259 2056 l 12248 2033 l 12236 2011 l 12224 1990 l
- 12210 1970 l 12196 1949 l 12181 1929 l 12164 1910 l 12147 1890 l
- 12129 1871 l 12110 1853 l 12090 1835 l 12070 1818 l 12049 1802 l
- 12027 1787 l 12005 1773 l 11983 1761 l 11961 1749 l 11939 1739 l
- 11917 1730 l 11895 1722 l 11874 1716 l 11852 1710 l 11831 1707 l
- 11811 1704 l 11790 1703 l 11769 1702 l 11748 1703 l 11727 1705 l
- 11706 1708 l 11683 1711 l 11660 1716 l 11636 1721 l 11612 1727 l
- 11587 1733 l 11560 1740 l 11534 1747 l 11506 1754 l 11479 1761 l
- 11450 1768 l 11422 1774 l 11393 1780 l 11364 1786 l 11334 1791 l
- 11305 1795 l 11275 1798 l 11245 1800 l 11215 1801 l 11184 1801 l
- 11153 1800 l 11128 1798 l 11104 1796 l 11078 1793 l 11052 1790 l
- 11025 1785 l 10997 1781 l 10968 1776 l 10939 1770 l 10908 1764 l
- 10877 1758 l 10844 1751 l 10811 1744 l 10778 1737 l 10743 1730 l
- 10708 1722 l 10673 1715 l 10637 1708 l 10601 1701 l 10565 1695 l
- 10530 1688 l 10494 1682 l 10458 1677 l 10422 1672 l 10387 1668 l
- 10352 1664 l 10318 1661 l 10284 1658 l 10250 1657 l 10216 1656 l
- 10183 1655 l 10150 1656 l 10118 1658 l 10087 1660 l 10055 1663 l
- 10024 1666 l 9992 1671 l 9960 1676 l 9927 1682 l 9894 1688 l
- 9861 1695 l 9827 1703 l 9792 1711 l 9757 1720 l 9721 1729 l
- 9685 1738 l 9649 1748 l 9613 1757 l 9576 1767 l 9539 1778 l
- 9502 1788 l 9465 1798 l 9429 1807 l 9392 1817 l 9356 1826 l
- 9320 1835 l 9285 1844 l 9250 1852 l 9216 1860 l 9182 1867 l
- 9148 1873 l 9115 1879 l 9082 1884 l 9050 1889 l 9018 1892 l
- 8987 1895 l 8955 1898 l 8919 1899 l 8883 1900 l 8847 1899 l
- 8811 1898 l 8774 1896 l 8737 1893 l 8699 1889 l 8661 1884 l
- 8623 1878 l 8585 1872 l 8546 1865 l 8508 1857 l 8470 1849 l
- 8432 1840 l 8395 1830 l 8358 1821 l 8322 1811 l 8287 1801 l
- 8254 1790 l 8221 1780 l 8189 1770 l 8159 1760 l 8130 1750 l
- 8102 1740 l 8076 1730 l 8051 1721 l 8028 1712 l 8006 1703 l
- 7985 1695 l 7965 1688 l 7931 1674 l 7899 1662 l 7871 1650 l
- 7844 1640 l 7820 1631 l 7798 1623 l 7778 1617 l 7760 1611 l
- 7743 1607 l 7728 1603 l 7715 1601 l 7702 1600 l 7691 1600 l
- 7680 1601 l 7669 1603 l 7658 1605 l 7648 1607 l 7638 1610 l
- 7627 1613 l 7615 1617 l 7601 1621 l 7587 1626 l 7571 1632 l
- 7554 1638 l 7536 1645 l 7517 1653 l 7496 1661 l 7474 1670 l
- 7452 1679 l 7428 1689 l 7403 1699 l 7378 1709 l 7352 1720 l
- 7325 1731 l 7297 1743 l 7268 1755 l 7247 1763 l 7226 1772 l
- 7204 1781 l 7182 1790 l 7158 1800 l 7133 1810 l 7108 1820 l
- 7081 1831 l 7053 1842 l 7025 1853 l 6996 1864 l 6966 1875 l
- 6935 1886 l 6904 1898 l 6873 1909 l 6841 1921 l 6809 1932 l
- 6776 1943 l 6744 1954 l 6712 1964 l 6680 1974 l 6649 1984 l
- 6618 1994 l 6587 2003 l 6557 2011 l 6527 2019 l 6498 2027 l
- 6469 2034 l 6441 2041 l cp gs col34 1.00 shd ef gr gs col34 s gr 
-% Polyline
-n 675 6525 m 5850 6525 l 5850 6075 l 5625 6075 l 5625 5625 l 900 5625 l
- 900 6075 l 675 6075 l cp gs col7 1.00 shd ef gr gs col7 s gr 
-% Polyline
-n 1125 6525 m 5355 6525 l 5400 5175 l 5175 5175 l 5175 4725 l 4950 4725 l
- 4950 4275 l 1575 4275 l 1575 4725 l 1350 4725 l 1350 5175 l
- 1125 5175 l cp gs col34 1.00 shd ef gr gs col34 s gr 
-% Polyline
-75.000 slw
-n 9450 4500 m 12465 2205 l gs col7 s gr 
-% Polyline
-n 9450 4500 m 9450 7785 l gs col7 s gr 
-% Polyline
-n 9450 4500 m 6075 1935 l gs col7 s gr 
-% Polyline
-n 12510 6435 m 9450 6435 l gs col7 s gr 
-% Polyline
-7.500 slw
-n 1800 6525 m 4725 6525 l 4725 3825 l 4500 3825 l 4500 3375 l 4275 3375 l
- 4275 2925 l 4050 2925 l 4050 2475 l 2475 2475 l 2475 2925 l
- 2250 2925 l 2250 3375 l 2025 3375 l 2025 3825 l 1800 3825 l
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 2700 6525 m 3825 6525 l 3825 2025 l 3600 2025 l 3600 1575 l 2925 1575 l
- 2925 2025 l 2700 2025 l cp gs col33 1.00 shd ef gr gs col33 s gr 
-% Polyline
-gs  clippath
-12068 6810 m 11970 6885 l 12022 6773 l 11937 6878 l 11984 6915 l cp
-clip
-n 12375 4455 m 12510 4635 l 12510 6210 l 11970 6885 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 12068 6810 m 11970 6885 l 12022 6773 l 12045 6791 l 12068 6810 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-7113 6004 m 7155 6120 l 7063 6037 l 7138 6149 l 7188 6116 l cp
-clip
-n 6705 5445 m 7155 6120 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7113 6004 m 7155 6120 l 7063 6037 l 7088 6020 l 7113 6004 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-7304 4656 m 7200 4590 l 7323 4599 l 7195 4557 l 7176 4614 l cp
-clip
-n 7875 4815 m 7200 4590 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7304 4656 m 7200 4590 l 7323 4599 l 7314 4628 l 7304 4656 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-11405 4128 m 11475 4230 l 11365 4173 l 11466 4262 l 11506 4217 l cp
-clip
-n 9585 2565 m 11475 4230 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 11405 4128 m 11475 4230 l 11365 4173 l 11385 4151 l 11405 4128 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-11712 4556 m 11835 4545 l 11732 4613 l 11859 4568 l 11839 4512 l cp
-clip
-n 10170 5130 m 11835 4545 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 11712 4556 m 11835 4545 l 11732 4613 l 11722 4585 l 11712 4556 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-9732 5411 m 9855 5400 l 9752 5468 l 9879 5423 l 9859 5367 l cp
-clip
-n 7920 6075 m 9855 5400 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9732 5411 m 9855 5400 l 9752 5468 l 9742 5440 l 9732 5411 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-10823 5573 m 10935 5625 l 10812 5632 l 10944 5657 l 10955 5598 l cp
-clip
-n 9990 5445 m 10935 5625 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10823 5573 m 10935 5625 l 10812 5632 l 10817 5603 l 10823 5573 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-10815 5280 m 10935 5310 l 10815 5340 l 10950 5340 l 10950 5280 l cp
-clip
-n 10215 5310 m 10935 5310 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10815 5280 m 10935 5310 l 10815 5340 l 10815 5310 l 10815 5280 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-11955 4965 m 11925 5085 l 11895 4965 l 11895 5100 l 11955 5100 l cp
-clip
-n 11925 4590 m 11925 5085 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 11955 4965 m 11925 5085 l 11895 4965 l 11925 4965 l 11955 4965 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-9840 6720 m 9810 6840 l 9780 6720 l 9780 6855 l 9840 6855 l cp
-clip
-n 9810 5490 m 9810 6840 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9840 6720 m 9810 6840 l 9780 6720 l 9810 6720 l 9840 6720 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-10847 5943 m 10935 6030 l 10816 5995 l 10933 6063 l 10963 6012 l cp
-clip
-n 9945 5445 m 10935 6030 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10847 5943 m 10935 6030 l 10816 5995 l 10832 5969 l 10847 5943 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-10698 2634 m 10800 2565 l 10742 2674 l 10832 2574 l 10788 2534 l cp
-clip
-n 8865 4725 m 10800 2565 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 10698 2634 m 10800 2565 l 10742 2674 l 10720 2654 l 10698 2634 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-30.000 slw
-n 675 6075 m 5850 6075 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-7.500 slw
- [15 15] 15 sd
-gs  clippath
-645 6195 m 675 6075 l 705 6195 l 705 6060 l 645 6060 l cp
-clip
-n 675 6525 m 675 6075 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 645 6195 m 675 6075 l 705 6195 l 675 6195 l 645 6195 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-5880 6405 m 5850 6525 l 5820 6405 l 5820 6540 l 5880 6540 l cp
-clip
-n 5850 6075 m 5850 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5880 6405 m 5850 6525 l 5820 6405 l 5850 6405 l 5880 6405 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-30.000 slw
-n 900 5625 m 5625 5625 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 1125 5175 m 5400 5175 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 1350 4725 m 5175 4725 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 1575 4275 m 4950 4275 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 1800 3825 m 4725 3825 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2025 3375 m 4500 3375 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2250 2925 m 4275 2925 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2475 2475 m 4050 2475 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2700 2025 m 3825 2025 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 2925 1575 m 3600 1575 l gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-7.500 slw
- [15 15] 15 sd
-gs  clippath
-870 5745 m 900 5625 l 930 5745 l 930 5610 l 870 5610 l cp
-clip
-n 900 6075 m 900 5625 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 870 5745 m 900 5625 l 930 5745 l 900 5745 l 870 5745 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1095 5295 m 1125 5175 l 1155 5295 l 1155 5160 l 1095 5160 l cp
-clip
-n 1125 6525 m 1125 5175 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1095 5295 m 1125 5175 l 1155 5295 l 1125 5295 l 1095 5295 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1320 4845 m 1350 4725 l 1380 4845 l 1380 4710 l 1320 4710 l cp
-clip
-n 1350 5175 m 1350 4725 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1320 4845 m 1350 4725 l 1380 4845 l 1350 4845 l 1320 4845 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1545 4395 m 1575 4275 l 1605 4395 l 1605 4260 l 1545 4260 l cp
-clip
-n 1575 4725 m 1575 4275 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1545 4395 m 1575 4275 l 1605 4395 l 1575 4395 l 1545 4395 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1770 3945 m 1800 3825 l 1830 3945 l 1830 3810 l 1770 3810 l cp
-clip
-n 1800 6525 m 1800 3825 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1770 3945 m 1800 3825 l 1830 3945 l 1800 3945 l 1770 3945 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-1995 3495 m 2025 3375 l 2055 3495 l 2055 3360 l 1995 3360 l cp
-clip
-n 2025 3825 m 2025 3375 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 1995 3495 m 2025 3375 l 2055 3495 l 2025 3495 l 1995 3495 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-2220 3045 m 2250 2925 l 2280 3045 l 2280 2910 l 2220 2910 l cp
-clip
-n 2250 3375 m 2250 2925 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2220 3045 m 2250 2925 l 2280 3045 l 2250 3045 l 2220 3045 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-2445 2595 m 2475 2475 l 2505 2595 l 2505 2460 l 2445 2460 l cp
-clip
-n 2475 2925 m 2475 2475 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2445 2595 m 2475 2475 l 2505 2595 l 2475 2595 l 2445 2595 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-5655 5955 m 5625 6075 l 5595 5955 l 5595 6090 l 5655 6090 l cp
-clip
-n 5625 5625 m 5625 6075 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5655 5955 m 5625 6075 l 5595 5955 l 5625 5955 l 5655 5955 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-5430 6405 m 5400 6525 l 5370 6405 l 5370 6540 l 5430 6540 l cp
-clip
-n 5400 5175 m 5400 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5430 6405 m 5400 6525 l 5370 6405 l 5400 6405 l 5430 6405 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-5205 5055 m 5175 5175 l 5145 5055 l 5145 5190 l 5205 5190 l cp
-clip
-n 5175 4725 m 5175 5175 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 5205 5055 m 5175 5175 l 5145 5055 l 5175 5055 l 5205 5055 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4980 4605 m 4950 4725 l 4920 4605 l 4920 4740 l 4980 4740 l cp
-clip
-n 4950 4275 m 4950 4725 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4980 4605 m 4950 4725 l 4920 4605 l 4950 4605 l 4980 4605 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4755 6405 m 4725 6525 l 4695 6405 l 4695 6540 l 4755 6540 l cp
-clip
-n 4725 3825 m 4725 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4755 6405 m 4725 6525 l 4695 6405 l 4725 6405 l 4755 6405 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4530 3705 m 4500 3825 l 4470 3705 l 4470 3840 l 4530 3840 l cp
-clip
-n 4500 3375 m 4500 3825 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4530 3705 m 4500 3825 l 4470 3705 l 4500 3705 l 4530 3705 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4305 3255 m 4275 3375 l 4245 3255 l 4245 3390 l 4305 3390 l cp
-clip
-n 4275 2925 m 4275 3375 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4305 3255 m 4275 3375 l 4245 3255 l 4275 3255 l 4305 3255 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-4080 2805 m 4050 2925 l 4020 2805 l 4020 2940 l 4080 2940 l cp
-clip
-n 4050 2475 m 4050 2925 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 4080 2805 m 4050 2925 l 4020 2805 l 4050 2805 l 4080 2805 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-2670 2145 m 2700 2025 l 2730 2145 l 2730 2010 l 2670 2010 l cp
-clip
-n 2700 6525 m 2700 2025 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2670 2145 m 2700 2025 l 2730 2145 l 2700 2145 l 2670 2145 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-3855 6405 m 3825 6525 l 3795 6405 l 3795 6540 l 3855 6540 l cp
-clip
-n 3825 2025 m 3825 6525 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 3855 6405 m 3825 6525 l 3795 6405 l 3825 6405 l 3855 6405 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-3630 1905 m 3600 2025 l 3570 1905 l 3570 2040 l 3630 2040 l cp
-clip
-n 3600 1575 m 3600 2025 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 3630 1905 m 3600 2025 l 3570 1905 l 3600 1905 l 3630 1905 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-2895 1695 m 2925 1575 l 2955 1695 l 2955 1560 l 2895 1560 l cp
-clip
-n 2925 2025 m 2925 1575 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 2895 1695 m 2925 1575 l 2955 1695 l 2925 1695 l 2895 1695 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-45.000 slw
-gs  clippath
-6087 6495 m 6207 6525 l 6087 6555 l 6360 6555 l 6360 6495 l cp
-clip
-n 540 6525 m 6300 6525 l gs 0.00 setgray ef gr gs col0 s gr gr
-
-% arrowhead
-n 6087 6495 m 6207 6525 l 6087 6555 l 6087 6525 l 6087 6495 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-7.500 slw
-gs  clippath
-3681 6720 m 3825 6750 l 3681 6780 l 3840 6780 l 3840 6720 l cp
-2844 6780 m 2700 6750 l 2844 6720 l 2685 6720 l 2685 6780 l cp
-clip
-n 2700 6750 m 3825 6750 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 2844 6780 m 2700 6750 l 2844 6720 l 2820 6750 l 2844 6780 l  cp gs col7 1.00 shd ef gr  col0 s
-% arrowhead
-n 3681 6720 m 3825 6750 l 3681 6780 l 3705 6750 l 3681 6720 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-gs  clippath
-5256 7170 m 5400 7200 l 5256 7230 l 5415 7230 l 5415 7170 l cp
-1269 7230 m 1125 7200 l 1269 7170 l 1110 7170 l 1110 7230 l cp
-clip
-n 1125 7200 m 5400 7200 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 1269 7230 m 1125 7200 l 1269 7170 l 1245 7200 l 1269 7230 l  cp gs col7 1.00 shd ef gr  col0 s
-% arrowhead
-n 5256 7170 m 5400 7200 l 5256 7230 l 5280 7200 l 5256 7170 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-gs  clippath
-4581 6945 m 4725 6975 l 4581 7005 l 4740 7005 l 4740 6945 l cp
-1944 7005 m 1800 6975 l 1944 6945 l 1785 6945 l 1785 7005 l cp
-clip
-n 1800 6975 m 4725 6975 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 1944 7005 m 1800 6975 l 1944 6945 l 1920 6975 l 1944 7005 l  cp gs col7 1.00 shd ef gr  col0 s
-% arrowhead
-n 4581 6945 m 4725 6975 l 4581 7005 l 4605 6975 l 4581 6945 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-gs  clippath
-5706 7395 m 5850 7425 l 5706 7455 l 5865 7455 l 5865 7395 l cp
-819 7455 m 675 7425 l 819 7395 l 660 7395 l 660 7455 l cp
-clip
-n 675 7425 m 5850 7425 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 819 7455 m 675 7425 l 819 7395 l 795 7425 l 819 7455 l  cp gs col7 1.00 shd ef gr  col0 s
-% arrowhead
-n 5706 7395 m 5850 7425 l 5706 7455 l 5730 7425 l 5706 7395 l  cp gs col7 1.00 shd ef gr  col0 s
-% Polyline
-1 slc
- [15 45] 45 sd
-n 675 6570 m 675 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 1125 6570 m 1125 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 1800 6570 m 1800 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 2700 6570 m 2700 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 3825 6570 m 3825 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 4725 6570 m 4725 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 5400 6570 m 5400 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
- [15 45] 45 sd
-n 5850 6570 m 5850 7650 l gs col34 1.00 shd ef gr gs col0 s gr  [] 0 sd
-% Polyline
-0 slc
-n 750 225 m 450 225 450 1050 300 arcto 4 {pop} repeat
-  450 1350 12300 1350 300 arcto 4 {pop} repeat
-  12600 1350 12600 525 300 arcto 4 {pop} repeat
-  12600 225 750 225 300 arcto 4 {pop} repeat
- cp gs col34 1.00 shd ef gr gs col0 s gr 
-% Polyline
-n 8835 2250 m 8775 2250 8775 2415 60 arcto 4 {pop} repeat
-  8775 2475 10110 2475 60 arcto 4 {pop} repeat
-  10170 2475 10170 2310 60 arcto 4 {pop} repeat
-  10170 2250 8835 2250 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 10635 2250 m 10575 2250 10575 2415 60 arcto 4 {pop} repeat
-  10575 2475 11865 2475 60 arcto 4 {pop} repeat
-  11925 2475 11925 2310 60 arcto 4 {pop} repeat
-  11925 2250 10635 2250 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 11490 4275 m 11430 4275 11430 4440 60 arcto 4 {pop} repeat
-  11430 4500 12315 4500 60 arcto 4 {pop} repeat
-  12375 4500 12375 4335 60 arcto 4 {pop} repeat
-  12375 4275 11490 4275 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 11040 5175 m 10980 5175 10980 5340 60 arcto 4 {pop} repeat
-  10980 5400 12315 5400 60 arcto 4 {pop} repeat
-  12375 5400 12375 5235 60 arcto 4 {pop} repeat
-  12375 5175 11040 5175 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 9735 5175 m 9675 5175 9675 5340 60 arcto 4 {pop} repeat
-  9675 5400 10110 5400 60 arcto 4 {pop} repeat
-  10170 5400 10170 5235 60 arcto 4 {pop} repeat
-  10170 5175 9735 5175 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 7260 6075 m 7200 6075 7200 6240 60 arcto 4 {pop} repeat
-  7200 6300 7815 6300 60 arcto 4 {pop} repeat
-  7875 6300 7875 6135 60 arcto 4 {pop} repeat
-  7875 6075 7260 6075 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 6810 2250 m 6750 2250 6750 2415 60 arcto 4 {pop} repeat
-  6750 2475 8130 2475 60 arcto 4 {pop} repeat
-  8190 2475 8190 2310 60 arcto 4 {pop} repeat
-  8190 2250 6810 2250 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 6360 3375 m 6300 3375 6300 3540 60 arcto 4 {pop} repeat
-  6300 3600 7545 3600 60 arcto 4 {pop} repeat
-  7605 3600 7605 3435 60 arcto 4 {pop} repeat
-  7605 3375 6360 3375 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 6360 4275 m 6300 4275 6300 4440 60 arcto 4 {pop} repeat
-  6300 4500 7275 4500 60 arcto 4 {pop} repeat
-  7335 4500 7335 4335 60 arcto 4 {pop} repeat
-  7335 4275 6360 4275 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 6360 5175 m 6300 5175 6300 5340 60 arcto 4 {pop} repeat
-  6300 5400 7140 5400 60 arcto 4 {pop} repeat
-  7200 5400 7200 5235 60 arcto 4 {pop} repeat
-  7200 5175 6360 5175 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-gs  clippath
-7365 5340 m 7245 5310 l 7365 5280 l 7230 5280 l 7230 5340 l cp
-clip
-n 9630 5310 m 7245 5310 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7365 5340 m 7245 5310 l 7365 5280 l 7365 5310 l 7365 5340 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-7500 4395 m 7380 4365 l 7500 4335 l 7365 4335 l 7365 4395 l cp
-clip
-n 11385 4365 m 7380 4365 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7500 4395 m 7380 4365 l 7500 4335 l 7500 4365 l 7500 4395 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-n 11040 5580 m 10980 5580 10980 5745 60 arcto 4 {pop} repeat
-  10980 5805 12180 5805 60 arcto 4 {pop} repeat
-  12240 5805 12240 5640 60 arcto 4 {pop} repeat
-  12240 5580 11040 5580 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 11040 5985 m 10980 5985 10980 6150 60 arcto 4 {pop} repeat
-  10980 6210 12315 6210 60 arcto 4 {pop} repeat
-  12375 6210 12375 6045 60 arcto 4 {pop} repeat
-  12375 5985 11040 5985 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-gs  clippath
-9958 5554 m 9900 5445 l 10003 5514 l 9912 5414 l 9868 5454 l cp
-clip
-n 11205 6885 m 9900 5445 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9958 5554 m 9900 5445 l 10003 5514 l 9981 5534 l 9958 5554 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-n 10590 6930 m 10530 6930 10530 7095 60 arcto 4 {pop} repeat
-  10530 7155 12225 7155 60 arcto 4 {pop} repeat
-  12285 7155 12285 6990 60 arcto 4 {pop} repeat
-  12285 6930 10590 6930 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-n 9690 6930 m 9630 6930 9630 7095 60 arcto 4 {pop} repeat
-  9630 7155 10110 7155 60 arcto 4 {pop} repeat
-  10170 7155 10170 6990 60 arcto 4 {pop} repeat
-  10170 6930 9690 6930 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-/Times-Roman-iso ff 120.00 scf sf
-900 7560 m
-gs 1 -1 sc (Startup, Runtime, Shutdown) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-6345 2970 m
-gs 1 -1 sc (ap_ctx_get\(...,) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10800 2745 m
-gs 1 -1 sc (ap_get_module_config\(...) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10800 2880 m
-gs 1 -1 sc (->per_dir_config,) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10800 3015 m
-gs 1 -1 sc (&ssl_module\)) col0 sh gr
-% Polyline
-n 7980 4770 m 7920 4770 7920 4935 60 arcto 4 {pop} repeat
-  7920 4995 9075 4995 60 arcto 4 {pop} repeat
-  9135 4995 9135 4830 60 arcto 4 {pop} repeat
-  9135 4770 7980 4770 60 arcto 4 {pop} repeat
- cp gs col35 1.00 shd ef gr gs col35 s gr 
-% Polyline
-gs  clippath
-7340 2610 m 7425 2520 l 7393 2639 l 7459 2521 l 7406 2492 l cp
-clip
-n 6975 3330 m 7425 2520 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7340 2610 m 7425 2520 l 7393 2639 l 7367 2625 l 7340 2610 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-9336 2569 m 9450 2520 l 9373 2616 l 9480 2535 l 9444 2487 l cp
-clip
-n 7200 4230 m 9450 2520 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 9336 2569 m 9450 2520 l 9373 2616 l 9354 2593 l 9336 2569 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-7321 5196 m 7200 5220 l 7296 5142 l 7174 5199 l 7199 5254 l cp
-clip
-n 7875 4905 m 7200 5220 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 7321 5196 m 7200 5220 l 7296 5142 l 7309 5169 l 7321 5196 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
-gs  clippath
-6720 4665 m 6750 4545 l 6780 4665 l 6780 4530 l 6720 4530 l cp
-clip
-n 6750 5130 m 6750 4545 l gs col34 1.00 shd ef gr gs col0 s gr gr
-
-% arrowhead
-n 6720 4665 m 6750 4545 l 6780 4665 l 6750 4665 l 6720 4665 l  cp gs 0.00 setgray ef gr  col0 s
-% Polyline
- [15 15] 15 sd
-gs  clippath
-9279 4984 m 9175 4918 l 9298 4927 l 9170 4885 l 9151 4942 l cp
-clip
-n 9850 5143 m 9175 4918 l gs col34 1.00 shd ef gr gs col0 s gr gr
- [] 0 sd
-% arrowhead
-n 9279 4984 m 9175 4918 l 9298 4927 l 9289 4956 l 9279 4984 l  cp gs 0.00 setgray ef gr  col0 s
-/Helvetica-Narrow-iso ff 120.00 scf sf
-6210 4680 m
-gs 1 -1 sc (->server) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-8280 6120 m
-gs 1 -1 sc (ap_ctx_get\(...,"ssl"\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7740 2700 m
-gs 1 -1 sc (ap_get_module_config\(...) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7740 2835 m
-gs 1 -1 sc (->module_config,) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7740 2970 m
-gs 1 -1 sc (&ssl_module\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-6345 3105 m
-gs 1 -1 sc ("ssl_module"\)) col0 sh gr
-/Times-Roman-iso ff 120.00 scf sf
-1350 7335 m
-gs 1 -1 sc (Configuration Time) col0 sh gr
-/Times-Roman-iso ff 120.00 scf sf
-2025 7110 m
-gs 1 -1 sc (Connection Duration) col0 sh gr
-/Times-Roman-iso ff 120.00 scf sf
-2835 6885 m
-gs 1 -1 sc (Request Duration) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-6345 6795 m
-gs 1 -1 sc (t) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7110 5985 m
-gs 1 -1 sc (->client) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7065 5085 m
-gs 1 -1 sc (->connection) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7065 4770 m
-gs 1 -1 sc (->server) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-8010 5445 m
-gs 1 -1 sc (SSL_get_app_data\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10530 4050 m
-gs 1 -1 sc (->pSSLCtx) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-7875 4275 m
-gs 1 -1 sc (SSL_CTX_get_app_data\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10305 5535 m
-gs 1 -1 sc (SSL_get_current_cipher\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10440 5940 m
-gs 1 -1 sc (SSL_get_session\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-9540 7335 m
-gs 1 -1 sc (SSL_get_{r,w}bio\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10125 4680 m
-gs 1 -1 sc (SSL_get_SSL_CTX\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10350 5175 m
-gs 1 -1 sc (SSL_get_SSL_METHOD\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-11745 4770 m
-gs 1 -1 sc (->method) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-9945 6480 m
-gs 1 -1 sc (X509_STORE_CTX_get_app_data\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-10980 6705 m
-gs 1 -1 sc (SSL_CTX_get_cert_store\(\)) col0 sh gr
-/Helvetica-Narrow-iso ff 120.00 scf sf
-8280 5130 m
-gs 1 -1 sc (SSL_get_app_data2\(\)) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-3645 1620 m
-gs 1 -1 sc (SSLDirConfig) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-10935 3645 m
-gs 1 -1 sc (OpenSSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10935 3825 m
-gs 1 -1 sc ([SSL]) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-11025 5760 m
-gs 1 -1 sc (SSL_CIPHER) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10980 6165 m
-gs 1 -1 sc (SSL_SESSION) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-10710 7605 m
-gs 1 -1 sc (OpenSSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10575 7110 m
-gs 1 -1 sc (X509_STORE_CTX) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6795 2430 m
-gs 1 -1 sc (SSLModConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-8865 2430 m
-gs 1 -1 sc (SSLSrvConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6345 3555 m
-gs 1 -1 sc (ap_global_ctx) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6345 4455 m
-gs 1 -1 sc (server_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-6345 5355 m
-gs 1 -1 sc (conn_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-9720 5355 m
-gs 1 -1 sc (SSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10665 2430 m
-gs 1 -1 sc (SSLDirConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-7290 6255 m
-gs 1 -1 sc (BUFF) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-11025 5355 m
-gs 1 -1 sc (SSL_METHOD) col0 sh gr
-% Polyline
-15.000 slw
-n 750 225 m 450 225 450 8250 300 arcto 4 {pop} repeat
-  450 8550 12300 8550 300 arcto 4 {pop} repeat
-  12600 8550 12600 525 300 arcto 4 {pop} repeat
-  12600 225 750 225 300 arcto 4 {pop} repeat
- cp gs col0 s gr 
-/Helvetica-Bold-iso ff 180.00 scf sf
-11475 4455 m
-gs 1 -1 sc (SSL_CTX) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-8010 4950 m
-gs 1 -1 sc (request_rec) col0 sh gr
-/Times-Roman-iso ff 180.00 scf sf
-10575 675 m
-gs 1 -1 sc (Ralf S. Engelschall) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-4275 675 m
-gs 1 -1 sc (Apache+mod_ssl+OpenSSL) col0 sh gr
-/Times-Roman-iso ff 150.00 scf sf
-10575 855 m
-gs 1 -1 sc (rse@engelschall.com) col0 sh gr
-/Times-Roman-iso ff 150.00 scf sf
-10575 1035 m
-gs 1 -1 sc (www.engelschall.com) col0 sh gr
-/Times-Roman-iso ff 180.00 scf sf
-900 675 m
-gs 1 -1 sc (Version 1.3) col0 sh gr
-/Times-Roman-iso ff 180.00 scf sf
-900 855 m
-gs 1 -1 sc (12-Apr-1999) col0 sh gr
-/Helvetica-Bold-iso ff 360.00 scf sf
-3915 1080 m
-gs 1 -1 sc (Data Structure Overview) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-9720 7110 m
-gs 1 -1 sc (BIO) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-10710 7785 m
-gs 1 -1 sc ([Crypto]) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-8730 3465 m
-gs 1 -1 sc (mod_ssl) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-8145 6750 m
-gs 1 -1 sc (Apache) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-9000 8100 m
-gs 1 -1 sc (Chaining) col0 sh gr
-/Helvetica-Bold-iso ff 300.00 scf sf
-2745 8100 m
-gs 1 -1 sc (Lifetime) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-810 6255 m
-gs 1 -1 sc (ap_global_ctx) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-990 5805 m
-gs 1 -1 sc (SSLModConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-4050 4455 m
-gs 1 -1 sc (SSL_CTX) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-4455 5355 m
-gs 1 -1 sc (server_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-3870 4905 m
-gs 1 -1 sc (SSLSrvConfig) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-1845 4005 m
-gs 1 -1 sc (BUFF) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-2070 3555 m
-gs 1 -1 sc (conn_rec) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-2295 3105 m
-gs 1 -1 sc (BIO) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-2565 2655 m
-gs 1 -1 sc (SSL) col0 sh gr
-/Helvetica-Bold-iso ff 180.00 scf sf
-3915 2070 m
-gs 1 -1 sc (request_rec) col0 sh gr
-$F2psEnd
-rs
-showpage
diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.module b/usr.sbin/httpd/src/modules/ssl/libssl.module
deleted file mode 100644
index bac4dc9f860..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/libssl.module
+++ /dev/null
@@ -1,495 +0,0 @@
-##                      _             _ 
-##  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-## | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-## | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-## |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-##                      |_____|         
-##  libssl.module
-##  Apache 1.3 Configuration mechanism module stub
-##
-
-##
-##  ====================================================================
-##  Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
-## 
-##  Redistribution and use in source and binary forms, with or without
-##  modification, are permitted provided that the following conditions
-##  are met:
-## 
-##  1. Redistributions of source code must retain the above copyright
-##     notice, this list of conditions and the following disclaimer. 
-## 
-##  2. Redistributions in binary form must reproduce the above copyright
-##     notice, this list of conditions and the following
-##     disclaimer in the documentation and/or other materials
-##     provided with the distribution.
-## 
-##  3. All advertising materials mentioning features or use of this
-##     software must display the following acknowledgment:
-##     "This product includes software developed by 
-##      Ralf S. Engelschall  for use in the
-##      mod_ssl project (http://www.modssl.org/)."
-## 
-##  4. The names "mod_ssl" must not be used to endorse or promote
-##     products derived from this software without prior written
-##     permission. For written permission, please contact
-##     rse@engelschall.com.
-## 
-##  5. Products derived from this software may not be called "mod_ssl"
-##     nor may "mod_ssl" appear in their names without prior
-##     written permission of Ralf S. Engelschall.
-## 
-##  6. Redistributions of any form whatsoever must retain the following
-##     acknowledgment:
-##     "This product includes software developed by 
-##      Ralf S. Engelschall  for use in the
-##      mod_ssl project (http://www.modssl.org/)."
-## 
-##  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
-##  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-##  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-##  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
-##  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-##  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-##  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-##  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-##  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-##  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-##  OF THE POSSIBILITY OF SUCH DAMAGE.
-##  ====================================================================
-##
-
-                     # ``What you are missing, I suppose, is that I'm not
-                     #   prepared to give equal rights to Ralf on the basis
-                     #   that he's spent a few hours doing what he thinks is
-                     #   better than what I've spent the last 4 years on,
-                     #   and so he isn't prepared to cooperate with me.''
-                     #             -- Ben Laurie, Apache-SSL author
-
-Name: ssl_module
-ConfigStart
-
-    #
-    #   interface to the src/Configure script   
-    #
-    my_dir="`echo ${modfile} | sed -e 's:/[^/]*$::'`"
-    my_version="$my_dir/libssl.version"
-    my_outfile="Makefile.config"
-    my_prefix="      +"
-    my_prefixe="       "
-    SSL_CFLAGS=''
-    SSL_LDFLAGS=''
-    SSL_LIBS=''
-
-    #   
-    #   find a reasonable Bourne Shell for sub-shell calls
-    #
-    SH=/bin/sh
-
-    #
-    #   determine mod_ssl author version
-    #
-    A_ID=`cat $my_version | sed -e 's; .*;;'`
-    A_NAME=`echo $A_ID | sed -e 's;/.*;;'`
-    A_VER=`echo $A_ID | sed -e 's;.*/;;'`
-    A_VER_STR=`echo $A_VER | sed -e 's;-.*;;'`
-    case $A_VER_STR in
-        *.*b* )
-            A_VER_HEX=`echo "$A_VER_STR" | sed -e 's/b.*//' | awk -F. '{ printf("%d%02d", $1, $2); }' &&
-                       echo "$A_VER_STR" | sed -e 's/.*b//' | awk '{ printf("0%02d", $1); }'`
-            ;;
-        *.*.* )
-            A_VER_HEX=`echo "$A_VER_STR" | awk -F. '{ printf("%d%02d1%02d", $1, $2, $3); }'`
-            ;;
-    esac
-    echo "$my_prefix SSL interface: $A_NAME/$A_VER_STR"
-    SSL_VERSION="-DMOD_SSL_VERSION=\\\"$A_VER_STR\\\""
-  
-    #
-    #   determine optional mod_ssl product version
-    #
-    if [ ".`egrep '.*/.* .*/.*' $my_version`" != . ]; then
-        P_ID=`cat $my_version | sed -e 's;.* ;;'`
-        P_NAME=`echo $P_ID | sed -e 's;/.*;;'`
-        P_VER=`echo $P_ID | sed -e 's;.*/;;'`
-        P_VER_STR=`echo $P_VER | sed -e 's;-.*;;'`
-        case $P_VER_STR in
-            *.*b* )
-                P_VER_HEX=`echo "$P_VER_STR" | sed -e 's/b.*//' | awk -F. '{ printf("%d%02d", $1, $2); }' &&
-                           echo "$P_VER_STR" | sed -e 's/.*b//' | awk '{ printf("0%02d", $1); }'`
-                ;;
-            *.*.* )
-                P_VER_HEX=`echo "$P_VER_STR" | awk -F. '{ printf("%d%02d1%02d", $1, $2, $3); }'`
-                ;;
-        esac
-        echo "$my_prefix SSL product: $P_NAME/$P_VER_STR"
-        SSL_VERSION="$SSL_VERSION -DSSL_PRODUCT_NAME=\\\"$P_NAME\\\""
-        SSL_VERSION="$SSL_VERSION -DSSL_PRODUCT_VERSION=\\\"$P_VER_STR\\\""
-    fi
-
-    #
-    #   determine object build type
-    #
-    case $modfile in
-        *.so ) my_buildtype="DSO" ;;
-        *    ) my_buildtype="OBJ" ;;
-    esac
-    echo "$my_prefix SSL interface build type: $my_buildtype"
-
-    #   
-    #   determine SSL rules
-    #
-    if [ ".$APXS_MODE" = .YES ]; then
-        my_rule_SSL_COMPAT=$SSL_COMPAT
-        my_rule_SSL_SDBM=$SSL_SDBM
-        my_rule_SSL_EXPERIMENTAL=$SSL_EXPERIMENTAL
-        my_rule_SSL_CONSERVATIVE=$SSL_CONSERVATIVE
-        my_rule_SSL_VENDOR=$SSL_VENDOR
-    else
-        my_rule_SSL_COMPAT=`$SH helpers/CutRule SSL_COMPAT $file`
-        my_rule_SSL_SDBM=`$SH helpers/CutRule SSL_SDBM $file`
-        my_rule_SSL_EXPERIMENTAL=`$SH helpers/CutRule SSL_EXPERIMENTAL $file`
-        my_rule_SSL_CONSERVATIVE=`$SH helpers/CutRule SSL_CONSERVATIVE $file`
-        my_rule_SSL_VENDOR=`$SH helpers/CutRule SSL_VENDOR $file`
-    fi
-
-    #
-    #   determine compatibility mode
-    #
-    if [ ".$my_rule_SSL_COMPAT" = .yes ]; then
-        echo "$my_prefix SSL interface compatibility: enabled"
-        SSL_CFLAGS="$SSL_CFLAGS -DSSL_COMPAT"
-    else
-        echo "$my_prefix SSL interface compatibility: disabled"
-    fi
-
-    #
-    #   determine experimental mode
-    #
-    if [ ".$my_rule_SSL_EXPERIMENTAL" = .yes ]; then
-        echo "$my_prefix SSL interface experimental code: enabled"
-        SSL_CFLAGS="$SSL_CFLAGS -DSSL_EXPERIMENTAL"
-    else
-        echo "$my_prefix SSL interface experimental code: disabled"
-    fi
-
-    #
-    #   determine conservative mode
-    #
-    if [ ".$my_rule_SSL_CONSERVATIVE" = .yes ]; then
-        echo "$my_prefix SSL interface conservative code: enabled"
-        SSL_CFLAGS="$SSL_CFLAGS -DSSL_CONSERVATIVE"
-    else
-        echo "$my_prefix SSL interface conservative code: disabled"
-    fi
-
-    # 
-    #   determine vendor mode
-    #
-    SSL_VENDOR_OBJS=''
-    SSL_VENDOR_OBJS_PIC=''
-    if [ ".$my_rule_SSL_VENDOR" = .yes ]; then
-        echo "$my_prefix SSL interface vendor extensions: enabled"
-        SSL_CFLAGS="$SSL_CFLAGS -DSSL_VENDOR"
-        my_src="`cd $my_dir && echo ssl_vendor*.c`"
-        if [ ".$my_src" != . -a ".$my_src" != ".ssl_vendor*.c" ]; then
-            SSL_CFLAGS="$SSL_CFLAGS -DSSL_VENDOR_OBJS"
-            SSL_VENDOR_OBJS="`echo $my_src | sed -e 's;\.c;.o;g'`"
-            SSL_VENDOR_OBJS_PIC="`echo $my_src | sed -e 's;\.c;.lo;g'`"
-            echo "$my_prefix SSL interface vendor objects: $SSL_VENDOR_OBJS"
-        fi
-    else
-        echo "$my_prefix SSL interface vendor extensions: disabled"
-    fi
-
-    #
-    #   determine DBM support library
-    #   (src/Configure has DBM_LIB predefined for some platforms)
-    #
-    if [ ".$APXS_MODE" != .YES ]; then
-        SSL_DBM_NAME=''
-        #   1. check for predefined DBM lib
-        if [ ".$DBM_LIB" != . ]; then
-            LIBS_ORIG="$LIBS"
-            LIBS="$LIBS $DBM_LIB"
-            if $SH helpers/TestCompile func dbm_open; then
-                SSL_DBM_NAME="Configured DBM ($DBM_LIB)"
-                SSL_DBM_FLAG="$DBM_LIB"
-            fi
-            LIBS="$LIBS_ORIG"
-        fi
-        #   2. check for various vendor DBM libs
-        if [ ".$SSL_DBM_NAME" = . ]; then
-            if $SH helpers/TestCompile func dbm_open; then
-                SSL_DBM_NAME='Vendor DBM (libc)'
-                SSL_DBM_FLAG=''
-            elif $SH helpers/TestCompile lib dbm dbm_open; then
-                SSL_DBM_NAME='Vendor DBM (libdbm)'
-                SSL_DBM_FLAG='-ldbm'
-            elif $SH helpers/TestCompile lib ndbm dbm_open; then
-                SSL_DBM_NAME='Vendor DBM (libndbm)'
-                SSL_DBM_FLAG='-lndbm'
-            fi
-        fi
-        #   3. let the SSL_SDBM rule override decisions
-        if [ ".$my_rule_SSL_SDBM" = .yes ]; then
-            # force us to fallback to SDBM
-            SSL_DBM_NAME='' 
-        fi
-        if [ ".$my_rule_SSL_SDBM" = .no ]; then
-            #   for us to never use SDBM,  but be
-            #   careful when no DBM was found at all
-            if [ ".$SSL_DBM_NAME" = . ]; then
-                echo "Error: SDBM is needed, because no custom or vendor DBM library available!" 1>&2  
-                echo "Hint:  Allow us to choose SDBM by changing the rule SSL_SDBM, please." 1>&2  
-                exit 1
-            fi
-        fi
-        #   4. override decision on a few brain-dead platforms
-        if [ ".$my_rule_SSL_SDBM" = .default ]; then
-            case "$PLAT" in
-                *-linux* )
-                    #   force Linux boxes to use builtin SDBM per default because 
-                    #   of too much broken vendor DBM libraries on this platform
-                    SSL_DBM_NAME=''
-                    ;;
-            esac
-        fi
-        #   5. finally configure the chosen DBM lib
-        if [ ".$SSL_DBM_NAME" != . ]; then
-            echo "$my_prefix SSL interface plugin: $SSL_DBM_NAME"
-            my_dbm_already_used=`echo $LIBS | grep -- " $SSL_DBM_FLAG"`
-            if [ ".$my_buildtype" = .OBJ -a ".$my_dbm_already_used" != . ]; then
-                :
-            else
-                SSL_LIBS="$SSL_LIBS $SSL_DBM_FLAG"
-            fi
-        else
-            echo "$my_prefix SSL interface plugin: Built-in SDBM"
-            SSL_CFLAGS="$SSL_CFLAGS -DSSL_USE_SDBM"
-        fi
-    fi
-
-    #
-    #   determine SSL_BASE
-    #
-    if [ ".$SSL_BASE" = . ]; then
-        SSL_BASE=`egrep '^SSL_BASE=' $file | sed -n -e '$p' | awk -F= '{print $2}'`
-        if [ ".$SSL_BASE" = . ]; then
-            if [ -d /usr/local/ssl ]; then
-                SSL_BASE="/usr/local/ssl"
-            else
-                SSL_BASE="SYSTEM"
-            fi
-        fi
-    fi
-    case $SSL_BASE in
-        SYSTEM ) ;;
-        /* ) ;;
-         * ) SSL_BASE="`cd ../$SSL_BASE; pwd`" ;;
-    esac
-    if [ ".$SSL_BASE" = .SYSTEM ]; then
-        echo "$my_prefix SSL library path: [SYSTEM]"
-    else
-        if [ ! -d "$SSL_BASE" ]; then
-            echo "Error: Cannot find SSL installation in $SSL_BASE" 1>&2  
-            echo "Hint:  Please provide us with the location of OpenSSL" 1>&2
-            echo "       via the environment variable SSL_BASE." 1>&2
-            exit 1
-        fi
-        echo "$my_prefix SSL library path: $SSL_BASE"
-    fi
-
-    #
-    #   determine location of OpenSSL binaries
-    #   (we still search also for `ssleay' to allow us to
-    #   better complain about the actually installed version)
-    #
-    SSL_BINDIR=""
-    if [ ".$SSL_BASE" = .SYSTEM ]; then
-        for name in openssl ssleay; do
-            for p in . `echo $PATH | sed -e 's/:/ /g'`; do
-                if [ -f "$p/$name" ]; then
-                    SSL_PROGRAM="$p/$name"
-                    SSL_BINDIR="$p"
-                    break
-                fi
-            done
-            if [ ".$SSL_BINDIR" != . ]; then
-                break;
-            fi
-        done
-        if [ ".$SSL_BINDIR" = . ]; then
-            echo "Error: Cannot find SSL binaries in $PATH" 1>&2
-            exit 1
-        fi
-    else
-        for name in openssl ssleay; do
-            if [ -f "$SSL_BASE/bin/$name" ]; then
-                SSL_PROGRAM="$SSL_BASE/bin/$name"
-                SSL_BINDIR='$(SSL_BASE)/bin'
-                break;
-            fi
-            if [ -f "$SSL_BASE/sbin/$name" ]; then
-                SSL_PROGRAM="$SSL_BASE/sbin/$name"
-                SSL_BINDIR='$(SSL_BASE)/sbin'
-                break;
-            fi
-            if [ -f "$SSL_BASE/apps/$name" ]; then
-                SSL_PROGRAM="$SSL_BASE/apps/$name"
-                SSL_BINDIR='$(SSL_BASE)/apps'
-                break;
-            fi
-        done
-        if [ ".$SSL_BINDIR" = . ]; then
-            echo "Error: Cannot find SSL binaries under $SSL_BASE" 1>&2
-            exit 1
-        fi
-    fi
-
-    #
-    #   SSL version
-    #
-    SSL_VERSION_ID="`$SSL_PROGRAM version`"
-    echo "$my_prefix SSL library version: $SSL_VERSION_ID"
-    case $SSL_VERSION_ID in
-        *0.[5678].*|*0.9.[012]* )
-            echo "Error: OpenSSL VERSIONS BELOW 0.9.3 ARE NO LONGER SUPPORTED."
-            echo "Hint:  Use OpenSSL version 0.9.3 or higher!"
-            exit 1
-            ;;
-    esac
-
-    #
-    #   SSL engine support
-    #
-    case $SSL_VERSION_ID in
-        *0.9.6*engine* | *0.9.6a*engine* | *0.9.[789]* )
-            SSL_CFLAGS="$SSL_CFLAGS -DSSL_ENGINE"
-            ;;
-    esac
-
-    #
-    #   determine location of OpenSSL headers
-    #
-    if [ ".$SSL_BASE" = .SYSTEM ]; then
-        SSL_INCDIR=""
-        for p in . /usr/include /usr/include/ssl/ /usr/local/include /usr/local/include/ssl; do
-            if [ -f "$p/openssl/ssl.h" ]; then
-                SSL_INCDIR="$p"
-                break
-            fi
-        done
-        if [ ".$SSL_INCDIR" = . ]; then
-            echo "Error: Cannot find SSL header files in any of the following dirs:" 1>&2
-            echo "Error: . /usr/include /usr/include/ssl/ /usr/local/include /usr/local/include/ssl" 1>&2
-            exit 1
-        fi
-    else
-        if [ -f "$SSL_BASE/include/openssl/ssl.h" ]; then
-            SSL_INCDIR='$(SSL_BASE)/include'
-        else
-            echo "Error: Cannot find SSL header files under $SSL_BASE" 1>&2
-            exit 1
-        fi
-    fi
-    if [ ".$SSL_INCDIR" != "./usr/include" ]; then
-        SSL_CFLAGS="$SSL_CFLAGS -I\$(SSL_INCDIR)"
-    fi
-
-    #
-    #  determine location of OpenSSL libraries
-    #
-    if [ ".$SSL_BASE" = .SYSTEM ]; then
-        SSL_LIBDIR=""
-        for p in . /lib /usr/lib /usr/local/lib; do
-            if [ -f "$p/libssl.a" -o -f "$p/libssl.so" ]; then
-                SSL_LIBDIR="$p"
-                my_real_ssl_libdir="$p"
-                break
-            fi
-        done
-        if [ ".$SSL_LIBDIR" = . ]; then
-            echo "Error: Cannot find SSL library files in any of the following dirs:" 1>&2
-            echo "Error: . /lib /usr/lib /usr/local/lib" 1>&2
-            exit 1
-        fi
-    else
-        if [ -f "$SSL_BASE/libssl.a" -o -f "$SSL_BASE/libssl.so" ]; then
-            SSL_LIBDIR='$(SSL_BASE)'
-            my_real_ssl_libdir="$SSL_BASE"
-        elif [ -f "$SSL_BASE/lib/libssl.a" -o -f "$SSL_BASE/lib/libssl.so" ]; then
-            SSL_LIBDIR='$(SSL_BASE)/lib'
-            my_real_ssl_libdir="$SSL_BASE/lib"
-        else
-            echo "Error: Cannot find SSL library files under $SSL_BASE" 1>&2
-            exit 1
-        fi
-    fi
-    SSL_LDFLAGS="$SSL_LDFLAGS -L\$(SSL_LIBDIR)"
-    SSL_LIBS="$SSL_LIBS -lssl -lcrypto"
-
-    #
-    #   SSL installation type
-    #
-    case $SSL_BINDIR in
-        */apps ) my_type="source tree only" ;;
-             * ) my_type="installed package" ;;
-    esac
-    case $SSL_BASE in
-        SYSTEM ) my_note="(system-wide)" ;;
-        *      ) my_note="(stand-alone)" ;;
-    esac
-    echo "$my_prefix SSL library type: $my_type $my_note"
-
-    #
-    #   Special GCC/DSO support
-    #
-    #   Under some platforms where GCC is used we have to link the DSO
-    #   (libssl.so) explicitly against the GCC library (libgcc) to avoid
-    #   problems with missing symbols like __umoddi3, etc.
-    #
-    #   Notice: When GCC is installed as "cc" we assume it's really
-    #           well incorporated into the system and no hack is
-    #           needed (like on FreeBSD, Linux, etc.)
-    #
-    if [ ".$my_buildtype" = .DSO ]; then
-        my_CC=`echo "$CC" | sed -e 's/ .*//'`
-        case $my_CC in
-            gcc|*/gcc|egcs|*/egcs|egcc|*/egcc|pgcc|*/pgcc )
-                gcclibdir="`$CC --print-libgcc-file-name | sed -e 's;/[^/]*$;;'`"
-                SSL_LIBS="$SSL_LIBS -L$gcclibdir -lgcc"
-                ;;
-        esac
-    fi
-
-    #
-    #   adjust the Apache build environment
-    #
-    echo "SSL_BASE=$SSL_BASE" >>$my_outfile
-    echo "SSL_BINDIR=$SSL_BINDIR" >>$my_outfile
-    echo "SSL_INCDIR=$SSL_INCDIR" >>$my_outfile
-    echo "SSL_LIBDIR=$SSL_LIBDIR" >>$my_outfile
-    echo "SSL_PROGRAM=$SSL_PROGRAM" >>$my_outfile
-    echo "SSL_VERSION=$SSL_VERSION" >>$my_outfile
-    echo "SSL_CFLAGS=$SSL_CFLAGS" >>$my_outfile
-    echo "SSL_VENDOR_OBJS=$SSL_VENDOR_OBJS" >>$my_outfile
-    echo "SSL_VENDOR_OBJS_PIC=$SSL_VENDOR_OBJS_PIC" >>$my_outfile
-    if [ ".$my_buildtype" = .DSO ]; then
-        #   under DSO we link ourself
-        echo "SSL_LIBS=$SSL_LIBS" >>$my_outfile
-        echo "SSL_LDFLAGS=$SSL_LDFLAGS" >>$my_outfile
-    else
-        #   else we are linked with httpd
-        LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
-        LIBS="$LIBS $SSL_LIBS"
-    fi
-    CFLAGS="$CFLAGS -DMOD_SSL=$A_VER_HEX"
-    if [ ".$P_ID" != . ]; then
-        CFLAGS="$CFLAGS -DSSL_PRODUCT=$P_VER_HEX"
-    fi
-    RULE_EAPI=yes
-
-ConfigEnd
-
diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.version b/usr.sbin/httpd/src/modules/ssl/libssl.version
deleted file mode 100644
index 041ddcfe1c1..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/libssl.version
+++ /dev/null
@@ -1 +0,0 @@
-mod_ssl/2.8.16-1.3.29
diff --git a/usr.sbin/httpd/src/modules/ssl/mod_ssl.c b/usr.sbin/httpd/src/modules/ssl/mod_ssl.c
deleted file mode 100644
index 216700bab2f..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/mod_ssl.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  mod_ssl.c
-**  Apache API interface structures
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``I'll be surprised if
-                                  others think that what you
-                                  are doing is honourable.''
-                                    -- Ben Laurie, Apache-SSL author */
-#include "mod_ssl.h"
-
-/*  _________________________________________________________________
-**
-**  Apache API glue structures
-**  _________________________________________________________________
-*/
-
-/*
- *  identify the module to SCCS `what' and RCS `ident' commands
- */
-static char const sccsid[] = "@(#) mod_ssl/" MOD_SSL_VERSION " >";
-static char const rcsid[]  = "$Id: mod_ssl.c,v 1.14 2013/07/16 13:22:55 jsing Exp $";
-
-/*
- *  the table of configuration directives we provide
- */
-static command_rec ssl_config_cmds[] = {
-    /*
-     * Global (main-server) context configuration directives
-     */
-    AP_SRV_CMD(Mutex, TAKE1,
-               "SSL lock for handling internal mutual exclusions "
-               "(`none', `file:/path/to/file')")
-    AP_SRV_CMD(PassPhraseDialog, TAKE1,
-               "SSL dialog mechanism for the pass phrase query "
-               "(`builtin', `exec:/path/to/program')")
-    AP_SRV_CMD(SessionCache, TAKE1,
-               "SSL Session Cache storage "
-               "(`none', `dbm:/path/to/file')")
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    AP_SRV_CMD(CryptoDevice, TAKE1,
-               "SSL external Crypto Device usage "
-               "(`builtin', `...')")
-#endif
-    AP_SRV_CMD(RandomSeed, TAKE23,
-               "SSL Pseudo Random Number Generator (PRNG) seeding source "
-               "(`startup|connect builtin|file:/path|exec:/path [bytes]')")
-
-    /*
-     * Per-server context configuration directives
-     */
-    AP_SRV_CMD(Engine, FLAG,
-               "SSL switch for the protocol engine "
-               "(`on', `off')")
-    AP_SRV_CMD(Compression, FLAG,
-               "Use SSL compression "
-               "(`on', `off')")
-    AP_ALL_CMD(CipherSuite, TAKE1,
-               "Colon-delimited list of permitted SSL Ciphers "
-               "(`XXX:...:XXX' - see manual)")
-    AP_SRV_CMD(ECDHCurve, TAKE1,
-               "Name of ECDH curve to use for ephemeral EC keys "
-               "(`curve' - see manual)")
-    AP_SRV_CMD(HonorCipherOrder, FLAG,
-		"Let the server determine preferred ciphers "
-		"(`on', `off')")
-    AP_SRV_CMD(CertificateFile, TAKE1,
-               "SSL Server Certificate file "
-               "(`/path/to/file' - PEM or DER encoded)")
-    AP_SRV_CMD(CertificateKeyFile, TAKE1,
-               "SSL Server Private Key file "
-               "(`/path/to/file' - PEM or DER encoded)")
-    AP_SRV_CMD(CertificateChainFile, TAKE1,
-               "SSL Server CA Certificate Chain file "
-               "(`/path/to/file' - PEM encoded)")
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    AP_ALL_CMD(CACertificatePath, TAKE1,
-               "SSL CA Certificate path "
-               "(`/path/to/dir' - contains PEM encoded files)")
-    AP_ALL_CMD(CACertificateFile, TAKE1,
-               "SSL CA Certificate file "
-               "(`/path/to/file' - PEM encoded)")
-#else
-    AP_SRV_CMD(CACertificatePath, TAKE1,
-               "SSL CA Certificate path "
-               "(`/path/to/dir' - contains PEM encoded files)")
-    AP_SRV_CMD(CACertificateFile, TAKE1,
-               "SSL CA Certificate file "
-               "(`/path/to/file' - PEM encoded)")
-#endif
-    AP_SRV_CMD(CARevocationPath, TAKE1,
-               "SSL CA Certificate Revocation List (CRL) path "
-               "(`/path/to/dir' - contains PEM encoded files)")
-    AP_SRV_CMD(CARevocationFile, TAKE1,
-               "SSL CA Certificate Revocation List (CRL) file "
-               "(`/path/to/file' - PEM encoded)")
-    AP_ALL_CMD(VerifyClient, TAKE1,
-               "SSL Client verify type "
-               "(`none', `optional', `require', `optional_no_ca')")
-    AP_ALL_CMD(VerifyDepth, TAKE1,
-               "SSL Client verify depth "
-               "(`N' - number of intermediate certificates)")
-    AP_SRV_CMD(SessionCacheTimeout, TAKE1,
-               "SSL Session Cache object lifetime "
-               "(`N' - number of seconds)")
-    AP_SRV_CMD(Log, TAKE1,
-               "SSL logfile for SSL-related messages "
-               "(`/path/to/file', `|/path/to/program')")
-    AP_SRV_CMD(LogLevel, TAKE1,
-               "SSL logfile verbosity level "
-               "(`none', `error', `warn', `info', `debug')")
-    AP_SRV_CMD(Protocol, RAW_ARGS,
-               "Enable or disable various SSL protocols"
-               "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-    /* 
-     * Proxy configuration for remote SSL connections
-     */
-    AP_SRV_CMD(ProxyProtocol, RAW_ARGS,
-               "SSL Proxy: enable or disable SSL protocol flavors "
-               "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
-    AP_SRV_CMD(ProxyCipherSuite, TAKE1,
-               "SSL Proxy: colon-delimited list of permitted SSL ciphers "
-               "(`XXX:...:XXX' - see manual)")
-    AP_SRV_CMD(ProxyVerify, FLAG,
-               "SSL Proxy: whether to verify the remote certificate "
-               "(`on' or `off')")
-    AP_SRV_CMD(ProxyVerifyDepth, TAKE1,
-               "SSL Proxy: maximum certificate verification depth "
-               "(`N' - number of intermediate certificates)")
-    AP_SRV_CMD(ProxyCACertificateFile, TAKE1,
-               "SSL Proxy: file containing server certificates "
-               "(`/path/to/file' - PEM encoded certificates)")
-    AP_SRV_CMD(ProxyCACertificatePath, TAKE1,
-               "SSL Proxy: directory containing server certificates "
-               "(`/path/to/dir' - contains PEM encoded certificates)")
-    AP_SRV_CMD(ProxyMachineCertificateFile, TAKE1,
-               "SSL Proxy: file containing client certificates "
-               "(`/path/to/file' - PEM encoded certificates)")
-    AP_SRV_CMD(ProxyMachineCertificatePath, TAKE1,
-               "SSL Proxy: directory containing client certificates "
-               "(`/path/to/dir' - contains PEM encoded certificates)")
-#endif
-
-    /*
-     * Per-directory context configuration directives
-     */
-    AP_DIR_CMD(Options, OPTIONS, RAW_ARGS,
-               "Set one of more options to configure the SSL engine"
-               "(`[+-]option[=value] ...' - see manual)")
-    AP_DIR_CMD(RequireSSL, AUTHCFG, NO_ARGS,
-               "Require the SSL protocol for the per-directory context "
-               "(no arguments)")
-    AP_DIR_CMD(Require, AUTHCFG, RAW_ARGS,
-               "Require a boolean expression to evaluate to true for granting access"
-               "(arbitrary complex boolean expression - see manual)")
-
-    AP_END_CMD
-};
-
-static const handler_rec ssl_config_handler[] = {
-    { "mod_ssl:content-handler", ssl_hook_Handler },
-    { NULL, NULL }
-};
-
-/*
- *  the main Apache API config structure
- */
-module MODULE_VAR_EXPORT ssl_module = {
-    STANDARD_MODULE_STUFF,
-
-    /* Standard API (always present) */
-
-    ssl_init_Module,          /* module initializer                  */
-    ssl_config_perdir_create, /* create per-dir    config structures */
-    ssl_config_perdir_merge,  /* merge  per-dir    config structures */
-    ssl_config_server_create, /* create per-server config structures */
-    ssl_config_server_merge,  /* merge  per-server config structures */
-    ssl_config_cmds,          /* table of config file commands       */
-    ssl_config_handler,       /* [#8] MIME-typed-dispatched handlers */
-    ssl_hook_Translate,       /* [#1] URI to filename translation    */
-    ssl_hook_Auth,            /* [#4] validate user id from request  */
-    ssl_hook_UserCheck,       /* [#5] check if the user is ok _here_ */
-    ssl_hook_Access,          /* [#3] check access by host address   */
-    NULL,                     /* [#6] determine MIME type            */
-    ssl_hook_Fixup,           /* [#7] pre-run fixups                 */
-    NULL,                     /* [#9] log a transaction              */
-    NULL,                     /* [#2] header parser                  */
-    ssl_init_Child,           /* child_init                          */
-    NULL,                     /* child_exit                          */
-    ssl_hook_ReadReq,         /* [#0] post read-request              */
-
-    /* Extended API (forced to be enabled with mod_ssl) */
-
-    ssl_hook_AddModule,       /* after modules was added to core     */
-    ssl_hook_RemoveModule,    /* before module is removed from core  */
-    ssl_hook_RewriteCommand,  /* configuration command rewriting     */
-    ssl_hook_NewConnection,   /* socket connection open              */
-    ssl_hook_CloseConnection  /* socket connection close             */
-};
-
diff --git a/usr.sbin/httpd/src/modules/ssl/mod_ssl.h b/usr.sbin/httpd/src/modules/ssl/mod_ssl.h
deleted file mode 100644
index d63a89910df..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/mod_ssl.h
+++ /dev/null
@@ -1,787 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  mod_ssl.h
-**  Global header
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``The Apache Group: a collection
-                                  of talented individuals who are
-                                  trying to perfect the art of
-                                  never finishing something.''
-                                             -- Rob Hartill         */
-#ifndef MOD_SSL_H
-#define MOD_SSL_H 1
-
-/* 
- * Optionally enable the experimental stuff, but allow the user to
- * override the decision which experimental parts are included by using
- * CFLAGS="-DSSL_EXPERIMENTAL_xxxx_IGNORE".
- */
-#ifdef SSL_EXPERIMENTAL
-#ifndef SSL_EXPERIMENTAL_PERDIRCA_IGNORE
-#define SSL_EXPERIMENTAL_PERDIRCA
-#endif
-#ifndef SSL_EXPERIMENTAL_PROXY_IGNORE
-#define SSL_EXPERIMENTAL_PROXY
-#endif
-#ifdef SSL_ENGINE
-#ifndef SSL_EXPERIMENTAL_ENGINE_IGNORE
-#define SSL_EXPERIMENTAL_ENGINE
-#endif
-#endif
-#endif /* SSL_EXPERIMENTAL */
-
-/*
- * Power up our brain...
- */
-
-/* OS headers */
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-/* OpenSSL headers */
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#ifdef SSL_EXPERIMENTAL_ENGINE
-#include 
-#endif
-
-/* Apache headers */
-#define CORE_PRIVATE
-#include "ap_config.h"
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_protocol.h"
-#include "http_request.h"
-#include "http_main.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "scoreboard.h"
-#include "util_md5.h"
-#include "fnmatch.h"
-#undef CORE_PRIVATE
-
-/* mod_ssl headers */
-#include "ssl_expr.h"
-#include "ssl_util_ssl.h"
-#include "ssl_util_table.h"
-
-/*
- * Provide reasonable default for some defines
- */
-#ifndef FALSE
-#define FALSE (0)
-#endif
-#ifndef TRUE
-#define TRUE (!FALSE)
-#endif
-#ifndef PFALSE
-#define PFALSE ((void *)FALSE)
-#endif
-#ifndef PTRUE
-#define PTRUE ((void *)TRUE)
-#endif
-#ifndef UNSET
-#define UNSET (-1)
-#endif
-#ifndef NUL
-#define NUL '\0'
-#endif
-#ifndef RAND_MAX
-#include 
-#define RAND_MAX INT_MAX
-#endif
-
-/*
- * Provide reasonable defines for some types
- */
-#ifndef BOOL
-#define BOOL unsigned int
-#endif
-#ifndef UCHAR
-#define UCHAR unsigned char
-#endif
-
-/*
- * Provide useful shorthands
- */
-#define strEQ(s1,s2)     (strcmp(s1,s2)        == 0)
-#define strNE(s1,s2)     (strcmp(s1,s2)        != 0)
-#define strEQn(s1,s2,n)  (strncmp(s1,s2,n)     == 0)
-#define strNEn(s1,s2,n)  (strncmp(s1,s2,n)     != 0)
-
-#define strcEQ(s1,s2)    (strcasecmp(s1,s2)    == 0)
-#define strcNE(s1,s2)    (strcasecmp(s1,s2)    != 0)
-#define strcEQn(s1,s2,n) (strncasecmp(s1,s2,n) == 0)
-#define strcNEn(s1,s2,n) (strncasecmp(s1,s2,n) != 0)
-
-#define strIsEmpty(s)    (s == NULL || s[0] == NUL)
-
-#define cfgMerge(el,unset)  new->el = add->el == unset ? base->el : add->el
-#define cfgMergeArray(el)   new->el = ap_append_arrays(p, add->el, base->el)
-#define cfgMergeTable(el)   new->el = ap_overlay_tables(p, add->el, base->el)
-#define cfgMergeCtx(el)     new->el = ap_ctx_overlay(p, add->el, base->el)
-#define cfgMergeString(el)  cfgMerge(el, NULL)
-#define cfgMergeBool(el)    cfgMerge(el, UNSET)
-#define cfgMergeInt(el)     cfgMerge(el, UNSET)
-
-#define myModConfig()    (SSLModConfigRec *)ap_ctx_get(ap_global_ctx, "ssl_module")
-#define mySrvConfig(srv) (SSLSrvConfigRec *)ap_get_module_config(srv->module_config,  &ssl_module)
-#define myDirConfig(req) (SSLDirConfigRec *)ap_get_module_config(req->per_dir_config, &ssl_module)
-
-#define myCtxVarSet(mc,num,val)  mc->rCtx.pV##num = val
-#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
-
-#define AP_ALL_CMD(name, args, desc) \
-        { "SSL"#name, ssl_cmd_SSL##name, NULL, RSRC_CONF|OR_AUTHCFG, args, desc },
-#define AP_SRV_CMD(name, args, desc) \
-        { "SSL"#name, ssl_cmd_SSL##name, NULL, RSRC_CONF, args, desc },
-#define AP_DIR_CMD(name, type, args, desc) \
-        { "SSL"#name, ssl_cmd_SSL##name, NULL, OR_##type, args, desc },
-#define AP_END_CMD \
-        { NULL }
-
-/*
- * SSL Logging
- */
-#define SSL_LOG_NONE    (1<<0)
-#define SSL_LOG_ERROR   (1<<1)
-#define SSL_LOG_WARN    (1<<2)
-#define SSL_LOG_INFO    (1<<3)
-#define SSL_LOG_TRACE   (1<<4)
-#define SSL_LOG_DEBUG   (1<<5)
-#define SSL_LOG_MASK    (SSL_LOG_ERROR|SSL_LOG_WARN|SSL_LOG_INFO|SSL_LOG_TRACE|SSL_LOG_DEBUG)
-
-#define SSL_ADD_NONE     (1<<8)
-#define SSL_ADD_ERRNO    (1<<9)
-#define SSL_ADD_SSLERR   (1<<10)
-#define SSL_NO_TIMESTAMP (1<<11)
-#define SSL_NO_LEVELID   (1<<12)
-#define SSL_NO_NEWLINE   (1<<13)
-
-/*
- * Defaults for the configuration
- */
-#ifndef SSL_SESSION_CACHE_TIMEOUT
-#define SSL_SESSION_CACHE_TIMEOUT  300
-#endif
-
-/*
- * Support for file locking: Try to determine whether we should use fcntl() or
- * flock().  Would be better ap_config.h could provide this... :-(
-  */
-#if defined(USE_FLOCK_SERIALIZED_ACCEPT)
-#define SSL_USE_FLOCK 1
-#include 
-#endif
-#if !defined(SSL_USE_FCNTL) && !defined(SSL_USE_FLOCK)
-#define SSL_USE_FLOCK 1
-#include 
-#ifndef LOCK_UN
-#undef SSL_USE_FLOCK
-#define SSL_USE_FCNTL 1
-#include 
-#endif
-#endif
-
-/*
- * Support for Mutex
- */
-#define SSL_MUTEX_LOCK_MODE ( S_IRUSR|S_IWUSR )
-#define SSL_CAN_USE_SEM
-#define SSL_HAVE_IPCSEM
-#include 
-#include 
-#include 
-/* 
- * Some platforms have a `union semun' pre-defined but Single Unix
- * Specification (SUSv2) says in semctl(2): `If required, it is of
- * type union semun, which the application program must explicitly
- * declare'. So we define it always ourself to avoid problems (but under
- * a different name to avoid a namespace clash).
- */
-union ssl_ipc_semun {
-    long val;
-    struct semid_ds *buf;
-    unsigned short int *array;
-};
-
-/*
- * Support for MM library
- */
-#define SSL_MM_FILE_MODE ( S_IRUSR|S_IWUSR )
-
-/*
- * Support for DBM library
- */
-#define SSL_DBM_FILE_MODE ( S_IRUSR|S_IWUSR )
-
-#include 
-#define ssl_dbm_open     dbm_open
-#define ssl_dbm_close    dbm_close
-#define ssl_dbm_store    dbm_store
-#define ssl_dbm_fetch    dbm_fetch
-#define ssl_dbm_delete   dbm_delete
-#define ssl_dbm_firstkey dbm_firstkey
-#define ssl_dbm_nextkey  dbm_nextkey
-#if !defined(SSL_DBM_FILE_SUFFIX_DIR) && !defined(SSL_DBM_FILE_SUFFIX_PAG)
-#if defined(DBM_SUFFIX)
-#define SSL_DBM_FILE_SUFFIX_DIR DBM_SUFFIX
-#define SSL_DBM_FILE_SUFFIX_PAG DBM_SUFFIX
-#elif defined(__FreeBSD__) || (defined(DB_LOCK) && defined(DB_SHMEM))
-#define SSL_DBM_FILE_SUFFIX_DIR ".db"
-#define SSL_DBM_FILE_SUFFIX_PAG ".db"
-#else
-#define SSL_DBM_FILE_SUFFIX_DIR ".dir"
-#define SSL_DBM_FILE_SUFFIX_PAG ".pag"
-#endif
-#endif
-
-/*
- * Check for OpenSSL version 
- */
-#if SSL_LIBRARY_VERSION < 0x00907000
-#error "mod_ssl requires OpenSSL 0.9.7 or higher"
-#endif
-
-/*
- * The own data structures
- */
-typedef struct {
-    pool *pPool;
-    pool *pSubPool;
-    array_header *aData;
-} ssl_ds_array;
-
-typedef struct {
-    pool *pPool;
-    pool *pSubPool;
-    array_header *aKey;
-    array_header *aData;
-} ssl_ds_table;
-
-/*
- * Define the certificate algorithm types
- */
-
-typedef int ssl_algo_t;
-
-#define SSL_ALGO_UNKNOWN (0)
-#define SSL_ALGO_RSA     (1<<0)
-#define SSL_ALGO_DSA     (1<<1)
-#define SSL_ALGO_ALL     (SSL_ALGO_RSA|SSL_ALGO_DSA)
-
-#define SSL_AIDX_RSA     (0)
-#define SSL_AIDX_DSA     (1)
-#define SSL_AIDX_MAX     (2)
-
-/*
- * Define IDs for the temporary RSA keys and DH params
- */
-
-#define SSL_TKP_GEN        (0)
-#define SSL_TKP_ALLOC      (1)
-#define SSL_TKP_FREE       (2)
-
-#define SSL_TKPIDX_RSA512  (0)
-#define SSL_TKPIDX_RSA1024 (1)
-#define SSL_TKPIDX_DH512   (2)
-#define SSL_TKPIDX_DH1024  (3)
-#define SSL_TKPIDX_MAX     (4)
-
-/*
- * Define the SSL options
- */
-#define SSL_OPT_NONE           (0)
-#define SSL_OPT_RELSET         (1<<0)
-#define SSL_OPT_STDENVVARS     (1<<1)
-#define SSL_OPT_COMPATENVVARS  (1<<2)
-#define SSL_OPT_EXPORTCERTDATA (1<<3)
-#define SSL_OPT_FAKEBASICAUTH  (1<<4)
-#define SSL_OPT_STRICTREQUIRE  (1<<5)
-#define SSL_OPT_OPTRENEGOTIATE (1<<6)
-#define SSL_OPT_ALL            (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE)
-typedef int ssl_opt_t;
-
-/*
- * Define the SSL Protocol options
- */
-#define SSL_PROTOCOL_NONE  (0)
-#define SSL_PROTOCOL_SSLV2 (1<<0)
-#define SSL_PROTOCOL_SSLV3 (1<<1)
-#define SSL_PROTOCOL_TLSV1 (1<<2)
-#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_SSLV2|SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1)
-typedef int ssl_proto_t;
-
-/*
- * Define the SSL verify levels
- */
-typedef enum {
-    SSL_CVERIFY_UNSET           = UNSET,
-    SSL_CVERIFY_NONE            = 0,
-    SSL_CVERIFY_OPTIONAL        = 1,
-    SSL_CVERIFY_REQUIRE         = 2,
-    SSL_CVERIFY_OPTIONAL_NO_CA  = 3
-} ssl_verify_t;
-
-/*
- * Define the SSL pass phrase dialog types
- */
-typedef enum {
-    SSL_PPTYPE_UNSET   = UNSET,
-    SSL_PPTYPE_BUILTIN = 0,
-    SSL_PPTYPE_FILTER  = 1
-} ssl_pphrase_t;
-
-/*
- * Define the Path Checking modes
- */
-#define SSL_PCM_EXISTS     1
-#define SSL_PCM_ISREG      2
-#define SSL_PCM_ISDIR      4
-#define SSL_PCM_ISNONZERO  8
-typedef unsigned int ssl_pathcheck_t;
-
-/*
- * Define the SSL session cache modes and structures
- */
-typedef enum {
-    SSL_SCMODE_UNSET = UNSET,
-    SSL_SCMODE_NONE  = 0,
-    SSL_SCMODE_DBM   = 1,
-    SSL_SCMODE_SHMHT = 2,
-    SSL_SCMODE_SHMCB = 3
-} ssl_scmode_t;
-
-/*
- * Define the SSL mutex modes
- */
-typedef enum {
-    SSL_MUTEXMODE_UNSET  = UNSET,
-    SSL_MUTEXMODE_NONE   = 0,
-    SSL_MUTEXMODE_FILE   = 1,
-    SSL_MUTEXMODE_SEM    = 2
-} ssl_mutexmode_t;
-
-/*
- * Define the SSL requirement structure
- */
-typedef struct {
-    char     *cpExpr;
-    ssl_expr *mpExpr;
-} ssl_require_t;
-
-/*
- * Define the SSL random number generator seeding source
- */
-typedef enum {
-    SSL_RSCTX_STARTUP = 1,
-    SSL_RSCTX_CONNECT = 2
-} ssl_rsctx_t;
-typedef enum {
-    SSL_RSSRC_BUILTIN = 1,
-    SSL_RSSRC_FILE    = 2,
-    SSL_RSSRC_EXEC    = 3
-   ,SSL_RSSRC_EGD     = 4
-} ssl_rssrc_t;
-typedef struct {
-    ssl_rsctx_t  nCtx;
-    ssl_rssrc_t  nSrc;
-    char        *cpPath;
-    int          nBytes;
-} ssl_randseed_t;
-
-/*
- * Define the structure of an ASN.1 anything
- */
-typedef struct {
-    long int       nData;
-    unsigned char *cpData;
-} ssl_asn1_t;
-
-/*
- * Define the mod_ssl per-module configuration structure
- * (i.e. the global configuration for each httpd process)
- */
-
-typedef struct {
-    pool           *pPool;
-    BOOL            bFixed;
-    int             nInitCount;
-    int             nSessionCacheMode;
-    char           *szSessionCacheDataFile;
-    int             nSessionCacheDataSize;
-    AP_MM          *pSessionCacheDataMM;
-    table_t        *tSessionCacheDataTable;
-    ssl_mutexmode_t nMutexMode;
-    char           *szMutexFile;
-    int             nMutexFD;
-    int             nMutexSEMID;
-    array_header   *aRandSeed;
-    ssl_ds_table   *tTmpKeys;
-    void           *pTmpKeys[SSL_TKPIDX_MAX];
-    ssl_ds_table   *tPublicCert;
-    ssl_ds_table   *tPrivateKey;
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    char           *szCryptoDevice;
-#endif
-    struct {
-        void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
-    } rCtx;
-#ifdef SSL_VENDOR
-    ap_ctx         *ctx;
-#endif
-} SSLModConfigRec;
-
-/*
- * Define the mod_ssl per-server configuration structure
- * (i.e. the configuration for the main server
- *  and all  contexts)
- */
-typedef struct {
-    BOOL         bEnabled;
-    BOOL         bCompression;
-    char        *szPublicCertFile[SSL_AIDX_MAX];
-    char        *szPrivateKeyFile[SSL_AIDX_MAX];
-    char        *szCertificateChain;
-    char        *szCACertificatePath;
-    char        *szCACertificateFile;
-    char        *szLogFile;
-    char        *szCipherSuite;
-    int          nECDHCurve;
-    BOOL         bHonorCipherOrder;
-    FILE        *fileLogFile;
-    int          nLogLevel;
-    int          nVerifyDepth;
-    ssl_verify_t nVerifyClient;
-    X509        *pPublicCert[SSL_AIDX_MAX];
-    EVP_PKEY    *pPrivateKey[SSL_AIDX_MAX];
-    SSL_CTX     *pSSLCtx;
-    int          nSessionCacheTimeout;
-    int          nPassPhraseDialogType;
-    char        *szPassPhraseDialogPath;
-    ssl_proto_t  nProtocol;
-    char        *szCARevocationPath;
-    char        *szCARevocationFile;
-    X509_STORE  *pRevocationStore;
-#ifdef SSL_EXPERIMENTAL_PROXY
-    /* Configuration details for proxy operation */
-    ssl_proto_t  nProxyProtocol;
-    int          bProxyVerify;
-    int          nProxyVerifyDepth;
-    char        *szProxyCACertificatePath;
-    char        *szProxyCACertificateFile;
-    char        *szProxyClientCertificateFile;
-    char        *szProxyClientCertificatePath;
-    char        *szProxyCipherSuite;
-    SSL_CTX     *pSSLProxyCtx;
-    STACK_OF(X509_INFO) *skProxyClientCerts;
-#endif
-#ifdef SSL_VENDOR
-    ap_ctx      *ctx;
-#endif
-} SSLSrvConfigRec;
-
-/*
- * Define the mod_ssl per-directory configuration structure
- * (i.e. the local configuration for all 
- *  and .htaccess contexts)
- */
-typedef struct {
-    BOOL          bSSLRequired;
-    array_header *aRequirement;
-    ssl_opt_t     nOptions;
-    ssl_opt_t     nOptionsAdd;
-    ssl_opt_t     nOptionsDel;
-    char         *szCipherSuite;
-    ssl_verify_t  nVerifyClient;
-    int           nVerifyDepth;
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    char         *szCACertificatePath;
-    char         *szCACertificateFile;
-#endif
-#ifdef SSL_VENDOR
-    ap_ctx       *ctx;
-#endif
-} SSLDirConfigRec;
-
-/*
- *  function prototypes
- */
-
-/*  API glue structures  */
-extern module MODULE_VAR_EXPORT ssl_module;
-
-/*  configuration handling   */
-void         ssl_config_global_create(void);
-void         ssl_config_global_fix(void);
-BOOL         ssl_config_global_isfixed(void);
-void        *ssl_config_server_create(pool *, server_rec *);
-void        *ssl_config_server_merge(pool *, void *, void *);
-void        *ssl_config_perdir_create(pool *, char *);
-void        *ssl_config_perdir_merge(pool *, void *, void *);
-const char  *ssl_cmd_SSLMutex(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLPassPhraseDialog(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, char *, char *, char *, char *);
-const char  *ssl_cmd_SSLEngine(cmd_parms *, char *, int);
-const char  *ssl_cmd_SSLCompression(cmd_parms *, char *, int);
-const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLECDHCurve(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLHonorCipherOrder(cmd_parms *, char *, int);
-const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLCACertificatePath(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLCACertificateFile(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLCARevocationPath(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLCARevocationFile(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLVerifyClient(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLVerifyDepth(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLSessionCache(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLLog(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLLogLevel(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProtocol(cmd_parms *, char *, const char *);
-const char  *ssl_cmd_SSLOptions(cmd_parms *, SSLDirConfigRec *, const char *);
-const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, SSLDirConfigRec *, char *);
-const char  *ssl_cmd_SSLRequire(cmd_parms *, SSLDirConfigRec *, char *);
-#ifdef SSL_EXPERIMENTAL_PROXY
-const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, char *, const char *);
-const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, char *, int);
-const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyCACertificateFile(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, char *, char *);
-const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, char *, char *);
-#endif
-
-/*  module initialization  */
-void         ssl_init_Module(server_rec *, pool *);
-void         ssl_init_SSLLibrary(void);
-void         ssl_init_Engine(server_rec *, pool *);
-void         ssl_init_TmpKeysHandle(int, server_rec *, pool *);
-void         ssl_init_ConfigureServer(server_rec *, pool *, SSLSrvConfigRec *);
-void         ssl_init_CheckServers(server_rec *, pool *);
-STACK_OF(X509_NAME) 
-            *ssl_init_FindCAList(server_rec *, pool *, char *, char *);
-void         ssl_init_Child(server_rec *, pool *);
-void         ssl_init_ChildKill(void *);
-void         ssl_init_ModuleKill(void *);
-
-/*  Apache API hooks  */
-void         ssl_hook_AddModule(module *);
-void         ssl_hook_RemoveModule(module *);
-char        *ssl_hook_RewriteCommand(cmd_parms *, void *, const char *);
-void         ssl_hook_NewConnection(conn_rec *);
-void         ssl_hook_TimeoutConnection(int);
-void         ssl_hook_CloseConnection(conn_rec *);
-int          ssl_hook_Translate(request_rec *);
-int          ssl_hook_Auth(request_rec *);
-int          ssl_hook_UserCheck(request_rec *);
-int          ssl_hook_Access(request_rec *);
-int          ssl_hook_Fixup(request_rec *);
-int          ssl_hook_ReadReq(request_rec *);
-int          ssl_hook_Handler(request_rec *);
-
-/*  OpenSSL callbacks */
-RSA         *ssl_callback_TmpRSA(SSL *, int, int);
-DH          *ssl_callback_TmpDH(SSL *, int, int);
-int          ssl_callback_SSLVerify(int, X509_STORE_CTX *);
-int          ssl_callback_SSLVerify_CRL(int, X509_STORE_CTX *, server_rec *);
-int          ssl_callback_NewSessionCacheEntry(SSL *, SSL_SESSION *);
-SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *);
-void         ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *);
-void         ssl_callback_LogTracingState(const SSL *, int, int);
-
-/*  Session Cache Support  */
-void         ssl_scache_init(server_rec *, pool *);
-void         ssl_scache_kill(server_rec *);
-BOOL         ssl_scache_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_expire(server_rec *);
-void         ssl_scache_status(server_rec *, pool *, void (*)(char *, void *), void *);
-char        *ssl_scache_id2sz(UCHAR *, int);
-void         ssl_scache_dbm_init(server_rec *, pool *);
-void         ssl_scache_dbm_kill(server_rec *);
-BOOL         ssl_scache_dbm_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_dbm_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_dbm_expire(server_rec *);
-void         ssl_scache_dbm_status(server_rec *, pool *, void (*)(char *, void *), void *);
-void         ssl_scache_shmht_init(server_rec *, pool *);
-void         ssl_scache_shmht_kill(server_rec *);
-BOOL         ssl_scache_shmht_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_shmht_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_shmht_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_shmht_expire(server_rec *);
-void         ssl_scache_shmht_status(server_rec *, pool *, void (*)(char *, void *), void *);
-void         ssl_scache_shmcb_init(server_rec *, pool *);
-void         ssl_scache_shmcb_kill(server_rec *);
-BOOL         ssl_scache_shmcb_store(server_rec *, UCHAR *, int, time_t, SSL_SESSION *);
-SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *, UCHAR *, int);
-void         ssl_scache_shmcb_remove(server_rec *, UCHAR *, int);
-void         ssl_scache_shmcb_expire(server_rec *);
-void         ssl_scache_shmcb_status(server_rec *, pool *, void (*)(char *, void *), void *);
-
-/*  Pass Phrase Support  */
-void         ssl_pphrase_Handle(server_rec *, pool *);
-int          ssl_pphrase_Handle_CB(char *, int, int);
-
-/*  Diffie-Hellman Parameter Support  */
-DH           *ssl_dh_GetTmpParam(int);
-DH           *ssl_dh_GetParamFromFile(char *);
-
-/*  Data Structures */
-ssl_ds_array *ssl_ds_array_make(pool *, int);
-BOOL          ssl_ds_array_isempty(ssl_ds_array *);
-void         *ssl_ds_array_push(ssl_ds_array *);
-void         *ssl_ds_array_get(ssl_ds_array *, int);
-void          ssl_ds_array_wipeout(ssl_ds_array *);
-void          ssl_ds_array_kill(ssl_ds_array *);
-ssl_ds_table *ssl_ds_table_make(pool *, int);
-BOOL          ssl_ds_table_isempty(ssl_ds_table *);
-void         *ssl_ds_table_push(ssl_ds_table *, char *);
-void         *ssl_ds_table_get(ssl_ds_table *, char *);
-void          ssl_ds_table_wipeout(ssl_ds_table *);
-void          ssl_ds_table_kill(ssl_ds_table *);
-
-/*  Mutex Support  */
-void         ssl_mutex_init(server_rec *, pool *);
-void         ssl_mutex_reinit(server_rec *, pool *);
-void         ssl_mutex_on(server_rec *);
-void         ssl_mutex_off(server_rec *);
-void         ssl_mutex_kill(server_rec *s);
-void         ssl_mutex_file_create(server_rec *, pool *);
-void         ssl_mutex_file_open(server_rec *, pool *);
-void         ssl_mutex_file_remove(void *);
-BOOL         ssl_mutex_file_acquire(void);
-BOOL         ssl_mutex_file_release(void);
-void         ssl_mutex_sem_create(server_rec *, pool *);
-void         ssl_mutex_sem_open(server_rec *, pool *);
-void         ssl_mutex_sem_remove(void *);
-BOOL         ssl_mutex_sem_acquire(void);
-BOOL         ssl_mutex_sem_release(void);
-
-/*  Logfile Support  */
-void         ssl_log_open(server_rec *, server_rec *, pool *);
-BOOL         ssl_log_applies(server_rec *, int);
-void         ssl_log(server_rec *, int, const char *, ...);
-void         ssl_die(void);
-
-/*  Variables  */
-void         ssl_var_register(void);
-void         ssl_var_unregister(void);
-char        *ssl_var_lookup(pool *, server_rec *, conn_rec *, request_rec *, char *);
-
-/*  I/O  */
-void         ssl_io_register(void);
-void         ssl_io_unregister(void);
-long         ssl_io_data_cb(BIO *, int, const char *, int, long, long);
-#ifndef SSL_CONSERVATIVE
-void         ssl_io_suck(request_rec *, SSL *);
-#endif
-
-/*  PRNG  */
-int          ssl_rand_seed(server_rec *, pool *, ssl_rsctx_t, char *);
-
-/*  Extensions  */
-void         ssl_ext_register(void);
-void         ssl_ext_unregister(void);
-
-/*  Compatibility  */
-#ifdef SSL_COMPAT
-char        *ssl_compat_directive(server_rec *, pool *, const char *);
-void         ssl_compat_variables(request_rec *);
-#endif
-
-/*  Utility Functions  */
-char        *ssl_util_server_root_relative(pool *, char *, char *);
-char        *ssl_util_vhostid(pool *, server_rec *);
-FILE        *ssl_util_ppopen(server_rec *, pool *, char *);
-int          ssl_util_ppopen_child(void *, child_info *);
-void         ssl_util_ppclose(server_rec *, pool *, FILE *);
-char        *ssl_util_readfilter(server_rec *, pool *, char *);
-BOOL         ssl_util_path_check(ssl_pathcheck_t, char *);
-ssl_algo_t   ssl_util_algotypeof(X509 *, EVP_PKEY *); 
-char        *ssl_util_algotypestr(ssl_algo_t);
-char        *ssl_util_ptxtsub(pool *, const char *, const char *, char *);
-void         ssl_util_thread_setup(void);
-void         ssl_util_thread_cleanup(void);
-
-/*  Vendor extension support  */
-#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
-void         ssl_vendor_register(void);
-void         ssl_vendor_unregister(void);
-#endif
-
-#endif /* MOD_SSL_H */
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_compat.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_compat.c
deleted file mode 100644
index 691ca13b54f..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_compat.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_compat.c
-**  Backward Compatibility
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                             /* ``Backward compatibility is for
-                                  users who don't want to live
-                                  on the bleeding edge.''
-                                            -- Unknown          */
-#ifdef SSL_COMPAT
-
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Backward Compatibility
-**  _________________________________________________________________
-*/
-
-/*
- * The mapping of obsolete directives to official ones...
- */
-
-static char *ssl_compat_RequireSSL(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSLSessionLockFile(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSLCacheDisable(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSLRequireCipher(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSLBanCipher(pool *, const char *, const char *, const char *);
-static char *ssl_compat_SSL_SessionDir(pool *, const char *, const char *, const char *);
-static char *ssl_compat_words2list(pool *, const char *);
-
-#define CRM_BEGIN              /* nop */
-#define CRM_ENTRY(what,action) { what, action },
-#define CRM_END                { NULL, NULL, NULL, NULL, NULL, NULL }
-#define CRM_CMD(cmd)           cmd, NULL, NULL
-#define CRM_STR(str)           NULL, str, NULL
-#define CRM_PAT(cmd)           NULL, NULL, pat
-#define CRM_LOG(msg)           msg, NULL, NULL
-#define CRM_SUB(new)           NULL, new, NULL
-#define CRM_CAL(fct)           NULL, NULL, fct
-
-static struct {
-    char *cpCommand;
-    char *cpSubstring;
-    char *cpPattern;
-    char *cpMessage;
-    char *cpSubst;
-    char *(*fpSubst)(pool *, const char *, const char *, const char *);
-} ssl_cmd_rewrite_map[] = {
-    CRM_BEGIN
-
-    /*
-     * Apache-SSL 1.x & mod_ssl 2.0.x backward compatibility
-     */
-    CRM_ENTRY( CRM_CMD("SSLEnable"),                   CRM_SUB("SSLEngine on")                )
-    CRM_ENTRY( CRM_CMD("SSLDisable"),                  CRM_SUB("SSLEngine off")               )
-    CRM_ENTRY( CRM_CMD("SSLLogFile"),                  CRM_SUB("SSLLog")                      )
-    CRM_ENTRY( CRM_CMD("SSLRequiredCiphers"),          CRM_SUB("SSLCipherSuite")              )
-    CRM_ENTRY( CRM_CMD("SSLRequireCipher"),            CRM_CAL(ssl_compat_SSLRequireCipher)   )
-    CRM_ENTRY( CRM_CMD("SSLBanCipher"),                CRM_CAL(ssl_compat_SSLBanCipher)       )
-    CRM_ENTRY( CRM_CMD("SSLFakeBasicAuth"),            CRM_SUB("SSLOptions +FakeBasicAuth")   )
-    CRM_ENTRY( CRM_CMD("SSLCacheServerPath"),          CRM_LOG("Use SSLSessionCache instead") )
-    CRM_ENTRY( CRM_CMD("SSLCacheServerPort"),          CRM_LOG("Use SSLSessionCache instead") )
-
-    /*
-     * Apache-SSL 1.x backward compatibility
-     */
-    CRM_ENTRY( CRM_CMD("SSLExportClientCertificates"), CRM_SUB("SSLOptions +ExportCertData")  )
-    CRM_ENTRY( CRM_CMD("SSLCacheServerRunDir"),        CRM_LOG("Not needed for mod_ssl")      )
-
-    /*
-     * Sioux 1.x backward compatibility
-     */
-    CRM_ENTRY( CRM_CMD("SSL_CertFile"),            CRM_SUB("SSLCertificateFile")              )
-    CRM_ENTRY( CRM_CMD("SSL_KeyFile"),             CRM_SUB("SSLCertificateKeyFile")           )
-    CRM_ENTRY( CRM_CMD("SSL_CipherSuite"),         CRM_SUB("SSLCipherSuite")                  )
-    CRM_ENTRY( CRM_CMD("SSL_X509VerifyDir"),       CRM_SUB("SSLCACertificatePath")            )
-    CRM_ENTRY( CRM_CMD("SSL_Log"),                 CRM_SUB("SSLLogFile")                      )
-    CRM_ENTRY( CRM_CMD("SSL_Connect"),             CRM_SUB("SSLEngine")                       )
-    CRM_ENTRY( CRM_CMD("SSL_ClientAuth"),          CRM_SUB("SSLVerifyClient")                 )
-    CRM_ENTRY( CRM_CMD("SSL_X509VerifyDepth"),     CRM_SUB("SSLVerifyDepth")                  )
-    CRM_ENTRY( CRM_CMD("SSL_FetchKeyPhraseFrom"),  CRM_LOG("Use SSLPassPhraseDialog instead") )
-    CRM_ENTRY( CRM_CMD("SSL_SessionDir"),          CRM_CAL(ssl_compat_SSL_SessionDir)         )
-    CRM_ENTRY( CRM_CMD("SSL_Require"),             CRM_LOG("Use SSLRequire instead (Syntax!)"))
-    CRM_ENTRY( CRM_CMD("SSL_CertFileType"),        CRM_LOG("Not supported by mod_ssl")        )
-    CRM_ENTRY( CRM_CMD("SSL_KeyFileType"),         CRM_LOG("Not supported by mod_ssl")        )
-    CRM_ENTRY( CRM_CMD("SSL_X509VerifyPolicy"),    CRM_LOG("Not supported by mod_ssl")        )
-    CRM_ENTRY( CRM_CMD("SSL_LogX509Attributes"),   CRM_LOG("Not supported by mod_ssl")        )
-
-    /*
-     * Stronghold 2.x backward compatibility
-     */
-    CRM_ENTRY( CRM_CMD("StrongholdAccelerator"),     CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("StrongholdKey"),             CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("StrongholdLicenseFile"),     CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLFlag"),                   CRM_SUB("SSLEngine")                     )
-    CRM_ENTRY( CRM_CMD("SSLClientCAfile"),           CRM_SUB("SSLCACertificateFile")          )
-    CRM_ENTRY( CRM_CMD("SSLSessionLockFile"),        CRM_CAL(ssl_compat_SSLSessionLockFile)   )
-    CRM_ENTRY( CRM_CMD("SSLCacheDisable"),           CRM_CAL(ssl_compat_SSLCacheDisable)      )
-    CRM_ENTRY( CRM_CMD("RequireSSL"),                CRM_CAL(ssl_compat_RequireSSL)           )
-    CRM_ENTRY( CRM_CMD("SSLCipherList"),             CRM_SUB("SSLCipherSuite")                )
-    CRM_ENTRY( CRM_CMD("SSLErrorFile"),              CRM_LOG("Not needed for mod_ssl")        )
-    CRM_ENTRY( CRM_CMD("SSLRoot"),                   CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSL_CertificateLogDir"),     CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("AuthCertDir"),               CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSL_Group"),                 CRM_LOG("Not supported by mod_ssl")      )
-#ifndef SSL_EXPERIMENTAL_PROXY
-    CRM_ENTRY( CRM_CMD("SSLProxyMachineCertPath"),   CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyMachineCertFile"),   CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyCACertificatePath"), CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyCACertificateFile"), CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyVerifyDepth"),       CRM_LOG("Not supported by mod_ssl")      )
-    CRM_ENTRY( CRM_CMD("SSLProxyCipherList"),        CRM_LOG("Not supported by mod_ssl")      )
-#else
-    CRM_ENTRY( CRM_CMD("SSLProxyCipherList"),        CRM_SUB("SSLProxyCipherSuite")           )
-#endif
-
-    CRM_END
-};
-
-static char *ssl_compat_RequireSSL(
-    pool *p, const char *oline, const char *cmd, const char *args)
-{
-    char *cp;
-    
-    for (cp = (char *)args; ap_isspace(*cp); cp++)
-        ;
-    if (strcEQ(cp, "on"))
-        return "SSLRequireSSL";
-    return "";
-}
-
-static char *ssl_compat_SSLSessionLockFile(
-    pool *p, const char *oline, const char *cmd, const char *args)
-{
-    char *cp;
-
-    for (cp = (char *)args; ap_isspace(*cp); cp++)
-        ;
-    return ap_pstrcat(p, "SSLMutex file:", cp, NULL);
-}
-
-static char *ssl_compat_SSLCacheDisable(
-    pool *p, const char *oline, const char *cmd, const char *args)
-{
-    char *cp;
-
-    for (cp = (char *)args; ap_isspace(*cp); cp++)
-        ;
-    if (strcEQ(cp, "on"))
-        return "SSLSessionCache none";
-    return "";
-}
-
-static char *ssl_compat_SSLRequireCipher(pool *p, const char *oline, const char *cmd, const char *args)
-{
-    return ap_pstrcat(p, "SSLRequire %{SSL_CIPHER} in {",
-                          ssl_compat_words2list(p, args),
-                          "}", NULL);
-}
-
-static char *ssl_compat_SSLBanCipher(pool *p, const char *oline, const char *cmd, const char *args)
-{
-    return ap_pstrcat(p, "SSLRequire not (%{SSL_CIPHER} in {",
-                          ssl_compat_words2list(p, args),
-                          "})", NULL);
-}
-
-static char *ssl_compat_SSL_SessionDir(
-    pool *p, const char *oline, const char *cmd, const char *args)
-{
-    char *cp;
-   
-    for (cp = (char *)args; ap_isspace(*cp); cp++)
-        ;
-    return ap_pstrcat(p, "SSLSessionCache dir:", cp, NULL);
-}
-
-static char *ssl_compat_words2list(pool *p, const char *oline)
-{
-    char *line;
-    char *cpB;
-    char *cpE;
-    char *cpI;
-    char *cpO;
-    char n;
-
-    /*
-     * Step 1: Determine borders
-     */
-    cpB = (char *)oline;
-    while (*cpB == ' ' || *cpB == '\t')
-       cpB++;
-    cpE = cpB+strlen(cpB);
-    while (cpE > cpB && (*(cpE-1) == ' ' || *(cpE-1) == '\t'))
-        cpE--;
-
-    /*
-     * Step 2: Determine final size and allocate buffer
-     */
-    for (cpI = cpB, n = 1; cpI < cpE; cpI++)
-        if ((*cpI == ' ' || *cpI == '\t') &&
-            (cpI > cpB && *(cpI-1) != ' ' && *(cpI-1) != '\t'))
-            n++;
-    line = ap_palloc(p, (cpE-cpB)+(n*2)+n+1);
-    cpI = cpB;
-    cpO = line;
-    while (cpI < cpE) {
-        if (   (*cpI != ' ' && *cpI != '\t')
-            && (   cpI == cpB
-                || (   cpI > cpB
-                    && (*(cpI-1) == ' ' || *(cpI-1) == '\t')))) {
-            *cpO++ = '"';
-            *cpO++ = *cpI++;
-        }
-        else if (   (*cpI == ' ' || *cpI == '\t')
-                 && (   cpI > cpB
-                     && (*(cpI-1) != ' ' && *(cpI-1) != '\t'))) {
-            *cpO++ = '"';
-            *cpO++ = ',';
-            *cpO++ = *cpI++;
-        }
-        else {
-            *cpO++ = *cpI++;
-        }
-    }
-    if (cpI > cpB && (*(cpI-1) != ' ' && *(cpI-1) != '\t'))
-        *cpO++ = '"';
-    *cpO++ = NUL;
-    return line;
-}
-
-char *ssl_compat_directive(server_rec *s, pool *p, const char *oline)
-{
-    int i;
-    char *line;
-    char *cp;
-    char caCmd[1024];
-    char *cpArgs;
-    int match;
-
-    /*
-     * Skip comment lines
-     */
-    cp = (char *)oline;
-    while ((*cp == ' ' || *cp == '\t' || *cp == '\n') && (*cp != NUL))
-        cp++;
-    if (*cp == '#' || *cp == NUL)
-        return NULL;
-
-    /*
-     * Extract directive name
-     */
-    cp = (char *)oline;
-    for (i = 0; *cp != ' ' && *cp != '\t' && *cp != NUL &&
-		i < sizeof(caCmd) - 1; )
-        caCmd[i++] = *cp++;
-    caCmd[i] = NUL;
-    cpArgs = cp;
-
-    /*
-     * Apply rewriting map
-     */
-    line = NULL;
-    for (i = 0; !(ssl_cmd_rewrite_map[i].cpCommand == NULL &&
-                  ssl_cmd_rewrite_map[i].cpPattern == NULL   ); i++) {
-        /*
-         * Matching
-         */
-        match = FALSE;
-        if (ssl_cmd_rewrite_map[i].cpCommand != NULL) {
-            if (strcEQ(ssl_cmd_rewrite_map[i].cpCommand, caCmd))
-                match = TRUE;
-        }
-        else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL) {
-            if (strstr(oline, ssl_cmd_rewrite_map[i].cpSubstring) != NULL)
-                match = TRUE;
-        }
-        else if (ssl_cmd_rewrite_map[i].cpPattern != NULL) {
-            if (ap_fnmatch(ssl_cmd_rewrite_map[i].cpPattern, oline, 0))
-                match = TRUE;
-        }
-
-        /*
-         * Action Processing
-         */
-        if (match) {
-            if (ssl_cmd_rewrite_map[i].cpMessage != NULL) {
-                ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, s,
-                             "mod_ssl:Compat: OBSOLETE '%s' => %s",
-                             oline, ssl_cmd_rewrite_map[i].cpMessage);
-                line = "";
-                break;
-            }
-            else if (ssl_cmd_rewrite_map[i].cpSubst != NULL) {
-                if (ssl_cmd_rewrite_map[i].cpCommand != NULL)
-                    line = ap_pstrcat(p, ssl_cmd_rewrite_map[i].cpSubst,
-                                      cpArgs, NULL);
-                else if (ssl_cmd_rewrite_map[i].cpSubstring != NULL)
-                    line = ssl_util_ptxtsub(p, oline, ssl_cmd_rewrite_map[i].cpSubstring,
-                                            ssl_cmd_rewrite_map[i].cpSubst);
-                else
-                    line = ssl_cmd_rewrite_map[i].cpSubst;
-                break;
-            }
-            else if (ssl_cmd_rewrite_map[i].fpSubst != NULL) {
-                line = ((char *(*)(pool *, const char *, const char *, const char *))
-                        (ssl_cmd_rewrite_map[i].fpSubst))(p, oline, caCmd, cpArgs);
-                break;
-            }
-        }
-    }
-    if (line != NULL && line[0] != NUL)
-        ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, s,
-                     "mod_ssl:Compat: MAPPED '%s' => '%s'", oline, line);
-    return line;
-}
-
-/*
- * The mapping of obsolete environment variables to official ones...
- */
-
-#define VRM_BEGIN              /* nop */
-#define VRM_ENTRY(var,action)  { var, action },
-#define VRM_END                { NULL, NULL, NULL }
-#define VRM_VAR(old)           old
-#define VRM_SUB(new)           new, NULL
-#define VRM_LOG(msg)           NULL, msg
-
-static struct {
-    char *cpOld;
-    char *cpNew;
-    char *cpMsg;
-} ssl_var_rewrite_map[] = {
-    VRM_BEGIN
-
-    /*
-     * Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.x
-     * and Stronghold 2.x backward compatibility
-     */
-    VRM_ENTRY( VRM_VAR("SSL_PROTOCOL_VERSION"),          VRM_SUB("SSL_PROTOCOL")             )
-    VRM_ENTRY( VRM_VAR("SSLEAY_VERSION"),                VRM_SUB("SSL_VERSION_LIBRARY")      )
-    VRM_ENTRY( VRM_VAR("HTTPS_SECRETKEYSIZE"),           VRM_SUB("SSL_CIPHER_USEKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("HTTPS_KEYSIZE"),                 VRM_SUB("SSL_CIPHER_ALGKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("HTTPS_CIPHER"),                  VRM_SUB("SSL_CIPHER")               )
-    VRM_ENTRY( VRM_VAR("HTTPS_EXPORT"),                  VRM_SUB("SSL_CIPHER_EXPORT")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"),           VRM_SUB("SSL_CIPHER_ALGKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATE"),        VRM_SUB("SSL_SERVER_CERT")          )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_START"),         VRM_SUB("SSL_SERVER_V_START")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_END"),           VRM_SUB("SSL_SERVER_V_END")         )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERT_SERIAL"),        VRM_SUB("SSL_SERVER_M_SERIAL")      )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_SERVER_A_SIG")         )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_DN"),                 VRM_SUB("SSL_SERVER_S_DN")          )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CN"),                 VRM_SUB("SSL_SERVER_S_DN_CN")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_EMAIL"),              VRM_SUB("SSL_SERVER_S_DN_Email")    )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_O"),                  VRM_SUB("SSL_SERVER_S_DN_O")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_OU"),                 VRM_SUB("SSL_SERVER_S_DN_OU")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_C"),                  VRM_SUB("SSL_SERVER_S_DN_C")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_SP"),                 VRM_SUB("SSL_SERVER_S_DN_SP")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_L"),                  VRM_SUB("SSL_SERVER_S_DN_L")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IDN"),                VRM_SUB("SSL_SERVER_I_DN")          )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_ICN"),                VRM_SUB("SSL_SERVER_I_DN_CN")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IEMAIL"),             VRM_SUB("SSL_SERVER_I_DN_Email")    )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IO"),                 VRM_SUB("SSL_SERVER_I_DN_O")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IOU"),                VRM_SUB("SSL_SERVER_I_DN_OU")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IC"),                 VRM_SUB("SSL_SERVER_I_DN_C")        )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_ISP"),                VRM_SUB("SSL_SERVER_I_DN_SP")       )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_IL"),                 VRM_SUB("SSL_SERVER_I_DN_L")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERTIFICATE"),        VRM_SUB("SSL_CLIENT_CERT")          )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_START"),         VRM_SUB("SSL_CLIENT_V_START")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_END"),           VRM_SUB("SSL_CLIENT_V_END")         )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CERT_SERIAL"),        VRM_SUB("SSL_CLIENT_M_SERIAL")      )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_SIGNATURE_ALGORITHM"),VRM_SUB("SSL_CLIENT_A_SIG")         )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_DN"),                 VRM_SUB("SSL_CLIENT_S_DN")          )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_CN"),                 VRM_SUB("SSL_CLIENT_S_DN_CN")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_EMAIL"),              VRM_SUB("SSL_CLIENT_S_DN_Email")    )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_O"),                  VRM_SUB("SSL_CLIENT_S_DN_O")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_OU"),                 VRM_SUB("SSL_CLIENT_S_DN_OU")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_C"),                  VRM_SUB("SSL_CLIENT_S_DN_C")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_SP"),                 VRM_SUB("SSL_CLIENT_S_DN_SP")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_L"),                  VRM_SUB("SSL_CLIENT_S_DN_L")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IDN"),                VRM_SUB("SSL_CLIENT_I_DN")          )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_ICN"),                VRM_SUB("SSL_CLIENT_I_DN_CN")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IEMAIL"),             VRM_SUB("SSL_CLIENT_I_DN_Email")    )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IO"),                 VRM_SUB("SSL_CLIENT_I_DN_O")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IOU"),                VRM_SUB("SSL_CLIENT_I_DN_OU")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IC"),                 VRM_SUB("SSL_CLIENT_I_DN_C")        )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_ISP"),                VRM_SUB("SSL_CLIENT_I_DN_SP")       )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_IL"),                 VRM_SUB("SSL_CLIENT_I_DN_L")        )
-    VRM_ENTRY( VRM_VAR("SSL_EXPORT"),                    VRM_SUB("SSL_CIPHER_EXPORT")        )
-    VRM_ENTRY( VRM_VAR("SSL_KEYSIZE"),                   VRM_SUB("SSL_CIPHER_ALGKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("SSL_SECRETKEYSIZE"),             VRM_SUB("SSL_CIPHER_USEKEYSIZE")    )
-    VRM_ENTRY( VRM_VAR("SSL_SSLEAY_VERSION"),            VRM_SUB("SSL_VERSION_LIBRARY")      )
-
-    VRM_ENTRY( VRM_VAR("SSL_STRONG_CRYPTO"),             VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_EXP"),            VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_SIZE"),           VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEY_ALGORITHM"),      VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_SESSIONDIR"),         VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTIFICATELOGDIR"),  VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_CERTFILE"),           VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILE"),            VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_SERVER_KEYFILETYPE"),        VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_EXP"),            VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_ALGORITHM"),      VRM_LOG("Not supported by mod_ssl") )
-    VRM_ENTRY( VRM_VAR("SSL_CLIENT_KEY_SIZE"),           VRM_LOG("Not supported by mod_ssl") )
-
-    VRM_END
-};
-
-void ssl_compat_variables(request_rec *r)
-{
-    char *cpOld;
-    char *cpNew;
-    char *cpMsg;
-    char *cpVal;
-    int i;
-
-    for (i = 0; ssl_var_rewrite_map[i].cpOld != NULL; i++) {
-        cpOld = ssl_var_rewrite_map[i].cpOld;
-        cpMsg = ssl_var_rewrite_map[i].cpMsg;
-        cpNew = ssl_var_rewrite_map[i].cpNew;
-        if (cpNew != NULL) {
-            cpVal = ssl_var_lookup(r->pool, r->server, r->connection, r, cpNew);
-            if (!strIsEmpty(cpVal))
-                ap_table_set(r->subprocess_env, cpOld, cpVal);
-        }
-        else if (cpMsg != NULL) {
-#ifdef SSL_VENDOR
-           /*
-            * something that isn't provided by mod_ssl, so at least
-            * let vendor extensions provide a reasonable value first.
-            */
-            cpVal = NULL;
-            ap_hook_use("ap::mod_ssl::vendor::compat_variables_lookup",
-                        AP_HOOK_SIG3(ptr,ptr,ptr),
-                        AP_HOOK_DECLINE(NULL),
-                        &cpVal, r, cpOld);
-            if (cpVal != NULL) {
-                ap_table_set(r->subprocess_env, cpOld, cpVal);
-                continue;
-            }
-#endif
-
-            /*
-             * we cannot print a message, so we set at least
-             * the variables content to the compat message
-             */
-            ap_table_set(r->subprocess_env, cpOld, cpMsg);
-        }
-    }
-    return;
-}
-
-#endif /* SSL_COMPAT */
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
deleted file mode 100644
index 2bda3964065..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_config.c
+++ /dev/null
@@ -1,1125 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_config.c
-**  Apache Configuration Directives
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                                      /* ``Damned if you do,
-                                           damned if you don't.''
-                                               -- Unknown        */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Support for Global Configuration
-**  _________________________________________________________________
-*/
-
-void ssl_hook_AddModule(module *m)
-{
-    if (m == &ssl_module) {
-        /*
-         * Announce us for the configuration files
-         */
-        ap_add_config_define("MOD_SSL");
-
-        /*
-         * Link ourself into the Apache kernel
-         */
-        ssl_var_register();
-        ssl_ext_register();
-        ssl_io_register();
-#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
-        ssl_vendor_register();
-#endif
-    }
-    return;
-}
-
-void ssl_hook_RemoveModule(module *m)
-{
-    if (m == &ssl_module) {
-        /*
-         * Unlink ourself from the Apache kernel
-         */
-        ssl_var_unregister();
-        ssl_ext_unregister();
-        ssl_io_unregister();
-#if defined(SSL_VENDOR) && defined(SSL_VENDOR_OBJS)
-        ssl_vendor_unregister();
-#endif
-    }
-    return;
-}
-
-void ssl_config_global_create(void)
-{
-    pool *pPool;
-    SSLModConfigRec *mc;
-
-    mc = ap_ctx_get(ap_global_ctx, "ssl_module");
-    if (mc == NULL) {
-        /*
-         * allocate an own subpool which survives server restarts
-         */
-        pPool = ap_make_sub_pool(NULL);
-        mc = (SSLModConfigRec *)ap_palloc(pPool, sizeof(SSLModConfigRec));
-        mc->pPool = pPool;
-        mc->bFixed = FALSE;
-
-        /*
-         * initialize per-module configuration
-         */
-        mc->nInitCount             = 0;
-        mc->nSessionCacheMode      = SSL_SCMODE_UNSET;
-        mc->szSessionCacheDataFile = NULL;
-        mc->nSessionCacheDataSize  = 0;
-        mc->pSessionCacheDataMM    = NULL;
-        mc->tSessionCacheDataTable = NULL;
-        mc->nMutexMode             = SSL_MUTEXMODE_UNSET;
-        mc->szMutexFile            = NULL;
-        mc->nMutexFD               = -1;
-        mc->nMutexSEMID            = -1;
-        mc->aRandSeed              = ap_make_array(pPool, 4, sizeof(ssl_randseed_t));
-        mc->tPrivateKey            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
-        mc->tPublicCert            = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
-        mc->tTmpKeys               = ssl_ds_table_make(pPool, sizeof(ssl_asn1_t));
-#ifdef SSL_EXPERIMENTAL_ENGINE
-        mc->szCryptoDevice         = NULL;
-#endif
-
-        (void)memset(mc->pTmpKeys, 0, SSL_TKPIDX_MAX*sizeof(void *));
-
-#ifdef SSL_VENDOR
-        mc->ctx = ap_ctx_new(pPool);
-        ap_hook_use("ap::mod_ssl::vendor::config_global_create",
-                AP_HOOK_SIG2(void,ptr), AP_HOOK_MODE_ALL, mc);
-#endif
-
-        /*
-         * And push it into Apache's global context
-         */
-        ap_ctx_set(ap_global_ctx, "ssl_module", mc);
-    }
-    return;
-}
-
-void ssl_config_global_fix(void)
-{
-    SSLModConfigRec *mc = myModConfig();
-    mc->bFixed = TRUE;
-    return;
-}
-
-BOOL ssl_config_global_isfixed(void)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return (mc->bFixed);
-}
-
-
-/*  _________________________________________________________________
-**
-**  Configuration handling
-**  _________________________________________________________________
-*/
-
-/*
- *  Create per-server SSL configuration
- */
-void *ssl_config_server_create(pool *p, server_rec *s)
-{
-    SSLSrvConfigRec *sc;
-
-    ssl_config_global_create();
-
-    sc = ap_palloc(p, sizeof(SSLSrvConfigRec));
-    sc->bEnabled               = UNSET;
-    sc->bCompression           = FALSE;
-    sc->szCACertificatePath    = NULL;
-    sc->szCACertificateFile    = NULL;
-    sc->szCertificateChain     = NULL;
-    sc->szLogFile              = NULL;
-    sc->szCipherSuite          = NULL;
-    sc->nECDHCurve             = NID_X9_62_prime256v1;
-    sc->bHonorCipherOrder      = UNSET;
-    sc->nLogLevel              = SSL_LOG_NONE;
-    sc->nVerifyDepth           = UNSET;
-    sc->nVerifyClient          = SSL_CVERIFY_UNSET;
-    sc->nSessionCacheTimeout   = UNSET;
-    sc->nPassPhraseDialogType  = SSL_PPTYPE_UNSET;
-    sc->szPassPhraseDialogPath = NULL;
-    sc->nProtocol              = SSL_PROTOCOL_ALL;
-    sc->fileLogFile            = NULL;
-    sc->pSSLCtx                = NULL;
-    sc->szCARevocationPath     = NULL;
-    sc->szCARevocationFile     = NULL;
-    sc->pRevocationStore       = NULL;
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-    sc->nProxyVerifyDepth             = UNSET;
-    sc->szProxyCACertificatePath      = NULL;
-    sc->szProxyCACertificateFile      = NULL;
-    sc->szProxyClientCertificateFile  = NULL;
-    sc->szProxyClientCertificatePath  = NULL;
-    sc->szProxyCipherSuite            = NULL;
-    sc->nProxyProtocol                = SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_TLSV1;
-    sc->bProxyVerify                  = UNSET;
-    sc->pSSLProxyCtx                  = NULL;
-#endif
-
-    (void)memset(sc->szPublicCertFile, 0, SSL_AIDX_MAX*sizeof(char *));
-    (void)memset(sc->szPrivateKeyFile, 0, SSL_AIDX_MAX*sizeof(char *));
-    (void)memset(sc->pPublicCert, 0, SSL_AIDX_MAX*sizeof(X509 *));
-    (void)memset(sc->pPrivateKey, 0, SSL_AIDX_MAX*sizeof(EVP_PKEY *));
-
-#ifdef SSL_VENDOR
-    sc->ctx = ap_ctx_new(p);
-    ap_hook_use("ap::mod_ssl::vendor::config_server_create",
-                AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-                p, s, sc);
-#endif
-
-    return sc;
-}
-
-/*
- *  Merge per-server SSL configurations
- */
-void *ssl_config_server_merge(pool *p, void *basev, void *addv)
-{
-    SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev;
-    SSLSrvConfigRec *add  = (SSLSrvConfigRec *)addv;
-    SSLSrvConfigRec *new  = (SSLSrvConfigRec *)ap_palloc(p, sizeof(SSLSrvConfigRec));
-    int i;
-
-    cfgMergeBool(bEnabled);
-    cfgMergeBool(bCompression);
-    cfgMergeString(szCACertificatePath);
-    cfgMergeString(szCACertificateFile);
-    cfgMergeString(szCertificateChain);
-    cfgMergeString(szLogFile);
-    cfgMergeString(szCipherSuite);
-    cfgMerge(nECDHCurve, NID_X9_62_prime256v1);
-    cfgMergeBool(bHonorCipherOrder);
-    cfgMerge(nLogLevel, SSL_LOG_NONE);
-    cfgMergeInt(nVerifyDepth);
-    cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET);
-    cfgMergeInt(nSessionCacheTimeout);
-    cfgMerge(nPassPhraseDialogType, SSL_PPTYPE_UNSET);
-    cfgMergeString(szPassPhraseDialogPath);
-    cfgMerge(nProtocol, SSL_PROTOCOL_ALL);
-    cfgMerge(fileLogFile, NULL);
-    cfgMerge(pSSLCtx, NULL);
-    cfgMerge(szCARevocationPath, NULL);
-    cfgMerge(szCARevocationFile, NULL);
-    cfgMerge(pRevocationStore, NULL);
-
-    for (i = 0; i < SSL_AIDX_MAX; i++) {
-        cfgMergeString(szPublicCertFile[i]);
-        cfgMergeString(szPrivateKeyFile[i]);
-        cfgMerge(pPublicCert[i], NULL);
-        cfgMerge(pPrivateKey[i], NULL);
-    }
-
-#ifdef SSL_VENDOR
-    cfgMergeCtx(ctx);
-    ap_hook_use("ap::mod_ssl::vendor::config_server_merge",
-                AP_HOOK_SIG5(void,ptr,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-                p, base, add, new);
-#endif
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-    cfgMergeInt(nProxyVerifyDepth);
-    cfgMergeString(szProxyCACertificatePath);
-    cfgMergeString(szProxyCACertificateFile);
-    cfgMergeString(szProxyClientCertificateFile);
-    cfgMergeString(szProxyClientCertificatePath);
-    cfgMergeString(szProxyCipherSuite);
-    cfgMerge(nProxyProtocol, (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_TLSV1));
-    cfgMergeBool(bProxyVerify);
-    cfgMerge(pSSLProxyCtx, NULL);
-#endif
-
-    return new;
-}
-
-/*
- *  Create per-directory SSL configuration
- */
-void *ssl_config_perdir_create(pool *p, char *dir)
-{
-    SSLDirConfigRec *dc = ap_palloc(p, sizeof(SSLDirConfigRec));
-
-    dc->bSSLRequired  = FALSE;
-    dc->aRequirement  = ap_make_array(p, 4, sizeof(ssl_require_t));
-    dc->nOptions      = SSL_OPT_NONE|SSL_OPT_RELSET;
-    dc->nOptionsAdd   = SSL_OPT_NONE;
-    dc->nOptionsDel   = SSL_OPT_NONE;
-
-    dc->szCipherSuite          = NULL;
-    dc->nVerifyClient          = SSL_CVERIFY_UNSET;
-    dc->nVerifyDepth           = UNSET;
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    dc->szCACertificatePath    = NULL;
-    dc->szCACertificateFile    = NULL;
-#endif
-
-#ifdef SSL_VENDOR
-    dc->ctx = ap_ctx_new(p);
-    ap_hook_use("ap::mod_ssl::vendor::config_perdir_create",
-                AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-                p, dir, dc);
-#endif
-
-    return dc;
-}
-
-/*
- *  Merge per-directory SSL configurations
- */
-void *ssl_config_perdir_merge(pool *p, void *basev, void *addv)
-{
-    SSLDirConfigRec *base = (SSLDirConfigRec *)basev;
-    SSLDirConfigRec *add  = (SSLDirConfigRec *)addv;
-    SSLDirConfigRec *new  = (SSLDirConfigRec *)ap_palloc(p,
-                                               sizeof(SSLDirConfigRec));
-
-    cfgMerge(bSSLRequired, FALSE);
-    cfgMergeArray(aRequirement);
-
-    if (add->nOptions & SSL_OPT_RELSET) {
-        new->nOptionsAdd = (base->nOptionsAdd & ~(add->nOptionsDel)) | add->nOptionsAdd;
-        new->nOptionsDel = (base->nOptionsDel & ~(add->nOptionsAdd)) | add->nOptionsDel;
-        new->nOptions    = (base->nOptions    & ~(new->nOptionsDel)) | new->nOptionsAdd;
-    }
-    else {
-        new->nOptions    = add->nOptions;
-        new->nOptionsAdd = add->nOptionsAdd;
-        new->nOptionsDel = add->nOptionsDel;
-    }
-
-    cfgMergeString(szCipherSuite);
-    cfgMerge(nVerifyClient, SSL_CVERIFY_UNSET);
-    cfgMergeInt(nVerifyDepth);
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    cfgMergeString(szCACertificatePath);
-    cfgMergeString(szCACertificateFile);
-#endif
-
-#ifdef SSL_VENDOR
-    cfgMergeCtx(ctx);
-    ap_hook_use("ap::mod_ssl::vendor::config_perdir_merge",
-                AP_HOOK_SIG5(void,ptr,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-                p, base, add, new);
-#endif
-
-    return new;
-}
-
-/*
- * Directive Rewriting
- */
-
-char *ssl_hook_RewriteCommand(cmd_parms *cmd, void *config, const char *cmd_line)
-{
-#ifdef SSL_COMPAT
-    return ssl_compat_directive(cmd->server, cmd->pool, cmd_line);
-#else
-    return NULL;
-#endif
-}
-
-/*
- *  Configuration functions for particular directives
- */
-
-const char *ssl_cmd_SSLMutex(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    const char *err;
-    SSLModConfigRec *mc = myModConfig();
-
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (ssl_config_global_isfixed())
-        return NULL;
-    if (strcEQ(arg, "none")) {
-        mc->nMutexMode  = SSL_MUTEXMODE_NONE;
-    }
-    else if (strlen(arg) > 5 && strcEQn(arg, "file:", 5)) {
-        mc->nMutexMode  = SSL_MUTEXMODE_FILE;
-        mc->szMutexFile = ap_psprintf(mc->pPool, "%s.%lu",
-                                      ssl_util_server_root_relative(cmd->pool, "mutex", arg+5),
-                                      (unsigned long)getpid());
-    }
-    else if (strcEQ(arg, "sem")) {
-        mc->nMutexMode  = SSL_MUTEXMODE_SEM;
-    }
-    else
-        return "SSLMutex: Invalid argument";
-    return NULL;
-}
-
-const char *ssl_cmd_SSLPassPhraseDialog(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    const char *err;
-
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (strcEQ(arg, "builtin")) {
-        sc->nPassPhraseDialogType  = SSL_PPTYPE_BUILTIN;
-        sc->szPassPhraseDialogPath = NULL;
-    }
-    else if (strlen(arg) > 5 && strEQn(arg, "exec:", 5)) {
-        sc->nPassPhraseDialogType  = SSL_PPTYPE_FILTER;
-        sc->szPassPhraseDialogPath = ssl_util_server_root_relative(cmd->pool, "dialog", arg+5);
-        if (!ssl_util_path_check(SSL_PCM_EXISTS, sc->szPassPhraseDialogPath))
-            return ap_pstrcat(cmd->pool, "SSLPassPhraseDialog: file '",
-                              sc->szPassPhraseDialogPath, "' does not exist", NULL);
-    }
-    else
-        return "SSLPassPhraseDialog: Invalid argument";
-    return NULL;
-}
-
-#ifdef SSL_EXPERIMENTAL_ENGINE
-const char *ssl_cmd_SSLCryptoDevice(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-    const char *err;
-    ENGINE *e;
-    static int loaded_engines = FALSE;
-
-    /* early loading to make sure the engines are already 
-       available for ENGINE_by_id() above... */
-    if (!loaded_engines) {
-        ENGINE_load_builtin_engines();
-        loaded_engines = TRUE;
-    }
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (strcEQ(arg, "builtin")) {
-        mc->szCryptoDevice = NULL;
-    }
-    else if ((e = ENGINE_by_id(arg)) != NULL) {
-        mc->szCryptoDevice = arg;
-        ENGINE_free(e);
-    }
-    else
-        return "SSLCryptoDevice: Invalid argument";
-    return NULL;
-}
-#endif
-
-const char *ssl_cmd_SSLRandomSeed(
-    cmd_parms *cmd, char *struct_ptr, char *arg1, char *arg2, char *arg3)
-{
-    SSLModConfigRec *mc = myModConfig();
-    const char *err;
-    ssl_randseed_t *pRS;
-
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (ssl_config_global_isfixed())
-        return NULL;
-    pRS = ap_push_array(mc->aRandSeed);
-    if (strcEQ(arg1, "startup"))
-        pRS->nCtx = SSL_RSCTX_STARTUP;
-    else if (strcEQ(arg1, "connect"))
-        pRS->nCtx = SSL_RSCTX_CONNECT;
-    else
-        return ap_pstrcat(cmd->pool, "SSLRandomSeed: "
-                          "invalid context: `", arg1, "'");
-    if (strlen(arg2) > 5 && strEQn(arg2, "file:", 5)) {
-        pRS->nSrc   = SSL_RSSRC_FILE;
-        pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2+5));
-    }
-    else if (strlen(arg2) > 5 && strEQn(arg2, "exec:", 5)) {
-        pRS->nSrc   = SSL_RSSRC_EXEC;
-        pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2+5));
-    }
-    else if (strlen(arg2) > 4 && strEQn(arg2, "egd:", 4)) {
-        pRS->nSrc   = SSL_RSSRC_EGD;
-        pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2+4));
-    }
-    else if (strcEQ(arg2, "builtin")) {
-        pRS->nSrc   = SSL_RSSRC_BUILTIN;
-        pRS->cpPath = NULL;
-    }
-    else {
-        pRS->nSrc   = SSL_RSSRC_FILE;
-        pRS->cpPath = ap_pstrdup(mc->pPool, ssl_util_server_root_relative(cmd->pool, "random", arg2));
-    }
-    if (pRS->nSrc != SSL_RSSRC_BUILTIN)
-        if (!ssl_util_path_check(SSL_PCM_EXISTS, pRS->cpPath))
-            return ap_pstrcat(cmd->pool, "SSLRandomSeed: source path '",
-                              pRS->cpPath, "' does not exist", NULL);
-    if (arg3 == NULL)
-        pRS->nBytes = 0; /* read whole file */
-    else {
-        if (pRS->nSrc == SSL_RSSRC_BUILTIN)
-            return "SSLRandomSeed: byte specification not "
-                   "allowed for builtin seed source";
-        pRS->nBytes = atoi(arg3);
-        if (pRS->nBytes < 0)
-            return "SSLRandomSeed: invalid number of bytes specified";
-    }
-    return NULL;
-}
-
-const char *ssl_cmd_SSLEngine(
-    cmd_parms *cmd, char *struct_ptr, int flag)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->bEnabled = (flag ? TRUE : FALSE);
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCompression(
-     cmd_parms *cmd, char *struct_ptr, int flag)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->bCompression = (flag ? TRUE : FALSE);
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCipherSuite(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    if (cmd->path == NULL || dc == NULL)
-        sc->szCipherSuite = arg;
-    else
-        dc->szCipherSuite = arg;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLECDHCurve(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    if (strcEQ(arg, "none")) {
-        sc->nECDHCurve = 0;
-        return NULL;
-    }
-
-    sc->nECDHCurve = OBJ_sn2nid((const char *)arg);
-    if (sc->nECDHCurve == 0) {
-        return ap_pstrcat(cmd->pool, "SSLECDHCurve: unknown named curve '",
-                          arg, "'", NULL);
-    }
-
-    return NULL;
-}
-
-const char *ssl_cmd_SSLHonorCipherOrder(
-     cmd_parms *cmd, char *struct_ptr, int flag)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->bHonorCipherOrder = (flag ? TRUE : FALSE);
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCertificateFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-    int i;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ap_server_is_chrooted() && !ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCertificateFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    for (i = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++)
-        ;
-    if (i == SSL_AIDX_MAX)
-        return ap_psprintf(cmd->pool, "SSLCertificateFile: only up to %d "
-                          "different certificates per virtual host allowed", 
-                          SSL_AIDX_MAX);
-    sc->szPublicCertFile[i] = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCertificateKeyFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-    int i;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ap_server_is_chrooted() && !ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCertificateKeyFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    for (i = 0; i < SSL_AIDX_MAX && sc->szPrivateKeyFile[i] != NULL; i++)
-        ;
-    if (i == SSL_AIDX_MAX)
-        return ap_psprintf(cmd->pool, "SSLCertificateKeyFile: only up to %d "
-                          "different private keys per virtual host allowed", 
-                          SSL_AIDX_MAX);
-    sc->szPrivateKeyFile[i] = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCertificateChainFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ap_server_is_chrooted() && !ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCertificateChainFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    ap_server_strip_chroot(cpPath, 0);
-    sc->szCertificateChain = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCACertificatePath(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCACertificatePath: directory '",
-                          cpPath, "' does not exist", NULL);
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    if (cmd->path == NULL || dc == NULL)
-        sc->szCACertificatePath = cpPath;
-    else
-        dc->szCACertificatePath = cpPath;
-#else
-    sc->szCACertificatePath = cpPath;
-#endif
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCACertificateFile(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCACertificateFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    if (cmd->path == NULL || dc == NULL)
-        sc->szCACertificateFile = cpPath;
-    else
-        dc->szCACertificateFile = cpPath;
-#else
-    sc->szCACertificateFile = cpPath;
-#endif
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCARevocationPath(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCARecocationPath: directory '",
-                          cpPath, "' does not exist", NULL);
-    sc->szCARevocationPath = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLCARevocationFile(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLCARevocationFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    sc->szCARevocationFile = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLVerifyClient(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *level)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    ssl_verify_t id;
-
-    if (strEQ(level, "0") || strcEQ(level, "none"))
-        id = SSL_CVERIFY_NONE;
-    else if (strEQ(level, "1") || strcEQ(level, "optional"))
-        id = SSL_CVERIFY_OPTIONAL;
-    else if (strEQ(level, "2") || strcEQ(level, "require"))
-        id = SSL_CVERIFY_REQUIRE;
-    else if (strEQ(level, "3") || strcEQ(level, "optional_no_ca"))
-        id = SSL_CVERIFY_OPTIONAL_NO_CA;
-    else
-        return "SSLVerifyClient: Invalid argument";
-    if (cmd->path == NULL || dc == NULL)
-        sc->nVerifyClient = id;
-    else
-        dc->nVerifyClient = id;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLVerifyDepth(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    int d;
-
-    d = atoi(arg);
-    if (d < 0)
-        return "SSLVerifyDepth: Invalid argument";
-    if (cmd->path == NULL || dc == NULL)
-        sc->nVerifyDepth = d;
-    else
-        dc->nVerifyDepth = d;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLSessionCache(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    const char *err;
-    SSLModConfigRec *mc = myModConfig();
-    char *cp, *cp2;
-    int maxsize;
-
-    if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return err;
-    if (ssl_config_global_isfixed())
-        return NULL;
-    if (strcEQ(arg, "none")) {
-        mc->nSessionCacheMode      = SSL_SCMODE_NONE;
-        mc->szSessionCacheDataFile = NULL;
-    }
-    else if (strlen(arg) > 4 && strcEQn(arg, "dbm:", 4)) {
-        mc->nSessionCacheMode      = SSL_SCMODE_DBM;
-        mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
-                                     ssl_util_server_root_relative(cmd->pool, "scache", arg+4));
-    }
-    else if (   (strlen(arg) > 4 && strcEQn(arg, "shm:",   4)) 
-             || (strlen(arg) > 6 && strcEQn(arg, "shmht:", 6))) {
-        if (!ap_mm_useable())
-            return "SSLSessionCache: shared memory cache not useable on this platform";
-        mc->nSessionCacheMode      = SSL_SCMODE_SHMHT;
-        cp = strchr(arg, ':');
-        mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
-                                     ssl_util_server_root_relative(cmd->pool, "scache", cp+1));
-        mc->tSessionCacheDataTable = NULL;
-        mc->nSessionCacheDataSize  = 1024*512; /* 512KB */
-        if ((cp = strchr(mc->szSessionCacheDataFile, '(')) != NULL) {
-            *cp++ = NUL;
-            if ((cp2 = strchr(cp, ')')) == NULL)
-                return "SSLSessionCache: Invalid argument: no closing parenthesis";
-            *cp2 = NUL;
-            mc->nSessionCacheDataSize = atoi(cp);
-            if (mc->nSessionCacheDataSize < 8192)
-                return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes";
-            maxsize = ap_mm_core_maxsegsize();
-            if (mc->nSessionCacheDataSize >= maxsize)
-                return ap_psprintf(cmd->pool, "SSLSessionCache: Invalid argument: "
-                                   "size has to be < %d bytes on this platform", maxsize);
-        }
-    }
-    else if (strlen(arg) > 6 && strcEQn(arg, "shmcb:", 6)) {
-        if (!ap_mm_useable())
-            return "SSLSessionCache: shared memory cache not useable on this platform";
-        mc->nSessionCacheMode      = SSL_SCMODE_SHMCB;
-        mc->szSessionCacheDataFile = ap_pstrdup(mc->pPool,
-                                     ap_server_root_relative(cmd->pool, arg+6));
-        mc->tSessionCacheDataTable = NULL;
-        mc->nSessionCacheDataSize  = 1024*512; /* 512KB */
-        if ((cp = strchr(mc->szSessionCacheDataFile, '(')) != NULL) {
-            *cp++ = NUL;
-            if ((cp2 = strchr(cp, ')')) == NULL)
-                return "SSLSessionCache: Invalid argument: no closing parenthesis";
-            *cp2 = NUL;
-            mc->nSessionCacheDataSize = atoi(cp);
-            if (mc->nSessionCacheDataSize < 8192)
-                return "SSLSessionCache: Invalid argument: size has to be >= 8192 bytes";
-            maxsize = ap_mm_core_maxsegsize();
-            if (mc->nSessionCacheDataSize >= maxsize)
-                return ap_psprintf(cmd->pool, "SSLSessionCache: Invalid argument: "
-                                   "size has to be < %d bytes on this platform", maxsize);
-        }
-    }
-	else
-#ifdef SSL_VENDOR
-        if (!ap_hook_use("ap::mod_ssl::vendor::cmd_sslsessioncache",
-             AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_MODE_ALL,
-             cmd, arg, mc))
-#endif
-        return "SSLSessionCache: Invalid argument";
-    return NULL;
-}
-
-const char *ssl_cmd_SSLSessionCacheTimeout(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->nSessionCacheTimeout = atoi(arg);
-    if (sc->nSessionCacheTimeout < 0)
-        return "SSLSessionCacheTimeout: Invalid argument";
-    return NULL;
-}
-
-const char *ssl_cmd_SSLLog(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    const char *err;
-
-    if ((err = ap_check_cmd_context(cmd,  NOT_IN_LIMIT|NOT_IN_DIRECTORY
-                                         |NOT_IN_LOCATION|NOT_IN_FILES )) != NULL)
-        return err;
-    sc->szLogFile = arg;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLLogLevel(
-    cmd_parms *cmd, char *struct_ptr, char *level)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    const char *err;
-
-    if ((err = ap_check_cmd_context(cmd,  NOT_IN_LIMIT|NOT_IN_DIRECTORY
-                                         |NOT_IN_LOCATION|NOT_IN_FILES )) != NULL)
-        return err;
-    if (strcEQ(level, "none"))
-        sc->nLogLevel = SSL_LOG_NONE;
-    else if (strcEQ(level, "error"))
-        sc->nLogLevel = SSL_LOG_ERROR;
-    else if (strcEQ(level, "warn"))
-        sc->nLogLevel = SSL_LOG_WARN;
-    else if (strcEQ(level, "info"))
-        sc->nLogLevel = SSL_LOG_INFO;
-    else if (strcEQ(level, "trace"))
-        sc->nLogLevel = SSL_LOG_TRACE;
-    else if (strcEQ(level, "debug"))
-        sc->nLogLevel = SSL_LOG_DEBUG;
-    else
-        return "SSLLogLevel: Invalid argument";
-    return NULL;
-}
-
-const char *ssl_cmd_SSLOptions(
-    cmd_parms *cmd, SSLDirConfigRec *dc, const char *cpLine)
-{
-    ssl_opt_t opt;
-    int first;
-    char action;
-    char *w;
-
-    first = TRUE;
-    while (cpLine[0] != NUL) {
-        w = ap_getword_conf(cmd->pool, &cpLine);
-        action = NUL;
-
-        if (*w == '+' || *w == '-') {
-            action = *(w++);
-        }
-        else if (first) {
-            dc->nOptions = SSL_OPT_NONE;
-            first = FALSE;
-        }
-
-        if (strcEQ(w, "StdEnvVars"))
-            opt = SSL_OPT_STDENVVARS;
-        else if (strcEQ(w, "CompatEnvVars"))
-            opt = SSL_OPT_COMPATENVVARS;
-        else if (strcEQ(w, "ExportCertData"))
-            opt = SSL_OPT_EXPORTCERTDATA;
-        else if (strcEQ(w, "FakeBasicAuth"))
-            opt = SSL_OPT_FAKEBASICAUTH;
-        else if (strcEQ(w, "StrictRequire"))
-            opt = SSL_OPT_STRICTREQUIRE;
-        else if (strcEQ(w, "OptRenegotiate"))
-            opt = SSL_OPT_OPTRENEGOTIATE;
-        else
-            return ap_pstrcat(cmd->pool, "SSLOptions: Illegal option '", w, "'", NULL);
-
-        if (action == '-') {
-            dc->nOptionsAdd &= ~opt;
-            dc->nOptionsDel |=  opt;
-            dc->nOptions    &= ~opt;
-        }
-        else if (action == '+') {
-            dc->nOptionsAdd |=  opt;
-            dc->nOptionsDel &= ~opt;
-            dc->nOptions    |=  opt;
-        }
-        else {
-            dc->nOptions    = opt;
-            dc->nOptionsAdd = opt;
-            dc->nOptionsDel = SSL_OPT_NONE;
-        }
-    }
-    return NULL;
-}
-
-const char *ssl_cmd_SSLRequireSSL(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *cipher)
-{
-    dc->bSSLRequired = TRUE;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLRequire(
-    cmd_parms *cmd, SSLDirConfigRec *dc, char *cpExpr)
-{
-    ssl_expr *mpExpr;
-    ssl_require_t *pReqRec;
-
-    if ((mpExpr = ssl_expr_comp(cmd->pool, cpExpr)) == NULL)
-        return ap_pstrcat(cmd->pool, "SSLRequire: ", ssl_expr_get_error(), NULL);
-    pReqRec = ap_push_array(dc->aRequirement);
-    pReqRec->cpExpr = ap_pstrdup(cmd->pool, cpExpr);
-    pReqRec->mpExpr = mpExpr;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProtocol(
-    cmd_parms *cmd, char *struct_ptr, const char *opt)
-{
-    SSLSrvConfigRec *sc;
-    ssl_proto_t options, thisopt;
-    char action;
-    char *w;
-
-    sc = mySrvConfig(cmd->server);
-    options = SSL_PROTOCOL_NONE;
-    while (opt[0] != NUL) {
-        w = ap_getword_conf(cmd->pool, &opt);
-
-        action = NUL;
-        if (*w == '+' || *w == '-')
-            action = *(w++);
-
-        if (strcEQ(w, "SSLv2"))
-            thisopt = SSL_PROTOCOL_SSLV2;
-        else if (strcEQ(w, "SSLv3"))
-            thisopt = SSL_PROTOCOL_SSLV3;
-        else if (strcEQ(w, "TLSv1"))
-            thisopt = SSL_PROTOCOL_TLSV1;
-        else if (strcEQ(w, "all"))
-            thisopt = SSL_PROTOCOL_ALL;
-        else
-            return ap_pstrcat(cmd->pool, "SSLProtocol: Illegal protocol '", w, "'", NULL);
-
-        if (action == '-')
-            options &= ~thisopt;
-        else if (action == '+')
-            options |= thisopt;
-        else
-            options = thisopt;
-    }
-    sc->nProtocol = options;
-    return NULL;
-}
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-
-const char *ssl_cmd_SSLProxyProtocol(
-    cmd_parms *cmd, char *struct_ptr, const char *opt)
-{
-    SSLSrvConfigRec *sc;
-    ssl_proto_t options, thisopt;
-    char action;
-    char *w;
-
-    sc = mySrvConfig(cmd->server);
-    options = SSL_PROTOCOL_NONE;
-    while (opt[0] != NUL) {
-        w = ap_getword_conf(cmd->pool, &opt);
-
-        action = NUL;
-        if (*w == '+' || *w == '-')
-            action = *(w++);
-
-        if (strcEQ(w, "SSLv2"))
-            thisopt = SSL_PROTOCOL_SSLV2;
-        else if (strcEQ(w, "SSLv3"))
-            thisopt = SSL_PROTOCOL_SSLV3;
-        else if (strcEQ(w, "TLSv1"))
-            thisopt = SSL_PROTOCOL_TLSV1;
-        else if (strcEQ(w, "all"))
-            thisopt = SSL_PROTOCOL_ALL;
-        else
-            return ap_pstrcat(cmd->pool, "SSLProxyProtocol: "
-                              "Illegal protocol '", w, "'", NULL);
-        if (action == '-')
-            options &= ~thisopt;
-        else if (action == '+')
-            options |= thisopt;
-        else
-            options = thisopt;
-    }
-    sc->nProxyProtocol = options;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCipherSuite(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->szProxyCipherSuite = arg;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyVerify(
-    cmd_parms *cmd, char *struct_ptr, int flag)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
-    sc->bProxyVerify = (flag ? TRUE : FALSE);
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyVerifyDepth(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    int d;
-
-    d = atoi(arg);
-    if (d < 0)
-        return "SSLProxyVerifyDepth: Invalid argument";
-    sc->nProxyVerifyDepth = d;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCACertificateFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLProxyCACertificateFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    sc->szProxyCACertificateFile = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyCACertificatePath(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLProxyCACertificatePath: directory '",
-                          cpPath, "' does not exist", NULL);
-    sc->szProxyCACertificatePath = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyMachineCertificateFile(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLProxyMachineCertFile: file '",
-                          cpPath, "' does not exist or is empty", NULL);
-    sc->szProxyClientCertificateFile = cpPath;
-    return NULL;
-}
-
-const char *ssl_cmd_SSLProxyMachineCertificatePath(
-    cmd_parms *cmd, char *struct_ptr, char *arg)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    char *cpPath;
-
-    cpPath = ssl_util_server_root_relative(cmd->pool, "certkey", arg);
-    if (!ssl_util_path_check(SSL_PCM_EXISTS|SSL_PCM_ISDIR, cpPath))
-        return ap_pstrcat(cmd->pool, "SSLProxyMachineCertPath: directory '",
-                          cpPath, "' does not exist", NULL);
-    sc->szProxyClientCertificatePath = cpPath;
-    return NULL;
-}
-
-#endif /* SSL_EXPERIMENTAL_PROXY */
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_dh.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_dh.c
deleted file mode 100644
index c4f7e8f3413..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_dh.c
+++ /dev/null
@@ -1,251 +0,0 @@
-#if 0
-=pod
-#endif
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-** ssl_engine_dh.c 
-** Diffie-Hellman Built-in Temporary Parameters
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-/* ----BEGIN GENERATED SECTION-------- */
-
-/*
-** Diffie-Hellman-Parameters: (512 bit)
-**     prime:
-**         00:d4:bc:d5:24:06:f6:9b:35:99:4b:88:de:5d:b8:
-**         96:82:c8:15:7f:62:d8:f3:36:33:ee:57:72:f1:1f:
-**         05:ab:22:d6:b5:14:5b:9f:24:1e:5a:cc:31:ff:09:
-**         0a:4b:c7:11:48:97:6f:76:79:50:94:e7:1e:79:03:
-**         52:9f:5a:82:4b
-**     generator: 2 (0x2)
-** Diffie-Hellman-Parameters: (1024 bit)
-**     prime:
-**         00:e6:96:9d:3d:49:5b:e3:2c:7c:f1:80:c3:bd:d4:
-**         79:8e:91:b7:81:82:51:bb:05:5e:2a:20:64:90:4a:
-**         79:a7:70:fa:15:a2:59:cb:d5:23:a6:a6:ef:09:c4:
-**         30:48:d5:a2:2f:97:1f:3c:20:12:9b:48:00:0e:6e:
-**         dd:06:1c:bc:05:3e:37:1d:79:4e:53:27:df:61:1e:
-**         bb:be:1b:ac:9b:5c:60:44:cf:02:3d:76:e0:5e:ea:
-**         9b:ad:99:1b:13:a6:3c:97:4e:9e:f1:83:9e:b5:db:
-**         12:51:36:f7:26:2e:56:a8:87:15:38:df:d8:23:c6:
-**         50:50:85:e2:1f:0d:d5:c8:6b
-**     generator: 2 (0x2)
-*/
-
-static unsigned char dh512_p[] =
-{
-    0xD4, 0xBC, 0xD5, 0x24, 0x06, 0xF6, 0x9B, 0x35, 0x99, 0x4B, 0x88, 0xDE,
-    0x5D, 0xB8, 0x96, 0x82, 0xC8, 0x15, 0x7F, 0x62, 0xD8, 0xF3, 0x36, 0x33,
-    0xEE, 0x57, 0x72, 0xF1, 0x1F, 0x05, 0xAB, 0x22, 0xD6, 0xB5, 0x14, 0x5B,
-    0x9F, 0x24, 0x1E, 0x5A, 0xCC, 0x31, 0xFF, 0x09, 0x0A, 0x4B, 0xC7, 0x11,
-    0x48, 0x97, 0x6F, 0x76, 0x79, 0x50, 0x94, 0xE7, 0x1E, 0x79, 0x03, 0x52,
-    0x9F, 0x5A, 0x82, 0x4B,
-};
-static unsigned char dh512_g[] =
-{
-    0x02,
-};
-
-static DH *get_dh512(void)
-{
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL)
-        return (NULL);
-    dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
-    dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
-        return (NULL);
-    return (dh);
-}
-static unsigned char dh1024_p[] =
-{
-    0xE6, 0x96, 0x9D, 0x3D, 0x49, 0x5B, 0xE3, 0x2C, 0x7C, 0xF1, 0x80, 0xC3,
-    0xBD, 0xD4, 0x79, 0x8E, 0x91, 0xB7, 0x81, 0x82, 0x51, 0xBB, 0x05, 0x5E,
-    0x2A, 0x20, 0x64, 0x90, 0x4A, 0x79, 0xA7, 0x70, 0xFA, 0x15, 0xA2, 0x59,
-    0xCB, 0xD5, 0x23, 0xA6, 0xA6, 0xEF, 0x09, 0xC4, 0x30, 0x48, 0xD5, 0xA2,
-    0x2F, 0x97, 0x1F, 0x3C, 0x20, 0x12, 0x9B, 0x48, 0x00, 0x0E, 0x6E, 0xDD,
-    0x06, 0x1C, 0xBC, 0x05, 0x3E, 0x37, 0x1D, 0x79, 0x4E, 0x53, 0x27, 0xDF,
-    0x61, 0x1E, 0xBB, 0xBE, 0x1B, 0xAC, 0x9B, 0x5C, 0x60, 0x44, 0xCF, 0x02,
-    0x3D, 0x76, 0xE0, 0x5E, 0xEA, 0x9B, 0xAD, 0x99, 0x1B, 0x13, 0xA6, 0x3C,
-    0x97, 0x4E, 0x9E, 0xF1, 0x83, 0x9E, 0xB5, 0xDB, 0x12, 0x51, 0x36, 0xF7,
-    0x26, 0x2E, 0x56, 0xA8, 0x87, 0x15, 0x38, 0xDF, 0xD8, 0x23, 0xC6, 0x50,
-    0x50, 0x85, 0xE2, 0x1F, 0x0D, 0xD5, 0xC8, 0x6B,
-};
-static unsigned char dh1024_g[] =
-{
-    0x02,
-};
-
-static DH *get_dh1024(void)
-{
-    DH *dh;
-
-    if ((dh = DH_new()) == NULL)
-        return (NULL);
-    dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
-    dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
-        return (NULL);
-    return (dh);
-}
-/* ----END GENERATED SECTION---------- */
-
-DH *ssl_dh_GetTmpParam(int nKeyLen)
-{
-    DH *dh;
-
-    if (nKeyLen == 512)
-        dh = get_dh512();
-    else if (nKeyLen == 1024)
-        dh = get_dh1024();
-    else
-        dh = get_dh1024();
-    return dh;
-}
-
-DH *ssl_dh_GetParamFromFile(char *file)
-{
-    DH *dh = NULL;
-    BIO *bio;
-
-    if ((bio = BIO_new_file(file, "r")) == NULL)
-        return NULL;
-    dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-    BIO_free(bio);
-    return (dh);
-}
-
-/*
-=cut
-##
-##  Embedded Perl script for generating the temporary DH parameters
-##
-
-require 5.003;
-use strict;
-
-#   configuration
-my $file  = $0;
-my $begin = '----BEGIN GENERATED SECTION--------';
-my $end   = '----END GENERATED SECTION----------';
-
-#   read ourself and keep a backup
-open(FP, "<$file") || die;
-my $source = '';
-$source .= $_ while ();
-close(FP);
-open(FP, ">$file.bak") || die;
-print FP $source;
-close(FP);
-
-#   generate the DH parameters
-print "1. Generate 512 and 1024 bit Diffie-Hellman parameters (p, g)\n";
-my $rand = '';
-foreach $file (qw(/var/log/messages /var/adm/messages 
-                  /kernel /vmunix /vmlinuz /etc/hosts /etc/resolv.conf)) {
-    if (-f $file) {
-        $rand = $file     if ($rand eq '');
-        $rand .= ":$file" if ($rand ne '');
-    }
-}
-$rand = "-rand $rand" if ($rand ne '');
-system("openssl gendh $rand -out dh512.pem 512");
-system("openssl gendh $rand -out dh1024.pem 1024");
-
-#   generate DH param info 
-my $dhinfo = '';
-open(FP, "openssl dh -noout -text -in dh512.pem |") || die;
-$dhinfo .= $_ while ();
-close(FP);
-open(FP, "openssl dh -noout -text -in dh1024.pem |") || die;
-$dhinfo .= $_ while ();
-close(FP);
-$dhinfo =~ s|^|** |mg;
-$dhinfo = "\n\/\*\n$dhinfo\*\/\n\n";
-
-#   generate C source from DH params
-my $dhsource = '';
-open(FP, "openssl dh -noout -C -in dh512.pem | indent | expand |") || die;
-$dhsource .= $_ while ();
-close(FP);
-open(FP, "openssl dh -noout -C -in dh1024.pem | indent | expand |") || die;
-$dhsource .= $_ while ();
-close(FP);
-$dhsource =~ s|(DH\s+\*get_dh)|static $1|sg;
-
-#   generate output
-my $o = $dhinfo . $dhsource;
-
-#   insert the generated code at the target location
-$source =~ s|(\/\* $begin.+?\n).*\n(.*?\/\* $end)|$1$o$2|s;
-
-#   and update the source on disk
-print "Updating file `$file'\n";
-open(FP, ">$file") || die;
-print FP $source;
-close(FP);
-
-#   cleanup
-unlink("dh512.pem");
-unlink("dh1024.pem");
-
-=pod
-*/
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ds.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ds.c
deleted file mode 100644
index 04727d5323e..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ds.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_ds.c
-**  Additional Data Structures
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``If you can't do it in
-                                  C or assembly language,
-                                  it isn't worth doing.''
-                                         -- Unknown         */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Data Structures which store _arbitrary_ data
-**  _________________________________________________________________
-*/
-
-ssl_ds_array *ssl_ds_array_make(pool *p, int size)
-{
-    ssl_ds_array *a;
-
-    if ((a = (ssl_ds_array *)ap_palloc(p, sizeof(ssl_ds_array))) == NULL)
-        return NULL;
-    a->pPool = p;
-    if ((a->pSubPool = ap_make_sub_pool(p)) == NULL)
-        return NULL;
-    a->aData   = ap_make_array(a->pSubPool, 2, size);
-    return a;
-}
-
-BOOL ssl_ds_array_isempty(ssl_ds_array *a)
-{
-    if (a == NULL || a->aData == NULL || a->aData->nelts == 0)
-        return TRUE;
-    else
-        return FALSE;
-}
-
-void *ssl_ds_array_push(ssl_ds_array *a)
-{
-    void *d;
-
-    d = (void *)ap_push_array(a->aData);
-    return d;
-}
-
-void *ssl_ds_array_get(ssl_ds_array *a, int n)
-{
-    void *d;
-
-    if (n < 0 || n >= a->aData->nelts)
-        return NULL;
-    d = (void *)(a->aData->elts+(a->aData->elt_size*n));
-    return d;
-}
-
-void ssl_ds_array_wipeout(ssl_ds_array *a)
-{
-    if (a->aData->nelts > 0)
-        memset(a->aData->elts, 0, a->aData->elt_size*a->aData->nelts);
-    return;
-}
-
-void ssl_ds_array_kill(ssl_ds_array *a)
-{
-    ap_destroy_pool(a->pSubPool);
-    a->pSubPool = NULL;
-    a->aData    = NULL;
-    return;
-}
-
-ssl_ds_table *ssl_ds_table_make(pool *p, int size)
-{
-    ssl_ds_table *t;
-
-    if ((t = (ssl_ds_table *)ap_palloc(p, sizeof(ssl_ds_table))) == NULL)
-        return NULL;
-    t->pPool = p;
-    if ((t->pSubPool = ap_make_sub_pool(p)) == NULL)
-        return NULL;
-    t->aKey  = ap_make_array(t->pSubPool, 2, MAX_STRING_LEN);
-    t->aData = ap_make_array(t->pSubPool, 2, size);
-    return t;
-}
-
-BOOL ssl_ds_table_isempty(ssl_ds_table *t)
-{
-    if (t == NULL || t->aKey == NULL || t->aKey->nelts == 0)
-        return TRUE;
-    else
-        return FALSE;
-}
-
-void *ssl_ds_table_push(ssl_ds_table *t, char *key)
-{
-    char *k;
-    void *d;
-
-    k = (char *)ap_push_array(t->aKey);
-    d = (void *)ap_push_array(t->aData);
-    ap_cpystrn(k, key, t->aKey->elt_size);
-    return d;
-}
-
-void *ssl_ds_table_get(ssl_ds_table *t, char *key)
-{
-    char *k;
-    void *d;
-    int i;
-
-    d = NULL;
-    for (i = 0; i < t->aKey->nelts; i++) {
-        k = (t->aKey->elts+(t->aKey->elt_size*i));
-        if (strEQ(k, key)) {
-            d = (void *)(t->aData->elts+(t->aData->elt_size*i));
-            break;
-        }
-    }
-    return d;
-}
-
-void ssl_ds_table_wipeout(ssl_ds_table *t)
-{
-    if (t->aKey->nelts > 0) {
-        memset(t->aKey->elts, 0, t->aKey->elt_size*t->aKey->nelts);
-        memset(t->aData->elts, 0, t->aData->elt_size*t->aData->nelts);
-    }
-    return;
-}
-
-void ssl_ds_table_kill(ssl_ds_table *t)
-{
-    ap_destroy_pool(t->pSubPool);
-    t->pSubPool = NULL;
-    t->aKey     = NULL;
-    t->aData    = NULL;
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c
deleted file mode 100644
index 60ebc6f8cbc..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_ext.c
+++ /dev/null
@@ -1,812 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_ext.c
-**  Extensions to other Apache parts
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Only those who attempt the absurd
-                                  can achieve the impossible.''
-                                           -- Unknown             */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  SSL Extensions
-**  _________________________________________________________________
-*/
-
-static void  ssl_ext_mlc_register(void);
-static void  ssl_ext_mlc_unregister(void);
-static void  ssl_ext_mr_register(void);
-static void  ssl_ext_mr_unregister(void);
-static void  ssl_ext_mp_register(void);
-static void  ssl_ext_mp_unregister(void);
-static void  ssl_ext_ms_register(void);
-static void  ssl_ext_ms_unregister(void);
-
-void ssl_ext_register(void)
-{
-    ssl_ext_mlc_register();
-    ssl_ext_mr_register();
-    ssl_ext_mp_register();
-    ssl_ext_ms_register();
-    return;
-}
-
-void ssl_ext_unregister(void)
-{
-    ssl_ext_mlc_unregister();
-    ssl_ext_mr_unregister();
-    ssl_ext_mp_unregister();
-    ssl_ext_ms_unregister();
-    return;
-}
-
-/*  _________________________________________________________________
-**
-**  SSL Extension to mod_log_config
-**  _________________________________________________________________
-*/
-
-static char *ssl_ext_mlc_log_c(request_rec *r, char *a);
-static char *ssl_ext_mlc_log_x(request_rec *r, char *a);
-
-/*
- * register us for the mod_log_config function registering phase
- * to establish %{...}c and to be able to expand %{...}x variables.
- */
-static void ssl_ext_mlc_register(void)
-{
-    ap_hook_register("ap::mod_log_config::log_c",
-                     ssl_ext_mlc_log_c, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_log_config::log_x",
-                     ssl_ext_mlc_log_x, AP_HOOK_NOCTX);
-    return;
-}
-
-static void ssl_ext_mlc_unregister(void)
-{
-    ap_hook_unregister("ap::mod_log_config::log_c",
-                       ssl_ext_mlc_log_c);
-    ap_hook_unregister("ap::mod_log_config::log_x",
-                       ssl_ext_mlc_log_x);
-    return;
-}
-
-/*
- * implement the %{..}c log function
- * (we are the only function)
- */
-static char *ssl_ext_mlc_log_c(request_rec *r, char *a)
-{
-    char *result;
-
-    if (ap_ctx_get(r->connection->client->ctx, "ssl") == NULL)
-        return NULL;
-    result = NULL;
-    if (strEQ(a, "version"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL");
-    else if (strEQ(a, "cipher"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER");
-    else if (strEQ(a, "subjectdn") || strEQ(a, "clientcert"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN");
-    else if (strEQ(a, "issuerdn") || strEQ(a, "cacert"))
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN");
-    else if (strEQ(a, "errcode"))
-        result = "-";
-    else if (strEQ(a, "errstr"))
-        result = ap_ctx_get(r->connection->client->ctx, "ssl::verify::error");
-    if (result != NULL && result[0] == NUL)
-        result = NULL;
-    return result;
-}
-
-/*
- * extend the implementation of the %{..}x log function
- * (there can be more functions)
- */
-static char *ssl_ext_mlc_log_x(request_rec *r, char *a)
-{
-    char *result;
-
-    result = NULL;
-    if (ap_ctx_get(r->connection->client->ctx, "ssl") != NULL)
-        result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
-    if (result != NULL && result[0] == NUL)
-        result = NULL;
-    return result;
-}
-
-/*  _________________________________________________________________
-**
-**  SSL Extension to mod_rewrite
-**  _________________________________________________________________
-*/
-
-static char *ssl_ext_mr_lookup_variable(request_rec *r, char *var);
-
-/*
- * register us for the mod_rewrite lookup_variable() function
- */
-static void ssl_ext_mr_register(void)
-{
-    ap_hook_register("ap::mod_rewrite::lookup_variable",
-                     ssl_ext_mr_lookup_variable, AP_HOOK_NOCTX);
-    return;
-}
-
-static void ssl_ext_mr_unregister(void)
-{
-    ap_hook_unregister("ap::mod_rewrite::lookup_variable",
-                       ssl_ext_mr_lookup_variable);
-    return;
-}
-
-static char *ssl_ext_mr_lookup_variable(request_rec *r, char *var)
-{
-    char *val;
-
-    val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
-    if (val[0] == NUL)
-        val = NULL;
-    return val;
-}
-
-/*  _________________________________________________________________
-**
-**  SSL Extension to mod_proxy
-**  _________________________________________________________________
-*/
-
-static int   ssl_ext_mp_canon(request_rec *, char *);
-static int   ssl_ext_mp_handler(request_rec *, void *, char *, char *, int, char *);
-static int   ssl_ext_mp_set_destport(request_rec *);
-static char *ssl_ext_mp_new_connection(request_rec *, BUFF *, char *);
-static void  ssl_ext_mp_close_connection(void *);
-static int   ssl_ext_mp_write_host_header(request_rec *, BUFF *, char *, char *, char *);
-#ifdef SSL_EXPERIMENTAL_PROXY
-static void  ssl_ext_mp_init(server_rec *, pool *);
-static int   ssl_ext_mp_verify_cb(int, X509_STORE_CTX *);
-static int   ssl_ext_mp_clientcert_cb(SSL *, X509 **, EVP_PKEY **);
-#endif
-
-/*
- * register us ...
- */
-static void ssl_ext_mp_register(void)
-{
-#ifdef SSL_EXPERIMENTAL_PROXY
-    ap_hook_register("ap::mod_proxy::init",
-                     ssl_ext_mp_init, AP_HOOK_NOCTX);
-#endif
-    ap_hook_register("ap::mod_proxy::canon",
-                     ssl_ext_mp_canon, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_proxy::handler",
-                     ssl_ext_mp_handler, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_proxy::http::handler::set_destport",
-                     ssl_ext_mp_set_destport, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_proxy::http::handler::new_connection",
-                     ssl_ext_mp_new_connection, AP_HOOK_NOCTX);
-    ap_hook_register("ap::mod_proxy::http::handler::write_host_header",
-                     ssl_ext_mp_write_host_header, AP_HOOK_NOCTX);
-    return;
-}
-
-static void ssl_ext_mp_unregister(void)
-{
-#ifdef SSL_EXPERIMENTAL_PROXY
-    ap_hook_unregister("ap::mod_proxy::init", ssl_ext_mp_init);
-#endif
-    ap_hook_unregister("ap::mod_proxy::canon", ssl_ext_mp_canon);
-    ap_hook_unregister("ap::mod_proxy::handler", ssl_ext_mp_handler);
-    ap_hook_unregister("ap::mod_proxy::http::handler::set_destport",
-                       ssl_ext_mp_set_destport);
-    ap_hook_unregister("ap::mod_proxy::http::handler::new_connection",
-                       ssl_ext_mp_new_connection);
-    ap_hook_unregister("ap::mod_proxy::http::handler::write_host_header",
-                       ssl_ext_mp_write_host_header);
-    return;
-}
-
-/*
- * SSL proxy initialization
- */
-#ifdef SSL_EXPERIMENTAL_PROXY
-static void ssl_ext_mp_init(server_rec *s, pool *p)
-{
-    SSLSrvConfigRec *sc;
-    char *cpVHostID;
-    int nVerify;
-    SSL_CTX *ctx;
-    char *cp;
-    STACK_OF(X509_INFO) *sk;
-
-    /*
-     * Initialize each virtual server 
-     */
-    ERR_clear_error();
-    for (; s != NULL; s = s->next) {
-        sc = mySrvConfig(s);
-        cpVHostID = ssl_util_vhostid(p, s);
-        
-        if (sc->bProxyVerify == UNSET)
-            sc->bProxyVerify = FALSE;
-
-        /*
-         *  Create new SSL context and configure callbacks
-         */
-        if (sc->nProxyProtocol == SSL_PROTOCOL_NONE) {
-            ssl_log(s, SSL_LOG_ERROR,
-                    "Init: (%s) No Proxy SSL protocols available [hint: SSLProxyProtocol]",
-                    cpVHostID);
-            ssl_die();
-        }
-        cp = ap_pstrcat(p, (sc->nProxyProtocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""), 
-                           (sc->nProxyProtocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""), 
-                           (sc->nProxyProtocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""), NULL);
-        cp[strlen(cp)-2] = NUL;
-        ssl_log(s, SSL_LOG_TRACE, 
-                "Init: (%s) Creating new proxy SSL context (protocols: %s)", 
-                cpVHostID, cp);
-        if (sc->nProxyProtocol == SSL_PROTOCOL_SSLV2)
-            ctx = SSL_CTX_new(SSLv2_client_method());  /* only SSLv2 is left */ 
-        else
-            ctx = SSL_CTX_new(SSLv23_client_method()); /* be more flexible */
-        if (ctx == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to create SSL Proxy context", cpVHostID);
-            ssl_die();
-        }
-        sc->pSSLProxyCtx = ctx;
-        SSL_CTX_set_options(ctx, SSL_OP_ALL);
-        if (!(sc->nProxyProtocol & SSL_PROTOCOL_SSLV2))
-            SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-        if (!(sc->nProxyProtocol & SSL_PROTOCOL_SSLV3))
-            SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
-        if (!(sc->nProxyProtocol & SSL_PROTOCOL_TLSV1)) 
-            SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
-
-        if (sc->szProxyClientCertificateFile || sc->szProxyClientCertificatePath) {
-            sk = sk_X509_INFO_new_null();
-            if (sc->szProxyClientCertificateFile) 
-                SSL_load_CrtAndKeyInfo_file(p, sk, sc->szProxyClientCertificateFile);
-            if (sc->szProxyClientCertificatePath)
-                SSL_load_CrtAndKeyInfo_path(p, sk, sc->szProxyClientCertificatePath);
-            ssl_log(s, SSL_LOG_TRACE, "Init: (%s) loaded %d client certs for SSL proxy",
-                    cpVHostID, sk_X509_INFO_num(sk));
-            if (sk_X509_INFO_num(sk) > 0) {
-                SSL_CTX_set_client_cert_cb(ctx, ssl_ext_mp_clientcert_cb);
-                sc->skProxyClientCerts = sk;
-            }
-        }
-
-        /*
-         * Calculate OpenSSL verify type for verifying the remote server
-         * certificate. We either verify it against our list of CA's, or don't
-         * bother at all.
-         */
-        nVerify = SSL_VERIFY_NONE;
-        if (sc->bProxyVerify)
-            nVerify |= SSL_VERIFY_PEER;
-        if (   nVerify & SSL_VERIFY_PEER 
-            && sc->szProxyCACertificateFile == NULL 
-            && sc->szProxyCACertificatePath == NULL) {
-            ssl_log(s, SSL_LOG_ERROR,
-                    "Init: (%s) SSLProxyVerify set to On but no CA certificates configured",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (   nVerify & SSL_VERIFY_NONE
-            && (   sc->szProxyCACertificateFile != NULL
-                || sc->szProxyCACertificatePath != NULL)) {
-            ssl_log(s, SSL_LOG_WARN, 
-                    "init: (%s) CA certificates configured but ignored because SSLProxyVerify is Off",
-                    cpVHostID);
-        }
-        SSL_CTX_set_verify(ctx, nVerify, ssl_ext_mp_verify_cb);
-
-        /*
-         * Enable session caching. We can safely use the same cache
-         * as used for communicating with the other clients.
-         */
-        SSL_CTX_sess_set_new_cb(sc->pSSLProxyCtx,    ssl_callback_NewSessionCacheEntry);
-        SSL_CTX_sess_set_get_cb(sc->pSSLProxyCtx,    ssl_callback_GetSessionCacheEntry);
-        SSL_CTX_sess_set_remove_cb(sc->pSSLProxyCtx, ssl_callback_DelSessionCacheEntry);
-
-        /*
-         *  Configure SSL Cipher Suite
-         */
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring permitted SSL ciphers for SSL proxy", cpVHostID);
-        if (sc->szProxyCipherSuite != NULL) {
-            if (!SSL_CTX_set_cipher_list(sc->pSSLProxyCtx, sc->szProxyCipherSuite)) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: (%s) Unable to configure permitted SSL ciphers for SSL Proxy",
-                        cpVHostID);
-                ssl_die();
-            }
-        }
-
-        /*
-         * Configure Client Authentication details
-         */
-        if (sc->szProxyCACertificateFile != NULL || sc->szProxyCACertificatePath != NULL) {
-             ssl_log(s, SSL_LOG_DEBUG, 
-                     "Init: (%s) Configuring client verification locations for SSL Proxy", 
-                     cpVHostID);
-             if (!SSL_CTX_load_verify_locations(sc->pSSLProxyCtx,
-                                                sc->szProxyCACertificateFile,
-                                                sc->szProxyCACertificatePath)) {
-                 ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
-                         "Init: (%s) Unable to configure SSL verify locations for SSL proxy",
-                         cpVHostID);
-                 ssl_die();
-             }
-        }
-    }
-    return;
-}
-#endif /* SSL_EXPERIMENTAL_PROXY */
-
-static int ssl_ext_mp_canon(request_rec *r, char *url)
-{
-    int rc;
-
-    if (strcEQn(url, "https:", 6)) {
-        rc = OK;
-        ap_hook_call("ap::mod_proxy::http::canon",
-                     &rc, r, url+6, "https", DEFAULT_HTTPS_PORT);
-        return rc;
-    }
-    return DECLINED;
-}
-
-static int ssl_ext_mp_handler(
-    request_rec *r, void *cr, char *url, char *proxyhost, int proxyport, char *protocol)
-{
-    int rc;
-
-    if (strcEQ(protocol, "https")) {
-        ap_ctx_set(r->ctx, "ssl::proxy::enabled", PTRUE);
-        ap_hook_call("ap::mod_proxy::http::handler",
-                     &rc, r, cr, url, proxyhost, proxyport);
-        return rc;
-    }
-    else {
-        ap_ctx_set(r->ctx, "ssl::proxy::enabled", PFALSE);
-    }
-    return DECLINED;
-}
-
-static int ssl_ext_mp_set_destport(request_rec *r)
-{
-    if (ap_ctx_get(r->ctx, "ssl::proxy::enabled") == PTRUE)
-        return DEFAULT_HTTPS_PORT;
-    else
-        return DEFAULT_HTTP_PORT;
-}
-
-static char *ssl_ext_mp_new_connection(request_rec *r, BUFF *fb,
-    char *peer)
-{
-#ifndef SSL_EXPERIMENTAL_PROXY
-    SSL_CTX *ssl_ctx;
-#endif
-    SSL *ssl;
-    char *errmsg;
-    int rc;
-    char *cpVHostID;
-    char *cpVHostMD5;
-#ifdef SSL_EXPERIMENTAL_PROXY
-    SSLSrvConfigRec *sc;
-    char *cp;
-#endif
-
-    if (ap_ctx_get(r->ctx, "ssl::proxy::enabled") == PFALSE)
-        return NULL;
-
-    /*
-     * Find context
-     */
-#ifdef SSL_EXPERIMENTAL_PROXY
-    sc = mySrvConfig(r->server);
-#endif
-    cpVHostID = ssl_util_vhostid(r->pool, r->server);
-
-    /*
-     * Create a SSL context and handle
-     */
-#ifdef SSL_EXPERIMENTAL_PROXY
-    ssl = SSL_new(sc->pSSLProxyCtx);
-#else
-    ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-    ssl = SSL_new(ssl_ctx);
-#endif
-    if (ssl == NULL) {
-        errmsg = ap_psprintf(r->pool, "SSL proxy new failed (%s): peer %s: %s",
-                             cpVHostID, peer, ERR_reason_error_string(ERR_get_error()));
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        return errmsg;
-    }
-    SSL_clear(ssl);
-    cpVHostMD5 = ap_md5(r->pool, (unsigned char *)cpVHostID);
-    if (!SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5, strlen(cpVHostMD5))) {
-        errmsg = ap_psprintf(r->pool, "Unable to set session id context to `%s': peer %s: %s",
-                             cpVHostMD5, peer, ERR_reason_error_string(ERR_get_error()));
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        return errmsg;
-    }
-    SSL_set_fd(ssl, fb->fd);
-#ifdef SSL_EXPERIMENTAL_PROXY
-    SSL_set_app_data(ssl, fb->ctx);
-#endif
-    ap_ctx_set(fb->ctx, "ssl", ssl);
-#ifdef SSL_EXPERIMENTAL_PROXY
-    ap_ctx_set(fb->ctx, "ssl::proxy::server_rec", r->server);
-    ap_ctx_set(fb->ctx, "ssl::proxy::peer", peer);
-    ap_ctx_set(fb->ctx, "ssl::proxy::servername", cpVHostID);
-    ap_ctx_set(fb->ctx, "ssl::proxy::verifyerror", NULL);
-#endif
-
-    /*
-     * Give us a chance to gracefully close the connection
-     */
-    ap_register_cleanup(r->pool, (void *)fb,
-                        ssl_ext_mp_close_connection, ssl_ext_mp_close_connection);
-
-    /*
-     * Establish the SSL connection
-     */
-    if ((rc = SSL_connect(ssl)) <= 0) {
-#ifdef SSL_EXPERIMENTAL_PROXY
-        if ((cp = (char *)ap_ctx_get(fb->ctx, "ssl::proxy::verifyerror")) != NULL) {
-            SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); 
-            SSL_smart_shutdown(ssl);
-            SSL_free(ssl);
-            ap_ctx_set(fb->ctx, "ssl", NULL);
-            ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-            return NULL;
-        }
-#endif
-        errmsg = ap_psprintf(r->pool, "SSL proxy connect failed (%s): peer %s: %s",
-                             cpVHostID, peer, ERR_reason_error_string(ERR_get_error()));
-        ssl_log(r->server, SSL_LOG_ERROR, "%s", errmsg);
-        SSL_free(ssl);
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        return errmsg;
-    }
-
-    return NULL;
-}
-
-static void ssl_ext_mp_close_connection(void *_fb)
-{
-    BUFF *fb = _fb;
-    SSL *ssl;
-#ifndef SSL_EXPERIMENTAL_PROXY
-    SSL_CTX *ctx;
-#endif
-
-    ssl = ap_ctx_get(fb->ctx, "ssl");
-    if (ssl != NULL) {
-#ifndef SSL_EXPERIMENTAL_PROXY
-        ctx = SSL_get_SSL_CTX(ssl);
-#endif
-        SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-        SSL_smart_shutdown(ssl);
-        SSL_free(ssl);
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-#ifndef SSL_EXPERIMENTAL_PROXY
-        if (ctx != NULL)
-            SSL_CTX_free(ctx);
-#endif
-    }
-    return;
-}
-
-static int ssl_ext_mp_write_host_header(
-    request_rec *r, BUFF *fb, char *host, char *port, char *portstr)
-{
-    char defport[16];
-
-    if (ap_ctx_get(r->ctx, "ssl::proxy::enabled") == PFALSE)
-        return DECLINED;
-
-    ap_snprintf(defport, sizeof(defport), "%d", DEFAULT_HTTPS_PORT);
-    if (portstr != NULL && strcmp(portstr, defport)) {
-        ap_bvputs(fb, "Host: ", host, ":", portstr, "\r\n", NULL);
-        return OK;
-    }
-    return DECLINED;
-}
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-
-/* 
- * Callback for client certificate stuff.
- * If the remote site sent us a SSLv3 list of acceptable CA's then trawl the
- * table of client certs and send the first one that matches.
- */
-static int ssl_ext_mp_clientcert_cb(SSL *ssl, X509 **x509, EVP_PKEY **pkey) 
-{
-    SSLSrvConfigRec *sc;
-    X509_NAME *xnx;
-    X509_NAME *issuer;
-    X509_INFO *xi;
-    char *peer;
-    char *servername;
-    server_rec *s;
-    ap_ctx *pCtx;
-    STACK_OF(X509_NAME) *sk;
-    STACK_OF(X509_INFO) *pcerts;
-    char *cp;
-    int i, j;
-    
-    pCtx       = (ap_ctx *)SSL_get_app_data(ssl);
-    s          = ap_ctx_get(pCtx, "ssl::proxy::server_rec");
-    peer       = ap_ctx_get(pCtx, "ssl::proxy::peer");
-    servername = ap_ctx_get(pCtx, "ssl::proxy::servername");
-
-    sc         = mySrvConfig(s);
-    pcerts     = sc->skProxyClientCerts;
-
-    ssl_log(s, SSL_LOG_DEBUG, 
-            "Proxy client certificate callback: (%s) entered", servername);
-
-    if ((pcerts == NULL) || (sk_X509_INFO_num(pcerts) <= 0)) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Proxy client certificate callback: (%s) "
-                "site wanted client certificate but none available", 
-                servername);
-        return 0;
-    }                                                                     
-
-    sk = SSL_get_client_CA_list(ssl);
-
-    if ((sk == NULL) || (sk_X509_NAME_num(sk) <= 0)) {
-        /* 
-         * remote site didn't send us a list of acceptable CA certs, 
-         * so lets send the first one we came across 
-         */   
-        xi = sk_X509_INFO_value(pcerts, 0);
-        cp = X509_NAME_oneline(X509_get_subject_name(xi->x509), NULL, 0);
-        ssl_log(s, SSL_LOG_DEBUG,
-                "SSL Proxy: (%s) no acceptable CA list, sending %s", 
-                servername, cp != NULL ? cp : "-unknown-");
-        OPENSSL_free(cp);
-        /* export structures to the caller */
-        *x509 = xi->x509;
-        *pkey = xi->x_pkey->dec_pkey;
-        /* prevent OpenSSL freeing these structures */
-        CRYPTO_add(&((*x509)->references), +1, CRYPTO_LOCK_X509_PKEY);
-        CRYPTO_add(&((*pkey)->references), +1, CRYPTO_LOCK_X509_PKEY);
-        return 1;
-    }         
-
-    for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-        xnx = sk_X509_NAME_value(sk, i);
-        for (j = 0; j < sk_X509_INFO_num(pcerts); j++) {
-            xi = sk_X509_INFO_value(pcerts,j);
-            issuer = X509_get_issuer_name(xi->x509);
-            if (X509_NAME_cmp(issuer, xnx) == 0) {
-                cp = X509_NAME_oneline(X509_get_subject_name(xi->x509), NULL, 0);
-                ssl_log(s, SSL_LOG_DEBUG, "SSL Proxy: (%s) sending %s", 
-                        servername, cp != NULL ? cp : "-unknown-");
-                OPENSSL_free(cp);
-                /* export structures to the caller */
-                *x509 = xi->x509;
-                *pkey = xi->x_pkey->dec_pkey;
-                /* prevent OpenSSL freeing these structures */
-                CRYPTO_add(&((*x509)->references), +1, CRYPTO_LOCK_X509_PKEY);
-                CRYPTO_add(&((*pkey)->references), +1, CRYPTO_LOCK_X509_PKEY);
-                return 1;
-            }
-        }
-    }
-    ssl_log(s, SSL_LOG_TRACE,
-            "Proxy client certificate callback: (%s) "
-            "no client certificate found!?", servername);
-    return 0; 
-}
-
-/*
- * This is the verify callback when we are connecting to a remote SSL server
- * from the proxy. Information is passed in via the SSL "ctx" app_data
- * mechanism. We pass in an Apache context in this field, which contains
- * server_rec of the server making the proxy connection from the
- * "ssl::proxy::server_rec" context.
- *
- * The result of the verification is passed back out to SSLERR via the return
- * value. We also store the error message in the "proxyverifyfailed" context,
- * so the caller of SSL_connect() can log a detailed error message.
- */
-static int ssl_ext_mp_verify_cb(int ok, X509_STORE_CTX *ctx)
-{
-    SSLSrvConfigRec *sc;
-    X509 *xs;
-    int errnum;
-    int errdepth;
-    char *cp, *cp2;
-    ap_ctx *pCtx;
-    server_rec *s;
-    SSL *ssl;
-    char *peer;
-    char *servername;
-
-    ssl        = (SSL *)X509_STORE_CTX_get_app_data(ctx);
-    pCtx       = (ap_ctx *)SSL_get_app_data(ssl);
-    s          = ap_ctx_get(pCtx, "ssl::proxy::server_rec");
-    peer       = ap_ctx_get(pCtx, "ssl::proxy::peer");
-    servername = ap_ctx_get(pCtx, "ssl::proxy::servername");
-    sc         = mySrvConfig(s);
-
-    /*
-     * Unless stated otherwise by the configuration, we really don't
-     * care if the verification was okay or not, so lets return now
-     * before we do anything involving memory or time.
-     */
-    if (sc->bProxyVerify == FALSE)
-        return ok;
-                     
-    /*
-     * Get verify ingredients
-     */
-    xs       = X509_STORE_CTX_get_current_cert(ctx);
-    errnum   = X509_STORE_CTX_get_error(ctx);
-    errdepth = X509_STORE_CTX_get_error_depth(ctx);
-
-    /* 
-     * Log verification information
-     */
-    cp  = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
-    cp2 = X509_NAME_oneline(X509_get_issuer_name(xs),  NULL, 0);
-    ssl_log(s, SSL_LOG_DEBUG,
-            "SSL Proxy: (%s) Certificate Verification for remote server %s: "
-            "depth: %d, subject: %s, issuer: %s", 
-            servername, peer != NULL ? peer : "-unknown-",
-            errdepth, cp != NULL ? cp : "-unknown-", 
-            cp2 != NULL ? cp2 : "-unknown");
-    OPENSSL_free(cp);
-    OPENSSL_free(cp2);
-
-    /*
-     * If we already know it's not ok, log the real reason
-     */
-    if (!ok) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "SSL Proxy: (%s) Certificate Verification failed for %s: "
-                "Error (%d): %s", servername,
-                peer != NULL ? peer : "-unknown-",
-                errnum, X509_verify_cert_error_string(errnum));
-        ap_ctx_set(pCtx, "ssl::proxy::verifyerror", 
-                   (void *)X509_verify_cert_error_string(errnum));
-        return ok;
-    }
-
-    /*
-     * Check the depth of the certificate chain
-     */
-    if (sc->nProxyVerifyDepth > 0) {
-        if (errdepth > sc->nProxyVerifyDepth) {
-            ssl_log(s, SSL_LOG_ERROR,
-                "SSL Proxy: (%s) Certificate Verification failed for %s: "
-                "Certificate Chain too long "
-                "(chain has %d certificates, but maximum allowed are only %d)", 
-                servername, peer, errdepth, sc->nProxyVerifyDepth);
-            ap_ctx_set(pCtx, "ssl::proxy::verifyerror",
-                       (void *)X509_verify_cert_error_string(X509_V_ERR_CERT_CHAIN_TOO_LONG));
-            ok = FALSE;
-        }
-    }
-
-    /*
-     * And finally signal OpenSSL the (perhaps changed) state
-     */
-    return (ok);
-}
-
-#endif /* SSL_EXPERIMENTAL_PROXY */
-
-/*  _________________________________________________________________
-**
-**  SSL Extension to mod_status
-**  _________________________________________________________________
-*/
-
-static void ssl_ext_ms_display(request_rec *, int, int);
-
-static void ssl_ext_ms_register(void)
-{
-    ap_hook_register("ap::mod_status::display", ssl_ext_ms_display, AP_HOOK_NOCTX);
-    return;
-}
-
-static void ssl_ext_ms_unregister(void)
-{
-    ap_hook_unregister("ap::mod_status::display", ssl_ext_ms_display);
-    return;
-}
-
-static void ssl_ext_ms_display_cb(char *str, void *_r)
-{
-    request_rec *r = (request_rec *)_r;
-    if (str != NULL)
-        ap_rputs(str, r);
-    return;
-}
-
-static void ssl_ext_ms_display(request_rec *r, int no_table_report, int short_report)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
-
-    if (sc == NULL)
-        return;
-    if (short_report)
-        return;
-    ap_rputs("
    \n", r);
-    ap_rputs("\n", r);
-    ap_rputs("\n", r);
-    ap_rputs("\n", r);
-    ap_rputs("
    \n", r);
-    ap_rputs("SSL/TLS Session Cache Status:\r", r);
-    ap_rputs("
    \n", r);
-    ssl_scache_status(r->server, r->pool, ssl_ext_ms_display_cb, r);
-    ap_rputs("
    \n", r);
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
deleted file mode 100644
index 282ec56de8b..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
+++ /dev/null
@@ -1,1138 +0,0 @@
-/* $OpenBSD: ssl_engine_init.c,v 1.32 2013/07/16 13:22:55 jsing Exp $ */
-
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_init.c
-**  Initialization of Servers
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/* ====================================================================
- * Copyright (c) 1995-1999 Ben Laurie. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * 4. The name "Apache-SSL Server" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission.
- *
- * 5. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * THIS SOFTWARE IS PROVIDED BY BEN LAURIE ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BEN LAURIE OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Recursive, adj.;
-                                  see Recursive.''
-                                        -- Unknown   */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Module Initialization
-**  _________________________________________________________________
-*/
-
-/*
- *  Per-module initialization
- */
-void ssl_init_Module(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSLSrvConfigRec *sc;
-    server_rec *s2;
-    char *cp;
-    int SSLenabled = 0;
-
-    mc->nInitCount++;
-
-    /*
-     * Let us cleanup on restarts and exists
-     */
-    ap_register_cleanup(p, s, ssl_init_ModuleKill, ssl_init_ChildKill);
-
-    /*
-     * Any init round fixes the global config
-     */
-    ssl_config_global_create(); /* just to avoid problems */
-    ssl_config_global_fix();
-
-    /*
-     *  try to fix the configuration and open the dedicated SSL
-     *  logfile as early as possible
-     */
-    for (s2 = s; s2 != NULL; s2 = s2->next) {
-        sc = mySrvConfig(s2);
-
-        /* Fix up stuff that may not have been set */
-        if (sc->bEnabled == UNSET)
-            sc->bEnabled = FALSE;
-        if (sc->nVerifyClient == SSL_CVERIFY_UNSET)
-            sc->nVerifyClient = SSL_CVERIFY_NONE;
-        if (sc->nVerifyDepth == UNSET)
-            sc->nVerifyDepth = 1;
-#ifdef SSL_EXPERIMENTAL_PROXY
-        if (sc->nProxyVerifyDepth == UNSET)
-            sc->nProxyVerifyDepth = 1;
-#endif
-        if (sc->nSessionCacheTimeout == UNSET)
-            sc->nSessionCacheTimeout = SSL_SESSION_CACHE_TIMEOUT;
-        if (sc->nPassPhraseDialogType == SSL_PPTYPE_UNSET)
-            sc->nPassPhraseDialogType = SSL_PPTYPE_BUILTIN;
-
-        /* Open the dedicated SSL logfile */
-        if (!ap_server_is_chrooted())
-            ssl_log_open(s, s2, p);
-    }
-
-    /*
-     * Identification
-     */
-    if (mc->nInitCount == 1) {
-        ssl_log(s, SSL_LOG_INFO, "Server: %s, Interface: %s, Library: %s",
-                SERVER_BASEVERSION,
-                ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_INTERFACE"),
-                ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_LIBRARY"));
-    }
-
-    /*
-     * Initialization round information
-     */
-    if (mc->nInitCount == 1)
-        ssl_log(s, SSL_LOG_INFO, "Init: 1st startup round (still not detached)");
-    else if (mc->nInitCount == 2)
-        ssl_log(s, SSL_LOG_INFO, "Init: 2nd startup round (already detached)");
-    else
-        ssl_log(s, SSL_LOG_INFO, "Init: %d%s restart round (already detached)",
-                mc->nInitCount-2, (mc->nInitCount-2) == 1 ? "st" : "nd");
-
-#ifdef SSL_VENDOR
-    ap_hook_use("ap::mod_ssl::vendor::init_module",
-                AP_HOOK_SIG3(void,ptr,ptr), AP_HOOK_ALL, s, p);
-#endif
-
-    /*
-     *  The initialization phase inside the Apache API is totally bogus.
-     *  We actually have three non-trivial problems:
-     *
-     *  1. Under Unix the API does a 2-round initialization of modules while
-     *     under Win32 it doesn't. This means we have to make sure that at
-     *     least the pass phrase dialog doesn't occur twice.  We overcome this
-     *     problem by using a counter (mc->nInitCount) which has to
-     *     survive the init rounds.
-     *
-     *  2. Between the first and the second round Apache detaches from
-     *     the terminal under Unix. This means that our pass phrase dialog
-     *     _has_ to be done in the first round and _cannot_ be done in the
-     *     second round.
-     *
-     *  3. When Dynamic Shared Object (DSO) mechanism is used under Unix the
-     *     module segment (code & data) gets unloaded and re-loaded between
-     *     the first and the second round. This means no global data survives
-     *     between first and the second init round. We overcome this by using
-     *     an entry ("ssl_module") inside the ap_global_ctx.
-     *
-     *  The situation as a table:
-     *
-     *  Unix/static Unix/DSO          Win32     Action Required
-     *              (-DSHARED_MODULE) (-DWIN32)
-     *  ----------- ----------------- --------- -----------------------------------
-     *  -           load module       -         -
-     *  init        init              init      SSL library init, Pass Phrase Dialog
-     *  detach      detach            -         -
-     *  -           reload module     -         -
-     *  init        init              -         SSL library init, mod_ssl init
-     *
-     *  Ok, now try to solve this totally ugly situation...
-     */
-
-#ifdef SHARED_MODULE
-    ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
-            mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    ssl_init_Engine(s, p);
-#endif
-    ssl_init_SSLLibrary();
-#else
-    if (mc->nInitCount <= 2) {
-        ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library",
-                mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME);
-#ifdef SSL_EXPERIMENTAL_ENGINE
-        ssl_init_Engine(s, p);
-#endif
-        ssl_init_SSLLibrary();
-    }
-#endif
-    if (mc->nInitCount == 1) {
-        ssl_pphrase_Handle(s, p);
-        return;
-    }
-
-    for (s2 = s; s2 != NULL; s2 = s2->next) {
-        sc = mySrvConfig(s2);
-       /* find out if anyone's actually doing SSL */
-        if (sc->bEnabled)
-            SSLenabled = 1;
-    }
-    if (SSLenabled) /* skip expensive bits if we're not doing SSL */
-      ssl_init_TmpKeysHandle(SSL_TKP_GEN, s, p);
-
-    /*
-     * SSL external crypto device ("engine") support
-     */
-#ifdef SSL_EXPERIMENTAL_ENGINE
-    ssl_init_Engine(s, p);
-#endif
-
-    /*
-     * Warn the user that he should use the session cache.
-     * But we can operate without it, of course.
-     */
-    if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) {
-        ssl_log(s, SSL_LOG_WARN,
-                "Init: Session Cache is not configured [hint: SSLSessionCache]");
-        mc->nSessionCacheMode = SSL_SCMODE_NONE;
-    }
-
-    /*
-     *  initialize the mutex handling and session caching
-     */
-    ssl_mutex_init(s, p);
-    ssl_scache_init(s, p);
-
-    /*
-     * Seed the Pseudo Random Number Generator (PRNG)
-     */
-    ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
-
-    /*
-     *  allocate the temporary RSA keys and DH params
-     */
-    if (SSLenabled)  /* skip expensive bits if we're not doing SSL */
-	ssl_init_TmpKeysHandle(SSL_TKP_ALLOC, s, p);
-
-    /*
-     *  initialize servers
-     */
-    ssl_log(s, SSL_LOG_INFO, "Init: Initializing (virtual) servers for SSL");
-    for (s2 = s; s2 != NULL; s2 = s2->next) {
-        sc = mySrvConfig(s2);
-        /*
-         * Either now skip this server when SSL is disabled for
-         * it or give out some information about what we're
-         * configuring.
-         */
-        if (!sc->bEnabled)
-            continue;
-        ssl_log(s2, SSL_LOG_INFO,
-                "Init: Configuring server %s for SSL protocol",
-                ssl_util_vhostid(p, s2));
-
-        /*
-         * Read the server certificate and key
-         */
-        ssl_init_ConfigureServer(s2, p, sc);
-    }
-
-    /*
-     * Configuration consistency checks
-     */
-    ssl_init_CheckServers(s, p);
-
-    /*
-     *  Announce mod_ssl and SSL library in HTTP Server field
-     *  as ``mod_ssl/X.X.X OpenSSL/X.X.X''
-     */
-    if ((cp = ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_PRODUCT")) != NULL && cp[0] != NUL)
-        ap_add_version_component(cp);
-    ap_add_version_component(ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_INTERFACE"));
-    ap_add_version_component(ssl_var_lookup(p, NULL, NULL, NULL, "SSL_VERSION_LIBRARY"));
-
-    return;
-}
-
-/*
- *  Initialize SSL library (also already needed for the pass phrase dialog)
- */
-void ssl_init_SSLLibrary(void)
-{
-    SSL_load_error_strings();
-    SSL_library_init();
-    ssl_util_thread_setup();
-    X509V3_add_standard_extensions();
-    return;
-}
-
-/*
- * Support for external a Crypto Device ("engine"), usually
- * a hardware accellerator card for crypto operations.
- */
-#ifdef SSL_EXPERIMENTAL_ENGINE
-void ssl_init_Engine(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    ENGINE *e;
-
-    if (mc->szCryptoDevice != NULL) {
-        if ((e = ENGINE_by_id(mc->szCryptoDevice)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load Crypto Device API `%s'",
-                    mc->szCryptoDevice);
-            ssl_die();
-        }
-        if (strEQ(mc->szCryptoDevice, "chil")) 
-            ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
-        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
-            ssl_log(s, SSL_LOG_ERROR, "Init: Failed to enable Crypto Device API `%s'",
-                    mc->szCryptoDevice);
-            ssl_die();
-        }
-        ENGINE_free(e);
-    }
-    return;
-}
-#endif
-
-/*
- * Handle the Temporary RSA Keys and DH Params
- */
-void ssl_init_TmpKeysHandle(int action, server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    ssl_asn1_t *asn1;
-    unsigned char *ucp;
-    RSA *rsa;
-    DH *dh;
-
-    /* Generate Keys and Params */
-    if (action == SSL_TKP_GEN) {
-
-        /* seed PRNG */
-        ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
-
-        /* generate 512 bit RSA key */
-        ssl_log(s, SSL_LOG_INFO, "Init: Generating temporary RSA private keys (512/1024 bits)");
-        if ((rsa = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
-                    "Init: Failed to generate temporary 512 bit RSA private key");
-            ssl_die();
-        }
-        asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:512");
-        asn1->nData  = i2d_RSAPrivateKey(rsa, NULL);
-        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-        ucp = asn1->cpData; i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
-        RSA_free(rsa);
-
-        /* generate 1024 bit RSA key */
-        if ((rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
-                    "Init: Failed to generate temporary 1024 bit RSA private key");
-            ssl_die();
-        }
-        asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "RSA:1024");
-        asn1->nData  = i2d_RSAPrivateKey(rsa, NULL);
-        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-        ucp = asn1->cpData; i2d_RSAPrivateKey(rsa, &ucp); /* 2nd arg increments */
-        RSA_free(rsa);
-
-        ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)");
-
-        /* import 512 bit DH param */
-        if ((dh = ssl_dh_GetTmpParam(512)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR, "Init: Failed to import temporary 512 bit DH parameters");
-            ssl_die();
-        }
-        asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "DH:512");
-        asn1->nData  = i2d_DHparams(dh, NULL);
-        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-        ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */
-        DH_free(dh);
-
-        /* import 1024 bit DH param */
-        if ((dh = ssl_dh_GetTmpParam(1024)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR, "Init: Failed to import temporary 1024 bit DH parameters");
-            ssl_die();
-        }
-        asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tTmpKeys, "DH:1024");
-        asn1->nData  = i2d_DHparams(dh, NULL);
-        asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-        ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */
-        DH_free(dh);
-    }
-
-    /* Allocate Keys and Params */
-    else if (action == SSL_TKP_ALLOC) {
-
-        ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary RSA private keys (512/1024 bits)");
-
-        /* allocate 512 bit RSA key */
-        if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "RSA:512")) != NULL) {
-            ucp = asn1->cpData;
-            if ((mc->pTmpKeys[SSL_TKPIDX_RSA512] = 
-                 (void *)d2i_RSAPrivateKey(NULL, (const unsigned char **)&ucp, asn1->nData)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 512 bit RSA private key");
-                ssl_die();
-            }
-	    if (RSA_blinding_on ((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512], NULL) != 1) {
-		ssl_log(s, SSL_LOG_ERROR, "Init: Failed to add blinding for temporary 512 bit RSA private key");
-                ssl_die();
-	    }
-        }
-
-        /* allocate 1024 bit RSA key */
-        if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "RSA:1024")) != NULL) {
-            ucp = asn1->cpData;
-            if ((mc->pTmpKeys[SSL_TKPIDX_RSA1024] = 
-                 (void *)d2i_RSAPrivateKey(NULL, (const unsigned char **)&ucp, asn1->nData)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 1024 bit RSA private key");
-                ssl_die();
-            }
-	    if (RSA_blinding_on ((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024], NULL) != 1) {
-		ssl_log(s, SSL_LOG_ERROR, "Init: Failed to add blinding for temporary 1024 bit RSA private key");
-                ssl_die();
-	    }
-        }
-
-        ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)");
-
-        /* allocate 512 bit DH param */
-        if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "DH:512")) != NULL) {
-            ucp = asn1->cpData;
-            if ((mc->pTmpKeys[SSL_TKPIDX_DH512] = 
-                 (void *)d2i_DHparams(NULL, (const unsigned char **)&ucp, asn1->nData)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 512 bit DH parameters");
-                ssl_die();
-            }
-        }
-
-        /* allocate 1024 bit DH param */
-        if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tTmpKeys, "DH:1024")) != NULL) {
-            ucp = asn1->cpData;
-            if ((mc->pTmpKeys[SSL_TKPIDX_DH1024] = 
-                 (void *)d2i_DHparams(NULL, (const unsigned char **)&ucp, asn1->nData)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 1024 bit DH parameters");
-                ssl_die();
-            }
-        }
-    }
-
-    /* Free Keys and Params */
-    else if (action == SSL_TKP_FREE) {
-        if (mc->pTmpKeys[SSL_TKPIDX_RSA512] != NULL) {
-            RSA_free((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512]);
-            mc->pTmpKeys[SSL_TKPIDX_RSA512] = NULL;
-        }
-        if (mc->pTmpKeys[SSL_TKPIDX_RSA1024] != NULL) {
-            RSA_free((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024]);
-            mc->pTmpKeys[SSL_TKPIDX_RSA1024] = NULL;
-        }
-        if (mc->pTmpKeys[SSL_TKPIDX_DH512] != NULL) {
-            DH_free((DH *)mc->pTmpKeys[SSL_TKPIDX_DH512]);
-            mc->pTmpKeys[SSL_TKPIDX_DH512] = NULL;
-        }
-        if (mc->pTmpKeys[SSL_TKPIDX_DH1024] != NULL) {
-            DH_free((DH *)mc->pTmpKeys[SSL_TKPIDX_DH1024]);
-            mc->pTmpKeys[SSL_TKPIDX_DH1024] = NULL;
-        }
-    }
-    return;
-}
-
-/*
- * Configure a particular server
- */
-void ssl_init_ConfigureServer(server_rec *s, pool *p, SSLSrvConfigRec *sc)
-{
-    SSLModConfigRec *mc = myModConfig();
-    int nVerify;
-    char *cpVHostID;
-    EVP_PKEY *pKey;
-    SSL_CTX *ctx;
-    EC_KEY *ecdhKey;
-    STACK_OF(X509_NAME) *skCAList;
-    ssl_asn1_t *asn1;
-    unsigned char *ucp;
-    char *cp;
-    BOOL ok;
-    BOOL bSkipFirst;
-    int isca, pathlen;
-    int i, n;
-
-    /*
-     * Create the server host:port string because we need it a lot
-     */
-    cpVHostID = ssl_util_vhostid(p, s);
-
-    /*
-     * Now check for important parameters and the
-     * possibility that the user forgot to set them.
-     */
-    if (sc->szPublicCertFile[0] == NULL) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) No SSL Certificate set [hint: SSLCertificateFile]",
-                cpVHostID);
-        ssl_die();
-    }
-
-    /*
-     *  Check for problematic re-initializations
-     */
-    if (sc->pPublicCert[SSL_AIDX_RSA] != NULL ||
-        sc->pPublicCert[SSL_AIDX_DSA] != NULL   ) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) Illegal attempt to re-initialise SSL for server "
-                "(theoretically shouldn't happen!)", cpVHostID);
-        ssl_die();
-    }
-
-    /*
-     *  Create the new per-server SSL context
-     */
-    if (sc->nProtocol == SSL_PROTOCOL_NONE) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) No SSL protocols available [hint: SSLProtocol]",
-                cpVHostID);
-        ssl_die();
-    }
-    cp = ap_pstrcat(p, (sc->nProtocol & SSL_PROTOCOL_SSLV2 ? "SSLv2, " : ""),
-                       (sc->nProtocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""),
-                       (sc->nProtocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""), NULL);
-    cp[strlen(cp)-2] = NUL;
-    ssl_log(s, SSL_LOG_TRACE,
-            "Init: (%s) Creating new SSL context (protocols: %s)", cpVHostID, cp);
-    ctx = SSL_CTX_new(SSLv23_server_method());
-    SSL_CTX_set_options(ctx, SSL_OP_ALL);
-    if (!(sc->nProtocol & SSL_PROTOCOL_SSLV2))
-        SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
-    if (!(sc->nProtocol & SSL_PROTOCOL_SSLV3))
-        SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
-    if (!(sc->nProtocol & SSL_PROTOCOL_TLSV1))
-        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);
-    if (sc->bCompression == FALSE)
-        SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
-    if (sc->bHonorCipherOrder == TRUE)
-    	SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
-    SSL_CTX_set_app_data(ctx, s);
-    sc->pSSLCtx = ctx;
-
-    /*
-     * Configure additional context ingredients
-     */
-    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
-    if (mc->nSessionCacheMode == SSL_SCMODE_NONE)
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
-    else
-        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
-
-    /*
-     * Disallow a session from being resumed during a renegotiation,
-     * so that an acceptable cipher suite can be negotiated.
-     */
-    SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
-
-    /*
-     *  Configure callbacks for SSL context
-     */
-    nVerify = SSL_VERIFY_NONE;
-    if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE)
-        nVerify |= SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-    if (   (sc->nVerifyClient == SSL_CVERIFY_OPTIONAL)
-        || (sc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) )
-        nVerify |= SSL_VERIFY_PEER;
-    SSL_CTX_set_verify(ctx, nVerify,  ssl_callback_SSLVerify);
-    SSL_CTX_sess_set_new_cb(ctx,      ssl_callback_NewSessionCacheEntry);
-    SSL_CTX_sess_set_get_cb(ctx,      ssl_callback_GetSessionCacheEntry);
-    SSL_CTX_sess_set_remove_cb(ctx,   ssl_callback_DelSessionCacheEntry);
-    SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
-    SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);
-    SSL_CTX_set_info_callback(ctx,    ssl_callback_LogTracingState);
-
-    /*
-     *  Configure SSL Cipher Suite
-     */
-    if (sc->szCipherSuite != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring permitted SSL ciphers [%s]", 
-                cpVHostID, sc->szCipherSuite);
-        if (!SSL_CTX_set_cipher_list(ctx, sc->szCipherSuite)) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure permitted SSL ciphers",
-                    cpVHostID);
-            ssl_die();
-        }
-    }
-
-    /*
-     *  Configure ECDH Curve
-     */
-    if (sc->nECDHCurve > 0) {
-        ecdhKey = EC_KEY_new_by_curve_name(sc->nECDHCurve);
-        if (ecdhKey == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Failed to create new EC key using named curve",
-                    cpVHostID);
-            ssl_die();
-        }
-        SSL_CTX_set_tmp_ecdh(ctx, ecdhKey);
-        SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
-        EC_KEY_free(ecdhKey);
-    }
-
-    /*
-     * Configure Client Authentication details
-     */
-    if (sc->szCACertificateFile != NULL || sc->szCACertificatePath != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring client authentication", cpVHostID);
-        if (!SSL_CTX_load_verify_locations(ctx,
-                                           sc->szCACertificateFile,
-                                           sc->szCACertificatePath)) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure verify locations "
-                    "for client authentication", cpVHostID);
-            ssl_die();
-        }
-        if ((skCAList = ssl_init_FindCAList(s, p, sc->szCACertificateFile,
-                                            sc->szCACertificatePath)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR,
-                    "Init: (%s) Unable to determine list of available "
-                    "CA certificates for client authentication", cpVHostID);
-            ssl_die();
-        }
-        SSL_CTX_set_client_CA_list(sc->pSSLCtx, skCAList);
-    }
-
-    /*
-     * Configure Certificate Revocation List (CRL) Details
-     */
-    if (sc->szCARevocationFile != NULL || sc->szCARevocationPath != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring certificate revocation facility", cpVHostID);
-        if ((sc->pRevocationStore =
-                SSL_X509_STORE_create(sc->szCARevocationFile,
-                                      sc->szCARevocationPath)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure X.509 CRL storage "
-                    "for certificate revocation", cpVHostID);
-            ssl_die();
-        }
-    }
-
-    /*
-     * Give a warning when no CAs were configured but client authentication
-     * should take place. This cannot work.
-     */
-    if (sc->nVerifyClient == SSL_CVERIFY_REQUIRE) {
-        skCAList = SSL_CTX_get_client_CA_list(ctx);
-        if (sk_X509_NAME_num(skCAList) == 0)
-            ssl_log(s, SSL_LOG_WARN,
-                    "Init: Ops, you want to request client authentication, "
-                    "but no CAs are known for verification!? "
-                    "[Hint: SSLCACertificate*]");
-    }
-
-    /*
-     *  Configure server certificate(s)
-     */
-    ok = FALSE;
-    cp = ap_psprintf(p, "%s:RSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPublicCert, cp)) != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring RSA server certificate", cpVHostID);
-        ucp = asn1->cpData;
-        if ((sc->pPublicCert[SSL_AIDX_RSA] = d2i_X509(NULL, &ucp, asn1->nData)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to import RSA server certificate",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (SSL_CTX_use_certificate(ctx, sc->pPublicCert[SSL_AIDX_RSA]) <= 0) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure RSA server certificate",
-                    cpVHostID);
-            ssl_die();
-        }
-        ok = TRUE;
-    }
-    cp = ap_psprintf(p, "%s:DSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPublicCert, cp)) != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring DSA server certificate", cpVHostID);
-        ucp = asn1->cpData;
-        if ((sc->pPublicCert[SSL_AIDX_DSA] = d2i_X509(NULL, &ucp, asn1->nData)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to import DSA server certificate",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (SSL_CTX_use_certificate(ctx, sc->pPublicCert[SSL_AIDX_DSA]) <= 0) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure DSA server certificate",
-                    cpVHostID);
-            ssl_die();
-        }
-        ok = TRUE;
-    }
-    if (!ok) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) Ops, no RSA or DSA server certificate found?!", cpVHostID);
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) You have to perform a *full* server restart when you added or removed a certificate and/or key file", cpVHostID);
-        ssl_die();
-    }
-
-    /*
-     * Some information about the certificate(s)
-     */
-    for (i = 0; i < SSL_AIDX_MAX; i++) {
-        if (sc->pPublicCert[i] != NULL) {
-            if (SSL_X509_isSGC(sc->pPublicCert[i])) {
-                ssl_log(s, SSL_LOG_INFO,
-                        "Init: (%s) %s server certificate enables "
-                        "Server Gated Cryptography (SGC)", 
-                        cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"));
-            }
-            if (SSL_X509_getBC(sc->pPublicCert[i], &isca, &pathlen)) {
-                if (isca)
-                    ssl_log(s, SSL_LOG_WARN,
-                        "Init: (%s) %s server certificate is a CA certificate "
-                        "(BasicConstraints: CA == TRUE !?)",
-                        cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"));
-                if (pathlen > 0)
-                    ssl_log(s, SSL_LOG_WARN,
-                        "Init: (%s) %s server certificate is not a leaf certificate "
-                        "(BasicConstraints: pathlen == %d > 0 !?)",
-                        cpVHostID, (i == SSL_AIDX_RSA ? "RSA" : "DSA"), pathlen);
-            }
-            if (SSL_X509_getCN(p, sc->pPublicCert[i], &cp)) {
-                if (ap_is_fnmatch(cp) &&
-                    ap_fnmatch(cp, s->server_hostname, 
-                               FNM_PERIOD|FNM_CASE_BLIND) == FNM_NOMATCH) {
-                    ssl_log(s, SSL_LOG_WARN,
-                        "Init: (%s) %s server certificate wildcard CommonName (CN) `%s' "
-                        "does NOT match server name!?", cpVHostID, 
-                        (i == SSL_AIDX_RSA ? "RSA" : "DSA"), cp);
-                }
-                else if (strNE(s->server_hostname, cp)) {
-                    ssl_log(s, SSL_LOG_WARN,
-                        "Init: (%s) %s server certificate CommonName (CN) `%s' "
-                        "does NOT match server name!?", cpVHostID, 
-                        (i == SSL_AIDX_RSA ? "RSA" : "DSA"), cp);
-                }
-            }
-        }
-    }
-
-    /*
-     *  Configure server private key(s)
-     */
-    ok = FALSE;
-    cp = ap_psprintf(p, "%s:RSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring RSA server private key", cpVHostID);
-        ucp = asn1->cpData;
-        if ((sc->pPrivateKey[SSL_AIDX_RSA] = 
-             d2i_PrivateKey(EVP_PKEY_RSA, NULL, &ucp, asn1->nData)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to import RSA server private key",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (!RSA_blinding_on(sc->pPrivateKey[SSL_AIDX_RSA]->pkey.rsa, NULL)) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to enable RSA blinding (probably PRNG failure)",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_RSA]) <= 0) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure RSA server private key",
-                    cpVHostID);
-            ssl_die();
-        }
-        ok = TRUE;
-    }
-    cp = ap_psprintf(p, "%s:DSA", cpVHostID);
-    if ((asn1 = (ssl_asn1_t *)ssl_ds_table_get(mc->tPrivateKey, cp)) != NULL) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Init: (%s) Configuring DSA server private key", cpVHostID);
-        ucp = asn1->cpData;
-        if ((sc->pPrivateKey[SSL_AIDX_DSA] = 
-             d2i_PrivateKey(EVP_PKEY_DSA, NULL, &ucp, asn1->nData)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to import DSA server private key",
-                    cpVHostID);
-            ssl_die();
-        }
-        if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_DSA]) <= 0) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Init: (%s) Unable to configure DSA server private key",
-                    cpVHostID);
-            ssl_die();
-        }
-        ok = TRUE;
-    }
-    if (!ok) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Init: (%s) Ops, no RSA or DSA server private key found?!", cpVHostID);
-        ssl_die();
-    }
-
-    /*
-     * Optionally copy DSA parameters for certificate from private key
-     * (see http://www.psy.uq.edu.au/~ftp/Crypto/ssleay/TODO.html)
-     */
-    if (   sc->pPublicCert[SSL_AIDX_DSA] != NULL
-        && sc->pPrivateKey[SSL_AIDX_DSA] != NULL) {
-        pKey = X509_get_pubkey(sc->pPublicCert[SSL_AIDX_DSA]);
-        if (   pKey != NULL
-            && EVP_PKEY_type(pKey->type) == EVP_PKEY_DSA 
-            && EVP_PKEY_missing_parameters(pKey))
-            EVP_PKEY_copy_parameters(pKey, sc->pPrivateKey[SSL_AIDX_DSA]);
-    }
-
-    /* 
-     * Optionally configure extra server certificate chain certificates.
-     * This is usually done by OpenSSL automatically when one of the
-     * server cert issuers are found under SSLCACertificatePath or in
-     * SSLCACertificateFile. But because these are intended for client
-     * authentication it can conflict. For instance when you use a
-     * Global ID server certificate you've to send out the intermediate
-     * CA certificate, too. When you would just configure this with
-     * SSLCACertificateFile and also use client authentication mod_ssl
-     * would accept all clients also issued by this CA. Obviously this
-     * isn't what we want in this situation. So this feature here exists
-     * to allow one to explicity configure CA certificates which are
-     * used only for the server certificate chain.
-     */
-    if (sc->szCertificateChain != NULL) {
-        bSkipFirst = FALSE;
-        for (i = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++) {
-            if (strEQ(sc->szPublicCertFile[i], sc->szCertificateChain)) {
-                bSkipFirst = TRUE;
-                break;
-            }
-        }
-        if ((n = SSL_CTX_use_certificate_chain(ctx, sc->szCertificateChain, 
-                                               bSkipFirst, NULL)) < 0) {
-            ssl_log(s, SSL_LOG_ERROR,
-                    "Init: (%s) Failed to configure CA certificate chain!", cpVHostID);
-            ssl_die();
-        }
-        ssl_log(s, SSL_LOG_TRACE, "Init: (%s) Configuring "
-                "server certificate chain (%d CA certificate%s)", cpVHostID,
-                n, n == 1 ? "" : "s");
-    }
-
-#ifdef SSL_VENDOR
-    ap_hook_use("ap::mod_ssl::vendor::configure_server",
-                AP_HOOK_SIG4(void,ptr,ptr,ptr), AP_HOOK_ALL, 
-                s, p, sc);
-#endif
-
-    return;
-}
-
-void ssl_init_CheckServers(server_rec *sm, pool *p)
-{
-    server_rec *s;
-    server_rec **ps;
-    SSLSrvConfigRec *sc;
-    ssl_ds_table *t;
-    pool *sp;
-    char *key;
-    BOOL bConflict;
-
-    /*
-     * Give out warnings when a server has HTTPS configured 
-     * for the HTTP port or vice versa
-     */
-    for (s = sm; s != NULL; s = s->next) {
-        sc = mySrvConfig(s);
-        if (sc->bEnabled && s->port == DEFAULT_HTTP_PORT)
-            ssl_log(sm, SSL_LOG_WARN,
-                    "Init: (%s) You configured HTTPS(%d) on the standard HTTP(%d) port!",
-                    ssl_util_vhostid(p, s), DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
-        if (!sc->bEnabled && s->port == DEFAULT_HTTPS_PORT)
-            ssl_log(sm, SSL_LOG_WARN,
-                    "Init: (%s) You configured HTTP(%d) on the standard HTTPS(%d) port!",
-                    ssl_util_vhostid(p, s), DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT);
-    }
-
-    /*
-     * Give out warnings if more than one SSL-aware virtual server uses the
-     * same IP:port. This doesn't work because mod_ssl then will always use
-     * just the certificate/keys of one virtual host (which one cannot be said
-     * easily - but that doesn't matter here).
-     */
-    sp = ap_make_sub_pool(p);
-    t = ssl_ds_table_make(sp, sizeof(server_rec *));
-    bConflict = FALSE;
-    for (s = sm; s != NULL; s = s->next) {
-        sc = mySrvConfig(s);
-        if (!sc->bEnabled)
-            continue;
-        if (s->addrs == NULL)
-            continue;
-        key = ap_psprintf(sp, "%pA:%u", &s->addrs->host_addr, s->addrs->host_port);
-        ps = ssl_ds_table_get(t, key);
-        if (ps != NULL) {
-            ssl_log(sm, SSL_LOG_WARN,
-                    "Init: SSL server IP/port conflict: %s (%s:%d) vs. %s (%s:%d)",
-                    ssl_util_vhostid(p, s), 
-                    (s->defn_name != NULL ? s->defn_name : "unknown"),
-                    s->defn_line_number,
-                    ssl_util_vhostid(p, *ps),
-                    ((*ps)->defn_name != NULL ? (*ps)->defn_name : "unknown"), 
-                    (*ps)->defn_line_number);
-            bConflict = TRUE;
-            continue;
-        }
-        ps = ssl_ds_table_push(t, key);
-        *ps = s;
-    }
-    ssl_ds_table_kill(t);
-    ap_destroy_pool(sp);
-    if (bConflict)
-        ssl_log(sm, SSL_LOG_WARN,
-                "Init: You should not use name-based virtual hosts in conjunction with SSL!!");
-
-    return;
-}
-
-static int ssl_init_FindCAList_X509NameCmp(X509_NAME **a, X509_NAME **b)
-{
-    return(X509_NAME_cmp(*a, *b));
-}
-
-STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, pool *pp, char *cpCAfile, char *cpCApath)
-{
-    STACK_OF(X509_NAME) *skCAList;
-    STACK_OF(X509_NAME) *sk;
-    DIR *dir;
-    struct DIR_TYPE *direntry;
-    char *cp;
-    pool *p;
-    int n;
-    char buf[256];
-
-    /*
-     * Use a subpool so we don't bloat up the server pool which
-     * is remains in memory for the complete operation time of
-     * the server.
-     */
-    p = ap_make_sub_pool(pp);
-
-    /*
-     * Start with a empty stack/list where new
-     * entries get added in sorted order.
-     */
-    skCAList = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);
-
-    /*
-     * Process CA certificate bundle file
-     */
-    if (cpCAfile != NULL) {
-        sk = SSL_load_client_CA_file(cpCAfile);
-        for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
-            X509_NAME *name = sk_X509_NAME_value(sk, n);
-            ssl_log(s, SSL_LOG_TRACE,
-                    "CA certificate: %s",
-                    X509_NAME_oneline(name, buf, sizeof(buf)));
-            if (sk_X509_NAME_find(skCAList, name) < 0)
-                sk_X509_NAME_push(skCAList, name); /* will be freed when skCAList is */
-            else
-                X509_NAME_free(name);
-        }
-        sk_X509_NAME_free(sk);
-    }
-
-    /*
-     * Process CA certificate path files
-     */
-    if (cpCApath != NULL) {
-        dir = ap_popendir(p, cpCApath);
-        while ((direntry = readdir(dir)) != NULL) {
-            cp = ap_pstrcat(p, cpCApath, "/", direntry->d_name, NULL);
-            sk = SSL_load_client_CA_file(cp);
-            for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
-                X509_NAME *name = sk_X509_NAME_value(sk, n);
-                ssl_log(s, SSL_LOG_TRACE,
-                        "CA certificate: %s",
-                        X509_NAME_oneline(name, buf, sizeof(buf)));
-                if (sk_X509_NAME_find(skCAList, name) < 0)
-                    sk_X509_NAME_push(skCAList, name);
-                else
-                    X509_NAME_free(name);
-            }
-            sk_X509_NAME_free(sk);
-        }
-        ap_pclosedir(p, dir);
-    }
-
-    /*
-     * Cleanup
-     */
-    sk_X509_NAME_set_cmp_func(skCAList, NULL);
-    ap_destroy_pool(p);
-
-    return skCAList;
-}
-
-void ssl_init_Child(server_rec *s, pool *p)
-{
-     /* open the mutex lockfile */
-     ssl_mutex_reinit(s, p);
-     return;
-}
-
-void ssl_init_ChildKill(void *data)
-{
-    /* currently nothing to do */
-    return;
-}
-
-void ssl_init_ModuleKill(void *data)
-{
-    SSLSrvConfigRec *sc;
-    server_rec *s = (server_rec *)data;
-
-    /*
-     * Drop the session cache and mutex
-     */
-    ssl_scache_kill(s);
-    ssl_mutex_kill(s);
-
-    /* 
-     * Destroy the temporary keys and params
-     */
-    ssl_init_TmpKeysHandle(SSL_TKP_FREE, s, NULL);
-
-    /*
-     * Free the non-pool allocated structures
-     * in the per-server configurations
-     */
-    for (; s != NULL; s = s->next) {
-        sc = mySrvConfig(s);
-        if (sc->pRevocationStore != NULL) {
-            X509_STORE_free(sc->pRevocationStore);
-            sc->pRevocationStore = NULL;
-        }
-        if (sc->pPublicCert[SSL_AIDX_RSA] != NULL) {
-            X509_free(sc->pPublicCert[SSL_AIDX_RSA]);
-            sc->pPublicCert[SSL_AIDX_RSA] = NULL;
-        }
-        if (sc->pPublicCert[SSL_AIDX_DSA] != NULL) {
-            X509_free(sc->pPublicCert[SSL_AIDX_DSA]);
-            sc->pPublicCert[SSL_AIDX_DSA] = NULL;
-        }
-        if (sc->pPrivateKey[SSL_AIDX_RSA] != NULL) {
-            EVP_PKEY_free(sc->pPrivateKey[SSL_AIDX_RSA]);
-            sc->pPrivateKey[SSL_AIDX_RSA] = NULL;
-        }
-        if (sc->pPrivateKey[SSL_AIDX_DSA] != NULL) {
-            EVP_PKEY_free(sc->pPrivateKey[SSL_AIDX_DSA]);
-            sc->pPrivateKey[SSL_AIDX_DSA] = NULL;
-        }
-        if (sc->pSSLCtx != NULL) {
-            SSL_CTX_free(sc->pSSLCtx);
-            sc->pSSLCtx = NULL;
-        }
-    }
-
-    /*
-     * Try to kill the internals of the SSL library.
-     */
-#ifdef SHARED_MODULE
-    ERR_free_strings();
-    ERR_remove_state(0);
-    EVP_cleanup();
-#endif
-
-    ssl_util_thread_cleanup();
-
-    return;
-}
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c
deleted file mode 100644
index 3d6fcc467ab..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_io.c
+++ /dev/null
@@ -1,545 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_io.c
-**  I/O Functions
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``MY HACK: This universe.
-                                  Just one little problem:
-                                  core keeps dumping.''
-                                            -- Unknown    */
-#include "mod_ssl.h"
-
-/*  _________________________________________________________________
-**
-**  I/O Request Body Sucking and Re-Injection
-**  _________________________________________________________________
-*/
-
-#ifndef SSL_CONSERVATIVE
-
-/*
- * Background:
- *
- * 1. When the client sends a HTTP/HTTPS request, Apache's core code
- * reads only the request line ("METHOD /path HTTP/x.y") and the
- * attached MIME headers ("Foo: bar") up to the terminating line ("CR
- * LF"). An attached request body (for instance the data of a POST
- * method) is _NOT_ read. Instead it is read by mod_cgi's content
- * handler and directly passed to the CGI script.
- *
- * 2. mod_ssl supports per-directory re-configuration of SSL parameters.
- * This is implemented by performing an SSL renegotiation of the
- * re-configured parameters after the request is read, but before the
- * response is sent. In more detail: the renegotiation happens after the
- * request line and MIME headers were read, but _before_ the attached
- * request body is read. The reason simply is that in the HTTP protocol
- * usually there is no acknowledgment step between the headers and the
- * body (there is the 100-continue feature and the chunking facility
- * only), so Apache has no API hook for this step.
- *
- * 3. the problem now occurs when the client sends a POST request for
- * URL /foo via HTTPS the server and the server has SSL parameters
- * re-configured on a per-URL basis for /foo. Then mod_ssl has to
- * perform an SSL renegotiation after the request was read and before
- * the response is sent. But the problem is the pending POST body data
- * in the receive buffer of SSL (which Apache still has not read - it's
- * pending until mod_cgi sucks it in). When mod_ssl now tries to perform
- * the renegotiation the pending data leads to an I/O error.
- *
- * Solution Idea:
- *
- * There are only two solutions: Either to simply state that POST
- * requests to URLs with SSL re-configurations are not allowed, or to
- * renegotiate really after the _complete_ request (i.e. including
- * the POST body) was read. Obviously the latter would be preferred,
- * but it cannot be done easily inside Apache, because as already
- * mentioned, there is no API step between the body reading and the body
- * processing. And even when we mod_ssl would hook directly into the
- * loop of mod_cgi, we wouldn't solve the problem for other handlers, of
- * course. So the only general solution is to suck in the pending data
- * of the request body from the OpenSSL BIO into the Apache BUFF. Then
- * the renegotiation can be done and after this step Apache can proceed
- * processing the request as before.
- *
- * Solution Implementation:
- *
- * We cannot simply suck in the data via an SSL_read-based loop because of
- * HTTP chunking. Instead we _have_ to use the Apache API for this step which
- * is aware of HTTP chunking. So the trick is to suck in the pending request
- * data via the Apache API (which uses Apache's BUFF code and in the
- * background mod_ssl's I/O glue code) and re-inject it later into the Apache
- * BUFF code again. This way the data flows twice through the Apache BUFF, of
- * course. But this way the solution doesn't depend on any Apache specifics
- * and is fully transparent to Apache modules.
- */
-
-struct ssl_io_suck_st {
-    BOOL  active;
-    char *bufptr;
-    int   buflen;
-    char *pendptr;
-    int   pendlen;
-};
-
-/* prepare request_rec structure for input sucking */
-static void ssl_io_suck_start(request_rec *r)
-{
-    struct ssl_io_suck_st *ss;
-
-    ss = ap_ctx_get(r->ctx, "ssl::io::suck");
-    if (ss == NULL) {
-        ss = ap_palloc(r->pool, sizeof(struct ssl_io_suck_st));
-        ap_ctx_set(r->ctx, "ssl::io::suck", ss);
-        ss->buflen  = 8192;
-        ss->bufptr  = ap_palloc(r->pool, ss->buflen);
-    }
-    ss->pendptr = ss->bufptr;
-    ss->pendlen = 0;
-    ss->active = FALSE;
-    return;
-}
-
-/* record a sucked input chunk */
-static void ssl_io_suck_record(request_rec *r, char *buf, int len)
-{
-    struct ssl_io_suck_st *ss;
-    
-    if ((ss = ap_ctx_get(r->ctx, "ssl::io::suck")) == NULL)
-        return;
-    if (((ss->bufptr + ss->buflen) - (ss->pendptr + ss->pendlen)) < len) {
-        /* "expand" buffer: actually we cannot really expand the buffer
-           here, because Apache's pool system doesn't support expanding chunks
-           of memory. Instead we have to either reuse processed data or
-           allocate a new chunk of memory in advance if we really need more
-           memory. */
-        int newlen;
-        char *newptr;
-
-        if ((  (ss->pendptr - ss->bufptr) 
-             + ((ss->bufptr + ss->buflen) - (ss->pendptr + ss->pendlen)) ) >= len) {
-            /* make memory available by reusing already processed data */
-            memmove(ss->bufptr, ss->pendptr, ss->pendlen);
-            ss->pendptr = ss->bufptr;
-        }
-        else {
-            /* too bad, we have to allocate a new larger buffer */
-            newlen = (ss->buflen * 2) + len;
-            newptr = ap_palloc(r->pool, newlen);
-            ss->bufptr  = newptr;
-            ss->buflen  = newlen;
-            memcpy(ss->bufptr, ss->pendptr, ss->pendlen);
-            ss->pendptr = ss->bufptr;
-        }
-    }
-    memcpy(ss->pendptr+ss->pendlen, buf, len);
-    ss->pendlen += len;
-    return;
-}
-
-/* finish request_rec after input sucking */
-static void ssl_io_suck_end(request_rec *r)
-{
-    struct ssl_io_suck_st *ss;
-    
-    if ((ss = ap_ctx_get(r->ctx, "ssl::io::suck")) == NULL)
-        return;
-    ss->active = TRUE;
-    r->read_body    = REQUEST_NO_BODY;
-    r->read_length  = 0;
-    r->read_chunked = 0;
-    r->remaining    = 0;
-    ap_bsetflag(r->connection->client, B_CHUNK, 0);
-    return;
-}
-
-void ssl_io_suck(request_rec *r, SSL *ssl)
-{
-    int rc;
-    int len;
-    char *buf;
-    int buflen;
-    char c;
-    int sucked;
-
-    if ((rc = ap_setup_client_block(r, REQUEST_CHUNKED_DECHUNK)) == OK) {
-        if (ap_should_client_block(r)) {
-
-            /* read client request block through Apache API */
-            buflen = HUGE_STRING_LEN;
-            buf = ap_palloc(r->pool, buflen);
-            ap_hard_timeout("SSL I/O request body pre-sucking", r);
-            sucked = 0;
-            ssl_io_suck_start(r);
-            while ((len = ap_get_client_block(r, buf, buflen)) > 0) {
-                ssl_io_suck_record(r, buf, len);
-                sucked += len;
-            }
-            ssl_io_suck_end(r);
-            ap_kill_timeout(r);
-
-            /* suck trailing data (usually CR LF) which 
-               is still in the Apache BUFF layer */
-            ap_hard_timeout("SSL I/O request trailing data pre-sucking", r);
-            while (ap_bpeekc(r->connection->client) != EOF) {
-                c = ap_bgetc(r->connection->client);
-                ssl_io_suck_record(r, &c, 1);
-                sucked++;
-            }
-            ap_kill_timeout(r);
-
-            ssl_log(r->server, SSL_LOG_TRACE, 
-                    "I/O: sucked %d bytes of input data from SSL/TLS I/O layer "
-                    "for delayed injection into Apache I/O layer", sucked);
-        }
-    }
-    return;
-}
-    
-/* the SSL_read replacement routine which knows about the suck buffer */
-static int ssl_io_suck_read(SSL *ssl, char *buf, int len)
-{
-    ap_ctx *actx;
-    struct ssl_io_suck_st *ss;
-    request_rec *r = NULL;
-    int rv;
-
-    actx = (ap_ctx *)SSL_get_app_data2(ssl);
-    if (actx != NULL)
-        r = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
-
-    rv = -1;
-    if (r != NULL) {
-        ss = ap_ctx_get(r->ctx, "ssl::io::suck");
-        if (ss != NULL) {
-            if (ss->active && ss->pendlen > 0) {
-                /* ok, there is pre-sucked data */
-                len = (ss->pendlen > len ? len : ss->pendlen);
-                memcpy(buf, ss->pendptr, len);
-                ss->pendptr += len;
-                ss->pendlen -= len;
-                ssl_log(r->server, SSL_LOG_TRACE, 
-                        "I/O: injecting %d bytes of pre-sucked data "
-                        "into Apache I/O layer", len);
-                rv = len;
-            }
-        }
-    }
-    if (rv == -1)
-        rv = SSL_read(ssl, buf, len);
-    return rv;
-}
-
-/* override SSL_read in the following code... */
-#define SSL_read ssl_io_suck_read
-
-#endif /* !SSL_CONSERVATIVE */
-
-/*  _________________________________________________________________
-**
-**  I/O Hooks
-**  _________________________________________________________________
-*/
-
-#include 
-#include 
-
-static int ssl_io_hook_read(BUFF *fb, char *buf, int len);
-static int ssl_io_hook_write(BUFF *fb, char *buf, int len);
-static int ssl_io_hook_writev(BUFF *fb, const struct iovec *iov, int iovcnt);
-
-void ssl_io_register(void)
-{
-    ap_hook_register("ap::buff::read",   ssl_io_hook_read,  AP_HOOK_NOCTX);
-    ap_hook_register("ap::buff::write",  ssl_io_hook_write, AP_HOOK_NOCTX);
-    ap_hook_register("ap::buff::writev", ssl_io_hook_writev, AP_HOOK_NOCTX);
-    return;
-}
-
-void ssl_io_unregister(void)
-{
-    ap_hook_unregister("ap::buff::read",   ssl_io_hook_read);
-    ap_hook_unregister("ap::buff::write",  ssl_io_hook_write);
-    ap_hook_unregister("ap::buff::writev", ssl_io_hook_writev);
-    return;
-}
-
-static int ssl_io_hook_read(BUFF *fb, char *buf, int len)
-{
-    SSL *ssl;
-    conn_rec *c;
-    int rc;
-
-    if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
-        rc = SSL_read(ssl, buf, len);
-        /*
-         * Simulate an EINTR in case OpenSSL wants to read more.
-         * (This is usually the case when the client forces an SSL
-         * renegotiation which is handled implicitly by OpenSSL.)
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)
-            errno = EINTR;
-        /*
-         * Log SSL errors
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_SSL) {
-            c = (conn_rec *)SSL_get_app_data(ssl);
-            ssl_log(c->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "SSL error on reading data");
-        }
-        /*
-         * read(2) returns only the generic error number -1
-         */
-        if (rc < 0)
-            rc = -1;
-    }
-    else
-        rc = read(fb->fd_in, buf, len);
-    return rc;
-}
-
-static int ssl_io_hook_write(BUFF *fb, char *buf, int len)
-{
-    SSL *ssl;
-    conn_rec *c;
-    int rc;
-
-    if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
-        rc = SSL_write(ssl, buf, len);
-        /*
-         * Simulate an EINTR in case OpenSSL wants to write more.
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE)
-            errno = EINTR;
-        /*
-         * Log SSL errors
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_SSL) {
-            c = (conn_rec *)SSL_get_app_data(ssl);
-            ssl_log(c->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "SSL error on writing data");
-        }
-        /*
-         * write(2) returns only the generic error number -1
-         */
-        if (rc < 0)
-            rc = -1;
-    }
-    else
-        rc = write(fb->fd, buf, len);
-    return rc;
-}
-
-/* the prototype for our own SSL_writev() */
-static int SSL_writev(SSL *, const struct iovec *, int);
-
-static int ssl_io_hook_writev(BUFF *fb, const struct iovec *iov, int iovcnt)
-{
-    SSL *ssl;
-    conn_rec *c;
-    int rc;
-
-    if ((ssl = ap_ctx_get(fb->ctx, "ssl")) != NULL) {
-        rc = SSL_writev(ssl, iov, iovcnt);
-        /*
-         * Simulate an EINTR in case OpenSSL wants to write more.
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE)
-            errno = EINTR;
-        /*
-         * Log SSL errors
-         */
-        if (rc < 0 && SSL_get_error(ssl, rc) == SSL_ERROR_SSL) {
-            c = (conn_rec *)SSL_get_app_data(ssl);
-            ssl_log(c->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "SSL error on writing data");
-        }
-        /*
-         * writev(2) returns only the generic error number -1
-         */
-        if (rc < 0)
-            rc = -1;
-    }
-    else
-        rc = writev(fb->fd, iov, iovcnt);
-    return rc;
-}
-
-
-/*  _________________________________________________________________
-**
-**  Special Functions for OpenSSL
-**  _________________________________________________________________
-*/
-
-
-/*
- * There is no SSL_writev() provided by OpenSSL. The reason is mainly because
- * OpenSSL has to fragment the data itself again for the SSL record layer, so a
- * writev() like interface makes not much sense.  What we do is to emulate it
- * to at least being able to use the write() like interface. But keep in mind
- * that the network I/O performance is not write() like, of course.
- */
-static int SSL_writev(SSL *ssl, const struct iovec *iov, int iovcnt)
-{
-    int i;
-    int n;
-    int rc;
-
-    rc = 0;
-    for (i = 0; i < iovcnt; i++) {
-        if ((n = SSL_write(ssl, iov[i].iov_base, iov[i].iov_len)) == -1) {
-            rc = -1;
-            break;
-        }
-        rc += n;
-    }
-    return rc;
-}
-
-/*  _________________________________________________________________
-**
-**  I/O Data Debugging
-**  _________________________________________________________________
-*/
-
-#define DUMP_WIDTH 16
-
-static void ssl_io_data_dump(server_rec *srvr, const char *s, long len)
-{
-    char buf[256];
-    char tmp[64];
-    int i, j, rows, trunc;
-    unsigned char ch;
-
-    trunc = 0;
-    for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
-        trunc++;
-    rows = (len / DUMP_WIDTH);
-    if ((rows * DUMP_WIDTH) < len)
-        rows++;
-    ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
-            "+-------------------------------------------------------------------------+");
-    for(i = 0 ; i< rows; i++) {
-        ap_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
-        ap_cpystrn(buf, tmp, sizeof(buf));
-        for (j = 0; j < DUMP_WIDTH; j++) {
-            if (((i * DUMP_WIDTH) + j) >= len)
-                ap_cpystrn(buf+strlen(buf), "   ", sizeof(buf)-strlen(buf));
-            else {
-                ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
-                ap_snprintf(tmp, sizeof(tmp), "%02x%c", ch , j==7 ? '-' : ' ');
-                ap_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
-            }
-        }
-        ap_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
-        for (j = 0; j < DUMP_WIDTH; j++) {
-            if (((i * DUMP_WIDTH) + j) >= len)
-                ap_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
-            else {
-                ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
-                ap_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.');
-                ap_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
-            }
-        }
-        ap_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
-        ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, "%s", buf);
-    }
-    if (trunc > 0)
-        ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
-                "| %04x - ", len + trunc);
-    ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
-            "+-------------------------------------------------------------------------+");
-    return;
-}
-
-long ssl_io_data_cb(BIO *bio, int cmd, const char *argp, int argi, long argl, long rc)
-{
-    SSL *ssl;
-    conn_rec *c;
-    server_rec *s;
-
-    if ((ssl = (SSL *)BIO_get_callback_arg(bio)) == NULL)
-        return rc;
-    if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
-        return rc;
-    s = c->server;
-
-    if (   cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
-        || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
-        if (rc >= 0) {
-            ssl_log(s, SSL_LOG_DEBUG,
-                    "%s: %s %ld/%d bytes %s BIO#%08X [mem: %08lX] %s",
-                    SSL_LIBRARY_NAME,
-                    (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
-                    rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
-                    bio, argp,
-                    (argp != NULL ? "(BIO dump follows)" : "(Ops, no memory buffer?)"));
-            if (argp != NULL)
-                ssl_io_data_dump(s, argp, rc);
-        }
-        else {
-            ssl_log(s, SSL_LOG_DEBUG,
-                    "%s: I/O error, %d bytes expected to %s on BIO#%08X [mem: %08lX]",
-                    SSL_LIBRARY_NAME, argi,
-                    (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
-                    bio, argp);
-        }
-    }
-    return rc;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c
deleted file mode 100644
index 254757b60cc..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c
+++ /dev/null
@@ -1,1966 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_kernel.c
-**  The SSL engine kernel
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/* ====================================================================
- * Copyright (c) 1995-1999 Ben Laurie. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * 4. The name "Apache-SSL Server" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission.
- *
- * 5. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * THIS SOFTWARE IS PROVIDED BY BEN LAURIE ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BEN LAURIE OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``It took me fifteen years to discover
-                                  I had no talent for programming, but
-                                  I couldn't give it up because by that
-                                  time I was too famous.''
-                                            -- Unknown                */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  SSL Engine Kernel
-**  _________________________________________________________________
-*/
-
-/*
- *  Connect Handler:
- *  Connect SSL to the accepted socket
- *
- *  Usually we would need an Apache API hook which is triggered right after
- *  the socket is accepted for handling a new request. But Apache 1.3 doesn't
- *  provide such a hook, so we have to patch http_main.c and call this
- *  function directly.
- */
-void ssl_hook_NewConnection(conn_rec *conn)
-{
-    server_rec *srvr;
-    BUFF *fb;
-    SSLSrvConfigRec *sc;
-    ap_ctx *apctx;
-    SSL *ssl;
-    char *cp;
-    char *cpVHostID;
-    char *cpVHostMD5;
-    X509 *xs;
-    int rc;
-
-    /*
-     * Get context
-     */
-    srvr = conn->server;
-    fb   = conn->client;
-    sc   = mySrvConfig(srvr);
-
-    /*
-     * Create SSL context
-     */
-    ap_ctx_set(fb->ctx, "ssl", NULL);
-
-    /*
-     * Immediately stop processing if SSL
-     * is disabled for this connection
-     */
-    if (sc == NULL || !sc->bEnabled)
-        return;
-
-    /*
-     * Remember the connection information for
-     * later access inside callback functions
-     */
-    cpVHostID = ssl_util_vhostid(conn->pool, srvr);
-    ssl_log(srvr, SSL_LOG_INFO, "Connection to child %d established "
-            "(server %s, client %s)", conn->child_num, cpVHostID, 
-            conn->remote_ip != NULL ? conn->remote_ip : "unknown");
-
-    /*
-     * Seed the Pseudo Random Number Generator (PRNG)
-     */
-    ssl_rand_seed(srvr, conn->pool, SSL_RSCTX_CONNECT, "");
-
-    /*
-     * Create a new SSL connection with the configured server SSL context and
-     * attach this to the socket. Additionally we register this attachment
-     * so we can detach later.
-     */
-    if ((ssl = SSL_new(sc->pSSLCtx)) == NULL) {
-        ssl_log(conn->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                "Unable to create a new SSL connection from the SSL context");
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-        conn->aborted = 1;
-        return;
-    }
-    SSL_clear(ssl);
-    cpVHostMD5 = ap_md5(conn->pool, (unsigned char *)cpVHostID);
-    if (!SSL_set_session_id_context(ssl, (unsigned char *)cpVHostMD5, strlen(cpVHostMD5))) {
-        ssl_log(conn->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                "Unable to set session id context to `%s'", cpVHostMD5);
-        ap_ctx_set(fb->ctx, "ssl", NULL);
-        ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-        conn->aborted = 1;
-        return;
-    }
-    SSL_set_app_data(ssl, conn);
-    apctx = ap_ctx_new(conn->pool);
-    ap_ctx_set(apctx, "ssl::request_rec", NULL);
-    ap_ctx_set(apctx, "ssl::verify::depth", AP_CTX_NUM2PTR(0));
-    SSL_set_app_data2(ssl, apctx);
-    SSL_set_fd(ssl, fb->fd);
-    ap_ctx_set(fb->ctx, "ssl", ssl);
-
-    /*
-     *  Configure callbacks for SSL connection
-     */
-    SSL_set_tmp_rsa_callback(ssl, ssl_callback_TmpRSA);
-    SSL_set_tmp_dh_callback(ssl,  ssl_callback_TmpDH);
-    if (sc->nLogLevel >= SSL_LOG_DEBUG) {
-        BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
-        BIO_set_callback_arg(SSL_get_rbio(ssl), ssl);
-    }
-
-    /*
-     * Predefine some client verification results
-     */
-    ap_ctx_set(fb->ctx, "ssl::client::dn", NULL);
-    ap_ctx_set(fb->ctx, "ssl::verify::error", NULL);
-    ap_ctx_set(fb->ctx, "ssl::verify::info", NULL);
-    SSL_set_verify_result(ssl, X509_V_OK);
-
-    /*
-     * We have to manage a I/O timeout ourself, because Apache
-     * does it the first time when reading the request, but we're
-     * working some time before this happens.
-     */
-    ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-    ap_set_callback_and_alarm(ssl_hook_TimeoutConnection, srvr->timeout);
-
-    /*
-     * Now enter the SSL Handshake Phase
-     */
-    while (!SSL_is_init_finished(ssl)) {
-
-        if ((rc = SSL_accept(ssl)) <= 0) {
-
-            if (SSL_get_error(ssl, rc) == SSL_ERROR_ZERO_RETURN) {
-                /*
-                 * The case where the connection was closed before any data
-                 * was transferred. That's not a real error and can occur
-                 * sporadically with some clients.
-                 */
-                ssl_log(srvr, SSL_LOG_INFO,
-                        "SSL handshake stopped: connection was closed");
-                SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-                conn->aborted = 1;
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-                return;
-            }
-            else if ((ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) &&
-                     (ERR_GET_LIB(ERR_peek_error()) == ERR_LIB_SSL)) {
-                /*
-                 * The case where OpenSSL has recognized a HTTP request:
-                 * This means the client speaks plain HTTP on our HTTPS
-                 * port. Hmmmm...  At least for this error we can be more friendly
-                 * and try to provide him with a HTML error page. We have only one
-                 * problem: OpenSSL has already read some bytes from the HTTP
-                 * request. So we have to skip the request line manually and
-                 * instead provide a faked one in order to continue the internal
-                 * Apache processing.
-                 *
-                 */
-                char ca[2];
-                int rv;
-
-                /* log the situation */
-                ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "SSL handshake failed: HTTP spoken on HTTPS port; "
-                        "trying to send HTML error page");
-
-                /* first: skip the remaining bytes of the request line */
-                do {
-                    do {
-                        rv = read(fb->fd, ca, 1);
-                    } while (rv == -1 && errno == EINTR);
-                } while (rv > 0 && ca[0] != '\012' /*LF*/);
-
-                /* second: fake the request line */
-                fb->inbase = ap_palloc(fb->pool, fb->bufsiz);
-                ap_cpystrn((char *)fb->inbase, "GET /mod_ssl:error:HTTP-request HTTP/1.0\r\n",
-                           fb->bufsiz);
-                fb->inptr = fb->inbase;
-                fb->incnt = strlen((char *)fb->inptr);
-
-                /* third: kick away the SSL stuff */
-                SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-
-                /* finally: let Apache go on with processing */
-                return;
-            }
-            else if (ap_ctx_get(ap_global_ctx, "ssl::handshake::timeout") == (void *)TRUE) {
-                ssl_log(srvr, SSL_LOG_ERROR,
-                        "SSL handshake timed out (client %s, server %s)",
-                        conn->remote_ip != NULL ? conn->remote_ip : "unknown", cpVHostID);
-                SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-                conn->aborted = 1;
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-                return;
-            }
-            else if (SSL_get_error(ssl, rc) == SSL_ERROR_SYSCALL) {
-                if (errno == EINTR)
-                    continue;
-                if (errno > 0)
-                    ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
-                            "SSL handshake interrupted by system "
-                            "[Hint: Stop button pressed in browser?!]");
-                else
-                    ssl_log(srvr, SSL_LOG_INFO|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
-                            "Spurious SSL handshake interrupt"
-                            "[Hint: Usually just one of those OpenSSL confusions!?]");
-                SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-                conn->aborted = 1;
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-                return;
-            }
-            else if (   (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ  && BIO_should_retry(SSL_get_rbio(ssl)))
-                     || (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_WRITE && BIO_should_retry(SSL_get_wbio(ssl)))) {
-                ssl_log(srvr, SSL_LOG_TRACE, "SSL handshake I/O retry (server %s, client %s)",
-                        cpVHostID, conn->remote_ip != NULL ? conn->remote_ip : "unknown");
-                continue;
-            }
-            else {
-                /*
-                 * Ok, anything else is a fatal error
-                 */
-                ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR|SSL_ADD_ERRNO,
-                        "SSL handshake failed (server %s, client %s)", cpVHostID, 
-                        conn->remote_ip != NULL ? conn->remote_ip : "unknown");
-
-                /*
-                 * try to gracefully shutdown the connection:
-                 * - send an own shutdown message (be gracefully)
-                 * - don't wait for peer's shutdown message (deadloop)
-                 * - kick away the SSL stuff immediately
-                 * - block the socket, so Apache cannot operate any more
-                 */
-                SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-                SSL_smart_shutdown(ssl);
-                SSL_free(ssl);
-                ap_ctx_set(fb->ctx, "ssl", NULL);
-                ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-                conn->aborted = 1;
-                ap_set_callback_and_alarm(NULL, 0);
-                ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-                return;
-            }
-        }
-
-        /*
-         * Check for failed client authentication
-         */
-        if (   SSL_get_verify_result(ssl) != X509_V_OK
-            || ap_ctx_get(fb->ctx, "ssl::verify::error") != NULL) {
-            cp = (char *)ap_ctx_get(fb->ctx, "ssl::verify::error");
-            ssl_log(srvr, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "SSL client authentication failed: %s", 
-                    cp != NULL ? cp : "unknown reason");
-            SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-            SSL_smart_shutdown(ssl);
-            SSL_free(ssl);
-            ap_ctx_set(fb->ctx, "ssl", NULL);
-            ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-            conn->aborted = 1;
-            ap_set_callback_and_alarm(NULL, 0);
-            ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-            return;
-        }
-
-        /*
-         * Remember the peer certificate's DN
-         */
-        if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
-            cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
-            ap_ctx_set(fb->ctx, "ssl::client::dn", ap_pstrdup(conn->pool, cp));
-            OPENSSL_free(cp);
-            X509_free(xs);
-        }
-
-        /*
-         * Make really sure that when a peer certificate
-         * is required we really got one... (be paranoid)
-         */
-        if (   sc->nVerifyClient == SSL_CVERIFY_REQUIRE
-            && ap_ctx_get(fb->ctx, "ssl::client::dn") == NULL) {
-            ssl_log(srvr, SSL_LOG_ERROR,
-                    "No acceptable peer certificate available");
-            SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-            SSL_smart_shutdown(ssl);
-            SSL_free(ssl);
-            ap_ctx_set(fb->ctx, "ssl", NULL);
-            ap_bsetflag(fb, B_EOF|B_EOUT, 1);
-            conn->aborted = 1;
-            ap_set_callback_and_alarm(NULL, 0);
-            ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-            return;
-        }
-    }
-
-    /*
-     * Remove the timeout handling
-     */
-    ap_set_callback_and_alarm(NULL, 0);
-    ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)FALSE);
-
-    /*
-     * Improve I/O throughput by using
-     * OpenSSL's read-ahead functionality
-     * (don't used under Win32, because
-     * there we use select())
-     */
-    SSL_set_read_ahead(ssl, TRUE);
-
-#ifdef SSL_VENDOR
-    /* Allow vendors to do more things on connection time... */
-    ap_hook_use("ap::mod_ssl::vendor::new_connection",
-                AP_HOOK_SIG2(void,ptr), AP_HOOK_ALL, conn);
-#endif
-
-    return;
-}
-
-/*
- * Signal handler function for the SSL handshake phase
- */
-void ssl_hook_TimeoutConnection(int sig)
-{
-    /* we just set a flag for the handshake processing loop */
-    ap_ctx_set(ap_global_ctx, "ssl::handshake::timeout", (void *)TRUE);
-    return;
-}
-
-/*
- *  Close the SSL part of the socket connection
- *  (called immediately _before_ the socket is closed)
- */
-void ssl_hook_CloseConnection(conn_rec *conn)
-{
-    SSL *ssl;
-    char *cpType;
-
-    ssl = ap_ctx_get(conn->client->ctx, "ssl");
-    if (ssl == NULL)
-        return;
-
-    /*
-     * First make sure that no more data is pending in Apache's BUFF,
-     * because when it's (implicitly) flushed later by the ap_bclose()
-     * calls of Apache it would lead to an I/O error in the browser due
-     * to the fact that the SSL layer was already removed by us.
-     */
-    ap_bflush(conn->client);
-
-    /*
-     * Now close the SSL layer of the connection. We've to take
-     * the TLSv1 standard into account here:
-     *
-     * | 7.2.1. Closure alerts
-     * |
-     * | The client and the server must share knowledge that the connection is
-     * | ending in order to avoid a truncation attack. Either party may
-     * | initiate the exchange of closing messages.
-     * |
-     * | close_notify
-     * |     This message notifies the recipient that the sender will not send
-     * |     any more messages on this connection. The session becomes
-     * |     unresumable if any connection is terminated without proper
-     * |     close_notify messages with level equal to warning.
-     * |
-     * | Either party may initiate a close by sending a close_notify alert.
-     * | Any data received after a closure alert is ignored.
-     * |
-     * | Each party is required to send a close_notify alert before closing
-     * | the write side of the connection. It is required that the other party
-     * | respond with a close_notify alert of its own and close down the
-     * | connection immediately, discarding any pending writes. It is not
-     * | required for the initiator of the close to wait for the responding
-     * | close_notify alert before closing the read side of the connection.
-     *
-     * This means we've to send a close notify message, but haven't to wait
-     * for the close notify of the client. Actually we cannot wait for the
-     * close notify of the client because some clients (including Netscape
-     * 4.x) don't send one, so we would hang.
-     */
-
-    /*
-     * exchange close notify messages, but allow the user
-     * to force the type of handshake via SetEnvIf directive
-     */
-    if (ap_ctx_get(conn->client->ctx, "ssl::flag::unclean-shutdown") == PTRUE) {
-        /* perform no close notify handshake at all
-           (violates the SSL/TLS standard!) */
-        SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-        cpType = "unclean";
-    }
-    else if (ap_ctx_get(conn->client->ctx, "ssl::flag::accurate-shutdown") == PTRUE) {
-        /* send close notify and wait for clients close notify
-           (standard compliant, but usually causes connection hangs) */
-        SSL_set_shutdown(ssl, 0);
-        cpType = "accurate";
-    }
-    else {
-        /* send close notify, but don't wait for clients close notify
-           (standard compliant and safe, so it's the DEFAULT!) */
-        SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
-        cpType = "standard";
-    }
-    SSL_smart_shutdown(ssl);
-
-    /* deallocate the SSL connection */
-    SSL_free(ssl);
-    ap_ctx_set(conn->client->ctx, "ssl", NULL);
-
-    /* and finally log the fact that we've closed the connection */
-    ssl_log(conn->server, SSL_LOG_INFO,
-            "Connection to child %d closed with %s shutdown (server %s, client %s)",
-            conn->child_num, cpType, ssl_util_vhostid(conn->pool, conn->server),
-            conn->remote_ip != NULL ? conn->remote_ip : "unknown");
-    return;
-}
-
-/*
- *  Post Read Request Handler
- */
-int ssl_hook_ReadReq(request_rec *r)
-{
-    SSL *ssl;
-    ap_ctx *apctx;
-
-    /*
-     * Get the SSL connection structure and perform the
-     * delayed interlinking from SSL back to request_rec
-     */
-    ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
-    if (ssl != NULL) {
-        apctx = SSL_get_app_data2(ssl);
-        ap_ctx_set(apctx, "ssl::request_rec", r);
-    }
-
-    /*
-     * Force the mod_ssl content handler when URL indicates this
-     */
-    if (strEQn(r->uri, "/mod_ssl:", 9))
-        r->handler = "mod_ssl:content-handler";
-    if (ssl != NULL) {
-        ap_ctx_set(r->ctx, "ap::http::method",  "https");
-        ap_ctx_set(r->ctx, "ap::default::port", "443");
-    }
-    else {
-        ap_ctx_set(r->ctx, "ap::http::method",  NULL);
-        ap_ctx_set(r->ctx, "ap::default::port", NULL);
-    }
-    return DECLINED;
-}
-
-/*
- *  URL Translation Handler
- */
-int ssl_hook_Translate(request_rec *r)
-{
-    if (ap_ctx_get(r->connection->client->ctx, "ssl") == NULL)
-        return DECLINED;
-
-    /*
-     * Log information about incoming HTTPS requests
-     */
-    if (ap_is_initial_req(r))
-        ssl_log(r->server, SSL_LOG_INFO,
-                "%s HTTPS request received for child %d (server %s)",
-                r->connection->keepalives <= 0 ?
-                    "Initial (No.1)" :
-                    ap_psprintf(r->pool, "Subsequent (No.%d)",
-                                r->connection->keepalives+1),
-                r->connection->child_num,
-                ssl_util_vhostid(r->pool, r->server));
-
-    /*
-     * Move SetEnvIf information from request_rec to conn_rec/BUFF
-     * to allow the close connection handler to use them.
-     */
-    if (ap_table_get(r->subprocess_env, "ssl-unclean-shutdown") != NULL)
-        ap_ctx_set(r->connection->client->ctx, "ssl::flag::unclean-shutdown", PTRUE);
-    else
-        ap_ctx_set(r->connection->client->ctx, "ssl::flag::unclean-shutdown", PFALSE);
-    if (ap_table_get(r->subprocess_env, "ssl-accurate-shutdown") != NULL)
-        ap_ctx_set(r->connection->client->ctx, "ssl::flag::accurate-shutdown", PTRUE);
-    else
-        ap_ctx_set(r->connection->client->ctx, "ssl::flag::accurate-shutdown", PFALSE);
-
-    return DECLINED;
-}
-
-/*
- *  Content Handler
- */
-int ssl_hook_Handler(request_rec *r)
-{
-    int port;
-    char *thisport;
-    char *thisurl;
-
-    if (strNEn(r->uri, "/mod_ssl:", 9))
-        return DECLINED;
-
-    if (strEQ(r->uri, "/mod_ssl:error:HTTP-request")) {
-        thisport = "";
-        port = ap_get_server_port(r);
-        if (!ap_is_default_port(port, r))
-            thisport = ap_psprintf(r->pool, ":%u", port);
-        thisurl = ap_psprintf(r->pool, "https://%s%s/",
-                              ap_escape_html(r->pool, ap_get_server_name(r)),
-			      thisport);
-
-        ap_table_setn(r->notes, "error-notes", ap_psprintf(r->pool,
-                      "Reason: You're speaking plain HTTP to an SSL-enabled server port.
    \n"
-                      "Instead use the HTTPS scheme to access this URL, please.
    \n"
-                      "
    Hint: %s
    ",
-                      thisurl, thisurl));
-    }
-
-    return HTTP_BAD_REQUEST;
-}
-
-/*
- *  Access Handler
- */
-int ssl_hook_Access(request_rec *r)
-{
-    SSLDirConfigRec *dc;
-    SSLSrvConfigRec *sc;
-    SSL *ssl;
-    SSL_CTX *ctx = NULL;
-    array_header *apRequirement;
-    ssl_require_t *pRequirements;
-    ssl_require_t *pRequirement;
-    char *cp;
-    int ok;
-    int i;
-    BOOL renegotiate;
-    BOOL renegotiate_quick;
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    BOOL reconfigured_locations;
-    STACK_OF(X509_NAME) *skCAList;
-    char *cpCAPath;
-    char *cpCAFile;
-#endif
-    X509 *cert;
-    STACK_OF(X509) *certstack;
-    X509_STORE *certstore;
-    X509_STORE_CTX certstorectx;
-    int depth;
-    STACK_OF(SSL_CIPHER) *skCipherOld;
-    STACK_OF(SSL_CIPHER) *skCipher = NULL;
-    SSL_CIPHER *pCipher;
-    ap_ctx *apctx;
-    int nVerifyOld;
-    int nVerify;
-    int n;
-    void *vp;
-    int rc;
-
-    dc  = myDirConfig(r);
-    sc  = mySrvConfig(r->server);
-    ssl = ap_ctx_get(r->connection->client->ctx, "ssl");
-    if (ssl != NULL)
-        ctx = SSL_get_SSL_CTX(ssl);
-
-    /*
-     * Support for SSLRequireSSL directive
-     */
-    if (dc->bSSLRequired && ssl == NULL) {
-        ap_log_reason("SSL connection required", r->filename, r);
-        /* remember forbidden access for strict require option */
-        ap_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
-        return FORBIDDEN;
-    }
-
-    /*
-     * Check to see if SSL protocol is on
-     */
-    if (!sc->bEnabled)
-        return DECLINED;
-    if (ssl == NULL)
-        return DECLINED;
-
-    /*
-     * Support for per-directory reconfigured SSL connection parameters.
-     *
-     * This is implemented by forcing an SSL renegotiation with the
-     * reconfigured parameter suite. But Apache's internal API processing
-     * makes our life very hard here, because when internal sub-requests occur
-     * we nevertheless should avoid multiple unnecessary SSL handshakes (they
-     * require extra network I/O and especially time to perform). 
-     * 
-     * But the optimization for filtering out the unnecessary handshakes isn't
-     * obvious and trivial.  Especially because while Apache is in its
-     * sub-request processing the client could force additional handshakes,
-     * too. And these take place perhaps without our notice. So the only
-     * possibility is to explicitly _ask_ OpenSSL whether the renegotiation
-     * has to be performed or not. It has to performed when some parameters
-     * which were previously known (by us) are not those we've now
-     * reconfigured (as known by OpenSSL) or (in optimized way) at least when
-     * the reconfigured parameter suite is stronger (more restrictions) than
-     * the currently active one.
-     */
-    renegotiate            = FALSE;
-    renegotiate_quick      = FALSE;
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    reconfigured_locations = FALSE;
-#endif
-
-    /*
-     * Override of SSLCipherSuite
-     *
-     * We provide two options here:
-     *
-     * o The paranoid and default approach where we force a renegotiation when
-     *   the cipher suite changed in _any_ way (which is straight-forward but
-     *   often forces renegotiations too often and is perhaps not what the
-     *   user actually wanted).
-     *
-     * o The optimized and still secure way where we force a renegotiation
-     *   only if the currently active cipher is no longer contained in the
-     *   reconfigured/new cipher suite. Any other changes are not important
-     *   because it's the servers choice to select a cipher from the ones the
-     *   client supports. So as long as the current cipher is still in the new
-     *   cipher suite we're happy. Because we can assume we would have
-     *   selected it again even when other (better) ciphers exists now in the
-     *   new cipher suite. This approach is fine because the user explicitly
-     *   has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
-     *   implicit optimizations.
-     */
-    if (dc->szCipherSuite != NULL) {
-        /* remember old state */
-        pCipher = NULL;
-        skCipherOld = NULL;
-        if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE)
-            pCipher = SSL_get_current_cipher(ssl);
-        else {
-            skCipherOld = SSL_get_ciphers(ssl);
-            if (skCipherOld != NULL)
-                skCipherOld = sk_SSL_CIPHER_dup(skCipherOld);
-        }
-        /* configure new state */
-        if (!SSL_set_cipher_list(ssl, dc->szCipherSuite)) {
-            ssl_log(r->server, SSL_LOG_WARN|SSL_ADD_SSLERR,
-                    "Unable to reconfigure (per-directory) permitted SSL ciphers");
-            if (skCipherOld != NULL)
-                sk_SSL_CIPHER_free(skCipherOld);
-            return FORBIDDEN;
-        }
-        /* determine whether a renegotiation has to be forced */
-        skCipher = SSL_get_ciphers(ssl);
-        if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
-            /* optimized way */
-            if ((pCipher == NULL && skCipher != NULL) ||
-                (pCipher != NULL && skCipher == NULL)   )
-                renegotiate = TRUE;
-            else if (pCipher != NULL && skCipher != NULL
-                     && sk_SSL_CIPHER_find(skCipher, pCipher) < 0) {
-                renegotiate = TRUE;
-            }
-        }
-        else {
-            /* paranoid way */
-            if ((skCipherOld == NULL && skCipher != NULL) ||
-                (skCipherOld != NULL && skCipher == NULL)   )
-                renegotiate = TRUE;
-            else if (skCipherOld != NULL && skCipher != NULL) {
-                for (n = 0; !renegotiate && n < sk_SSL_CIPHER_num(skCipher); n++) {
-                    if (sk_SSL_CIPHER_find(skCipherOld, sk_SSL_CIPHER_value(skCipher, n)) < 0)
-                        renegotiate = TRUE;
-                }
-                for (n = 0; !renegotiate && n < sk_SSL_CIPHER_num(skCipherOld); n++) {
-                    if (sk_SSL_CIPHER_find(skCipher, sk_SSL_CIPHER_value(skCipherOld, n)) < 0)
-                        renegotiate = TRUE;
-                }
-            }
-        }
-        /* cleanup */
-        if (skCipherOld != NULL)
-            sk_SSL_CIPHER_free(skCipherOld);
-        /* tracing */
-        if (renegotiate) {
-	    if (sc->bHonorCipherOrder == TRUE)
-	    	SSL_set_options(ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
-            ssl_log(r->server, SSL_LOG_TRACE,
-                    "Reconfigured cipher suite will force renegotiation");
-	}
-    }
-
-    /*
-     * override of SSLVerifyDepth
-     *
-     * The depth checks are handled by us manually inside the verify callback
-     * function and not by OpenSSL internally (and our function is aware of
-     * both the per-server and per-directory contexts). So we cannot ask
-     * OpenSSL about the currently verify depth. Instead we remember it in our
-     * ap_ctx attached to the SSL* of OpenSSL.  We've to force the
-     * renegotiation if the reconfigured/new verify depth is less than the
-     * currently active/remembered verify depth (because this means more
-     * restriction on the certificate chain).
-     */
-    if (dc->nVerifyDepth != UNSET) {
-        apctx = SSL_get_app_data2(ssl);
-        if ((vp = ap_ctx_get(apctx, "ssl::verify::depth")) != NULL)
-            n = (int)AP_CTX_PTR2NUM(vp);
-        else
-            n = sc->nVerifyDepth;
-        ap_ctx_set(apctx, "ssl::verify::depth",
-                   AP_CTX_NUM2PTR(dc->nVerifyDepth));
-        /* determine whether a renegotiation has to be forced */
-        if (dc->nVerifyDepth < n) {
-            renegotiate = TRUE;
-            ssl_log(r->server, SSL_LOG_TRACE,
-                    "Reduced client verification depth will force renegotiation");
-        }
-    }
-
-    /*
-     * override of SSLVerifyClient
-     *
-     * We force a renegotiation if the reconfigured/new verify type is
-     * stronger than the currently active verify type. 
-     *
-     * The order is: none << optional_no_ca << optional << require
-     *
-     * Additionally the following optimization is possible here: When the
-     * currently active verify type is "none" but a client certificate is
-     * already known/present, it's enough to manually force a client
-     * verification but at least skip the I/O-intensive renegotiation
-     * handshake.
-     */
-    if (dc->nVerifyClient != SSL_CVERIFY_UNSET) {
-        /* remember old state */
-        nVerifyOld = SSL_get_verify_mode(ssl);
-        /* configure new state */
-        nVerify = SSL_VERIFY_NONE;
-        if (dc->nVerifyClient == SSL_CVERIFY_REQUIRE)
-            nVerify |= SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
-        if (   (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL)
-            || (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) )
-            nVerify |= SSL_VERIFY_PEER;
-        SSL_set_verify(ssl, nVerify, ssl_callback_SSLVerify);
-        SSL_set_verify_result(ssl, X509_V_OK);
-        /* determine whether we've to force a renegotiation */
-        if (!renegotiate && nVerify != nVerifyOld) {
-            if (   (   (nVerifyOld == SSL_VERIFY_NONE)
-                    && (nVerify    != SSL_VERIFY_NONE))
-                || (  !(nVerifyOld &  SSL_VERIFY_PEER)
-                    && (nVerify    &  SSL_VERIFY_PEER))
-                || (  !(nVerifyOld &  SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
-                    && (nVerify    &  SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
-                renegotiate = TRUE;
-                /* optimization */
-                if (   dc->nOptions & SSL_OPT_OPTRENEGOTIATE
-                    && nVerifyOld == SSL_VERIFY_NONE
-                    && (cert = SSL_get_peer_certificate(ssl)) != NULL) {
-                    renegotiate_quick = TRUE;
-                    X509_free(cert);
-                }
-                ssl_log(r->server, SSL_LOG_TRACE,
-                        "Changed client verification type will force %srenegotiation",
-                        renegotiate_quick ? "quick " : "");
-             }
-        }
-    }
-
-    /*
-     *  override SSLCACertificateFile & SSLCACertificatePath
-     *  This is tagged experimental because it has to use an ugly kludge: We
-     *  have to change the locations inside the SSL_CTX* (per-server global)
-     *  instead inside SSL* (per-connection local) and reconfigure it to the
-     *  old values later. That's problematic at least for the threaded process
-     *  model of Apache under Win32 or when an error occurs. But unless
-     *  OpenSSL provides a SSL_load_verify_locations() function we've no other
-     *  chance to provide this functionality...
-     */
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    if (   (   dc->szCACertificateFile != NULL
-            && (   sc->szCACertificateFile == NULL
-                || (   sc->szCACertificateFile != NULL
-                    && strNE(dc->szCACertificateFile, sc->szCACertificateFile))))
-        || (   dc->szCACertificatePath != NULL
-            && (   sc->szCACertificatePath == NULL
-                || (   sc->szCACertificatePath != NULL
-                    && strNE(dc->szCACertificatePath, sc->szCACertificatePath)))) ) {
-        cpCAFile = dc->szCACertificateFile != NULL ?
-                   dc->szCACertificateFile : sc->szCACertificateFile;
-        cpCAPath = dc->szCACertificatePath != NULL ?
-                   dc->szCACertificatePath : sc->szCACertificatePath;
-        /*
-           FIXME: This should be...
-           if (!SSL_load_verify_locations(ssl, cpCAFile, cpCAPath)) {
-           ...but OpenSSL still doesn't provide this!
-         */
-        if (!SSL_CTX_load_verify_locations(ctx, cpCAFile, cpCAPath)) {
-            ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Unable to reconfigure verify locations "
-                    "for client authentication");
-            return FORBIDDEN;
-        }
-        if ((skCAList = ssl_init_FindCAList(r->server, r->pool,
-                                            cpCAFile, cpCAPath)) == NULL) {
-            ssl_log(r->server, SSL_LOG_ERROR,
-                    "Unable to determine list of available "
-                    "CA certificates for client authentication");
-            return FORBIDDEN;
-        }
-        SSL_set_client_CA_list(ssl, skCAList);
-        renegotiate = TRUE;
-        reconfigured_locations = TRUE;
-        ssl_log(r->server, SSL_LOG_TRACE,
-                "Changed client verification locations will force renegotiation");
-    }
-#endif /* SSL_EXPERIMENTAL_PERDIRCA */
-
-#ifdef SSL_CONSERVATIVE 
-    /* 
-     *  SSL renegotiations in conjunction with HTTP
-     *  requests using the POST method are not supported.
-     */
-    if (renegotiate && r->method_number == M_POST) {
-        ssl_log(r->server, SSL_LOG_ERROR,
-                "SSL Re-negotiation in conjunction with POST method not supported!");
-        ssl_log(r->server, SSL_LOG_INFO,
-                "You have to compile without -DSSL_CONSERVATIVE to enabled support for this.");
-        return METHOD_NOT_ALLOWED;
-    }
-#endif /* SSL_CONSERVATIVE */
-
-    /*
-     * now do the renegotiation if anything was actually reconfigured
-     */
-    if (renegotiate) {
-        /*
-         * Now we force the SSL renegotiation by sending the Hello Request
-         * message to the client. Here we have to do a workaround: Actually
-         * OpenSSL returns immediately after sending the Hello Request (the
-         * intent AFAIK is because the SSL/TLS protocol says it's not a must
-         * that the client replies to a Hello Request). But because we insist
-         * on a reply (anything else is an error for us) we have to go to the
-         * ACCEPT state manually. Using SSL_set_accept_state() doesn't work
-         * here because it resets too much of the connection.  So we set the
-         * state explicitly and continue the handshake manually.
-         */
-        ssl_log(r->server, SSL_LOG_INFO, "Requesting connection re-negotiation");
-        if (renegotiate_quick) {
-            /* perform just a manual re-verification of the peer */
-            ssl_log(r->server, SSL_LOG_TRACE,
-                    "Performing quick renegotiation: just re-verifying the peer");
-            certstack = SSL_get_peer_cert_chain(ssl);
-            cert = SSL_get_peer_certificate(ssl);
-            if (certstack == NULL && cert != NULL) {
-                /* client certificate is in the SSL session cache, but
-                   there is no chain, since ssl3_get_client_certificate()
-                   sk_X509_shift()'ed the peer certificate out of the
-                   chain. So we put it back here for the purpose of quick
-                   renegotiation. */
-                certstack = sk_new_null();
-                sk_X509_push(certstack, cert);
-            }
-            if (certstack == NULL || sk_X509_num(certstack) == 0) {
-                ssl_log(r->server, SSL_LOG_ERROR, "Cannot find peer certificate chain");
-                return FORBIDDEN;
-            }
-            if (cert == NULL)
-                cert = sk_X509_value(certstack, 0);
-
-            if ((certstore = SSL_CTX_get_cert_store(ctx)) == NULL) {
-                ssl_log(r->server, SSL_LOG_ERROR, "Cannot find certificate storage");
-                return FORBIDDEN;
-            }
-            X509_STORE_CTX_init(&certstorectx, certstore, cert, certstack);
-            depth = SSL_get_verify_depth(ssl);
-            if (depth >= 0)
-                X509_STORE_CTX_set_depth(&certstorectx, depth);
-            X509_STORE_CTX_set_ex_data(&certstorectx,
-                SSL_get_ex_data_X509_STORE_CTX_idx(), (char *)ssl);
-            if (!X509_verify_cert(&certstorectx))
-                ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR, 
-                        "Re-negotiation verification step failed");
-            SSL_set_verify_result(ssl, certstorectx.error);
-            X509_STORE_CTX_cleanup(&certstorectx);
-            if (SSL_get_peer_cert_chain(ssl) != certstack) {
-                /* created by us above, so free it */
-                sk_X509_pop_free(certstack, X509_free);
-            }
-            else {
-                /* X509_free(cert); not necessary AFAIK --rse */
-            }
-        }
-        else {
-            /* do a full renegotiation */
-            ssl_log(r->server, SSL_LOG_TRACE,
-                    "Performing full renegotiation: complete handshake protocol");
-            if (r->main != NULL)
-                SSL_set_session_id_context(ssl, (unsigned char *)&(r->main), sizeof(r->main));
-            else
-                SSL_set_session_id_context(ssl, (unsigned char *)&r, sizeof(r));
-#ifndef SSL_CONSERVATIVE
-            ssl_io_suck(r, ssl);
-#endif
-            SSL_renegotiate(ssl);
-            SSL_do_handshake(ssl);
-            if (SSL_get_state(ssl) != SSL_ST_OK) {
-                ssl_log(r->server, SSL_LOG_ERROR, "Re-negotiation request failed");
-                return FORBIDDEN;
-            }
-            ssl_log(r->server, SSL_LOG_INFO, "Awaiting re-negotiation handshake");
-            SSL_set_state(ssl, SSL_ST_ACCEPT);
-            SSL_do_handshake(ssl);
-            if (SSL_get_state(ssl) != SSL_ST_OK) {
-                ssl_log(r->server, SSL_LOG_ERROR,
-                        "Re-negotiation handshake failed: Not accepted by client!?");
-                return FORBIDDEN;
-            }
-        }
-
-        /*
-         * Remember the peer certificate's DN
-         */
-        if ((cert = SSL_get_peer_certificate(ssl)) != NULL) {
-            cp = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
-            ap_ctx_set(r->connection->client->ctx, "ssl::client::dn", 
-                       ap_pstrdup(r->connection->pool, cp));
-            OPENSSL_free(cp);
-            X509_free(cert);
-        }
-
-        /*
-         * Finally check for acceptable renegotiation results
-         */
-        if (dc->nVerifyClient != SSL_CVERIFY_NONE) {
-            if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
-                && SSL_get_verify_result(ssl) != X509_V_OK  ) {
-                ssl_log(r->server, SSL_LOG_ERROR,
-                        "Re-negotiation handshake failed: Client verification failed");
-                return FORBIDDEN;
-            }
-            cert = SSL_get_peer_certificate(ssl);
-            if (   dc->nVerifyClient == SSL_CVERIFY_REQUIRE
-                && cert == NULL) {
-                ssl_log(r->server, SSL_LOG_ERROR,
-                        "Re-negotiation handshake failed: Client certificate missing");
-                return FORBIDDEN;
-            }
-            if (cert != NULL)
-                X509_free(cert);
-        }
-
-        /*
-         * Also check that SSLCipherSuite has been enforced as expected
-         */
-        if (skCipher != NULL) {
-            pCipher = SSL_get_current_cipher(ssl);
-            if (sk_SSL_CIPHER_find(skCipher, pCipher) < 0) {
-                ssl_log(r->server, SSL_LOG_ERROR,
-                        "SSL cipher suite not renegotiated: "
-                        "access to %s denied using cipher %s",
-                        r->filename, SSL_CIPHER_get_name(pCipher));
-                return FORBIDDEN;
-            }
-        }
-    }
-
-    /*
-     * Under old OpenSSL we had to change the X509_STORE inside the
-     * SSL_CTX instead inside the SSL structure, so we have to reconfigure it
-     * to the old values. This should be changed with forthcoming OpenSSL
-     * versions when better functionality is avaiable.
-     */
-#ifdef SSL_EXPERIMENTAL_PERDIRCA
-    if (renegotiate && reconfigured_locations) {
-        if (!SSL_CTX_load_verify_locations(ctx,
-                sc->szCACertificateFile, sc->szCACertificatePath)) {
-            ssl_log(r->server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                    "Unable to reconfigure verify locations "
-                    "to per-server configuration parameters");
-            return FORBIDDEN;
-        }
-    }
-#endif /* SSL_EXPERIMENTAL_PERDIRCA */
-
-    /*
-     * Check SSLRequire boolean expressions
-     */
-    apRequirement = dc->aRequirement;
-    pRequirements = (ssl_require_t *)apRequirement->elts;
-    for (i = 0; i < apRequirement->nelts; i++) {
-        pRequirement = &pRequirements[i];
-        ok = ssl_expr_exec(r, pRequirement->mpExpr);
-        if (ok < 0) {
-            cp = ap_psprintf(r->pool, "Failed to execute SSL requirement expression: %s",
-                             ssl_expr_get_error());
-            ap_log_reason(cp, r->filename, r);
-            /* remember forbidden access for strict require option */
-            ap_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
-            return FORBIDDEN;
-        }
-        if (ok != 1) {
-            ssl_log(r->server, SSL_LOG_INFO,
-                    "Access to %s denied for %s (requirement expression not fulfilled)",
-                    r->filename, r->connection->remote_ip);
-            ssl_log(r->server, SSL_LOG_INFO,
-                    "Failed expression: %s", pRequirement->cpExpr);
-            ap_log_reason("SSL requirement expression not fulfilled "
-                          "(see SSL logfile for more details)", r->filename, r);
-            /* remember forbidden access for strict require option */
-            ap_table_setn(r->notes, "ssl-access-forbidden", (void *)1);
-            return FORBIDDEN;
-        }
-    }
-
-    /*
-     * Else access is granted from our point of view (except vendor
-     * handlers override). But we have to return DECLINED here instead
-     * of OK, because mod_auth and other modules still might want to
-     * deny access.
-     */
-    rc = DECLINED;
-#ifdef SSL_VENDOR
-    ap_hook_use("ap::mod_ssl::vendor::access_handler",
-                AP_HOOK_SIG2(int,ptr), AP_HOOK_DECLINE(DECLINED),
-                &rc, r);
-#endif
-    return rc;
-}
-
-/*
- *  Auth Handler:
- *  Fake a Basic authentication from the X509 client certificate.
- *
- *  This must be run fairly early on to prevent a real authentication from
- *  occuring, in particular it must be run before anything else that
- *  authenticates a user.  This means that the Module statement for this
- *  module should be LAST in the Configuration file.
- */
-int ssl_hook_Auth(request_rec *r)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
-    SSLDirConfigRec *dc = myDirConfig(r);
-    char *clientdn;
-    const char *cpAL;
-    const char *cpUN;
-    const char *cpPW;
-
-    /*
-     * Additionally forbid access (again)
-     * when strict require option is used.
-     */
-    if (   (dc->nOptions & SSL_OPT_STRICTREQUIRE)
-        && (ap_table_get(r->notes, "ssl-access-forbidden") != NULL))
-        return FORBIDDEN;
-
-    /*
-     * Make sure the user is not able to fake the client certificate
-     * based authentication by just entering an X.509 Subject DN
-     * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
-     * password.
-     */
-    if (   ap_is_initial_req(r)
-        && (cpAL = ap_table_get(r->headers_in, "Authorization")) != NULL) {
-        if (strcEQ(ap_getword(r->pool, &cpAL, ' '), "Basic")) {
-            while (*cpAL == ' ' || *cpAL == '\t')
-                cpAL++;
-            cpAL = ap_pbase64decode(r->pool, cpAL);
-            cpUN = ap_getword_nulls(r->pool, &cpAL, ':');
-            cpPW = cpAL;
-            if (cpUN[0] == '/' && strEQ(cpPW, "password")) {
-                ssl_log(r->server, SSL_LOG_WARN, 
-                        "real Basic Authentication with DN \"%s\" and fake password attempted", cpUN);
-                return FORBIDDEN;
-            }
-        }
-    }
-
-    /*
-     * We decline operation in various situations...
-     */
-    if (!sc->bEnabled)
-        return DECLINED;
-    if (ap_ctx_get(r->connection->client->ctx, "ssl") == NULL)
-        return DECLINED;
-    if (!(dc->nOptions & SSL_OPT_FAKEBASICAUTH))
-        return DECLINED;
-    if (r->connection->user)
-        return DECLINED;
-    if ((clientdn = (char *)ap_ctx_get(r->connection->client->ctx, "ssl::client::dn")) == NULL)
-        return DECLINED;
-
-    /*
-     * Fake a password - which one would be immaterial, as, it seems, an empty
-     * password in the users file would match ALL incoming passwords, if only
-     * we were using the standard crypt library routine. Unfortunately, OpenSSL
-     * "fixes" a "bug" in crypt and thus prevents blank passwords from
-     * working.  (IMHO what they really fix is a bug in the users of the code
-     * - failing to program correctly for shadow passwords).  We need,
-     * therefore, to provide a password. This password can be matched by
-     * adding the string "xxj31ZMTZzkVA" as the password in the user file.
-     * This is just the crypted variant of the word "password" ;-)
-     */
-    cpAL = ap_pstrcat(r->pool, "Basic ", ap_pbase64encode(r->pool,
-        ap_pstrcat(r->pool, clientdn, ":password", NULL)), NULL);
-    ap_table_set(r->headers_in, "Authorization", cpAL);
-    ssl_log(r->server, SSL_LOG_INFO,
-            "Faking HTTP Basic Auth header: \"Authorization: %s\"", cpAL);
-
-    return DECLINED;
-}
-
-int ssl_hook_UserCheck(request_rec *r)
-{
-    SSLDirConfigRec *dc = myDirConfig(r);
-
-    /*
-     * Additionally forbid access (again)
-     * when strict require option is used.
-     */
-    if (   (dc->nOptions & SSL_OPT_STRICTREQUIRE)
-        && (ap_table_get(r->notes, "ssl-access-forbidden") != NULL))
-        return FORBIDDEN;
-
-    return DECLINED;
-}
-
-/*
- *   Fixup Handler
- */
-
-static const char *ssl_hook_Fixup_vars[] = {
-    "SSL_VERSION_INTERFACE",
-    "SSL_VERSION_LIBRARY",
-    "SSL_PROTOCOL",
-    "SSL_CIPHER",
-    "SSL_CIPHER_EXPORT",
-    "SSL_CIPHER_USEKEYSIZE",
-    "SSL_CIPHER_ALGKEYSIZE",
-    "SSL_CLIENT_VERIFY",
-    "SSL_CLIENT_M_VERSION",
-    "SSL_CLIENT_M_SERIAL",
-    "SSL_CLIENT_V_START",
-    "SSL_CLIENT_V_END",
-    "SSL_CLIENT_S_DN",
-    "SSL_CLIENT_S_DN_C",
-    "SSL_CLIENT_S_DN_ST",
-    "SSL_CLIENT_S_DN_L",
-    "SSL_CLIENT_S_DN_O",
-    "SSL_CLIENT_S_DN_OU",
-    "SSL_CLIENT_S_DN_CN",
-    "SSL_CLIENT_S_DN_T",
-    "SSL_CLIENT_S_DN_I",
-    "SSL_CLIENT_S_DN_G",
-    "SSL_CLIENT_S_DN_S",
-    "SSL_CLIENT_S_DN_D",
-    "SSL_CLIENT_S_DN_UID",
-    "SSL_CLIENT_S_DN_Email",
-    "SSL_CLIENT_I_DN",
-    "SSL_CLIENT_I_DN_C",
-    "SSL_CLIENT_I_DN_ST",
-    "SSL_CLIENT_I_DN_L",
-    "SSL_CLIENT_I_DN_O",
-    "SSL_CLIENT_I_DN_OU",
-    "SSL_CLIENT_I_DN_CN",
-    "SSL_CLIENT_I_DN_T",
-    "SSL_CLIENT_I_DN_I",
-    "SSL_CLIENT_I_DN_G",
-    "SSL_CLIENT_I_DN_S",
-    "SSL_CLIENT_I_DN_D",
-    "SSL_CLIENT_I_DN_UID",
-    "SSL_CLIENT_I_DN_Email",
-    "SSL_CLIENT_A_KEY",
-    "SSL_CLIENT_A_SIG",
-    "SSL_SERVER_M_VERSION",
-    "SSL_SERVER_M_SERIAL",
-    "SSL_SERVER_V_START",
-    "SSL_SERVER_V_END",
-    "SSL_SERVER_S_DN",
-    "SSL_SERVER_S_DN_C",
-    "SSL_SERVER_S_DN_ST",
-    "SSL_SERVER_S_DN_L",
-    "SSL_SERVER_S_DN_O",
-    "SSL_SERVER_S_DN_OU",
-    "SSL_SERVER_S_DN_CN",
-    "SSL_SERVER_S_DN_T",
-    "SSL_SERVER_S_DN_I",
-    "SSL_SERVER_S_DN_G",
-    "SSL_SERVER_S_DN_S",
-    "SSL_SERVER_S_DN_D",
-    "SSL_SERVER_S_DN_UID",
-    "SSL_SERVER_S_DN_Email",
-    "SSL_SERVER_I_DN",
-    "SSL_SERVER_I_DN_C",
-    "SSL_SERVER_I_DN_ST",
-    "SSL_SERVER_I_DN_L",
-    "SSL_SERVER_I_DN_O",
-    "SSL_SERVER_I_DN_OU",
-    "SSL_SERVER_I_DN_CN",
-    "SSL_SERVER_I_DN_T",
-    "SSL_SERVER_I_DN_I",
-    "SSL_SERVER_I_DN_G",
-    "SSL_SERVER_I_DN_S",
-    "SSL_SERVER_I_DN_D",
-    "SSL_SERVER_I_DN_UID",
-    "SSL_SERVER_I_DN_Email",
-    "SSL_SERVER_A_KEY",
-    "SSL_SERVER_A_SIG",
-    "SSL_SESSION_ID",
-    NULL
-};
-
-int ssl_hook_Fixup(request_rec *r)
-{
-    SSLSrvConfigRec *sc = mySrvConfig(r->server);
-    SSLDirConfigRec *dc = myDirConfig(r);
-    table *e = r->subprocess_env;
-    char *var;
-    char *val;
-    STACK_OF(X509) *sk;
-    SSL *ssl;
-    int i;
-
-    /*
-     * Check to see if SSL is on
-     */
-    if (!sc->bEnabled)
-        return DECLINED;
-    if ((ssl = ap_ctx_get(r->connection->client->ctx, "ssl")) == NULL)
-        return DECLINED;
-
-    /*
-     * Annotate the SSI/CGI environment with standard SSL information
-     */
-    /* the always present HTTPS (=HTTP over SSL) flag! */
-    ap_table_set(e, "HTTPS", "on"); 
-    /* standard SSL environment variables */
-    if (dc->nOptions & SSL_OPT_STDENVVARS) {
-        for (i = 0; ssl_hook_Fixup_vars[i] != NULL; i++) {
-            var = (char *)ssl_hook_Fixup_vars[i];
-            val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
-            if (!strIsEmpty(val))
-                ap_table_set(e, var, val);
-        }
-    }
-
-    /*
-     * On-demand bloat up the SSI/CGI environment with certificate data
-     */
-    if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
-        val = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_SERVER_CERT");
-        ap_table_set(e, "SSL_SERVER_CERT", val);
-        val = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT");
-        ap_table_set(e, "SSL_CLIENT_CERT", val);
-        if ((sk = SSL_get_peer_cert_chain(ssl)) != NULL) {
-            for (i = 0; i < sk_X509_num(sk); i++) {
-                var = ap_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
-                val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
-                if (val != NULL)
-                     ap_table_set(e, var, val);
-            }
-        }
-    }
-
-    /*
-     * On-demand bloat up the SSI/CGI environment with compat variables
-     */
-#ifdef SSL_COMPAT
-    if (dc->nOptions & SSL_OPT_COMPATENVVARS)
-        ssl_compat_variables(r);
-#endif
-
-    return DECLINED;
-}
-
-/*  _________________________________________________________________
-**
-**  OpenSSL Callback Functions
-**  _________________________________________________________________
-*/
-
-/*
- * Handle out temporary RSA private keys on demand
- *
- * The background of this as the TLSv1 standard explains it:
- *
- * | D.1. Temporary RSA keys
- * |
- * |    US Export restrictions limit RSA keys used for encryption to 512
- * |    bits, but do not place any limit on lengths of RSA keys used for
- * |    signing operations. Certificates often need to be larger than 512
- * |    bits, since 512-bit RSA keys are not secure enough for high-value
- * |    transactions or for applications requiring long-term security. Some
- * |    certificates are also designated signing-only, in which case they
- * |    cannot be used for key exchange.
- * |
- * |    When the public key in the certificate cannot be used for encryption,
- * |    the server signs a temporary RSA key, which is then exchanged. In
- * |    exportable applications, the temporary RSA key should be the maximum
- * |    allowable length (i.e., 512 bits). Because 512-bit RSA keys are
- * |    relatively insecure, they should be changed often. For typical
- * |    electronic commerce applications, it is suggested that keys be
- * |    changed daily or every 500 transactions, and more often if possible.
- * |    Note that while it is acceptable to use the same temporary key for
- * |    multiple transactions, it must be signed each time it is used.
- * |
- * |    RSA key generation is a time-consuming process. In many cases, a
- * |    low-priority process can be assigned the task of key generation.
- * |    Whenever a new key is completed, the existing temporary key can be
- * |    replaced with the new one.
- *
- * So we generated 512 and 1024 bit temporary keys on startup
- * which we now just handle out on demand....
- */
-RSA *ssl_callback_TmpRSA(SSL *pSSL, int nExport, int nKeyLen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    RSA *rsa;
-
-    rsa = NULL;
-    if (nExport) {
-        /* It's because an export cipher is used */
-        if (nKeyLen == 512)
-            rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512];
-        else if (nKeyLen == 1024)
-            rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024];
-        else
-            /* it's too expensive to generate on-the-fly, so keep 1024bit */
-            rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024];
-    }
-    else {
-        /* It's because a sign-only certificate situation exists */
-        rsa = (RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024];
-    }
-    return rsa;
-}
-
-/* 
- * Handle out the already generated DH parameters...
- */
-DH *ssl_callback_TmpDH(SSL *pSSL, int nExport, int nKeyLen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DH *dh;
-
-    dh = NULL;
-    if (nExport) {
-        /* It's because an export cipher is used */
-        if (nKeyLen == 512)
-            dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH512];
-        else if (nKeyLen == 1024)
-            dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH1024];
-        else
-            /* it's too expensive to generate on-the-fly, so keep 1024bit */
-            dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH1024];
-    }
-    else {
-        /* It's because a sign-only certificate situation exists */
-        dh = (DH *)mc->pTmpKeys[SSL_TKPIDX_DH1024];
-    }
-    return dh;
-}
-
-/*
- * This OpenSSL callback function is called when OpenSSL
- * does client authentication and verifies the certificate chain.
- */
-int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
-{
-    SSL *ssl;
-    conn_rec *conn;
-    server_rec *s;
-    request_rec *r;
-    SSLSrvConfigRec *sc;
-    SSLDirConfigRec *dc;
-    ap_ctx *actx;
-    X509 *xs;
-    int errnum;
-    int errdepth;
-    char *cp;
-    char *cp2;
-    int depth;
-    int verify;
-
-    /*
-     * Get Apache context back through OpenSSL context
-     */
-    ssl  = (SSL *)X509_STORE_CTX_get_app_data(ctx);
-    conn = (conn_rec *)SSL_get_app_data(ssl);
-    actx = (ap_ctx *)SSL_get_app_data2(ssl);
-    r    = (request_rec *)ap_ctx_get(actx, "ssl::request_rec");
-    s    = conn->server;
-    sc   = mySrvConfig(s);
-    dc   = (r != NULL ? myDirConfig(r) : NULL);
-
-    /*
-     * Get verify ingredients
-     */
-    xs       = X509_STORE_CTX_get_current_cert(ctx);
-    errnum   = X509_STORE_CTX_get_error(ctx);
-    errdepth = X509_STORE_CTX_get_error_depth(ctx);
-
-    /*
-     * Log verification information
-     */
-    cp  = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
-    cp2 = X509_NAME_oneline(X509_get_issuer_name(xs),  NULL, 0);
-    ssl_log(s, SSL_LOG_TRACE,
-            "Certificate Verification: depth: %d, subject: %s, issuer: %s",
-            errdepth, cp != NULL ? cp : "-unknown-",
-            cp2 != NULL ? cp2 : "-unknown");
-    if (cp)
-        OPENSSL_free(cp);
-    if (cp2)
-        OPENSSL_free(cp2);
-
-    /*
-     * Check for optionally acceptable non-verifiable issuer situation
-     */
-    if (dc != NULL && dc->nVerifyClient != SSL_CVERIFY_UNSET)
-        verify = dc->nVerifyClient;
-    else
-        verify = sc->nVerifyClient;
-    if (   (   errnum == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
-            || errnum == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
-            || errnum == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
-            || errnum == X509_V_ERR_CERT_UNTRUSTED
-            || errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE  )
-        && verify == SSL_CVERIFY_OPTIONAL_NO_CA                       ) {
-        ssl_log(s, SSL_LOG_TRACE,
-                "Certificate Verification: Verifiable Issuer is configured as "
-                "optional, therefore we're accepting the certificate");
-        ap_ctx_set(conn->client->ctx, "ssl::verify::info", "GENEROUS");
-        SSL_set_verify_result(ssl, X509_V_OK);
-        ok = TRUE;
-    }
-
-    /*
-     * Additionally perform CRL-based revocation checks
-     */
-    if (ok) {
-        ok = ssl_callback_SSLVerify_CRL(ok, ctx, s);
-        if (!ok)
-            errnum = X509_STORE_CTX_get_error(ctx);
-    }
-
-    /*
-     * If we already know it's not ok, log the real reason
-     */
-    if (!ok) {
-        ssl_log(s, SSL_LOG_ERROR, "Certificate Verification: Error (%d): %s",
-                errnum, X509_verify_cert_error_string(errnum));
-        ap_ctx_set(conn->client->ctx, "ssl::client::dn", NULL);
-        ap_ctx_set(conn->client->ctx, "ssl::verify::error",
-                   (void *)X509_verify_cert_error_string(errnum));
-    }
-
-    /*
-     * Finally check the depth of the certificate verification
-     */
-    if (dc != NULL && dc->nVerifyDepth != UNSET)
-        depth = dc->nVerifyDepth;
-    else
-        depth = sc->nVerifyDepth;
-    if (errdepth > depth) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Certificate Verification: Certificate Chain too long "
-                "(chain has %d certificates, but maximum allowed are only %d)",
-                errdepth, depth);
-        ap_ctx_set(conn->client->ctx, "ssl::verify::error",
-                   (void *)X509_verify_cert_error_string(X509_V_ERR_CERT_CHAIN_TOO_LONG));
-        ok = FALSE;
-    }
-
-    /*
-     * And finally signal OpenSSL the (perhaps changed) state
-     */
-    return (ok);
-}
-
-int ssl_callback_SSLVerify_CRL(
-    int ok, X509_STORE_CTX *ctx, server_rec *s)
-{
-    SSLSrvConfigRec *sc;
-    X509_OBJECT obj;
-    X509_NAME *subject;
-    X509_NAME *issuer;
-    X509 *xs;
-    X509_CRL *crl;
-    X509_REVOKED *revoked;
-    EVP_PKEY *pubkey;
-    long serial;
-    BIO *bio;
-    int i, n, rc;
-    char *cp;
-    char *cp2;
-    ASN1_TIME *t;
-
-    /*
-     * Unless a revocation store for CRLs was created we
-     * cannot do any CRL-based verification, of course.
-     */
-    sc = mySrvConfig(s);
-    if (sc->pRevocationStore == NULL)
-        return ok;
-
-    /*
-     * Determine certificate ingredients in advance
-     */
-    xs      = X509_STORE_CTX_get_current_cert(ctx);
-    subject = X509_get_subject_name(xs);
-    issuer  = X509_get_issuer_name(xs);
-
-    /*
-     * OpenSSL provides the general mechanism to deal with CRLs but does not
-     * use them automatically when verifying certificates, so we do it
-     * explicitly here. We will check the CRL for the currently checked
-     * certificate, if there is such a CRL in the store.
-     *
-     * We come through this procedure for each certificate in the certificate
-     * chain, starting with the root-CA's certificate. At each step we've to
-     * both verify the signature on the CRL (to make sure it's a valid CRL)
-     * and it's revocation list (to make sure the current certificate isn't
-     * revoked).  But because to check the signature on the CRL we need the
-     * public key of the issuing CA certificate (which was already processed
-     * one round before), we've a little problem. But we can both solve it and
-     * at the same time optimize the processing by using the following
-     * verification scheme (idea and code snippets borrowed from the GLOBUS
-     * project):
-     *
-     * 1. We'll check the signature of a CRL in each step when we find a CRL
-     *    through the _subject_ name of the current certificate. This CRL
-     *    itself will be needed the first time in the next round, of course.
-     *    But we do the signature processing one round before this where the
-     *    public key of the CA is available.
-     *
-     * 2. We'll check the revocation list of a CRL in each step when
-     *    we find a CRL through the _issuer_ name of the current certificate.
-     *    This CRLs signature was then already verified one round before.
-     *
-     * This verification scheme allows a CA to revoke its own certificate as
-     * well, of course.
-     */
-
-    /*
-     * Try to retrieve a CRL corresponding to the _subject_ of
-     * the current certificate in order to verify it's integrity.
-     */
-    memset((char *)&obj, 0, sizeof(obj));
-    rc = SSL_X509_STORE_lookup(sc->pRevocationStore, X509_LU_CRL, subject, &obj);
-    crl = obj.data.crl;
-    if (rc > 0 && crl != NULL) {
-        /*
-         * Log information about CRL
-         * (A little bit complicated because of ASN.1 and BIOs...)
-         */
-        if (ssl_log_applies(s, SSL_LOG_TRACE)) {
-            bio = BIO_new(BIO_s_mem());
-            BIO_printf(bio, "lastUpdate: ");
-            ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl));
-            BIO_printf(bio, ", nextUpdate: ");
-            ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
-            n = BIO_pending(bio);
-            cp = malloc(n+1);
-            n = BIO_read(bio, cp, n);
-            cp[n] = NUL;
-            BIO_free(bio);
-            cp2 = X509_NAME_oneline(subject, NULL, 0);
-            ssl_log(s, SSL_LOG_TRACE, "CA CRL: Issuer: %s, %s", cp2, cp);
-            OPENSSL_free(cp2);
-            free(cp);
-        }
-
-        /*
-         * Verify the signature on this CRL
-         */
-        pubkey = X509_get_pubkey(xs);
-        if (X509_CRL_verify(crl, pubkey) <= 0) {
-            ssl_log(s, SSL_LOG_WARN, "Invalid signature on CRL");
-            X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
-            X509_OBJECT_free_contents(&obj);
-            if (pubkey != NULL)
-                EVP_PKEY_free(pubkey);
-            return FALSE;
-        }
-        if (pubkey != NULL)
-            EVP_PKEY_free(pubkey);
-
-        /*
-         * Check date of CRL to make sure it's not expired
-         */
-        if ((t = X509_CRL_get_nextUpdate(crl)) == NULL) {
-            ssl_log(s, SSL_LOG_WARN, "Found CRL has invalid nextUpdate field");
-            X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
-            X509_OBJECT_free_contents(&obj);
-            return FALSE;
-        }
-        if (X509_cmp_current_time(t) < 0) {
-            ssl_log(s, SSL_LOG_WARN,
-                    "Found CRL is expired - "
-                    "revoking all certificates until you get updated CRL");
-            X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
-            X509_OBJECT_free_contents(&obj);
-            return FALSE;
-        }
-        X509_OBJECT_free_contents(&obj);
-    }
-
-    /*
-     * Try to retrieve a CRL corresponding to the _issuer_ of
-     * the current certificate in order to check for revocation.
-     */
-    memset((char *)&obj, 0, sizeof(obj));
-    rc = SSL_X509_STORE_lookup(sc->pRevocationStore, X509_LU_CRL, issuer, &obj);
-    crl = obj.data.crl;
-    if (rc > 0 && crl != NULL) {
-        /*
-         * Check if the current certificate is revoked by this CRL
-         */
-        n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
-        for (i = 0; i < n; i++) {
-            revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
-            if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) == 0) {
-
-                serial = ASN1_INTEGER_get(revoked->serialNumber);
-                cp = X509_NAME_oneline(issuer, NULL, 0);
-                ssl_log(s, SSL_LOG_INFO,
-                        "Certificate with serial %ld (0x%lX) "
-                        "revoked per CRL from issuer %s",
-                        serial, serial, cp);
-                OPENSSL_free(cp);
-
-                X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
-                X509_OBJECT_free_contents(&obj);
-                return FALSE;
-            }
-        }
-        X509_OBJECT_free_contents(&obj);
-    }
-    return ok;
-}
-
-/*
- *  This callback function is executed by OpenSSL whenever a new SSL_SESSION is
- *  added to the internal OpenSSL session cache. We use this hook to spread the
- *  SSL_SESSION also to the inter-process disk-cache to make share it with our
- *  other Apache pre-forked server processes.
- */
-int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *pNew)
-{
-    conn_rec *conn;
-    server_rec *s;
-    SSLSrvConfigRec *sc;
-    long t;
-    BOOL rc;
-
-    /*
-     * Get Apache context back through OpenSSL context
-     */
-    conn = (conn_rec *)SSL_get_app_data(ssl);
-    s    = conn->server;
-    sc   = mySrvConfig(s);
-
-    /*
-     * Set the timeout also for the internal OpenSSL cache, because this way
-     * our inter-process cache is consulted only when it's really necessary.
-     */
-    t = sc->nSessionCacheTimeout;
-    SSL_set_timeout(pNew, t);
-
-    /*
-     * Store the SSL_SESSION in the inter-process cache with the
-     * same expire time, so it expires automatically there, too.
-     */
-    t = (SSL_get_time(pNew) + sc->nSessionCacheTimeout);
-    rc = ssl_scache_store(s, pNew->session_id, pNew->session_id_length, t, pNew);
-
-    /*
-     * Log this cache operation
-     */
-    ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-            "request=SET status=%s id=%s timeout=%ds (session caching)",
-            rc == TRUE ? "OK" : "BAD",
-            SSL_SESSION_id2sz(pNew->session_id, pNew->session_id_length),
-            t-time(NULL));
-
-    /*
-     * return 0 which means to OpenSSL that the pNew is still
-     * valid and was not freed by us with SSL_SESSION_free().
-     */
-    return 0;
-}
-
-/*
- *  This callback function is executed by OpenSSL whenever a
- *  SSL_SESSION is looked up in the internal OpenSSL cache and it
- *  was not found. We use this to lookup the SSL_SESSION in the
- *  inter-process disk-cache where it was perhaps stored by one
- *  of our other Apache pre-forked server processes.
- */
-SSL_SESSION *ssl_callback_GetSessionCacheEntry(
-    SSL *ssl, unsigned char *id, int idlen, int *pCopy)
-{
-    conn_rec *conn;
-    server_rec *s;
-    SSL_SESSION *pSession;
-
-    /*
-     * Get Apache context back through OpenSSL context
-     */
-    conn = (conn_rec *)SSL_get_app_data(ssl);
-    s    = conn->server;
-
-    /*
-     * Try to retrieve the SSL_SESSION from the inter-process cache
-     */
-    pSession = ssl_scache_retrieve(s, id, idlen);
-
-    /*
-     * Log this cache operation
-     */
-    if (pSession != NULL)
-        ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-                "request=GET status=FOUND id=%s (session reuse)",
-                SSL_SESSION_id2sz(id, idlen));
-    else
-        ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-                "request=GET status=MISSED id=%s (session renewal)",
-                SSL_SESSION_id2sz(id, idlen));
-
-    /*
-     * Return NULL or the retrieved SSL_SESSION. But indicate (by
-     * setting pCopy to 0) that the reference count on the
-     * SSL_SESSION should not be incremented by the SSL library,
-     * because we will no longer hold a reference to it ourself.
-     */
-    *pCopy = 0;
-    return pSession;
-}
-
-/*
- *  This callback function is executed by OpenSSL whenever a
- *  SSL_SESSION is removed from the the internal OpenSSL cache.
- *  We use this to remove the SSL_SESSION in the inter-process
- *  disk-cache, too.
- */
-void ssl_callback_DelSessionCacheEntry(
-    SSL_CTX *ctx, SSL_SESSION *pSession)
-{
-    server_rec *s;
-
-    /*
-     * Get Apache context back through OpenSSL context
-     */
-    s = (server_rec *)SSL_CTX_get_app_data(ctx);
-    if (s == NULL) /* on server shutdown Apache is already gone */
-        return;
-
-    /*
-     * Remove the SSL_SESSION from the inter-process cache
-     */
-    ssl_scache_remove(s, pSession->session_id, pSession->session_id_length);
-
-    /*
-     * Log this cache operation
-     */
-    ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
-            "request=REM status=OK id=%s (session dead)",
-            SSL_SESSION_id2sz(pSession->session_id,
-            pSession->session_id_length));
-
-    return;
-}
-
-/*
- * This callback function is executed while OpenSSL processes the
- * SSL handshake and does SSL record layer stuff. We use it to
- * trace OpenSSL's processing in out SSL logfile.
- */
-void ssl_callback_LogTracingState(const SSL *ssl, int where, int rc)
-{
-    conn_rec *c;
-    server_rec *s;
-    SSLSrvConfigRec *sc;
-    char *str;
-
-    /*
-     * find corresponding server
-     */
-    if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL)
-        return;
-    s = c->server;
-    if ((sc = mySrvConfig(s)) == NULL)
-        return;
-
-    /*
-     * create the various trace messages
-     */
-    if (sc->nLogLevel >= SSL_LOG_TRACE) {
-        if (where & SSL_CB_HANDSHAKE_START)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Handshake: start", SSL_LIBRARY_NAME);
-        else if (where & SSL_CB_HANDSHAKE_DONE)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Handshake: done", SSL_LIBRARY_NAME);
-        else if (where & SSL_CB_LOOP)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Loop: %s",
-                    SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-        else if (where & SSL_CB_READ)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Read: %s",
-                    SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-        else if (where & SSL_CB_WRITE)
-            ssl_log(s, SSL_LOG_TRACE, "%s: Write: %s",
-                    SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-        else if (where & SSL_CB_ALERT) {
-            str = (where & SSL_CB_READ) ? "read" : "write";
-            ssl_log(s, SSL_LOG_TRACE, "%s: Alert: %s:%s:%s\n",
-                    SSL_LIBRARY_NAME, str,
-                    SSL_alert_type_string_long(rc),
-                    SSL_alert_desc_string_long(rc));
-        }
-        else if (where & SSL_CB_EXIT) {
-            if (rc == 0)
-                ssl_log(s, SSL_LOG_TRACE, "%s: Exit: failed in %s",
-                        SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-            else if (rc < 0)
-                ssl_log(s, SSL_LOG_TRACE, "%s: Exit: error in %s",
-                        SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
-        }
-    }
-
-    /*
-     * Because SSL renegotiations can happen at any time (not only after
-     * SSL_accept()), the best way to log the current connection details is
-     * right after a finished handshake.
-     */
-    if (where & SSL_CB_HANDSHAKE_DONE) {
-        ssl_log(s, SSL_LOG_INFO,
-                "Connection: Client IP: %s, Protocol: %s, Cipher: %s (%s/%s bits)",
-                ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
-                ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
-                ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
-                ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
-                ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
-    }
-
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_log.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_log.c
deleted file mode 100644
index e5bf3107707..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_log.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_log.c
-**  Logging Facility
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``The difference between a computer
-                                  industry job and open-source software
-                                  hacking is about 30 hours a week.''
-                                         -- Ralf S. Engelschall     */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Logfile Support
-**  _________________________________________________________________
-*/
-
-/*
- * Open the SSL logfile
- */
-void ssl_log_open(server_rec *s_main, server_rec *s, pool *p)
-{
-    char *szLogFile;
-    SSLSrvConfigRec *sc_main = mySrvConfig(s_main);
-    SSLSrvConfigRec *sc = mySrvConfig(s);
-    piped_log *pl;
-    char *cp;
-
-    /* 
-     * Short-circuit for inherited logfiles in order to save
-     * filedescriptors in mass-vhost situation. Be careful, this works
-     * fine because the close happens implicitly by the pool facility.
-     */
-    if (   s != s_main 
-        && sc_main->fileLogFile != NULL
-        && (   (sc->szLogFile == NULL)
-            || (   sc->szLogFile != NULL 
-                && sc_main->szLogFile != NULL 
-                && strEQ(sc->szLogFile, sc_main->szLogFile)))) {
-        sc->fileLogFile = sc_main->fileLogFile;
-    }
-    else if (sc->szLogFile != NULL) {
-        if (strEQ(sc->szLogFile, "/dev/null"))
-            return;
-        else if (sc->szLogFile[0] == '|') {
-            cp = sc->szLogFile+1;
-            while (*cp == ' ' || *cp == '\t')
-                cp++;
-            szLogFile = ssl_util_server_root_relative(p, "log", cp);
-            if ((pl = ap_open_piped_log(p, szLogFile)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                        "Cannot open reliable pipe to SSL logfile filter %s", szLogFile);
-                ssl_die();
-            }
-            sc->fileLogFile = ap_pfdopen(p, ap_piped_log_write_fd(pl), "a");
-            setbuf(sc->fileLogFile, NULL);
-        }
-        else {
-            szLogFile = ssl_util_server_root_relative(p, "log", sc->szLogFile);
-            if ((sc->fileLogFile = ap_pfopen(p, szLogFile, "a")) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                        "Cannot open SSL logfile %s", szLogFile);
-                ssl_die();
-            }
-            setbuf(sc->fileLogFile, NULL);
-        }
-    }
-    return;
-}
-
-static struct {
-    int   nLevel;
-    char *szLevel;
-} ssl_log_level2string[] = {
-    { SSL_LOG_ERROR, "error" },
-    { SSL_LOG_WARN,  "warn"  },
-    { SSL_LOG_INFO,  "info"  },
-    { SSL_LOG_TRACE, "trace" },
-    { SSL_LOG_DEBUG, "debug" },
-    { 0, NULL }
-};
-
-static struct {
-    char *cpPattern;
-    char *cpAnnotation;
-} ssl_log_annotate[] = {
-    { "*envelope*bad*decrypt*", "wrong pass phrase!?" },
-    { "*CLIENT_HELLO*unknown*protocol*", "speaking not SSL to HTTPS port!?" },
-    { "*CLIENT_HELLO*http*request*", "speaking HTTP to HTTPS port!?" },
-    { "*SSL3_READ_BYTES:sslv3*alert*bad*certificate*", "Subject CN in certificate not server name or identical to CA!?" },
-    { "*self signed certificate in certificate chain*", "Client certificate signed by CA not known to server?" },
-    { "*peer did not return a certificate*", "No CAs known to server for verification?" },
-    { "*no shared cipher*", "Too restrictive SSLCipherSuite or using DSA server certificate?" },
-    { "*no start line*", "Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?" },
-    { "*bad password read*", "You entered an incorrect pass phrase!?" },
-    { "*bad mac decode*", "Browser still remembered details of a re-created server certificate?" },
-    { NULL, NULL }
-};
-
-static char *ssl_log_annotation(char *error)
-{
-    char *errstr;
-    int i;
-
-    errstr = NULL;
-    for (i = 0; ssl_log_annotate[i].cpPattern != NULL; i++) {
-        if (ap_strcmp_match(error, ssl_log_annotate[i].cpPattern) == 0) {
-            errstr = ssl_log_annotate[i].cpAnnotation;
-            break;
-        }
-    }
-    return errstr;
-}
-
-BOOL ssl_log_applies(server_rec *s, int level)
-{
-    SSLSrvConfigRec *sc;
-
-    sc = mySrvConfig(s);
-    if (   sc->fileLogFile == NULL
-        && !(level & SSL_LOG_ERROR))
-        return FALSE;
-    if (   level > sc->nLogLevel
-        && !(level & SSL_LOG_ERROR))
-        return FALSE;
-    return TRUE;
-}
-
-void ssl_log(server_rec *s, int level, const char *msg, ...)
-{
-    char tstr[80];
-    char lstr[20];
-    char vstr[1024];
-    char str[1024];
-    char nstr[2];
-    int timz;
-    struct tm *t;
-    va_list ap;
-    int add;
-    int i;
-    char *astr;
-    int safe_errno;
-    unsigned long e;
-    SSLSrvConfigRec *sc;
-    char *cpE;
-    char *cpA;
-
-    /*  initialization  */
-    va_start(ap, msg);
-    safe_errno = errno;
-    sc = mySrvConfig(s);
-
-    /*  strip out additional flags  */
-    add   = (level & ~SSL_LOG_MASK);
-    level = (level & SSL_LOG_MASK);
-
-    /*  reduce flags when not reasonable in context  */
-    if (add & SSL_ADD_ERRNO && errno == 0)
-        add &= ~SSL_ADD_ERRNO;
-    if (add & SSL_ADD_SSLERR && ERR_peek_error() == 0)
-        add &= ~SSL_ADD_SSLERR;
-
-    /*  we log only levels below, except for errors */
-    if (   sc->fileLogFile == NULL
-        && !(level & SSL_LOG_ERROR))
-        return;
-    if (   level > sc->nLogLevel
-        && !(level & SSL_LOG_ERROR))
-        return;
-
-    /*  determine the time entry string  */
-    if (add & SSL_NO_TIMESTAMP)
-        tstr[0] = NUL;
-    else {
-        t = ap_get_gmtoff(&timz);
-        strftime(tstr, 80, "[%d/%b/%Y %H:%M:%S", t);
-        i = strlen(tstr);
-        ap_snprintf(tstr+i, 80-i, " %05d] ", (unsigned int)getpid());
-    }
-
-    /*  determine whether newline should be written */
-    if (add & SSL_NO_NEWLINE)
-        nstr[0] = NUL;
-    else {
-        nstr[0] = '\n';
-        nstr[1] = NUL;
-    }
-
-    /*  determine level name  */
-    lstr[0] = NUL;
-    if (!(add & SSL_NO_LEVELID)) {
-        for (i = 0; ssl_log_level2string[i].nLevel != 0; i++) {
-            if (ssl_log_level2string[i].nLevel == level) {
-                ap_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel);
-                break;
-            }
-        }
-        for (i = strlen(lstr); i <= 7; i++)
-            lstr[i] = ' ';
-        lstr[i] = NUL;
-    }
-
-    /*  create custom message  */
-    ap_vsnprintf(vstr, sizeof(vstr), msg, ap);
-
-    /*  write out SSLog message  */
-    if ((add & SSL_ADD_ERRNO) && (add & SSL_ADD_SSLERR))
-        astr = " (System and " SSL_LIBRARY_NAME " library errors follow)";
-    else if (add & SSL_ADD_ERRNO)
-        astr = " (System error follows)";
-    else if (add & SSL_ADD_SSLERR)
-        astr = " (" SSL_LIBRARY_NAME " library error follows)";
-    else
-        astr = "";
-    if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
-        ap_snprintf(str, sizeof(str), "%s%s%s%s%s", tstr, lstr, vstr, astr, nstr);
-        fprintf(sc->fileLogFile, "%s", str);
-    }
-    if (level & SSL_LOG_ERROR)
-        ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
-                     "mod_ssl: %s%s", vstr, astr);
-
-    /*  write out additional attachment messages  */
-    if (add & SSL_ADD_ERRNO) {
-        if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
-            ap_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s",
-                        tstr, lstr, strerror(safe_errno), safe_errno, nstr);
-            fprintf(sc->fileLogFile, "%s", str);
-        }
-        if (level & SSL_LOG_ERROR)
-            ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
-                         "System: %s (errno: %d)",
-                         strerror(safe_errno), safe_errno);
-    }
-    if (add & SSL_ADD_SSLERR) {
-        while ((e = ERR_get_error())) {
-            cpE = ERR_error_string(e, NULL);
-            cpA = ssl_log_annotation(cpE);
-            if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
-                ap_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s",
-                            tstr, lstr, SSL_LIBRARY_NAME, cpE,
-                            cpA != NULL ? " [Hint: " : "",
-                            cpA != NULL ? cpA : "", cpA != NULL ? "]" : "",
-                            nstr);
-                fprintf(sc->fileLogFile, "%s", str);
-            }
-            if (level & SSL_LOG_ERROR)
-                ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
-                             "%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE,
-                             cpA != NULL ? " [Hint: " : "",
-                             cpA != NULL ? cpA : "", cpA != NULL ? "]" : "");
-        }
-    }
-    /* make sure the next log starts from a clean base */
-    /* ERR_clear_error(); */
-
-    /*  cleanup and return  */
-    if (sc->fileLogFile != NULL)
-        fflush(sc->fileLogFile);
-    errno = safe_errno;
-    va_end(ap);
-    return;
-}
-
-void ssl_die(void)
-{
-    /*
-     * This is used for fatal errors and here
-     * it is common module practice to really
-     * exit from the complete program.
-     */
-    exit(1);
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_mutex.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_mutex.c
deleted file mode 100644
index 229360d8f20..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_mutex.c
+++ /dev/null
@@ -1,356 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_mutex.c
-**  Semaphore for Mutual Exclusion
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Real programmers confuse
-                                  Christmas and Halloween
-                                  because DEC 25 = OCT 31.''
-                                             -- Unknown     */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Mutex Support (Common)
-**  _________________________________________________________________
-*/
-
-void ssl_mutex_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ssl_mutex_file_create(s, p);
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ssl_mutex_sem_create(s, p);
-    return;
-}
-
-void ssl_mutex_reinit(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ssl_mutex_file_open(s, p);
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ssl_mutex_sem_open(s, p);
-    return;
-}
-
-void ssl_mutex_on(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    BOOL ok = TRUE;
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ok = ssl_mutex_file_acquire();
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ok = ssl_mutex_sem_acquire();
-    if (!ok)
-        ssl_log(s, SSL_LOG_WARN, "Failed to acquire global mutex lock");
-    return;
-}
-
-void ssl_mutex_off(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    BOOL ok = TRUE;
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ok = ssl_mutex_file_release();
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ok = ssl_mutex_sem_release();
-    if (!ok)
-        ssl_log(s, SSL_LOG_WARN, "Failed to release global mutex lock");
-    return;
-}
-
-void ssl_mutex_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nMutexMode == SSL_MUTEXMODE_FILE)
-        ssl_mutex_file_remove(s);
-    else if (mc->nMutexMode == SSL_MUTEXMODE_SEM)
-        ssl_mutex_sem_remove(s);
-    return;
-}
-
-
-/*  _________________________________________________________________
-**
-**  Mutex Support (Lockfile)
-**  _________________________________________________________________
-*/
-
-void ssl_mutex_file_create(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    char mutexfile[MAXPATHLEN];
-
-    /* create the lockfile */
-    strlcpy(mutexfile, mc->szMutexFile, sizeof(mutexfile));
-    ap_server_strip_chroot(mutexfile, 0);
-    unlink(mutexfile);
-    if ((mc->nMutexFD = ap_popenf(p, mutexfile,
-                                  O_WRONLY|O_CREAT, SSL_MUTEX_LOCK_MODE)) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent process could not create SSLMutex lockfile %s",
-                mutexfile);
-        ssl_die();
-    }
-    ap_pclosef(p, mc->nMutexFD);
-
-    /* make sure the childs have access to this file */
-    if (geteuid() == 0 /* is superuser */)
-        chown(mutexfile, ap_user_id, -1 /* no gid change */);
-
-    /* open the lockfile for real */
-    if ((mc->nMutexFD = ap_popenf(p, mutexfile,
-                                  O_WRONLY, SSL_MUTEX_LOCK_MODE)) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent could not open SSLMutex lockfile %s",
-                mutexfile);
-        ssl_die();
-    }
-    return;
-}
-
-void ssl_mutex_file_open(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    char mutexfile[MAXPATHLEN];
-
-    strlcpy(mutexfile, mc->szMutexFile, sizeof(mutexfile));
-    ap_server_strip_chroot(mutexfile, 0);
-
-    /* open the lockfile (once per child) to get a unique fd */
-    if ((mc->nMutexFD = ap_popenf(p, mutexfile,
-                                  O_WRONLY, SSL_MUTEX_LOCK_MODE)) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Child could not open SSLMutex lockfile %s",
-                mutexfile);
-        ssl_die();
-    }
-    return;
-}
-
-void ssl_mutex_file_remove(void *data)
-{
-    SSLModConfigRec *mc = myModConfig();
-    char mutexfile[MAXPATHLEN];
-    strlcpy(mutexfile, mc->szMutexFile, sizeof(mutexfile));
-    ap_server_strip_chroot(mutexfile, 0);
-
-    /* remove the mutex lockfile */
-    unlink(mutexfile);
-    return;
-}
-
-#ifdef SSL_USE_FCNTL
-static struct flock   lock_it;
-static struct flock unlock_it;
-#endif
-
-BOOL ssl_mutex_file_acquire(void)
-{
-    int rc = -1;
-    SSLModConfigRec *mc = myModConfig();
-
-#ifdef SSL_USE_FCNTL
-    lock_it.l_whence = SEEK_SET; /* from current point */
-    lock_it.l_start  = 0;        /* -"- */
-    lock_it.l_len    = 0;        /* until end of file */
-    lock_it.l_type   = F_WRLCK;  /* set exclusive/write lock */
-    lock_it.l_pid    = 0;        /* pid not actually interesting */
-
-    while (   ((rc = fcntl(mc->nMutexFD, F_SETLKW, &lock_it)) < 0)
-           && (errno == EINTR)                                    ) 
-        ;
-#endif
-#ifdef SSL_USE_FLOCK
-    while (   ((rc = flock(mc->nMutexFD, LOCK_EX)) < 0)
-           && (errno == EINTR)                         )
-        ;
-#endif
-
-    if (rc < 0)
-        return FALSE;
-    else
-        return TRUE;
-}
-
-BOOL ssl_mutex_file_release(void)
-{
-    int rc = -1;
-    SSLModConfigRec *mc = myModConfig();
-
-#ifdef SSL_USE_FCNTL
-    unlock_it.l_whence = SEEK_SET; /* from current point */
-    unlock_it.l_start  = 0;        /* -"- */
-    unlock_it.l_len    = 0;        /* until end of file */
-    unlock_it.l_type   = F_UNLCK;  /* unlock */
-    unlock_it.l_pid    = 0;        /* pid not actually interesting */
-
-    while (   (rc = fcntl(mc->nMutexFD, F_SETLKW, &unlock_it)) < 0
-           && (errno == EINTR)                                    )
-        ;
-#endif
-#ifdef SSL_USE_FLOCK
-    while (   (rc = flock(mc->nMutexFD, LOCK_UN)) < 0
-           && (errno == EINTR)                       ) 
-        ;
-#endif
-
-    if (rc < 0)
-        return FALSE;
-    else
-        return TRUE;
-}
-
-/*  _________________________________________________________________
-**
-**  Mutex Support (Process Semaphore)
-**  _________________________________________________________________
-*/
-
-void ssl_mutex_sem_create(server_rec *s, pool *p)
-{
-    int semid;
-    SSLModConfigRec *mc = myModConfig();
-    union ssl_ipc_semun semctlarg;
-    struct semid_ds semctlbuf;
-
-    semid = semget(IPC_PRIVATE, 1, IPC_CREAT|IPC_EXCL|S_IRUSR|S_IWUSR);
-    if (semid == -1 && errno == EEXIST)
-        semid = semget(IPC_PRIVATE, 1, IPC_EXCL|S_IRUSR|S_IWUSR);
-    if (semid == -1) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent process could not create private SSLMutex semaphore");
-        ssl_die();
-    }
-    semctlarg.val = 0;
-    if (semctl(semid, 0, SETVAL, semctlarg) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent process could not initialize SSLMutex semaphore value");
-        ssl_die();
-    }
-    semctlbuf.sem_perm.uid  = ap_user_id;
-    semctlbuf.sem_perm.gid  = ap_group_id;
-    semctlbuf.sem_perm.mode = 0600;
-    semctlarg.buf = &semctlbuf;
-    if (semctl(semid, 0, IPC_SET, semctlarg) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Parent process could not set permissions for SSLMutex semaphore");
-        ssl_die();
-    }
-    mc->nMutexSEMID = semid;
-    return;
-}
-
-void ssl_mutex_sem_open(server_rec *s, pool *p)
-{
-    return;
-}
-
-void ssl_mutex_sem_remove(void *data)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    semctl(mc->nMutexSEMID, 0, IPC_RMID, 0);
-    return;
-}
-
-BOOL ssl_mutex_sem_acquire(void)
-{
-    int rc = 0;
-    SSLModConfigRec *mc = myModConfig();
-
-    struct sembuf sb[] = {
-        { 0, 0, 0 },       /* wait for semaphore */
-        { 0, 1, SEM_UNDO } /* increment semaphore */
-    };
-
-    while (   (rc = semop(mc->nMutexSEMID, sb, 2)) < 0
-           && (errno == EINTR)                        ) 
-        ;
-    if (rc != 0)
-        return FALSE;
-    else
-        return TRUE;
-}
-
-BOOL ssl_mutex_sem_release(void)
-{
-    int rc = 0;
-    SSLModConfigRec *mc = myModConfig();
-
-    struct sembuf sb[] = {
-        { 0, -1, SEM_UNDO } /* decrements semaphore */
-    };
-
-    while (   (rc = semop(mc->nMutexSEMID, sb, 1)) < 0 
-           && (errno == EINTR)                        ) 
-        ;
-    if (rc != 0)
-        return FALSE;
-    else
-        return TRUE;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c
deleted file mode 100644
index 78f4ec4a83e..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_pphrase.c
+++ /dev/null
@@ -1,540 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_pphrase.c
-**  Pass Phrase Dialog
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Treat your password like your
-                                  toothbrush. Don't let anybody
-                                  else use it, and get a new one
-                                  every six months.''
-                                           -- Clifford Stoll     */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Pass Phrase and Private Key Handling
-**  _________________________________________________________________
-*/
-
-#define STDERR_FILENO_STORE 50
-#define BUILTIN_DIALOG_BACKOFF 2
-#define BUILTIN_DIALOG_RETRIES 5
-
-void ssl_pphrase_Handle(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSLSrvConfigRec *sc;
-    server_rec *pServ;
-    char *cpVHostID;
-    char szPath[MAX_STRING_LEN];
-    EVP_PKEY *pPrivateKey;
-    ssl_asn1_t *asn1;
-    unsigned char *ucp;
-    X509 *pX509Cert;
-    FILE *fp;
-    BOOL bReadable;
-    ssl_ds_array *aPassPhrase;
-    int nPassPhrase;
-    int nPassPhraseCur;
-    char *cpPassPhraseCur;
-    int nPassPhraseRetry;
-    int nPassPhraseDialog;
-    int nPassPhraseDialogCur;
-    BOOL bPassPhraseDialogOnce;
-    char **cpp;
-    int i, j;
-    ssl_algo_t algoCert, algoKey, at;
-    char *an;
-    char *cp;
-
-    /*
-     * Start with a fresh pass phrase array
-     */
-    aPassPhrase       = ssl_ds_array_make(p, sizeof(char *));
-    nPassPhrase       = 0;
-    nPassPhraseDialog = 0;
-
-    /*
-     * Walk through all configured servers
-     */
-    for (pServ = s; pServ != NULL; pServ = pServ->next) {
-        sc = mySrvConfig(pServ);
-
-        if (!sc->bEnabled)
-            continue;
-
-        cpVHostID = ssl_util_vhostid(p, pServ);
-        ssl_log(pServ, SSL_LOG_INFO,
-                "Init: Loading certificate & private key of SSL-aware server %s",
-                cpVHostID);
-
-        /*
-         * Read in server certificate(s): This is the easy part
-         * because this file isn't encrypted in any way.
-         */
-        if (sc->szPublicCertFile[0] == NULL) {
-            ssl_log(pServ, SSL_LOG_ERROR,
-                    "Init: Server %s should be SSL-aware but has no certificate configured "
-                    "[Hint: SSLCertificateFile]", cpVHostID);
-            ssl_die();
-        }
-        algoCert = SSL_ALGO_UNKNOWN;
-        algoKey  = SSL_ALGO_UNKNOWN;
-        for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++) {
-
-            ap_cpystrn(szPath, sc->szPublicCertFile[i], sizeof(szPath));
-            if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                        "Init: Can't open server certificate file %s", szPath);
-                ssl_die();
-            }
-            if ((pX509Cert = SSL_read_X509(fp, NULL, NULL)) == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: Unable to read server certificate from file %s", szPath);
-                ssl_die();
-            }
-            ap_pfclose(p, fp);
-
-            /*
-             * check algorithm type of certificate and make
-             * sure only one certificate per type is used.
-             */
-            at = ssl_util_algotypeof(pX509Cert, NULL);
-            an = ssl_util_algotypestr(at);
-            if (algoCert & at) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: Multiple %s server certificates not allowed", an);
-                ssl_die();
-            }
-            algoCert |= at;
-
-            /*
-             * Insert the certificate into global module configuration to let it
-             * survive the processing between the 1st Apache API init round (where
-             * we operate here) and the 2nd Apache init round (where the
-             * certificate is actually used to configure mod_ssl's per-server
-             * configuration structures).
-             */
-            cp = ap_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
-            asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tPublicCert, cp);
-            asn1->nData  = i2d_X509(pX509Cert, NULL);
-            asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-            ucp = asn1->cpData; i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */
-
-            /*
-             * Free the X509 structure
-             */
-            X509_free(pX509Cert);
-
-            /*
-             * Read in the private key: This is the non-trivial part, because the
-             * key is typically encrypted, so a pass phrase dialog has to be used
-             * to request it from the user (or it has to be alternatively gathered
-             * from a dialog program). The important point here is that ISPs
-             * usually have hundrets of virtual servers configured and a lot of
-             * them use SSL, so really we have to minimize the pass phrase
-             * dialogs.
-             *
-             * The idea is this: When N virtual hosts are configured and all of
-             * them use encrypted private keys with different pass phrases, we
-             * have no chance and have to pop up N pass phrase dialogs. But
-             * usually the admin is clever enough and uses the same pass phrase
-             * for more private key files (typically he even uses one single pass
-             * phrase for all). When this is the case we can minimize the dialogs
-             * by trying to re-use already known/entered pass phrases.
-             */
-            if (sc->szPrivateKeyFile[j] != NULL)
-                ap_cpystrn(szPath, sc->szPrivateKeyFile[j++], sizeof(szPath));
-
-            /*
-             * Try to read the private key file with the help of
-             * the callback function which serves the pass
-             * phrases to OpenSSL
-             */
-            myCtxVarSet(mc,  1, pServ);
-            myCtxVarSet(mc,  2, p);
-            myCtxVarSet(mc,  3, aPassPhrase);
-            myCtxVarSet(mc,  4, &nPassPhraseCur);
-            myCtxVarSet(mc,  5, &cpPassPhraseCur);
-            myCtxVarSet(mc,  6, cpVHostID);
-            myCtxVarSet(mc,  7, an);
-            myCtxVarSet(mc,  8, &nPassPhraseDialog);
-            myCtxVarSet(mc,  9, &nPassPhraseDialogCur);
-            myCtxVarSet(mc, 10, &bPassPhraseDialogOnce);
-
-            nPassPhraseCur        = 0;
-            nPassPhraseRetry      = 0;
-            nPassPhraseDialogCur  = 0;
-            bPassPhraseDialogOnce = TRUE;
-
-			pPrivateKey = NULL;
-
-            for (;;) {
-                /*
-                 * Try to read the private key file with the help of
-                 * the callback function which serves the pass
-                 * phrases to OpenSSL
-                 */
-                if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
-                    ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                            "Init: Can't open server private key file %s", szPath);
-                    ssl_die();
-                }
-                cpPassPhraseCur = NULL;
-                /* Ensure that the error stack is empty; otherwise the
-                   OpenSSL UI code may dump it to stderr. */
-                ERR_clear_error();
-                bReadable = ((pPrivateKey = SSL_read_PrivateKey(fp, NULL,
-                             ssl_pphrase_Handle_CB)) != NULL ? TRUE : FALSE);
-                ap_pfclose(p, fp);
-
-                /*
-                 * when the private key file now was readable,
-                 * it's fine and we go out of the loop
-                 */
-                if (bReadable)
-                   break;
-
-                /*
-                 * when we have more remembered pass phrases
-                 * try to reuse these first.
-                 */
-                if (nPassPhraseCur < nPassPhrase) {
-                    nPassPhraseCur++;
-                    continue;
-                }
-
-                /*
-                 * else it's not readable and we have no more
-                 * remembered pass phrases. Then this has to mean
-                 * that the callback function popped up the dialog
-                 * but a wrong pass phrase was entered.  We give the
-                 * user (but not the dialog program) a few more
-                 * chances...
-                 */
-                if (   sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN
-                    && cpPassPhraseCur != NULL
-                    && nPassPhraseRetry < BUILTIN_DIALOG_RETRIES ) {
-                    fprintf(stdout, "Apache:mod_ssl:Error: Pass phrase incorrect "
-                            "(%d more retr%s permitted).\n",
-                            (BUILTIN_DIALOG_RETRIES-nPassPhraseRetry),
-                            (BUILTIN_DIALOG_RETRIES-nPassPhraseRetry) == 1 ? "y" : "ies");
-                    nPassPhraseRetry++;
-                    if (nPassPhraseRetry > BUILTIN_DIALOG_BACKOFF)
-                        sleep((nPassPhraseRetry-BUILTIN_DIALOG_BACKOFF)*5);
-                    continue;
-                }
-
-                /*
-                 * Ok, anything else now means a fatal error.
-                 */
-                if (cpPassPhraseCur == NULL) {
-                    ssl_log(pServ, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: Private key not found");
-                    if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
-                        fprintf(stdout, "Apache:mod_ssl:Error: Private key not found.\n");
-                        fprintf(stdout, "**Stopped\n");
-                    }
-                } else {
-                    ssl_log(pServ, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: Pass phrase incorrect");
-                    if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
-                        fprintf(stdout, "Apache:mod_ssl:Error: Pass phrase incorrect.\n");
-                        fprintf(stdout, "**Stopped\n");
-                    }
-                }
-                ssl_die();
-            }
-
-            if (pPrivateKey == NULL) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: Unable to read server private key from file %s", szPath);
-                ssl_die();
-            }
-
-            /*
-             * check algorithm type of private key and make
-             * sure only one private key per type is used.
-             */
-            at = ssl_util_algotypeof(NULL, pPrivateKey);
-            an = ssl_util_algotypestr(at);
-            if (algoKey & at) {
-                ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-                        "Init: Multiple %s server private keys not allowed", an);
-                ssl_die();
-            }
-            algoKey |= at;
-
-            /*
-             * Log the type of reading
-             */
-            if (nPassPhraseDialogCur == 0)
-                ssl_log(pServ, SSL_LOG_TRACE, 
-                        "Init: (%s) unencrypted %s private key - pass phrase not required", 
-                        cpVHostID, an);
-            else {
-                if (cpPassPhraseCur != NULL)
-                    ssl_log(pServ, SSL_LOG_TRACE, 
-                            "Init: (%s) encrypted %s private key - pass phrase requested", 
-                            cpVHostID, an);
-                else
-                    ssl_log(pServ, SSL_LOG_TRACE, 
-                            "Init: (%s) encrypted %s private key - pass phrase reused", 
-                            cpVHostID, an);
-            }
-
-            /*
-             * Ok, when we have one more pass phrase store it
-             */
-            if (cpPassPhraseCur != NULL) {
-                cpp = (char **)ssl_ds_array_push(aPassPhrase);
-                *cpp = cpPassPhraseCur;
-                nPassPhrase++;
-            }
-
-	    /*
-	     * For RSA keys, add blinding.
-	     */
-	    if (at == SSL_ALGO_RSA)
-		    if (RSA_blinding_on (pPrivateKey->pkey.rsa, NULL) != 1) {
-			    ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
-				    "Init: RSA blinding failed for private key");
-			    ssl_die();
-		    }		
-    
-            /*
-             * Insert private key into the global module configuration
-             * (we convert it to a stand-alone DER byte sequence
-             * because the SSL library uses static variables inside a
-             * RSA structure which do not survive DSO reloads!)
-             */
-            cp = ap_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
-            asn1 = (ssl_asn1_t *)ssl_ds_table_push(mc->tPrivateKey, cp);
-            asn1->nData  = i2d_PrivateKey(pPrivateKey, NULL);
-            asn1->cpData = ap_palloc(mc->pPool, asn1->nData);
-            ucp = asn1->cpData; i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */
-
-            /*
-             * Free the private key structure
-             */
-            EVP_PKEY_free(pPrivateKey);
-        }
-    }
-
-    /*
-     * Let the user know when we're successful.
-     */
-    if (nPassPhraseDialog > 0) {
-        sc = mySrvConfig(s);
-        if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
-            fprintf(stdout, "\n");
-            fprintf(stdout, "Ok: Pass Phrase Dialog successful.\n");
-        }
-    }
-
-    /*
-     * Wipe out the used memory from the
-     * pass phrase array and then deallocate it
-     */
-    if (!ssl_ds_array_isempty(aPassPhrase)) {
-        ssl_ds_array_wipeout(aPassPhrase);
-        ssl_ds_array_kill(aPassPhrase);
-        ssl_log(s, SSL_LOG_INFO, "Init: Wiped out the queried pass phrases from memory");
-    }
-
-    return;
-}
-
-int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify)
-{
-    SSLModConfigRec *mc = myModConfig();
-    server_rec *s;
-    pool *p;
-    ssl_ds_array *aPassPhrase;
-    SSLSrvConfigRec *sc;
-    int *pnPassPhraseCur;
-    char **cppPassPhraseCur;
-    char *cpVHostID;
-    char *cpAlgoType;
-    int *pnPassPhraseDialog;
-    int *pnPassPhraseDialogCur;
-    BOOL *pbPassPhraseDialogOnce;
-    int stderr_store;
-    char **cpp;
-    int len = -1;
-
-    /*
-     * Reconnect to the context of ssl_phrase_Handle()
-     */
-    s                      = myCtxVarGet(mc,  1, server_rec *);
-    p                      = myCtxVarGet(mc,  2, pool *);
-    aPassPhrase            = myCtxVarGet(mc,  3, ssl_ds_array *);
-    pnPassPhraseCur        = myCtxVarGet(mc,  4, int *);
-    cppPassPhraseCur       = myCtxVarGet(mc,  5, char **);
-    cpVHostID              = myCtxVarGet(mc,  6, char *);
-    cpAlgoType             = myCtxVarGet(mc,  7, char *);
-    pnPassPhraseDialog     = myCtxVarGet(mc,  8, int *);
-    pnPassPhraseDialogCur  = myCtxVarGet(mc,  9, int *);
-    pbPassPhraseDialogOnce = myCtxVarGet(mc, 10, BOOL *);
-    sc                     = mySrvConfig(s);
-
-    (*pnPassPhraseDialog)++;
-    (*pnPassPhraseDialogCur)++;
-
-    /*
-     * When remembered pass phrases are available use them...
-     */
-    if ((cpp = (char **)ssl_ds_array_get(aPassPhrase, *pnPassPhraseCur)) != NULL) {
-        ap_cpystrn(buf, *cpp, bufsize);
-        len = strlen(buf);
-        return len;
-    }
-
-    /*
-     * Builtin dialog
-     */
-    if (sc->nPassPhraseDialogType == SSL_PPTYPE_BUILTIN) {
-        char *prompt;
-        int i;
-
-        ssl_log(s, SSL_LOG_INFO,
-                "Init: Requesting pass phrase via builtin terminal dialog");
-
-        /*
-         * Reconnect STDERR to terminal (here STDOUT) because
-         * at our init stage Apache already connected STDERR
-         * to the general error logfile.
-         */
-        if ((stderr_store = open("/dev/null", O_WRONLY)) == -1)
-            stderr_store = STDERR_FILENO_STORE;
-        dup2(STDERR_FILENO, stderr_store);
-        dup2(STDOUT_FILENO, STDERR_FILENO);
-
-        /*
-         * The first time display a header to inform the user about what
-         * program he actually speaks to, which module is responsible for
-         * this terminal dialog and why to the hell he has to enter
-         * something...
-         */
-        if (*pnPassPhraseDialog == 1) {
-            fprintf(stderr, "%s mod_ssl/%s (Pass Phrase Dialog)\n",
-                    SERVER_BASEVERSION, MOD_SSL_VERSION);
-            fprintf(stderr, "Some of your private key files are encrypted for security reasons.\n");
-            fprintf(stderr, "In order to read them you have to provide us with the pass phrases.\n");
-        }
-        if (*pbPassPhraseDialogOnce) {
-            *pbPassPhraseDialogOnce = FALSE;
-            fprintf(stderr, "\n");
-            fprintf(stderr, "Server %s (%s)\n", cpVHostID, cpAlgoType);
-        }
-
-        /*
-         * Emulate the OpenSSL internal pass phrase dialog
-         * (see crypto/pem/pem_lib.c:def_callback() for details)
-         */
-        prompt = "Enter pass phrase:";
-        for (;;) {
-            if ((i = EVP_read_pw_string(buf, bufsize, prompt, FALSE)) != 0) {
-                PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
-                memset(buf, 0, (unsigned int)bufsize);
-                return (-1);
-            }
-            len = strlen(buf);
-            if (len < 1)
-                fprintf(stderr, "Apache:mod_ssl:Error: Pass phrase empty (needs to be at least 1 character).\n");
-            else
-                break;
-        }
-
-        /*
-         * Restore STDERR to Apache error logfile
-         */
-        dup2(stderr_store, STDERR_FILENO);
-        close(stderr_store);
-    }
-
-    /*
-     * Filter program
-     */
-    else if (sc->nPassPhraseDialogType == SSL_PPTYPE_FILTER) {
-        char *cmd;
-        char *result;
-
-        ssl_log(s, SSL_LOG_INFO,
-                "Init: Requesting pass phrase from dialog filter program (%s)",
-                sc->szPassPhraseDialogPath);
-
-        if (strchr(sc->szPassPhraseDialogPath, ' ') != NULL)
-            cmd = ap_psprintf(p, "\"%s\" %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
-        else
-            cmd = ap_psprintf(p, "%s %s %s", sc->szPassPhraseDialogPath, cpVHostID, cpAlgoType);
-        result = ssl_util_readfilter(s, p, cmd);
-        ap_cpystrn(buf, result, bufsize);
-        len = strlen(buf);
-    }
-
-    /*
-     * Ok, we now have the pass phrase, so give it back
-     */
-    *cppPassPhraseCur = ap_pstrdup(p, buf);
-
-    /*
-     * And return it's length to OpenSSL...
-     */
-    return (len);
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c
deleted file mode 100644
index 32a849a09fb..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_rand.c
-**  Random Number Generator Seeding
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``The generation of random
-                                  numbers is too important
-                                  to be left to chance.'' */
-
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Support for better seeding of SSL library's RNG
-**  _________________________________________________________________
-*/
-
-static int ssl_rand_choosenum(int);
-static int ssl_rand_feedfp(pool *, FILE *, int);
-
-int ssl_rand_seed(server_rec *s, pool *p, ssl_rsctx_t nCtx, char *prefix)
-{
-    SSLModConfigRec *mc;
-    array_header *apRandSeed;
-    ssl_randseed_t *pRandSeeds;
-    ssl_randseed_t *pRandSeed;
-    unsigned char stackdata[256];
-    int nReq, nDone;
-    FILE *fp;
-    int i, n, l;
-    time_t t;
-    pid_t pid;
-    int m;
-
-    mc = myModConfig();
-    nReq  = 0;
-    nDone = 0;
-    apRandSeed = mc->aRandSeed;
-    pRandSeeds = (ssl_randseed_t *)apRandSeed->elts;
-    for (i = 0; i < apRandSeed->nelts; i++) {
-        pRandSeed = &pRandSeeds[i];
-        if (pRandSeed->nCtx == nCtx) {
-            nReq += pRandSeed->nBytes;
-            if (pRandSeed->nSrc == SSL_RSSRC_FILE) {
-                /*
-                 * seed in contents of an external file
-                 */
-                if ((fp = ap_pfopen(p, pRandSeed->cpPath, "r")) == NULL)
-                    continue;
-                nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
-                ap_pfclose(p, fp);
-            }
-            else if (pRandSeed->nSrc == SSL_RSSRC_EXEC) {
-                /*
-                 * seed in contents generated by an external program
-                 */
-                if ((fp = ssl_util_ppopen(s, p, ap_psprintf(p, "%s %d",
-                                          pRandSeed->cpPath, pRandSeed->nBytes))) == NULL)
-                    continue;
-                nDone += ssl_rand_feedfp(p, fp, pRandSeed->nBytes);
-                ssl_util_ppclose(s, p, fp);
-            }
-            else if (pRandSeed->nSrc == SSL_RSSRC_EGD) {
-                /*
-                 * seed in contents provided by the external
-                 * Entropy Gathering Daemon (EGD)
-                 */
-                if ((n = RAND_egd_bytes(pRandSeed->cpPath, pRandSeed->nBytes)) == -1)
-                    continue;
-                nDone += n;
-            }
-            else if (pRandSeed->nSrc == SSL_RSSRC_BUILTIN) {
-                /*
-                 * seed in the current time (usually just 4 bytes)
-                 */
-                t = time(NULL);
-                l = sizeof(time_t);
-                RAND_seed((unsigned char *)&t, l);
-                nDone += l;
-
-                /*
-                 * seed in the current process id (usually just 4 bytes)
-                 */
-                pid = getpid();
-                l = sizeof(pid_t);
-                RAND_seed((unsigned char *)&pid, l);
-                nDone += l;
-                
-                /*
-                 * seed in some current state of the run-time stack (128 bytes)
-                 */
-                n = ssl_rand_choosenum(sizeof(stackdata)-128-1);
-                RAND_seed(stackdata+n, 128);
-                nDone += 128;
-
-                /*
-                 * seed in extract data from the current scoreboard
-                 */
-                if (ap_scoreboard_image != NULL && SCOREBOARD_SIZE > 16) {
-                    if ((m = ((SCOREBOARD_SIZE / 2) - 1)) > 1024)
-                        m = 1024;
-                    n = ssl_rand_choosenum(m);
-                    RAND_seed(((unsigned char *)ap_scoreboard_image)+n, m);
-                    nDone += m;
-                }
-            }
-        }
-    }
-    ssl_log(s, SSL_LOG_INFO, "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);
-
-    if (RAND_status() == 0)
-        ssl_log(s, SSL_LOG_WARN, "%sPRNG still contains insufficient entropy!", prefix);
-    return nDone;
-}
-
-#define BUFSIZE 8192
-
-static int ssl_rand_feedfp(pool *p, FILE *fp, int nReq)
-{
-    int nDone;
-    unsigned char caBuf[BUFSIZE];
-    int nBuf;
-    int nRead;
-    int nTodo;
-
-    nDone = 0;
-    nRead = BUFSIZE;
-    nTodo = nReq;
-    while (1) {
-        if (nReq > 0)
-            nRead = (nTodo < BUFSIZE ? nTodo : BUFSIZE);
-        if ((nBuf = (int)fread(caBuf, 1, nRead, fp)) <= 0)
-            break;
-        RAND_seed(caBuf, nBuf);
-        nDone += nBuf;
-        if (nReq > 0) {
-            nTodo -= nBuf;
-            if (nTodo <= 0)
-                break;
-        }
-    }
-    return nDone;
-}
-
-/* Generate a random number in the range 1-h */
-static int ssl_rand_choosenum(int h)
-{
-	return (int)(arc4random() / ((double)0xffffffffU + 1) * h + 1);
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c
deleted file mode 100644
index 10965df9e71..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_engine_vars.c
-**  Variable Lookup Facility
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Those of you who think they
-                                  know everything are very annoying
-                                  to those of us who do.''
-                                                  -- Unknown       */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Variable Lookup
-**  _________________________________________________________________
-*/
-
-static char *ssl_var_lookup_header(pool *p, request_rec *r, const char *name);
-static char *ssl_var_lookup_ssl(pool *p, conn_rec *c, char *var);
-static char *ssl_var_lookup_ssl_cert(pool *p, X509 *xs, char *var);
-static char *ssl_var_lookup_ssl_cert_dn(pool *p, X509_NAME *xsname, char *var);
-static char *ssl_var_lookup_ssl_cert_valid(pool *p, ASN1_UTCTIME *tm);
-static char *ssl_var_lookup_ssl_cert_serial(pool *p, X509 *xs);
-static char *ssl_var_lookup_ssl_cert_chain(pool *p, STACK_OF(X509) *sk, char *var);
-static char *ssl_var_lookup_ssl_cert_PEM(pool *p, X509 *xs);
-static char *ssl_var_lookup_ssl_cert_verify(pool *p, conn_rec *c);
-static char *ssl_var_lookup_ssl_cipher(pool *p, conn_rec *c, char *var);
-static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
-static char *ssl_var_lookup_ssl_version(pool *p, char *var);
-
-void ssl_var_register(void)
-{
-    ap_hook_configure("ap::mod_ssl::var_lookup",
-                      AP_HOOK_SIG6(ptr,ptr,ptr,ptr,ptr,ptr), AP_HOOK_DECLINE(NULL));
-    ap_hook_register("ap::mod_ssl::var_lookup",
-                     ssl_var_lookup, AP_HOOK_NOCTX);
-    return;
-}
-
-void ssl_var_unregister(void)
-{
-    ap_hook_unregister("ap::mod_ssl::var_lookup", ssl_var_lookup);
-    return;
-}
-
-char *ssl_var_lookup(pool *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
-{
-    SSLModConfigRec *mc = myModConfig();
-    char *result;
-    BOOL resdup;
-    time_t tc;
-    struct tm *tm;
-
-    result = NULL;
-    resdup = TRUE;
-
-    /*
-     * When no pool is given try to find one
-     */
-    if (p == NULL) {
-        if (r != NULL)
-            p = r->pool;
-        else if (c != NULL)
-            p = c->pool;
-        else
-            p = mc->pPool;
-    }
-
-    /*
-     * Request dependent stuff
-     */
-    if (r != NULL) {
-        if (strcEQ(var, "HTTP_USER_AGENT"))
-            result = ssl_var_lookup_header(p, r, "User-Agent");
-        else if (strcEQ(var, "HTTP_REFERER"))
-            result = ssl_var_lookup_header(p, r, "Referer");
-        else if (strcEQ(var, "HTTP_COOKIE"))
-            result = ssl_var_lookup_header(p, r, "Cookie");
-        else if (strcEQ(var, "HTTP_FORWARDED"))
-            result = ssl_var_lookup_header(p, r, "Forwarded");
-        else if (strcEQ(var, "HTTP_HOST"))
-            result = ssl_var_lookup_header(p, r, "Host");
-        else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
-            result = ssl_var_lookup_header(p, r, "Proxy-Connection");
-        else if (strcEQ(var, "HTTP_ACCEPT"))
-            result = ssl_var_lookup_header(p, r, "Accept");
-        else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
-            /* all other headers from which we are still not know about */
-            result = ssl_var_lookup_header(p, r, var+5);
-        else if (strcEQ(var, "THE_REQUEST"))
-            result = r->the_request;
-        else if (strcEQ(var, "REQUEST_METHOD"))
-            result = (char *)(r->method);
-        else if (strcEQ(var, "REQUEST_SCHEME"))
-            result = ap_http_method(r);
-        else if (strcEQ(var, "REQUEST_URI"))
-            result = r->uri;
-        else if (strcEQ(var, "SCRIPT_FILENAME") ||
-                 strcEQ(var, "REQUEST_FILENAME"))
-            result = r->filename;
-        else if (strcEQ(var, "PATH_INFO"))
-            result = r->path_info;
-        else if (strcEQ(var, "QUERY_STRING"))
-            result = r->args;
-        else if (strcEQ(var, "REMOTE_HOST"))
-            result = (char *)ap_get_remote_host(r->connection,
-                                                r->per_dir_config, REMOTE_NAME);
-        else if (strcEQ(var, "REMOTE_IDENT"))
-            result = (char *)ap_get_remote_logname(r);
-        else if (strcEQ(var, "IS_SUBREQ"))
-            result = (r->main != NULL ? "true" : "false");
-        else if (strcEQ(var, "DOCUMENT_ROOT"))
-            result = (char *)ap_document_root(r);
-        else if (strcEQ(var, "SERVER_ADMIN"))
-            result = r->server->server_admin;
-        else if (strcEQ(var, "SERVER_NAME"))
-            result = (char *)ap_get_server_name(r);
-        else if (strcEQ(var, "SERVER_PORT"))
-            result = ap_psprintf(p, "%u", ap_get_server_port(r));
-        else if (strcEQ(var, "SERVER_PROTOCOL"))
-            result = r->protocol;
-    }
-
-    /*
-     * Connection stuff
-     */
-    if (result == NULL && c != NULL) {
-        if (strcEQ(var, "REMOTE_ADDR"))
-            result = c->remote_ip;
-        else if (strcEQ(var, "REMOTE_USER"))
-            result = c->user;
-        else if (strcEQ(var, "AUTH_TYPE"))
-            result = c->ap_auth_type;
-        else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4))
-            result = ssl_var_lookup_ssl(p, c, var+4);
-        else if (strcEQ(var, "HTTPS")) {
-            if (ap_ctx_get(c->client->ctx, "ssl") != NULL)
-                result = "on";
-            else
-                result = "off";
-        }
-    }
-
-    /*
-     * Totally independent stuff
-     */
-    if (result == NULL) {
-        if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12))
-            result = ssl_var_lookup_ssl_version(p, var+12);
-        else if (strcEQ(var, "SERVER_SOFTWARE"))
-            result = (char *)ap_get_server_version();
-        else if (strcEQ(var, "API_VERSION")) {
-            result = ap_psprintf(p, "%d", MODULE_MAGIC_NUMBER);
-            resdup = FALSE;
-        }
-        else if (strcEQ(var, "TIME_YEAR")) {
-            tc = time(NULL);
-            tm = localtime(&tc);
-            result = ap_psprintf(p, "%02d%02d",
-                                 (tm->tm_year / 100) + 19, tm->tm_year % 100);
-            resdup = FALSE;
-        }
-#define MKTIMESTR(format, tmfield) \
-            tc = time(NULL); \
-            tm = localtime(&tc); \
-            result = ap_psprintf(p, format, tm->tmfield); \
-            resdup = FALSE;
-        else if (strcEQ(var, "TIME_MON")) {
-            MKTIMESTR("%02d", tm_mon+1)
-        }
-        else if (strcEQ(var, "TIME_DAY")) {
-            MKTIMESTR("%02d", tm_mday)
-        }
-        else if (strcEQ(var, "TIME_HOUR")) {
-            MKTIMESTR("%02d", tm_hour)
-        }
-        else if (strcEQ(var, "TIME_MIN")) {
-            MKTIMESTR("%02d", tm_min)
-        }
-        else if (strcEQ(var, "TIME_SEC")) {
-            MKTIMESTR("%02d", tm_sec)
-        }
-        else if (strcEQ(var, "TIME_WDAY")) {
-            MKTIMESTR("%d", tm_wday)
-        }
-        else if (strcEQ(var, "TIME")) {
-            tc = time(NULL);
-            tm = localtime(&tc);
-            result = ap_psprintf(p,
-                        "%02d%02d%02d%02d%02d%02d%02d", (tm->tm_year / 100) + 19,
-                        (tm->tm_year % 100), tm->tm_mon+1, tm->tm_mday,
-                        tm->tm_hour, tm->tm_min, tm->tm_sec);
-            resdup = FALSE;
-        }
-        /* all other env-variables from the parent Apache process */
-        else if (strlen(var) > 4 && strcEQn(var, "ENV:", 4)) {
-            result = (char *)ap_table_get(r->notes, var+4);
-            if (result == NULL)
-                result = (char *)ap_table_get(r->subprocess_env, var+4);
-            if (result == NULL)
-                result = getenv(var+4);
-        }
-    }
-
-    if (result != NULL && resdup)
-        result = ap_pstrdup(p, result);
-    if (result == NULL)
-        result = "";
-    return result;
-}
-
-static char *ssl_var_lookup_header(pool *p, request_rec *r, const char *name)
-{
-    array_header *hdrs_arr;
-    table_entry *hdrs;
-    int i;
-
-    hdrs_arr = ap_table_elts(r->headers_in);
-    hdrs = (table_entry *)hdrs_arr->elts;
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-        if (hdrs[i].key == NULL)
-            continue;
-        if (strcEQ(hdrs[i].key, name))
-            return ap_pstrdup(p, hdrs[i].val);
-    }
-    return NULL;
-}
-
-static char *ssl_var_lookup_ssl(pool *p, conn_rec *c, char *var)
-{
-    char *result;
-    X509 *xs;
-    STACK_OF(X509) *sk;
-    SSL *ssl;
-
-    result = NULL;
-
-    ssl = ap_ctx_get(c->client->ctx, "ssl");
-    if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) {
-        result = ssl_var_lookup_ssl_version(p, var+8);
-    }
-    else if (ssl != NULL && strcEQ(var, "PROTOCOL")) {
-        result = (char *)SSL_get_version(ssl);
-    }
-    else if (ssl != NULL && strcEQ(var, "SESSION_ID")) {
-        SSL_SESSION *pSession = SSL_get_session(ssl);
-        result = ap_pstrdup(p, SSL_SESSION_id2sz(pSession->session_id, 
-                                                 pSession->session_id_length));
-    }
-    else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
-        result = ssl_var_lookup_ssl_cipher(p, c, var+6);
-    }
-    else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) {
-        sk = SSL_get_peer_cert_chain(ssl);
-        result = ssl_var_lookup_ssl_cert_chain(p, sk, var+18);
-    }
-    else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) {
-        result = ssl_var_lookup_ssl_cert_verify(p, c);
-    }
-    else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
-        if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
-            result = ssl_var_lookup_ssl_cert(p, xs, var+7);
-            X509_free(xs);
-        }
-    }
-    else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
-        if ((xs = SSL_get_certificate(ssl)) != NULL) {
-            result = ssl_var_lookup_ssl_cert(p, xs, var+7);
-            /* SSL_get_certificate() as of OpenSSL 0.9.7a does not increment
-               the reference count the same way SSL_get_peer_certificate does,
-               so no need to X509_free(xs) the stuff here. */
-        }
-    }
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert(pool *p, X509 *xs, char *var)
-{
-    char *result;
-    BOOL resdup;
-    X509_NAME *xsname;
-    int nid;
-    char *cp;
-
-    result = NULL;
-    resdup = TRUE;
-
-    if (strcEQ(var, "M_VERSION")) {
-        result = ap_psprintf(p, "%lu", X509_get_version(xs)+1);
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "M_SERIAL")) {
-        result = ssl_var_lookup_ssl_cert_serial(p, xs);
-    }
-    else if (strcEQ(var, "V_START")) {
-        result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
-    }
-    else if (strcEQ(var, "V_END")) {
-        result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
-    }
-    else if (strcEQ(var, "S_DN")) {
-        xsname = X509_get_subject_name(xs);
-        cp = X509_NAME_oneline(xsname, NULL, 0);
-        result = ap_pstrdup(p, cp);
-        OPENSSL_free(cp);
-        resdup = FALSE;
-    }
-    else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) {
-        xsname = X509_get_subject_name(xs);
-        result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5);
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "I_DN")) {
-        xsname = X509_get_issuer_name(xs);
-        cp = X509_NAME_oneline(xsname, NULL, 0);
-        result = ap_pstrdup(p, cp);
-        OPENSSL_free(cp);
-        resdup = FALSE;
-    }
-    else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) {
-        xsname = X509_get_issuer_name(xs);
-        result = ssl_var_lookup_ssl_cert_dn(p, xsname, var+5);
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "A_SIG")) {
-        nid = OBJ_obj2nid(xs->cert_info->signature->algorithm);
-        result = ap_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "A_KEY")) {
-        nid = OBJ_obj2nid(xs->cert_info->key->algor->algorithm);
-        result = ap_pstrdup(p, (nid == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(nid));
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "CERT")) {
-        result = ssl_var_lookup_ssl_cert_PEM(p, xs);
-    }
-
-    if (result != NULL && resdup)
-        result = ap_pstrdup(p, result);
-    return result;
-}
-
-static const struct {
-    char *name;
-    int   nid;
-} ssl_var_lookup_ssl_cert_dn_rec[] = {
-    { "C",     NID_countryName            },
-    { "ST",    NID_stateOrProvinceName    }, /* officially    (RFC2156) */
-    { "SP",    NID_stateOrProvinceName    }, /* compatibility (SSLeay)  */
-    { "L",     NID_localityName           },
-    { "O",     NID_organizationName       },
-    { "OU",    NID_organizationalUnitName },
-    { "CN",    NID_commonName             },
-    { "T",     NID_title                  },
-    { "I",     NID_initials               },
-    { "G",     NID_givenName              },
-    { "S",     NID_surname                },
-    { "D",     NID_description            },
-    { "UID",   NID_x500UniqueIdentifier   },
-    { "Email", NID_pkcs9_emailAddress     },
-    { NULL,    0                          }
-};
-
-static char *ssl_var_lookup_ssl_cert_dn(pool *p, X509_NAME *xsname, char *var)
-{
-    char *result;
-    X509_NAME_ENTRY *xsne;
-    int i, j, n;
-
-    result = NULL;
-
-    for (i = 0; ssl_var_lookup_ssl_cert_dn_rec[i].name != NULL; i++) {
-        if (strEQ(var, ssl_var_lookup_ssl_cert_dn_rec[i].name)) {
-            for (j = 0; j < sk_X509_NAME_ENTRY_num(xsname->entries); j++) {
-                xsne = sk_X509_NAME_ENTRY_value(xsname->entries, j);
-                n = OBJ_obj2nid(xsne->object);
-                if (n == ssl_var_lookup_ssl_cert_dn_rec[i].nid) {
-                    result = ap_palloc(p, xsne->value->length+1);
-                    ap_cpystrn(result, (char *)xsne->value->data, xsne->value->length+1);
-                    result[xsne->value->length] = NUL;
-                    break;
-                }
-            }
-            break;
-        }
-    }
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_valid(pool *p, ASN1_UTCTIME *tm)
-{
-    char *result;
-    BIO* bio;
-    int n;
-
-    if ((bio = BIO_new(BIO_s_mem())) == NULL)
-        return NULL;
-    ASN1_UTCTIME_print(bio, tm);
-    n = BIO_pending(bio);
-    result = ap_pcalloc(p, n+1);
-    n = BIO_read(bio, result, n);
-    result[n] = NUL;
-    BIO_free(bio);
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_serial(pool *p, X509 *xs)
-{
-    char *result;
-    BIO *bio;
-    int n;
-
-    if ((bio = BIO_new(BIO_s_mem())) == NULL)
-        return NULL;
-    i2a_ASN1_INTEGER(bio, X509_get_serialNumber(xs));
-    n = BIO_pending(bio);
-    result = ap_pcalloc(p, n+1);
-    n = BIO_read(bio, result, n);
-    result[n] = NUL;
-    BIO_free(bio);
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_chain(pool *p, STACK_OF(X509) *sk, char *var)
-{
-    char *result;
-    X509 *xs;
-    int n;
-
-    result = NULL;
-
-    if (strspn(var, "0123456789") == strlen(var)) {
-        n = atoi(var);
-        if (n < sk_X509_num(sk)) {
-            xs = sk_X509_value(sk, n);
-            result = ssl_var_lookup_ssl_cert_PEM(p, xs);
-        }
-    }
-
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_PEM(pool *p, X509 *xs)
-{
-    char *result;
-    BIO *bio;
-    int n;
-
-    if ((bio = BIO_new(BIO_s_mem())) == NULL)
-        return NULL;
-    PEM_write_bio_X509(bio, xs);
-    n = BIO_pending(bio);
-    result = ap_pcalloc(p, n+1);
-    n = BIO_read(bio, result, n);
-    result[n] = NUL;
-    BIO_free(bio);
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cert_verify(pool *p, conn_rec *c)
-{
-    char *result;
-    long vrc;
-    char *verr;
-    char *vinfo;
-    SSL *ssl;
-    X509 *xs;
-
-    result = NULL;
-    ssl   = ap_ctx_get(c->client->ctx, "ssl");
-    verr  = ap_ctx_get(c->client->ctx, "ssl::verify::error");
-    vinfo = ap_ctx_get(c->client->ctx, "ssl::verify::info");
-    vrc   = SSL_get_verify_result(ssl);
-    xs    = SSL_get_peer_certificate(ssl);
-
-    if (vrc == X509_V_OK && verr == NULL && vinfo == NULL && xs == NULL)
-        /* no client verification done at all */
-        result = "NONE";
-    else if (vrc == X509_V_OK && verr == NULL && vinfo == NULL && xs != NULL)
-        /* client verification done successful */
-        result = "SUCCESS";
-    else if (vrc == X509_V_OK && vinfo != NULL && strEQ(vinfo, "GENEROUS"))
-        /* client verification done in generous way */
-        result = "GENEROUS";
-    else
-        /* client verification failed */
-        result = ap_psprintf(p, "FAILED:%s", verr);
-
-    if (xs != NULL)
-        X509_free(xs);
-
-    return result;
-}
-
-static char *ssl_var_lookup_ssl_cipher(pool *p, conn_rec *c, char *var)
-{
-    char *result;
-    BOOL resdup;
-    int usekeysize, algkeysize;
-    SSL *ssl;
-
-    result = NULL;
-    resdup = TRUE;
-
-    ssl = ap_ctx_get(c->client->ctx, "ssl");
-    ssl_var_lookup_ssl_cipher_bits(ssl, &usekeysize, &algkeysize);
-
-    if (strEQ(var, ""))
-        result = (ssl != NULL ? (char *)SSL_get_cipher_name(ssl) : NULL);
-    else if (strcEQ(var, "_EXPORT"))
-        result = (usekeysize < 56 ? "true" : "false");
-    else if (strcEQ(var, "_USEKEYSIZE")) {
-        result = ap_psprintf(p, "%d", usekeysize);
-        resdup = FALSE;
-    }
-    else if (strcEQ(var, "_ALGKEYSIZE")) {
-        result = ap_psprintf(p, "%d", algkeysize);
-        resdup = FALSE;
-    }
-
-    if (result != NULL && resdup)
-        result = ap_pstrdup(p, result);
-    return result;
-}
-
-static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize)
-{
-    SSL_CIPHER *cipher;
-
-    *usekeysize = 0;
-    *algkeysize = 0;
-    if (ssl != NULL)
-        if ((cipher = SSL_get_current_cipher(ssl)) != NULL)
-            *usekeysize = SSL_CIPHER_get_bits(cipher, algkeysize);
-    return;
-}
-
-static char *ssl_var_lookup_ssl_version(pool *p, char *var)
-{
-    char *result;
-    char *cp, *cp2;
-
-    result = NULL;
-
-    if (strEQ(var, "PRODUCT")) {
-#if defined(SSL_PRODUCT_NAME) && defined(SSL_PRODUCT_VERSION)
-        result = ap_psprintf(p, "%s/%s", SSL_PRODUCT_NAME, SSL_PRODUCT_VERSION);
-#else
-        result = NULL;
-#endif
-    }
-    else if (strEQ(var, "INTERFACE")) {
-        result = ap_psprintf(p, "mod_ssl/%s", MOD_SSL_VERSION);
-    }
-    else if (strEQ(var, "LIBRARY")) {
-        result = ap_pstrdup(p, SSL_LIBRARY_TEXT);
-        if ((cp = strchr(result, ' ')) != NULL) {
-            *cp = '/';
-            if ((cp2 = strchr(cp, ' ')) != NULL)
-                *cp2 = NUL;
-        }
-    }
-    return result;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr.c b/usr.sbin/httpd/src/modules/ssl/ssl_expr.c
deleted file mode 100644
index e992621ef29..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_expr.c
-**  Expression Handling
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``It is hard to fly with
-                                  the eagles when you work
-                                  with the turkeys.''
-                                          -- Unknown  */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Expression Handling
-**  _________________________________________________________________
-*/
-
-ssl_expr_info_type ssl_expr_info;
-char              *ssl_expr_error;
-
-ssl_expr *ssl_expr_comp(pool *p, char *expr)
-{
-    ssl_expr_info.pool       = p;
-    ssl_expr_info.inputbuf   = expr;
-    ssl_expr_info.inputlen   = strlen(expr);
-    ssl_expr_info.inputptr   = ssl_expr_info.inputbuf;
-    ssl_expr_info.expr       = FALSE;
-
-    ssl_expr_error = NULL;
-    if (ssl_expr_yyparse())
-        return NULL;
-    return ssl_expr_info.expr;
-}
-
-char *ssl_expr_get_error(void)
-{
-    if (ssl_expr_error == NULL)
-        return "";
-    return ssl_expr_error;
-}
-
-ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *a1, void *a2)
-{
-    ssl_expr *node;
-
-    node = (ssl_expr *)ap_palloc(ssl_expr_info.pool, sizeof(ssl_expr));
-    node->node_op   = op;
-    node->node_arg1 = (char *)a1;
-    node->node_arg2 = (char *)a2;
-    return node;
-}
-
-int ssl_expr_exec(request_rec *r, ssl_expr *expr)
-{
-    BOOL rc;
-
-    rc = ssl_expr_eval(r, expr);
-    if (ssl_expr_error != NULL)
-        return (-1);
-    else
-        return (rc ? 1 : 0);
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr.h b/usr.sbin/httpd/src/modules/ssl/ssl_expr.h
deleted file mode 100644
index adf12e51639..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr.h
+++ /dev/null
@@ -1,139 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_expr.h
-**  Expression Handling (Header)
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                             /* ``May all your PUSHes be POPed.'' */
-
-#ifndef SSL_EXPR_H
-#define SSL_EXPR_H
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-
-#ifndef TRUE
-#define TRUE !FALSE
-#endif
-
-#ifndef YY_NULL
-#define YY_NULL 0
-#endif
-
-#ifndef MIN
-#define MIN(a,b) (((a)<(b))?(a):(b))
-#endif
-
-#ifndef BOOL
-#define BOOL unsigned int
-#endif
-
-#ifndef NULL
-#define NULL (void *)0
-#endif
-
-#ifndef NUL
-#define NUL '\0'
-#endif
-
-#ifndef YYDEBUG
-#define YYDEBUG 0
-#endif
-
-typedef enum {
-    op_NOP, op_ListElement,
-    op_True, op_False, op_Not, op_Or, op_And, op_Comp,
-    op_EQ, op_NE, op_LT, op_LE, op_GT, op_GE, op_IN, op_REG, op_NRE,
-    op_Digit, op_String, op_Regex, op_Var, op_Func
-} ssl_expr_node_op;
-
-typedef struct {
-    ssl_expr_node_op node_op;
-    void *node_arg1;
-    void *node_arg2;
-} ssl_expr_node;
-
-typedef ssl_expr_node ssl_expr;
-
-typedef struct {
-	pool     *pool;
-    char     *inputbuf;
-    int       inputlen;
-    char     *inputptr;
-    ssl_expr *expr;
-} ssl_expr_info_type;
-
-extern ssl_expr_info_type ssl_expr_info;
-extern char *ssl_expr_error;
-
-#define yylval  ssl_expr_yylval
-#define yyerror ssl_expr_yyerror
-#define yyinput ssl_expr_yyinput
-
-extern int ssl_expr_yyparse(void);
-extern int ssl_expr_yyerror(char *);
-extern int ssl_expr_yylex(void);
-
-extern ssl_expr *ssl_expr_comp(pool *, char *);
-extern int       ssl_expr_exec(request_rec *, ssl_expr *);
-extern char     *ssl_expr_get_error(void);
-extern ssl_expr *ssl_expr_make(ssl_expr_node_op, void *, void *);
-extern BOOL      ssl_expr_eval(request_rec *, ssl_expr *);
-
-#endif /* SSL_EXPR_H */
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr_eval.c b/usr.sbin/httpd/src/modules/ssl/ssl_expr_eval.c
deleted file mode 100644
index dfcbf9e13dd..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr_eval.c
+++ /dev/null
@@ -1,282 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_expr_eval.c
-**  Expression Evaluation
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Make love,
-                                  not software!''
-                                        -- Unknown */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Expression Evaluation
-**  _________________________________________________________________
-*/
-
-static BOOL  ssl_expr_eval_comp(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_word(request_rec *, ssl_expr *);
-static char *ssl_expr_eval_func_file(request_rec *, char *);
-static int   ssl_expr_eval_strcmplex(char *, char *);
-
-BOOL ssl_expr_eval(request_rec *r, ssl_expr *node)
-{
-    switch (node->node_op) {
-        case op_True: {
-            return TRUE;
-        }
-        case op_False: {
-            return FALSE;
-        }
-        case op_Not: {
-            ssl_expr *e = (ssl_expr *)node->node_arg1;
-            return (!ssl_expr_eval(r, e));
-        }
-        case op_Or: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2));
-        }
-        case op_And: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2));
-        }
-        case op_Comp: {
-            ssl_expr *e = (ssl_expr *)node->node_arg1;
-            return ssl_expr_eval_comp(r, e);
-        }
-        default: {
-            ssl_expr_error = "Internal evaluation error: Unknown expression node";
-            return FALSE;
-        }
-    }
-}
-
-static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
-{
-    switch (node->node_op) {
-        case op_EQ: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0);
-        }
-        case op_NE: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0);
-        }
-        case op_LT: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <  0);
-        }
-        case op_LE: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0);
-        }
-        case op_GT: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >  0);
-        }
-        case op_GE: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0);
-        }
-        case op_IN: {
-            ssl_expr *e1 = (ssl_expr *)node->node_arg1;
-            ssl_expr *e2 = (ssl_expr *)node->node_arg2;
-            ssl_expr *e3;
-            char *w1 = ssl_expr_eval_word(r, e1);
-            BOOL found = FALSE;
-            do {
-                e3 = (ssl_expr *)e2->node_arg1;
-                e2 = (ssl_expr *)e2->node_arg2;
-                if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) {
-                    found = TRUE;
-                    break;
-                }
-            } while (e2 != NULL);
-            return found;
-        }
-        case op_REG: {
-            ssl_expr *e1;
-            ssl_expr *e2;
-            char *word;
-            regex_t *regex;
-
-            e1 = (ssl_expr *)node->node_arg1;
-            e2 = (ssl_expr *)node->node_arg2;
-            word = ssl_expr_eval_word(r, e1);
-            regex = (regex_t *)(e2->node_arg1);
-            return (regexec(regex, word, 0, NULL, 0) == 0);
-        }
-        case op_NRE: {
-            ssl_expr *e1;
-            ssl_expr *e2;
-            char *word;
-            regex_t *regex;
-
-            e1 = (ssl_expr *)node->node_arg1;
-            e2 = (ssl_expr *)node->node_arg2;
-            word = ssl_expr_eval_word(r, e1);
-            regex = (regex_t *)(e2->node_arg1);
-            return !(regexec(regex, word, 0, NULL, 0) == 0);
-        }
-        default: {
-            ssl_expr_error = "Internal evaluation error: Unknown expression node";
-            return FALSE;
-        }
-    }
-}
-
-static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node)
-{
-    switch (node->node_op) {
-        case op_Digit: {
-            char *string = (char *)node->node_arg1;
-            return string;
-        }
-        case op_String: {
-            char *string = (char *)node->node_arg1;
-            return string;
-        }
-        case op_Var: {
-            char *var = (char *)node->node_arg1;
-            char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
-            return (val == NULL ? "" : val);
-        }
-        case op_Func: {
-            char *name = (char *)node->node_arg1;
-            ssl_expr *args = (ssl_expr *)node->node_arg2;
-            if (strEQ(name, "file"))
-                return ssl_expr_eval_func_file(r, (char *)(args->node_arg1));
-            else {
-                ssl_expr_error = "Internal evaluation error: Unknown function name";
-                return "";
-            }
-        }
-        default: {
-            ssl_expr_error = "Internal evaluation error: Unknown expression node";
-            return FALSE;
-        }
-    }
-}
-
-static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
-{
-    FILE *fp;
-    char *buf;
-    int len;
-
-    if ((fp = ap_pfopen(r->pool, filename, "r")) == NULL) {
-        ssl_expr_error = "Cannot open file";
-        return "";
-    }
-    fseek(fp, 0, SEEK_END);
-    len = ftell(fp);
-    if (len == 0) {
-        buf = (char *)ap_palloc(r->pool, sizeof(char) * 1);
-        *buf = NUL;
-    }
-    else {
-        if ((buf = (char *)ap_palloc(r->pool, sizeof(char) * (len+1))) == NULL) {
-            ssl_expr_error = "Cannot allocate memory";
-            ap_pfclose(r->pool, fp);
-            return "";
-        }
-        fseek(fp, 0, SEEK_SET);
-        if (fread(buf, len, 1, fp) == 0) {
-            ssl_expr_error = "Cannot read from file";
-            fclose(fp);
-            return ("");
-        }
-        buf[len] = NUL;
-    }
-    ap_pfclose(r->pool, fp);
-    return buf;
-}
-
-/* a variant of strcmp(3) which works correctly also for number strings */
-static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2)
-{
-    int i, n1, n2;
-
-    if (cpNum1 == NULL)
-        return -1;
-    if (cpNum2 == NULL)
-        return +1;
-    n1 = strlen(cpNum1);
-    n2 = strlen(cpNum2);
-    if (n1 > n2)
-        return 1;
-    if (n1 < n2)
-        return -1;
-    for (i = 0; i < n1; i++) {
-        if (cpNum1[i] > cpNum2[i])
-            return 1;
-        if (cpNum1[i] < cpNum2[i])
-            return -1;
-    }
-    return 0;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr_parse.y b/usr.sbin/httpd/src/modules/ssl/ssl_expr_parse.y
deleted file mode 100644
index 8ac78e57142..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr_parse.y
+++ /dev/null
@@ -1,186 +0,0 @@
-/*                      _             _ 
-**  _ __ ___   ___   __| |    ___ ___| |  
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  
-** | | | | | | (_) | (_| |   \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
-** |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
-**                      |_____|         
-**  ssl_expr_parse.y
-**  Expression LR(1) Parser
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by 
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by 
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                             /* ``What you see is all you get.''
-							              -- Brian Kernighan      */
-
-/*  _________________________________________________________________
-**
-**  Expression Parser
-**  _________________________________________________________________
-*/
-
-%{
-#include "mod_ssl.h"
-%}
-
-%union {
-    char     *cpVal;
-    ssl_expr *exVal;
-}
-
-%token  T_TRUE
-%token  T_FALSE
-
-%token   T_DIGIT
-%token   T_ID
-%token   T_STRING
-%token   T_REGEX
-%token   T_REGEX_I
-
-%token  T_FUNC_FILE
-
-%token  T_OP_EQ
-%token  T_OP_NE
-%token  T_OP_LT
-%token  T_OP_LE
-%token  T_OP_GT
-%token  T_OP_GE
-%token  T_OP_REG
-%token  T_OP_NRE
-%token  T_OP_IN
-
-%token  T_OP_OR
-%token  T_OP_AND
-%token  T_OP_NOT
-
-%left   T_OP_OR
-%left   T_OP_AND
-%left   T_OP_NOT
-
-%type      expr
-%type      comparison
-%type      funccall
-%type      regex
-%type      words
-%type      word
-
-%%
-
-root      : expr                         { ssl_expr_info.expr = $1; }
-          ;
-
-expr      : T_TRUE                       { $$ = ssl_expr_make(op_True,  NULL, NULL); }
-          | T_FALSE                      { $$ = ssl_expr_make(op_False, NULL, NULL); }
-          | T_OP_NOT expr                { $$ = ssl_expr_make(op_Not,   $2,   NULL); }
-          | expr T_OP_OR expr            { $$ = ssl_expr_make(op_Or,    $1,   $3);   }
-          | expr T_OP_AND expr           { $$ = ssl_expr_make(op_And,   $1,   $3);   }
-          | comparison                   { $$ = ssl_expr_make(op_Comp,  $1,   NULL); }
-          | '(' expr ')'                 { $$ = $2; }
-          ;
-
-comparison: word T_OP_EQ word            { $$ = ssl_expr_make(op_EQ,  $1, $3); }
-          | word T_OP_NE word            { $$ = ssl_expr_make(op_NE,  $1, $3); }
-          | word T_OP_LT word            { $$ = ssl_expr_make(op_LT,  $1, $3); }
-          | word T_OP_LE word            { $$ = ssl_expr_make(op_LE,  $1, $3); }
-          | word T_OP_GT word            { $$ = ssl_expr_make(op_GT,  $1, $3); }
-          | word T_OP_GE word            { $$ = ssl_expr_make(op_GE,  $1, $3); }
-          | word T_OP_IN '{' words '}'   { $$ = ssl_expr_make(op_IN,  $1, $4); }
-          | word T_OP_REG regex          { $$ = ssl_expr_make(op_REG, $1, $3); }
-          | word T_OP_NRE regex          { $$ = ssl_expr_make(op_NRE, $1, $3); }
-          ;
-
-words     : word                         { $$ = ssl_expr_make(op_ListElement, $1, NULL); }
-          | words ',' word               { $$ = ssl_expr_make(op_ListElement, $3, $1);   }
-          ;
-
-word      : T_DIGIT                      { $$ = ssl_expr_make(op_Digit,  $1, NULL); }
-          | T_STRING                     { $$ = ssl_expr_make(op_String, $1, NULL); }
-          | '%' '{' T_ID '}'             { $$ = ssl_expr_make(op_Var,    $3, NULL); }
-          | funccall                     { $$ = $1; }
-          ;
-
-regex     : T_REGEX { 
-                regex_t *regex;
-                if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, 
-                                         REG_EXTENDED|REG_NOSUB)) == NULL) {
-                    ssl_expr_error = "Failed to compile regular expression";
-                    YYERROR;
-                    regex = NULL;
-                }
-                $$ = ssl_expr_make(op_Regex, regex, NULL);
-            }
-          | T_REGEX_I {
-                regex_t *regex;
-                if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, 
-                                         REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) {
-                    ssl_expr_error = "Failed to compile regular expression";
-                    YYERROR;
-                    regex = NULL;
-                }
-                $$ = ssl_expr_make(op_Regex, regex, NULL);
-            }
-          ;
-
-funccall  : T_FUNC_FILE '(' T_STRING ')' { 
-               ssl_expr *args = ssl_expr_make(op_ListElement, $3, NULL);
-               $$ = ssl_expr_make(op_Func, "file", args);
-            }
-          ;
-
-%%
-
-int yyerror(char *s)
-{
-    ssl_expr_error = s;
-    return 2;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_expr_scan.l b/usr.sbin/httpd/src/modules/ssl/ssl_expr_scan.l
deleted file mode 100644
index 005e4b58c3e..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_expr_scan.l
+++ /dev/null
@@ -1,261 +0,0 @@
-/*                      _             _ 
-**  _ __ ___   ___   __| |    ___ ___| |  
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  
-** | | | | | | (_) | (_| |   \__ \__ \ | mod_ssl - Apache Interface to OpenSSL
-** |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/
-**                      |_____|         
-**  ssl_expr_scan.l
-**  Expression Scanner
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by 
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by 
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-                             /* ``Killing for peace is 
-                                  like fucking for virginity.''
-                                             -- Unknown  */
-
-/*  _________________________________________________________________
-**
-**  Expression Scanner
-**  _________________________________________________________________
-*/
-
-%{
-#include "mod_ssl.h"
-
-#include "ssl_expr_parse.h"
-
-#define YY_NO_UNPUT 1
-int yyinput(char *buf, int max_size);
-
-#undef  YY_INPUT
-#define YY_INPUT(buf,result,max_size) \
-    (result = yyinput(buf, max_size))
-
-#define MAX_STR_LEN 2048
-%}
-
-%pointer
-/* %option stack */
-%option never-interactive
-%option noyywrap
-%x str
-%x regex regex_flags
-
-%%
-  
-  char  caStr[MAX_STR_LEN];
-  char *cpStr = NULL;
-  char  caRegex[MAX_STR_LEN];
-  char *cpRegex = NULL;
-  char  cRegexDel = NUL;
-
- /*
-  * Whitespaces
-  */
-[ \t\n]+ { 
-    /* NOP */
-}
-
- /*
-  * C-style strings ("...")
-  */
-\" {
-    cpStr = caStr;
-    BEGIN(str);
-}
-\" {
-    BEGIN(INITIAL);
-    *cpStr = NUL;
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, caStr);
-    return T_STRING;
-}
-\n {
-    yyerror("Unterminated string");
-}
-\\[0-7]{1,3} {
-    int result;
-
-    (void)sscanf(yytext+1, "%o", &result);
-    if (result > 0xff)
-        yyerror("Escape sequence out of bound");
-    else
-        *cpStr++ = result;
-}
-\\[0-9]+ {
-    yyerror("Bad escape sequence");
-}
-\\n { *cpStr++ = '\n'; }
-\\r { *cpStr++ = '\r'; }
-\\t { *cpStr++ = '\t'; }
-\\b { *cpStr++ = '\b'; }
-\\f { *cpStr++ = '\f'; }
-\\(.|\n) {
-    *cpStr++ = yytext[1];
-}
-[^\\\n\"]+ {
-    char *cp = yytext;
-    while (*cp != NUL)
-        *cpStr++ = *cp++;
-}
-. {
-    *cpStr++ = yytext[1];
-}
-
- /*
-  * Regular Expression
-  */
-"m". {
-    cRegexDel = yytext[1];
-    cpRegex = caRegex;
-    BEGIN(regex);
-}
-.|\n {
-    if (yytext[0] == cRegexDel) {
-        *cpRegex = NUL;
-        BEGIN(regex_flags);
-    }
-    else {
-        *cpRegex++ = yytext[0];
-    }
-}
-i {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, caRegex);
-    BEGIN(INITIAL);
-    return T_REGEX_I;
-}
-.|\n {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, caRegex);
-    yyless(0);
-    BEGIN(INITIAL);
-    return T_REGEX;
-}
-<> {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, caRegex);
-    BEGIN(INITIAL);
-    return T_REGEX;
-}
-
- /*
-  * Operators
-  */
-"eq"  { return T_OP_EQ; }
-"=="  { return T_OP_EQ; }
-"ne"  { return T_OP_NE; }
-"!="  { return T_OP_NE; }
-"lt"  { return T_OP_LT; }
-"<"   { return T_OP_LT; }
-"le"  { return T_OP_LE; }
-"<="  { return T_OP_LE; }
-"gt"  { return T_OP_GT; }
-">"   { return T_OP_GT; }
-"ge"  { return T_OP_GE; }
-">="  { return T_OP_GE; }
-"=~"  { return T_OP_REG; }
-"!~"  { return T_OP_NRE; }
-"and" { return T_OP_AND; }
-"&&"  { return T_OP_AND; }
-"or"  { return T_OP_OR; }
-"||"  { return T_OP_OR; }
-"not" { return T_OP_NOT; }
-"!"   { return T_OP_NOT; }
-"in"  { return T_OP_IN; }
-
- /*
-  * Functions
-  */
-"file" { return T_FUNC_FILE; }
-
- /*
-  * Specials
-  */
-"true"  { return T_TRUE; }
-"false" { return T_FALSE; }
-
- /*
-  * Digits
-  */
-[0-9]+ {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, yytext);
-    return T_DIGIT;
-}
-
- /*
-  * Identifiers
-  */
-[a-zA-Z][a-zA-Z0-9_:-]* {
-    yylval.cpVal = ap_pstrdup(ssl_expr_info.pool, yytext);
-    return T_ID;
-}
-
- /*
-  * Anything else is returned as is...
-  */
-.|\n { 
-    return yytext[0];
-}
-
-%%
-
-int yyinput(char *buf, int max_size)
-{
-    int n;
-
-    if ((n = MIN(max_size, ssl_expr_info.inputbuf
-                         + ssl_expr_info.inputlen 
-                         - ssl_expr_info.inputptr)) <= 0)
-        return YY_NULL;
-    memcpy(buf, ssl_expr_info.inputptr, n);
-    ssl_expr_info.inputptr += n;
-    return n;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_scache.c b/usr.sbin/httpd/src/modules/ssl/ssl_scache.c
deleted file mode 100644
index 2b063b50ac8..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_scache.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_scache.c
-**  Session Cache Abstraction
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Open-Source Software: generous
-                                  programmers from around the world all
-                                  join forces to help you shoot
-                                  yourself in the foot for free.''
-                                                 -- Unknown         */
-#include "mod_ssl.h"
-
-/*  _________________________________________________________________
-**
-**  Session Cache: Common Abstraction Layer
-**  _________________________________________________________________
-*/
-
-void ssl_scache_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_init(s, p);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_init(s, p);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_init(s, p);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_init",
-                    AP_HOOK_SIG3(void,ptr,ptr), AP_HOOK_ALL, s, p);
-#endif
-    return;
-}
-
-void ssl_scache_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_kill(s);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_kill(s);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_kill(s);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_kill",
-                    AP_HOOK_SIG2(void,ptr), AP_HOOK_ALL, s);
-#endif
-    return;
-}
-
-BOOL ssl_scache_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
-{
-    SSLModConfigRec *mc = myModConfig();
-    BOOL rv = FALSE;
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        rv = ssl_scache_dbm_store(s, id, idlen, expiry, sess);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        rv = ssl_scache_shmht_store(s, id, idlen, expiry, sess);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        rv = ssl_scache_shmcb_store(s, id, idlen, expiry, sess);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_store",
-                    AP_HOOK_SIG6(int,ptr,ptr,int,int,ptr), AP_HOOK_ALL,
-                    (int *)&rv, s, id, idlen, (int)expiry, sess);
-#endif
-    return rv;
-}
-
-SSL_SESSION *ssl_scache_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSL_SESSION *sess = NULL;
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        sess = ssl_scache_dbm_retrieve(s, id, idlen);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        sess = ssl_scache_shmht_retrieve(s, id, idlen);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        sess = ssl_scache_shmcb_retrieve(s, id, idlen);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_retrieve",
-                    AP_HOOK_SIG4(ptr,ptr,ptr,int), AP_HOOK_ALL, 
-                    &sess, s, id, idlen);
-#endif
-    return sess;
-}
-
-void ssl_scache_remove(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_remove(s, id, idlen);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_remove(s, id, idlen);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_remove(s, id, idlen);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_remove",
-                    AP_HOOK_SIG4(void,ptr,ptr,int), AP_HOOK_ALL, s, id, idlen);
-#endif
-    return;
-}
-
-void ssl_scache_status(server_rec *s, pool *p, void (*func)(char *, void *), void *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_status(s, p, func, arg);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_status(s, p, func, arg);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_status(s, p, func, arg);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_status",
-                    AP_HOOK_SIG5(void,ptr,ptr,ptr,ptr), AP_HOOK_ALL, 
-                    s, p, func, arg);
-#endif
-    return;
-}
-
-void ssl_scache_expire(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->nSessionCacheMode == SSL_SCMODE_DBM)
-        ssl_scache_dbm_expire(s);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMHT)
-        ssl_scache_shmht_expire(s);
-    else if (mc->nSessionCacheMode == SSL_SCMODE_SHMCB)
-        ssl_scache_shmcb_expire(s);
-#ifdef SSL_VENDOR
-    else
-        ap_hook_use("ap::mod_ssl::vendor::scache_expire",
-                    AP_HOOK_SIG2(void,ptr), AP_HOOK_ALL, s);
-#endif
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c b/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c
deleted file mode 100644
index 78703958800..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_scache_dbm.c
+++ /dev/null
@@ -1,446 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_scache_dbm.c
-**  Session Cache via DBM
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-void ssl_scache_dbm_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-
-    /* for the DBM we need the data file */
-    if (mc->szSessionCacheDataFile == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
-        ssl_die();
-    }
-
-    /* open it once to create it and to make sure it _can_ be created */
-    ssl_mutex_on(s);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDWR|O_CREAT, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot create SSLSessionCache DBM file `%s'",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return;
-    }
-    ssl_dbm_close(dbm);
-
-    /*
-     * We have to make sure the Apache child processes have access to
-     * the DBM file. But because there are brain-dead platforms where we
-     * cannot exactly determine the suffixes we try all possibilities.
-     */
-    if (geteuid() == 0 /* is superuser */) {
-        chown(mc->szSessionCacheDataFile, ap_user_id, -1 /* no gid change */);
-        if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL),
-                  ap_user_id, -1) == -1) {
-            if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
-                      ap_user_id, -1) == -1)
-                chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL),
-                      ap_user_id, -1);
-        }
-        if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL),
-                  ap_user_id, -1) == -1) {
-            if (chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL),
-                      ap_user_id, -1) == -1)
-                chown(ap_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL),
-                      ap_user_id, -1);
-        }
-    }
-    ssl_mutex_off(s);
-    ssl_scache_dbm_expire(s);
-    return;
-}
-
-void ssl_scache_dbm_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    pool *p;
-
-    if ((p = ap_make_sub_pool(NULL)) != NULL) {
-        /* the correct way */
-        ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_DIR, NULL));
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, SSL_DBM_FILE_SUFFIX_PAG, NULL));
-        /* the additional ways to be sure */
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, ".dir", NULL));
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, ".pag", NULL));
-        unlink(ap_pstrcat(p, mc->szSessionCacheDataFile, ".db", NULL));
-        unlink(mc->szSessionCacheDataFile);
-        ap_destroy_pool(p);
-    }
-    return;
-}
-
-BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-    datum dbmkey;
-    datum dbmval;
-    UCHAR ucaData[SSL_SESSION_MAX_DER];
-    int nData;
-    UCHAR *ucp;
-
-    /* streamline session data */
-    if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
-        return FALSE;
-    ucp = ucaData;
-    i2d_SSL_SESSION(sess, &ucp);
-
-    /* be careful: do not try to store too much bytes in a DBM file! */
-    if ((idlen + nData) >= 950 /* at least less than approx. 1KB */)
-        return FALSE;
-
-    /* create DBM key */
-    dbmkey.dptr  = (char *)id;
-    dbmkey.dsize = idlen;
-
-    /* create DBM value */
-    dbmval.dsize = sizeof(time_t) + nData;
-    dbmval.dptr  = (char *)malloc(dbmval.dsize);
-    if (dbmval.dptr == NULL)
-        return FALSE;
-    memcpy((char *)dbmval.dptr, &expiry, sizeof(time_t));
-    memcpy((char *)dbmval.dptr+sizeof(time_t), ucaData, nData);
-
-    /* and store it to the DBM file */
-    ssl_mutex_on(s);
-    ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot open SSLSessionCache DBM file `%s' for writing (store)",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        free(dbmval.dptr);
-        return FALSE;
-    }
-    if (ssl_dbm_store(dbm, dbmkey, dbmval, DBM_INSERT) < 0) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot store SSL session to DBM file `%s'",
-                mc->szSessionCacheDataFile);
-        ssl_dbm_close(dbm);
-        ssl_mutex_off(s);
-        free(dbmval.dptr);
-        return FALSE;
-    }
-    ssl_dbm_close(dbm);
-    ssl_mutex_off(s);
-
-    /* free temporary buffers */
-    free(dbmval.dptr);
-
-    /* allow the regular expiring to occur */
-    ssl_scache_dbm_expire(s);
-
-    return TRUE;
-}
-
-SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-    datum dbmkey;
-    datum dbmval;
-    SSL_SESSION *sess = NULL;
-    UCHAR *ucpData;
-    int nData;
-    time_t expiry;
-    time_t now;
-
-    /* allow the regular expiring to occur */
-    ssl_scache_dbm_expire(s);
-
-    /* create DBM key and values */
-    dbmkey.dptr  = (char *)id;
-    dbmkey.dsize = idlen;
-
-    /* and fetch it from the DBM file */
-    ssl_mutex_on(s);
-    ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDONLY, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot open SSLSessionCache DBM file `%s' for reading (fetch)",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return NULL;
-    }
-    dbmval = ssl_dbm_fetch(dbm, dbmkey);
-    ssl_mutex_off(s);
-
-    /* immediately return if not found */
-    if (dbmval.dptr == NULL || dbmval.dsize <= sizeof(time_t)) {
-	ssl_dbm_close(dbm);
-        return NULL;
-    }
-
-    /* parse resulting data */
-    nData = dbmval.dsize-sizeof(time_t);
-    ucpData = (UCHAR *)malloc(nData);
-    if (ucpData == NULL) {
-	ssl_dbm_close(dbm);
-        return NULL;
-    }
-    memcpy(ucpData, (char *)dbmval.dptr+sizeof(time_t), nData);
-    memcpy(&expiry, dbmval.dptr, sizeof(time_t));
-
-    ssl_dbm_close(dbm);
-
-    /* make sure the stuff is still not expired */
-    now = time(NULL);
-    if (expiry <= now) {
-        ssl_scache_dbm_remove(s, id, idlen);
-        return NULL;
-    }
-
-    /* unstreamed SSL_SESSION */
-    sess = d2i_SSL_SESSION(NULL, &ucpData, nData);
-
-    return sess;
-}
-
-void ssl_scache_dbm_remove(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-    datum dbmkey;
-
-    /* create DBM key and values */
-    dbmkey.dptr  = (char *)id;
-    dbmkey.dsize = idlen;
-
-    /* and delete it from the DBM file */
-    ssl_mutex_on(s);
-    ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot open SSLSessionCache DBM file `%s' for writing (delete)",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return;
-    }
-    ssl_dbm_delete(dbm, dbmkey);
-    ssl_dbm_close(dbm);
-    ssl_mutex_off(s);
-
-    return;
-}
-
-void ssl_scache_dbm_expire(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSLSrvConfigRec *sc = mySrvConfig(s);
-    static time_t tLast = 0;
-    DBM *dbm;
-    datum dbmkey;
-    datum dbmval;
-    pool *p;
-    time_t tExpiresAt;
-    int nElements = 0;
-    int nDeleted = 0;
-    int bDelete;
-    datum *keylist;
-    int keyidx;
-    int i;
-    time_t tNow;
-
-    /*
-     * make sure the expiration for still not-accessed session
-     * cache entries is done only from time to time
-     */
-    tNow = time(NULL);
-    if (tNow < tLast+sc->nSessionCacheTimeout)
-        return;
-    tLast = tNow;
-
-    /*
-     * Here we have to be very carefully: Not all DBM libraries are
-     * smart enough to allow one to iterate over the elements and at the
-     * same time delete expired ones. Some of them get totally crazy
-     * while others have no problems. So we have to do it the slower but
-     * more safe way: we first iterate over all elements and remember
-     * those which have to be expired. Then in a second pass we delete
-     * all those expired elements. Additionally we reopen the DBM file
-     * to be really safe in state.
-     */
-
-#define KEYMAX 1024
-
-    ssl_mutex_on(s);
-    for (;;) {
-        /* allocate the key array in a memory sub pool */
-        if ((p = ap_make_sub_pool(NULL)) == NULL)
-            break;
-        if ((keylist = ap_palloc(p, sizeof(dbmkey)*KEYMAX)) == NULL) {
-            ap_destroy_pool(p);
-            break;
-        }
-
-        /* pass 1: scan DBM database */
-        keyidx = 0;
-	ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-        if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                                O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                    "Cannot open SSLSessionCache DBM file `%s' for scanning",
-                    mc->szSessionCacheDataFile);
-            ap_destroy_pool(p);
-            break;
-        }
-        dbmkey = ssl_dbm_firstkey(dbm);
-        while (dbmkey.dptr != NULL) {
-            nElements++;
-            bDelete = FALSE;
-            dbmval = ssl_dbm_fetch(dbm, dbmkey);
-            if (dbmval.dsize <= sizeof(time_t) || dbmval.dptr == NULL)
-                bDelete = TRUE;
-            else {
-                memcpy(&tExpiresAt, dbmval.dptr, sizeof(time_t));
-                if (tExpiresAt <= tNow)
-                    bDelete = TRUE;
-            }
-            if (bDelete) {
-                if ((keylist[keyidx].dptr = ap_palloc(p, dbmkey.dsize)) != NULL) {
-                    memcpy(keylist[keyidx].dptr, dbmkey.dptr, dbmkey.dsize);
-                    keylist[keyidx].dsize = dbmkey.dsize;
-                    keyidx++;
-                    if (keyidx == KEYMAX)
-                        break;
-                }
-            }
-            dbmkey = ssl_dbm_nextkey(dbm);
-        }
-        ssl_dbm_close(dbm);
-
-        /* pass 2: delete expired elements */
-        if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                                O_RDWR, SSL_DBM_FILE_MODE)) == NULL) {
-            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                    "Cannot re-open SSLSessionCache DBM file `%s' for expiring",
-                    mc->szSessionCacheDataFile);
-            ap_destroy_pool(p);
-            break;
-        }
-        for (i = 0; i < keyidx; i++) {
-            ssl_dbm_delete(dbm, keylist[i]);
-            nDeleted++;
-        }
-        ssl_dbm_close(dbm);
-
-        /* destroy temporary pool */
-        ap_destroy_pool(p);
-
-        if (keyidx < KEYMAX)
-            break;
-    }
-    ssl_mutex_off(s);
-
-    ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (DBM) Expiry: "
-            "old: %d, new: %d, removed: %d", nElements, nElements-nDeleted, nDeleted);
-    return;
-}
-
-void ssl_scache_dbm_status(server_rec *s, pool *p, void (*func)(char *, void *), void *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-    DBM *dbm;
-    datum dbmkey;
-    datum dbmval;
-    int nElem;
-    int nSize;
-    int nAverage;
-
-    nElem = 0;
-    nSize = 0;
-    ssl_mutex_on(s);
-    ap_server_strip_chroot(mc->szSessionCacheDataFile, 0);
-    if ((dbm = ssl_dbm_open(mc->szSessionCacheDataFile,
-                            O_RDONLY, SSL_DBM_FILE_MODE)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
-                "Cannot open SSLSessionCache DBM file `%s' for status retrival",
-                mc->szSessionCacheDataFile);
-        ssl_mutex_off(s);
-        return;
-    }
-    dbmkey = ssl_dbm_firstkey(dbm);
-    for ( ; dbmkey.dptr != NULL; dbmkey = ssl_dbm_nextkey(dbm)) {
-        dbmval = ssl_dbm_fetch(dbm, dbmkey);
-        if (dbmval.dptr == NULL)
-            continue;
-        nElem += 1;
-        nSize += dbmval.dsize;
-    }
-    ssl_dbm_close(dbm);
-    ssl_mutex_off(s);
-    if (nSize > 0 && nElem > 0)
-        nAverage = nSize / nElem;
-    else
-        nAverage = 0;
-    func(ap_psprintf(p, "cache type: DBM, maximum size: unlimited
    "), arg);
-    func(ap_psprintf(p, "current sessions: %d, current size: %d bytes
    ", nElem, nSize), arg);
-    func(ap_psprintf(p, "average session size: %d bytes
    ", nAverage), arg);
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmcb.c b/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmcb.c
deleted file mode 100644
index e25f30cfe11..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmcb.c
+++ /dev/null
@@ -1,1310 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_scache_shmcb.c
-**  Session Cache via Shared Memory (Cyclic Buffer Variant)
-*/
-
-/* ====================================================================
- * Copyright (c) 2000-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-/* 
- * This shared memory based SSL session cache implementation was
- * originally written by Geoff Thorpe  for C2Net 
- * Europe and as a contribution to Ralf Engelschall's mod_ssl project.
- */
-
-/*
- * The shared-memory segment header can be cast to and from the
- * SHMCBHeader type, all other structures need to be initialised by
- * utility functions.
- *
- * The "header" looks like this;
- *
- * data applying to the overall structure:
- * - division_offset (unsigned int):
- *   how far into the shared memory segment the first division is.
- * - division_size (unsigned int):
- *   how many bytes each division occupies.
- *   (NB: This includes the queue and the cache)
- * - division_mask (unsigned char):
- *   the "mask" in the next line. Add one to this,
- *   and that's the number of divisions.
- *
- * data applying to within each division:
- * - queue_size (unsigned int):
- *   how big each "queue" is. NB: The queue is the first block in each
- *   division and is followed immediately by the cache itself so so
- *   there's no cache_offset value.
- *
- * data applying to within each queue:
- * - index_num (unsigned char):
- *   how many indexes in each cache's queue
- * - index_offset (unsigned char):
- *   how far into the queue the first index is.
- * - index_size:
- *   how big each index is.
- *
- * data applying to within each cache:
- * - cache_data_offset (unsigned int):
- *   how far into the cache the session-data array is stored.
- * - cache_data_size (unsigned int):
- *   how big each cache's data block is.
- *
- * statistics data (this will eventually be per-division but right now
- * there's only one mutex):
- * - stores (unsigned long):
- *   how many stores have been performed in the cache.
- * - expiries (unsigned long):
- *   how many session have been expired from the cache.
- * - scrolled (unsigned long):
- *   how many sessions have been scrolled out of full cache during a
- *   "store" operation. This is different to the "removes" stats as
- *   they are requested by mod_ssl/Apache, these are done because of
- *   cache logistics. (NB: Also, this value should be deducible from
- *   the others if my code has no bugs, but I count it anyway - plus
- *   it helps debugging :-).
- * - retrieves_hit (unsigned long):
- *   how many session-retrieves have succeeded.
- * - retrieves_miss (unsigned long):
- *   how many session-retrieves have failed.
- * - removes_hit (unsigned long):
- * - removes_miss (unsigned long):
- * 
- * Following immediately after the header is an array of "divisions".
- * Each division is simply a "queue" immediately followed by its
- * corresponding "cache". Each division handles some pre-defined band
- * of sessions by using the "division_mask" in the header. Eg. if
- * division_mask=0x1f then there are 32 divisions, the first of which
- * will store sessions whose least-significant 5 bits are 0, the second
- * stores session whose LS 5 bits equal 1, etc. A queue is an indexing
- * structure referring to its corresponding cache.
- *
- * A "queue" looks like this;
- *
- * - first_pos (unsigned int):
- *   the location within the array of indexes where the virtual
- *   "left-hand-edge" of the cyclic buffer is.
- * - pos_count (unsigned int):
- *   the number of indexes occupied from first_pos onwards.
- *
- * ...followed by an array of indexes, each of which can be
- * memcpy'd to and from an SHMCBIndex, and look like this;
- *
- * - expires (time_t):
- *   the time() value at which this session expires.
- * - offset (unsigned int):
- *   the offset within the cache data block where the corresponding
- *   session is stored.
- * - s_id2 (unsigned char):
- *   the second byte of the session_id, stored as an optimisation to
- *   reduce the number of d2i_SSL_SESSION calls that are made when doing
- *   a lookup.
- * - removed (unsigned char):
- *   a byte used to indicate whether a session has been "passively"
- *   removed. Ie. it is still in the cache but is to be disregarded by
- *   any "retrieve" operation.
- *
- * A "cache" looks like this;
- *
- * - first_pos (unsigned int):
- *   the location within the data block where the virtual
- *   "left-hand-edge" of the cyclic buffer is.
- * - pos_count (unsigned int):
- *   the number of bytes used in the data block from first_pos onwards.
- *
- * ...followed by the data block in which actual DER-encoded SSL
- * sessions are stored.
- */
-
-/* 
- * Header - can be memcpy'd to and from the front of the shared
- * memory segment. NB: The first copy (commented out) has the
- * elements in a meaningful order, but due to data-alignment
- * braindeadness, the second (uncommented) copy has the types grouped
- * so as to decrease "struct-bloat". sigh.
- */
-typedef struct {
-    unsigned long num_stores;
-    unsigned long num_expiries;
-    unsigned long num_scrolled;
-    unsigned long num_retrieves_hit;
-    unsigned long num_retrieves_miss;
-    unsigned long num_removes_hit;
-    unsigned long num_removes_miss;
-    unsigned int division_offset;
-    unsigned int division_size;
-    unsigned int queue_size;
-    unsigned int cache_data_offset;
-    unsigned int cache_data_size;
-    unsigned char division_mask;
-    unsigned int index_num;
-    unsigned int index_offset;
-    unsigned int index_size;
-} SHMCBHeader;
-
-/* 
- * Index - can be memcpy'd to and from an index inside each
- * queue's index array.
- */
-typedef struct {
-    time_t expires;
-    unsigned int offset;
-    unsigned char s_id2;
-    unsigned char removed;
-} SHMCBIndex;
-
-/* 
- * Queue - must be populated by a call to shmcb_get_division
- * and the structure's pointers are used for updating (ie.
- * the structure doesn't need any "set" to update values).
- */
-typedef struct {
-    SHMCBHeader *header;
-    unsigned int *first_pos;
-    unsigned int *pos_count;
-    SHMCBIndex *indexes;
-} SHMCBQueue;
-
-/* 
- * Cache - same comment as for Queue. 'Queue's are in a 1-1
- * correspondance with 'Cache's and are usually carried round
- * in a pair, they are only seperated for clarity.
- */
-typedef struct {
-    SHMCBHeader *header;
-    unsigned int *first_pos;
-    unsigned int *pos_count;
-    unsigned char *data;
-} SHMCBCache;
-
-/*
- * Forward function prototypes.
- */
-
-/* Functions for working around data-alignment-picky systems (sparcs,
-   Irix, etc). These use "memcpy" as a way of foxing these systems into
-   treating the composite types as byte-arrays rather than higher-level
-   primitives that it prefers to have 4-(or 8-)byte aligned. I don't
-   envisage this being a performance issue as a couple of 2 or 4 byte
-   memcpys can hardly make a dent on the massive memmove operations this
-   cache technique avoids, nor the overheads of ASN en/decoding. */
-static unsigned int shmcb_get_safe_uint(unsigned int *);
-static void shmcb_set_safe_uint_ex(unsigned char *, const unsigned char *);
-#define shmcb_set_safe_uint(pdest, src) \
-	do { \
-		unsigned int tmp_uint = src; \
-		shmcb_set_safe_uint_ex((unsigned char *)pdest, \
-			(const unsigned char *)(&tmp_uint)); \
-	} while(0)
-static time_t shmcb_get_safe_time(time_t *);
-static void shmcb_set_safe_time_ex(unsigned char *, const unsigned char *);
-#define shmcb_set_safe_time(pdest, src) \
-	do { \
-		time_t tmp_time = src; \
-		shmcb_set_safe_time_ex((unsigned char *)pdest, \
-			(const unsigned char *)(&tmp_time)); \
-	} while(0)
-
-/* This is necessary simply so that the size passed to memset() is not a
- * compile-time constant, preventing the compiler from optimising it. */
-static void shmcb_safe_clear(void *ptr, size_t size)
-{
-	memset(ptr, 0, size);
-}
-
-/* Underlying functions for session-caching */
-static BOOL shmcb_init_memory(server_rec *, void *, unsigned int);
-static BOOL shmcb_store_session(server_rec *, void *, UCHAR *, int, SSL_SESSION *, time_t);
-static SSL_SESSION *shmcb_retrieve_session(server_rec *, void *, UCHAR *, int);
-static BOOL shmcb_remove_session(server_rec *, void *, UCHAR *, int);
-
-/* Utility functions for manipulating the structures */
-static void shmcb_get_header(void *, SHMCBHeader **);
-static BOOL shmcb_get_division(SHMCBHeader *, SHMCBQueue *, SHMCBCache *, unsigned int);
-static SHMCBIndex *shmcb_get_index(const SHMCBQueue *, unsigned int);
-static unsigned int shmcb_expire_division(server_rec *, SHMCBQueue *, SHMCBCache *);
-static BOOL shmcb_insert_encoded_session(server_rec *, SHMCBQueue *, SHMCBCache *, unsigned char *, unsigned int, unsigned char *, time_t);
-static SSL_SESSION *shmcb_lookup_session_id(server_rec *, SHMCBQueue *, SHMCBCache *, UCHAR *, int);
-static BOOL shmcb_remove_session_id(server_rec *, SHMCBQueue *, SHMCBCache *, UCHAR *, int);
-
-/*
- * Data-alignment functions (a.k.a. avoidance tactics)
- *
- * NB: On HPUX (and possibly others) there is a *very* mischievous little
- * "optimisation" in the compilers where it will convert the following;
- *      memcpy(dest_ptr, &source, sizeof(unsigned int));
- * (where dest_ptr is of type (unsigned int *) and source is (unsigned int))
- * into;
- *      *dest_ptr = source; (or *dest_ptr = *(&source), not sure).
- * Either way, it completely destroys the whole point of these _safe_
- * functions, because the assignment operation will fall victim to the
- * architecture's byte-alignment dictations, whereas the memcpy (as a
- * byte-by-byte copy) should not. sigh. So, if you're wondering about the
- * apparently unnecessary conversions to (unsigned char *) in these
- * functions, you now have an explanation. Don't just revert them back and
- * say "ooh look, it still works" - if you try it on HPUX (well, 32-bit
- * HPUX 11.00 at least) you may find it fails with a SIGBUS. :-(
- */
-
-static unsigned int shmcb_get_safe_uint(unsigned int *ptr)
-{
-    unsigned int ret;
-    shmcb_set_safe_uint_ex((unsigned char *)(&ret),
-		    (const unsigned char *)ptr);
-    return ret;
-}
-
-static void shmcb_set_safe_uint_ex(unsigned char *dest,
-				const unsigned char *src)
-{
-    memcpy(dest, src, sizeof(unsigned int));
-}
-
-static time_t shmcb_get_safe_time(time_t * ptr)
-{
-    time_t ret;
-    shmcb_set_safe_time_ex((unsigned char *)(&ret),
-		    (const unsigned char *)ptr);
-    return ret;
-}
-
-static void shmcb_set_safe_time_ex(unsigned char *dest,
-				const unsigned char *src)
-{
-    memcpy(dest, src, sizeof(time_t));
-}
-
-/*
-**
-** High-Level "handlers" as per ssl_scache.c
-**
-*/
-
-static void *shmcb_malloc(size_t size)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return ap_mm_malloc(mc->pSessionCacheDataMM, size);
-}
-
-void ssl_scache_shmcb_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    AP_MM *mm;
-    void *shm_segment = NULL;
-    int avail, avail_orig;
-
-    /*
-     * Create shared memory segment
-     */
-    if (mc->szSessionCacheDataFile == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
-        ssl_die();
-    }
-    if ((mm = ap_mm_create(mc->nSessionCacheDataSize,
-                           mc->szSessionCacheDataFile)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Cannot allocate shared memory: %s", ap_mm_error());
-        ssl_die();
-    }
-    mc->pSessionCacheDataMM = mm;
-
-    /*
-     * Make sure the child processes have access to the underlying files
-     */
-    ap_mm_permission(mm, SSL_MM_FILE_MODE, ap_user_id, -1);
-
-    /*
-     * Create cache inside the shared memory segment
-     */
-    avail = avail_orig = ap_mm_available(mm);
-    ssl_log(s, SSL_LOG_TRACE, "Shared-memory segment has %u available",
-            avail);
-
-    /* 
-     * For some reason to do with MM's internal management, I can't
-     * allocate the full amount. Implement a reasonable form of trial
-     * and error and output trace information.
-     */
-    while ((shm_segment == NULL) && ((avail_orig - avail) * 100 < avail_orig)) {
-        shm_segment = shmcb_malloc(avail);
-        if (shm_segment == NULL) {
-            ssl_log(s, SSL_LOG_TRACE,
-                    "shmcb_malloc attempt for %u bytes failed", avail);
-            avail -= 2;
-        }
-    }
-    if (shm_segment == NULL) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Cannot allocate memory for the 'shmcb' session cache\n");
-        ssl_die();
-    }
-    ssl_log(s, SSL_LOG_TRACE, "shmcb_init allocated %u bytes of shared "
-            "memory", avail);
-    if (!shmcb_init_memory(s, shm_segment, avail)) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Failure initialising 'shmcb' shared memory");
-        ssl_die();
-    }
-    ssl_log(s, SSL_LOG_INFO, "Shared memory session cache initialised");
-
-    /* 
-     * Success ... we hack the memory block into place by cheating for
-     * now and stealing a member variable the original shared memory
-     * cache was using. :-)
-     */
-    mc->tSessionCacheDataTable = (table_t *) shm_segment;
-    return;
-}
-
-void ssl_scache_shmcb_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->pSessionCacheDataMM != NULL) {
-        ap_mm_destroy(mc->pSessionCacheDataMM);
-        mc->pSessionCacheDataMM = NULL;
-    }
-    return;
-}
-
-BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
-                           time_t timeout, SSL_SESSION * pSession)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *shm_segment;
-    BOOL to_return = FALSE;
-
-    /* We've kludged our pointer into the other cache's member variable. */
-    shm_segment = (void *) mc->tSessionCacheDataTable;
-    ssl_mutex_on(s);
-    if (!shmcb_store_session(s, shm_segment, id, idlen, pSession, timeout))
-        /* in this cache engine, "stores" should never fail. */
-        ssl_log(s, SSL_LOG_ERROR, "'shmcb' code was unable to store a "
-                "session in the cache.");
-    else {
-        ssl_log(s, SSL_LOG_TRACE, "shmcb_store successful");
-        to_return = TRUE;
-    }
-    ssl_mutex_off(s);
-    return to_return;
-}
-
-SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *shm_segment;
-    SSL_SESSION *pSession;
-
-    /* We've kludged our pointer into the other cache's member variable. */
-    shm_segment = (void *) mc->tSessionCacheDataTable;
-    ssl_mutex_on(s);
-    pSession = shmcb_retrieve_session(s, shm_segment, id, idlen);
-    ssl_mutex_off(s);
-    if (pSession)
-        ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a hit");
-    else {
-        ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a miss");
-        ssl_log(s, SSL_LOG_INFO, "Client requested a 'session-resume' but "
-                "we have no such session.");
-    }
-    return pSession;
-}
-
-void ssl_scache_shmcb_remove(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *shm_segment;
-
-    /* We've kludged our pointer into the other cache's member variable. */
-    shm_segment = (void *) mc->tSessionCacheDataTable;
-    ssl_mutex_on(s);
-    shmcb_remove_session(s, shm_segment, id, idlen);
-    ssl_mutex_off(s);
-}
-
-void ssl_scache_shmcb_expire(server_rec *s)
-{
-    /* NOP */
-    return;
-}
-
-void ssl_scache_shmcb_status(server_rec *s, pool *p,
-                            void (*func) (char *, void *), void *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    SHMCBIndex *idx;
-    void *shm_segment;
-    unsigned int loop, total, cache_total, non_empty_divisions;
-    int index_pct, cache_pct;
-    double expiry_total;
-    time_t average_expiry, now, max_expiry, min_expiry, idxexpiry;
-
-    ssl_log(s, SSL_LOG_TRACE, "inside ssl_scache_shmcb_status");
-
-    /* We've kludged our pointer into the other cache's member variable. */
-    shm_segment = (void *) mc->tSessionCacheDataTable;
-
-    /* Get the header structure. */
-    shmcb_get_header(shm_segment, &header);
-    total = cache_total = non_empty_divisions = 0;
-    average_expiry = max_expiry = min_expiry = 0;
-    expiry_total = 0;
-
-    /* It may seem strange to grab "now" at this point, but in theory
-     * we should never have a negative threshold but grabbing "now" after
-     * the loop (which performs expiries) could allow that chance. */
-    now = time(NULL);
-    for (loop = 0; loop <= header->division_mask; loop++) {
-        if (shmcb_get_division(header, &queue, &cache, loop)) {
-            shmcb_expire_division(s, &queue, &cache);
-            total += shmcb_get_safe_uint(queue.pos_count);
-            cache_total += shmcb_get_safe_uint(cache.pos_count);
-            if (shmcb_get_safe_uint(queue.pos_count) > 0) {
-                idx = shmcb_get_index(&queue,
-                                     shmcb_get_safe_uint(queue.first_pos));
-                non_empty_divisions++;
-                idxexpiry = shmcb_get_safe_time(&(idx->expires));
-                expiry_total += (double) idxexpiry;
-                max_expiry = (idxexpiry > max_expiry ? idxexpiry :
-                              max_expiry);
-                if (min_expiry == 0)
-                    min_expiry = idxexpiry;
-                else
-                    min_expiry = (idxexpiry < min_expiry ? idxexpiry :
-                                  min_expiry);
-            }
-        }
-    }
-    index_pct = (100 * total) / (header->index_num * (header->division_mask + 1));
-    cache_pct = (100 * cache_total) / (header->cache_data_size * (header->division_mask + 1));
-    func(ap_psprintf(p, "cache type: SHMCB, shared memory: %d "
-                     "bytes, current sessions: %d
    ",
-                     mc->nSessionCacheDataSize, total), arg);
-    func(ap_psprintf(p, "sub-caches: %d, indexes per sub-cache: "
-                     "%d
    ", (int) header->division_mask + 1,
-                     (int) header->index_num), arg);
-    if (non_empty_divisions != 0) {
-        average_expiry = (time_t)(expiry_total / (double)non_empty_divisions);
-        func(ap_psprintf(p, "time left on oldest entries' SSL sessions: "), arg);
-        if (now < average_expiry)
-            func(ap_psprintf(p, "avg: %d seconds, (range: %d...%d)
    ",
-                            (int)(average_expiry - now), (int) (min_expiry - now),
-                            (int)(max_expiry - now)), arg);
-        else
-            func(ap_psprintf(p, "expiry threshold: Calculation Error!" 
-                             "
    "), arg);
-
-    }
-    func(ap_psprintf(p, "index usage: %d%%, cache usage: %d%%"
-                     "
    ", index_pct, cache_pct), arg);
-    func(ap_psprintf(p, "total sessions stored since starting: %lu
    ",
-                     header->num_stores), arg);
-    func(ap_psprintf(p, "total sessions expired since starting: %lu
    ",
-                     header->num_expiries), arg);
-    func(ap_psprintf(p, "total (pre-expiry) sessions scrolled out of the "
-                     "cache: %lu
    ", header->num_scrolled), arg);
-    func(ap_psprintf(p, "total retrieves since starting: %lu hit, "
-                     "%lu miss
    ", header->num_retrieves_hit,
-                     header->num_retrieves_miss), arg);
-    func(ap_psprintf(p, "total removes since starting: %lu hit, "
-                     "%lu miss
    ", header->num_removes_hit,
-                     header->num_removes_miss), arg);
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_status");
-    return;
-}
-
-/*
-**
-** Memory manipulation and low-level cache operations 
-**
-*/
-
-static BOOL shmcb_init_memory(
-    server_rec *s, void *shm_mem,
-    unsigned int shm_mem_size)
-{
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    unsigned int temp, loop, granularity;
-
-    ssl_log(s, SSL_LOG_TRACE, "entered shmcb_init_memory()");
-
-    /* Calculate some sizes... */
-    temp = sizeof(SHMCBHeader);
-
-    /* If the segment is ridiculously too small, bail out */
-    if (shm_mem_size < (2*temp)) {
-        ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small");
-        return FALSE;
-    }
-
-    /* Make temp the amount of memory without the header */
-    temp = shm_mem_size - temp;
-
-    /* Work on the basis that you need 10 bytes index for each session
-     * (approx 150 bytes), which is to divide temp by 160 - and then
-     * make sure we err on having too index space to burn even when
-     * the cache is full, which is a lot less stupid than having
-     * having not enough index space to utilise the whole cache!. */
-    temp /= 120;
-    ssl_log(s, SSL_LOG_TRACE, "for %u bytes, recommending %u indexes",
-            shm_mem_size, temp);
-
-    /* We should divide these indexes evenly amongst the queues. Try
-     * to get it so that there are roughly half the number of divisions
-     * as there are indexes in each division. */
-    granularity = 256;
-    while ((temp / granularity) < (2 * granularity))
-        granularity /= 2;
-
-    /* So we have 'granularity' divisions, set 'temp' equal to the
-     * number of indexes in each division. */
-    temp /= granularity;
-
-    /* Too small? Bail ... */
-    if (temp < 5) {
-        ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small");
-        return FALSE;
-    }
-
-    /* OK, we're sorted - from here on in, the return should be TRUE */
-    header = (SHMCBHeader *)shm_mem;
-    header->division_mask = (unsigned char)(granularity - 1);
-    header->division_offset = sizeof(SHMCBHeader);
-    header->index_num = temp;
-    header->index_offset = (2 * sizeof(unsigned int));
-    header->index_size = sizeof(SHMCBIndex);
-    header->queue_size = header->index_offset +
-                         (header->index_num * header->index_size);
-
-    /* Now calculate the space for each division */
-    temp = shm_mem_size - header->division_offset;
-    header->division_size = temp / granularity;
-
-    /* Calculate the space left in each division for the cache */
-    temp -= header->queue_size;
-    header->cache_data_offset = (2 * sizeof(unsigned int));
-    header->cache_data_size = header->division_size -
-                              header->queue_size - header->cache_data_offset;
-
-    /* Output trace info */
-    ssl_log(s, SSL_LOG_TRACE, "shmcb_init_memory choices follow");
-    ssl_log(s, SSL_LOG_TRACE, "division_mask = 0x%02X", header->division_mask);
-    ssl_log(s, SSL_LOG_TRACE, "division_offset = %u", header->division_offset);
-    ssl_log(s, SSL_LOG_TRACE, "division_size = %u", header->division_size);
-    ssl_log(s, SSL_LOG_TRACE, "queue_size = %u", header->queue_size);
-    ssl_log(s, SSL_LOG_TRACE, "index_num = %u", header->index_num);
-    ssl_log(s, SSL_LOG_TRACE, "index_offset = %u", header->index_offset);
-    ssl_log(s, SSL_LOG_TRACE, "index_size = %u", header->index_size);
-    ssl_log(s, SSL_LOG_TRACE, "cache_data_offset = %u", header->cache_data_offset);
-    ssl_log(s, SSL_LOG_TRACE, "cache_data_size = %u", header->cache_data_size);
-
-    /* The header is done, make the caches empty */
-    for (loop = 0; loop < granularity; loop++) {
-        if (!shmcb_get_division(header, &queue, &cache, loop))
-            ssl_log(s, SSL_LOG_ERROR, "shmcb_init_memory, " "internal error");
-        shmcb_set_safe_uint(cache.first_pos, 0);
-        shmcb_set_safe_uint(cache.pos_count, 0);
-        shmcb_set_safe_uint(queue.first_pos, 0);
-        shmcb_set_safe_uint(queue.pos_count, 0);
-    }
-
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_init_memory()");
-    return TRUE;
-}
-
-static BOOL shmcb_store_session(
-    server_rec *s, void *shm_segment, UCHAR *id,
-    int idlen, SSL_SESSION * pSession,
-    time_t timeout)
-{
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    unsigned char masked_index;
-    unsigned char encoded[SSL_SESSION_MAX_DER];
-    unsigned char *ptr_encoded;
-    unsigned int len_encoded;
-    time_t expiry_time;
-
-    ssl_log(s, SSL_LOG_TRACE, "inside shmcb_store_session");
-
-    /* Get the header structure, which division this session will fall into etc. */
-    shmcb_get_header(shm_segment, &header);
-    masked_index = pSession->session_id[0] & header->division_mask;
-    ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, masked index=%u",
-            pSession->session_id[0], masked_index);
-    if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_store_session, " "internal error");
-        return FALSE;
-    }
-
-    /* Serialise the session, work out how much we're dealing
-     * with. NB: This check could be removed if we're not paranoid
-     * or we find some assurance that it will never be necessary. */
-    len_encoded = i2d_SSL_SESSION(pSession, NULL);
-    if (len_encoded > SSL_SESSION_MAX_DER) {
-        ssl_log(s, SSL_LOG_ERROR, "session is too big (%u bytes)",
-                len_encoded);
-        return FALSE;
-    }
-    ptr_encoded = encoded;
-    len_encoded = i2d_SSL_SESSION(pSession, &ptr_encoded);
-    expiry_time = timeout;
-    if (!shmcb_insert_encoded_session(s, &queue, &cache, encoded,
-                                     len_encoded, pSession->session_id,
-                                     expiry_time)) {
-        ssl_log(s, SSL_LOG_ERROR, "can't store a session!");
-        return FALSE;
-    }
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_store successfully");
-    header->num_stores++;
-    return TRUE;
-}
-
-static SSL_SESSION *shmcb_retrieve_session(
-    server_rec *s, void *shm_segment,
-    UCHAR *id, int idlen)
-{
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    unsigned char masked_index;
-    SSL_SESSION *pSession;
-
-    ssl_log(s, SSL_LOG_TRACE, "inside shmcb_retrieve_session");
-    if (idlen < 2) {
-        ssl_log(s, SSL_LOG_ERROR, "unusably short session_id provided "
-                "(%u bytes)", idlen);
-        return FALSE;
-    }
-
-    /* Get the header structure, which division this session lookup
-     * will come from etc. */
-    shmcb_get_header(shm_segment, &header);
-    masked_index = id[0] & header->division_mask;
-    ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u", id[0],
-            masked_index);
-    if (!shmcb_get_division(header, &queue, &cache, (unsigned int) masked_index)) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_retrieve_session, " "internal error");
-        header->num_retrieves_miss++;
-        return FALSE;
-    }
-
-    /* Get the session corresponding to the session_id or NULL if it
-     * doesn't exist (or is flagged as "removed"). */
-    pSession = shmcb_lookup_session_id(s, &queue, &cache, id, idlen);
-    if (pSession)
-        header->num_retrieves_hit++;
-    else
-        header->num_retrieves_miss++;
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_retrieve_session");
-    return pSession;
-}
-
-static BOOL shmcb_remove_session(
-    server_rec *s, void *shm_segment,
-    UCHAR *id, int idlen)
-{
-    SHMCBHeader *header;
-    SHMCBQueue queue;
-    SHMCBCache cache;
-    unsigned char masked_index;
-    BOOL res;
-
-    ssl_log(s, SSL_LOG_TRACE, "inside shmcb_remove_session");
-    if (id == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "remove called with NULL session_id!");
-        return FALSE;
-    }
-
-    /* Get the header structure, which division this session remove
-     * will happen in etc. */
-    shmcb_get_header(shm_segment, &header);
-    masked_index = id[0] & header->division_mask;
-    ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u",
-            id[0], masked_index);
-    if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session, internal error");
-        header->num_removes_miss++;
-        return FALSE;
-    }
-    res = shmcb_remove_session_id(s, &queue, &cache, id, idlen);
-    if (res)
-        header->num_removes_hit++;
-    else
-        header->num_removes_miss++;
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session");
-    return res;
-}
-
-
-/* 
-**
-** Weirdo cyclic buffer functions
-**
-*/
-
-/* This gets used in the cyclic "index array" (in the 'Queue's) and
- * in the cyclic 'Cache's too ... you provide the "width" of the
- * cyclic store, the starting position and how far to move (with
- * wrapping if necessary). Basically it's addition modulo buf_size. */
-static unsigned int shmcb_cyclic_increment(
-    unsigned int buf_size,
-    unsigned int start_pos,
-    unsigned int to_add)
-{
-    start_pos += to_add;
-    while (start_pos >= buf_size)
-        start_pos -= buf_size;
-    return start_pos;
-}
-
-/* Given two positions in a cyclic buffer, calculate the "distance".
- * This is to cover the case ("non-trivial") where the 'next' offset
- * is to the left of the 'start' offset. NB: This calculates the
- * space inclusive of one end-point but not the other. There is an
- * ambiguous case (which is why we use the 
- * coordinate system rather than  one) when 'start'
- * is the same as 'next'. It could indicate the buffer is full or it
- * can indicate the buffer is empty ... I choose the latter as it's
- * easier and usually necessary to check if the buffer is full anyway
- * before doing incremental logic (which is this useful for), but we
- * definitely need the empty case handled - in fact it's our starting
- * state!! */
-static unsigned int shmcb_cyclic_space(
-    unsigned int buf_size,
-    unsigned int start_offset,
-    unsigned int next_offset)
-{
-    /* Is it the trivial case? */
-    if (start_offset <= next_offset)
-        return (next_offset - start_offset);              /* yes */
-    else
-        return ((buf_size - start_offset) + next_offset); /* no */
-}
-
-/* A "normal-to-cyclic" memcpy ... this takes a linear block of
- * memory and copies it onto a cyclic buffer. The purpose and
- * function of this is pretty obvious, you need to cover the case
- * that the destination (cyclic) buffer has to wrap round. */
-static void shmcb_cyclic_ntoc_memcpy(
-    unsigned int buf_size,
-    unsigned char *data,
-    unsigned int dest_offset,
-    unsigned char *src, unsigned int src_len)
-{
-    /* Can it be copied all in one go? */
-    if (dest_offset + src_len < buf_size)
-        /* yes */
-        memcpy(data + dest_offset, src, src_len);
-    else {
-        /* no */
-        memcpy(data + dest_offset, src, buf_size - dest_offset);
-        memcpy(data, src + buf_size - dest_offset,
-               src_len + dest_offset - buf_size);
-    }
-    return;
-}
-
-/* A "cyclic-to-normal" memcpy ... given the last function, this
- * one's purpose is clear, it copies out of a cyclic buffer handling
- * wrapping. */
-static void shmcb_cyclic_cton_memcpy(
-    unsigned int buf_size,
-    unsigned char *dest,
-    unsigned char *data,
-    unsigned int src_offset,
-    unsigned int src_len)
-{
-    /* Can it be copied all in one go? */
-    if (src_offset + src_len < buf_size)
-        /* yes */
-        memcpy(dest, data + src_offset, src_len);
-    else {
-        /* no */
-        memcpy(dest, data + src_offset, buf_size - src_offset);
-        memcpy(dest + buf_size - src_offset, data,
-               src_len + src_offset - buf_size);
-    }
-    return;
-}
-
-/* Here's the cool hack that makes it all work ... by simply
- * making the first collection of bytes *be* our header structure
- * (casting it into the C structure), we have the perfect way to
- * maintain state in a shared-memory session cache from one call
- * (and process) to the next, use the shared memory itself! The
- * original mod_ssl shared-memory session cache uses variables
- * inside the context, but we simply use that for storing the
- * pointer to the shared memory itself. And don't forget, after
- * Apache's initialisation, this "header" is constant/read-only
- * so we can read it outside any locking.
- *  - sometimes I just *love* coding y'know?!  */
-static void shmcb_get_header(void *shm_mem, SHMCBHeader **header)
-{
-    *header = (SHMCBHeader *)shm_mem;
-    return;
-}
-
-/* This is what populates our "interesting" structures. Given a
- * pointer to the header, and an index into the appropriate
- * division (this must have already been masked using the
- * division_mask by the caller!), we can populate the provided
- * SHMCBQueue and SHMCBCache structures with values and
- * pointers to the underlying shared memory. Upon returning
- * (if not FALSE), the caller can meddle with the pointer
- * values and they will map into the shared-memory directly,
- * as such there's no need to "free" or "set" the Queue or
- * Cache values, they were themselves references to the *real*
- * data. */
-static BOOL shmcb_get_division(
-    SHMCBHeader *header, SHMCBQueue *queue,
-    SHMCBCache *cache, unsigned int idx)
-{
-    unsigned char *pQueue;
-    unsigned char *pCache;
-
-    /* bounds check */
-    if (idx > (unsigned int) header->division_mask)
-        return FALSE;
-
-    /* Locate the blocks of memory storing the corresponding data */
-    pQueue = ((unsigned char *) header) + header->division_offset +
-        (idx * header->division_size);
-    pCache = pQueue + header->queue_size;
-
-    /* Populate the structures with appropriate pointers */
-    queue->first_pos = (unsigned int *) pQueue;
-
-    /* Our structures stay packed, no matter what the system's
-     * data-alignment regime is. */
-    queue->pos_count = (unsigned int *) (pQueue + sizeof(unsigned int));
-    queue->indexes = (SHMCBIndex *) (pQueue + (2 * sizeof(unsigned int)));
-    cache->first_pos = (unsigned int *) pCache;
-    cache->pos_count = (unsigned int *) (pCache + sizeof(unsigned int));
-    cache->data = (unsigned char *) (pCache + (2 * sizeof(unsigned int)));
-    queue->header = cache->header = header;
-
-    return TRUE;
-}
-
-/* This returns a pointer to the piece of shared memory containing
- * a specified 'Index'. SHMCBIndex, like SHMCBHeader, is a fixed
- * width non-referencing structure of primitive types that can be
- * cast onto the corresponding block of shared memory. Thus, by
- * returning a cast pointer to that section of shared memory, the
- * caller can read and write values to and from the "structure" and
- * they are actually reading and writing the underlying shared
- * memory. */
-static SHMCBIndex *shmcb_get_index(
-    const SHMCBQueue *queue, unsigned int idx)
-{
-    /* bounds check */
-    if (idx > queue->header->index_num)
-        return NULL;
-
-    /* Return a pointer to the index. NB: I am being horribly pendantic
-     * here so as to avoid any potential data-alignment assumptions being
-     * placed on the pointer arithmetic by the compiler (sigh). */
-    return (SHMCBIndex *)(((unsigned char *) queue->indexes) +
-                          (idx * sizeof(SHMCBIndex)));
-}
-
-/* This functions rolls expired cache (and index) entries off the front
- * of the cyclic buffers in a division. The function returns the number
- * of expired sessions. */
-static unsigned int shmcb_expire_division(
-    server_rec *s, SHMCBQueue *queue, SHMCBCache *cache)
-{
-    SHMCBIndex *idx;
-    time_t now;
-    unsigned int loop, index_num, pos_count, new_pos;
-    SHMCBHeader *header;
-
-    ssl_log(s, SSL_LOG_TRACE, "entering shmcb_expire_division");
-
-    /* We must calculate num and space ourselves based on expiry times. */
-    now = time(NULL);
-    loop = 0;
-    new_pos = shmcb_get_safe_uint(queue->first_pos);
-
-    /* Cache useful values */
-    header = queue->header;
-    index_num = header->index_num;
-    pos_count = shmcb_get_safe_uint(queue->pos_count);
-    while (loop < pos_count) {
-        idx = shmcb_get_index(queue, new_pos);
-        if (shmcb_get_safe_time(&(idx->expires)) > now)
-            /* it hasn't expired yet, we're done iterating */
-            break;
-        /* This one should be expired too. Shift to the next entry. */
-        loop++;
-        new_pos = shmcb_cyclic_increment(index_num, new_pos, 1);
-    }
-
-    /* Find the new_offset and make the expiries happen. */
-    if (loop > 0) {
-        ssl_log(s, SSL_LOG_TRACE, "will be expiring %u sessions", loop);
-        /* We calculate the new_offset by "peeking" (or in the
-         * case it's the last entry, "sneaking" ;-). */
-        if (loop == pos_count) {
-            /* We are expiring everything! This is easy to do... */
-            shmcb_set_safe_uint(queue->pos_count, 0);
-            shmcb_set_safe_uint(cache->pos_count, 0);
-        }
-        else {
-            /* The Queue is easy to adjust */
-            shmcb_set_safe_uint(queue->pos_count,
-                               shmcb_get_safe_uint(queue->pos_count) - loop);
-            shmcb_set_safe_uint(queue->first_pos, new_pos);
-            /* peek to the start of the next session */
-            idx = shmcb_get_index(queue, new_pos);
-            /* We can use shmcb_cyclic_space because we've guaranteed 
-             * we don't fit the ambiguous full/empty case. */
-            shmcb_set_safe_uint(cache->pos_count,
-                               shmcb_get_safe_uint(cache->pos_count) -
-                               shmcb_cyclic_space(header->cache_data_size,
-                                                  shmcb_get_safe_uint(cache->first_pos),
-                                                  shmcb_get_safe_uint(&(idx->offset))));
-            shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
-        }
-        ssl_log(s, SSL_LOG_TRACE, "we now have %u sessions",
-                shmcb_get_safe_uint(queue->pos_count));
-    }
-    header->num_expiries += loop;
-    return loop;
-}
-
-/* Inserts a new encoded session into a queue/cache pair - expiring
- * (early or otherwise) any leading sessions as necessary to ensure
- * there is room. An error return (FALSE) should only happen in the
- * event of surreal values being passed on, or ridiculously small
- * cache sizes. NB: For tracing purposes, this function is also given
- * the server_rec to allow "ssl_log()". */
-static BOOL shmcb_insert_encoded_session(
-    server_rec *s, SHMCBQueue * queue,
-    SHMCBCache * cache,
-    unsigned char *encoded,
-    unsigned int encoded_len,
-    unsigned char *session_id,
-    time_t expiry_time)
-{
-    SHMCBHeader *header;
-    SHMCBIndex *idx = NULL;
-    unsigned int gap, new_pos, loop, new_offset;
-    int need;
-
-    ssl_log(s, SSL_LOG_TRACE, "entering shmcb_insert_encoded_session, "
-            "*queue->pos_count = %u", shmcb_get_safe_uint(queue->pos_count));
-
-    /* If there's entries to expire, ditch them first thing. */
-    shmcb_expire_division(s, queue, cache);
-    header = cache->header;
-    gap = header->cache_data_size - shmcb_get_safe_uint(cache->pos_count);
-    if (gap < encoded_len) {
-        new_pos = shmcb_get_safe_uint(queue->first_pos);
-        loop = 0;
-        need = (int) encoded_len - (int) gap;
-        while ((need > 0) && (loop + 1 < shmcb_get_safe_uint(queue->pos_count))) {
-            new_pos = shmcb_cyclic_increment(header->index_num, new_pos, 1);
-            loop += 1;
-            idx = shmcb_get_index(queue, new_pos);
-            need = (int) encoded_len - (int) gap -
-                shmcb_cyclic_space(header->cache_data_size,
-                                   shmcb_get_safe_uint(cache->first_pos),
-                                   shmcb_get_safe_uint(&(idx->offset)));
-        }
-        if (loop > 0) {
-            ssl_log(s, SSL_LOG_TRACE, "about to scroll %u sessions from %u",
-                    loop, shmcb_get_safe_uint(queue->pos_count));
-            /* We are removing "loop" items from the cache. */
-            shmcb_set_safe_uint(cache->pos_count,
-                                shmcb_get_safe_uint(cache->pos_count) -
-                                shmcb_cyclic_space(header->cache_data_size,
-                                                   shmcb_get_safe_uint(cache->first_pos),
-                                                   shmcb_get_safe_uint(&(idx->offset))));
-            shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
-            shmcb_set_safe_uint(queue->pos_count, shmcb_get_safe_uint(queue->pos_count) - loop);
-            shmcb_set_safe_uint(queue->first_pos, new_pos);
-            ssl_log(s, SSL_LOG_TRACE, "now only have %u sessions",
-                    shmcb_get_safe_uint(queue->pos_count));
-            /* Update the stats!!! */
-            header->num_scrolled += loop;
-        }
-    }
-
-    /* probably unnecessary checks, but I'll leave them until this code
-     * is verified. */
-    if (shmcb_get_safe_uint(cache->pos_count) + encoded_len >
-        header->cache_data_size) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
-                "internal error");
-        return FALSE;
-    }
-    if (shmcb_get_safe_uint(queue->pos_count) == header->index_num) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
-                "internal error");
-        return FALSE;
-    }
-    ssl_log(s, SSL_LOG_TRACE, "we have %u bytes and %u indexes free - "
-            "enough", header->cache_data_size -
-            shmcb_get_safe_uint(cache->pos_count), header->index_num -
-            shmcb_get_safe_uint(queue->pos_count));
-
-
-    /* HERE WE ASSUME THAT THE NEW SESSION SHOULD GO ON THE END! I'M NOT
-     * CHECKING WHETHER IT SHOULD BE GENUINELY "INSERTED" SOMEWHERE.
-     *
-     * We either fix that, or find out at a "higher" (read "mod_ssl")
-     * level whether it is possible to have distinct session caches for
-     * any attempted tomfoolery to do with different session timeouts.
-     * Knowing in advance that we can have a cache-wide constant timeout
-     * would make this stuff *MUCH* more efficient. Mind you, it's very
-     * efficient right now because I'm ignoring this problem!!!
-     */
-
-    /* Increment to the first unused byte */
-    new_offset = shmcb_cyclic_increment(header->cache_data_size,
-                                        shmcb_get_safe_uint(cache->first_pos),
-                                        shmcb_get_safe_uint(cache->pos_count));
-    /* Copy the DER-encoded session into place */
-    shmcb_cyclic_ntoc_memcpy(header->cache_data_size, cache->data,
-                            new_offset, encoded, encoded_len);
-    /* Get the new index that this session is stored in. */
-    new_pos = shmcb_cyclic_increment(header->index_num,
-                                     shmcb_get_safe_uint(queue->first_pos),
-                                     shmcb_get_safe_uint(queue->pos_count));
-    ssl_log(s, SSL_LOG_TRACE, "storing in index %u, at offset %u", new_pos,
-            new_offset);
-    idx = shmcb_get_index(queue, new_pos);
-    if (idx == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
-                "internal error");
-        return FALSE;
-    }
-    shmcb_safe_clear(idx, sizeof(SHMCBIndex));
-    shmcb_set_safe_time(&(idx->expires), expiry_time);
-    shmcb_set_safe_uint(&(idx->offset), new_offset);
-
-    /* idx->removed = (unsigned char)0; */ /* Not needed given the memset above. */
-    idx->s_id2 = session_id[1];
-    ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, idx->s_id2=%u",
-            session_id[0], session_id[1]);
-
-    /* All that remains is to adjust the cache's and queue's "pos_count"s. */
-    shmcb_set_safe_uint(cache->pos_count,
-                       shmcb_get_safe_uint(cache->pos_count) + encoded_len);
-    shmcb_set_safe_uint(queue->pos_count,
-                       shmcb_get_safe_uint(queue->pos_count) + 1);
-
-    /* And just for good debugging measure ... */
-    ssl_log(s, SSL_LOG_TRACE, "leaving now with %u bytes in the cache and "
-            "%u indexes", shmcb_get_safe_uint(cache->pos_count),
-            shmcb_get_safe_uint(queue->pos_count));
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_insert_encoded_session");
-    return TRUE;
-}
-
-/* Performs a lookup into a queue/cache pair for a
- * session_id. If found, the session is deserialised
- * and returned, otherwise NULL. */
-static SSL_SESSION *shmcb_lookup_session_id(
-    server_rec *s, SHMCBQueue *queue,
-    SHMCBCache *cache, UCHAR *id,
-    int idlen)
-{
-    unsigned char tempasn[SSL_SESSION_MAX_DER];
-    SHMCBIndex *idx;
-    SHMCBHeader *header;
-    SSL_SESSION *pSession = NULL;
-    unsigned int curr_pos, loop, count;
-    unsigned char *ptr;
-    time_t now;
-
-    ssl_log(s, SSL_LOG_TRACE, "entering shmcb_lookup_session_id");
-
-    /* If there are entries to expire, ditch them first thing. */
-    shmcb_expire_division(s, queue, cache);
-    now = time(NULL);
-    curr_pos = shmcb_get_safe_uint(queue->first_pos);
-    count = shmcb_get_safe_uint(queue->pos_count);
-    header = queue->header;
-    for (loop = 0; loop < count; loop++) {
-        ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u",
-                loop, count, curr_pos);
-        idx = shmcb_get_index(queue, curr_pos);
-        ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u, offset=%u",
-                idx->s_id2, id[1], shmcb_get_safe_uint(&(idx->offset)));
-        /* Only look into the session further if;
-         * (a) the second byte of the session_id matches,
-         * (b) the "removed" flag isn't set,
-         * (c) the session hasn't expired yet.
-         * We do (c) like this so that it saves us having to
-         * do natural expiries ... naturally expired sessions
-         * scroll off the front anyway when the cache is full and
-         * "rotating", the only real issue that remains is the
-         * removal or disabling of forcibly killed sessions. */
-        if ((idx->s_id2 == id[1]) && !idx->removed &&
-            (shmcb_get_safe_time(&(idx->expires)) > now)) {
-            ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible "
-                    "session match", curr_pos);
-            shmcb_cyclic_cton_memcpy(header->cache_data_size,
-                                     tempasn, cache->data,
-                                     shmcb_get_safe_uint(&(idx->offset)),
-                                     SSL_SESSION_MAX_DER);
-            ptr = tempasn;
-            pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER);
-            if (pSession == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "scach2_lookup_"
-                        "session_id, internal error");
-                return NULL;
-            }
-            if ((pSession->session_id_length == idlen) &&
-                (memcmp(pSession->session_id, id, idlen) == 0)) {
-                ssl_log(s, SSL_LOG_TRACE, "a match!");
-                return pSession;
-            }
-            ssl_log(s, SSL_LOG_TRACE, "not a match");
-            SSL_SESSION_free(pSession);
-            pSession = NULL;
-        }
-        curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
-    }
-    ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found");
-    return NULL;
-}
-
-static BOOL shmcb_remove_session_id(
-    server_rec *s, SHMCBQueue *queue,
-    SHMCBCache *cache, UCHAR *id, int idlen)
-{
-    unsigned char tempasn[SSL_SESSION_MAX_DER];
-    SSL_SESSION *pSession = NULL;
-    SHMCBIndex *idx;
-    SHMCBHeader *header;
-    unsigned int curr_pos, loop, count;
-    unsigned char *ptr;
-    BOOL to_return = FALSE;
-
-    ssl_log(s, SSL_LOG_TRACE, "entering shmcb_remove_session_id");
-
-    /* If there's entries to expire, ditch them first thing. */
-    /* shmcb_expire_division(s, queue, cache); */
-
-    /* Regarding the above ... hmmm ... I know my expiry code is slightly
-     * "faster" than all this remove stuff ... but if the higher level
-     * code calls a "remove" operation (and this *only* seems to happen
-     * when it has spotted an expired session before we had a chance to)
-     * then it should get credit for a remove (stats-wise). Also, in the
-     * off-chance that the server *requests* a renegotiate and wants to
-     * wipe the session clean we should give that priority over our own
-     * routine expiry handling. So I've moved the expiry check to *after*
-     * this general remove stuff. */
-    curr_pos = shmcb_get_safe_uint(queue->first_pos);
-    count = shmcb_get_safe_uint(queue->pos_count);
-    header = cache->header;
-    for (loop = 0; loop < count; loop++) {
-        ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u",
-                loop, count, curr_pos);
-        idx = shmcb_get_index(queue, curr_pos);
-        ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u", idx->s_id2,
-                id[1]);
-        /* Only look into the session further if the second byte of the
-         * session_id matches. */
-        if (idx->s_id2 == id[1]) {
-            ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible "
-                    "session match", curr_pos);
-            shmcb_cyclic_cton_memcpy(header->cache_data_size,
-                                     tempasn, cache->data,
-                                     shmcb_get_safe_uint(&(idx->offset)),
-                                     SSL_SESSION_MAX_DER);
-            ptr = tempasn;
-            pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER);
-            if (pSession == NULL) {
-                ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session_id, "
-                        "internal error");
-                goto end;
-            }
-            if ((pSession->session_id_length == idlen) 
-                 && (memcmp(id, pSession->session_id, idlen) == 0)) {
-                ssl_log(s, SSL_LOG_TRACE, "a match!");
-                /* Scrub out this session "quietly" */
-                idx->removed = (unsigned char) 1;
-                SSL_SESSION_free(pSession);
-                to_return = TRUE;
-                goto end;
-            }
-            ssl_log(s, SSL_LOG_TRACE, "not a match");
-            SSL_SESSION_free(pSession);
-            pSession = NULL;
-        }
-        curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
-    }
-    ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found");
-
-    /* If there's entries to expire, ditch them now. */
-    shmcb_expire_division(s, queue, cache);
-end:
-    ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session_id");
-    return to_return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmht.c b/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmht.c
deleted file mode 100644
index 94a0ad9f0a7..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_scache_shmht.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_scache_shmht.c
-**  Session Cache via Shared Memory (Hash Table Variant)
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-/*
- *  Wrapper functions for table library which resemble malloc(3) & Co 
- *  but use the variants from the MM shared memory library.
- */
-
-static void *ssl_scache_shmht_malloc(size_t size)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return ap_mm_malloc(mc->pSessionCacheDataMM, size);
-}
-
-static void *ssl_scache_shmht_calloc(size_t number, size_t size)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return ap_mm_calloc(mc->pSessionCacheDataMM, number, size);
-}
-
-static void *ssl_scache_shmht_realloc(void *ptr, size_t size)
-{
-    SSLModConfigRec *mc = myModConfig();
-    return ap_mm_realloc(mc->pSessionCacheDataMM, ptr, size);
-}
-
-static void ssl_scache_shmht_free(void *ptr)
-{
-    SSLModConfigRec *mc = myModConfig();
-    ap_mm_free(mc->pSessionCacheDataMM, ptr);
-    return;
-}
-
-/*
- * Now the actual session cache implementation
- * based on a hash table inside a shared memory segment.
- */
-
-void ssl_scache_shmht_init(server_rec *s, pool *p)
-{
-    SSLModConfigRec *mc = myModConfig();
-    AP_MM *mm;
-    table_t *ta;
-    int ta_errno;
-    int avail;
-    int n;
-
-    /*
-     * Create shared memory segment
-     */
-    if (mc->szSessionCacheDataFile == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
-        ssl_die();
-    }
-    if ((mm = ap_mm_create(mc->nSessionCacheDataSize, 
-                           mc->szSessionCacheDataFile)) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR, 
-                "Cannot allocate shared memory: %s", ap_mm_error());
-        ssl_die();
-    }
-    mc->pSessionCacheDataMM = mm;
-
-    /* 
-     * Make sure the childs have access to the underlaying files
-     */
-    ap_mm_permission(mm, SSL_MM_FILE_MODE, ap_user_id, -1);
-
-    /*
-     * Create hash table in shared memory segment
-     */
-    avail = ap_mm_available(mm);
-    n = (avail/2) / 1024;
-    n = n < 10 ? 10 : n;
-    if ((ta = table_alloc(n, &ta_errno, 
-                          ssl_scache_shmht_malloc,  
-                          ssl_scache_shmht_calloc, 
-                          ssl_scache_shmht_realloc, 
-                          ssl_scache_shmht_free    )) == NULL) {
-        ssl_log(s, SSL_LOG_ERROR,
-                "Cannot allocate hash table in shared memory: %s",
-                table_strerror(ta_errno));
-        ssl_die();
-    }
-    table_attr(ta, TABLE_FLAG_AUTO_ADJUST|TABLE_FLAG_ADJUST_DOWN);
-    table_set_data_alignment(ta, sizeof(char *));
-    table_clear(ta);
-    mc->tSessionCacheDataTable = ta;
-
-    /*
-     * Log the done work
-     */
-    ssl_log(s, SSL_LOG_INFO, 
-            "Init: Created hash-table (%d buckets) "
-            "in shared memory (%d bytes) for SSL session cache", n, avail);
-    return;
-}
-
-void ssl_scache_shmht_kill(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    if (mc->pSessionCacheDataMM != NULL) {
-        ap_mm_destroy(mc->pSessionCacheDataMM);
-        mc->pSessionCacheDataMM = NULL;
-    }
-    return;
-}
-
-BOOL ssl_scache_shmht_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SSL_SESSION *sess)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *vp;
-    UCHAR ucaData[SSL_SESSION_MAX_DER];
-    int nData;
-    UCHAR *ucp;
-
-    /* streamline session data */
-    if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
-        return FALSE;
-    ucp = ucaData;
-    i2d_SSL_SESSION(sess, &ucp);
-
-    ssl_mutex_on(s);
-    if (table_insert_kd(mc->tSessionCacheDataTable, 
-                        id, idlen, NULL, sizeof(time_t)+nData,
-                        NULL, &vp, 1) != TABLE_ERROR_NONE) {
-        ssl_mutex_off(s);
-        return FALSE;
-    }
-    memcpy(vp, &expiry, sizeof(time_t));
-    memcpy((char *)vp+sizeof(time_t), ucaData, nData);
-    ssl_mutex_off(s);
-
-    /* allow the regular expiring to occur */
-    ssl_scache_shmht_expire(s);
-
-    return TRUE;
-}
-
-SSL_SESSION *ssl_scache_shmht_retrieve(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *vp;
-    SSL_SESSION *sess = NULL;
-    UCHAR *ucpData;
-    int nData;
-    time_t expiry;
-    time_t now;
-    int n;
-
-    /* allow the regular expiring to occur */
-    ssl_scache_shmht_expire(s);
-
-    /* lookup key in table */
-    ssl_mutex_on(s);
-    if (table_retrieve(mc->tSessionCacheDataTable,
-                       id, idlen, &vp, &n) != TABLE_ERROR_NONE) {
-        ssl_mutex_off(s);
-        return NULL;
-    }
-
-    /* copy over the information to the SCI */
-    nData = n-sizeof(time_t);
-    ucpData = (UCHAR *)malloc(nData);
-    if (ucpData == NULL) {
-        ssl_mutex_off(s);
-        return NULL;
-    }
-    memcpy(&expiry, vp, sizeof(time_t));
-    memcpy(ucpData, (char *)vp+sizeof(time_t), nData);
-    ssl_mutex_off(s);
-
-    /* make sure the stuff is still not expired */
-    now = time(NULL);
-    if (expiry <= now) {
-        ssl_scache_shmht_remove(s, id, idlen);
-        return NULL;
-    }
-
-    /* unstreamed SSL_SESSION */
-    sess = d2i_SSL_SESSION(NULL, &ucpData, nData);
-
-    return sess;
-}
-
-void ssl_scache_shmht_remove(server_rec *s, UCHAR *id, int idlen)
-{
-    SSLModConfigRec *mc = myModConfig();
-
-    /* remove value under key in table */
-    ssl_mutex_on(s);
-    table_delete(mc->tSessionCacheDataTable, id, idlen, NULL, NULL);
-    ssl_mutex_off(s);
-    return;
-}
-
-void ssl_scache_shmht_expire(server_rec *s)
-{
-    SSLModConfigRec *mc = myModConfig();
-    SSLSrvConfigRec *sc = mySrvConfig(s);
-    static time_t tLast = 0;
-    table_linear_t iterator;
-    time_t tExpiresAt;
-    void *vpKey;
-    void *vpKeyThis;
-    void *vpData;
-    int nKey;
-    int nKeyThis;
-    int nData;
-    int nElements = 0;
-    int nDeleted = 0;
-    int bDelete;
-    int rc;
-    time_t tNow;
-
-    /*
-     * make sure the expiration for still not-accessed session
-     * cache entries is done only from time to time
-     */
-    tNow = time(NULL);
-    if (tNow < tLast+sc->nSessionCacheTimeout)
-        return;
-    tLast = tNow;
-
-    ssl_mutex_on(s);
-    if (table_first_r(mc->tSessionCacheDataTable, &iterator,
-                      &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE) {
-        do {
-            bDelete = FALSE;
-            nElements++;
-            if (nData < sizeof(time_t) || vpData == NULL)
-                bDelete = TRUE;
-            else {
-                memcpy(&tExpiresAt, vpData, sizeof(time_t));
-                if (tExpiresAt <= tNow)
-                   bDelete = TRUE;
-            }
-            vpKeyThis = vpKey;
-            nKeyThis  = nKey;
-            rc = table_next_r(mc->tSessionCacheDataTable, &iterator,
-                              &vpKey, &nKey, &vpData, &nData);
-            if (bDelete) {
-                table_delete(mc->tSessionCacheDataTable,
-                             vpKeyThis, nKeyThis, NULL, NULL);
-                nDeleted++;
-            }
-        } while (rc == TABLE_ERROR_NONE);
-    }
-    ssl_mutex_off(s);
-    ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (SHMHT) Expiry: "
-            "old: %d, new: %d, removed: %d", nElements, nElements-nDeleted, nDeleted);
-    return;
-}
-
-void ssl_scache_shmht_status(server_rec *s, pool *p, void (*func)(char *, void *), void *arg)
-{
-    SSLModConfigRec *mc = myModConfig();
-    void *vpKey;
-    void *vpData;
-    int nKey;
-    int nData;
-    int nElem;
-    int nSize;
-    int nAverage;
-
-    nElem = 0;
-    nSize = 0;
-    ssl_mutex_on(s);
-    if (table_first(mc->tSessionCacheDataTable,
-                    &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE) {
-        do {
-            if (vpKey == NULL || vpData == NULL)
-                continue;
-            nElem += 1;
-            nSize += nData;
-        } while (table_next(mc->tSessionCacheDataTable,
-                            &vpKey, &nKey, &vpData, &nData) == TABLE_ERROR_NONE);
-    }
-    ssl_mutex_off(s);
-    if (nSize > 0 && nElem > 0)
-        nAverage = nSize / nElem;
-    else
-        nAverage = 0;
-    func(ap_psprintf(p, "cache type: SHMHT, maximum size: %d bytes
    ", mc->nSessionCacheDataSize), arg);
-    func(ap_psprintf(p, "current sessions: %d, current size: %d bytes
    ", nElem, nSize), arg);
-    func(ap_psprintf(p, "average session size: %d bytes
    ", nAverage), arg);
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util.c b/usr.sbin/httpd/src/modules/ssl/ssl_util.c
deleted file mode 100644
index e23e3703c9e..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util.c
-**  Utility Functions
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/* ====================================================================
- * Copyright (c) 1995-1999 Ben Laurie. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * 4. The name "Apache-SSL Server" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission.
- *
- * 5. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by Ben Laurie
- *    for use in the Apache-SSL HTTP server project."
- *
- * THIS SOFTWARE IS PROVIDED BY BEN LAURIE ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BEN LAURIE OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-                             /* ``Every day of my life
-                                  I am forced to add another
-                                  name to the list of people
-                                  who piss me off!''
-                                            -- Calvin          */
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Utility Functions
-**  _________________________________________________________________
-*/
-
-char *ssl_util_server_root_relative(pool *p, char *what, char *arg)
-{
-    char *rv = NULL;
-
-#ifdef SSL_VENDOR
-    ap_hook_use("ap::mod_ssl::vendor::ssl_server_root_relative",
-                AP_HOOK_SIG4(ptr,ptr,ptr,ptr), AP_HOOK_ALL, &rv, p, what, arg);
-    if (rv != NULL)
-        return rv;
-#endif
-    rv = ap_server_root_relative(p, arg);
-    return rv;
-}
-
-char *ssl_util_vhostid(pool *p, server_rec *s)
-{
-    char *id;
-    SSLSrvConfigRec *sc;
-    char *host;
-    unsigned int port;
-
-    host = s->server_hostname;
-    if (s->port != 0)
-        port = s->port;
-    else {
-        sc = mySrvConfig(s);
-        if (sc->bEnabled)
-            port = DEFAULT_HTTPS_PORT;
-        else
-            port = DEFAULT_HTTP_PORT;
-    }
-    id = ap_psprintf(p, "%s:%u", host, port);
-    return id;
-}
-
-FILE *ssl_util_ppopen(server_rec *s, pool *p, char *cmd)
-{
-    FILE *fpout;
-    int rc;
-
-    fpout = NULL;
-    rc = ap_spawn_child(p, ssl_util_ppopen_child,
-                        (void *)cmd, kill_after_timeout,
-                        NULL, &fpout, NULL);
-    if (rc == 0 || fpout == NULL) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "ssl_util_ppopen: could not run: %s", cmd);
-        return NULL;
-    }
-    return (fpout);
-}
-
-int ssl_util_ppopen_child(void *cmd, child_info *pinfo)
-{
-    int child_pid = 1;
-
-    /*
-     * Prepare for exec
-     */
-    ap_cleanup_for_exec();
-    signal(SIGHUP, SIG_IGN);
-
-    /*
-     * Exec() the child program
-     */
-    /* Standard Unix */
-    execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, (char *)NULL);
-    return (child_pid);
-}
-
-void ssl_util_ppclose(server_rec *s, pool *p, FILE *fp)
-{
-    ap_pfclose(p, fp);
-    return;
-}
-
-/*
- * Run a filter program and read the first line of its stdout output
- */
-char *ssl_util_readfilter(server_rec *s, pool *p, char *cmd)
-{
-    static char buf[MAX_STRING_LEN];
-    FILE *fp;
-    char c;
-    int k;
-
-    if ((fp = ssl_util_ppopen(s, p, cmd)) == NULL)
-        return NULL;
-    for (k = 0;    read(fileno(fp), &c, 1) == 1
-                && (k < MAX_STRING_LEN-1)       ; ) {
-        if (c == '\n' || c == '\r')
-            break;
-        buf[k++] = c;
-    }
-    buf[k] = NUL;
-    ssl_util_ppclose(s, p, fp);
-
-    return buf;
-}
-
-BOOL ssl_util_path_check(ssl_pathcheck_t pcm, char *path)
-{
-    struct stat sb;
-
-    if (path == NULL)
-        return FALSE;
-    if (pcm & SSL_PCM_EXISTS && stat(path, &sb) != 0)
-        return FALSE;
-    if (pcm & SSL_PCM_ISREG && !S_ISREG(sb.st_mode))
-        return FALSE;
-    if (pcm & SSL_PCM_ISDIR && !S_ISDIR(sb.st_mode))
-        return FALSE;
-    if (pcm & SSL_PCM_ISNONZERO && sb.st_mode <= 0)
-        return FALSE;
-    return TRUE;
-}
-
-ssl_algo_t ssl_util_algotypeof(X509 *pCert, EVP_PKEY *pKey) 
-{
-    ssl_algo_t t;
-            
-    t = SSL_ALGO_UNKNOWN;
-    if (pCert != NULL)
-        pKey = X509_get_pubkey(pCert);
-    if (pKey != NULL) {
-        switch (EVP_PKEY_type(pKey->type)) {
-            case EVP_PKEY_RSA: 
-                t = SSL_ALGO_RSA;
-                break;
-            case EVP_PKEY_DSA: 
-                t = SSL_ALGO_DSA;
-                break;
-            default:
-                break;
-        }
-    }
-    return t;
-}
-
-char *ssl_util_algotypestr(ssl_algo_t t) 
-{
-    char *cp;
-
-    cp = "UNKNOWN";
-    switch (t) {
-        case SSL_ALGO_RSA: 
-            cp = "RSA";
-            break;
-        case SSL_ALGO_DSA: 
-            cp = "DSA";
-            break;
-        default:
-            break;
-    }
-    return cp;
-}
-
-char *ssl_util_ptxtsub(
-    pool *p, const char *cpLine, const char *cpMatch, char *cpSubst)
-{
-#define MAX_PTXTSUB 100
-    char *cppMatch[MAX_PTXTSUB + 1];
-    char *cpResult;
-    int nResult;
-    int nLine;
-    int nSubst;
-    int nMatch;
-    char *cpI;
-    char *cpO;
-    char *cp;
-    int i;
-
-    /*
-     * Pass 1: find substitution locations and calculate sizes
-     */
-    nLine  = strlen(cpLine);
-    nMatch = strlen(cpMatch);
-    nSubst = strlen(cpSubst);
-    for (cpI = (char *)cpLine, i = 0, nResult = 0;
-         cpI < cpLine+nLine && i < MAX_PTXTSUB;    ) {
-        if ((cp = strstr(cpI, cpMatch)) != NULL) {
-            cppMatch[i++] = cp;
-            nResult += ((cp-cpI)+nSubst);
-            cpI = (cp+nMatch);
-        }
-        else {
-            nResult += strlen(cpI);
-            break;
-        }
-    }
-    cppMatch[i] = NULL;
-    if (i == 0)
-        return NULL;
-
-    /*
-     * Pass 2: allocate memory and assemble result
-     */
-    cpResult = ap_pcalloc(p, nResult+1);
-    for (cpI = (char *)cpLine, cpO = cpResult, i = 0; cppMatch[i] != NULL; i++) {
-        ap_cpystrn(cpO, cpI, cppMatch[i]-cpI+1);
-        cpO += (cppMatch[i]-cpI);
-        ap_cpystrn(cpO, cpSubst, nSubst+1);
-        cpO += nSubst;
-        cpI = (cppMatch[i]+nMatch);
-    }
-    ap_cpystrn(cpO, cpI, cpResult+nResult-cpO+1);
-
-    return cpResult;
-}
-
-/*  _________________________________________________________________
-**
-**  Special Functions for Win32/OpenSSL
-**  _________________________________________________________________
-*/
-
-void ssl_util_thread_setup(void)
-{
-    return;
-}
-
-void ssl_util_thread_cleanup(void)
-{
-    return;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.c b/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.c
deleted file mode 100644
index 441a46babf1..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.c
+++ /dev/null
@@ -1,511 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util_ssl.c
-**  Additional Utility Functions for OpenSSL
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
-  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "mod_ssl.h"
-
-
-/*  _________________________________________________________________
-**
-**  Additional High-Level Functions for OpenSSL
-**  _________________________________________________________________
-*/
-
-int SSL_get_app_data2_idx(void)
-{
-   static int app_data2_idx = -1;
-
-   if (app_data2_idx < 0) {
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-      app_data2_idx = SSL_get_ex_new_index(0,
-           "Second Application Data for SSL", NULL, NULL, NULL);
-   }
-   return(app_data2_idx);
-}
-
-void *SSL_get_app_data2(SSL *ssl)
-{
-    return (void *)SSL_get_ex_data(ssl, SSL_get_app_data2_idx());
-}
-
-void SSL_set_app_data2(SSL *ssl, void *arg)
-{
-    SSL_set_ex_data(ssl, SSL_get_app_data2_idx(), (char *)arg);
-    return;
-}
-
-/*  _________________________________________________________________
-**
-**  High-Level Certificate / Private Key Loading
-**  _________________________________________________________________
-*/
-
-X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)())
-{
-    X509 *rc;
-    BIO *bioS;
-    BIO *bioF;
-
-    /* 1. try PEM (= DER+Base64+headers) */
-    rc = PEM_read_X509(fp, x509, cb, NULL);
-    if (rc == NULL) {
-        /* 2. try DER+Base64 */
-        fseek(fp, 0L, SEEK_SET);
-        if ((bioS = BIO_new(BIO_s_fd())) == NULL)
-            return NULL;
-        BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
-        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
-            BIO_free(bioS);
-            return NULL;
-        }
-        bioS = BIO_push(bioF, bioS);
-        rc = d2i_X509_bio(bioS, NULL);
-        BIO_free_all(bioS);
-        if (rc == NULL) {
-            /* 3. try plain DER */
-            fseek(fp, 0L, SEEK_SET);
-            if ((bioS = BIO_new(BIO_s_fd())) == NULL)
-                return NULL;
-            BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
-            rc = d2i_X509_bio(bioS, NULL);
-            BIO_free(bioS);
-        }
-    }
-    if (rc != NULL && x509 != NULL) {
-        if (*x509 != NULL)
-            X509_free(*x509);
-        *x509 = rc;
-    }
-    return rc;
-}
-
-EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)())
-{
-    EVP_PKEY *rc;
-    BIO *bioS;
-    BIO *bioF;
-
-    /* 1. try PEM (= DER+Base64+headers) */
-    rc = PEM_read_PrivateKey(fp, key, cb, NULL);
-    if (rc == NULL) {
-        /* 2. try DER+Base64 */
-        fseek(fp, 0L, SEEK_SET);
-        if ((bioS = BIO_new(BIO_s_fd())) == NULL)
-            return NULL;
-        BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
-        if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
-            BIO_free(bioS);
-            return NULL;
-        }
-        bioS = BIO_push(bioF, bioS);
-        rc = d2i_PrivateKey_bio(bioS, NULL);
-        BIO_free_all(bioS);
-        if (rc == NULL) {
-            /* 3. try plain DER */
-            fseek(fp, 0L, SEEK_SET);
-            if ((bioS = BIO_new(BIO_s_fd())) == NULL)
-                return NULL;
-            BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
-            rc = d2i_PrivateKey_bio(bioS, NULL);
-            BIO_free(bioS);
-        }
-    }
-    if (rc != NULL && key != NULL) {
-        if (*key != NULL)
-            EVP_PKEY_free(*key);
-        *key = rc;
-    }
-    return rc;
-}
-
-/*  _________________________________________________________________
-**
-**  Smart shutdown
-**  _________________________________________________________________
-*/
-
-int SSL_smart_shutdown(SSL *ssl)
-{
-    int i;
-    int rc;
-
-    /*
-     * Repeat the calls, because SSL_shutdown internally dispatches through a
-     * little state machine. Usually only one or two interation should be
-     * needed, so we restrict the total number of restrictions in order to
-     * avoid process hangs in case the client played bad with the socket
-     * connection and OpenSSL cannot recognize it.
-     */
-    rc = 0;
-    for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) {
-        if ((rc = SSL_shutdown(ssl)))
-            break;
-    }
-    return rc;
-}
-
-/*  _________________________________________________________________
-**
-**  Certificate Revocation List (CRL) Storage
-**  _________________________________________________________________
-*/
-
-X509_STORE *SSL_X509_STORE_create(char *cpFile, char *cpPath)
-{
-    X509_STORE *pStore;
-    X509_LOOKUP *pLookup;
-
-    if (cpFile == NULL && cpPath == NULL)
-        return NULL;
-    if ((pStore = X509_STORE_new()) == NULL)
-        return NULL;
-    if (cpFile != NULL) {
-        if ((pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_file())) == NULL) {
-            X509_STORE_free(pStore);
-            return NULL;
-        }
-        X509_LOOKUP_load_file(pLookup, cpFile, X509_FILETYPE_PEM);
-    }
-    if (cpPath != NULL) {
-        if ((pLookup = X509_STORE_add_lookup(pStore, X509_LOOKUP_hash_dir())) == NULL) {
-            X509_STORE_free(pStore);
-            return NULL;
-        }
-        X509_LOOKUP_add_dir(pLookup, cpPath, X509_FILETYPE_PEM);
-    }
-    return pStore;
-}
-
-int SSL_X509_STORE_lookup(X509_STORE *pStore, int nType,
-                          X509_NAME *pName, X509_OBJECT *pObj)
-{
-    X509_STORE_CTX pStoreCtx;
-    int rc;
-
-    X509_STORE_CTX_init(&pStoreCtx, pStore, NULL, NULL);
-    rc = X509_STORE_get_by_subject(&pStoreCtx, nType, pName, pObj);
-    X509_STORE_CTX_cleanup(&pStoreCtx);
-    return rc;
-}
-
-/*  _________________________________________________________________
-**
-**  Cipher Suite Spec String Creation
-**  _________________________________________________________________
-*/
-
-char *SSL_make_ciphersuite(pool *p, SSL *ssl)
-{
-    STACK_OF(SSL_CIPHER) *sk;
-    SSL_CIPHER *c;
-    int i;
-    int l;
-    char *cpCipherSuite;
-    char *cp;
-
-    if (ssl == NULL) 
-        return "";
-    if ((sk = SSL_get_ciphers(ssl)) == NULL)
-        return "";
-    l = 0;
-    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-        c = sk_SSL_CIPHER_value(sk, i);
-        l += strlen(c->name)+2+1;
-    }
-    if (l == 0)
-        return "";
-    cpCipherSuite = (char *)ap_palloc(p, l+1);
-    cp = cpCipherSuite;
-    for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
-        c = sk_SSL_CIPHER_value(sk, i);
-        l = strlen(c->name);
-        memcpy(cp, c->name, l);
-        cp += l;
-        *cp++ = '/';
-        *cp++ = (c->valid == 1 ? '1' : '0');
-        *cp++ = ':';
-    }
-    *(cp-1) = NUL;
-    return cpCipherSuite;
-}
-
-/*  _________________________________________________________________
-**
-**  Certificate Checks
-**  _________________________________________________________________
-*/
-
-/* check whether cert contains extended key usage with a SGC tag */
-BOOL SSL_X509_isSGC(X509 *cert)
-{
-    X509_EXTENSION *ext;
-    int ext_nid;
-    STACK_OF(ASN1_OBJECT) *sk;
-    BOOL is_sgc;
-    int idx;
-    int i;
-    
-    is_sgc = FALSE;
-    idx = X509_get_ext_by_NID(cert, NID_ext_key_usage, -1);
-    if (idx >= 0) {
-        ext = X509_get_ext(cert, idx);
-        if ((sk = (STACK_OF(ASN1_OBJECT)*) X509V3_EXT_d2i(ext)) != NULL) {
-            for (i = 0; i < sk_ASN1_OBJECT_num(sk); i++) {
-                ext_nid = OBJ_obj2nid(sk_ASN1_OBJECT_value(sk, i));
-                if (ext_nid == NID_ms_sgc || ext_nid == NID_ns_sgc) {
-                    is_sgc = TRUE;
-                    break;
-                }
-            }
-        }
-    }
-    return is_sgc;
-}
-
-/* retrieve basic constraints ingredients */
-BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen)
-{
-    X509_EXTENSION *ext;
-    BASIC_CONSTRAINTS *bc;
-    int idx;
-    BIGNUM *bn = NULL;
-    char *cp;
-    
-    if ((idx = X509_get_ext_by_NID(cert, NID_basic_constraints, -1)) < 0)
-        return FALSE;
-    ext = X509_get_ext(cert, idx);
-    if (ext == NULL)
-        return FALSE;
-    if ((bc = (BASIC_CONSTRAINTS *)X509V3_EXT_d2i(ext)) == NULL)
-        return FALSE;
-    *ca = bc->ca;
-    *pathlen = -1 /* unlimited */;
-    if (bc->pathlen != NULL) {
-        if ((bn = ASN1_INTEGER_to_BN(bc->pathlen, NULL)) == NULL)
-            return FALSE;
-        if ((cp = BN_bn2dec(bn)) == NULL)
-            return FALSE;
-        *pathlen = atoi(cp);
-        OPENSSL_free(cp);
-        BN_free(bn);
-    }
-    BASIC_CONSTRAINTS_free(bc);
-    return TRUE;
-}
-
-/* retrieve subject CommonName of certificate */
-BOOL SSL_X509_getCN(pool *p, X509 *xs, char **cppCN)
-{
-    X509_NAME *xsn;
-    X509_NAME_ENTRY *xsne;
-    int i, nid;
-
-    xsn = X509_get_subject_name(xs);
-    for (i = 0; i < sk_X509_NAME_ENTRY_num(xsn->entries); i++) {
-        xsne = sk_X509_NAME_ENTRY_value(xsn->entries, i);
-        nid = OBJ_obj2nid(xsne->object);
-        if (nid == NID_commonName) {
-            *cppCN = ap_palloc(p, xsne->value->length+1);
-            ap_cpystrn(*cppCN, (char *)xsne->value->data, xsne->value->length+1);
-            (*cppCN)[xsne->value->length] = NUL;
-            return TRUE;
-        }
-    }
-    return FALSE;
-}
-
-/*  _________________________________________________________________
-**
-**  Low-Level CA Certificate Loading
-**  _________________________________________________________________
-*/
-
-#ifdef SSL_EXPERIMENTAL_PROXY
-
-BOOL SSL_load_CrtAndKeyInfo_file(pool *p, STACK_OF(X509_INFO) *sk, char *filename)
-{
-    BIO *in;
-
-    if ((in = BIO_new(BIO_s_file())) == NULL)
-        return FALSE;
-    if (BIO_read_filename(in, filename) <= 0) {
-        BIO_free(in);
-        return FALSE;
-    }
-    ERR_clear_error();
-    PEM_X509_INFO_read_bio(in, sk, NULL, NULL);
-    BIO_free(in);
-    return TRUE;
-}
-
-BOOL SSL_load_CrtAndKeyInfo_path(pool *p, STACK_OF(X509_INFO) *sk, char *pathname)
-{
-    struct stat st;
-    DIR *dir;
-    pool *sp;
-    struct dirent *nextent;
-    char *fullname;
-    BOOL ok;
-
-    sp = ap_make_sub_pool(p);
-    if ((dir = ap_popendir(sp, pathname)) == NULL) {
-        ap_destroy_pool(sp);
-        return FALSE;
-    }
-    ok = FALSE;
-    while ((nextent = readdir(dir)) != NULL) {
-        fullname = ap_pstrcat(sp, pathname, "/", nextent->d_name, NULL);
-        if (stat(fullname, &st) != 0)
-            continue;
-        if (!S_ISREG(st.st_mode))
-            continue;
-        if (SSL_load_CrtAndKeyInfo_file(sp, sk, fullname))
-            ok = TRUE;
-    }
-    ap_pclosedir(p, dir);
-    ap_destroy_pool(sp);
-    return ok;
-}              
-
-#endif /* SSL_EXPERIMENTAL_PROXY */
-
-/*  _________________________________________________________________
-**
-**  Extra Server Certificate Chain Support
-**  _________________________________________________________________
-*/
-
-/* 
- * Read a file that optionally contains the server certificate in PEM
- * format, possibly followed by a sequence of CA certificates that
- * should be sent to the peer in the SSL Certificate message.
- */
-int SSL_CTX_use_certificate_chain(
-    SSL_CTX *ctx, char *file, int skipfirst, int (*cb)())
-{
-    BIO *bio;
-    X509 *x509;
-    unsigned long err;
-    int n;
-
-    if ((bio = BIO_new(BIO_s_file_internal())) == NULL)
-        return -1;
-    if (BIO_read_filename(bio, file) <= 0) {
-        BIO_free(bio);
-        return -1;
-    }
-    /* optionally skip a leading server certificate */
-    if (skipfirst) {
-        if ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) == NULL) {
-            BIO_free(bio);
-            return -1;
-        }
-        X509_free(x509);
-    }
-    /* free a perhaps already configured extra chain */
-    if (ctx->extra_certs != NULL) {
-        sk_X509_pop_free(ctx->extra_certs, X509_free);
-        ctx->extra_certs = NULL;
-    }
-    /* create new extra chain by loading the certs */
-    n = 0;
-    while ((x509 = PEM_read_bio_X509(bio, NULL, cb, NULL)) != NULL) {
-        if (!SSL_CTX_add_extra_chain_cert(ctx, x509)) { 
-            X509_free(x509);
-            BIO_free(bio);
-            return -1;
-        }
-        n++;
-    }
-    /* Make sure that only the error is just an EOF */
-    if ((err = ERR_peek_error()) > 0) {
-        if (!(   ERR_GET_LIB(err) == ERR_LIB_PEM 
-              && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
-            BIO_free(bio);
-            return -1;
-        }
-        while (ERR_get_error() > 0) ;
-    }
-    BIO_free(bio);
-    return n;
-}
-
-/*  _________________________________________________________________
-**
-**  Session Stuff
-**  _________________________________________________________________
-*/
-
-char *SSL_SESSION_id2sz(unsigned char *id, int idlen)
-{
-    static char str[(SSL_MAX_SSL_SESSION_ID_LENGTH+1)*2];
-    char *cp;
-    int n;
-
-    cp = str;
-    for (n = 0; n < idlen && n < SSL_MAX_SSL_SESSION_ID_LENGTH; n++) {
-        ap_snprintf(cp, sizeof(str)-(cp-str), "%02X", id[n]);
-        cp += strlen(cp);
-    }
-    *cp = NUL;
-    return str;
-}
-
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.h b/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.h
deleted file mode 100644
index 56c9a044186..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util_ssl.h
+++ /dev/null
@@ -1,122 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util_ssl.h
-**  Additional Utility Functions for OpenSSL
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#ifndef SSL_UTIL_SSL_H
-#define SSL_UTIL_SSL_H
-
-/*
- * Determine SSL library version number
- */
-#ifdef OPENSSL_VERSION_NUMBER
-#define SSL_LIBRARY_VERSION OPENSSL_VERSION_NUMBER
-#define SSL_LIBRARY_NAME    "OpenSSL"
-#define SSL_LIBRARY_TEXT    OPENSSL_VERSION_TEXT
-#else
-#define SSL_LIBRARY_VERSION 0x0000
-#define SSL_LIBRARY_NAME    "OtherSSL"
-#define SSL_LIBRARY_TEXT    "OtherSSL 0.0.0 00 XXX 0000"
-#endif
-
-/*
- * Support for retrieving/overriding states
- */
-#ifndef SSL_get_state
-#define SSL_get_state(ssl) SSL_state(ssl)
-#endif
-#define SSL_set_state(ssl,val) (ssl)->state = val
-
-/*
- * Backward compatibility.
- */
-#if SSL_LIBRARY_VERSION < 0x00906100
-#define OPENSSL_free free
-#endif
-
-/*
- *  Maximum length of a DER encoded session.
- *  FIXME: There is no define in OpenSSL, but OpenSSL uses 1024*10,
- *         so this value should be ok. Although we have no warm feeling.
- */
-#define SSL_SESSION_MAX_DER 1024*10
-
-/*  
- *  Additional Functions
- */
-int         SSL_get_app_data2_idx(void);
-void       *SSL_get_app_data2(SSL *);
-void        SSL_set_app_data2(SSL *, void *);
-X509       *SSL_read_X509(FILE *, X509 **, int (*)());
-EVP_PKEY   *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int (*)());
-int         SSL_smart_shutdown(SSL *ssl);
-X509_STORE *SSL_X509_STORE_create(char *, char *);
-int         SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);
-char       *SSL_make_ciphersuite(pool *, SSL *);
-BOOL        SSL_X509_isSGC(X509 *);
-BOOL        SSL_X509_getBC(X509 *, int *, int *);
-BOOL        SSL_X509_getCN(pool *, X509 *, char **);
-#ifdef SSL_EXPERIMENTAL_PROXY
-BOOL        SSL_load_CrtAndKeyInfo_file(pool *, STACK_OF(X509_INFO) *, char *);
-BOOL        SSL_load_CrtAndKeyInfo_path(pool *, STACK_OF(X509_INFO) *, char *);
-#endif /* SSL_EXPERIMENTAL_PROXY */
-int         SSL_CTX_use_certificate_chain(SSL_CTX *, char *, int, int (*)());
-char       *SSL_SESSION_id2sz(unsigned char *, int);
-
-#endif /* SSL_UTIL_SSL_H */
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util_table.c b/usr.sbin/httpd/src/modules/ssl/ssl_util_table.c
deleted file mode 100644
index a9090bf47e9..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util_table.c
+++ /dev/null
@@ -1,2864 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util_table.c
-**  High Performance Hash Table Functions
-*/
-
-/* ====================================================================
- * Copyright (c) 1999-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/*
- * Generic hash table handler
- * Table 4.1.0 July-28-1998
- *
- * This library is a generic open hash table with buckets and
- * linked lists.  It is pretty high performance.  Each element
- * has a key and a data.  The user indexes on the key to find the
- * data.
- *
- * Copyright 1998 by Gray Watson 
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose and without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies,
- * and that the name of Gray Watson not be used in advertising or
- * publicity pertaining to distribution of the document or software
- * without specific, written prior permission.
- *
- * Gray Watson makes no representations about the suitability of the
- * software described herein for any purpose.  It is provided "as is"
- * without express or implied warranty.
- *
- * Modified in March 1999 by Ralf S. Engelschall 
- * for use in the mod_ssl project:
- *   o merged table_loc.h header into table.c
- *   o removed fillproto-comments from table.h
- *   o removed mmap() support because it's too unportable
- *   o added support for MM library via ta_{malloc,calloc,realloc,free}
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-
-/* forward definitions for table.h */
-typedef struct table_st table_t;
-typedef struct table_entry_st table_entry_t;
-
-#define TABLE_PRIVATE
-#include "ssl_util_table.h"
-
-/****************************** local defines ******************************/
-
-#ifndef BITSPERBYTE
-#define BITSPERBYTE     8
-#endif
-#ifndef BITS
-#define BITS(type)      (BITSPERBYTE * (int)sizeof(type))
-#endif
-
-#define TABLE_MAGIC     0xBADF00D       /* very magic magicness */
-#define LINEAR_MAGIC    0xAD00D00       /* magic value for linear struct */
-#define DEFAULT_SIZE    1024    /* default table size */
-#define MAX_ALIGNMENT   128     /* max alignment value */
-#define MAX_SORT_SPLITS 128     /* qsort can handle 2^128 entries */
-
-/* returns 1 when we should grow or shrink the table */
-#define SHOULD_TABLE_GROW(tab)  ((tab)->ta_entry_n > (tab)->ta_bucket_n * 2)
-#define SHOULD_TABLE_SHRINK(tab) ((tab)->ta_entry_n < (tab)->ta_bucket_n / 2)
-
-/*
- * void HASH_MIX
- *
- * DESCRIPTION:
- *
- * Mix 3 32-bit values reversibly.  For every delta with one or two bits
- * set, and the deltas of all three high bits or all three low bits,
- * whether the original value of a,b,c is almost all zero or is
- * uniformly distributed.
- *
- * If HASH_MIX() is run forward or backward, at least 32 bits in a,b,c
- * have at least 1/4 probability of changing.  If mix() is run
- * forward, every bit of c will change between 1/3 and 2/3 of the
- * time.  (Well, 22/100 and 78/100 for some 2-bit deltas.)
- *
- * HASH_MIX() takes 36 machine instructions, but only 18 cycles on a
- * superscalar machine (like a Pentium or a Sparc).  No faster mixer
- * seems to work, that's the result of my brute-force search.  There
- * were about 2^68 hashes to choose from.  I only tested about a
- * billion of those.
- */
-#define HASH_MIX(a, b, c) \
- do { \
-   a -= b; a -= c; a ^= (c >> 13); \
-   b -= c; b -= a; b ^= (a << 8); \
-   c -= a; c -= b; c ^= (b >> 13); \
-   a -= b; a -= c; a ^= (c >> 12); \
-   b -= c; b -= a; b ^= (a << 16); \
-   c -= a; c -= b; c ^= (b >> 5); \
-   a -= b; a -= c; a ^= (c >> 3); \
-   b -= c; b -= a; b ^= (a << 10); \
-   c -= a; c -= b; c ^= (b >> 15); \
- } while(0)
-
-#define TABLE_POINTER(table, type, pnt)         (pnt)
-
-/*
- * Macros to get at the key and the data pointers
- */
-#define ENTRY_KEY_BUF(entry_p)          ((entry_p)->te_key_buf)
-#define ENTRY_DATA_BUF(tab_p, entry_p)  \
-     (ENTRY_KEY_BUF(entry_p) + (entry_p)->te_key_size)
-
-/*
- * Table structures...
- */
-
-/*
- * HACK: this should be equiv as the table_entry_t without the key_buf
- * char.  We use this with the ENTRY_SIZE() macro above which solves
- * the problem with the lack of the [0] GNU hack.  We use the
- * table_entry_t structure to better map the memory and make things
- * faster.
- */
-typedef struct table_shell_st {
-    unsigned int te_key_size;   /* size of data */
-    unsigned int te_data_size;  /* size of data */
-    struct table_shell_st *te_next_p;   /* pointer to next in the list */
-    /* NOTE: this does not have the te_key_buf field here */
-} table_shell_t;
-
-/*
- * Elements in the bucket linked-lists.  The key[1] is the start of
- * the key with the rest of the key and all of the data information
- * packed in memory directly after the end of this structure.
- *
- * NOTE: if this structure is changed, the table_shell_t must be changed
- * to match.
- */
-struct table_entry_st {
-    unsigned int te_key_size;   /* size of data */
-    unsigned int te_data_size;  /* size of data */
-    struct table_entry_st *te_next_p;   /* pointer to next in the list */
-    unsigned char te_key_buf[1];        /* 1st byte of key buf */
-};
-
-/* external structure for debuggers be able to see void */
-typedef table_entry_t table_entry_ext_t;
-
-/* main table structure */
-struct table_st {
-    unsigned int ta_magic;      /* magic number */
-    unsigned int ta_flags;      /* table's flags defined in table.h */
-    unsigned int ta_bucket_n;   /* num of buckets, should be 2^X */
-    unsigned int ta_entry_n;    /* num of entries in all buckets */
-    unsigned int ta_data_align; /* data alignment value */
-    table_entry_t **ta_buckets; /* array of linked lists */
-    table_linear_t ta_linear;   /* linear tracking */
-    unsigned long ta_file_size; /* size of on-disk space */
-    void *(*ta_malloc)(size_t size);
-    void *(*ta_calloc)(size_t number, size_t size);
-    void *(*ta_realloc)(void *ptr, size_t size);
-    void (*ta_free)(void *ptr);
-};
-
-/* external table structure for debuggers */
-typedef table_t table_ext_t;
-
-/* local comparison functions */
-typedef int (*compare_t) (const void *element1_p, const void *element2_p,
-                          table_compare_t user_compare,
-                          const table_t * table_p);
-
-/*
- * to map error to string
- */
-typedef struct {
-    int es_error;               /* error number */
-    char *es_string;            /* assocaited string */
-} error_str_t;
-
-static error_str_t errors[] =
-{
-    {TABLE_ERROR_NONE, "no error"},
-    {TABLE_ERROR_PNT, "invalid table pointer"},
-    {TABLE_ERROR_ARG_NULL, "buffer argument is null"},
-    {TABLE_ERROR_SIZE, "incorrect size argument"},
-    {TABLE_ERROR_OVERWRITE, "key exists and no overwrite"},
-    {TABLE_ERROR_NOT_FOUND, "key does not exist"},
-    {TABLE_ERROR_ALLOC, "error allocating memory"},
-    {TABLE_ERROR_LINEAR, "linear access not in progress"},
-    {TABLE_ERROR_OPEN, "could not open file"},
-    {TABLE_ERROR_SEEK, "could not seek to position in file"},
-    {TABLE_ERROR_READ, "could not read from file"},
-    {TABLE_ERROR_WRITE, "could not write to file"},
-    {TABLE_ERROR_EMPTY, "table is empty"},
-    {TABLE_ERROR_NOT_EMPTY, "table contains data"},
-    {TABLE_ERROR_ALIGNMENT, "invalid alignment value"},
-    {0}
-};
-
-#define INVALID_ERROR   "invalid error code"
-
-/****************************** local functions ******************************/
-
-/*
- * static table_entry_t *first_entry
- *
- * DESCRIPTION:
- *
- * Return the first entry in the table.  It will set the linear
- * structure counter to the position of the first entry.
- *
- * RETURNS:
- *
- * Success: A pointer to the first entry in the table.
- *
- * Failure: NULL if there is no first entry.
- *
- * ARGUMENTS:
- *
- * table_p - Table whose next entry we are finding.
- *
- * linear_p - Pointer to a linear structure which we will advance and
- * then find the corresponding entry.
- */
-static table_entry_t *first_entry(table_t * table_p,
-                                  table_linear_t * linear_p)
-{
-    table_entry_t *entry_p;
-    unsigned int bucket_c = 0;
-
-    /* look for the first non-empty bucket */
-    for (bucket_c = 0; bucket_c < table_p->ta_bucket_n; bucket_c++) {
-        entry_p = table_p->ta_buckets[bucket_c];
-        if (entry_p != NULL) {
-            if (linear_p != NULL) {
-                linear_p->tl_bucket_c = bucket_c;
-                linear_p->tl_entry_c = 0;
-            }
-            return TABLE_POINTER(table_p, table_entry_t *, entry_p);
-        }
-    }
-
-    return NULL;
-}
-
-/*
- * static table_entry_t *next_entry
- *
- * DESCRIPTION:
- *
- * Return the next entry in the table which is past the position in
- * our linear pointer.  It will advance the linear structure counters.
- *
- * RETURNS:
- *
- * Success: A pointer to the next entry in the table.
- *
- * Failure: NULL.
- *
- * ARGUMENTS:
- *
- * table_p - Table whose next entry we are finding.
- *
- * linear_p - Pointer to a linear structure which we will advance and
- * then find the corresponding entry.
- *
- * error_p - Pointer to an integer which when the routine returns will
- * contain a table error code.
- */
-static table_entry_t *next_entry(table_t * table_p, table_linear_t * linear_p,
-                                 int *error_p)
-{
-    table_entry_t *entry_p;
-    int entry_c;
-
-    /* can't next if we haven't first-ed */
-    if (linear_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_LINEAR;
-        return NULL;
-    }
-
-    if (linear_p->tl_bucket_c >= table_p->ta_bucket_n) {
-        /*
-         * NOTE: this might happen if we delete an item which shortens the
-         * table bucket numbers.
-         */
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_NOT_FOUND;
-        return NULL;
-    }
-
-    linear_p->tl_entry_c++;
-
-    /* find the entry which is the nth in the list */
-    entry_p = table_p->ta_buckets[linear_p->tl_bucket_c];
-    /* NOTE: we swap the order here to be more efficient */
-    for (entry_c = linear_p->tl_entry_c; entry_c > 0; entry_c--) {
-        /* did we reach the end of the list? */
-        if (entry_p == NULL)
-            break;
-        entry_p = TABLE_POINTER(table_p, table_entry_t *, entry_p)->te_next_p;
-    }
-
-    /* did we find an entry in the current bucket? */
-    if (entry_p != NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_NONE;
-        return TABLE_POINTER(table_p, table_entry_t *, entry_p);
-    }
-
-    /* find the first entry in the next non-empty bucket */
-
-    linear_p->tl_entry_c = 0;
-    for (linear_p->tl_bucket_c++; linear_p->tl_bucket_c < table_p->ta_bucket_n;
-         linear_p->tl_bucket_c++) {
-        entry_p = table_p->ta_buckets[linear_p->tl_bucket_c];
-        if (entry_p != NULL) {
-            if (error_p != NULL)
-                *error_p = TABLE_ERROR_NONE;
-            return TABLE_POINTER(table_p, table_entry_t *, entry_p);
-        }
-    }
-
-    if (error_p != NULL)
-        *error_p = TABLE_ERROR_NOT_FOUND;
-    return NULL;
-}
-
-/*
- * static unsigned int hash
- *
- * DESCRIPTION:
- *
- * Hash a variable-length key into a 32-bit value.  Every bit of the
- * key affects every bit of the return value.  Every 1-bit and 2-bit
- * delta achieves avalanche.  About (6 * len + 35) instructions.  The
- * best hash table sizes are powers of 2.  There is no need to use mod
- * (sooo slow!).  If you need less than 32 bits, use a bitmask.  For
- * example, if you need only 10 bits, do h = (h & hashmask(10)); In
- * which case, the hash table should have hashsize(10) elements.
- *
- * By Bob Jenkins, 1996.  bob_jenkins@compuserve.com.  You may use
- * this code any way you wish, private, educational, or commercial.
- * It's free.  See
- * http://ourworld.compuserve.com/homepages/bob_jenkins/evahash.htm
- * Use for hash table lookup, or anything where one collision in 2^^32
- * is acceptable.  Do NOT use for cryptographic purposes.
- *
- * RETURNS:
- *
- * Returns a 32-bit hash value.
- *
- * ARGUMENTS:
- *
- * key - Key (the unaligned variable-length array of bytes) that we
- * are hashing.
- *
- * length - Length of the key in bytes.
- *
- * init_val - Initialization value of the hash if you need to hash a
- * number of strings together.  For instance, if you are hashing N
- * strings (unsigned char **)keys, do it like this:
- *
- * for (i=0, h=0; i= 12; len -= 12) {
-        a += (key_p[0]
-              + ((unsigned long) key_p[1] << 8)
-              + ((unsigned long) key_p[2] << 16)
-              + ((unsigned long) key_p[3] << 24));
-        b += (key_p[4]
-              + ((unsigned long) key_p[5] << 8)
-              + ((unsigned long) key_p[6] << 16)
-              + ((unsigned long) key_p[7] << 24));
-        c += (key_p[8]
-              + ((unsigned long) key_p[9] << 8)
-              + ((unsigned long) key_p[10] << 16)
-              + ((unsigned long) key_p[11] << 24));
-        HASH_MIX(a, b, c);
-        key_p += 12;
-    }
-
-    c += length;
-
-    /* all the case statements fall through to the next */
-    switch (len) {
-    case 11:
-        c += ((unsigned long) key_p[10] << 24);
-    case 10:
-        c += ((unsigned long) key_p[9] << 16);
-    case 9:
-        c += ((unsigned long) key_p[8] << 8);
-        /* the first byte of c is reserved for the length */
-    case 8:
-        b += ((unsigned long) key_p[7] << 24);
-    case 7:
-        b += ((unsigned long) key_p[6] << 16);
-    case 6:
-        b += ((unsigned long) key_p[5] << 8);
-    case 5:
-        b += key_p[4];
-    case 4:
-        a += ((unsigned long) key_p[3] << 24);
-    case 3:
-        a += ((unsigned long) key_p[2] << 16);
-    case 2:
-        a += ((unsigned long) key_p[1] << 8);
-    case 1:
-        a += key_p[0];
-        /* case 0: nothing left to add */
-    }
-    HASH_MIX(a, b, c);
-
-    return c;
-}
-
-/*
- * static int entry_size
- *
- * DESCRIPTION:
- *
- * Calculates the appropriate size of an entry to include the key and
- * data sizes as well as any associated alignment to the data.
- *
- * RETURNS:
- *
- * The associated size of the entry.
- *
- * ARGUMENTS:
- *
- * table_p - Table associated with the entries whose size we are
- * determining.
- *
- * key_size - Size of the entry key.
- *
- * data - Size of the entry data.
- */
-static int entry_size(const table_t * table_p, const unsigned int key_size,
-                      const unsigned int data_size)
-{
-    int size, left;
-
-    /* initial size -- key is already aligned if right after struct */
-    size = sizeof(struct table_shell_st) + key_size;
-
-    /* if there is no alignment then it is easy */
-    if (table_p->ta_data_align == 0)
-        return size + data_size;
-    /* add in our alignement */
-    left = size & (table_p->ta_data_align - 1);
-    if (left > 0)
-        size += table_p->ta_data_align - left;
-    /* we add the data size here after the alignment */
-    size += data_size;
-
-    return size;
-}
-
-/*
- * static unsigned char *entry_data_buf
- *
- * DESCRIPTION:
- *
- * Companion to the ENTRY_DATA_BUF macro but this handles any
- * associated alignment to the data in the entry.
- *
- * RETURNS:
- *
- * Pointer to the data segment of the entry.
- *
- * ARGUMENTS:
- *
- * table_p - Table associated with the entry.
- *
- * entry_p - Entry whose data pointer we are determining.
- */
-static unsigned char *entry_data_buf(const table_t * table_p,
-                                     const table_entry_t * entry_p)
-{
-    const unsigned char *buf_p;
-    int size, pad;
-
-    buf_p = entry_p->te_key_buf + entry_p->te_key_size;
-
-    /* if there is no alignment then it is easy */
-    if (table_p->ta_data_align == 0)
-        return (unsigned char *) buf_p;
-    /* we need the size of the space before the data */
-    size = sizeof(struct table_shell_st) + entry_p->te_key_size;
-
-    /* add in our alignment */
-    pad = size & (table_p->ta_data_align - 1);
-    if (pad > 0)
-        pad = table_p->ta_data_align - pad;
-    return (unsigned char *) buf_p + pad;
-}
-
-/******************************* sort routines *******************************/
-
-/*
- * static int our_compare
- *
- * DESCRIPTION:
- *
- * Compare two entries by calling user's compare program or by using
- * memcmp.
- *
- * RETURNS:
- *
- * < 0, == 0, or > 0 depending on whether p1 is > p2, == p2, < p2.
- *
- * ARGUMENTS:
- *
- * p1 - First entry pointer to compare.
- *
- * p2 - Second entry pointer to compare.
- *
- * compare - User comparison function.  Ignored.
- *
- * table_p - Associated table being ordered.  Ignored.
- */
-static int local_compare(const void *p1, const void *p2,
-                         table_compare_t compare, const table_t * table_p)
-{
-    const table_entry_t *const *ent1_p = p1, *const *ent2_p = p2;
-    int cmp;
-    unsigned int size;
-
-    /* compare as many bytes as we can */
-    size = (*ent1_p)->te_key_size;
-    if ((*ent2_p)->te_key_size < size)
-        size = (*ent2_p)->te_key_size;
-    cmp = memcmp(ENTRY_KEY_BUF(*ent1_p), ENTRY_KEY_BUF(*ent2_p), size);
-    /* if common-size equal, then if next more bytes, it is larger */
-    if (cmp == 0)
-        cmp = (*ent1_p)->te_key_size - (*ent2_p)->te_key_size;
-    return cmp;
-}
-
-/*
- * static int external_compare
- *
- * DESCRIPTION:
- *
- * Compare two entries by calling user's compare program or by using
- * memcmp.
- *
- * RETURNS:
- *
- * < 0, == 0, or > 0 depending on whether p1 is > p2, == p2, < p2.
- *
- * ARGUMENTS:
- *
- * p1 - First entry pointer to compare.
- *
- * p2 - Second entry pointer to compare.
- *
- * user_compare - User comparison function.
- *
- * table_p - Associated table being ordered.
- */
-static int external_compare(const void *p1, const void *p2,
-                            table_compare_t user_compare,
-                            const table_t * table_p)
-{
-    const table_entry_t *const *ent1_p = p1, *const *ent2_p = p2;
-    /* since we know we are not aligned we can use the EXTRY_DATA_BUF macro */
-    return user_compare(ENTRY_KEY_BUF(*ent1_p), (*ent1_p)->te_key_size,
-                        ENTRY_DATA_BUF(table_p, *ent1_p),
-                        (*ent1_p)->te_data_size,
-                        ENTRY_KEY_BUF(*ent2_p), (*ent2_p)->te_key_size,
-                        ENTRY_DATA_BUF(table_p, *ent2_p),
-                        (*ent2_p)->te_data_size);
-}
-
-/*
- * static int external_compare_align
- *
- * DESCRIPTION:
- *
- * Compare two entries by calling user's compare program or by using
- * memcmp.  Alignment information is necessary.
- *
- * RETURNS:
- *
- * < 0, == 0, or > 0 depending on whether p1 is > p2, == p2, < p2.
- *
- * ARGUMENTS:
- *
- * p1 - First entry pointer to compare.
- *
- * p2 - Second entry pointer to compare.
- *
- * user_compare - User comparison function.
- *
- * table_p - Associated table being ordered.
- */
-static int external_compare_align(const void *p1, const void *p2,
-                                  table_compare_t user_compare,
-                                  const table_t * table_p)
-{
-    const table_entry_t *const *ent1_p = p1, *const *ent2_p = p2;
-    /* since we are aligned we have to use the entry_data_buf function */
-    return user_compare(ENTRY_KEY_BUF(*ent1_p), (*ent1_p)->te_key_size,
-                        entry_data_buf(table_p, *ent1_p),
-                        (*ent1_p)->te_data_size,
-                        ENTRY_KEY_BUF(*ent2_p), (*ent2_p)->te_key_size,
-                        entry_data_buf(table_p, *ent2_p),
-                        (*ent2_p)->te_data_size);
-}
-
-/*
- * static void split
- *
- * DESCRIPTION:
- *
- * This sorts an array of longs via the quick sort algorithm (it's
- * pretty quick)
- *
- * RETURNS:
- *
- * None.
- *
- * ARGUMENTS:
- *
- * first_p - Start of the list that we are splitting.
- *
- * last_p - Last entry in the list that we are splitting.
- *
- * compare - Comparison function which is handling the actual
- * elements.  This is either a local function or a function to setup
- * the problem element key and data pointers which then hands off to
- * the user function.
- *
- * user_compare - User comparison function.  Could be NULL if we are
- * just using a local comparison function.
- *
- * table_p - Associated table being sorted.
- */
-static void split(void *first_p, void *last_p, compare_t compare,
-                  table_compare_t user_compare, table_t * table_p)
-{
-    void *pivot_p, *left_p, *right_p, *left_last_p, *right_first_p;
-    void *firsts[MAX_SORT_SPLITS], *lasts[MAX_SORT_SPLITS];
-    int split_c = 0;
-
-    for (;;) {
-
-        /* no need to split the list if it is < 2 elements */
-        while (first_p >= last_p) {
-            if (split_c == 0) {
-                /* we are done */
-                return;
-            }
-            split_c--;
-            first_p = firsts[split_c];
-            last_p = lasts[split_c];
-        }
-
-        left_p = first_p;
-        right_p = last_p;
-        pivot_p = first_p;
-
-        do {
-            /* scan from right hand side */
-            while (right_p > left_p
-                   && compare(right_p, pivot_p, user_compare, table_p) > 0)
-                right_p = (char *) right_p - sizeof(table_entry_t *);
-            /* scan from left hand side */
-            while (right_p > left_p
-                   && compare(pivot_p, left_p, user_compare, table_p) >= 0)
-                left_p = (char *) left_p + sizeof(table_entry_t *);
-            /* if the pointers haven't met then swap values */
-            if (right_p > left_p) {
-                /* swap_bytes(left_p, right_p) */
-                table_entry_t *temp;
-
-                temp = *(table_entry_t **) left_p;
-                *(table_entry_t **) left_p = *(table_entry_t **) right_p;
-                *(table_entry_t **) right_p = temp;
-            }
-        } while (right_p > left_p);
-
-        /* now we swap the pivot with the right-hand side */
-        {
-            /* swap_bytes(pivot_p, right_p); */
-            table_entry_t *temp;
-
-            temp = *(table_entry_t **) pivot_p;
-            *(table_entry_t **) pivot_p = *(table_entry_t **) right_p;
-            *(table_entry_t **) right_p = temp;
-        }
-        pivot_p = right_p;
-
-        /* save the section to the right of the pivot in our stack */
-        right_first_p = (char *) pivot_p + sizeof(table_entry_t *);
-        left_last_p = (char *) pivot_p - sizeof(table_entry_t *);
-
-        /* do we need to save the righthand side? */
-        if (right_first_p < last_p) {
-            if (split_c >= MAX_SORT_SPLITS) {
-                /* sanity check here -- we should never get here */
-                abort();
-            }
-            firsts[split_c] = right_first_p;
-            lasts[split_c] = last_p;
-            split_c++;
-        }
-
-        /* do the left hand side of the pivot */
-        /* first_p = first_p */
-        last_p = left_last_p;
-    }
-}
-
-/*************************** exported routines *******************************/
-
-/*
- * table_t *table_alloc
- *
- * DESCRIPTION:
- *
- * Allocate a new table structure.
- *
- * RETURNS:
- *
- * A pointer to the new table structure which must be passed to
- * table_free to be deallocated.  On error a NULL is returned.
- *
- * ARGUMENTS:
- *
- * bucket_n - Number of buckets for the hash table.  Our current hash
- * value works best with base two numbers.  Set to 0 to take the
- * library default of 1024.
- *
- * error_p - Pointer to an integer which, if not NULL, will contain a
- * table error code.
- *
- * malloc_f, realloc_f, free_f - Pointers to malloc(3)-, realloc(3)-
- * and free(3)-style functions.
- */
-table_t *table_alloc(const unsigned int bucket_n, int *error_p,
-                     void *(*malloc_f)(size_t size),
-                     void *(*calloc_f)(size_t number, size_t size),
-                     void *(*realloc_f)(void *ptr, size_t size),
-                     void (*free_f)(void *ptr))
-{
-    table_t *table_p = NULL;
-    unsigned int buck_n;
-
-    /* allocate a table structure */
-    if (malloc_f != NULL)
-        table_p = malloc_f(sizeof(table_t));
-    else
-        table_p = malloc(sizeof(table_t));
-    if (table_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        return NULL;
-    }
-
-    if (bucket_n > 0)
-        buck_n = bucket_n;
-    else
-        buck_n = DEFAULT_SIZE;
-    /* allocate the buckets which are NULLed */
-    if (calloc_f != NULL)
-        table_p->ta_buckets = (table_entry_t **)calloc_f(buck_n, sizeof(table_entry_t *));
-    else
-        table_p->ta_buckets = (table_entry_t **)calloc(buck_n, sizeof(table_entry_t *));
-    if (table_p->ta_buckets == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        if (free_f != NULL)
-            free_f(table_p);
-        else
-            free(table_p);
-        return NULL;
-    }
-
-    /* initialize structure */
-    table_p->ta_magic = TABLE_MAGIC;
-    table_p->ta_flags = 0;
-    table_p->ta_bucket_n = buck_n;
-    table_p->ta_entry_n = 0;
-    table_p->ta_data_align = 0;
-    table_p->ta_linear.tl_magic = 0;
-    table_p->ta_linear.tl_bucket_c = 0;
-    table_p->ta_linear.tl_entry_c = 0;
-    table_p->ta_file_size = 0;
-    table_p->ta_malloc  = malloc_f  != NULL ? malloc_f  : malloc;
-    table_p->ta_calloc  = calloc_f  != NULL ? calloc_f  : calloc;
-    table_p->ta_realloc = realloc_f != NULL ? realloc_f : realloc;
-    table_p->ta_free    = free_f    != NULL ? free_f    : free;
-
-    if (error_p != NULL)
-        *error_p = TABLE_ERROR_NONE;
-    return table_p;
-}
-
-/*
- * int table_attr
- *
- * DESCRIPTION:
- *
- * Set the attributes for the table.  The available attributes are
- * specified at the top of table.h.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to a table structure which we will be altering.
- *
- * attr - Attribute(s) that we will be applying to the table.
- */
-int table_attr(table_t * table_p, const int attr)
-{
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    table_p->ta_flags = attr;
-
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_set_data_alignment
- *
- * DESCRIPTION:
- *
- * Set the alignment for the data in the table.  For data elements
- * sizeof(long) is recommended unless you use smaller data types
- * exclusively.
- *
- * WARNING: This must be done before any data gets put into the table.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to a table structure which we will be altering.
- *
- * alignment - Alignment requested for the data.  Must be a power of
- * 2.  Set to 0 for none.
- */
-int table_set_data_alignment(table_t * table_p, const int alignment)
-{
-    int val;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (table_p->ta_entry_n > 0)
-        return TABLE_ERROR_NOT_EMPTY;
-    /* defaults */
-    if (alignment < 2)
-        table_p->ta_data_align = 0;
-    else {
-        /* verify we have a base 2 number */
-        for (val = 2; val < MAX_ALIGNMENT; val *= 2) {
-            if (val == alignment)
-                break;
-        }
-        if (val >= MAX_ALIGNMENT)
-            return TABLE_ERROR_ALIGNMENT;
-        table_p->ta_data_align = alignment;
-    }
-
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_clear
- *
- * DESCRIPTION:
- *
- * Clear out and free all elements in a table structure.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer that we will be clearing.
- */
-int table_clear(table_t * table_p)
-{
-    table_entry_t *entry_p, *next_p;
-    table_entry_t **bucket_p, **bounds_p;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    /* free the table allocation and table structure */
-    bounds_p = table_p->ta_buckets + table_p->ta_bucket_n;
-    for (bucket_p = table_p->ta_buckets; bucket_p < bounds_p; bucket_p++) {
-        for (entry_p = *bucket_p; entry_p != NULL; entry_p = next_p) {
-            /* record the next pointer before we free */
-            next_p = entry_p->te_next_p;
-            table_p->ta_free(entry_p);
-        }
-
-        /* clear the bucket entry after we free its entries */
-        *bucket_p = NULL;
-    }
-
-    /* reset table state info */
-    table_p->ta_entry_n = 0;
-    table_p->ta_linear.tl_magic = 0;
-    table_p->ta_linear.tl_bucket_c = 0;
-    table_p->ta_linear.tl_entry_c = 0;
-
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_free
- *
- * DESCRIPTION:
- *
- * Deallocates a table structure.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer that we will be freeing.
- */
-int table_free(table_t * table_p)
-{
-    int ret;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    ret = table_clear(table_p);
-
-    if (table_p->ta_buckets != NULL)
-        table_p->ta_free(table_p->ta_buckets);
-    table_p->ta_magic = 0;
-    table_p->ta_free(table_p);
-
-    return ret;
-}
-
-/*
- * int table_insert_kd
- *
- * DESCRIPTION:
- *
- * Like table_insert except it passes back a pointer to the key and
- * the data buffers after they have been inserted into the table
- * structure.
- *
- * This routine adds a key/data pair both of which are made up of a
- * buffer of bytes and an associated size.  Both the key and the data
- * will be copied into buffers allocated inside the table.  If the key
- * exists already, the associated data will be replaced if the
- * overwrite flag is set, otherwise an error is returned.
- *
- * NOTE: be very careful changing the values since the table library
- * provides the pointers to its memory.  The key can _never_ be
- * changed otherwise you will not find it again.  The data can be
- * changed but its length can never be altered unless you delete and
- * re-insert it into the table.
- *
- * WARNING: The pointers to the key and data are not in any specific
- * alignment.  Accessing the key and/or data as an short, integer, or
- * long pointer directly can cause problems.
- *
- * WARNING: Replacing a data cell (not inserting) will cause the table
- * linked list to be temporarily invalid.  Care must be taken with
- * multiple threaded programs which are relying on the first/next
- * linked list to be always valid.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer into which we will be inserting a
- * new key/data pair.
- *
- * key_buf - Buffer of bytes of the key that we are inserting.  If you
- * are storing an (int) as the key (for example) then key_buf should
- * be a (int *).
- *
- * key_size - Size of the key_buf buffer.  If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'.  If you
- * are storing an (int) as the key (for example) then key_size should
- * be sizeof(int).
- *
- * data_buf - Buffer of bytes of the data that we are inserting.  If
- * it is NULL then the library will allocate space for the data in the
- * table without copying in any information.  If data_buf is NULL and
- * data_size is 0 then the library will associate a NULL data pointer
- * with the key.  If you are storing a (long) as the data (for
- * example) then data_buf should be a (long *).
- *
- * data_size - Size of the data_buf buffer.  If set to < 0 then the
- * library will do a strlen of data_buf and add 1 for the '\0'.  If
- * you are storing an (long) as the key (for example) then key_size
- * should be sizeof(long).
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the key storage that was allocated in the table.  If you are
- * storing an (int) as the key (for example) then key_buf_p should be
- * (int **) i.e. the address of a (int *).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table.  If you are
- * storing an (long) as the data (for example) then data_buf_p should
- * be (long **) i.e. the address of a (long *).
- *
- * overwrite - Flag which, if set to 1, will allow the overwriting of
- * the data in the table with the new data if the key already exists
- * in the table.
- */
-int table_insert_kd(table_t * table_p,
-                    const void *key_buf, const int key_size,
-                    const void *data_buf, const int data_size,
-                    void **key_buf_p, void **data_buf_p,
-                    const char overwrite_b)
-{
-    int bucket;
-    unsigned int ksize, dsize;
-    table_entry_t *entry_p, *last_p;
-    void *key_copy_p, *data_copy_p;
-
-    /* check the arguments */
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (key_buf == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    /* data_buf can be null but size must be >= 0, if it isn't null size != 0 */
-    if ((data_buf == NULL && data_size < 0)
-        || (data_buf != NULL && data_size == 0))
-        return TABLE_ERROR_SIZE;
-    /* determine sizes of key and data */
-    if (key_size < 0)
-        ksize = strlen((char *) key_buf) + sizeof(char);
-    else
-        ksize = key_size;
-    if (data_size < 0)
-        dsize = strlen((char *) data_buf) + sizeof(char);
-    else
-        dsize = data_size;
-    /* get the bucket number via a hash function */
-    bucket = hash(key_buf, ksize, 0) % table_p->ta_bucket_n;
-
-    /* look for the entry in this bucket, only check keys of the same size */
-    last_p = NULL;
-    for (entry_p = table_p->ta_buckets[bucket];
-         entry_p != NULL;
-         last_p = entry_p, entry_p = entry_p->te_next_p) {
-        if (entry_p->te_key_size == ksize
-            && memcmp(ENTRY_KEY_BUF(entry_p), key_buf, ksize) == 0)
-            break;
-    }
-
-    /* did we find it?  then we are in replace mode. */
-    if (entry_p != NULL) {
-
-        /* can we not overwrite existing data? */
-        if (!overwrite_b) {
-            if (key_buf_p != NULL)
-                *key_buf_p = ENTRY_KEY_BUF(entry_p);
-            if (data_buf_p != NULL) {
-                if (entry_p->te_data_size == 0)
-                    *data_buf_p = NULL;
-                else {
-                    if (table_p->ta_data_align == 0)
-                        *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-                    else
-                        *data_buf_p = entry_data_buf(table_p, entry_p);
-                }
-            }
-            return TABLE_ERROR_OVERWRITE;
-        }
-
-        /* re-alloc entry's data if the new size != the old */
-        if (dsize != entry_p->te_data_size) {
-
-            /*
-             * First we delete it from the list to keep the list whole.
-             * This properly preserves the linked list in case we have a
-             * thread marching through the linked list while we are
-             * inserting.  Maybe this is an unnecessary protection but it
-             * should not harm that much.
-             */
-            if (last_p == NULL)
-                table_p->ta_buckets[bucket] = entry_p->te_next_p;
-            else
-                last_p->te_next_p = entry_p->te_next_p;
-            /*
-             * Realloc the structure which may change its pointer. NOTE:
-             * this may change any previous data_key_p and data_copy_p
-             * pointers.
-             */
-            entry_p = (table_entry_t *) table_p->ta_realloc(entry_p,
-                                                entry_size(table_p,
-                                                       entry_p->te_key_size,
-                                                           dsize));
-            if (entry_p == NULL)
-                return TABLE_ERROR_ALLOC;
-            /* add it back to the front of the list */
-            entry_p->te_data_size = dsize;
-            entry_p->te_next_p = table_p->ta_buckets[bucket];
-            table_p->ta_buckets[bucket] = entry_p;
-        }
-
-        /* copy or replace data in storage */
-        if (dsize > 0) {
-            if (table_p->ta_data_align == 0)
-                data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                data_copy_p = entry_data_buf(table_p, entry_p);
-            if (data_buf != NULL)
-                memcpy(data_copy_p, data_buf, dsize);
-        }
-        else
-            data_copy_p = NULL;
-        if (key_buf_p != NULL)
-            *key_buf_p = ENTRY_KEY_BUF(entry_p);
-        if (data_buf_p != NULL)
-            *data_buf_p = data_copy_p;
-        /* returning from the section where we were overwriting table data */
-        return TABLE_ERROR_NONE;
-    }
-
-    /*
-     * It is a new entry.
-     */
-
-    /* allocate a new entry */
-    entry_p = (table_entry_t *) table_p->ta_malloc(entry_size(table_p, ksize, dsize));
-    if (entry_p == NULL)
-        return TABLE_ERROR_ALLOC;
-    /* copy key into storage */
-    entry_p->te_key_size = ksize;
-    key_copy_p = ENTRY_KEY_BUF(entry_p);
-    memcpy(key_copy_p, key_buf, ksize);
-
-    /* copy data in */
-    entry_p->te_data_size = dsize;
-    if (dsize > 0) {
-        if (table_p->ta_data_align == 0)
-            data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
-        else
-            data_copy_p = entry_data_buf(table_p, entry_p);
-        if (data_buf != NULL)
-            memcpy(data_copy_p, data_buf, dsize);
-    }
-    else
-        data_copy_p = NULL;
-    if (key_buf_p != NULL)
-        *key_buf_p = key_copy_p;
-    if (data_buf_p != NULL)
-        *data_buf_p = data_copy_p;
-    /* insert into list, no need to append */
-    entry_p->te_next_p = table_p->ta_buckets[bucket];
-    table_p->ta_buckets[bucket] = entry_p;
-
-    table_p->ta_entry_n++;
-
-    /* do we need auto-adjust? */
-    if (table_p->ta_flags & TABLE_FLAG_AUTO_ADJUST
-        && SHOULD_TABLE_GROW(table_p))
-        return table_adjust(table_p, table_p->ta_entry_n);
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_insert
- *
- * DESCRIPTION:
- *
- * Exactly the same as table_insert_kd except it does not pass back a
- * pointer to the key after they have been inserted into the table
- * structure.  This is still here for backwards compatibility.
- *
- * See table_insert_kd for more information.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer into which we will be inserting a
- * new key/data pair.
- *
- * key_buf - Buffer of bytes of the key that we are inserting.  If you
- * are storing an (int) as the key (for example) then key_buf should
- * be a (int *).
- *
- * key_size - Size of the key_buf buffer.  If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'.  If you
- * are storing an (int) as the key (for example) then key_size should
- * be sizeof(int).
- *
- * data_buf - Buffer of bytes of the data that we are inserting.  If
- * it is NULL then the library will allocate space for the data in the
- * table without copying in any information.  If data_buf is NULL and
- * data_size is 0 then the library will associate a NULL data pointer
- * with the key.  If you are storing a (long) as the data (for
- * example) then data_buf should be a (long *).
- *
- * data_size - Size of the data_buf buffer.  If set to < 0 then the
- * library will do a strlen of data_buf and add 1 for the '\0'.  If
- * you are storing an (long) as the key (for example) then key_size
- * should be sizeof(long).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table.  If you are
- * storing an (long) as the data (for example) then data_buf_p should
- * be (long **) i.e. the address of a (long *).
- *
- * overwrite - Flag which, if set to 1, will allow the overwriting of
- * the data in the table with the new data if the key already exists
- * in the table.
- */
-int table_insert(table_t * table_p,
-                 const void *key_buf, const int key_size,
-                 const void *data_buf, const int data_size,
-                 void **data_buf_p, const char overwrite_b)
-{
-    return table_insert_kd(table_p, key_buf, key_size, data_buf, data_size,
-                           NULL, data_buf_p, overwrite_b);
-}
-
-/*
- * int table_retrieve
- *
- * DESCRIPTION:
- *
- * This routine looks up a key made up of a buffer of bytes and an
- * associated size in the table.  If found then it returns the
- * associated data information.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer into which we will be searching
- * for the key.
- *
- * key_buf - Buffer of bytes of the key that we are searching for.  If
- * you are looking for an (int) as the key (for example) then key_buf
- * should be a (int *).
- *
- * key_size - Size of the key_buf buffer.  If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'.  If you
- * are looking for an (int) as the key (for example) then key_size
- * should be sizeof(int).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table and that is
- * associated with the key.  If a (long) was stored as the data (for
- * example) then data_buf_p should be (long **) i.e. the address of a
- * (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data stored in the table that is associated with
- * the key.
- */
-int table_retrieve(table_t * table_p,
-                   const void *key_buf, const int key_size,
-                   void **data_buf_p, int *data_size_p)
-{
-    int bucket;
-    unsigned int ksize;
-    table_entry_t *entry_p, **buckets;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (key_buf == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    /* find key size */
-    if (key_size < 0)
-        ksize = strlen((char *) key_buf) + sizeof(char);
-    else
-        ksize = key_size;
-    /* get the bucket number via a has function */
-    bucket = hash(key_buf, ksize, 0) % table_p->ta_bucket_n;
-
-    /* look for the entry in this bucket, only check keys of the same size */
-    buckets = table_p->ta_buckets;
-    for (entry_p = buckets[bucket];
-         entry_p != NULL;
-         entry_p = entry_p->te_next_p) {
-        entry_p = TABLE_POINTER(table_p, table_entry_t *, entry_p);
-        if (entry_p->te_key_size == ksize
-            && memcmp(ENTRY_KEY_BUF(entry_p), key_buf, ksize) == 0)
-            break;
-    }
-
-    /* not found? */
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_delete
- *
- * DESCRIPTION:
- *
- * This routine looks up a key made up of a buffer of bytes and an
- * associated size in the table.  If found then it will be removed
- * from the table.  The associated data can be passed back to the user
- * if requested.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * NOTE: this could be an allocation error if the library is to return
- * the data to the user.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we will be deleteing
- * the key.
- *
- * key_buf - Buffer of bytes of the key that we are searching for to
- * delete.  If you are deleting an (int) key (for example) then
- * key_buf should be a (int *).
- *
- * key_size - Size of the key_buf buffer.  If set to < 0 then the
- * library will do a strlen of key_buf and add 1 for the '\0'.  If you
- * are deleting an (int) key (for example) then key_size should be
- * sizeof(int).
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table and that was
- * associated with the key.  If a (long) was stored as the data (for
- * example) then data_buf_p should be (long **) i.e. the address of a
- * (long *).  If a pointer is passed in, the caller is responsible for
- * freeing it after use.  If data_buf_p is NULL then the library will
- * free up the data allocation itself.
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that was stored in the table and that was
- * associated with the key.
- */
-int table_delete(table_t * table_p,
-                 const void *key_buf, const int key_size,
-                 void **data_buf_p, int *data_size_p)
-{
-    int bucket;
-    unsigned int ksize;
-    unsigned char *data_copy_p;
-    table_entry_t *entry_p, *last_p;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (key_buf == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    /* get the key size */
-    if (key_size < 0)
-        ksize = strlen((char *) key_buf) + sizeof(char);
-    else
-        ksize = key_size;
-    /* find our bucket */
-    bucket = hash(key_buf, ksize, 0) % table_p->ta_bucket_n;
-
-    /* look for the entry in this bucket, only check keys of the same size */
-    for (last_p = NULL, entry_p = table_p->ta_buckets[bucket]; entry_p != NULL;
-         last_p = entry_p, entry_p = entry_p->te_next_p) {
-        if (entry_p->te_key_size == ksize
-            && memcmp(ENTRY_KEY_BUF(entry_p), key_buf, ksize) == 0)
-            break;
-    }
-
-    /* did we find it? */
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    /*
-     * NOTE: we may want to adjust the linear counters here if the entry
-     * we are deleting is the one we are pointing on or is ahead of the
-     * one in the bucket list
-     */
-
-    /* remove entry from the linked list */
-    if (last_p == NULL)
-        table_p->ta_buckets[bucket] = entry_p->te_next_p;
-    else
-        last_p->te_next_p = entry_p->te_next_p;
-    /* free entry */
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            /*
-             * if we were storing it compacted, we now need to malloc some
-             * space if the user wants the value after the delete.
-             */
-            *data_buf_p = table_p->ta_malloc(entry_p->te_data_size);
-            if (*data_buf_p == NULL)
-                return TABLE_ERROR_ALLOC;
-            if (table_p->ta_data_align == 0)
-                data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                data_copy_p = entry_data_buf(table_p, entry_p);
-            memcpy(*data_buf_p, data_copy_p, entry_p->te_data_size);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    table_p->ta_free(entry_p);
-
-    table_p->ta_entry_n--;
-
-    /* do we need auto-adjust down? */
-    if ((table_p->ta_flags & TABLE_FLAG_AUTO_ADJUST)
-        && (table_p->ta_flags & TABLE_FLAG_ADJUST_DOWN)
-        && SHOULD_TABLE_SHRINK(table_p))
-        return table_adjust(table_p, table_p->ta_entry_n);
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_delete_first
- *
- * DESCRIPTION:
- *
- * This is like the table_delete routines except it deletes the first
- * key/data pair in the table instead of an entry corresponding to a
- * particular key.  The associated key and data information can be
- * passed back to the user if requested.  This routines is handy to
- * clear out a table.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * NOTE: this could be an allocation error if the library is to return
- * the data to the user.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we will be deleteing
- * the first key.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the first key that was allocated in the table.
- * If an (int) was stored as the first key (for example) then
- * key_buf_p should be (int **) i.e. the address of a (int *).  If a
- * pointer is passed in, the caller is responsible for freeing it
- * after use.  If key_buf_p is NULL then the library will free up the
- * key allocation itself.
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that was stored in the table and that was
- * associated with the key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that was allocated in the table and that was
- * associated with the key.  If a (long) was stored as the data (for
- * example) then data_buf_p should be (long **) i.e. the address of a
- * (long *).  If a pointer is passed in, the caller is responsible for
- * freeing it after use.  If data_buf_p is NULL then the library will
- * free up the data allocation itself.
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that was stored in the table and that was
- * associated with the key.
- */
-int table_delete_first(table_t * table_p,
-                       void **key_buf_p, int *key_size_p,
-                       void **data_buf_p, int *data_size_p)
-{
-    unsigned char *data_copy_p;
-    table_entry_t *entry_p;
-    table_linear_t linear;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    /* take the first entry */
-    entry_p = first_entry(table_p, &linear);
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    /*
-     * NOTE: we may want to adjust the linear counters here if the entry
-     * we are deleting is the one we are pointing on or is ahead of the
-     * one in the bucket list
-     */
-
-    /* remove entry from the linked list */
-    table_p->ta_buckets[linear.tl_bucket_c] = entry_p->te_next_p;
-
-    /* free entry */
-    if (key_buf_p != NULL) {
-        if (entry_p->te_key_size == 0)
-            *key_buf_p = NULL;
-        else {
-            /*
-             * if we were storing it compacted, we now need to malloc some
-             * space if the user wants the value after the delete.
-             */
-            *key_buf_p = table_p->ta_malloc(entry_p->te_key_size);
-            if (*key_buf_p == NULL)
-                return TABLE_ERROR_ALLOC;
-            memcpy(*key_buf_p, ENTRY_KEY_BUF(entry_p), entry_p->te_key_size);
-        }
-    }
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            /*
-             * if we were storing it compacted, we now need to malloc some
-             * space if the user wants the value after the delete.
-             */
-            *data_buf_p = table_p->ta_malloc(entry_p->te_data_size);
-            if (*data_buf_p == NULL)
-                return TABLE_ERROR_ALLOC;
-            if (table_p->ta_data_align == 0)
-                data_copy_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                data_copy_p = entry_data_buf(table_p, entry_p);
-            memcpy(*data_buf_p, data_copy_p, entry_p->te_data_size);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    table_p->ta_free(entry_p);
-
-    table_p->ta_entry_n--;
-
-    /* do we need auto-adjust down? */
-    if ((table_p->ta_flags & TABLE_FLAG_AUTO_ADJUST)
-        && (table_p->ta_flags & TABLE_FLAG_ADJUST_DOWN)
-        && SHOULD_TABLE_SHRINK(table_p))
-        return table_adjust(table_p, table_p->ta_entry_n);
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_info
- *
- * DESCRIPTION:
- *
- * Get some information about a table_p structure.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting
- * information.
- *
- * num_buckets_p - Pointer to an integer which, if not NULL, will
- * contain the number of buckets in the table.
- *
- * num_entries_p - Pointer to an integer which, if not NULL, will
- * contain the number of entries stored in the table.
- */
-int table_info(table_t * table_p, int *num_buckets_p, int *num_entries_p)
-{
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (num_buckets_p != NULL)
-        *num_buckets_p = table_p->ta_bucket_n;
-    if (num_entries_p != NULL)
-        *num_entries_p = table_p->ta_entry_n;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_adjust
- *
- * DESCRIPTION:
- *
- * Set the number of buckets in a table to a certain value.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer of which we are adjusting.
- *
- * bucket_n - Number buckets to adjust the table to.  Set to 0 to
- * adjust the table to its number of entries.
- */
-int table_adjust(table_t * table_p, const int bucket_n)
-{
-    table_entry_t *entry_p, *next_p;
-    table_entry_t **buckets, **bucket_p, **bounds_p;
-    int bucket;
-    unsigned int buck_n;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    /*
-     * NOTE: we walk through the entries and rehash them.  If we stored
-     * the hash value as a full int in the table-entry, all we would
-     * have to do is remod it.
-     */
-
-    /* normalize to the number of entries */
-    if (bucket_n == 0)
-        buck_n = table_p->ta_entry_n;
-    else
-        buck_n = bucket_n;
-    /* we must have at least 1 bucket */
-    if (buck_n == 0)
-        buck_n = 1;
-    /* make sure we have somethign to do */
-    if (buck_n == table_p->ta_bucket_n)
-        return TABLE_ERROR_NONE;
-    /* allocate a new bucket list */
-    if ((buckets = (table_entry_t **) table_p->ta_calloc(buck_n, sizeof(table_entry_t *))) == NULL)
-        return TABLE_ERROR_ALLOC;
-    if (table_p->ta_buckets == NULL)
-        return TABLE_ERROR_ALLOC;
-    /*
-     * run through each of the items in the current table and rehash
-     * them into the newest bucket sizes
-     */
-    bounds_p = table_p->ta_buckets + table_p->ta_bucket_n;
-    for (bucket_p = table_p->ta_buckets; bucket_p < bounds_p; bucket_p++) {
-        for (entry_p = *bucket_p; entry_p != NULL; entry_p = next_p) {
-
-            /* hash the old data into the new table size */
-            bucket = hash(ENTRY_KEY_BUF(entry_p), entry_p->te_key_size, 0) % buck_n;
-
-            /* record the next one now since we overwrite next below */
-            next_p = entry_p->te_next_p;
-
-            /* insert into new list, no need to append */
-            entry_p->te_next_p = buckets[bucket];
-            buckets[bucket] = entry_p;
-
-            /*
-             * NOTE: we may want to adjust the bucket_c linear entry here to
-             * keep it current
-             */
-        }
-        /* remove the old table pointers as we go by */
-        *bucket_p = NULL;
-    }
-
-    /* replace the table buckets with the new ones */
-    table_p->ta_free(table_p->ta_buckets);
-    table_p->ta_buckets = buckets;
-    table_p->ta_bucket_n = buck_n;
-
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * const char *table_strerror
- *
- * DESCRIPTION:
- *
- * Return the corresponding string for the error number.
- *
- * RETURNS:
- *
- * Success - String equivalient of the error.
- *
- * Failure - String "invalid error code"
- *
- * ARGUMENTS:
- *
- * error - Error number that we are converting.
- */
-const char *table_strerror(const int error)
-{
-    error_str_t *err_p;
-
-    for (err_p = errors; err_p->es_error != 0; err_p++) {
-        if (err_p->es_error == error)
-            return err_p->es_string;
-    }
-
-    return INVALID_ERROR;
-}
-
-/*
- * int table_type_size
- *
- * DESCRIPTION:
- *
- * Return the size of the internal table type.
- *
- * RETURNS:
- *
- * The size of the table_t type.
- *
- * ARGUMENTS:
- *
- * None.
- */
-int table_type_size(void)
-{
-    return sizeof(table_t);
-}
-
-/************************* linear access routines ****************************/
-
-/*
- * int table_first
- *
- * DESCRIPTION:
- *
- * Find first element in a table and pass back information about the
- * key/data pair.  If any of the key/data pointers are NULL then they
- * are ignored.
- *
- * NOTE: This function is not reentrant.  More than one thread cannot
- * be doing a first and next on the same table at the same time.  Use
- * the table_first_r version below for this.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * first element.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the first key that is allocated in the table.  If
- * an (int) is stored as the first key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the first key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the first key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the first key.
- */
-int table_first(table_t * table_p,
-                void **key_buf_p, int *key_size_p,
-                void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    /* initialize our linear magic number */
-    table_p->ta_linear.tl_magic = LINEAR_MAGIC;
-
-    entry_p = first_entry(table_p, &table_p->ta_linear);
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_next
- *
- * DESCRIPTION:
- *
- * Find the next element in a table and pass back information about
- * the key/data pair.  If any of the key/data pointers are NULL then
- * they are ignored.
- *
- * NOTE: This function is not reentrant.  More than one thread cannot
- * be doing a first and next on the same table at the same time.  Use
- * the table_next_r version below for this.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * next element.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the next key that is allocated in the table.  If
- * an (int) is stored as the next key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the next key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the next key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the next key.
- */
-int table_next(table_t * table_p,
-               void **key_buf_p, int *key_size_p,
-               void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-    int error;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (table_p->ta_linear.tl_magic != LINEAR_MAGIC)
-        return TABLE_ERROR_LINEAR;
-    /* move to the next entry */
-    entry_p = next_entry(table_p, &table_p->ta_linear, &error);
-    if (entry_p == NULL)
-        return error;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_this
- *
- * DESCRIPTION:
- *
- * Find the current element in a table and pass back information about
- * the key/data pair.  If any of the key/data pointers are NULL then
- * they are ignored.
- *
- * NOTE: This function is not reentrant.  Use the table_current_r
- * version below.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * current element.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the current key that is allocated in the table.
- * If an (int) is stored as the current key (for example) then
- * key_buf_p should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the current key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the current key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the current key.
- */
-int table_this(table_t * table_p,
-               void **key_buf_p, int *key_size_p,
-               void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p = NULL;
-    int entry_c;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (table_p->ta_linear.tl_magic != LINEAR_MAGIC)
-        return TABLE_ERROR_LINEAR;
-    /* if we removed an item that shorted the bucket list, we may get this */
-    if (table_p->ta_linear.tl_bucket_c >= table_p->ta_bucket_n) {
-        /*
-         * NOTE: this might happen if we delete an item which shortens the
-         * table bucket numbers.
-         */
-        return TABLE_ERROR_NOT_FOUND;
-    }
-
-    /* find the entry which is the nth in the list */
-    entry_p = table_p->ta_buckets[table_p->ta_linear.tl_bucket_c];
-    /* NOTE: we swap the order here to be more efficient */
-    for (entry_c = table_p->ta_linear.tl_entry_c; entry_c > 0; entry_c--) {
-        /* did we reach the end of the list? */
-        if (entry_p == NULL)
-            break;
-        entry_p = TABLE_POINTER(table_p, table_entry_t *, entry_p)->te_next_p;
-    }
-
-    /* is this a NOT_FOUND or a LINEAR error */
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_first_r
- *
- * DESCRIPTION:
- *
- * Reetrant version of the table_first routine above.  Find first
- * element in a table and pass back information about the key/data
- * pair.  If any of the key/data pointers are NULL then they are
- * ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * first element.
- *
- * linear_p - Pointer to a table linear structure which is initialized
- * here.  The same pointer should then be passed to table_next_r
- * below.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the first key that is allocated in the table.  If
- * an (int) is stored as the first key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the first key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the first key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the first key.
- */
-int table_first_r(table_t * table_p, table_linear_t * linear_p,
-                  void **key_buf_p, int *key_size_p,
-                  void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (linear_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    /* initialize our linear magic number */
-    linear_p->tl_magic = LINEAR_MAGIC;
-
-    entry_p = first_entry(table_p, linear_p);
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_next_r
- *
- * DESCRIPTION:
- *
- * Reetrant version of the table_next routine above.  Find next
- * element in a table and pass back information about the key/data
- * pair.  If any of the key/data pointers are NULL then they are
- * ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * next element.
- *
- * linear_p - Pointer to a table linear structure which is incremented
- * here.  The same pointer must have been passed to table_first_r
- * first so that it can be initialized.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the next key that is allocated in the table.  If
- * an (int) is stored as the next key (for example) then key_buf_p
- * should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL will be set
- * to the size of the key that is stored in the table and that is
- * associated with the next key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the next key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the next key.
- */
-int table_next_r(table_t * table_p, table_linear_t * linear_p,
-                 void **key_buf_p, int *key_size_p,
-                 void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-    int error;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (linear_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (linear_p->tl_magic != LINEAR_MAGIC)
-        return TABLE_ERROR_LINEAR;
-    /* move to the next entry */
-    entry_p = next_entry(table_p, linear_p, &error);
-    if (entry_p == NULL)
-        return error;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/*
- * int table_this_r
- *
- * DESCRIPTION:
- *
- * Reetrant version of the table_this routine above.  Find current
- * element in a table and pass back information about the key/data
- * pair.  If any of the key/data pointers are NULL then they are
- * ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * current element.
- *
- * linear_p - Pointer to a table linear structure which is accessed
- * here.  The same pointer must have been passed to table_first_r
- * first so that it can be initialized.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of the current key that is allocated in the table.
- * If an (int) is stored as the current key (for example) then
- * key_buf_p should be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table and that is
- * associated with the current key.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage that is allocated in the table and that is
- * associated with the current key.  If a (long) is stored as the data
- * (for example) then data_buf_p should be (long **) i.e. the address
- * of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table and that is
- * associated with the current key.
- */
-int table_this_r(table_t * table_p, table_linear_t * linear_p,
-                 void **key_buf_p, int *key_size_p,
-                 void **data_buf_p, int *data_size_p)
-{
-    table_entry_t *entry_p;
-    int entry_c;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (linear_p->tl_magic != LINEAR_MAGIC)
-        return TABLE_ERROR_LINEAR;
-    /* if we removed an item that shorted the bucket list, we may get this */
-    if (linear_p->tl_bucket_c >= table_p->ta_bucket_n) {
-        /*
-         * NOTE: this might happen if we delete an item which shortens the
-         * table bucket numbers.
-         */
-        return TABLE_ERROR_NOT_FOUND;
-    }
-
-    /* find the entry which is the nth in the list */
-    for (entry_c = linear_p->tl_entry_c,
-         entry_p = table_p->ta_buckets[linear_p->tl_bucket_c];
-         entry_p != NULL && entry_c > 0;
-         entry_c--, entry_p = TABLE_POINTER(table_p, table_entry_t *,
-                                            entry_p)->te_next_p) {
-    }
-
-    if (entry_p == NULL)
-        return TABLE_ERROR_NOT_FOUND;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
-
-/******************************* file routines *******************************/
-
-/*
- * int table_read
- *
- * DESCRIPTION:
- *
- * Read in a table from a file that had been written to disk earlier
- * via table_write.
- *
- * RETURNS:
- *
- * Success - Pointer to the new table structure which must be passed
- * to table_free to be deallocated.
- *
- * Failure - NULL
- *
- * ARGUMENTS:
- *
- * path - Table file to read in.
- *
- * error_p - Pointer to an integer which, if not NULL, will contain a
- * table error code.
- */
-table_t *table_read(const char *path, int *error_p,
-                    void *(*malloc_f)(size_t size),
-                    void *(*calloc_f)(size_t number, size_t size),
-                    void *(*realloc_f)(void *ptr, size_t size),
-                    void (*free_f)(void *ptr))
-{
-    unsigned int size;
-    int fd, ent_size;
-    FILE *infile;
-    table_entry_t entry, **bucket_p, *entry_p = NULL, *last_p;
-    unsigned long pos;
-    table_t *table_p;
-
-    /* open the file */
-    fd = open(path, O_RDONLY, 0);
-    if (fd < 0) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_OPEN;
-        return NULL;
-    }
-
-    /* allocate a table structure */
-    if (malloc_f != NULL)
-        table_p = malloc_f(sizeof(table_t));
-    else
-        table_p = malloc(sizeof(table_t));
-    if (table_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        return NULL;
-    }
-
-    /* now open the fd to get buffered i/o */
-    infile = fdopen(fd, "r");
-    if (infile == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_OPEN;
-        return NULL;
-    }
-
-    /* read the main table struct */
-    if (fread(table_p, sizeof(table_t), 1, infile) != 1) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_READ;
-        if (free_f != NULL)
-            free_f(table_p);
-        else
-            free(table_p);
-        return NULL;
-    }
-    table_p->ta_file_size = 0;
-
-    table_p->ta_malloc  = malloc_f  != NULL ? malloc_f  : malloc;
-    table_p->ta_calloc  = calloc_f  != NULL ? calloc_f  : calloc;
-    table_p->ta_realloc = realloc_f != NULL ? realloc_f : realloc;
-    table_p->ta_free    = free_f    != NULL ? free_f    : free;
-
-    /* is the file contain bad info or maybe another system type? */
-    if (table_p->ta_magic != TABLE_MAGIC) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_PNT;
-        return NULL;
-    }
-
-    /* allocate the buckets */
-    table_p->ta_buckets = (table_entry_t **)table_p->ta_calloc(table_p->ta_bucket_n, sizeof(table_entry_t *));
-    if (table_p->ta_buckets == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        table_p->ta_free(table_p);
-        return NULL;
-    }
-
-    if (fread(table_p->ta_buckets, sizeof(table_entry_t *), table_p->ta_bucket_n,
-              infile) != (size_t) table_p->ta_bucket_n) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_READ;
-        table_p->ta_free(table_p->ta_buckets);
-        table_p->ta_free(table_p);
-        return NULL;
-    }
-
-    /* read in the entries */
-    for (bucket_p = table_p->ta_buckets;
-         bucket_p < table_p->ta_buckets + table_p->ta_bucket_n;
-         bucket_p++) {
-
-        /* skip null buckets */
-        if (*bucket_p == NULL)
-            continue;
-        /* run through the entry list */
-        last_p = NULL;
-        for (pos = *(unsigned long *) bucket_p;;
-             pos = (unsigned long) entry_p->te_next_p) {
-
-            /* read in the entry */
-            if (fseek(infile, pos, SEEK_SET) != 0) {
-                if (error_p != NULL)
-                    *error_p = TABLE_ERROR_SEEK;
-                table_p->ta_free(table_p->ta_buckets);
-                if (entry_p != NULL)
-                    table_p->ta_free(entry_p);
-                table_p->ta_free(table_p);
-                /* the other table elements will not be freed */
-                return NULL;
-            }
-            if (fread(&entry, sizeof(struct table_shell_st), 1, infile) != 1) {
-                if (error_p != NULL)
-                    *error_p = TABLE_ERROR_READ;
-                table_p->ta_free(table_p->ta_buckets);
-                if (entry_p != NULL)
-                    table_p->ta_free(entry_p);
-                table_p->ta_free(table_p);
-                /* the other table elements will not be freed */
-                return NULL;
-            }
-
-            /* make a new entry */
-            ent_size = entry_size(table_p, entry.te_key_size, entry.te_data_size);
-            entry_p = (table_entry_t *)table_p->ta_malloc(ent_size);
-            if (entry_p == NULL) {
-                if (error_p != NULL)
-                    *error_p = TABLE_ERROR_ALLOC;
-                table_p->ta_free(table_p->ta_buckets);
-                table_p->ta_free(table_p);
-                /* the other table elements will not be freed */
-                return NULL;
-            }
-            entry_p->te_key_size = entry.te_key_size;
-            entry_p->te_data_size = entry.te_data_size;
-            entry_p->te_next_p = entry.te_next_p;
-
-            if (last_p == NULL)
-                *bucket_p = entry_p;
-            else
-                last_p->te_next_p = entry_p;
-            /* determine how much more we have to read */
-            size = ent_size - sizeof(struct table_shell_st);
-            if (fread(ENTRY_KEY_BUF(entry_p), sizeof(char), size, infile) != size) {
-                if (error_p != NULL)
-                    *error_p = TABLE_ERROR_READ;
-                table_p->ta_free(table_p->ta_buckets);
-                table_p->ta_free(entry_p);
-                table_p->ta_free(table_p);
-                /* the other table elements will not be freed */
-                return NULL;
-            }
-
-            /* we are done if the next pointer is null */
-            if (entry_p->te_next_p == (unsigned long) 0)
-                break;
-            last_p = entry_p;
-        }
-    }
-
-    (void) fclose(infile);
-
-    if (error_p != NULL)
-        *error_p = TABLE_ERROR_NONE;
-    return table_p;
-}
-
-/*
- * int table_write
- *
- * DESCRIPTION:
- *
- * Write a table from memory to file.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to the table that we are writing to the file.
- *
- * path - Table file to write out to.
- *
- * mode - Mode of the file.  This argument is passed on to open when
- * the file is created.
- */
-int table_write(const table_t * table_p, const char *path, const int mode)
-{
-    int fd, rem, ent_size;
-    unsigned int bucket_c;
-    unsigned long size;
-    table_entry_t *entry_p, **buckets, **bucket_p, *next_p;
-    table_t tmain;
-    FILE *outfile;
-
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    fd = open(path, O_WRONLY | O_CREAT, mode);
-    if (fd < 0)
-        return TABLE_ERROR_OPEN;
-    outfile = fdopen(fd, "w");
-    if (outfile == NULL)
-        return TABLE_ERROR_OPEN;
-    /* allocate a block of sizes for each bucket */
-    buckets = (table_entry_t **) table_p->ta_malloc(sizeof(table_entry_t *) *
-                                        table_p->ta_bucket_n);
-    if (buckets == NULL)
-        return TABLE_ERROR_ALLOC;
-    /* make a copy of the tmain struct */
-    tmain = *table_p;
-
-    /* start counting the bytes */
-    size = 0;
-    size += sizeof(table_t);
-
-    /* buckets go right after tmain struct */
-    tmain.ta_buckets = (table_entry_t **) size;
-    size += sizeof(table_entry_t *) * table_p->ta_bucket_n;
-
-    /* run through and count the buckets */
-    for (bucket_c = 0; bucket_c < table_p->ta_bucket_n; bucket_c++) {
-        bucket_p = table_p->ta_buckets + bucket_c;
-        if (*bucket_p == NULL) {
-            buckets[bucket_c] = NULL;
-            continue;
-        }
-        buckets[bucket_c] = (table_entry_t *) size;
-        for (entry_p = *bucket_p; entry_p != NULL; entry_p = entry_p->te_next_p) {
-            size += entry_size(table_p, entry_p->te_key_size, entry_p->te_data_size);
-            /*
-             * We now have to round the file to the nearest long so the
-             * mmaping of the longs in the entry structs will work.
-             */
-            rem = size & (sizeof(long) - 1);
-            if (rem > 0)
-                size += sizeof(long) - rem;
-        }
-    }
-    /* add a \0 at the end to fill the last section */
-    size++;
-
-    /* set the tmain fields */
-    tmain.ta_linear.tl_magic = 0;
-    tmain.ta_linear.tl_bucket_c = 0;
-    tmain.ta_linear.tl_entry_c = 0;
-    tmain.ta_file_size = size;
-
-    /*
-     * Now we can start the writing because we got the bucket offsets.
-     */
-
-    /* write the tmain table struct */
-    size = 0;
-    if (fwrite(&tmain, sizeof(table_t), 1, outfile) != 1) {
-        table_p->ta_free(buckets);
-        return TABLE_ERROR_WRITE;
-    }
-    size += sizeof(table_t);
-    if (fwrite(buckets, sizeof(table_entry_t *), table_p->ta_bucket_n,
-               outfile) != (size_t) table_p->ta_bucket_n) {
-        table_p->ta_free(buckets);
-        return TABLE_ERROR_WRITE;
-    }
-    size += sizeof(table_entry_t *) * table_p->ta_bucket_n;
-
-    /* write out the entries */
-    for (bucket_p = table_p->ta_buckets;
-         bucket_p < table_p->ta_buckets + table_p->ta_bucket_n;
-         bucket_p++) {
-        for (entry_p = *bucket_p; entry_p != NULL; entry_p = entry_p->te_next_p) {
-
-            ent_size = entry_size(table_p, entry_p->te_key_size,
-                                  entry_p->te_data_size);
-            size += ent_size;
-            /* round to nearest long here so we can write copy */
-            rem = size & (sizeof(long) - 1);
-            if (rem > 0)
-                size += sizeof(long) - rem;
-            next_p = entry_p->te_next_p;
-            if (next_p != NULL)
-                entry_p->te_next_p = (table_entry_t *) size;
-            /* now write to disk */
-            if (fwrite(entry_p, ent_size, 1, outfile) != 1) {
-                table_p->ta_free(buckets);
-                return TABLE_ERROR_WRITE;
-            }
-
-            /* restore the next pointer */
-            if (next_p != NULL)
-                entry_p->te_next_p = next_p;
-            /* now write the padding information */
-            if (rem > 0) {
-                rem = sizeof(long) - rem;
-                /*
-                 * NOTE: this won't leave fseek'd space at the end but we
-                 * don't care there because there is no accessed memory
-                 * afterwards.  We write 1 \0 at the end to make sure.
-                 */
-                if (fseek(outfile, rem, SEEK_CUR) != 0) {
-                    table_p->ta_free(buckets);
-                    return TABLE_ERROR_SEEK;
-                }
-            }
-        }
-    }
-    /*
-     * Write a \0 at the end of the file to make sure that the last
-     * fseek filled with nulls.
-     */
-    (void) fputc('\0', outfile);
-
-    (void) fclose(outfile);
-    table_p->ta_free(buckets);
-
-    return TABLE_ERROR_NONE;
-}
-
-/******************************** table order ********************************/
-
-/*
- * table_entry_t *table_order
- *
- * DESCRIPTION:
- *
- * Order a table by building an array of table entry pointers and then
- * sorting this array using the qsort function.  To retrieve the
- * sorted entries, you can then use the table_entry routine to access
- * each entry in order.
- *
- * NOTE: This routine is now thread safe in that two table_order calls
- * can now happen at the same time, even on the same table.
- *
- * RETURNS:
- *
- * An allocated list of entry pointers which must be freed later.
- * Returns null on error.
- *
- * ARGUMENTS:
- *
- * table_p - Pointer to the table that we are ordering.
- *
- * compare - Comparison function defined by the user.  Its definition
- * is at the top of the table.h file.  If this is NULL then it will
- * order the table my memcmp-ing the keys.
- *
- * num_entries_p - Pointer to an integer which, if not NULL, will
- * contain the number of entries in the returned entry pointer array.
- *
- * error_p - Pointer to an integer which, if not NULL, will contain a
- * table error code.
- */
-table_entry_t **table_order(table_t * table_p, table_compare_t compare,
-                            int *num_entries_p, int *error_p)
-{
-    table_entry_t *entry_p, **entries, **entries_p;
-    table_linear_t linear;
-    compare_t comp_func;
-    int error;
-
-    if (table_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ARG_NULL;
-        return NULL;
-    }
-    if (table_p->ta_magic != TABLE_MAGIC) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_PNT;
-        return NULL;
-    }
-
-    /* there must be at least 1 element in the table for this to work */
-    if (table_p->ta_entry_n == 0) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_EMPTY;
-        return NULL;
-    }
-
-    entries = (table_entry_t **) table_p->ta_malloc(table_p->ta_entry_n *
-                                        sizeof(table_entry_t *));
-    if (entries == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_ALLOC;
-        return NULL;
-    }
-
-    /* get a pointer to all entries */
-    entry_p = first_entry(table_p, &linear);
-    if (entry_p == NULL) {
-        if (error_p != NULL)
-            *error_p = TABLE_ERROR_NOT_FOUND;
-        return NULL;
-    }
-
-    /* add all of the entries to the array */
-    for (entries_p = entries;
-         entry_p != NULL;
-         entry_p = next_entry(table_p, &linear, &error))
-        *entries_p++ = entry_p;
-    if (error != TABLE_ERROR_NOT_FOUND) {
-        if (error_p != NULL)
-            *error_p = error;
-        return NULL;
-    }
-
-    if (compare == NULL) {
-        /* this is regardless of the alignment */
-        comp_func = local_compare;
-    }
-    else if (table_p->ta_data_align == 0)
-        comp_func = external_compare;
-    else
-        comp_func = external_compare_align;
-    /* now qsort the entire entries array from first to last element */
-    split(entries, entries + table_p->ta_entry_n - 1, comp_func, compare,
-          table_p);
-
-    if (num_entries_p != NULL)
-        *num_entries_p = table_p->ta_entry_n;
-    if (error_p != NULL)
-        *error_p = TABLE_ERROR_NONE;
-    return entries;
-}
-
-/*
- * int table_entry
- *
- * DESCRIPTION:
- *
- * Get information about an element.  The element is one from the
- * array returned by the table_order function.  If any of the key/data
- * pointers are NULL then they are ignored.
- *
- * RETURNS:
- *
- * Success - TABLE_ERROR_NONE
- *
- * Failure - Table error code.
- *
- * ARGUMENTS:
- *
- * table_p - Table structure pointer from which we are getting the
- * element.
- *
- * entry_p - Pointer to a table entry from the array returned by the
- * table_order function.
- *
- * key_buf_p - Pointer which, if not NULL, will be set to the address
- * of the storage of this entry that is allocated in the table.  If an
- * (int) is stored as this entry (for example) then key_buf_p should
- * be (int **) i.e. the address of a (int *).
- *
- * key_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the key that is stored in the table.
- *
- * data_buf_p - Pointer which, if not NULL, will be set to the address
- * of the data storage of this entry that is allocated in the table.
- * If a (long) is stored as this entry data (for example) then
- * data_buf_p should be (long **) i.e. the address of a (long *).
- *
- * data_size_p - Pointer to an integer which, if not NULL, will be set
- * to the size of the data that is stored in the table.
- */
-int table_entry_info(table_t * table_p, table_entry_t * entry_p,
-                void **key_buf_p, int *key_size_p,
-                void **data_buf_p, int *data_size_p)
-{
-    if (table_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (table_p->ta_magic != TABLE_MAGIC)
-        return TABLE_ERROR_PNT;
-    if (entry_p == NULL)
-        return TABLE_ERROR_ARG_NULL;
-    if (key_buf_p != NULL)
-        *key_buf_p = ENTRY_KEY_BUF(entry_p);
-    if (key_size_p != NULL)
-        *key_size_p = entry_p->te_key_size;
-    if (data_buf_p != NULL) {
-        if (entry_p->te_data_size == 0)
-            *data_buf_p = NULL;
-        else {
-            if (table_p->ta_data_align == 0)
-                *data_buf_p = ENTRY_DATA_BUF(table_p, entry_p);
-            else
-                *data_buf_p = entry_data_buf(table_p, entry_p);
-        }
-    }
-    if (data_size_p != NULL)
-        *data_size_p = entry_p->te_data_size;
-    return TABLE_ERROR_NONE;
-}
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_util_table.h b/usr.sbin/httpd/src/modules/ssl/ssl_util_table.h
deleted file mode 100644
index 1cccf5b8681..00000000000
--- a/usr.sbin/httpd/src/modules/ssl/ssl_util_table.h
+++ /dev/null
@@ -1,189 +0,0 @@
-/*                      _             _
-**  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
-** | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL
-** | | | | | | (_) | (_| |   \__ \__ \ |  www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_|  ftp.modssl.org
-**                      |_____|
-**  ssl_util_table.h
-**  High Performance Hash Table Header
-*/
-
-/* ====================================================================
- * Copyright (c) 1999-2003 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following
- *    disclaimer in the documentation and/or other materials
- *    provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- *    nor may "mod_ssl" appear in their names without prior
- *    written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by
- *     Ralf S. Engelschall  for use in the
- *     mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/*
- * Generic hash table defines
- * Table 4.1.0 July-28-1998
- *
- * This library is a generic open hash table with buckets and
- * linked lists.  It is pretty high performance.  Each element
- * has a key and a data.  The user indexes on the key to find the
- * data.
- *
- * Copyright 1998 by Gray Watson 
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose and without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies,
- * and that the name of Gray Watson not be used in advertising or
- * publicity pertaining to distribution of the document or software
- * without specific, written prior permission.
- *
- * Gray Watson makes no representations about the suitability of the
- * software described herein for any purpose.  It is provided "as is"
- * without express or implied warranty.
- */
-
-#ifndef SSL_UTIL_TABLE_H
-#define SSL_UTIL_TABLE_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-/*
- * To build a "key" in any of the below routines, pass in a pointer to
- * the key and its size [i.e. sizeof(int), etc].  With any of the
- * "key" or "data" arguments, if their size is < 0, it will do an
- * internal strlen of the item and add 1 for the \0.
- *
- * If you are using firstkey() and nextkey() functions, be careful if,
- * after starting your firstkey loop, you use delete or insert, it
- * will not crash but may produce interesting results.  If you are
- * deleting from firstkey to NULL it will work fine.
- */
-
-/* return types for table functions */
-#define TABLE_ERROR_NONE    1   /* no error from function */
-#define TABLE_ERROR_PNT     2   /* bad table pointer */
-#define TABLE_ERROR_ARG_NULL    3   /* buffer args were null */
-#define TABLE_ERROR_SIZE    4   /* size of data was bad */
-#define TABLE_ERROR_OVERWRITE   5   /* key exists and we cant overwrite */
-#define TABLE_ERROR_NOT_FOUND   6   /* key does not exist */
-#define TABLE_ERROR_ALLOC   7   /* memory allocation error */
-#define TABLE_ERROR_LINEAR  8   /* no linear access started */
-#define TABLE_ERROR_OPEN    9   /* could not open file */
-#define TABLE_ERROR_SEEK    10  /* could not seek to pos in file */
-#define TABLE_ERROR_READ    11  /* could not read from file */
-#define TABLE_ERROR_WRITE   12  /* could not write to file */
-#define TABLE_ERROR_EMPTY   13  /* table is empty */
-#define TABLE_ERROR_NOT_EMPTY   14  /* table contains data */
-#define TABLE_ERROR_ALIGNMENT   15  /* invalid alignment value */
-
-/*
- * Table flags set with table_attr.
- */
-
-/*
- * Automatically adjust the number of table buckets on the fly.
- * Whenever the number of entries gets above some threshold, the
- * number of buckets is realloced to a new size and each entry is
- * re-hashed.  Although this may take some time when it re-hashes, the
- * table will perform better over time.
- */
-#define TABLE_FLAG_AUTO_ADJUST  (1<<0)
-
-/*
- * If the above auto-adjust flag is set, also adjust the number of
- * table buckets down as we delete entries.
- */
-#define TABLE_FLAG_ADJUST_DOWN  (1<<1)
-
-/* structure to walk through the fields in a linear order */
-typedef struct {
-  unsigned int  tl_magic;   /* magic structure to ensure correct init */
-  unsigned int  tl_bucket_c;    /* where in the table buck array we are */
-  unsigned int  tl_entry_c; /* in the bucket, which entry we are on */
-} table_linear_t;
-
-typedef int (*table_compare_t)(const void *key1, const int key1_size,
-                   const void *data1, const int data1_size,
-                   const void *key2, const int key2_size,
-                   const void *data2, const int data2_size);
-
-#ifndef TABLE_PRIVATE
-typedef void    table_t;
-typedef void    table_entry_t;
-#endif
-
-/*
- * Prototypes
- */
-extern table_t        *table_alloc(const unsigned int bucket_n, int *error_p, void *(*malloc_f)(size_t size), void *(*calloc_f)(size_t number, size_t size), void *(*realloc_f)(void *ptr, size_t size), void (*free_f)(void *ptr));
-extern int             table_attr(table_t *table_p, const int attr);
-extern int             table_set_data_alignment(table_t *table_p, const int alignment);
-extern int             table_clear(table_t *table_p);
-extern int             table_free(table_t *table_p);
-extern int             table_insert_kd(table_t *table_p, const void *key_buf, const int key_size, const void *data_buf, const int data_size, void **key_buf_p, void **data_buf_p, const char overwrite_b);
-extern int             table_insert(table_t *table_p, const void *key_buf, const int key_size, const void *data_buf, const int data_size, void **data_buf_p, const char overwrite_b);
-extern int             table_retrieve(table_t *table_p, const void *key_buf, const int key_size, void **data_buf_p, int *data_size_p);
-extern int             table_delete(table_t *table_p, const void *key_buf, const int key_size, void **data_buf_p, int *data_size_p);
-extern int             table_delete_first(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_info(table_t *table_p, int *num_buckets_p, int *num_entries_p);
-extern int             table_adjust(table_t *table_p, const int bucket_n);
-extern const char     *table_strerror(const int error);
-extern int             table_type_size(void);
-extern int             table_first(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_next(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_this(table_t *table_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_first_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_next_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern int             table_this_r(table_t *table_p, table_linear_t *linear_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-extern table_t        *table_read(const char *path, int *error_p, void *(*malloc_f)(size_t size), void *(*calloc_f)(size_t number, size_t size), void *(*realloc_f)(void *ptr, size_t size), void (*free_f)(void *ptr));
-extern int             table_write(const table_t *table_p, const char *path, const int mode);
-extern table_entry_t **table_order(table_t *table_p, table_compare_t compare, int *num_entries_p, int *error_p);
-extern int             table_entry_info(table_t *table_p, table_entry_t *entry_p, void **key_buf_p, int *key_size_p, void **data_buf_p, int *data_size_p);
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* ! SSL_UTIL_TABLE_H */
diff --git a/usr.sbin/httpd/src/modules/standard/.indent.pro b/usr.sbin/httpd/src/modules/standard/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/modules/standard/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/modules/standard/Makefile.tmpl b/usr.sbin/httpd/src/modules/standard/Makefile.tmpl
deleted file mode 100644
index 9cd16354ecd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/Makefile.tmpl
+++ /dev/null
@@ -1,258 +0,0 @@
-# $OpenBSD: Makefile.tmpl,v 1.6 2006/04/04 11:39:28 henning Exp $
-
-#Dependencies
-
-$(OBJS) $(OBJS_PIC): Makefile
-
-# DO NOT REMOVE
-mod_access.o: mod_access.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_request.h
-mod_actions.o: mod_actions.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h
-mod_alias.o: mod_alias.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h
-mod_asis.o: mod_asis.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_log.h \
- $(INCDIR)/util_script.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_request.h
-mod_auth.o: mod_auth.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h
-mod_auth_anon.o: mod_auth_anon.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_request.h
-mod_auth_db.o: mod_auth_db.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h
-mod_auth_dbm.o: mod_auth_dbm.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h
-mod_autoindex.o: mod_autoindex.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/util_script.h
-mod_cern_meta.o: mod_cern_meta.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/util_script.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_request.h
-mod_cgi.o: mod_cgi.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h \
- $(INCDIR)/http_conf_globals.h
-mod_digest.o: mod_digest.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/util_md5.h \
- $(INCDIR)/ap_md5.h
-mod_dir.o: mod_dir.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/util_script.h
-mod_env.o: mod_env.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h
-mod_expires.o: mod_expires.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h
-mod_headers.o: mod_headers.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h
-mod_imap.o: mod_imap.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_main.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h
-mod_include.o: mod_include.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_protocol.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/util_script.h
-mod_info.o: mod_info.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_main.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/util_script.h $(INCDIR)/http_conf_globals.h
-mod_log_agent.o: mod_log_agent.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/fdcache.h
-mod_log_config.o: mod_log_config.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/fdcache.h
-mod_log_referer.o: mod_log_referer.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/fdcache.h
-mod_mime.o: mod_mime.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h
-mod_mime_magic.o: mod_mime_magic.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/http_protocol.h
-mod_negotiation.o: mod_negotiation.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_request.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_log.h $(INCDIR)/util_script.h
-mod_rewrite.o: mod_rewrite.c mod_rewrite.h $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_request.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h \
- $(INCDIR)/http_vhost.h $(INCDIR)/fdcache.h
-mod_setenvif.o: mod_setenvif.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_log.h
-mod_so.o: mod_so.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h
-mod_speling.o: mod_speling.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_core.h \
- $(INCDIR)/http_config.h $(INCDIR)/http_log.h
-mod_status.o: mod_status.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h $(INCDIR)/http_protocol.h \
- $(INCDIR)/http_conf_globals.h $(INCDIR)/http_main.h \
- $(INCDIR)/util_script.h $(INCDIR)/scoreboard.h \
- $(INCDIR)/http_log.h
-mod_unique_id.o: mod_unique_id.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_log.h $(INCDIR)/multithread.h
-mod_userdir.o: mod_userdir.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h
-mod_usertrack.o: mod_usertrack.c $(INCDIR)/httpd.h \
- $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h $(INCDIR)/ap.h \
- $(INCDIR)/util_uri.h $(INCDIR)/http_config.h \
- $(INCDIR)/http_core.h
diff --git a/usr.sbin/httpd/src/modules/standard/mod_access.c b/usr.sbin/httpd/src/modules/standard/mod_access.c
deleted file mode 100644
index c1f33c48e18..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_access.c
+++ /dev/null
@@ -1,595 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Security options etc.
- * 
- * Module derived from code originally written by Rob McCool
- * 
- */
-
-#include "httpd.h"
-#include "http_core.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_request.h"
-
-enum allowdeny_type {
-    T_ENV,
-    T_ALL,
-    T_IP,
-    T_HOST,
-    T_FAIL,
-    T_IP6,
-};
-
-typedef struct {
-    int limited;
-    union {
-	char *from;
-	struct {
-	    struct in_addr net;
-	    struct in_addr mask;
-	} ip;
-	struct {
-	    struct in6_addr net6;
-	    struct in6_addr mask6;
-	} ip6;
-    } x;
-    enum allowdeny_type type;
-} allowdeny;
-
-/* things in the 'order' array */
-#define DENY_THEN_ALLOW 0
-#define ALLOW_THEN_DENY 1
-#define MUTUAL_FAILURE 2
-
-typedef struct {
-    int order[METHODS];
-    array_header *allows;
-    array_header *denys;
-} access_dir_conf;
-
-module MODULE_VAR_EXPORT access_module;
-
-static void *create_access_dir_config(pool *p, char *dummy)
-{
-    access_dir_conf *conf =
-    (access_dir_conf *) ap_pcalloc(p, sizeof(access_dir_conf));
-    int i;
-
-    for (i = 0; i < METHODS; ++i)
-	conf->order[i] = DENY_THEN_ALLOW;
-    conf->allows = ap_make_array(p, 1, sizeof(allowdeny));
-    conf->denys = ap_make_array(p, 1, sizeof(allowdeny));
-
-    return (void *) conf;
-}
-
-static const char *order(cmd_parms *cmd, void *dv, char *arg)
-{
-    access_dir_conf *d = (access_dir_conf *) dv;
-    int i, o;
-
-    if (!strcasecmp(arg, "allow,deny"))
-	o = ALLOW_THEN_DENY;
-    else if (!strcasecmp(arg, "deny,allow"))
-	o = DENY_THEN_ALLOW;
-    else if (!strcasecmp(arg, "mutual-failure"))
-	o = MUTUAL_FAILURE;
-    else
-	return "unknown order";
-
-    for (i = 0; i < METHODS; ++i)
-	if (cmd->limited & (1 << i))
-	    d->order[i] = o;
-
-    return NULL;
-}
-
-static int is_ip(const char *host)
-{
-    while ((*host == '.') || ap_isdigit(*host))
-	host++;
-    return (*host == '\0');
-}
-
-static const char *allow_cmd(cmd_parms *cmd, void *dv, char *from, char *where)
-{
-    access_dir_conf *d = (access_dir_conf *) dv;
-    allowdeny *a;
-    char *s;
-
-    if (strcasecmp(from, "from"))
-	return "allow and deny must be followed by 'from'";
-
-    a = (allowdeny *) ap_push_array(cmd->info ? d->allows : d->denys);
-    a->x.from = where;
-    a->limited = cmd->limited;
-
-    if (!strncasecmp(where, "env=", 4)) {
-	a->type = T_ENV;
-	a->x.from += 4;
-
-    }
-    else if (!strcasecmp(where, "all")) {
-	a->type = T_ALL;
-
-    }
-    else if ((s = strchr(where, '/'))) {
-	struct addrinfo hints, *resnet, *resmask;
-	struct sockaddr_storage net, mask;
-	int error;
-	char *p;
-	int justdigits;
-
-	a->type = T_FAIL;	/*just in case*/
-	/* trample on where, we won't be using it any more */
-	*s++ = '\0';
-
-	justdigits = 0;
-	for (p = s; *p; p++) {
-	    if (!isdigit(*p))
-		break;
-	}
-	if (!*p)
-	    justdigits++;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;	/*dummy*/
-#ifdef AI_NUMERICHOST
-	hints.ai_flags = AI_NUMERICHOST;	/*don't resolve*/
-#endif
-	resnet = NULL;
-	error = getaddrinfo(where, NULL, &hints, &resnet);
-	if (error || !resnet) {
-	    if (resnet)
-		freeaddrinfo(resnet);
-	    a->type = T_FAIL;
-	    return "syntax error in network portion of network/netmask";
-	}
-	if (resnet->ai_next) {
-	    freeaddrinfo(resnet);
-	    a->type = T_FAIL;
-	    return "network/netmask resolved to multiple addresses";
-	}
-	memcpy(&net, resnet->ai_addr, resnet->ai_addrlen);
-	freeaddrinfo(resnet);
-
-	switch (net.ss_family) {
-	case AF_INET:
-	    a->type = T_IP;
-	    a->x.ip.net.s_addr = ((struct sockaddr_in *)&net)->sin_addr.s_addr;
-	    break;
-	case AF_INET6:
-	    a->type = T_IP6;
-	    memcpy(&a->x.ip6.net6, &((struct sockaddr_in6 *)&net)->sin6_addr,
-		sizeof(a->x.ip6.net6));
-	    break;
-	default:
-	    a->type = T_FAIL;
-	    return "unknown address family for network";
-	}
-
-	if (!justdigits) {
-	    memset(&hints, 0, sizeof(hints));
-	    hints.ai_family = PF_UNSPEC;
-	    hints.ai_socktype = SOCK_STREAM;	/*dummy*/ 
-#ifdef AI_NUMERICHOST
-	    hints.ai_flags = AI_NUMERICHOST;	/*don't resolve*/
-#endif
-	    resmask = NULL;
-	    error = getaddrinfo(s, NULL, &hints, &resmask);
-	    if (error || !resmask) {
-		if (resmask)
-		    freeaddrinfo(resmask);
-		a->type = T_FAIL;
-		return "syntax error in mask portion of network/netmask";
-	    }
-	    if (resmask->ai_next) {
-		freeaddrinfo(resmask);
-		a->type = T_FAIL;
-		return "network/netmask resolved to multiple addresses";
-	    }
-	    memcpy(&mask, resmask->ai_addr, resmask->ai_addrlen);
-	    freeaddrinfo(resmask);
-
-	    if (net.ss_family != mask.ss_family) {
-		a->type = T_FAIL;
-		return "network/netmask resolved to different address family";
-	    }
-
-	    switch (a->type) {
-	    case T_IP:
-		a->x.ip.mask.s_addr =
-		    ((struct sockaddr_in *)&mask)->sin_addr.s_addr;
-		break;
-	    case T_IP6:
-		memcpy(&a->x.ip6.mask6,
-		    &((struct sockaddr_in6 *)&mask)->sin6_addr,
-		    sizeof(a->x.ip6.mask6));
-		break;
-	    }
-	} else {
-	    int mask;
-	    mask = atoi(s);
-	    switch (a->type) {
-	    case T_IP:
-		if (mask < 0 || 32 < mask) {
-		    a->type = T_FAIL;
-		    return "netmask out of range";
-		}
-		a->x.ip.mask.s_addr = htonl(0xFFFFFFFFUL << (32 - mask));
-		break;
-	    case T_IP6:
-	      {
-		int i;
-		if (mask < 0 || 128 < mask) {
-		    a->type = T_FAIL;
-		    return "netmask out of range";
-		}
-		for (i = 0; i < mask / 8; i++) {
-		    a->x.ip6.mask6.s6_addr[i] = 0xff;
-		}
-		if (mask % 8)
-		    a->x.ip6.mask6.s6_addr[i] = 0xff << (8 - (mask % 8));
-		break;
-	      }
-	    }
-	}
-    }
-    else {
-	struct addrinfo hints, *res;
-	struct sockaddr_storage ss;
-	int error;
-
-	a->type = T_FAIL;	/*just in case*/
-
-	/* First, try using the old apache code to match */
-	/* legacy syntax for ip addrs: a.b.c. ==> a.b.c.0/24 for example */
-	if (ap_isdigit(*where) && is_ip(where)) {
-	    int shift;
-	    char *t;
-	    int octet;
-
-	    a->type = T_IP;
-	    /* parse components */
-	    s = where;
-	    a->x.ip.net.s_addr = 0;
-	    a->x.ip.mask.s_addr = 0;
-	    shift = 24;
-	    while (*s) {
-		t = s;
-		if (!ap_isdigit(*t)) {
-		    a->type = T_FAIL;
-		    return "invalid ip address";
-		}
-		while (ap_isdigit(*t)) {
-		    ++t;
-		}
-		if (*t == '.') {
-		    *t++ = 0;
-		}
-		else if (*t) {
-		    a->type = T_FAIL;
-		    return "invalid ip address";
-		}
-		if (shift < 0) {
-		    return "invalid ip address, only 4 octets allowed";
-		}
-		octet = atoi(s);
-		if (octet < 0 || octet > 255) {
-		    a->type = T_FAIL;
-		    return "each octet must be between 0 and 255 inclusive";
-		}
-		a->x.ip.net.s_addr |= octet << shift;
-		a->x.ip.mask.s_addr |= 0xFFUL << shift;
-		s = t;
-		shift -= 8;
-	    }
-	    a->x.ip.net.s_addr = ntohl(a->x.ip.net.s_addr);
-	    a->x.ip.mask.s_addr = ntohl(a->x.ip.mask.s_addr);
-
-	    return NULL;
-	}
-
-	/* IPv4/v6 numeric address */
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;	/*dummy*/
-#ifdef AI_NUMERICHOST
-	hints.ai_flags = AI_NUMERICHOST;	/*don't resolve*/
-#endif
-	res = NULL;
-	error = getaddrinfo(where, NULL, &hints, &res);
-	if (error || !res) {
-	    if (res)
-		freeaddrinfo(res);
-	    a->type = T_HOST;
-	    return NULL;
-	}
-	if (res->ai_next) {
-	    freeaddrinfo(res);
-	    a->type = T_FAIL;
-	    return "network/netmask resolved to multiple addresses";
-	}
-	memcpy(&ss, res->ai_addr, res->ai_addrlen);
-	freeaddrinfo(res);
-
-	switch (ss.ss_family) {
-	case AF_INET:
-	    a->type = T_IP;
-	    a->x.ip.net.s_addr = ((struct sockaddr_in *)&ss)->sin_addr.s_addr;
-	    memset(&a->x.ip.mask, 0xff, sizeof(a->x.ip.mask));
-	    break;
-	case AF_INET6:
-	    a->type = T_IP6;
-	    memcpy(&a->x.ip6.net6, &((struct sockaddr_in6 *)&ss)->sin6_addr,
-		sizeof(a->x.ip6.net6));
-	    memset(&a->x.ip6.mask6, 0xff, sizeof(a->x.ip6.mask6));
-	    break;
-	default:
-	    a->type = T_FAIL;
-	    return "unknown address family for network";
-	}
-    }
-
-    return NULL;
-}
-
-static char its_an_allow;
-
-static const command_rec access_cmds[] =
-{
-    {"order", order, NULL, OR_LIMIT, TAKE1,
-     "'allow,deny', 'deny,allow', or 'mutual-failure'"},
-    {"allow", allow_cmd, &its_an_allow, OR_LIMIT, ITERATE2,
-     "'from' followed by hostnames or IP-address wildcards"},
-    {"deny", allow_cmd, NULL, OR_LIMIT, ITERATE2,
-     "'from' followed by hostnames or IP-address wildcards"},
-    {NULL}
-};
-
-static int in_domain(const char *domain, const char *what)
-{
-    int dl = strlen(domain);
-    int wl = strlen(what);
-
-    if ((wl - dl) >= 0) {
-	if (strcasecmp(domain, &what[wl - dl]) != 0)
-	    return 0;
-
-	/* Make sure we matched an *entire* subdomain --- if the user
-	 * said 'allow from good.com', we don't want people from nogood.com
-	 * to be able to get in.
-	 */
-
-	if (wl == dl)
-	    return 1;		/* matched whole thing */
-	else
-	    return (domain[0] == '.' || what[wl - dl - 1] == '.');
-    }
-    else
-	return 0;
-}
-
-static int find_allowdeny(request_rec *r, array_header *a, int method)
-{
-    allowdeny *ap = (allowdeny *) a->elts;
-    int mmask = (1 << method);
-    int i;
-    int gothost = 0;
-    const char *remotehost = NULL;
-
-    for (i = 0; i < a->nelts; ++i) {
-	if (!(mmask & ap[i].limited))
-	    continue;
-
-	switch (ap[i].type) {
-	case T_ENV:
-	    if (ap_table_get(r->subprocess_env, ap[i].x.from)) {
-		return 1;
-	    }
-	    break;
-
-	case T_ALL:
-	    return 1;
-
-	case T_IP:
-	    if (ap[i].x.ip.net.s_addr == INADDR_NONE)
-		break;
-	    switch (r->connection->remote_addr.ss_family) {
-	    case AF_INET:
-		if ((((struct sockaddr_in *)&r->connection->remote_addr)->sin_addr.s_addr
-			& ap[i].x.ip.mask.s_addr) == ap[i].x.ip.net.s_addr) {
-		    return 1;
-		}
-		break;
-	    case AF_INET6:
-		if (!IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&r->connection->remote_addr)->sin6_addr))	/*XXX*/
-		    break;
-		if ((*(uint32_t *)&((struct sockaddr_in6 *)&r->connection->remote_addr)->sin6_addr.s6_addr[12]
-			& ap[i].x.ip.mask.s_addr) == ap[i].x.ip.net.s_addr) {
-		    return 1;
-		}
-		break;
-	    }
-	    break;
-
-	case T_IP6:
-	  {
-	    struct in6_addr masked;
-	    int j;
-	    if (IN6_IS_ADDR_UNSPECIFIED(&ap[i].x.ip6.net6))
-		break;
-	    switch (r->connection->remote_addr.ss_family) {
-	    case AF_INET:
-		if (!IN6_IS_ADDR_V4MAPPED(&ap[i].x.ip6.net6))	/*XXX*/
-		    break;
-		memset(&masked, 0, sizeof(masked));
-		masked.s6_addr[10] = masked.s6_addr[11] = 0xff;
-		memcpy(&masked.s6_addr[12],
-		    &((struct sockaddr_in *)&r->connection->remote_addr)->sin_addr.s_addr,
-		    sizeof(in_addr_t));
-		for (j = 0; j < sizeof(struct in6_addr); j++)
-			masked.s6_addr[j] &= ap[i].x.ip6.mask6.s6_addr[j];
-		if (memcmp(&masked, &ap[i].x.ip6.net6, sizeof(masked)) == 0)
-		    return 1;
-		break;
-	    case AF_INET6:
-		memset(&masked, 0, sizeof(masked));
-		memcpy(&masked,
-		    &((struct sockaddr_in6 *)&r->connection->remote_addr)->sin6_addr,
-		    sizeof(masked));
-		for (j = 0; j < sizeof(struct in6_addr); j++)
-		    masked.s6_addr[j] &= ap[i].x.ip6.mask6.s6_addr[j];
-		if (memcmp(&masked, &ap[i].x.ip6.net6, sizeof(masked)) == 0)
-		    return 1;
-		break;
-	    }
-	    break;
-	  }
-
-	case T_HOST:
-	    if (!gothost) {
-		remotehost = ap_get_remote_host(r->connection, r->per_dir_config,
-					    REMOTE_DOUBLE_REV);
-
-		if ((remotehost == NULL) || is_ip(remotehost))
-		    gothost = 1;
-		else
-		    gothost = 2;
-	    }
-
-	    if ((gothost == 2) && in_domain(ap[i].x.from, remotehost))
-		return 1;
-	    break;
-
-	case T_FAIL:
-	    /* do nothing? */
-	    break;
-	}
-    }
-
-    return 0;
-}
-
-static int check_dir_access(request_rec *r)
-{
-    int method = r->method_number;
-    access_dir_conf *a =
-    (access_dir_conf *)
-    ap_get_module_config(r->per_dir_config, &access_module);
-    int ret = OK;
-
-    if (a->order[method] == ALLOW_THEN_DENY) {
-	ret = FORBIDDEN;
-	if (find_allowdeny(r, a->allows, method))
-	    ret = OK;
-	if (find_allowdeny(r, a->denys, method))
-	    ret = FORBIDDEN;
-    }
-    else if (a->order[method] == DENY_THEN_ALLOW) {
-	if (find_allowdeny(r, a->denys, method))
-	    ret = FORBIDDEN;
-	if (find_allowdeny(r, a->allows, method))
-	    ret = OK;
-    }
-    else {
-	if (find_allowdeny(r, a->allows, method)
-	    && !find_allowdeny(r, a->denys, method))
-	    ret = OK;
-	else
-	    ret = FORBIDDEN;
-    }
-
-    if (ret == FORBIDDEN
-	&& (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		  "client denied by server configuration: %s",
-		  r->filename);
-    }
-
-    return ret;
-}
-
-
-
-module MODULE_VAR_EXPORT access_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_access_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    access_cmds,
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    check_dir_access,		/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_actions.c b/usr.sbin/httpd/src/modules/standard/mod_actions.c
deleted file mode 100644
index 45fbd3faa14..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_actions.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_actions.c: executes scripts based on MIME type or HTTP method
- *
- * by Alexei Kosut; based on mod_cgi.c, mod_mime.c and mod_includes.c,
- * adapted by rst from original NCSA code by Rob McCool
- *
- * Usage instructions:
- *
- * Action mime/type /cgi-bin/script
- * 
- * will activate /cgi-bin/script when a file of content type mime/type is 
- * requested. It sends the URL and file path of the requested document using 
- * the standard CGI PATH_INFO and PATH_TRANSLATED environment variables.
- *
- * Script PUT /cgi-bin/script
- *
- * will activate /cgi-bin/script when a request is received with the
- * HTTP method "PUT".  The available method names are defined in httpd.h.
- * If the method is GET, the script will only be activated if the requested
- * URI includes query information (stuff after a ?-mark).
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "util_script.h"
-
-typedef struct {
-    char *method;
-    char *script;
-} xmethod_t;
-
-/*
- * HTTP methods are case-sensitive, so we can't use a table structure to
- * track extension method mappings -- table keys are case-INsensitive.
- */
-typedef struct {
-    table *action_types;       /* Added with Action... */
-    char *scripted[METHODS];   /* Added with Script... */
-    array_header *xmethods;    /* Added with Script -- extension methods */
-} action_dir_config;
-
-module action_module;
-
-static void *create_action_dir_config(pool *p, char *dummy)
-{
-    action_dir_config *new =
-	(action_dir_config *) ap_palloc(p, sizeof(action_dir_config));
-
-    new->action_types = ap_make_table(p, 4);
-    memset(new->scripted, 0, sizeof(new->scripted));
-    new->xmethods = ap_make_array(p, 4, sizeof(xmethod_t));
-    return new;
-}
-
-static void *merge_action_dir_configs(pool *p, void *basev, void *addv)
-{
-    action_dir_config *base = (action_dir_config *) basev;
-    action_dir_config *add = (action_dir_config *) addv;
-    action_dir_config *new = (action_dir_config *) ap_palloc(p,
-                                  sizeof(action_dir_config));
-    int i;
-
-    new->action_types = ap_overlay_tables(p, add->action_types,
-				       base->action_types);
-
-    for (i = 0; i < METHODS; ++i) {
-        new->scripted[i] = add->scripted[i] ? add->scripted[i]
-                                            : base->scripted[i];
-    }
-    new->xmethods = ap_append_arrays(p, add->xmethods, base->xmethods);
-    return new;
-}
-
-static const char *add_action(cmd_parms *cmd, action_dir_config *m, char *type,
-			      char *script)
-{
-    ap_table_setn(m->action_types, type, script);
-    return NULL;
-}
-
-static const char *set_script(cmd_parms *cmd, action_dir_config *m,
-                              char *method, char *script)
-{
-    int methnum;
-
-    methnum = ap_method_number_of(method);
-    if (methnum == M_TRACE) {
-	return "TRACE not allowed for Script";
-    }
-    else if (methnum != M_INVALID) {
-        m->scripted[methnum] = script;
-    }
-    else {
-	/*
-	 * We used to return "Unknown method type for Script"
-	 * but now we actually handle unknown methods.
-	 */
-	xmethod_t *xm;
-	xmethod_t *list;
-	int i;
-
-	/*
-	 * Scan through the list; if the method already has a script
-	 * defined, overwrite it.  Otherwise, add it.
-	 */
-	list = (xmethod_t *) m->xmethods->elts;
-	for (i = 0; i < m->xmethods->nelts; ++i) {
-	    xm = &list[i];
-	    if (strcmp(method, xm->method) == 0) {
-		xm->script = script;
-		break;
-	    }
-	}
-	if (i <= m->xmethods->nelts) {
-	    xm = ap_push_array(m->xmethods);
-	    xm->method = method;
-	    xm->script = script;
-	}
-    }
-    return NULL;
-}
-
-static const command_rec action_cmds[] =
-{
-    {"Action", add_action, NULL, OR_FILEINFO, TAKE2,
-     "a media type followed by a script name"},
-    {"Script", set_script, NULL, ACCESS_CONF | RSRC_CONF, TAKE2,
-     "a method followed by a script name"},
-    {NULL}
-};
-
-static int action_handler(request_rec *r)
-{
-    action_dir_config *conf = (action_dir_config *)
-        ap_get_module_config(r->per_dir_config, &action_module);
-    const char *t, *action = r->handler ? r->handler : 
-	ap_field_noparam(r->pool, r->content_type);
-    const char *script;
-    int i;
-
-    /* Set allowed stuff */
-    for (i = 0; i < METHODS; ++i) {
-	if (conf->scripted[i]) {
-	    r->allowed |= (1 << i);
-	}
-    }
-
-    /* First, check for the method-handling scripts */
-    if (r->method_number == M_GET) {
-        if (r->args) {
-            script = conf->scripted[M_GET];
-	}
-        else {
-            script = NULL;
-	}
-    }
-    else {
-	if (r->method_number != M_INVALID) {
-	    script = conf->scripted[r->method_number];
-	}
-	else {
-	    int j;
-	    xmethod_t *xm;
-	    xmethod_t *list;
-
-	    script = NULL;
-	    list = (xmethod_t *) conf->xmethods->elts;
-	    for (j = 0; j < conf->xmethods->nelts; ++j) {
-		xm = &list[j];
-		if (strcmp(r->method, xm->method) == 0) {
-		    script = xm->script;
-		    break;
-		}
-	    }
-	}
-    }
-
-    /* Check for looping, which can happen if the CGI script isn't */
-    if (script && r->prev && r->prev->prev) {
-	return DECLINED;
-    }
-
-    /* Second, check for actions (which override the method scripts) */
-    if ((t = ap_table_get(conf->action_types,
-			  action ? action : ap_default_type(r)))) {
-	script = t;
-    }
-
-    if (script == NULL) {
-	return DECLINED;
-    }
-
-    ap_internal_redirect_handler(ap_pstrcat(r->pool, script,
-					    ap_escape_uri(r->pool,
-							  r->uri),
-					    r->args ? "?" : NULL,
-					    r->args, NULL), r);
-    return OK;
-}
-
-static const handler_rec action_handlers[] =
-{
-    {"*/*", action_handler},
-    {NULL}
-};
-
-module action_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_action_dir_config,	/* dir config creater */
-    merge_action_dir_configs,	/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    action_cmds,		/* command table */
-    action_handlers,		/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_alias.c b/usr.sbin/httpd/src/modules/standard/mod_alias.c
deleted file mode 100644
index 4f43d56a224..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_alias.c
+++ /dev/null
@@ -1,451 +0,0 @@
-/*	$OpenBSD: mod_alias.c,v 1.12 2004/12/02 19:42:47 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_alias.c: Stuff for dealing with directory aliases
- * 
- * Original by Rob McCool, rewritten in succession by David Robinson
- * and rst.
- * 
- */
-
-#include "httpd.h"
-#include "http_core.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-
-typedef struct {
-    char *real;
-    char *fake;
-    char *handler;
-    regex_t *regexp;
-    int redir_status;		/* 301, 302, 303, 410, etc */
-} alias_entry;
-
-typedef struct {
-    array_header *aliases;
-    array_header *redirects;
-} alias_server_conf;
-
-typedef struct {
-    array_header *redirects;
-} alias_dir_conf;
-
-module MODULE_VAR_EXPORT alias_module;
-
-static void *create_alias_config(pool *p, server_rec *s)
-{
-    alias_server_conf *a =
-    (alias_server_conf *) ap_pcalloc(p, sizeof(alias_server_conf));
-
-    a->aliases = ap_make_array(p, 20, sizeof(alias_entry));
-    a->redirects = ap_make_array(p, 20, sizeof(alias_entry));
-    return a;
-}
-
-static void *create_alias_dir_config(pool *p, char *d)
-{
-    alias_dir_conf *a =
-    (alias_dir_conf *) ap_pcalloc(p, sizeof(alias_dir_conf));
-    a->redirects = ap_make_array(p, 2, sizeof(alias_entry));
-    return a;
-}
-
-static void *merge_alias_config(pool *p, void *basev, void *overridesv)
-{
-    alias_server_conf *a =
-    (alias_server_conf *) ap_pcalloc(p, sizeof(alias_server_conf));
-    alias_server_conf *base = (alias_server_conf *) basev, *overrides = (alias_server_conf *) overridesv;
-
-    a->aliases = ap_append_arrays(p, overrides->aliases, base->aliases);
-    a->redirects = ap_append_arrays(p, overrides->redirects, base->redirects);
-    return a;
-}
-
-static void *merge_alias_dir_config(pool *p, void *basev, void *overridesv)
-{
-    alias_dir_conf *a =
-    (alias_dir_conf *) ap_pcalloc(p, sizeof(alias_dir_conf));
-    alias_dir_conf *base = (alias_dir_conf *) basev, *overrides = (alias_dir_conf *) overridesv;
-    a->redirects = ap_append_arrays(p, overrides->redirects, base->redirects);
-    return a;
-}
-
-static const char *add_alias_internal(cmd_parms *cmd, void *dummy, char *f, char *r,
-				      int use_regex)
-{
-    server_rec *s = cmd->server;
-    alias_server_conf *conf =
-    (alias_server_conf *) ap_get_module_config(s->module_config, &alias_module);
-    alias_entry *new = ap_push_array(conf->aliases);
-
-    /* XX r can NOT be relative to DocumentRoot here... compat bug. */
-
-    ap_server_strip_chroot(r, 1);
-
-    if (use_regex) {
-	new->regexp = ap_pregcomp(cmd->pool, f, REG_EXTENDED);
-	if (new->regexp == NULL)
-	    return "Regular expression could not be compiled.";
-        new->real = r;
-    }
-    else
-        new->real = ap_os_canonical_filename(cmd->pool, r);
-    new->fake = f;
-    new->handler = cmd->info;
-
-    return NULL;
-}
-
-static const char *add_alias(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    return add_alias_internal(cmd, dummy, f, r, 0);
-}
-
-static const char *add_alias_regex(cmd_parms *cmd, void *dummy, char *f, char *r)
-{
-    return add_alias_internal(cmd, dummy, f, r, 1);
-}
-
-static const char *add_redirect_internal(cmd_parms *cmd, alias_dir_conf * dirconf,
-					 char *arg1, char *arg2, char *arg3,
-					 int use_regex)
-{
-    alias_entry *new;
-    server_rec *s = cmd->server;
-    alias_server_conf *serverconf =
-    (alias_server_conf *) ap_get_module_config(s->module_config, &alias_module);
-    int status = (int) (long) cmd->info;
-    regex_t *r = NULL;
-    char *f = arg2;
-    char *url = arg3;
-
-    if (!strcasecmp(arg1, "gone"))
-	status = HTTP_GONE;
-    else if (!strcasecmp(arg1, "permanent"))
-	status = HTTP_MOVED_PERMANENTLY;
-    else if (!strcasecmp(arg1, "temp"))
-	status = HTTP_MOVED_TEMPORARILY;
-    else if (!strcasecmp(arg1, "seeother"))
-	status = HTTP_SEE_OTHER;
-    else if (ap_isdigit(*arg1))
-	status = atoi(arg1);
-    else {
-	f = arg1;
-	url = arg2;
-    }
-
-    if (use_regex) {
-	r = ap_pregcomp(cmd->pool, f, REG_EXTENDED);
-	if (r == NULL)
-	    return "Regular expression could not be compiled.";
-    }
-
-    if (ap_is_HTTP_REDIRECT(status)) {
-	if (!url)
-	    return "URL to redirect to is missing";
-	if (!use_regex && !ap_is_url(url))
-	    return "Redirect to non-URL";
-    }
-    else {
-	if (url)
-	    return "Redirect URL not valid for this status";
-    }
-
-    if (cmd->path)
-	new = ap_push_array(dirconf->redirects);
-    else
-	new = ap_push_array(serverconf->redirects);
-
-    new->fake = f;
-    new->real = url;
-    new->regexp = r;
-    new->redir_status = status;
-    return NULL;
-}
-
-static const char *add_redirect(cmd_parms *cmd, alias_dir_conf * dirconf, char *arg1,
-				char *arg2, char *arg3)
-{
-    return add_redirect_internal(cmd, dirconf, arg1, arg2, arg3, 0);
-}
-
-static const char *add_redirect_regex(cmd_parms *cmd, alias_dir_conf * dirconf,
-				      char *arg1, char *arg2, char *arg3)
-{
-    return add_redirect_internal(cmd, dirconf, arg1, arg2, arg3, 1);
-}
-
-static const command_rec alias_cmds[] =
-{
-    {"Alias", add_alias, NULL, RSRC_CONF, TAKE2,
-     "a fakename and a realname"},
-    {"ScriptAlias", add_alias, "cgi-script", RSRC_CONF, TAKE2,
-     "a fakename and a realname"},
-    {"Redirect", add_redirect, (void *) HTTP_MOVED_TEMPORARILY,
-     OR_FILEINFO, TAKE23,
-     "an optional status, then document to be redirected and destination URL"},
-    {"AliasMatch", add_alias_regex, NULL, RSRC_CONF, TAKE2,
-     "a regular expression and a filename"},
-    {"ScriptAliasMatch", add_alias_regex, "cgi-script", RSRC_CONF, TAKE2,
-     "a regular expression and a filename"},
-    {"RedirectMatch", add_redirect_regex, (void *) HTTP_MOVED_TEMPORARILY,
-     OR_FILEINFO, TAKE23,
-     "an optional status, then a regular expression and destination URL"},
-    {"RedirectTemp", add_redirect, (void *) HTTP_MOVED_TEMPORARILY,
-     OR_FILEINFO, TAKE2,
-     "a document to be redirected, then the destination URL"},
-    {"RedirectPermanent", add_redirect, (void *) HTTP_MOVED_PERMANENTLY,
-     OR_FILEINFO, TAKE2,
-     "a document to be redirected, then the destination URL"},
-    {NULL}
-};
-
-static int alias_matches(const char *uri, const char *alias_fakename)
-{
-    const char *end_fakename = alias_fakename + strlen(alias_fakename);
-    const char *aliasp = alias_fakename, *urip = uri;
-
-    while (aliasp < end_fakename) {
-	if (*aliasp == '/') {
-	    /* any number of '/' in the alias matches any number in
-	     * the supplied URI, but there must be at least one...
-	     */
-	    if (*urip != '/')
-		return 0;
-
-	    while (*aliasp == '/')
-		++aliasp;
-	    while (*urip == '/')
-		++urip;
-	}
-	else {
-	    /* Other characters are compared literally */
-	    if (*urip++ != *aliasp++)
-		return 0;
-	}
-    }
-
-    /* Check last alias path component matched all the way */
-
-    if (aliasp[-1] != '/' && *urip != '\0' && *urip != '/')
-	return 0;
-
-    /* Return number of characters from URI which matched (may be
-     * greater than length of alias, since we may have matched
-     * doubled slashes)
-     */
-
-    return urip - uri;
-}
-
-static char *try_alias_list(request_rec *r, array_header *aliases, int doesc, int *status)
-{
-    alias_entry *entries = (alias_entry *) aliases->elts;
-    regmatch_t regm[AP_MAX_REG_MATCH];
-    char *found = NULL;
-    int i;
-
-    for (i = 0; i < aliases->nelts; ++i) {
-	alias_entry *p = &entries[i];
-	int l;
-
-	if (p->regexp) {
-	    if (!ap_regexec(p->regexp, r->uri, AP_MAX_REG_MATCH, regm, 0)) {
-		if (p->real) {
-		    found = ap_pregsub(r->pool, p->real, r->uri,
-                                       AP_MAX_REG_MATCH, regm);
-		    if (found && doesc) {
-			found = ap_escape_uri(r->pool, found);
-		    }
-		}
-		else {
-		    /* need something non-null */
-		    found = ap_pstrdup(r->pool, "");
-		}
-	    }
-	}
-	else {
-	    l = alias_matches(r->uri, p->fake);
-
-	    if (l > 0) {
-		if (doesc) {
-		    char *escurl;
-		    escurl = ap_os_escape_path(r->pool, r->uri + l, 1);
-
-		    found = ap_pstrcat(r->pool, p->real, escurl, NULL);
-		}
-		else
-		    found = ap_pstrcat(r->pool, p->real, r->uri + l, NULL);
-	    }
-	}
-
-	if (found) {
-	    if (p->handler) {	/* Set handler, and leave a note for mod_cgi */
-		r->handler = p->handler;
-		ap_table_setn(r->notes, "alias-forced-type", r->handler);
-	    }
-
-	    *status = p->redir_status;
-
-	    return found;
-	}
-    }
-
-    return NULL;
-}
-
-static int translate_alias_redir(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    alias_server_conf *serverconf =
-    (alias_server_conf *) ap_get_module_config(sconf, &alias_module);
-    char *ret;
-    int status;
-
-    if (r->uri[0] != '/' && r->uri[0] != '\0')
-	return DECLINED;
-
-    if ((ret = try_alias_list(r, serverconf->redirects, 1, &status)) != NULL) {
-	if (ap_is_HTTP_REDIRECT(status)) {
-	    /* include QUERY_STRING if any */
-	    if (r->args) {
-		ret = ap_pstrcat(r->pool, ret, "?", r->args, NULL);
-	    }
-	    ap_table_setn(r->headers_out, "Location", ret);
-	}
-	return status;
-    }
-
-    if ((ret = try_alias_list(r, serverconf->aliases, 0, &status)) != NULL) {
-	r->filename = ret;
-	return OK;
-    }
-
-    return DECLINED;
-}
-
-static int fixup_redir(request_rec *r)
-{
-    void *dconf = r->per_dir_config;
-    alias_dir_conf *dirconf =
-    (alias_dir_conf *) ap_get_module_config(dconf, &alias_module);
-    char *ret;
-    int status;
-
-    /* It may have changed since last time, so try again */
-
-    if ((ret = try_alias_list(r, dirconf->redirects, 1, &status)) != NULL) {
-        if (ap_is_HTTP_REDIRECT(status)) {
-            if (ret[0] == '/') {
-                char *orig_target = ret;
-
-                ret = ap_construct_url(r->pool, ret, r);
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                              "incomplete redirection target of '%s' for "
-                              "URI '%s' modified to '%s'",
-                              orig_target, r->uri, ret);
-            }
-            if (!ap_is_url(ret)) {
-                status = HTTP_INTERNAL_SERVER_ERROR;
-                ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-                              "cannot redirect '%s' to '%s'; "
-                              "target is not a valid absoluteURI or abs_path",
-                              r->uri, ret);
-            }
-            else {
-                /* append requested query only, if the config didn't
-                 * supply its own.
-                 */
-                if (r->args && !strchr(ret, '?')) {
-                    ret = ap_pstrcat(r->pool, ret, "?", r->args, NULL);
-                }
-                ap_table_setn(r->headers_out, "Location", ret);
-            }
-        }
-	return status;
-    }
-
-    return DECLINED;
-}
-
-module MODULE_VAR_EXPORT alias_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_alias_dir_config,	/* dir config creater */
-    merge_alias_dir_config,	/* dir merger --- default is to override */
-    create_alias_config,	/* server config */
-    merge_alias_config,		/* merge server configs */
-    alias_cmds,			/* command table */
-    NULL,			/* handlers */
-    translate_alias_redir,	/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    fixup_redir,		/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_asis.c b/usr.sbin/httpd/src/modules/standard/mod_asis.c
deleted file mode 100644
index e28cc1440e5..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_asis.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_protocol.h"
-#include "http_log.h"
-#include "util_script.h"
-#include "http_main.h"
-#include "http_request.h"
-
-static int asis_handler(request_rec *r)
-{
-    FILE *f;
-    const char *location;
-
-    r->allowed |= (1 << M_GET);
-    if (r->method_number != M_GET)
-	return DECLINED;
-    if (r->finfo.st_mode == 0) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "File does not exist: %s", r->filename);
-	return NOT_FOUND;
-    }
-
-    f = ap_pfopen(r->pool, r->filename, "r");
-
-    if (f == NULL) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "file permissions deny server access: %s", r->filename);
-	return FORBIDDEN;
-    }
-
-    ap_scan_script_header_err(r, f, NULL);
-    location = ap_table_get(r->headers_out, "Location");
-
-    if (location && location[0] == '/' &&
-	((r->status == HTTP_OK) || ap_is_HTTP_REDIRECT(r->status))) {
-
-	ap_pfclose(r->pool, f);
-
-	/* Internal redirect -- fake-up a pseudo-request */
-	r->status = HTTP_OK;
-
-	/* This redirect needs to be a GET no matter what the original
-	 * method was.
-	 */
-	r->method = ap_pstrdup(r->pool, "GET");
-	r->method_number = M_GET;
-
-	ap_internal_redirect_handler(location, r);
-	return OK;
-    }
-
-    ap_send_http_header(r);
-    if (!r->header_only)
-	ap_send_fd(f, r);
-
-    ap_pfclose(r->pool, f);
-    return OK;
-}
-
-static const handler_rec asis_handlers[] =
-{
-    {ASIS_MAGIC_TYPE, asis_handler},
-    {"send-as-is", asis_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT asis_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    NULL,			/* create per-directory config structure */
-    NULL,			/* merge per-directory config structures */
-    NULL,			/* create per-server config structure */
-    NULL,			/* merge per-server config structures */
-    NULL,			/* command table */
-    asis_handlers,		/* handlers */
-    NULL,			/* translate_handler */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* pre-run fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth.c b/usr.sbin/httpd/src/modules/standard/mod_auth.c
deleted file mode 100644
index 8253a10245b..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth.c
+++ /dev/null
@@ -1,431 +0,0 @@
-/*	$OpenBSD: mod_auth.c,v 1.13 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_auth: authentication
- * 
- * Rob McCool
- * 
- * Adapted to Apache by rst.
- *
- * dirkx - Added Authoritative control to allow passing on to lower
- *         modules if and only if the user-id is not known to this
- *         module. A known user with a faulty or absent password still
- *         causes an AuthRequired. The default is 'Authoritative', i.e.
- *         no control is passed along.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-
-typedef struct auth_config_struct {
-    char *auth_pwfile;
-    char *auth_grpfile;
-    int auth_authoritative;
-} auth_config_rec;
-
-static void *create_auth_dir_config(pool *p, char *d)
-{
-    auth_config_rec *sec =
-    (auth_config_rec *) ap_pcalloc(p, sizeof(auth_config_rec));
-    sec->auth_pwfile = NULL;	/* just to illustrate the default really */
-    sec->auth_grpfile = NULL;	/* unless you have a broken HP cc */
-    sec->auth_authoritative = 1;	/* keep the fortress secure by default */
-    return sec;
-}
-
-static const char *set_auth_slot(cmd_parms *cmd, void *offset, char *f, char *t)
-{
-    if (t && strcmp(t, "standard"))
-	return ap_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
-
-    return ap_set_file_slot(cmd, offset, f);
-}
-
-static const command_rec auth_cmds[] =
-{
-    {"AuthUserFile", set_auth_slot,
-     (void *) XtOffsetOf(auth_config_rec, auth_pwfile), OR_AUTHCFG, TAKE12,
-     "text file containing user IDs and passwords"},
-    {"AuthGroupFile", set_auth_slot,
-     (void *) XtOffsetOf(auth_config_rec, auth_grpfile), OR_AUTHCFG, TAKE12,
-     "text file containing group names and member user IDs"},
-    {"AuthAuthoritative", ap_set_flag_slot,
-     (void *) XtOffsetOf(auth_config_rec, auth_authoritative),
-     OR_AUTHCFG, FLAG,
-     "Set to 'off' to allow access control to be passed along to "
-     "lower modules if the UserID is not known to this module"},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT auth_module;
-
-static char *get_pw(request_rec *r, char *user, char *auth_pwfile)
-{
-    configfile_t *f;
-    char l[MAX_STRING_LEN];
-    const char *rpw, *w;
-
-    ap_server_strip_chroot(auth_pwfile, 1);
-
-    if (!(f = ap_pcfg_openfile(r->pool, auth_pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "Could not open password file: %s", auth_pwfile);
-	return NULL;
-    }
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	rpw = l;
-	w = ap_getword(r->pool, &rpw, ':');
-
-	if (!strcmp(user, w)) {
-	    ap_cfg_closefile(f);
-	    return ap_getword(r->pool, &rpw, ':');
-	}
-    }
-    ap_cfg_closefile(f);
-    return NULL;
-}
-
-static table *groups_for_user(pool *p, char *user, char *grpfile)
-{
-    configfile_t *f;
-    table *grps = ap_make_table(p, 15);
-    pool *sp;
-    char l[MAX_STRING_LEN];
-    const char *group_name, *ll, *w;
-
-    ap_server_strip_chroot(grpfile, 1);
-
-    if (!(f = ap_pcfg_openfile(p, grpfile))) {
-/*add?	aplog_error(APLOG_MARK, APLOG_ERR, NULL,
-		    "Could not open group file: %s", grpfile);*/
-	return NULL;
-    }
-
-    sp = ap_make_sub_pool(p);
-
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	ll = l;
-	ap_clear_pool(sp);
-
-	group_name = ap_getword(sp, &ll, ':');
-
-	while (ll[0]) {
-	    w = ap_getword_conf(sp, &ll);
-	    if (!strcmp(w, user)) {
-		ap_table_setn(grps, ap_pstrdup(p, group_name), "in");
-		break;
-	    }
-	}
-    }
-    ap_cfg_closefile(f);
-    ap_destroy_pool(sp);
-    return grps;
-}
-
-/* These functions return 0 if client is OK, and proper error status
- * if not... either AUTH_REQUIRED, if we made a check, and it failed, or
- * SERVER_ERROR, if things are so totally confused that we couldn't
- * figure out how to tell if the client is authorized or not.
- *
- * If they return DECLINED, and all other modules also decline, that's
- * treated by the server core as a configuration error, logged and
- * reported as such.
- */
-
-/* Determine user ID, and check if it really is that user, for HTTP
- * basic authentication...
- */
-
-static int authenticate_basic_user(request_rec *r)
-{
-    auth_config_rec *sec =
-    (auth_config_rec *) ap_get_module_config(r->per_dir_config, &auth_module);
-    conn_rec *c = r->connection;
-    const char *sent_pw;
-    char *real_pw;
-    char *invalid_pw;
-    int res;
-
-    if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
-	return res;
-
-    if (!sec->auth_pwfile)
-	return DECLINED;
-
-    if (!(real_pw = get_pw(r, c->user, sec->auth_pwfile))) {
-	if (!(sec->auth_authoritative))
-	    return DECLINED;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "user %s not found: %s", c->user, r->uri);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    invalid_pw = ap_validate_password(sent_pw, real_pw);
-    if (invalid_pw != NULL) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "user %s: authentication failure for \"%s\": %s",
-		      c->user, r->uri, invalid_pw);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    return OK;
-}
-
-/* Checking ID */
-
-static int check_user_access(request_rec *r)
-{
-    auth_config_rec *sec =
-    (auth_config_rec *) ap_get_module_config(r->per_dir_config, &auth_module);
-    char *user = r->connection->user;
-    int m = r->method_number;
-    int method_restricted = 0;
-    int x;
-    const char *t, *w;
-    table *grpstatus;
-    const array_header *reqs_arr = ap_requires(r);
-    require_line *reqs;
-
-    /* BUG FIX: tadc, 11-Nov-1995.  If there is no "requires" directive, 
-     * then any user will do.
-     */
-    if (reqs_arr == NULL) {
-	return (OK);
-    }
-    reqs = (require_line *) reqs_arr->elts;
-
-    if (sec->auth_grpfile) {
-	grpstatus = groups_for_user(r->pool, user, sec->auth_grpfile);
-    }
-    else {
-	grpstatus = NULL;
-    }
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-        if (! (reqs[x].method_mask & (1 << m))) {
-            continue;
-        }
-
-	method_restricted = 1;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-	if (strcmp(w, "valid-user") == 0) {
-	    return OK;
-        }
-        /*
-         * If requested, allow access if the user is valid and the
-         * owner of the document.
-         */
-	if (strcmp(w, "file-owner") == 0) {
-            struct passwd *pwent;
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                          "checking for 'owner' access for file '%s'",
-                          r->filename);
-            if (r->finfo.st_ino == 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "no stat info for '%s'", r->filename);
-                continue;
-            }
-            pwent = getpwuid(r->finfo.st_uid);
-            if (pwent == NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "no username for UID %d (owner of '%s')",
-                              r->finfo.st_uid, r->filename);
-            }
-            else {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "checking authenticated user '%s' "
-                              "against owner '%s' of '%s'",
-                              user, pwent->pw_name, r->filename);
-                if (strcmp(user, pwent->pw_name) == 0) {
-                    return OK;
-                }
-                else {
-                    continue;
-                }
-            }
-        }
-	if (strcmp(w, "file-group") == 0) {
-            struct group *grent;
-            if (sec->auth_grpfile == NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-                              "no AuthGroupFile, so 'file-group' "
-                              "requirement cannot succeed for file '%s'",
-                              r->filename);
-                continue;
-            }
-            if (grpstatus == NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r,
-                              "authenticated user '%s' not a member of "
-                              "any groups, so 'file-group' requirement "
-                              "cannot succeed for file '%s'",
-                              user, r->filename);
-                continue;
-            }
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                          "checking for 'group' access for file '%s'",
-                          r->filename);
-            if (r->finfo.st_ino == 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "no stat info for '%s'", r->filename);
-                continue;
-            }
-            grent = getgrgid(r->finfo.st_gid);
-            if (grent == NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "no group name for GID %d (owner of '%s')",
-                              r->finfo.st_gid, r->filename);
-            }
-            else {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, r,
-                              "checking groups of authenticated user '%s' "
-                              "against owner group '%s' of '%s'",
-                              user, grent->gr_name, r->filename);
-                if (ap_table_get(grpstatus, grent->gr_name) != NULL) {
-                    return OK;
-                }
-                else {
-                    continue;
-                }
-            }
-        }
-	if (strcmp(w, "user") == 0) {
-	    while (t[0] != '\0') {
-		w = ap_getword_conf(r->pool, &t);
-		if (strcmp(user, w) == 0) {
-		    return OK;
-                }
-	    }
-	}
-	else if (strcmp(w, "group") == 0) {
-	    if (grpstatus == NULL) {
-		return DECLINED;	/* DBM group?  Something else? */
-            }
-
-	    while (t[0]) {
-		w = ap_getword_conf(r->pool, &t);
-		if (ap_table_get(grpstatus, w)) {
-		    return OK;
-                }
-	    }
-	}
-        else if (sec->auth_authoritative) {
-	    /* if we aren't authoritative, any require directive could be
-	     * valid even if we don't grok it.  However, if we are 
-	     * authoritative, we can warn the user they did something wrong.
-	     * That something could be a missing "AuthAuthoritative off", but
-	     * more likely is a typo in the require directive.
-	     */
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                          "access to %s failed, "
-                          "reason: unknown require directive:"
-                          "\"%s\"", r->uri, reqs[x].requirement);
-	}
-    }
-
-    if (! method_restricted) {
-	return OK;
-    }
-
-    if (! sec->auth_authoritative) {
-	return DECLINED;
-    }
-
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                  "access to %s failed, reason: user %s not allowed access",
-                  r->uri, user);
-	
-    ap_note_basic_auth_failure(r);
-    return AUTH_REQUIRED;
-}
-
-module MODULE_VAR_EXPORT auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_auth_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    auth_cmds,			/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    authenticate_basic_user,	/* check_user_id */
-    check_user_access,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_anon.c b/usr.sbin/httpd/src/modules/standard/mod_auth_anon.c
deleted file mode 100644
index 7548c68557e..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_anon.c
+++ /dev/null
@@ -1,316 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_auth: authentication
- * 
- * Rob McCool & Brian Behlendorf.
- * 
- * Adapted to Apache by rst.
- *
- * Version 0.5 May 1996
- *
- * Modified by Dirk.vanGulik@jrc.it to
- * 
- * Adapted to allow anonymous logins, just like with Anon-FTP, when
- * one gives the magic user name 'anonymous' and ones email address
- * as the password.
- *
- * Just add the following tokes to your  setup:
- * 
- * Anonymous                    magic-user-id [magic-user-id]...
- *
- * Anonymous_MustGiveEmail      [ on | off ] default = on
- * Anonymous_LogEmail           [ on | off ] default = on
- * Anonymous_VerifyEmail        [ on | off ] default = off
- * Anonymous_NoUserId           [ on | off ] default = off
- * Anonymous_Authoritative      [ on | off ] default = off
- *
- * The magic user id is something like 'anonymous', it is NOT case sensitive. 
- * 
- * The MustGiveEmail flag can be used to force users to enter something
- * in the password field (like an email address). Default is on.
- *
- * Furthermore the 'NoUserID' flag can be set to allow completely empty
- * usernames in as well; this can be is convenient as a single return
- * in broken GUIs like W95 is often given by the user. The Default is off.
- *
- * Dirk.vanGulik@jrc.it; http://ewse.ceo.org; http://me-www.jrc.it/~dirkx
- * 
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "http_request.h"
-
-typedef struct auth_anon {
-    char *password;
-    struct auth_anon *next;
-} auth_anon;
-
-typedef struct {
-
-    auth_anon *auth_anon_passwords;
-    int auth_anon_nouserid;
-    int auth_anon_logemail;
-    int auth_anon_verifyemail;
-    int auth_anon_mustemail;
-    int auth_anon_authoritative;
-
-} anon_auth_config_rec;
-
-static void *create_anon_auth_dir_config(pool *p, char *d)
-{
-    anon_auth_config_rec *sec = (anon_auth_config_rec *)
-    ap_pcalloc(p, sizeof(anon_auth_config_rec));
-
-    if (!sec)
-	return NULL;		/* no memory... */
-
-    /* just to illustrate the defaults really. */
-    sec->auth_anon_passwords = NULL;
-
-    sec->auth_anon_nouserid = 0;
-    sec->auth_anon_logemail = 1;
-    sec->auth_anon_verifyemail = 0;
-    sec->auth_anon_mustemail = 1;
-    sec->auth_anon_authoritative = 0;
-    return sec;
-}
-
-static const char *anon_set_passwd_flag(cmd_parms *cmd,
-				 anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_mustemail = arg;
-    return NULL;
-}
-
-static const char *anon_set_userid_flag(cmd_parms *cmd,
-				 anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_nouserid = arg;
-    return NULL;
-}
-static const char *anon_set_logemail_flag(cmd_parms *cmd,
-				   anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_logemail = arg;
-    return NULL;
-}
-static const char *anon_set_verifyemail_flag(cmd_parms *cmd,
-				      anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_verifyemail = arg;
-    return NULL;
-}
-static const char *anon_set_authoritative_flag(cmd_parms *cmd,
-					anon_auth_config_rec * sec, int arg)
-{
-    sec->auth_anon_authoritative = arg;
-    return NULL;
-}
-
-static const char *anon_set_string_slots(cmd_parms *cmd,
-				  anon_auth_config_rec * sec, char *arg)
-{
-
-    auth_anon *first;
-
-    if (!(*arg))
-	return "Anonymous string cannot be empty, use Anonymous_NoUserId instead";
-
-    /* squeeze in a record */
-    first = sec->auth_anon_passwords;
-
-    if (
-	   (!(sec->auth_anon_passwords = (auth_anon *) ap_palloc(cmd->pool, sizeof(auth_anon)))) ||
-           (!(sec->auth_anon_passwords->password = arg))
-    )
-	     return "Failed to claim memory for an anonymous password...";
-
-    /* and repair the next */
-    sec->auth_anon_passwords->next = first;
-
-    return NULL;
-}
-
-static const command_rec anon_auth_cmds[] =
-{
-    {"Anonymous", anon_set_string_slots, NULL, OR_AUTHCFG, ITERATE,
-     "a space-separated list of user IDs"},
-    {"Anonymous_MustGiveEmail", anon_set_passwd_flag, NULL, OR_AUTHCFG, FLAG,
-     "Limited to 'on' or 'off'"},
-    {"Anonymous_NoUserId", anon_set_userid_flag, NULL, OR_AUTHCFG, FLAG,
-     "Limited to 'on' or 'off'"},
-{"Anonymous_VerifyEmail", anon_set_verifyemail_flag, NULL, OR_AUTHCFG, FLAG,
- "Limited to 'on' or 'off'"},
-    {"Anonymous_LogEmail", anon_set_logemail_flag, NULL, OR_AUTHCFG, FLAG,
-     "Limited to 'on' or 'off'"},
-    {"Anonymous_Authoritative", anon_set_authoritative_flag, NULL, OR_AUTHCFG, FLAG,
-     "Limited to 'on' or 'off'"},
-
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT anon_auth_module;
-
-static int anon_authenticate_basic_user(request_rec *r)
-{
-    anon_auth_config_rec *sec =
-    (anon_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					       &anon_auth_module);
-    conn_rec *c = r->connection;
-    const char *sent_pw;
-    int res = DECLINED;
-
-    if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
-	return res;
-
-    /* Ignore if we are not configured */
-    if (!sec->auth_anon_passwords)
-	return DECLINED;
-
-    /* Do we allow an empty userID and/or is it the magic one
-     */
-
-    if ((!(c->user[0])) && (sec->auth_anon_nouserid)) {
-	res = OK;
-    }
-    else {
-	auth_anon *p = sec->auth_anon_passwords;
-	res = DECLINED;
-	while ((res == DECLINED) && (p != NULL)) {
-	    if (!(strcasecmp(c->user, p->password)))
-		res = OK;
-	    p = p->next;
-	}
-    }
-    if (
-    /* username is OK */
-	   (res == OK)
-    /* password been filled out ? */
-	   && ((!sec->auth_anon_mustemail) || strlen(sent_pw))
-    /* does the password look like an email address ? */
-	   && ((!sec->auth_anon_verifyemail)
-	       || ((strpbrk("@", sent_pw) != NULL)
-		   && (strpbrk(".", sent_pw) != NULL)))) {
-	if (sec->auth_anon_logemail && ap_is_initial_req(r)) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, r,
-			"Anonymous: Passwd <%s> Accepted",
-			sent_pw ? sent_pw : "\'none\'");
-	}
-	return OK;
-    }
-    else {
-	if (sec->auth_anon_authoritative) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"Anonymous: Authoritative, Passwd <%s> not accepted",
-			sent_pw ? sent_pw : "\'none\'");
-	    return AUTH_REQUIRED;
-	}
-	/* Drop out the bottom to return DECLINED */
-    }
-
-    return DECLINED;
-}
-
-static int check_anon_access(request_rec *r)
-{
-#ifdef NOTYET
-    conn_rec *c = r->connection;
-    anon_auth_config_rec *sec =
-    (anon_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					       &anon_auth_module);
-
-    if (!sec->auth_anon)
-	return DECLINED;
-
-    if (strcasecmp(r->connection->user, sec->auth_anon))
-	return DECLINED;
-
-    return OK;
-#endif
-    return DECLINED;
-}
-
-
-module MODULE_VAR_EXPORT anon_auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_anon_auth_dir_config,	/* dir config creater */
-    NULL,			/* dir merger ensure strictness */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    anon_auth_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    anon_authenticate_basic_user,	/* check_user_id */
-    check_anon_access,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_db.c b/usr.sbin/httpd/src/modules/standard/mod_auth_db.c
deleted file mode 100644
index b1b68a6b897..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_db.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/*	$OpenBSD: mod_auth_db.c,v 1.13 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_auth_db: authentication
- * 
- * Original work by Rob McCool & Brian Behlendorf.
- * 
- * Adapted to Apache by rst (mod_auth_dbm)
- *
- * Adapted for Berkeley DB by Andrew Cohen 
- *
- * mod_auth_db was based on mod_auth_dbm.
- * 
- * Warning, this is not a drop in replacement for mod_auth_dbm, 
- * for people wanting to switch from dbm to Berkeley DB.
- * It requires the use of AuthDBUserFile and AuthDBGroupFile
- *           instead of   AuthDBMUserFile    AuthDBMGroupFile
- *
- * Also, in the configuration file you need to specify
- *  db_auth_module rather than dbm_auth_module
- *
- * On some BSD systems (e.g. FreeBSD and NetBSD) dbm is automatically
- * mapped to Berkeley DB. You can use either mod_auth_dbm or
- * mod_auth_db. The latter makes it more obvious that it's Berkeley.
- * On other platforms where you want to use the DB library you
- * usually have to install it first. See http://www.sleepycat.com/
- * for the distribution. The interface this module uses is the
- * one from DB version 1.85 and 1.86, but DB version 2.x
- * can also be used when compatibility mode is enabled.
- *
- * dirkx - Added Authoritative control to allow passing on to lower  
- *         modules if and only if the user-id is not known to this
- *         module. A known user with a faulty or absent password still
- *         causes an AuthRequired. The default is 'Authoritative', i.e.
- *         no control is passed along.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include 
-
-#if defined(DB_VERSION_MAJOR)
-#if (DB_VERSION_MAJOR == 2)
-#define DB2
-#endif
-#if (DB_VERSION_MAJOR == 3)
-#define DB3
-#endif
-#if (DB_VERSION_MAJOR == 4)
-#define DB4
-#endif
-#endif
-
-typedef struct {
-
-    char *auth_dbpwfile;
-    char *auth_dbgrpfile;
-    int auth_dbauthoritative;
-} db_auth_config_rec;
-
-static void *create_db_auth_dir_config(pool *p, char *d)
-{
-    db_auth_config_rec *sec
-    = (db_auth_config_rec *) ap_pcalloc(p, sizeof(db_auth_config_rec));
-    sec->auth_dbpwfile = NULL;
-    sec->auth_dbgrpfile = NULL;
-    sec->auth_dbauthoritative = 1;	/* fortress is secure by default */
-    return sec;
-}
-
-static const char *set_db_slot(cmd_parms *cmd, void *offset, char *f, char *t)
-{
-    if (!t || strcmp(t, "db"))
-	return DECLINE_CMD;
-
-    return ap_set_file_slot(cmd, offset, f);
-}
-
-static const command_rec db_auth_cmds[] =
-{
-    {"AuthDBUserFile", ap_set_file_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbpwfile),
-     OR_AUTHCFG, TAKE1, NULL},
-    {"AuthDBGroupFile", ap_set_file_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbgrpfile),
-     OR_AUTHCFG, TAKE1, NULL},
-    {"AuthUserFile", set_db_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbpwfile),
-     OR_AUTHCFG, TAKE12, NULL},
-    {"AuthGroupFile", set_db_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbgrpfile),
-     OR_AUTHCFG, TAKE12, NULL},
-    {"AuthDBAuthoritative", ap_set_flag_slot,
-     (void *) XtOffsetOf(db_auth_config_rec, auth_dbauthoritative),
-     OR_AUTHCFG, FLAG,
-     "Set to 'no' to allow access control to be passed along to lower modules if the userID is not known to this module"},
-    {NULL}
-};
-
-module db_auth_module;
-
-static char *get_db_pw(request_rec *r, char *user, const char *auth_dbpwfile)
-{
-    DB *f;
-    DBT d, q;
-    char *pw = NULL;
-
-    memset(&d, 0, sizeof(d));
-    memset(&q, 0, sizeof(q));
-
-    q.data = user;
-    q.size = strlen(q.data);
-
-    ap_server_strip_chroot(auth_dbpwfile, 1);
-
-#if defined(DB3) || defined(DB4)
-    if (   db_create(&f, NULL, 0) != 0 
-        || f->open(f, auth_dbpwfile, NULL, DB_HASH, DB_RDONLY, 0664) != 0) {
-#elif defined(DB2)
-    if (db_open(auth_dbpwfile, DB_HASH, DB_RDONLY, 0664, NULL, NULL, &f) != 0) {
-#else
-    if (!(f = dbopen(auth_dbpwfile, O_RDONLY, 0664, DB_HASH, NULL))) {
-#endif
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "could not open db auth file: %s", auth_dbpwfile);
-	return NULL;
-    }
-
-#if defined(DB2) || defined(DB3) || defined(DB4)
-    if (!((f->get) (f, NULL, &q, &d, 0))) {
-#else
-    if (!((f->get) (f, &q, &d, 0))) {
-#endif
-	pw = ap_palloc(r->pool, d.size + 1);
-	strncpy(pw, d.data, d.size);
-	pw[d.size] = '\0';	/* Terminate the string */
-    }
-
-#if defined(DB2) || defined(DB3) || defined(DB4)
-    (f->close) (f, 0);
-#else
-    (f->close) (f);
-#endif
-    return pw;
-}
-
-/* We do something strange with the group file.  If the group file
- * contains any : we assume the format is
- *      key=username value=":"groupname [":"anything here is ignored]
- * otherwise we now (0.8.14+) assume that the format is
- *      key=username value=groupname
- * The first allows the password and group files to be the same 
- * physical DB file;   key=username value=password":"groupname[":"anything]
- *
- * mark@telescope.org, 22Sep95
- */
-
-static char *get_db_grp(request_rec *r, char *user, const char *auth_dbgrpfile)
-{
-    char *grp_data = get_db_pw(r, user, auth_dbgrpfile);
-    char *grp_colon;
-    char *grp_colon2;
-
-    if (grp_data == NULL)
-	return NULL;
-
-    if ((grp_colon = strchr(grp_data, ':')) != NULL) {
-	grp_colon2 = strchr(++grp_colon, ':');
-	if (grp_colon2)
-	    *grp_colon2 = '\0';
-	return grp_colon;
-    }
-    return grp_data;
-}
-
-static int db_authenticate_basic_user(request_rec *r)
-{
-    db_auth_config_rec *sec =
-    (db_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					     &db_auth_module);
-    conn_rec *c = r->connection;
-    const char *sent_pw;
-    char *real_pw, *colon_pw;
-    char *invalid_pw;
-    int res;
-
-    if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
-	return res;
-
-    if (!sec->auth_dbpwfile)
-	return DECLINED;
-
-    if (!(real_pw = get_db_pw(r, c->user, sec->auth_dbpwfile))) {
-	if (!(sec->auth_dbauthoritative))
-	    return DECLINED;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "DB user %s not found: %s", c->user, r->filename);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    /* Password is up to first : if exists */
-    colon_pw = strchr(real_pw, ':');
-    if (colon_pw) {
-	*colon_pw = '\0';
-    }
-    invalid_pw = ap_validate_password(sent_pw, real_pw);
-    if (invalid_pw != NULL) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "DB user %s: authentication failure for \"%s\": %s",
-		      c->user, r->uri, invalid_pw);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    return OK;
-}
-
-/* Checking ID */
-
-static int db_check_auth(request_rec *r)
-{
-    db_auth_config_rec *sec =
-    (db_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					     &db_auth_module);
-    char *user = r->connection->user;
-    int m = r->method_number;
-
-    const array_header *reqs_arr = ap_requires(r);
-    require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
-
-    int x;
-    const char *t;
-    char *w;
-
-    if (!sec->auth_dbgrpfile)
-	return DECLINED;
-    if (!reqs_arr)
-	return DECLINED;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-	if (!(reqs[x].method_mask & (1 << m)))
-	    continue;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-
-	if (!strcmp(w, "group") && sec->auth_dbgrpfile) {
-	    const char *orig_groups, *groups;
-	    char *v;
-
-	    if (!(groups = get_db_grp(r, user, sec->auth_dbgrpfile))) {
-		if (!(sec->auth_dbauthoritative))
-		    return DECLINED;
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "user %s not in DB group file %s: %s",
-			    user, sec->auth_dbgrpfile, r->filename);
-		ap_note_basic_auth_failure(r);
-		return AUTH_REQUIRED;
-	    }
-	    orig_groups = groups;
-	    while (t[0]) {
-		w = ap_getword_white(r->pool, &t);
-		groups = orig_groups;
-		while (groups[0]) {
-		    v = ap_getword(r->pool, &groups, ',');
-		    if (!strcmp(v, w))
-			return OK;
-		}
-	    }
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"user %s not in right group: %s", user, r->filename);
-	    ap_note_basic_auth_failure(r);
-	    return AUTH_REQUIRED;
-	}
-    }
-
-    return DECLINED;
-}
-
-
-module db_auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_db_auth_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    db_auth_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    db_authenticate_basic_user,	/* check_user_id */
-    db_check_auth,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_db.module b/usr.sbin/httpd/src/modules/standard/mod_auth_db.module
deleted file mode 100644
index 1a903d6ae6a..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_db.module
+++ /dev/null
@@ -1,47 +0,0 @@
-Name: db_auth_module
-ConfigStart
-    DB_VERSION=''
-    DB_LIB=''
-    if sh ./helpers/TestCompile func db_create; then
-        DB_VERSION='Berkeley-DB/3.x'
-    elif sh ./helpers/TestCompile lib db db_create; then
-        DB_VERSION='Berkeley-DB/3.x'
-        DB_LIB='-ldb'
-    elif sh ./helpers/TestCompile func db_open; then
-        DB_VERSION='Berkeley-DB/2.x'
-    elif sh ./helpers/TestCompile lib db db_open; then
-        DB_VERSION='Berkeley-DB/2.x'
-        DB_LIB='-ldb'
-    elif sh ./helpers/TestCompile lib db2 db_open; then
-        DB_VERSION='Berkeley-DB/2.x'
-        DB_LIB='-ldb2'
-    elif sh ./helpers/TestCompile func dbopen; then
-        DB_VERSION='Berkeley-DB/1.x'
-    elif sh ./helpers/TestCompile lib db dbopen; then
-        DB_VERSION='Berkeley-DB/1.x'
-        DB_LIB='-ldb'
-    elif sh ./helpers/TestCompile lib db1 dbopen; then
-        DB_VERSION='Berkeley-DB/1.x'
-        DB_LIB='-ldb1'
-    elif TCADDINCL='#include ' INCLUDES1="$INCLUDES1 -I/usr/include/db1" TLIB="-ldb1" \
-         sh ./helpers/TestCompile func dbm_open; then
-        # For Red Hat 7
-        DB_VERSION='Berkeley-DB/1.x'
-        DB_LIB='-ldb1'
-        CFLAGS="$CFLAGS -I/usr/include/db1"
-    fi
-    if [ ".$DB_VERSION" != . ]; then
-        if [ ".$DB_LIB" != . ]; then
-            LIBS="$LIBS $DB_LIB"
-            echo "      using $DB_VERSION for mod_auth_db ($DB_LIB)"
-        else
-            echo "      using $DB_VERSION for mod_auth_db (-lc)"
-        fi
-    else
-        echo "Error: None of Berkeley-DB 1.x, 2.x or 3.x libraries found."
-        echo "       Either disable mod_auth_db or provide us with the paths"
-        echo "       to the Berkeley-DB include and library files."
-        echo "       (Hint: INCLUDES, LDFLAGS, LIBS)"
-        exit 1
-    fi
-ConfigEnd
diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c b/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c
deleted file mode 100644
index 4cb355c0484..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_auth_dbm.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*	$OpenBSD: mod_auth_dbm.c,v 1.14 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_auth: authentication
- * 
- * Rob McCool & Brian Behlendorf.
- * 
- * Adapted to Apache by rst.
- *
- * dirkx - Added Authoritative control to allow passing on to lower  
- *         modules if and only if the user-id is not known to this
- *         module. A known user with a faulty or absent password still
- *         causes an AuthRequired. The default is 'Authoritative', i.e.
- *         no control is passed along.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include 
-
-/*
- * Module definition information - the part between the -START and -END
- * lines below is used by Configure. This could be stored in a separate
- * instead.
- *
- * MODULE-DEFINITION-START
- * Name: dbm_auth_module
- * ConfigStart
-    . ./helpers/find-dbm-lib
- * ConfigEnd
- * MODULE-DEFINITION-END
- */
-
-typedef struct {
-
-    char *auth_dbmpwfile;
-    char *auth_dbmgrpfile;
-    int auth_dbmauthoritative;
-
-} dbm_auth_config_rec;
-
-static void *create_dbm_auth_dir_config(pool *p, char *d)
-{
-    dbm_auth_config_rec *sec
-    = (dbm_auth_config_rec *) ap_pcalloc(p, sizeof(dbm_auth_config_rec));
-
-    sec->auth_dbmpwfile = NULL;
-    sec->auth_dbmgrpfile = NULL;
-    sec->auth_dbmauthoritative = 1;	/* fortress is secure by default */
-
-    return sec;
-}
-
-static const char *set_dbm_slot(cmd_parms *cmd, void *offset, char *f, char *t)
-{
-    if (!t || strcmp(t, "dbm"))
-	return DECLINE_CMD;
-
-    return ap_set_file_slot(cmd, offset, f);
-}
-
-static const command_rec dbm_auth_cmds[] =
-{
-    {"AuthDBMUserFile", ap_set_file_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmpwfile),
-     OR_AUTHCFG, TAKE1, NULL},
-    {"AuthDBMGroupFile", ap_set_file_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmgrpfile),
-     OR_AUTHCFG, TAKE1, NULL},
-    {"AuthUserFile", set_dbm_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmpwfile),
-     OR_AUTHCFG, TAKE12, NULL},
-    {"AuthGroupFile", set_dbm_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmgrpfile),
-     OR_AUTHCFG, TAKE12, NULL},
-    {"AuthDBMAuthoritative", ap_set_flag_slot,
-     (void *) XtOffsetOf(dbm_auth_config_rec, auth_dbmauthoritative),
-     OR_AUTHCFG, FLAG, "Set to 'no' to allow access control to be passed along to lower modules, if the UserID is not known in this module"},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT dbm_auth_module;
-
-static char *get_dbm_pw(request_rec *r, char *user, char *auth_dbmpwfile)
-{
-    DBM *f;
-    datum d, q;
-    char *pw = NULL;
-
-    q.dptr = user;
-    q.dsize = strlen(q.dptr);
-
-    ap_server_strip_chroot(auth_dbmpwfile, 1);
-
-    if (!(f = dbm_open(auth_dbmpwfile, O_RDONLY, 0664))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "could not open dbm auth file: %s", auth_dbmpwfile);
-	return NULL;
-    }
-
-    d = dbm_fetch(f, q);
-
-    if (d.dptr) {
-	pw = ap_palloc(r->pool, d.dsize + 1);
-	strncpy(pw, d.dptr, d.dsize);
-	pw[d.dsize] = '\0';	/* Terminate the string */
-    }
-
-    dbm_close(f);
-    return pw;
-}
-
-/* We do something strange with the group file.  If the group file
- * contains any : we assume the format is
- *      key=username value=":"groupname [":"anything here is ignored]
- * otherwise we now (0.8.14+) assume that the format is
- *      key=username value=groupname
- * The first allows the password and group files to be the same 
- * physical DBM file;   key=username value=password":"groupname[":"anything]
- *
- * mark@telescope.org, 22Sep95
- */
-
-static char *get_dbm_grp(request_rec *r, char *user, char *auth_dbmgrpfile)
-{
-    char *grp_data = get_dbm_pw(r, user, auth_dbmgrpfile);
-    char *grp_colon;
-    char *grp_colon2;
-
-    if (grp_data == NULL)
-	return NULL;
-
-    if ((grp_colon = strchr(grp_data, ':')) != NULL) {
-	grp_colon2 = strchr(++grp_colon, ':');
-	if (grp_colon2)
-	    *grp_colon2 = '\0';
-	return grp_colon;
-    }
-    return grp_data;
-}
-
-static int dbm_authenticate_basic_user(request_rec *r)
-{
-    dbm_auth_config_rec *sec =
-    (dbm_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					      &dbm_auth_module);
-    conn_rec *c = r->connection;
-    const char *sent_pw;
-    char *real_pw, *colon_pw;
-    char *invalid_pw;
-    int res;
-
-    if ((res = ap_get_basic_auth_pw(r, &sent_pw)))
-	return res;
-
-    if (!sec->auth_dbmpwfile)
-	return DECLINED;
-
-    if (!(real_pw = get_dbm_pw(r, c->user, sec->auth_dbmpwfile))) {
-	if (!(sec->auth_dbmauthoritative))
-	    return DECLINED;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "DBM user %s not found: %s", c->user, r->filename);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    /* Password is up to first : if exists */
-    colon_pw = strchr(real_pw, ':');
-    if (colon_pw) {
-	*colon_pw = '\0';
-    }
-    invalid_pw = ap_validate_password(sent_pw, real_pw);
-    if (invalid_pw != NULL) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "DBM user %s: authentication failure for \"%s\": %s",
-		      c->user, r->uri, invalid_pw);
-	ap_note_basic_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    return OK;
-}
-
-/* Checking ID */
-
-static int dbm_check_auth(request_rec *r)
-{
-    dbm_auth_config_rec *sec =
-    (dbm_auth_config_rec *) ap_get_module_config(r->per_dir_config,
-					      &dbm_auth_module);
-    char *user = r->connection->user;
-    int m = r->method_number;
-
-    const array_header *reqs_arr = ap_requires(r);
-    require_line *reqs = reqs_arr ? (require_line *) reqs_arr->elts : NULL;
-
-    int x;
-    const char *t;
-    char *w;
-
-    if (!sec->auth_dbmgrpfile)
-	return DECLINED;
-    if (!reqs_arr)
-	return DECLINED;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-	if (!(reqs[x].method_mask & (1 << m)))
-	    continue;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-
-	if (!strcmp(w, "group") && sec->auth_dbmgrpfile) {
-	    const char *orig_groups, *groups;
-	    char *v;
-
-	    if (!(groups = get_dbm_grp(r, user, sec->auth_dbmgrpfile))) {
-		if (!(sec->auth_dbmauthoritative))
-		    return DECLINED;
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "user %s not in DBM group file %s: %s",
-			    user, sec->auth_dbmgrpfile, r->filename);
-		ap_note_basic_auth_failure(r);
-		return AUTH_REQUIRED;
-	    }
-	    orig_groups = groups;
-	    while (t[0]) {
-		w = ap_getword_white(r->pool, &t);
-		groups = orig_groups;
-		while (groups[0]) {
-		    v = ap_getword(r->pool, &groups, ',');
-		    if (!strcmp(v, w))
-			return OK;
-		}
-	    }
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"user %s not in right group: %s",
-			user, r->filename);
-	    ap_note_basic_auth_failure(r);
-	    return AUTH_REQUIRED;
-	}
-    }
-
-    return DECLINED;
-}
-
-
-module MODULE_VAR_EXPORT dbm_auth_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_dbm_auth_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    dbm_auth_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    dbm_authenticate_basic_user,	/* check_user_id */
-    dbm_check_auth,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_autoindex.c b/usr.sbin/httpd/src/modules/standard/mod_autoindex.c
deleted file mode 100644
index 1c7a976650a..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_autoindex.c
+++ /dev/null
@@ -1,1836 +0,0 @@
-/*	$OpenBSD: mod_autoindex.c,v 1.13 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_autoindex.c: Handles the on-the-fly html index generation
- * 
- * Rob McCool
- * 3/23/93
- * 
- * Adapted to Apache by rst.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_request.h"
-#include "http_protocol.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "util_script.h"
-#include "fnmatch.h"
-
-module MODULE_VAR_EXPORT autoindex_module;
-
-/****************************************************************
- *
- * Handling configuration directives...
- */
-
-#define HRULE 1
-#define NO_HRULE 0
-#define FRONT_MATTER 1
-#define END_MATTER 0
-
-#define FANCY_INDEXING 1	/* Indexing options */
-#define ICONS_ARE_LINKS 2
-#define SCAN_HTML_TITLES 4
-#define SUPPRESS_LAST_MOD 8
-#define SUPPRESS_SIZE 16
-#define SUPPRESS_DESC 32
-#define SUPPRESS_PREAMBLE 64
-#define SUPPRESS_COLSORT 128
-#define NO_OPTIONS 256
-#define FOLDERS_FIRST 512
-#define TRACK_MODIFIED 1024
-#define SORT_NOCASE 2048
-
-#define K_PAD 1
-#define K_NOPAD 0
-
-#define K_NOADJUST 0
-#define K_ADJUST 1
-#define K_UNSET 2
-
-/*
- * Define keys for sorting.
- */
-#define K_NAME 'N'		/* Sort by file name (default) */
-#define K_LAST_MOD 'M'		/* Last modification date */
-#define K_SIZE 'S'		/* Size (absolute, not as displayed) */
-#define K_DESC 'D'		/* Description */
-
-#define D_ASCENDING 'A'
-#define D_DESCENDING 'D'
-
-/*
- * These are the dimensions of the default icons supplied with Apache.
- */
-#define DEFAULT_ICON_WIDTH 20
-#define DEFAULT_ICON_HEIGHT 22
-
-/*
- * Other default dimensions.
- */
-#define DEFAULT_NAME_WIDTH 23
-#define DEFAULT_DESC_WIDTH 23
-
-struct item {
-    char *type;
-    char *apply_to;
-    char *apply_path;
-    char *data;
-};
-
-typedef struct ai_desc_t {
-    char *pattern;
-    char *description;
-    int full_path;
-    int wildcards;
-} ai_desc_t;
-
-typedef struct autoindex_config_struct {
-    char *default_icon;
-    int opts;
-    int incremented_opts;
-    int decremented_opts;
-    int name_width;
-    int name_adjust;
-    int desc_width;
-    int desc_adjust;
-    int icon_width;
-    int icon_height;
-    char *default_order;
-
-    array_header *icon_list;
-    array_header *alt_list;
-    array_header *desc_list;
-    array_header *ign_list;
-    array_header *hdr_list;
-    array_header *rdme_list;
-
-} autoindex_config_rec;
-
-static char c_by_encoding, c_by_type, c_by_path;
-
-#define BY_ENCODING &c_by_encoding
-#define BY_TYPE &c_by_type
-#define BY_PATH &c_by_path
-
-/*
- * Return true if the specified string refers to the parent directory (i.e.,
- * matches ".." or "../").  Hopefully this one call is significantly less
- * expensive than multiple strcmp() calls.
- */
-static ap_inline int is_parent(const char *name)
-{
-    /*
-     * Now, IFF the first two bytes are dots, and the third byte is either
-     * EOS (\0) or a slash followed by EOS, we have a match.
-     */
-    if (((name[0] == '.') && (name[1] == '.'))
-	&& ((name[2] == '\0')
-	    || ((name[2] == '/') && (name[3] == '\0')))) {
-        return 1;
-    }
-    return 0;
-}
-
-/*
- * This routine puts the standard HTML header at the top of the index page.
- * We include the DOCTYPE because we may be using features therefrom (i.e.,
- * HEIGHT and WIDTH attributes on the icons if we're FancyIndexing).
- */
-static void emit_preamble(request_rec *r, char *title)
-{
-    ap_rvputs(r, DOCTYPE_HTML_3_2,
-	      "\n \n  Index of ", title,
-	      "\n \n \n", NULL);
-}
-
-static void push_item(array_header *arr, char *type, char *to, char *path,
-		      char *data)
-{
-    struct item *p = (struct item *) ap_push_array(arr);
-
-    if (!to) {
-	to = "";
-    }
-    if (!path) {
-	path = "";
-    }
-
-    p->type = type;
-    p->data = data ? ap_pstrdup(arr->pool, data) : NULL;
-    p->apply_path = ap_pstrcat(arr->pool, path, "*", NULL);
-
-    if ((type == BY_PATH) && (!ap_is_matchexp(to))) {
-	p->apply_to = ap_pstrcat(arr->pool, "*", to, NULL);
-    }
-    else if (to) {
-	p->apply_to = ap_pstrdup(arr->pool, to);
-    }
-    else {
-	p->apply_to = NULL;
-    }
-}
-
-static const char *add_alt(cmd_parms *cmd, void *d, char *alt, char *to)
-{
-    if (cmd->info == BY_PATH) {
-        if (!strcmp(to, "**DIRECTORY**")) {
-	    to = "^^DIRECTORY^^";
-	}
-    }
-    if (cmd->info == BY_ENCODING) {
-	ap_str_tolower(to);
-    }
-
-    push_item(((autoindex_config_rec *) d)->alt_list, cmd->info, to,
-	      cmd->path, alt);
-    return NULL;
-}
-
-static const char *add_icon(cmd_parms *cmd, void *d, char *icon, char *to)
-{
-    char *iconbak = ap_pstrdup(cmd->pool, icon);
-
-    if (icon[0] == '(') {
-	char *alt;
-	char *cl = strchr(iconbak, ')');
-
-	if (cl == NULL) {
-	    return "missing closing paren";
-	}
-	alt = ap_getword_nc(cmd->pool, &iconbak, ',');
-	*cl = '\0';				/* Lose closing paren */
-	add_alt(cmd, d, &alt[1], to);
-    }
-    if (cmd->info == BY_PATH) {
-        if (!strcmp(to, "**DIRECTORY**")) {
-	    to = "^^DIRECTORY^^";
-	}
-    }
-    if (cmd->info == BY_ENCODING) {
-	ap_str_tolower(to);
-    }
-
-    push_item(((autoindex_config_rec *) d)->icon_list, cmd->info, to,
-	      cmd->path, iconbak);
-    return NULL;
-}
-
-/*
- * Add description text for a filename pattern.  If the pattern has
- * wildcards already (or we need to add them), add leading and
- * trailing wildcards to it to ensure substring processing.  If the
- * pattern contains a '/' anywhere, force wildcard matching mode,
- * add a slash to the prefix so that "bar/bletch" won't be matched
- * by "foobar/bletch", and make a note that there's a delimiter;
- * the matching routine simplifies to just the actual filename
- * whenever it can.  This allows definitions in parent directories
- * to be made for files in subordinate ones using relative paths.
- */
-
-/*
- * Absent a strcasestr() function, we have to force wildcards on
- * systems for which "AAA" and "aaa" mean the same file.
- */
-#define WILDCARDS_REQUIRED 0
-
-static const char *add_desc(cmd_parms *cmd, void *d, char *desc, char *to)
-{
-    autoindex_config_rec *dcfg = (autoindex_config_rec *) d;
-    ai_desc_t *desc_entry;
-    char *prefix = "";
-
-    desc_entry = (ai_desc_t *) ap_push_array(dcfg->desc_list);
-    desc_entry->full_path = (strchr(to, '/') == NULL) ? 0 : 1;
-    desc_entry->wildcards = (WILDCARDS_REQUIRED
-			     || desc_entry->full_path
-			     || ap_is_fnmatch(to));
-    if (desc_entry->wildcards) {
-	prefix = desc_entry->full_path ? "*/" : "*";
-	desc_entry->pattern = ap_pstrcat(dcfg->desc_list->pool,
-					 prefix, to, "*", NULL);
-    }
-    else {
-	desc_entry->pattern = ap_pstrdup(dcfg->desc_list->pool, to);
-    }
-    desc_entry->description = ap_pstrdup(dcfg->desc_list->pool, desc);
-    return NULL;
-}
-
-static const char *add_ignore(cmd_parms *cmd, void *d, char *ext)
-{
-    push_item(((autoindex_config_rec *) d)->ign_list, 0, ext, cmd->path, NULL);
-    return NULL;
-}
-
-static const char *add_header(cmd_parms *cmd, void *d, char *name)
-{
-    push_item(((autoindex_config_rec *) d)->hdr_list, 0, NULL, cmd->path,
-	      name);
-    return NULL;
-}
-
-static const char *add_readme(cmd_parms *cmd, void *d, char *name)
-{
-    push_item(((autoindex_config_rec *) d)->rdme_list, 0, NULL, cmd->path,
-	      name);
-    return NULL;
-}
-
-/* A legacy directive, FancyIndexing is superseded by the IndexOptions
- * keyword.  But for compatibility..
- */
-static const char *fancy_indexing(cmd_parms *cmd, void *d, int arg)
-{
-    int curopts;
-    int newopts;
-    autoindex_config_rec *cfg;
-
-    cfg = (autoindex_config_rec *) d;
-    curopts = cfg->opts;
-    if (curopts & NO_OPTIONS) {
-	return "FancyIndexing directive conflicts with existing "
-	       "IndexOptions None";
-    }
-    newopts = (arg ? (curopts | FANCY_INDEXING) : (curopts & ~FANCY_INDEXING));
-    cfg->opts = newopts;
-    return NULL;
-}
-
-static const char *add_opts(cmd_parms *cmd, void *d, const char *optstr)
-{
-    char *w;
-    int opts;
-    int opts_add;
-    int opts_remove;
-    char action;
-    autoindex_config_rec *d_cfg = (autoindex_config_rec *) d;
-
-    opts = d_cfg->opts;
-    opts_add = d_cfg->incremented_opts;
-    opts_remove = d_cfg->decremented_opts;
-    while (optstr[0]) {
-	int option = 0;
-
-	w = ap_getword_conf(cmd->pool, &optstr);
-	if ((*w == '+') || (*w == '-')) {
-	    action = *(w++);
-	}
-	else {
-	    action = '\0';
-	}
-	if (!strcasecmp(w, "FancyIndexing")) {
-	    option = FANCY_INDEXING;
-	}
-	else if (!strcasecmp(w, "IconsAreLinks")) {
-	    option = ICONS_ARE_LINKS;
-	}
-	else if (!strcasecmp(w, "ScanHTMLTitles")) {
-	    option = SCAN_HTML_TITLES;
-	}
-	else if (!strcasecmp(w, "SuppressLastModified")) {
-	    option = SUPPRESS_LAST_MOD;
-	}
-	else if (!strcasecmp(w, "SuppressSize")) {
-	    option = SUPPRESS_SIZE;
-	}
-	else if (!strcasecmp(w, "SuppressDescription")) {
-	    option = SUPPRESS_DESC;
-	}
-	else if (!strcasecmp(w, "SuppressHTMLPreamble")) {
-	    option = SUPPRESS_PREAMBLE;
-	}
-        else if (!strcasecmp(w, "SuppressColumnSorting")) {
-            option = SUPPRESS_COLSORT;
-	}
-        else if (!strcasecmp(w, "FoldersFirst")) {
-            option = FOLDERS_FIRST;
-	}
-	else if (!strcasecmp(w, "TrackModified")) {
-            option = TRACK_MODIFIED;
-	}
-	else if (!strcasecmp(w, "IgnoreCase")) {
-            option = SORT_NOCASE;
-	}
-        else if (!strcasecmp(w, "None")) {
-	    if (action != '\0') {
-		return "Cannot combine '+' or '-' with 'None' keyword";
-	    }
-	    opts = NO_OPTIONS;
-	    opts_add = 0;
-	    opts_remove = 0;
-	}
-	else if (!strcasecmp(w, "IconWidth")) {
-	    if (action != '-') {
-		d_cfg->icon_width = DEFAULT_ICON_WIDTH;
-	    }
-	    else {
-		d_cfg->icon_width = 0;
-	    }
-	}
-	else if (!strncasecmp(w, "IconWidth=", 10)) {
-	    if (action == '-') {
-		return "Cannot combine '-' with IconWidth=n";
-	    }
-	    d_cfg->icon_width = atoi(&w[10]);
-	}
-	else if (!strcasecmp(w, "IconHeight")) {
-	    if (action != '-') {
-		d_cfg->icon_height = DEFAULT_ICON_HEIGHT;
-	    }
-	    else {
-		d_cfg->icon_height = 0;
-	    }
-	}
-	else if (!strncasecmp(w, "IconHeight=", 11)) {
-	    if (action == '-') {
-		return "Cannot combine '-' with IconHeight=n";
-	    }
-	    d_cfg->icon_height = atoi(&w[11]);
-	}
-	else if (!strcasecmp(w, "NameWidth")) {
-	    if (action != '-') {
-		return "NameWidth with no value may only appear as "
-		       "'-NameWidth'";
-	    }
-	    d_cfg->name_width = DEFAULT_NAME_WIDTH;
-	    d_cfg->name_adjust = K_NOADJUST;
-	}
-	else if (!strncasecmp(w, "NameWidth=", 10)) {
-	    if (action == '-') {
-		return "Cannot combine '-' with NameWidth=n";
-	    }
-	    if (w[10] == '*') {
-		d_cfg->name_adjust = K_ADJUST;
-	    }
-	    else {
-		int width = atoi(&w[10]);
-
-		if (width < 5) {
-		    return "NameWidth value must be greater than 5";
-		}
-		d_cfg->name_width = width;
-		d_cfg->name_adjust = K_NOADJUST;
-	    }
-	}
-	else if (!strcasecmp(w, "DescriptionWidth")) {
-	    if (action != '-') {
-		return "DescriptionWidth with no value may only appear as "
-		       "'-DescriptionWidth'";
-	    }
-	    d_cfg->desc_width = DEFAULT_DESC_WIDTH;
-	    d_cfg->desc_adjust = K_NOADJUST;
-	}
-	else if (!strncasecmp(w, "DescriptionWidth=", 17)) {
-	    if (action == '-') {
-		return "Cannot combine '-' with DescriptionWidth=n";
-	    }
-	    if (w[17] == '*') {
-		d_cfg->desc_adjust = K_ADJUST;
-	    }
-	    else {
-		int width = atoi(&w[17]);
-
-		if (width < 12) {
-		    return "DescriptionWidth value must be greater than 12";
-		}
-		d_cfg->desc_width = width;
-		d_cfg->desc_adjust = K_NOADJUST;
-	    }
-	}
-        else {
-	    return "Invalid directory indexing option";
-	}
-	if (action == '\0') {
-	    opts |= option;
-	    opts_add = 0;
-	    opts_remove = 0;
-	}
-	else if (action == '+') {
-	    opts_add |= option;
-	    opts_remove &= ~option;
-	}
-	else {
-	    opts_remove |= option;
-	    opts_add &= ~option;
-	}
-    }
-    if ((opts & NO_OPTIONS) && (opts & ~NO_OPTIONS)) {
-	return "Cannot combine other IndexOptions keywords with 'None'";
-    }
-    d_cfg->incremented_opts = opts_add;
-    d_cfg->decremented_opts = opts_remove;
-    d_cfg->opts = opts;
-    return NULL;
-}
-
-static const char *set_default_order(cmd_parms *cmd, void *m, char *direction,
-				     char *key)
-{
-    char temp[4];
-    autoindex_config_rec *d_cfg = (autoindex_config_rec *) m;
-
-    ap_cpystrn(temp, "k=d", sizeof(temp));
-    if (!strcasecmp(direction, "Ascending")) {
-	temp[2] = D_ASCENDING;
-    }
-    else if (!strcasecmp(direction, "Descending")) {
-	temp[2] = D_DESCENDING;
-    }
-    else {
-	return "First keyword must be 'Ascending' or 'Descending'";
-    }
-
-    if (!strcasecmp(key, "Name")) {
-	temp[0] = K_NAME;
-    }
-    else if (!strcasecmp(key, "Date")) {
-	temp[0] = K_LAST_MOD;
-    }
-    else if (!strcasecmp(key, "Size")) {
-	temp[0] = K_SIZE;
-    }
-    else if (!strcasecmp(key, "Description")) {
-	temp[0] = K_DESC;
-    }
-    else {
-	return "Second keyword must be 'Name', 'Date', 'Size', or "
-	    "'Description'";
-    }
-
-    if (d_cfg->default_order == NULL) {
-	d_cfg->default_order = ap_palloc(cmd->pool, 4);
-	d_cfg->default_order[3] = '\0';
-    }
-    ap_cpystrn(d_cfg->default_order, temp, sizeof(temp));
-    return NULL;
-}
-
-#define DIR_CMD_PERMS OR_INDEXES
-
-static const command_rec autoindex_cmds[] =
-{
-    {"AddIcon", add_icon, BY_PATH, DIR_CMD_PERMS, ITERATE2,
-     "an icon URL followed by one or more filenames"},
-    {"AddIconByType", add_icon, BY_TYPE, DIR_CMD_PERMS, ITERATE2,
-     "an icon URL followed by one or more MIME types"},
-    {"AddIconByEncoding", add_icon, BY_ENCODING, DIR_CMD_PERMS, ITERATE2,
-     "an icon URL followed by one or more content encodings"},
-    {"AddAlt", add_alt, BY_PATH, DIR_CMD_PERMS, ITERATE2,
-     "alternate descriptive text followed by one or more filenames"},
-    {"AddAltByType", add_alt, BY_TYPE, DIR_CMD_PERMS, ITERATE2,
-     "alternate descriptive text followed by one or more MIME types"},
-    {"AddAltByEncoding", add_alt, BY_ENCODING, DIR_CMD_PERMS, ITERATE2,
-     "alternate descriptive text followed by one or more content encodings"},
-    {"IndexOptions", add_opts, NULL, DIR_CMD_PERMS, RAW_ARGS,
-     "one or more index options"},
-    {"IndexOrderDefault", set_default_order, NULL, DIR_CMD_PERMS, TAKE2,
-     "{Ascending,Descending} {Name,Size,Description,Date}"},
-    {"IndexIgnore", add_ignore, NULL, DIR_CMD_PERMS, ITERATE,
-     "one or more file extensions"},
-    {"AddDescription", add_desc, BY_PATH, DIR_CMD_PERMS, ITERATE2,
-     "Descriptive text followed by one or more filenames"},
-    {"HeaderName", add_header, NULL, DIR_CMD_PERMS, TAKE1, "a filename"},
-    {"ReadmeName", add_readme, NULL, DIR_CMD_PERMS, TAKE1, "a filename"},
-    {"FancyIndexing", fancy_indexing, NULL, DIR_CMD_PERMS, FLAG,
-     "Limited to 'on' or 'off' (superseded by IndexOptions FancyIndexing)"},
-    {"DefaultIcon", ap_set_string_slot,
-     (void *) XtOffsetOf(autoindex_config_rec, default_icon),
-     DIR_CMD_PERMS, TAKE1, "an icon URL"},
-    {NULL}
-};
-
-static void *create_autoindex_config(pool *p, char *dummy)
-{
-    autoindex_config_rec *new =
-    (autoindex_config_rec *) ap_pcalloc(p, sizeof(autoindex_config_rec));
-
-    new->icon_width = 0;
-    new->icon_height = 0;
-    new->name_width = DEFAULT_NAME_WIDTH;
-    new->name_adjust = K_UNSET;
-    new->desc_width = DEFAULT_DESC_WIDTH;
-    new->desc_adjust = K_UNSET;
-    new->icon_list = ap_make_array(p, 4, sizeof(struct item));
-    new->alt_list = ap_make_array(p, 4, sizeof(struct item));
-    new->desc_list = ap_make_array(p, 4, sizeof(ai_desc_t));
-    new->ign_list = ap_make_array(p, 4, sizeof(struct item));
-    new->hdr_list = ap_make_array(p, 4, sizeof(struct item));
-    new->rdme_list = ap_make_array(p, 4, sizeof(struct item));
-    new->opts = 0;
-    new->incremented_opts = 0;
-    new->decremented_opts = 0;
-    new->default_order = NULL;
-
-    return (void *) new;
-}
-
-static void *merge_autoindex_configs(pool *p, void *basev, void *addv)
-{
-    autoindex_config_rec *new;
-    autoindex_config_rec *base = (autoindex_config_rec *) basev;
-    autoindex_config_rec *add = (autoindex_config_rec *) addv;
-
-    new = (autoindex_config_rec *) ap_pcalloc(p, sizeof(autoindex_config_rec));
-    new->default_icon = add->default_icon ? add->default_icon
-                                          : base->default_icon;
-    new->icon_height = add->icon_height ? add->icon_height : base->icon_height;
-    new->icon_width = add->icon_width ? add->icon_width : base->icon_width;
-
-    new->alt_list = ap_append_arrays(p, add->alt_list, base->alt_list);
-    new->ign_list = ap_append_arrays(p, add->ign_list, base->ign_list);
-    new->hdr_list = ap_append_arrays(p, add->hdr_list, base->hdr_list);
-    new->desc_list = ap_append_arrays(p, add->desc_list, base->desc_list);
-    new->icon_list = ap_append_arrays(p, add->icon_list, base->icon_list);
-    new->rdme_list = ap_append_arrays(p, add->rdme_list, base->rdme_list);
-    if (add->opts & NO_OPTIONS) {
-	/*
-	 * If the current directory says 'no options' then we also
-	 * clear any incremental mods from being inheritable further down.
-	 */
-	new->opts = NO_OPTIONS;
-	new->incremented_opts = 0;
-	new->decremented_opts = 0;
-    }
-    else {
-	/*
-	 * If there were any non-incremental options selected for
-	 * this directory, they dominate and we don't inherit *anything.*
-	 * Contrariwise, we *do* inherit if the only settings here are
-	 * incremental ones.
-	 */
-	if (add->opts == 0) {
-	    new->incremented_opts = (base->incremented_opts 
-				     | add->incremented_opts)
-		                    & ~add->decremented_opts;
-	    new->decremented_opts = (base->decremented_opts
-				     | add->decremented_opts);
-	    /*
-	     * We may have incremental settings, so make sure we don't
-	     * inadvertently inherit an IndexOptions None from above.
-	     */
-	    new->opts = (base->opts & ~NO_OPTIONS);
-	}
-	else {
-	    /*
-	     * There are local non-incremental settings, which clear
-	     * all inheritance from above.  They *are* the new base settings.
-	     */
-	    new->opts = add->opts;
-	}
-	/*
-	 * We're guaranteed that there'll be no overlap between
-	 * the add-options and the remove-options.
-	 */
-	new->opts |= new->incremented_opts;
-	new->opts &= ~new->decremented_opts;
-    }
-    /*
-     * Inherit the NameWidth settings if there aren't any specific to
-     * the new location; otherwise we'll end up using the defaults set in the
-     * config-rec creation routine.
-     */
-    if (add->name_adjust == K_UNSET) {
-	new->name_width = base->name_width;
-	new->name_adjust = base->name_adjust;
-    }
-    else {
-	new->name_width = add->name_width;
-	new->name_adjust = add->name_adjust;
-    }
-    /*
-     * Likewise for DescriptionWidth.
-     */
-    if (add->desc_adjust == K_UNSET) {
-	new->desc_width = base->desc_width;
-	new->desc_adjust = base->desc_adjust;
-    }
-    else {
-	new->desc_width = add->desc_width;
-	new->desc_adjust = add->desc_adjust;
-    }
-
-    new->default_order = (add->default_order != NULL)
-	? add->default_order : base->default_order;
-    return new;
-}
-
-/****************************************************************
- *
- * Looking things up in config entries...
- */
-
-/* Structure used to hold entries when we're actually building an index */
-
-struct ent {
-    char *name;
-    char *icon;
-    char *alt;
-    char *desc;
-    off_t size;
-    time_t lm;
-    struct ent *next;
-    int ascending;
-    int isdir;
-    int checkdir;
-    int ignorecase;
-    char key;
-};
-
-static char *find_item(request_rec *r, array_header *list, int path_only)
-{
-    const char *content_type = ap_field_noparam(r->pool, r->content_type);
-    const char *content_encoding = r->content_encoding;
-    char *path = r->filename;
-
-    struct item *items = (struct item *) list->elts;
-    int i;
-
-    for (i = 0; i < list->nelts; ++i) {
-	struct item *p = &items[i];
-
-	/* Special cased for ^^DIRECTORY^^ and ^^BLANKICON^^ */
-	if ((path[0] == '^') || (!ap_strcmp_match(path, p->apply_path))) {
-	    if (!*(p->apply_to)) {
-		return p->data;
-	    }
-	    else if (p->type == BY_PATH || path[0] == '^') {
-	        if (!ap_strcmp_match(path, p->apply_to)) {
-		    return p->data;
-		}
-	    }
-	    else if (!path_only) {
-		if (!content_encoding) {
-		    if (p->type == BY_TYPE) {
-			if (content_type
-			    && !ap_strcasecmp_match(content_type,
-						    p->apply_to)) {
-			    return p->data;
-			}
-		    }
-		}
-		else {
-		    if (p->type == BY_ENCODING) {
-			if (!ap_strcasecmp_match(content_encoding,
-						 p->apply_to)) {
-			    return p->data;
-			}
-		    }
-		}
-	    }
-	}
-    }
-    return NULL;
-}
-
-#define find_icon(d,p,t) find_item(p,d->icon_list,t)
-#define find_alt(d,p,t) find_item(p,d->alt_list,t)
-#define find_header(d,p) find_item(p,d->hdr_list,0)
-#define find_readme(d,p) find_item(p,d->rdme_list,0)
-
-static char *find_default_icon(autoindex_config_rec *d, char *bogus_name)
-{
-    request_rec r;
-
-    /* Bleah.  I tried to clean up find_item, and it lead to this bit
-     * of ugliness.   Note that the fields initialized are precisely
-     * those that find_item looks at...
-     */
-
-    r.filename = bogus_name;
-    r.content_type = r.content_encoding = NULL;
-
-    return find_item(&r, d->icon_list, 1);
-}
-
-/*
- * Look through the list of pattern/description pairs and return the first one
- * if any) that matches the filename in the request.  If multiple patterns
- * match, only the first one is used; since the order in the array is the
- * same as the order in which directives were processed, earlier matching
- * directives will dominate.
- */
-
-#define MATCH_FLAGS 0
-
-static char *find_desc(autoindex_config_rec *dcfg, request_rec *r)
-{
-    int i;
-    ai_desc_t *list = (ai_desc_t *) dcfg->desc_list->elts;
-    const char *filename_full = r->filename;
-    const char *filename_only;
-    const char *filename;
-
-    /*
-     * If the filename includes a path, extract just the name itself
-     * for the simple matches.
-     */
-    if ((filename_only = strrchr(filename_full, '/')) == NULL) {
-	filename_only = filename_full;
-    }
-    else {
-	filename_only++;
-    }
-    for (i = 0; i < dcfg->desc_list->nelts; ++i) {
-	ai_desc_t *tuple = &list[i];
-	int found;
-
-	/*
-	 * Only use the full-path filename if the pattern contains '/'s.
-	 */
-	filename = (tuple->full_path) ? filename_full : filename_only;
-	/*
-	 * Make the comparison using the cheapest method; only do
-	 * wildcard checking if we must.
-	 */
-	if (tuple->wildcards) {
-	    found = (ap_fnmatch(tuple->pattern, filename, MATCH_FLAGS) == 0);
-	}
-	else {
-	    found = (strstr(filename, tuple->pattern) != NULL);
-	}
-	if (found) {
-	    return tuple->description;
-	}
-    }
-    return NULL;
-}
-
-static int ignore_entry(autoindex_config_rec *d, char *path)
-{
-    array_header *list = d->ign_list;
-    struct item *items = (struct item *) list->elts;
-    char *tt;
-    int i;
-
-    if ((tt = strrchr(path, '/')) == NULL) {
-	tt = path;
-    }
-    else {
-	tt++;
-    }
-
-    for (i = 0; i < list->nelts; ++i) {
-	struct item *p = &items[i];
-	char *ap;
-
-	if ((ap = strrchr(p->apply_to, '/')) == NULL) {
-	    ap = p->apply_to;
-	}
-	else {
-	    ap++;
-	}
-
-	if (!ap_strcmp_match(path, p->apply_path)
-	    && !ap_strcmp_match(tt, ap)) {
-	    return 1;
-	}
-    }
-    return 0;
-}
-
-/*****************************************************************
- *
- * Actually generating output
- */
-
-/*
- * Elements of the emitted document:
- *	Preamble
- *		Emitted unless SUPPRESS_PREAMBLE is set AND ap_run_sub_req
- *		succeeds for the (content_type == text/html) header file.
- *	Header file
- *		Emitted if found (and able).
- *	H1 tag line
- *		Emitted if a header file is NOT emitted.
- *	Directory stuff
- *		Always emitted.
- *	HR
- *		Emitted if FANCY_INDEXING is set.
- *	Readme file
- *		Emitted if found (and able).
- *	ServerSig
- *		Emitted if ServerSignature is not Off AND a readme file
- *		is NOT emitted.
- *	Postamble
- *		Emitted unless SUPPRESS_PREAMBLE is set AND ap_run_sub_req
- *		succeeds for the (content_type == text/html) readme file.
- */
-
-
-/*
- * emit a plain text file
- */
-static void do_emit_plain(request_rec *r, FILE *f)
-{
-    char buf[IOBUFSIZE + 1];
-    int i, n, c, ch;
-
-    ap_rputs("
    \n", r);
-    while (!feof(f)) {
-	do {
-	    n = fread(buf, sizeof(char), IOBUFSIZE, f);
-	}
-	while (n == -1 && ferror(f) && errno == EINTR);
-	if (n == -1 || n == 0) {
-	    break;
-	}
-	buf[n] = '\0';
-	c = 0;
-	while (c < n) {
-	    for (i = c; i < n; i++) {
-		if (buf[i] == '<' || buf[i] == '>' || buf[i] == '&') {
-		    break;
-		}
-	    }
-	    ch = buf[i];
-	    buf[i] = '\0';
-	    ap_rputs(&buf[c], r);
-	    if (ch == '<') {
-		ap_rputs("<", r);
-	    }
-	    else if (ch == '>') {
-		ap_rputs(">", r);
-	    }
-	    else if (ch == '&') {
-		ap_rputs("&", r);
-	    }
-	    c = i + 1;
-	}
-    }
-    ap_rputs("
    \n", r);
-}
-
-/* See mod_include */
-#define SUB_REQ_STRING	"Sub request to mod_include"
-#define PARENT_STRING	"Parent request to mod_include"
-
-/*
- * Handle the preamble through the H1 tag line, inclusive.  Locate
- * the file with a subrequests.  Process text/html documents by actually
- * running the subrequest; text/xxx documents get copied verbatim,
- * and any other content type is ignored.  This means that a non-text
- * document (such as HEADER.gif) might get multiviewed as the result
- * instead of a text document, meaning nothing will be displayed, but
- * oh well.
- */
-static void emit_head(request_rec *r, char *header_fname, int suppress_amble,
-		      char *title)
-{
-    FILE *f;
-    request_rec *rr = NULL;
-    int emit_amble = 1;
-    int emit_H1 = 1;
-    const char *r_accept;
-    const char *r_accept_enc;
-    table *hdrs = r->headers_in;
-
-    /*
-     * If there's a header file, send a subrequest to look for it.  If it's
-     * found and html do the subrequest, otherwise handle it
-     */
-    r_accept = ap_table_get(hdrs, "Accept");
-    r_accept_enc = ap_table_get(hdrs, "Accept-Encoding");
-    ap_table_setn(hdrs, "Accept", "text/html, text/plain;q=.5, text/*;q=.1");
-    ap_table_unset(hdrs, "Accept-Encoding");
-
-    /*
-     * If there's a header file, send a subrequest to look for it.  If it's
-     * found and a text file, handle it -- otherwise fall through and
-     * pretend there's nothing there.
-     */
-    if ((header_fname != NULL)
-	&& (rr = ap_sub_req_lookup_uri(header_fname, r))
-	&& (rr->status == HTTP_OK)
-	&& (rr->filename != NULL)
-	&& S_ISREG(rr->finfo.st_mode)) {
-	/*
-	 * Check for the two specific cases we allow: text/html and
-	 * text/anything-else.  The former is allowed to be processed for
-	 * SSIs.
-	 */
-	if (rr->content_type != NULL) {
-	    if (!strcasecmp(ap_field_noparam(r->pool, rr->content_type),
-			    "text/html")) {
-		/* Hope everything will work... */
-		emit_amble = 0;
-		emit_H1 = 0;
-
-		if (! suppress_amble) {
-		    emit_preamble(r, title);
-		}
-
-		/* See mod_include */
-		ap_table_add(r->notes, PARENT_STRING, "");
-		ap_table_add(rr->notes, SUB_REQ_STRING, "");
-
-		/*
-		 * If there's a problem running the subrequest, display the
-		 * preamble if we didn't do it before -- the header file
-		 * didn't get displayed.
-		 */
-		if (ap_run_sub_req(rr) != OK) {
-		    /* It didn't work */
-		    emit_amble = suppress_amble;
-		    emit_H1 = 1;
-		}
-		ap_table_unset(r->notes, PARENT_STRING);	/* cleanup */
-	    }
-	    else if (!strncasecmp("text/", rr->content_type, 5)) {
-		/*
-		 * If we can open the file, prefix it with the preamble
-		 * regardless; since we'll be sending a 
     block around
-		 * the file's contents, any HTML header it had won't end up
-		 * where it belongs.
-		 */
-		if ((f = ap_pfopen(r->pool, rr->filename, "r")) != 0) {
-		    emit_preamble(r, title);
-		    emit_amble = 0;
-		    do_emit_plain(r, f);
-		    ap_pfclose(r->pool, f);
-		    emit_H1 = 0;
-		}
-	    }
-	}
-    }
-
-    if (r_accept) {
-        ap_table_setn(hdrs, "Accept", r_accept);
-    }
-    else {
-        ap_table_unset(hdrs, "Accept");
-    }
-
-    if (r_accept_enc) {
-        ap_table_setn(hdrs, "Accept-Encoding", r_accept_enc);
-    }
-
-    if (emit_amble) {
-	emit_preamble(r, title);
-    }
-    if (emit_H1) {
-	ap_rvputs(r, "
    Index of ", title, "
    \n", NULL);
-    }
-    if (rr != NULL) {
-	ap_destroy_sub_req(rr);
-    }
-}
-
-
-/*
- * Handle the Readme file through the postamble, inclusive.  Locate
- * the file with a subrequests.  Process text/html documents by actually
- * running the subrequest; text/xxx documents get copied verbatim,
- * and any other content type is ignored.  This means that a non-text
- * document (such as FOOTER.gif) might get multiviewed as the result
- * instead of a text document, meaning nothing will be displayed, but
- * oh well.
- */
-static void emit_tail(request_rec *r, char *readme_fname, int suppress_amble)
-{
-    FILE *f;
-    request_rec *rr = NULL;
-    int suppress_post = 0;
-    int suppress_sig = 0;
-    const char *r_accept;
-    const char *r_accept_enc;
-    table *hdrs = r->headers_in;
-
-    /*
-     * If there's a readme file, send a subrequest to look for it.  If it's
-     * found and html do the subrequest, otherwise handle it
-     */
-    r_accept = ap_table_get(hdrs, "Accept");
-    r_accept_enc = ap_table_get(hdrs, "Accept-Encoding");
-    ap_table_setn(hdrs, "Accept", "text/html, text/plain;q=.5, text/*;q=.1");
-    ap_table_unset(hdrs, "Accept-Encoding");
-
-    /*
-     * If there's a readme file, send a subrequest to look for it.  If it's
-     * found and a text file, handle it -- otherwise fall through and
-     * pretend there's nothing there.
-     */
-    if ((readme_fname != NULL)
-	&& (rr = ap_sub_req_lookup_uri(readme_fname, r))
-	&& (rr->status == HTTP_OK)
-	&& (rr->filename != NULL)
-	&& S_ISREG(rr->finfo.st_mode)) {
-	/*
-	 * Check for the two specific cases we allow: text/html and
-	 * text/anything-else.  The former is allowed to be processed for
-	 * SSIs.
-	 */
-	if (rr->content_type != NULL) {
-	    if (!strcasecmp(ap_field_noparam(r->pool, rr->content_type),
-			    "text/html")) {
-
-		/* See mod_include */
-		ap_table_add(r->notes, PARENT_STRING, "");
-		ap_table_add(rr->notes, SUB_REQ_STRING, "");
-
-		if (ap_run_sub_req(rr) == OK) {
-		    /* worked... */
-		    suppress_sig = 1;
-		    suppress_post = suppress_amble;
-		}
-		ap_table_unset(r->notes, PARENT_STRING);	/* cleanup */
-	    }
-	    else if (!strncasecmp("text/", rr->content_type, 5)) {
-		/*
-		 * If we can open the file, suppress the signature.
-		 */
-		if ((f = ap_pfopen(r->pool, rr->filename, "r")) != 0) {
-		    do_emit_plain(r, f);
-		    ap_pfclose(r->pool, f);
-		    suppress_sig = 1;
-		}
-	    }
-	}
-    }
-    
-    if (r_accept) {
-        ap_table_setn(hdrs, "Accept", r_accept);
-    }
-    else {
-        ap_table_unset(hdrs, "Accept");
-    }
-
-    if (r_accept_enc) {
-        ap_table_setn(hdrs, "Accept-Encoding", r_accept_enc);
-    }
-
-    if (!suppress_sig) {
-	ap_rputs(ap_psignature("", r), r);
-    }
-    if (!suppress_post) {
-	ap_rputs("\n", r);
-    }
-    if (rr != NULL) {
-	ap_destroy_sub_req(rr);
-    }
-}
-
-
-static char *find_title(request_rec *r)
-{
-    char titlebuf[MAX_STRING_LEN], *find = "";
-    FILE *thefile = NULL;
-    int x, y, n, p;
-
-    if (r->status != HTTP_OK) {
-	return NULL;
-    }
-    if ((r->content_type != NULL)
-	&& (!strcasecmp(ap_field_noparam(r->pool, r->content_type),
-			"text/html")
-	    || !strcmp(r->content_type, INCLUDES_MAGIC_TYPE))
-	&& !r->content_encoding) {
-        if (!(thefile = ap_pfopen(r->pool, r->filename, "r"))) {
-	    return NULL;
-	}
-	n = fread(titlebuf, sizeof(char), MAX_STRING_LEN - 1, thefile);
-	if (n <= 0) {
-	    ap_pfclose(r->pool, thefile);
-	    return NULL;
-	}
-	titlebuf[n] = '\0';
-	for (x = 0, p = 0; titlebuf[x]; x++) {
-	    if (ap_toupper(titlebuf[x]) == find[p]) {
-		if (!find[++p]) {
-		    if ((p = ap_ind(&titlebuf[++x], '<')) != -1) {
-			titlebuf[x + p] = '\0';
-		    }
-		    /* Scan for line breaks for Tanmoy's secretary */
-		    for (y = x; titlebuf[y]; y++) {
-			if ((titlebuf[y] == CR) || (titlebuf[y] == LF)) {
-			    if (y == x) {
-				x++;
-			    }
-			    else {
-				titlebuf[y] = ' ';
-			    }
-			}
-		    }
-		    ap_pfclose(r->pool, thefile);
-		    return ap_pstrdup(r->pool, &titlebuf[x]);
-		}
-	    }
-	    else {
-		p = 0;
-	    }
-	}
-	ap_pfclose(r->pool, thefile);
-    }
-    return NULL;
-}
-
-static struct ent *make_autoindex_entry(char *name, int autoindex_opts,
-					autoindex_config_rec *d,
-					request_rec *r, char keyid,
-					char direction)
-{
-    struct ent *p;
-
-    if ((name[0] == '.') && (!name[1])) {
-	return (NULL);
-    }
-
-    if (ignore_entry(d, ap_make_full_path(r->pool, r->filename, name))) {
-        return (NULL);
-    }
-
-    p = (struct ent *) ap_pcalloc(r->pool, sizeof(struct ent));
-    p->name = ap_pstrdup(r->pool, name);
-    p->size = -1;
-    p->icon = NULL;
-    p->alt = NULL;
-    p->desc = NULL;
-    p->lm = -1;
-    p->isdir = 0;
-    /*
-     * It's obnoxious to have to include this in every entry, but the qsort()
-     * comparison routine only takes two arguments..  The alternative would
-     * add another function call to each invocation.  Let's use memory
-     * rather than CPU.
-     */
-    p->checkdir = ((d->opts & FOLDERS_FIRST) != 0);
-    p->ignorecase = ((d->opts & SORT_NOCASE) != 0);
-    p->key = ap_toupper(keyid);
-    p->ascending = (ap_toupper(direction) == D_ASCENDING);
-
-    if (autoindex_opts & FANCY_INDEXING) {
-	request_rec *rr = ap_sub_req_lookup_file(name, r);
-
-	if (rr->finfo.st_mode != 0) {
-	    p->lm = rr->finfo.st_mtime;
-	    if (S_ISDIR(rr->finfo.st_mode)) {
-		p->isdir = 1;
-	        if (!(p->icon = find_icon(d, rr, 1))) {
-		    p->icon = find_default_icon(d, "^^DIRECTORY^^");
-		}
-		if (!(p->alt = find_alt(d, rr, 1))) {
-		    p->alt = "DIR";
-		}
-		p->size = -1;
-		p->name = ap_pstrcat(r->pool, name, "/", NULL);
-	    }
-	    else {
-		p->icon = find_icon(d, rr, 0);
-		p->alt = find_alt(d, rr, 0);
-		p->size = rr->finfo.st_size;
-	    }
-	}
-
-	p->desc = find_desc(d, rr);
-
-	if ((!p->desc) && (autoindex_opts & SCAN_HTML_TITLES)) {
-	    p->desc = ap_pstrdup(r->pool, find_title(rr));
-	}
-
-	ap_destroy_sub_req(rr);
-    }
-    /*
-     * We don't need to take any special action for the file size key.  If
-     * we did, it would go here.
-     */
-    if (keyid == K_LAST_MOD) {
-        if (p->lm < 0) {
-	    p->lm = 0;
-	}
-    }
-    return (p);
-}
-
-static char *terminate_description(autoindex_config_rec *d, char *desc,
-				   int autoindex_opts, int desc_width)
-{
-    int maxsize = desc_width;
-    int x;
-
-    /*
-     * If there's no DescriptionWidth in effect, default to the old
-     * behaviour of adjusting the description size depending upon
-     * what else is being displayed.  Otherwise, stick with the
-     * setting.
-     */
-    if (d->desc_adjust == K_UNSET) {
-	if (autoindex_opts & SUPPRESS_LAST_MOD) {
-	    maxsize += 19;
-	}
-	if (autoindex_opts & SUPPRESS_SIZE) {
-	    maxsize += 7;
-	}
-    }
-
-    for (x = 0; desc[x] && ((maxsize > 0) || (desc[x] == '<')); x++) {
-	if (desc[x] == '<') {
-	    while (desc[x] != '>') {
-		if (!desc[x]) {
-		    maxsize = 0;
-		    break;
-		}
-		++x;
-	    }
-	}
- 	else if (desc[x] == '&') {
- 	    /* entities like ä count as one character */
- 	    --maxsize;
- 	    for ( ; desc[x] != ';'; ++x) {
- 		if (desc[x] == '\0') {
-                     maxsize = 0;
-                     break;
-		}
-	    }
-        }
-	else {
-	    --maxsize;
-	}
-    }
-    if (!maxsize && desc[x] != '\0') {
-	desc[x - 1] = '>';	/* Grump. */
-	desc[x] = '\0';		/* Double Grump! */
-    }
-    return desc;
-}
-
-/*
- * Emit the anchor for the specified field.  If a field is the key for the
- * current request, the link changes its meaning to reverse the order when
- * selected again.  Non-active fields always start in ascending order.
- */
-static void emit_link(request_rec *r, char *anchor, char fname, char curkey,
-                      char curdirection, int nosort)
-{
-    char qvalue[5];
-    int reverse;
-
-    if (!nosort) {
-	qvalue[0] = '?';
-	qvalue[1] = fname;
-	qvalue[2] = '=';
-	qvalue[4] = '\0';
-	reverse = ((curkey == fname) && (curdirection == D_ASCENDING));
-	qvalue[3] = reverse ? D_DESCENDING : D_ASCENDING;
-	ap_rvputs(r, "<A HREF=\"", qvalue, "\">", anchor, "</A>", NULL);
-    }
-    else {
-        ap_rputs(anchor, r);
-    }
-}
-
-static void output_directories(struct ent **ar, int n,
-			       autoindex_config_rec *d, request_rec *r,
-			       int autoindex_opts, char keyid, char direction)
-{
-    int x;
-    char *name = r->uri;
-    char *tp;
-    int static_columns = (autoindex_opts & SUPPRESS_COLSORT);
-    pool *scratch = ap_make_sub_pool(r->pool);
-    int name_width;
-    int desc_width;
-    char *name_scratch;
-    char *pad_scratch;
-
-    if (name[0] == '\0') {
-	name = "/";
-    }
-
-    desc_width = d->desc_width;
-    if (d->desc_adjust == K_ADJUST) {
-	for (x = 0; x < n; x++) {
-	    if (ar[x]->desc != NULL) {
-		int t = strlen(ar[x]->desc);
-		if (t > desc_width) {
-		    desc_width = t;
-		}
-	    }
-	}
-    }
-    name_width = d->name_width;
-    if (d->name_adjust == K_ADJUST) {
-	for (x = 0; x < n; x++) {
-	    int t = strlen(ar[x]->name);
-	    if (t > name_width) {
-		name_width = t;
-	    }
-	}
-    }
-    name_scratch = ap_palloc(r->pool, name_width + 1);
-    pad_scratch = ap_palloc(r->pool, name_width + 1);
-    memset(pad_scratch, ' ', name_width);
-    pad_scratch[name_width] = '\0';
-
-    if (autoindex_opts & FANCY_INDEXING) {
-	ap_rputs("<PRE>", r);
-	if ((tp = find_default_icon(d, "^^BLANKICON^^"))) {
-	    ap_rvputs(r, "<IMG SRC=\"", ap_escape_html(scratch, tp),
-		   "\" ALT=\"     \"", NULL);
-	    if (d->icon_width && d->icon_height) {
-		ap_rprintf
-		    (
-			r,
-			" HEIGHT=\"%d\" WIDTH=\"%d\"",
-			d->icon_height,
-			d->icon_width
-		    );
-	    }
-	    ap_rputs("> ", r);
-	}
-        emit_link(r, "Name", K_NAME, keyid, direction, static_columns);
-	ap_rputs(pad_scratch + 4, r);
-	/*
-	 * Emit the guaranteed-at-least-one-space-between-columns byte.
-	 */
-	ap_rputs(" ", r);
-	if (!(autoindex_opts & SUPPRESS_LAST_MOD)) {
-            emit_link(r, "Last modified", K_LAST_MOD, keyid, direction,
-                      static_columns);
-	    ap_rputs("       ", r);
-	}
-	if (!(autoindex_opts & SUPPRESS_SIZE)) {
-            emit_link(r, "Size", K_SIZE, keyid, direction, static_columns);
-	    ap_rputs("  ", r);
-	}
-	if (!(autoindex_opts & SUPPRESS_DESC)) {
-            emit_link(r, "Description", K_DESC, keyid, direction,
-                      static_columns);
-	}
-	ap_rputs("\n<HR>\n", r);
-    }
-    else {
-	ap_rputs("<UL>", r);
-    }
-
-    for (x = 0; x < n; x++) {
-	char *anchor, *t, *t2;
-	int nwidth;
-
-	ap_clear_pool(scratch);
-
-	if (is_parent(ar[x]->name)) {
-	    t = ap_make_full_path(scratch, name, "../");
-	    ap_getparents(t);
-	    if (t[0] == '\0') {
-		t = "/";
-	    }
-	    t2 = "Parent Directory";
-	    anchor = ap_escape_html(scratch, ap_os_escape_path(scratch, t, 0));
-	}
-	else {
-	    t = ar[x]->name;
-	    t2 = t;
-	    anchor = ap_escape_html(scratch, ap_os_escape_path(scratch, t, 0));
-	}
-
-	if (autoindex_opts & FANCY_INDEXING) {
-	    if (autoindex_opts & ICONS_ARE_LINKS) {
-		ap_rvputs(r, "<A HREF=\"", anchor, "\">", NULL);
-	    }
-	    if ((ar[x]->icon) || d->default_icon) {
-		ap_rvputs(r, "<IMG SRC=\"",
-			  ap_escape_html(scratch,
-					 ar[x]->icon ? ar[x]->icon
-					             : d->default_icon),
-			  "\" ALT=\"[", (ar[x]->alt ? ar[x]->alt : "   "),
-			  "]\"", NULL);
-		if (d->icon_width && d->icon_height) {
-		    ap_rprintf(r, " HEIGHT=\"%d\" WIDTH=\"%d\"",
-			       d->icon_height, d->icon_width);
-		}
-		ap_rputs(">", r);
-	    }
-	    if (autoindex_opts & ICONS_ARE_LINKS) {
-		ap_rputs("</A>", r);
-	    }
-
-	    nwidth = strlen(t2);
-	    if (nwidth > name_width) {
-		memcpy(name_scratch, t2, name_width - 3);
-		name_scratch[name_width - 3] = '.';
-		name_scratch[name_width - 2] = '.';
-		name_scratch[name_width - 1] = '>';
-		name_scratch[name_width] = 0;
-		t2 = name_scratch;
-		nwidth = name_width;
-	    }
-	    ap_rvputs(r, " <A HREF=\"", anchor, "\">",
-		      ap_escape_html(scratch, t2), "</A>",
-		      pad_scratch + nwidth, NULL);
-	    /*
-	     * The blank before the storm.. er, before the next field.
-	     */
-	    ap_rputs(" ", r);
-	    if (!(autoindex_opts & SUPPRESS_LAST_MOD)) {
-		if (ar[x]->lm != -1) {
-		    char time_str[MAX_STRING_LEN];
-		    struct tm *ts = localtime(&ar[x]->lm);
-		    strftime(time_str, MAX_STRING_LEN, "%d-%b-%Y %H:%M  ", ts);
-		    ap_rputs(time_str, r);
-		}
-		else {
-		    /*Length="22-Feb-1998 23:42  " (see 4 lines above) */
-		    ap_rputs("                   ", r);
-		}
-	    }
-	    if (!(autoindex_opts & SUPPRESS_SIZE)) {
-		ap_send_size(ar[x]->size, r);
-		ap_rputs("  ", r);
-	    }
-	    if (!(autoindex_opts & SUPPRESS_DESC)) {
-		if (ar[x]->desc) {
-		    ap_rputs(terminate_description(d, ar[x]->desc,
-						   autoindex_opts,
-						   desc_width), r);
-		}
-	    }
-	}
-	else {
-	    ap_rvputs(r, "<LI><A HREF=\"", anchor, "\"> ", t2,
-		      "</A>", NULL);
-	}
-	ap_rputc('\n', r);
-    }
-    if (autoindex_opts & FANCY_INDEXING) {
-	ap_rputs("</PRE>", r);
-    }
-    else {
-	ap_rputs("</UL>", r);
-    }
-}
-
-/*
- * Compare two file entries according to the sort criteria.  The return
- * is essentially a signum function value.
- */
-
-static int dsortf(struct ent **e1, struct ent **e2)
-{
-    struct ent *c1;
-    struct ent *c2;
-    int result = 0;
-    int ignorecase;
-
-    /*
-     * First, see if either of the entries is for the parent directory.
-     * If so, that *always* sorts lower than anything else.
-     */
-    if (is_parent((*e1)->name)) {
-        return -1;
-    }
-    if (is_parent((*e2)->name)) {
-        return 1;
-    }
-    /*
-     * Now see if one's a directory and one isn't, AND we're listing
-     * directories first.
-     */
-    if ((*e1)->checkdir) {
-	if ((*e1)->isdir != (*e2)->isdir) {
-	    return (*e1)->isdir ? -1 : 1;
-	}
-    }
-    /*
-     * All of our comparisons will be of the c1 entry against the c2 one,
-     * so assign them appropriately to take care of the ordering.
-     */
-    if ((*e1)->ascending) {
-        c1 = *e1;
-        c2 = *e2;
-    }
-    else {
-        c1 = *e2;
-        c2 = *e1;
-    }
-    switch (c1->key) {
-    case K_LAST_MOD:
-	if (c1->lm > c2->lm) {
-            return 1;
-        }
-        else if (c1->lm < c2->lm) {
-            return -1;
-        }
-        break;
-    case K_SIZE:
-        if (c1->size > c2->size) {
-            return 1;
-        }
-        else if (c1->size < c2->size) {
-            return -1;
-        }
-        break;
-    case K_DESC:
-        result = strcmp(c1->desc ? c1->desc : "", c2->desc ? c2->desc : "");
-        if (result) {
-            return result;
-        }
-        break;
-    }
-
-    ignorecase = c1->ignorecase;
-    if (ignorecase) {
-        result = strcasecmp(c1->name, c2->name);
-        if (result == 0) {
-            /*
-             * They're identical when treated case-insensitively, so
-             * pretend they weren't and let strcmp() put them in a
-             * deterministic order.  This means that 'ABC' and 'abc'
-             * will always appear in the same order, rather than
-             * unpredictably 'ABC abc' or 'abc ABC'.
-             */
-            ignorecase = 0;
-        }
-    }
-    if (! ignorecase) {
-        result = strcmp(c1->name, c2->name);
-    }
-    return result;
-}
-
-
-static int index_directory(request_rec *r,
-			   autoindex_config_rec *autoindex_conf)
-{
-    char *title_name = ap_escape_html(r->pool, r->uri);
-    char *title_endp;
-    char *name = r->filename;
-
-    DIR *d;
-    struct DIR_TYPE *dstruct;
-    int num_ent = 0, x;
-    struct ent *head, *p;
-    struct ent **ar = NULL;
-    const char *qstring;
-    int autoindex_opts = autoindex_conf->opts;
-    char keyid;
-    char direction;
-
-    if (!(d = ap_popendir(r->pool, name))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "Can't open directory for index: %s", r->filename);
-	return HTTP_FORBIDDEN;
-    }
-
-    r->content_type = "text/html";
-    if (autoindex_opts & TRACK_MODIFIED) {
-        ap_update_mtime(r, r->finfo.st_mtime);
-        ap_set_last_modified(r);
-        ap_set_etag(r);
-    }
-    ap_send_http_header(r);
-
-    if (r->header_only) {
-	ap_pclosedir(r->pool, d);
-	return 0;
-    }
-    ap_hard_timeout("send directory", r);
-
-    /* Spew HTML preamble */
-
-    title_endp = title_name + strlen(title_name) - 1;
-
-    while (title_endp > title_name && *title_endp == '/') {
-	*title_endp-- = '\0';
-    }
-
-    emit_head(r, find_header(autoindex_conf, r),
-	      autoindex_opts & SUPPRESS_PREAMBLE, title_name);
-
-    /*
-     * Figure out what sort of indexing (if any) we're supposed to use.
-     *
-     * If no QUERY_STRING was specified or column sorting has been
-     * explicitly disabled, we use the default specified by the
-     * IndexOrderDefault directive (if there is one); otherwise,
-     * we fall back to ascending by name.
-     */
-    qstring = r->args;
-    if ((autoindex_opts & SUPPRESS_COLSORT)
-	|| ((qstring == NULL) || (*qstring == '\0'))) {
-	qstring = autoindex_conf->default_order;
-    }
-    /*
-     * If there is no specific ordering defined for this directory,
-     * default to ascending by filename.
-     */
-    if ((qstring == NULL) || (*qstring == '\0')) {
-	keyid = K_NAME;
-	direction = D_ASCENDING;
-    }
-    else {
-	keyid = *qstring;
-	ap_getword(r->pool, &qstring, '=');
-	if (*qstring == D_DESCENDING) {
-	    direction = D_DESCENDING;
-	}
-	else {
-	    direction = D_ASCENDING;
-	}
-    }
-
-    /* 
-     * Since we don't know how many dir. entries there are, put them into a 
-     * linked list and then arrayificate them so qsort can use them. 
-     */
-    head = NULL;
-    while ((dstruct = readdir(d))) {
-	p = make_autoindex_entry(dstruct->d_name, autoindex_opts,
-				 autoindex_conf, r, keyid, direction);
-	if (p != NULL) {
-	    p->next = head;
-	    head = p;
-	    num_ent++;
-	}
-    }
-    if (num_ent > 0) {
-	ar = (struct ent **) ap_palloc(r->pool,
-				       num_ent * sizeof(struct ent *));
-	p = head;
-	x = 0;
-	while (p) {
-	    ar[x++] = p;
-	    p = p->next;
-	}
-
-	qsort((void *) ar, num_ent, sizeof(struct ent *),
-	      (int (*)(const void *, const void *)) dsortf);
-    }
-    output_directories(ar, num_ent, autoindex_conf, r, autoindex_opts, keyid,
-		       direction);
-    ap_pclosedir(r->pool, d);
-
-    if (autoindex_opts & FANCY_INDEXING) {
-	ap_rputs("<HR>\n", r);
-    }
-    emit_tail(r, find_readme(autoindex_conf, r),
-	      autoindex_opts & SUPPRESS_PREAMBLE);
-
-    ap_kill_timeout(r);
-    return 0;
-}
-
-/* The formal handler... */
-
-static int handle_autoindex(request_rec *r)
-{
-    autoindex_config_rec *d;
-    int allow_opts = ap_allow_options(r);
-
-    d = (autoindex_config_rec *) ap_get_module_config(r->per_dir_config,
-						      &autoindex_module);
-
-    r->allowed |= (1 << M_GET);
-    if (r->method_number != M_GET) {
-	return DECLINED;
-    }
-
-    /* OK, nothing easy.  Trot out the heavy artillery... */
-
-    if (allow_opts & OPT_INDEXES) {
-	/* KLUDGE --- make the sub_req lookups happen in the right directory.
-	 * Fixing this in the sub_req_lookup functions themselves is difficult,
-	 * and would probably break virtual includes...
-	 */
-
-	if (r->filename[strlen(r->filename) - 1] != '/') {
-	    r->filename = ap_pstrcat(r->pool, r->filename, "/", NULL);
-	}
-	return index_directory(r, d);
-    }
-    else {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		     "Directory index forbidden by rule: %s", r->filename);
-	return HTTP_FORBIDDEN;
-    }
-}
-
-
-static const handler_rec autoindex_handlers[] =
-{
-    {DIR_MAGIC_TYPE, handle_autoindex},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT autoindex_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_autoindex_config,	/* dir config creater */
-    merge_autoindex_configs,	/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    autoindex_cmds,		/* command table */
-    autoindex_handlers,		/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_cern_meta.c b/usr.sbin/httpd/src/modules/standard/mod_cern_meta.c
deleted file mode 100644
index 586fb0786d3..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_cern_meta.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_cern_meta.c
- * version 0.1.0
- * status beta
- * 
- * Andrew Wilson <Andrew.Wilson@cm.cf.ac.uk> 25.Jan.96
- *
- * *** IMPORTANT ***
- * This version of mod_cern_meta.c controls Meta File behaviour on a
- * per-directory basis.  Previous versions of the module defined behaviour
- * on a per-server basis.  The upshot is that you'll need to revisit your 
- * configuration files in order to make use of the new module.
- * ***
- *
- * Emulate the CERN HTTPD Meta file semantics.  Meta files are HTTP
- * headers that can be output in addition to the normal range of
- * headers for each file accessed.  They appear rather like the Apache
- * .asis files, and are able to provide a crude way of influencing
- * the Expires: header, as well as providing other curiosities.
- * There are many ways to manage meta information, this one was
- * chosen because there is already a large number of CERN users
- * who can exploit this module.  It should be noted that there are probably
- * more sensitive ways of managing the Expires: header specifically.
- *
- * The module obeys the following directives, which can appear 
- * in the server's .conf files and in .htaccess files.
- *
- *  MetaFiles <on|off> 
- *
- *    turns on|off meta file processing for any directory.  
- *    Default value is off
- *
- *        # turn on MetaFiles in this directory
- *        MetaFiles on
- *
- *  MetaDir <directory name>
- *      
- *    specifies the name of the directory in which Apache can find
- *    meta information files.  The directory is usually a 'hidden'
- *    subdirectory of the directory that contains the file being
- *    accessed.  eg:
- *
- *        # .meta files are in the *same* directory as the 
- *        # file being accessed
- *        MetaDir .
- *
- *    the default is to look in a '.web' subdirectory. This is the
- *    same as for CERN 3.+ webservers and behaviour is the same as 
- *    for the directive:
- *
- *        MetaDir .web
- *
- *  MetaSuffix <meta file suffix>
- *
- *    specifies the file name suffix for the file containing the
- *    meta information.  eg:
- *
- *       # our meta files are suffixed with '.cern_meta'
- *       MetaSuffix .cern_meta
- *
- *    the default is to look for files with the suffix '.meta'.  This
- *    behaviour is the same as for the directive:
- *
- *       MetaSuffix .meta
- *
- * When accessing the file
- *
- *   DOCUMENT_ROOT/somedir/index.html
- *
- * this module will look for the file
- *
- *   DOCUMENT_ROOT/somedir/.web/index.html.meta
- *
- * and will use its contents to generate additional MIME header 
- * information.
- *
- * For more information on the CERN Meta file semantics see:
- *
- *   http://www.w3.org/hypertext/WWW/Daemon/User/Config/General.html#MetaDir
- *
- * Change-log:
- * 29.Jan.96 pfopen/pfclose instead of fopen/fclose
- *           DECLINE when real file not found, we may be checking each
- *           of the index.html/index.shtml/index.htm variants and don't
- *           need to report missing ones as spurious errors. 
- * 31.Jan.96 log_error reports about a malformed .meta file, rather
- *           than a script error.
- * 20.Jun.96 MetaFiles <on|off> default off, added, so that module
- *           can be configured per-directory.  Prior to this the module
- *           was running for each request anywhere on the server, naughty..
- * 29.Jun.96 All directives made per-directory.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "util_script.h"
-#include "http_log.h"
-#include "http_request.h"
-
-#define DIR_CMD_PERMS OR_INDEXES
-
-#define DEFAULT_METADIR		".web"
-#define DEFAULT_METASUFFIX	".meta"
-#define DEFAULT_METAFILES	0
-
-module MODULE_VAR_EXPORT cern_meta_module;
-
-typedef struct {
-    char *metadir;
-    char *metasuffix;
-    int metafiles;
-} cern_meta_dir_config;
-
-static void *create_cern_meta_dir_config(pool *p, char *dummy)
-{
-    cern_meta_dir_config *new =
-    (cern_meta_dir_config *) ap_palloc(p, sizeof(cern_meta_dir_config));
-
-    new->metadir = NULL;
-    new->metasuffix = NULL;
-    new->metafiles = DEFAULT_METAFILES;
-
-    return new;
-}
-
-static void *merge_cern_meta_dir_configs(pool *p, void *basev, void *addv)
-{
-    cern_meta_dir_config *base = (cern_meta_dir_config *) basev;
-    cern_meta_dir_config *add = (cern_meta_dir_config *) addv;
-    cern_meta_dir_config *new =
-    (cern_meta_dir_config *) ap_palloc(p, sizeof(cern_meta_dir_config));
-
-    new->metadir = add->metadir ? add->metadir : base->metadir;
-    new->metasuffix = add->metasuffix ? add->metasuffix : base->metasuffix;
-    new->metafiles = add->metafiles;
-
-    return new;
-}
-
-static const char *set_metadir(cmd_parms *parms, cern_meta_dir_config * dconf, char *arg)
-{
-    dconf->metadir = arg;
-    return NULL;
-}
-
-static const char *set_metasuffix(cmd_parms *parms, cern_meta_dir_config * dconf, char *arg)
-{
-    dconf->metasuffix = arg;
-    return NULL;
-}
-
-static const char *set_metafiles(cmd_parms *parms, cern_meta_dir_config * dconf, int arg)
-{
-    dconf->metafiles = arg;
-    return NULL;
-}
-
-
-static const command_rec cern_meta_cmds[] =
-{
-    {"MetaFiles", set_metafiles, NULL, DIR_CMD_PERMS, FLAG,
-    "Limited to 'on' or 'off'"},
-    {"MetaDir", set_metadir, NULL, DIR_CMD_PERMS, TAKE1,
-     "the name of the directory containing meta files"},
-    {"MetaSuffix", set_metasuffix, NULL, DIR_CMD_PERMS, TAKE1,
-     "the filename suffix for meta files"},
-    {NULL}
-};
-
-/* XXX: this is very similar to ap_scan_script_header_err_core...
- * are the differences deliberate, or just a result of bit rot?
- */
-static int scan_meta_file(request_rec *r, FILE *f)
-{
-    char w[MAX_STRING_LEN];
-    char *l;
-    int p;
-    table *tmp_headers;
-
-    tmp_headers = ap_make_table(r->pool, 5);
-    while (fgets(w, sizeof(w), f) != NULL) {
-
-	/* Delete terminal (CR?)LF */
-
-	p = strlen(w);
-	if (p > 0 && w[p - 1] == '\n') {
-	    if (p > 1 && w[p - 2] == '\015')
-		w[p - 2] = '\0';
-	    else
-		w[p - 1] = '\0';
-	}
-
-	if (w[0] == '\0') {
-	    return OK;
-	}
-
-	/* if we see a bogus header don't ignore it. Shout and scream */
-
-	if (!(l = strchr(w, ':'))) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"malformed header in meta file: %s", r->filename);
-	    return SERVER_ERROR;
-	}
-
-	*l++ = '\0';
-	while (ap_isspace(*l))
-	    ++l;
-
-	if (!strcasecmp(w, "Content-type")) {
-	    char *tmp;
-	    /* Nuke trailing whitespace */
-
-	    char *endp = l + strlen(l) - 1;
-	    while (endp > l && ap_isspace(*endp))
-		*endp-- = '\0';
-
-	    tmp = ap_pstrdup(r->pool, l);
-	    ap_content_type_tolower(tmp);
-	    r->content_type = tmp;
-	}
-	else if (!strcasecmp(w, "Status")) {
-	    sscanf(l, "%d", &r->status);
-	    r->status_line = ap_pstrdup(r->pool, l);
-	}
-	else {
-	    ap_table_set(tmp_headers, w, l);
-	}
-    }
-    ap_overlap_tables(r->headers_out, tmp_headers, AP_OVERLAP_TABLES_SET);
-    return OK;
-}
-
-static int add_cern_meta_data(request_rec *r)
-{
-    char *metafilename;
-    char *last_slash;
-    char *real_file;
-    char *scrap_book;
-    FILE *f;
-    cern_meta_dir_config *dconf;
-    int rv;
-    request_rec *rr;
-
-    dconf = ap_get_module_config(r->per_dir_config, &cern_meta_module);
-
-    if (!dconf->metafiles) {
-	return DECLINED;
-    };
-
-    /* if ./.web/$1.meta exists then output 'asis' */
-
-    if (r->finfo.st_mode == 0) {
-	return DECLINED;
-    };
-
-    /* is this a directory? */
-    if (S_ISDIR(r->finfo.st_mode) || r->uri[strlen(r->uri) - 1] == '/') {
-	return DECLINED;
-    };
-
-    /* what directory is this file in? */
-    scrap_book = ap_pstrdup(r->pool, r->filename);
-    /* skip leading slash, recovered in later processing */
-    scrap_book++;
-    last_slash = strrchr(scrap_book, '/');
-    if (last_slash != NULL) {
-	/* skip over last slash */
-	real_file = last_slash;
-	real_file++;
-	*last_slash = '\0';
-    }
-    else {
-	/* no last slash, buh?! */
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "internal error in mod_cern_meta: %s", r->filename);
-	/* should really barf, but hey, let's be friends... */
-	return DECLINED;
-    };
-
-    metafilename = ap_pstrcat(r->pool, "/", scrap_book, "/",
-			   dconf->metadir ? dconf->metadir : DEFAULT_METADIR,
-			   "/", real_file,
-		 dconf->metasuffix ? dconf->metasuffix : DEFAULT_METASUFFIX,
-			   NULL);
-
-    /* XXX: it sucks to require this subrequest to complete, because this
-     * means people must leave their meta files accessible to the world.
-     * A better solution might be a "safe open" feature of pfopen to avoid
-     * pipes, symlinks, and crap like that.
-     */
-    rr = ap_sub_req_lookup_file(metafilename, r);
-    if (rr->status != HTTP_OK) {
-	ap_destroy_sub_req(rr);
-	return DECLINED;
-    }
-    ap_destroy_sub_req(rr);
-
-    f = ap_pfopen(r->pool, metafilename, "r");
-    if (f == NULL) {
-	if (errno == ENOENT) {
-	    return DECLINED;
-	}
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-	      "meta file permissions deny server access: %s", metafilename);
-	return FORBIDDEN;
-    };
-
-    /* read the headers in */
-    rv = scan_meta_file(r, f);
-    ap_pfclose(r->pool, f);
-
-    return rv;
-}
-
-module MODULE_VAR_EXPORT cern_meta_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_cern_meta_dir_config,	/* dir config creater */
-    merge_cern_meta_dir_configs,	/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server configs */
-    cern_meta_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    add_cern_meta_data,		/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_cgi.c b/usr.sbin/httpd/src/modules/standard/mod_cgi.c
deleted file mode 100644
index 0eff52558a0..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_cgi.c
+++ /dev/null
@@ -1,548 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_script: keeps all script-related ramblings together.
- * 
- * Compliant to CGI/1.1 spec
- * 
- * Adapted by rst from original NCSA code by Rob McCool
- *
- * Apache adds some new env vars; REDIRECT_URL and REDIRECT_QUERY_STRING for
- * custom error responses, and DOCUMENT_ROOT because we found it useful.
- * It also adds SERVER_ADMIN - useful for scripts to know who to mail when 
- * they fail.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "util_script.h"
-#include "http_conf_globals.h"
-
-module MODULE_VAR_EXPORT cgi_module;
-
-/* KLUDGE --- for back-combatibility, we don't have to check ExecCGI
- * in ScriptAliased directories, which means we need to know if this
- * request came through ScriptAlias or not... so the Alias module
- * leaves a note for us.
- */
-
-static int is_scriptaliased(request_rec *r)
-{
-    const char *t = ap_table_get(r->notes, "alias-forced-type");
-    return t && (!strcasecmp(t, "cgi-script"));
-}
-
-/* Configuration stuff */
-
-#define DEFAULT_LOGBYTES 10385760
-#define DEFAULT_BUFBYTES 1024
-
-typedef struct {
-    char *logname;
-    long logbytes;
-    int bufbytes;
-} cgi_server_conf;
-
-static void *create_cgi_config(pool *p, server_rec *s)
-{
-    cgi_server_conf *c =
-    (cgi_server_conf *) ap_pcalloc(p, sizeof(cgi_server_conf));
-
-    c->logname = NULL;
-    c->logbytes = DEFAULT_LOGBYTES;
-    c->bufbytes = DEFAULT_BUFBYTES;
-
-    return c;
-}
-
-static void *merge_cgi_config(pool *p, void *basev, void *overridesv)
-{
-    cgi_server_conf *base = (cgi_server_conf *) basev, *overrides = (cgi_server_conf *) overridesv;
-
-    return overrides->logname ? overrides : base;
-}
-
-static const char *set_scriptlog(cmd_parms *cmd, void *dummy, char *arg)
-{
-    server_rec *s = cmd->server;
-    cgi_server_conf *conf =
-    (cgi_server_conf *) ap_get_module_config(s->module_config, &cgi_module);
-
-    conf->logname = arg;
-    return NULL;
-}
-
-static const char *set_scriptlog_length(cmd_parms *cmd, void *dummy, char *arg)
-{
-    server_rec *s = cmd->server;
-    cgi_server_conf *conf =
-    (cgi_server_conf *) ap_get_module_config(s->module_config, &cgi_module);
-
-    conf->logbytes = atol(arg);
-    return NULL;
-}
-
-static const char *set_scriptlog_buffer(cmd_parms *cmd, void *dummy, char *arg)
-{
-    server_rec *s = cmd->server;
-    cgi_server_conf *conf =
-    (cgi_server_conf *) ap_get_module_config(s->module_config, &cgi_module);
-
-    conf->bufbytes = atoi(arg);
-    return NULL;
-}
-
-static const command_rec cgi_cmds[] =
-{
-    {"ScriptLog", set_scriptlog, NULL, RSRC_CONF, TAKE1,
-     "the name of a log for script debugging info"},
-    {"ScriptLogLength", set_scriptlog_length, NULL, RSRC_CONF, TAKE1,
-     "the maximum length (in bytes) of the script debug log"},
-    {"ScriptLogBuffer", set_scriptlog_buffer, NULL, RSRC_CONF, TAKE1,
-     "the maximum size (in bytes) to record of a POST request"},
-    {NULL}
-};
-
-static int log_scripterror(request_rec *r, cgi_server_conf * conf, int ret,
-			   int show_errno, char *error)
-{
-    FILE *f;
-    struct stat finfo;
-
-    ap_log_rerror(APLOG_MARK, show_errno|APLOG_ERR, r, 
-		"%s: %s", error, r->filename);
-
-    if (!conf->logname ||
-	((stat(ap_server_root_relative(r->pool, conf->logname), &finfo) == 0)
-	 &&   (finfo.st_size > conf->logbytes)) ||
-         ((f = ap_pfopen(r->pool, ap_server_root_relative(r->pool, conf->logname),
-		      "a")) == NULL)) {
-	return ret;
-    }
-
-    /* "%% [Wed Jun 19 10:53:21 1996] GET /cgi-bin/printenv HTTP/1.0" */
-    fprintf(f, "%%%% [%s] %s %s%s%s %s\n", ap_get_time(), r->method, r->uri,
-	    r->args ? "?" : "", r->args ? r->args : "", r->protocol);
-    /* "%% 500 /usr/local/apache/cgi-bin */
-    fprintf(f, "%%%% %d %s\n", ret, r->filename);
-
-    fprintf(f, "%%error\n%s\n", error);
-
-    ap_pfclose(r->pool, f);
-    return ret;
-}
-
-static int log_script(request_rec *r, cgi_server_conf * conf, int ret,
-		  char *dbuf, const char *sbuf, BUFF *script_in, BUFF *script_err)
-{
-    array_header *hdrs_arr = ap_table_elts(r->headers_in);
-    table_entry *hdrs = (table_entry *) hdrs_arr->elts;
-    char argsbuffer[HUGE_STRING_LEN];
-    FILE *f;
-    int i;
-    struct stat finfo;
-
-    if (!conf->logname ||
-	((stat(ap_server_root_relative(r->pool, conf->logname), &finfo) == 0)
-	 &&   (finfo.st_size > conf->logbytes)) ||
-         ((f = ap_pfopen(r->pool, ap_server_root_relative(r->pool, conf->logname),
-		      "a")) == NULL)) {
-	/* Soak up script output */
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_in) > 0)
-	    continue;
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0)
-	    continue;
-	return ret;
-    }
-
-    /* "%% [Wed Jun 19 10:53:21 1996] GET /cgi-bin/printenv HTTP/1.0" */
-    fprintf(f, "%%%% [%s] %s %s%s%s %s\n", ap_get_time(), r->method, r->uri,
-	    r->args ? "?" : "", r->args ? r->args : "", r->protocol);
-    /* "%% 500 /usr/local/apache/cgi-bin" */
-    fprintf(f, "%%%% %d %s\n", ret, r->filename);
-
-    fputs("%request\n", f);
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-	if (!hdrs[i].key)
-	    continue;
-	fprintf(f, "%s: %s\n", hdrs[i].key, hdrs[i].val);
-    }
-    if ((r->method_number == M_POST || r->method_number == M_PUT)
-	&& dbuf && *dbuf) {
-	fprintf(f, "\n%s\n", dbuf);
-    }
-
-    fputs("%response\n", f);
-    hdrs_arr = ap_table_elts(r->err_headers_out);
-    hdrs = (table_entry *) hdrs_arr->elts;
-
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-	if (!hdrs[i].key)
-	    continue;
-	fprintf(f, "%s: %s\n", hdrs[i].key, hdrs[i].val);
-    }
-
-    if (sbuf && *sbuf)
-	fprintf(f, "%s\n", sbuf);
-
-    if (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_in) > 0) {
-	fputs("%stdout\n", f);
-	fputs(argsbuffer, f);
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_in) > 0)
-	    fputs(argsbuffer, f);
-	fputs("\n", f);
-    }
-
-    if (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0) {
-	fputs("%stderr\n", f);
-	fputs(argsbuffer, f);
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0)
-	    fputs(argsbuffer, f);
-	fputs("\n", f);
-    }
-
-    ap_bclose(script_in);
-    ap_bclose(script_err);
-
-    ap_pfclose(r->pool, f);
-    return ret;
-}
-
-/****************************************************************
- *
- * Actual CGI handling...
- */
-
-
-struct cgi_child_stuff {
-    request_rec *r;
-    int nph;
-    int debug;
-    char *argv0;
-};
-
-static int cgi_child(void *child_stuff, child_info *pinfo)
-{
-    struct cgi_child_stuff *cld = (struct cgi_child_stuff *) child_stuff;
-    request_rec *r = cld->r;
-    char *argv0 = cld->argv0;
-    int child_pid;
-
-#ifdef DEBUG_CGI
-    FILE *dbg = fopen("/dev/tty", "w");
-    int i;
-#endif
-
-    char **env;
-
-    RAISE_SIGSTOP(CGI_CHILD);
-#ifdef DEBUG_CGI
-    fprintf(dbg, "Attempting to exec %s as %sCGI child (argv0 = %s)\n",
-	    r->filename, cld->nph ? "NPH " : "", argv0);
-#endif
-
-    ap_add_cgi_vars(r);
-    env = ap_create_environment(r->pool, r->subprocess_env);
-
-#ifdef DEBUG_CGI
-    fprintf(dbg, "Environment: \n");
-    for (i = 0; env[i]; ++i)
-	fprintf(dbg, "'%s'\n", env[i]);
-#endif
-
-    ap_chdir_file(r->filename);
-    if (!cld->debug)
-	ap_error_log2stderr(r->server);
-
-    /* Transumute outselves into the script.
-     * NB only ISINDEX scripts get decoded arguments.
-     */
-
-    ap_cleanup_for_exec();
-
-    child_pid = ap_call_exec(r, pinfo, argv0, env, 0);
-
-    /* Uh oh.  Still here.  Where's the kaboom?  There was supposed to be an
-     * EARTH-shattering kaboom!
-     *
-     * Oh, well.  Muddle through as best we can...
-     *
-     * Note that only stderr is available at this point, so don't pass in
-     * a server to aplog_error.
-     */
-
-    ap_log_error(APLOG_MARK, APLOG_ERR, NULL, "exec of %s failed", r->filename);
-    exit(0);
-    /* NOT REACHED */
-    return (0);
-}
-
-static int cgi_handler(request_rec *r)
-{
-    int retval, nph, dbpos = 0;
-    char *argv0, *dbuf = NULL;
-    BUFF *script_out, *script_in, *script_err;
-    char argsbuffer[HUGE_STRING_LEN];
-    int is_included = !strcmp(r->protocol, "INCLUDED");
-    void *sconf = r->server->module_config;
-    cgi_server_conf *conf =
-    (cgi_server_conf *) ap_get_module_config(sconf, &cgi_module);
-
-    struct cgi_child_stuff cld;
-
-    if (r->method_number == M_OPTIONS) {
-	/* 99 out of 100 CGI scripts, this is all they support */
-	r->allowed |= (1 << M_GET);
-	r->allowed |= (1 << M_POST);
-	return DECLINED;
-    }
-
-    if ((argv0 = strrchr(r->filename, '/')) != NULL)
-	argv0++;
-    else
-	argv0 = r->filename;
-
-    nph = !(strncmp(argv0, "nph-", 4));
-
-    if (!(ap_allow_options(r) & OPT_EXECCGI) && !is_scriptaliased(r))
-	return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
-			       "Options ExecCGI is off in this directory");
-    if (nph && is_included)
-	return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
-			       "attempt to include NPH CGI script");
-
-    if (r->finfo.st_mode == 0)
-	return log_scripterror(r, conf, NOT_FOUND, APLOG_NOERRNO,
-			       "script not found or unable to stat");
-    if (S_ISDIR(r->finfo.st_mode))
-	return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
-			       "attempt to invoke directory as script");
-    if (!ap_suexec_enabled) {
-	if (!ap_can_exec(&r->finfo))
-	    return log_scripterror(r, conf, FORBIDDEN, APLOG_NOERRNO,
-				   "file permissions deny server execution");
-    }
-
-    if ((retval = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR)))
-	return retval;
-
-    ap_add_common_vars(r);
-    cld.argv0 = argv0;
-    cld.r = r;
-    cld.nph = nph;
-    cld.debug = conf->logname ? 1 : 0;
-
-    /*
-     * we spawn out of r->main if it's there so that we can avoid
-     * waiting for free_proc_chain to cleanup in the middle of an
-     * SSI request -djg
-     */
-    if (!ap_bspawn_child(r->main ? r->main->pool : r->pool, cgi_child,
-			 (void *) &cld, kill_after_timeout,
-			 &script_out, &script_in, &script_err)) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "couldn't spawn child process: %s", r->filename);
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /* Transfer any put/post args, CERN style...
-     * Note that we already ignore SIGPIPE in the core server.
-     */
-
-    if (ap_should_client_block(r)) {
-	int dbsize, len_read;
-
-	if (conf->logname) {
-	    dbuf = ap_pcalloc(r->pool, conf->bufbytes + 1);
-	    dbpos = 0;
-	}
-
-	ap_hard_timeout("copy script args", r);
-
-	while ((len_read =
-		ap_get_client_block(r, argsbuffer, HUGE_STRING_LEN)) > 0) {
-	    if (conf->logname) {
-		if ((dbpos + len_read) > conf->bufbytes) {
-		    dbsize = conf->bufbytes - dbpos;
-		}
-		else {
-		    dbsize = len_read;
-		}
-		memcpy(dbuf + dbpos, argsbuffer, dbsize);
-		dbpos += dbsize;
-	    }
-	    ap_reset_timeout(r);
-	    if (ap_bwrite(script_out, argsbuffer, len_read) < len_read) {
-		/* silly script stopped reading, soak up remaining message */
-		while (ap_get_client_block(r, argsbuffer, HUGE_STRING_LEN) > 0) {
-		    /* dump it */
-		}
-		break;
-	    }
-	}
-
-	ap_bflush(script_out);
-
-	ap_kill_timeout(r);
-    }
-
-    ap_bclose(script_out);
-
-    /* Handle script return... */
-    if (script_in && !nph) {
-	const char *location;
-	char sbuf[MAX_STRING_LEN];
-	int ret;
-
-	if ((ret = ap_scan_script_header_err_buff(r, script_in, sbuf))) {
-	    return log_script(r, conf, ret, dbuf, sbuf, script_in, script_err);
-	}
-
-	location = ap_table_get(r->headers_out, "Location");
-
-	if (location && location[0] == '/' && r->status == 200) {
-
-	    /* Soak up all the script output */
-	    ap_hard_timeout("read from script", r);
-	    while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_in) > 0) {
-		continue;
-	    }
-	    while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0) {
-	        continue;
-	    }
-	    ap_kill_timeout(r);
-
-
-	    /* This redirect needs to be a GET no matter what the original
-	     * method was.
-	     */
-	    r->method = ap_pstrdup(r->pool, "GET");
-	    r->method_number = M_GET;
-
-	    /* We already read the message body (if any), so don't allow
-	     * the redirected request to think it has one.  We can ignore 
-	     * Transfer-Encoding, since we used REQUEST_CHUNKED_ERROR.
-	     */
-	    ap_table_unset(r->headers_in, "Content-Length");
-
-	    ap_internal_redirect_handler(location, r);
-	    return OK;
-	}
-	else if (location && r->status == 200) {
-	    /* XX Note that if a script wants to produce its own Redirect
-	     * body, it now has to explicitly *say* "Status: 302"
-	     */
-	    return REDIRECT;
-	}
-
-	ap_send_http_header(r);
-	if (!r->header_only) {
-	    ap_send_fb(script_in, r);
-	}
-	ap_bclose(script_in);
-
-	ap_soft_timeout("soaking script stderr", r);
-	while (ap_bgets(argsbuffer, HUGE_STRING_LEN, script_err) > 0) {
-	    continue;
-	}
-	ap_kill_timeout(r);
-	ap_bclose(script_err);
-    }
-
-    if (script_in && nph) {
-	ap_send_fb(script_in, r);
-    }
-
-    return OK;			/* NOT r->status, even if it has changed. */
-}
-
-static const handler_rec cgi_handlers[] =
-{
-    {CGI_MAGIC_TYPE, cgi_handler},
-    {"cgi-script", cgi_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT cgi_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    NULL,			/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    create_cgi_config,		/* server config */
-    merge_cgi_config,		/* merge server config */
-    cgi_cmds,			/* command table */
-    cgi_handlers,		/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_digest.c b/usr.sbin/httpd/src/modules/standard/mod_digest.c
deleted file mode 100644
index d684bd838d8..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_digest.c
+++ /dev/null
@@ -1,477 +0,0 @@
-/*	$OpenBSD: mod_digest.c,v 1.11 2008/05/25 11:46:27 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_digest: MD5 digest authentication
- * 
- * by Alexei Kosut <akosut@nueva.pvt.k12.ca.us>
- * based on mod_auth, by Rob McCool and Robert S. Thau
- *
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include "util_md5.h"
-
-typedef struct digest_config_struct {
-    char *pwfile;
-} digest_config_rec;
-
-typedef struct digest_header_struct {
-    char *username;
-    char *realm;
-    char *nonce;
-    char *requested_uri;
-    char *digest;
-} digest_header_rec;
-
-static void *create_digest_dir_config(pool *p, char *d)
-{
-    return ap_pcalloc(p, sizeof(digest_config_rec));
-}
-
-static const char *set_digest_slot(cmd_parms *cmd, void *offset, char *f, char *t)
-{
-    if (t && strcmp(t, "standard"))
-	return ap_pstrcat(cmd->pool, "Invalid auth file type: ", t, NULL);
-
-    return ap_set_string_slot(cmd, offset, f);
-}
-
-static const command_rec digest_cmds[] =
-{
-    {"AuthDigestFile", set_digest_slot,
-  (void *) XtOffsetOf(digest_config_rec, pwfile), OR_AUTHCFG, TAKE12, NULL},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT digest_module;
-
-static char *get_hash(request_rec *r, char *user, char *auth_pwfile)
-{
-    configfile_t *f;
-    char l[MAX_STRING_LEN];
-    const char *rpw;
-    char *w, *x;
-
-    if (!(f = ap_pcfg_openfile(r->pool, auth_pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    "Could not open password file: %s", auth_pwfile);
-	return NULL;
-    }
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-	if ((l[0] == '#') || (!l[0]))
-	    continue;
-	rpw = l;
-	w = ap_getword(r->pool, &rpw, ':');
-	x = ap_getword(r->pool, &rpw, ':');
-
-	if (x && w && !strcmp(user, w) && !strcmp(ap_auth_name(r), x)) {
-	    ap_cfg_closefile(f);
-	    return ap_pstrdup(r->pool, rpw);
-	}
-    }
-    ap_cfg_closefile(f);
-    return NULL;
-}
-
-/* Parse the Authorization header, if it exists */
-
-static int get_digest_rec(request_rec *r, digest_header_rec * response)
-{
-    const char *auth_line;
-    int l;
-    int s, vk = 0, vv = 0;
-    const char *t;
-    char *key, *value;
-    const char *scheme;
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest"))
-	return DECLINED;
-
-    if (!ap_auth_name(r)) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "need AuthName: %s", r->uri);
-	return SERVER_ERROR;
-    }
-
-    auth_line = ap_table_get(r->headers_in,
-			     r->proxyreq == STD_PROXY ? "Proxy-Authorization"
-			                              : "Authorization");
-    if (!auth_line) {
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-
-    if (strcasecmp(scheme = ap_getword_white(r->pool, &auth_line), "Digest")) {
-	/* Client tried to authenticate using wrong auth scheme */
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
-		    "client used wrong authentication scheme: %s for %s", 
-		    scheme, r->uri);
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-
-    l = strlen(auth_line);
-
-    /* Note we don't allocate l + 1 bytes for these deliberately, because
-     * there has to be at least one '=' character for either of these two
-     * new strings to be terminated.  That takes care of the need for +1.
-     */
-    key = ap_palloc(r->pool, l);
-    value = ap_palloc(r->pool, l);
-
-    /* There's probably a better way to do this, but for the time being... 
-     *
-     * Right now the parsing is very 'slack'. Actual rules from RFC 2617 are:
-     *
-     * Authorization     = "Digest" digest-response
-     * digest-response   = 1#( username | realm | nonce | digest-uri |
-     * 				response | [ cnonce ] | [ algorithm ] |
-     *                    	[opaque] | [message-qop] | [nonce-count] |
-     *				[auth-param] )			(see note 4)
-     * username           = "username" "=" username-value
-     *   username-value   = quoted-string
-     * digest-uri         = "uri" "=" digest-uri-value
-     *   digest-uri-value = request-uri         
-     * message-qop      = "qop" "=" qop-value
-     *   qop-options       = "qop" "=" <"> 1#qop-value <">      (see note 3)
-     *   qop-value         = "auth" | "auth-int" | token
-     * cnonce           = "cnonce" "=" cnonce-value
-     *    cnonce-value     = nonce-value
-     * nonce-count      = "nc" "=" nc-value
-     *    nc-value         = 8LHEX
-     * response           = "response" "=" response-digest
-     *   response-digest  = <"> *LHEX <">
-     *     LHEX           = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" |
-     *                      "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f"
-     * 
-     * Current Discrepancies:
-     *   quoted-string	 	section 2.2 of RFC 2068
-     *   --> We also acccept unquoted strings or strings
-     *       like foo" bar". And take a space, comma or EOL as
-     *       the terminator in that case.
-     *
-     *   request-uri		section 5.1 of RFC 2068
-     *   --> We currently also accept any quoted string - and
-     *       ignore those quotes.
-     *
-     *   response/entity-digest
-     *   --> We ignore the presense of the " if any.
-     *
-     * Note: There is an inherent problem with the request URI; as it should
-     *       be used unquoted - yet may contain a ',' - which is used as
-     *       a terminator:       
-     *       Authorization: Digest username="dirkx", realm="DAV", nonce="1031662894",
-     *       uri=/mary,+dirkx,+peter+and+mary.ics, response="99a6275793be28c31a5b6e4467fa4c79",
-     *       algorithm=MD5
-     *
-     * Note3: Taken from section 3.2.1 - as this is not actually defined in section 3.2.2 
-     *       which deals with the Authorization Request Header.
-     *
-     * Note4: The 'comma separated' list concept is refered to in the RFC
-     *       but whitespace eating and other such things are assumed to be
-     *       as per MIME/RFC2068 spec.
-     */
-
-#define D_KEY 0
-#define D_VALUE 1
-#define D_STRING 2
-#define D_EXIT -1
-
-    s = D_KEY;
-    while (s != D_EXIT) {
-	switch (s) {
-	case D_STRING:
-	    if (auth_line[0] == '\"') {
-		s = D_VALUE;
-	    }
-	    else {
-		value[vv] = auth_line[0];
-		vv++;
-	    }
-	    auth_line++;
-	    break;
-
-	case D_VALUE:
-	    /* A request URI may be unquoted and yet
-             * contain non alpha/num chars. (Though gets terminated by 
-             * a ',' - which in fact may be in the URI - so I guess 
-             * 2069 should be updated to suggest strongly to quote).
-             */
-	    if (auth_line[0] == '\"') {
-		s = D_STRING;
-	    }
-	    else if ((auth_line[0] != ',') && (auth_line[0] != ' ') && (auth_line[0] != '\0')) {
-		value[vv] = auth_line[0];
-		vv++;
-	    }
-	    else {
-		value[vv] = '\0';
-
-		if (!strcasecmp(key, "username"))
-		    response->username = ap_pstrdup(r->pool, value);
-		else if (!strcasecmp(key, "realm"))
-		    response->realm = ap_pstrdup(r->pool, value);
-		else if (!strcasecmp(key, "nonce"))
-		    response->nonce = ap_pstrdup(r->pool, value);
-		else if (!strcasecmp(key, "uri"))
-		    response->requested_uri = ap_pstrdup(r->pool, value);
-		else if (!strcasecmp(key, "response"))
-		    response->digest = ap_pstrdup(r->pool, value);
-
-		vv = 0;
-		s = D_KEY;
-	    }
-	    auth_line++;
-	    break;
-
-	case D_KEY:
-	    if (ap_isalnum(auth_line[0])) {
-		key[vk] = auth_line[0];
-		vk++;
-	    }
-	    else if (auth_line[0] == '=') {
-		key[vk] = '\0';
-		vk = 0;
-		s = D_VALUE;
-	    }
-	    auth_line++;
-	    break;
-	}
-
-	if (auth_line[-1] == '\0')
-	    s = D_EXIT;
-    }
-
-    if (!response->username || !response->realm || !response->nonce ||
-	!response->requested_uri || !response->digest) {
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-
-    r->connection->user = response->username;
-    r->connection->ap_auth_type = "Digest";
-
-    return OK;
-}
-
-/* The actual MD5 code... whee */
-
-/* Check that a given nonce is actually one which was
- * issued by this server in the right context.
- */
-static int check_nonce(pool *p, const char *prefix, const char *nonce) {
-    char *timestamp = (char *)nonce + 2 * MD5_DIGESTSIZE;
-    char *md5;
-
-    if (strlen(nonce) < MD5_DIGESTSIZE)
-       return AUTH_REQUIRED;
-
-    md5 = ap_md5(p, (unsigned char *)ap_pstrcat(p, prefix, timestamp, NULL));
-
-    return strncmp(md5, nonce, 2 * MD5_DIGESTSIZE);
-}
-
-/* Check the digest itself.
- */
-static char *find_digest(request_rec *r, digest_header_rec * h, char *a1)
-{
-    return ap_md5(r->pool,
-		  (unsigned char *)ap_pstrcat(r->pool, a1, ":", h->nonce, ":",
-					   ap_md5(r->pool,
-		           (unsigned char *)ap_pstrcat(r->pool, r->method, ":",
-						    h->requested_uri, NULL)),
-					   NULL));
-}
-
-/* These functions return 0 if client is OK, and proper error status
- * if not... either AUTH_REQUIRED, if we made a check, and it failed, or
- * SERVER_ERROR, if things are so totally confused that we couldn't
- * figure out how to tell if the client is authorized or not.
- *
- * If they return DECLINED, and all other modules also decline, that's
- * treated by the server core as a configuration error, logged and
- * reported as such.
- */
-
-/* Determine user ID, and check if it really is that user, for HTTP
- * basic authentication...
- */
-
-static int authenticate_digest_user(request_rec *r)
-{
-    digest_config_rec *sec =
-    (digest_config_rec *) ap_get_module_config(r->per_dir_config,
-					    &digest_module);
-    digest_header_rec *response = ap_pcalloc(r->pool, sizeof(digest_header_rec));
-    conn_rec *c = r->connection;
-    char *a1;
-    int res;
-
-    if ((res = get_digest_rec(r, response)))
-	return res;
-
-    if (!sec->pwfile)
-	return DECLINED;
-
-    /* Check that the nonce was one we actually issued. */
-    if (check_nonce(r->pool, ap_auth_nonce(r), response->nonce)) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-            "Client is using a nonce which was not issued by "
-            "this server for this context: %s", r->uri);
-        ap_note_digest_auth_failure(r);
-        return AUTH_REQUIRED;
-    }
-
-    if (!(a1 = get_hash(r, c->user, sec->pwfile))) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "user %s not found: %s", c->user, r->uri);
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    if (strcmp(response->digest, find_digest(r, response, a1))) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "user %s: password mismatch: %s", c->user, r->uri);
-	ap_note_digest_auth_failure(r);
-	return AUTH_REQUIRED;
-    }
-    return OK;
-}
-
-/* Checking ID */
-
-static int digest_check_auth(request_rec *r)
-{
-    char *user = r->connection->user;
-    int m = r->method_number;
-    int method_restricted = 0;
-     int x;
-    const char *t;
-    char *w;
-    const array_header *reqs_arr;
-    require_line *reqs;
-
-    if (!(t = ap_auth_type(r)) || strcasecmp(t, "Digest"))
-	return DECLINED;
-
-    reqs_arr = ap_requires(r);
-    /* If there is no "requires" directive, 
-     * then any user will do.
-     */
-    if (!reqs_arr)
-	return OK;
-    reqs = (require_line *) reqs_arr->elts;
-
-    for (x = 0; x < reqs_arr->nelts; x++) {
-
-	if (!(reqs[x].method_mask & (1 << m)))
-	    continue;
-
-	method_restricted = 1;
-
-	t = reqs[x].requirement;
-	w = ap_getword_white(r->pool, &t);
-	if (!strcmp(w, "valid-user"))
-	    return OK;
-	else if (!strcmp(w, "user")) {
-	    while (t[0]) {
-		w = ap_getword_conf(r->pool, &t);
-		if (!strcmp(user, w))
-		    return OK;
-	    }
-	}
-	else
-	    return DECLINED;
-    }
-
-    if (!method_restricted)
-	return OK;
-
-    ap_note_digest_auth_failure(r);
-    return AUTH_REQUIRED;
-}
-
-module MODULE_VAR_EXPORT digest_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    create_digest_dir_config,	/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    digest_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    authenticate_digest_user,	/* check_user_id */
-    digest_check_auth,		/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_dir.c b/usr.sbin/httpd/src/modules/standard/mod_dir.c
deleted file mode 100644
index 92307920f90..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_dir.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_dir.c: handle default index files, and trailing-/ redirects
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_request.h"
-#include "http_protocol.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "util_script.h"
-
-module MODULE_VAR_EXPORT dir_module;
-
-typedef struct dir_config_struct {
-    array_header *index_names;
-} dir_config_rec;
-
-#define DIR_CMD_PERMS OR_INDEXES
-
-static const char *add_index(cmd_parms *cmd, void *dummy, char *arg)
-{
-    dir_config_rec *d = dummy;
-
-    if (!d->index_names) {
-	d->index_names = ap_make_array(cmd->pool, 2, sizeof(char *));
-    }
-    *(char **)ap_push_array(d->index_names) = arg;
-    return NULL;
-}
-
-static const command_rec dir_cmds[] =
-{
-    {"DirectoryIndex", add_index, NULL,
-     DIR_CMD_PERMS, ITERATE,
-     "a list of file names"},
-    {NULL}
-};
-
-static void *create_dir_config(pool *p, char *dummy)
-{
-    dir_config_rec *new =
-    (dir_config_rec *) ap_pcalloc(p, sizeof(dir_config_rec));
-
-    new->index_names = NULL;
-    return (void *) new;
-}
-
-static void *merge_dir_configs(pool *p, void *basev, void *addv)
-{
-    dir_config_rec *new = (dir_config_rec *) ap_pcalloc(p, sizeof(dir_config_rec));
-    dir_config_rec *base = (dir_config_rec *) basev;
-    dir_config_rec *add = (dir_config_rec *) addv;
-
-    new->index_names = add->index_names ? add->index_names : base->index_names;
-    return new;
-}
-
-static int handle_dir(request_rec *r)
-{
-    dir_config_rec *d =
-    (dir_config_rec *) ap_get_module_config(r->per_dir_config,
-                                         &dir_module);
-    char *dummy_ptr[1];
-    char **names_ptr;
-    int num_names;
-    int error_notfound = 0;
-
-    if (r->uri[0] == '\0' || r->uri[strlen(r->uri) - 1] != '/') {
-        char *ifile;
-        if (r->args != NULL)
-            ifile = ap_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
-                            "/", "?", r->args, NULL);
-        else
-            ifile = ap_pstrcat(r->pool, ap_escape_uri(r->pool, r->uri),
-                            "/", NULL);
-
-        ap_table_setn(r->headers_out, "Location",
-                  ap_construct_url(r->pool, ifile, r));
-        return HTTP_MOVED_PERMANENTLY;
-    }
-
-    /* KLUDGE --- make the sub_req lookups happen in the right directory.
-     * Fixing this in the sub_req_lookup functions themselves is difficult,
-     * and would probably break virtual includes...
-     */
-
-    if (r->filename[strlen(r->filename) - 1] != '/') {
-        r->filename = ap_pstrcat(r->pool, r->filename, "/", NULL);
-    }
-
-    if (d->index_names) {
-	names_ptr = (char **)d->index_names->elts;
-	num_names = d->index_names->nelts;
-    }
-    else {
-	dummy_ptr[0] = DEFAULT_INDEX;
-	names_ptr = dummy_ptr;
-	num_names = 1;
-    }
-
-    for (; num_names; ++names_ptr, --num_names) {
-        char *name_ptr = *names_ptr;
-        request_rec *rr = ap_sub_req_lookup_uri(name_ptr, r);
-
-        if (rr->status == HTTP_OK && S_ISREG(rr->finfo.st_mode)) {
-            char *new_uri = ap_escape_uri(r->pool, rr->uri);
-
-            if (rr->args != NULL)
-                new_uri = ap_pstrcat(r->pool, new_uri, "?", rr->args, NULL);
-            else if (r->args != NULL)
-                new_uri = ap_pstrcat(r->pool, new_uri, "?", r->args, NULL);
-
-            ap_destroy_sub_req(rr);
-            ap_internal_redirect(new_uri, r);
-            return OK;
-        }
-
-        /* If the request returned a redirect, propagate it to the client */
-
-        if (ap_is_HTTP_REDIRECT(rr->status) ||
-            (rr->status == HTTP_NOT_ACCEPTABLE && num_names == 1) ||
-            (rr->status == HTTP_UNAUTHORIZED && num_names == 1)) {
-
-            ap_pool_join(r->pool, rr->pool);
-            error_notfound = rr->status;
-            r->notes = ap_overlay_tables(r->pool, r->notes, rr->notes);
-            r->headers_out = ap_overlay_tables(r->pool, r->headers_out,
-                                            rr->headers_out);
-            r->err_headers_out = ap_overlay_tables(r->pool, r->err_headers_out,
-                                                rr->err_headers_out);
-            return error_notfound;
-        }
-
-        /* If the request returned something other than 404 (or 200),
-         * it means the module encountered some sort of problem. To be
-         * secure, we should return the error, rather than create
-         * along a (possibly unsafe) directory index.
-         *
-         * So we store the error, and if none of the listed files
-         * exist, we return the last error response we got, instead
-         * of a directory listing.
-         */
-        if (rr->status && rr->status != HTTP_NOT_FOUND && rr->status != HTTP_OK)
-            error_notfound = rr->status;
-
-        ap_destroy_sub_req(rr);
-    }
-
-    if (error_notfound)
-        return error_notfound;
-
-    if (r->method_number != M_GET)
-        return DECLINED;
-
-    /* nothing for us to do, pass on through */
-
-    return DECLINED;
-}
-
-
-static const handler_rec dir_handlers[] =
-{
-    {DIR_MAGIC_TYPE, handle_dir},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT dir_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_dir_config,          /* dir config creater */
-    merge_dir_configs,          /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    dir_cmds,                   /* command table */
-    dir_handlers,               /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_env.c b/usr.sbin/httpd/src/modules/standard/mod_env.c
deleted file mode 100644
index 16037b1db30..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_env.c
+++ /dev/null
@@ -1,280 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_env.c
- * version 0.0.5
- * status beta
- * Pass environment variables to CGI/SSI scripts.
- * 
- * Andrew Wilson <Andrew.Wilson@cm.cf.ac.uk> 06.Dec.95
- *
- * Change log:
- * 08.Dec.95 Now allows PassEnv directive to appear more than once in
- *           conf files.
- * 10.Dec.95 optimisation.  getenv() only called at startup and used 
- *           to build a fast-to-access table.  table used to build 
- *           per-server environment for each request.
- *           robustness.  better able to handle errors in configuration
- *           files:
- *           1)  PassEnv directive present, but no environment variable listed
- *           2)  PassEnv FOO present, but $FOO not present in environment
- *           3)  no PassEnv directive present
- * 23.Dec.95 Now allows SetEnv directive with same semantics as 'sh' setenv:
- *              SetEnv Var      sets Var to the empty string
- *              SetEnv Var Val  sets Var to the value Val
- *           Values containing whitespace should be quoted, eg:
- *              SetEnv Var "this is some text"
- *           Environment variables take their value from the last instance
- *           of PassEnv / SetEnv to be reached in the configuration file.
- *           For example, the sequence:
- *              PassEnv FOO
- *              SetEnv FOO override
- *           Causes FOO to take the value 'override'.
- * 23.Feb.96 Added UnsetEnv directive to allow environment variables
- *           to be removed.
- *           Virtual hosts now 'inherit' parent server environment which
- *           they're able to overwrite with their own directives or
- *           selectively ignore with UnsetEnv.
- *       *** IMPORTANT - the way that virtual hosts inherit their ***
- *       *** environment variables from the default server's      ***
- *       *** configuration has changed.  You should test your     ***
- *       *** configuration carefully before accepting this        ***
- *       *** version of the module in a live webserver which used ***
- *       *** older versions of the module.                        ***
- */
-
-#include "httpd.h"
-#include "http_config.h"
-
-typedef struct {
-    table *vars;
-    char *unsetenv;
-    int vars_present;
-} env_dir_config_rec;
-
-module MODULE_VAR_EXPORT env_module;
-
-static void *create_env_dir_config(pool *p, char *dummy)
-{
-    env_dir_config_rec *new =
-    (env_dir_config_rec *) ap_palloc(p, sizeof(env_dir_config_rec));
-    new->vars = ap_make_table(p, 50);
-    new->unsetenv = "";
-    new->vars_present = 0;
-    return (void *) new;
-}
-
-static void *merge_env_dir_configs(pool *p, void *basev, void *addv)
-{
-    env_dir_config_rec *base = (env_dir_config_rec *) basev;
-    env_dir_config_rec *add = (env_dir_config_rec *) addv;
-    env_dir_config_rec *new =
-    (env_dir_config_rec *) ap_palloc(p, sizeof(env_dir_config_rec));
-
-    table *new_table;
-    table_entry *elts;
-    array_header *arr;
-
-    int i;
-    const char *uenv, *unset;
-
-    /* 
-     * new_table = copy_table( p, base->vars );
-     * foreach $element ( @add->vars ) {
-     *     table_set( new_table, $element.key, $element.val );
-     * };
-     * foreach $unsetenv ( @UNSETENV ) {
-     *     table_unset( new_table, $unsetenv );
-     * }
-     */
-
-    new_table = ap_copy_table(p, base->vars);
-
-    arr = ap_table_elts(add->vars);
-    elts = (table_entry *)arr->elts;
-
-    for (i = 0; i < arr->nelts; ++i) {
-        ap_table_setn(new_table, elts[i].key, elts[i].val);
-    }
-
-    unset = add->unsetenv;
-    uenv = ap_getword_conf(p, &unset);
-    while (uenv[0] != '\0') {
-        ap_table_unset(new_table, uenv);
-        uenv = ap_getword_conf(p, &unset);
-    }
-
-    new->vars = new_table;
-
-    new->vars_present = base->vars_present || add->vars_present;
-
-    return new;
-}
-
-static const char *add_env_module_vars_passed(cmd_parms *cmd,
-					      env_dir_config_rec *sconf,
-                                              const char *arg)
-{
-    table *vars = sconf->vars;
-    char *env_var;
-    char *name_ptr;
-
-    while (*arg) {
-        name_ptr = ap_getword_conf(cmd->pool, &arg);
-        env_var = getenv(name_ptr);
-        if (env_var != NULL) {
-            sconf->vars_present = 1;
-            ap_table_setn(vars, name_ptr, ap_pstrdup(cmd->pool, env_var));
-        }
-    }
-    return NULL;
-}
-
-static const char *add_env_module_vars_set(cmd_parms *cmd,
-					   env_dir_config_rec *sconf,
-                                           const char *arg)
-{
-    table *vars = sconf->vars;
-    char *name, *value;
-
-    name = ap_getword_conf(cmd->pool, &arg);
-    value = ap_getword_conf(cmd->pool, &arg);
-
-    /* name is mandatory, value is optional.  no value means
-     * set the variable to an empty string
-     */
-
-
-    if ((*name == '\0') || (*arg != '\0')) {
-        return "SetEnv takes one or two arguments.  An environment variable name and an optional value to pass to CGI.";
-    }
-
-    sconf->vars_present = 1;
-    ap_table_setn(vars, name, value);
-
-    return NULL;
-}
-
-static const char *add_env_module_vars_unset(cmd_parms *cmd,
-					     env_dir_config_rec *sconf,
-                                             char *arg)
-{
-    sconf->unsetenv = sconf->unsetenv ?
-        ap_pstrcat(cmd->pool, sconf->unsetenv, " ", arg, NULL) :
-         arg;
-
-    if (sconf->vars_present && !cmd->path) {
-        /* if {Set,Pass}Env FOO, UnsetEnv FOO
-         * are in the base config, merge never happens,
-         * unset never happens, so just unset now
-         */
-        ap_table_unset(sconf->vars, arg);
-    }
-
-    return NULL;
-}
-
-static const command_rec env_module_cmds[] =
-{
-    {"PassEnv", add_env_module_vars_passed, NULL,
-     OR_FILEINFO, RAW_ARGS, "a list of environment variables to pass to CGI."},
-    {"SetEnv", add_env_module_vars_set, NULL,
-     OR_FILEINFO, RAW_ARGS, "an environment variable name and a value to pass to CGI."},
-    {"UnsetEnv", add_env_module_vars_unset, NULL,
-     OR_FILEINFO, RAW_ARGS, "a list of variables to remove from the CGI environment."},
-    {NULL},
-};
-
-static int fixup_env_module(request_rec *r)
-{
-    table *e = r->subprocess_env;
-    env_dir_config_rec *sconf = ap_get_module_config(r->per_dir_config,
-                                                     &env_module);
-    table *vars = sconf->vars;
-
-    if (!sconf->vars_present)
-        return DECLINED;
-
-    r->subprocess_env = ap_overlay_tables(r->pool, e, vars);
-
-    return OK;
-}
-
-module MODULE_VAR_EXPORT env_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_env_dir_config,      /* dir config creater */
-    merge_env_dir_configs,      /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server configs */
-    env_module_cmds,            /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    fixup_env_module,           /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_expires.c b/usr.sbin/httpd/src/modules/standard/mod_expires.c
deleted file mode 100644
index 238f03c0368..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_expires.c
+++ /dev/null
@@ -1,515 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_expires.c
- * version 0.0.11
- * status beta
- * 
- * Andrew Wilson <Andrew.Wilson@cm.cf.ac.uk> 26.Jan.96
- *
- * This module allows you to control the form of the Expires: header
- * that Apache issues for each access.  Directives can appear in
- * configuration files or in .htaccess files so expiry semantics can
- * be defined on a per-directory basis.  
- *
- * DIRECTIVE SYNTAX
- *
- * Valid directives are:
- *
- *     ExpiresActive on | off
- *     ExpiresDefault <code><seconds>
- *     ExpiresByType type/encoding <code><seconds>
- *
- * Valid values for <code> are:
- *
- *     'M'      expires header shows file modification date + <seconds>
- *     'A'      expires header shows access time + <seconds>
- *
- *              [I'm not sure which of these is best under different
- *              circumstances, I guess it's for other people to explore.
- *              The effects may be indistinguishable for a number of cases]
- *
- * <seconds> should be an integer value [acceptable to atoi()]
- *
- * There is NO space between the <code> and <seconds>.
- *
- * For example, a directory which contains information which changes
- * frequently might contain:
- *
- *     # reports generated by cron every hour.  don't let caches
- *     # hold onto stale information
- *     ExpiresDefault M3600
- *
- * Another example, our html pages can change all the time, the gifs
- * tend not to change often:
- * 
- *     # pages are hot (1 week), images are cold (1 month)
- *     ExpiresByType text/html A604800
- *     ExpiresByType image/gif A2592000
- *
- * Expires can be turned on for all URLs on the server by placing the
- * following directive in a conf file:
- *
- *     ExpiresActive on
- *
- * ExpiresActive can also appear in .htaccess files, enabling the
- * behaviour to be turned on or off for each chosen directory.
- *
- *     # turn off Expires behaviour in this directory
- *     # and subdirectories
- *     ExpiresActive off
- *
- * Directives defined for a directory are valid in subdirectories
- * unless explicitly overridden by new directives in the subdirectory
- * .htaccess files.
- *
- * ALTERNATIVE DIRECTIVE SYNTAX
- *
- * Directives can also be defined in a more readable syntax of the form:
- *
- *     ExpiresDefault "<base> [plus] {<num> <type>}*"
- *     ExpiresByType type/encoding "<base> [plus] {<num> <type>}*"
- *
- * where <base> is one of:
- *      access  
- *      now             equivalent to 'access'
- *      modification
- *
- * where the 'plus' keyword is optional
- *
- * where <num> should be an integer value [acceptable to atoi()]
- *
- * where <type> is one of:
- *      years
- *      months
- *      weeks
- *      days
- *      hours
- *      minutes
- *      seconds
- *
- * For example, any of the following directives can be used to make
- * documents expire 1 month after being accessed, by default:
- *
- *      ExpiresDefault "access plus 1 month"
- *      ExpiresDefault "access plus 4 weeks"
- *      ExpiresDefault "access plus 30 days"
- *
- * The expiry time can be fine-tuned by adding several '<num> <type>'
- * clauses:
- *
- *      ExpiresByType text/html "access plus 1 month 15 days 2 hours"
- *      ExpiresByType image/gif "modification plus 5 hours 3 minutes"
- *
- * ---
- *
- * Change-log:
- * 29.Jan.96    Hardened the add_* functions.  Server will now bail out
- *              if bad directives are given in the conf files.
- * 02.Feb.96    Returns DECLINED if not 'ExpiresActive on', giving other
- *              expires-aware modules a chance to play with the same
- *              directives. [Michael Rutman]
- * 03.Feb.96    Call tzset() before localtime().  Trying to get the module
- *              to work properly in non GMT timezones.
- * 12.Feb.96    Modified directive syntax to allow more readable commands:
- *                ExpiresDefault "now plus 10 days 20 seconds"
- *                ExpiresDefault "access plus 30 days"
- *                ExpiresDefault "modification plus 1 year 10 months 30 days"
- * 13.Feb.96    Fix call to table_get() with NULL 2nd parameter [Rob Hartill]
- * 19.Feb.96    Call gm_timestr_822() to get time formatted correctly, can't
- *              rely on presence of HTTP_TIME_FORMAT in Apache 1.1+.
- * 21.Feb.96    This version (0.0.9) reverses assumptions made in 0.0.8
- *              about star/star handlers.  Reverting to 0.0.7 behaviour.
- * 08.Jun.96    allows ExpiresDefault to be used with responses that use 
- *              the DefaultType by not DECLINING, but instead skipping 
- *              the table_get check and then looking for an ExpiresDefault.
- *              [Rob Hartill]
- * 04.Nov.96    'const' definitions added.
- *
- * TODO
- * add support for Cache-Control: max-age=20 from the HTTP/1.1
- * proposal (in this case, a ttl of 20 seconds) [ask roy]
- * add per-file expiry and explicit expiry times - duplicates some
- * of the mod_cern_meta.c functionality.  eg:
- *              ExpiresExplicit index.html "modification plus 30 days"
- *
- * BUGS
- * Hi, welcome to the internet.
- */
-
-#include <ctype.h>
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-
-typedef struct {
-    int active;
-    char *expiresdefault;
-    table *expiresbytype;
-} expires_dir_config;
-
-/* from mod_dir, why is this alias used?
- */
-#define DIR_CMD_PERMS OR_INDEXES
-
-#define ACTIVE_ON       1
-#define ACTIVE_OFF      0
-#define ACTIVE_DONTCARE 2
-
-module MODULE_VAR_EXPORT expires_module;
-
-static void *create_dir_expires_config(pool *p, char *dummy)
-{
-    expires_dir_config *new =
-    (expires_dir_config *) ap_pcalloc(p, sizeof(expires_dir_config));
-    new->active = ACTIVE_DONTCARE;
-    new->expiresdefault = "";
-    new->expiresbytype = ap_make_table(p, 4);
-    return (void *) new;
-}
-
-static const char *set_expiresactive(cmd_parms *cmd, expires_dir_config * dir_config, int arg)
-{
-    /* if we're here at all it's because someone explicitly
-     * set the active flag
-     */
-    dir_config->active = ACTIVE_ON;
-    if (arg == 0) {
-        dir_config->active = ACTIVE_OFF;
-    };
-    return NULL;
-}
-
-/* check_code() parse 'code' and return NULL or an error response
- * string.  If we return NULL then real_code contains code converted
- * to the cnnnn format.
- */
-static char *check_code(pool *p, const char *code, char **real_code)
-{
-    char *word;
-    char base = 'X';
-    int modifier = 0;
-    int num = 0;
-    int factor = 0;
-
-    /* 0.0.4 compatibility?
-     */
-    if ((code[0] == 'A') || (code[0] == 'M')) {
-        *real_code = (char *)code;
-        return NULL;
-    };
-
-    /* <base> [plus] {<num> <type>}*
-     */
-
-    /* <base>
-     */
-    word = ap_getword_conf(p, &code);
-    if (!strncasecmp(word, "now", 1) ||
-        !strncasecmp(word, "access", 1)) {
-        base = 'A';
-    }
-    else if (!strncasecmp(word, "modification", 1)) {
-        base = 'M';
-    }
-    else {
-        return ap_pstrcat(p, "bad expires code, unrecognised <base> '",
-                       word, "'", NULL);
-    };
-
-    /* [plus]
-     */
-    word = ap_getword_conf(p, &code);
-    if (!strncasecmp(word, "plus", 1)) {
-        word = ap_getword_conf(p, &code);
-    };
-
-    /* {<num> <type>}*
-     */
-    while (word[0]) {
-        /* <num>
-         */
-        if (ap_isdigit(word[0])) {
-            num = atoi(word);
-        }
-        else {
-            return ap_pstrcat(p, "bad expires code, numeric value expected <num> '",
-                           word, "'", NULL);
-        };
-
-        /* <type>
-         */
-        word = ap_getword_conf(p, &code);
-        if (word[0]) {
-            /* do nothing */
-        }
-        else {
-            return ap_pstrcat(p, "bad expires code, missing <type>", NULL);
-        };
-
-        factor = 0;
-        if (!strncasecmp(word, "years", 1)) {
-            factor = 60 * 60 * 24 * 365;
-        }
-        else if (!strncasecmp(word, "months", 2)) {
-            factor = 60 * 60 * 24 * 30;
-        }
-        else if (!strncasecmp(word, "weeks", 1)) {
-            factor = 60 * 60 * 24 * 7;
-        }
-        else if (!strncasecmp(word, "days", 1)) {
-            factor = 60 * 60 * 24;
-        }
-        else if (!strncasecmp(word, "hours", 1)) {
-            factor = 60 * 60;
-        }
-        else if (!strncasecmp(word, "minutes", 2)) {
-            factor = 60;
-        }
-        else if (!strncasecmp(word, "seconds", 1)) {
-            factor = 1;
-        }
-        else {
-            return ap_pstrcat(p, "bad expires code, unrecognised <type>",
-                           "'", word, "'", NULL);
-        };
-
-        modifier = modifier + factor * num;
-
-        /* next <num>
-         */
-        word = ap_getword_conf(p, &code);
-    };
-
-    *real_code = ap_psprintf(p, "%c%d", base, modifier);
-
-    return NULL;
-}
-
-static const char *set_expiresbytype(cmd_parms *cmd, expires_dir_config * dir_config, char *mime, char *code)
-{
-    char *response, *real_code;
-
-    if ((response = check_code(cmd->pool, code, &real_code)) == NULL) {
-        ap_table_setn(dir_config->expiresbytype, mime, real_code);
-        return NULL;
-    };
-    return ap_pstrcat(cmd->pool,
-                 "'ExpiresByType ", mime, " ", code, "': ", response, NULL);
-}
-
-static const char *set_expiresdefault(cmd_parms *cmd, expires_dir_config * dir_config, char *code)
-{
-    char *response, *real_code;
-
-    if ((response = check_code(cmd->pool, code, &real_code)) == NULL) {
-        dir_config->expiresdefault = real_code;
-        return NULL;
-    };
-    return ap_pstrcat(cmd->pool,
-                   "'ExpiresDefault ", code, "': ", response, NULL);
-}
-
-static const command_rec expires_cmds[] =
-{
-    {"ExpiresActive", set_expiresactive, NULL, DIR_CMD_PERMS, FLAG,
-     "Limited to 'on' or 'off'"},
-    {"ExpiresBytype", set_expiresbytype, NULL, DIR_CMD_PERMS, TAKE2,
-     "a MIME type followed by an expiry date code"},
-    {"ExpiresDefault", set_expiresdefault, NULL, DIR_CMD_PERMS, TAKE1,
-     "an expiry date code"},
-    {NULL}
-};
-
-static void *merge_expires_dir_configs(pool *p, void *basev, void *addv)
-{
-    expires_dir_config *new = (expires_dir_config *) ap_pcalloc(p, sizeof(expires_dir_config));
-    expires_dir_config *base = (expires_dir_config *) basev;
-    expires_dir_config *add = (expires_dir_config *) addv;
-
-    if (add->active == ACTIVE_DONTCARE) {
-        new->active = base->active;
-    }
-    else {
-        new->active = add->active;
-    };
-
-    if (add->expiresdefault != '\0') {
-        new->expiresdefault = add->expiresdefault;
-    };
-
-    new->expiresbytype = ap_overlay_tables(p, add->expiresbytype,
-                                        base->expiresbytype);
-    return new;
-}
-
-static int add_expires(request_rec *r)
-{
-    expires_dir_config *conf;
-    char *code;
-    time_t base;
-    time_t additional;
-    time_t expires;
-    char age[20];
-
-    if (ap_is_HTTP_ERROR(r->status))       /* Don't add Expires headers to errors */
-        return DECLINED;
-
-    if (r->main != NULL)        /* Say no to subrequests */
-        return DECLINED;
-
-    conf = (expires_dir_config *) ap_get_module_config(r->per_dir_config, &expires_module);
-    if (conf == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "internal error: %s", r->filename);
-        return SERVER_ERROR;
-    };
-
-    if (conf->active != ACTIVE_ON)
-        return DECLINED;
-
-    /* we perhaps could use the default_type(r) in its place but that
-     * may be 2nd guesing the desired configuration...  calling table_get
-     * with a NULL key will SEGV us
-     *
-     * I still don't know *why* r->content_type would ever be NULL, this
-     * is possibly a result of fixups being called in many different
-     * places.  Fixups is probably the wrong place to be doing all this
-     * work...  Bah.
-     *
-     * Changed as of 08.Jun.96 don't DECLINE, look for an ExpiresDefault.
-     */
-    if (r->content_type == NULL)
-        code = NULL;
-    else
-        code = (char *) ap_table_get(conf->expiresbytype, 
-		ap_field_noparam(r->pool, r->content_type));
-
-    if (code == NULL) {
-        /* no expires defined for that type, is there a default? */
-        code = conf->expiresdefault;
-
-        if (code[0] == '\0')
-            return OK;
-    };
-
-    /* we have our code */
-
-    switch (code[0]) {
-    case 'M':
-	if (r->finfo.st_mode == 0) { 
-	    /* file doesn't exist on disk, so we can't do anything based on
-	     * modification time.  Note that this does _not_ log an error.
-	     */
-	    return DECLINED;
-	}
-        base = r->finfo.st_mtime;
-        additional = atoi(&code[1]);
-        break;
-    case 'A':
-        /* there's been some discussion and it's possible that 
-         * 'access time' will be stored in request structure
-         */
-        base = r->request_time;
-        additional = atoi(&code[1]);
-        break;
-    default:
-        /* expecting the add_* routines to be case-hardened this 
-         * is just a reminder that module is beta
-         */
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "internal error: bad expires code: %s", r->filename);
-        return SERVER_ERROR;
-    };
-
-    expires = base + additional;
-    ap_snprintf(age, sizeof(age), "max-age=%d",
-		(int) expires - (int) r->request_time);
-    ap_table_mergen(r->headers_out, "Cache-Control", ap_pstrdup(r->pool, age));
-    tzset();                    /* redundant? called implicitly by localtime,
-				 * at least under FreeBSD
-                                 */
-    ap_table_setn(r->headers_out, "Expires",
-		  ap_gm_timestr_822(r->pool, expires));
-    return OK;
-}
-
-module MODULE_VAR_EXPORT expires_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_dir_expires_config,  /* dir config creater */
-    merge_expires_dir_configs,  /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server configs */
-    expires_cmds,               /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    add_expires,                /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_headers.c b/usr.sbin/httpd/src/modules/standard/mod_headers.c
deleted file mode 100644
index ca2b5e7b1c3..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_headers.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_headers.c: Add/append/remove HTTP response headers
- *     Written by Paul Sutton, paul@ukweb.com, 1 Oct 1996
- *     Updated with RequestHeader by Martin Algesten,
- *       puckman@taglab.com, 13 Jul 2002.
- *
- * New directive, Header, can be used to add/replace/remove HTTP headers.
- * Valid in both per-server and per-dir configurations.
- * In addition directive, RequestHeader, can be used exactly as Header but
- * with the difference that the header is added to the request headers rather
- * than the response.
- *
- * Syntax is:
- *
- *   Header        action header value
- *   RequestHeader action header value
- *
- * Where action is one of:
- *     set    - set this header, replacing any old value
- *     add    - add this header, possible resulting in two or more
- *              headers with the same name
- *     append - append this text onto any existing header of this same
- *     unset  - remove this header
- *
- * Where action is unset, the third argument (value) should not be given.
- * The header name can include the colon, or not.
- *
- * The directives can only be used where allowed by the FileInfo 
- * override.
- *
- * When the request is processed, the header directives are processed in
- * this order: firstly, the main server, then the virtual server handling
- * this request (if any), then any <Directory> sections (working downwards 
- * from the root dir), then an <Location> sections (working down from 
- * shortest URL component), the any <File> sections. This order is
- * important if any 'set' or 'unset' actions are used. For example,
- * the following two directives have different effect if applied in
- * the reverse order:
- *
- *   Header append Author "John P. Doe"
- *   Header unset Author
- *
- * Examples:
- *
- *  To set the "Author" header, use
- *     Header add Author "John P. Doe"
- *
- *  To remove a header:
- *     Header unset Author
- *
- */
-
-#include "httpd.h"
-#include "http_config.h"
-
-typedef enum {
-    hdr_add = 'a',              /* add header (could mean multiple hdrs) */
-    hdr_set = 's',              /* set (replace old value) */
-    hdr_append = 'm',           /* append (merge into any old value) */
-    hdr_unset = 'u'             /* unset header */
-} hdr_actions;
-
-
-typedef enum {
-    hdrs_in  = 'i',             /* Add header to incoming (request) headers */
-    hdrs_out = 'o'              /* Add header to outgoing (response) headers */
-} hdrs_inout;
-
-
-typedef struct {
-    hdrs_inout inout;
-    hdr_actions action;
-    char *header;
-    char *value;
-    int do_err;
-} header_entry;
-
-/*
- * headers_conf is our per-module configuration. This is used as both
- * a per-dir and per-server config
- */
-typedef struct {
-    array_header *headers;
-} headers_conf;
-
-module MODULE_VAR_EXPORT headers_module;
-
-static void *create_headers_config(pool *p, server_rec *s)
-{
-    headers_conf *a =
-    (headers_conf *) ap_pcalloc(p, sizeof(headers_conf));
-
-    a->headers = ap_make_array(p, 2, sizeof(header_entry));
-    return a;
-}
-
-static void *create_headers_dir_config(pool *p, char *d)
-{
-    return (headers_conf *) create_headers_config(p, NULL);
-}
-
-static void *merge_headers_config(pool *p, void *basev, void *overridesv)
-{
-    headers_conf *a =
-    (headers_conf *) ap_pcalloc(p, sizeof(headers_conf));
-    headers_conf *base = (headers_conf *) basev, *overrides = (headers_conf *) overridesv;
-
-    a->headers = ap_append_arrays(p, base->headers, overrides->headers);
-
-    return a;
-}
-
-static const char *header_cmd(cmd_parms *cmd, headers_conf * dirconf, char *action, char *hdr, char *value, hdrs_inout inout )
-{
-    header_entry *new;
-    server_rec *s = cmd->server;
-    headers_conf *serverconf =
-    (headers_conf *) ap_get_module_config(s->module_config, &headers_module);
-    char *colon;
-
-    if (cmd->path) {
-        new = (header_entry *) ap_push_array(dirconf->headers);
-    }
-    else {
-        new = (header_entry *) ap_push_array(serverconf->headers);
-    }
-
-    if (cmd->info) {
-	new->do_err = 1;
-    } else {
-	new->do_err = 0;
-    }
-
-    new->inout = inout;
-
-    if (!strcasecmp(action, "set"))
-        new->action = hdr_set;
-    else if (!strcasecmp(action, "add"))
-        new->action = hdr_add;
-    else if (!strcasecmp(action, "append"))
-        new->action = hdr_append;
-    else if (!strcasecmp(action, "unset"))
-        new->action = hdr_unset;
-    else
-        return "first argument must be add, set, append or unset.";
-
-    if (new->action == hdr_unset) {
-        if (value)
-            return "Header unset takes two arguments";
-    }
-    else if (!value)
-        return "Header requires three arguments";
-
-    if ((colon = strchr(hdr, ':')))
-        *colon = '\0';
-
-    new->header = hdr;
-    new->value = value;
-
-    return NULL;
-}
-
-static const char *outheader_cmd(cmd_parms *cmd, headers_conf * dirconf, char *action, char *hdr, char *value)
-{
-    header_cmd( cmd, dirconf, action, hdr, value, hdrs_out );
-}
-
-static const char *inheader_cmd(cmd_parms *cmd, headers_conf * dirconf, char *action, char *hdr, char *value)
-{
-    header_cmd( cmd, dirconf, action, hdr, value, hdrs_in );
-}
-
-static const command_rec headers_cmds[] =
-{
-    {"Header", outheader_cmd, NULL, OR_FILEINFO, TAKE23,
-     "an action, header and value"},
-    {"RequestHeader", inheader_cmd, NULL, OR_FILEINFO, TAKE23,
-     "an action, header and value"},
-    {"ErrorHeader", outheader_cmd, (void *)1, OR_FILEINFO, TAKE23,
-     "an action, header and value"},
-    {NULL}
-};
-
-static void do_headers_fixup(request_rec *r, array_header *headers)
-{
-    int i;
-
-    for (i = 0; i < headers->nelts; ++i) {
-        header_entry *hdr = &((header_entry *) (headers->elts))[i];
-        table *tbl;
-        switch (hdr->inout) {
-        case hdrs_out:
-            tbl = (hdr->do_err ? r->err_headers_out : r->headers_out);
-            break;
-        case hdrs_in:
-            tbl = r->headers_in;
-            break;
-        }
-        switch (hdr->action) {
-        case hdr_add:
-            ap_table_addn(tbl, hdr->header, hdr->value);
-            break;
-        case hdr_append:
-            ap_table_mergen(tbl, hdr->header, hdr->value);
-            break;
-        case hdr_set:
-            ap_table_setn(tbl, hdr->header, hdr->value);
-            break;
-        case hdr_unset:
-            ap_table_unset(tbl, hdr->header);
-            break;
-        }
-    }
-
-}
-
-static int fixup_headers(request_rec *r)
-{
-    void *sconf = r->server->module_config;
-    headers_conf *serverconf =
-    (headers_conf *) ap_get_module_config(sconf, &headers_module);
-    void *dconf = r->per_dir_config;
-    headers_conf *dirconf =
-    (headers_conf *) ap_get_module_config(dconf, &headers_module);
-
-    do_headers_fixup(r, serverconf->headers);
-    do_headers_fixup(r, dirconf->headers);
-
-    return DECLINED;
-}
-
-module MODULE_VAR_EXPORT headers_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_headers_dir_config,  /* dir config creater */
-    merge_headers_config,       /* dir merger --- default is to override */
-    create_headers_config,      /* server config */
-    merge_headers_config,       /* merge server configs */
-    headers_cmds,               /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    fixup_headers,              /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_imap.c b/usr.sbin/httpd/src/modules/standard/mod_imap.c
deleted file mode 100644
index 8d04cbd00ff..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_imap.c
+++ /dev/null
@@ -1,918 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * This imagemap module started as a port of the original imagemap.c
- * written by Rob McCool (11/13/93 robm@ncsa.uiuc.edu).
- * This version includes the mapping algorithms found in version 1.3
- * of imagemap.c.
- *
- * Contributors to this code include:
- *
- * Kevin Hughes, kevinh@pulua.hcc.hawaii.edu
- *
- * Eric Haines, erich@eye.com
- * "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com
- *
- * Randy Terbush, randy@zyzzyva.com
- * port to Apache module format, "base_uri" and support for relative URLs
- * 
- * James H. Cloos, Jr., cloos@jhcloos.com
- * Added point datatype, using code in NCSA's version 1.8 imagemap.c
- * program, as distributed with version 1.4.1 of their server.
- * The point code is originally added by Craig Milo Rogers, Rogers@ISI.Edu
- *
- * Nathan Kurz, nate@tripod.com
- * Rewrite/reorganization.  New handling of default, base and relative URLs.  
- * New Configuration directives:
- *    ImapMenu {none, formatted, semiformatted, unformatted}
- *    ImapDefault {error, nocontent, referer, menu, URL}
- *    ImapBase {map, referer, URL}
- * Support for creating non-graphical menu added.  (backwards compatible):
- *    Old:  directive URL [x,y ...]
- *    New:  directive URL "Menu text" [x,y ...]
- *     or:  directive URL x,y ... "Menu text"
- * Map format and menu concept courtesy Joshua Bell, jsbell@acs.ucalgary.ca.
- *
- * Mark Cox, mark@ukweb.com, Allow relative URLs even when no base specified
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_main.h"
-#include "http_log.h"
-#include "util_script.h"
-
-#define IMAP_MAGIC_TYPE "application/x-httpd-imap"
-#define MAXVERTS 100
-#define X 0
-#define Y 1
-
-#define IMAP_MENU_DEFAULT "formatted"
-#define IMAP_DEFAULT_DEFAULT "nocontent"
-#define IMAP_BASE_DEFAULT "map"
-
-module MODULE_VAR_EXPORT imap_module;
-
-typedef struct {
-    char *imap_menu;
-    char *imap_default;
-    char *imap_base;
-} imap_conf_rec;
-
-static void *create_imap_dir_config(pool *p, char *dummy)
-{
-    imap_conf_rec *icr =
-    (imap_conf_rec *) ap_palloc(p, sizeof(imap_conf_rec));
-
-    icr->imap_menu = NULL;
-    icr->imap_default = NULL;
-    icr->imap_base = NULL;
-
-    return icr;
-}
-
-static void *merge_imap_dir_configs(pool *p, void *basev, void *addv)
-{
-    imap_conf_rec *new = (imap_conf_rec *) ap_pcalloc(p, sizeof(imap_conf_rec));
-    imap_conf_rec *base = (imap_conf_rec *) basev;
-    imap_conf_rec *add = (imap_conf_rec *) addv;
-
-    new->imap_menu = add->imap_menu ? add->imap_menu : base->imap_menu;
-    new->imap_default = add->imap_default ? add->imap_default
-                                          : base->imap_default;
-    new->imap_base = add->imap_base ? add->imap_base : base->imap_base;
-
-    return new;
-}
-
-
-static const command_rec imap_cmds[] =
-{
-    {"ImapMenu", ap_set_string_slot,
-     (void *) XtOffsetOf(imap_conf_rec, imap_menu), OR_INDEXES, TAKE1,
- "the type of menu generated: none, formatted, semiformatted, unformatted"},
-    {"ImapDefault", ap_set_string_slot,
-     (void *) XtOffsetOf(imap_conf_rec, imap_default), OR_INDEXES, TAKE1,
-     "the action taken if no match: error, nocontent, referer, menu, URL"},
-    {"ImapBase", ap_set_string_slot,
-     (void *) XtOffsetOf(imap_conf_rec, imap_base), OR_INDEXES, TAKE1,
-     "the base for all URL's: map, referer, URL (or start of)"},
-    {NULL}
-};
-
-static int pointinrect(const double point[2], double coords[MAXVERTS][2])
-{
-    double max[2], min[2];
-    if (coords[0][X] > coords[1][X]) {
-        max[0] = coords[0][X];
-        min[0] = coords[1][X];
-    }
-    else {
-        max[0] = coords[1][X];
-        min[0] = coords[0][X];
-    }
-
-    if (coords[0][Y] > coords[1][Y]) {
-        max[1] = coords[0][Y];
-        min[1] = coords[1][Y];
-    }
-    else {
-        max[1] = coords[1][Y];
-        min[1] = coords[0][Y];
-    }
-
-    return ((point[X] >= min[0] && point[X] <= max[0]) &&
-            (point[Y] >= min[1] && point[Y] <= max[1]));
-}
-
-static int pointincircle(const double point[2], double coords[MAXVERTS][2])
-{
-    double radius1, radius2;
-
-    radius1 = ((coords[0][Y] - coords[1][Y]) * (coords[0][Y] - coords[1][Y]))
-        + ((coords[0][X] - coords[1][X]) * (coords[0][X] - coords[1][X]));
-
-    radius2 = ((coords[0][Y] - point[Y]) * (coords[0][Y] - point[Y]))
-        + ((coords[0][X] - point[X]) * (coords[0][X] - point[X]));
-
-    return (radius2 <= radius1);
-}
-
-#define fmin(a,b) (((a)>(b))?(b):(a))
-#define fmax(a,b) (((a)>(b))?(a):(b))
-
-static int pointinpoly(const double point[2], double pgon[MAXVERTS][2])
-{
-    int i, numverts, crossings = 0;
-    double x = point[X], y = point[Y];
-
-    for (numverts = 0; pgon[numverts][X] != -1 && numverts < MAXVERTS;
-	numverts++) {
-	/* just counting the vertexes */
-    }
-
-    for (i = 0; i < numverts; i++) {
-        double x1=pgon[i][X];
-        double y1=pgon[i][Y];
-        double x2=pgon[(i + 1) % numverts][X];
-        double y2=pgon[(i + 1) % numverts][Y];
-        double d=(y - y1) * (x2 - x1) - (x - x1) * (y2 - y1);
-
-        if ((y1 >= y) != (y2 >= y)) {
-	    crossings +=y2 - y1 >= 0 ? d >= 0 : d <= 0;
-	}
-        if (!d && fmin(x1,x2) <= x && x <= fmax(x1,x2)
-	    && fmin(y1,y2) <= y && y <= fmax(y1,y2)) {
-	    return 1;
-	}
-    }
-    return crossings & 0x01;
-}
-
-
-static int is_closer(const double point[2], double coords[MAXVERTS][2],
-                     double *closest)
-{
-    double dist_squared = ((point[X] - coords[0][X])
-                           * (point[X] - coords[0][X]))
-                          + ((point[Y] - coords[0][Y])
-                             * (point[Y] - coords[0][Y]));
-
-    if (point[X] < 0 || point[Y] < 0) {
-        return (0);          /* don't mess around with negative coordinates */
-    }
-
-    if (*closest < 0 || dist_squared < *closest) {
-        *closest = dist_squared;
-        return (1);          /* if this is the first point or is the closest yet
-                                set 'closest' equal to this distance^2 */
-    }
-
-    return (0);              /* if it's not the first or closest */
-
-}
-
-static double get_x_coord(const char *args)
-{
-    char *endptr;               /* we want it non-null */
-    double x_coord = -1;        /* -1 is returned if no coordinate is given */
-
-    if (args == NULL) {
-        return (-1);            /* in case we aren't passed anything */
-    }
-
-    while (*args && !ap_isdigit(*args) && *args != ',') {
-        args++;                 /* jump to the first digit, but not past
-                                   a comma or end */
-    }
-
-    x_coord = strtod(args, &endptr);
-
-    if (endptr > args) {        /* if a conversion was made */
-        return (x_coord);
-    }
-
-    return (-1);                /* else if no conversion was made,
-                                   or if no args was given */
-}
-
-static double get_y_coord(const char *args)
-{
-    char *endptr;               /* we want it non-null */
-    char *start_of_y = NULL;
-    double y_coord = -1;        /* -1 is returned on error */
-
-    if (args == NULL) {
-        return (-1);            /* in case we aren't passed anything */
-    }
-
-    start_of_y = strchr(args, ',');     /* the comma */
-
-    if (start_of_y) {
-
-        start_of_y++;           /* start looking at the character after
-                                   the comma */
-
-        while (*start_of_y && !ap_isdigit(*start_of_y)) {
-            start_of_y++;       /* jump to the first digit, but not
-                                   past the end */
-	}
-
-        y_coord = strtod(start_of_y, &endptr);
-
-        if (endptr > start_of_y) {
-            return (y_coord);
-	}
-    }
-
-    return (-1);                /* if no conversion was made, or
-                                   no comma was found in args */
-}
-
-
-/* See if string has a "quoted part", and if so set *quoted_part to
- * the first character of the quoted part, then hammer a \0 onto the
- * trailing quote, and set *string to point at the first character
- * past the second quote.
- *
- * Otherwise set *quoted_part to NULL, and leave *string alone.
- */
-static void read_quoted(char **string, char **quoted_part)
-{
-    char *strp = *string;
-
-    /* assume there's no quoted part */
-    *quoted_part = NULL;
-
-    while (ap_isspace(*strp)) {
-        strp++;               	/* go along string until non-whitespace */
-    }
-
-    if (*strp == '"') {       	/* if that character is a double quote */
-        strp++;               	/* step over it */
-	*quoted_part = strp;  	/* note where the quoted part begins */
-
-        while (*strp && *strp != '"') {
-	    ++strp;		/* skip the quoted portion */
-        }
-
-        *strp = '\0';    	/* end the string with a NUL */
-
-        strp++;               	/* step over the last double quote */
-	*string = strp;
-    }
-}
-
-/*
- * returns the mapped URL or NULL.
- */
-static char *imap_url(request_rec *r, const char *base, const char *value)
-{
-/* translates a value into a URL. */
-    int slen, clen;
-    char *string_pos = NULL;
-    const char *string_pos_const = NULL;
-    char *directory = NULL;
-    const char *referer = NULL;
-    char *my_base;
-
-    if (!strcasecmp(value, "map") || !strcasecmp(value, "menu")) {
-	return ap_construct_url(r->pool, r->uri, r);
-    }
-
-    if (!strcasecmp(value, "nocontent") || !strcasecmp(value, "error")) {
-        return ap_pstrdup(r->pool, value);      /* these are handled elsewhere,
-                                                so just copy them */
-    }
-
-    if (!strcasecmp(value, "referer")) {
-        referer = ap_table_get(r->headers_in, "Referer");
-        if (referer && *referer) {
-	    return ap_escape_html(r->pool, referer);
-        }
-        else {
-	    /* XXX:  This used to do *value = '\0'; ... which is totally bogus
-	     * because it hammers the passed in value, which can be a string
-             * constant, or part of a config, or whatever.  Total garbage.
-             * This works around that without changing the rest of this
-             * code much
-             */
-            value = "";      /* if 'referer' but no referring page,
-                                null the value */
-        }
-    }
-
-    string_pos_const = value;
-    while (ap_isalpha(*string_pos_const)) {
-	string_pos_const++;           /* go along the URL from the map
-                                         until a non-letter */
-    }
-    if (*string_pos_const == ':') {
-	/* if letters and then a colon (like http:) */
-	/* it's an absolute URL, so use it! */
-	return ap_pstrdup(r->pool, value);
-    }
-
-    if (!base || !*base) {
-        if (value && *value) {
-	    return ap_pstrdup(r->pool, value); /* no base: use what is given */
-        }
-	/* no base, no value: pick a simple default */
-	return ap_construct_url(r->pool, "/", r);
-    }
-
-    /* must be a relative URL to be combined with base */
-    if (strchr(base, '/') == NULL && (!strncmp(value, "../", 3)
-        || !strcmp(value, ".."))) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "invalid base directive in map file: %s", r->uri);
-        return NULL;
-    }
-    my_base = ap_pstrdup(r->pool, base);
-    string_pos = my_base;
-    while (*string_pos) {
-        if (*string_pos == '/' && *(string_pos + 1) == '/') {
-            string_pos += 2;    /* if there are two slashes, jump over them */
-            continue;
-        }
-        if (*string_pos == '/') {       /* the first single slash */
-            if (value[0] == '/') {
-                *string_pos = '\0';
-            }                   /* if the URL from the map starts from root,
-                                   end the base URL string at the first single
-                                   slash */
-            else {
-                directory = string_pos;         /* save the start of
-                                                   the directory portion */
-
-                string_pos = strrchr(string_pos, '/');  /* now reuse
-                                                           string_pos */
-                string_pos++;   /* step over that last slash */
-                *string_pos = '\0';
-            }                   /* but if the map url is relative, leave the
-                                   slash on the base (if there is one) */
-            break;
-        }
-        string_pos++;           /* until we get to the end of my_base without
-                                   finding a slash by itself */
-    }
-
-    while (!strncmp(value, "../", 3) || !strcmp(value, "..")) {
-
-        if (directory && (slen = strlen(directory))) {
-
-            /* for each '..',  knock a directory off the end 
-               by ending the string right at the last slash.
-               But only consider the directory portion: don't eat
-               into the server name.  And only try if a directory
-               portion was found */
-
-            clen = slen - 1;
-
-            while ((slen - clen) == 1) {
-
-                if ((string_pos = strrchr(directory, '/'))) {
-                    *string_pos = '\0';
-		}
-                clen = strlen(directory);
-                if (clen == 0) {
-                    break;
-		}
-            }
-
-            value += 2;         /* jump over the '..' that we found in the
-                                   value */
-        }
-        else if (directory) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "invalid directory name in map file: %s", r->uri);
-            return NULL;
-        }
-
-        if (!strncmp(value, "/../", 4) || !strcmp(value, "/..")) {
-            value++;            /* step over the '/' if there are more '..'
-                                   to do.  This way, we leave the starting
-                                   '/' on value after the last '..', but get
-                                   rid of it otherwise */
-	}
-
-    }                           /* by this point, value does not start
-                                   with '..' */
-
-    if (value && *value) {
-	return ap_pstrcat(r->pool, my_base, value, NULL);
-    }
-    return my_base;
-}
-
-static int imap_reply(request_rec *r, char *redirect)
-{
-    if (!strcasecmp(redirect, "error")) {
-        return SERVER_ERROR;    /* they actually requested an error! */
-    }
-    if (!strcasecmp(redirect, "nocontent")) {
-        return HTTP_NO_CONTENT; /* tell the client to keep the page it has */
-    }
-    if (redirect && *redirect) {
-        ap_table_setn(r->headers_out, "Location", redirect);
-        return REDIRECT;        /* must be a URL, so redirect to it */
-    }
-    return SERVER_ERROR;
-}
-
-static void menu_header(request_rec *r, char *menu)
-{
-    r->content_type = "text/html; charset=ISO-8859-1";
-    ap_send_http_header(r);
-    ap_hard_timeout("send menu", r);       /* killed in menu_footer */
-
-    ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ", 
-              ap_escape_html(r->pool, r->uri),
-              "\n\n", NULL);
-
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rvputs(r, "
    Menu for ", ap_escape_html(r->pool, r->uri),
-                  "
    \n
    \n\n", NULL);
-    }
-
-    return;
-}
-
-static void menu_blank(request_rec *r, char *menu)
-{
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rputs("\n", r);
-    }
-    if (!strcasecmp(menu, "semiformatted")) {
-        ap_rputs("
    \n", r);
-    }
-    if (!strcasecmp(menu, "unformatted")) {
-        ap_rputs("\n", r);
-    }
-    return;
-}
-
-static void menu_comment(request_rec *r, char *menu, char *comment)
-{
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rputs("\n", r);         /* print just a newline if 'formatted' */
-    }
-    if (!strcasecmp(menu, "semiformatted") && *comment) {
-        ap_rvputs(r, comment, "\n", NULL);
-    }
-    if (!strcasecmp(menu, "unformatted") && *comment) {
-        ap_rvputs(r, comment, "\n", NULL);
-    }
-    return;                     /* comments are ignored in the
-                                   'formatted' form */
-}
-
-static void menu_default(request_rec *r, char *menu, char *href, char *text)
-{
-    if (!strcasecmp(href, "error") || !strcasecmp(href, "nocontent")) {
-        return;                 /* don't print such lines, these aren't
-                                   really href's */
-    }
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rvputs(r, "
    (Default) ", text,
-               "
    \n", NULL);
-    }
-    if (!strcasecmp(menu, "semiformatted")) {
-        ap_rvputs(r, "
    (Default) ", text,
-               "
    \n", NULL);
-    }
-    if (!strcasecmp(menu, "unformatted")) {
-        ap_rvputs(r, "", text, "", NULL);
-    }
-    return;
-}
-
-static void menu_directive(request_rec *r, char *menu, char *href, char *text)
-{
-    if (!strcasecmp(href, "error") || !strcasecmp(href, "nocontent")) {
-        return;                 /* don't print such lines, as this isn't
-                                   really an href */
-    }
-    if (!strcasecmp(menu, "formatted")) {
-        ap_rvputs(r, "
              ", text,
-               "
    \n", NULL);
-    }
-    if (!strcasecmp(menu, "semiformatted")) {
-        ap_rvputs(r, "
              ", text,
-               "
    \n", NULL);
-    }
-    if (!strcasecmp(menu, "unformatted")) {
-        ap_rvputs(r, "", text, "", NULL);
-    }
-    return;
-}
-
-static void menu_footer(request_rec *r)
-{
-    ap_rputs("\n\n\n\n", r);         /* finish the menu */
-    ap_kill_timeout(r);
-}
-
-static int imap_handler(request_rec *r)
-{
-    char input[MAX_STRING_LEN];
-    char *directive;
-    char *value;
-    char *href_text;
-    char *base;
-    char *redirect;
-    char *mapdflt;
-    char *closest = NULL;
-    double closest_yet = -1;
-
-    double testpoint[2];
-    double pointarray[MAXVERTS + 1][2];
-    int vertex;
-
-    char *string_pos;
-    int showmenu = 0;
-
-    imap_conf_rec *icr = ap_get_module_config(r->per_dir_config, &imap_module);
-
-    char *imap_menu = icr->imap_menu ? icr->imap_menu : IMAP_MENU_DEFAULT;
-    char *imap_default = icr->imap_default
-			    ?  icr->imap_default : IMAP_DEFAULT_DEFAULT;
-    char *imap_base = icr->imap_base ? icr->imap_base : IMAP_BASE_DEFAULT;
-
-    configfile_t *imap; 
-
-    if (r->method_number != M_GET) {
-	return DECLINED;
-    }
-
-    imap = ap_pcfg_openfile(r->pool, r->filename);
-
-    if (!imap) {
-        return NOT_FOUND;
-    }
-
-    base = imap_url(r, NULL, imap_base);         /* set base according
-                                                    to default */
-    if (!base) {
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-    mapdflt = imap_url(r, NULL, imap_default);   /* and default to
-                                                    global default */
-    if (!mapdflt) {
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    testpoint[X] = get_x_coord(r->args);
-    testpoint[Y] = get_y_coord(r->args);
-
-    if ((testpoint[X] == -1 || testpoint[Y] == -1) ||
-        (testpoint[X] == 0 && testpoint[Y] == 0)) {
-        /* if either is -1 or if both are zero (new Lynx) */
-        /* we don't have valid coordinates */
-        testpoint[X] = -1;
-        testpoint[Y] = -1;
-        if (strncasecmp(imap_menu, "none", 2)) {
-            showmenu = 1;       /* show the menu _unless_ ImapMenu is
-                                   'none' or 'no' */
-	}
-    }
-
-    if (showmenu) {             /* send start of imagemap menu if
-                                   we're going to */
-        menu_header(r, imap_menu);
-    }
-
-    while (!ap_cfg_getline(input, sizeof(input), imap)) {
-        if (!input[0]) {
-            if (showmenu) {
-                menu_blank(r, imap_menu);
-            }
-            continue;
-        }
-
-        if (input[0] == '#') {
-            if (showmenu) {
-                menu_comment(r, imap_menu, input + 1);
-            }
-            continue;
-        }                       /* blank lines and comments are ignored
-                                   if we aren't printing a menu */
-
-	/* find the first two space delimited fields, recall that
-	 * ap_cfg_getline has removed leading/trailing whitespace.
-	 *
-	 * note that we're tokenizing as we go... if we were to use the
-	 * ap_getword() class of functions we would end up allocating extra
-	 * memory for every line of the map file
-	 */
-        string_pos = input;
-	if (!*string_pos) {		/* need at least two fields */
-	    goto need_2_fields;
-	}
-
-	directive = string_pos;
-	while (*string_pos && !ap_isspace(*string_pos)) {	/* past directive */
-	    ++string_pos;
-	}
-	if (!*string_pos) {		/* need at least two fields */
-	    goto need_2_fields;
-	}
-	*string_pos++ = '\0';
-
-	if (!*string_pos) {		/* need at least two fields */
-	    goto need_2_fields;
-	}
-	while(ap_isspace(*string_pos)) { /* past whitespace */
-	    ++string_pos;
-	}
-
-	value = string_pos;
-	while (*string_pos && !ap_isspace(*string_pos)) {	/* past value */
-	    ++string_pos;
-	}
-	if (ap_isspace(*string_pos)) {
-	    *string_pos++ = '\0';
-	}
-	else {
-	    /* end of input, don't advance past it */
-	    *string_pos = '\0';
-	}
-
-        if (!strncasecmp(directive, "base", 4)) {       /* base, base_uri */
-            base = imap_url(r, NULL, value);
-	    if (!base) {
-		goto menu_bail;
-	    }
-            continue;           /* base is never printed to a menu */
-        }
-
-        read_quoted(&string_pos, &href_text);
-
-        if (!strcasecmp(directive, "default")) {        /* default */
-            mapdflt = imap_url(r, NULL, value);
-	    if (!mapdflt) {
-		goto menu_bail;
-	    }
-            if (showmenu) {     /* print the default if there's a menu */
-                redirect = imap_url(r, base, mapdflt);
-		if (!redirect) {
-		    goto menu_bail;
-		}
-                menu_default(r, imap_menu, redirect,
-                             href_text ? href_text : mapdflt);
-            }
-            continue;
-        }
-
-        vertex = 0;
-        while (vertex < MAXVERTS &&
-               sscanf(string_pos, "%lf%*[, ]%lf",
-                      &pointarray[vertex][X], &pointarray[vertex][Y]) == 2) {
-            /* Now skip what we just read... we can't use ANSIism %n */
-            while (ap_isspace(*string_pos)) {      /* past whitespace */
-                string_pos++;
-	    }
-            while (ap_isdigit(*string_pos)) {      /* and the 1st number */
-                string_pos++;
-	    }
-            string_pos++;       /* skip the ',' */
-            while (ap_isspace(*string_pos)) {      /* past any more whitespace */
-                string_pos++;
-	    }
-            while (ap_isdigit(*string_pos)) {      /* 2nd number */
-                string_pos++;
-	    }
-            vertex++;
-        }                       /* so long as there are more vertices to
-                                   read, and we have room, read them in.
-                                   We start where we left off of the last
-                                   sscanf, not at the beginning. */
-
-        pointarray[vertex][X] = -1;     /* signals the end of vertices */
-
-        if (showmenu) {
-	    if (!href_text) {
-		read_quoted(&string_pos, &href_text);     /* href text could
-                                                             be here instead */
-	    }
-            redirect = imap_url(r, base, value);
-	    if (!redirect) {
-		goto menu_bail;
-	    }
-            menu_directive(r, imap_menu, redirect,
-                           href_text ? href_text : value);
-            continue;
-        }
-        /* note that we don't make it past here if we are making a menu */
-
-        if (testpoint[X] == -1 || pointarray[0][X] == -1) {
-            continue;           /* don't try the following tests if testpoints
-                                   are invalid, or if there are no
-                                   coordinates */
-	}
-
-        if (!strcasecmp(directive, "poly")) {   /* poly */
-
-            if (pointinpoly(testpoint, pointarray)) {
-		ap_cfg_closefile(imap);
-                redirect = imap_url(r, base, value);
-		if (!redirect) {
-		    return HTTP_INTERNAL_SERVER_ERROR;
-		}
-                return (imap_reply(r, redirect));
-            }
-            continue;
-        }
-
-        if (!strcasecmp(directive, "circle")) {         /* circle */
-
-            if (pointincircle(testpoint, pointarray)) {
-		ap_cfg_closefile(imap);
-                redirect = imap_url(r, base, value);
-		if (!redirect) {
-		    return HTTP_INTERNAL_SERVER_ERROR;
-		}
-                return (imap_reply(r, redirect));
-            }
-            continue;
-        }
-
-        if (!strcasecmp(directive, "rect")) {   /* rect */
-
-            if (pointinrect(testpoint, pointarray)) {
-		ap_cfg_closefile(imap);
-                redirect = imap_url(r, base, value);
-		if (!redirect) {
-		    return HTTP_INTERNAL_SERVER_ERROR;
-		}
-                return (imap_reply(r, redirect));
-            }
-            continue;
-        }
-
-        if (!strcasecmp(directive, "point")) {  /* point */
-
-            if (is_closer(testpoint, pointarray, &closest_yet)) {
-		closest = ap_pstrdup(r->pool, value);
-            }
-
-            continue;
-        }                       /* move on to next line whether it's
-                                   closest or not */
-
-    }                           /* nothing matched, so we get another line! */
-
-    ap_cfg_closefile(imap);        /* we are done with the map file; close it */
-
-    if (showmenu) {
-        menu_footer(r);         /* finish the menu and we are done */
-        return OK;
-    }
-
-    if (closest) {             /* if a 'point' directive has been seen */
-        redirect = imap_url(r, base, closest);
-	if (!redirect) {
-	    return HTTP_INTERNAL_SERVER_ERROR;
-	}
-        return (imap_reply(r, redirect));
-    }
-
-    if (mapdflt) {             /* a default should be defined, even if
-                                  only 'nocontent' */
-        redirect = imap_url(r, base, mapdflt);
-	if (!redirect) {
-	    return HTTP_INTERNAL_SERVER_ERROR;
-	}
-        return (imap_reply(r, redirect));
-    }
-
-    return HTTP_INTERNAL_SERVER_ERROR;        /* If we make it this far,
-                                                 we failed. They lose! */
-
-need_2_fields:
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		"map file %s, line %d syntax error: requires at "
-                "least two fields", r->uri, imap->line_number);
-    /* fall through */
-menu_bail:
-    ap_cfg_closefile(imap);
-    if (showmenu) {
-	/* There's not much else we can do ... we've already sent the headers
-	 * to the client.
-	 */
-	ap_rputs("\n\n[an internal server error occured]\n", r);
-	menu_footer(r);
-	return OK;
-    }
-    return HTTP_INTERNAL_SERVER_ERROR;
-}
-
-
-static const handler_rec imap_handlers[] =
-{
-    {IMAP_MAGIC_TYPE, imap_handler},
-    {"imap-file", imap_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT imap_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_imap_dir_config,     /* dir config creater */
-    merge_imap_dir_configs,     /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    imap_cmds,                  /* command table */
-    imap_handlers,              /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_include.c b/usr.sbin/httpd/src/modules/standard/mod_include.c
deleted file mode 100644
index 75518f5ff06..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_include.c
+++ /dev/null
@@ -1,2523 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_include.c: Handles the server-parsed HTML documents
- * 
- * Original by Rob McCool; substantial fixups by David Robinson;
- * incorporated into the Apache module framework by rst.
- * 
- */
-/* 
- * sub key may be anything a Perl*Handler can be:
- * subroutine name, package name (defaults to package::handler),
- * Class->method call or anoymous sub {}
- *
- * Child  accessed
- *  times. 
    
- *
- * 
- *
- * -Doug MacEachern
- */
-
-#ifdef USE_PERL_SSI
-#include "config.h"
-#undef VOIDUSED
-#ifdef USE_SFIO
-#undef USE_SFIO
-#define USE_STDIO
-#endif
-#include "modules/perl/mod_perl.h"
-#else
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "util_script.h"
-#endif
-
-#define STARTING_SEQUENCE ""
-#define DEFAULT_ERROR_MSG "[an error occurred while processing this directive]"
-#define DEFAULT_TIME_FORMAT "%A, %d-%b-%Y %H:%M:%S %Z"
-#define SIZEFMT_BYTES 0
-#define SIZEFMT_KMG 1
-#define RAW_ASCII_CHAR(ch)  (ch)
-
-module MODULE_VAR_EXPORT includes_module;
-
-/* ------------------------ Environment function -------------------------- */
-
-/* XXX: could use ap_table_overlap here */
-static void add_include_vars(request_rec *r, char *timefmt)
-{
-    struct passwd *pw;
-    table *e = r->subprocess_env;
-    char *t;
-    time_t date = r->request_time;
-
-    ap_table_setn(e, "DATE_LOCAL", ap_ht_time(r->pool, date, timefmt, 0));
-    ap_table_setn(e, "DATE_GMT", ap_ht_time(r->pool, date, timefmt, 1));
-    ap_table_setn(e, "LAST_MODIFIED",
-              ap_ht_time(r->pool, r->finfo.st_mtime, timefmt, 0));
-    ap_table_setn(e, "DOCUMENT_URI", r->uri);
-    ap_table_setn(e, "DOCUMENT_PATH_INFO", r->path_info);
-    pw = getpwuid(r->finfo.st_uid);
-    if (pw) {
-        ap_table_setn(e, "USER_NAME", ap_pstrdup(r->pool, pw->pw_name));
-    }
-    else {
-        ap_table_setn(e, "USER_NAME", ap_psprintf(r->pool, "user#%lu",
-                    (unsigned long) r->finfo.st_uid));
-    }
-
-    if ((t = strrchr(r->filename, '/'))) {
-        ap_table_setn(e, "DOCUMENT_NAME", ++t);
-    }
-    else {
-        ap_table_setn(e, "DOCUMENT_NAME", r->uri);
-    }
-    if (r->args) {
-        char *arg_copy = ap_pstrdup(r->pool, r->args);
-
-        ap_unescape_url(arg_copy);
-        ap_table_setn(e, "QUERY_STRING_UNESCAPED",
-                  ap_escape_shell_cmd(r->pool, arg_copy));
-    }
-}
-
-
-
-/* --------------------------- Parser functions --------------------------- */
-
-#define OUTBUFSIZE 4096
-/* PUT_CHAR and FLUSH_BUF currently only work within the scope of 
- * find_string(); they are hacks to avoid calling rputc for each and
- * every character output.  A common set of buffering calls for this 
- * type of output SHOULD be implemented.
- */
-#define PUT_CHAR(c,r) \
- { \
-    outbuf[outind++] = c; \
-    if (outind == OUTBUFSIZE) { \
-        FLUSH_BUF(r) \
-    }; \
- }
-
-/* there SHOULD be some error checking on the return value of
- * rwrite, however it is unclear what the API for rwrite returning
- * errors is and little can really be done to help the error in 
- * any case.
- */
-#define FLUSH_BUF(r) \
- { \
-   ap_rwrite(outbuf, outind, r); \
-   outind = 0; \
- }
-
-/*
- * f: file handle being read from
- * c: character to read into
- * ret: return value to use if input fails
- * r: current request_rec
- *
- * This macro is redefined after find_string() for historical reasons
- * to avoid too many code changes.  This is one of the many things
- * that should be fixed.
- */
-#define GET_CHAR(f,c,ret,r) \
- { \
-   int i = getc(f); \
-   if (i == EOF) { /* either EOF or error -- needs error handling if latter */ \
-       if (ferror(f)) { \
-           fprintf(stderr, "encountered error in GET_CHAR macro, " \
-                   "mod_include.\n"); \
-       } \
-       FLUSH_BUF(r); \
-       ap_pfclose(r->pool, f); \
-       return ret; \
-   } \
-   c = (char)i; \
- }
-
-static int find_string(FILE *in, const char *str, request_rec *r, int printing)
-{
-    int x, l = strlen(str), p;
-    char outbuf[OUTBUFSIZE];
-    int outind = 0;
-    char c;
-
-    p = 0;
-    while (1) {
-        GET_CHAR(in, c, 1, r);
-        if (c == str[p]) {
-            if ((++p) == l) {
-                FLUSH_BUF(r);
-                return 0;
-            }
-        }
-        else {
-            if (printing) {
-                for (x = 0; x < p; x++) {
-                    PUT_CHAR(str[x], r);
-                }
-                PUT_CHAR(c, r);
-            }
-            p = 0;
-        }
-    }
-}
-
-#undef FLUSH_BUF
-#undef PUT_CHAR
-#undef GET_CHAR
-#define GET_CHAR(f,c,r,p) \
- { \
-   int i = getc(f); \
-   if (i == EOF) { /* either EOF or error -- needs error handling if latter */ \
-       if (ferror(f)) { \
-           fprintf(stderr, "encountered error in GET_CHAR macro, " \
-                   "mod_include.\n"); \
-       } \
-       ap_pfclose(p, f); \
-       return r; \
-   } \
-   c = (char)i; \
- }
-
-/*
- * decodes a string containing html entities or numeric character references.
- * 's' is overwritten with the decoded string.
- * If 's' is syntatically incorrect, then the followed fixups will be made:
- *   unknown entities will be left undecoded;
- *   references to unused numeric characters will be deleted.
- *   In particular, � will not be decoded, but will be deleted.
- *
- * drtr
- */
-
-/* maximum length of any ISO-LATIN-1 HTML entity name. */
-#define MAXENTLEN (6)
-
-/* The following is a shrinking transformation, therefore safe. */
-
-static void decodehtml(char *s)
-{
-    int val, i, j;
-    char *p = s;
-    const char *ents;
-    static const char * const entlist[MAXENTLEN + 1] =
-    {
-        NULL,                   /* 0 */
-        NULL,                   /* 1 */
-        "lt\074gt\076",         /* 2 */
-        "amp\046ETH\320eth\360",        /* 3 */
-        "quot\042Auml\304Euml\313Iuml\317Ouml\326Uuml\334auml\344euml\353\
-iuml\357ouml\366uuml\374yuml\377",      /* 4 */
-        "Acirc\302Aring\305AElig\306Ecirc\312Icirc\316Ocirc\324Ucirc\333\
-THORN\336szlig\337acirc\342aring\345aelig\346ecirc\352icirc\356ocirc\364\
-ucirc\373thorn\376",            /* 5 */
-        "Agrave\300Aacute\301Atilde\303Ccedil\307Egrave\310Eacute\311\
-Igrave\314Iacute\315Ntilde\321Ograve\322Oacute\323Otilde\325Oslash\330\
-Ugrave\331Uacute\332Yacute\335agrave\340aacute\341atilde\343ccedil\347\
-egrave\350eacute\351igrave\354iacute\355ntilde\361ograve\362oacute\363\
-otilde\365oslash\370ugrave\371uacute\372yacute\375"     /* 6 */
-    };
-
-    for (; *s != '\0'; s++, p++) {
-        if (*s != '&') {
-            *p = *s;
-            continue;
-        }
-        /* find end of entity */
-        for (i = 1; s[i] != ';' && s[i] != '\0'; i++) {
-            continue;
-        }
-
-        if (s[i] == '\0') {     /* treat as normal data */
-            *p = *s;
-            continue;
-        }
-
-        /* is it numeric ? */
-        if (s[1] == '#') {
-            for (j = 2, val = 0; j < i && ap_isdigit(s[j]); j++) {
-                val = val * 10 + s[j] - '0';
-            }
-            s += i;
-            if (j < i || val <= 8 || (val >= 11 && val <= 31) ||
-                (val >= 127 && val <= 160) || val >= 256) {
-                p--;            /* no data to output */
-            }
-            else {
-                *p = RAW_ASCII_CHAR(val);
-            }
-        }
-        else {
-            j = i - 1;
-            if (j > MAXENTLEN || entlist[j] == NULL) {
-                /* wrong length */
-                *p = '&';
-                continue;       /* skip it */
-            }
-            for (ents = entlist[j]; *ents != '\0'; ents += i) {
-                if (strncmp(s + 1, ents, j) == 0) {
-                    break;
-                }
-            }
-
-            if (*ents == '\0') {
-                *p = '&';       /* unknown */
-            }
-            else {
-                *p = RAW_ASCII_CHAR(((const unsigned char *) ents)[j]);
-                s += i;
-            }
-        }
-    }
-
-    *p = '\0';
-}
-
-/*
- * extract the next tag name and value.
- * if there are no more tags, set the tag name to 'done'
- * the tag value is html decoded if dodecode is non-zero
- */
-
-static char *get_tag(request_rec *r, FILE *in, char *tag, int tagbuf_len, int dodecode)
-{
-    char *t = tag, *tag_val, c, term;
-    pool *p = r->pool;
-
-    /* makes code below a little less cluttered */
-    --tagbuf_len;
-
-    do {                        /* skip whitespace */
-        GET_CHAR(in, c, NULL, p);
-    } while (ap_isspace(c));
-
-    /* tags can't start with - */
-    if (c == '-') {
-        GET_CHAR(in, c, NULL, p);
-        if (c == '-') {
-            do {
-                GET_CHAR(in, c, NULL, p);
-            } while (ap_isspace(c));
-            if (c == '>') {
-                ap_cpystrn(tag, "done", tagbuf_len);
-                return tag;
-            }
-        }
-        return NULL;            /* failed */
-    }
-
-    /* find end of tag name */
-    while (1) {
-        if (t == tag + tagbuf_len) {
-            *t = '\0';
-            return NULL;
-        }
-        if (c == '=' || ap_isspace(c)) {
-            break;
-        }
-        *(t++) = ap_tolower(c);
-        GET_CHAR(in, c, NULL, p);
-    }
-
-    *t++ = '\0';
-    tag_val = t;
-
-    while (ap_isspace(c)) {
-        GET_CHAR(in, c, NULL, p);       /* space before = */
-    }
-    if (c != '=') {
-        ungetc(c, in);
-        return NULL;
-    }
-
-    do {
-        GET_CHAR(in, c, NULL, p);       /* space after = */
-    } while (ap_isspace(c));
-
-    /* we should allow a 'name' as a value */
-
-    if (c != '"' && c != '\'') {
-        return NULL;
-    }
-    term = c;
-    while (1) {
-        GET_CHAR(in, c, NULL, p);
-        if (t == tag + tagbuf_len) {
-            *t = '\0';
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                          "mod_include: value length exceeds limit"
-                          " (%d) in %s", tagbuf_len, r->filename);
-            return NULL;
-        }
-	/* Want to accept \" as a valid character within a string. */
-        if (c == '\\') {
-            GET_CHAR(in, c, NULL, p);
-            /* Insert backslash only if not escaping a terminator char */
-            if (c != term) {
-                *(t++) = '\\';
-                /*
-                 * check to make sure that adding in the backslash won't cause
-                 * an overflow, since we're now 1 character ahead.
-                 */
-                if (t == tag + tagbuf_len) {
-                    *t = '\0';
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                  "mod_include: value length exceeds limit"
-                                  " (%d) in %s", tagbuf_len, r->filename);
-                    return NULL;
-                }
-            }
-        }
-        else if (c == term) {
-            break;
-        }
-        *(t++) = c;
-    }
-    *t = '\0';
-    if (dodecode) {
-        decodehtml(tag_val);
-    }
-    return ap_pstrdup(p, tag_val);
-}
-
-static int get_directive(FILE *in, char *dest, size_t len, pool *p)
-{
-    char *d = dest;
-    char c;
-
-    /* make room for nul terminator */
-    --len;
-
-    /* skip initial whitespace */
-    while (1) {
-        GET_CHAR(in, c, 1, p);
-        if (!ap_isspace(c)) {
-            break;
-        }
-    }
-    /* now get directive */
-    while (1) {
-	if (d == len + dest) {
-	    return 1;
-	}
-        *d++ = ap_tolower(c);
-        GET_CHAR(in, c, 1, p);
-        if (ap_isspace(c)) {
-            break;
-        }
-    }
-    *d = '\0';
-    return 0;
-}
-
-/*
- * Do variable substitution on strings
- */
-static void parse_string(request_rec *r, const char *in, char *out,
-			size_t length, int leave_name)
-{
-    char ch;
-    char *next = out;
-    char *end_out;
-
-    /* leave room for nul terminator */
-    end_out = out + length - 1;
-
-    while ((ch = *in++) != '\0') {
-        switch (ch) {
-        case '\\':
-	    if (next == end_out) {
-		/* truncated */
-		*next = '\0';
-		return;
-	    }
-            if (*in == '$') {
-                *next++ = *in++;
-            }
-            else {
-                *next++ = ch;
-            }
-            break;
-        case '$':
-            {
-		char var[MAX_STRING_LEN];
-		const char *start_of_var_name;
-		const char *end_of_var_name;	/* end of var name + 1 */
-		const char *expansion;
-		const char *val;
-		size_t l;
-
-		/* guess that the expansion won't happen */
-		expansion = in - 1;
-		if (*in == '{') {
-		    ++in;
-		    start_of_var_name = in;
-		    in = strchr(in, '}');
-		    if (in == NULL) {
-                        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
-				    r, "Missing '}' on variable \"%s\"",
-				    expansion);
-                        *next = '\0';
-                        return;
-                    }
-		    end_of_var_name = in;
-		    ++in;
-		}
-		else {
-		    start_of_var_name = in;
-		    while (ap_isalnum(*in) || *in == '_') {
-			++in;
-		    }
-		    end_of_var_name = in;
-		}
-		/* what a pain, too bad there's no table_getn where you can
-		 * pass a non-nul terminated string */
-		l = end_of_var_name - start_of_var_name;
-		if (l != 0) {
-		    l = (l > sizeof(var) - 1) ? (sizeof(var) - 1) : l;
-		    memcpy(var, start_of_var_name, l);
-		    var[l] = '\0';
-
-		    val = ap_table_get(r->subprocess_env, var);
-		    if (val) {
-			expansion = val;
-			l = strlen(expansion);
-		    }
-		    else if (leave_name) {
-			l = in - expansion;
-		    }
-		    else {
-			break;	/* no expansion to be done */
-		    }
-		}
-		else {
-		    /* zero-length variable name causes just the $ to be copied */
-		    l = 1;
-		}
-		l = (l + next > end_out) ? (end_out - next) : l;
-		memcpy(next, expansion, l);
-		next += l;
-                break;
-            }
-        default:
-	    if (next == end_out) {
-		/* truncated */
-		*next = '\0';
-		return;
-	    }
-            *next++ = ch;
-            break;
-        }
-    }
-    *next = '\0';
-    return;
-}
-
-/* --------------------------- Action handlers ---------------------------- */
-
-static int include_cgi(char *s, request_rec *r)
-{
-    request_rec *rr = ap_sub_req_lookup_uri(s, r);
-    int rr_status;
-
-    if (rr->status != HTTP_OK) {
-        return -1;
-    }
-
-    /* No hardwired path info or query allowed */
-
-    if ((rr->path_info && rr->path_info[0]) || rr->args) {
-        return -1;
-    }
-    if (rr->finfo.st_mode == 0) {
-        return -1;
-    }
-
-    /* Script gets parameters of the *document*, for back compatibility */
-
-    rr->path_info = r->path_info;       /* hard to get right; see mod_cgi.c */
-    rr->args = r->args;
-
-    /* Force sub_req to be treated as a CGI request, even if ordinary
-     * typing rules would have called it something else.
-     */
-
-    rr->content_type = CGI_MAGIC_TYPE;
-
-    /* Run it. */
-
-    rr_status = ap_run_sub_req(rr);
-    if (ap_is_HTTP_REDIRECT(rr_status)) {
-        const char *location = ap_table_get(rr->headers_out, "Location");
-        location = ap_escape_html(rr->pool, location);
-        ap_rvputs(r, "", location, "", NULL);
-    }
-
-    ap_destroy_sub_req(rr);
-    ap_chdir_file(r->filename);
-
-    return 0;
-}
-
-/* ensure that path is relative, and does not contain ".." elements
- * ensentially ensure that it does not match the regex:
- * (^/|(^|/)\.\.(/|$))
- * XXX: this needs os abstraction... consider c:..\foo in win32
- * ???: No, c:../foo is not relative to ., it's potentially on another volume
- */
-static int is_only_below(const char *path)
-{
-    if (path[0] == '/') {
-	return 0;
-    }
-    if (path[0] == '.' && path[1] == '.'
-	&& (path[2] == '\0' || path[2] == '/')) {
-	return 0;
-    }
-    while (*path) {
-	if (*path == '/' && path[1] == '.' && path[2] == '.'
-	    && (path[3] == '\0' || path[3] == '/')) {
-	    return 0;
-	}
-	++path;
-    }
-    return 1;
-}
-
-static int handle_include(FILE *in, request_rec *r, const char *error, int noexec)
-{
-    char tag[MAX_STRING_LEN];
-    char parsed_string[MAX_STRING_LEN];
-    char *tag_val;
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        if (!strcmp(tag, "file") || !strcmp(tag, "virtual")) {
-            request_rec *rr = NULL;
-            char *error_fmt = NULL;
-
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            if (tag[0] == 'f') {
-                /* be safe; only files in this directory or below allowed */
-		if (!is_only_below(parsed_string)) {
-                    error_fmt = "unable to include file \"%s\" "
-                        "in parsed file %s";
-                }
-                else {
-                    rr = ap_sub_req_lookup_file(parsed_string, r);
-                }
-            }
-            else {
-                rr = ap_sub_req_lookup_uri(parsed_string, r);
-            }
-
-            if (!error_fmt && rr->status != HTTP_OK) {
-                error_fmt = "unable to include \"%s\" in parsed file %s";
-            }
-
-            if (!error_fmt && noexec && rr->content_type
-                && (strncmp(rr->content_type, "text/", 5))) {
-                error_fmt = "unable to include potential exec \"%s\" "
-                    "in parsed file %s";
-            }
-            if (error_fmt == NULL) {
-		/* try to avoid recursive includes.  We do this by walking
-		 * up the r->main list of subrequests, and at each level
-		 * walking back through any internal redirects.  At each
-		 * step, we compare the filenames and the URIs.  
-		 *
-		 * The filename comparison catches a recursive include
-		 * with an ever-changing URL, eg.
-		 * 
-		 * which, although they would eventually be caught because
-		 * we have a limit on the length of files, etc., can 
-		 * recurse for a while.
-		 *
-		 * The URI comparison catches the case where the filename
-		 * is changed while processing the request, so the 
-		 * current name is never the same as any previous one.
-		 * This can happen with "DocumentRoot /foo" when you
-		 * request "/" on the server and it includes "/".
-		 * This only applies to modules such as mod_dir that 
-		 * (somewhat improperly) mess with r->filename outside 
-		 * of a filename translation phase.
-		 */
-		int founddupe = 0;
-                request_rec *p;
-                for (p = r; p != NULL && !founddupe; p = p->main) {
-		    request_rec *q;
-		    for (q = p; q != NULL; q = q->prev) {
-			if ( (q->filename && strcmp(q->filename, rr->filename) == 0) ||
-			     (strcmp(q->uri, rr->uri) == 0) ){
-			    founddupe = 1;
-			    break;
-			}
-		    }
-		}
-
-                if (p != NULL) {
-                    error_fmt = "Recursive include of \"%s\" "
-                        "in parsed file %s";
-                }
-            }
-
-	    /* see the Kludge in send_parsed_file for why */
-	    if (rr) 
-		ap_set_module_config(rr->request_config, &includes_module, r);
-
-            if (!error_fmt && ap_run_sub_req(rr)) {
-                error_fmt = "unable to include \"%s\" in parsed file %s";
-            }
-            ap_chdir_file(r->filename);
-            if (error_fmt) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
-			    r, error_fmt, tag_val, r->filename);
-                ap_rputs(error, r);
-            }
-
-	    if (rr != NULL) {
-		ap_destroy_sub_req(rr);
-            }
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag include in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-typedef struct {
-    request_rec *r;
-    char *s;
-} include_cmd_arg;
-
-static int include_cmd_child(void *arg, child_info *pinfo)
-{
-    request_rec *r = ((include_cmd_arg *) arg)->r;
-    char *s = ((include_cmd_arg *) arg)->s;
-    table *env = r->subprocess_env;
-    int child_pid = 0;
-#ifdef DEBUG_INCLUDE_CMD
-    FILE *dbg = fopen("/dev/tty", "w");
-#endif
-    char err_string[MAX_STRING_LEN];
-
-#ifdef DEBUG_INCLUDE_CMD
-    fprintf(dbg, "Attempting to include command '%s'\n", s);
-#endif
-
-    if (r->path_info && r->path_info[0] != '\0') {
-        request_rec *pa_req;
-
-        ap_table_setn(env, "PATH_INFO", ap_escape_shell_cmd(r->pool, r->path_info));
-
-        pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info), r);
-        if (pa_req->filename) {
-            ap_table_setn(env, "PATH_TRANSLATED",
-                      ap_pstrcat(r->pool, pa_req->filename, pa_req->path_info,
-                              NULL));
-        }
-    }
-
-    if (r->args) {
-        char *arg_copy = ap_pstrdup(r->pool, r->args);
-
-        ap_table_setn(env, "QUERY_STRING", r->args);
-        ap_unescape_url(arg_copy);
-        ap_table_setn(env, "QUERY_STRING_UNESCAPED",
-                  ap_escape_shell_cmd(r->pool, arg_copy));
-    }
-
-    ap_error_log2stderr(r->server);
-
-#ifdef DEBUG_INCLUDE_CMD
-    fprintf(dbg, "Attempting to exec '%s'\n", s);
-#endif
-    ap_cleanup_for_exec();
-    /* set shellcmd flag to pass arg to SHELL_PATH */
-    child_pid = ap_call_exec(r, pinfo, s, ap_create_environment(r->pool, env),
-			     1);
-    /* Oh, drat.  We're still here.  The log file descriptors are closed,
-     * so we have to whimper a complaint onto stderr...
-     */
-
-#ifdef DEBUG_INCLUDE_CMD
-    fprintf(dbg, "Exec failed\n");
-#endif
-    ap_snprintf(err_string, sizeof(err_string),
-                "exec of %s failed, reason: %s (errno = %d)\n",
-                SHELL_PATH, strerror(errno), errno);
-    write(STDERR_FILENO, err_string, strlen(err_string));
-    exit(0);
-    /* NOT REACHED */
-    return (child_pid);
-}
-
-static int include_cmd(char *s, request_rec *r)
-{
-    include_cmd_arg arg;
-    BUFF *script_in;
-
-    arg.r = r;
-    arg.s = s;
-
-    if (!ap_bspawn_child(r->pool, include_cmd_child, &arg,
-			 kill_after_timeout, NULL, &script_in, NULL)) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		     "couldn't spawn include command");
-        return -1;
-    }
-
-    ap_send_fb(script_in, r);
-    ap_bclose(script_in);
-    return 0;
-}
-
-static int handle_exec(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    char *file = r->filename;
-    char parsed_string[MAX_STRING_LEN];
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        if (!strcmp(tag, "cmd")) {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 1);
-            if (include_cmd(parsed_string, r) == -1) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "execution failure for parameter \"%s\" "
-                            "to tag exec in file %s",
-                            tag, r->filename);
-                ap_rputs(error, r);
-            }
-            /* just in case some stooge changed directories */
-            ap_chdir_file(r->filename);
-        }
-        else if (!strcmp(tag, "cgi")) {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            if (include_cgi(parsed_string, r) == -1) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "invalid CGI ref \"%s\" in %s", tag_val, file);
-                ap_rputs(error, r);
-            }
-            /* grumble groan */
-            ap_chdir_file(r->filename);
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag exec in %s",
-                        tag, file);
-            ap_rputs(error, r);
-        }
-    }
-
-}
-
-static int handle_echo(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    enum {E_NONE, E_URL, E_ENTITY} encode;
-
-    encode = E_ENTITY;
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        if (!strcmp(tag, "var")) {
-            const char *val = ap_table_get(r->subprocess_env, tag_val);
-
-            if (val) {
-		if (encode == E_NONE) {
-		    ap_rputs(val, r);
-		}
-		else if (encode == E_URL) {
-		    ap_rputs(ap_escape_uri(r->pool, val), r);
-		}
-		else if (encode == E_ENTITY) {
-		    ap_rputs(ap_escape_html(r->pool, val), r);
-		}
-            }
-            else {
-                ap_rputs("(none)", r);
-            }
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-	else if (!strcmp(tag, "encoding")) {
-	    if (!strcasecmp(tag_val, "none")) encode = E_NONE;
-	    else if (!strcasecmp(tag_val, "url")) encode = E_URL;
-	    else if (!strcasecmp(tag_val, "entity")) encode = E_ENTITY;
-	    else {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "unknown value \"%s\" to parameter \"encoding\" of "
-			    "tag echo in %s",
-			    tag_val, r->filename);
-		ap_rputs(error, r);
-	    }
-	}
-
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag echo in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-#ifdef USE_PERL_SSI
-static int handle_perl(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char parsed_string[MAX_STRING_LEN];
-    char *tag_val;
-    SV *sub = Nullsv;
-    AV *av = newAV();
-
-    if (ap_allow_options(r) & OPT_INCNOEXEC) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		      "#perl SSI disallowed by IncludesNoExec in %s",
-		      r->filename);
-        return DECLINED;
-    }
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            break;
-        }
-        if (strnEQ(tag, "sub", 3)) {
-            sub = newSVpv(tag_val, 0);
-        }
-        else if (strnEQ(tag, "arg", 3)) {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            av_push(av, newSVpv(parsed_string, 0));
-        }
-        else if (strnEQ(tag, "done", 4)) {
-            break;
-        }
-    }
-    perl_stdout2client(r);
-    perl_setup_env(r);
-    perl_call_handler(sub, r, av);
-    return OK;
-}
-#endif
-
-/* error and tf must point to a string with room for at 
- * least MAX_STRING_LEN characters 
- */
-static int handle_config(FILE *in, request_rec *r, char *error, char *tf,
-                         int *sizefmt)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    char parsed_string[MAX_STRING_LEN];
-    table *env = r->subprocess_env;
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 0))) {
-            return 1;
-        }
-        if (!strcmp(tag, "errmsg")) {
-            parse_string(r, tag_val, error, MAX_STRING_LEN, 0);
-        }
-        else if (!strcmp(tag, "timefmt")) {
-            time_t date = r->request_time;
-
-            parse_string(r, tag_val, tf, MAX_STRING_LEN, 0);
-            ap_table_setn(env, "DATE_LOCAL", ap_ht_time(r->pool, date, tf, 0));
-            ap_table_setn(env, "DATE_GMT", ap_ht_time(r->pool, date, tf, 1));
-            ap_table_setn(env, "LAST_MODIFIED",
-                      ap_ht_time(r->pool, r->finfo.st_mtime, tf, 0));
-        }
-        else if (!strcmp(tag, "sizefmt")) {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            decodehtml(parsed_string);
-            if (!strcmp(parsed_string, "bytes")) {
-                *sizefmt = SIZEFMT_BYTES;
-            }
-            else if (!strcmp(parsed_string, "abbrev")) {
-                *sizefmt = SIZEFMT_KMG;
-            }
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag config in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-
-static int find_file(request_rec *r, const char *directive, const char *tag,
-                     char *tag_val, struct stat *finfo, const char *error)
-{
-    char *to_send = tag_val;
-    request_rec *rr = NULL;
-    int ret=0;
-    char *error_fmt = NULL;
-
-    if (!strcmp(tag, "file")) {
-        /* be safe; only files in this directory or below allowed */
-        if (!is_only_below(tag_val)) {
-            error_fmt = "unable to access file \"%s\" "
-                        "in parsed file %s";
-        }
-        else {
-            ap_getparents(tag_val);    /* get rid of any nasties */
-            rr = ap_sub_req_lookup_file(tag_val, r);
-
-            if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) {
-                to_send = rr->filename;
-                if (stat(to_send, finfo)) {
-                    error_fmt = "unable to get information about \"%s\" "
-                                "in parsed file %s";
-                }
-            }
-            else {
-                error_fmt = "unable to lookup information about \"%s\" "
-                            "in parsed file %s";
-            }
-        }
-
-        if (error_fmt) {
-            ret = -1;
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, r, error_fmt, to_send, r->filename);
-            ap_rputs(error, r);
-        }
-
-        if (rr) ap_destroy_sub_req(rr);
-        
-        return ret;
-    }
-    else if (!strcmp(tag, "virtual")) {
-        rr = ap_sub_req_lookup_uri(tag_val, r);
-
-        if (rr->status == HTTP_OK && rr->finfo.st_mode != 0) {
-            memcpy((char *) finfo, (const char *) &rr->finfo,
-                   sizeof(struct stat));
-            ap_destroy_sub_req(rr);
-            return 0;
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unable to get information about \"%s\" "
-                        "in parsed file %s",
-                        tag_val, r->filename);
-            ap_rputs(error, r);
-            ap_destroy_sub_req(rr);
-            return -1;
-        }
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "unknown parameter \"%s\" to tag %s in %s",
-                    tag, directive, r->filename);
-        ap_rputs(error, r);
-        return -1;
-    }
-}
-
-
-static int handle_fsize(FILE *in, request_rec *r, const char *error, int sizefmt)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    struct stat finfo;
-    char parsed_string[MAX_STRING_LEN];
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            if (!find_file(r, "fsize", tag, parsed_string, &finfo, error)) {
-                if (sizefmt == SIZEFMT_KMG) {
-                    ap_send_size(finfo.st_size, r);
-                }
-                else {
-                    int l, x;
-#if defined(AP_OFF_T_IS_QUAD)
-                    ap_snprintf(tag, sizeof(tag), "%qd", finfo.st_size);
-#else
-                    ap_snprintf(tag, sizeof(tag), "%ld", finfo.st_size);
-#endif
-                    l = strlen(tag);    /* grrr */
-                    for (x = 0; x < l; x++) {
-                        if (x && (!((l - x) % 3))) {
-                            ap_rputc(',', r);
-                        }
-                        ap_rputc(tag[x], r);
-                    }
-                }
-            }
-        }
-    }
-}
-
-static int handle_flastmod(FILE *in, request_rec *r, const char *error, const char *tf)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    struct stat finfo;
-    char parsed_string[MAX_STRING_LEN];
-
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else {
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            if (!find_file(r, "flastmod", tag, parsed_string, &finfo, error)) {
-                ap_rputs(ap_ht_time(r->pool, finfo.st_mtime, tf, 0), r);
-            }
-        }
-    }
-}
-
-static int re_check(request_rec *r, char *string, char *rexp)
-{
-    regex_t *compiled;
-    int regex_error;
-
-    compiled = ap_pregcomp(r->pool, rexp, REG_EXTENDED | REG_NOSUB);
-    if (compiled == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "unable to compile pattern \"%s\"", rexp);
-        return -1;
-    }
-    regex_error = ap_regexec(compiled, string, 0, (regmatch_t *) NULL, 0);
-    ap_pregfree(r->pool, compiled);
-    return (!regex_error);
-}
-
-enum token_type {
-    token_string,
-    token_and, token_or, token_not, token_eq, token_ne,
-    token_rbrace, token_lbrace, token_group,
-    token_ge, token_le, token_gt, token_lt
-};
-struct token {
-    enum token_type type;
-    char value[MAX_STRING_LEN];
-};
-
-/* there is an implicit assumption here that string is at most MAX_STRING_LEN-1
- * characters long...
- */
-static const char *get_ptoken(request_rec *r, const char *string, struct token *token)
-{
-    char ch;
-    int next = 0;
-    int qs = 0;
-
-    /* Skip leading white space */
-    if (string == (char *) NULL) {
-        return (char *) NULL;
-    }
-    while ((ch = *string++)) {
-        if (!ap_isspace(ch)) {
-            break;
-        }
-    }
-    if (ch == '\0') {
-        return (char *) NULL;
-    }
-
-    token->type = token_string; /* the default type */
-    switch (ch) {
-    case '(':
-        token->type = token_lbrace;
-        return (string);
-    case ')':
-        token->type = token_rbrace;
-        return (string);
-    case '=':
-        token->type = token_eq;
-        return (string);
-    case '!':
-        if (*string == '=') {
-            token->type = token_ne;
-            return (string + 1);
-        }
-        else {
-            token->type = token_not;
-            return (string);
-        }
-    case '\'':
-        token->type = token_string;
-        qs = 1;
-        break;
-    case '|':
-        if (*string == '|') {
-            token->type = token_or;
-            return (string + 1);
-        }
-        break;
-    case '&':
-        if (*string == '&') {
-            token->type = token_and;
-            return (string + 1);
-        }
-        break;
-    case '>':
-        if (*string == '=') {
-            token->type = token_ge;
-            return (string + 1);
-        }
-        else {
-            token->type = token_gt;
-            return (string);
-        }
-    case '<':
-        if (*string == '=') {
-            token->type = token_le;
-            return (string + 1);
-        }
-        else {
-            token->type = token_lt;
-            return (string);
-        }
-    default:
-        token->type = token_string;
-        break;
-    }
-    /* We should only be here if we are in a string */
-    if (!qs) {
-        token->value[next++] = ch;
-    }
-
-    /* 
-     * Yes I know that goto's are BAD.  But, c doesn't allow me to
-     * exit a loop from a switch statement.  Yes, I could use a flag,
-     * but that is (IMHO) even less readable/maintainable than the goto.
-     */
-    /* 
-     * I used the ++string throughout this section so that string
-     * ends up pointing to the next token and I can just return it
-     */
-    for (ch = *string; ch != '\0'; ch = *++string) {
-        if (ch == '\\') {
-            if ((ch = *++string) == '\0') {
-                goto TOKEN_DONE;
-            }
-            token->value[next++] = ch;
-            continue;
-        }
-        if (!qs) {
-            if (ap_isspace(ch)) {
-                goto TOKEN_DONE;
-            }
-            switch (ch) {
-            case '(':
-                goto TOKEN_DONE;
-            case ')':
-                goto TOKEN_DONE;
-            case '=':
-                goto TOKEN_DONE;
-            case '!':
-                goto TOKEN_DONE;
-            case '|':
-                if (*(string + 1) == '|') {
-                    goto TOKEN_DONE;
-                }
-                break;
-            case '&':
-                if (*(string + 1) == '&') {
-                    goto TOKEN_DONE;
-                }
-                break;
-            case '<':
-                goto TOKEN_DONE;
-            case '>':
-                goto TOKEN_DONE;
-            }
-            token->value[next++] = ch;
-        }
-        else {
-            if (ch == '\'') {
-                qs = 0;
-                ++string;
-                goto TOKEN_DONE;
-            }
-            token->value[next++] = ch;
-        }
-    }
-  TOKEN_DONE:
-    /* If qs is still set, I have an unmatched ' */
-    if (qs) {
-        ap_rputs("\nUnmatched '\n", r);
-        next = 0;
-    }
-    token->value[next] = '\0';
-    return (string);
-}
-
-
-/*
- * Hey I still know that goto's are BAD.  I don't think that I've ever
- * used two in the same project, let alone the same file before.  But,
- * I absolutely want to make sure that I clean up the memory in all
- * cases.  And, without rewriting this completely, the easiest way
- * is to just branch to the return code which cleans it up.
- */
-/* there is an implicit assumption here that expr is at most MAX_STRING_LEN-1
- * characters long...
- */
-static int parse_expr(request_rec *r, const char *expr, const char *error)
-{
-    struct parse_node {
-        struct parse_node *left, *right, *parent;
-        struct token token;
-        int value, done;
-    }         *root, *current, *new;
-    const char *parse;
-    char buffer[MAX_STRING_LEN];
-    pool *expr_pool;
-    int retval = 0;
-
-    if ((parse = expr) == (char *) NULL) {
-        return (0);
-    }
-    root = current = (struct parse_node *) NULL;
-    expr_pool = ap_make_sub_pool(r->pool);
-
-    /* Create Parse Tree */
-    while (1) {
-        new = (struct parse_node *) ap_palloc(expr_pool,
-                                           sizeof(struct parse_node));
-        new->parent = new->left = new->right = (struct parse_node *) NULL;
-        new->done = 0;
-        if ((parse = get_ptoken(r, parse, &new->token)) == (char *) NULL) {
-            break;
-        }
-        switch (new->token.type) {
-
-        case token_string:
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Token: string (", new->token.value, ")\n", NULL);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                root = current = new;
-                break;
-            }
-            switch (current->token.type) {
-            case token_string:
-                if (current->token.value[0] != '\0') {
-                    strncat(current->token.value, " ",
-                         sizeof(current->token.value)
-			    - strlen(current->token.value) - 1);
-                }
-                strncat(current->token.value, new->token.value,
-                         sizeof(current->token.value)
-			    - strlen(current->token.value) - 1);
-		current->token.value[sizeof(current->token.value) - 1] = '\0';
-                break;
-            case token_eq:
-            case token_ne:
-            case token_and:
-            case token_or:
-            case token_lbrace:
-            case token_not:
-            case token_ge:
-            case token_gt:
-            case token_le:
-            case token_lt:
-                new->parent = current;
-                current = current->right = new;
-                break;
-            default:
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            break;
-
-        case token_and:
-        case token_or:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: and/or\n", r);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            /* Percolate upwards */
-            while (current != (struct parse_node *) NULL) {
-                switch (current->token.type) {
-                case token_string:
-                case token_group:
-                case token_not:
-                case token_eq:
-                case token_ne:
-                case token_and:
-                case token_or:
-                case token_ge:
-                case token_gt:
-                case token_le:
-                case token_lt:
-                    current = current->parent;
-                    continue;
-                case token_lbrace:
-                    break;
-                default:
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid expression \"%s\" in file %s",
-                                expr, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-                break;
-            }
-            if (current == (struct parse_node *) NULL) {
-                new->left = root;
-                new->left->parent = new;
-                new->parent = (struct parse_node *) NULL;
-                root = new;
-            }
-            else {
-                new->left = current->right;
-                new->left->parent = new;
-                current->right = new;
-                new->parent = current;
-            }
-            current = new;
-            break;
-
-        case token_not:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: not\n", r);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                root = current = new;
-                break;
-            }
-            /* Percolate upwards */
-            while (current != (struct parse_node *) NULL) {
-                switch (current->token.type) {
-                case token_not:
-                case token_eq:
-                case token_ne:
-                case token_and:
-                case token_or:
-                case token_lbrace:
-                case token_ge:
-                case token_gt:
-                case token_le:
-                case token_lt:
-                    break;
-                default:
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid expression \"%s\" in file %s",
-                                expr, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-                break;
-            /* NOTREACHED */
-            }
-            if (current == (struct parse_node *) NULL) {
-                new->left = root;
-                new->left->parent = new;
-                new->parent = (struct parse_node *) NULL;
-                root = new;
-            }
-            else {
-                new->left = current->right;
-                current->right = new;
-                new->parent = current;
-            }
-            current = new;
-            break;
-
-        case token_eq:
-        case token_ne:
-        case token_ge:
-        case token_gt:
-        case token_le:
-        case token_lt:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: eq/ne/ge/gt/le/lt\n", r);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            /* Percolate upwards */
-            while (current != (struct parse_node *) NULL) {
-                switch (current->token.type) {
-                case token_string:
-                case token_group:
-                    current = current->parent;
-                    continue;
-                case token_lbrace:
-                case token_and:
-                case token_or:
-                    break;
-                case token_not:
-                case token_eq:
-                case token_ne:
-                case token_ge:
-                case token_gt:
-                case token_le:
-                case token_lt:
-                default:
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid expression \"%s\" in file %s",
-                                expr, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-                break;
-            }
-            if (current == (struct parse_node *) NULL) {
-                new->left = root;
-                new->left->parent = new;
-                new->parent = (struct parse_node *) NULL;
-                root = new;
-            }
-            else {
-                new->left = current->right;
-                new->left->parent = new;
-                current->right = new;
-                new->parent = current;
-            }
-            current = new;
-            break;
-
-        case token_rbrace:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: rbrace\n", r);
-#endif
-            while (current != (struct parse_node *) NULL) {
-                if (current->token.type == token_lbrace) {
-                    current->token.type = token_group;
-                    break;
-                }
-                current = current->parent;
-            }
-            if (current == (struct parse_node *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Unmatched ')' in \"%s\" in file %s",
-			    expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            break;
-
-        case token_lbrace:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Token: lbrace\n", r);
-#endif
-            if (current == (struct parse_node *) NULL) {
-                root = current = new;
-                break;
-            }
-            /* Percolate upwards */
-            while (current != (struct parse_node *) NULL) {
-                switch (current->token.type) {
-                case token_not:
-                case token_eq:
-                case token_ne:
-                case token_and:
-                case token_or:
-                case token_lbrace:
-                case token_ge:
-                case token_gt:
-                case token_le:
-                case token_lt:
-                    break;
-                case token_string:
-                case token_group:
-                default:
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid expression \"%s\" in file %s",
-                                expr, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-                break;
-            /* NOTREACHED */
-            }
-            if (current == (struct parse_node *) NULL) {
-                new->left = root;
-                new->left->parent = new;
-                new->parent = (struct parse_node *) NULL;
-                root = new;
-            }
-            else {
-                new->left = current->right;
-                current->right = new;
-                new->parent = current;
-            }
-            current = new;
-            break;
-        default:
-            break;
-        }
-    }
-
-    /* Evaluate Parse Tree */
-    current = root;
-    while (current != (struct parse_node *) NULL) {
-        switch (current->token.type) {
-        case token_string:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Evaluate string\n", r);
-#endif
-            parse_string(r, current->token.value, buffer, sizeof(buffer), 0);
-	    ap_cpystrn(current->token.value, buffer, sizeof(current->token.value));
-            current->value = (current->token.value[0] != '\0');
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_and:
-        case token_or:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Evaluate and/or\n", r);
-#endif
-            if (current->left == (struct parse_node *) NULL ||
-                current->right == (struct parse_node *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            if (!current->left->done) {
-                switch (current->left->token.type) {
-                case token_string:
-                    parse_string(r, current->left->token.value,
-                                 buffer, sizeof(buffer), 0);
-                    ap_cpystrn(current->left->token.value, buffer,
-                            sizeof(current->left->token.value));
-		    current->left->value = (current->left->token.value[0] != '\0');
-                    current->left->done = 1;
-                    break;
-                default:
-                    current = current->left;
-                    continue;
-                }
-            }
-            if (!current->right->done) {
-                switch (current->right->token.type) {
-                case token_string:
-                    parse_string(r, current->right->token.value,
-                                 buffer, sizeof(buffer), 0);
-                    ap_cpystrn(current->right->token.value, buffer,
-                            sizeof(current->right->token.value));
-		    current->right->value = (current->right->token.value[0] != '\0');
-                    current->right->done = 1;
-                    break;
-                default:
-                    current = current->right;
-                    continue;
-                }
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Left: ", current->left->value ? "1" : "0",
-                   "\n", NULL);
-            ap_rvputs(r, "     Right: ", current->right->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            if (current->token.type == token_and) {
-                current->value = current->left->value && current->right->value;
-            }
-            else {
-                current->value = current->left->value || current->right->value;
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Returning ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_eq:
-        case token_ne:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Evaluate eq/ne\n", r);
-#endif
-            if ((current->left == (struct parse_node *) NULL) ||
-                (current->right == (struct parse_node *) NULL) ||
-                (current->left->token.type != token_string) ||
-                (current->right->token.type != token_string)) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            parse_string(r, current->left->token.value,
-                         buffer, sizeof(buffer), 0);
-            ap_cpystrn(current->left->token.value, buffer,
-			sizeof(current->left->token.value));
-            parse_string(r, current->right->token.value,
-                         buffer, sizeof(buffer), 0);
-            ap_cpystrn(current->right->token.value, buffer,
-			sizeof(current->right->token.value));
-            if (current->right->token.value[0] == '/') {
-                int len;
-                len = strlen(current->right->token.value);
-                if (current->right->token.value[len - 1] == '/') {
-                    current->right->token.value[len - 1] = '\0';
-                }
-                else {
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                                "Invalid rexp \"%s\" in file %s",
-                                current->right->token.value, r->filename);
-                    ap_rputs(error, r);
-                    goto RETURN;
-                }
-#ifdef DEBUG_INCLUDE
-                ap_rvputs(r, "     Re Compare (", current->left->token.value,
-                  ") with /", ¤t->right->token.value[1], "/\n", NULL);
-#endif
-                current->value =
-                    re_check(r, current->left->token.value,
-                             ¤t->right->token.value[1]);
-            }
-            else {
-#ifdef DEBUG_INCLUDE
-                ap_rvputs(r, "     Compare (", current->left->token.value,
-                       ") with (", current->right->token.value, ")\n", NULL);
-#endif
-                current->value =
-                    (strcmp(current->left->token.value,
-                            current->right->token.value) == 0);
-            }
-            if (current->token.type == token_ne) {
-                current->value = !current->value;
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Returning ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-        case token_ge:
-        case token_gt:
-        case token_le:
-        case token_lt:
-#ifdef DEBUG_INCLUDE
-            ap_rputs("     Evaluate ge/gt/le/lt\n", r);
-#endif
-            if ((current->left == (struct parse_node *) NULL) ||
-                (current->right == (struct parse_node *) NULL) ||
-                (current->left->token.type != token_string) ||
-                (current->right->token.type != token_string)) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "Invalid expression \"%s\" in file %s",
-                            expr, r->filename);
-                ap_rputs(error, r);
-                goto RETURN;
-            }
-            parse_string(r, current->left->token.value,
-                         buffer, sizeof(buffer), 0);
-            ap_cpystrn(current->left->token.value, buffer,
-			sizeof(current->left->token.value));
-            parse_string(r, current->right->token.value,
-                         buffer, sizeof(buffer), 0);
-            ap_cpystrn(current->right->token.value, buffer,
-			sizeof(current->right->token.value));
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Compare (", current->left->token.value,
-                   ") with (", current->right->token.value, ")\n", NULL);
-#endif
-            current->value =
-                strcmp(current->left->token.value,
-                       current->right->token.value);
-            if (current->token.type == token_ge) {
-                current->value = current->value >= 0;
-            }
-            else if (current->token.type == token_gt) {
-                current->value = current->value > 0;
-            }
-            else if (current->token.type == token_le) {
-                current->value = current->value <= 0;
-            }
-            else if (current->token.type == token_lt) {
-                current->value = current->value < 0;
-            }
-            else {
-                current->value = 0;     /* Don't return -1 if unknown token */
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Returning ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_not:
-            if (current->right != (struct parse_node *) NULL) {
-                if (!current->right->done) {
-                    current = current->right;
-                    continue;
-                }
-                current->value = !current->right->value;
-            }
-            else {
-                current->value = 0;
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Evaluate !: ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_group:
-            if (current->right != (struct parse_node *) NULL) {
-                if (!current->right->done) {
-                    current = current->right;
-                    continue;
-                }
-                current->value = current->right->value;
-            }
-            else {
-                current->value = 1;
-            }
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "     Evaluate (): ", current->value ? "1" : "0",
-                   "\n", NULL);
-#endif
-            current->done = 1;
-            current = current->parent;
-            break;
-
-        case token_lbrace:
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Unmatched '(' in \"%s\" in file %s",
-                        expr, r->filename);
-            ap_rputs(error, r);
-            goto RETURN;
-
-        case token_rbrace:
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Unmatched ')' in \"%s\" in file %s",
-                        expr, r->filename);
-            ap_rputs(error, r);
-            goto RETURN;
-
-        default:
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			"bad token type");
-            ap_rputs(error, r);
-            goto RETURN;
-        }
-    }
-
-    retval = (root == (struct parse_node *) NULL) ? 0 : root->value;
-  RETURN:
-    ap_destroy_pool(expr_pool);
-    return (retval);
-}
-
-static int handle_if(FILE *in, request_rec *r, const char *error,
-                     int *conditional_status, int *printing)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    char *expr;
-
-    expr = NULL;
-    while (1) {
-        tag_val = get_tag(r, in, tag, sizeof(tag), 0);
-        if (!tag_val || *tag == '\0') {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-	    if (expr == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "missing expr in if statement: %s",
-			    r->filename);
-		ap_rputs(error, r);
-		return 1;
-	    }
-            *printing = *conditional_status = parse_expr(r, expr, error);
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** if conditional_status=\"",
-                   *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-            return 0;
-        }
-        else if (!strcmp(tag, "expr")) {
-            expr = tag_val;
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** if expr=\"", expr, "\"\n", NULL);
-#endif
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag if in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-static int handle_elif(FILE *in, request_rec *r, const char *error,
-                       int *conditional_status, int *printing)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    char *expr;
-
-    expr = NULL;
-    while (1) {
-        tag_val = get_tag(r, in, tag, sizeof(tag), 0);
-        if (!tag_val || *tag == '\0') {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** elif conditional_status=\"",
-                   *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-            if (*conditional_status) {
-                *printing = 0;
-                return (0);
-            }
-	    if (expr == NULL) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "missing expr in elif statement: %s",
-			    r->filename);
-		ap_rputs(error, r);
-		return 1;
-	    }
-            *printing = *conditional_status = parse_expr(r, expr, error);
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** elif conditional_status=\"",
-                   *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-            return 0;
-        }
-        else if (!strcmp(tag, "expr")) {
-            expr = tag_val;
-#ifdef DEBUG_INCLUDE
-            ap_rvputs(r, "**** if expr=\"", expr, "\"\n", NULL);
-#endif
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "unknown parameter \"%s\" to tag if in %s",
-                        tag, r->filename);
-            ap_rputs(error, r);
-        }
-    }
-}
-
-static int handle_else(FILE *in, request_rec *r, const char *error,
-                       int *conditional_status, int *printing)
-{
-    char tag[MAX_STRING_LEN];
-
-    if (!get_tag(r, in, tag, sizeof(tag), 1)) {
-        return 1;
-    }
-    else if (!strcmp(tag, "done")) {
-#ifdef DEBUG_INCLUDE
-        ap_rvputs(r, "**** else conditional_status=\"",
-               *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-        *printing = !(*conditional_status);
-        *conditional_status = 1;
-        return 0;
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "else directive does not take tags in %s",
-		    r->filename);
-        if (*printing) {
-            ap_rputs(error, r);
-        }
-        return -1;
-    }
-}
-
-static int handle_endif(FILE *in, request_rec *r, const char *error,
-                        int *conditional_status, int *printing)
-{
-    char tag[MAX_STRING_LEN];
-
-    if (!get_tag(r, in, tag, sizeof(tag), 1)) {
-        return 1;
-    }
-    else if (!strcmp(tag, "done")) {
-#ifdef DEBUG_INCLUDE
-        ap_rvputs(r, "**** endif conditional_status=\"",
-               *conditional_status ? "1" : "0", "\"\n", NULL);
-#endif
-        *printing = 1;
-        *conditional_status = 1;
-        return 0;
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "endif directive does not take tags in %s",
-		    r->filename);
-        ap_rputs(error, r);
-        return -1;
-    }
-}
-
-static int handle_set(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char parsed_string[MAX_STRING_LEN];
-    char *tag_val;
-    char *var;
-
-    var = (char *) NULL;
-    while (1) {
-        if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-            return 1;
-        }
-        else if (!strcmp(tag, "done")) {
-            return 0;
-        }
-        else if (!strcmp(tag, "var")) {
-            var = tag_val;
-        }
-        else if (!strcmp(tag, "value")) {
-            if (var == (char *) NULL) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                            "variable must precede value in set directive in %s",
-			    r->filename);
-                ap_rputs(error, r);
-                return -1;
-            }
-            parse_string(r, tag_val, parsed_string, sizeof(parsed_string), 0);
-            ap_table_setn(r->subprocess_env, var, ap_pstrdup(r->pool, parsed_string));
-        }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                        "Invalid tag for set directive in %s", r->filename);
-            ap_rputs(error, r);
-            return -1;
-        }
-    }
-}
-
-static int handle_printenv(FILE *in, request_rec *r, const char *error)
-{
-    char tag[MAX_STRING_LEN];
-    char *tag_val;
-    array_header *arr = ap_table_elts(r->subprocess_env);
-    table_entry *elts = (table_entry *) arr->elts;
-    int i;
-
-    if (!(tag_val = get_tag(r, in, tag, sizeof(tag), 1))) {
-        return 1;
-    }
-    else if (!strcmp(tag, "done")) {
-        for (i = 0; i < arr->nelts; ++i) {
-            ap_rvputs(r, ap_escape_html(r->pool, elts[i].key), "=", 
-		ap_escape_html(r->pool, elts[i].val), "\n", NULL);
-        }
-        return 0;
-    }
-    else {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                    "printenv directive does not take tags in %s",
-		    r->filename);
-        ap_rputs(error, r);
-        return -1;
-    }
-}
-
-
-
-/* -------------------------- The main function --------------------------- */
-
-/* This is a stub which parses a file descriptor. */
-
-static void send_parsed_content(FILE *f, request_rec *r)
-{
-    char directive[MAX_STRING_LEN], error[MAX_STRING_LEN];
-    char timefmt[MAX_STRING_LEN];
-    int noexec = ap_allow_options(r) & OPT_INCNOEXEC;
-    int ret, sizefmt;
-    int if_nesting;
-    int printing;
-    int conditional_status;
-
-    ap_cpystrn(error, DEFAULT_ERROR_MSG, sizeof(error));
-    ap_cpystrn(timefmt, DEFAULT_TIME_FORMAT, sizeof(timefmt));
-    sizefmt = SIZEFMT_KMG;
-
-/*  Turn printing on */
-    printing = conditional_status = 1;
-    if_nesting = 0;
-
-    ap_chdir_file(r->filename);
-    if (r->args) {              /* add QUERY stuff to env cause it ain't yet */
-        char *arg_copy = ap_pstrdup(r->pool, r->args);
-
-        ap_table_setn(r->subprocess_env, "QUERY_STRING", r->args);
-        ap_unescape_url(arg_copy);
-        ap_table_setn(r->subprocess_env, "QUERY_STRING_UNESCAPED",
-                  ap_escape_shell_cmd(r->pool, arg_copy));
-    }
-
-    while (1) {
-        if (!find_string(f, STARTING_SEQUENCE, r, printing)) {
-            if (get_directive(f, directive, sizeof(directive), r->pool)) {
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			    "mod_include: error reading directive in %s",
-			    r->filename);
-		ap_rputs(error, r);
-                return;
-            }
-            if (!strcmp(directive, "if")) {
-                ret = 0;
-                if (!printing) {
-                    if_nesting++;
-                }
-                else {
-                    ret = handle_if(f, r, error, &conditional_status,
-                                    &printing);
-                    if_nesting = 0;
-                }
-            }
-            else if (!strcmp(directive, "else")) {
-                ret = 0;
-                if (!if_nesting) {
-                    ret = handle_else(f, r, error, &conditional_status,
-                                      &printing);
-                }
-            }
-            else if (!strcmp(directive, "elif")) {
-                ret = 0;
-                if (!if_nesting) {
-                    ret = handle_elif(f, r, error, &conditional_status,
-                                      &printing);
-                }
-            }
-            else if (!strcmp(directive, "endif")) {
-                ret = 0;
-                if (!if_nesting) {
-                    ret = handle_endif(f, r, error, &conditional_status,
-                                       &printing);
-                }
-                else {
-                    if_nesting--;
-                }
-            }
-            else if (!printing) {
-                continue;
-            }
-            else if (!strcmp(directive, "exec")) {
-                if (noexec) {
-                    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-				  "exec used but not allowed in %s",
-				  r->filename);
-                    if (printing) {
-                        ap_rputs(error, r);
-                    }
-                    ret = find_string(f, ENDING_SEQUENCE, r, 0);
-                }
-                else {
-                    ret = handle_exec(f, r, error);
-                }
-            }
-            else if (!strcmp(directive, "config")) {
-                ret = handle_config(f, r, error, timefmt, &sizefmt);
-            }
-            else if (!strcmp(directive, "set")) {
-                ret = handle_set(f, r, error);
-            }
-            else if (!strcmp(directive, "include")) {
-                ret = handle_include(f, r, error, noexec);
-            }
-            else if (!strcmp(directive, "echo")) {
-                ret = handle_echo(f, r, error);
-            }
-            else if (!strcmp(directive, "fsize")) {
-                ret = handle_fsize(f, r, error, sizefmt);
-            }
-            else if (!strcmp(directive, "flastmod")) {
-                ret = handle_flastmod(f, r, error, timefmt);
-            }
-            else if (!strcmp(directive, "printenv")) {
-                ret = handle_printenv(f, r, error);
-            }
-#ifdef USE_PERL_SSI
-            else if (!strcmp(directive, "perl")) {
-                ret = handle_perl(f, r, error);
-            }
-#endif
-            else {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			      "unknown directive \"%s\" "
-			      "in parsed doc %s",
-			      directive, r->filename);
-                if (printing) {
-                    ap_rputs(error, r);
-                }
-                ret = find_string(f, ENDING_SEQUENCE, r, 0);
-            }
-            if (ret) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-			      "premature EOF in parsed file %s",
-			      r->filename);
-                return;
-            }
-        }
-        else {
-            return;
-        }
-    }
-}
-
-/*****************************************************************
- *
- * XBITHACK.  Sigh...  NB it's configurable per-directory; the compile-time
- * option only changes the default.
- */
-
-module includes_module;
-enum xbithack {
-    xbithack_off, xbithack_on, xbithack_full
-};
-
-#ifdef XBITHACK
-#define DEFAULT_XBITHACK xbithack_full
-#else
-#define DEFAULT_XBITHACK xbithack_off
-#endif
-
-static void *create_includes_dir_config(pool *p, char *dummy)
-{
-    enum xbithack *result = (enum xbithack *) ap_palloc(p, sizeof(enum xbithack));
-    *result = DEFAULT_XBITHACK;
-    return result;
-}
-
-static const char *set_xbithack(cmd_parms *cmd, void *xbp, char *arg)
-{
-    enum xbithack *state = (enum xbithack *) xbp;
-
-    if (!strcasecmp(arg, "off")) {
-        *state = xbithack_off;
-    }
-    else if (!strcasecmp(arg, "on")) {
-        *state = xbithack_on;
-    }
-    else if (!strcasecmp(arg, "full")) {
-        *state = xbithack_full;
-    }
-    else {
-        return "XBitHack must be set to Off, On, or Full";
-    }
-
-    return NULL;
-}
-
-static int send_parsed_file(request_rec *r)
-{
-    FILE *f;
-    enum xbithack *state =
-    (enum xbithack *) ap_get_module_config(r->per_dir_config, &includes_module);
-    int errstatus;
-    request_rec *parent;
-
-    if (!(ap_allow_options(r) & OPT_INCLUDES)) {
-        return DECLINED;
-    }
-    r->allowed |= (1 << M_GET);
-    if (r->method_number != M_GET) {
-        return DECLINED;
-    }
-    if (r->finfo.st_mode == 0) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "File does not exist: %s",
-                    (r->path_info
-                     ? ap_pstrcat(r->pool, r->filename, r->path_info, NULL)
-                     : r->filename));
-        return HTTP_NOT_FOUND;
-    }
-
-    if (!(f = ap_pfopen(r->pool, r->filename, "r"))) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                    "file permissions deny server access: %s", r->filename);
-        return HTTP_FORBIDDEN;
-    }
-
-    if ((*state == xbithack_full)
-        && (r->finfo.st_mode & S_IXGRP)
-        ) {
-        ap_update_mtime(r, r->finfo.st_mtime);
-        ap_set_last_modified(r);
-    }
-    if ((errstatus = ap_meets_conditions(r)) != OK) {
-        return errstatus;
-    }
-
-    ap_send_http_header(r);
-
-    if (r->header_only) {
-        ap_pfclose(r->pool, f);
-        return OK;
-    }
-
-#define SUB_REQ_STRING	"Sub request to mod_include"
-#define PARENT_STRING	"Parent request to mod_include"
-
-    if (ap_table_get(r->notes, SUB_REQ_STRING)) {
-	/*
-	 * The note is a flag to mod_include that this request
-	 * should be treated as if it was a subrequest originating
-	 * in the handle_include() procedure of mod_include.
-	 */
-
-	/*
-	 * There is no good way to pass the parent request_rec to mod_include.
-	 * Tables only take string values and there is nowhere appropriate in
-	 * in the request_rec that can safely be used. So, search for the
-	 * parent note by walking up the r->main list of subrequests, and at
-	 * each level walking back through any internal redirects. This is
-	 * the same request walking that mod_include uses in the procedure
-	 * handle_include().
-	 */
-	request_rec *p = r->main;
-	request_rec *q = p;
-
-	while (q) {
-	    if (ap_table_get(q->notes, PARENT_STRING)) {
-		/* Kludge --- See below */
-		ap_set_module_config(r->request_config, &includes_module, q);
-
-		/* Create the initial environment in the parent */
-		ap_add_common_vars(q);
-		ap_add_cgi_vars(q);
-		add_include_vars(q, DEFAULT_TIME_FORMAT);
-
-		/* Cleanup - This should allow this technique to nest */
-		ap_table_unset(r->notes, SUB_REQ_STRING);
-		ap_table_unset(q->notes, PARENT_STRING);
-		break;
-	    }
-	    if (q->prev != NULL) {
-		q = q->prev;
-	    }
-	    else {
-		p = p->main;
-		q = p;
-	    }
-	}
-    }
-
-    if ((parent = ap_get_module_config(r->request_config, &includes_module))) {
-	/* Kludge --- for nested includes, we want to keep the subprocess
-	 * environment of the base document (for compatibility); that means
-	 * torquing our own last_modified date as well so that the
-	 * LAST_MODIFIED variable gets reset to the proper value if the
-	 * nested document resets .
-	 * We also insist that the memory for this subrequest not be
-	 * destroyed, that's dealt with in handle_include().
-	 */
-	r->subprocess_env = parent->subprocess_env;
-	ap_pool_join(parent->pool, r->pool);
-	r->finfo.st_mtime = parent->finfo.st_mtime;
-    }
-    else {
-	/* we're not a nested include, so we create an initial
-	 * environment */
-        ap_add_common_vars(r);
-        ap_add_cgi_vars(r);
-        add_include_vars(r, DEFAULT_TIME_FORMAT);
-    }
-    /* XXX: this is bogus, at some point we're going to do a subrequest,
-     * and when we do it we're going to be subjecting code that doesn't
-     * expect to be signal-ready to SIGALRM.  There is no clean way to
-     * fix this, except to put alarm support into BUFF. -djg
-     */
-    ap_hard_timeout("send SSI", r);
-
-
-    send_parsed_content(f, r);
-
-    if (parent) {
-	/*
-	 * All the work is finished for this subrequest. The following
-	 * makes it safe for the creator of the subrequest to destroy it
-	 * via ap_destroy_sub_req() once the call to ap_run_sub_req()
-	 * returns. This is required since the original pool of the
-	 * subrequest has been merged into the pool of the parent request
-	 * of the subrequest (see Kludge above). The alternative is to
-	 * NOT destroy the subrequest.
-	 */
-	r->pool = ap_make_sub_pool(r->pool);
-    }
-
-    ap_kill_timeout(r);
-    return OK;
-}
-
-static int send_shtml_file(request_rec *r)
-{
-    r->content_type = "text/html";
-    return send_parsed_file(r);
-}
-
-static int xbithack_handler(request_rec *r)
-{
-    enum xbithack *state;
-
-    if (!(r->finfo.st_mode & S_IXUSR)) {
-        return DECLINED;
-    }
-
-    state = (enum xbithack *) ap_get_module_config(r->per_dir_config,
-                                                &includes_module);
-
-    if (*state == xbithack_off) {
-        return DECLINED;
-    }
-    return send_parsed_file(r);
-}
-
-static const command_rec includes_cmds[] =
-{
-    {"XBitHack", set_xbithack, NULL, OR_OPTIONS, TAKE1, "Off, On, or Full"},
-    {NULL}
-};
-
-static const handler_rec includes_handlers[] =
-{
-    {INCLUDES_MAGIC_TYPE, send_shtml_file},
-    {INCLUDES_MAGIC_TYPE3, send_shtml_file},
-    {"server-parsed", send_parsed_file},
-    {"text/html", xbithack_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT includes_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_includes_dir_config, /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    includes_cmds,              /* command table */
-    includes_handlers,          /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_info.c b/usr.sbin/httpd/src/modules/standard/mod_info.c
deleted file mode 100644
index 3d09421bacd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_info.c
+++ /dev/null
@@ -1,774 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* 
- * Info Module.  Display configuration information for the server and
- * all included modules.
- *
- * 
- * SetHandler server-info
- * 
- *
- * GET /server-info - Returns full configuration page for server and all modules
- * GET /server-info?server - Returns server configuration only
- * GET /server-info?module_name - Returns configuration for a single module
- * GET /server-info?list - Returns quick list of included modules
- *
- * Rasmus Lerdorf , May 1996
- *
- * 05.01.96 Initial Version
- *
- * Lou Langholtz , July 1997
- *
- * 07.11.97 Addition of the AddModuleInfo directive
- * 
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "http_protocol.h"
-#include "util_script.h"
-#include "http_conf_globals.h"
-
-typedef struct {
-    char *name;                 /* matching module name */
-    char *info;                 /* additional info */
-} info_entry;
-
-typedef struct {
-    array_header *more_info;
-} info_svr_conf;
-
-typedef struct info_cfg_lines {
-    char *cmd;
-    char *line;
-    struct info_cfg_lines *next;
-} info_cfg_lines;
-
-typedef struct {                /* shamelessly lifted from http_config.c */
-    char *fname;
-} info_fnames;
-
-typedef struct {
-    info_cfg_lines *clines;
-    char *fname;
-} info_clines;
-
-module MODULE_VAR_EXPORT info_module;
-extern module API_VAR_EXPORT *top_module;
-
-/* shamelessly lifted from http_config.c */
-static int fname_alphasort(const void *fn1, const void *fn2)
-{
-    const info_fnames *f1 = fn1;
-    const info_fnames *f2 = fn2;
-
-    return strcmp(f1->fname,f2->fname);
-}
-
-static void *create_info_config(pool *p, server_rec *s)
-{
-    info_svr_conf *conf = (info_svr_conf *) ap_pcalloc(p, sizeof(info_svr_conf));
-
-    conf->more_info = ap_make_array(p, 20, sizeof(info_entry));
-    return conf;
-}
-
-static void *merge_info_config(pool *p, void *basev, void *overridesv)
-{
-    info_svr_conf *new = (info_svr_conf *) ap_pcalloc(p, sizeof(info_svr_conf));
-    info_svr_conf *base = (info_svr_conf *) basev;
-    info_svr_conf *overrides = (info_svr_conf *) overridesv;
-
-    new->more_info = ap_append_arrays(p, overrides->more_info, base->more_info);
-    return new;
-}
-
-static char *mod_info_html_cmd_string(const char *string, char *buf, size_t buf_len)
-{
-    const char *s;
-    char *t;
-    char *end_buf;
-
-    s = string;
-    t = buf;
-    /* keep space for \0 byte */
-    end_buf = buf + buf_len - 1;
-    while ((*s) && (t < end_buf)) {
-        if (*s == '<') {
-            strncpy(t, "<", end_buf - t);
-            t += 4;
-        }
-        else if (*s == '>') {
-            strncpy(t, ">", end_buf - t);
-            t += 4;
-        }
-        else if (*s == '&') {
-            strncpy(t, "&", end_buf - t);
-            t += 5;
-        }
-        else {
-            *t++ = *s;
-        }
-        s++;
-    }
-    /* oops, overflowed... don't overwrite */
-    if (t > end_buf) {
-        *end_buf = '\0';
-    }
-    else {
-        *t = '\0';
-    }
-    return (buf);
-}
-
-static info_cfg_lines *mod_info_load_config(pool *p, const char *filename,
-                                            request_rec *r)
-{
-    char s[MAX_STRING_LEN];
-    configfile_t *fp;
-    info_cfg_lines *new, *ret, *prev;
-    const char *t;
-
-    fp = ap_pcfg_openfile(p, filename);
-    if (!fp) {
-        ap_log_rerror(APLOG_MARK, APLOG_WARNING, r, 
-                    "mod_info: couldn't open config file %s",
-                    filename);
-        return NULL;
-    }
-    ret = NULL;
-    prev = NULL;
-    while (!ap_cfg_getline(s, MAX_STRING_LEN, fp)) {
-        if (*s == '#') {
-            continue;           /* skip comments */
-        }
-        new = ap_palloc(p, sizeof(struct info_cfg_lines));
-        new->next = NULL;
-        if (!ret) {
-            ret = new;
-        }
-        if (prev) {
-            prev->next = new;
-        }
-        t = s;
-        new->cmd = ap_getword_conf(p, &t);
-        if (*t) {
-            new->line = ap_pstrdup(p, t);
-        }
-        else {
-            new->line = NULL;
-        }
-        prev = new;
-    }
-    ap_cfg_closefile(fp);
-    return (ret);
-}
-
-static void mod_info_module_cmds(request_rec *r, info_cfg_lines *cfg,
-                                 const command_rec *cmds, char *label)
-{
-    const command_rec *cmd = cmds;
-    info_cfg_lines *li = cfg, *li_st = NULL, *li_se = NULL;
-    info_cfg_lines *block_start = NULL;
-    int lab = 0, nest = 0;
-    char buf[MAX_STRING_LEN];
-
-    while (li) {
-        if (!strncasecmp(li->cmd, "cmd, "cmd, "cmd, "next;
-            nest++;
-            continue;
-        }
-        else if (nest && (!strncasecmp(li->cmd, "cmd, "cmd, "cmd, "", r);
-                    if (nest == 2) {
-                        ap_rputs("  ", r);
-                    }
-                    ap_rputs(mod_info_html_cmd_string(li->cmd, buf, sizeof(buf)), r);
-                    ap_rputs(" ", r);
-                    if (li->line) {
-                        ap_rputs(mod_info_html_cmd_string(li->line, buf, sizeof(buf)), r);
-                    }
-                    ap_rputs("\n", r);
-                    nest--;
-                    if (!nest) {
-                        block_start = NULL;
-                        li_st = NULL;
-                    }
-                    else {
-                        block_start = li_st;
-                    }
-                    li_se = NULL;
-                }
-                else {
-                    nest--;
-                    if (!nest) {
-                        li_st = NULL;
-                    }
-                    li_se = NULL;
-                }
-            }
-            else {
-                nest--;
-                if (!nest) {
-                    li_st = NULL;
-                }
-                li_se = NULL;
-            }
-            li = li->next;
-            continue;
-        }
-        cmd = cmds;
-        while (cmd) {
-            if (cmd->name) {
-                if (!strcasecmp(cmd->name, li->cmd)) {
-                    if (!lab) {
-                        ap_rputs("
    ", r);
-                        ap_rputs(label, r);
-                        ap_rputs("\n", r);
-                        lab = 1;
-                    }
-                    if (((nest && block_start == NULL) ||
-                         (nest == 2 && block_start == li_st)) &&
-                        (strncasecmp(li->cmd, "cmd, "cmd, "cmd, "cmd, "cmd, "cmd, "", r);
-                        ap_rputs(mod_info_html_cmd_string(li_st->cmd, buf, sizeof(buf)), r);
-                        ap_rputs(" ", r);
-                        if (li_st->line) {
-                            ap_rputs(mod_info_html_cmd_string(li_st->line, buf, sizeof(buf)), r);
-                        }
-                        ap_rputs("\n", r);
-                        block_start = li_st;
-                        if (li_se) {
-                            ap_rputs("
      ", r);
-                            ap_rputs(mod_info_html_cmd_string(li_se->cmd, buf, sizeof(buf)), r);
-                            ap_rputs(" ", r);
-                            if (li_se->line) {
-                                ap_rputs(mod_info_html_cmd_string(li_se->line, buf, sizeof(buf)), r);
-                            }
-                            ap_rputs("\n", r);
-                            block_start = li_se;
-                        }
-                    }
-                    ap_rputs("
    ", r);
-                    if (nest) {
-                        ap_rputs("  ", r);
-                    }
-                    if (nest == 2) {
-                        ap_rputs("  ", r);
-                    }
-                    ap_rputs(mod_info_html_cmd_string(li->cmd, buf, sizeof(buf)), r);
-                    if (li->line) {
-                        ap_rputs(" ", r);
-                        ap_rputs(mod_info_html_cmd_string(li->line, buf, sizeof(buf)), r);
-                        ap_rputs("", r);
-                    }
-                    ap_rputs("", r);
-                }
-            }
-            else
-                break;
-            cmd++;
-        }
-        li = li->next;
-    }
-}
-
-static char *find_more_info(server_rec *s, const char *module_name)
-{
-    int i;
-    info_svr_conf *conf = (info_svr_conf *) ap_get_module_config(s->module_config,
-                                                              &info_module);
-    info_entry *entry = (info_entry *) conf->more_info->elts;
-
-    if (!module_name) {
-        return 0;
-    }
-    for (i = 0; i < conf->more_info->nelts; i++) {
-        if (!strcmp(module_name, entry->name)) {
-            return entry->info;
-        }
-        entry++;
-    }
-    return 0;
-}
-
-static void mod_info_dirwalk(pool *p, const char *fname,
-                             request_rec *r, array_header *carray)
-{
-    info_clines *cnew = NULL;
-    info_cfg_lines *mod_info_cfg_tmp = NULL;
-
-    if (!ap_is_rdirectory(fname)) {
-        mod_info_cfg_tmp = mod_info_load_config(p, fname, r);
-        cnew = (info_clines *) ap_push_array(carray);
-        cnew->fname = ap_pstrdup(p, fname);
-        cnew->clines = mod_info_cfg_tmp;
-    } else {
-        DIR *dirp;
-        struct DIR_TYPE *dir_entry;
-        int current;
-        array_header *candidates = NULL;
-        info_fnames *fnew;
-
-        dirp = ap_popendir(p, fname);
-        if (dirp == NULL) {
-            ap_log_rerror(APLOG_MARK, APLOG_WARNING, r, 
-                    "mod_info: couldn't open config directory %s",
-                    fname);
-            return;
-        }
-        candidates = ap_make_array(p, 1, sizeof(info_fnames));
-        while ((dir_entry = readdir(dirp)) != NULL) {
-            /* strip out '.' and '..' */
-            if (strcmp(dir_entry->d_name, ".") &&
-                strcmp(dir_entry->d_name, "..")) {
-                fnew = (info_fnames *) ap_push_array(candidates);
-                fnew->fname = ap_make_full_path(p, fname, dir_entry->d_name);
-            }
-        }
-        ap_pclosedir(p, dirp);
-        if (candidates->nelts != 0) {
-            qsort((void *) candidates->elts, candidates->nelts,
-              sizeof(info_fnames), fname_alphasort);
-            for (current = 0; current < candidates->nelts; ++current) {
-                fnew = &((info_fnames *) candidates->elts)[current];
-                mod_info_dirwalk(p, fnew->fname, r, carray);
-            }
-        }
-    }
-    return;
-}
-
-static int display_info(request_rec *r)
-{
-    module *modp = NULL;
-    char buf[MAX_STRING_LEN], *cfname;
-    char *more_info;
-    const command_rec *cmd = NULL;
-    const handler_rec *hand = NULL;
-    server_rec *serv = r->server;
-    int comma = 0;
-    array_header *allconfigs = NULL;
-    info_clines *cnew = NULL;
-    int current;
-    char *relpath;
-
-    r->allowed |= (1 << M_GET);
-    if (r->method_number != M_GET)
-        return DECLINED;
-
-    r->content_type = "text/html";
-    ap_send_http_header(r);
-    if (r->header_only) {
-        return 0;
-    }
-    ap_hard_timeout("send server info", r);
-
-    ap_rputs(DOCTYPE_HTML_3_2
-             "Server Information\n", r);
-    ap_rputs("
    Apache Server Information
    \n", r);
-    if (!r->args || strcasecmp(r->args, "list")) {
-        allconfigs = ap_make_array(r->pool, 1, sizeof(info_clines));
-        cfname = ap_server_root_relative(r->pool, ap_server_confname);
-        mod_info_dirwalk(r->pool, cfname, r, allconfigs);
-        cfname = ap_server_root_relative(r->pool, serv->srm_confname);
-        mod_info_dirwalk(r->pool, cfname, r, allconfigs);
-        cfname = ap_server_root_relative(r->pool, serv->access_confname);
-        mod_info_dirwalk(r->pool, cfname, r, allconfigs);
-        if (!r->args) {
-            ap_rputs("Server Settings, ", r);
-            for (modp = top_module; modp; modp = modp->next) {
-                ap_rprintf(r, "%s", modp->name, modp->name);
-                if (modp->next) {
-                    ap_rputs(", ", r);
-                }
-            }
-            ap_rputs("
    ", r);
-
-        }
-        if (!r->args || !strcasecmp(r->args, "server")) {
-            ap_rprintf(r, "Server Version: "
-                        "%s
    \n",
-                        ap_get_server_version());
-            ap_rprintf(r, "API Version: "
-                        "%d:%d
    \n",
-                        MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR);
-            ap_rprintf(r, "Run Mode: %s
    \n",
-                        (ap_standalone ? "standalone" : "inetd"));
-            ap_rprintf(r, "User/Group: "
-                        "%s(%d)/%d
    \n",
-                        ap_user_name, (int) ap_user_id, (int) ap_group_id);
-            ap_rprintf(r, "Hostname/port: "
-                        "%s:%u
    \n",
-                        serv->server_hostname, serv->port);
-            ap_rprintf(r, "Daemons: "
-                        "start: %d    "
-                        "min idle: %d    "
-                        "max idle: %d    "
-                        "max: %d
    \n",
-                        ap_daemons_to_start, ap_daemons_min_free,
-                        ap_daemons_max_free, ap_daemons_limit);
-            ap_rprintf(r, "Per-child rlimits:
    \n"
-                        "RLIMIT_CPU: %d    
    \n"
-                        "RLIMIT_DATA: %d    
    \n"
-                        "RLIMIT_NOFILE: %d    
    \n"
-                        "RLIMIT_RSS: %d    
    \n"
-                        "RLIMIT_STACK: %d    
    \n",
-                        ap_max_cpu_per_child, ap_max_data_per_child,
-                        ap_max_nofile_per_child, ap_max_rss_per_child,
-                        ap_max_stack_per_child);
-            ap_rprintf(r, "Max Requests: "
-                        "per child: %d    "
-                        "keep alive: %s    "
-                        "max per connection: %d
    \n",
-                        ap_max_requests_per_child,
-                        (serv->keep_alive ? "on" : "off"),
-                        serv->keep_alive_max);
-            ap_rprintf(r, "Threads: "
-                        "per child: %d    
    \n",
-                        ap_threads_per_child);
-            ap_rprintf(r, "Excess requests: "
-                        "per child: %d    
    \n",
-                        ap_excess_requests_per_child);
-            ap_rprintf(r, "Timeouts: "
-                        "connection: %d    "
-                        "keep-alive: %d
    ",
-                        serv->timeout, serv->keep_alive_timeout);
-            ap_rprintf(r, "Server Root: "
-                        "%s
    \n", ap_server_root);
-            ap_rprintf(r, "Config File: "
-                        "%s
    \n", ap_server_confname);
-            ap_rprintf(r, "PID File: "
-                        "%s
    \n", ap_pid_fname);
-            ap_rprintf(r, "Scoreboard File: "
-                        "%s
    \n", ap_scoreboard_fname);
-        }
-        ap_rputs("
    ", r);
-        for (modp = top_module; modp; modp = modp->next) {
-            if (!r->args || !strcasecmp(modp->name, r->args)) {
-                ap_rprintf(r, "
    Module Name: "
-                            "%s\n",
-                            modp->name, modp->name);
-                ap_rputs("
    Content handlers:", r);
-                hand = modp->handlers;
-                if (hand) {
-                    while (hand) {
-                        if (hand->content_type) {
-                            ap_rprintf(r, " %s\n", hand->content_type);
-                        }
-                        else {
-                            break;
-                        }
-                        hand++;
-                        if (hand && hand->content_type) {
-                            ap_rputs(",", r);
-                        }
-                    }
-                }
-                else {
-                    ap_rputs(" none", r);
-                }
-                ap_rputs("
    Configuration Phase Participation: \n",
-                      r);
-                if (modp->child_init) {
-                    ap_rputs("Child Init", r);
-                    comma = 1;
-                }
-                if (modp->create_dir_config) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Create Directory Config", r);
-                    comma = 1;
-                }
-                if (modp->merge_dir_config) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Merge Directory Configs", r);
-                    comma = 1;
-                }
-                if (modp->create_server_config) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Create Server Config", r);
-                    comma = 1;
-                }
-                if (modp->merge_server_config) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Merge Server Configs", r);
-                    comma = 1;
-                }
-                if (modp->child_exit) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Child Exit", r);
-                    comma = 1;
-                }
-                if (!comma)
-                    ap_rputs(" none", r);
-                comma = 0;
-                ap_rputs("
    Request Phase Participation: \n",
-                      r);
-                if (modp->post_read_request) {
-                    ap_rputs("Post-Read Request", r);
-                    comma = 1;
-                }
-                if (modp->header_parser) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Header Parse", r);
-                    comma = 1;
-                }
-                if (modp->translate_handler) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Translate Path", r);
-                    comma = 1;
-                }
-                if (modp->access_checker) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Check Access", r);
-                    comma = 1;
-                }
-                if (modp->ap_check_user_id) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Verify User ID", r);
-                    comma = 1;
-                }
-                if (modp->auth_checker) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Verify User Access", r);
-                    comma = 1;
-                }
-                if (modp->type_checker) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Check Type", r);
-                    comma = 1;
-                }
-                if (modp->fixer_upper) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Fixups", r);
-                    comma = 1;
-                }
-                if (modp->logger) {
-                    if (comma) {
-                        ap_rputs(", ", r);
-                    }
-                    ap_rputs("Logging", r);
-                    comma = 1;
-                }
-                if (!comma)
-                    ap_rputs(" none", r);
-                comma = 0;
-                ap_rputs("
    Module Directives: ", r);
-                cmd = modp->cmds;
-                if (cmd) {
-                    while (cmd) {
-                        if (cmd->name) {
-                            ap_rprintf(r, "
    %s - ",
-                                    mod_info_html_cmd_string(cmd->name,
-                                        buf, sizeof(buf)));
-                            if (cmd->errmsg) {
-                                ap_rputs(cmd->errmsg, r);
-                            }
-                            ap_rputs("\n", r);
-                        }
-                        else {
-                            break;
-                        }
-                        cmd++;
-                    }
-                    ap_rputs("
    Current Configuration:\n", r);
-                    for (current = 0; current < allconfigs->nelts; ++current) {
-                        cnew = &((info_clines *) allconfigs->elts)[current];
-                        /* get relative pathname with some safeguards */
-			relpath = ap_stripprefix(cnew->fname,ap_server_root);
-			if (*relpath != '\0' && relpath != cnew->fname &&
-                            *relpath == '/')
-                            relpath++;
-                        mod_info_module_cmds(r, cnew->clines, modp->cmds,
-                                             relpath);
-                    }
-                }
-                else {
-                    ap_rputs(" none\n", r);
-                }
-                more_info = find_more_info(serv, modp->name);
-                if (more_info) {
-                    ap_rputs("
    Additional Information:\n
    ",
-                          r);
-                    ap_rputs(more_info, r);
-                }
-                ap_rputs("
    \n", r);
-                if (r->args) {
-                    break;
-                }
-            }
-        }
-        if (!modp && r->args && strcasecmp(r->args, "server")) {
-            ap_rputs("No such module\n", r);
-        }
-    }
-    else {
-        for (modp = top_module; modp; modp = modp->next) {
-            ap_rputs(modp->name, r);
-            if (modp->next) {
-                ap_rputs("
    ", r);
-            }
-        }
-    }
-    ap_rputs("
    \n", r);
-    ap_rputs(ap_psignature("",r), r);
-    ap_rputs("\n", r);
-    /* Done, turn off timeout, close file and return */
-    ap_kill_timeout(r);
-    return 0;
-}
-
-static const char *add_module_info(cmd_parms *cmd, void *dummy, char *name,
-                                   char *info)
-{
-    server_rec *s = cmd->server;
-    info_svr_conf *conf = (info_svr_conf *) ap_get_module_config(s->module_config,
-                                                              &info_module);
-    info_entry *new = ap_push_array(conf->more_info);
-
-    new->name = name;
-    new->info = info;
-    return NULL;
-}
-
-static const command_rec info_cmds[] =
-{
-    {"AddModuleInfo", add_module_info, NULL, RSRC_CONF, TAKE2,
-     "a module name and additional information on that module"},
-    {NULL}
-};
-
-static const handler_rec info_handlers[] =
-{
-    {"server-info", display_info},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT info_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    NULL,                       /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    create_info_config,         /* server config */
-    merge_info_config,          /* merge server config */
-    info_cmds,                  /* command table */
-    info_handlers,              /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_log_agent.c b/usr.sbin/httpd/src/modules/standard/mod_log_agent.c
deleted file mode 100644
index d3b25799f13..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_log_agent.c
+++ /dev/null
@@ -1,193 +0,0 @@
-/*	$OpenBSD: mod_log_agent.c,v 1.8 2004/12/02 19:42:48 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "fdcache.h"
-
-module agent_log_module;
-
-static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
-static mode_t xfer_mode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-
-typedef struct {
-    char *fname;
-    int agent_fd;
-} agent_log_state;
-
-static void *make_agent_log_state(pool *p, server_rec *s)
-{
-    agent_log_state *cls =
-    (agent_log_state *) ap_palloc(p, sizeof(agent_log_state));
-
-    cls->fname = "";
-    cls->agent_fd = -1;
-
-    return (void *) cls;
-}
-
-static const char *set_agent_log(cmd_parms *parms, void *dummy, char *arg)
-{
-    agent_log_state *cls = ap_get_module_config(parms->server->module_config,
-                                             &agent_log_module);
-
-    cls->fname = arg;
-    return NULL;
-}
-
-static const command_rec agent_log_cmds[] =
-{
-    {"AgentLog", set_agent_log, NULL, RSRC_CONF, TAKE1,
-     "the filename of the agent log"},
-    {NULL}
-};
-
-static void open_agent_log(server_rec *s, pool *p)
-{
-    agent_log_state *cls = ap_get_module_config(s->module_config,
-                                             &agent_log_module);
-
-    char *fname = ap_server_root_relative(p, cls->fname);
-
-    if (cls->agent_fd > 0)
-        return;                 /* virtual log shared w/main server */
-
-    if (*cls->fname == '|') {
-        piped_log *pl;
-
-        pl = ap_open_piped_log(p, cls->fname + 1);
-        if (pl == NULL) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, s,
-			 "couldn't spawn agent log pipe");
-            exit(1);
-        }
-        cls->agent_fd = ap_piped_log_write_fd(pl);
-    }
-    else if (*cls->fname != '\0') {
-	if (ap_server_chroot_desired())
-	    cls->agent_fd = fdcache_open(fname, xfer_flags, xfer_mode);
-	else
-	    cls->agent_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1);
-
-        if (cls->agent_fd < 0) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "could not open agent log file %s.", fname);
-            exit(1);
-        }
-    }
-}
-
-static void init_agent_log(server_rec *s, pool *p)
-{
-    for (; s; s = s->next)
-        open_agent_log(s, p);
-}
-
-static int agent_log_transaction(request_rec *orig)
-{
-    agent_log_state *cls = ap_get_module_config(orig->server->module_config,
-                                             &agent_log_module);
-
-    char str[HUGE_STRING_LEN];
-    const char *agent;
-    request_rec *r;
-
-    if (cls->agent_fd < 0)
-        return OK;
-
-    for (r = orig; r->next; r = r->next)
-        continue;
-    if (*cls->fname == '\0')    /* Don't log agent */
-        return DECLINED;
-
-    agent = ap_table_get(orig->headers_in, "User-Agent");
-    if (agent != NULL) {
-        ap_snprintf(str, sizeof(str), "%s\n", agent);
-        write(cls->agent_fd, str, strlen(str));
-    }
-
-    return OK;
-}
-
-module agent_log_module =
-{
-    STANDARD_MODULE_STUFF,
-    init_agent_log,             /* initializer */
-    NULL,                       /* create per-dir config */
-    NULL,                       /* merge per-dir config */
-    make_agent_log_state,       /* server config */
-    NULL,                       /* merge server config */
-    agent_log_cmds,             /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    agent_log_transaction,      /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_log_config.c b/usr.sbin/httpd/src/modules/standard/mod_log_config.c
deleted file mode 100644
index 64e93178978..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_log_config.c
+++ /dev/null
@@ -1,1223 +0,0 @@
-/*	$OpenBSD: mod_log_config.c,v 1.20 2013/01/06 22:06:54 martynas Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * Modified by djm@va.pubnix.com:
- * If no TransferLog is given explicitly, decline to log.
- *
- * This is module implements the TransferLog directive (same as the
- * common log module), and additional directives, LogFormat and CustomLog.
- *
- *
- * Syntax:
- *
- *    TransferLog fn      Logs transfers to fn in standard log format, unless
- *                        a custom format is set with LogFormat
- *    LogFormat format    Set a log format from TransferLog files
- *    CustomLog fn format
- *                        Log to file fn with format given by the format
- *                        argument
- *
- *    CookieLog fn        For backwards compatibility with old Cookie
- *                        logging module - now deprecated.
- *
- * There can be any number of TransferLog and CustomLog
- * commands. Each request will be logged to _ALL_ the
- * named files, in the appropriate format.
- *
- * If no TransferLog or CustomLog directive appears in a VirtualHost,
- * the request will be logged to the log file(s) defined outside
- * the virtual host section. If a TransferLog or CustomLog directive
- * appears in the VirtualHost section, the log files defined outside
- * the VirtualHost will _not_ be used. This makes this module compatible
- * with the CLF and config log modules, where the use of TransferLog
- * inside the VirtualHost section overrides its use outside.
- *
- * Examples:
- *
- *    TransferLog    logs/access_log
- *    
- *    LogFormat      "... custom format ..."
- *    TransferLog    log/virtual_only
- *    CustomLog      log/virtual_useragents "%t %{user-agent}i"
- *    
- *
- * This will log using CLF to access_log any requests handled by the
- * main server, while any requests to the virtual host will be logged
- * with the "... custom format..." to virtual_only _AND_ using
- * the custom user-agent log to virtual_useragents.
- *
- * Note that the NCSA referer and user-agent logs are easily added with
- * CustomLog:
- *   CustomLog   logs/referer  "%{referer}i -> %U"
- *   CustomLog   logs/agent    "%{user-agent}i"
- *
- * RefererIgnore functionality can be obtained with conditional
- * logging (SetEnvIf and CustomLog ... env=!VAR).
- *
- * But using this method allows much easier modification of the
- * log format, e.g. to log hosts along with UA:
- *   CustomLog   logs/referer "%{referer}i %U %h"
- *
- * The argument to LogFormat and CustomLog is a string, which can include
- * literal characters copied into the log files, and '%' directives as
- * follows:
- *
- * %...B:  bytes sent, excluding HTTP headers.
- * %...b:  bytes sent, excluding HTTP headers in CLF format, i.e. a '-'
- *         when no bytes where sent (rather than a '0'.
- * %...c:  Status of the connection.
- *         'X' = connection aborted before the response completed.
- *         '+' = connection may be kept alive after the response is sent.
- *         '-' = connection will be closed after the response is sent.
- * %...{FOOBAR}e:  The contents of the environment variable FOOBAR
- * %...f:  filename
- * %...h:  remote host
- * %...a:  remote IP-address
- * %...A:  local IP-address
- * %...{Foobar}i:  The contents of Foobar: header line(s) in the request
- *                 sent to the client.
- * %...l:  remote logname (from identd, if supplied)
- * %...{Foobar}n:  The contents of note "Foobar" from another module.
- * %...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
- * %...p:  the port the request was served to
- * %...P:  the process ID of the child that serviced the request.
- * %...r:  first line of request
- * %...s:  status.  For requests that got internally redirected, this
- *         is status of the *original* request --- %...>s for the last.
- * %...t:  time, in common log format time format
- * %...{format}t:  The time, in the form given by format, which should
- *                 be in strftime(3) format.
- * %...T:  the time taken to serve the request, in seconds.
- * %...u:  remote user (from auth; may be bogus if return status (%s) is 401)
- * %...U:  the URL path requested.
- * %...v:  the configured name of the server (i.e. which virtual host?)
- * %...V:  the server name according to the UseCanonicalName setting
- * %...m:  the request method
- * %...H:  the request protocol
- * %...q:  the query string prepended by "?", or empty if no query string
- *
- * The '...' can be nothing at all (e.g. "%h %u %r %s %b"), or it can
- * indicate conditions for inclusion of the item (which will cause it
- * to be replaced with '-' if the condition is not met).  Note that
- * there is no escaping performed on the strings from %r, %...i and
- * %...o; some with long memories may remember that I thought this was
- * a bad idea, once upon a time, and I'm still not comfortable with
- * it, but it is difficult to see how to "do the right thing" with all
- * of '%..i', unless we URL-escape everything and break with CLF.
- *
- * The forms of condition are a list of HTTP status codes, which may
- * or may not be preceded by '!'.  Thus, '%400,501{User-agent}i' logs
- * User-agent: on 400 errors and 501 errors (Bad Request, Not
- * Implemented) only; '%!200,304,302{Referer}i' logs Referer: on all
- * requests which did *not* return some sort of normal status.
- *
- * The default LogFormat reproduces CLF; see below.
- *
- * The way this is supposed to work with virtual hosts is as follows:
- * a virtual host can have its own LogFormat, or its own TransferLog.
- * If it doesn't have its own LogFormat, it inherits from the main
- * server.  If it doesn't have its own TransferLog, it writes to the
- * same descriptor (meaning the same process for "| ...").
- *
- * --- rst */
-
-#define DEFAULT_LOG_FORMAT "%h %l %u %t \"%r\" %>s %b"
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"		/* For REMOTE_NAME */
-#include "http_log.h"
-#include "http_main.h"
-#include "fdcache.h"
-#include 
-
-module MODULE_VAR_EXPORT config_log_module;
-
-static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
-static mode_t xfer_mode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-
-/* POSIX.1 defines PIPE_BUF as the maximum number of bytes that is
- * guaranteed to be atomic when writing a pipe.  And PIPE_BUF >= 512
- * is guaranteed.  So we'll just guess 512 in the event the system
- * doesn't have this.  Now, for file writes there is actually no limit,
- * the entire write is atomic.  Whether all systems implement this
- * correctly is another question entirely ... so we'll just use PIPE_BUF
- * because it's probably a good guess as to what is implemented correctly
- * everywhere.
- */
-#ifdef PIPE_BUF
-#define LOG_BUFSIZE     PIPE_BUF
-#else
-#define LOG_BUFSIZE     (512)
-#endif
-
-/*
- * multi_log_state is our per-(virtual)-server configuration. We store
- * an array of the logs we are going to use, each of type config_log_state.
- * If a default log format is given by LogFormat, store in default_format
- * (backward compat. with mod_log_config).  We also store for each virtual
- * server a pointer to the logs specified for the main server, so that if this
- * vhost has no logs defined, we can use the main server's logs instead.
- *
- * So, for the main server, config_logs contains a list of the log files
- * and server_config_logs in empty. For a vhost, server_config_logs
- * points to the same array as config_logs in the main server, and
- * config_logs points to the array of logs defined inside this vhost,
- * which might be empty.
- */
-typedef struct {
-	char		*default_format_string;
-	array_header	*default_format;
-	array_header	*config_logs;
-	array_header	*server_config_logs;
-	table		*formats;
-} multi_log_state;
-
-/*
- * config_log_state holds the status of a single log file. fname might
- * be NULL, which means this module does no logging for this
- * request. format might be NULL, in which case the default_format
- * from the multi_log_state should be used, or if that is NULL as
- * well, use the CLF. log_fd is -1 before the log file is opened and
- * set to a valid fd after it is opened.
- */
-typedef struct {
-	char		*fname;
-	char		*format_string;
-	array_header	*format;
-	int		 log_fd;
-	char		*condition_var;
-#ifdef BUFFERED_LOGS
-	int		 outcnt;
-	char		 outbuf[LOG_BUFSIZE];
-#endif
-} config_log_state;
-
-/*
- * Format items...
- * Note that many of these could have ap_sprintfs replaced with static buffers.
- */
-typedef const char *(*item_key_func) (request_rec *, char *);
-
-typedef struct {
-	char		 ch;
-	item_key_func	 func;
-	char		*arg;
-	int		 condition_sense;
-	int		 want_orig;
-	array_header	*conditions;
-} log_format_item;
-
-static char *
-format_integer(pool *p, int i)
-{
-	return ap_psprintf(p, "%d", i);
-}
-
-static char *
-pfmt(pool *p, int i)
-{
-	if (i <= 0)
-		return "-";
-	else
-		return format_integer(p, i);
-}
-
-static const char *
-constant_item(request_rec *dummy, char *stuff)
-{
-	return stuff;
-}
-
-static const char *
-log_remote_host(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, ap_get_remote_host(r->connection,
-	    r->per_dir_config, REMOTE_NAME));
-}
-
-static const char *
-log_remote_address(request_rec *r, char *a)
-{
-	return r->connection->remote_ip;
-}
-
-static const char *
-log_local_address(request_rec *r, char *a)
-{
-	return r->connection->local_ip;
-}
-
-static const char *
-log_remote_logname(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, ap_get_remote_logname(r));
-}
-
-static const char *
-log_remote_user(request_rec *r, char *a)
-{
-	char *rvalue = r->connection->user;
-
-	if (rvalue == NULL)
-		rvalue = "-";
-	else if (strlen(rvalue) == 0)
-		rvalue = "\"\"";
-	else
-		rvalue = ap_escape_logitem(r->pool, rvalue);
-	return rvalue;
-}
-
-static const char *
-log_request_line(request_rec *r, char *a)
-{
-	/*
-         * NOTE: If the original request contained a password, we re-write the
-         * request line here to contain XXXXXX instead: (note the truncation
-         * before the protocol string for HTTP/0.9 requests) (note also that
-         * r->the_request contains the unmodified request)
-         */
-	return ap_escape_logitem(r->pool,
-	      (r->parsed_uri.password) ? ap_pstrcat(r->pool, r->method, " ",
-		      ap_unparse_uri_components(r->pool, &r->parsed_uri, 0),
-			    r->assbackwards ? NULL : " ", r->protocol, NULL)
-				 : r->the_request
-	);
-}
-
-static const char *
-log_request_file(request_rec *r, char *a)
-{
-	return r->filename;
-}
-
-static const char *
-log_request_uri(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, r->uri);
-}
-
-static const char *
-log_request_method(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, r->method);
-}
-
-static const char *log_request_protocol(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, r->protocol);
-}
-
-static const char *log_request_query(request_rec *r, char *a)
-{
-	return (r->args != NULL) ? ap_pstrcat(r->pool, "?",
-	    ap_escape_logitem(r->pool, r->args), NULL)
-	    : "";
-}
-
-static const char *
-log_status(request_rec *r, char *a)
-{
-	return pfmt(r->pool, r->status);
-}
-
-static const char *
-clf_log_bytes_sent(request_rec *r, char *a)
-{
-	if (!r->sent_bodyct)
-		return "-";
-	else {
-		off_t bs;
-		ap_bgetopt(r->connection->client, BO_BYTECT, &bs);
-		return ap_psprintf(r->pool, "%qd", bs);
-	}
-}
-
-static const char *
-log_bytes_sent(request_rec *r, char *a)
-{
-	if (!r->sent_bodyct)
-		return "0";
-	else {
-		off_t bs;
-		ap_bgetopt(r->connection->client, BO_BYTECT, &bs);
-		return ap_psprintf(r->pool, "%qd", bs);
-	}
-}
-
-static const char *
-log_header_in(request_rec *r, char *a)
-{
-	return ap_escape_logitem(r->pool, ap_table_get(r->headers_in, a));
-}
-
-static const char *
-log_header_out(request_rec *r, char *a)
-{
-	const char *cp = ap_table_get(r->headers_out, a);
-
-	if (!strcasecmp(a, "Content-type") && r->content_type)
-		cp = ap_field_noparam(r->pool, r->content_type);
-
-	if (cp)
-		return cp;
-
-	return ap_table_get(r->err_headers_out, a);
-}
-
-static const char *
-log_note(request_rec *r, char *a)
-{
-	return ap_table_get(r->notes, a);
-}
-
-static const char *
-log_env_var(request_rec *r, char *a)
-{
-	return ap_table_get(r->subprocess_env, a);
-}
-
-static const char *
-log_request_time(request_rec *r, char *a)
-{
-	int timz;
-	struct tm *t;
-	char tstr[MAX_STRING_LEN];
-
-	t = ap_get_gmtoff(&timz);
-
-	if (a && *a)		/* Custom format */
-		strftime(tstr, MAX_STRING_LEN, a, t);
-	else {			/* CLF format */
-		char sign = (timz < 0 ? '-' : '+');
-
-		if (timz < 0)
-			timz = -timz;
-
-		ap_snprintf(tstr, sizeof(tstr),
-		    "[%02d/%s/%d:%02d:%02d:%02d %c%.2d%.2d]",
-		    t->tm_mday, ap_month_snames[t->tm_mon], t->tm_year + 1900,
-		    t->tm_hour, t->tm_min, t->tm_sec,
-		    sign, timz / 60, timz % 60);
-	}
-
-	return ap_pstrdup(r->pool, tstr);
-}
-
-static const char *
-log_request_duration(request_rec *r, char *a)
-{
-	return ap_psprintf(r->pool, "%ld",
-	    (long)(time(NULL) - r->request_time));
-}
-
-/*
- * These next two routines use the canonical name:port so that log
- * parsers don't need to duplicate all the vhost parsing crud.
- */
-static const char *
-log_virtual_host(request_rec *r, char *a)
-{
-	return r->server->server_hostname;
-}
-
-static const char *
-log_server_port(request_rec *r, char *a)
-{
-	return ap_psprintf(r->pool, "%u",
-	    r->server->port ? r->server->port : ap_default_port(r));
-}
-
-/*
- * This respects the setting of UseCanonicalName so that
- * the dynamic mass virtual hosting trick works better.
- */
-static const char *
-log_server_name(request_rec *r, char *a)
-{
-	return ap_get_server_name(r);
-}
-
-static const char *
-log_child_pid(request_rec *r, char *a)
-{
-	return ap_psprintf(r->pool, "%ld", (long) getpid());
-}
-
-static const char *
-log_connection_status(request_rec *r, char *a)
-{
-	if (r->connection->aborted)
-		return "X";
-
-	if ((r->connection->keepalive) &&
-	    ((r->server->keep_alive_max - r->connection->keepalives) > 0))
-		return "+";
-
-	return "-";
-}
-
-/* Parsing the log format string */
-static struct log_item_list {
-	char ch;
-	item_key_func func;
-	int want_orig_default;
-}             log_item_keys[] = {
-
-	{
-		'h', log_remote_host, 0
-	},
-	{
-		'a', log_remote_address, 0
-	},
-	{
-		'A', log_local_address, 0
-	},
-	{
-		'l', log_remote_logname, 0
-	},
-	{
-		'u', log_remote_user, 0
-	},
-	{
-		't', log_request_time, 0
-	},
-	{
-		'T', log_request_duration, 1
-	},
-	{
-		'r', log_request_line, 1
-	},
-	{
-		'f', log_request_file, 0
-	},
-	{
-		'U', log_request_uri, 1
-	},
-	{
-		's', log_status, 1
-	},
-	{
-		'b', clf_log_bytes_sent, 0
-	},
-	{
-		'B', log_bytes_sent, 0
-	},
-	{
-		'i', log_header_in, 0
-	},
-	{
-		'o', log_header_out, 0
-	},
-	{
-		'n', log_note, 0
-	},
-	{
-		'e', log_env_var, 0
-	},
-	{
-		'V', log_server_name, 0
-	},
-	{
-		'v', log_virtual_host, 0
-	},
-	{
-		'p', log_server_port, 0
-	},
-	{
-		'P', log_child_pid, 0
-	},
-	{
-		'H', log_request_protocol, 0
-	},
-	{
-		'm', log_request_method, 0
-	},
-	{
-		'q', log_request_query, 0
-	},
-	{
-		'c', log_connection_status, 0
-	},
-	{
-		'\0'
-	}
-};
-
-static struct log_item_list *
-find_log_func(pool *p, char k)
-{
-	int i;
-	struct log_item_list *lil;
-
-	for (i = 0; log_item_keys[i].ch; ++i)
-		if (k == log_item_keys[i].ch)
-			return &log_item_keys[i];
-
-	if (ap_hook_status(ap_psprintf(p, "ap::mod_log_config::log_%c", k))
-	    != AP_HOOK_STATE_NOTEXISTANT) {
-		lil = (struct log_item_list *)
-		    ap_pcalloc(p, sizeof(struct log_item_list));
-		if (lil == NULL)
-			return NULL;
-		lil->ch = k;
-		lil->func = NULL;
-		lil->want_orig_default = 0;
-		return lil;
-	}
-
-	return NULL;
-}
-
-static char *
-parse_log_misc_string(pool *p, log_format_item * it, const char **sa)
-{
-	const char *s;
-	char *d;
-
-	it->func = constant_item;
-	it->conditions = NULL;
-
-	s = *sa;
-	while (*s && *s != '%')
-		s++;
-
-	/*
-         * This might allocate a few chars extra if there's a backslash
-         * escape in the format string.
-         */
-	it->arg = ap_palloc(p, s - *sa + 1);
-
-	d = it->arg;
-	s = *sa;
-	while (*s && *s != '%') {
-		if (*s != '\\')
-			*d++ = *s++;
-		else {
-			s++;
-			switch (*s) {
-			case '\\':
-				*d++ = '\\';
-				s++;
-				break;
-			case 'n':
-				*d++ = '\n';
-				s++;
-				break;
-			case 't':
-				*d++ = '\t';
-				s++;
-				break;
-			default:
-				/* copy verbatim */
-				*d++ = '\\';
-				/*
-				 * Allow the loop to deal with this *s in
-				 * the normal
-				 * fashion so that it handles end of string etc.
-				 * properly.
-				 */
-				break;
-			}
-		}
-	}
-	*d = '\0';
-
-	*sa = s;
-	return NULL;
-}
-
-static char *
-parse_log_item(pool *p, log_format_item * it, const char **sa)
-{
-	const char *s = *sa;
-
-	if (*s != '%')
-		return parse_log_misc_string(p, it, sa);
-
-	++s;
-	it->condition_sense = 0;
-	it->conditions = NULL;
-	it->want_orig = -1;
-	it->arg = "";		/* For safety's sake... */
-
-	while (*s) {
-		int i;
-		struct log_item_list *l;
-
-		switch (*s) {
-		case '!':
-			++s;
-			it->condition_sense = !it->condition_sense;
-			break;
-		case '<':
-			++s;
-			it->want_orig = 1;
-			break;
-		case '>':
-			++s;
-			it->want_orig = 0;
-			break;
-		case ',':
-			++s;
-			break;
-		case '{':
-			++s;
-			it->arg = ap_getword(p, &s, '}');
-			break;
-		case '0':
-		case '1':
-		case '2':
-		case '3':
-		case '4':
-		case '5':
-		case '6':
-		case '7':
-		case '8':
-		case '9':
-			i = *s - '0';
-			while (ap_isdigit(*++s))
-				i = i * 10 + (*s) - '0';
-			if (!it->conditions)
-				it->conditions = ap_make_array(p, 4,
-				    sizeof(int));
-			*(int *)ap_push_array(it->conditions) = i;
-			break;
-		default:
-			l = find_log_func(p, *s++);
-			if (!l) {
-				char dummy[2];
-
-				dummy[0] = s[-1];
-				dummy[1] = '\0';
-				return ap_pstrcat(p, "Unrecognized LogFormat "
-				    "directive %", dummy, NULL);
-			}
-			it->ch = s[-1];
-			it->func = l->func;
-			if (it->want_orig == -1)
-				it->want_orig = l->want_orig_default;
-			*sa = s;
-			return NULL;
-		}
-	}
-
-	return "Ran off end of LogFormat parsing args to some directive";
-}
-
-static array_header *
-parse_log_string(pool *p, const char *s, const char **err)
-{
-	array_header *a = ap_make_array(p, 30, sizeof(log_format_item));
-	char *res;
-
-	while (*s) {
-		if ((res = parse_log_item(p,
-		    (log_format_item *)ap_push_array(a), &s))) {
-			*err = res;
-			return NULL;
-		}
-	}
-
-	s = "\n";
-	parse_log_item(p, (log_format_item *) ap_push_array(a), &s);
-	return a;
-}
-
-/* Actually logging. */
-static const char *
-process_item(request_rec *r, request_rec *orig, log_format_item * item)
-{
-	const char *cp;
-
-	/* First, see if we need to process this thing at all... */
-	if (item->conditions && item->conditions->nelts != 0) {
-		int i;
-		int *conds = (int *)item->conditions->elts;
-		int in_list = 0;
-
-		for (i = 0; i < item->conditions->nelts; ++i) {
-			if (r->status == conds[i]) {
-				in_list = 1;
-				break;
-			}
-		}
-
-		if ((item->condition_sense && in_list)
-		    || (!item->condition_sense && !in_list))
-			return "-";
-	}
-
-	/* We do.  Do it... */
-	if (item->func == NULL) {
-		cp = NULL;
-		ap_hook_use(ap_psprintf(r->pool, "ap::mod_log_config::log_%c",
-		    item->ch), AP_HOOK_SIG3(ptr, ptr, ptr),
-		    AP_HOOK_DECLINE(NULL), &cp, r, item->arg);
-	} else
-		cp = (*item->func) (item->want_orig ? orig : r, item->arg);
-	return cp ? cp : "-";
-}
-
-#ifdef BUFFERED_LOGS
-static void
-flush_log(config_log_state * cls)
-{
-	if (cls->outcnt && cls->log_fd != -1) {
-		write(cls->log_fd, cls->outbuf, cls->outcnt);
-		cls->outcnt = 0;
-	}
-}
-#endif
-
-static int
-config_log_transaction(request_rec *r, config_log_state * cls,
-    array_header *default_format)
-{
-	log_format_item *items;
-	char *str, *s;
-	const char **strs;
-	int *strl;
-	request_rec *orig;
-	int i;
-	int len = 0;
-	array_header *format;
-	char *envar;
-
-	if (cls->fname == NULL)
-		return DECLINED;
-
-	/*
-         * See if we've got any conditional envariable-controlled
-	 * logging decisions to make.
-         */
-	if (cls->condition_var != NULL) {
-		envar = cls->condition_var;
-		if (*envar != '!') {
-			if (ap_table_get(r->subprocess_env, envar) == NULL)
-				return DECLINED;
-		} else {
-			if (ap_table_get(r->subprocess_env, &envar[1]) != NULL)
-				return DECLINED;
-		}
-	}
-
-	format = cls->format ? cls->format : default_format;
-
-	strs = ap_palloc(r->pool, sizeof(char *) * (format->nelts));
-	strl = ap_palloc(r->pool, sizeof(int) * (format->nelts));
-	items = (log_format_item *)format->elts;
-
-	orig = r;
-	while (orig->prev)
-		orig = orig->prev;
-	while (r->next)
-		r = r->next;
-
-	for (i = 0; i < format->nelts; ++i)
-		strs[i] = process_item(r, orig, &items[i]);
-
-	for (i = 0; i < format->nelts; ++i)
-		len += strl[i] = strlen(strs[i]);
-
-#ifdef BUFFERED_LOGS
-	if (len + cls->outcnt > LOG_BUFSIZE)
-		flush_log(cls);
-	if (len >= LOG_BUFSIZE) {
-		str = ap_palloc(r->pool, len + 1);
-		for (i = 0, s = str; i < format->nelts; ++i) {
-			memcpy(s, strs[i], strl[i]);
-			s += strl[i];
-		}
-		write(cls->log_fd, str, len);
-	} else {
-		for (i = 0, s = &cls->outbuf[cls->outcnt]; i < format->nelts;
-		    ++i) {
-			memcpy(s, strs[i], strl[i]);
-			s += strl[i];
-		}
-		cls->outcnt += len;
-	}
-#else
-	str = ap_palloc(r->pool, len + 1);
-
-	for (i = 0, s = str; i < format->nelts; ++i) {
-		memcpy(s, strs[i], strl[i]);
-		s += strl[i];
-	}
-
-	write(cls->log_fd, str, len);
-#endif
-
-	return OK;
-}
-
-static int
-multi_log_transaction(request_rec *r)
-{
-	multi_log_state *mls =
-	    ap_get_module_config(r->server->module_config, &config_log_module);
-	config_log_state *clsarray;
-	int i;
-
-	/* Log this transaction.. */
-	if (mls->config_logs->nelts) {
-		clsarray = (config_log_state *) mls->config_logs->elts;
-		for (i = 0; i < mls->config_logs->nelts; ++i) {
-			config_log_state *cls = &clsarray[i];
-			config_log_transaction(r, cls, mls->default_format);
-		}
-	} else if (mls->server_config_logs) {
-		clsarray = (config_log_state *) mls->server_config_logs->elts;
-		for (i = 0; i < mls->server_config_logs->nelts; ++i) {
-			config_log_state *cls = &clsarray[i];
-			config_log_transaction(r, cls, mls->default_format);
-		}
-	}
-
-	return OK;
-}
-
-/* Module glue... */
-
-static void *
-make_config_log_state(pool *p, server_rec *s)
-{
-	multi_log_state *mls;
-
-	mls = (multi_log_state *)ap_palloc(p, sizeof(multi_log_state));
-	mls->config_logs = ap_make_array(p, 1, sizeof(config_log_state));
-	mls->default_format_string = NULL;
-	mls->default_format = NULL;
-	mls->server_config_logs = NULL;
-	mls->formats = ap_make_table(p, 4);
-	ap_table_setn(mls->formats, "CLF", DEFAULT_LOG_FORMAT);
-
-	return mls;
-}
-
-/*
- * Use the merger to simply add a pointer from the vhost log state
- * to the log of logs specified for the non-vhost configuration.  Make sure
- * vhosts inherit any globally-defined format names.
- */
-static void *
-merge_config_log_state(pool *p, void *basev, void *addv)
-{
-	multi_log_state *base = (multi_log_state *)basev;
-	multi_log_state *add = (multi_log_state *)addv;
-
-	add->server_config_logs = base->config_logs;
-	if (!add->default_format) {
-		add->default_format_string = base->default_format_string;
-		add->default_format = base->default_format;
-	}
-	add->formats = ap_overlay_tables(p, base->formats, add->formats);
-
-	return add;
-}
-
-/* Set the default logfile format, or define a nickname for a format string. */
-static const char *
-log_format(cmd_parms *cmd, void *dummy, char *fmt, char *name)
-{
-	const char *err_string = NULL;
-	multi_log_state *mls =
-	    ap_get_module_config(cmd->server->module_config,
-	    &config_log_module);
-
-	/*
-         * If we were given two arguments, the second is a name to be
-	 * given to the
-         * format.  This syntax just defines the nickname - it doesn't actually
-         * make the format the default.
-         */
-	if (name != NULL) {
-		parse_log_string(cmd->pool, fmt, &err_string);
-		if (err_string == NULL)
-			ap_table_setn(mls->formats, name, fmt);
-	} else {
-		mls->default_format_string = fmt;
-		mls->default_format = parse_log_string(cmd->pool, fmt,
-		    &err_string);
-	}
-	return err_string;
-}
-
-
-static const char *
-add_custom_log(cmd_parms *cmd, void *dummy, char *fn, char *fmt,
-    char *envclause)
-{
-	const char *err_string = NULL;
-	multi_log_state *mls = ap_get_module_config(cmd->server->module_config,
-	    &config_log_module);
-	config_log_state *cls;
-
-	cls = (config_log_state *)ap_push_array(mls->config_logs);
-	cls->condition_var = NULL;
-	if (envclause != NULL) {
-		if (strncasecmp(envclause, "env=", 4) != 0)
-			return "error in condition clause";
-		if ((envclause[4] == '\0')
-		    || ((envclause[4] == '!') && (envclause[5] == '\0')))
-			return "missing environment variable name";
-		cls->condition_var = ap_pstrdup(cmd->pool, &envclause[4]);
-	}
-
-	cls->fname = fn;
-	cls->format_string = fmt;
-	if (fmt == NULL)
-		cls->format = NULL;
-	else
-		cls->format = parse_log_string(cmd->pool, fmt, &err_string);
-	cls->log_fd = -1;
-
-	return err_string;
-}
-
-static const char *
-set_transfer_log(cmd_parms *cmd, void *dummy, char *fn)
-{
-	return add_custom_log(cmd, dummy, fn, NULL, NULL);
-}
-
-static const char *
-set_cookie_log(cmd_parms *cmd, void *dummy, char *fn)
-{
-	return add_custom_log(cmd, dummy, fn, "%{Cookie}n \"%r\" %t", NULL);
-}
-
-static const command_rec config_log_cmds[] =
-{
-	{"CustomLog", add_custom_log, NULL, RSRC_CONF, TAKE23,
-		"a file name, a custom log format string or format name, "
-	"and an optional \"env=\" clause (see docs)"},
-	{"TransferLog", set_transfer_log, NULL, RSRC_CONF, TAKE1,
-	"the filename of the access log"},
-	{"LogFormat", log_format, NULL, RSRC_CONF, TAKE12,
-	"a log format string (see docs) and an optional format name"},
-	{"CookieLog", set_cookie_log, NULL, RSRC_CONF, TAKE1,
-	"the filename of the cookie log"},
-	{NULL}
-};
-
-static config_log_state *
-open_config_log(server_rec *s, pool *p, config_log_state * cls,
-    array_header *default_format)
-{
-	if (cls->log_fd > 0)
-		return cls;	/* virtual config shared w/main server */
-
-	if (cls->fname == NULL)
-		return cls;	/* Leave it NULL to decline.  */
-
-	if (*cls->fname == '|') {
-		piped_log *pl;
-
-		pl = ap_open_piped_log(p, cls->fname + 1);
-		if (pl == NULL)
-			exit(1);
-		cls->log_fd = ap_piped_log_write_fd(pl);
-	} else {
-		char *fname = ap_server_root_relative(p, cls->fname);
-		if (ap_server_chroot_desired())
-			cls->log_fd = fdcache_open(fname, xfer_flags,
-			    xfer_mode);
-		else
-			cls->log_fd = ap_popenf_ex(p, fname, xfer_flags,
-			    xfer_mode, 1);
-
-		if (cls->log_fd < 0) {
-			ap_log_error(APLOG_MARK, APLOG_ERR, s,
-			     "could not open transfer log file %s.", fname);
-			exit(1);
-		}
-	}
-#ifdef BUFFERED_LOGS
-	cls->outcnt = 0;
-#endif
-
-	return cls;
-}
-
-static config_log_state *
-open_multi_logs(server_rec *s, pool *p)
-{
-	int i;
-	multi_log_state *mls = ap_get_module_config(s->module_config,
-	    &config_log_module);
-	config_log_state *clsarray;
-	const char *dummy;
-	const char *format;
-
-	if (mls->default_format_string) {
-		format = ap_table_get(mls->formats, mls->default_format_string);
-		if (format)
-			mls->default_format = parse_log_string(p, format,
-			    &dummy);
-	}
-
-	if (!mls->default_format)
-		mls->default_format = parse_log_string(p, DEFAULT_LOG_FORMAT,
-		    &dummy);
-
-	if (mls->config_logs->nelts) {
-		clsarray = (config_log_state *) mls->config_logs->elts;
-		for (i = 0; i < mls->config_logs->nelts; ++i) {
-			config_log_state *cls = &clsarray[i];
-
-			if (cls->format_string) {
-				format = ap_table_get(mls->formats,
-				    cls->format_string);
-				if (format)
-					cls->format = parse_log_string(p,
-					    format, &dummy);
-			}
-
-			cls = open_config_log(s, p, cls, mls->default_format);
-		}
-	} else if (mls->server_config_logs) {
-		clsarray = (config_log_state *) mls->server_config_logs->elts;
-		for (i = 0; i < mls->server_config_logs->nelts; ++i) {
-			config_log_state *cls = &clsarray[i];
-
-			if (cls->format_string) {
-				format = ap_table_get(mls->formats,
-				    cls->format_string);
-				if (format)
-					cls->format = parse_log_string(p,
-					    format, &dummy);
-			}
-
-			cls = open_config_log(s, p, cls, mls->default_format);
-		}
-	}
-
-	return NULL;
-}
-
-static void
-init_config_log(server_rec *s, pool *p)
-{
-	/*
-         * First, do "physical" server, which gets default log fd and format for
-         * the virtual servers, if they don't override...
-         */
-	open_multi_logs(s, p);
-
-	/* Then, virtual servers */
-	for (s = s->next; s; s = s->next)
-		open_multi_logs(s, p);
-}
-
-#ifdef BUFFERED_LOGS
-static void
-flush_all_logs(server_rec *s, pool *p)
-{
-	multi_log_state *mls;
-	array_header *log_list;
-	config_log_state *clsarray;
-	int i;
-
-	for (; s; s = s->next) {
-		mls = ap_get_module_config(s->module_config,
-		    &config_log_module);
-		log_list = NULL;
-		if (mls->config_logs->nelts)
-			log_list = mls->config_logs;
-		else if (mls->server_config_logs)
-			log_list = mls->server_config_logs;
-		if (log_list) {
-			clsarray = (config_log_state *) log_list->elts;
-			for (i = 0; i < log_list->nelts; ++i)
-				flush_log(&clsarray[i]);
-		}
-	}
-}
-#endif
-
-module MODULE_VAR_EXPORT config_log_module =
-{
-	STANDARD_MODULE_STUFF,
-	init_config_log,	/* initializer */
-	NULL,			/* create per-dir config */
-	NULL,			/* merge per-dir config */
-	make_config_log_state,	/* server config */
-	merge_config_log_state,	/* merge server config */
-	config_log_cmds,	/* command table */
-	NULL,			/* handlers */
-	NULL,			/* filename translation */
-	NULL,			/* check_user_id */
-	NULL,			/* check auth */
-	NULL,			/* check access */
-	NULL,			/* type_checker */
-	NULL,			/* fixups */
-	multi_log_transaction,	/* logger */
-	NULL,			/* header parser */
-	NULL,			/* child_init */
-#ifdef BUFFERED_LOGS
-	flush_all_logs,		/* child_exit */
-#else
-	NULL,
-#endif
-	NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_log_referer.c b/usr.sbin/httpd/src/modules/standard/mod_log_referer.c
deleted file mode 100644
index 2e13c8abe1b..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_log_referer.c
+++ /dev/null
@@ -1,234 +0,0 @@
-/*	$OpenBSD: mod_log_referer.c,v 1.8 2004/12/02 19:42:48 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-#include "fdcache.h"
-
-module referer_log_module;
-
-static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
-
-static mode_t xfer_mode = (S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-
-typedef struct {
-    char *fname;
-    int referer_fd;
-    array_header *referer_ignore_list;
-} referer_log_state;
-
-static void *make_referer_log_state(pool *p, server_rec *s)
-{
-    referer_log_state *cls =
-    (referer_log_state *) ap_palloc(p, sizeof(referer_log_state));
-
-    cls->fname = "";
-    cls->referer_fd = -1;
-    cls->referer_ignore_list = ap_make_array(p, 1, sizeof(char *));
-    return (void *) cls;
-}
-
-static const char *set_referer_log(cmd_parms *parms, void *dummy, char *arg)
-{
-    referer_log_state *cls = ap_get_module_config(parms->server->module_config,
-                                               &referer_log_module);
-
-    cls->fname = arg;
-    return NULL;
-}
-
-static const char *add_referer_ignore(cmd_parms *parms, void *dummy, char *arg)
-{
-    char **addme;
-    referer_log_state *cls = ap_get_module_config(parms->server->module_config,
-                                               &referer_log_module);
-
-    addme = ap_push_array(cls->referer_ignore_list);
-    ap_str_tolower(arg);
-    *addme = arg;
-    return NULL;
-}
-
-static const command_rec referer_log_cmds[] =
-{
-    {"RefererLog", set_referer_log, NULL, RSRC_CONF, TAKE1,
-     "the filename of the referer log"},
-    {"RefererIgnore", add_referer_ignore, NULL, RSRC_CONF, ITERATE,
-     "referer hostnames to ignore"},
-    {NULL}
-};
-
-static void open_referer_log(server_rec *s, pool *p)
-{
-    referer_log_state *cls = ap_get_module_config(s->module_config,
-                                               &referer_log_module);
-
-    char *fname = ap_server_root_relative(p, cls->fname);
-
-    if (cls->referer_fd > 0)
-        return;                 /* virtual log shared w/main server */
-
-    if (*cls->fname == '|') {
-        piped_log *pl;
-
-	pl = ap_open_piped_log(p, cls->fname + 1);
-	if (pl == NULL) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, s,
-			 "couldn't spawn referer log pipe");
-            exit(1);
-        }
-
-        cls->referer_fd = ap_piped_log_write_fd(pl);
-    }
-    else if (*cls->fname != '\0') {
-	if (ap_server_chroot_desired())
-	    cls->referer_fd = fdcache_open(fname, xfer_flags, xfer_mode);
-	else
-	    cls->referer_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1);
-
-        if (cls->referer_fd < 0) {
-	    ap_log_error(APLOG_MARK, APLOG_ERR, s,
-			 "could not open referer log file %s.", fname);        
-	    exit(1);
-	}
-    }
-}
-
-static void init_referer_log(server_rec *s, pool *p)
-{
-    for (; s; s = s->next)
-        open_referer_log(s, p);
-}
-
-static int referer_log_transaction(request_rec *orig)
-{
-    char **ptrptr, **ptrptr2;
-    referer_log_state *cls = ap_get_module_config(orig->server->module_config,
-                                               &referer_log_module);
-
-    char *str;
-    const char *referer;
-    char *referertest;
-    request_rec *r;
-
-    if (cls->referer_fd < 0)
-        return OK;
-
-    for (r = orig; r->next; r = r->next)
-        continue;
-    if (*cls->fname == '\0')    /* Don't log referer */
-        return DECLINED;
-
-    referer = ap_table_get(orig->headers_in, "Referer");
-    if (referer != NULL) {
-
-        referertest = ap_pstrdup(orig->pool, referer);
-        ap_str_tolower(referertest);
-        /* The following is an upsetting mess of pointers, I'm sorry
-           Anyone with the motiviation and/or the time should feel free
-           to make this cleaner... */
-
-        ptrptr2 = (char **) (cls->referer_ignore_list->elts +
-                             (cls->referer_ignore_list->nelts *
-                              cls->referer_ignore_list->elt_size));
-
-        /* Go through each element of the ignore list and compare it to the
-           referer_host.  If we get a match, return without logging */
-
-        for (ptrptr = (char **) cls->referer_ignore_list->elts;
-             ptrptr < ptrptr2;
-             ptrptr = (char **) ((char *) ptrptr + cls->referer_ignore_list->elt_size)) {
-            if (strstr(referertest, *ptrptr))
-                return OK;
-        }
-
-
-        str = ap_pstrcat(orig->pool, referer, " -> ", r->uri, "\n", NULL);
-        write(cls->referer_fd, str, strlen(str));
-    }
-
-    return OK;
-}
-
-module referer_log_module =
-{
-    STANDARD_MODULE_STUFF,
-    init_referer_log,           /* initializer */
-    NULL,                       /* create per-dir config */
-    NULL,                       /* merge per-dir config */
-    make_referer_log_state,     /* server config */
-    NULL,                       /* merge server config */
-    referer_log_cmds,           /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    referer_log_transaction,    /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_mime.c b/usr.sbin/httpd/src/modules/standard/mod_mime.c
deleted file mode 100644
index 32c0f03e4cf..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_mime.c
+++ /dev/null
@@ -1,804 +0,0 @@
-/*	$OpenBSD: mod_mime.c,v 1.14 2003/11/17 18:57:06 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * http_mime.c: Sends/gets MIME headers for requests
- * 
- * Rob McCool
- * 
- */
-
-#define MIME_PRIVATE
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-
-/*
- * isascii(c) isn't universal, and even those places where it is
- * defined it's not always right for our needs.  Roll our own that
- * we can rely on.
- */
-#define ap_isascii(c) ((OS_ASC(c) & 0x80) == 0)
-
-typedef struct attrib_info {
-    char *name;
-} attrib_info;
-
-typedef struct {
-    table *forced_types;        /* Additional AddTyped stuff */
-    table *encoding_types;      /* Added with AddEncoding... */
-    table *charset_types;	/* Added with AddCharset... */
-    table *language_types;      /* Added with AddLanguage... */
-    table *handlers;            /* Added with AddHandler...  */
-    array_header *handlers_remove; /* List of handlers to remove */
-    array_header *types_remove;	/* List of MIME types to remove */
-    array_header *encodings_remove; /* List of encodings to remove */
-
-    char *type;                 /* Type forced with ForceType  */
-    char *handler;              /* Handler forced with SetHandler */
-    char *default_language;     /* Language if no AddLanguage ext found */
-} mime_dir_config;
-
-typedef struct param_s {
-    char *attr;
-    char *val;
-    struct param_s *next;
-} param;
-
-typedef struct {
-    char *type;
-    char *subtype;
-    param *param;
-} content_type;
-
-static char tspecial[] = {
-    '(', ')', '<', '>', '@', ',', ';', ':',
-    '\\', '"', '/', '[', ']', '?', '=',
-    '\0'
-};
-
-module MODULE_VAR_EXPORT mime_module;
-
-static void *create_mime_dir_config(pool *p, char *dummy)
-{
-    mime_dir_config *new =
-    (mime_dir_config *) ap_palloc(p, sizeof(mime_dir_config));
-
-    new->forced_types = ap_make_table(p, 4);
-    new->encoding_types = ap_make_table(p, 4);
-    new->charset_types = ap_make_table(p, 4);
-    new->language_types = ap_make_table(p, 4);
-    new->handlers = ap_make_table(p, 4);
-    new->handlers_remove = ap_make_array(p, 4, sizeof(attrib_info));
-    new->types_remove = ap_make_array(p, 4, sizeof(attrib_info));
-    new->encodings_remove = ap_make_array(p, 4, sizeof(attrib_info));
-
-    new->type = NULL;
-    new->handler = NULL;
-    new->default_language = NULL;
-
-    return new;
-}
-
-static void *merge_mime_dir_configs(pool *p, void *basev, void *addv)
-{
-    mime_dir_config *base = (mime_dir_config *) basev;
-    mime_dir_config *add = (mime_dir_config *) addv;
-    mime_dir_config *new =
-        (mime_dir_config *) ap_palloc(p, sizeof(mime_dir_config));
-    int i;
-    attrib_info *suffix;
-
-    new->forced_types = ap_overlay_tables(p, add->forced_types,
-					  base->forced_types);
-    new->encoding_types = ap_overlay_tables(p, add->encoding_types,
-					    base->encoding_types);
-    new->charset_types = ap_overlay_tables(p, add->charset_types,
-					   base->charset_types);
-    new->language_types = ap_overlay_tables(p, add->language_types,
-					    base->language_types);
-    new->handlers = ap_overlay_tables(p, add->handlers,
-				      base->handlers);
-
-    suffix = (attrib_info *) add->handlers_remove->elts;
-    for (i = 0; i < add->handlers_remove->nelts; i++) {
-        ap_table_unset(new->handlers, suffix[i].name);
-    }
-    suffix = (attrib_info *) add->types_remove->elts;
-    for (i = 0; i < add->types_remove->nelts; i++) {
-        ap_table_unset(new->forced_types, suffix[i].name);
-    }
-    suffix = (attrib_info *) add->encodings_remove->elts;
-    for (i = 0; i < add->encodings_remove->nelts; i++) {
-        ap_table_unset(new->encoding_types, suffix[i].name);
-    }
-
-    new->type = add->type ? add->type : base->type;
-    new->handler = add->handler ? add->handler : base->handler;
-    new->default_language = add->default_language ?
-        add->default_language : base->default_language;
-
-    return new;
-}
-
-static const char *add_type(cmd_parms *cmd, mime_dir_config *m, char *ct,
-                            char *ext)
-{
-    if (*ext == '.')
-	++ext;
-	
-    ap_str_tolower(ct);
-    ap_table_setn(m->forced_types, ext, ct);
-    return NULL;
-}
-
-static const char *add_encoding(cmd_parms *cmd, mime_dir_config *m, char *enc,
-                                char *ext)
-{
-    if (*ext == '.')
-        ++ext;
-    ap_str_tolower(enc);
-    ap_table_setn(m->encoding_types, ext, enc);
-    return NULL;
-}
-
-static const char *add_charset(cmd_parms *cmd, mime_dir_config *m,
-			       char *charset, char *ext)
-{
-    if (*ext == '.') {
-	++ext;
-    }
-    ap_str_tolower(charset);
-    ap_table_setn(m->charset_types, ext, charset);
-    return NULL;
-}
-
-static const char *add_language(cmd_parms *cmd, mime_dir_config *m, char *lang,
-                                char *ext)
-{
-    if (*ext == '.') {
-	++ext;
-    }
-    ap_str_tolower(lang);
-    ap_table_setn(m->language_types, ext, lang);
-    return NULL;
-}
-
-static const char *add_handler(cmd_parms *cmd, mime_dir_config *m, char *hdlr,
-                               char *ext)
-{
-    if (*ext == '.')
-        ++ext;
-    ap_str_tolower(hdlr);
-    ap_table_setn(m->handlers, ext, hdlr);
-    return NULL;
-}
-
-/*
- * Note handler names that should be un-added for this location.  This
- * will keep the association from being inherited, as well, but not
- * from being re-added at a subordinate level.
- */
-static const char *remove_handler(cmd_parms *cmd, void *m, char *ext)
-{
-    mime_dir_config *mcfg = (mime_dir_config *) m;
-    attrib_info *suffix;
-
-    if (*ext == '.') {
-        ++ext;
-    }
-    suffix = (attrib_info *) ap_push_array(mcfg->handlers_remove);
-    suffix->name = ap_pstrdup(cmd->pool, ext);
-    return NULL;
-}
-
-/*
- * Just like the previous function, except that it records encoding
- * associations to be undone.
- */
-static const char *remove_encoding(cmd_parms *cmd, void *m, char *ext)
-{
-    mime_dir_config *mcfg = (mime_dir_config *) m;
-    attrib_info *suffix;
-
-    if (*ext == '.') {
-        ++ext;
-    }
-    suffix = (attrib_info *) ap_push_array(mcfg->encodings_remove);
-    suffix->name = ap_pstrdup(cmd->pool, ext);
-    return NULL;
-}
-
-/*
- * Similar to the previous functions, except that it deals with filename
- * suffix/MIME-type associations.
- */
-static const char *remove_type(cmd_parms *cmd, void *m, char *ext)
-{
-    mime_dir_config *mcfg = (mime_dir_config *) m;
-    attrib_info *suffix;
-
-    if (*ext == '.') {
-        ++ext;
-    }
-    suffix = (attrib_info *) ap_push_array(mcfg->types_remove);
-    suffix->name = ap_pstrdup(cmd->pool, ext);
-    return NULL;
-}
-
-/* The sole bit of server configuration that the MIME module has is
- * the name of its config file, so...
- */
-
-static const char *set_types_config(cmd_parms *cmd, void *dummy, char *arg)
-{
-    ap_set_module_config(cmd->server->module_config, &mime_module, arg);
-    return NULL;
-}
-
-static const command_rec mime_cmds[] =
-{
-    {"AddType", add_type, NULL, OR_FILEINFO, ITERATE2,
-     "a mime type followed by one or more file extensions"},
-    {"AddEncoding", add_encoding, NULL, OR_FILEINFO, ITERATE2,
-     "an encoding (e.g., gzip), followed by one or more file extensions"},
-    {"AddCharset", add_charset, NULL, OR_FILEINFO, ITERATE2,
-     "a charset (e.g., iso-2022-jp), followed by one or more file extensions"},
-    {"AddLanguage", add_language, NULL, OR_FILEINFO, ITERATE2,
-     "a language (e.g., fr), followed by one or more file extensions"},
-    {"AddHandler", add_handler, NULL, OR_FILEINFO, ITERATE2,
-     "a handler name followed by one or more file extensions"},
-    {"ForceType", ap_set_string_slot_lower, 
-     (void *)XtOffsetOf(mime_dir_config, type), OR_FILEINFO, TAKE1, 
-     "a media type"},
-    {"RemoveHandler", remove_handler, NULL, OR_FILEINFO, ITERATE,
-     "one or more file extensions"},
-    {"RemoveEncoding", remove_encoding, NULL, OR_FILEINFO, ITERATE,
-     "one or more file extensions"},
-    {"RemoveType", remove_type, NULL, OR_FILEINFO, ITERATE,
-     "one or more file extensions"},
-    {"SetHandler", ap_set_string_slot_lower, 
-     (void *)XtOffsetOf(mime_dir_config, handler), OR_FILEINFO, TAKE1, 
-     "a handler name"},
-    {"TypesConfig", set_types_config, NULL, RSRC_CONF, TAKE1,
-     "the MIME types config file"},
-    {"DefaultLanguage", ap_set_string_slot,
-     (void*)XtOffsetOf(mime_dir_config, default_language), OR_FILEINFO, TAKE1,
-     "language to use for documents with no other language file extension" },
-    {NULL}
-};
-
-/* Hash table  --- only one of these per daemon; virtual hosts can
- * get private versions through AddType...
- */
-
-#define MIME_HASHSIZE (32)
-#define hash(i) (ap_tolower(i) % MIME_HASHSIZE)
-
-static table *hash_buckets[MIME_HASHSIZE];
-
-static void init_mime(server_rec *s, pool *p)
-{
-    configfile_t *f;
-    char l[MAX_STRING_LEN];
-    int x;
-    char *types_confname = ap_get_module_config(s->module_config, &mime_module);
-
-    if (!types_confname)
-        types_confname = TYPES_CONFIG_FILE;
-
-    types_confname = ap_server_root_relative(p, types_confname);
-
-    ap_server_strip_chroot(types_confname, 0); /* only needed at restart */
-
-    if (!(f = ap_pcfg_openfile(p, types_confname))) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-		     "could not open mime types config file %s.", types_confname);
-        exit(1);
-    }
-
-    for (x = 0; x < MIME_HASHSIZE; x++)
-        hash_buckets[x] = ap_make_table(p, 10);
-
-    while (!(ap_cfg_getline(l, MAX_STRING_LEN, f))) {
-        const char *ll = l, *ct;
-
-        if (l[0] == '#')
-            continue;
-        ct = ap_getword_conf(p, &ll);
-
-        while (ll[0]) {
-            char *ext = ap_getword_conf(p, &ll);
-            ap_str_tolower(ext);   /* ??? */
-            ap_table_setn(hash_buckets[hash(ext[0])], ext, ct);
-        }
-    }
-    ap_cfg_closefile(f);
-}
-
-static char *zap_sp(char *s)
-{
-    char *tp;
-
-    if (s == NULL) {
-	return (NULL);
-    }
-    if (*s == '\0') {
-	return (s);
-    }
-
-    /* delete prefixed white space */
-    for (; *s == ' ' || *s == '\t' || *s == '\n'; s++);
-
-    /* delete postfixed white space */
-    for (tp = s; *tp != '\0'; tp++);
-    for (tp--; tp != s && (*tp == ' ' || *tp == '\t' || *tp == '\n'); tp--) {
-	*tp = '\0';
-    }
-    return (s);
-}
-
-static int is_token(int c)
-{
-    int res;
-
-    res = (ap_isascii(c) && ap_isgraph(c)
-	   && (strchr(tspecial, c) == NULL)) ? 1 : -1;
-    return res;
-}
-
-static int is_qtext(int c)
-{
-    int res;
-
-    res = (ap_isascii(c) && (c != '"') && (c != '\\') && (c != '\n'))
-	? 1 : -1;
-    return res;
-}
-
-static int is_quoted_pair(char *s)
-{
-    int res = -1;
-    int c;
-
-    if (((s + 1) != NULL) && (*s == '\\')) {
-	c = (int) *(s + 1);
-	if (ap_isascii(c)) {
-	    res = 1;
-	}
-    }
-    return (res);
-}
-
-static content_type *analyze_ct(pool *p, char *s)
-{
-    char *tp, *mp, *cp;
-    char *attribute, *value;
-    int quoted = 0;
-
-    content_type *ctp;
-    param *pp, *npp;
-
-    /* initialize ctp */
-    ctp = (content_type *) ap_palloc(p, sizeof(content_type));
-    ctp->type = NULL;
-    ctp->subtype = NULL;
-    ctp->param = NULL;
-
-    tp = ap_pstrdup(p, s);
-
-    mp = tp;
-    cp = mp;
-
-    /* getting a type */
-    if (!(cp = strchr(mp, '/'))) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		     "mod_mime: analyze_ct: cannot get media type from '%s'",
-		     mp);
-	return (NULL);
-    }
-    ctp->type = ap_pstrndup(p, mp, cp - mp);
-    ctp->type = zap_sp(ctp->type);
-    if (ctp->type == NULL || *(ctp->type) == '\0' ||
-	strchr(ctp->type, ';') || strchr(ctp->type, ' ') ||
-	strchr(ctp->type, '\t')) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		     "Cannot get media subtype.");
-	return (NULL);
-    }
-
-    /* getting a subtype */
-    cp++;
-    mp = cp;
-
-    for (; *cp != ';' && *cp != '\0'; cp++);
-    ctp->subtype = ap_pstrndup(p, mp, cp - mp);
-    ctp->subtype = zap_sp(ctp->subtype);
-    if ((ctp->subtype == NULL) || (*(ctp->subtype) == '\0') ||
-	strchr(ctp->subtype, ' ') || strchr(ctp->subtype, '\t')) {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		     "Cannot get media subtype.");
-	return (NULL);
-    }
-    cp = zap_sp(cp);
-    if (cp == NULL || *cp == '\0') {
-	return (ctp);
-    }
-
-    /* getting parameters */
-    cp++;
-    cp = zap_sp(cp);
-    if (cp == NULL || *cp == '\0') {
-	ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-		     "Cannot get media parameter.");
-	return (NULL);
-    }
-    mp = cp;
-    attribute = NULL;
-    value = NULL;
-
-    while (cp != NULL && *cp != '\0') {
-	if (attribute == NULL) {
-	    if (is_token((int) *cp) > 0) {
-		cp++;
-		continue;
-	    }
-	    else if (*cp == ' ' || *cp == '\t' || *cp == '\n') {
-		cp++;
-		continue;
-	    }
-	    else if (*cp == '=') {
-		attribute = ap_pstrndup(p, mp, cp - mp);
-		attribute = zap_sp(attribute);
-		if (attribute == NULL || *attribute == '\0') {
-		    ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				 "Cannot get media parameter.");
-		    return (NULL);
-		}
-		cp++;
-		cp = zap_sp(cp);
-		if (cp == NULL || *cp == '\0') {
-		    ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				 "Cannot get media parameter.");
-		    return (NULL);
-		}
-		mp = cp;
-		continue;
-	    }
-	    else {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-			     "Cannot get media parameter.");
-		return (NULL);
-	    }
-	}
-	else {
-	    if (mp == cp) {
-		if (*cp == '"') {
-		    quoted = 1;
-		    cp++;
-		}
-		else {
-		    quoted = 0;
-		}
-	    }
-	    if (quoted > 0) {
-		while (quoted && *cp != '\0') {
-		    if (is_qtext((int) *cp) > 0) {
-			cp++;
-		    }
-		    else if (is_quoted_pair(cp) > 0) {
-			cp += 2;
-		    }
-		    else if (*cp == '"') {
-			cp++;
-			while (*cp == ' ' || *cp == '\t' || *cp == '\n') {
-			    cp++;
-			}
-			if (*cp != ';' && *cp != '\0') {
-			    ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-					 "Cannot get media parameter.");
-			    return(NULL);
-			}
-			quoted = 0;
-		    }
-		    else {
-			ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				     "Cannot get media parameter.");
-			return (NULL);
-		    }
-		}
-	    }
-	    else {
-		while (1) {
-		    if (is_token((int) *cp) > 0) {
-			cp++;
-		    }
-		    else if (*cp == '\0' || *cp == ';') {
-			break;
-		    }
-		    else {
-			ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-				     "Cannot get media parameter.");
-			return (NULL);
-		    }
-		}
-	    }
-	    value = ap_pstrndup(p, mp, cp - mp);
-	    value = zap_sp(value);
-	    if (value == NULL || *value == '\0') {
-		ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
-			     "Cannot get media parameter.");
-		return (NULL);
-	    }
-
-	    pp = ap_palloc(p, sizeof(param));
-	    pp->attr = attribute;
-	    pp->val = value;
-	    pp->next = NULL;
-
-	    if (ctp->param == NULL) {
-		ctp->param = pp;
-	    }
-	    else {
-		npp = ctp->param;
-		while (npp->next) {
-		    npp = npp->next;
-		}
-		npp->next = pp;
-	    }
-	    quoted = 0;
-	    attribute = NULL;
-	    value = NULL;
-	    if (*cp == '\0') {
-		break;
-	    }
-	    cp++;
-	    mp = cp;
-	}
-    }
-    return (ctp);
-}
-
-static int find_ct(request_rec *r)
-{
-    mime_dir_config *conf;
-    array_header *exception_list;
-    const char *fn;
-    char *ext;
-    const char *type;
-    const char *charset = NULL;
-    int found_metadata = 0;
-
-    if (S_ISDIR(r->finfo.st_mode)) {
-        r->content_type = DIR_MAGIC_TYPE;
-        return OK;
-    }
-
-    conf = (mime_dir_config *) ap_get_module_config(r->per_dir_config, 
-                                                    &mime_module);
-
-    exception_list = ap_make_array(r->pool, 2, sizeof(char *));
-
-    /* Always drop the leading element */
-    fn = strrchr(r->filename, '/');
-    if (fn == NULL)
-	fn = r->filename;
-    else
-        ++fn;
-
-    /* The exception list keeps track of those filename components that
-     * are not associated with extensions indicating metadata.
-     * The base name is always the first exception (i.e., "txt.html" has
-     * a basename of "txt" even though it might look like an extension).
-     */
-    ext = ap_getword(r->pool, &fn, '.');
-    *((const char **) ap_push_array(exception_list)) = ext;
-
-    /* Parse filename extensions, which can be in any order */
-    while ((ext = ap_getword(r->pool, &fn, '.')) && *ext) {
-        int found = 0;
-
-        /* Check for Content-Type */
-        if ((type = ap_table_get(conf->forced_types, ext))
-            || (type = ap_table_get(hash_buckets[hash(*ext)], ext))) {
-            r->content_type = type;
-            found = 1;
-        }
-
-	/* Add charset to Content-Type */
-	if ((type = ap_table_get(conf->charset_types, ext))) {
-	    charset = type;
-	    found = 1;
-	}
-
-        /* Check for Content-Language */
-        if ((type = ap_table_get(conf->language_types, ext))) {
-            const char **new;
-
-            r->content_language = type;         /* back compat. only */
-            if (!r->content_languages)
-                r->content_languages = ap_make_array(r->pool, 2, sizeof(char *));
-            new = (const char **) ap_push_array(r->content_languages);
-            *new = type;
-            found = 1;
-        }
-
-        /* Check for Content-Encoding */
-        if ((type = ap_table_get(conf->encoding_types, ext))) {
-            if (!r->content_encoding)
-                r->content_encoding = type;
-            else
-                r->content_encoding = ap_pstrcat(r->pool, r->content_encoding,
-                                              ", ", type, NULL);
-            found = 1;
-        }
-
-        /* Check for a special handler, but not for proxy request */
-        if ((type = ap_table_get(conf->handlers, ext))
-	    && r->proxyreq == NOT_PROXY) {
-            r->handler = type;
-            found = 1;
-        }
-
-        if (found)
-            found_metadata = 1;
-        else
-            *((const char **) ap_push_array(exception_list)) = ext;
-    }
-
-    /* Need to see a notes entry on r for unrecognized elements.
-     * Somebody better claim them! If we did absolutly nothing,
-     * skip the notes to alert mod_negotiation we are clueless.
-     */
-    if (found_metadata) {
-        ap_table_setn(r->notes, "ap-mime-exceptions-list",
-                      (void *) exception_list);
-    }
-
-    if (r->content_type) {
-	content_type *ctp;
-	char *ct;
-	size_t ctlen;
-	int override = 0;
-
-	ctlen = sizeof(char) * (strlen(r->content_type) + 1);
-	ct = (char *) ap_palloc(r->pool, ctlen);
-	strlcpy(ct, r->content_type, ctlen);
-
-	if ((ctp = analyze_ct(r->pool, ct))) {
-	    param *pp = ctp->param;
-	    r->content_type = ap_pstrcat(r->pool, ctp->type, "/",
-					 ctp->subtype, NULL);
-	    while (pp != NULL) {
-		if (charset && !strcmp(pp->attr, "charset")) {
-		    if (!override) {
-			r->content_type = ap_pstrcat(r->pool, r->content_type,
-						     "; charset=", charset,
-						     NULL);
-			override = 1;
-		    }
-		}
-		else {
-		    r->content_type = ap_pstrcat(r->pool, r->content_type,
-						 "; ", pp->attr,
-						 "=", pp->val,
-						 NULL);
-		}
-		pp = pp->next;
-	    }
-	    if (charset && !override) {
-		r->content_type = ap_pstrcat(r->pool, r->content_type,
-					     "; charset=", charset,
-					     NULL);
-	    }
-	}
-    }
-
-    /* Set default language, if none was specified by the extensions
-     * and we have a DefaultLanguage setting in force
-     */
-
-    if (!r->content_languages && conf->default_language) {
-        const char **new;
-
-        r->content_language = conf->default_language; /* back compat. only */
-        if (!r->content_languages)
-            r->content_languages = ap_make_array(r->pool, 2, sizeof(char *));
-        new = (const char **) ap_push_array(r->content_languages);
-        *new = conf->default_language;
-    }
-
-    /* Check for overrides with ForceType/SetHandler */
-
-    if (conf->type && strcmp(conf->type, "none"))
-        r->content_type = conf->type;
-    if (conf->handler && strcmp(conf->handler, "none"))
-        r->handler = conf->handler;
-
-    if (!r->content_type)
-        return DECLINED;
-
-    return OK;
-}
-
-module MODULE_VAR_EXPORT mime_module =
-{
-    STANDARD_MODULE_STUFF,
-    init_mime,                  /* initializer */
-    create_mime_dir_config,     /* dir config creator */
-    merge_mime_dir_configs,     /* dir config merger */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    mime_cmds,                  /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    find_ct,                    /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_mime_magic.c b/usr.sbin/httpd/src/modules/standard/mod_mime_magic.c
deleted file mode 100644
index 0cf12f7e441..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_mime_magic.c
+++ /dev/null
@@ -1,2423 +0,0 @@
-/*	$OpenBSD: mod_mime_magic.c,v 1.14 2009/06/21 00:38:22 martynas Exp $	*/
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_mime_magic: MIME type lookup via file magic numbers
- * Copyright (c) 1996-1997 Cisco Systems, Inc.
- *
- * This software was submitted by Cisco Systems to the Apache Group in July
- * 1997.  Future revisions and derivatives of this source code must
- * acknowledge Cisco Systems as the original contributor of this module.
- * All other licensing and usage conditions are those of the Apache Group.
- *
- * Some of this code is derived from the free version of the file command
- * originally posted to comp.sources.unix.  Copyright info for that program
- * is included below as required.
- * ---------------------------------------------------------------------------
- * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
- *
- * This software is not subject to any license of the American Telephone and
- * Telegraph Company or of the Regents of the University of California.
- *
- * Permission is granted to anyone to use this software for any purpose on any
- * computer system, and to alter it and redistribute it freely, subject to
- * the following restrictions:
- *
- * 1. The author is not responsible for the consequences of use of this
- * software, no matter how awful, even if they arise from flaws in it.
- *
- * 2. The origin of this software must not be misrepresented, either by
- * explicit claim or by omission.  Since few users ever read sources, credits
- * must appear in the documentation.
- *
- * 3. Altered versions must be plainly marked as such, and must not be
- * misrepresented as being the original software.  Since few users ever read
- * sources, credits must appear in the documentation.
- *
- * 4. This notice may not be removed or altered.
- * -------------------------------------------------------------------------
- *
- * For compliance with Mr Darwin's terms: this has been very significantly
- * modified from the free "file" command.
- * - all-in-one file for compilation convenience when moving from one
- *   version of Apache to the next.
- * - Memory allocation is done through the Apache API's pool structure.
- * - All functions have had necessary Apache API request or server
- *   structures passed to them where necessary to call other Apache API
- *   routines.  (i.e. usually for logging, files, or memory allocation in
- *   itself or a called function.)
- * - struct magic has been converted from an array to a single-ended linked
- *   list because it only grows one record at a time, it's only accessed
- *   sequentially, and the Apache API has no equivalent of realloc().
- * - Functions have been changed to get their parameters from the server
- *   configuration instead of globals.  (It should be reentrant now but has
- *   not been tested in a threaded environment.)
- * - Places where it used to print results to stdout now saves them in a
- *   list where they're used to set the MIME type in the Apache request
- *   record.
- * - Command-line flags have been removed since they will never be used here.
- *
- * Ian Kluft 
- * Engineering Information Framework
- * Central Engineering
- * Cisco Systems, Inc.
- * San Jose, CA, USA
- *
- * Initial installation          July/August 1996
- * Misc bug fixes                May 1997
- * Submission to Apache Group    July 1997
- *
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_protocol.h"
-#include 
-
-/*
- * data structures and related constants
- */
-
-#define MODNAME        "mod_mime_magic"
-#define MIME_MAGIC_DEBUG        0
-
-#define MIME_BINARY_UNKNOWN    "application/octet-stream"
-#define MIME_TEXT_UNKNOWN    "text/plain"
-
-#define MAXMIMESTRING        256
-
-/* HOWMANY must be at least 4096 to make gzip -dcq work */
-#define HOWMANY	4096
-/* SMALL_HOWMANY limits how much work we do to figure out text files */
-#define SMALL_HOWMANY 1024
-#define MAXDESC    50		/* max leng of text description */
-#define MAXstring 64		/* max leng of "string" types */
-
-struct magic {
-    struct magic *next;		/* link to next entry */
-    int lineno;			/* line number from magic file */
-
-    short flag;
-#define INDIR    1		/* if '>(...)' appears,  */
-#define    UNSIGNED 2		/* comparison is unsigned */
-    short cont_level;		/* level of ">" */
-    struct {
-	char type;		/* byte short long */
-	long offset;		/* offset from indirection */
-    } in;
-    long offset;		/* offset to magic number */
-    unsigned char reln;		/* relation (0=eq, '>'=gt, etc) */
-    char type;			/* int, short, long or string. */
-    char vallen;		/* length of string value, if any */
-#define BYTE    1
-#define SHORT    2
-#define LONG    4
-#define STRING    5
-#define DATE    6
-#define BESHORT    7
-#define BELONG    8
-#define BEDATE    9
-#define LESHORT    10
-#define LELONG    11
-#define LEDATE    12
-    union VALUETYPE {
-	unsigned char b;
-	unsigned short h;
-	unsigned long l;
-	char s[MAXstring];
-	unsigned char hs[2];	/* 2 bytes of a fixed-endian "short" */
-	unsigned char hl[4];	/* 2 bytes of a fixed-endian "long" */
-    } value;			/* either number or string */
-    unsigned long mask;		/* mask before comparison with value */
-    char nospflag;		/* supress space character */
-
-    /* NOTE: this string is suspected of overrunning - find it! */
-    char desc[MAXDESC];		/* description */
-};
-
-/*
- * data structures for tar file recognition
- * --------------------------------------------------------------------------
- * Header file for public domain tar (tape archive) program.
- *
- * @(#)tar.h 1.20 86/10/29    Public Domain. Created 25 August 1985 by John
- * Gilmore, ihnp4!hoptoad!gnu.
- *
- * Header block on tape.
- *
- * I'm going to use traditional DP naming conventions here. A "block" is a big
- * chunk of stuff that we do I/O on. A "record" is a piece of info that we
- * care about. Typically many "record"s fit into a "block".
- */
-#define RECORDSIZE    512
-#define NAMSIZ    100
-#define TUNMLEN    32
-#define TGNMLEN    32
-
-union record {
-    char charptr[RECORDSIZE];
-    struct header {
-	char name[NAMSIZ];
-	char mode[8];
-	char uid[8];
-	char gid[8];
-	char size[12];
-	char mtime[12];
-	char chksum[8];
-	char linkflag;
-	char linkname[NAMSIZ];
-	char magic[8];
-	char uname[TUNMLEN];
-	char gname[TGNMLEN];
-	char devmajor[8];
-	char devminor[8];
-    } header;
-};
-
-/* The magic field is filled with this if uname and gname are valid. */
-#define    TMAGIC        "ustar  "	/* 7 chars and a null */
-
-/*
- * file-function prototypes
- */
-static int ascmagic(request_rec *, unsigned char *, int);
-static int is_tar(unsigned char *, int);
-static int softmagic(request_rec *, unsigned char *, int);
-static void tryit(request_rec *, unsigned char *, int, int);
-static int zmagic(request_rec *, unsigned char *, int);
-
-static int getvalue(server_rec *, struct magic *, char **);
-static int hextoint(int);
-static char *getstr(server_rec *, char *, char *, int, int *);
-static int parse(server_rec *, pool *p, char *, int);
-
-static int match(request_rec *, unsigned char *, int);
-static int mget(request_rec *, union VALUETYPE *, unsigned char *,
-		struct magic *, int);
-static int mcheck(request_rec *, union VALUETYPE *, struct magic *);
-static void mprint(request_rec *, union VALUETYPE *, struct magic *);
-
-static int uncompress(request_rec *, int, 
-		      unsigned char **, int);
-static long from_oct(int, char *);
-static int fsmagic(request_rec *r, const char *fn);
-
-/*
- * includes for ASCII substring recognition formerly "names.h" in file
- * command
- *
- * Original notes: names and types used by ascmagic in file(1). These tokens are
- * here because they can appear anywhere in the first HOWMANY bytes, while
- * tokens in /etc/magic must appear at fixed offsets into the file. Don't
- * make HOWMANY too high unless you have a very fast CPU.
- */
-
-/* these types are used to index the table 'types': keep em in sync! */
-/* HTML inserted in first because this is a web server module now */
-#define L_HTML    0		/* HTML */
-#define L_C       1		/* first and foremost on UNIX */
-#define L_FORT    2		/* the oldest one */
-#define L_MAKE    3		/* Makefiles */
-#define L_PLI     4		/* PL/1 */
-#define L_MACH    5		/* some kinda assembler */
-#define L_ENG     6		/* English */
-#define L_PAS     7		/* Pascal */
-#define L_MAIL    8		/* Electronic mail */
-#define L_NEWS    9		/* Usenet Netnews */
-
-static char *types[] =
-{
-    "text/html",		/* HTML */
-    "text/plain",		/* "c program text", */
-    "text/plain",		/* "fortran program text", */
-    "text/plain",		/* "make commands text", */
-    "text/plain",		/* "pl/1 program text", */
-    "text/plain",		/* "assembler program text", */
-    "text/plain",		/* "English text", */
-    "text/plain",		/* "pascal program text", */
-    "message/rfc822",		/* "mail text", */
-    "message/news",		/* "news text", */
-    "application/binary",	/* "can't happen error on names.h/types", */
-    0
-};
-
-static struct names {
-    char *name;
-    short type;
-} names[] = {
-
-    /* These must be sorted by eye for optimal hit rate */
-    /* Add to this list only after substantial meditation */
-    {
-	"", L_HTML
-    },
-    {
-	"", L_HTML
-    },
-    {
-	"", L_HTML
-    },
-    {
-	"", L_HTML
-    },
-    {
-	"", L_HTML
-    },
-    {
-	"<TITLE>", L_HTML
-    },
-    {
-	"<h1>", L_HTML
-    },
-    {
-	"<H1>", L_HTML
-    },
-    {
-	"<!--", L_HTML
-    },
-    {
-	"<!DOCTYPE HTML", L_HTML
-    },
-    {
-	"/*", L_C
-    },				/* must precede "The", "the", etc. */
-    {
-	"#include", L_C
-    },
-    {
-	"char", L_C
-    },
-    {
-	"The", L_ENG
-    },
-    {
-	"the", L_ENG
-    },
-    {
-	"double", L_C
-    },
-    {
-	"extern", L_C
-    },
-    {
-	"float", L_C
-    },
-    {
-	"real", L_C
-    },
-    {
-	"struct", L_C
-    },
-    {
-	"union", L_C
-    },
-    {
-	"CFLAGS", L_MAKE
-    },
-    {
-	"LDFLAGS", L_MAKE
-    },
-    {
-	"all:", L_MAKE
-    },
-    {
-	".PRECIOUS", L_MAKE
-    },
-    {
-	".ascii", L_MACH
-    },
-    {
-	".asciiz", L_MACH
-    },
-    {
-	".byte", L_MACH
-    },
-    {
-	".even", L_MACH
-    },
-    {
-	".globl", L_MACH
-    },
-    {
-	"clr", L_MACH
-    },
-    {
-	"(input,", L_PAS
-    },
-    {
-	"dcl", L_PLI
-    },
-    {
-	"Received:", L_MAIL
-    },
-    {
-	">From", L_MAIL
-    },
-    {
-	"Return-Path:", L_MAIL
-    },
-    {
-	"Cc:", L_MAIL
-    },
-    {
-	"Newsgroups:", L_NEWS
-    },
-    {
-	"Path:", L_NEWS
-    },
-    {
-	"Organization:", L_NEWS
-    },
-    {
-	NULL, 0
-    }
-};
-
-#define NNAMES ((sizeof(names)/sizeof(struct names)) - 1)
-
-/*
- * Result String List (RSL)
- *
- * The file(1) command prints its output.  Instead, we store the various
- * "printed" strings in a list (allocating memory as we go) and concatenate
- * them at the end when we finally know how much space they'll need.
- */
-
-typedef struct magic_rsl_s {
-    char *str;			/* string, possibly a fragment */
-    struct magic_rsl_s *next;	/* pointer to next fragment */
-} magic_rsl;
-
-/*
- * Apache module configuration structures
- */
-
-/* per-server info */
-typedef struct {
-    char *magicfile;		/* where magic be found */
-    struct magic *magic;	/* head of magic config list */
-    struct magic *last;
-} magic_server_config_rec;
-
-/* per-request info */
-typedef struct {
-    magic_rsl *head;		/* result string list */
-    magic_rsl *tail;
-    unsigned suf_recursion;	/* recursion depth in suffix check */
-} magic_req_rec;
-
-/*
- * configuration functions - called by Apache API routines
- */
-
-module MODULE_VAR_EXPORT mime_magic_module;
-
-static void *create_magic_server_config(pool *p, server_rec *d)
-{
-    /* allocate the config - use pcalloc because it needs to be zeroed */
-    return ap_pcalloc(p, sizeof(magic_server_config_rec));
-}
-
-static void *merge_magic_server_config(pool *p, void *basev, void *addv)
-{
-    magic_server_config_rec *base = (magic_server_config_rec *) basev;
-    magic_server_config_rec *add = (magic_server_config_rec *) addv;
-    magic_server_config_rec *new = (magic_server_config_rec *)
-			    ap_palloc(p, sizeof(magic_server_config_rec));
-
-    new->magicfile = add->magicfile ? add->magicfile : base->magicfile;
-    new->magic = NULL;
-    new->last = NULL;
-    return new;
-}
-
-static const char *set_magicfile(cmd_parms *cmd, char *d, char *arg)
-{
-    magic_server_config_rec *conf = (magic_server_config_rec *)
-    ap_get_module_config(cmd->server->module_config,
-		      &mime_magic_module);
-
-    if (!conf) {
-	return MODNAME ": server structure not allocated";
-    }
-    conf->magicfile = arg;
-    return NULL;
-}
-
-/*
- * configuration file commands - exported to Apache API
- */
-
-static const command_rec mime_magic_cmds[] =
-{
-    {"MimeMagicFile", set_magicfile, NULL, RSRC_CONF, TAKE1,
-     "Path to MIME Magic file (in file(1) format)"},
-    {NULL}
-};
-
-/*
- * RSL (result string list) processing routines
- *
- * These collect strings that would have been printed in fragments by file(1)
- * into a list of magic_rsl structures with the strings. When complete,
- * they're concatenated together to become the MIME content and encoding
- * types.
- *
- * return value conventions for these functions: functions which return int:
- * failure = -1, other = result functions which return pointers: failure = 0,
- * other = result
- */
-
-/* allocate a per-request structure and put it in the request record */
-static magic_req_rec *magic_set_config(request_rec *r)
-{
-    magic_req_rec *req_dat = (magic_req_rec *) ap_palloc(r->pool,
-						      sizeof(magic_req_rec));
-
-    req_dat->head = req_dat->tail = (magic_rsl *) NULL;
-    ap_set_module_config(r->request_config, &mime_magic_module, req_dat);
-    return req_dat;
-}
-
-/* add a string to the result string list for this request */
-/* it is the responsibility of the caller to allocate "str" */
-static int magic_rsl_add(request_rec *r, char *str)
-{
-    magic_req_rec *req_dat = (magic_req_rec *)
-		    ap_get_module_config(r->request_config, &mime_magic_module);
-    magic_rsl *rsl;
-
-    /* make sure we have a list to put it in */
-    if (!req_dat) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": request config should not be NULL");
-	if (!(req_dat = magic_set_config(r))) {
-	    /* failure */
-	    return -1;
-	}
-    }
-
-    /* allocate the list entry */
-    rsl = (magic_rsl *) ap_palloc(r->pool, sizeof(magic_rsl));
-
-    /* fill it */
-    rsl->str = str;
-    rsl->next = (magic_rsl *) NULL;
-
-    /* append to the list */
-    if (req_dat->head && req_dat->tail) {
-	req_dat->tail->next = rsl;
-	req_dat->tail = rsl;
-    }
-    else {
-	req_dat->head = req_dat->tail = rsl;
-    }
-
-    /* success */
-    return 0;
-}
-
-/* RSL hook for puts-type functions */
-static int magic_rsl_puts(request_rec *r, char *str)
-{
-    return magic_rsl_add(r, str);
-}
-
-/* RSL hook for printf-type functions */
-static int magic_rsl_printf(request_rec *r, char *str,...)
-{
-    va_list ap;
-
-    char buf[MAXMIMESTRING];
-
-    /* assemble the string into the buffer */
-    va_start(ap, str);
-    ap_vsnprintf(buf, sizeof(buf), str, ap);
-    va_end(ap);
-
-    /* add the buffer to the list */
-    return magic_rsl_add(r, ap_pstrdup(r->pool, buf));
-}
-
-/* RSL hook for putchar-type functions */
-static int magic_rsl_putchar(request_rec *r, char c)
-{
-    char str[2];
-
-    /* high overhead for 1 char - just hope they don't do this much */
-    str[0] = c;
-    str[1] = '\0';
-    return magic_rsl_add(r, str);
-}
-
-/* allocate and copy a contiguous string from a result string list */
-static char *rsl_strdup(request_rec *r, int start_frag, int start_pos, int len)
-{
-    char *result;		/* return value */
-    int cur_frag,		/* current fragment number/counter */
-        cur_pos,		/* current position within fragment */
-        res_pos;		/* position in result string */
-    magic_rsl *frag;		/* list-traversal pointer */
-    magic_req_rec *req_dat = (magic_req_rec *)
-		    ap_get_module_config(r->request_config, &mime_magic_module);
-
-    /* allocate the result string */
-    result = (char *) ap_palloc(r->pool, len + 1);
-
-    /* loop through and collect the string */
-    res_pos = 0;
-    for (frag = req_dat->head, cur_frag = 0;
-	 frag->next;
-	 frag = frag->next, cur_frag++) {
-	/* loop to the first fragment */
-	if (cur_frag < start_frag)
-	    continue;
-
-	/* loop through and collect chars */
-	for (cur_pos = (cur_frag == start_frag) ? start_pos : 0;
-	     frag->str[cur_pos];
-	     cur_pos++) {
-	    if (cur_frag >= start_frag
-		&& cur_pos >= start_pos
-		&& res_pos <= len) {
-		result[res_pos++] = frag->str[cur_pos];
-		if (res_pos > len) {
-		    break;
-		}
-	    }
-	}
-    }
-
-    /* clean up and return */
-    result[res_pos] = 0;
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-	     MODNAME ": rsl_strdup() %d chars: %s", res_pos - 1, result);
-#endif
-    return result;
-}
-
-/* states for the state-machine algorithm in magic_rsl_to_request() */
-typedef enum {
-    rsl_leading_space, rsl_type, rsl_subtype, rsl_separator, rsl_encoding
-} rsl_states;
-
-/* process the RSL and set the MIME info in the request record */
-static int magic_rsl_to_request(request_rec *r)
-{
-    int cur_frag,		/* current fragment number/counter */
-        cur_pos,		/* current position within fragment */
-        type_frag,		/* content type starting point: fragment */
-        type_pos,		/* content type starting point: position */
-        type_len,		/* content type length */
-        encoding_frag,		/* content encoding starting point: fragment */
-        encoding_pos,		/* content encoding starting point: position */
-        encoding_len;		/* content encoding length */
-
-    magic_rsl *frag;		/* list-traversal pointer */
-    rsl_states state;
-
-    magic_req_rec *req_dat = (magic_req_rec *)
-		    ap_get_module_config(r->request_config, &mime_magic_module);
-
-    /* check if we have a result */
-    if (!req_dat || !req_dat->head) {
-	/* empty - no match, we defer to other Apache modules */
-	return DECLINED;
-    }
-
-    /* start searching for the type and encoding */
-    state = rsl_leading_space;
-    type_frag = type_pos = type_len = 0;
-    encoding_frag = encoding_pos = encoding_len = 0;
-    for (frag = req_dat->head, cur_frag = 0;
-	 frag && frag->next;
-	 frag = frag->next, cur_frag++) {
-	/* loop through the characters in the fragment */
-	for (cur_pos = 0; frag->str[cur_pos]; cur_pos++) {
-	    if (ap_isspace(frag->str[cur_pos])) {
-		/* process whitespace actions for each state */
-		if (state == rsl_leading_space) {
-		    /* eat whitespace in this state */
-		    continue;
-		}
-		else if (state == rsl_type) {
-		    /* whitespace: type has no slash! */
-		    return DECLINED;
-		}
-		else if (state == rsl_subtype) {
-		    /* whitespace: end of MIME type */
-		    state++;
-		    continue;
-		}
-		else if (state == rsl_separator) {
-		    /* eat whitespace in this state */
-		    continue;
-		}
-		else if (state == rsl_encoding) {
-		    /* whitespace: end of MIME encoding */
-		    /* we're done */
-		    frag = req_dat->tail;
-		    break;
-		}
-		else {
-		    /* should not be possible */
-		    /* abandon malfunctioning module */
-		    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-				MODNAME ": bad state %d (ws)", state);
-		    return DECLINED;
-		}
-		/* NOTREACHED */
-	    }
-	    else if (state == rsl_type &&
-		     frag->str[cur_pos] == '/') {
-		/* copy the char and go to rsl_subtype state */
-		type_len++;
-		state++;
-	    }
-	    else {
-		/* process non-space actions for each state */
-		if (state == rsl_leading_space) {
-		    /* non-space: begin MIME type */
-		    state++;
-		    type_frag = cur_frag;
-		    type_pos = cur_pos;
-		    type_len = 1;
-		    continue;
-		}
-		else if (state == rsl_type ||
-			 state == rsl_subtype) {
-		    /* non-space: adds to type */
-		    type_len++;
-		    continue;
-		}
-		else if (state == rsl_separator) {
-		    /* non-space: begin MIME encoding */
-		    state++;
-		    encoding_frag = cur_frag;
-		    encoding_pos = cur_pos;
-		    encoding_len = 1;
-		    continue;
-		}
-		else if (state == rsl_encoding) {
-		    /* non-space: adds to encoding */
-		    encoding_len++;
-		    continue;
-		}
-		else {
-		    /* should not be possible */
-		    /* abandon malfunctioning module */
-		    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-				MODNAME ": bad state %d (ns)", state);
-		    return DECLINED;
-		}
-		/* NOTREACHED */
-	    }
-	    /* NOTREACHED */
-	}
-    }
-
-    /* if we ended prior to state rsl_subtype, we had incomplete info */
-    if (state != rsl_subtype && state != rsl_separator &&
-	state != rsl_encoding) {
-	/* defer to other modules */
-	return DECLINED;
-    }
-
-    /* save the info in the request record */
-    if (state == rsl_subtype || state == rsl_encoding ||
-	state == rsl_encoding) {
-        char *tmp;
-	tmp = rsl_strdup(r, type_frag, type_pos, type_len);
-	/* XXX: this could be done at config time I'm sure... but I'm
-	 * confused by all this magic_rsl stuff. -djg */
-	ap_content_type_tolower(tmp);
-	r->content_type = tmp;
-    }
-    if (state == rsl_encoding) {
-        char *tmp;
-	tmp = rsl_strdup(r, encoding_frag,
-					 encoding_pos, encoding_len);
-	/* XXX: this could be done at config time I'm sure... but I'm
-	 * confused by all this magic_rsl stuff. -djg */
-	ap_str_tolower(tmp);
-	r->content_encoding = tmp;
-    }
-
-    /* detect memory allocation errors */
-    if (!r->content_type ||
-	(state == rsl_encoding && !r->content_encoding)) {
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /* success! */
-    return OK;
-}
-
-/*
- * magic_process - process input file r        Apache API request record
- * (formerly called "process" in file command, prefix added for clarity) Opens
- * the file and reads a fixed-size buffer to begin processing the contents.
- */
-static int magic_process(request_rec *r)
-{
-    int fd = 0;
-    unsigned char buf[HOWMANY + 1];	/* one extra for terminating '\0' */
-    int nbytes = 0;		/* number of bytes read from a datafile */
-    int result;
-
-    /*
-     * first try judging the file based on its filesystem status
-     */
-    switch ((result = fsmagic(r, r->filename))) {
-    case DONE:
-	magic_rsl_putchar(r, '\n');
-	return OK;
-    case OK:
-	break;
-    default:
-	/* fatal error, bail out */
-	return result;
-    }
-
-    if ((fd = ap_popenf(r->pool, r->filename, O_RDONLY, 0)) < 0) {
-	/* We can't open it, but we were able to stat it. */
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    MODNAME ": can't read `%s'", r->filename);
-	/* let some other handler decide what the problem is */
-	return DECLINED;
-    }
-
-    /*
-     * try looking at the first HOWMANY bytes
-     */
-    if ((nbytes = read(fd, (char *) buf, sizeof(buf) - 1)) == -1) {
-        (void) ap_pclosef(r->pool, fd);
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    MODNAME ": read failed: %s", r->filename);
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    if (nbytes == 0)
-	magic_rsl_puts(r, MIME_TEXT_UNKNOWN);
-    else {
-	buf[nbytes++] = '\0';	/* null-terminate it */
-	tryit(r, buf, nbytes, 1); 
-    }
-
-    (void) ap_pclosef(r->pool, fd);
-    (void) magic_rsl_putchar(r, '\n');
-
-    return OK;
-}
-
-
-static void tryit(request_rec *r, unsigned char *buf, int nb, int checkzmagic)
-{
-    /*
-     * Try compression stuff
-     */
-	if (checkzmagic == 1) {  
-			if (zmagic(r, buf, nb) == 1)
-			return;
-	}
-
-    /*
-     * try tests in /etc/magic (or surrogate magic file)
-     */
-    if (softmagic(r, buf, nb) == 1)
-	return;
-
-    /*
-     * try known keywords, check for ascii-ness too.
-     */
-    if (ascmagic(r, buf, nb) == 1)
-	return;
-
-    /*
-     * abandon hope, all ye who remain here
-     */
-    magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-}
-
-#define    EATAB {while (ap_isspace((unsigned char) *l))  ++l;}
-
-/*
- * apprentice - load configuration from the magic file r
- *  API request record
- */
-static int apprentice(server_rec *s, pool *p)
-{
-    FILE *f;
-    char line[BUFSIZ + 1];
-    int errs = 0;
-    int lineno;
-#if MIME_MAGIC_DEBUG
-    int rule = 0;
-    struct magic *m, *prevm;
-#endif
-    char *fname;
-
-    magic_server_config_rec *conf = (magic_server_config_rec *)
-		    ap_get_module_config(s->module_config, &mime_magic_module);
-
-    fname = ap_server_root_relative(p, conf->magicfile);
-    f = ap_pfopen(p, fname, "r");
-    if (f == NULL) {
-	ap_log_error(APLOG_MARK, APLOG_ERR, s,
-		    MODNAME ": can't read magic file %s", fname);
-	return -1;
-    }
-
-    /* set up the magic list (empty) */
-    conf->magic = conf->last = NULL;
-
-    /* parse it */
-    for (lineno = 1; fgets(line, sizeof(line), f) != NULL; lineno++) {
-	int ws_offset;
-
-	/* delete newline */
-	line[strcspn(line, "\n")] = '\0';
-
-	/* skip leading whitespace */
-	ws_offset = 0;
-	while (line[ws_offset] && ap_isspace(line[ws_offset])) {
-	    ws_offset++;
-	}
-
-	/* skip blank lines */
-	if (line[ws_offset] == 0) {
-	    continue;
-	}
-
-	/* comment, do not parse */
-	if (line[ws_offset] == '#')
-	    continue;
-
-#if MIME_MAGIC_DEBUG
-	/* if we get here, we're going to use it so count it */
-	rule++;
-#endif
-
-	/* parse it */
-	if (parse(s, p, line + ws_offset, lineno) != 0)
-	    ++errs;
-    }
-
-    (void) ap_pfclose(p, f);
-
-#if MIME_MAGIC_DEBUG
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-		MODNAME ": apprentice conf=%x file=%s m=%s m->next=%s last=%s",
-		conf,
-		conf->magicfile ? conf->magicfile : "NULL",
-		conf->magic ? "set" : "NULL",
-		(conf->magic && conf->magic->next) ? "set" : "NULL",
-		conf->last ? "set" : "NULL");
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-		MODNAME ": apprentice read %d lines, %d rules, %d errors",
-		lineno, rule, errs);
-#endif
-
-#if MIME_MAGIC_DEBUG
-    prevm = 0;
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-		MODNAME ": apprentice test");
-    for (m = conf->magic; m; m = m->next) {
-	if (ap_isprint((((unsigned long) m) >> 24) & 255) &&
-	    ap_isprint((((unsigned long) m) >> 16) & 255) &&
-	    ap_isprint((((unsigned long) m) >> 8) & 255) &&
-	    ap_isprint(((unsigned long) m) & 255)) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-			MODNAME ": apprentice: POINTER CLOBBERED! "
-			"m=\"%c%c%c%c\" line=%d",
-			(((unsigned long) m) >> 24) & 255,
-			(((unsigned long) m) >> 16) & 255,
-			(((unsigned long) m) >> 8) & 255,
-			((unsigned long) m) & 255,
-			prevm ? prevm->lineno : -1);
-	    break;
-	}
-	prevm = m;
-    }
-#endif
-
-    return (errs ? -1 : 0);
-}
-
-/*
- * extend the sign bit if the comparison is to be signed
- */
-static unsigned long signextend(server_rec *s, struct magic *m, unsigned long v)
-{
-    if (!(m->flag & UNSIGNED))
-	switch (m->type) {
-	    /*
-	     * Do not remove the casts below.  They are vital. When later
-	     * compared with the data, the sign extension must have happened.
-	     */
-	case BYTE:
-	    v = (char) v;
-	    break;
-	case SHORT:
-	case BESHORT:
-	case LESHORT:
-	    v = (short) v;
-	    break;
-	case DATE:
-	case BEDATE:
-	case LEDATE:
-	case LONG:
-	case BELONG:
-	case LELONG:
-	    v = (long) v;
-	    break;
-	case STRING:
-	    break;
-	default:
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, s,
-			MODNAME ": can't happen: m->type=%d", m->type);
-	    return -1;
-	}
-    return v;
-}
-
-/*
- * parse one line from magic file, put into magic[index++] if valid
- */
-static int parse(server_rec *serv, pool *p, char *l, int lineno)
-{
-    struct magic *m;
-    char *t, *s;
-    magic_server_config_rec *conf = (magic_server_config_rec *)
-		    ap_get_module_config(serv->module_config, &mime_magic_module);
-
-    /* allocate magic structure entry */
-    m = (struct magic *) ap_pcalloc(p, sizeof(struct magic));
-
-    /* append to linked list */
-    m->next = NULL;
-    if (!conf->magic || !conf->last) {
-	conf->magic = conf->last = m;
-    }
-    else {
-	conf->last->next = m;
-	conf->last = m;
-    }
-
-    /* set values in magic structure */
-    m->flag = 0;
-    m->cont_level = 0;
-    m->lineno = lineno;
-
-    while (*l == '>') {
-	++l;			/* step over */
-	m->cont_level++;
-    }
-
-    if (m->cont_level != 0 && *l == '(') {
-	++l;			/* step over */
-	m->flag |= INDIR;
-    }
-
-    /* get offset, then skip over it */
-    m->offset = (int) ap_strtol(l, &t, 0);
-    if (l == t) {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-		    MODNAME ": offset %s invalid", l);
-    }
-    l = t;
-
-    if (m->flag & INDIR) {
-	m->in.type = LONG;
-	m->in.offset = 0;
-	/*
-	 * read [.lbs][+-]nnnnn)
-	 */
-	if (*l == '.') {
-	    switch (*++l) {
-	    case 'l':
-		m->in.type = LONG;
-		break;
-	    case 's':
-		m->in.type = SHORT;
-		break;
-	    case 'b':
-		m->in.type = BYTE;
-		break;
-	    default:
-		ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-			MODNAME ": indirect offset type %c invalid", *l);
-		break;
-	    }
-	    l++;
-	}
-	s = l;
-	if (*l == '+' || *l == '-')
-	    l++;
-	if (ap_isdigit((unsigned char) *l)) {
-	    m->in.offset = ap_strtol(l, &t, 0);
-	    if (*s == '-')
-		m->in.offset = -m->in.offset;
-	}
-	else
-	    t = l;
-	if (*t++ != ')') {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-			MODNAME ": missing ')' in indirect offset");
-	}
-	l = t;
-    }
-
-
-    while (ap_isdigit((unsigned char) *l))
-	++l;
-    EATAB;
-
-#define NBYTE           4
-#define NSHORT          5
-#define NLONG           4
-#define NSTRING         6
-#define NDATE           4
-#define NBESHORT        7
-#define NBELONG         6
-#define NBEDATE         6
-#define NLESHORT        7
-#define NLELONG         6
-#define NLEDATE         6
-
-    if (*l == 'u') {
-	++l;
-	m->flag |= UNSIGNED;
-    }
-
-    /* get type, skip it */
-    if (strncmp(l, "byte", NBYTE) == 0) {
-	m->type = BYTE;
-	l += NBYTE;
-    }
-    else if (strncmp(l, "short", NSHORT) == 0) {
-	m->type = SHORT;
-	l += NSHORT;
-    }
-    else if (strncmp(l, "long", NLONG) == 0) {
-	m->type = LONG;
-	l += NLONG;
-    }
-    else if (strncmp(l, "string", NSTRING) == 0) {
-	m->type = STRING;
-	l += NSTRING;
-    }
-    else if (strncmp(l, "date", NDATE) == 0) {
-	m->type = DATE;
-	l += NDATE;
-    }
-    else if (strncmp(l, "beshort", NBESHORT) == 0) {
-	m->type = BESHORT;
-	l += NBESHORT;
-    }
-    else if (strncmp(l, "belong", NBELONG) == 0) {
-	m->type = BELONG;
-	l += NBELONG;
-    }
-    else if (strncmp(l, "bedate", NBEDATE) == 0) {
-	m->type = BEDATE;
-	l += NBEDATE;
-    }
-    else if (strncmp(l, "leshort", NLESHORT) == 0) {
-	m->type = LESHORT;
-	l += NLESHORT;
-    }
-    else if (strncmp(l, "lelong", NLELONG) == 0) {
-	m->type = LELONG;
-	l += NLELONG;
-    }
-    else if (strncmp(l, "ledate", NLEDATE) == 0) {
-	m->type = LEDATE;
-	l += NLEDATE;
-    }
-    else {
-	ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-		    MODNAME ": type %s invalid", l);
-	return -1;
-    }
-    /* New-style anding: "0 byte&0x80 =0x80 dynamically linked" */
-    if (*l == '&') {
-	++l;
-	m->mask = signextend(serv, m, ap_strtol(l, &l, 0));
-    }
-    else
-	m->mask = ~0L;
-    EATAB;
-
-    switch (*l) {
-    case '>':
-    case '<':
-	/* Old-style anding: "0 byte &0x80 dynamically linked" */
-    case '&':
-    case '^':
-    case '=':
-	m->reln = *l;
-	++l;
-	break;
-    case '!':
-	if (m->type != STRING) {
-	    m->reln = *l;
-	    ++l;
-	    break;
-	}
-	/* FALL THROUGH */
-    default:
-	if (*l == 'x' && ap_isspace((unsigned char) l[1])) {
-	    m->reln = *l;
-	    ++l;
-	    goto GetDesc;	/* Bill The Cat */
-	}
-	m->reln = '=';
-	break;
-    }
-    EATAB;
-
-    if (getvalue(serv, m, &l))
-	return -1;
-    /*
-     * now get last part - the description
-     */
-  GetDesc:
-    EATAB;
-    if (l[0] == '\b') {
-	++l;
-	m->nospflag = 1;
-    }
-    else if ((l[0] == '\\') && (l[1] == 'b')) {
-	++l;
-	++l;
-	m->nospflag = 1;
-    }
-    else
-	m->nospflag = 0;
-    strncpy(m->desc, l, sizeof(m->desc) - 1);
-    m->desc[sizeof(m->desc) - 1] = '\0';
-
-#if MIME_MAGIC_DEBUG
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, serv,
-		MODNAME ": parse line=%d m=%x next=%x cont=%d desc=%s",
-		lineno, m, m->next, m->cont_level, m->desc);
-#endif /* MIME_MAGIC_DEBUG */
-
-    return 0;
-}
-
-/*
- * Read a numeric value from a pointer, into the value union of a magic
- * pointer, according to the magic type.  Update the string pointer to point
- * just after the number read.  Return 0 for success, non-zero for failure.
- */
-static int getvalue(server_rec *s, struct magic *m, char **p)
-{
-    int slen;
-
-    if (m->type == STRING) {
-	*p = getstr(s, *p, m->value.s, sizeof(m->value.s), &slen);
-	m->vallen = slen;
-    }
-    else if (m->reln != 'x')
-	m->value.l = signextend(s, m, ap_strtol(*p, p, 0));
-    return 0;
-}
-
-/*
- * Convert a string containing C character escapes.  Stop at an unescaped
- * space or tab. Copy the converted version to "p", returning its length in
- * *slen. Return updated scan pointer as function result.
- */
-static char *getstr(server_rec *serv, char *s, char *p,
-		    int plen, int *slen)
-{
-    char *origs = s, *origp = p;
-    char *pmax = p + plen - 1;
-    int c;
-    int val;
-
-    while ((c = *s++) != '\0') {
-	if (ap_isspace((unsigned char) c))
-	    break;
-	if (p >= pmax) {
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
-			MODNAME ": string too long: %s", origs);
-	    break;
-	}
-	if (c == '\\') {
-	    switch (c = *s++) {
-
-	    case '\0':
-		goto out;
-
-	    default:
-		*p++ = (char) c;
-		break;
-
-	    case 'n':
-		*p++ = '\n';
-		break;
-
-	    case 'r':
-		*p++ = '\r';
-		break;
-
-	    case 'b':
-		*p++ = '\b';
-		break;
-
-	    case 't':
-		*p++ = '\t';
-		break;
-
-	    case 'f':
-		*p++ = '\f';
-		break;
-
-	    case 'v':
-		*p++ = '\v';
-		break;
-
-		/* \ and up to 3 octal digits */
-	    case '0':
-	    case '1':
-	    case '2':
-	    case '3':
-	    case '4':
-	    case '5':
-	    case '6':
-	    case '7':
-		val = c - '0';
-		c = *s++;	/* try for 2 */
-		if (c >= '0' && c <= '7') {
-		    val = (val << 3) | (c - '0');
-		    c = *s++;	/* try for 3 */
-		    if (c >= '0' && c <= '7')
-			val = (val << 3) | (c - '0');
-		    else
-			--s;
-		}
-		else
-		    --s;
-		*p++ = (char) val;
-		break;
-
-		/* \x and up to 3 hex digits */
-	    case 'x':
-		val = 'x';	/* Default if no digits */
-		c = hextoint(*s++);	/* Get next char */
-		if (c >= 0) {
-		    val = c;
-		    c = hextoint(*s++);
-		    if (c >= 0) {
-			val = (val << 4) + c;
-			c = hextoint(*s++);
-			if (c >= 0) {
-			    val = (val << 4) + c;
-			}
-			else
-			    --s;
-		    }
-		    else
-			--s;
-		}
-		else
-		    --s;
-		*p++ = (char) val;
-		break;
-	    }
-	}
-	else
-	    *p++ = (char) c;
-    }
-  out:
-    *p = '\0';
-    *slen = p - origp;
-    return s;
-}
-
-
-/* Single hex char to int; -1 if not a hex char. */
-static int hextoint(int c)
-{
-    if (ap_isdigit((unsigned char) c))
-	return c - '0';
-    if ((c >= 'a') && (c <= 'f'))
-	return c + 10 - 'a';
-    if ((c >= 'A') && (c <= 'F'))
-	return c + 10 - 'A';
-    return -1;
-}
-
-
-/*
- * return DONE to indicate it's been handled
- * return OK to indicate it's a regular file still needing handling
- * other returns indicate a failure of some sort
- */
-static int fsmagic(request_rec *r, const char *fn)
-{
-    switch (r->finfo.st_mode & S_IFMT) {
-    case S_IFDIR:
-	magic_rsl_puts(r, DIR_MAGIC_TYPE);
-	return DONE;
-    case S_IFCHR:
-	/*
-	 * (void) magic_rsl_printf(r,"character special (%d/%d)",
-	 * major(sb->st_rdev), minor(sb->st_rdev));
-	 */
-	(void) magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-	return DONE;
-    case S_IFBLK:
-	/*
-	 * (void) magic_rsl_printf(r,"block special (%d/%d)",
-	 * major(sb->st_rdev), minor(sb->st_rdev));
-	 */
-	(void) magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-	return DONE;
-	/* TODO add code to handle V7 MUX and Blit MUX files */
-    case S_IFIFO:
-	/*
-	 * magic_rsl_puts(r,"fifo (named pipe)");
-	 */
-	(void) magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-	return DONE;
-    case S_IFLNK:
-	/* We used stat(), the only possible reason for this is that the
-	 * symlink is broken.
-	 */
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": broken symlink (%s)", fn);
-	return HTTP_INTERNAL_SERVER_ERROR;
-    case S_IFSOCK:
-	magic_rsl_puts(r, MIME_BINARY_UNKNOWN);
-	return DONE;
-    case S_IFREG:
-	break;
-    default:
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": invalid mode 0%o.", (unsigned int)r->finfo.st_mode);
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /*
-     * regular file, check next possibility
-     */
-    if (r->finfo.st_size == 0) {
-	magic_rsl_puts(r, MIME_TEXT_UNKNOWN);
-	return DONE;
-    }
-    return OK;
-}
-
-/*
- * softmagic - lookup one file in database (already read from /etc/magic by
- * apprentice.c). Passed the name and FILE * of one file to be typed.
- */
-		/* ARGSUSED1 *//* nbytes passed for regularity, maybe need later */
-static int softmagic(request_rec *r, unsigned char *buf, int nbytes)
-{
-    if (match(r, buf, nbytes))
-	return 1;
-
-    return 0;
-}
-
-/*
- * Go through the whole list, stopping if you find a match.  Process all the
- * continuations of that match before returning.
- *
- * We support multi-level continuations:
- *
- * At any time when processing a successful top-level match, there is a current
- * continuation level; it represents the level of the last successfully
- * matched continuation.
- *
- * Continuations above that level are skipped as, if we see one, it means that
- * the continuation that controls them - i.e, the lower-level continuation
- * preceding them - failed to match.
- *
- * Continuations below that level are processed as, if we see one, it means
- * we've finished processing or skipping higher-level continuations under the
- * control of a successful or unsuccessful lower-level continuation, and are
- * now seeing the next lower-level continuation and should process it.  The
- * current continuation level reverts to the level of the one we're seeing.
- *
- * Continuations at the current level are processed as, if we see one, there's
- * no lower-level continuation that may have failed.
- *
- * If a continuation matches, we bump the current continuation level so that
- * higher-level continuations are processed.
- */
-static int match(request_rec *r, unsigned char *s, int nbytes)
-{
-#if MIME_MAGIC_DEBUG
-    int rule_counter = 0;
-#endif
-    int cont_level = 0;
-    int need_separator = 0;
-    union VALUETYPE p;
-    magic_server_config_rec *conf = (magic_server_config_rec *)
-		ap_get_module_config(r->server->module_config, &mime_magic_module);
-    struct magic *m;
-
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		MODNAME ": match conf=%x file=%s m=%s m->next=%s last=%s",
-		conf,
-		conf->magicfile ? conf->magicfile : "NULL",
-		conf->magic ? "set" : "NULL",
-		(conf->magic && conf->magic->next) ? "set" : "NULL",
-		conf->last ? "set" : "NULL");
-#endif
-
-#if MIME_MAGIC_DEBUG
-    for (m = conf->magic; m; m = m->next) {
-	if (ap_isprint((((unsigned long) m) >> 24) & 255) &&
-	    ap_isprint((((unsigned long) m) >> 16) & 255) &&
-	    ap_isprint((((unsigned long) m) >> 8) & 255) &&
-	    ap_isprint(((unsigned long) m) & 255)) {
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			MODNAME ": match: POINTER CLOBBERED! "
-			"m=\"%c%c%c%c\"",
-			(((unsigned long) m) >> 24) & 255,
-			(((unsigned long) m) >> 16) & 255,
-			(((unsigned long) m) >> 8) & 255,
-			((unsigned long) m) & 255);
-	    break;
-	}
-    }
-#endif
-
-    for (m = conf->magic; m; m = m->next) {
-#if MIME_MAGIC_DEBUG
-	rule_counter++;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    MODNAME ": line=%d desc=%s", m->lineno, m->desc);
-#endif
-
-	/* check if main entry matches */
-	if (!mget(r, &p, s, m, nbytes) ||
-	    !mcheck(r, &p, m)) {
-	    struct magic *m_cont;
-
-	    /*
-	     * main entry didn't match, flush its continuations
-	     */
-	    if (!m->next || (m->next->cont_level == 0)) {
-		continue;
-	    }
-
-	    m_cont = m->next;
-	    while (m_cont && (m_cont->cont_level != 0)) {
-#if MIME_MAGIC_DEBUG
-		rule_counter++;
-		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			MODNAME ": line=%d mc=%x mc->next=%x cont=%d desc=%s",
-			    m_cont->lineno, m_cont,
-			    m_cont->next, m_cont->cont_level,
-			    m_cont->desc);
-#endif
-		/*
-		 * this trick allows us to keep *m in sync when the continue
-		 * advances the pointer
-		 */
-		m = m_cont;
-		m_cont = m_cont->next;
-	    }
-	    continue;
-	}
-
-	/* if we get here, the main entry rule was a match */
-	/* this will be the last run through the loop */
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    MODNAME ": rule matched, line=%d type=%d %s",
-		    m->lineno, m->type,
-		    (m->type == STRING) ? m->value.s : "");
-#endif
-
-	/* print the match */
-	mprint(r, &p, m);
-
-	/*
-	 * If we printed something, we'll need to print a blank before we
-	 * print something else.
-	 */
-	if (m->desc[0])
-	    need_separator = 1;
-	/* and any continuations that match */
-	cont_level++;
-	/*
-	 * while (m && m->next && m->next->cont_level != 0 && ( m = m->next
-	 * ))
-	 */
-	m = m->next;
-	while (m && (m->cont_level != 0)) {
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			MODNAME ": match line=%d cont=%d type=%d %s",
-			m->lineno, m->cont_level, m->type,
-			(m->type == STRING) ? m->value.s : "");
-#endif
-	    if (cont_level >= m->cont_level) {
-		if (cont_level > m->cont_level) {
-		    /*
-		     * We're at the end of the level "cont_level"
-		     * continuations.
-		     */
-		    cont_level = m->cont_level;
-		}
-		if (mget(r, &p, s, m, nbytes) &&
-		    mcheck(r, &p, m)) {
-		    /*
-		     * This continuation matched. Print its message, with a
-		     * blank before it if the previous item printed and this
-		     * item isn't empty.
-		     */
-		    /* space if previous printed */
-		    if (need_separator
-			&& (m->nospflag == 0)
-			&& (m->desc[0] != '\0')
-			) {
-			(void) magic_rsl_putchar(r, ' ');
-			need_separator = 0;
-		    }
-		    mprint(r, &p, m);
-		    if (m->desc[0])
-			need_separator = 1;
-
-		    /*
-		     * If we see any continuations at a higher level, process
-		     * them.
-		     */
-		    cont_level++;
-		}
-	    }
-
-	    /* move to next continuation record */
-	    m = m->next;
-	}
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    MODNAME ": matched after %d rules", rule_counter);
-#endif
-	return 1;		/* all through */
-    }
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		MODNAME ": failed after %d rules", rule_counter);
-#endif
-    return 0;			/* no match at all */
-}
-
-static void mprint(request_rec *r, union VALUETYPE *p, struct magic *m)
-{
-    char *pp;
-    unsigned long v;
-
-    switch (m->type) {
-    case BYTE:
-	v = p->b;
-	break;
-
-    case SHORT:
-    case BESHORT:
-    case LESHORT:
-	v = p->h;
-	break;
-
-    case LONG:
-    case BELONG:
-    case LELONG:
-	v = p->l;
-	break;
-
-    case STRING:
-	if (m->reln == '=') {
-	    (void) magic_rsl_printf(r, m->desc, m->value.s);
-	}
-	else {
-	    (void) magic_rsl_printf(r, m->desc, p->s);
-	}
-	return;
-
-    case DATE:
-    case BEDATE:
-    case LEDATE:
-	/* XXX: not multithread safe */
-	pp = ctime((time_t *) & p->l);
-	pp[strcspn(pp, "\n")] = '\0';
-	(void) magic_rsl_printf(r, m->desc, pp);
-	return;
-    default:
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": invalid m->type (%d) in mprint().",
-		    m->type);
-	return;
-    }
-
-    v = signextend(r->server, m, v) & m->mask;
-    (void) magic_rsl_printf(r, m->desc, (unsigned long) v);
-}
-
-/*
- * Convert the byte order of the data we are looking at
- */
-static int mconvert(request_rec *r, union VALUETYPE *p, struct magic *m)
-{
-    switch (m->type) {
-    case BYTE:
-    case SHORT:
-    case LONG:
-    case DATE:
-	return 1;
-    case STRING:
-	/* Null terminate and eat the return */
-	p->s[sizeof(p->s) - 1] = '\0';
-	p->s[strcspn(p->s, "\n")] = '\0';
-	return 1;
-    case BESHORT:
-	p->h = (short) ((p->hs[0] << 8) | (p->hs[1]));
-	return 1;
-    case BELONG:
-    case BEDATE:
-	p->l = (long)
-	    ((p->hl[0] << 24) | (p->hl[1] << 16) | (p->hl[2] << 8) | (p->hl[3]));
-	return 1;
-    case LESHORT:
-	p->h = (short) ((p->hs[1] << 8) | (p->hs[0]));
-	return 1;
-    case LELONG:
-    case LEDATE:
-	p->l = (long)
-	    ((p->hl[3] << 24) | (p->hl[2] << 16) | (p->hl[1] << 8) | (p->hl[0]));
-	return 1;
-    default:
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": invalid type %d in mconvert().", m->type);
-	return 0;
-    }
-}
-
-
-static int mget(request_rec *r, union VALUETYPE *p, unsigned char *s,
-		struct magic *m, int nbytes)
-{
-    long offset = m->offset;
-
-    if (offset + (long)sizeof(union VALUETYPE) > nbytes)
-	          return 0;
-
-    memcpy(p, s + offset, sizeof(union VALUETYPE));
-
-    if (!mconvert(r, p, m))
-	return 0;
-
-    if (m->flag & INDIR) {
-
-	switch (m->in.type) {
-	case BYTE:
-	    offset = p->b + m->in.offset;
-	    break;
-	case SHORT:
-	    offset = p->h + m->in.offset;
-	    break;
-	case LONG:
-	    offset = p->l + m->in.offset;
-	    break;
-	}
-
-	if (offset + (long)sizeof(union VALUETYPE) > nbytes)
-	              return 0;
-
-	memcpy(p, s + offset, sizeof(union VALUETYPE));
-
-	if (!mconvert(r, p, m))
-	    return 0;
-    }
-    return 1;
-}
-
-static int mcheck(request_rec *r, union VALUETYPE *p, struct magic *m)
-{
-    unsigned long l = m->value.l;
-    unsigned long v;
-    int matched;
-
-    if ((m->value.s[0] == 'x') && (m->value.s[1] == '\0')) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": BOINK");
-	return 1;
-    }
-
-    switch (m->type) {
-    case BYTE:
-	v = p->b;
-	break;
-
-    case SHORT:
-    case BESHORT:
-    case LESHORT:
-	v = p->h;
-	break;
-
-    case LONG:
-    case BELONG:
-    case LELONG:
-    case DATE:
-    case BEDATE:
-    case LEDATE:
-	v = p->l;
-	break;
-
-    case STRING:
-	l = 0;
-	/*
-	 * What we want here is: v = strncmp(m->value.s, p->s, m->vallen);
-	 * but ignoring any nulls.  bcmp doesn't give -/+/0 and isn't
-	 * universally available anyway.
-	 */
-	v = 0;
-	{
-	    unsigned char *a = (unsigned char *) m->value.s;
-	    unsigned char *b = (unsigned char *) p->s;
-	    int len = m->vallen;
-
-	    while (--len >= 0)
-		if ((v = *b++ - *a++) != 0)
-		    break;
-	}
-	break;
-    default:
-	/*  bogosity, pretend that it just wasn't a match */
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": invalid type %d in mcheck().", m->type);
-	return 0;
-    }
-
-    v = signextend(r->server, m, v) & m->mask;
-
-    switch (m->reln) {
-    case 'x':
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "%lu == *any* = 1", v);
-#endif
-	matched = 1;
-	break;
-
-    case '!':
-	matched = v != l;
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "%lu != %lu = %d", v, l, matched);
-#endif
-	break;
-
-    case '=':
-	matched = v == l;
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "%lu == %lu = %d", v, l, matched);
-#endif
-	break;
-
-    case '>':
-	if (m->flag & UNSIGNED) {
-	    matched = v > l;
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			"%lu > %lu = %d", v, l, matched);
-#endif
-	}
-	else {
-	    matched = (long) v > (long) l;
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			"%ld > %ld = %d", v, l, matched);
-#endif
-	}
-	break;
-
-    case '<':
-	if (m->flag & UNSIGNED) {
-	    matched = v < l;
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			"%lu < %lu = %d", v, l, matched);
-#endif
-	}
-	else {
-	    matched = (long) v < (long) l;
-#if MIME_MAGIC_DEBUG
-	    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-			"%ld < %ld = %d", v, l, matched);
-#endif
-	}
-	break;
-
-    case '&':
-	matched = (v & l) == l;
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "((%lx & %lx) == %lx) = %d", v, l, l, matched);
-#endif
-	break;
-
-    case '^':
-	matched = (v & l) != l;
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    "((%lx & %lx) != %lx) = %d", v, l, l, matched);
-#endif
-	break;
-
-    default:
-	/* bogosity, pretend it didn't match */
-	matched = 0;
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, r,
-		    MODNAME ": mcheck: can't happen: invalid relation %d.",
-		    m->reln);
-	break;
-    }
-
-    return matched;
-}
-
-/* an optimization over plain strcmp() */
-#define    STREQ(a, b)    (*(a) == *(b) && strcmp((a), (b)) == 0)
-
-static int ascmagic(request_rec *r, unsigned char *buf, int nbytes)
-{
-    int has_escapes = 0;
-    unsigned char *s;
-    char nbuf[HOWMANY + 1];	/* one extra for terminating '\0' */
-    char *token;
-    struct names *p;
-    int small_nbytes;
-
-    /* these are easy, do them first */
-
-    /*
-     * for troff, look for . + letter + letter or .\"; this must be done to
-     * disambiguate tar archives' ./file and other trash from real troff
-     * input.
-     */
-    if (*buf == '.') {
-	unsigned char *tp = buf + 1;
-
-	while (ap_isspace(*tp))
-	    ++tp;		/* skip leading whitespace */
-	if ((ap_isalnum(*tp) || *tp == '\\') &&
-	     (ap_isalnum(*(tp + 1)) || *tp == '"')) {
-	    magic_rsl_puts(r, "application/x-troff");
-	    return 1;
-	}
-    }
-    if ((*buf == 'c' || *buf == 'C') && ap_isspace(*(buf + 1))) {
-	/* Fortran */
-	magic_rsl_puts(r, "text/plain");
-	return 1;
-    }
-
-    /* look for tokens from names.h - this is expensive!, so we'll limit
-     * ourselves to only SMALL_HOWMANY bytes */
-    small_nbytes = (nbytes > SMALL_HOWMANY) ? SMALL_HOWMANY : nbytes;
-    /* make a copy of the buffer here because strtok() will destroy it */
-    s = (unsigned char *) memcpy(nbuf, buf, small_nbytes);
-    s[small_nbytes] = '\0';
-    has_escapes = (memchr(s, '\033', small_nbytes) != NULL);
-    /* XXX: not multithread safe */
-    while ((token = strtok((char *) s, " \t\n\r\f")) != NULL) {
-	s = NULL;		/* make strtok() keep on tokin' */
-	for (p = names; p < names + NNAMES; p++) {
-	    if (STREQ(p->name, token)) {
-		magic_rsl_puts(r, types[p->type]);
-		if (has_escapes)
-		    magic_rsl_puts(r, " (with escape sequences)");
-		return 1;
-	    }
-	}
-    }
-
-    switch (is_tar(buf, nbytes)) {
-    case 1:
-	/* V7 tar archive */
-	magic_rsl_puts(r, "application/x-tar");
-	return 1;
-    case 2:
-	/* POSIX tar archive */
-	magic_rsl_puts(r, "application/x-tar");
-	return 1;
-    }
-
-    /* all else fails, but it is ascii... */
-    if (has_escapes) {
-	/* text with escape sequences */
-	/* we leave this open for further differentiation later */
-	magic_rsl_puts(r, "text/plain");
-    }
-    else {
-	/* plain text */
-	magic_rsl_puts(r, "text/plain");
-    }
-    return 1;
-}
-
-
-/*
- * compress routines: zmagic() - returns 0 if not recognized, uncompresses
- * and prints information if recognized uncompress(s, method, old, n, newch)
- * - uncompress old into new, using method, return sizeof new
- */
-
-static struct {
-    char *magic;
-    int maglen;
-    char *argv[3];
-    int silent;
-    char *encoding;	/* MUST be lowercase */
-} compr[] = {
-
-    /* we use gzip here rather than uncompress because we have to pass
-     * it a full filename -- and uncompress only considers filenames
-     * ending with .Z
-     */
-    {
-	"\037\235", 2, {
-	    "gzip", "-dcq", NULL
-	}, 0, "x-compress"
-    },
-    {
-	"\037\213", 2, {
-	    "gzip", "-dcq", NULL
-	}, 1, "x-gzip"
-    },
-    /*
-     * XXX pcat does not work, cause I don't know how to make it read stdin,
-     * so we use gzip
-     */
-    {
-	"\037\036", 2, {
-	    "gzip", "-dcq", NULL
-	}, 0, "x-gzip"
-    },
-};
-
-static int ncompr = sizeof(compr) / sizeof(compr[0]);
-
-static int zmagic(request_rec *r, unsigned char *buf, int nbytes)
-{
-    unsigned char *newbuf;
-    int newsize;
-    int i;
-
-    for (i = 0; i < ncompr; i++) {
-	if (nbytes < compr[i].maglen)
-	    continue;
-	if (memcmp(buf, compr[i].magic, compr[i].maglen) == 0)
-	    break;
-    }
-
-    if (i == ncompr)
-	return 0;
-
-    if ((newsize = uncompress(r, i, &newbuf, nbytes)) > 0) {
-	tryit(r, newbuf, newsize, 0);
-
-	/* set encoding type in the request record */
-	r->content_encoding = compr[i].encoding;
-    }
-    return 1;
-}
-
-
-struct uncompress_parms {
-    request_rec *r;
-    int method;
-};
-
-static int uncompress_child(void *data, child_info *pinfo)
-{
-    struct uncompress_parms *parm = data;
-    char *new_argv[4];
-
-    new_argv[0] = compr[parm->method].argv[0];
-    new_argv[1] = compr[parm->method].argv[1];
-    new_argv[2] = parm->r->filename;
-    new_argv[3] = NULL;
-
-    if (compr[parm->method].silent) {
-	close(STDERR_FILENO);
-    }
-
-    execvp(compr[parm->method].argv[0], new_argv);
-    ap_log_rerror(APLOG_MARK, APLOG_ERR, parm->r,
-		MODNAME ": could not execute `%s'.",
-		compr[parm->method].argv[0]);
-    return -1;
-}
-
-
-static int uncompress(request_rec *r, int method, 
-		      unsigned char **newch, int n)
-{
-    struct uncompress_parms parm;
-    BUFF *bout;
-    pool *sub_pool;
-
-    parm.r = r;
-    parm.method = method;
-
-    /* We make a sub_pool so that we can collect our child early, otherwise
-     * there are cases (i.e. generating directory indicies with mod_autoindex)
-     * where we would end up with LOTS of zombies.
-     */
-    sub_pool = ap_make_sub_pool(r->pool);
-
-    if (!ap_bspawn_child(sub_pool, uncompress_child, &parm, kill_always,
-			 NULL, &bout, NULL)) {
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-		    MODNAME ": couldn't spawn uncompress process: %s", r->uri);
-	return -1;
-    }
-
-    *newch = (unsigned char *) ap_palloc(r->pool, n);
-    if ((n = ap_bread(bout, *newch, n)) <= 0) {
-	ap_destroy_pool(sub_pool);
-	ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-	    MODNAME ": read failed %s", r->filename);
-	return -1;
-    }
-    ap_destroy_pool(sub_pool);
-    return n;
-}
-
-/*
- * is_tar() -- figure out whether file is a tar archive.
- *
- * Stolen (by author of file utility) from the public domain tar program: Public
- * Domain version written 26 Aug 1985 John Gilmore (ihnp4!hoptoad!gnu).
- *
- * @(#)list.c 1.18 9/23/86 Public Domain - gnu $Id: mod_mime_magic.c,v 1.7
- * 1997/06/24 00:41:02 ikluft Exp ikluft $
- *
- * Comments changed and some code/comments reformatted for file command by Ian
- * Darwin.
- */
-
-#define    isodigit(c)    ( ((c) >= '0') && ((c) <= '7') )
-
-/*
- * Return 0 if the checksum is bad (i.e., probably not a tar archive), 1 for
- * old UNIX tar file, 2 for Unix Std (POSIX) tar file.
- */
-
-static int is_tar(unsigned char *buf, int nbytes)
-{
-    union record *header = (union record *) buf;
-    int i;
-    long sum, recsum;
-    char *p;
-
-    if (nbytes < sizeof(union record))
-	       return 0;
-
-    recsum = from_oct(8, header->header.chksum);
-
-    sum = 0;
-    p = header->charptr;
-    for (i = sizeof(union record); --i >= 0;) {
-	/*
-	 * We can't use unsigned char here because of old compilers, e.g. V7.
-	 */
-	sum += 0xFF & *p++;
-    }
-
-    /* Adjust checksum to count the "chksum" field as blanks. */
-    for (i = sizeof(header->header.chksum); --i >= 0;)
-	sum -= 0xFF & header->header.chksum[i];
-    sum += ' ' * sizeof header->header.chksum;
-
-    if (sum != recsum)
-	return 0;		/* Not a tar archive */
-
-    if (0 == strcmp(header->header.magic, TMAGIC))
-	return 2;		/* Unix Standard tar archive */
-
-    return 1;			/* Old fashioned tar archive */
-}
-
-
-/*
- * Quick and dirty octal conversion.
- *
- * Result is -1 if the field is invalid (all blank, or nonoctal).
- */
-static long from_oct(int digs, char *where)
-{
-    long value;
-
-    while (ap_isspace(*where)) {	/* Skip spaces */
-	where++;
-	if (--digs <= 0)
-	    return -1;		/* All blank field */
-    }
-    value = 0;
-    while (digs > 0 && isodigit(*where)) {	/* Scan til nonoctal */
-	value = (value << 3) | (*where++ - '0');
-	--digs;
-    }
-
-    if (digs > 0 && *where && !ap_isspace(*where))
-	return -1;		/* Ended on non-space/nul */
-
-    return value;
-}
-
-/*
- * Check for file-revision suffix
- *
- * This is for an obscure document control system used on an intranet.
- * The web representation of each file's revision has an @1, @2, etc
- * appended with the revision number.  This needs to be stripped off to
- * find the file suffix, which can be recognized by sending the name back
- * through a sub-request.  The base file name (without the @num suffix)
- * must exist because its type will be used as the result.
- */
-static int revision_suffix(request_rec *r)
-{
-    int suffix_pos, result;
-    char *sub_filename;
-    request_rec *sub;
-
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		MODNAME ": revision_suffix checking %s", r->filename);
-#endif /* MIME_MAGIC_DEBUG */
-
-    /* check for recognized revision suffix */
-    suffix_pos = strlen(r->filename) - 1;
-    if (!ap_isdigit(r->filename[suffix_pos])) {
-	return 0;
-    }
-    while (suffix_pos >= 0 && ap_isdigit(r->filename[suffix_pos]))
-	suffix_pos--;
-    if (suffix_pos < 0 || r->filename[suffix_pos] != '@') {
-	return 0;
-    }
-
-    /* perform sub-request for the file name without the suffix */
-    result = 0;
-    sub_filename = ap_pstrndup(r->pool, r->filename, suffix_pos);
-#if MIME_MAGIC_DEBUG
-    ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		MODNAME ": subrequest lookup for %s", sub_filename);
-#endif /* MIME_MAGIC_DEBUG */
-    sub = ap_sub_req_lookup_file(sub_filename, r);
-
-    /* extract content type/encoding/language from sub-request */
-    if (sub->content_type) {
-	r->content_type = ap_pstrdup(r->pool, sub->content_type);
-#if MIME_MAGIC_DEBUG
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, r,
-		    MODNAME ": subrequest %s got %s",
-		    sub_filename, r->content_type);
-#endif /* MIME_MAGIC_DEBUG */
-	if (sub->content_encoding)
-	    r->content_encoding =
-		ap_pstrdup(r->pool, sub->content_encoding);
-	if (sub->content_language)
-	    r->content_language =
-		ap_pstrdup(r->pool, sub->content_language);
-	result = 1;
-    }
-
-    /* clean up */
-    ap_destroy_sub_req(sub);
-
-    return result;
-}
-
-/*
- * initialize the module
- */
-
-static void magic_init(server_rec *main_server, pool *p)
-{
-    int result;
-    magic_server_config_rec *conf;
-    magic_server_config_rec *main_conf;
-    server_rec *s;
-#if MIME_MAGIC_DEBUG
-    struct magic *m, *prevm;
-#endif /* MIME_MAGIC_DEBUG */
-
-    main_conf = ap_get_module_config(main_server->module_config, &mime_magic_module);
-    for (s = main_server; s; s = s->next) {
-	conf = ap_get_module_config(s->module_config, &mime_magic_module);
-	if (conf->magicfile == NULL && s != main_server) {
-	    /* inherits from the parent */
-	    *conf = *main_conf;
-	}
-	else if (conf->magicfile) {
-	    result = apprentice(s, p);
-	    if (result == -1)
-		return;
-#if MIME_MAGIC_DEBUG
-	    prevm = 0;
-	    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-			MODNAME ": magic_init 1 test");
-	    for (m = conf->magic; m; m = m->next) {
-		if (ap_isprint((((unsigned long) m) >> 24) & 255) &&
-		    ap_isprint((((unsigned long) m) >> 16) & 255) &&
-		    ap_isprint((((unsigned long) m) >> 8) & 255) &&
-		    ap_isprint(((unsigned long) m) & 255)) {
-		    ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_DEBUG, s,
-				MODNAME ": magic_init 1: POINTER CLOBBERED! "
-				"m=\"%c%c%c%c\" line=%d",
-				(((unsigned long) m) >> 24) & 255,
-				(((unsigned long) m) >> 16) & 255,
-				(((unsigned long) m) >> 8) & 255,
-				((unsigned long) m) & 255,
-				prevm ? prevm->lineno : -1);
-		    break;
-		}
-		prevm = m;
-	    }
-#endif
-	}
-    }
-}
-
-/*
- * Find the Content-Type from any resource this module has available
- */
-
-static int magic_find_ct(request_rec *r)
-{
-    int result;
-    magic_server_config_rec *conf;
-
-    /* the file has to exist */
-    if (r->finfo.st_mode == 0 || !r->filename) {
-	return DECLINED;
-    }
-
-    /* was someone else already here? */
-    if (r->content_type) {
-	return DECLINED;
-    }
-
-    conf = ap_get_module_config(r->server->module_config, &mime_magic_module);
-    if (!conf || !conf->magic) {
-	return DECLINED;
-    }
-
-    /* initialize per-request info */
-    if (!magic_set_config(r)) {
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /* try excluding file-revision suffixes */
-    if (revision_suffix(r) != 1) {
-	/* process it based on the file contents */
-	if ((result = magic_process(r)) != OK) {
-	    return result;
-	}
-    }
-
-    /* if we have any results, put them in the request structure */
-    return magic_rsl_to_request(r);
-}
-
-/*
- * Apache API module interface
- */
-
-module MODULE_VAR_EXPORT mime_magic_module =
-{
-    STANDARD_MODULE_STUFF,
-    magic_init,			/* initializer */
-    NULL,			/* dir config creator */
-    NULL,			/* dir merger --- default is to override */
-    create_magic_server_config,	/* server config */
-    merge_magic_server_config,	/* merge server config */
-    mime_magic_cmds,		/* command table */
-    NULL,			/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    magic_find_ct,		/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_negotiation.c b/usr.sbin/httpd/src/modules/standard/mod_negotiation.c
deleted file mode 100644
index 4e68d887d55..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_negotiation.c
+++ /dev/null
@@ -1,2835 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_negotiation.c: keeps track of MIME types the client is willing to
- * accept, and contains code to handle type arbitration.
- *
- * rst
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_request.h"
-#include "http_protocol.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "util_script.h"
-
-/* Commands --- configuring document caching on a per (virtual?)
- * server basis... 
- */
-
-typedef struct {
-    array_header *language_priority;
-} neg_dir_config;
-
-module MODULE_VAR_EXPORT negotiation_module;
-
-static void *create_neg_dir_config(pool *p, char *dummy)
-{
-    neg_dir_config *new = (neg_dir_config *) ap_palloc(p, sizeof(neg_dir_config));
-
-    new->language_priority = ap_make_array(p, 4, sizeof(char *));
-    return new;
-}
-
-static void *merge_neg_dir_configs(pool *p, void *basev, void *addv)
-{
-    neg_dir_config *base = (neg_dir_config *) basev;
-    neg_dir_config *add = (neg_dir_config *) addv;
-    neg_dir_config *new = (neg_dir_config *) ap_palloc(p, sizeof(neg_dir_config));
-
-    /* give priority to the config in the subdirectory */
-    new->language_priority = ap_append_arrays(p, add->language_priority,
-                                           base->language_priority);
-    return new;
-}
-
-static const char *set_language_priority(cmd_parms *cmd, void *n, char *lang)
-{
-    array_header *arr = ((neg_dir_config *) n)->language_priority;
-    char **langp = (char **) ap_push_array(arr);
-
-    *langp = lang;
-    return NULL;
-}
-
-static const char *cache_negotiated_docs(cmd_parms *cmd, void *dummy,
-                                         char *dummy2)
-{
-    void *server_conf = cmd->server->module_config;
-
-    ap_set_module_config(server_conf, &negotiation_module, "Cache");
-    return NULL;
-}
-
-static int do_cache_negotiated_docs(server_rec *s)
-{
-    return (ap_get_module_config(s->module_config, &negotiation_module) != NULL);
-}
-
-static const command_rec negotiation_cmds[] =
-{
-    {"CacheNegotiatedDocs", cache_negotiated_docs, NULL, RSRC_CONF, NO_ARGS,
-     "no arguments (either present or absent)"},
-    {"LanguagePriority", set_language_priority, NULL, OR_FILEINFO, ITERATE,
-     "space-delimited list of MIME language abbreviations"},
-    {NULL}
-};
-
-/*
- * Record of available info on a media type specified by the client
- * (we also use 'em for encodings and languages)
- */
-
-typedef struct accept_rec {
-    char *name;                 /* MUST be lowercase */
-    float quality;
-    float level;
-    char *charset;              /* for content-type only */
-} accept_rec;
-
-/*
- * Record of available info on a particular variant
- *
- * Note that a few of these fields are updated by the actual negotiation
- * code.  These are:
- *
- * level_matched --- initialized to zero.  Set to the value of level
- *             if the client actually accepts this media type at that
- *             level (and *not* if it got in on a wildcard).  See level_cmp
- *             below.
- * mime_stars -- initialized to zero.  Set to the number of stars
- *               present in the best matching Accept header element.
- *               1 for star/star, 2 for type/star and 3 for
- *               type/subtype.
- *
- * definite -- initialized to 1.  Set to 0 if there is a match which
- *             makes the variant non-definite according to the rules
- *             in rfc2296.
- */
-
-typedef struct var_rec {
-    request_rec *sub_req;       /* May be NULL (is, for map files) */
-    char *mime_type;            /* MUST be lowercase */
-    char *file_name;
-    const char *content_encoding;
-    array_header *content_languages;   /* list of languages for this variant */
-    char *content_charset;
-    char *description;
-
-    /* The next five items give the quality values for the dimensions
-     * of negotiation for this variant. They are obtained from the
-     * appropriate header lines, except for source_quality, which
-     * is obtained from the variant itself (the 'qs' parameter value
-     * from the variant's mime-type). Apart from source_quality,
-     * these values are set when we find the quality for each variant
-     * (see best_match()). source_quality is set from the 'qs' parameter
-     * of the variant description or mime type: see set_mime_fields().
-     */
-    float lang_quality;         /* quality of this variant's language */
-    float encoding_quality;     /* ditto encoding */
-    float charset_quality;      /* ditto charset */
-    float mime_type_quality;    /* ditto media type */
-    float source_quality;       /* source quality for this variant */
-
-    /* Now some special values */
-    float level;                /* Auxiliary to content-type... */
-    float bytes;                /* content length, if known */
-    int lang_index;             /* pre HTTP/1.1 language priority stuff */
-    int is_pseudo_html;         /* text/html, *or* the INCLUDES_MAGIC_TYPEs */
-
-    /* Above are all written-once properties of the variant.  The
-     * three fields below are changed during negotiation:
-     */
-
-    float level_matched;
-    int mime_stars;
-    int definite;
-} var_rec;
-
-/* Something to carry around the state of negotiation (and to keep
- * all of this thread-safe)...
- */
-
-typedef struct {
-    pool *pool;
-    request_rec *r;
-    char *dir_name;
-    int accept_q;               /* 1 if an Accept item has a q= param */
-    float default_lang_quality; /* fiddle lang q for variants with no lang */
-
-    /* the array pointers below are NULL if the corresponding accept
-     * headers are not present
-     */
-    array_header *accepts;            /* accept_recs */
-    array_header *accept_encodings;   /* accept_recs */
-    array_header *accept_charsets;    /* accept_recs */
-    array_header *accept_langs;       /* accept_recs */
-
-    array_header *avail_vars;         /* available variants */
-
-    int count_multiviews_variants;    /* number of variants found on disk */
-
-    int is_transparent;       /* 1 if this resource is trans. negotiable */
-
-    int dont_fiddle_headers;  /* 1 if we may not fiddle with accept hdrs */
-    int ua_supports_trans;    /* 1 if ua supports trans negotiation */
-    int send_alternates;      /* 1 if we want to send an Alternates header */
-    int may_choose;           /* 1 if we may choose a variant for the client */
-    int use_rvsa;             /* 1 if we must use RVSA/1.0 negotiation algo */
-} negotiation_state;
-
-/* A few functions to manipulate var_recs.
- * Cleaning out the fields...
- */
-
-static void clean_var_rec(var_rec *mime_info)
-{
-    mime_info->sub_req = NULL;
-    mime_info->mime_type = "";
-    mime_info->file_name = "";
-    mime_info->content_encoding = NULL;
-    mime_info->content_languages = NULL;
-    mime_info->content_charset = "";
-    mime_info->description = "";
-
-    mime_info->is_pseudo_html = 0;
-    mime_info->level = 0.0f;
-    mime_info->level_matched = 0.0f;
-    mime_info->bytes = 0.0f;
-    mime_info->lang_index = -1;
-    mime_info->mime_stars = 0;
-    mime_info->definite = 1;
-
-    mime_info->charset_quality = 1.0f;
-    mime_info->encoding_quality = 1.0f;
-    mime_info->lang_quality = 1.0f;
-    mime_info->mime_type_quality = 1.0f;
-    mime_info->source_quality = 0.0f;
-}
-
-/* Initializing the relevant fields of a variant record from the
- * accept_info read out of its content-type, one way or another.
- */
-
-static void set_mime_fields(var_rec *var, accept_rec *mime_info)
-{
-    var->mime_type = mime_info->name;
-    var->source_quality = mime_info->quality;
-    var->level = mime_info->level;
-    var->content_charset = mime_info->charset;
-
-    var->is_pseudo_html = (!strcmp(var->mime_type, "text/html")
-                           || !strcmp(var->mime_type, INCLUDES_MAGIC_TYPE)
-                           || !strcmp(var->mime_type, INCLUDES_MAGIC_TYPE3));
-}
-
-/* Create a variant list validator in r using info from vlistr. */
-
-static void set_vlist_validator(request_rec *r, request_rec *vlistr)
-{
-    /* Calculating the variant list validator is similar to
-     * calculating an etag for the source of the variant list
-     * information, so we use ap_make_etag().  Note that this
-     * validator can be 'weak' in extreme case.
-     */
-
-    ap_update_mtime (vlistr, vlistr->finfo.st_mtime);
-    r->vlist_validator = ap_make_etag(vlistr, 0);
-
-    /* ap_set_etag will later take r->vlist_validator into account
-     * when creating the etag header
-     */
-}
-
-
-/*****************************************************************
- *
- * Parsing (lists of) media types and their parameters, as seen in
- * HTTPD header lines and elsewhere.
- */
-
-/*
- * Get a single mime type entry --- one media type and parameters;
- * enter the values we recognize into the argument accept_rec
- */
-
-static const char *get_entry(pool *p, accept_rec *result,
-                             const char *accept_line)
-{
-    result->quality = 1.0f;
-    result->level = 0.0f;
-    result->charset = "";
-
-    /*
-     * Note that this handles what I gather is the "old format",
-     *
-     *    Accept: text/html text/plain moo/zot
-     *
-     * without any compatibility kludges --- if the token after the
-     * MIME type begins with a semicolon, we know we're looking at parms,
-     * otherwise, we know we aren't.  (So why all the pissing and moaning
-     * in the CERN server code?  I must be missing something).
-     */
-
-    result->name = ap_get_token(p, &accept_line, 0);
-    ap_str_tolower(result->name);     /* You want case-insensitive,
-                                       * you'll *get* case-insensitive.
-                                       */
-
-    /* KLUDGE!!! Default HTML to level 2.0 unless the browser
-     * *explicitly* says something else.
-     */
-
-    if (!strcmp(result->name, "text/html") && (result->level == 0.0)) {
-        result->level = 2.0f;
-    }
-    else if (!strcmp(result->name, INCLUDES_MAGIC_TYPE)) {
-        result->level = 2.0f;
-    }
-    else if (!strcmp(result->name, INCLUDES_MAGIC_TYPE3)) {
-        result->level = 3.0f;
-    }
-
-    while (*accept_line == ';') {
-        /* Parameters ... */
-
-        char *parm;
-        char *cp;
-        char *end;
-
-        ++accept_line;
-        parm = ap_get_token(p, &accept_line, 1);
-
-        /* Look for 'var = value' --- and make sure the var is in lcase. */
-
-        for (cp = parm; (*cp && !ap_isspace(*cp) && *cp != '='); ++cp) {
-            *cp = ap_tolower(*cp);
-        }
-
-        if (!*cp) {
-            continue;           /* No '='; just ignore it. */
-        }
-
-        *cp++ = '\0';           /* Delimit var */
-        while (ap_isspace(*cp) || *cp == '=') {
-            ++cp;
-        }
-
-        if (*cp == '"') {
-            ++cp;
-            for (end = cp;
-                 (*end && *end != '\n' && *end != '\r' && *end != '\"');
-                 end++);
-        }
-        else {
-            for (end = cp; (*end && !ap_isspace(*end)); end++);
-        }
-        if (*end) {
-            *end = '\0';        /* strip ending quote or return */
-        }
-        ap_str_tolower(cp);
-
-        if (parm[0] == 'q'
-            && (parm[1] == '\0' || (parm[1] == 's' && parm[2] == '\0'))) {
-            result->quality = (float)atof(cp);
-        }
-        else if (parm[0] == 'l' && !strcmp(&parm[1], "evel")) {
-            result->level = (float)atof(cp);
-        }
-        else if (!strcmp(parm, "charset")) {
-            result->charset = cp;
-        }
-    }
-
-    if (*accept_line == ',') {
-        ++accept_line;
-    }
-
-    return accept_line;
-}
-
-/*****************************************************************
- *
- * Dealing with header lines ...
- *
- * Accept, Accept-Charset, Accept-Language and Accept-Encoding
- * are handled by do_header_line() - they all have the same
- * basic structure of a list of items of the format
- *    name; q=N; charset=TEXT
- *
- * where charset is only valid in Accept.
- */
-
-static array_header *do_header_line(pool *p, const char *accept_line)
-{
-    array_header *accept_recs;
-
-    if (!accept_line) {
-        return NULL;
-    }
-
-    accept_recs = ap_make_array(p, 40, sizeof(accept_rec));
-
-    while (*accept_line) {
-        accept_rec *new = (accept_rec *) ap_push_array(accept_recs);
-        accept_line = get_entry(p, new, accept_line);
-    }
-
-    return accept_recs;
-}
-
-/* Given the text of the Content-Languages: line from the var map file,
- * return an array containing the languages of this variant
- */
-
-static array_header *do_languages_line(pool *p, const char **lang_line)
-{
-    array_header *lang_recs = ap_make_array(p, 2, sizeof(char *));
-
-    if (!lang_line) {
-        return lang_recs;
-    }
-
-    while (**lang_line) {
-        char **new = (char **) ap_push_array(lang_recs);
-        *new = ap_get_token(p, lang_line, 0);
-        ap_str_tolower(*new);
-        if (**lang_line == ',' || **lang_line == ';') {
-            ++(*lang_line);
-        }
-    }
-
-    return lang_recs;
-}
-
-/*****************************************************************
- *
- * Handling header lines from clients...
- */
-
-static negotiation_state *parse_accept_headers(request_rec *r)
-{
-    negotiation_state *new =
-        (negotiation_state *) ap_pcalloc(r->pool, sizeof(negotiation_state));
-    accept_rec *elts;
-    table *hdrs = r->headers_in;
-    int i;
-
-    new->pool = r->pool;
-    new->r = r;
-    new->dir_name = ap_make_dirstr_parent(r->pool, r->filename);
-
-    new->accepts = do_header_line(r->pool, ap_table_get(hdrs, "Accept"));
-
-    /* calculate new->accept_q value */
-    if (new->accepts) {
-        elts = (accept_rec *) new->accepts->elts;
-
-        for (i = 0; i < new->accepts->nelts; ++i) {
-            if (elts[i].quality < 1.0) {
-                new->accept_q = 1;
-            }
-        }
-    }
-
-    new->accept_encodings =
-        do_header_line(r->pool, ap_table_get(hdrs, "Accept-Encoding"));
-    new->accept_langs =
-        do_header_line(r->pool, ap_table_get(hdrs, "Accept-Language"));
-    new->accept_charsets =
-        do_header_line(r->pool, ap_table_get(hdrs, "Accept-Charset"));
-
-    new->avail_vars = ap_make_array(r->pool, 40, sizeof(var_rec));
-
-    return new;
-}
-
-
-static void parse_negotiate_header(request_rec *r, negotiation_state *neg)
-{
-    const char *negotiate = ap_table_get(r->headers_in, "Negotiate");
-    char *tok;
-    
-    /* First, default to no TCN, no Alternates, and the original Apache
-     * negotiation algorithm with fiddles for broken browser configs.
-     *
-     * To save network bandwidth, we do not configure to send an
-     * Alternates header to the user agent by default.  User
-     * agents that want an Alternates header for agent-driven
-     * negotiation will have to request it by sending an
-     * appropriate Negotiate header.
-     */
-    neg->ua_supports_trans   = 0;
-    neg->send_alternates     = 0;
-    neg->may_choose          = 1;
-    neg->use_rvsa            = 0;
-    neg->dont_fiddle_headers = 0;
-
-    if (!negotiate)
-        return;
-
-    if (strcmp(negotiate, "trans") == 0) {
-        /* Lynx 2.7 and 2.8 send 'negotiate: trans' even though they
-         * do not support transparent content negotiation, so for Lynx we
-         * ignore the negotiate header when its contents are exactly "trans".
-         * If future versions of Lynx ever need to say 'negotiate: trans',
-         * they can send the equivalent 'negotiate: trans, trans' instead
-         * to avoid triggering the workaround below. 
-         */
-        const char *ua = ap_table_get(r->headers_in, "User-Agent");
-
-        if (ua && (strncmp(ua, "Lynx", 4) == 0))
-            return;
-    }
-
-    neg->may_choose = 0;  /* An empty Negotiate would require 300 response */
-
-    while ((tok = ap_get_list_item(neg->pool, &negotiate)) != NULL) {
-
-        if (strcmp(tok, "trans") == 0 ||
-            strcmp(tok, "vlist") == 0 ||
-            strcmp(tok, "guess-small") == 0 ||
-            ap_isdigit(tok[0]) ||
-            strcmp(tok, "*") == 0) {
-
-            /* The user agent supports transparent negotiation */
-            neg->ua_supports_trans = 1;
-
-            /* Send-alternates could be configurable, but note
-             * that it must be 1 if we have 'vlist' in the
-             * negotiate header.
-             */
-            neg->send_alternates = 1;
-
-            if (strcmp(tok, "1.0") == 0) {
-                /* we may use the RVSA/1.0 algorithm, configure for it */
-                neg->may_choose = 1;
-                neg->use_rvsa = 1;
-                neg->dont_fiddle_headers = 1;
-            }
-            else if (tok[0] == '*') {
-                /* we may use any variant selection algorithm, configure
-                 * to use the Apache algorithm
-                 */
-                neg->may_choose = 1;
-                
-                /* We disable header fiddles on the assumption that a
-                 * client sending Negotiate knows how to send correct
-                 * headers which don't need fiddling.
-                 */
-                neg->dont_fiddle_headers = 1; 
-            }
-        }
-    }
-
-#ifdef NEG_DEBUG
-    fprintf(stderr, "dont_fiddle_headers=%d use_rvsa=%d ua_supports_trans=%d "
-            "send_alternates=%d, may_choose=%d\n",
-            neg->dont_fiddle_headers, neg->use_rvsa,  
-            neg->ua_supports_trans, neg->send_alternates, neg->may_choose);
-#endif
-
-}
-
-/* Sometimes clients will give us no Accept info at all; this routine sets
- * up the standard default for that case, and also arranges for us to be
- * willing to run a CGI script if we find one.  (In fact, we set up to
- * dramatically prefer CGI scripts in cases where that's appropriate,
- * e.g., POST or when URI includes query args or extra path info).
- */
-static void maybe_add_default_accepts(negotiation_state *neg, 
-                                      int prefer_scripts)
-{
-    accept_rec *new_accept;
-
-    if (!neg->accepts) {
-        neg->accepts = ap_make_array(neg->pool, 4, sizeof(accept_rec));
-
-        new_accept = (accept_rec *) ap_push_array(neg->accepts);
-        
-        new_accept->name = "*/*";
-        new_accept->quality = 1.0f;
-        new_accept->level = 0.0f;
-    }    
-
-    new_accept = (accept_rec *) ap_push_array(neg->accepts);
-
-    new_accept->name = CGI_MAGIC_TYPE;
-    if (neg->use_rvsa) {
-        new_accept->quality = 0;
-    }
-    else {
-        new_accept->quality = prefer_scripts ? 2.0f : 0.001f;
-    }
-    new_accept->level = 0.0f;
-}
-
-/*****************************************************************
- *
- * Parsing type-map files, in Roy's meta/http format augmented with
- * #-comments.
- */
-
-/* Reading RFC822-style header lines, ignoring #-comments and
- * handling continuations.
- */
-
-enum header_state {
-    header_eof, header_seen, header_sep
-};
-
-static enum header_state get_header_line(char *buffer, int len, FILE *map)
-{
-    char *buf_end = buffer + len;
-    char *cp;
-    int c;
-
-    /* Get a noncommented line */
-
-    do {
-        if (fgets(buffer, MAX_STRING_LEN, map) == NULL) {
-            return header_eof;
-        }
-    } while (buffer[0] == '#');
-
-    /* If blank, just return it --- this ends information on this variant */
-
-    for (cp = buffer; ap_isspace(*cp); ++cp) {
-        continue;
-    }
-
-    if (*cp == '\0') {
-        return header_sep;
-    }
-
-    /* If non-blank, go looking for header lines, but note that we still
-     * have to treat comments specially...
-     */
-
-    cp += strlen(cp);
-
-    while ((c = getc(map)) != EOF) {
-        if (c == '#') {
-            /* Comment line */
-            while ((c = getc(map)) != EOF && c != '\n') {
-                continue;
-            }
-        }
-        else if (ap_isspace(c)) {
-            /* Leading whitespace.  POSSIBLE continuation line
-             * Also, possibly blank --- if so, we ungetc() the final newline
-             * so that we will pick up the blank line the next time 'round.
-             */
-
-            while (c != EOF && c != '\n' && ap_isspace(c)) {
-                c = getc(map);
-            }
-
-            ungetc(c, map);
-
-            if (c == '\n') {
-                return header_seen;     /* Blank line */
-            }
-
-            /* Continuation */
-
-            while (cp < buf_end - 2 && (c = getc(map)) != EOF && c != '\n') {
-                *cp++ = c;
-            }
-
-            *cp++ = '\n';
-            *cp = '\0';
-        }
-        else {
-
-            /* Line beginning with something other than whitespace */
-
-            ungetc(c, map);
-            return header_seen;
-        }
-    }
-
-    return header_seen;
-}
-
-/* Stripping out RFC822 comments */
-
-static void strip_paren_comments(char *hdr)
-{
-    /* Hmmm... is this correct?  In Roy's latest draft, (comments) can nest! */
-    /* Nope, it isn't correct.  Fails to handle backslash escape as well.    */
-
-    while (*hdr) {
-        if (*hdr == '"') {
-            hdr = strchr(hdr, '"');
-            if (hdr == NULL) {
-                return;
-            }
-            ++hdr;
-        }
-        else if (*hdr == '(') {
-            while (*hdr && *hdr != ')') {
-                *hdr++ = ' ';
-            }
-
-            if (*hdr) {
-                *hdr++ = ' ';
-            }
-        }
-        else {
-            ++hdr;
-        }
-    }
-}
-
-/* Getting to a header body from the header */
-
-static char *lcase_header_name_return_body(char *header, request_rec *r)
-{
-    char *cp = header;
-
-    for ( ; *cp && *cp != ':' ; ++cp) {
-        *cp = ap_tolower(*cp);
-    }
-
-    if (!*cp) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                      "Syntax error in type map --- no ':': %s", r->filename);
-        return NULL;
-    }
-
-    do {
-        ++cp;
-    } while (ap_isspace(*cp));
-
-    if (!*cp) {
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                      "Syntax error in type map --- no header body: %s",
-                      r->filename);
-        return NULL;
-    }
-
-    return cp;
-}
-
-static int read_type_map(negotiation_state *neg, request_rec *rr)
-{
-    request_rec *r = neg->r;
-    FILE *map;
-    char buffer[MAX_STRING_LEN];
-    enum header_state hstate;
-    struct var_rec mime_info;
-    int has_content;
-
-    /* We are not using multiviews */
-    neg->count_multiviews_variants = 0;
-
-    map = ap_pfopen(neg->pool, rr->filename, "r");
-    if (map == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                      "cannot access type map file: %s", rr->filename);
-        return HTTP_FORBIDDEN;
-    }
-
-    clean_var_rec(&mime_info);
-    has_content = 0;
-
-    do {
-        hstate = get_header_line(buffer, MAX_STRING_LEN, map);
-
-        if (hstate == header_seen) {
-            char *body1 = lcase_header_name_return_body(buffer, neg->r);
-            const char *body;
-
-            if (body1 == NULL) {
-                return SERVER_ERROR;
-            }
-
-            strip_paren_comments(body1);
-            body = body1;
-
-            if (!strncmp(buffer, "uri:", 4)) {
-                mime_info.file_name = ap_get_token(neg->pool, &body, 0);
-            }
-            else if (!strncmp(buffer, "content-type:", 13)) {
-                struct accept_rec accept_info;
-
-                get_entry(neg->pool, &accept_info, body);
-                set_mime_fields(&mime_info, &accept_info);
-                has_content = 1;
-            }
-            else if (!strncmp(buffer, "content-length:", 15)) {
-                mime_info.bytes = (float)atof(body);
-                has_content = 1;
-            }
-            else if (!strncmp(buffer, "content-language:", 17)) {
-                mime_info.content_languages = do_languages_line(neg->pool,
-                                                                &body);
-                has_content = 1;
-            }
-            else if (!strncmp(buffer, "content-encoding:", 17)) {
-                mime_info.content_encoding = ap_get_token(neg->pool, &body, 0);
-                has_content = 1;
-            }
-            else if (!strncmp(buffer, "description:", 12)) {
-                char *desc = ap_pstrdup(neg->pool, body);
-                char *cp;
-
-                for (cp = desc; *cp; ++cp) {
-                    if (*cp=='\n') *cp=' ';
-                }
-                if (cp>desc) *(cp-1)=0;
-                mime_info.description = desc;
-            }
-        }
-        else {
-            if (*mime_info.file_name && has_content) {
-                void *new_var = ap_push_array(neg->avail_vars);
-
-                memcpy(new_var, (void *) &mime_info, sizeof(var_rec));
-            }
-
-            clean_var_rec(&mime_info);
-            has_content = 0;
-        }
-    } while (hstate != header_eof);
-
-    ap_pfclose(neg->pool, map);
-
-    set_vlist_validator(r, rr);
-
-    return OK;
-}
-
-
-/* Sort function used by read_types_multi. */
-static int variantsortf(var_rec *a, var_rec *b) {
-
-    /* First key is the source quality, sort in descending order. */
-
-    /* XXX: note that we currently implement no method of setting the
-     * source quality for multiviews variants, so we are always comparing
-     * 1.0 to 1.0 for now
-     */
-    if (a->source_quality < b->source_quality)
-        return 1;
-    if (a->source_quality > b->source_quality)
-        return -1;
-
-    /* Second key is the variant name */
-    return strcmp(a->file_name, b->file_name);
-}
-
-/*****************************************************************
- *
- * Same as read_type_map, except we use a filtered directory listing
- * as the map...  
- */
-
-static int read_types_multi(negotiation_state *neg)
-{
-    request_rec *r = neg->r;
-
-    char *filp;
-    int prefix_len;
-    DIR *dirp;
-    struct DIR_TYPE *dir_entry;
-    struct var_rec mime_info;
-    struct accept_rec accept_info;
-    void *new_var;
-    struct { int any, all; } forbidden;
-
-    clean_var_rec(&mime_info);
-
-    if (!(filp = strrchr(r->filename, '/'))) {
-        return DECLINED;        /* Weird... */
-    }
-
-    if (strncmp(r->filename, "proxy:", 6) == 0) {
-        return DECLINED;
-    }
-
-    ++filp;
-    prefix_len = strlen(filp);
-
-    dirp = ap_popendir(neg->pool, neg->dir_name);
-
-    if (dirp == NULL) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                    "cannot read directory for multi: %s", neg->dir_name);
-        return HTTP_FORBIDDEN;
-    }
-
-    forbidden.any = 0;
-    forbidden.all = 1;
-
-    while ((dir_entry = readdir(dirp))) {
-        array_header *exception_list;
-        request_rec *sub_req;
-
-        /* Do we have a match? */
-        if (strncmp(dir_entry->d_name, filp, prefix_len)) {
-            continue;
-        }
-        if (dir_entry->d_name[prefix_len] != '.') {
-            continue;
-        }
-
-        /* Yep.  See if it's something which we have access to, and 
-         * which has a known type and encoding (as opposed to something
-         * which we'll be slapping default_type on later).
-         */
-
-        sub_req = ap_sub_req_lookup_file(dir_entry->d_name, r);
-
-        /* If it has a handler, we'll pretend it's a CGI script,
-         * since that's a good indication of the sort of thing it
-         * might be doing.
-         */
-        if (sub_req->handler && !sub_req->content_type) {
-            sub_req->content_type = CGI_MAGIC_TYPE;
-        }
-
-        /* HTTP_FORBIDDEN is returned, e.g., if the path length limit was exceeded */
-        /* HTTP_OK does NOT necessarily mean that the file is really readable! */
-        if (sub_req->status == HTTP_OK)
-            forbidden.all = 0;
-        else if (sub_req->status == HTTP_FORBIDDEN)
-            forbidden.any = 1;
-
-        /* 
-         * mod_mime will _always_ provide us the base name in the
-         * ap-mime-exception-list, if it processed anything.  If
-         * this list is empty, give up immediately, there was
-         * nothing interesting.  For example, looking at the files
-         * readme.txt and readme.foo, we will throw away .foo if
-         * it's an insignificant file (e.g. did not identify a 
-         * language, charset, encoding, content type or handler,)
-         */
-        exception_list = 
-            (array_header *) ap_table_get(sub_req->notes,
-                                          "ap-mime-exceptions-list");
-        if (!exception_list) {
-            ap_destroy_sub_req(sub_req);
-            continue;
-        }
-
-        /* Each unregonized bit better match our base name, in sequence.
-         * A test of index.html.foo will match index.foo or index.html.foo,
-         * but it will never transpose the segments and allow index.foo.html
-         * because that would introduce too much CPU consumption.  Better that
-         * we don't attempt a many-to-many match here.
-         */
-        {
-            int nexcept = exception_list->nelts;
-            char **cur_except = (char**)exception_list->elts;
-            char *segstart = filp, *segend, saveend;
-
-            while (*segstart && nexcept) {
-                if (!(segend = strchr(segstart, '.')))
-                    segend = strchr(segstart, '\0');
-                saveend = *segend;
-                *segend = '\0';
-
-                if (strcmp(segstart, *cur_except) == 0) {
-                    --nexcept;
-                    ++cur_except;
-                }
-
-                if (!saveend)
-                    break;
-
-                *segend = saveend;
-                segstart = segend + 1;
-            }
-
-            if (nexcept) {
-                /* Something you don't know is, something you don't know...
-                 */
-                ap_destroy_sub_req(sub_req);
-                continue;
-            }
-        }
-
-        /* 
-         * ###: be warned, the _default_ content type is already
-         * picked up here!  If we failed the subrequest, or don't 
-         * know what we are serving, then continue.
-         */
-        if (sub_req->status != HTTP_OK || (!sub_req->content_type)) {
-            ap_destroy_sub_req(sub_req);
-            continue;
-        }
-
-        /* If it's a map file, we use that instead of the map
-         * we're building...
-         */
-        if (((sub_req->content_type) &&
-             !strcmp(sub_req->content_type, MAP_FILE_MAGIC_TYPE)) ||
-            ((sub_req->handler) &&
-             !strcmp(sub_req->handler, "type-map"))) {
-
-            ap_pclosedir(neg->pool, dirp);
-            neg->avail_vars->nelts = 0;
-            if (sub_req->status != HTTP_OK) {
-                return sub_req->status;
-            }
-            return read_type_map(neg, sub_req);
-        }
-
-        /* Have reasonable variant --- gather notes. */
-
-        mime_info.sub_req = sub_req;
-        mime_info.file_name = ap_pstrdup(neg->pool, dir_entry->d_name);
-        if (sub_req->content_encoding) {
-            mime_info.content_encoding = sub_req->content_encoding;
-        }
-        if (sub_req->content_languages) {
-            mime_info.content_languages = sub_req->content_languages;
-        }
-
-        get_entry(neg->pool, &accept_info, sub_req->content_type);
-        set_mime_fields(&mime_info, &accept_info);
-
-        new_var = ap_push_array(neg->avail_vars);
-        memcpy(new_var, (void *) &mime_info, sizeof(var_rec));
-
-        neg->count_multiviews_variants++;
-
-        clean_var_rec(&mime_info);
-    }
-
-    ap_pclosedir(neg->pool, dirp);
-
-    /* If all variants we considered turn out to be forbidden, then return FORBIDDEN */
-    if (forbidden.any && forbidden.all)
-        return HTTP_FORBIDDEN;
-
-    set_vlist_validator(r, r);
-
-    /* Sort the variants into a canonical order.  The negotiation
-     * result sometimes depends on the order of the variants.  By
-     * sorting the variants into a canonical order, rather than using
-     * the order in which readdir() happens to return them, we ensure
-     * that the negotiation result will be consistent over filesystem
-     * backup/restores and over all mirror sites.
-     */
-       
-    qsort((void *) neg->avail_vars->elts, neg->avail_vars->nelts,
-          sizeof(var_rec), (int (*)(const void *, const void *)) variantsortf);
-
-    return OK;
-}
-
-
-/*****************************************************************
- * And now for the code you've been waiting for... actually
- * finding a match to the client's requirements.  
- */
-
-/* Matching MIME types ... the star/star and foo/star commenting conventions
- * are implemented here.  (You know what I mean by star/star, but just
- * try mentioning those three characters in a C comment).  Using strcmp()
- * is legit, because everything has already been smashed to lowercase.
- *
- * Note also that if we get an exact match on the media type, we update
- * level_matched for use in level_cmp below...
- * 
- * We also give a value for mime_stars, which is used later. It should
- * be 1 for star/star, 2 for type/star and 3 for type/subtype.
- */
-
-static int mime_match(accept_rec *accept_r, var_rec *avail)
-{
-    char *accept_type = accept_r->name;
-    char *avail_type = avail->mime_type;
-    int len = strlen(accept_type);
-
-    if (accept_type[0] == '*') {        /* Anything matches star/star */
-        if (avail->mime_stars < 1) {
-            avail->mime_stars = 1;
-        }
-        return 1;
-    }
-    else if ((accept_type[len - 1] == '*') &&
-             !strncmp(accept_type, avail_type, len - 2)) {
-        if (avail->mime_stars < 2) {
-            avail->mime_stars = 2;
-        }
-        return 1;
-    }
-    else if (!strcmp(accept_type, avail_type)
-             || (!strcmp(accept_type, "text/html")
-                 && (!strcmp(avail_type, INCLUDES_MAGIC_TYPE)
-                     || !strcmp(avail_type, INCLUDES_MAGIC_TYPE3)))) {
-        if (accept_r->level >= avail->level) {
-            avail->level_matched = avail->level;
-            avail->mime_stars = 3;
-            return 1;
-        }
-    }
-
-    return OK;
-}
-
-/* This code implements a piece of the tie-breaking algorithm between
- * variants of equal quality.  This piece is the treatment of variants
- * of the same base media type, but different levels.  What we want to
- * return is the variant at the highest level that the client explicitly
- * claimed to accept.
- *
- * If all the variants available are at a higher level than that, or if
- * the client didn't say anything specific about this media type at all
- * and these variants just got in on a wildcard, we prefer the lowest
- * level, on grounds that that's the one that the client is least likely
- * to choke on.
- *
- * (This is all motivated by treatment of levels in HTML --- we only
- * want to give level 3 to browsers that explicitly ask for it; browsers
- * that don't, including HTTP/0.9 browsers that only get the implicit
- * "Accept: * / *" [space added to avoid confusing cpp --- no, that
- * syntax doesn't really work] should get HTML2 if available).
- *
- * (Note that this code only comes into play when we are choosing among
- * variants of equal quality, where the draft standard gives us a fair
- * bit of leeway about what to do.  It ain't specified by the standard;
- * rather, it is a choice made by this server about what to do in cases
- * where the standard does not specify a unique course of action).
- */
-
-static int level_cmp(var_rec *var1, var_rec *var2)
-{
-    /* Levels are only comparable between matching media types */
-
-    if (var1->is_pseudo_html && !var2->is_pseudo_html) {
-        return 0;
-    }
-
-    if (!var1->is_pseudo_html && strcmp(var1->mime_type, var2->mime_type)) {
-        return 0;
-    }
-    /* The result of the above if statements is that, if we get to
-     * here, both variants have the same mime_type or both are
-     * pseudo-html.
-     */    
-
-    /* Take highest level that matched, if either did match. */
-
-    if (var1->level_matched > var2->level_matched) {
-        return 1;
-    }
-    if (var1->level_matched < var2->level_matched) {
-        return -1;
-    }
-
-    /* Neither matched.  Take lowest level, if there's a difference. */
-
-    if (var1->level < var2->level) {
-        return 1;
-    }
-    if (var1->level > var2->level) {
-        return -1;
-    }
-
-    /* Tied */
-
-    return 0;
-}
-
-/* Finding languages.  The main entry point is set_language_quality()
- * which is called for each variant. It sets two elements in the
- * variant record:
- *    language_quality  - the 'q' value of the 'best' matching language
- *                        from Accept-Language: header (HTTP/1.1)
- *    lang_index    -     Pre HTTP/1.1 language priority, using
- *                        position of language on the Accept-Language:
- *                        header, if present, else LanguagePriority
- *                        directive order.
- *
- * When we do the variant checking for best variant, we use language
- * quality first, and if a tie, language_index next (this only applies
- * when _not_ using the RVSA/1.0 algorithm). If using the RVSA/1.0
- * algorithm, lang_index is never used.
- *
- * set_language_quality() calls find_lang_index() and find_default_index()
- * to set lang_index.  
- */
-
-static int find_lang_index(array_header *accept_langs, char *lang)
-{
-    accept_rec *accs;
-    int i;
-
-    if (!lang || !accept_langs) {
-        return -1;
-    }
-
-    accs = (accept_rec *) accept_langs->elts;
-
-    for (i = 0; i < accept_langs->nelts; ++i) {
-        if (!strncmp(lang, accs[i].name, strlen(accs[i].name))) {
-            return i;
-        }
-    }
-
-    return -1;
-}
-
-/* This function returns the priority of a given language
- * according to LanguagePriority.  It is used in case of a tie
- * between several languages.
- */
-
-static int find_default_index(neg_dir_config *conf, char *lang)
-{
-    array_header *arr;
-    int nelts;
-    char **elts;
-    int i;
-
-    if (!lang) {
-        return -1;
-    }
-
-    arr = conf->language_priority;
-    nelts = arr->nelts;
-    elts = (char **) arr->elts;
-
-    for (i = 0; i < nelts; ++i) {
-        if (!strcasecmp(elts[i], lang)) {
-            return i;
-        }
-    }
-
-    return -1;
-}
-
-/* set_default_lang_quality() sets the quality we apply to variants
- * which have no language assigned to them. If none of the variants
- * have a language, we are not negotiating on language, so all are
- * acceptable, and we set the default q value to 1.0. However if
- * some of the variants have languages, we set this default to 0.001.
- * The value of this default will be applied to all variants with
- * no explicit language -- which will have the effect of making them
- * acceptable, but only if no variants with an explicit language
- * are acceptable. The default q value set here is assigned to variants
- * with no language type in set_language_quality().
- *
- * Note that if using the RVSA/1.0 algorithm, we don't use this
- * fiddle.  
- */
-
-static void set_default_lang_quality(negotiation_state *neg)
-{
-    var_rec *avail_recs = (var_rec *) neg->avail_vars->elts;
-    int j;
-
-    if (!neg->dont_fiddle_headers) {
-        for (j = 0; j < neg->avail_vars->nelts; ++j) {
-            var_rec *variant = &avail_recs[j];
-            if (variant->content_languages &&
-                variant->content_languages->nelts) {
-                neg->default_lang_quality = 0.001f;
-                return;
-            }
-        }
-    }
-
-    neg->default_lang_quality = 1.0f;
-}
-
-/* Set the language_quality value in the variant record. Also
- * assigns lang_index for back-compat. 
- *
- * To find the language_quality value, we look for the 'q' value
- * of the 'best' matching language on the Accept-Language
- * header. The 'best' match is the language on Accept-Language
- * header which matches the language of this variant either fully,
- * or as far as the prefix marker (-). If two or more languages
- * match, use the longest string from the Accept-Language header
- * (see HTTP/1.1 [14.4])
- *
- * When a variant has multiple languages, we find the 'best'
- * match for each variant language tag as above, then select the
- * one with the highest q value. Because both the accept-header
- * and variant can have multiple languages, we now have a hairy
- * loop-within-a-loop here.
- *
- * If the variant has no language and we have no Accept-Language
- * items, leave the quality at 1.0 and return.
- *
- * If the variant has no language, we use the default as set by
- * set_default_lang_quality() (1.0 if we are not negotiating on
- * language, 0.001 if we are).
- *
- * Following the setting of the language quality, we drop through to
- * set the old 'lang_index'. This is set based on either the order
- * of the languages on the Accept-Language header, or the
- * order on the LanguagePriority directive. This is only used
- * in the negotiation if the language qualities tie.
- */
-
-static void set_language_quality(negotiation_state *neg, var_rec *variant)
-{
-    char *firstlang;
-    int idx;
-
-    if (!variant->content_languages || !variant->content_languages->nelts) {
-        /* This variant has no content-language, so use the default
-         * quality factor for variants with no content-language
-         * (previously set by set_default_lang_quality()).
-         * Leave the factor alone (it remains at 1.0) when we may not fiddle
-         * with the headers.
-         */
-        if (!neg->dont_fiddle_headers) {
-            variant->lang_quality = neg->default_lang_quality;
-        }
-        if (!neg->accept_langs) {
-            return;             /* no accept-language header */
-        }
-
-    }
-    else {
-        /* Variant has one (or more) languages.  Look for the best
-         * match. We do this by going through each language on the
-         * variant description looking for a match on the
-         * Accept-Language header. The best match is the longest
-         * matching language on the header. The final result is the
-         * best q value from all the languages on the variant
-         * description.
-         */
-
-        if (!neg->accept_langs) {
-            /* no accept-language header makes the variant indefinite */
-            variant->definite = 0;
-        }
-        else {    /* There is an accept-language with 0 or more items */
-            accept_rec *accs = (accept_rec *) neg->accept_langs->elts;
-            accept_rec *best = NULL, *star = NULL;
-            accept_rec *bestthistag;
-            char *lang, *p;
-            float fiddle_q = 0.0f;
-            int any_match_on_star = 0;
-            int i, j, alen, longest_lang_range_len;
-
-            for (j = 0; j < variant->content_languages->nelts; ++j) {
-                p = NULL;
-                bestthistag = NULL;
-                longest_lang_range_len = 0;
-                alen = 0;
-                
-                /* lang is the variant's language-tag, which is the one
-                 * we are allowed to use the prefix of in HTTP/1.1
-                 */
-                lang = ((char **) (variant->content_languages->elts))[j];
-                
-                /* now find the best (i.e. longest) matching
-                 * Accept-Language header language. We put the best match
-                 * for this tag in bestthistag. We cannot update the
-                 * overall best (based on q value) because the best match
-                 * for this tag is the longest language item on the accept
-                 * header, not necessarily the highest q.
-                 */
-                for (i = 0; i < neg->accept_langs->nelts; ++i) {
-                    if (!strcmp(accs[i].name, "*")) {
-                        if (!star) {
-                            star = &accs[i];
-                        }
-                        continue;
-                    }
-                    /* Find language. We match if either the variant
-                     * language tag exactly matches the language range
-                     * from the accept header, or a prefix of the variant
-                     * language tag up to a '-' character matches the
-                     * whole of the language range in the Accept-Language
-                     * header.  Note that HTTP/1.x allows any number of
-                     * '-' characters in a tag or range, currently only
-                     * tags with zero or one '-' characters are defined
-                     * for general use (see rfc1766).
-                     *  
-                     * We only use language range in the Accept-Language
-                     * header the best match for the variant language tag
-                     * if it is longer than the previous best match.
-                     */
-                    
-                    alen = strlen(accs[i].name);
-                    
-                    if (((int)strlen(lang) >= alen) &&
-                        !strncmp(lang, accs[i].name, alen) &&
-                        ((lang[alen] == 0) || (lang[alen] == '-')) ) {
-                        
-                        if (alen > longest_lang_range_len) {
-                            longest_lang_range_len = alen;
-                            bestthistag = &accs[i];
-                        }
-                    }
-                    
-                    if (!bestthistag && !neg->dont_fiddle_headers) {
-                        /* The next bit is a fiddle. Some browsers might
-                         * be configured to send more specific language
-                         * ranges than desirable. For example, an
-                         * Accept-Language of en-US should never match
-                         * variants with languages en or en-GB. But US
-                         * English speakers might pick en-US as their
-                         * language choice.  So this fiddle checks if the
-                         * language range has a prefix, and if so, it
-                         * matches variants which match that prefix with a
-                         * priority of 0.001. So a request for en-US would
-                         * match variants of types en and en-GB, but at
-                         * much lower priority than matches of en-US
-                         * directly, or of any other language listed on
-                         * the Accept-Language header. Note that this
-                         * fiddle does not handle multi-level prefixes.
-                         */
-                        if ((p = strchr(accs[i].name, '-'))) {
-                            int plen = p - accs[i].name;
-
-                            if (!strncmp(lang, accs[i].name, plen)) {
-                                fiddle_q = 0.001f;
-                            }
-                        }
-                    }
-                }
-                /* Finished looking at Accept-Language headers, the best
-                 * (longest) match is in bestthistag, or NULL if no match
-                 */
-                if (!best ||
-                    (bestthistag && bestthistag->quality > best->quality)) {
-                    best = bestthistag;
-                }
-                
-                /* See if the tag matches on a * in the Accept-Language
-                 * header. If so, record this fact for later use 
-                 */
-                if (!bestthistag && star) {
-                    any_match_on_star = 1;
-                }
-            }
-            
-            /* If one of the language tags of the variant matched on *, we
-             * need to see if its q is better than that of any non-* match
-             * on any other tag of the variant.  If so the * match takes
-             * precedence and the overall match is not definite.
-             */
-            if ( any_match_on_star &&
-                ((best && star->quality > best->quality) ||
-                 (!best)) ) {
-                best = star;
-                variant->definite = 0;
-            }
-            
-            variant->lang_quality = best ? best->quality : fiddle_q;
-        }
-    }
-
-    /* Now set the old lang_index field. Since this is old 
-     * stuff anyway, don't bother with handling multiple languages
-     * per variant, just use the first one assigned to it 
-     */
-    idx = 0;
-    if (variant->content_languages && variant->content_languages->nelts) {
-        firstlang = ((char **) variant->content_languages->elts)[0];
-    }
-    else {
-        firstlang = "";
-    }
-    if (!neg->accept_langs) {   /* Client doesn't care */
-        idx = find_default_index((neg_dir_config *) ap_get_module_config(
-                                  neg->r->per_dir_config, &negotiation_module),
-                                 firstlang);
-    }
-    else {                      /* Client has Accept-Language */
-        idx = find_lang_index(neg->accept_langs, firstlang);
-    }
-    variant->lang_index = idx;
-
-    return;
-}
-
-/* Determining the content length --- if the map didn't tell us,
- * we have to do a stat() and remember for next time.
- *
- * Grump.  For Apache, even the first stat here may well be
- * redundant (for multiviews) with a stat() done by the sub_req
- * machinery.  At some point, that ought to be fixed.
- */
-
-static float find_content_length(negotiation_state *neg, var_rec *variant)
-{
-    struct stat statb;
-
-    if (variant->bytes == 0) {
-        char *fullname = ap_make_full_path(neg->pool, neg->dir_name,
-                                           variant->file_name);
-
-        if (stat(fullname, &statb) >= 0) {
-            /* Note, precision may be lost */
-            variant->bytes = (float) statb.st_size;
-        }
-    }
-
-    return variant->bytes;
-}
-
-/* For a given variant, find the best matching Accept: header
- * and assign the Accept: header's quality value to the
- * mime_type_quality field of the variant, for later use in
- * determining the best matching variant.
- */
-
-static void set_accept_quality(negotiation_state *neg, var_rec *variant)
-{
-    int i;
-    accept_rec *accept_recs;
-    float q = 0.0f;
-    int q_definite = 1;
-
-    /* if no Accept: header, leave quality alone (will
-     * remain at the default value of 1) 
-     *
-     * XXX: This if is currently never true because of the effect of
-     * maybe_add_default_accepts().
-     */
-    if (!neg->accepts) {
-        if (variant->mime_type && *variant->mime_type)
-            variant->definite = 0;
-        return;
-    }
-
-    accept_recs = (accept_rec *) neg->accepts->elts;
-
-    /*
-     * Go through each of the ranges on the Accept: header,
-     * looking for the 'best' match with this variant's
-     * content-type. We use the best match's quality
-     * value (from the Accept: header) for this variant's
-     * mime_type_quality field.
-     *
-     * The best match is determined like this:
-     *    type/type is better than type/ * is better than * / *
-     *    if match is type/type, use the level mime param if available
-     */
-    for (i = 0; i < neg->accepts->nelts; ++i) {
-
-        accept_rec *type = &accept_recs[i];
-        int prev_mime_stars;
-
-        prev_mime_stars = variant->mime_stars;
-
-        if (!mime_match(type, variant)) {
-            continue;           /* didn't match the content type at all */
-        }
-        else {
-            /* did match - see if there were less or more stars than
-             * in previous match
-             */
-            if (prev_mime_stars == variant->mime_stars) {
-                continue;       /* more stars => not as good a match */
-            }
-        }
-
-        /* If we are allowed to mess with the q-values
-         * and have no explicit q= parameters in the accept header,
-         * make wildcards very low, so we have a low chance
-         * of ending up with them if there's something better.
-         */
-
-        if (!neg->dont_fiddle_headers && !neg->accept_q &&
-            variant->mime_stars == 1) {
-            q = 0.01f;
-        }
-        else if (!neg->dont_fiddle_headers && !neg->accept_q &&
-                 variant->mime_stars == 2) {
-            q = 0.02f;
-        }
-        else {
-            q = type->quality;
-        }
-
-        q_definite = (variant->mime_stars == 3);
-    }
-    variant->mime_type_quality = q;
-    variant->definite = variant->definite && q_definite;
-
-}
-
-/* For a given variant, find the 'q' value of the charset given
- * on the Accept-Charset line. If no charsets are listed,
- * assume value of '1'.
- */
-static void set_charset_quality(negotiation_state *neg, var_rec *variant)
-{
-    int i;
-    accept_rec *accept_recs;
-    char *charset = variant->content_charset;
-    accept_rec *star = NULL;
-
-    /* if no Accept-Charset: header, leave quality alone (will
-     * remain at the default value of 1)
-     */
-    if (!neg->accept_charsets) {
-        if (charset && *charset)
-            variant->definite = 0;
-        return;
-    }
-
-    accept_recs = (accept_rec *) neg->accept_charsets->elts;
-
-    if (charset == NULL || !*charset) {
-        /* Charset of variant not known */
-
-        /* if not a text / * type, leave quality alone */
-        if (!(!strncmp(variant->mime_type, "text/", 5)
-              || !strcmp(variant->mime_type, INCLUDES_MAGIC_TYPE)
-              || !strcmp(variant->mime_type, INCLUDES_MAGIC_TYPE3) 
-              ))
-            return;
-
-        /* Don't go guessing if we are in strict header mode,
-         * e.g. when running the rvsa, as any guess won't be reflected
-         * in the variant list or content-location headers.
-         */
-        if (neg->dont_fiddle_headers)
-            return;
-
-        charset = "iso-8859-1"; /* The default charset for HTTP text types */
-    }
-
-    /*
-     * Go through each of the items on the Accept-Charset header,
-     * looking for a match with this variant's charset. If none
-     * match, charset is unacceptable, so set quality to 0.
-     */
-    for (i = 0; i < neg->accept_charsets->nelts; ++i) {
-
-        accept_rec *type = &accept_recs[i];
-
-        if (!strcmp(type->name, charset)) {
-            variant->charset_quality = type->quality;
-            return;
-        }
-        else if (strcmp(type->name, "*") == 0) {
-            star = type;
-        }
-    }
-    /* No explicit match */
-    if (star) {
-        variant->charset_quality = star->quality;
-        variant->definite = 0;
-        return;
-    }
-    /* If this variant is in charset iso-8859-1, the default is 1.0 */
-    if (strcmp(charset, "iso-8859-1") == 0) {
-        variant->charset_quality = 1.0f;
-    }
-    else {
-        variant->charset_quality = 0.0f;
-    }
-}
-
-
-/* is_identity_encoding is included for back-compat, but does anyone
- * use 7bit, 8bin or binary in their var files??
- */
-
-static int is_identity_encoding(const char *enc)
-{
-    return (!enc || !enc[0] || !strcmp(enc, "7bit") || !strcmp(enc, "8bit")
-            || !strcmp(enc, "binary"));
-}
-
-/*
- * set_encoding_quality determines whether the encoding for a particular
- * variant is acceptable for the user-agent.
- *
- * The rules for encoding are that if the user-agent does not supply
- * any Accept-Encoding header, then all encodings are allowed but a
- * variant with no encoding should be preferred.
- * If there is an empty Accept-Encoding header, then no encodings are 
- * acceptable. If there is a non-empty Accept-Encoding header, then
- * any of the listed encodings are acceptable, as well as no encoding
- * unless the "identity" encoding is specifically excluded.
- */
-static void set_encoding_quality(negotiation_state *neg, var_rec *variant)
-{
-    accept_rec *accept_recs;
-    const char *enc = variant->content_encoding;
-    accept_rec *star = NULL;
-    float value_if_not_found = 0.0f;
-    int i;
-
-    if (!neg->accept_encodings) {
-        /* We had no Accept-Encoding header, assume that all
-         * encodings are acceptable with a low quality,
-         * but we prefer no encoding if available.
-         */
-        if (!enc || is_identity_encoding(enc))
-            variant->encoding_quality = 1.0f;
-        else
-            variant->encoding_quality = 0.5f;
-
-        return;
-    }
-
-    if (!enc || is_identity_encoding(enc)) {
-        enc = "identity";
-        value_if_not_found = 0.0001f;
-    }
-
-    accept_recs = (accept_rec *) neg->accept_encodings->elts;
-
-    /* Go through each of the encodings on the Accept-Encoding: header,
-     * looking for a match with our encoding. x- prefixes are ignored.
-     */
-    if (enc[0] == 'x' && enc[1] == '-') {
-        enc += 2;
-    }
-    for (i = 0; i < neg->accept_encodings->nelts; ++i) {
-
-        char *name = accept_recs[i].name;
-
-        if (name[0] == 'x' && name[1] == '-') {
-            name += 2;
-        }
-
-        if (!strcmp(name, enc)) {
-            variant->encoding_quality = accept_recs[i].quality;
-            return;
-        }
-
-        if (strcmp(name, "*") == 0) {
-            star = &accept_recs[i];
-        }
-
-    }
-    /* No explicit match */
-    if (star) {
-        variant->encoding_quality = star->quality;
-        return;
-    }
-
-    /* Encoding not found on Accept-Encoding: header, so it is
-     * _not_ acceptable unless it is the identity (no encoding)
-     */
-    variant->encoding_quality = value_if_not_found;
-}
-
-/************************************************************* 
- * Possible results of the variant selection algorithm 
- */
-enum algorithm_results {
-    alg_choice = 1,              /* choose variant */
-    alg_list                     /* list variants */
-};
-
-/* Below is the 'best_match' function. It returns an int, which has
- * one of the two values alg_choice or alg_list, which give the result
- * of the variant selection algorithm.  alg_list means that no best
- * variant was found by the algorithm, alg_choice means that a best
- * variant was found and should be returned.  The list/choice
- * terminology comes from TCN (rfc2295), but is used in a more generic
- * way here.  The best variant is returned in *pbest. best_match has
- * two possible algorithms for determining the best variant: the
- * RVSA/1.0 algorithm (from RFC2296), and the standard Apache
- * algorithm. These are split out into separate functions
- * (is_variant_better_rvsa() and is_variant_better()).  Selection of
- * one is through the neg->use_rvsa flag.
- *
- * The call to best_match also creates full information, including
- * language, charset, etc quality for _every_ variant. This is needed
- * for generating a correct Vary header, and can be used for the
- * Alternates header, the human-readable list responses and 406 errors.
- */
-
-/* Firstly, the RVSA/1.0 (HTTP Remote Variant Selection Algorithm
- * v1.0) from rfc2296.  This is the algorithm that goes together with
- * transparent content negotiation (TCN).
- */
-static int is_variant_better_rvsa(negotiation_state *neg, var_rec *variant,
-                                  var_rec *best, float *p_bestq)
-{
-    float bestq = *p_bestq, q;
-
-    /* TCN does not cover negotiation on content-encoding.  For now,
-     * we ignore the encoding unless it was explicitly excluded.
-     */
-    if (variant->encoding_quality == 0.0f)
-        return 0;
-    
-    q = variant->mime_type_quality *
-        variant->source_quality *
-        variant->charset_quality *
-        variant->lang_quality;
-
-   /* RFC 2296 calls for the result to be rounded to 5 decimal places,
-    * but we don't do that because it serves no useful purpose other
-    * than to ensure that a remote algorithm operates on the same
-    * precision as ours.  That is silly, since what we obviously want
-    * is for the algorithm to operate on the best available precision
-    * regardless of who runs it.  Since the above calculation may
-    * result in significant variance at 1e-12, rounding would be bogus.
-    */
-
-#ifdef NEG_DEBUG
-    fprintf(stderr, "Variant: file=%s type=%s lang=%s sourceq=%1.3f "
-           "mimeq=%1.3f langq=%1.3f charq=%1.3f encq=%1.3f "
-           "q=%1.5f definite=%d\n",            
-            (variant->file_name ? variant->file_name : ""),
-            (variant->mime_type ? variant->mime_type : ""),
-            (variant->content_languages
-             ? ap_array_pstrcat(neg->pool, variant->content_languages, ',')
-             : ""),
-            variant->source_quality,
-            variant->mime_type_quality,
-            variant->lang_quality,
-            variant->charset_quality,
-            variant->encoding_quality,
-            q,
-            variant->definite);
-#endif
-
-    if (q <= 0.0f) {
-        return 0;
-    }
-    if (q > bestq) {
-        *p_bestq = q;
-        return 1;
-    }
-    if (q == bestq) {
-        /* If the best variant's encoding is of lesser quality than
-         * this variant, then we prefer this variant
-         */
-        if (variant->encoding_quality > best->encoding_quality) {
-            *p_bestq = q;
-            return 1;
-        }
-    }
-    return 0;
-}
-
-/* Negotiation algorithm as used by previous versions of Apache
- * (just about). 
- */
-
-static int is_variant_better(negotiation_state *neg, var_rec *variant,
-                             var_rec *best, float *p_bestq)
-{
-    float bestq = *p_bestq, q;
-    int levcmp;
-
-    /* For non-transparent negotiation, server can choose how
-     * to handle the negotiation. We'll use the following in
-     * order: content-type, language, content-type level, charset,
-     * content encoding, content length.
-     *
-     * For each check, we have three possible outcomes:
-     *   This variant is worse than current best: return 0
-     *   This variant is better than the current best:
-     *          assign this variant's q to *p_bestq, and return 1
-     *   This variant is just as desirable as the current best:
-     *          drop through to the next test.
-     *
-     * This code is written in this long-winded way to allow future
-     * customisation, either by the addition of additional
-     * checks, or to allow the order of the checks to be determined
-     * by configuration options (e.g. we might prefer to check
-     * language quality _before_ content type).
-     */
-
-    /* First though, eliminate this variant if it is not
-     * acceptable by type, charset, encoding or language.
-     */
-
-#ifdef NEG_DEBUG
-    fprintf(stderr, "Variant: file=%s type=%s lang=%s sourceq=%1.3f "
-           "mimeq=%1.3f langq=%1.3f langidx=%d charq=%1.3f encq=%1.3f \n",
-            (variant->file_name ? variant->file_name : ""),
-            (variant->mime_type ? variant->mime_type : ""),
-            (variant->content_languages
-             ? ap_array_pstrcat(neg->pool, variant->content_languages, ',')
-             : ""),
-            variant->source_quality,
-            variant->mime_type_quality,
-            variant->lang_quality,
-            variant->lang_index,
-            variant->charset_quality,
-            variant->encoding_quality);
-#endif
-
-    if (variant->encoding_quality == 0.0f ||
-        variant->lang_quality == 0.0f ||
-        variant->source_quality == 0.0f ||
-        variant->charset_quality == 0.0f ||
-        variant->mime_type_quality == 0.0f) {
-        return 0;               /* don't consider unacceptables */
-    }
-
-    q = variant->mime_type_quality * variant->source_quality;
-    if (q == 0.0 || q < bestq) {
-        return 0;
-    }
-    if (q > bestq || !best) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* language */
-    if (variant->lang_quality < best->lang_quality) {
-        return 0;
-    }
-    if (variant->lang_quality > best->lang_quality) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* if language qualities were equal, try the LanguagePriority stuff */
-    if (best->lang_index != -1 &&
-        (variant->lang_index == -1 || variant->lang_index > best->lang_index)) {
-        return 0;
-    }
-    if (variant->lang_index != -1 &&
-        (best->lang_index == -1 || variant->lang_index < best->lang_index)) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* content-type level (sometimes used with text/html, though we
-     * support it on other types too)
-     */
-    levcmp = level_cmp(variant, best);
-    if (levcmp == -1) {
-        return 0;
-    }
-    if (levcmp == 1) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* charset */
-    if (variant->charset_quality < best->charset_quality) {
-        return 0;
-    }
-    /* If the best variant's charset is ISO-8859-1 and this variant has
-     * the same charset quality, then we prefer this variant
-     */
-
-    if (variant->charset_quality > best->charset_quality ||
-        ((variant->content_charset != NULL &&
-          *variant->content_charset != '\0' &&
-          strcmp(variant->content_charset, "iso-8859-1") != 0) &&
-         (best->content_charset == NULL ||
-          *best->content_charset == '\0' ||
-          strcmp(best->content_charset, "iso-8859-1") == 0))) {
-        *p_bestq = q;
-        return 1;
-    }
-
-    /* Prefer the highest value for encoding_quality.
-     */
-    if (variant->encoding_quality < best->encoding_quality) {
-       return 0;
-    }
-    if (variant->encoding_quality > best->encoding_quality) {
-       *p_bestq = q;
-       return 1;
-    }
-
-    /* content length if all else equal */
-    if (find_content_length(neg, variant) >= find_content_length(neg, best)) {
-        return 0;
-    }
-
-    /* ok, to get here means every thing turned out equal, except
-     * we have a shorter content length, so use this variant
-     */
-    *p_bestq = q;
-    return 1;
-}
-
-static int best_match(negotiation_state *neg, var_rec **pbest)
-{
-    int j;
-    var_rec *best = NULL;
-    float bestq = 0.0f;
-    enum algorithm_results algorithm_result;
-
-    var_rec *avail_recs = (var_rec *) neg->avail_vars->elts;
-
-    set_default_lang_quality(neg);
-
-    /*
-     * Find the 'best' variant 
-     */
-
-    for (j = 0; j < neg->avail_vars->nelts; ++j) {
-        var_rec *variant = &avail_recs[j];
-
-        /* Find all the relevant 'quality' values from the
-         * Accept... headers, and store in the variant.  This also
-         * prepares for sending an Alternates header etc so we need to
-         * do it even if we do not actually plan to find a best
-         * variant.  
-         */
-        set_accept_quality(neg, variant);
-        set_language_quality(neg, variant);
-        set_encoding_quality(neg, variant);
-        set_charset_quality(neg, variant);
-
-        /* Only do variant selection if we may actually choose a
-         * variant for the client 
-         */
-        if (neg->may_choose) {
-
-            /* Now find out if this variant is better than the current
-             * best, either using the RVSA/1.0 algorithm, or Apache's
-             * internal server-driven algorithm. Presumably other
-             * server-driven algorithms are possible, and could be
-             * implemented here.
-             */
-     
-            if (neg->use_rvsa) {
-                if (is_variant_better_rvsa(neg, variant, best, &bestq)) {
-                    best = variant;
-                }
-            }
-            else {
-                if (is_variant_better(neg, variant, best, &bestq)) {
-                    best = variant;
-                }
-            }
-        }
-    }
-
-    /* We now either have a best variant, or no best variant */
-
-    if (neg->use_rvsa)    {
-        /* calculate result for RVSA/1.0 algorithm:
-         * only a choice response if the best variant has q>0
-         * and is definite
-         */
-        algorithm_result = (best && best->definite) && (bestq > 0) ?
-                           alg_choice : alg_list;
-    }
-    else {
-        /* calculate result for Apache negotiation algorithm */
-        algorithm_result = bestq > 0 ? alg_choice : alg_list;        
-    }
-
-    /* Returning a choice response with a non-neighboring variant is a
-     * protocol security error in TCN (see rfc2295).  We do *not*
-     * verify here that the variant and URI are neighbors, even though
-     * we may return alg_choice.  We depend on the environment (the
-     * caller) to only declare the resource transparently negotiable if
-     * all variants are neighbors.
-     */
-    *pbest = best;
-    return algorithm_result;
-}
-
-/* Sets response headers for a negotiated response.
- * neg->is_transparent determines whether a transparently negotiated
- * response or a plain `server driven negotiation' response is
- * created.   Applicable headers are Alternates, Vary, and TCN.
- *
- * The Vary header we create is sometimes longer than is required for
- * the correct caching of negotiated results by HTTP/1.1 caches.  For
- * example if we have 3 variants x.html, x.ps.en and x.ps.nl, and if
- * the Accept: header assigns a 0 quality to .ps, then the results of
- * the two server-side negotiation algorithms we currently implement
- * will never depend on Accept-Language so we could return `Vary:
- * negotiate, accept' instead of the longer 'Vary: negotiate, accept,
- * accept-language' which the code below will return.  A routine for
- * computing the exact minimal Vary header would be a huge pain to code
- * and maintain though, especially because we need to take all possible
- * twiddles in the server-side negotiation algorithms into account.
- */
-static void set_neg_headers(request_rec *r, negotiation_state *neg,
-                            int alg_result)
-{
-    table *hdrs;
-    var_rec *avail_recs = (var_rec *) neg->avail_vars->elts;
-    const char *sample_type = NULL;
-    const char *sample_language = NULL;
-    const char *sample_encoding = NULL;
-    const char *sample_charset = NULL;
-    char *lang;
-    char *qstr;
-    char *lenstr;
-    long len;
-    array_header *arr;
-    int max_vlist_array = (neg->avail_vars->nelts * 21);
-    int first_variant = 1;
-    int vary_by_type = 0;
-    int vary_by_language = 0;
-    int vary_by_charset = 0;
-    int vary_by_encoding = 0;
-    int j;
-
-    /* In order to avoid O(n^2) memory copies in building Alternates,
-     * we preallocate a table with the maximum substrings possible,
-     * fill it with the variant list, and then concatenate the entire array.
-     * Note that if you change the number of substrings pushed, you also
-     * need to change the calculation of max_vlist_array above.
-     */
-    if (neg->send_alternates && neg->avail_vars->nelts)
-        arr = ap_make_array(r->pool, max_vlist_array, sizeof(char *));
-    else
-        arr = NULL;
-
-    /* Put headers into err_headers_out, since send_http_header()
-     * outputs both headers_out and err_headers_out.
-     */
-    hdrs = r->err_headers_out;
-
-    for (j = 0; j < neg->avail_vars->nelts; ++j) {
-        var_rec *variant = &avail_recs[j];
-
-        if (variant->content_languages && variant->content_languages->nelts) {
-            lang = ap_array_pstrcat(r->pool, variant->content_languages, ',');
-        }
-        else {
-            lang = NULL;
-        }
-
-        /* Calculate Vary by looking for any difference between variants */
-
-        if (first_variant) {
-            sample_type     = variant->mime_type;
-            sample_charset  = variant->content_charset;
-            sample_language = lang;
-            sample_encoding = variant->content_encoding;
-        }
-        else {
-            if (!vary_by_type &&
-                strcmp(sample_type ? sample_type : "", 
-                       variant->mime_type ? variant->mime_type : "")) {
-                vary_by_type = 1;
-            }
-            if (!vary_by_charset &&
-                strcmp(sample_charset ? sample_charset : "",
-                       variant->content_charset ?
-                       variant->content_charset : "")) {
-                vary_by_charset = 1;
-            }
-            if (!vary_by_language &&
-                strcmp(sample_language ? sample_language : "", 
-                       lang ? lang : "")) {
-                vary_by_language = 1;
-            }
-            if (!vary_by_encoding &&
-                strcmp(sample_encoding ? sample_encoding : "",
-                       variant->content_encoding ? 
-                       variant->content_encoding : "")) {
-                vary_by_encoding = 1;
-            }
-        }
-        first_variant = 0;
-
-        if (!neg->send_alternates)
-            continue;
-
-        /* Generate the string components for this Alternates entry */
-
-        *((const char **) ap_push_array(arr)) = "{\"";
-        *((const char **) ap_push_array(arr)) = variant->file_name;
-        *((const char **) ap_push_array(arr)) = "\" ";
-
-        qstr = (char *) ap_palloc(r->pool, 6);
-        ap_snprintf(qstr, 6, "%1.3f", variant->source_quality);
-
-        /* Strip trailing zeros (saves those valuable network bytes) */
-        if (qstr[4] == '0') {
-            qstr[4] = '\0';
-            if (qstr[3] == '0') {
-                qstr[3] = '\0';
-                if (qstr[2] == '0') {
-                    qstr[1] = '\0';
-                }
-            }
-        }
-        *((const char **) ap_push_array(arr)) = qstr;
-
-        if (variant->mime_type && *variant->mime_type) {
-            *((const char **) ap_push_array(arr)) = " {type ";
-            *((const char **) ap_push_array(arr)) = variant->mime_type;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-        if (variant->content_charset && *variant->content_charset) {
-            *((const char **) ap_push_array(arr)) = " {charset ";
-            *((const char **) ap_push_array(arr)) = variant->content_charset;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-        if (lang) {
-            *((const char **) ap_push_array(arr)) = " {language ";
-            *((const char **) ap_push_array(arr)) = lang;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-        if (variant->content_encoding && *variant->content_encoding) {
-            /* Strictly speaking, this is non-standard, but so is TCN */
-
-            *((const char **) ap_push_array(arr)) = " {encoding ";
-            *((const char **) ap_push_array(arr)) = variant->content_encoding;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-
-        /* Note that the Alternates specification (in rfc2295) does
-         * not require that we include {length x}, so we could omit it
-         * if determining the length is too expensive.  We currently
-         * always include it though.  22 bytes is enough for 2^64.
-         *
-         * If the variant is a CGI script, find_content_length would
-         * return the length of the script, not the output it
-         * produces, so we check for the presence of a handler and if
-         * there is one we don't add a length.
-         * 
-         * XXX: TODO: This check does not detect a CGI script if we
-         * get the variant from a type map.  This needs to be fixed
-         * (without breaking things if the type map specifies a
-         * content-length, which currently leads to the correct result).
-         */
-        if (!(variant->sub_req && variant->sub_req->handler)
-            && (len = (long)find_content_length(neg, variant)) != 0) {
-
-            lenstr = (char *) ap_palloc(r->pool, 22);
-            ap_snprintf(lenstr, 22, "%ld", len);
-            *((const char **) ap_push_array(arr)) = " {length ";
-            *((const char **) ap_push_array(arr)) = lenstr;
-            *((const char **) ap_push_array(arr)) = "}";
-        }
-      
-        *((const char **) ap_push_array(arr)) = "}";
-        *((const char **) ap_push_array(arr)) = ", "; /* trimmed below */
-    }
-
-    if (neg->send_alternates && neg->avail_vars->nelts) {
-        arr->nelts--;                                 /* remove last comma */
-        ap_table_mergen(hdrs, "Alternates",
-                        ap_array_pstrcat(r->pool, arr, '\0'));
-    } 
-
-    if (neg->is_transparent || vary_by_type || vary_by_language ||
-        vary_by_language || vary_by_charset || vary_by_encoding) {
-
-        ap_table_mergen(hdrs, "Vary", 2 + ap_pstrcat(r->pool,
-            neg->is_transparent ? ", negotiate"       : "",
-            vary_by_type        ? ", accept"          : "",
-            vary_by_language    ? ", accept-language" : "",
-            vary_by_charset     ? ", accept-charset"  : "",
-            vary_by_encoding    ? ", accept-encoding" : "", NULL));
-    }
-
-    if (neg->is_transparent) { /* Create TCN response header */
-        ap_table_setn(hdrs, "TCN",
-                      alg_result == alg_list ? "list" : "choice");
-    }
-}
-
-/**********************************************************************
- *
- * Return an HTML list of variants. This is output as part of the
- * choice response or 406 status body.
- */
-
-static char *make_variant_list(request_rec *r, negotiation_state *neg)
-{
-    array_header *arr;
-    int i;
-    int max_vlist_array = (neg->avail_vars->nelts * 15) + 2;
-
-    /* In order to avoid O(n^2) memory copies in building the list,
-     * we preallocate a table with the maximum substrings possible,
-     * fill it with the variant list, and then concatenate the entire array.
-     */
-    arr = ap_make_array(r->pool, max_vlist_array, sizeof(char *));
-
-    *((const char **) ap_push_array(arr)) = "Available variants:\n<ul>\n";
-
-    for (i = 0; i < neg->avail_vars->nelts; ++i) {
-        var_rec *variant = &((var_rec *) neg->avail_vars->elts)[i];
-        char *filename = variant->file_name ? variant->file_name : "";
-        array_header *languages = variant->content_languages;
-        char *description = variant->description ? variant->description : "";
-
-        /* The format isn't very neat, and it would be nice to make
-         * the tags human readable (eg replace 'language en' with 'English').
-         * Note that if you change the number of substrings pushed, you also
-         * need to change the calculation of max_vlist_array above.
-         */
-        *((const char **) ap_push_array(arr)) = "<li><a href=\"";
-        *((const char **) ap_push_array(arr)) = filename;
-        *((const char **) ap_push_array(arr)) = "\">";
-        *((const char **) ap_push_array(arr)) = filename;
-        *((const char **) ap_push_array(arr)) = "</a> ";
-        *((const char **) ap_push_array(arr)) = description;
-
-        if (variant->mime_type && *variant->mime_type) {
-            *((const char **) ap_push_array(arr)) = ", type ";
-            *((const char **) ap_push_array(arr)) = variant->mime_type;
-        }
-        if (languages && languages->nelts) {
-            *((const char **) ap_push_array(arr)) = ", language ";
-            *((const char **) ap_push_array(arr)) = ap_array_pstrcat(r->pool,
-                                                       languages, ',');
-        }
-        if (variant->content_charset && *variant->content_charset) {
-            *((const char **) ap_push_array(arr)) = ", charset ";
-            *((const char **) ap_push_array(arr)) = variant->content_charset;
-        }
-        if (variant->content_encoding) {
-            *((const char **) ap_push_array(arr)) = ", encoding ";
-            *((const char **) ap_push_array(arr)) = variant->content_encoding;
-        }
-        *((const char **) ap_push_array(arr)) = "\n";
-    }
-    *((const char **) ap_push_array(arr)) = "</ul>\n";
-
-    return ap_array_pstrcat(r->pool, arr, '\0');
-}
-
-static void store_variant_list(request_rec *r, negotiation_state *neg)
-{
-    if (r->main == NULL) {
-        ap_table_setn(r->notes, "variant-list", make_variant_list(r, neg));
-    }
-    else {
-        ap_table_setn(r->main->notes, "variant-list",
-                      make_variant_list(r->main, neg));
-    }
-}
-
-/* Called if we got a "Choice" response from the variant selection algorithm.
- * It checks the result of the chosen variant to see if it
- * is itself negotiated (if so, return error VARIANT_ALSO_VARIES).
- * Otherwise, add the appropriate headers to the current response.
- */
-
-static int setup_choice_response(request_rec *r, negotiation_state *neg,
-                                 var_rec *variant)
-{
-    request_rec *sub_req;
-    const char *sub_vary;
-
-    if (!variant->sub_req) {
-        int status;
-
-        sub_req = ap_sub_req_lookup_file(variant->file_name, r);
-        status = sub_req->status;
-
-        if (status != HTTP_OK && 
-            !ap_table_get(sub_req->err_headers_out, "TCN")) {
-            ap_destroy_sub_req(sub_req);
-            return status;
-        }
-        variant->sub_req = sub_req;
-    }
-    else {
-        sub_req = variant->sub_req;
-    }
-
-    /* The variant selection algorithm told us to return a "Choice"
-     * response. This is the normal variant response, with
-     * some extra headers. First, ensure that the chosen
-     * variant did or will not itself engage in transparent negotiation.
-     * If not, set the appropriate headers, and fall through to
-     * the normal variant handling 
-     */
-
-    /* This catches the error that a transparent type map selects a
-     * transparent multiviews resource as the best variant.
-     *
-     * XXX: We do not signal an error if a transparent type map
-     * selects a _non_transparent multiviews resource as the best
-     * variant, because we can generate a legal negotiation response
-     * in this case.  In this case, the vlist_validator of the
-     * nontransparent subrequest will be lost however.  This could
-     * lead to cases in which a change in the set of variants or the
-     * negotiation algorithm of the nontransparent resource is never
-     * propagated up to a HTTP/1.1 cache which interprets Vary.  To be
-     * completely on the safe side we should return VARIANT_ALSO_VARIES
-     * for this type of recursive negotiation too.
-     */
-    if (neg->is_transparent &&
-        ap_table_get(sub_req->err_headers_out, "TCN")) {
-        return VARIANT_ALSO_VARIES;
-    }
-
-    /* This catches the error that a transparent type map recursively
-     * selects, as the best variant, another type map which itself
-     * causes transparent negotiation to be done.
-     *
-     * XXX: Actually, we catch this error by catching all cases of
-     * type map recursion.  There are some borderline recursive type
-     * map arrangements which would not produce transparent
-     * negotiation protocol errors or lack of cache propagation
-     * problems, but such arrangements are very hard to detect at this
-     * point in the control flow, so we do not bother to single them
-     * out.
-     *
-     * Recursive type maps imply a recursive arrangement of negotiated
-     * resources which is visible to outside clients, and this is not
-     * supported by the transparent negotiation caching protocols, so
-     * if we are to have generic support for recursive type maps, we
-     * have to create some configuration setting which makes all type
-     * maps non-transparent when recursion is enabled.  Also, if we
-     * want recursive type map support which ensures propagation of
-     * type map changes into HTTP/1.1 caches that handle Vary, we
-     * would have to extend the current mechanism for generating
-     * variant list validators.
-     */
-    if (sub_req->handler && strcmp(sub_req->handler, "type-map") == 0) {
-        return VARIANT_ALSO_VARIES;
-    }
-
-    /* This adds an appropriate Variant-Vary header if the subrequest
-     * is a multiviews resource.
-     *
-     * XXX: TODO: Note that this does _not_ handle any Vary header
-     * returned by a CGI if sub_req is a CGI script, because we don't
-     * see that Vary header yet at this point in the control flow.
-     * This won't cause any cache consistency problems _unless_ the
-     * CGI script also returns a Cache-Control header marking the
-     * response as cachable.  This needs to be fixed, also there are
-     * problems if a CGI returns an Etag header which also need to be
-     * fixed.
-     */
-    if ((sub_vary = ap_table_get(sub_req->err_headers_out, "Vary")) != NULL) {
-        ap_table_setn(r->err_headers_out, "Variant-Vary", sub_vary);
-
-        /* Move the subreq Vary header into the main request to
-         * prevent having two Vary headers in the response, which
-         * would be legal but strange.
-         */
-        ap_table_setn(r->err_headers_out, "Vary", sub_vary);
-        ap_table_unset(sub_req->err_headers_out, "Vary");
-    }
-    
-    ap_table_setn(r->err_headers_out, "Content-Location",
-                  ap_pstrdup(r->pool, variant->file_name));
-
-    set_neg_headers(r, neg, alg_choice);         /* add Alternates and Vary */
-
-    /* Still to do by caller: add Expires */
-
-    return 0;
-}
-
-/****************************************************************
- *
- * Executive...
- */
-
-static int do_negotiation(request_rec *r, negotiation_state *neg, 
-                          var_rec **bestp, int prefer_scripts) 
-{
-    var_rec *avail_recs = (var_rec *) neg->avail_vars->elts;
-    int alg_result;              /* result of variant selection algorithm */
-    int res;
-    int j;
-
-    /* Decide if resource is transparently negotiable */
-
-    /* GET or HEAD? (HEAD has same method number as GET) */
-    if (r->method_number == M_GET) {
-
-        /* maybe this should be configurable, see also the comment
-         * about recursive type maps in setup_choice_response()
-         */
-        neg->is_transparent = 1;       
-
-        /* We can't be transparent if we are a map file in the middle
-         * of the request URI.
-         */
-        if (r->path_info && *r->path_info)
-            neg->is_transparent = 0;
-
-        for (j = 0; j < neg->avail_vars->nelts; ++j) {
-            var_rec *variant = &avail_recs[j];
-
-            /* We can't be transparent, because of internal
-             * assumptions in best_match(), if there is a
-             * non-neighboring variant.  We can have a non-neighboring
-             * variant when processing a type map.  
-             */
-            if (strchr(variant->file_name, '/'))
-                neg->is_transparent = 0;
-        }
-    }
-
-    if (neg->is_transparent)  {
-        parse_negotiate_header(r, neg);
-    }
-    else { /* configure negotiation on non-transparent resource */
-        neg->may_choose = 1;
-    }
-
-    maybe_add_default_accepts(neg, prefer_scripts);
-
-    alg_result = best_match(neg, bestp);
-
-    /* alg_result is one of
-     *   alg_choice: a best variant is chosen
-     *   alg_list: no best variant is chosen
-     */
-
-    if (alg_result == alg_list) {
-        /* send a list response or NOT_ACCEPTABLE error response  */
-
-        neg->send_alternates = 1; /* always include Alternates header */
-        set_neg_headers(r, neg, alg_result); 
-        store_variant_list(r, neg);
-
-        if (neg->is_transparent && neg->ua_supports_trans) {
-            /* XXX todo: expires? cachability? */
-            
-            /* Some HTTP/1.0 clients are known to choke when they get
-             * a 300 (multiple choices) response without a Location
-             * header.  However the 300 code response we are are about
-             * to generate will only reach 1.0 clients which support
-             * transparent negotiation, and they should be OK. The
-             * response should never reach older 1.0 clients, even if
-             * we have CacheNegotiatedDocs enabled, because no 1.0
-             * proxy cache (we know of) will cache and return 300
-             * responses (they certainly won't if they conform to the
-             * HTTP/1.0 specification).
-             */
-            return MULTIPLE_CHOICES;
-        }
-        
-        if (!*bestp) {
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                          "no acceptable variant: %s", r->filename);
-            return NOT_ACCEPTABLE;
-        }
-    }
-
-    /* Variant selection chose a variant */
-
-    /* XXX todo: merge the two cases in the if statement below */
-    if (neg->is_transparent) {
-
-        if ((res = setup_choice_response(r, neg, *bestp)) != 0) {
-            return res; /* return if error */
-        }
-    }
-    else {
-        set_neg_headers(r, neg, alg_result);
-    }
-
-    /* Make sure caching works - Vary should handle HTTP/1.1, but for
-     * HTTP/1.0, we can't allow caching at all.
-     */
-
-    /* XXX: Note that we only set r->no_cache to 1, which causes
-     * Expires: <now> to be added, when responding to a HTTP/1.0
-     * client.  If we return the response to a 1.1 client, we do not
-     * add Expires <now>, because doing so would degrade 1.1 cache
-     * performance by preventing re-use of the response without prior
-     * revalidation.  On the other hand, if the 1.1 client is a proxy
-     * which was itself contacted by a 1.0 client, or a proxy cache
-     * which can be contacted later by 1.0 clients, then we currently
-     * rely on this 1.1 proxy to add the Expires: <now> when it
-     * forwards the response.
-     *
-     * XXX: TODO: Find out if the 1.1 spec requires proxies and
-     * tunnels to add Expires: <now> when forwarding the response to
-     * 1.0 clients.  I (kh) recall it is rather vague on this point.
-     * Testing actual 1.1 proxy implementations would also be nice. If
-     * Expires: <now> is not added by proxies then we need to always
-     * include Expires: <now> ourselves to ensure correct caching, but
-     * this would degrade HTTP/1.1 cache efficiency unless we also add
-     * Cache-Control: max-age=N, which we currently don't.
-     *
-     * Roy: No, we are not going to screw over HTTP future just to
-     *      ensure that people who can't be bothered to upgrade their
-     *      clients will always receive perfect server-side negotiation.
-     *      Hell, those clients are sending bogus accept headers anyway.
-     *
-     *      Manual setting of cache-control/expires always overrides this
-     *      automated kluge, on purpose.
-     */
-    
-    if ((!do_cache_negotiated_docs(r->server)
-         && (r->proto_num < HTTP_VERSION(1,1)))        
-         && neg->count_multiviews_variants != 1) {
-        r->no_cache = 1;
-    }
-
-    return OK;
-}
-
-static int handle_map_file(request_rec *r)
-{
-    negotiation_state *neg = parse_accept_headers(r);
-    var_rec *best;
-    int res;
-
-    char *udir;
-
-    if ((res = read_type_map(neg, r))) {
-        return res;
-    }
-
-    res = do_negotiation(r, neg, &best, 0);
-    if (res != 0) return res;
-
-    if (r->path_info && *r->path_info) {
-        r->uri[ap_find_path_info(r->uri, r->path_info)] = '\0';
-    }
-    udir = ap_make_dirstr_parent(r->pool, r->uri);
-    udir = ap_escape_uri(r->pool, udir);
-    ap_internal_redirect(ap_pstrcat(r->pool, udir, best->file_name,
-                                    r->path_info, NULL), r);
-    return OK;
-}
-
-static int handle_multi(request_rec *r)
-{
-    negotiation_state *neg;
-    var_rec *best, *avail_recs;
-    request_rec *sub_req;
-    int res;
-    int j;
-
-    if (r->finfo.st_mode != 0 || !(ap_allow_options(r) & OPT_MULTI)) {
-        return DECLINED;
-    }
-
-    neg = parse_accept_headers(r);
-
-    if ((res = read_types_multi(neg))) {
-      return_from_multi:
-        /* free all allocated memory from subrequests */
-        avail_recs = (var_rec *) neg->avail_vars->elts;
-        for (j = 0; j < neg->avail_vars->nelts; ++j) {
-            var_rec *variant = &avail_recs[j];
-            if (variant->sub_req) {
-                ap_destroy_sub_req(variant->sub_req);
-            }
-        }
-        return res;
-    }
-    if (neg->avail_vars->nelts == 0) {
-        return DECLINED;
-    }
-
-    res = do_negotiation(r, neg, &best,
-                         (r->method_number != M_GET) || r->args ||
-                         (r->path_info && *r->path_info));
-    if (res != 0)
-        goto return_from_multi;
-
-    if (!(sub_req = best->sub_req)) {
-        /* We got this out of a map file, so we don't actually have
-         * a sub_req structure yet.  Get one now.
-         */
-
-        sub_req = ap_sub_req_lookup_file(best->file_name, r);
-        if (sub_req->status != HTTP_OK) {
-            res = sub_req->status;
-            ap_destroy_sub_req(sub_req);
-            goto return_from_multi;
-        }
-    }
-
-    /* BLECH --- don't multi-resolve non-ordinary files */
-
-    if (!S_ISREG(sub_req->finfo.st_mode)) {
-        res = NOT_FOUND;
-        goto return_from_multi;
-    }
-
-    /* Otherwise, use it. */
-
-    /* now do a "fast redirect" ... promote the sub_req into the main req */
-    /* We need to tell POOL_DEBUG that we're guaranteeing that sub_req->pool
-     * will exist as long as r->pool.  Otherwise we run into troubles because
-     * some values in this request will be allocated in r->pool, and others in
-     * sub_req->pool.
-     */
-    ap_pool_join(r->pool, sub_req->pool);
-    r->mtime = 0; /* reset etag info for subrequest */
-    /* XXX: uri/args/path_info are all retained from the original request.
-     *      It is entirely possible, but not common, for a handler to choke
-     *      on some expectation based on the uri (or more commonly, args) that 
-     *      the file subrequest was prepared to handle, but a lookup_uri would
-     *      have considered an error.  This leaves an improbable possibility 
-     *      that the user might fail a mod_dir request later, and the server 
-     *      may respond with a mod_autoindex response.  However, this has been
-     *      the behavior throughout much of the Apache 1.3 era with minimal
-     *      side effects, mostly caused by obscure configuration bugs.
-     *  r->uri = sub_req->uri;
-     *  r->args = sub_req->args;
-     *  r->path_info = sub_req->path_info;  
-     */
-    r->filename = sub_req->filename;
-    r->handler = sub_req->handler;
-    r->content_type = sub_req->content_type;
-    r->content_encoding = sub_req->content_encoding;
-    r->content_languages = sub_req->content_languages;
-    r->content_language = sub_req->content_language;
-    r->finfo = sub_req->finfo;
-    r->per_dir_config = sub_req->per_dir_config;
-    /* copy output headers from subrequest, but leave negotiation headers */
-    r->notes = ap_overlay_tables(r->pool, sub_req->notes, r->notes);
-    r->headers_out = ap_overlay_tables(r->pool, sub_req->headers_out,
-                                    r->headers_out);
-    r->err_headers_out = ap_overlay_tables(r->pool, sub_req->err_headers_out,
-                                        r->err_headers_out);
-    r->subprocess_env = ap_overlay_tables(r->pool, sub_req->subprocess_env,
-                                       r->subprocess_env);
-    avail_recs = (var_rec *) neg->avail_vars->elts;
-    for (j = 0; j < neg->avail_vars->nelts; ++j) {
-        var_rec *variant = &avail_recs[j];
-        if (variant != best && variant->sub_req) {
-            ap_destroy_sub_req(variant->sub_req);
-        }
-    }
-    return OK;
-}
-
-/********************************************************************** 
- * There is a problem with content-encoding, as some clients send and
- * expect an x- token (e.g. x-gzip) while others expect the plain token
- * (i.e. gzip). To try and deal with this as best as possible we do
- * the following: if the client sent an Accept-Encoding header and it
- * contains a plain token corresponding to the content encoding of the
- * response, then set content encoding using the plain token. Else if
- * the A-E header contains the x- token use the x- token in the C-E
- * header. Else don't do anything.
- *
- * Note that if no A-E header was sent, or it does not contain a token
- * compatible with the final content encoding, then the token in the
- * C-E header will be whatever was specified in the AddEncoding
- * directive.
- */
-static int fix_encoding(request_rec *r)
-{
-    const char *enc = r->content_encoding;
-    char *x_enc = NULL;
-    array_header *accept_encodings;
-    accept_rec *accept_recs;
-    int i;
-
-    if (!enc || !*enc) {
-        return DECLINED;
-    }
-
-    if (enc[0] == 'x' && enc[1] == '-') {
-        enc += 2;
-    }
-
-    if ((accept_encodings = do_header_line(r->pool,
-             ap_table_get(r->headers_in, "Accept-Encoding"))) == NULL) {
-        return DECLINED;
-    }
-
-    accept_recs = (accept_rec *) accept_encodings->elts;
-
-    for (i = 0; i < accept_encodings->nelts; ++i) {
-        char *name = accept_recs[i].name;
-
-        if (!strcmp(name, enc)) {
-            r->content_encoding = name;
-            return OK;
-        }
-
-        if (name[0] == 'x' && name[1] == '-' && !strcmp(name+2, enc)) {
-            x_enc = name;
-        }
-    }
-
-    if (x_enc) {
-        r->content_encoding = x_enc;
-        return OK;
-    }
-
-    return DECLINED;
-}
-
-static const handler_rec negotiation_handlers[] =
-{
-    {MAP_FILE_MAGIC_TYPE, handle_map_file},
-    {"type-map", handle_map_file},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT negotiation_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_neg_dir_config,      /* dir config creator */
-    merge_neg_dir_configs,      /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server config */
-    negotiation_cmds,           /* command table */
-    negotiation_handlers,       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    handle_multi,               /* type_checker */
-    fix_encoding,               /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c b/usr.sbin/httpd/src/modules/standard/mod_rewrite.c
deleted file mode 100644
index 90a76cc59cd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c
+++ /dev/null
@@ -1,4396 +0,0 @@
-/*	$OpenBSD: mod_rewrite.c,v 1.28 2010/09/09 11:31:40 miod Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-
-/*                       _                            _ _
-**   _ __ ___   ___   __| |    _ __ _____      ___ __(_) |_ ___
-**  | '_ ` _ \ / _ \ / _` |   | '__/ _ \ \ /\ / / '__| | __/ _ \
-**  | | | | | | (_) | (_| |   | | |  __/\ V  V /| |  | | ||  __/
-**  |_| |_| |_|\___/ \__,_|___|_|  \___| \_/\_/ |_|  |_|\__\___|
-**                       |_____|
-**
-**  URL Rewriting Module
-**
-**  This module uses a rule-based rewriting engine (based on a
-**  regular-expression parser) to rewrite requested URLs on the fly.
-**
-**  It supports an unlimited number of additional rule conditions (which can
-**  operate on a lot of variables, even on HTTP headers) for granular
-**  matching and even external database lookups (either via plain text
-**  tables, DBM hash files or even external processes) for advanced URL
-**  substitution.
-**
-**  It operates on the full URLs (including the PATH_INFO part) both in
-**  per-server context (httpd.conf) and per-dir context (.htaccess) and even
-**  can generate QUERY_STRING parts on result.   The rewriting result finally
-**  can lead to internal subprocessing, external request redirection or even
-**  to internal proxy throughput.
-**
-**  This module was originally written in April 1996 and
-**  gifted exclusively to the The Apache Group in July 1997 by
-**
-**      Ralf S. Engelschall
-**      rse@engelschall.com
-**      www.engelschall.com
-*/
-
-
-#include "mod_rewrite.h"
-#include "http_main.h"
-#include "fdcache.h"
-
-#include <sys/types.h>
-#include <sys/uio.h>
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |             static module configuration
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-/*
-**  Our interface to the Apache server kernel:
-**
-**  o  Runtime logic of a request is as following:
-**       while(request or subrequest)
-**           foreach(stage #0...#9)
-**               foreach(module) (**)
-**                   try to run hook
-**
-**  o  the order of modules at (**) is the inverted order as
-**     given in the "Configuration" file, i.e. the last module
-**     specified is the first one called for each hook!
-**     The core module is always the last!
-**
-**  o  there are two different types of result checking and
-**     continue processing:
-**     for hook #0,#1,#4,#5,#6,#8:
-**         hook run loop stops on first modules which gives
-**         back a result != DECLINED, i.e. it usually returns OK
-**         which says "OK, module has handled this _stage_" and for #1
-**         this have not to mean "Ok, the filename is now valid".
-**     for hook #2,#3,#7,#9:
-**         all hooks are run, independend of result
-**
-**  o  at the last stage, the core module always
-**       - says "BAD_REQUEST" if r->filename does not begin with "/"
-**       - prefix URL with document_root or replaced server_root
-**         with document_root and sets r->filename
-**       - always return a "OK" independed if the file really exists
-**         or not!
-*/
-
-    /* The section for the Configure script:
-     * MODULE-DEFINITION-START
-     * Name: rewrite_module
-     * ConfigStart
-    . ./helpers/find-dbm-lib
-    if [ "x$found_dbm" = "x1" ]; then
-        echo "      enabling DBM support for mod_rewrite"
-    else
-        echo "      disabling DBM support for mod_rewrite"
-        echo "      (perhaps you need to add -ldbm, -lndbm or -lgdbm to EXTRA_LIBS)"
-        CFLAGS="$CFLAGS -DNO_DBM_REWRITEMAP"
-    fi
-     * ConfigEnd
-     * MODULE-DEFINITION-END
-     */
-
-    /* the table of commands we provide */
-static const command_rec command_table[] = {
-    { "RewriteEngine",   cmd_rewriteengine,   NULL, OR_FILEINFO, FLAG,
-      "On or Off to enable or disable (default) the whole rewriting engine" },
-    { "RewriteOptions",  cmd_rewriteoptions,  NULL, OR_FILEINFO, ITERATE,
-      "List of option strings to set" },
-    { "RewriteBase",     cmd_rewritebase,     NULL, OR_FILEINFO, TAKE1,
-      "the base URL of the per-directory context" },
-    { "RewriteCond",     cmd_rewritecond,     NULL, OR_FILEINFO, RAW_ARGS,
-      "an input string and a to be applied regexp-pattern" },
-    { "RewriteRule",     cmd_rewriterule,     NULL, OR_FILEINFO, RAW_ARGS,
-      "an URL-applied regexp-pattern and a substitution URL" },
-    { "RewriteMap",      cmd_rewritemap,      NULL, RSRC_CONF,   TAKE2,
-      "a mapname and a filename" },
-    { "RewriteLock",     cmd_rewritelock,     NULL, RSRC_CONF,   TAKE1,
-      "the filename of a lockfile used for inter-process synchronization"},
-    { "RewriteLog",      cmd_rewritelog,      NULL, RSRC_CONF,   TAKE1,
-      "the filename of the rewriting logfile" },
-    { "RewriteLogLevel", cmd_rewriteloglevel, NULL, RSRC_CONF,   TAKE1,
-      "the level of the rewriting logfile verbosity "
-      "(0=none, 1=std, .., 9=max)" },
-    { NULL }
-};
-
-    /* the table of content handlers we provide */
-static const handler_rec handler_table[] = {
-    { "redirect-handler", handler_redirect },
-    { NULL }
-};
-
-    /* the main config structure */
-module MODULE_VAR_EXPORT rewrite_module = {
-   STANDARD_MODULE_STUFF,
-   init_module,                 /* module initializer                  */
-   config_perdir_create,        /* create per-dir    config structures */
-   config_perdir_merge,         /* merge  per-dir    config structures */
-   config_server_create,        /* create per-server config structures */
-   config_server_merge,         /* merge  per-server config structures */
-   command_table,               /* table of config file commands       */
-   handler_table,               /* [#8] MIME-typed-dispatched handlers */
-   hook_uri2file,               /* [#1] URI to filename translation    */
-   NULL,                        /* [#4] validate user id from request  */
-   NULL,                        /* [#5] check if the user is ok _here_ */
-   NULL,                        /* [#3] check access by host address   */
-   hook_mimetype,               /* [#6] determine MIME type            */
-   hook_fixup,                  /* [#7] pre-run fixups                 */
-   NULL,                        /* [#9] log a transaction              */
-   NULL,                        /* [#2] header parser                  */
-   init_child,                  /* child_init                          */
-   NULL,                        /* child_exit                          */
-   NULL                         /* [#0] post read-request              */
-};
-
-    /* the cache */
-static cache *cachep;
-
-    /* whether proxy module is available or not */
-static int proxy_available;
-
-static char *lockname;
-static int lockfd = -1;
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |           configuration directive handling
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-/*
-**
-**  per-server configuration structure handling
-**
-*/
-
-static void *config_server_create(pool *p, server_rec *s)
-{
-    rewrite_server_conf *a;
-
-    a = (rewrite_server_conf *)ap_pcalloc(p, sizeof(rewrite_server_conf));
-
-    a->state           = ENGINE_DISABLED;
-    a->options         = OPTION_NONE;
-    a->rewritelogfile  = NULL;
-    a->rewritelogfp    = -1;
-    a->rewriteloglevel = 0;
-    a->rewritemaps     = ap_make_array(p, 2, sizeof(rewritemap_entry));
-    a->rewriteconds    = ap_make_array(p, 2, sizeof(rewritecond_entry));
-    a->rewriterules    = ap_make_array(p, 2, sizeof(rewriterule_entry));
-    a->server          = s;
-    a->redirect_limit  = 0; /* unset (use default) */
-
-    return (void *)a;
-}
-
-static void *config_server_merge(pool *p, void *basev, void *overridesv)
-{
-    rewrite_server_conf *a, *base, *overrides;
-
-    a         = (rewrite_server_conf *)ap_pcalloc(p, sizeof(rewrite_server_conf));
-    base      = (rewrite_server_conf *)basev;
-    overrides = (rewrite_server_conf *)overridesv;
-
-    a->state   = overrides->state;
-    a->options = overrides->options;
-    a->server  = overrides->server;
-    a->redirect_limit = overrides->redirect_limit
-                          ? overrides->redirect_limit
-                          : base->redirect_limit;
-
-    if (a->options & OPTION_INHERIT) {
-        /*
-         *  local directives override
-         *  and anything else is inherited
-         */
-        a->rewriteloglevel = overrides->rewriteloglevel != 0 
-                             ? overrides->rewriteloglevel
-                             : base->rewriteloglevel;
-        a->rewritelogfile  = overrides->rewritelogfile != NULL 
-                             ? overrides->rewritelogfile
-                             : base->rewritelogfile;
-        a->rewritelogfp    = overrides->rewritelogfp != -1 
-                             ? overrides->rewritelogfp 
-                             : base->rewritelogfp;
-        a->rewritemaps     = ap_append_arrays(p, overrides->rewritemaps,
-                                              base->rewritemaps);
-        a->rewriteconds    = ap_append_arrays(p, overrides->rewriteconds,
-                                              base->rewriteconds);
-        a->rewriterules    = ap_append_arrays(p, overrides->rewriterules,
-                                              base->rewriterules);
-    }
-    else {
-        /*
-         *  local directives override
-         *  and anything else gets defaults
-         */
-        a->rewriteloglevel = overrides->rewriteloglevel;
-        a->rewritelogfile  = overrides->rewritelogfile;
-        a->rewritelogfp    = overrides->rewritelogfp;
-        a->rewritemaps     = overrides->rewritemaps;
-        a->rewriteconds    = overrides->rewriteconds;
-        a->rewriterules    = overrides->rewriterules;
-    }
-
-    return (void *)a;
-}
-
-
-/*
-**
-**  per-directory configuration structure handling
-**
-*/
-
-static void *config_perdir_create(pool *p, char *path)
-{
-    rewrite_perdir_conf *a;
-
-    a = (rewrite_perdir_conf *)ap_pcalloc(p, sizeof(rewrite_perdir_conf));
-
-    a->state           = ENGINE_DISABLED;
-    a->options         = OPTION_NONE;
-    a->baseurl         = NULL;
-    a->rewriteconds    = ap_make_array(p, 2, sizeof(rewritecond_entry));
-    a->rewriterules    = ap_make_array(p, 2, sizeof(rewriterule_entry));
-    a->redirect_limit  = 0; /* unset (use server config) */
-
-    if (path == NULL) {
-        a->directory = NULL;
-    }
-    else {
-        /* make sure it has a trailing slash */
-        if (path[strlen(path)-1] == '/') {
-            a->directory = ap_pstrdup(p, path);
-        }
-        else {
-            a->directory = ap_pstrcat(p, path, "/", NULL);
-        }
-    }
-
-    return (void *)a;
-}
-
-static void *config_perdir_merge(pool *p, void *basev, void *overridesv)
-{
-    rewrite_perdir_conf *a, *base, *overrides;
-
-    a         = (rewrite_perdir_conf *)ap_pcalloc(p,
-                                                  sizeof(rewrite_perdir_conf));
-    base      = (rewrite_perdir_conf *)basev;
-    overrides = (rewrite_perdir_conf *)overridesv;
-
-    a->state     = overrides->state;
-    a->options   = overrides->options;
-    a->directory = overrides->directory;
-    a->baseurl   = overrides->baseurl;
-    a->redirect_limit = overrides->redirect_limit
-                          ? overrides->redirect_limit
-                          : base->redirect_limit;
-
-    if (a->options & OPTION_INHERIT) {
-        a->rewriteconds = ap_append_arrays(p, overrides->rewriteconds,
-                                           base->rewriteconds);
-        a->rewriterules = ap_append_arrays(p, overrides->rewriterules,
-                                           base->rewriterules);
-    }
-    else {
-        a->rewriteconds = overrides->rewriteconds;
-        a->rewriterules = overrides->rewriterules;
-    }
-
-    return (void *)a;
-}
-
-
-/*
-**
-**  the configuration commands
-**
-*/
-
-static const char *cmd_rewriteengine(cmd_parms *cmd,
-                                     rewrite_perdir_conf *dconf, int flag)
-{
-    rewrite_server_conf *sconf;
-
-    sconf = 
-        (rewrite_server_conf *)ap_get_module_config(cmd->server->module_config,
-                                                    &rewrite_module);
-
-    if (cmd->path == NULL) { /* is server command */
-        sconf->state = (flag ? ENGINE_ENABLED : ENGINE_DISABLED);
-    }
-    else                   /* is per-directory command */ {
-        dconf->state = (flag ? ENGINE_ENABLED : ENGINE_DISABLED);
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewriteoptions(cmd_parms *cmd,
-                                      void *in_dconf, const char *option)
-{
-    int options = 0, limit = 0;
-    char *w;
-
-    while (*option) {
-        w = ap_getword_conf(cmd->pool, &option);
-
-        if (!strcasecmp(w, "inherit")) {
-            options |= OPTION_INHERIT;
-        }
-        else if (!strncasecmp(w, "MaxRedirects=", 13)) {
-            limit = atoi(&w[13]);
-            if (limit <= 0) {
-                return "RewriteOptions: MaxRedirects takes a number greater "
-                       "than zero.";
-            }
-        }
-        else if (!strcasecmp(w, "MaxRedirects")) { /* be nice */
-            return "RewriteOptions: MaxRedirects has the format MaxRedirects"
-                   "=n.";
-        }
-        else {
-            return ap_pstrcat(cmd->pool, "RewriteOptions: unknown option '",
-                              w, "'", NULL);
-        }
-    }
-
-    /* put it into the appropriate config */
-    if (cmd->path == NULL) { /* is server command */
-        rewrite_server_conf *conf =
-            ap_get_module_config(cmd->server->module_config,
-                                 &rewrite_module);
-
-        conf->options |= options;
-        conf->redirect_limit = limit;
-    }
-    else {                  /* is per-directory command */
-        rewrite_perdir_conf *conf = in_dconf;
-
-        conf->options |= options;
-        conf->redirect_limit = limit;
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewritelog(cmd_parms *cmd, void *dconf, char *a1)
-{
-    rewrite_server_conf *sconf;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    sconf->rewritelogfile = a1;
-
-    return NULL;
-}
-
-static const char *cmd_rewriteloglevel(cmd_parms *cmd, void *dconf, char *a1)
-{
-    rewrite_server_conf *sconf;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    sconf->rewriteloglevel = atoi(a1);
-
-    return NULL;
-}
-
-static const char *cmd_rewritemap(cmd_parms *cmd, void *dconf, char *a1,
-                                  char *a2)
-{
-    rewrite_server_conf *sconf;
-    rewritemap_entry *new;
-    struct stat st;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    new = ap_push_array(sconf->rewritemaps);
-
-    new->name = a1;
-    new->func = NULL;
-    if (strncmp(a2, "txt:", 4) == 0) {
-        new->type      = MAPTYPE_TXT;
-        new->datafile  = a2+4;
-        new->checkfile = a2+4;
-    }
-    else if (strncmp(a2, "rnd:", 4) == 0) {
-        new->type      = MAPTYPE_RND;
-        new->datafile  = a2+4;
-        new->checkfile = a2+4;
-    }
-    else if (strncmp(a2, "dbm:", 4) == 0) {
-        new->type      = MAPTYPE_DBM;
-        new->datafile  = a2+4;
-        new->checkfile = ap_pstrcat(cmd->pool, a2+4, NDBM_FILE_SUFFIX, NULL);
-    }
-    else if (strncmp(a2, "prg:", 4) == 0) {
-        new->type = MAPTYPE_PRG;
-        new->datafile = a2+4;
-        new->checkfile = a2+4;
-    }
-    else if (strncmp(a2, "int:", 4) == 0) {
-        new->type      = MAPTYPE_INT;
-        new->datafile  = NULL;
-        new->checkfile = NULL;
-        if (strcmp(a2+4, "tolower") == 0) {
-            new->func = rewrite_mapfunc_tolower;
-        }
-        else if (strcmp(a2+4, "toupper") == 0) {
-            new->func = rewrite_mapfunc_toupper;
-        }
-        else if (strcmp(a2+4, "escape") == 0) {
-            new->func = rewrite_mapfunc_escape;
-        }
-        else if (strcmp(a2+4, "unescape") == 0) {
-            new->func = rewrite_mapfunc_unescape;
-        }
-        else if (sconf->state == ENGINE_ENABLED) {
-            return ap_pstrcat(cmd->pool, "RewriteMap: internal map not found:",
-                              a2+4, NULL);
-        }
-    }
-    else {
-        new->type      = MAPTYPE_TXT;
-        new->datafile  = a2;
-        new->checkfile = a2;
-    }
-    new->fpin  = -1;
-    new->fpout = -1;
-
-    /* yes, we do it twice. needed for restart awareness */
-    ap_server_strip_chroot(new->checkfile, 0);
-    ap_server_strip_chroot(new->datafile, 0);
-
-    if (new->checkfile && (sconf->state == ENGINE_ENABLED)
-        && (stat(new->checkfile, &st) == -1)) {
-        return ap_pstrcat(cmd->pool,
-                          "RewriteMap: map file or program not found:",
-                          new->checkfile, NULL);
-    }
-
-    ap_server_strip_chroot(new->checkfile, 1);
-    ap_server_strip_chroot(new->datafile, 1);
-
-    return NULL;
-}
-
-static const char *cmd_rewritelock(cmd_parms *cmd, void *dconf, char *a1)
-{
-    const char *error;
-
-    if ((error = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL)
-        return error;
-
-    lockname = a1;
-
-    return NULL;
-}
-
-static const char *cmd_rewritebase(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *a1)
-{
-    if (cmd->path == NULL || dconf == NULL) {
-        return "RewriteBase: only valid in per-directory config files";
-    }
-    if (a1[0] == '\0') {
-        return "RewriteBase: empty URL not allowed";
-    }
-    if (a1[0] != '/') {
-        return "RewriteBase: argument is not a valid URL";
-    }
-
-    dconf->baseurl = a1;
-
-    return NULL;
-}
-
-static const char *cmd_rewritecond(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *str)
-{
-    rewrite_server_conf *sconf;
-    rewritecond_entry *new;
-    regex_t *regexp;
-    char *a1;
-    char *a2;
-    char *a3;
-    char *cp;
-    const char *err;
-    int rc;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    /*  make a new entry in the internal temporary rewrite rule list */
-    if (cmd->path == NULL) {   /* is server command */
-        new = ap_push_array(sconf->rewriteconds);
-    }
-    else {                     /* is per-directory command */
-        new = ap_push_array(dconf->rewriteconds);
-    }
-
-    /*  parse the argument line ourself */
-    if (parseargline(str, &a1, &a2, &a3)) {
-        return ap_pstrcat(cmd->pool, "RewriteCond: bad argument line '", str,
-                          "'\n", NULL);
-    }
-
-    /*  arg1: the input string */
-    new->input = ap_pstrdup(cmd->pool, a1);
-
-    /* arg3: optional flags field
-       (this have to be first parsed, because we need to
-        know if the regex should be compiled with ICASE!) */
-    new->flags = CONDFLAG_NONE;
-    if (a3 != NULL) {
-        if ((err = cmd_rewritecond_parseflagfield(cmd->pool, new,
-                                                  a3)) != NULL) {
-            return err;
-        }
-    }
-
-    /*  arg2: the pattern
-        try to compile the regexp to test if is ok */
-    cp = a2;
-    if (cp[0] == '!') {
-        new->flags |= CONDFLAG_NOTMATCH;
-        cp++;
-    }
-
-    /* now be careful: Under the POSIX regex library
-       we can compile the pattern for case-insensitive matching,
-       under the old V8 library we have to do it self via a hack */
-    if (new->flags & CONDFLAG_NOCASE) {
-        rc = ((regexp = ap_pregcomp(cmd->pool, cp, REG_EXTENDED|REG_ICASE))
-              == NULL);
-    }
-    else {
-        rc = ((regexp = ap_pregcomp(cmd->pool, cp, REG_EXTENDED)) == NULL);
-    }
-    if (rc) {
-        return ap_pstrcat(cmd->pool,
-                          "RewriteCond: cannot compile regular expression '",
-                          a2, "'\n", NULL);
-    }
-
-    new->pattern = ap_pstrdup(cmd->pool, cp);
-    new->regexp  = regexp;
-
-    return NULL;
-}
-
-static const char *cmd_rewritecond_parseflagfield(pool *p,
-                                                  rewritecond_entry *cfg,
-                                                  char *str)
-{
-    char *cp;
-    char *cp1;
-    char *cp2;
-    char *cp3;
-    char *key;
-    char *val;
-    const char *err;
-
-    if (str[0] != '[' || str[strlen(str)-1] != ']') {
-        return "RewriteCond: bad flag delimiters";
-    }
-
-    cp = str+1;
-    str[strlen(str)-1] = ','; /* for simpler parsing */
-    for ( ; *cp != '\0'; ) {
-        /* skip whitespaces */
-        for ( ; (*cp == ' ' || *cp == '\t') && *cp != '\0'; cp++)
-            ;
-        if (*cp == '\0') {
-            break;
-        }
-        cp1 = cp;
-        if ((cp2 = strchr(cp, ',')) != NULL) {
-            cp = cp2+1;
-            for ( ; (*(cp2-1) == ' ' || *(cp2-1) == '\t'); cp2--)
-                ;
-            *cp2 = '\0';
-            if ((cp3 = strchr(cp1, '=')) != NULL) {
-                *cp3 = '\0';
-                key = cp1;
-                val = cp3+1;
-            }
-            else {
-                key = cp1;
-                val = "";
-            }
-            if ((err = cmd_rewritecond_setflag(p, cfg, key, val)) != NULL) {
-                return err;
-            }
-        }
-        else {
-            break;
-        }
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewritecond_setflag(pool *p, rewritecond_entry *cfg,
-                                           char *key, char *val)
-{
-    if (   strcasecmp(key, "nocase") == 0
-        || strcasecmp(key, "NC") == 0    ) {
-        cfg->flags |= CONDFLAG_NOCASE;
-    }
-    else if (   strcasecmp(key, "ornext") == 0
-             || strcasecmp(key, "OR") == 0    ) {
-        cfg->flags |= CONDFLAG_ORNEXT;
-    }
-    else {
-        return ap_pstrcat(p, "RewriteCond: unknown flag '", key, "'\n", NULL);
-    }
-    return NULL;
-}
-
-static const char *cmd_rewriterule(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *str)
-{
-    rewrite_server_conf *sconf;
-    rewriterule_entry *new;
-    regex_t *regexp;
-    char *a1;
-    char *a2;
-    char *a3;
-    char *cp;
-    const char *err;
-    int mode;
-
-    sconf = (rewrite_server_conf *)
-            ap_get_module_config(cmd->server->module_config, &rewrite_module);
-
-    /*  make a new entry in the internal rewrite rule list */
-    if (cmd->path == NULL) {   /* is server command */
-        new = ap_push_array(sconf->rewriterules);
-    }
-    else {                     /* is per-directory command */
-        new = ap_push_array(dconf->rewriterules);
-    }
-
-    /*  parse the argument line ourself */
-    if (parseargline(str, &a1, &a2, &a3)) {
-        return ap_pstrcat(cmd->pool, "RewriteRule: bad argument line '", str,
-                          "'\n", NULL);
-    }
-
-    /* arg3: optional flags field */
-    new->forced_mimetype     = NULL;
-    new->forced_responsecode = HTTP_MOVED_TEMPORARILY;
-    new->flags  = RULEFLAG_NONE;
-    new->env[0] = NULL;
-    new->skip   = 0;
-    if (a3 != NULL) {
-        if ((err = cmd_rewriterule_parseflagfield(cmd->pool, new,
-                                                  a3)) != NULL) {
-            return err;
-        }
-    }
-
-    /*  arg1: the pattern
-     *  try to compile the regexp to test if is ok
-     */
-    cp = a1;
-    if (cp[0] == '!') {
-        new->flags |= RULEFLAG_NOTMATCH;
-        cp++;
-    }
-    mode = REG_EXTENDED;
-    if (new->flags & RULEFLAG_NOCASE) {
-        mode |= REG_ICASE;
-    }
-    if ((regexp = ap_pregcomp(cmd->pool, cp, mode)) == NULL) {
-        return ap_pstrcat(cmd->pool,
-                          "RewriteRule: cannot compile regular expression '",
-                          a1, "'\n", NULL);
-    }
-    new->pattern = ap_pstrdup(cmd->pool, cp);
-    new->regexp  = regexp;
-
-    /*  arg2: the output string
-     *  replace the $<N> by \<n> which is needed by the currently
-     *  used Regular Expression library
-     */
-    new->output = ap_pstrdup(cmd->pool, a2);
-
-    /* now, if the server or per-dir config holds an
-     * array of RewriteCond entries, we take it for us
-     * and clear the array
-     */
-    if (cmd->path == NULL) {  /* is server command */
-        new->rewriteconds   = sconf->rewriteconds;
-        sconf->rewriteconds = ap_make_array(cmd->pool, 2,
-                                            sizeof(rewritecond_entry));
-    }
-    else {                    /* is per-directory command */
-        new->rewriteconds   = dconf->rewriteconds;
-        dconf->rewriteconds = ap_make_array(cmd->pool, 2,
-                                            sizeof(rewritecond_entry));
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewriterule_parseflagfield(pool *p,
-                                                  rewriterule_entry *cfg,
-                                                  char *str)
-{
-    char *cp;
-    char *cp1;
-    char *cp2;
-    char *cp3;
-    char *key;
-    char *val;
-    const char *err;
-
-    if (str[0] != '[' || str[strlen(str)-1] != ']') {
-        return "RewriteRule: bad flag delimiters";
-    }
-
-    cp = str+1;
-    str[strlen(str)-1] = ','; /* for simpler parsing */
-    for ( ; *cp != '\0'; ) {
-        /* skip whitespaces */
-        for ( ; (*cp == ' ' || *cp == '\t') && *cp != '\0'; cp++)
-            ;
-        if (*cp == '\0') {
-            break;
-        }
-        cp1 = cp;
-        if ((cp2 = strchr(cp, ',')) != NULL) {
-            cp = cp2+1;
-            for ( ; (*(cp2-1) == ' ' || *(cp2-1) == '\t'); cp2--)
-                ;
-            *cp2 = '\0';
-            if ((cp3 = strchr(cp1, '=')) != NULL) {
-                *cp3 = '\0';
-                key = cp1;
-                val = cp3+1;
-            }
-            else {
-                key = cp1;
-                val = "";
-            }
-            if ((err = cmd_rewriterule_setflag(p, cfg, key, val)) != NULL) {
-                return err;
-            }
-        }
-        else {
-            break;
-        }
-    }
-
-    return NULL;
-}
-
-static const char *cmd_rewriterule_setflag(pool *p, rewriterule_entry *cfg,
-                                           char *key, char *val)
-{
-    int status = 0;
-    int i;
-
-    if (   strcasecmp(key, "redirect") == 0
-        || strcasecmp(key, "R") == 0       ) {
-        cfg->flags |= RULEFLAG_FORCEREDIRECT;
-        if (strlen(val) > 0) {
-            if (strcasecmp(val, "permanent") == 0) {
-                status = HTTP_MOVED_PERMANENTLY;
-            }
-            else if (strcasecmp(val, "temp") == 0) {
-                status = HTTP_MOVED_TEMPORARILY;
-            }
-            else if (strcasecmp(val, "seeother") == 0) {
-                status = HTTP_SEE_OTHER;
-            }
-            else if (ap_isdigit(*val)) {
-                status = atoi(val);
-            }
-            if (!ap_is_HTTP_REDIRECT(status)) {
-                return "RewriteRule: invalid HTTP response code "
-                       "for flag 'R'";
-            }
-            cfg->forced_responsecode = status;
-        }
-    }
-    else if (   strcasecmp(key, "noescape") == 0
-        || strcasecmp(key, "NE") == 0       ) {
-        cfg->flags |= RULEFLAG_NOESCAPE;
-    }
-    else if (   strcasecmp(key, "last") == 0
-             || strcasecmp(key, "L") == 0   ) {
-        cfg->flags |= RULEFLAG_LASTRULE;
-    }
-    else if (   strcasecmp(key, "next") == 0
-             || strcasecmp(key, "N") == 0   ) {
-        cfg->flags |= RULEFLAG_NEWROUND;
-    }
-    else if (   strcasecmp(key, "chain") == 0
-             || strcasecmp(key, "C") == 0    ) {
-        cfg->flags |= RULEFLAG_CHAIN;
-    }
-    else if (   strcasecmp(key, "type") == 0
-             || strcasecmp(key, "T") == 0   ) {
-        cfg->forced_mimetype = ap_pstrdup(p, val);
-        ap_str_tolower(cfg->forced_mimetype);
-    }
-    else if (   strcasecmp(key, "env") == 0
-             || strcasecmp(key, "E") == 0   ) {
-        for (i = 0; (cfg->env[i] != NULL) && (i < MAX_ENV_FLAGS); i++)
-            ;
-        if (i < MAX_ENV_FLAGS) {
-            cfg->env[i] = ap_pstrdup(p, val);
-            cfg->env[i+1] = NULL;
-        }
-        else {
-            return "RewriteRule: too many environment flags 'E'";
-        }
-    }
-    else if (   strcasecmp(key, "nosubreq") == 0
-             || strcasecmp(key, "NS") == 0      ) {
-        cfg->flags |= RULEFLAG_IGNOREONSUBREQ;
-    }
-    else if (   strcasecmp(key, "proxy") == 0
-             || strcasecmp(key, "P") == 0      ) {
-        cfg->flags |= RULEFLAG_PROXY;
-    }
-    else if (   strcasecmp(key, "passthrough") == 0
-             || strcasecmp(key, "PT") == 0      ) {
-        cfg->flags |= RULEFLAG_PASSTHROUGH;
-    }
-    else if (   strcasecmp(key, "skip") == 0
-             || strcasecmp(key, "S") == 0   ) {
-        cfg->skip = atoi(val);
-    }
-    else if (   strcasecmp(key, "forbidden") == 0
-             || strcasecmp(key, "F") == 0   ) {
-        cfg->flags |= RULEFLAG_FORBIDDEN;
-    }
-    else if (   strcasecmp(key, "gone") == 0
-             || strcasecmp(key, "G") == 0   ) {
-        cfg->flags |= RULEFLAG_GONE;
-    }
-    else if (   strcasecmp(key, "qsappend") == 0
-             || strcasecmp(key, "QSA") == 0   ) {
-        cfg->flags |= RULEFLAG_QSAPPEND;
-    }
-    else if (   strcasecmp(key, "nocase") == 0
-             || strcasecmp(key, "NC") == 0    ) {
-        cfg->flags |= RULEFLAG_NOCASE;
-    }
-    else {
-        return ap_pstrcat(p, "RewriteRule: unknown flag '", key, "'\n", NULL);
-    }
-    return NULL;
-}
-
-
-/*
-**
-**  Global Module Initialization
-**  [called from read_config() after all
-**  config commands were already called]
-**
-*/
-
-static void init_module(server_rec *s, pool *p)
-{
-    /* check if proxy module is available */
-    proxy_available = (ap_find_linked_module("mod_proxy.c") != NULL);
-
-    /* create the rewriting lockfile in the parent */
-    rewritelock_create(s, p);
-    ap_register_cleanup(p, (void *)s, rewritelock_remove, ap_null_cleanup);
-
-    /* step through the servers and
-     * - open each rewriting logfile
-     * - open the RewriteMap prg:xxx programs
-     */
-    for (; s; s = s->next) {
-        open_rewritelog(s, p);
-        run_rewritemap_programs(s, p);
-    }
-}
-
-
-/*
-**
-**  Per-Child Module Initialization
-**  [called after a child process is spawned]
-**
-*/
-
-static void init_child(server_rec *s, pool *p)
-{
-     /* open the rewriting lockfile */
-     rewritelock_open(s, p);
-
-     /* create the lookup cache */
-     cachep = init_cache(p);
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                     runtime hooks
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-/*
-**
-**  URI-to-filename hook
-**
-**  [used for the rewriting engine triggered by
-**  the per-server 'RewriteRule' directives]
-**
-*/
-
-static int hook_uri2file(request_rec *r)
-{
-    void *sconf;
-    rewrite_server_conf *conf;
-    const char *var;
-    const char *thisserver;
-    char *thisport;
-    const char *thisurl;
-    char buf[512];
-    char docroot[512];
-    const char *ccp;
-    unsigned int port;
-    int rulestatus;
-    int n;
-    int l;
-
-    /*
-     *  retrieve the config structures
-     */
-    sconf = r->server->module_config;
-    conf  = (rewrite_server_conf *)ap_get_module_config(sconf,
-                                                        &rewrite_module);
-
-    /*
-     *  only do something under runtime if the engine is really enabled,
-     *  else return immediately!
-     */
-    if (conf->state == ENGINE_DISABLED) {
-        return DECLINED;
-    }
-
-    /*
-     *  check for the ugly API case of a virtual host section where no
-     *  mod_rewrite directives exists. In this situation we became no chance
-     *  by the API to setup our default per-server config so we have to
-     *  on-the-fly assume we have the default config. But because the default
-     *  config has a disabled rewriting engine we are lucky because can
-     *  just stop operating now.
-     */
-    if (conf->server != r->server) {
-        return DECLINED;
-    }
-
-    /*
-     *  add the SCRIPT_URL variable to the env. this is a bit complicated
-     *  due to the fact that apache uses subrequests and internal redirects
-     */
-
-    if (r->main == NULL) {
-         var = ap_pstrcat(r->pool, "REDIRECT_", ENVVAR_SCRIPT_URL, NULL);
-         var = ap_table_get(r->subprocess_env, var);
-         if (var == NULL) {
-             ap_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URL, r->uri);
-         }
-         else {
-             ap_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URL, var);
-         }
-    }
-    else {
-         var = ap_table_get(r->main->subprocess_env, ENVVAR_SCRIPT_URL);
-         ap_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URL, var);
-    }
-
-    /*
-     *  create the SCRIPT_URI variable for the env
-     */
-
-    /* add the canonical URI of this URL */
-    thisserver = ap_get_server_name(r);
-    port = ap_get_server_port(r);
-    if (ap_is_default_port(port, r)) {
-        thisport = "";
-    }
-    else {
-        ap_snprintf(buf, sizeof(buf), ":%u", port);
-        thisport = buf;
-    }
-    thisurl = ap_table_get(r->subprocess_env, ENVVAR_SCRIPT_URL);
-
-    /* set the variable */
-    var = ap_pstrcat(r->pool, ap_http_method(r), "://", thisserver, thisport,
-                     thisurl, NULL);
-    ap_table_setn(r->subprocess_env, ENVVAR_SCRIPT_URI, var);
-
-    /* if filename was not initially set,
-     * we start with the requested URI
-     */
-    if (r->filename == NULL) {
-        r->filename = ap_pstrdup(r->pool, r->uri);
-        rewritelog(r, 2, "init rewrite engine with requested uri %s",
-                   r->filename);
-    }
-
-    /*
-     *  now apply the rules ...
-     */
-    rulestatus = apply_rewrite_list(r, conf->rewriterules, NULL);
-    if (rulestatus) {
-        unsigned skip;
-
-        if (strlen(r->filename) > 6 &&
-            strncmp(r->filename, "proxy:", 6) == 0) {
-            /* it should be go on as an internal proxy request */
-
-            /* check if the proxy module is enabled, so
-             * we can actually use it!
-             */
-            if (!proxy_available) {
-                ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                             "attempt to make remote request from mod_rewrite "
-                             "without proxy enabled: %s", r->filename);
-                return FORBIDDEN;
-            }
-
-            /* make sure the QUERY_STRING and
-             * PATH_INFO parts get incorporated
-             */
-            if (r->path_info != NULL) {
-                r->filename = ap_pstrcat(r->pool, r->filename,
-                                         r->path_info, NULL);
-            }
-            if (r->args != NULL &&
-                r->uri == r->unparsed_uri) {
-                /* see proxy_http:proxy_http_canon() */
-                r->filename = ap_pstrcat(r->pool, r->filename,
-                                         "?", r->args, NULL);
-            }
-
-            /* now make sure the request gets handled by the proxy handler */
-            r->proxyreq = PROXY_PASS;
-            r->handler  = "proxy-server";
-
-            rewritelog(r, 1, "go-ahead with proxy request %s [OK]",
-                       r->filename);
-            return OK;
-        }
-        else if ((skip = is_absolute_uri(r->filename)) > 0) {
-            /* it was finally rewritten to a remote URL */
-
-            if (rulestatus != ACTION_NOESCAPE) {
-                rewritelog(r, 1, "escaping %s for redirect", r->filename);
-                r->filename = escape_absolute_uri(r->pool, r->filename, skip);
-            }
-
-            /* append the QUERY_STRING part */
-            if (r->args) {
-                r->filename = ap_pstrcat(r->pool, r->filename, "?",
-                                         (rulestatus == ACTION_NOESCAPE)
-                                           ? r->args
-                                           : ap_escape_uri(r->pool, r->args),
-                                         NULL);
-            }
-
-            /* determine HTTP redirect response code */
-            if (ap_is_HTTP_REDIRECT(r->status)) {
-                n = r->status;
-                r->status = HTTP_OK; /* make Apache kernel happy */
-            }
-            else {
-                n = REDIRECT;
-            }
-
-            /* now do the redirection */
-            ap_table_setn(r->headers_out, "Location", r->filename);
-            rewritelog(r, 1, "redirect to %s [REDIRECT/%d]", r->filename, n);
-            return n;
-        }
-        else if (strlen(r->filename) > 10 &&
-                 strncmp(r->filename, "forbidden:", 10) == 0) {
-            /* This URLs is forced to be forbidden for the requester */
-            return FORBIDDEN;
-        }
-        else if (strlen(r->filename) > 5 &&
-                 strncmp(r->filename, "gone:", 5) == 0) {
-            /* This URLs is forced to be gone */
-            return HTTP_GONE;
-        }
-        else if (strlen(r->filename) > 12 &&
-                 strncmp(r->filename, "passthrough:", 12) == 0) {
-            /*
-             * Hack because of underpowered API: passing the current
-             * rewritten filename through to other URL-to-filename handlers
-             * just as it were the requested URL. This is to enable
-             * post-processing by mod_alias, etc.  which always act on
-             * r->uri! The difference here is: We do not try to
-             * add the document root
-             */
-            r->uri = ap_pstrdup(r->pool, r->filename+12);
-            return DECLINED;
-        }
-        else {
-            /* it was finally rewritten to a local path */
-
-            /* expand "/~user" prefix */
-            r->filename = expand_tildepaths(r, r->filename);
-            rewritelog(r, 2, "local path result: %s", r->filename);
-
-            /* the filename must be either an absolute local path or an
-             * absolute local URL.
-             */
-            if (   *r->filename != '/'
-                && !ap_os_is_path_absolute(r->filename)) {
-                return BAD_REQUEST;
-            }
-
-            /* if there is no valid prefix, we have
-             * to emulate the translator from the core and
-             * prefix the filename with document_root
-             *
-             * NOTICE:
-             * We cannot leave out the prefix_stat because
-             * - when we always prefix with document_root
-             *   then no absolute path can be created, e.g. via
-             *   emulating a ScriptAlias directive, etc.
-             * - when we always NOT prefix with document_root
-             *   then the files under document_root have to
-             *   be references directly and document_root
-             *   gets never used and will be a dummy parameter -
-             *   this is also bad
-             *
-             * BUT:
-             * Under real Unix systems this is no problem,
-             * because we only do stat() on the first directory
-             * and this gets cached by the kernel for along time!
-             */
-            n = prefix_stat(r->filename, r->pool);
-            if (n == 0) {
-                if ((ccp = ap_document_root(r)) != NULL) {
-                    l = ap_cpystrn(docroot, ccp, sizeof(docroot)) - docroot;
-
-                    /* always NOT have a trailing slash */
-                    if (docroot[l-1] == '/') {
-                        docroot[l-1] = '\0';
-                    }
-                    if (r->server->path
-                        && !strncmp(r->filename, r->server->path,
-                                    r->server->pathlen)) {
-                        r->filename = ap_pstrcat(r->pool, docroot,
-                                                 (r->filename +
-                                                  r->server->pathlen), NULL);
-                    }
-                    else {
-                        r->filename = ap_pstrcat(r->pool, docroot, 
-                                                 r->filename, NULL);
-                    }
-                    rewritelog(r, 2, "prefixed with document_root to %s",
-                               r->filename);
-                }
-            }
-
-            rewritelog(r, 1, "go-ahead with %s [OK]", r->filename);
-            return OK;
-        }
-    }
-    else {
-        rewritelog(r, 1, "pass through %s", r->filename);
-        return DECLINED;
-    }
-}
-
-
-/*
-**
-**  MIME-type hook
-**
-**  [used to support the forced-MIME-type feature]
-**
-*/
-
-static int hook_mimetype(request_rec *r)
-{
-    const char *t;
-
-    /* now check if we have to force a MIME-type */
-    t = ap_table_get(r->notes, REWRITE_FORCED_MIMETYPE_NOTEVAR);
-    if (t == NULL) {
-        return DECLINED;
-    }
-    else {
-        rewritelog(r, 1, "force filename %s to have MIME-type '%s'",
-                   r->filename, t);
-        r->content_type = t;
-        return OK;
-    }
-}
-
-
-/*
-**
-**  Fixup hook
-**
-**  [used for the rewriting engine triggered by
-**  the per-directory 'RewriteRule' directives]
-**
-*/
-
-static int hook_fixup(request_rec *r)
-{
-    rewrite_perdir_conf *dconf;
-    char *cp;
-    char *cp2;
-    const char *ccp;
-    char *prefix;
-    int l;
-    int rulestatus;
-    int n;
-    char *ofilename;
-
-    dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config,
-                                                        &rewrite_module);
-
-    /* if there is no per-dir config we return immediately */
-    if (dconf == NULL) {
-        return DECLINED;
-    }
-
-    /* we shouldn't do anything in subrequests */
-    if (r->main != NULL) {
-        return DECLINED;
-    }
-
-    /* if there are no real (i.e. no RewriteRule directives!)
-       per-dir config of us, we return also immediately */
-    if (dconf->directory == NULL) {
-        return DECLINED;
-    }
-
-    /*
-     *  only do something under runtime if the engine is really enabled,
-     *  for this directory, else return immediately!
-     */
-    if (dconf->state == ENGINE_DISABLED) {
-        return DECLINED;
-    }
-
-    /*
-     *  Do the Options check after engine check, so
-     *  the user is able to explicitely turn RewriteEngine Off.
-     */
-    if (!(ap_allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER))) {
-        /* FollowSymLinks is mandatory! */
-        ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-                     "Options FollowSymLinks or SymLinksIfOwnerMatch is off "
-                     "which implies that RewriteRule directive is forbidden: "
-                     "%s", r->filename);
-        return FORBIDDEN;
-    }
-
-    /*
-     *  remember the current filename before rewriting for later check
-     *  to prevent deadlooping because of internal redirects
-     *  on final URL/filename which can be equal to the inital one.
-     */
-    ofilename = r->filename;
-
-    /*
-     *  now apply the rules ...
-     */
-    rulestatus = apply_rewrite_list(r, dconf->rewriterules, dconf->directory);
-    if (rulestatus) {
-        unsigned skip;
-
-        if (strlen(r->filename) > 6 &&
-            strncmp(r->filename, "proxy:", 6) == 0) {
-            /* it should go on as an internal proxy request */
-
-            /* make sure the QUERY_STRING and
-             * PATH_INFO parts get incorporated
-             * (r->path_info was already appended by the
-             * rewriting engine because of the per-dir context!)
-             */
-            if (r->args != NULL) {
-                r->filename = ap_pstrcat(r->pool, r->filename,
-                                         "?", r->args, NULL);
-            }
-
-            /* now make sure the request gets handled by the proxy handler */
-            r->proxyreq = PROXY_PASS;
-            r->handler  = "proxy-server";
-
-            rewritelog(r, 1, "[per-dir %s] go-ahead with proxy request "
-                       "%s [OK]", dconf->directory, r->filename);
-            return OK;
-        }
-        else if ((skip = is_absolute_uri(r->filename)) > 0) {
-            /* it was finally rewritten to a remote URL */
-
-            /* because we are in a per-dir context
-             * first try to replace the directory with its base-URL
-             * if there is a base-URL available
-             */
-            if (dconf->baseurl != NULL) {
-                /* skip 'scheme://' */
-                cp = r->filename + skip;
-
-                if ((cp = strchr(cp, '/')) != NULL && *(++cp)) {
-                    rewritelog(r, 2,
-                               "[per-dir %s] trying to replace "
-                               "prefix %s with %s",
-                               dconf->directory, dconf->directory,
-                               dconf->baseurl);
-
-                    /* I think, that hack needs an explanation:
-                     * well, here is it:
-                     * mod_rewrite was written for unix systems, were
-                     * absolute file-system paths start with a slash.
-                     * URL-paths _also_ start with slashes, so they
-                     * can be easily compared with system paths.
-                     *
-                     * the following assumes, that the actual url-path
-                     * may be prefixed by the current directory path and
-                     * tries to replace the system path with the RewriteBase
-                     * URL.
-                     * That assumption is true if we use a RewriteRule like
-                     *
-                     * RewriteRule ^foo bar [R]
-                     *
-                     * (see apply_rewrite_rule function)
-                     * However on systems that don't have a / as system
-                     * root this will never match, so we skip the / after the
-                     * hostname and compare/substitute only the stuff after it.
-                     *
-                     * (note that cp was already increased to the right value)
-                     */
-                    cp2 = subst_prefix_path(r, cp, (*dconf->directory == '/')
-                                                   ? dconf->directory + 1
-                                                   : dconf->directory,
-                                            dconf->baseurl + 1);
-                    if (strcmp(cp2, cp) != 0) {
-                        *cp = '\0';
-                        r->filename = ap_pstrcat(r->pool, r->filename,
-                                                 cp2, NULL);
-                    }
-                }
-            }
-
-            /* now prepare the redirect... */
-            if (rulestatus != ACTION_NOESCAPE) {
-                rewritelog(r, 1, "[per-dir %s] escaping %s for redirect",
-                           dconf->directory, r->filename);
-                r->filename = escape_absolute_uri(r->pool, r->filename, skip);
-            }
-
-            /* append the QUERY_STRING part */
-            if (r->args) {
-                r->filename = ap_pstrcat(r->pool, r->filename, "?",
-                                         (rulestatus == ACTION_NOESCAPE)
-                                           ? r->args
-                                           : ap_escape_uri(r->pool, r->args),
-                                         NULL);
-            }
-
-            /* determine HTTP redirect response code */
-            if (ap_is_HTTP_REDIRECT(r->status)) {
-                n = r->status;
-                r->status = HTTP_OK; /* make Apache kernel happy */
-            }
-            else {
-                n = REDIRECT;
-            }
-
-            /* now do the redirection */
-            ap_table_setn(r->headers_out, "Location", r->filename);
-            rewritelog(r, 1, "[per-dir %s] redirect to %s [REDIRECT/%d]",
-                       dconf->directory, r->filename, n);
-            return n;
-        }
-        else if (strlen(r->filename) > 10 &&
-                 strncmp(r->filename, "forbidden:", 10) == 0) {
-            /* This URL is forced to be forbidden for the requester */
-            return FORBIDDEN;
-        }
-        else if (strlen(r->filename) > 5 &&
-                 strncmp(r->filename, "gone:", 5) == 0) {
-            /* This URL is forced to be gone */
-            return HTTP_GONE;
-        }
-        else {
-            /* it was finally rewritten to a local path */
-
-            /* if someone used the PASSTHROUGH flag in per-dir
-             * context we just ignore it. It is only useful
-             * in per-server context
-             */
-            if (strlen(r->filename) > 12 &&
-                strncmp(r->filename, "passthrough:", 12) == 0) {
-                r->filename = ap_pstrdup(r->pool, r->filename+12);
-            }
-
-            /* the filename must be either an absolute local path or an
-             * absolute local URL.
-             */
-            if (   *r->filename != '/'
-                && !ap_os_is_path_absolute(r->filename)) {
-                return BAD_REQUEST;
-            }
-
-            /* Check for deadlooping:
-             * At this point we KNOW that at least one rewriting
-             * rule was applied, but when the resulting URL is
-             * the same as the initial URL, we are not allowed to
-             * use the following internal redirection stuff because
-             * this would lead to a deadloop.
-             */
-            if (strcmp(r->filename, ofilename) == 0) {
-                rewritelog(r, 1, "[per-dir %s] initial URL equal rewritten "
-                           "URL: %s [IGNORING REWRITE]",
-                           dconf->directory, r->filename);
-                return OK;
-            }
-
-            /* if there is a valid base-URL then substitute
-             * the per-dir prefix with this base-URL if the
-             * current filename still is inside this per-dir
-             * context. If not then treat the result as a
-             * plain URL
-             */
-            if (dconf->baseurl != NULL) {
-                rewritelog(r, 2,
-                           "[per-dir %s] trying to replace prefix %s with %s",
-                           dconf->directory, dconf->directory, dconf->baseurl);
-                r->filename = subst_prefix_path(r, r->filename,
-                                                dconf->directory,
-                                                dconf->baseurl);
-            }
-            else {
-                /* if no explicit base-URL exists we assume
-                 * that the directory prefix is also a valid URL
-                 * for this webserver and only try to remove the
-                 * document_root if it is prefix
-                 */
-                if ((ccp = ap_document_root(r)) != NULL) {
-                    prefix = ap_pstrdup(r->pool, ccp);
-                    /* always NOT have a trailing slash */
-                    l = strlen(prefix);
-                    if (prefix[l-1] == '/') {
-                        prefix[l-1] = '\0';
-                        l--;
-                    }
-                    if (strncmp(r->filename, prefix, l) == 0) {
-                        rewritelog(r, 2,
-                                   "[per-dir %s] strip document_root "
-                                   "prefix: %s -> %s",
-                                   dconf->directory, r->filename,
-                                   r->filename+l);
-                        r->filename = ap_pstrdup(r->pool, r->filename+l);
-                    }
-                }
-            }
-
-            /* now initiate the internal redirect */
-            rewritelog(r, 1, "[per-dir %s] internal redirect with %s "
-                       "[INTERNAL REDIRECT]", dconf->directory, r->filename);
-            r->filename = ap_pstrcat(r->pool, "redirect:", r->filename, NULL);
-            r->handler = "redirect-handler";
-            return OK;
-        }
-    }
-    else {
-        rewritelog(r, 1, "[per-dir %s] pass through %s", 
-                   dconf->directory, r->filename);
-        return DECLINED;
-    }
-}
-
-
-/*
-**
-**  Content-Handlers
-**
-**  [used for redirect support]
-**
-*/
-
-static int handler_redirect(request_rec *r)
-{
-    /* just make sure that we are really meant! */
-    if (strncmp(r->filename, "redirect:", 9) != 0) {
-        return DECLINED;
-    }
-
-    if (is_redirect_limit_exceeded(r)) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, r,
-                      "mod_rewrite: maximum number of internal redirects "
-                      "reached. Assuming configuration error. Use "
-                      "'RewriteOptions MaxRedirects' to increase the limit "
-                      "if necessary.");
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    /* now do the internal redirect */
-    ap_internal_redirect(ap_pstrcat(r->pool, r->filename+9,
-                                    r->args ? "?" : NULL, r->args, NULL), r);
-
-    /* and return gracefully */
-    return OK;
-}
-
-/*
- * check whether redirect limit is reached
- */
-static int is_redirect_limit_exceeded(request_rec *r)
-{
-    request_rec *top = r;
-    rewrite_request_conf *reqc;
-    rewrite_perdir_conf *dconf;
-
-    /* we store it in the top request */
-    while (top->main) {
-        top = top->main;
-    }
-    while (top->prev) {
-        top = top->prev;
-    }
-
-    /* fetch our config */
-    reqc = (rewrite_request_conf *) ap_get_module_config(top->request_config,
-                                                         &rewrite_module);
-
-    /* no config there? create one. */
-    if (!reqc) {
-        rewrite_server_conf *sconf;
-
-        reqc = ap_palloc(top->pool, sizeof(rewrite_request_conf));
-        sconf = ap_get_module_config(r->server->module_config, &rewrite_module);
-
-        reqc->redirects = 0;
-        reqc->redirect_limit = sconf->redirect_limit
-                                 ? sconf->redirect_limit
-                                 : REWRITE_REDIRECT_LIMIT;
-
-        /* associate it with this request */
-        ap_set_module_config(top->request_config, &rewrite_module, reqc);
-    }
-
-    /* allow to change the limit during redirects. */
-    dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config,
-                                                        &rewrite_module);
-
-    /* 0 == unset; take server conf ... */
-    if (dconf->redirect_limit) {
-        reqc->redirect_limit = dconf->redirect_limit;
-    }
-
-    ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, r,
-                  "mod_rewrite's internal redirect status: %d/%d.",
-                  reqc->redirects, reqc->redirect_limit);
-
-    /* and now give the caller a hint */
-    return (reqc->redirects++ >= reqc->redirect_limit);
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                  the rewriting engine
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-/*
- *  Apply a complete rule set,
- *  i.e. a list of rewrite rules
- */
-static int apply_rewrite_list(request_rec *r, array_header *rewriterules,
-                              char *perdir)
-{
-    rewriterule_entry *entries;
-    rewriterule_entry *p;
-    int i;
-    int changed;
-    int rc;
-    int s;
-
-    /*
-     *  Iterate over all existing rules
-     */
-    entries = (rewriterule_entry *)rewriterules->elts;
-    changed = 0;
-    loop:
-    for (i = 0; i < rewriterules->nelts; i++) {
-        p = &entries[i];
-
-        /*
-         *  Ignore this rule on subrequests if we are explicitly
-         *  asked to do so or this is a proxy-throughput or a
-         *  forced redirect rule.
-         */
-        if (r->main != NULL &&
-            (p->flags & RULEFLAG_IGNOREONSUBREQ ||
-             p->flags & RULEFLAG_PROXY          ||
-             p->flags & RULEFLAG_FORCEREDIRECT    )) {
-            continue;
-        }
-
-        /*
-         *  Apply the current rule.
-         */
-        rc = apply_rewrite_rule(r, p, perdir);
-        if (rc) {
-            /*
-             *  Indicate a change if this was not a match-only rule.
-             */
-            if (rc != 2) {
-                changed = ((p->flags & RULEFLAG_NOESCAPE)
-                           ? ACTION_NOESCAPE : ACTION_NORMAL);
-            }
-
-            /*
-             *  Pass-Through Feature (`RewriteRule .. .. [PT]'):
-             *  Because the Apache 1.x API is very limited we
-             *  need this hack to pass the rewritten URL to other
-             *  modules like mod_alias, mod_userdir, etc.
-             */
-            if (p->flags & RULEFLAG_PASSTHROUGH) {
-                rewritelog(r, 2, "forcing '%s' to get passed through "
-                           "to next API URI-to-filename handler", r->filename);
-                r->filename = ap_pstrcat(r->pool, "passthrough:",
-                                         r->filename, NULL);
-                changed = ACTION_NORMAL;
-                break;
-            }
-
-            /*
-             *  Rule has the "forbidden" flag set which means that
-             *  we stop processing and indicate this to the caller.
-             */
-            if (p->flags & RULEFLAG_FORBIDDEN) {
-                rewritelog(r, 2, "forcing '%s' to be forbidden", r->filename);
-                r->filename = ap_pstrcat(r->pool, "forbidden:",
-                                         r->filename, NULL);
-                changed = ACTION_NORMAL;
-                break;
-            }
-
-            /*
-             *  Rule has the "gone" flag set which means that
-             *  we stop processing and indicate this to the caller.
-             */
-            if (p->flags & RULEFLAG_GONE) {
-                rewritelog(r, 2, "forcing '%s' to be gone", r->filename);
-                r->filename = ap_pstrcat(r->pool, "gone:", r->filename, NULL);
-                changed = ACTION_NORMAL;
-                break;
-            }
-
-            /*
-             *  Stop processing also on proxy pass-through and
-             *  last-rule and new-round flags.
-             */
-            if (p->flags & RULEFLAG_PROXY) {
-                break;
-            }
-            if (p->flags & RULEFLAG_LASTRULE) {
-                break;
-            }
-
-            /*
-             *  On "new-round" flag we just start from the top of
-             *  the rewriting ruleset again.
-             */
-            if (p->flags & RULEFLAG_NEWROUND) {
-                goto loop;
-            }
-
-            /*
-             *  If we are forced to skip N next rules, do it now.
-             */
-            if (p->skip > 0) {
-                s = p->skip;
-                while (   i < rewriterules->nelts
-                       && s > 0) {
-                    i++;
-                    p = &entries[i];
-                    s--;
-                }
-            }
-        }
-        else {
-            /*
-             *  If current rule is chained with next rule(s),
-             *  skip all this next rule(s)
-             */
-            while (   i < rewriterules->nelts
-                   && p->flags & RULEFLAG_CHAIN) {
-                i++;
-                p = &entries[i];
-            }
-        }
-    }
-    return changed;
-}
-
-/*
- *  Apply a single(!) rewrite rule
- */
-static int apply_rewrite_rule(request_rec *r, rewriterule_entry *p,
-                              char *perdir)
-{
-    char *uri;
-    char *output;
-    const char *vary;
-    char newuri[MAX_STRING_LEN];
-    regex_t *regexp;
-    regmatch_t regmatch[AP_MAX_REG_MATCH];
-    backrefinfo *briRR = NULL;
-    backrefinfo *briRC = NULL;
-    int prefixstrip;
-    int failed;
-    array_header *rewriteconds;
-    rewritecond_entry *conds;
-    rewritecond_entry *c;
-    int i;
-    int rc;
-
-    /*
-     *  Initialisation
-     */
-    uri     = r->filename;
-    regexp  = p->regexp;
-    output  = p->output;
-
-    /*
-     *  Add (perhaps splitted away) PATH_INFO postfix to URL to
-     *  make sure we really match against the complete URL.
-     */
-    if (perdir != NULL && r->path_info != NULL && r->path_info[0] != '\0') {
-        rewritelog(r, 3, "[per-dir %s] add path-info postfix: %s -> %s%s",
-                   perdir, uri, uri, r->path_info);
-        uri = ap_pstrcat(r->pool, uri, r->path_info, NULL);
-    }
-
-    /*
-     *  On per-directory context (.htaccess) strip the location
-     *  prefix from the URL to make sure patterns apply only to
-     *  the local part.  Additionally indicate this special
-     *  threatment in the logfile.
-     */
-    prefixstrip = 0;
-    if (perdir != NULL) {
-        if (   strlen(uri) >= strlen(perdir)
-            && strncmp(uri, perdir, strlen(perdir)) == 0) {
-            rewritelog(r, 3, "[per-dir %s] strip per-dir prefix: %s -> %s",
-                       perdir, uri, uri+strlen(perdir));
-            uri = uri+strlen(perdir);
-            prefixstrip = 1;
-        }
-    }
-
-    /*
-     *  Try to match the URI against the RewriteRule pattern
-     *  and exit immeddiately if it didn't apply.
-     */
-    if (perdir == NULL) {
-        rewritelog(r, 3, "applying pattern '%s' to uri '%s'",
-                   p->pattern, uri);
-    }
-    else {
-        rewritelog(r, 3, "[per-dir %s] applying pattern '%s' to uri '%s'",
-                   perdir, p->pattern, uri);
-    }
-    rc = (ap_regexec(regexp, uri, AP_MAX_REG_MATCH, regmatch, 0) == 0);
-    if (! (( rc && !(p->flags & RULEFLAG_NOTMATCH)) ||
-           (!rc &&  (p->flags & RULEFLAG_NOTMATCH))   ) ) {
-        return 0;
-    }
-
-    /*
-     *  Else create the RewriteRule `regsubinfo' structure which
-     *  holds the substitution information.
-     */
-    briRR = (backrefinfo *)ap_palloc(r->pool, sizeof(backrefinfo));
-    if (!rc && (p->flags & RULEFLAG_NOTMATCH)) {
-        /*  empty info on negative patterns  */
-        briRR->source = "";
-        briRR->nsub   = 0;
-    }
-    else {
-        briRR->source = ap_pstrdup(r->pool, uri);
-        briRR->nsub   = regexp->re_nsub;
-        memcpy((void *)(briRR->regmatch), (void *)(regmatch),
-               sizeof(regmatch));
-    }
-
-    /*
-     *  Initiallally create the RewriteCond backrefinfo with
-     *  empty backrefinfo, i.e. not subst parts
-     *  (this one is adjusted inside apply_rewrite_cond() later!!)
-     */
-    briRC = (backrefinfo *)ap_pcalloc(r->pool, sizeof(backrefinfo));
-    briRC->source = "";
-    briRC->nsub   = 0;
-
-    /*
-     *  Ok, we already know the pattern has matched, but we now
-     *  additionally have to check for all existing preconditions
-     *  (RewriteCond) which have to be also true. We do this at
-     *  this very late stage to avoid unnecessary checks which
-     *  would slow down the rewriting engine!!
-     */
-    rewriteconds = p->rewriteconds;
-    conds = (rewritecond_entry *)rewriteconds->elts;
-    failed = 0;
-    for (i = 0; i < rewriteconds->nelts; i++) {
-        c = &conds[i];
-        rc = apply_rewrite_cond(r, c, perdir, briRR, briRC);
-        if (c->flags & CONDFLAG_ORNEXT) {
-            /*
-             *  The "OR" case
-             */
-            if (rc == 0) {
-                /*  One condition is false, but another can be
-                 *  still true, so we have to continue...
-                 */
-                ap_table_unset(r->notes, VARY_KEY_THIS);
-                continue;
-            }
-            else {
-                /*  One true condition is enough in "or" case, so
-                 *  skip the other conditions which are "ornext"
-                 *  chained
-                 */
-                while (   i < rewriteconds->nelts
-                       && c->flags & CONDFLAG_ORNEXT) {
-                    i++;
-                    c = &conds[i];
-                }
-                continue;
-            }
-        }
-        else {
-            /*
-             *  The "AND" case, i.e. no "or" flag,
-             *  so a single failure means total failure.
-             */
-            if (rc == 0) {
-                failed = 1;
-                break;
-            }
-        }
-        vary = ap_table_get(r->notes, VARY_KEY_THIS);
-        if (vary != NULL) {
-            ap_table_merge(r->notes, VARY_KEY, vary);
-            ap_table_unset(r->notes, VARY_KEY_THIS);
-        }
-    }
-    /*  if any condition fails the complete rule fails  */
-    if (failed) {
-        ap_table_unset(r->notes, VARY_KEY);
-        ap_table_unset(r->notes, VARY_KEY_THIS);
-        return 0;
-    }
-
-    /*
-     * Regardless of what we do next, we've found a match.  Check to see
-     * if any of the request header fields were involved, and add them
-     * to the Vary field of the response.
-     */
-    if ((vary = ap_table_get(r->notes, VARY_KEY)) != NULL) {
-        ap_table_merge(r->headers_out, "Vary", vary);
-        ap_table_unset(r->notes, VARY_KEY);
-    }
-
-    /*
-     *  If this is a pure matching rule (`RewriteRule <pat> -')
-     *  we stop processing and return immediately. The only thing
-     *  we have not to forget are the environment variables
-     *  (`RewriteRule <pat> - [E=...]')
-     */
-    if (strcmp(output, "-") == 0) {
-	do_expand_env(r, p->env, briRR, briRC);
-        if (p->forced_mimetype != NULL) {
-            if (perdir == NULL) {
-                /* In the per-server context we can force the MIME-type
-                 * the correct way by notifying our MIME-type hook handler
-                 * to do the job when the MIME-type API stage is reached.
-                 */
-                rewritelog(r, 2, "remember %s to have MIME-type '%s'",
-                           r->filename, p->forced_mimetype);
-                ap_table_setn(r->notes, REWRITE_FORCED_MIMETYPE_NOTEVAR,
-                              p->forced_mimetype);
-            }
-            else {
-                /* In per-directory context we operate in the Fixup API hook
-                 * which is after the MIME-type hook, so our MIME-type handler
-                 * has no chance to set r->content_type. And because we are
-                 * in the situation where no substitution takes place no
-                 * sub-request will happen (which could solve the
-                 * restriction). As a workaround we do it ourself now
-                 * immediately although this is not strictly API-conforming.
-                 * But it's the only chance we have...
-                 */
-                rewritelog(r, 1, "[per-dir %s] force %s to have MIME-type "
-                           "'%s'", perdir, r->filename, p->forced_mimetype);
-                r->content_type = p->forced_mimetype;
-            }
-        }
-        return 2;
-    }
-
-    /*
-     *  Ok, now we finally know all patterns have matched and
-     *  that there is something to replace, so we create the
-     *  substitution URL string in `newuri'.
-     */
-    do_expand(r, output, newuri, sizeof(newuri), briRR, briRC);
-    if (perdir == NULL) {
-        rewritelog(r, 2, "rewrite %s -> %s", uri, newuri);
-    }
-    else {
-        rewritelog(r, 2, "[per-dir %s] rewrite %s -> %s", perdir, uri, newuri);
-    }
-
-    /*
-     *  Additionally do expansion for the environment variable
-     *  strings (`RewriteRule .. .. [E=<string>]').
-     */
-    do_expand_env(r, p->env, briRR, briRC);
-
-    /*
-     *  Now replace API's knowledge of the current URI:
-     *  Replace r->filename with the new URI string and split out
-     *  an on-the-fly generated QUERY_STRING part into r->args
-     */
-    r->filename = ap_pstrdup(r->pool, newuri);
-    splitout_queryargs(r, p->flags & RULEFLAG_QSAPPEND);
-
-    /*
-     *  Add the previously stripped per-directory location
-     *  prefix if the new URI is not a new one for this
-     *  location, i.e. if it's not an absolute URL (!) path nor
-     *  a fully qualified URL scheme.
-     */
-    if (prefixstrip && *r->filename != '/'
-	&& !is_absolute_uri(r->filename)) {
-        rewritelog(r, 3, "[per-dir %s] add per-dir prefix: %s -> %s%s",
-                   perdir, r->filename, perdir, r->filename);
-        r->filename = ap_pstrcat(r->pool, perdir, r->filename, NULL);
-    }
-
-    /*
-     *  If this rule is forced for proxy throughput
-     *  (`RewriteRule ... ... [P]') then emulate mod_proxy's
-     *  URL-to-filename handler to be sure mod_proxy is triggered
-     *  for this URL later in the Apache API. But make sure it is
-     *  a fully-qualified URL. (If not it is qualified with
-     *  ourself).
-     */
-    if (p->flags & RULEFLAG_PROXY) {
-        fully_qualify_uri(r);
-        if (perdir == NULL) {
-            rewritelog(r, 2, "forcing proxy-throughput with %s", r->filename);
-        }
-        else {
-            rewritelog(r, 2, "[per-dir %s] forcing proxy-throughput with %s",
-                       perdir, r->filename);
-        }
-        r->filename = ap_pstrcat(r->pool, "proxy:", r->filename, NULL);
-        return 1;
-    }
-
-    /*
-     *  If this rule is explicitly forced for HTTP redirection
-     *  (`RewriteRule .. .. [R]') then force an external HTTP
-     *  redirect. But make sure it is a fully-qualified URL. (If
-     *  not it is qualified with ourself).
-     */
-    if (p->flags & RULEFLAG_FORCEREDIRECT) {
-        fully_qualify_uri(r);
-        if (perdir == NULL) {
-            rewritelog(r, 2,
-                       "explicitly forcing redirect with %s", r->filename);
-        }
-        else {
-            rewritelog(r, 2,
-                       "[per-dir %s] explicitly forcing redirect with %s",
-                       perdir, r->filename);
-        }
-        r->status = p->forced_responsecode;
-        return 1;
-    }
-
-    /*
-     *  Special Rewriting Feature: Self-Reduction
-     *  We reduce the URL by stripping a possible
-     *  http[s]://<ourhost>[:<port>] prefix, i.e. a prefix which
-     *  corresponds to ourself. This is to simplify rewrite maps
-     *  and to avoid recursion, etc. When this prefix is not a
-     *  coincidence then the user has to use [R] explicitly (see
-     *  above).
-     */
-    reduce_uri(r);
-
-    /*
-     *  If this rule is still implicitly forced for HTTP
-     *  redirection (`RewriteRule .. <scheme>://...') then
-     *  directly force an external HTTP redirect.
-     */
-    if (is_absolute_uri(r->filename)) {
-        if (perdir == NULL) {
-            rewritelog(r, 2,
-                       "implicitly forcing redirect (rc=%d) with %s",
-                       p->forced_responsecode, r->filename);
-        }
-        else {
-            rewritelog(r, 2, "[per-dir %s] implicitly forcing redirect "
-                       "(rc=%d) with %s", perdir, p->forced_responsecode,
-                       r->filename);
-        }
-        r->status = p->forced_responsecode;
-        return 1;
-    }
-
-    /*
-     *  Finally we had to remember if a MIME-type should be
-     *  forced for this URL (`RewriteRule .. .. [T=<type>]')
-     *  Later in the API processing phase this is forced by our
-     *  MIME API-hook function. This time its no problem even for
-     *  the per-directory context (where the MIME-type hook was
-     *  already processed) because a sub-request happens ;-)
-     */
-    if (p->forced_mimetype != NULL) {
-        ap_table_setn(r->notes, REWRITE_FORCED_MIMETYPE_NOTEVAR,
-                      p->forced_mimetype);
-        if (perdir == NULL) {
-            rewritelog(r, 2, "remember %s to have MIME-type '%s'",
-                       r->filename, p->forced_mimetype);
-        }
-        else {
-            rewritelog(r, 2,
-                       "[per-dir %s] remember %s to have MIME-type '%s'",
-                       perdir, r->filename, p->forced_mimetype);
-        }
-    }
-
-    /*
-     *  Puuhhhhhhhh... WHAT COMPLICATED STUFF ;_)
-     *  But now we're done for this particular rule.
-     */
-    return 1;
-}
-
-static int apply_rewrite_cond(request_rec *r, rewritecond_entry *p,
-                              char *perdir, backrefinfo *briRR,
-                              backrefinfo *briRC)
-{
-    char input[MAX_STRING_LEN];
-    struct stat sb;
-    request_rec *rsub;
-    regmatch_t regmatch[AP_MAX_REG_MATCH];
-    int rc;
-
-    /*
-     *   Construct the string we match against
-     */
-
-    do_expand(r, p->input, input, sizeof(input), briRR, briRC);
-
-    /*
-     *   Apply the patterns
-     */
-
-    rc = 0;
-    if (strcmp(p->pattern, "-f") == 0) {
-        if (stat(input, &sb) == 0) {
-            if (S_ISREG(sb.st_mode)) {
-                rc = 1;
-            }
-        }
-    }
-    else if (strcmp(p->pattern, "-s") == 0) {
-        if (stat(input, &sb) == 0) {
-            if (S_ISREG(sb.st_mode) && sb.st_size > 0) {
-                rc = 1;
-            }
-        }
-    }
-    else if (strcmp(p->pattern, "-l") == 0) {
-        if (lstat(input, &sb) == 0) {
-            if (S_ISLNK(sb.st_mode)) {
-                rc = 1;
-            }
-        }
-    }
-    else if (strcmp(p->pattern, "-d") == 0) {
-        if (stat(input, &sb) == 0) {
-            if (S_ISDIR(sb.st_mode)) {
-                rc = 1;
-            }
-        }
-    }
-    else if (strcmp(p->pattern, "-U") == 0) {
-        /* avoid infinite subrequest recursion */
-        if (strlen(input) > 0 && subreq_ok(r)) {
-
-            /* run a URI-based subrequest */
-            rsub = ap_sub_req_lookup_uri(input, r);
-
-            /* URI exists for any result up to 3xx, redirects allowed */
-            if (rsub->status < 400)
-                rc = 1;
-
-            /* log it */
-            rewritelog(r, 5, "RewriteCond URI (-U) check: "
-                       "path=%s -> status=%d", input, rsub->status);
-
-            /* cleanup by destroying the subrequest */
-            ap_destroy_sub_req(rsub);
-        }
-    }
-    else if (strcmp(p->pattern, "-F") == 0) {
-        /* avoid infinite subrequest recursion */
-        if (strlen(input) > 0 && subreq_ok(r)) {
-
-            /* process a file-based subrequest:
-             * this differs from -U in that no path translation is done.
-             */
-            rsub = ap_sub_req_lookup_file(input, r);
-
-            /* file exists for any result up to 2xx, no redirects */
-            if (rsub->status < 300 &&
-                /* double-check that file exists since default result is 200 */
-                stat(rsub->filename, &sb) == 0) {
-                rc = 1;
-            }
-
-            /* log it */
-            rewritelog(r, 5, "RewriteCond file (-F) check: path=%s "
-                       "-> file=%s status=%d", input, rsub->filename, 
-                       rsub->status);
-
-            /* cleanup by destroying the subrequest */
-            ap_destroy_sub_req(rsub);
-        }
-    }
-    else if (strlen(p->pattern) > 1 && *(p->pattern) == '>') {
-        rc = (compare_lexicography(input, p->pattern+1) == 1 ? 1 : 0);
-    }
-    else if (strlen(p->pattern) > 1 && *(p->pattern) == '<') {
-        rc = (compare_lexicography(input, p->pattern+1) == -1 ? 1 : 0);
-    }
-    else if (strlen(p->pattern) > 1 && *(p->pattern) == '=') {
-        if (strcmp(p->pattern+1, "\"\"") == 0) {
-            rc = (*input == '\0');
-        }
-        else {
-            rc = (strcmp(input, p->pattern+1) == 0 ? 1 : 0);
-        }
-    }
-    else {
-        /* it is really a regexp pattern, so apply it */
-        rc = (ap_regexec(p->regexp, input, AP_MAX_REG_MATCH, regmatch,0) == 0);
-
-        /* if it isn't a negated pattern and really matched
-           we update the passed-through regex subst info structure */
-        if (rc && !(p->flags & CONDFLAG_NOTMATCH)) {
-            briRC->source = ap_pstrdup(r->pool, input);
-            briRC->nsub   = p->regexp->re_nsub;
-            memcpy((void *)(briRC->regmatch), (void *)(regmatch),
-                   sizeof(regmatch));
-        }
-    }
-
-    /* if this is a non-matching regexp, just negate the result */
-    if (p->flags & CONDFLAG_NOTMATCH) {
-        rc = !rc;
-    }
-
-    rewritelog(r, 4, "RewriteCond: input='%s' pattern='%s%s' => %s",
-               input, (p->flags & CONDFLAG_NOTMATCH ? "!" : ""),
-               p->pattern, rc ? "matched" : "not-matched");
-
-    /* end just return the result */
-    return rc;
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |              URL transformation functions
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-/*
-**
-**  perform all the expansions on the input string
-**  leaving the result in the supplied buffer
-**
-*/
-
-static void do_expand(request_rec *r, char *input, char *buffer, int nbuf,
-		       backrefinfo *briRR, backrefinfo *briRC)
-{
-    char *inp, *outp;
-    size_t span, space;
-
-    /*
-     * for security reasons this expansion must be perfomed in a
-     * single pass, otherwise an attacker can arrange for the result
-     * of an earlier expansion to include expansion specifiers that
-     * are interpreted by a later expansion, producing results that
-     * were not intended by the administrator.
-     */
-
-    inp = input;
-    outp = buffer;
-    space = nbuf - 1; /* room for '\0' */
-
-    for (;;) {
-	span = strcspn(inp, "\\$%");
-	if (span > space) {
-	    span = space;
-	}
-	memcpy(outp, inp, span);
-	inp += span;
-	outp += span;
-	space -= span;
-	if (space == 0 || *inp == '\0') {
-	    break;
-	}
-	/* now we have a '\', '$', or '%' */
-        if (inp[0] == '\\') {
-            if (inp[1] != '\0') {
-                inp++;
-                goto skip;
-            }
-        }
-	else if (inp[1] == '{') {
-	    char *endp;
-	    endp = find_closing_bracket(inp+2, '{', '}');
-	    if (endp == NULL) {
-		goto skip;
-	    }
-	    /*
-	     * These lookups may be recursive in a very convoluted
-	     * fashion -- see the LA-U and LA-F variable expansion
-	     * prefixes -- so we copy lookup keys to a separate buffer
-	     * rather than adding zero bytes in order to use them in
-	     * place.
-	     */
-	    if (inp[0] == '$') {
-		/* ${...} map lookup expansion */
-		/*
-		 * To make rewrite maps useful the lookup key and
-		 * default values must be expanded, so we make
-		 * recursive calls to do the work. For security
-		 * reasons we must never expand a string that includes
-		 * verbatim data from the network. The recursion here
-		 * isn't a problem because the result of expansion is
-		 * only passed to lookup_map() so it cannot be
-		 * re-expanded, only re-looked-up. Another way of
-		 * looking at it is that the recursion is entirely
-		 * driven by the syntax of the nested curly brackets.
-		 */
-		char *map, *key, *dflt, *result;
-		char xkey[MAX_STRING_LEN];
-		char xdflt[MAX_STRING_LEN];
-		key = find_char_in_brackets(inp+2, ':', '{', '}');
-		if (key == NULL) {
-		    goto skip;
-                }
-		map  = ap_pstrndup(r->pool, inp+2, key-inp-2);
-		dflt = find_char_in_brackets(key+1, '|', '{', '}');
-		if (dflt == NULL) {
-		    key  = ap_pstrndup(r->pool, key+1, endp-key-1);
-		    dflt = "";
-		}
-                else {
-		    key  = ap_pstrndup(r->pool, key+1, dflt-key-1);
-		    dflt = ap_pstrndup(r->pool, dflt+1, endp-dflt-1);
-		}
-		do_expand(r, key,  xkey,  sizeof(xkey),  briRR, briRC);
-		result = lookup_map(r, map, xkey);
-		if (result) {
-		    span = ap_cpystrn(outp, result, space) - outp;
-		} else {
-		    do_expand(r, dflt, xdflt, sizeof(xdflt), briRR, briRC);
-		    span = ap_cpystrn(outp, xdflt, space) - outp;
-		}
-	    }
-	    else if (inp[0] == '%') {
-		/* %{...} variable lookup expansion */
-		char *var;
-		var  = ap_pstrndup(r->pool, inp+2, endp-inp-2);
-		span = ap_cpystrn(outp, lookup_variable(r, var), space) - outp;
-	    }
-	    else {
-		span = 0;
-	    }
-	    inp = endp+1;
-	    outp += span;
-	    space -= span;
-	    continue;
-	}
-	else if (ap_isdigit(inp[1])) {
-	    int n = inp[1] - '0';
-	    backrefinfo *bri = NULL;
-	    if (inp[0] == '$') {
-		/* $N RewriteRule regexp backref expansion */
-		bri = briRR;
-	    }
-	    else if (inp[0] == '%') {
-		/* %N RewriteCond regexp backref expansion */
-		bri = briRC;
-	    }
-	    /* see ap_pregsub() in src/main/util.c */
-            if (bri && n < AP_MAX_REG_MATCH &&
-		bri->regmatch[n].rm_eo > bri->regmatch[n].rm_so) {
-		span = bri->regmatch[n].rm_eo - bri->regmatch[n].rm_so;
-		if (span > space) {
-		    span = space;
-		}
-		memcpy(outp, bri->source + bri->regmatch[n].rm_so, span);
-		outp += span;
-		space -= span;
-	    }
-	    inp += 2;
-	    continue;
-	}
-    skip:
-	*outp++ = *inp++;
-	space--;
-    }
-    *outp++ = '\0';
-}
-
-
-/*
-**
-**  perform all the expansions on the environment variables
-**
-*/
-
-static void do_expand_env(request_rec *r, char *env[],
-			  backrefinfo *briRR, backrefinfo *briRC)
-{
-    int i;
-    char buf[MAX_STRING_LEN];
-
-    for (i = 0; env[i] != NULL; i++) {
-	do_expand(r, env[i], buf, sizeof(buf), briRR, briRC);
-	add_env_variable(r, buf);
-    }
-}
-
-
-/*
-**
-**  split out a QUERY_STRING part from
-**  the current URI string
-**
-*/
-
-static void splitout_queryargs(request_rec *r, int qsappend)
-{
-    char *q;
-    char *olduri;
-
-    /* don't touch, unless it's an http or mailto URL.
-     * See RFC 1738 and RFC 2368.
-     */
-    if (   is_absolute_uri(r->filename)
-        && strncasecmp(r->filename, "http", 4)
-        && strncasecmp(r->filename, "mailto", 6)) {
-        r->args = NULL; /* forget the query that's still flying around */
-        return;
-    }
-
-    q = strchr(r->filename, '?');
-    if (q != NULL) {
-        olduri = ap_pstrdup(r->pool, r->filename);
-        *q++ = '\0';
-        if (qsappend) {
-            r->args = ap_pstrcat(r->pool, q, "&", r->args, NULL);
-        }
-        else {
-            r->args = ap_pstrdup(r->pool, q);
-        }
-        if (strlen(r->args) == 0) {
-            r->args = NULL;
-            rewritelog(r, 3, "split uri=%s -> uri=%s, args=<none>", olduri,
-                       r->filename);
-        }
-        else {
-            if (r->args[strlen(r->args)-1] == '&') {
-                r->args[strlen(r->args)-1] = '\0';
-            }
-            rewritelog(r, 3, "split uri=%s -> uri=%s, args=%s", olduri,
-                       r->filename, r->args);
-        }
-    }
-
-    return;
-}
-
-
-/*
-**
-**  strip 'http[s]://ourhost/' from URI
-**
-*/
-
-static void reduce_uri(request_rec *r)
-{
-    char *cp;
-    unsigned short port;
-    char *portp;
-    char *hostp;
-    char *url;
-    char c;
-    char host[LONG_STRING_LEN];
-    char buf[MAX_STRING_LEN];
-    char *olduri;
-    int l;
-
-    cp = ap_http_method(r);
-    l  = strlen(cp);
-    if (   (int)strlen(r->filename) > l+3 
-        && strncasecmp(r->filename, cp, l) == 0
-        && r->filename[l]   == ':'
-        && r->filename[l+1] == '/'
-        && r->filename[l+2] == '/'             ) {
-        /* there was really a rewrite to a remote path */
-
-        olduri = ap_pstrdup(r->pool, r->filename); /* save for logging */
-
-        /* cut the hostname and port out of the URI */
-        ap_cpystrn(buf, r->filename+(l+3), sizeof(buf));
-        hostp = buf;
-        for (cp = hostp; *cp != '\0' && *cp != '/' && *cp != ':'; cp++)
-            ;
-        if (*cp == ':') {
-            /* set host */
-            *cp++ = '\0';
-            ap_cpystrn(host, hostp, sizeof(host));
-            /* set port */
-            portp = cp;
-            for (; *cp != '\0' && *cp != '/'; cp++)
-                ;
-            c = *cp;
-            *cp = '\0';
-            port = atoi(portp);
-            *cp = c;
-            /* set remaining url */
-            url = cp;
-        }
-        else if (*cp == '/') {
-            /* set host */
-            *cp = '\0';
-            ap_cpystrn(host, hostp, sizeof(host));
-            *cp = '/';
-            /* set port */
-            port = ap_default_port(r);
-            /* set remaining url */
-            url = cp;
-        }
-        else {
-            /* set host */
-            ap_cpystrn(host, hostp, sizeof(host));
-            /* set port */
-            port = ap_default_port(r);
-            /* set remaining url */
-            url = "/";
-        }
-
-        /* now check whether we could reduce it to a local path... */
-        if (ap_matches_request_vhost(r, host, port)) {
-            /* this is our host, so only the URL remains */
-            r->filename = ap_pstrdup(r->pool, url);
-            rewritelog(r, 3, "reduce %s -> %s", olduri, r->filename);
-        }
-    }
-    return;
-}
-
-
-/*
-**
-**  add 'http[s]://ourhost[:ourport]/' to URI
-**  if URI is still not fully qualified
-**
-*/
-
-static void fully_qualify_uri(request_rec *r)
-{
-    char buf[32];
-    const char *thisserver;
-    char *thisport;
-    int port;
-
-    if (!is_absolute_uri(r->filename)) {
-
-        thisserver = ap_get_server_name(r);
-        port = ap_get_server_port(r);
-        if (ap_is_default_port(port,r)) {
-            thisport = "";
-        }
-        else {
-            ap_snprintf(buf, sizeof(buf), ":%u", port);
-            thisport = buf;
-        }
-
-        if (r->filename[0] == '/') {
-            r->filename = ap_psprintf(r->pool, "%s://%s%s%s",
-                                      ap_http_method(r), thisserver,
-                                      thisport, r->filename);
-        }
-        else {
-            r->filename = ap_psprintf(r->pool, "%s://%s%s/%s",
-                                      ap_http_method(r), thisserver,
-                                      thisport, r->filename);
-        }
-    }
-    return;
-}
-
-
-/* return number of chars of the scheme (incl. '://')
- * if the URI is absolute (includes a scheme etc.)
- * otherwise 0.
- *
- * NOTE: If you add new schemes here, please have a
- *       look at escape_absolute_uri and splitout_queryargs.
- *       Not every scheme takes query strings and some schemes
- *       may be handled in a special way.
- *
- * XXX: we should consider a scheme registry, perhaps with
- *      appropriate escape callbacks to allow other modules
- *      to extend mod_rewrite at runtime.
- */
-static unsigned is_absolute_uri(char *uri)
-{
-    /* fast exit */
-    if (*uri == '/' || strlen(uri) <= 5) {
-        return 0;
-    }
-
-    switch (*uri++) {
-    case 'f':
-    case 'F':
-        if (!strncasecmp(uri, "tp://", 5)) {        /* ftp://    */
-            return 6;
-        }
-        break;
-
-    case 'g':
-    case 'G':
-        if (!strncasecmp(uri, "opher://", 8)) {     /* gopher:// */
-            return 9;
-        }
-        break;
-
-    case 'h':
-    case 'H':
-        if (!strncasecmp(uri, "ttp://", 6)) {       /* http://   */
-            return 7;
-        }
-        else if (!strncasecmp(uri, "ttps://", 7)) { /* https://  */
-            return 8;
-        }
-        break;
-
-    case 'l':
-    case 'L':
-        if (!strncasecmp(uri, "dap://", 6)) {       /* ldap://   */
-            return 7;
-        }
-        break;
-
-    case 'm':
-    case 'M':
-        if (!strncasecmp(uri, "ailto:", 6)) {       /* mailto:   */
-            return 7;
-        }
-        break;
-
-    case 'n':
-    case 'N':
-        if (!strncasecmp(uri, "ews:", 4)) {         /* news:     */
-            return 5;
-        }
-        else if (!strncasecmp(uri, "ntp://", 6)) {  /* nntp://   */
-            return 7;
-        }
-        break;
-    }
-
-    return 0;
-}
-
-
-/* escape absolute uri, which may or may not be path oriented.
- * So let's handle them differently.
- */
-static char *escape_absolute_uri(ap_pool *p, char *uri, unsigned scheme)
-{
-    char *cp;
-
-    /* be safe.
-     * NULL should indicate elsewhere, that something's wrong
-     */
-    if (!scheme || strlen(uri) < scheme) {
-        return NULL;
-    }
-
-    cp = uri + scheme;
-
-    /* scheme with authority part? */
-    if (cp[-1] == '/') {
-        /* skip host part */
-        while (*cp && *cp != '/') {
-            ++cp;
-        }
-
-        /* nothing after the hostpart. ready! */
-        if (!*cp || !*++cp) {
-            return ap_pstrdup(p, uri);
-        }
-
-        /* remember the hostname stuff */
-        scheme = cp - uri;
-
-        /* special thing for ldap.
-         * The parts are separated by question marks. From RFC 2255:
-         *     ldapurl = scheme "://" [hostport] ["/"
-         *               [dn ["?" [attributes] ["?" [scope]
-         *               ["?" [filter] ["?" extensions]]]]]]
-         */
-        if (!strncasecmp(uri, "ldap", 4)) {
-            char *token[5];
-            int c = 0;
-
-            token[0] = cp = ap_pstrdup(p, cp);
-            while (*cp && c < 4) {
-                if (*cp == '?') {
-                    token[++c] = cp + 1;
-                    *cp = '\0';
-                }
-                ++cp;
-            }
-
-            return ap_pstrcat(p, ap_pstrndup(p, uri, scheme),
-                                         ap_escape_uri(p, token[0]),
-                              (c >= 1) ? "?" : NULL,
-                              (c >= 1) ? ap_escape_uri(p, token[1]) : NULL,
-                              (c >= 2) ? "?" : NULL,
-                              (c >= 2) ? ap_escape_uri(p, token[2]) : NULL,
-                              (c >= 3) ? "?" : NULL,
-                              (c >= 3) ? ap_escape_uri(p, token[3]) : NULL,
-                              (c >= 4) ? "?" : NULL,
-                              (c >= 4) ? ap_escape_uri(p, token[4]) : NULL,
-                              NULL);
-        }
-    }
-
-    /* Nothing special here. Apply normal escaping. */
-    return ap_pstrcat(p, ap_pstrndup(p, uri, scheme),
-                      ap_escape_uri(p, cp), NULL);
-}
-
-/*
-**
-**  Expand tilde-paths (/~user) through
-**  Unix /etc/passwd database information
-**
-*/
-static char *expand_tildepaths(request_rec *r, char *uri)
-{
-    char user[LONG_STRING_LEN];
-    struct passwd *pw;
-    char *newuri;
-    int i, j;
-
-    newuri = uri;
-    if (uri != NULL && strlen(uri) > 2 && uri[0] == '/' && uri[1] == '~') {
-        /* cut out the username */
-        for (j = 0, i = 2; j < sizeof(user)-1
-               && uri[i] != '\0'
-               && uri[i] != '/'  ; ) {
-            user[j++] = uri[i++];
-        }
-        user[j] = '\0';
-
-        /* lookup username in systems passwd file */
-        if ((pw = getpwnam(user)) != NULL) {
-            /* ok, user was found, so expand the ~user string */
-            if (uri[i] != '\0') {
-                /* ~user/anything...  has to be expanded */
-                if (pw->pw_dir[strlen(pw->pw_dir)-1] == '/') {
-                    pw->pw_dir[strlen(pw->pw_dir)-1] = '\0';
-                }
-                newuri = ap_pstrcat(r->pool, pw->pw_dir, uri+i, NULL);
-            }
-            else {
-                /* only ~user has to be expanded */
-                newuri = ap_pstrdup(r->pool, pw->pw_dir);
-            }
-        }
-    }
-    return newuri;
-}
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |              DBM hashfile support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-static char *lookup_map(request_rec *r, char *name, char *key)
-{
-    void *sconf;
-    rewrite_server_conf *conf;
-    array_header *rewritemaps;
-    rewritemap_entry *entries;
-    rewritemap_entry *s;
-    char *value;
-    struct stat st;
-    int i;
-
-    /* get map configuration */
-    sconf = r->server->module_config;
-    conf  = (rewrite_server_conf *)ap_get_module_config(sconf, 
-                                                        &rewrite_module);
-    rewritemaps = conf->rewritemaps;
-
-    entries = (rewritemap_entry *)rewritemaps->elts;
-    for (i = 0; i < rewritemaps->nelts; i++) {
-        s = &entries[i];
-        if (strcmp(s->name, name) == 0) {
-            if (s->type == MAPTYPE_TXT) {
-                if (stat(s->checkfile, &st) == -1) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                                 "mod_rewrite: can't access text RewriteMap "
-                                 "file %s", s->checkfile);
-                    rewritelog(r, 1, "can't open RewriteMap file, "
-                               "see error log");
-                    return NULL;
-                }
-                value = get_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key);
-                if (value == NULL) {
-                    rewritelog(r, 6, "cache lookup FAILED, forcing new "
-                               "map lookup");
-                    if ((value =
-                         lookup_map_txtfile(r, s->datafile, key)) != NULL) {
-                        rewritelog(r, 5, "map lookup OK: map=%s key=%s[txt] "
-                                   "-> val=%s", s->name, key, value);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, value);
-                        return value;
-                    }
-                    else {
-                        rewritelog(r, 5, "map lookup FAILED: map=%s[txt] "
-                                   "key=%s", s->name, key);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, "");
-                        return NULL;
-                    }
-                }
-                else {
-                    rewritelog(r, 5, "cache lookup OK: map=%s[txt] key=%s "
-                               "-> val=%s", s->name, key, value);
-                    return value[0] != '\0' ? value : NULL;
-                }
-            }
-            else if (s->type == MAPTYPE_DBM) {
-                if (stat(s->checkfile, &st) == -1) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                                 "mod_rewrite: can't access DBM RewriteMap "
-                                 "file %s", s->checkfile);
-                    rewritelog(r, 1, "can't open DBM RewriteMap file, "
-                               "see error log");
-                    return NULL;
-                }
-                value = get_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key);
-                if (value == NULL) {
-                    rewritelog(r, 6,
-                               "cache lookup FAILED, forcing new map lookup");
-                    if ((value =
-                         lookup_map_dbmfile(r, s->datafile, key)) != NULL) {
-                        rewritelog(r, 5, "map lookup OK: map=%s[dbm] key=%s "
-                                   "-> val=%s", s->name, key, value);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, value);
-                        return value;
-                    }
-                    else {
-                        rewritelog(r, 5, "map lookup FAILED: map=%s[dbm] "
-                                   "key=%s", s->name, key);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, "");
-                        return NULL;
-                    }
-                }
-                else {
-                    rewritelog(r, 5, "cache lookup OK: map=%s[dbm] key=%s "
-                               "-> val=%s", s->name, key, value);
-                    return value[0] != '\0' ? value : NULL;
-                }
-            }
-            else if (s->type == MAPTYPE_PRG) {
-                if ((value =
-                     lookup_map_program(r, s->fpin, s->fpout, key)) != NULL) {
-                    rewritelog(r, 5, "map lookup OK: map=%s key=%s -> val=%s",
-                               s->name, key, value);
-                    return value;
-                }
-                else {
-                    rewritelog(r, 5, "map lookup FAILED: map=%s key=%s",
-                               s->name, key);
-                }
-            }
-            else if (s->type == MAPTYPE_INT) {
-                if ((value = lookup_map_internal(r, s->func, key)) != NULL) {
-                    rewritelog(r, 5, "map lookup OK: map=%s key=%s -> val=%s",
-                               s->name, key, value);
-                    return value;
-                }
-                else {
-                    rewritelog(r, 5, "map lookup FAILED: map=%s key=%s",
-                               s->name, key);
-                }
-            }
-            else if (s->type == MAPTYPE_RND) {
-                if (stat(s->checkfile, &st) == -1) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                                 "mod_rewrite: can't access text RewriteMap "
-                                 "file %s", s->checkfile);
-                    rewritelog(r, 1, "can't open RewriteMap file, "
-                               "see error log");
-                    return NULL;
-                }
-                value = get_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key);
-                if (value == NULL) {
-                    rewritelog(r, 6, "cache lookup FAILED, forcing new "
-                               "map lookup");
-                    if ((value =
-                         lookup_map_txtfile(r, s->datafile, key)) != NULL) {
-                        rewritelog(r, 5, "map lookup OK: map=%s key=%s[txt] "
-                                   "-> val=%s", s->name, key, value);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, value);
-                    }
-                    else {
-                        rewritelog(r, 5, "map lookup FAILED: map=%s[txt] "
-                                   "key=%s", s->name, key);
-                        set_cache_string(cachep, s->name, CACHEMODE_TS,
-                                         st.st_mtime, key, "");
-                        return NULL;
-                    }
-                }
-                else {
-                    rewritelog(r, 5, "cache lookup OK: map=%s[txt] key=%s "
-                               "-> val=%s", s->name, key, value);
-                }
-                if (value[0] != '\0') {
-                   value = select_random_value_part(r, value);
-                   rewritelog(r, 5, "randomly choosen the subvalue `%s'", value);
-                }
-                else {
-                    value = NULL;
-                }
-                return value;
-            }
-        }
-    }
-    return NULL;
-}
-
-static char *lookup_map_txtfile(request_rec *r, char *file, char *key)
-{
-    FILE *fp = NULL;
-    char line[1024];
-    char *value = NULL;
-    char *cpT;
-    size_t skip;
-    char *curkey;
-    char *curval;
-
-    if ((fp = ap_pfopen(r->pool, file, "r")) == NULL) {
-       return NULL;
-    }
-
-    while (fgets(line, sizeof(line), fp) != NULL) {
-        if (line[0] == '#')
-            continue; /* ignore comments */
-        cpT = line;
-        curkey = cpT;
-        skip = strcspn(cpT," \t\r\n");
-        if (skip == 0)
-            continue; /* ignore lines that start with a space, tab, CR, or LF */
-        cpT += skip;
-        *cpT = '\0';
-        if (strcmp(curkey, key) != 0)
-            continue; /* key does not match... */
-            
-        /* found a matching key; now extract and return the value */
-        ++cpT;
-        skip = strspn(cpT, " \t\r\n");
-        cpT += skip;
-        curval = cpT;
-        skip = strcspn(cpT, " \t\r\n");
-        if (skip == 0)
-            continue; /* no value... */
-        cpT += skip;
-        *cpT = '\0';
-        value = ap_pstrdup(r->pool, curval);
-        break;
-    }
-    ap_pfclose(r->pool, fp);
-    return value;
-}
-
-static char *lookup_map_dbmfile(request_rec *r, char *file, char *key)
-{
-    DBM *dbmfp = NULL;
-    datum dbmkey;
-    datum dbmval;
-    char *value = NULL;
-    char buf[MAX_STRING_LEN];
-    size_t len;
-
-    dbmkey.dptr  = key;
-    dbmkey.dsize = strlen(key);
-    if ((dbmfp = dbm_open(file, O_RDONLY, 0666)) != NULL) {
-        dbmval = dbm_fetch(dbmfp, dbmkey);
-        if (dbmval.dptr != NULL) {
-            len = dbmval.dsize < sizeof(buf)-1 ? 
-                  dbmval.dsize : sizeof(buf)-1;
-            memcpy(buf, dbmval.dptr, len);
-            buf[len] = '\0';
-            value = ap_pstrdup(r->pool, buf);
-        }
-        dbm_close(dbmfp);
-    }
-    return value;
-}
-
-static char *lookup_map_program(request_rec *r, int fpin, int fpout, char *key)
-{
-    char buf[LONG_STRING_LEN];
-    char c;
-    int i;
-    struct iovec iov[2];
-
-    /* when `RewriteEngine off' was used in the per-server
-     * context then the rewritemap-programs were not spawned.
-     * In this case using such a map (usually in per-dir context)
-     * is useless because it is not available.
-     */
-    if (fpin == -1 || fpout == -1) {
-        return NULL;
-    }
-
-    /* take the lock */
-    rewritelock_alloc(r);
-
-    /* write out the request key */
-    iov[0].iov_base = key;
-    iov[0].iov_len = strlen(key);
-    iov[1].iov_base = "\n";
-    iov[1].iov_len = 1;
-    writev(fpin, iov, 2);
-
-    /* read in the response value */
-    i = 0;
-    while (read(fpout, &c, 1) == 1 && (i < LONG_STRING_LEN-1)) {
-        if (c == '\n') {
-            break;
-        }
-        buf[i++] = c;
-    }
-    buf[i] = '\0';
-
-    /* give the lock back */
-    rewritelock_free(r);
-
-    if (strcasecmp(buf, "NULL") == 0) {
-        return NULL;
-    }
-    else {
-        return ap_pstrdup(r->pool, buf);
-    }
-}
-
-static char *lookup_map_internal(request_rec *r,
-                                 char *(*func)(request_rec *, char *),
-                                 char *key)
-{
-    /* currently we just let the function convert
-       the key to a corresponding value */
-    return func(r, key);
-}
-
-static char *rewrite_mapfunc_toupper(request_rec *r, char *key)
-{
-    char *value, *cp;
-
-    for (cp = value = ap_pstrdup(r->pool, key); cp != NULL && *cp != '\0';
-         cp++) {
-        *cp = ap_toupper(*cp);
-    }
-    return value;
-}
-
-static char *rewrite_mapfunc_tolower(request_rec *r, char *key)
-{
-    char *value, *cp;
-
-    for (cp = value = ap_pstrdup(r->pool, key); cp != NULL && *cp != '\0';
-         cp++) {
-        *cp = ap_tolower(*cp);
-    }
-    return value;
-}
-
-static char *rewrite_mapfunc_escape(request_rec *r, char *key)
-{
-    char *value;
-
-    value = ap_escape_uri(r->pool, key);
-    return value;
-}
-
-static char *rewrite_mapfunc_unescape(request_rec *r, char *key)
-{
-    char *value;
-
-    value = ap_pstrdup(r->pool, key);
-    ap_unescape_url(value);
-    return value;
-}
-
-static int rewrite_rand(int l, int h)
-{
-    return arc4random_uniform(1 + h - l) + l;
-}
-
-static char *select_random_value_part(request_rec *r, char *value)
-{
-    char *buf;
-    int n, i, k;
-
-    /*  count number of distinct values  */
-    for (n = 1, i = 0; value[i] != '\0'; i++) {
-        if (value[i] == '|') {
-            n++;
-        }
-    }
-
-    /*  when only one value we have no option to choose  */
-    if (n == 1) {
-        return value;
-    }
-
-    /*  else randomly select one  */
-    k = rewrite_rand(1, n);
-
-    /*  and grep it out  */
-    for (n = 1, i = 0; value[i] != '\0'; i++) {
-        if (n == k) {
-            break;
-        }
-        if (value[i] == '|') {
-            n++;
-        }
-    }
-    buf = ap_pstrdup(r->pool, &value[i]);
-    for (i = 0; buf[i] != '\0' && buf[i] != '|'; i++)
-        ;
-    buf[i] = '\0';
-    return buf;
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |              rewriting logfile support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-static void open_rewritelog(server_rec *s, pool *p)
-{
-    rewrite_server_conf *conf;
-    char *fname;
-    piped_log *pl;
-    int    rewritelog_flags = ( O_WRONLY|O_APPEND|O_CREAT );
-    mode_t rewritelog_mode  = ( S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH );
-
-    conf = ap_get_module_config(s->module_config, &rewrite_module);
-
-    if (conf->rewritelogfile == NULL) {
-        return;
-    }
-    if (*(conf->rewritelogfile) == '\0') {
-        return;
-    }
-    if (conf->rewritelogfp > 0) {
-        return; /* virtual log shared w/ main server */
-    }
-
-    fname = ap_server_root_relative(p, conf->rewritelogfile);
-
-    if (*conf->rewritelogfile == '|') {
-        if ((pl = ap_open_piped_log(p, conf->rewritelogfile+1)) == NULL) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s, 
-                         "mod_rewrite: could not open reliable pipe "
-                         "to RewriteLog filter %s", conf->rewritelogfile+1);
-            exit(1);
-        }
-        conf->rewritelogfp = ap_piped_log_write_fd(pl);
-    }
-    else if (*conf->rewritelogfile != '\0') {
-	if (ap_server_chroot_desired()) {
-		conf->rewritelogfp = fdcache_open(fname, rewritelog_flags,
-		    rewritelog_mode);
-	} else {
-		conf->rewritelogfp = ap_popenf_ex(p, fname, rewritelog_flags,
-		    rewritelog_mode, 1);
-	}
-        if (conf->rewritelogfp < 0) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s, 
-
-                         "mod_rewrite: could not open RewriteLog "
-                         "file %s", fname);
-            exit(1);
-        }
-    }
-    return;
-}
-
-static void rewritelog(request_rec *r, int level, const char *text, ...)
-{
-    rewrite_server_conf *conf;
-    conn_rec *conn;
-    char *str1;
-    char str2[512];
-    char str3[1024];
-    char type[20];
-    char redir[20];
-    va_list ap;
-    int i;
-    request_rec *req;
-    char *ruser;
-    const char *rhost;
-
-    va_start(ap, text);
-    conf = ap_get_module_config(r->server->module_config, &rewrite_module);
-    conn = r->connection;
-
-    if (conf->rewritelogfp < 0) {
-        return;
-    }
-    if (conf->rewritelogfile == NULL) {
-        return;
-    }
-    if (*(conf->rewritelogfile) == '\0') {
-        return;
-    }
-
-    if (level > conf->rewriteloglevel) {
-        return;
-    }
-
-    if (conn->user == NULL) {
-        ruser = "-";
-    }
-    else if (strlen(conn->user) != 0) {
-        ruser = conn->user;
-    }
-    else {
-        ruser = "\"\"";
-    }
-
-    rhost = ap_get_remote_host(conn, r->server->module_config, 
-                               REMOTE_NOLOOKUP);
-    if (rhost == NULL) {
-        rhost = "UNKNOWN-HOST";
-    }
-
-    str1 = ap_pstrcat(r->pool, rhost, " ",
-                      (conn->remote_logname != NULL ?
-                      conn->remote_logname : "-"), " ",
-                      ruser, NULL);
-    ap_vsnprintf(str2, sizeof(str2), text, ap);
-
-    if (r->main == NULL) {
-        strlcpy(type, "initial", sizeof(type));
-    }
-    else {
-        strlcpy(type, "subreq", sizeof(type));
-    }
-
-    for (i = 0, req = r; req->prev != NULL; req = req->prev) {
-        i++;
-    }
-    if (i == 0) {
-        redir[0] = '\0';
-    }
-    else {
-        ap_snprintf(redir, sizeof(redir), "/redir#%d", i);
-    }
-
-    ap_snprintf(str3, sizeof(str3),
-                "%s %s [%s/sid#%lx][rid#%lx/%s%s] (%d) %s\n", str1,
-                current_logtime(r), ap_get_server_name(r),
-                (unsigned long)(r->server), (unsigned long)r,
-                type, redir, level, str2);
-
-    fd_lock(r, conf->rewritelogfp);
-    write(conf->rewritelogfp, str3, strlen(str3));
-    fd_unlock(r, conf->rewritelogfp);
-
-    va_end(ap);
-    return;
-}
-
-static char *current_logtime(request_rec *r)
-{
-    int timz;
-    struct tm *t;
-    char tstr[80];
-    char sign;
-
-    t = ap_get_gmtoff(&timz);
-    sign = (timz < 0 ? '-' : '+');
-    if (timz < 0) {
-        timz = -timz;
-    }
-
-    strftime(tstr, 80, "[%d/%b/%Y:%H:%M:%S ", t);
-    ap_snprintf(tstr + strlen(tstr), 80-strlen(tstr), "%c%.2d%.2d]",
-                sign, timz/60, timz%60);
-    return ap_pstrdup(r->pool, tstr);
-}
-
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |              rewriting lockfile support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-#define REWRITELOCK_MODE ( S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH )
-
-static void rewritelock_create(server_rec *s, pool *p)
-{
-    /* only operate if a lockfile is used */
-    if (lockname == NULL || *(lockname) == '\0') {
-        return;
-    }
-
-    /* fixup the path, especially for rewritelock_remove() */
-    lockname = ap_server_root_relative(p, lockname);
-
-    /* create the lockfile */
-    unlink(lockname);
-    if ((lockfd = ap_popenf_ex(p, lockname, O_WRONLY|O_CREAT,
-                                         REWRITELOCK_MODE, 1)) < 0) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "mod_rewrite: Parent could not create RewriteLock "
-                     "file %s", lockname);
-        exit(1);
-    }
-    /* make sure the childs have access to this file */
-    if (geteuid() == 0 /* is superuser */)
-        chown(lockname, ap_user_id, -1 /* no gid change */);
-
-
-    return;
-}
-
-static void rewritelock_open(server_rec *s, pool *p)
-{
-    /* only operate if a lockfile is used */
-    if (lockname == NULL || *(lockname) == '\0') {
-        return;
-    }
-
-    /* open the lockfile (once per child) to get a unique fd */
-    if ((lockfd = ap_popenf_ex(p, lockname, O_WRONLY,
-                                         REWRITELOCK_MODE, 1)) < 0) {
-        ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                     "mod_rewrite: Child could not open RewriteLock "
-                     "file %s", lockname);
-        exit(1);
-    }
-    return;
-}
-
-static void rewritelock_remove(void *data)
-{
-    /* only operate if a lockfile is used */
-    if (lockname == NULL || *(lockname) == '\0') {
-        return;
-    }
-
-    /* remove the lockfile */
-    unlink(lockname);
-    lockname = NULL;
-    lockfd = -1;
-
-}
-
-static void rewritelock_alloc(request_rec *r)
-{
-    if (lockfd != -1) {
-        fd_lock(r, lockfd);
-    }
-    return;
-}
-
-static void rewritelock_free(request_rec *r)
-{
-    if (lockfd != -1) {
-        fd_unlock(r, lockfd);
-    }
-    return;
-}
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                  program map support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-static void run_rewritemap_programs(server_rec *s, pool *p)
-{
-    rewrite_server_conf *conf;
-    FILE *fpin;
-    FILE *fpout;
-    FILE *fperr;
-    array_header *rewritemaps;
-    rewritemap_entry *entries;
-    rewritemap_entry *map;
-    int i;
-    int rc;
-
-    conf = ap_get_module_config(s->module_config, &rewrite_module);
-
-    /*  If the engine isn't turned on,
-     *  don't even try to do anything.
-     */
-    if (conf->state == ENGINE_DISABLED) {
-        return;
-    }
-
-    rewritemaps = conf->rewritemaps;
-    entries = (rewritemap_entry *)rewritemaps->elts;
-    for (i = 0; i < rewritemaps->nelts; i++) {
-        map = &entries[i];
-        if (map->type != MAPTYPE_PRG) {
-            continue;
-        }
-        if (map->datafile == NULL
-            || *(map->datafile) == '\0'
-            || map->fpin  != -1
-            || map->fpout != -1        ) {
-            continue;
-        }
-        fpin  = NULL;
-        fpout = NULL;
-        rc = ap_spawn_child(p, rewritemap_program_child,
-                            (void *)map->datafile, kill_after_timeout,
-                            &fpin, &fpout, &fperr);
-        if (rc == 0 || fpin == NULL || fpout == NULL) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, s,
-                         "mod_rewrite: could not fork child for "
-                         "RewriteMap process");
-            exit(1);
-        }
-        map->fpin  = fileno(fpin);
-        map->fpout = fileno(fpout);
-        map->fperr = fileno(fperr);
-    }
-    return;
-}
-
-/* child process code */
-static int rewritemap_program_child(void *cmd, child_info *pinfo)
-{
-    int child_pid = 1;
-
-    /*
-     * Prepare for exec
-     */
-    ap_cleanup_for_exec();
-    signal(SIGHUP, SIG_IGN);
-
-    /*
-     * Exec() the child program
-     */
-    /* Standard Unix */
-    execl(SHELL_PATH, SHELL_PATH, "-c", (char *)cmd, (char *)NULL);
-    return(child_pid);
-}
-
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |             environment variable support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-static char *lookup_variable(request_rec *r, char *var)
-{
-    const char *result;
-    char resultbuf[LONG_STRING_LEN];
-    time_t tc;
-    struct tm *tm;
-    request_rec *rsub;
-    struct passwd *pw;
-    struct group *gr;
-    struct stat finfo;
-
-    result = NULL;
-
-    /* HTTP headers */
-    if (strcasecmp(var, "HTTP_USER_AGENT") == 0) {
-        result = lookup_header(r, "User-Agent");
-    }
-    else if (strcasecmp(var, "HTTP_REFERER") == 0) {
-        result = lookup_header(r, "Referer");
-    }
-    else if (strcasecmp(var, "HTTP_COOKIE") == 0) {
-        result = lookup_header(r, "Cookie");
-    }
-    else if (strcasecmp(var, "HTTP_FORWARDED") == 0) {
-        result = lookup_header(r, "Forwarded");
-    }
-    else if (strcasecmp(var, "HTTP_HOST") == 0) {
-        result = lookup_header(r, "Host");
-    }
-    else if (strcasecmp(var, "HTTP_PROXY_CONNECTION") == 0) {
-        result = lookup_header(r, "Proxy-Connection");
-    }
-    else if (strcasecmp(var, "HTTP_ACCEPT") == 0) {
-        result = lookup_header(r, "Accept");
-    }
-    /* all other headers from which we are still not know about */
-    else if (strlen(var) > 5 && strncasecmp(var, "HTTP:", 5) == 0) {
-        result = lookup_header(r, var+5);
-    }
-
-    /* connection stuff */
-    else if (strcasecmp(var, "REMOTE_ADDR") == 0) {
-        result = r->connection->remote_ip;
-    }
-    else if (strcasecmp(var, "REMOTE_HOST") == 0) {
-        result = (char *)ap_get_remote_host(r->connection,
-                                         r->per_dir_config, REMOTE_NAME);
-    }
-    else if (strcasecmp(var, "REMOTE_USER") == 0) {
-        result = r->connection->user;
-    }
-    else if (strcasecmp(var, "REMOTE_IDENT") == 0) {
-        result = (char *)ap_get_remote_logname(r);
-    }
-
-    /* request stuff */
-    else if (strcasecmp(var, "THE_REQUEST") == 0) { /* non-standard */
-        result = r->the_request;
-    }
-    else if (strcasecmp(var, "REQUEST_METHOD") == 0) {
-        result = r->method;
-    }
-    else if (strcasecmp(var, "REQUEST_URI") == 0) { /* non-standard */
-        result = r->uri;
-    }
-    else if (strcasecmp(var, "SCRIPT_FILENAME") == 0 ||
-             strcasecmp(var, "REQUEST_FILENAME") == 0  ) {
-        result = r->filename;
-    }
-    else if (strcasecmp(var, "PATH_INFO") == 0) {
-        result = r->path_info;
-    }
-    else if (strcasecmp(var, "QUERY_STRING") == 0) {
-        result = r->args;
-    }
-    else if (strcasecmp(var, "AUTH_TYPE") == 0) {
-        result = r->connection->ap_auth_type;
-    }
-    else if (strcasecmp(var, "IS_SUBREQ") == 0) { /* non-standard */
-        result = (r->main != NULL ? "true" : "false");
-    }
-
-    /* internal server stuff */
-    else if (strcasecmp(var, "DOCUMENT_ROOT") == 0) {
-        result = ap_document_root(r);
-    }
-    else if (strcasecmp(var, "SERVER_ADMIN") == 0) {
-        result = r->server->server_admin;
-    }
-    else if (strcasecmp(var, "SERVER_NAME") == 0) {
-        result = ap_get_server_name(r);
-    }
-    else if (strcasecmp(var, "SERVER_ADDR") == 0) { /* non-standard */
-        result = r->connection->local_ip;
-    }
-    else if (strcasecmp(var, "SERVER_PORT") == 0) {
-        ap_snprintf(resultbuf, sizeof(resultbuf), "%u", ap_get_server_port(r));
-        result = resultbuf;
-    }
-    else if (strcasecmp(var, "SERVER_PROTOCOL") == 0) {
-        result = r->protocol;
-    }
-    else if (strcasecmp(var, "SERVER_SOFTWARE") == 0) {
-        result = ap_get_server_version();
-    }
-    else if (strcasecmp(var, "API_VERSION") == 0) { /* non-standard */
-        ap_snprintf(resultbuf, sizeof(resultbuf), "%d:%d",
-                    MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR);
-        result = resultbuf;
-    }
-
-    /* underlaying Unix system stuff */
-    else if (strcasecmp(var, "TIME_YEAR") == 0) {
-        tc = time(NULL);
-        tm = localtime(&tc);
-        ap_snprintf(resultbuf, sizeof(resultbuf), "%02d%02d",
-                    (tm->tm_year / 100) + 19, tm->tm_year % 100);
-        result = resultbuf;
-    }
-#define MKTIMESTR(format, tmfield) \
-    tc = time(NULL); \
-    tm = localtime(&tc); \
-    ap_snprintf(resultbuf, sizeof(resultbuf), format, tm->tmfield); \
-    result = resultbuf;
-    else if (strcasecmp(var, "TIME_MON") == 0) {
-        MKTIMESTR("%02d", tm_mon+1)
-    }
-    else if (strcasecmp(var, "TIME_DAY") == 0) {
-        MKTIMESTR("%02d", tm_mday)
-    }
-    else if (strcasecmp(var, "TIME_HOUR") == 0) {
-        MKTIMESTR("%02d", tm_hour)
-    }
-    else if (strcasecmp(var, "TIME_MIN") == 0) {
-        MKTIMESTR("%02d", tm_min)
-    }
-    else if (strcasecmp(var, "TIME_SEC") == 0) {
-        MKTIMESTR("%02d", tm_sec)
-    }
-    else if (strcasecmp(var, "TIME_WDAY") == 0) {
-        MKTIMESTR("%d", tm_wday)
-    }
-    else if (strcasecmp(var, "TIME") == 0) {
-        tc = time(NULL);
-        tm = localtime(&tc);
-        ap_snprintf(resultbuf, sizeof(resultbuf),
-                    "%02d%02d%02d%02d%02d%02d%02d", (tm->tm_year / 100) + 19,
-                    (tm->tm_year % 100), tm->tm_mon+1, tm->tm_mday,
-                    tm->tm_hour, tm->tm_min, tm->tm_sec);
-        result = resultbuf;
-        rewritelog(r, 1, "RESULT='%s'", result);
-    }
-
-    /* all other env-variables from the parent Apache process */
-    else if (strlen(var) > 4 && strncasecmp(var, "ENV:", 4) == 0) {
-        /* first try the internal Apache notes structure */
-        result = ap_table_get(r->notes, var+4);
-        /* second try the internal Apache env structure  */
-        if (result == NULL) {
-            result = ap_table_get(r->subprocess_env, var+4);
-        }
-        /* third try the external OS env */
-        if (result == NULL) {
-            result = getenv(var+4);
-        }
-    }
-
-#define LOOKAHEAD(subrecfunc) \
-        if ( \
-          /* filename is safe to use */ \
-          r->filename != NULL \
-              /* - and we're either not in a subrequest */ \
-              && ( r->main == NULL \
-                  /* - or in a subrequest where paths are non-NULL... */ \
-                    || ( r->main->uri != NULL && r->uri != NULL \
-                        /*   ...and sub and main paths differ */ \
-                        && strcmp(r->main->uri, r->uri) != 0))) { \
-            /* process a file-based subrequest */ \
-            rsub = subrecfunc(r->filename, r); \
-            /* now recursively lookup the variable in the sub_req */ \
-            result = lookup_variable(rsub, var+5); \
-            /* copy it up to our scope before we destroy sub_req's pool */ \
-            result = ap_pstrdup(r->pool, result); \
-            /* cleanup by destroying the subrequest */ \
-            ap_destroy_sub_req(rsub); \
-            /* log it */ \
-            rewritelog(r, 5, "lookahead: path=%s var=%s -> val=%s", \
-                       r->filename, var+5, result); \
-            /* return ourself to prevent re-pstrdup */ \
-            return (char *)result; \
-        }
-
-    /* look-ahead for parameter through URI-based sub-request */
-    else if (strlen(var) > 5 && strncasecmp(var, "LA-U:", 5) == 0) {
-        LOOKAHEAD(ap_sub_req_lookup_uri)
-    }
-    /* look-ahead for parameter through file-based sub-request */
-    else if (strlen(var) > 5 && strncasecmp(var, "LA-F:", 5) == 0) {
-        LOOKAHEAD(ap_sub_req_lookup_file)
-    }
-
-
-    /* file stuff */
-    else if (strcasecmp(var, "SCRIPT_USER") == 0) {
-        result = "<unknown>";
-        if (r->finfo.st_mode != 0) {
-            if ((pw = getpwuid(r->finfo.st_uid)) != NULL) {
-                result = pw->pw_name;
-            }
-        }
-        else {
-            if (stat(r->filename, &finfo) == 0) {
-                if ((pw = getpwuid(finfo.st_uid)) != NULL) {
-                    result = pw->pw_name;
-                }
-            }
-        }
-    }
-    else if (strcasecmp(var, "SCRIPT_GROUP") == 0) {
-        result = "<unknown>";
-        if (r->finfo.st_mode != 0) {
-            if ((gr = getgrgid(r->finfo.st_gid)) != NULL) {
-                result = gr->gr_name;
-            }
-        }
-        else {
-            if (stat(r->filename, &finfo) == 0) {
-                if ((gr = getgrgid(finfo.st_gid)) != NULL) {
-                    result = gr->gr_name;
-                }
-            }
-        }
-    }
-
-    else {
-        ap_hook_use("ap::mod_rewrite::lookup_variable",
-                    AP_HOOK_SIG3(ptr,ptr,ptr), 
-                    AP_HOOK_DECLINE(NULL),
-                    &result, r, var);
-    }
-
-    if (result == NULL) {
-        return ap_pstrdup(r->pool, "");
-    }
-    else {
-        return ap_pstrdup(r->pool, result);
-    }
-}
-
-static char *lookup_header(request_rec *r, const char *name)
-{
-    array_header *hdrs_arr;
-    table_entry *hdrs;
-    int i;
-
-    hdrs_arr = ap_table_elts(r->headers_in);
-    hdrs = (table_entry *)hdrs_arr->elts;
-    for (i = 0; i < hdrs_arr->nelts; ++i) {
-        if (hdrs[i].key == NULL) {
-            continue;
-        }
-        if (strcasecmp(hdrs[i].key, name) == 0) {
-            ap_table_merge(r->notes, VARY_KEY_THIS, name);
-            return hdrs[i].val;
-        }
-    }
-    return NULL;
-}
-
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                    caching support
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-
-static cache *init_cache(pool *p)
-{
-    cache *c;
-
-    c = (cache *)ap_palloc(p, sizeof(cache));
-    c->pool = ap_make_sub_pool(p);
-    c->lists = ap_make_array(c->pool, 2, sizeof(cachelist));
-    return c;
-}
-
-static void set_cache_string(cache *c, char *res, int mode, time_t t,
-                             char *key, char *value)
-{
-    cacheentry ce;
-
-    ce.time  = t;
-    ce.key   = key;
-    ce.value = value;
-    store_cache_string(c, res, &ce);
-    return;
-}
-
-static char *get_cache_string(cache *c, char *res, int mode,
-                              time_t t, char *key)
-{
-    cacheentry *ce;
-
-    ce = retrieve_cache_string(c, res, key);
-    if (ce == NULL) {
-        return NULL;
-    }
-    if (mode & CACHEMODE_TS) {
-        if (t != ce->time) {
-            return NULL;
-        }
-    }
-    else if (mode & CACHEMODE_TTL) {
-        if (t > ce->time) {
-            return NULL;
-        }
-    }
-    return ap_pstrdup(c->pool, ce->value);
-}
-
-static int cache_tlb_hash(char *key)
-{
-    unsigned long n;
-    char *p;
-
-    n = 0;
-    for (p = key; *p != '\0'; p++) {
-        n = ((n << 5) + n) ^ (unsigned long)(*p++);
-    }
-
-    return (int)(n % CACHE_TLB_ROWS);
-}
-
-static cacheentry *cache_tlb_lookup(cachetlbentry *tlb, cacheentry *elt,
-                                    char *key)
-{
-    int ix = cache_tlb_hash(key);
-    int i;
-    int j;
-
-    for (i=0; i < CACHE_TLB_COLS; ++i) {
-        j = tlb[ix].t[i];
-        if (j < 0)
-            return NULL;
-        if (strcmp(elt[j].key, key) == 0)
-            return &elt[j];
-    }
-    return NULL;
-}
-
-static void cache_tlb_replace(cachetlbentry *tlb, cacheentry *elt,
-                              cacheentry *e)
-{
-    int ix = cache_tlb_hash(e->key);
-    int i;
-
-    tlb = &tlb[ix];
-
-    for (i=1; i < CACHE_TLB_COLS; ++i)
-        tlb->t[i] = tlb->t[i-1];
-
-    tlb->t[0] = e - elt;
-}
-
-static void store_cache_string(cache *c, char *res, cacheentry *ce)
-{
-    int i;
-    int j;
-    cachelist *l;
-    cacheentry *e;
-    cachetlbentry *t;
-    int found_list;
-
-    found_list = 0;
-    /* first try to edit an existing entry */
-    for (i = 0; i < c->lists->nelts; i++) {
-        l = &(((cachelist *)c->lists->elts)[i]);
-        if (strcmp(l->resource, res) == 0) {
-            found_list = 1;
-
-            e = cache_tlb_lookup((cachetlbentry *)l->tlb->elts,
-                                 (cacheentry *)l->entries->elts, ce->key);
-            if (e != NULL) {
-                e->time  = ce->time;
-                e->value = ap_pstrdup(c->pool, ce->value);
-                return;
-            }
-
-            for (j = 0; j < l->entries->nelts; j++) {
-                e = &(((cacheentry *)l->entries->elts)[j]);
-                if (strcmp(e->key, ce->key) == 0) {
-                    e->time  = ce->time;
-                    e->value = ap_pstrdup(c->pool, ce->value);
-                  cache_tlb_replace((cachetlbentry *)l->tlb->elts,
-                                    (cacheentry *)l->entries->elts, e);
-                    return;
-                }
-            }
-        }
-    }
-
-    /* create a needed new list */
-    if (!found_list) {
-        l = ap_push_array(c->lists);
-        l->resource = ap_pstrdup(c->pool, res);
-        l->entries  = ap_make_array(c->pool, 2, sizeof(cacheentry));
-        l->tlb      = ap_make_array(c->pool, CACHE_TLB_ROWS,
-                                    sizeof(cachetlbentry));
-        for (i=0; i<CACHE_TLB_ROWS; ++i) {
-            t = &((cachetlbentry *)l->tlb->elts)[i];
-                for (j=0; j<CACHE_TLB_COLS; ++j)
-                    t->t[j] = -1;
-        }
-    }
-
-    /* create the new entry */
-    for (i = 0; i < c->lists->nelts; i++) {
-        l = &(((cachelist *)c->lists->elts)[i]);
-        if (strcmp(l->resource, res) == 0) {
-            e = ap_push_array(l->entries);
-            e->time  = ce->time;
-            e->key   = ap_pstrdup(c->pool, ce->key);
-            e->value = ap_pstrdup(c->pool, ce->value);
-            cache_tlb_replace((cachetlbentry *)l->tlb->elts,
-                              (cacheentry *)l->entries->elts, e);
-            return;
-        }
-    }
-
-    /* not reached, but when it is no problem... */
-    return;
-}
-
-static cacheentry *retrieve_cache_string(cache *c, char *res, char *key)
-{
-    int i;
-    int j;
-    cachelist *l;
-    cacheentry *e;
-
-    for (i = 0; i < c->lists->nelts; i++) {
-        l = &(((cachelist *)c->lists->elts)[i]);
-        if (strcmp(l->resource, res) == 0) {
-
-            e = cache_tlb_lookup((cachetlbentry *)l->tlb->elts,
-                                 (cacheentry *)l->entries->elts, key);
-            if (e != NULL)
-                return e;
-
-            for (j = 0; j < l->entries->nelts; j++) {
-                e = &(((cacheentry *)l->entries->elts)[j]);
-                if (strcmp(e->key, key) == 0) {
-                    return e;
-                }
-            }
-        }
-    }
-    return NULL;
-}
-
-
-
-
-/*
-** +-------------------------------------------------------+
-** |                                                       |
-** |                    misc functions
-** |                                                       |
-** +-------------------------------------------------------+
-*/
-
-static char *subst_prefix_path(request_rec *r, char *input, char *match,
-                               char *subst)
-{
-    char matchbuf[LONG_STRING_LEN];
-    char substbuf[LONG_STRING_LEN];
-    char *output;
-    int l;
-
-    output = input;
-
-    /* first create a match string which always has a trailing slash */
-    l = ap_cpystrn(matchbuf, match, sizeof(matchbuf) - 1) - matchbuf;
-    if (!l || matchbuf[l-1] != '/') {
-       matchbuf[l] = '/';
-       matchbuf[l+1] = '\0';
-       l++;
-    }
-    /* now compare the prefix */
-    if (strncmp(input, matchbuf, l) == 0) {
-        rewritelog(r, 5, "strip matching prefix: %s -> %s", output, output+l);
-        output = ap_pstrdup(r->pool, output+l);
-
-        /* and now add the base-URL as replacement prefix */
-        l = ap_cpystrn(substbuf, subst, sizeof(substbuf) - 1) - substbuf;
-        if (!l || substbuf[l-1] != '/') {
-           substbuf[l] = '/';
-           substbuf[l+1] = '\0';
-           l++;
-        }
-        if (output[0] == '/') {
-            rewritelog(r, 4, "add subst prefix: %s -> %s%s",
-                       output, substbuf, output+1);
-            output = ap_pstrcat(r->pool, substbuf, output+1, NULL);
-        }
-        else {
-            rewritelog(r, 4, "add subst prefix: %s -> %s%s",
-                       output, substbuf, output);
-            output = ap_pstrcat(r->pool, substbuf, output, NULL);
-        }
-    }
-    return output;
-}
-
-
-/*
-**
-**  own command line parser which don't have the '\\' problem
-**
-*/
-
-static int parseargline(char *str, char **a1, char **a2, char **a3)
-{
-    char *cp;
-    int isquoted;
-
-#define SKIP_WHITESPACE(cp) \
-    for ( ; *cp == ' ' || *cp == '\t'; ) { \
-        cp++; \
-    };
-
-#define CHECK_QUOTATION(cp,isquoted) \
-    isquoted = 0; \
-    if (*cp == '"') { \
-        isquoted = 1; \
-        cp++; \
-    }
-
-#define DETERMINE_NEXTSTRING(cp,isquoted) \
-    for ( ; *cp != '\0'; cp++) { \
-        if (   (isquoted    && (*cp     == ' ' || *cp     == '\t')) \
-            || (*cp == '\\' && (*(cp+1) == ' ' || *(cp+1) == '\t'))) { \
-            cp++; \
-            continue; \
-        } \
-        if (   (!isquoted && (*cp == ' ' || *cp == '\t')) \
-            || (isquoted  && *cp == '"')                  ) { \
-            break; \
-        } \
-    }
-
-    cp = str;
-    SKIP_WHITESPACE(cp);
-
-    /*  determine first argument */
-    CHECK_QUOTATION(cp, isquoted);
-    *a1 = cp;
-    DETERMINE_NEXTSTRING(cp, isquoted);
-    if (*cp == '\0') {
-        return 1;
-    }
-    *cp++ = '\0';
-
-    SKIP_WHITESPACE(cp);
-
-    /*  determine second argument */
-    CHECK_QUOTATION(cp, isquoted);
-    *a2 = cp;
-    DETERMINE_NEXTSTRING(cp, isquoted);
-    if (*cp == '\0') {
-        *cp++ = '\0';
-        *a3 = NULL;
-        return 0;
-    }
-    *cp++ = '\0';
-
-    SKIP_WHITESPACE(cp);
-
-    /* again check if there are only two arguments */
-    if (*cp == '\0') {
-        *cp++ = '\0';
-        *a3 = NULL;
-        return 0;
-    }
-
-    /*  determine second argument */
-    CHECK_QUOTATION(cp, isquoted);
-    *a3 = cp;
-    DETERMINE_NEXTSTRING(cp, isquoted);
-    *cp++ = '\0';
-
-    return 0;
-}
-
-
-static void add_env_variable(request_rec *r, char *s)
-{
-    char var[MAX_STRING_LEN];
-    char val[MAX_STRING_LEN];
-    char *cp;
-    int n;
-
-    if ((cp = strchr(s, ':')) != NULL) {
-        n = ((cp-s) > MAX_STRING_LEN-1 ? MAX_STRING_LEN-1 : (cp-s));
-        memcpy(var, s, n);
-        var[n] = '\0';
-        ap_cpystrn(val, cp+1, sizeof(val));
-        ap_table_set(r->subprocess_env, var, val);
-        rewritelog(r, 5, "setting env variable '%s' to '%s'", var, val);
-    }
-}
-
-
-/*
-**
-**  check that a subrequest won't cause infinite recursion
-**
-*/
-
-static int subreq_ok(request_rec *r)
-{
-    /*
-     * either not in a subrequest, or in a subrequest
-     * and URIs aren't NULL and sub/main URIs differ
-     */
-    return (r->main == NULL ||
-	    (r->main->uri != NULL && r->uri != NULL &&
-	     strcmp(r->main->uri, r->uri) != 0));
-}
-
-
-/*
-**
-**  stat() for only the prefix of a path
-**
-*/
-
-static int prefix_stat(const char *path, ap_pool *pool)
-{
-    const char *curpath = path;
-    char *root;
-    char *slash;
-    char *statpath;
-    struct stat sb;
-
-    if (!ap_os_is_path_absolute(curpath)) {
-        return 0;
-    }
-
-    /* need to be a bit tricky here.
-     * Actually we're looking for the first path segment ...
-     */
-    if (*curpath != '/') {
-        /* be safe: +1 = '\0'; +1 = possible additional '\0'
-         * from ap_make_dirstr_prefix
-         */
-        root = ap_palloc(pool, strlen(curpath) + 2);
-        slash = ap_make_dirstr_prefix(root, curpath, 1);
-        curpath += strlen(root);
-    }
-    else {
-            root = "/";
-            ++curpath;
-    }
-
-    /* let's recognize slashes only, the mod_rewrite semantics are opaque
-     * enough.
-     */
-    if ((slash = strchr(curpath, '/')) != NULL) {
-        statpath = ap_pstrcat(pool, root,
-                              ap_pstrndup(pool, curpath, slash - curpath),
-                              NULL);
-    }
-    else {
-        statpath = ap_pstrcat(pool, root, curpath, NULL);
-    }
-
-    if (stat(statpath, &sb) == 0) {
-        return 1;
-    }
-
-    return 0;
-}
-
-
-/*
-**
-**  File locking
-**
-*/
-
-#ifdef USE_FCNTL
-static struct flock   lock_it;
-static struct flock unlock_it;
-#endif
-
-static void fd_lock(request_rec *r, int fd)
-{
-    int rc;
-
-#ifdef USE_FCNTL
-    lock_it.l_whence = SEEK_SET; /* from current point */
-    lock_it.l_start  = 0;        /* -"- */
-    lock_it.l_len    = 0;        /* until end of file */
-    lock_it.l_type   = F_WRLCK;  /* set exclusive/write lock */
-    lock_it.l_pid    = 0;        /* pid not actually interesting */
-
-    while (   ((rc = fcntl(fd, F_SETLKW, &lock_it)) < 0)
-              && (errno == EINTR)                               ) {
-        continue;
-    }
-#endif
-#ifdef USE_FLOCK
-    while (   ((rc = flock(fd, LOCK_EX)) < 0)
-              && (errno == EINTR)               ) {
-        continue;
-    }
-#endif
-#ifdef USE_LOCKING
-    /* Lock the first byte, always, assume we want to append
-       and seek to the end afterwards */
-    lseek(fd, 0, SEEK_SET);
-    rc = _locking(fd, _LK_LOCK, 1);
-    lseek(fd, 0, SEEK_END);
-#endif
-
-    if (rc < 0) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                     "mod_rewrite: failed to lock file descriptor");
-        exit(1);
-    }
-    return;
-}
-
-static void fd_unlock(request_rec *r, int fd)
-{
-    int rc;
-
-#ifdef USE_FCNTL
-    unlock_it.l_whence = SEEK_SET; /* from current point */
-    unlock_it.l_start  = 0;        /* -"- */
-    unlock_it.l_len    = 0;        /* until end of file */
-    unlock_it.l_type   = F_UNLCK;  /* unlock */
-    unlock_it.l_pid    = 0;        /* pid not actually interesting */
-
-    rc = fcntl(fd, F_SETLKW, &unlock_it);
-#endif
-#ifdef USE_FLOCK
-    rc = flock(fd, LOCK_UN);
-#endif
-#ifdef USE_LOCKING
-    lseek(fd, 0, SEEK_SET);
-    rc = _locking(fd, _LK_UNLCK, 1);
-    lseek(fd, 0, SEEK_END);
-#endif
-
-    if (rc < 0) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
-                     "mod_rewrite: failed to unlock file descriptor");
-        exit(1);
-    }
-}
-
-/*
-**
-**  Lexicographic Compare
-**
-*/
-
-static int compare_lexicography(char *cpNum1, char *cpNum2)
-{
-    int i;
-    int n1, n2;
-
-    n1 = strlen(cpNum1);
-    n2 = strlen(cpNum2);
-    if (n1 > n2) {
-        return 1;
-    }
-    if (n1 < n2) {
-        return -1;
-    }
-    for (i = 0; i < n1; i++) {
-        if (cpNum1[i] > cpNum2[i]) {
-            return 1;
-        }
-        if (cpNum1[i] < cpNum2[i]) {
-            return -1;
-        }
-    }
-    return 0;
-}
-
-/*
-**
-**  Bracketed expression handling
-**  s points after the opening bracket
-**
-*/
-
-static char *find_closing_bracket(char *s, int left, int right)
-{
-    int depth;
-
-    for (depth = 1; *s; ++s) {
-	if (*s == right && --depth == 0) {
-	    return s;
-	}
-	else if (*s == left) {
-	    ++depth;
-	}
-    }
-    return NULL;
-}
-
-static char *find_char_in_brackets(char *s, int c, int left, int right)
-{
-    int depth;
-
-    for (depth = 1; *s; ++s) {
-	if (*s == c && depth == 1) {
-	    return s;
-	}
-	else if (*s == right && --depth == 0) {
-	    return NULL;
-	}
-	else if (*s == left) {
-	    ++depth;
-	}
-    }
-    return NULL;
-}
-
-/*EOF*/
diff --git a/usr.sbin/httpd/src/modules/standard/mod_rewrite.h b/usr.sbin/httpd/src/modules/standard/mod_rewrite.h
deleted file mode 100644
index 7d13aa7a2c5..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_rewrite.h
+++ /dev/null
@@ -1,496 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-
-#ifndef _MOD_REWRITE_H
-#define _MOD_REWRITE_H 1
-
-/*
-**                       _                            _ _
-**   _ __ ___   ___   __| |    _ __ _____      ___ __(_) |_ ___
-**  | '_ ` _ \ / _ \ / _` |   | '__/ _ \ \ /\ / / '__| | __/ _ \
-**  | | | | | | (_) | (_| |   | | |  __/\ V  V /| |  | | ||  __/
-**  |_| |_| |_|\___/ \__,_|___|_|  \___| \_/\_/ |_|  |_|\__\___|
-**                       |_____|
-**
-**  URL Rewriting Module
-**
-**  This module uses a rule-based rewriting engine (based on a
-**  regular-expression parser) to rewrite requested URLs on the fly.
-**
-**  It supports an unlimited number of additional rule conditions (which can
-**  operate on a lot of variables, even on HTTP headers) for granular
-**  matching and even external database lookups (either via plain text
-**  tables, DBM hash files or even external processes) for advanced URL
-**  substitution.
-**
-**  It operates on the full URLs (including the PATH_INFO part) both in
-**  per-server context (httpd.conf) and per-dir context (.htaccess) and even
-**  can generate QUERY_STRING parts on result.   The rewriting result finally
-**  can lead to internal subprocessing, external request redirection or even
-**  to internal proxy throughput.
-**
-**  This module was originally written in April 1996 and
-**  gifted exclusively to the The Apache Group in July 1997 by
-**
-**      Ralf S. Engelschall
-**      rse@engelschall.com
-**      www.engelschall.com
-*/
-
-
-    /* Include from the underlaying Unix system ... */
-#include <string.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <time.h>
-#include <signal.h>
-#include <errno.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-    /* Include from the Apache server ... */
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_conf_globals.h"
-#include "http_request.h"
-#include "http_core.h"
-#include "http_log.h"
-#include "http_vhost.h"
-
-    /*
-     * The key in the r->notes table wherein we store our accumulated
-     * Vary values, and the one used for per-condition checks in a chain.
-     */
-#define VARY_KEY "rewrite-Vary"
-#define VARY_KEY_THIS "rewrite-Vary-this"
-
-    /* The NDBM support:
-     * We support only NDBM files.
-     * But we have to stat the file for the mtime,
-     * so we also need to know the file extension
-     */
-#include <ndbm.h>
-#if defined(DBM_SUFFIX)
-#define NDBM_FILE_SUFFIX DBM_SUFFIX
-#elif (defined(DB_LOCK) && defined(DB_SHMEM))
-#define NDBM_FILE_SUFFIX ".db"
-#else
-#define NDBM_FILE_SUFFIX ".pag"
-#endif
-
-
-    /* The locking support:
-     * Try to determine whether we should use fcntl() or flock().
-     * Would be better ap_config.h could provide this... :-(
-     * Small monkey business to ensure that fcntl is preferred,
-     * unless we specified USE_FLOCK_SERIALIZED_ACCEPT during compile.
-     */
-#define USE_FLOCK 1
-#include <sys/file.h>
-#if !defined(USE_FCNTL) && !defined(USE_FLOCK)
-#define USE_FLOCK 1
-#include <sys/file.h>
-#ifndef LOCK_UN
-#undef USE_FLOCK
-#define USE_FCNTL 1
-#include <fcntl.h>
-#endif
-#endif
-
-
-/*
-**
-**  Some defines
-**
-*/
-
-#define ENVVAR_SCRIPT_URL "SCRIPT_URL"
-#define ENVVAR_SCRIPT_URI "SCRIPT_URI"
-
-#ifndef SUPPORT_DBM_REWRITEMAP
-#define SUPPORT_DBM_REWRITEMAP 0
-#endif
-
-#define REWRITE_FORCED_MIMETYPE_NOTEVAR "rewrite-forced-mimetype"
-
-#define CONDFLAG_NONE               1<<0
-#define CONDFLAG_NOCASE             1<<1
-#define CONDFLAG_NOTMATCH           1<<2
-#define CONDFLAG_ORNEXT             1<<3
-
-#define RULEFLAG_NONE               1<<0
-#define RULEFLAG_FORCEREDIRECT      1<<1
-#define RULEFLAG_LASTRULE           1<<2
-#define RULEFLAG_NEWROUND           1<<3
-#define RULEFLAG_CHAIN              1<<4
-#define RULEFLAG_IGNOREONSUBREQ     1<<5
-#define RULEFLAG_NOTMATCH           1<<6
-#define RULEFLAG_PROXY              1<<7
-#define RULEFLAG_PASSTHROUGH        1<<8
-#define RULEFLAG_FORBIDDEN          1<<9
-#define RULEFLAG_GONE               1<<10
-#define RULEFLAG_QSAPPEND           1<<11
-#define RULEFLAG_NOCASE             1<<12
-#define RULEFLAG_NOESCAPE           1<<13
-
-#define ACTION_NORMAL               1<<0
-#define ACTION_NOESCAPE             1<<1
-
-#define MAPTYPE_TXT                 1<<0
-#define MAPTYPE_DBM                 1<<1
-#define MAPTYPE_PRG                 1<<2
-#define MAPTYPE_INT                 1<<3
-#define MAPTYPE_RND                 1<<4
-
-#define ENGINE_DISABLED             1<<0
-#define ENGINE_ENABLED              1<<1
-
-#define OPTION_NONE                 1<<0
-#define OPTION_INHERIT              1<<1
-
-#define CACHEMODE_TS                1<<0
-#define CACHEMODE_TTL               1<<1
-
-#define CACHE_TLB_ROWS 1024
-#define CACHE_TLB_COLS 4
-
-#ifndef FALSE
-#define FALSE 0
-#define TRUE  !FALSE
-#endif
-
-#ifndef NO
-#define NO    FALSE
-#define YES   TRUE
-#endif
-
-#ifndef RAND_MAX
-#define RAND_MAX 32767
-#endif
-
-#ifndef LONG_STRING_LEN
-#define LONG_STRING_LEN 2048
-#endif
-
-#define MAX_ENV_FLAGS 15
-
-/* default maximum number of internal redirects */
-#define REWRITE_REDIRECT_LIMIT 10
-
-/*
-**
-**  our private data structures we handle with
-**
-*/
-
-    /* the list structures for holding the mapfile information
-     * and the rewrite rules
-     */
-typedef struct {
-    char *name;                    /* the name of the map */
-    char *datafile;                /* filename for map data files */
-    char *checkfile;               /* filename to check for map existence */
-    int   type;                    /* the type of the map */
-    int   fpin;                    /* in  file pointer for program maps */
-    int   fpout;                   /* out file pointer for program maps */
-    int   fperr;                   /* err file pointer for program maps */
-    char *(*func)(request_rec *,   /* function pointer for internal maps */
-                  char *);
-} rewritemap_entry;
-
-typedef struct {
-    char    *input;                /* Input string of RewriteCond */
-    char    *pattern;              /* the RegExp pattern string */
-    regex_t *regexp;
-    int      flags;                /* Flags which control the match */
-} rewritecond_entry;
-
-typedef struct {
-    array_header *rewriteconds;    /* the corresponding RewriteCond entries */
-    char    *pattern;              /* the RegExp pattern string */
-    regex_t *regexp;               /* the RegExp pattern compilation */
-    char    *output;               /* the Substitution string */
-    int      flags;                /* Flags which control the substitution */
-    char    *forced_mimetype;      /* forced MIME type of substitution */
-    int      forced_responsecode;  /* forced HTTP redirect response status */
-    char    *env[MAX_ENV_FLAGS+1]; /* added environment variables */
-    int      skip;                 /* number of next rules to skip */
-} rewriterule_entry;
-
-
-    /* the per-server or per-virtual-server configuration
-     * statically generated once on startup for every server
-     */
-typedef struct {
-    int           state;           /* the RewriteEngine state */
-    int           options;         /* the RewriteOption state */
-    char         *rewritelogfile;  /* the RewriteLog filename */
-    int           rewritelogfp;    /* the RewriteLog open filepointer */
-    int           rewriteloglevel; /* the RewriteLog level of verbosity */
-    array_header *rewritemaps;     /* the RewriteMap entries */
-    array_header *rewriteconds;    /* the RewriteCond entries (temporary) */
-    array_header *rewriterules;    /* the RewriteRule entries */
-    server_rec   *server;          /* the corresponding server indicator */
-    int          redirect_limit;   /* maximum number of internal redirects */
-} rewrite_server_conf;
-
-
-    /* the per-directory configuration
-     * generated on-the-fly by Apache server for current request
-     */
-typedef struct {
-    int           state;           /* the RewriteEngine state */
-    int           options;         /* the RewriteOption state */
-    array_header *rewriteconds;    /* the RewriteCond entries (temporary) */
-    array_header *rewriterules;    /* the RewriteRule entries */
-    char         *directory;       /* the directory where it applies */
-    char         *baseurl;         /* the base-URL  where it applies */
-    int          redirect_limit;   /* maximum number of internal redirects */
-} rewrite_perdir_conf;
-
-    /* the per-request configuration
-     */
-typedef struct {
-    int           redirects;       /* current number of redirects */
-    int           redirect_limit;  /* maximum number of redirects */
-} rewrite_request_conf;
-
-
-    /* the cache structures,
-     * a 4-way hash table with LRU functionality
-     */
-typedef struct cacheentry {
-    time_t time;
-    char  *key;
-    char  *value;
-} cacheentry;
-
-typedef struct tlbentry {
-    int t[CACHE_TLB_COLS];
-} cachetlbentry;
-
-typedef struct cachelist {
-    char         *resource;
-    array_header *entries;
-    array_header *tlb;
-} cachelist;
-
-typedef struct cache {
-    pool         *pool;
-    array_header *lists;
-} cache;
-
-
-    /* the regex structure for the
-     * substitution of backreferences
-     */
-typedef struct backrefinfo {
-    char *source;
-    int nsub;
-    regmatch_t regmatch[AP_MAX_REG_MATCH];
-} backrefinfo;
-
-
-/*
-**
-**  forward declarations
-**
-*/
-
-    /* config structure handling */
-static void *config_server_create(pool *p, server_rec *s);
-static void *config_server_merge (pool *p, void *basev, void *overridesv);
-static void *config_perdir_create(pool *p, char *path);
-static void *config_perdir_merge (pool *p, void *basev, void *overridesv);
-
-    /* config directive handling */
-static const char *cmd_rewriteengine(cmd_parms *cmd,
-                                     rewrite_perdir_conf *dconf, int flag);
-static const char *cmd_rewriteoptions(cmd_parms *cmd,
-                                      void *in_dconf,
-                                      const char *option);
-static const char *cmd_rewritelog     (cmd_parms *cmd, void *dconf, char *a1);
-static const char *cmd_rewriteloglevel(cmd_parms *cmd, void *dconf, char *a1);
-static const char *cmd_rewritemap     (cmd_parms *cmd, void *dconf, char *a1,
-                                       char *a2);
-static const char *cmd_rewritelock(cmd_parms *cmd, void *dconf, char *a1);
-static const char *cmd_rewritebase(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *a1);
-static const char *cmd_rewritecond(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *str);
-static const char *cmd_rewritecond_parseflagfield(pool *p,
-                                                  rewritecond_entry *new,
-                                                  char *str);
-static const char *cmd_rewritecond_setflag(pool *p, rewritecond_entry *cfg,
-                                           char *key, char *val);
-static const char *cmd_rewriterule(cmd_parms *cmd, rewrite_perdir_conf *dconf,
-                                   char *str);
-static const char *cmd_rewriterule_parseflagfield(pool *p,
-                                                  rewriterule_entry *new,
-                                                  char *str);
-static const char *cmd_rewriterule_setflag(pool *p, rewriterule_entry *cfg,
-                                           char *key, char *val);
-
-    /* initialisation */
-static void init_module(server_rec *s, pool *p);
-static void init_child(server_rec *s, pool *p);
-
-    /* runtime hooks */
-static int hook_uri2file   (request_rec *r);
-static int hook_mimetype   (request_rec *r);
-static int hook_fixup      (request_rec *r);
-static int handler_redirect(request_rec *r);
-
-    /* rewriting engine */
-static int apply_rewrite_list(request_rec *r, array_header *rewriterules,
-                              char *perdir);
-static int apply_rewrite_rule(request_rec *r, rewriterule_entry *p,
-                              char *perdir);
-static int apply_rewrite_cond(request_rec *r, rewritecond_entry *p,
-                              char *perdir, backrefinfo *briRR,
-                              backrefinfo *briRC);
-
-static void do_expand(request_rec *r, char *input, char *buffer, int nbuf,
-		       backrefinfo *briRR, backrefinfo *briRC);
-static void do_expand_env(request_rec *r, char *env[],
-			  backrefinfo *briRR, backrefinfo *briRC);
-
-    /* URI transformation function */
-static void  splitout_queryargs(request_rec *r, int qsappend);
-static void  fully_qualify_uri(request_rec *r);
-static void  reduce_uri(request_rec *r);
-static unsigned is_absolute_uri(char *uri);
-static char *escape_absolute_uri(ap_pool *p, char *uri, unsigned scheme);
-static char *expand_tildepaths(request_rec *r, char *uri);
-
-    /* rewrite map support functions */
-static char *lookup_map(request_rec *r, char *name, char *key);
-static char *lookup_map_txtfile(request_rec *r, char *file, char *key);
-static char *lookup_map_dbmfile(request_rec *r, char *file, char *key);
-static char *lookup_map_program(request_rec *r, int fpin,
-                                int fpout, char *key);
-static char *lookup_map_internal(request_rec *r,
-                                 char *(*func)(request_rec *r, char *key),
-                                 char *key);
-static char *rewrite_mapfunc_toupper(request_rec *r, char *key);
-static char *rewrite_mapfunc_tolower(request_rec *r, char *key);
-static char *rewrite_mapfunc_escape(request_rec *r, char *key);
-static char *rewrite_mapfunc_unescape(request_rec *r, char *key);
-static char *select_random_value_part(request_rec *r, char *value);
-static void  rewrite_rand_init(void);
-static int   rewrite_rand(int l, int h);
-
-    /* rewriting logfile support */
-static void  open_rewritelog(server_rec *s, pool *p);
-static void  rewritelog(request_rec *r, int level, const char *text, ...)
-                        __attribute__((format(printf,3,4)));
-static char *current_logtime(request_rec *r);
-
-    /* rewriting lockfile support */
-static void rewritelock_create(server_rec *s, pool *p);
-static void rewritelock_open(server_rec *s, pool *p);
-static void rewritelock_remove(void *data);
-static void rewritelock_alloc(request_rec *r);
-static void rewritelock_free(request_rec *r);
-
-    /* program map support */
-static void  run_rewritemap_programs(server_rec *s, pool *p);
-static int   rewritemap_program_child(void *cmd, child_info *pinfo);
-
-    /* env variable support */
-static char *lookup_variable(request_rec *r, char *var);
-static char *lookup_header(request_rec *r, const char *name);
-
-    /* caching functions */
-static cache *init_cache(pool *p);
-static char  *get_cache_string(cache *c, char *res, int mode, time_t mtime,
-                               char *key);
-static void   set_cache_string(cache *c, char *res, int mode, time_t mtime,
-                               char *key, char *value);
-static cacheentry *retrieve_cache_string(cache *c, char *res, char *key);
-static void   store_cache_string(cache *c, char *res, cacheentry *ce);
-
-    /* misc functions */
-static char  *subst_prefix_path(request_rec *r, char *input, char *match,
-                                char *subst);
-static int    parseargline(char *str, char **a1, char **a2, char **a3);
-static int    prefix_stat(const char *path, ap_pool *pool);
-static void   add_env_variable(request_rec *r, char *s);
-static int    subreq_ok(request_rec *r);
-static int    is_redirect_limit_exceeded(request_rec *r);
-
-    /* File locking */
-static void fd_lock(request_rec *r, int fd);
-static void fd_unlock(request_rec *r, int fd);
-
-    /* Lexicographic Comparison */
-static int compare_lexicography(char *cpNum1, char *cpNum2);
-
-    /* Bracketed expression handling */
-static char *find_closing_bracket(char *s, int left, int right);
-static char *find_char_in_brackets(char *s, int c, int left, int right);
-
-    /* Find end of bracketed expression */
-static char *find_closing_bracket(char *s, int left, int right);
-
-#endif /* _MOD_REWRITE_H */
-
-/*EOF*/
diff --git a/usr.sbin/httpd/src/modules/standard/mod_setenvif.c b/usr.sbin/httpd/src/modules/standard/mod_setenvif.c
deleted file mode 100644
index 43941c67928..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_setenvif.c
+++ /dev/null
@@ -1,483 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_setenvif.c
- * Set environment variables based on matching request headers or
- * attributes against regex strings
- * 
- * Paul Sutton <paul@ukweb.com> 27 Oct 1996
- * Based on mod_browser by Alexei Kosut <akosut@organic.com>
- */
-
-/*
- * Used to set environment variables based on the incoming request headers,
- * or some selected other attributes of the request (e.g., the remote host
- * name).
- *
- * Usage:
- *
- *   SetEnvIf name regex var ...
- *
- * where name is either a HTTP request header name, or one of the
- * special values (see below). The 'value' of the header (or the
- * value of the special value from below) are compared against the
- * regex argument. If this is a simple string, a simple sub-string
- * match is performed. Otherwise, a request expression match is
- * done. If the value matches the string or regular expression, the
- * environment variables listed as var ... are set. Each var can 
- * be in one of three formats: var, which sets the named variable
- * (the value value "1"); var=value, which sets the variable to
- * the given value; or !var, which unsets the variable is it has
- * been previously set.
- *
- * Normally the strings are compared with regard to case. To ignore
- * case, use the directive SetEnvIfNoCase instead.
- *
- * Special values for 'name' are:
- *
- *   server_addr       IP address of interface on which request arrived
- *                     (analogous to SERVER_ADDR set in ap_add_common_vars())
- *   remote_host        Remote host name (if available)
- *   remote_addr        Remote IP address
- *   remote_user        Remote authenticated user (if any)
- *   request_method     Request method (GET, POST, etc)
- *   request_uri        Requested URI
- *
- * Examples:
- *
- * To set the environment variable LOCALHOST if the client is the local
- * machine:
- *
- *    SetEnvIf remote_addr 127.0.0.1 LOCALHOST
- *
- * To set LOCAL if the client is the local host, or within our company's
- * domain (192.168.10):
- *
- *    SetEnvIf remote_addr 192.168.10. LOCAL
- *    SetEnvIf remote_addr 127.0.0.1   LOCALHOST
- *
- * This could be written as:
- *
- *    SetEnvIf remote_addr (127.0.0.1|192.168.10.) LOCAL
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_log.h"
-
-enum special {
-    SPECIAL_NOT,
-    SPECIAL_REMOTE_ADDR,
-    SPECIAL_REMOTE_HOST,
-    SPECIAL_REMOTE_USER,
-    SPECIAL_REQUEST_URI,
-    SPECIAL_REQUEST_METHOD,
-    SPECIAL_REQUEST_PROTOCOL,
-    SPECIAL_SERVER_ADDR
-};
-typedef struct {
-    char *name;                 /* header name */
-    char *regex;                /* regex to match against */
-    regex_t *preg;              /* compiled regex */
-    table *features;            /* env vars to set (or unset) */
-    ENUM_BITFIELD(              /* is it a "special" header ? */
-	enum special,
-	special_type,4);
-    unsigned icase : 1;		/* ignoring case? */
-} sei_entry;
-
-typedef struct {
-    array_header *conditionals;
-} sei_cfg_rec;
-
-module MODULE_VAR_EXPORT setenvif_module;
-
-/*
- * These routines, the create- and merge-config functions, are called
- * for both the server-wide and the per-directory contexts.  This is
- * because the different definitions are used at different times; the
- * server-wide ones are used in the post-read-request phase, and the
- * per-directory ones are used during the header-parse phase (after
- * the URI has been mapped to a file and we have anything from the
- * .htaccess file and <Directory> and <Files> containers).
- */
-static void *create_setenvif_config(pool *p)
-{
-    sei_cfg_rec *new = (sei_cfg_rec *) ap_palloc(p, sizeof(sei_cfg_rec));
-
-    new->conditionals = ap_make_array(p, 20, sizeof(sei_entry));
-    return (void *) new;
-}
-
-static void *create_setenvif_config_svr(pool *p, server_rec *dummy)
-{
-    return create_setenvif_config(p);
-}
-
-static void *create_setenvif_config_dir(pool *p, char *dummy)
-{
-    return create_setenvif_config(p);
-}
-
-static void *merge_setenvif_config(pool *p, void *basev, void *overridesv)
-{
-    sei_cfg_rec *a = ap_pcalloc(p, sizeof(sei_cfg_rec));
-    sei_cfg_rec *base = basev, *overrides = overridesv;
-
-    a->conditionals = ap_append_arrays(p, base->conditionals,
-				       overrides->conditionals);
-    return a;
-}
-
-/*
- * any non-NULL magic constant will do... used to indicate if REG_ICASE should
- * be used
- */
-#define ICASE_MAGIC	((void *)(&setenvif_module))
-#define SEI_MAGIC_HEIRLOOM "setenvif-phase-flag"
-
-static const char *add_setenvif_core(cmd_parms *cmd, void *mconfig,
-				     char *fname, const char *args)
-{
-    char *regex;
-    const char *feature;
-    sei_cfg_rec *sconf;
-    sei_entry *new;
-    sei_entry *entries;
-    char *var;
-    int i;
-    int beenhere = 0;
-    unsigned icase;
-    int perdir;
-
-    /*
-     * Determine from our context into which record to put the entry.
-     * cmd->path == NULL means we're in server-wide context; otherwise,
-     * we're dealing with a per-directory setting.
-     */
-    perdir = (cmd->path != NULL);
-    sconf = perdir
-	? (sei_cfg_rec *) mconfig
-	: (sei_cfg_rec *) ap_get_module_config(cmd->server->module_config,
-					       &setenvif_module);
-    entries = (sei_entry *) sconf->conditionals->elts;
-    /* get regex */
-    regex = ap_getword_conf(cmd->pool, &args);
-    if (!*regex) {
-        return ap_pstrcat(cmd->pool, "Missing regular expression for ",
-			  cmd->cmd->name, NULL);
-    }
-
-    /*
-     * If we've already got a sei_entry with the same name we want to
-     * just copy the name pointer... so that later on we can compare
-     * two header names just by comparing the pointers.
-     */
-
-    for (i = 0; i < sconf->conditionals->nelts; ++i) {
-        new = &entries[i];
-	if (!strcasecmp(new->name, fname)) {
-	    fname = new->name;
-	    break;
-	}
-    }
-
-    /* if the last entry has an identical headername and regex then
-     * merge with it
-     */
-    i = sconf->conditionals->nelts - 1;
-    icase = cmd->info == ICASE_MAGIC;
-    if (i < 0
-	|| entries[i].name != fname
-	|| entries[i].icase != icase
-	|| strcmp(entries[i].regex, regex)) {
-
-	/* no match, create a new entry */
-
-	new = ap_push_array(sconf->conditionals);
-	new->name = fname;
-	new->regex = regex;
-	new->icase = icase;
-	new->preg = ap_pregcomp(cmd->pool, regex,
-				(REG_EXTENDED | REG_NOSUB
-				 | (icase ? REG_ICASE : 0)));
-	if (new->preg == NULL) {
-	    return ap_pstrcat(cmd->pool, cmd->cmd->name,
-			      " regex could not be compiled.", NULL);
-	}
-	new->features = ap_make_table(cmd->pool, 2);
-
-	if (!strcasecmp(fname, "remote_addr")) {
-	    new->special_type = SPECIAL_REMOTE_ADDR;
-	}
-	else if (!strcasecmp(fname, "remote_host")) {
-	    new->special_type = SPECIAL_REMOTE_HOST;
-	}
-	else if (!strcasecmp(fname, "remote_user")) {
-	    new->special_type = SPECIAL_REMOTE_USER;
-	}
-	else if (!strcasecmp(fname, "request_uri")) {
-	    new->special_type = SPECIAL_REQUEST_URI;
-	}
-	else if (!strcasecmp(fname, "request_method")) {
-	    new->special_type = SPECIAL_REQUEST_METHOD;
-	}
-	else if (!strcasecmp(fname, "request_protocol")) {
-	    new->special_type = SPECIAL_REQUEST_PROTOCOL;
-	}
-        else if (!strcasecmp(fname, "server_addr")) {
-            new->special_type = SPECIAL_SERVER_ADDR;
-        }
-	else {
-	    new->special_type = SPECIAL_NOT;
-	}
-    }
-    else {
-	new = &entries[i];
-    }
-
-    for ( ; ; ) {
-	feature = ap_getword_conf(cmd->pool, &args);
-	if (!*feature) {
-	    break;
-	}
-        beenhere++;
-
-        var = ap_getword(cmd->pool, &feature, '=');
-        if (*feature) {
-            ap_table_setn(new->features, var, feature);
-        }
-        else if (*var == '!') {
-            ap_table_setn(new->features, var + 1, "!");
-        }
-        else {
-            ap_table_setn(new->features, var, "1");
-        }
-    }
-
-    if (!beenhere) {
-        return ap_pstrcat(cmd->pool, "Missing envariable expression for ",
-			  cmd->cmd->name, NULL);
-    }
-
-    return NULL;
-}
-
-static const char *add_setenvif(cmd_parms *cmd, void *mconfig,
-				const char *args)
-{
-    char *fname;
-
-    /* get header name */
-    fname = ap_getword_conf(cmd->pool, &args);
-    if (!*fname) {
-        return ap_pstrcat(cmd->pool, "Missing header-field name for ",
-			  cmd->cmd->name, NULL);
-    }
-    return add_setenvif_core(cmd, mconfig, fname, args);
-}
-
-/*
- * This routine handles the BrowserMatch* directives.  It simply turns around
- * and feeds them, with the appropriate embellishments, to the general-purpose
- * command handler.
- */
-static const char *add_browser(cmd_parms *cmd, void *mconfig, const char *args)
-{
-    return add_setenvif_core(cmd, mconfig, "User-Agent", args);
-}
-
-static const command_rec setenvif_module_cmds[] =
-{
-    { "SetEnvIf", add_setenvif, NULL,
-      OR_FILEINFO, RAW_ARGS, "A header-name, regex and a list of variables." },
-    { "SetEnvIfNoCase", add_setenvif, ICASE_MAGIC,
-      OR_FILEINFO, RAW_ARGS, "a header-name, regex and a list of variables." },
-    { "BrowserMatch", add_browser, NULL,
-      OR_FILEINFO, RAW_ARGS, "A browser regex and a list of variables." },
-    { "BrowserMatchNoCase", add_browser, ICASE_MAGIC,
-      OR_FILEINFO, RAW_ARGS, "A browser regex and a list of variables." },
-    { NULL },
-};
-
-/*
- * This routine gets called at two different points in request processing:
- * once before the URI has been translated (during the post-read-request
- * phase) and once after (during the header-parse phase).  We use different
- * config records for the two different calls to reduce overhead (by not
- * re-doing the server-wide settings during directory processing), and
- * signal which call it is by having the earlier one pass a flag to the
- * later one.
- */
-static int match_headers(request_rec *r)
-{
-    sei_cfg_rec *sconf;
-    sei_entry *entries;
-    table_entry *elts;
-    const char *val;
-    int i, j;
-    int perdir;
-    char *last_name;
-
-    perdir = (ap_table_get(r->notes, SEI_MAGIC_HEIRLOOM) != NULL);
-    if (! perdir) {
-	ap_table_set(r->notes, SEI_MAGIC_HEIRLOOM, "post-read done");
-	sconf  = (sei_cfg_rec *) ap_get_module_config(r->server->module_config,
-						      &setenvif_module);
-    }
-    else {
-	sconf = (sei_cfg_rec *) ap_get_module_config(r->per_dir_config,
-						     &setenvif_module);
-    }
-    entries = (sei_entry *) sconf->conditionals->elts;
-    last_name = NULL;
-    val = NULL;
-    for (i = 0; i < sconf->conditionals->nelts; ++i) {
-        sei_entry *b = &entries[i];
-
-	/* Optimize the case where a bunch of directives in a row use the
-	 * same header.  Remember we don't need to strcmp the two header
-	 * names because we made sure the pointers were equal during
-	 * configuration.
-	 */
-	if (b->name != last_name) {
-	    last_name = b->name;
-	    switch (b->special_type) {
-	    case SPECIAL_REMOTE_ADDR:
-		val = r->connection->remote_ip;
-                break;
-            case SPECIAL_SERVER_ADDR:
-                val = r->connection->local_ip;
-                break;
-	    case SPECIAL_REMOTE_HOST:
-		val =  ap_get_remote_host(r->connection, r->per_dir_config,
-					  REMOTE_NAME);
-		break;
-	    case SPECIAL_REMOTE_USER:
-		val = r->connection->user;
-		break;
-	    case SPECIAL_REQUEST_URI:
-		val = r->uri;
-		break;
-	    case SPECIAL_REQUEST_METHOD:
-		val = r->method;
-		break;
-	    case SPECIAL_REQUEST_PROTOCOL:
-		val = r->protocol;
-		break;
-	    case SPECIAL_NOT:
-		val = ap_table_get(r->headers_in, b->name);
-		if (val == NULL) {
-		    val = ap_table_get(r->subprocess_env, b->name);
-		}
-		break;
-	    }
-        }
-
-	/*
-	 * A NULL value indicates that the header field or special entity
-	 * wasn't present or is undefined.  Represent that as an empty string
-	 * so that REs like "^$" will work and allow envariable setting
-	 * based on missing or empty field.
-	 */
-        if (val == NULL) {
-            val = "";
-        }
-
-        if (!ap_regexec(b->preg, val, 0, NULL, 0)) {
-	    array_header *arr = ap_table_elts(b->features);
-            elts = (table_entry *) arr->elts;
-
-            for (j = 0; j < arr->nelts; ++j) {
-                if (!strcmp(elts[j].val, "!")) {
-                    ap_table_unset(r->subprocess_env, elts[j].key);
-                }
-                else {
-                    ap_table_setn(r->subprocess_env, elts[j].key, elts[j].val);
-                }
-            }
-        }
-    }
-
-    return DECLINED;
-}
-
-module MODULE_VAR_EXPORT setenvif_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_setenvif_config_dir, /* dir config creater */
-    merge_setenvif_config,      /* dir merger --- default is to override */
-    create_setenvif_config_svr, /* server config */
-    merge_setenvif_config,      /* merge server configs */
-    setenvif_module_cmds,       /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    match_headers,              /* input header parse */
-    NULL,                       /* child (process) initialization */
-    NULL,                       /* child (process) rundown */
-    match_headers               /* post_read_request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_so.c b/usr.sbin/httpd/src/modules/standard/mod_so.c
deleted file mode 100644
index 737ff46e6d1..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_so.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/*	$OpenBSD: mod_so.c,v 1.15 2007/03/01 20:48:34 david Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* 
- * This module is used to load Apache modules at runtime. This means that the
- * server functionality can be extended without recompiling and even without
- * taking the server down at all. Only a HUP or USR1 signal needs to be send
- * to the server to reload the dynamically loaded modules.
- *
- * To use, you'll first need to build your module as a shared library, then
- * update your configuration (httpd.conf) to get the Apache core to load the
- * module at start-up.
- *
- * The easiest way to build a module as a shared library is to use the
- * `SharedModule' command in the Configuration file, instead of `AddModule'.
- * You should also change the file extension from `.o' to `.so'. So, for
- * example, to build the status module as a shared library edit Configuration
- * and change
- *   AddModule    modules/standard/mod_status.o
- * to
- *   SharedModule modules/standard/mod_status.so
- *
- * Run Configure and make. Now Apache's httpd binary will _not_ include
- * mod_status. Instead a shared object called mod_status.so will be build, in
- * the modules/standard directory. You can build most of the modules as shared
- * libraries like this.
- *
- * To use the shared module, move the .so file(s) into an appropriate
- * directory. You might like to create a directory called "modules" under you
- * server root for this (e.g. /usr/local/httpd/modules). 
- *
- * Then edit your conf/httpd.conf file, and add LoadModule lines. For
- * example
- *   LoadModule  status_module   modules/mod_status.so
- *
- * The first argument is the module's structure name (look at the end of the
- * module source to find this). The second option is the path to the module
- * file, relative to the server root.  Put these directives right at the top
- * of your httpd.conf file.
- *
- * Now you can start Apache. A message will be logged at "debug" level to your
- * error_log to confirm that the module(s) are loaded (use "LogLevel debug"
- * directive to get these log messages).
- *
- * If you edit the LoadModule directives while the server is live you can get
- * Apache to re-load the modules by sending it a HUP or USR1 signal as normal.
- * You can use this to dynamically change the capability of your server
- * without bringing it down.
- *
- * Because currently there is only limited built-in support in the Configure
- * script for creating the shared library files (`.so'), please consult your
- * vendors cc(1), ld(1) and dlopen(3) manpages to find out the appropriate
- * compiler and linker flags and insert them manually into the Configuration
- * file under CFLAGS_SHLIB, LDFLAGS_SHLIB and LDFLAGS_SHLIB_EXPORT.
- *
- * If you still have problems figuring out the flags both try the paper
- *     http://developer.netscape.com/library/documentation/enterprise
- *                                          /unix/svrplug.htm#1013807
- * or install a Perl 5 interpreter on your platform and then run the command
- *
- *     $ perl -V:usedl -V:ccdlflags -V:cccdlflags -V:lddlflags
- *
- * This gives you what type of dynamic loading Perl 5 uses on your platform
- * and which compiler and linker flags Perl 5 uses to create the shared object
- * files.
- *
- * Another location where you can find useful hints is the `ltconfig' script
- * of the GNU libtool 1.2 package. Search for your platform name inside the
- * various "case" constructs.
- *
- */
-
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "http_main.h"
-
-module MODULE_VAR_EXPORT so_module;
-
-
-/*
- * Server configuration to keep track of actually
- * loaded modules and the corresponding module name.
- */
-
-typedef struct moduleinfo {
-    char *name;
-    module *modp;
-} moduleinfo;
-
-typedef struct so_server_conf {
-    array_header *loaded_modules;
-} so_server_conf;
-
-static void *so_sconf_create(pool *p, server_rec *s)
-{
-    so_server_conf *soc;
-
-    soc = (so_server_conf *)ap_pcalloc(p, sizeof(so_server_conf));
-    soc->loaded_modules = ap_make_array(p, DYNAMIC_MODULE_LIMIT, 
-                                     sizeof(moduleinfo));
-    ap_os_dso_init();
-
-    return (void *)soc;
-}
-
-/*
- * This is the cleanup for a loaded shared object. It unloads the module.
- * This is called as a cleanup function from the core.
- */
-
-static void unload_module(moduleinfo *modi)
-{
-    /* only unload if module information is still existing */
-    if (modi->modp == NULL)
-        return;
-
-    /* remove the module pointer from the core structure */
-    ap_remove_loaded_module(modi->modp);
-
-    /* unload the module space itself */
-    ap_os_dso_unload((ap_os_dso_handle_t)modi->modp->dynamic_load_handle);
-
-    /* destroy the module information */
-    modi->modp = NULL;
-    modi->name = NULL;
-}
-
-/* 
- * This is the cleanup routine for files loaded by
- * load_file(). Unfortunately we don't keep a record of the filename
- * that was loaded, so we can't report the unload for debug purposes
- * or include the filename in error message.
- */
-
-static void unload_file(void *handle)
-{
-    ap_os_dso_unload((ap_os_dso_handle_t)handle);
-}
-
-/* 
- * This is called for the directive LoadModule and actually loads
- * a shared object file into the address space of the server process.
- */
-
-static const char *load_module(cmd_parms *cmd, void *dummy, 
-                               char *modname, char *filename)
-{
-    ap_os_dso_handle_t modhandle;
-    module *modp;
-    const char *szModuleFile=ap_server_root_relative(cmd->pool, filename);
-    so_server_conf *sconf;
-    moduleinfo *modi;
-    moduleinfo *modie;
-    int i;
-
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-    
-    /* 
-     * check for already existing module
-     * If it already exists, we have nothing to do 
-     */
-    sconf = (so_server_conf *)ap_get_module_config(cmd->server->module_config, 
-	                                        &so_module);
-    modie = (moduleinfo *)sconf->loaded_modules->elts;
-    for (i = 0; i < sconf->loaded_modules->nelts; i++) {
-        modi = &modie[i];
-        if (modi->name != NULL && strcmp(modi->name, modname) == 0) {
-            ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, cmd->server,
-                          "module %s is already loaded, skipping", modname);
-            return NULL;
-        }
-    }
-    modi = ap_push_array(sconf->loaded_modules);
-    modi->name = modname;
-
-    /*
-     * Load the file into the Apache address space
-     */
-    ap_server_strip_chroot(szModuleFile, 0);
-    if (!(modhandle = ap_os_dso_load(szModuleFile))) {
-	const char *my_error = ap_os_dso_error();
-	return ap_pstrcat (cmd->pool, "Cannot load ", szModuleFile,
-			" into server: ", 
-			my_error ? my_error : "(reason unknown)",
-			NULL);
-    }
-    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL,
-		"loaded module %s", modname);
-
-    /*
-     * Retrieve the pointer to the module structure through the module name:
-     * First with the hidden variant (prefix `AP_') and then with the plain
-     * symbol name.
-     */
-    if (!(modp = (module *)(ap_os_dso_sym(modhandle, modname)))) {
-	return ap_pstrcat(cmd->pool, "Can't locate API module structure `", modname,
-		       "' in file ", szModuleFile, ": ", ap_os_dso_error(), NULL);
-    }
-    modi->modp = modp;
-    modp->dynamic_load_handle = (void *)modhandle;
-
-    /* 
-     * Make sure the found module structure is really a module structure
-     * 
-     */
-    if (   modp->magic != MODULE_MAGIC_COOKIE_AP13 
-        && modp->magic != MODULE_MAGIC_COOKIE_EAPI) {
-        return ap_pstrcat(cmd->pool, "API module structure `", modname,
-                          "' in file ", szModuleFile, " is garbled -"
-                          " perhaps this is not an Apache module DSO?", NULL);
-    }
-    if (modp->magic == MODULE_MAGIC_COOKIE_AP13) {
-        ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, NULL,
-                     "Loaded DSO %s uses plain Apache 1.3 API, "
-                     "this module might crash under EAPI! "
-                     "(please recompile it with -DEAPI)", filename);
-    }
-
-    /* 
-     * Add this module to the Apache core structures
-     */
-    ap_add_loaded_module(modp);
-
-    /* 
-     * Register a cleanup in the config pool (normally pconf). When
-     * we do a restart (or shutdown) this cleanup will cause the
-     * shared object to be unloaded.
-     */
-    ap_register_cleanup(cmd->pool, modi, 
-		     (void (*)(void*))unload_module, ap_null_cleanup);
-
-    /* 
-     * Finally we need to run the configuration process for the module
-     */
-    ap_single_module_configure(cmd->pool, cmd->server, modp);
-
-    return NULL;
-}
-
-/* 
- * This implements the LoadFile directive and loads an arbitrary
- * shared object file into the address space of the server process.
- */
-
-static const char *load_file(cmd_parms *cmd, void *dummy, char *filename)
-{
-    ap_os_dso_handle_t handle;
-    char *file;
-
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-    
-    file = ap_server_root_relative(cmd->pool, filename);
-    
-    if (!(handle = ap_os_dso_load(file))) {
-	const char *my_error = ap_os_dso_error();
-	return ap_pstrcat (cmd->pool, "Cannot load ", filename, 
-			" into server:", 
-			my_error ? my_error : "(reason unknown)",
-			NULL);
-    }
-    
-    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, NULL,
-		"loaded file %s", filename);
-
-    ap_register_cleanup(cmd->pool, (void *)handle, unload_file, ap_null_cleanup);
-
-    return NULL;
-}
-
-static const command_rec so_cmds[] = {
-    { "LoadModule", load_module, NULL, RSRC_CONF, TAKE2,
-      "a module name and the name of a shared object file to load it from"},
-    { "LoadFile", load_file, NULL, RSRC_CONF, ITERATE,
-      "shared object file or library to load into the server at runtime"},
-    { NULL }
-};
-
-module MODULE_VAR_EXPORT so_module = {
-   STANDARD_MODULE_STUFF,
-   NULL,			/* initializer */
-   NULL,			/* create per-dir config */
-   NULL,			/* merge per-dir config */
-   so_sconf_create,		/* server config */
-   NULL,			/* merge server config */
-   so_cmds,			/* command table */
-   NULL,			/* handlers */
-   NULL,			/* filename translation */
-   NULL,			/* check_user_id */
-   NULL,			/* check auth */
-   NULL,			/* check access */
-   NULL,			/* type_checker */
-   NULL,			/* fixer_upper */
-   NULL,			/* logger */
-   NULL,			/* header parser */
-   NULL,			/* child_init */
-   NULL,			/* child_exit */
-   NULL				/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_speling.c b/usr.sbin/httpd/src/modules/standard/mod_speling.c
deleted file mode 100644
index b44c2c32566..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_speling.c
+++ /dev/null
@@ -1,561 +0,0 @@
-#define WANT_BASENAME_MATCH
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#include "httpd.h"
-#include "http_core.h"
-#include "http_config.h"
-#include "http_log.h"
-
-/* mod_speling.c - by Alexei Kosut <akosut@organic.com> June, 1996
- *
- * This module is transparent, and simple. It attempts to correct
- * misspellings of URLs that users might have entered, namely by checking
- * capitalizations. If it finds a match, it sends a redirect.
- *
- * 08-Aug-1997 <Martin.Kraemer@Mch.SNI.De>
- * o Upgraded module interface to apache_1.3a2-dev API (more NULL's in
- *   speling_module).
- * o Integrated tcsh's "spelling correction" routine which allows one
- *   misspelling (character insertion/omission/typo/transposition).
- *   Rewrote it to ignore case as well. This ought to catch the majority
- *   of misspelled requests.
- * o Commented out the second pass where files' suffixes are stripped.
- *   Given the better hit rate of the first pass, this rather ugly
- *   (request index.html, receive index.db ?!?!) solution can be
- *   omitted.
- * o wrote a "kind of" html page for mod_speling
- *
- * Activate it with "CheckSpelling On"
- */
-
-MODULE_VAR_EXPORT module speling_module;
-
-typedef struct {
-    int enabled;
-} spconfig;
-
-/*
- * Create a configuration specific to this module for a server or directory
- * location, and fill it with the default settings.
- *
- * The API says that in the absence of a merge function, the record for the
- * closest ancestor is used exclusively.  That's what we want, so we don't
- * bother to have such a function.
- */
-
-static void *mkconfig(pool *p)
-{
-    spconfig *cfg = ap_pcalloc(p, sizeof(spconfig));
-
-    cfg->enabled = 0;
-    return cfg;
-}
-
-/*
- * Respond to a callback to create configuration record for a server or
- * vhost environment.
- */
-static void *create_mconfig_for_server(pool *p, server_rec *s)
-{
-    return mkconfig(p);
-}
-
-/*
- * Respond to a callback to create a config record for a specific directory.
- */
-static void *create_mconfig_for_directory(pool *p, char *dir)
-{
-    return mkconfig(p);
-}
-
-/*
- * Handler for the CheckSpelling directive, which is FLAG.
- */
-static const char *set_speling(cmd_parms *cmd, void *mconfig, int arg)
-{
-    spconfig *cfg = (spconfig *) mconfig;
-
-    cfg->enabled = arg;
-    return NULL;
-}
-
-/*
- * Define the directives specific to this module.  This structure is referenced
- * later by the 'module' structure.
- */
-static const command_rec speling_cmds[] =
-{
-    { "CheckSpelling", set_speling, NULL, OR_OPTIONS, FLAG,
-      "whether or not to fix miscapitalized/misspelled requests" },
-    { NULL }
-};
-
-typedef enum {
-    SP_IDENTICAL = 0,
-    SP_MISCAPITALIZED = 1,
-    SP_TRANSPOSITION = 2,
-    SP_MISSINGCHAR = 3,
-    SP_EXTRACHAR = 4,
-    SP_SIMPLETYPO = 5,
-    SP_VERYDIFFERENT = 6
-} sp_reason;
-
-static const char *sp_reason_str[] =
-{
-    "identical",
-    "miscapitalized",
-    "transposed characters",
-    "character missing",
-    "extra character",
-    "mistyped character",
-    "common basename",
-};
-
-typedef struct {
-    const char *name;
-    sp_reason quality;
-} misspelled_file;
-
-/*
- * spdist() is taken from Kernighan & Pike,
- *  _The_UNIX_Programming_Environment_
- * and adapted somewhat to correspond better to psychological reality.
- * (Note the changes to the return values)
- *
- * According to Pollock and Zamora, CACM April 1984 (V. 27, No. 4),
- * page 363, the correct order for this is:
- * OMISSION = TRANSPOSITION > INSERTION > SUBSTITUTION
- * thus, it was exactly backwards in the old version. -- PWP
- *
- * This routine was taken out of tcsh's spelling correction code
- * (tcsh-6.07.04) and re-converted to apache data types ("char" type
- * instead of tcsh's NLS'ed "Char"). Plus it now ignores the case
- * during comparisons, so is a "approximate strcasecmp()".
- * NOTE that is still allows only _one_ real "typo",
- * it does NOT try to correct multiple errors.
- */
-
-static sp_reason spdist(const char *s, const char *t)
-{
-    for (; ap_tolower(*s) == ap_tolower(*t); t++, s++) {
-        if (*t == '\0') {
-            return SP_MISCAPITALIZED;   /* exact match (sans case) */
-	}
-    }
-    if (*s) {
-        if (*t) {
-            if (s[1] && t[1] && ap_tolower(*s) == ap_tolower(t[1])
-		&& ap_tolower(*t) == ap_tolower(s[1])
-		&& strcasecmp(s + 2, t + 2) == 0) {
-                return SP_TRANSPOSITION;        /* transposition */
-	    }
-            if (strcasecmp(s + 1, t + 1) == 0) {
-                return SP_SIMPLETYPO;   /* 1 char mismatch */
-	    }
-        }
-        if (strcasecmp(s + 1, t) == 0) {
-            return SP_EXTRACHAR;        /* extra character */
-	}
-    }
-    if (*t && strcasecmp(s, t + 1) == 0) {
-        return SP_MISSINGCHAR;  /* missing character */
-    }
-    return SP_VERYDIFFERENT;    /* distance too large to fix. */
-}
-
-static int sort_by_quality(const void *left, const void *rite)
-{
-    return (int) (((misspelled_file *) left)->quality)
-        - (int) (((misspelled_file *) rite)->quality);
-}
-
-static int check_speling(request_rec *r)
-{
-    spconfig *cfg;
-    char *good, *bad, *postgood, *url;
-    int filoc, dotloc, urlen, pglen;
-    DIR *dirp;
-    struct DIR_TYPE *dir_entry;
-    array_header *candidates = NULL;
-
-    cfg = ap_get_module_config(r->per_dir_config, &speling_module);
-    if (!cfg->enabled) {
-        return DECLINED;
-    }
-
-    /* We only want to worry about GETs */
-    if (r->method_number != M_GET) {
-        return DECLINED;
-    }
-
-    /* We've already got a file of some kind or another */
-    if (r->proxyreq != NOT_PROXY || (r->finfo.st_mode != 0)) {
-        return DECLINED;
-    }
-
-    /* This is a sub request - don't mess with it */
-    if (r->main) {
-        return DECLINED;
-    }
-
-    /*
-     * The request should end up looking like this:
-     * r->uri: /correct-url/mispelling/more
-     * r->filename: /correct-file/mispelling r->path_info: /more
-     *
-     * So we do this in steps. First break r->filename into two pieces
-     */
-
-    filoc = ap_rind(r->filename, '/');
-    /*
-     * Don't do anything if the request doesn't contain a slash, or
-     * requests "/" 
-     */
-    if (filoc == -1 || strcmp(r->uri, "/") == 0) {
-        return DECLINED;
-    }
-
-    /* good = /correct-file */
-    good = ap_pstrndup(r->pool, r->filename, filoc);
-    /* bad = mispelling */
-    bad = ap_pstrdup(r->pool, r->filename + filoc + 1);
-    /* postgood = mispelling/more */
-    postgood = ap_pstrcat(r->pool, bad, r->path_info, NULL);
-
-    urlen = strlen(r->uri);
-    pglen = strlen(postgood);
-
-    /* Check to see if the URL pieces add up */
-    if (strcmp(postgood, r->uri + (urlen - pglen))) {
-        return DECLINED;
-    }
-
-    /* url = /correct-url */
-    url = ap_pstrndup(r->pool, r->uri, (urlen - pglen));
-
-    /* Now open the directory and do ourselves a check... */
-    dirp = ap_popendir(r->pool, good);
-    if (dirp == NULL) {          /* Oops, not a directory... */
-        return DECLINED;
-    }
-
-    candidates = ap_make_array(r->pool, 2, sizeof(misspelled_file));
-
-    dotloc = ap_ind(bad, '.');
-    if (dotloc == -1) {
-        dotloc = strlen(bad);
-    }
-
-    while ((dir_entry = readdir(dirp)) != NULL) {
-        sp_reason q;
-
-        /*
-         * If we end up with a "fixed" URL which is identical to the
-         * requested one, we must have found a broken symlink or some such.
-         * Do _not_ try to redirect this, it causes a loop!
-         */
-        if (strcmp(bad, dir_entry->d_name) == 0) {
-            ap_pclosedir(r->pool, dirp);
-            return OK;
-        }
-        /*
-         * miscapitalization errors are checked first (like, e.g., lower case
-         * file, upper case request)
-         */
-        else if (strcasecmp(bad, dir_entry->d_name) == 0) {
-            misspelled_file *sp_new;
-
-	    sp_new = (misspelled_file *) ap_push_array(candidates);
-            sp_new->name = ap_pstrdup(r->pool, dir_entry->d_name);
-            sp_new->quality = SP_MISCAPITALIZED;
-        }
-        /*
-         * simple typing errors are checked next (like, e.g.,
-         * missing/extra/transposed char)
-         */
-        else if ((q = spdist(bad, dir_entry->d_name)) != SP_VERYDIFFERENT) {
-            misspelled_file *sp_new;
-
-	    sp_new = (misspelled_file *) ap_push_array(candidates);
-            sp_new->name = ap_pstrdup(r->pool, dir_entry->d_name);
-            sp_new->quality = q;
-        }
-        /*
-	 * The spdist() should have found the majority of the misspelled
-	 * requests.  It is of questionable use to continue looking for
-	 * files with the same base name, but potentially of totally wrong
-	 * type (index.html <-> index.db).
-	 * I would propose to not set the WANT_BASENAME_MATCH define.
-         *      08-Aug-1997 <Martin.Kraemer@Mch.SNI.De>
-         *
-         * However, Alexei replied giving some reasons to add it anyway:
-         * > Oh, by the way, I remembered why having the
-         * > extension-stripping-and-matching stuff is a good idea:
-         * >
-         * > If you're using MultiViews, and have a file named foobar.html,
-	 * > which you refer to as "foobar", and someone tried to access
-	 * > "Foobar", mod_speling won't find it, because it won't find
-	 * > anything matching that spelling. With the extension-munging,
-	 * > it would locate "foobar.html". Not perfect, but I ran into
-	 * > that problem when I first wrote the module.
-	 */
-        else {
-#ifdef WANT_BASENAME_MATCH
-            /*
-             * Okay... we didn't find anything. Now we take out the hard-core
-             * power tools. There are several cases here. Someone might have
-             * entered a wrong extension (.htm instead of .html or vice
-             * versa) or the document could be negotiated. At any rate, now
-             * we just compare stuff before the first dot. If it matches, we
-             * figure we got us a match. This can result in wrong things if
-             * there are files of different content types but the same prefix
-             * (e.g. foo.gif and foo.html) This code will pick the first one
-             * it finds. Better than a Not Found, though.
-             */
-            int entloc = ap_ind(dir_entry->d_name, '.');
-            if (entloc == -1) {
-                entloc = strlen(dir_entry->d_name);
-	    }
-
-            if ((dotloc == entloc)
-                && !strncasecmp(bad, dir_entry->d_name, dotloc)) {
-                misspelled_file *sp_new;
-
-		sp_new = (misspelled_file *) ap_push_array(candidates);
-                sp_new->name = ap_pstrdup(r->pool, dir_entry->d_name);
-                sp_new->quality = SP_VERYDIFFERENT;
-            }
-#endif
-        }
-    }
-    ap_pclosedir(r->pool, dirp);
-
-    if (candidates->nelts != 0) {
-        /* Wow... we found us a mispelling. Construct a fixed url */
-        char *nuri;
-	const char *ref;
-        misspelled_file *variant = (misspelled_file *) candidates->elts;
-        int i;
-
-        ref = ap_table_get(r->headers_in, "Referer");
-
-        qsort((void *) candidates->elts, candidates->nelts,
-              sizeof(misspelled_file), sort_by_quality);
-
-        /*
-         * Conditions for immediate redirection: 
-         *     a) the first candidate was not found by stripping the suffix 
-         * AND b) there exists only one candidate OR the best match is not
-	 *        ambiguous
-         * then return a redirection right away.
-         */
-        if (variant[0].quality != SP_VERYDIFFERENT
-	    && (candidates->nelts == 1
-		|| variant[0].quality != variant[1].quality)) {
-
-            nuri = ap_escape_uri(r->pool, ap_pstrcat(r->pool, url,
-						     variant[0].name,
-						     r->path_info, NULL));
-	    if (r->parsed_uri.query)
-		nuri = ap_pstrcat(r->pool, nuri, "?", r->parsed_uri.query, NULL);
-
-            ap_table_setn(r->headers_out, "Location",
-			  ap_construct_url(r->pool, nuri, r));
-
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_INFO, r,
-			 ref ? "Fixed spelling: %s to %s from %s"
-			     : "Fixed spelling: %s to %s",
-			 r->uri, nuri, ref);
-
-            return HTTP_MOVED_PERMANENTLY;
-        }
-        /*
-         * Otherwise, a "[300] Multiple Choices" list with the variants is
-         * returned.
-         */
-        else {
-            pool *p;
-            table *notes;
-	    pool *sub_pool;
-	    array_header *t;
-	    array_header *v;
-
-
-            if (r->main == NULL) {
-                p = r->pool;
-                notes = r->notes;
-            }
-            else {
-                p = r->main->pool;
-                notes = r->main->notes;
-            }
-
-	    sub_pool = ap_make_sub_pool(p);
-	    t = ap_make_array(sub_pool, candidates->nelts * 8 + 8,
-			      sizeof(char *));
-	    v = ap_make_array(sub_pool, candidates->nelts * 5,
-			      sizeof(char *));
-
-            /* Generate the response text. */
-
-	    *(const char **)ap_push_array(t) =
-			  "The document name you requested (<code>";
-	    *(const char **)ap_push_array(t) = ap_escape_html(sub_pool, r->uri);
-	    *(const char **)ap_push_array(t) =
-			   "</code>) could not be found on this server.\n"
-			   "However, we found documents with names similar "
-			   "to the one you requested.<p>"
-			   "Available documents:\n<ul>\n";
-
-            for (i = 0; i < candidates->nelts; ++i) {
-		char *vuri;
-		const char *reason;
-
-		reason = sp_reason_str[(int) (variant[i].quality)];
-                /* The format isn't very neat... */
-		vuri = ap_pstrcat(sub_pool, url, variant[i].name, r->path_info,
-				  (r->parsed_uri.query != NULL) ? "?" : "",
-				  (r->parsed_uri.query != NULL)
-				      ? r->parsed_uri.query : "",
-				  NULL);
-		*(const char **)ap_push_array(v) = "\"";
-		*(const char **)ap_push_array(v) = ap_escape_uri(sub_pool, vuri);
-		*(const char **)ap_push_array(v) = "\";\"";
-		*(const char **)ap_push_array(v) = reason;
-		*(const char **)ap_push_array(v) = "\"";
-
-		*(const char **)ap_push_array(t) = "<li><a href=\"";
-		*(const char **)ap_push_array(t) = ap_escape_uri(sub_pool, vuri);
-		*(const char **)ap_push_array(t) = "\">";
-		*(const char **)ap_push_array(t) = ap_escape_html(sub_pool, vuri);
-		*(const char **)ap_push_array(t) = "</a> (";
-		*(const char **)ap_push_array(t) = reason;
-		*(const char **)ap_push_array(t) = ")\n";
-
-                /*
-                 * when we have printed the "close matches" and there are
-                 * more "distant matches" (matched by stripping the suffix),
-                 * then we insert an additional separator text to suggest
-                 * that the user LOOK CLOSELY whether these are really the
-                 * files she wanted.
-                 */
-                if (i > 0 && i < candidates->nelts - 1
-                    && variant[i].quality != SP_VERYDIFFERENT
-                    && variant[i + 1].quality == SP_VERYDIFFERENT) {
-		    *(const char **)ap_push_array(t) = 
-				   "</ul>\nFurthermore, the following related "
-				   "documents were found:\n<ul>\n";
-                }
-            }
-	    *(const char **)ap_push_array(t) = "</ul>\n";
-
-            /* If we know there was a referring page, add a note: */
-            if (ref != NULL) {
-                *(const char **)ap_push_array(t) =
-			       "Please consider informing the owner of the "
-			       "<a href=\"";
-		*(const char **)ap_push_array(t) = ap_escape_uri(sub_pool, ref);
-                *(const char **)ap_push_array(t) = "\">referring page</a> "
-			       "about the broken link.\n";
-	    }
-
-
-            /* Pass our table to http_protocol.c (see mod_negotiation): */
-            ap_table_setn(notes, "variant-list", ap_array_pstrcat(p, t, 0));
-
-	    ap_table_mergen(r->subprocess_env, "VARIANTS",
-			    ap_array_pstrcat(p, v, ','));
-	  
-	    ap_destroy_pool(sub_pool);
-
-            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_INFO, r,
-			 ref ? "Spelling fix: %s: %d candidates from %s"
-			     : "Spelling fix: %s: %d candidates",
-			 r->uri, candidates->nelts, ref);
-
-            return HTTP_MULTIPLE_CHOICES;
-        }
-    }
-
-    return OK;
-}
-
-module MODULE_VAR_EXPORT speling_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    create_mconfig_for_directory,  /* create per-dir config */
-    NULL,                       /* merge per-dir config */
-    create_mconfig_for_server,  /* server config */
-    NULL,                       /* merge server config */
-    speling_cmds,               /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    check_speling,              /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_status.c b/usr.sbin/httpd/src/modules/standard/mod_status.c
deleted file mode 100644
index 6f1a897934f..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_status.c
+++ /dev/null
@@ -1,736 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* Status Module.  Display lots of internal data about how Apache is
- * performing and the state of all children processes.
- *
- * To enable this, add the following lines into any config file:
- *
- * <Location /server-status>
- * SetHandler server-status
- * </Location>
- *
- * You may want to protect this location by password or domain so no one
- * else can look at it.  Then you can access the statistics with a URL like:
- *
- * http://your_server_name/server-status
- *
- * /server-status - Returns page using tables
- * /server-status?notable - Returns page for browsers without table support
- * /server-status?refresh - Returns page with 1 second refresh
- * /server-status?refresh=6 - Returns page with refresh every 6 seconds
- * /server-status?auto - Returns page with data for automatic parsing
- *
- * Mark Cox, mark@ukweb.com, November 1995
- *
- * 12.11.95 Initial version for www.telescope.org
- * 13.3.96  Updated to remove rprintf's [Mark]
- * 18.3.96  Added CPU usage, process information, and tidied [Ben Laurie]
- * 18.3.96  Make extra Scoreboard variables #definable
- * 25.3.96  Make short report have full precision [Ben Laurie suggested]
- * 25.3.96  Show uptime better [Mark/Ben Laurie]
- * 29.3.96  Better HTML and explanation [Mark/Rob Hartill suggested]
- * 09.4.96  Added message for non-STATUS compiled version
- * 18.4.96  Added per child and per slot counters [Jim Jagielski]
- * 01.5.96  Table format, cleanup, even more spiffy data [Chuck Murcko/Jim J.]
- * 18.5.96  Adapted to use new rprintf() routine, incidentally fixing a missing
- *          piece in short reports [Ben Laurie]
- * 21.5.96  Additional Status codes (DNS and LOGGING only enabled if
- *          extended STATUS is enabled) [George Burgyan/Jim J.]
- * 10.8.98  Allow for extended status info at runtime (no more STATUS)
- *          [Jim J.]
- */
-
-#define CORE_PRIVATE
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_protocol.h"
-#include "http_conf_globals.h"	/* for ap_extended_status */
-#include "http_main.h"
-#include "util_script.h"
-#include <time.h>
-#include "scoreboard.h"
-#include "http_log.h"
-
-#define STATUS_MAXLINE		64
-
-#define KBYTE			1024
-#define	MBYTE			1048576L
-#define	GBYTE			1073741824L
-
-#ifndef DEFAULT_TIME_FORMAT 
-#define DEFAULT_TIME_FORMAT "%A, %d-%b-%Y %H:%M:%S %Z"
-#endif
-
-module MODULE_VAR_EXPORT status_module;
-
-/*
- *command-related code. This is here to prevent use of ExtendedStatus
- * without status_module included.
- */
-static const char *set_extended_status(cmd_parms *cmd, void *dummy, int arg) 
-{
-    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
-    if (err != NULL) {
-        return err;
-    }
-    ap_extended_status = arg;
-    return NULL;
-}
-
-static const command_rec status_module_cmds[] =
-{
-    { "ExtendedStatus", set_extended_status, NULL, RSRC_CONF, FLAG,
-      "\"On\" to enable extended status information, \"Off\" to disable" },
-    {NULL}
-};
-
-/* Format the number of bytes nicely */
-static void format_byte_out(request_rec *r, unsigned long bytes)
-{
-    if (bytes < (5 * KBYTE))
-	ap_rprintf(r, "%d B", (int) bytes);
-    else if (bytes < (MBYTE / 2))
-	ap_rprintf(r, "%.1f kB", (float) bytes / KBYTE);
-    else if (bytes < (GBYTE / 2))
-	ap_rprintf(r, "%.1f MB", (float) bytes / MBYTE);
-    else
-	ap_rprintf(r, "%.1f GB", (float) bytes / GBYTE);
-}
-
-static void format_kbyte_out(request_rec *r, unsigned long kbytes)
-{
-    if (kbytes < KBYTE)
-	ap_rprintf(r, "%d kB", (int) kbytes);
-    else if (kbytes < MBYTE)
-	ap_rprintf(r, "%.1f MB", (float) kbytes / KBYTE);
-    else
-	ap_rprintf(r, "%.1f GB", (float) kbytes / MBYTE);
-}
-
-static void show_time(request_rec *r, time_t tsecs)
-{
-    long days, hrs, mins, secs;
-
-    secs = tsecs % 60;
-    tsecs /= 60;
-    mins = tsecs % 60;
-    tsecs /= 60;
-    hrs = tsecs % 24;
-    days = tsecs / 24;
-    if (days)
-	ap_rprintf(r, " %ld day%s", days, days == 1 ? "" : "s");
-    if (hrs)
-	ap_rprintf(r, " %ld hour%s", hrs, hrs == 1 ? "" : "s");
-    if (mins)
-	ap_rprintf(r, " %ld minute%s", mins, mins == 1 ? "" : "s");
-    if (secs)
-	ap_rprintf(r, " %ld second%s", secs, secs == 1 ? "" : "s");
-}
-
-/* Main handler for x-httpd-status requests */
-
-/* ID values for command table */
-
-#define STAT_OPT_END		-1
-#define STAT_OPT_REFRESH	0
-#define STAT_OPT_NOTABLE	1
-#define STAT_OPT_AUTO		2
-
-struct stat_opt {
-    int id;
-    const char *form_data_str;
-    const char *hdr_out_str;
-};
-
-static const struct stat_opt status_options[] =	/* see #defines above */
-{
-    {STAT_OPT_REFRESH, "refresh", "Refresh"},
-    {STAT_OPT_NOTABLE, "notable", NULL},
-    {STAT_OPT_AUTO, "auto", NULL},
-    {STAT_OPT_END, NULL, NULL}
-};
-
-static char status_flags[SERVER_NUM_STATUS];
-
-static int status_handler(request_rec *r)
-{
-    char *loc;
-    time_t nowtime = time(NULL);
-    time_t up_time;
-    int i, res;
-    int ready = 0;
-    int busy = 0;
-    unsigned long count = 0;
-    unsigned long lres, my_lres;
-    unsigned long long bytes, my_bytes, conn_bytes;
-    unsigned short conn_lres;
-    unsigned long bcount = 0;
-    unsigned long kbcount = 0;
-    long req_time;
-    float tick = sysconf(_SC_CLK_TCK);
-    int short_report = 0;
-    int no_table_report = 0;
-    short_score score_record;
-    parent_score ps_record;
-    char stat_buffer[HARD_SERVER_LIMIT];
-    int pid_buffer[HARD_SERVER_LIMIT];
-    clock_t tu, ts, tcu, tcs;
-    server_rec *vhost;
-
-    tu = ts = tcu = tcs = 0;
-
-    if (!ap_exists_scoreboard_image()) {
-	ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
-		    "Server status unavailable in inetd mode");
-	return HTTP_INTERNAL_SERVER_ERROR;
-    }
-    r->allowed = (1 << M_GET);
-    if (r->method_number != M_GET)
-	return DECLINED;
-
-    r->content_type = "text/html; charset=ISO-8859-1";
-
-    /*
-     * Simple table-driven form data set parser that lets you alter the header
-     */
-
-    if (r->args) {
-	i = 0;
-	while (status_options[i].id != STAT_OPT_END) {
-	    if ((loc = strstr(r->args, status_options[i].form_data_str)) != NULL) {
-		switch (status_options[i].id) {
-                case STAT_OPT_REFRESH: {
-                    long refreshtime = 0;
-                    if (*(loc + strlen(status_options[i].form_data_str)) == '=')
-                        refreshtime = atol(loc + strlen(status_options[i].form_data_str)+1);
-                    ap_table_set(r->headers_out,
-                                 status_options[i].hdr_out_str,
-                                 ap_psprintf(r->pool,"%ld",(refreshtime<1)?10:refreshtime));
-                    break;
-                }
-		case STAT_OPT_NOTABLE:
-		    no_table_report = 1;
-		    break;
-		case STAT_OPT_AUTO:
-		    r->content_type = "text/plain; charset=ISO-8859-1";
-		    short_report = 1;
-		    break;
-		}
-	    }
-	    i++;
-	}
-    }
-
-    ap_send_http_header(r);
-
-    if (r->header_only)
-	return 0;
-
-    for (i = 0; i < HARD_SERVER_LIMIT; ++i) {
-	score_record = ap_scoreboard_image->servers[i];
-	ps_record = ap_scoreboard_image->parent[i];
-	res = score_record.status;
-	stat_buffer[i] = status_flags[res];
-	pid_buffer[i] = (int) ps_record.pid;
-	if (res == SERVER_READY)
-	    ready++;
-	else if (res != SERVER_DEAD)
-	    busy++;
-	if (ap_extended_status) {
-	    lres = score_record.access_count;
-	    bytes = score_record.bytes_served;
-	    if (lres != 0 || (res != SERVER_READY && res != SERVER_DEAD)) {
-		tu += score_record.times.tms_utime;
-		ts += score_record.times.tms_stime;
-		tcu += score_record.times.tms_cutime;
-		tcs += score_record.times.tms_cstime;
-		count += lres;
-		bcount += bytes;
-		if (bcount >= KBYTE) {
-		    kbcount += (bcount >> 10);
-		    bcount = bcount & 0x3ff;
-		}
-	    }
-	}
-    }
-
-    up_time = nowtime - ap_restart_time;
-
-    ap_hard_timeout("send status info", r);
-
-    if (!short_report) {
-	ap_rputs(DOCTYPE_HTML_3_2
-		 "<HTML><HEAD>\n<TITLE>Apache Status\n\n",
-		 r);
-	ap_rputs("
    Apache Server Status for ", r);
-	ap_rvputs(r, ap_get_server_name(r), "
    \n\n", NULL);
-	ap_rvputs(r, "Server Version: ",
-	  ap_get_server_version(), "
    \n", NULL);
-	ap_rvputs(r, "Current Time: ",
-	  ap_ht_time(r->pool, nowtime, DEFAULT_TIME_FORMAT, 0), "
    \n", NULL);
-	ap_rvputs(r, "Restart Time: ",
-	  ap_ht_time(r->pool, ap_restart_time, DEFAULT_TIME_FORMAT, 0), 
-	  "
    \n", NULL);
-	ap_rprintf(r, "Parent Server Generation: %d 
    \n", (int) ap_my_generation);
-	ap_rputs("Server uptime: ", r);
-	show_time(r, up_time);
-	ap_rputs("
    \n", r);
-    }
-
-    if (ap_extended_status) {
-	if (short_report) {
-	    ap_rprintf(r, "Total Accesses: %lu\nTotal kBytes: %lu\n",
-		count, kbcount);
-
-	    /* Allow for OS/2 not having CPU stats */
-	    if (ts || tu || tcu || tcs)
-		ap_rprintf(r, "CPULoad: %g\n",
-		    (tu + ts + tcu + tcs) / tick / up_time * 100.);
-
-	    ap_rprintf(r, "Uptime: %ld\n", (long) (up_time));
-	    if (up_time > 0)
-		ap_rprintf(r, "ReqPerSec: %g\n",
-		    (float) count / (float) up_time);
-
-	    if (up_time > 0)
-		ap_rprintf(r, "BytesPerSec: %g\n",
-		    KBYTE * (float) kbcount / (float) up_time);
-
-	    if (count > 0)
-		ap_rprintf(r, "BytesPerReq: %g\n",
-		    KBYTE * (float) kbcount / (float) count);
-	}
-	else {			/* !short_report */
-	    ap_rprintf(r, "Total accesses: %lu - Total Traffic: ", count);
-	    format_kbyte_out(r, kbcount);
-
-	    /* Allow for OS/2 not having CPU stats */
-	    ap_rputs("
    \n", r);
-	    ap_rprintf(r, "CPU Usage: u%g s%g cu%g cs%g",
-		    tu / tick, ts / tick, tcu / tick, tcs / tick);
-
-	    if (ts || tu || tcu || tcs)
-		ap_rprintf(r, " - %.3g%% CPU load",
-		    (tu + ts + tcu + tcs) / tick / up_time * 100.);
-
-	    ap_rputs("
    \n", r);
-
-	    if (up_time > 0)
-		ap_rprintf(r, "%.3g requests/sec - ",
-			(float) count / (float) up_time);
-
-	    if (up_time > 0) {
-		format_byte_out(r, (unsigned long) (KBYTE * (float) kbcount 
-                                                          / (float) up_time));
-		ap_rputs("/second - ", r);
-	    }
-
-	    if (count > 0) {
-		format_byte_out(r, (unsigned long) (KBYTE * (float) kbcount 
-                                                          / (float) count));
-		ap_rputs("/request", r);
-	    }
-
-	    ap_rputs("
    \n", r);
-	}				/* short_report */
-    }					/* ap_extended_status */
-
-    if (!short_report)
-	ap_rprintf(r, "\n%d requests currently being processed, %d idle servers\n"
-		,busy, ready);
-    else
-	ap_rprintf(r, "BusyServers: %d\nIdleServers: %d\n", busy, ready);
-
-    /* send the scoreboard 'table' out */
-
-    if (!short_report)
-	ap_rputs("
    ", r);
-    else
-	ap_rputs("Scoreboard: ", r);
-
-    for (i = 0; i < HARD_SERVER_LIMIT; ++i) {
-	ap_rputc(stat_buffer[i], r);
-	if ((i % STATUS_MAXLINE == (STATUS_MAXLINE - 1)) && !short_report)
-	    ap_rputs("\n", r);
-    }
-
-    if (short_report)
-	ap_rputs("\n", r);
-    else {
-	ap_rputs("
    \n", r);
-	ap_rputs("Scoreboard Key: 
    \n", r);
-	ap_rputs("\"_\" Waiting for Connection, \n", r);
-	ap_rputs("\"S\" Starting up, \n", r);
-	ap_rputs("\"R\" Reading Request,
    \n", r);
-	ap_rputs("\"W\" Sending Reply, \n", r);
-	ap_rputs("\"K\" Keepalive (read), \n", r);
-	ap_rputs("\"D\" DNS Lookup,
    \n", r);
-	ap_rputs("\"L\" Logging, \n", r);
-	ap_rputs("\"G\" Gracefully finishing, \n", r);
-	ap_rputs("\".\" Open slot with no current process
    \n", r);
-	ap_rputs("
    \n", r);
-	if (!ap_extended_status) {
-	    int j = 0;
-	    ap_rputs("PID Key: 
    \n", r);
-	    ap_rputs("
    \n", r);
-	    for (i = 0; i < HARD_SERVER_LIMIT; ++i) {
-		if (stat_buffer[i] != '.') {
-		    ap_rprintf(r, "   %d in state: %c ", pid_buffer[i],
-		     stat_buffer[i]);
-		    if (++j >= 3) {
-		    	ap_rputs("\n", r);
-			j = 0;
-		    } else
-		    	ap_rputs(",", r);
-		}
-	    }
-	    ap_rputs("\n", r);
-	    ap_rputs("
    \n", r);
-	}
-    }
-
-    if (ap_extended_status) {
-	if (!short_report) {
-	    if (no_table_report)
-		ap_rputs("
    Server Details
    \n\n", r);
-	    else
-#ifndef NO_PRETTYPRINT
-		ap_rputs("
    \n\n"
-			""
-			""
-			""
-			""
-			""
-			""
-			""
-			""
-			""
-			""
-			""
-			""
-			""
-			""
-			"\n", r);      
-#else /* NO_PRETTYPRINT */
-		ap_rputs("
    \n\n
    SrvPIDAccMCPUSSReqConnChildSlotHostVHostRequest
    \n\n", r);
-#endif /* NO_PRETTYPRINT */
-	}
-
-	for (i = 0; i < HARD_SERVER_LIMIT; ++i) {
-	    score_record = ap_scoreboard_image->servers[i];
-	    ps_record = ap_scoreboard_image->parent[i];
-	    vhost = score_record.vhostrec;
-	    if (ps_record.generation != ap_my_generation) {
-		vhost = NULL;
-	    }
-
-	    if (score_record.start_time.tv_sec == 0L &&
-		score_record.start_time.tv_usec == 0L)
-		req_time = 0L;
-	    else
-		req_time =
-		    ((score_record.stop_time.tv_sec - score_record.start_time.tv_sec) * 1000) +
-		    ((score_record.stop_time.tv_usec - score_record.start_time.tv_usec) / 1000);
-	    if (req_time < 0L)
-		req_time = 0L;
-
-	    lres = score_record.access_count;
-	    my_lres = score_record.my_access_count;
-	    conn_lres = score_record.conn_count;
-	    bytes = score_record.bytes_served;
-	    my_bytes = score_record.my_bytes_served;
-	    conn_bytes = score_record.conn_bytes;
-	    if (lres != 0 || (score_record.status != SERVER_READY
-			      && score_record.status != SERVER_DEAD)) {
-		if (!short_report) {
-		    if (no_table_report) {
-			if (score_record.status == SERVER_DEAD)
-			    ap_rprintf(r,
-				"Server %d-%d (-): %d|%lu|%lu [",
-				i, (int) ps_record.generation, (int) conn_lres,
-				my_lres, lres);
-			else
-			    ap_rprintf(r,
-				"Server %d-%d (%d): %d|%lu|%lu [",
-				i, (int) ps_record.generation,
-				(int) ps_record.pid,
-				(int) conn_lres, my_lres, lres);
-
-			switch (score_record.status) {
-			case SERVER_READY:
-			    ap_rputs("Ready", r);
-			    break;
-			case SERVER_STARTING:
-			    ap_rputs("Starting", r);
-			    break;
-			case SERVER_BUSY_READ:
-			    ap_rputs("Read", r);
-			    break;
-			case SERVER_BUSY_WRITE:
-			    ap_rputs("Write", r);
-			    break;
-			case SERVER_BUSY_KEEPALIVE:
-			    ap_rputs("Keepalive", r);
-			    break;
-			case SERVER_BUSY_LOG:
-			    ap_rputs("Logging", r);
-			    break;
-			case SERVER_BUSY_DNS:
-			    ap_rputs("DNS lookup", r);
-			    break;
-			case SERVER_DEAD:
-			    ap_rputs("Dead", r);
-			    break;
-			case SERVER_GRACEFUL:
-			    ap_rputs("Graceful", r);
-			    break;
-			default:
-			    ap_rputs("?STATE?", r);
-			    break;
-			}
-
-			ap_rprintf(r, "] u%g s%g cu%g cs%g\n %.0f %ld (",
-			    score_record.times.tms_utime / tick,
-			    score_record.times.tms_stime / tick,
-			    score_record.times.tms_cutime / tick,
-			    score_record.times.tms_cstime / tick,
-			    difftime(nowtime, ps_record.last_rtime),
-			    (long) req_time);
-			format_byte_out(r, conn_bytes);
-			ap_rputs("|", r);
-			format_byte_out(r, my_bytes);
-			ap_rputs("|", r);
-			format_byte_out(r, bytes);
-			ap_rputs(")\n", r);
-			ap_rprintf(r, " %s {%s}[%s]
    \n\n",
-			    ap_escape_html(r->pool, score_record.client),
-                                   ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)),
-			    vhost ? ap_escape_html(r->pool, 
-				vhost->server_hostname) : "(unavailable)");
-		    }
-		    else {		/* !no_table_report */
-#ifndef NO_PRETTYPRINT
-			ap_rprintf(r,"");
-#else
-			ap_rprintf(r,"");
-#endif
-			if (score_record.status == SERVER_DEAD)
-			    ap_rprintf(r,
-				"\n\n");
-			else
-#ifndef NO_PRETTYPRINT
-			    ap_rprintf(r,
-			     "\n\n",
-			     score_record.client,
-			     vhost ? vhost->server_hostname : "(unavailable)",
-			     ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)));
-#else
-			    ap_rprintf(r,
-			     "\n\n",
-			     ap_escape_html(r->pool, score_record.client),
-			     vhost ? ap_escape_html(r->pool, 
-				vhost->server_hostname) : "(unavailable)",
-			     ap_escape_html(r->pool, ap_escape_logitem(r->pool, score_record.request)));
-#endif
-		    }		/* no_table_report */
-		}			/* !short_report */
-	    }			/* if () */
-	}				/* for () */
-
-	if (!(short_report || no_table_report)) {
-	    ap_rputs("
    SrvPIDAccMCPU\nSSReqConnChildSlotClientVHostRequest
     
    %d-%d-%d/%lu/%lu",
-				i, (int) ps_record.generation,
-				(int) conn_lres, my_lres, lres);
-			else
-			    ap_rprintf(r,
-				"%d-%d%d%d/%lu/%lu",
-				i, (int) ps_record.generation,
-				(int) ps_record.pid, (int) conn_lres,
-				my_lres, lres);
-
-			switch (score_record.status) {
-			case SERVER_READY:
-			    ap_rputs("_", r);
-			    break;
-			case SERVER_STARTING:
-			    ap_rputs("S", r);
-			    break;
-			case SERVER_BUSY_READ:
-			    ap_rputs("R", r);
-			    break;
-			case SERVER_BUSY_WRITE:
-			    ap_rputs("W", r);
-			    break;
-			case SERVER_BUSY_KEEPALIVE:
-			    ap_rputs("K", r);
-			    break;
-			case SERVER_BUSY_LOG:
-			    ap_rputs("L", r);
-			    break;
-			case SERVER_BUSY_DNS:
-			    ap_rputs("D", r);
-			    break;
-			case SERVER_DEAD:
-			    ap_rputs(".", r);
-			    break;
-			case SERVER_GRACEFUL:
-			    ap_rputs("G", r);
-			    break;
-			default:
-			    ap_rputs("?", r);
-			    break;
-			}
-			ap_rprintf(r, "\n%.2f%.0f%ld",
-			    (score_record.times.tms_utime +
-			     score_record.times.tms_stime +
-			     score_record.times.tms_cutime +
-			     score_record.times.tms_cstime) / tick,
-			    difftime(nowtime, ps_record.last_rtime),
-			    (long) req_time);
-			ap_rprintf(r, "%-1.1f%-2.2f%-2.2f\n",
-			   (float) conn_bytes / KBYTE, (float) my_bytes / MBYTE,
-			    (float) bytes / MBYTE);
-			if (score_record.status == SERVER_BUSY_READ)
-			    ap_rprintf(r,
-			     "??..reading.. 
    %s"
-			     "%s"
-			     "%s"
-			     "
    %s%s%s
    \n \
-
     \
-\n \
-
    SrvChild Server number - generation\n \
-
    PIDOS process ID\n \
-
    AccNumber of accesses this connection / this child / this slot\n \
-
    MMode of operation\n \
-
    CPUCPU usage, number of seconds\n \
-
    SSSeconds since beginning of most recent request\n \
-
    ReqMilliseconds required to process most recent request\n \
-
    ConnKilobytes transferred this connection\n \
-
    ChildMegabytes transferred this child\n \
-
    SlotTotal megabytes transferred this slot\n \
-
    \n", r);
-	}
-
-    ap_hook_use("ap::mod_status::display",
-                AP_HOOK_SIG4(void,ptr,int,int), AP_HOOK_ALL,
-                r, no_table_report, short_report);
-
-    } else {
-
-	if (!short_report) {
-	    ap_rputs("
    To obtain a full report with current status information ", r);
-	    ap_rputs("you need to use the ExtendedStatus On directive. \n", r);
-	}
-
-    }
-
-    if (!short_report) {
-	ap_rputs(ap_psignature("
    \n",r), r);
-	ap_rputs("\n", r);
-    }
-
-    ap_kill_timeout(r);
-    return 0;
-}
-
-
-static void status_init(server_rec *s, pool *p)
-{
-    status_flags[SERVER_DEAD] = '.';	/* We don't want to assume these are in */
-    status_flags[SERVER_READY] = '_';	/* any particular order in scoreboard.h */
-    status_flags[SERVER_STARTING] = 'S';
-    status_flags[SERVER_BUSY_READ] = 'R';
-    status_flags[SERVER_BUSY_WRITE] = 'W';
-    status_flags[SERVER_BUSY_KEEPALIVE] = 'K';
-    status_flags[SERVER_BUSY_LOG] = 'L';
-    status_flags[SERVER_BUSY_DNS] = 'D';
-    status_flags[SERVER_GRACEFUL] = 'G';
-}
-
-static const handler_rec status_handlers[] =
-{
-    {STATUS_MAGIC_TYPE, status_handler},
-    {"server-status", status_handler},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT status_module =
-{
-    STANDARD_MODULE_STUFF,
-    status_init,		/* initializer */
-    NULL,			/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    NULL,			/* server config */
-    NULL,			/* merge server config */
-    status_module_cmds,		/* command table */
-    status_handlers,		/* handlers */
-    NULL,			/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_unique_id.c b/usr.sbin/httpd/src/modules/standard/mod_unique_id.c
deleted file mode 100644
index 044cb5012dd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_unique_id.c
+++ /dev/null
@@ -1,448 +0,0 @@
-/*	$OpenBSD: mod_unique_id.c,v 1.12 2009/06/21 00:38:22 martynas Exp $	*/
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_unique_id.c: generate a unique identifier for each request
- *
- * Original author: Dean Gaudet 
- * UUencoding modified by: Alvaro Martinez Echevarria 
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_log.h"
-#include "multithread.h"
-
-typedef struct {
-    unsigned int stamp;
-    union {
-      uint32_t     in;
-#ifdef SHORT_UNIQUE_ID
-      uint32_t     in6;
-#else
-      struct in6_addr in6;
-#endif
-    } addr;
-    unsigned int pid;
-    unsigned short counter;
-} unique_id_rec;
-
-/* Comments:
- *
- * We want an identifier which is unique across all hits, everywhere.
- * "everywhere" includes multiple httpd instances on the same machine, or on
- * multiple machines.  Essentially "everywhere" should include all possible
- * httpds across all servers at a particular "site".  We make some assumptions
- * that if the site has a cluster of machines then their time is relatively
- * synchronized.  We also assume that the first address returned by a
- * gethostbyname (gethostname()) is unique across all the machines at the
- * "site".
- *
- * We also further assume that pids fit in 32-bits.  If something uses more
- * than 32-bits, the fix is trivial, but it requires the unrolled uuencoding
- * loop to be extended.
- *
- * Together, the in_addr and pid are assumed to absolutely uniquely identify
- * this one child from all other currently running children on all servers
- * (including this physical server if it is running multiple httpds) from each
- * other.
- *
- * The stamp and counter are used to distinguish all hits for a particular
- * (in_addr,pid) pair.  The stamp is updated using r->request_time,
- * saving cpu cycles.  The counter is never reset, and is used to permit up to
- * 64k requests in a single second by a single child.
- *
- * The 112-bits of unique_id_rec are encoded using the alphabet
- * [A-Za-z0-9@-], resulting in 19 bytes of printable characters.  That is then
- * stuffed into the environment variable UNIQUE_ID so that it is available to
- * other modules.  The alphabet choice differs from normal base64 encoding
- * [A-Za-z0-9+/] because + and / are special characters in URLs and we want to
- * make it easy to use UNIQUE_ID in URLs.
- *
- * Note that UNIQUE_ID should be considered an opaque token by other
- * applications.  No attempt should be made to dissect its internal components.
- * It is an abstraction that may change in the future as the needs of this
- * module change.
- *
- * It is highly desirable that identifiers exist for "eternity".  But future
- * needs (such as much faster webservers, moving to 64-bit pids, or moving to a
- * multithreaded server) may dictate a need to change the contents of
- * unique_id_rec.  Such a future implementation should ensure that the first
- * field is still a time_t stamp.  By doing that, it is possible for a site to
- * have a "flag second" in which they stop all of their old-format servers,
- * wait one entire second, and then start all of their new-servers.  This
- * procedure will ensure that the new space of identifiers is completely unique
- * from the old space.  (Since the first four unencoded bytes always differ.)
- */
-/*
- * Sun Jun  7 05:43:49 CEST 1998 -- Alvaro
- * More comments:
- * 1) The UUencoding prodecure is now done in a general way, avoiding
- * the problems with sizes and paddings that can arise depending on
- * the architecture. Now the offsets and sizes of the elements of the
- * unique_id_rec structure are calculated in unique_id_global_init;
- * and then used to duplicate the structure without the paddings that
- * might exist. The multithreaded server fix should be now very easy:
- * just add a new "tid" field to the unique_id_rec structure, and
- * increase by one UNIQUE_ID_REC_MAX.
- * 2) unique_id_rec.stamp has been changed from "time_t" to
- * "unsigned int", because its size is 64bits on some platforms
- * (linux/alpha), and this caused problems with htonl/ntohl. Well,
- * this shouldn't be a problem till year 2106.
- */
-
-static struct sockaddr_storage global_addr;
-
-
-/* Even when not MULTITHREAD, this will return a single structure, since
- * APACHE_TLS should be defined as empty on single-threaded platforms.
- */
-static unique_id_rec* get_cur_unique_id(int parent)
-{
-    static APACHE_TLS unique_id_rec spcid;
-    return &spcid;
-}
-
-
-/*
- * Number of elements in the structure unique_id_rec.
- */
-#define UNIQUE_ID_REC_MAX 4
-
-static unsigned short unique_id_rec_offset[UNIQUE_ID_REC_MAX],
-                      unique_id_rec_size[UNIQUE_ID_REC_MAX],
-                      unique_id_rec_total_size,
-                      unique_id_rec_size_uu;
-
-static void unique_id_global_init(server_rec *s, pool *p)
-{
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 256
-#endif
-    char str[MAXHOSTNAMELEN + 1];
-    struct addrinfo hints, *res, *res0;
-    int error;
-    struct timeval tv;
-    unique_id_rec *cur_unique_id = get_cur_unique_id(1);
-
-    /*
-     * Calculate the sizes and offsets in cur_unique_id.
-     */
-    unique_id_rec_offset[0] = XtOffsetOf(unique_id_rec, stamp);
-    unique_id_rec_size[0] = sizeof(cur_unique_id->stamp);
-    unique_id_rec_offset[1] = XtOffsetOf(unique_id_rec, addr);
-    unique_id_rec_size[1] = sizeof(cur_unique_id->addr);
-    unique_id_rec_offset[2] = XtOffsetOf(unique_id_rec, pid);
-    unique_id_rec_size[2] = sizeof(cur_unique_id->pid);
-    unique_id_rec_offset[3] = XtOffsetOf(unique_id_rec, counter);
-    unique_id_rec_size[3] = sizeof(cur_unique_id->counter);
-    unique_id_rec_total_size = unique_id_rec_size[0] + unique_id_rec_size[1]
-                             + unique_id_rec_size[2] + unique_id_rec_size[3];
-
-    /*
-     * Calculate the size of the structure when encoded.
-     */
-    unique_id_rec_size_uu = (unique_id_rec_total_size*8+5)/6;
-
-    /*
-     * Now get the global in_addr.  Note that it is not sufficient to use one
-     * of the addresses from the main_server, since those aren't as likely to
-     * be unique as the physical address of the machine
-     */
-    if (gethostname(str, sizeof(str) - 1) != 0) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, s,
-		     "gethostname: mod_unique_id requires the "
-		     "hostname of the server");
-        exit(1);
-    }
-    str[sizeof(str) - 1] = '\0';
-
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = PF_UNSPEC;
-    error = getaddrinfo(str, NULL, &hints, &res0);
-    if (error) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, s,
-                     "mod_unique_id: getaddrinfo failed for \"%s\" (%s)", str,
-		     gai_strerror(error));
-        exit(1);
-    }
-
-    error = 1;
-    for (res = res0; res; res = res->ai_next) {
-	switch (res->ai_family) {
-	case AF_INET:
-	case AF_INET6:
-	    memcpy(&global_addr, res->ai_addr, res->ai_addrlen);
-	    error = 0;
-	    break;
-	}
-    }
-    freeaddrinfo(res0);
-    if (error) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ALERT, s,
-                    "mod_unique_id: no known AF found for \"%s\"", str);
-        exit(1);
-    }
-
-    getnameinfo((struct sockaddr *)&global_addr,
-	global_addr.ss_len,
-	str, sizeof(str), NULL, 0, NI_NUMERICHOST);
-    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, s,
-                 "mod_unique_id: using ip addr %s", str);
-
-    /*
-     * If the server is pummelled with restart requests we could possibly end
-     * up in a situation where we're starting again during the same second
-     * that has been used in previous identifiers.  Avoid that situation.
-     * 
-     * In truth, for this to actually happen not only would it have to restart
-     * in the same second, but it would have to somehow get the same pids as
-     * one of the other servers that was running in that second. Which would
-     * mean a 64k wraparound on pids ... not very likely at all.
-     * 
-     * But protecting against it is relatively cheap.  We just sleep into the
-     * next second.
-     */
-    if (gettimeofday(&tv, NULL) == -1) {
-        sleep(1);
-    }
-    else if (tv.tv_usec) {
-        tv.tv_sec = 0;
-        tv.tv_usec = 1000000 - tv.tv_usec;
-        select(0, NULL, NULL, NULL, &tv);
-    }
-}
-
-static void unique_id_child_init(server_rec *s, pool *p)
-{
-    pid_t pid;
-    struct timeval tv;
-    unique_id_rec *cur_unique_id = get_cur_unique_id(1);
-
-    /*
-     * Note that we use the pid because it's possible that on the same
-     * physical machine there are multiple servers (i.e. using Listen). But
-     * it's guaranteed that none of them will share the same pids between
-     * children.
-     */
-    pid = getpid();
-    cur_unique_id->pid = pid;
-
-    /*
-     * Test our assumption that the pid is 32-bits.  It's possible that
-     * 64-bit machines will declare pid_t to be 64 bits but only use 32
-     * of them.  It would have been really nice to test this during
-     * global_init ... but oh well.
-     */
-    if ((pid_t)cur_unique_id->pid != pid) {
-        ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_CRIT, s,
-		     "oh no! pids are greater than 32-bits!  I'm broken!");
-    }
-
-    memset(&cur_unique_id->addr, 0, sizeof(cur_unique_id->addr));
-    switch (global_addr.ss_family) {
-    case AF_INET:
-      cur_unique_id->addr.in =
-          ((struct sockaddr_in *)&global_addr)->sin_addr.s_addr;
-      break;
-    case AF_INET6:
-#ifdef SHORT_UNIQUE_ID
-      cur_unique_id->addr.in6 =
-          ((struct sockaddr_in6 *)&global_addr)->sin6_addr.s6_addr32[3];
-#else
-      cur_unique_id->addr.in6 =
-          ((struct sockaddr_in6 *)&global_addr)->sin6_addr;
-#endif
-      break;
-    }
-
-    /*
-     * If we use 0 as the initial counter we have a little less protection
-     * against restart problems, and a little less protection against a clock
-     * going backwards in time.
-     */
-    if (gettimeofday(&tv, NULL) == -1) {
-        cur_unique_id->counter = 0;
-    }
-    else {
-	/* Some systems have very low variance on the low end of their
-	 * system counter, defend against that.
-	 */
-        cur_unique_id->counter = tv.tv_usec / 10;
-    }
-
-    /*
-     * We must always use network ordering for these bytes, so that
-     * identifiers are comparable between machines of different byte
-     * orderings.  Note in_addr is already in network order.
-     */
-    cur_unique_id->pid = htonl(cur_unique_id->pid);
-    cur_unique_id->counter = htons(cur_unique_id->counter);
-}
-
-/* NOTE: This is *NOT* the same encoding used by base64encode ... the last two
- * characters should be + and /.  But those two characters have very special
- * meanings in URLs, and we want to make it easy to use identifiers in
- * URLs.  So we replace them with @ and -.
- */
-static const char uuencoder[64] = {
-    'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
-    'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
-    'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
-    'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
-    '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '@', '-',
-};
-
-static int gen_unique_id(request_rec *r)
-{
-    char *str;
-    /*
-     * Buffer padded with two final bytes, used to copy the unique_id_red
-     * structure without the internal paddings that it could have.
-     */
-    struct {
-	unique_id_rec foo;
-	unsigned char pad[2];
-    } paddedbuf;
-    unsigned char *x,*y;
-    unsigned short counter;
-    const char *e;
-    int i,j,k;
-    unique_id_rec *cur_unique_id = get_cur_unique_id(0);
-
-    /* copy the unique_id if this is an internal redirect (we're never
-     * actually called for sub requests, so we don't need to test for
-     * them) */
-    if (r->prev
-	&& (e = ap_table_get(r->subprocess_env, "REDIRECT_UNIQUE_ID"))) {
-	ap_table_setn(r->subprocess_env, "UNIQUE_ID", e);
-	return DECLINED;
-    }
-
-    cur_unique_id->stamp = htonl((unsigned int)r->request_time);
-
-    /* we'll use a temporal buffer to avoid uuencoding the possible internal
-     * paddings of the original structure
-     */
-    x = (unsigned char *) &paddedbuf;
-    y = (unsigned char *) cur_unique_id;
-    k = 0;
-    for (i = 0; i < UNIQUE_ID_REC_MAX; i++) {
-        y = ((unsigned char *) cur_unique_id) + unique_id_rec_offset[i];
-        for (j = 0; j < unique_id_rec_size[i]; j++, k++) {
-            x[k] = y[j];
-        }
-    }
-    /*
-     * We reset two more bytes just in case padding is needed for
-     * the uuencoding.
-     */
-    x[k++] = '\0';
-    x[k++] = '\0';
-    
-    /* alloc str and do the uuencoding */
-    str = (char *)ap_palloc(r->pool, unique_id_rec_size_uu + 1);
-    k = 0;
-    for (i = 0; i < unique_id_rec_total_size; i += 3) {
-        y = x + i;
-        str[k++] = uuencoder[y[0] >> 2];
-        str[k++] = uuencoder[((y[0] & 0x03) << 4) | ((y[1] & 0xf0) >> 4)];
-        if (k == unique_id_rec_size_uu) {
-	    break;
-	}
-        str[k++] = uuencoder[((y[1] & 0x0f) << 2) | ((y[2] & 0xc0) >> 6)];
-        if (k == unique_id_rec_size_uu) {
-	    break;
-	}
-        str[k++] = uuencoder[y[2] & 0x3f];
-    }
-    str[k++] = '\0';
-
-    /* set the environment variable */
-    ap_table_setn(r->subprocess_env, "UNIQUE_ID", str);
-
-    /* and increment the identifier for the next call */
-    counter = ntohs(cur_unique_id->counter) + 1;
-    cur_unique_id->counter = htons(counter);
-
-    return DECLINED;
-}
-
-module MODULE_VAR_EXPORT unique_id_module = {
-    STANDARD_MODULE_STUFF,
-    unique_id_global_init,      /* initializer */
-    NULL,                       /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    NULL,                       /* server config */
-    NULL,                       /* merge server configs */
-    NULL,                       /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    unique_id_child_init,       /* child_init */
-    NULL,                       /* child_exit */
-    gen_unique_id               /* post_read_request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_userdir.c b/usr.sbin/httpd/src/modules/standard/mod_userdir.c
deleted file mode 100644
index 100da1446a3..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_userdir.c
+++ /dev/null
@@ -1,381 +0,0 @@
-/*	$OpenBSD: mod_userdir.c,v 1.12 2004/12/02 19:42:48 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_userdir... implement the UserDir command.  Broken away from the
- * Alias stuff for a couple of good and not-so-good reasons:
- *
- * 1) It shows a real minimal working example of how to do something like
- *    this.
- * 2) I know people who are actually interested in changing this *particular*
- *    aspect of server functionality without changing the rest of it.  That's
- *    what this whole modular arrangement is supposed to be good at...
- *
- * Modified by Alexei Kosut to support the following constructs
- * (server running at www.foo.com, request for /~bar/one/two.html)
- *
- * UserDir public_html      -> ~bar/public_html/one/two.html
- * UserDir /usr/web         -> /usr/web/bar/one/two.html
- * UserDir /home/ * /www     -> /home/bar/www/one/two.html
- *  NOTE: theses ^ ^ space only added allow it to work in a comment, ignore
- * UserDir http://x/users   -> (302) http://x/users/bar/one/two.html
- * UserDir http://x/ * /y     -> (302) http://x/bar/y/one/two.html
- *  NOTE: here also ^ ^
- *
- * In addition, you can use multiple entries, to specify alternate
- * user directories (a la Directory Index). For example:
- *
- * UserDir public_html /usr/web http://www.xyz.com/users
- *
- * Modified by Ken Coar to provide for the following:
- *
- * UserDir disable[d] username ...
- * UserDir enable[d] username ...
- *
- * If "disabled" has no other arguments, *all* ~ references are
- * disabled, except those explicitly turned on with the "enabled" keyword.
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_main.h"
-
-module userdir_module;
-
-typedef struct userdir_config {
-    int globally_disabled;
-    char *userdir;
-    table *enabled_users;
-    table *disabled_users;
-} userdir_config;
-
-/*
- * Server config for this module: global disablement flag, a list of usernames
- * ineligible for UserDir access, a list of those immune to global (but not
- * explicit) disablement, and the replacement string for all others.
- */
-
-static void *create_userdir_config(pool *p, server_rec *s)
-{
-    userdir_config *newcfg;
-
-    newcfg = (userdir_config *) ap_pcalloc(p, sizeof(userdir_config));
-    newcfg->globally_disabled = 0;
-    newcfg->userdir = DEFAULT_USER_DIR;
-    newcfg->enabled_users = ap_make_table(p, 4);
-    newcfg->disabled_users = ap_make_table(p, 4);
-    return (void *) newcfg;
-}
-
-#define O_DEFAULT 0
-#define O_ENABLE 1
-#define O_DISABLE 2
-
-static const char *set_user_dir(cmd_parms *cmd, void *dummy, char *arg)
-{
-    userdir_config *s_cfg;
-    char *username;
-    const char *usernames = arg;
-    char *kw = ap_getword_conf(cmd->pool, &usernames);
-    table *usertable;
-
-    s_cfg = (userdir_config *) ap_get_module_config(cmd->server->module_config,
-                                                    &userdir_module);
-    /*
-     * Let's do the comparisons once.
-     */
-    if ((!strcasecmp(kw, "disable")) || (!strcasecmp(kw, "disabled"))) {
-        /*
-         * If there are no usernames specified, this is a global disable - we
-         * need do no more at this point than record the fact.
-         */
-        if (strlen(usernames) == 0) {
-            s_cfg->globally_disabled = 1;
-            return NULL;
-        }
-        usertable = s_cfg->disabled_users;
-    }
-    else if ((!strcasecmp(kw, "enable")) || (!strcasecmp(kw, "enabled"))) {
-        /*
-         * The "disable" keyword can stand alone or take a list of names, but
-         * the "enable" keyword requires the list.  Whinge if it doesn't have
-         * it.
-         */
-        if (strlen(usernames) == 0) {
-            return "UserDir \"enable\" keyword requires a list of usernames";
-        }
-        usertable = s_cfg->enabled_users;
-    }
-    else {
-        /*
-         * If the first (only?) value isn't one of our keywords, look at each
-         * config 'word' for validity and copy the entire arg to the userdir 
-         * if all paths are valid.
-         */
-        const char *userdirs = arg;
-        while (*userdirs) {
-            char *thisdir = ap_getword_conf(cmd->pool, &userdirs);
-            if (!ap_os_is_path_absolute(thisdir) && !strchr(thisdir, ':')) {
-                if (strchr(thisdir, '*')) {
-                     return "UserDir cannot specify '*' substitution within "
-                            "a relative path";
-                }
-            }
-        }
-        s_cfg->userdir = ap_pstrdup(cmd->pool, arg);
-        ap_server_strip_chroot(s_cfg->userdir, 1);
-        return NULL;
-    }
-    /*
-     * Now we just take each word in turn from the command line and add it to
-     * the appropriate table.
-     */
-    while (*usernames) {
-        username = ap_getword_conf(cmd->pool, &usernames);
-        ap_table_setn(usertable, username, kw);
-    }
-    return NULL;
-}
-
-static const command_rec userdir_cmds[] =
-{
-    {"UserDir", set_user_dir, NULL, RSRC_CONF, RAW_ARGS,
-     "the public subdirectory in users' home directories, or "
-     "'disabled', or 'disabled username username...', or "
-     "'enabled username username...'"},
-    {NULL}
-};
-
-static int translate_userdir(request_rec *r)
-{
-    void *server_conf = r->server->module_config;
-    const userdir_config *s_cfg =
-    (userdir_config *) ap_get_module_config(server_conf, &userdir_module);
-    char *name = r->uri;
-    const char *userdirs = s_cfg->userdir;
-    const char *w, *dname;
-    char *redirect;
-    struct stat statbuf;
-
-    /*
-     * If the URI doesn't match our basic pattern, we've nothing to do with
-     * it.
-     */
-    if ((s_cfg->userdir == NULL)
-        || (name[0] != '/')
-        || (name[1] != '~')) {
-        return DECLINED;
-    }
-
-    dname = name + 2;
-    w = ap_getword(r->pool, &dname, '/');
-
-    /*
-     * The 'dname' funny business involves backing it up to capture the '/'
-     * delimiting the "/~user" part from the rest of the URL, in case there
-     * was one (the case where there wasn't being just "GET /~user HTTP/1.0",
-     * for which we don't want to tack on a '/' onto the filename).
-     */
-
-    if (dname[-1] == '/') {
-        --dname;
-    }
-
-    /*
-     * If there's no username, it's not for us.  Ignore . and .. as well.
-     */
-    if ((w[0] == '\0')
-        || ((w[1] == '.')
-            && ((w[2] == '\0')
-                || ((w[2] == '.') && (w[3] == '\0'))))) {
-        return DECLINED;
-    }
-    /*
-     * Nor if there's an username but it's in the disabled list.
-     */
-    if (ap_table_get(s_cfg->disabled_users, w) != NULL) {
-        return DECLINED;
-    }
-    /*
-     * If there's a global interdiction on UserDirs, check to see if this
-     * name is one of the Blessed.
-     */
-    if (s_cfg->globally_disabled
-        && (ap_table_get(s_cfg->enabled_users, w) == NULL)) {
-        return DECLINED;
-    }
-
-    /*
-     * Special cases all checked, onward to normal substitution processing.
-     */
-
-    while (*userdirs) {
-        const char *userdir = ap_getword_conf(r->pool, &userdirs);
-        char *filename = NULL;
-        int is_absolute = ap_os_is_path_absolute(userdir);
-
-        if (strchr(userdir, '*')) {
-            /* token '*' embedded:
-             */
-            char *x = ap_getword(r->pool, &userdir, '*');
-            if (is_absolute) {
-                /* token '*' within absolute path
-                 * serves [UserDir arg-pre*][user][UserDir arg-post*]
-                 * /somepath/ * /somedir + /~smith -> /somepath/smith/somedir
-                 */
-                filename = ap_pstrcat(r->pool, x, w, userdir, NULL);
-            }
-            else if (strchr(x, ':')) {
-                /* token '*' within a redirect path
-                 * serves [UserDir arg-pre*][user][UserDir arg-post*]
-                 * http://server/user/ * + /~smith/foo ->
-                 *   http://server/user/smith/foo
-                 */
-                redirect = ap_pstrcat(r->pool, x, w, userdir, dname, NULL);
-                ap_table_setn(r->headers_out, "Location", redirect);
-                return REDIRECT;
-            }
-            else {
-                /* Not a redirect, not an absolute path, '*' token:
-                 * serves [homedir]/[UserDir arg]
-                 * something/ * /public_html
-                 * Shouldn't happen, we trap for this in set_user_dir
-                 */
-                return DECLINED;
-            }
-        }
-        else if (is_absolute) {
-            /* An absolute path, no * token:
-             * serves [UserDir arg]/[user]
-             * /home + /~smith -> /home/smith
-             */
-            if (userdir[strlen(userdir) - 1] == '/')
-                filename = ap_pstrcat(r->pool, userdir, w, NULL);
-            else
-                filename = ap_pstrcat(r->pool, userdir, "/", w, NULL);
-        }
-        else if (strchr(userdir, ':')) {
-            /* A redirect, not an absolute path, no * token:
-             * serves [UserDir arg]/[user][dname]
-             * http://server/ + /~smith/foo -> http://server/smith/foo
-             */
-            if (userdir[strlen(userdir) - 1] == '/') {
-                redirect = ap_pstrcat(r->pool, userdir, w, dname, NULL);
-            }
-            else {
-                redirect = ap_pstrcat(r->pool, userdir, "/", w, dname, NULL);
-            }
-            ap_table_setn(r->headers_out, "Location", redirect);
-            return REDIRECT;
-        }
-        else {
-            /* Not a redirect, not an absolute path, no * token:
-             * serves [homedir]/[UserDir arg]
-             * e.g. /~smith -> /home/smith/public_html
-             */
-            struct passwd *pw;
-            if ((pw = getpwnam(w))) {
-                filename = ap_pstrcat(r->pool, pw->pw_dir, "/",
-                                      userdir, NULL);
-            }
-        }
-
-        /*
-         * Now see if it exists, or we're at the last entry. If we are at the
-         * last entry, then use the filename generated (if there is one)
-         * anyway, in the hope that some handler might handle it. This can be
-         * used, for example, to run a CGI script for the user.
-         */
-        if (filename && (!*userdirs || stat(filename, &statbuf) != -1)) {
-            r->filename = ap_pstrcat(r->pool, filename, dname, NULL);
-	    /* when statbuf contains info on r->filename we can save a syscall
-	     * by copying it to r->finfo
-	     */
-	    if (*userdirs && dname[0] == 0) {
-		r->finfo = statbuf;
-            }
-            return OK;
-        }
-    }
-
-    return DECLINED;
-}
-
-module userdir_module = {
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    NULL,                       /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    create_userdir_config,      /* server config */
-    NULL,                       /* merge server config */
-    userdir_cmds,               /* command table */
-    NULL,                       /* handlers */
-    translate_userdir,          /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    NULL,                       /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
diff --git a/usr.sbin/httpd/src/modules/standard/mod_usertrack.c b/usr.sbin/httpd/src/modules/standard/mod_usertrack.c
deleted file mode 100644
index 7dd6f193bba..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_usertrack.c
+++ /dev/null
@@ -1,577 +0,0 @@
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/* User Tracking Module (Was mod_cookies.c)
- *
- * *** IMPORTANT NOTE: This module is not designed to generate 
- * *** cryptographically secure cookies.  This means you should not 
- * *** use cookies generated by this module for authentication purposes
- *
- * This Apache module is designed to track users paths through a site.
- * It uses the client-side state ("Cookie") protocol developed by Netscape.
- * It is known to work on most browsers.
- *
- * Each time a page is requested we look to see if the browser is sending
- * us a Cookie: header that we previously generated.
- *
- * If we don't find one then the user hasn't been to this site since
- * starting their browser or their browser doesn't support cookies.  So
- * we generate a unique Cookie for the transaction and send it back to
- * the browser (via a "Set-Cookie" header)
- * Future requests from the same browser should keep the same Cookie line.
- *
- * By matching up all the requests with the same cookie you can
- * work out exactly what path a user took through your site.  To log
- * the cookie use the " %{Cookie}n " directive in a custom access log;
- *
- * Example 1 : If you currently use the standard Log file format (CLF)
- * and use the command "TransferLog somefilename", add the line
- *       LogFormat "%h %l %u %t \"%r\" %s %b %{Cookie}n"
- * to your config file.
- *
- * Example 2 : If you used to use the old "CookieLog" directive, you
- * can emulate it by adding the following command to your config file
- *       CustomLog filename "%{Cookie}n \"%r\" %t"
- *
- * Mark Cox, mjc@apache.org, 6 July 95
- *
- * This file replaces mod_cookies.c
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include 
-
-module MODULE_VAR_EXPORT usertrack_module;
-
-typedef struct {
-    int always;
-    time_t expires;
-} cookie_log_state;
-
-typedef enum {
-    CT_UNSET,
-    CT_NETSCAPE,
-    CT_COOKIE,
-    CT_COOKIE2
-} cookie_type_e;
-
-typedef enum {
-    CF_NORMAL,
-    CF_COMPACT
-} cookie_format_e;
-
-typedef struct {
-    int enabled;
-    cookie_type_e style;
-    cookie_format_e format;
-    char *cookie_name;
-    char *cookie_domain;
-    char *prefix_string;
-    char *regexp_string;  /* used to compile regexp; save for debugging */
-    regex_t *regexp;  /* used to find usertrack cookie in cookie header */
-} cookie_dir_rec;
-
-/* Define this to allow post-2000 cookies. Cookies use two-digit dates,
- * so it might be dicey. (Netscape does it correctly, but others may not)
- */
-#define MILLENIAL_COOKIES
-
-/* Default name of the cookie
- */
-#define COOKIE_NAME "Apache"
-
-
-/* Make cookie id: Try to make something unique based on 
- * pid, time, and hostid, plus the user-configurable prefix.
- *
- */
-static char * make_cookie_id(char * buffer, int bufsize, request_rec *r,
-                             cookie_format_e cformat)
-{
-    struct timeval tv;
-    struct timezone tz = {0, 0};
-    char hbuf[NI_MAXHOST];
-    const char *rname;
-    cookie_dir_rec *dcfg;
-
-    long reqtime = (long) r->request_time;
-    long clocktime;
-
-    getnameinfo((struct sockaddr *)&r->connection->remote_addr,
-        r->connection->remote_addr.ss_len,
-        hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST);
-
-    rname = ap_get_remote_host(r->connection, r->per_dir_config,
-					   REMOTE_NAME);
-    dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
-
-    gettimeofday(&tv, &tz);
-
-    reqtime = (long) tv.tv_sec;
-    if (cformat == CF_COMPACT)
-	clocktime = (long) (tv.tv_usec % 65535);
-    else
-	clocktime = (long) (tv.tv_usec / 1000);
-
-    if (cformat == CF_COMPACT)
-	ap_snprintf(buffer, bufsize, "%s%s%x%lx%lx", 
-		    dcfg->prefix_string, hbuf, (int) getpid(),
-                    reqtime, clocktime);
-    else
-	ap_snprintf(buffer, bufsize, "%s%s.%d%ld%ld", 
-		    dcfg->prefix_string, rname, (int) getpid(),
-                    reqtime, clocktime);
-
-    return buffer;
-}
-
-
-
-static void make_cookie(request_rec *r)
-{
-    cookie_log_state *cls = ap_get_module_config(r->server->module_config,
-						 &usertrack_module);
-
-    /* 1024 == hardcoded constant */
-    char cookiebuf[1024];
-    char *new_cookie;
-    cookie_dir_rec *dcfg;
-
-    dcfg = ap_get_module_config(r->per_dir_config, &usertrack_module);
-
-    make_cookie_id(cookiebuf, sizeof(cookiebuf), r, dcfg->format);
-
-    if (cls->expires) {
-        struct tm *tms;
-        time_t when;
-
-        when = cls->expires;
-        if ((dcfg->style == CT_UNSET) || (dcfg->style == CT_NETSCAPE)) {
-            when += r->request_time;
-
-#ifndef MILLENIAL_COOKIES
-        /*
-         * Only two-digit date string, so we can't trust "00" or more.
-         * Therefore, we knock it all back to just before midnight on
-         * 1/1/2000 (which is 946684799)
-         */
-
-        if (when > 946684799)
-            when = 946684799;
-#endif
-        }
-        tms = gmtime(&when);
-
-        /* Cookie with date; as strftime '%a, %d-%h-%y %H:%M:%S GMT' */
-        new_cookie = ap_psprintf(r->pool, "%s=%s; path=/",
-                                 dcfg->cookie_name, cookiebuf);
-        if ((dcfg->style == CT_UNSET) || (dcfg->style == CT_NETSCAPE)) {
-            new_cookie = ap_psprintf(r->pool, "%s; "
-                                     "expires=%s, %.2d-%s-%.2d "
-                                     "%.2d:%.2d:%.2d GMT",
-                                     new_cookie,
-                                     ap_day_snames[tms->tm_wday],
-                                     tms->tm_mday,
-                                     ap_month_snames[tms->tm_mon],
-                                     tms->tm_year % 100,
-                                     tms->tm_hour, tms->tm_min, tms->tm_sec);
-        }
-        else {
-            new_cookie = ap_psprintf(r->pool, "%s; max-age=%d",
-                                     new_cookie, (int) when);
-        }
-    }
-    else {
-	new_cookie = ap_psprintf(r->pool, "%s=%s; path=/",
-				 dcfg->cookie_name, cookiebuf);
-    }
-    if (dcfg->cookie_domain != NULL) {
-        new_cookie = ap_psprintf(r->pool, "%s; domain=%s",
-                                 new_cookie, dcfg->cookie_domain);
-    }
-    if (dcfg->style == CT_COOKIE2) {
-        new_cookie = ap_pstrcat(r->pool, new_cookie, "; version=1", NULL);
-    }
-
-    ap_table_setn(r->headers_out,
-                  (dcfg->style == CT_COOKIE2 ? "Set-Cookie2" : "Set-Cookie"),
-                  new_cookie);
-    ap_table_setn(r->notes, "cookie", ap_pstrdup(r->pool, cookiebuf));   /* log first time */
-    return;
-}
-
-/*
- * dcfg->regexp is "^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)",
- * which has three subexpressions, $0..$2
- */
-#define NUM_SUBS 3
-
-static void set_and_comp_regexp(cookie_dir_rec *dcfg, 
-                                pool *p,
-                                const char *cookie_name) 
-{
-    /*
-     * The goal is to end up with this regexp, 
-     * ^cookie_name=([^;]+)|;[\t]+cookie_name=([^;]+) 
-     * with cookie_name obviously substituted either
-     * with the real cookie name set by the user in httpd.conf,
-     * or with the default COOKIE_NAME.
-     */
-    dcfg->regexp_string = ap_pstrcat(p, "^", cookie_name,
-                                     "=([^;]+)|;[ \t]+", cookie_name,
-                                     "=([^;]+)", NULL);
-    dcfg->regexp = ap_pregcomp(p, dcfg->regexp_string, REG_EXTENDED);
-}
-
-static int spot_cookie(request_rec *r)
-{
-    cookie_dir_rec *dcfg = ap_get_module_config(r->per_dir_config,
-						&usertrack_module);
-    const char *cookie_header;
-    regmatch_t regm[NUM_SUBS];
-
-    if (!dcfg->enabled) {
-        return DECLINED;
-    }
-
-    if ((cookie_header = ap_table_get(r->headers_in,
-                                      (dcfg->style == CT_COOKIE2
-                                       ? "Cookie2"
-                                       : "Cookie")))) {
-	if (!ap_regexec(dcfg->regexp, cookie_header, NUM_SUBS, regm, 0)) {
-	    char *cookieval = NULL;
-	    /* Our regexp,
-	     * ^cookie_name=([^;]+)|;[ \t]+cookie_name=([^;]+)
-	     * only allows for $1 or $2 to be available. ($0 is always
-	     * filled with the entire matched expression, not just
-	     * the part in parentheses.) So just check for either one
-	     * and assign to cookieval if present. */
-	    if (regm[1].rm_so != -1) {
-		cookieval = ap_pregsub(r->pool, "$1", cookie_header, 
-                                       NUM_SUBS, regm);
-	    }
-	    if (regm[2].rm_so != -1) {
-		cookieval = ap_pregsub(r->pool, "$2", cookie_header, 
-                                       NUM_SUBS, regm);
-	    }
-	    /* Set the cookie in a note, for logging */
-	    ap_table_setn(r->notes, "cookie", cookieval);
-
-	    return DECLINED;    /* There's already a cookie, no new one */
-	}
-    }
-    make_cookie(r);
-    return OK;                  /* We set our cookie */
-}
-
-static void *make_cookie_log_state(pool *p, server_rec *s)
-{
-    cookie_log_state *cls =
-    (cookie_log_state *) ap_palloc(p, sizeof(cookie_log_state));
-
-    cls->expires = 0;
-
-    return (void *) cls;
-}
-
-static void *make_cookie_dir(pool *p, char *d)
-{
-    cookie_dir_rec *dcfg;
-
-    dcfg = (cookie_dir_rec *) ap_pcalloc(p, sizeof(cookie_dir_rec));
-    dcfg->cookie_name = COOKIE_NAME;
-    dcfg->cookie_domain = NULL;
-    dcfg->prefix_string = "";
-    dcfg->style = CT_UNSET;
-    dcfg->format = CF_NORMAL;
-    dcfg->enabled = 0;
-    /*
-     * In case the user does not use the CookieName directive,
-     * we need to compile the regexp for the default cookie name.
-     */
-    set_and_comp_regexp(dcfg, p, COOKIE_NAME);
-    return dcfg;
-}
-
-static const char *set_cookie_enable(cmd_parms *cmd, void *mconfig, int arg)
-{
-    cookie_dir_rec *dcfg = mconfig;
-
-    dcfg->enabled = arg;
-    return NULL;
-}
-
-static const char *set_cookie_exp(cmd_parms *parms, void *dummy,
-                                  const char *arg)
-{
-    cookie_log_state *cls;
-    time_t factor, modifier = 0;
-    time_t num = 0;
-    char *word;
-
-    cls  = ap_get_module_config(parms->server->module_config,
-                                &usertrack_module);
-    /* The simple case first - all numbers (we assume) */
-    if (ap_isdigit(arg[0]) && ap_isdigit(arg[strlen(arg) - 1])) {
-        cls->expires = atol(arg);
-        return NULL;
-    }
-
-    /*
-     * The harder case - stolen from mod_expires 
-     *
-     * CookieExpires "[plus] { }*"
-     */
-
-    word = ap_getword_conf(parms->pool, &arg);
-    if (!strncasecmp(word, "plus", 1)) {
-        word = ap_getword_conf(parms->pool, &arg);
-    };
-
-    /* { }* */
-    while (word[0]) {
-        /*  */
-	if (ap_isdigit(word[0]))
-            num = atoi(word);
-        else
-            return "bad expires code, numeric value expected.";
-
-        /*  */
-        word = ap_getword_conf(parms->pool, &arg);
-        if (!word[0])
-            return "bad expires code, missing ";
-
-        factor = 0;
-        if (!strncasecmp(word, "years", 1))
-            factor = 60 * 60 * 24 * 365;
-        else if (!strncasecmp(word, "months", 2))
-            factor = 60 * 60 * 24 * 30;
-        else if (!strncasecmp(word, "weeks", 1))
-            factor = 60 * 60 * 24 * 7;
-        else if (!strncasecmp(word, "days", 1))
-            factor = 60 * 60 * 24;
-        else if (!strncasecmp(word, "hours", 1))
-            factor = 60 * 60;
-        else if (!strncasecmp(word, "minutes", 2))
-            factor = 60;
-        else if (!strncasecmp(word, "seconds", 1))
-            factor = 1;
-        else
-            return "bad expires code, unrecognized type";
-
-        modifier = modifier + factor * num;
-
-        /* next  */
-        word = ap_getword_conf(parms->pool, &arg);
-    }
-
-    cls->expires = modifier;
-
-    return NULL;
-}
-
-static const char *set_cookie_name(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig;
-
-    dcfg->cookie_name = ap_pstrdup(cmd->pool, name);
-
-    set_and_comp_regexp(dcfg, cmd->pool, name);
-
-    if (dcfg->regexp == NULL) {
-	return "Regular expression could not be compiled.";
-    }
-    if (dcfg->regexp->re_nsub + 1 != NUM_SUBS) {
-        return ap_pstrcat(cmd->pool, "Invalid cookie name \"",
-                           name, "\"", NULL);
-    }
-
-    return NULL;
-}
-
-/*
- * Set the value for the 'Domain=' attribute.
- */
-static const char *set_cookie_domain(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg;
-
-    dcfg = (cookie_dir_rec *) mconfig;
-
-    /*
-     * Apply the restrictions on cookie domain attributes.
-     */
-    if (strlen(name) == 0) {
-        return "CookieDomain values may not be null";
-    }
-    if (name[0] != '.') {
-        return "CookieDomain values must begin with a dot";
-    }
-    if (strchr(&name[1], '.') == NULL) {
-        return "CookieDomain values must contain at least one embedded dot";
-    }
-
-    dcfg->cookie_domain = ap_pstrdup(cmd->pool, name);
-    return NULL;
-}
-
-/*
- * Make a note of the cookie style we should use.
- */
-static const char *set_cookie_style(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg;
-
-    dcfg = (cookie_dir_rec *) mconfig;
-
-    if (strcasecmp(name, "Netscape") == 0) {
-        dcfg->style = CT_NETSCAPE;
-    }
-    else if ((strcasecmp(name, "Cookie") == 0)
-             || (strcasecmp(name, "RFC2109") == 0)) {
-        dcfg->style = CT_COOKIE;
-    }
-    else if ((strcasecmp(name, "Cookie2") == 0)
-             || (strcasecmp(name, "RFC2965") == 0)) {
-        dcfg->style = CT_COOKIE2;
-    }
-    else {
-        return ap_psprintf(cmd->pool, "Invalid %s keyword: '%s'",
-                           cmd->cmd->name, name);
-    }
-
-    return NULL;
-}
-
-/*
- * Make a note of the cookie format we should use.
- */
-static const char *set_cookie_format(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg;
-
-    dcfg = (cookie_dir_rec *) mconfig;
-
-    if (strcasecmp(name, "Normal") == 0) {
-        dcfg->format = CF_NORMAL;
-    }
-    else if (strcasecmp(name, "Compact") == 0) {
-        dcfg->format = CF_COMPACT;
-    }
-    else {
-        return ap_psprintf(cmd->pool, "Invalid %s keyword: '%s'",
-                           cmd->cmd->name, name);
-    }
-
-    return NULL;
-}
-
-static const char *set_cookie_prefix(cmd_parms *cmd, void *mconfig, char *name)
-{
-    cookie_dir_rec *dcfg = (cookie_dir_rec *) mconfig;
-
-    dcfg->prefix_string = ap_pstrdup(cmd->pool, name);
-
-    return NULL;
-}
-
-
-static const command_rec cookie_log_cmds[] = {
-    {"CookieExpires", set_cookie_exp, NULL, OR_FILEINFO, TAKE1,
-     "an expiry date code"},
-    {"CookieTracking", set_cookie_enable, NULL, OR_FILEINFO, FLAG,
-     "whether or not to enable cookies"},
-    {"CookieName", set_cookie_name, NULL, OR_FILEINFO, TAKE1,
-     "name of the tracking cookie"},
-    {"CookieDomain", set_cookie_domain, NULL, OR_FILEINFO, TAKE1,
-     "domain to which this cookie applies"},
-    {"CookieStyle", set_cookie_style, NULL, OR_FILEINFO, TAKE1,
-     "'Netscape', 'Cookie' (RFC2109), or 'Cookie2' (RFC2965)"},
-    {"CookieFormat", set_cookie_format, NULL, OR_FILEINFO, TAKE1,
-     "'Normal' or 'Compact'"},
-    {"CookiePrefix", set_cookie_prefix, NULL, OR_FILEINFO, TAKE1,
-     "String prepended to cookie"},
-    {NULL}
-};
-
-module MODULE_VAR_EXPORT usertrack_module = {
-    STANDARD_MODULE_STUFF,
-    NULL,                       /* initializer */
-    make_cookie_dir,            /* dir config creater */
-    NULL,                       /* dir merger --- default is to override */
-    make_cookie_log_state,      /* server config */
-    NULL,                       /* merge server configs */
-    cookie_log_cmds,            /* command table */
-    NULL,                       /* handlers */
-    NULL,                       /* filename translation */
-    NULL,                       /* check_user_id */
-    NULL,                       /* check auth */
-    NULL,                       /* check access */
-    NULL,                       /* type_checker */
-    spot_cookie,                /* fixups */
-    NULL,                       /* logger */
-    NULL,                       /* header parser */
-    NULL,                       /* child_init */
-    NULL,                       /* child_exit */
-    NULL                        /* post read-request */
-};
-
-
-
diff --git a/usr.sbin/httpd/src/modules/standard/mod_vhost_alias.c b/usr.sbin/httpd/src/modules/standard/mod_vhost_alias.c
deleted file mode 100644
index f40e4e4d2cd..00000000000
--- a/usr.sbin/httpd/src/modules/standard/mod_vhost_alias.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*	$OpenBSD: mod_vhost_alias.c,v 1.8 2003/08/21 13:11:37 henning Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * mod_vhost_alias.c: support for dynamically configured mass virtual hosting
- * 
- * Copyright (c) 1998-1999 Demon Internet Ltd.
- *
- * This software was submitted by Demon Internet to the Apache Group
- * in May 1999. Future revisions and derivatives of this source code
- * must acknowledge Demon Internet as the original contributor of
- * this module. All other licensing and usage conditions are those
- * of the Apache Group.
- *
- * Originally written by Tony Finch  .
- *
- * Implementation ideas were taken from mod_alias.c. The overall
- * concept is derived from the OVERRIDE_DOC_ROOT/OVERRIDE_CGIDIR
- * patch to Apache 1.3b3 and a similar feature in Demon's thttpd,
- * both written by James Grinter .
- */
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_core.h"
-#include "http_main.h"
-
-
-module MODULE_VAR_EXPORT vhost_alias_module;
-
-
-/*
- * basic configuration things
- * we abbreviate "mod_vhost_alias" to "mva" for shorter names
- */
-
-typedef enum {
-    VHOST_ALIAS_UNSET, VHOST_ALIAS_NONE, VHOST_ALIAS_NAME, VHOST_ALIAS_IP
-} mva_mode_e;
-
-/*
- * Per-server module config record.
- */
-typedef struct mva_sconf_t {
-    char *doc_root;
-    char *cgi_root;
-    mva_mode_e doc_root_mode;
-    mva_mode_e cgi_root_mode;
-} mva_sconf_t;
-
-static void *mva_create_server_config(pool *p, server_rec *s)
-{
-    mva_sconf_t *conf;
-
-    conf = (mva_sconf_t *) ap_pcalloc(p, sizeof(mva_sconf_t));
-    conf->doc_root = NULL;
-    conf->cgi_root = NULL;
-    conf->doc_root_mode = VHOST_ALIAS_UNSET;
-    conf->cgi_root_mode = VHOST_ALIAS_UNSET;
-    return conf;
-}
-
-static void *mva_merge_server_config(pool *p, void *parentv, void *childv)
-{
-    mva_sconf_t *parent = (mva_sconf_t *) parentv;
-    mva_sconf_t *child = (mva_sconf_t *) childv;
-    mva_sconf_t *conf;
-
-    conf = (mva_sconf_t *) ap_pcalloc(p, sizeof(*conf));
-    if (child->doc_root_mode == VHOST_ALIAS_UNSET) {
-	conf->doc_root_mode = parent->doc_root_mode;
-	conf->doc_root = parent->doc_root;
-    }
-    else {
-	conf->doc_root_mode = child->doc_root_mode;
-	conf->doc_root = child->doc_root;
-    }
-    if (child->cgi_root_mode == VHOST_ALIAS_UNSET) {
-	conf->cgi_root_mode = parent->cgi_root_mode;
-	conf->cgi_root = parent->cgi_root;
-    }
-    else {
-	conf->cgi_root_mode = child->cgi_root_mode;
-	conf->cgi_root = child->cgi_root;
-    }
-    return conf;
-}
-
-
-/*
- * These are just here to tell us what vhost_alias_set should do.
- * We don't put anything into them; we just use the cell addresses.
- */
-static int vhost_alias_set_doc_root_ip,
-    vhost_alias_set_cgi_root_ip,
-    vhost_alias_set_doc_root_name,
-    vhost_alias_set_cgi_root_name;
-
-static const char *vhost_alias_set(cmd_parms *cmd, void *dummy, char *map)
-{
-    mva_sconf_t *conf;
-    mva_mode_e mode, *pmode;
-    char **pmap;
-    char *p;
-  
-    conf = (mva_sconf_t *) ap_get_module_config(cmd->server->module_config,
-						&vhost_alias_module);
-    /* there ought to be a better way of doing this */
-    if (&vhost_alias_set_doc_root_ip == cmd->info) {
-	mode = VHOST_ALIAS_IP;
-	pmap = &conf->doc_root;
-	pmode = &conf->doc_root_mode;
-    }
-    else if (&vhost_alias_set_cgi_root_ip == cmd->info) {
-	mode = VHOST_ALIAS_IP;
-	pmap = &conf->cgi_root;
-	pmode = &conf->cgi_root_mode;
-    }
-    else if (&vhost_alias_set_doc_root_name == cmd->info) {
-	mode = VHOST_ALIAS_NAME;
-	pmap = &conf->doc_root;
-	pmode = &conf->doc_root_mode;
-    }
-    else if (&vhost_alias_set_cgi_root_name == cmd->info) {
-	mode = VHOST_ALIAS_NAME;
-	pmap = &conf->cgi_root;
-	pmode = &conf->cgi_root_mode;
-    }
-    else {
-	return "INTERNAL ERROR: unknown command info";
-    }
-
-    ap_server_strip_chroot(map, 1);
-
-    if (!(ap_os_is_path_absolute(map))) {
-	if (strcasecmp(map, "none")) {
-	    return "format string must be an absolute file path or 'none'";
-	}
-	*pmap = NULL;
-	*pmode = VHOST_ALIAS_NONE;
-	return NULL;
-    }
-
-    /* sanity check */
-    p = map;
-    while (*p != '\0') {
-	if (*p++ != '%') {
-	    continue;
-	}
-	/* we just found a '%' */
-	if (*p == 'p' || *p == '%') {
-	    ++p;
-	    continue;
-	}
-	/* optional dash */
-	if (*p == '-') {
-	    ++p;
-	}
-	/* digit N */
-	if (ap_isdigit(*p)) {
-	    ++p;
-	}
-	else {
-	    return "syntax error in format string";
-	}
-	/* optional plus */
-	if (*p == '+') {
-	    ++p;
-	}
-	/* do we end here? */
-	if (*p != '.') {
-	    continue;
-	}
-	++p;
-	/* optional dash */
-	if (*p == '-') {
-	    ++p;
-	}
-	/* digit M */
-	if (ap_isdigit(*p)) {
-	    ++p;
-	}
-	else {
-	    return "syntax error in format string";
-	}
-	/* optional plus */
-	if (*p == '+') {
-	    ++p;
-	}
-    }
-    *pmap = map;
-    *pmode = mode;
-    return NULL;
-}
-
-static const command_rec mva_commands[] =
-{
-    {"VirtualScriptAlias", vhost_alias_set, &vhost_alias_set_cgi_root_name,
-     RSRC_CONF, TAKE1, "how to create a ScriptAlias based on the host"},
-    {"VirtualDocumentRoot", vhost_alias_set, &vhost_alias_set_doc_root_name,
-     RSRC_CONF, TAKE1, "how to create the DocumentRoot based on the host"},
-    {"VirtualScriptAliasIP", vhost_alias_set, &vhost_alias_set_cgi_root_ip,
-     RSRC_CONF, TAKE1, "how to create a ScriptAlias based on the host"},
-    {"VirtualDocumentRootIP", vhost_alias_set, &vhost_alias_set_doc_root_ip,
-     RSRC_CONF, TAKE1, "how to create the DocumentRoot based on the host"},
-    { NULL }
-};
-
-
-/*
- * This really wants to be a nested function
- * but C is too feeble to support them.
- */
-static ap_inline void vhost_alias_checkspace(request_rec *r, char *buf,
-					     char **pdest, int size)
-{
-    /* XXX: what if size > HUGE_STRING_LEN? */
-    if (*pdest + size > buf + HUGE_STRING_LEN) {
-	**pdest = '\0';
-	if (r->filename) {
-	    r->filename = ap_pstrcat(r->pool, r->filename, buf, NULL);
-	}
-	else {
-	    r->filename = ap_pstrdup(r->pool, buf);
-	}
-	*pdest = buf;
-    }
-}
-
-static void vhost_alias_interpolate(request_rec *r, const char *name,
-				    const char *map, const char *uri)
-{
-    /* 0..9 9..0 */
-    enum { MAXDOTS = 19 };
-    const char *dots[MAXDOTS+1];
-    int ndots;
-
-    char buf[HUGE_STRING_LEN];
-    char *dest, last;
-
-    int N, M, Np, Mp, Nd, Md;
-    const char *start, *end;
-
-    const char *p;
-
-    ndots = 0;
-    dots[ndots++] = name-1; /* slightly naughty */
-    for (p = name; *p; ++p){
-	if (*p == '.' && ndots < MAXDOTS) {
-	    dots[ndots++] = p;
-	}
-    }
-    dots[ndots] = p;
-
-    r->filename = NULL;
-  
-    dest = buf;
-    last = '\0';
-    while (*map) {
-	if (*map != '%') {
-	    /* normal characters */
-	    vhost_alias_checkspace(r, buf, &dest, 1);
-	    last = *dest++ = *map++;
-	    continue;
-	}
-	/* we are in a format specifier */
-	++map;
-	/* can't be a slash */
-	last = '\0';
-	/* %% -> % */
-	if (*map == '%') {
-	    ++map;
-	    vhost_alias_checkspace(r, buf, &dest, 1);
-	    *dest++ = '%';
-	    continue;
-	}
-	/* port number */
-	if (*map == 'p') {
-	    ++map;
-	    /* no. of decimal digits in a short plus one */
-	    vhost_alias_checkspace(r, buf, &dest, 7);
-	    dest += ap_snprintf(dest, 7, "%d", ap_get_server_port(r));
-	    continue;
-	}
-	/* deal with %-N+.-M+ -- syntax is already checked */
-	N = M = 0;   /* value */
-	Np = Mp = 0; /* is there a plus? */
-	Nd = Md = 0; /* is there a dash? */
-	if (*map == '-') ++map, Nd = 1;
-	N = *map++ - '0';
-	if (*map == '+') ++map, Np = 1;
-	if (*map == '.') {
-	    ++map;
-	    if (*map == '-') {
-		++map, Md = 1;
-	    }
-	    M = *map++ - '0';
-	    if (*map == '+') {
-		++map, Mp = 1;
-	    }
-	}
-	/* note that N and M are one-based indices, not zero-based */
-	start = dots[0]+1; /* ptr to the first character */
-	end = dots[ndots]; /* ptr to the character after the last one */
-	if (N != 0) {
-	    if (N > ndots) {
-		start = "_";
-		end = start+1;
-	    }
-	    else if (!Nd) {
-		start = dots[N-1]+1;
-		if (!Np) {
-		    end = dots[N];
-		}
-	    }
-	    else {
-		if (!Np) {
-		    start = dots[ndots-N]+1;
-		}
-		end = dots[ndots-N+1];
-	    }
-	}
-	if (M != 0) {
-	    if (M > end - start) {
-		start = "_";
-		end = start+1;
-	    }
-	    else if (!Md) {
-		start = start+M-1;
-		if (!Mp) {
-		    end = start+1;
-		}
-	    }
-	    else {
-		if (!Mp) {
-		    start = end-M;
-		}
-		end = end-M+1;
-	    }
-	}
-	vhost_alias_checkspace(r, buf, &dest, end - start);
-	for (p = start; p < end; ++p) {
-	    *dest++ = ap_tolower(*p);
-	}
-    }
-    *dest = '\0';
-    /* no double slashes */
-    if (last == '/') {
-	++uri;
-    }
-    if (r->filename) {
-	r->filename = ap_pstrcat(r->pool, r->filename, buf, uri, NULL);
-    }
-    else {
-	r->filename = ap_pstrcat(r->pool, buf, uri, NULL);
-    }
-}
-
-static int mva_translate(request_rec *r)
-{
-    mva_sconf_t *conf;
-    const char *name, *map, *uri;
-    mva_mode_e mode;
-    const char *cgi;
-  
-    conf = (mva_sconf_t *) ap_get_module_config(r->server->module_config,
-					      &vhost_alias_module);
-    cgi = NULL;
-    if (conf->cgi_root) {
-	cgi = strstr(r->uri, "cgi-bin/");
-	if (cgi && (cgi != r->uri + strspn(r->uri, "/"))) {
-	    cgi = NULL;
-	}
-    }
-    if (cgi) {
-	mode = conf->cgi_root_mode;
-	map = conf->cgi_root;
-	uri = cgi + strlen("cgi-bin");
-    }
-    else if (r->uri[0] == '/') {
-	mode = conf->doc_root_mode;
-	map = conf->doc_root;
-	uri = r->uri;
-    }
-    else {
-	return DECLINED;
-    }
-  
-    if (mode == VHOST_ALIAS_NAME) {
-	name = ap_get_server_name(r);
-    }
-    else if (mode == VHOST_ALIAS_IP) {
-	name = r->connection->local_ip;
-    }
-    else {
-	return DECLINED;
-    }
-
-    vhost_alias_interpolate(r, name, map, uri);
-
-    if (cgi) {
-	/* see is_scriptaliased() in mod_cgi */
-	r->handler = "cgi-script";
-	ap_table_setn(r->notes, "alias-forced-type", r->handler);
-    }
-
-    return OK;
-}
-
-
-module MODULE_VAR_EXPORT vhost_alias_module =
-{
-    STANDARD_MODULE_STUFF,
-    NULL,			/* initializer */
-    NULL,			/* dir config creater */
-    NULL,			/* dir merger --- default is to override */
-    mva_create_server_config,	/* server config */
-    mva_merge_server_config,	/* merge server configs */
-    mva_commands,		/* command table */
-    NULL,			/* handlers */
-    mva_translate,		/* filename translation */
-    NULL,			/* check_user_id */
-    NULL,			/* check auth */
-    NULL,			/* check access */
-    NULL,			/* type_checker */
-    NULL,			/* fixups */
-    NULL,			/* logger */
-    NULL,			/* header parser */
-    NULL,			/* child_init */
-    NULL,			/* child_exit */
-    NULL			/* post read-request */
-};
diff --git a/usr.sbin/httpd/src/os/unix/Makefile.tmpl b/usr.sbin/httpd/src/os/unix/Makefile.tmpl
deleted file mode 100644
index a9e1205ec0d..00000000000
--- a/usr.sbin/httpd/src/os/unix/Makefile.tmpl
+++ /dev/null
@@ -1,47 +0,0 @@
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
-LIBS=$(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-
-OBJS=	os.o os-inline.o
-
-LIB=	libos.a
-
-all:	$(LIB)
-
-$(LIB): $(OBJS)
-	rm -f $@
-	ar cr $@ $(OBJS)
-	$(RANLIB) $@
-
-.c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-clean:
-	rm -f $(OBJS) $(LIB)
-
-distclean: clean
-	-rm -f Makefile
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-$(OBJS): Makefile
-
-# DO NOT REMOVE
-os-aix-dso.o: os-aix-dso.c
-os-inline.o: os-inline.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h
-os.o: os.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
- $(INCDIR)/ap_ctype.h os.h
diff --git a/usr.sbin/httpd/src/os/unix/os-inline.c b/usr.sbin/httpd/src/os/unix/os-inline.c
deleted file mode 100644
index fbbbd3f0999..00000000000
--- a/usr.sbin/httpd/src/os/unix/os-inline.c
+++ /dev/null
@@ -1,34 +0,0 @@
-/* $OpenBSD: os-inline.c,v 1.3 2005/03/28 22:41:51 niallo Exp $ */
-
-/*
- * This file contains functions which can be inlined if the compiler
- * has an "inline" modifier. Because of this, this file is both a
- * header file and a compilable module.
- *
- * Only inlineable functions should be defined in here. They must all
- * include the INLINE modifier. 
- *
- * If the compiler supports inline, this file will be #included as a
- * header file from os.h to create all the inline function
- * definitions. INLINE will be defined to whatever is required on
- * function definitions to make them inline declarations.
- *
- * If the compiler does not support inline, this file will be compiled
- * as a normal C file into libos.a (along with os.c). In this case
- * INLINE will _not_ be set so we can use this to test if we are
- * compiling this source file.  
- */
-
-#ifndef INLINE
-#define INLINE
-
-/* Anything required only when compiling */
-#include "ap_config.h"
-
-#endif
-
-INLINE int
-ap_os_is_path_absolute(const char *file)
-{
-	return file[0] == '/';
-}
diff --git a/usr.sbin/httpd/src/os/unix/os.c b/usr.sbin/httpd/src/os/unix/os.c
deleted file mode 100644
index bb8dc1cd4e3..00000000000
--- a/usr.sbin/httpd/src/os/unix/os.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/* $OpenBSD: os.c,v 1.11 2005/03/28 22:41:51 niallo Exp $ */
-
-/*
- * This file will include OS specific functions which are not inlineable.
- * Any inlineable functions should be defined in os-inline.c instead.
- */
-
-#include "ap_config.h"
-#include "os.h"
-
-
-/* some linkers complain unless there's at least one function in each
- * .o file... and extra prototype is for gcc -Wmissing-prototypes
- */
-extern void ap_is_not_here(void);
-
-void
-ap_is_not_here(void)
-{
-}
-
-/*
- *  Abstraction layer for loading
- *  Apache modules under run-time via 
- *  dynamic shared object (DSO) mechanism
- */
-
-void
-ap_os_dso_init(void)
-{
-}
-
-void
-*ap_os_dso_load(const char *path)
-{
-	return dlopen(path, RTLD_NOW | RTLD_GLOBAL);
-}
-
-void
-ap_os_dso_unload(void *handle)
-{
-	dlclose(handle);
-	return;
-}
-
-void
-*ap_os_dso_sym(void *handle, const char *symname)
-{
-	return dlsym(handle, symname);
-}
-
-const char *
-ap_os_dso_error(void)
-{
-	return dlerror();
-}
diff --git a/usr.sbin/httpd/src/os/unix/os.h b/usr.sbin/httpd/src/os/unix/os.h
deleted file mode 100644
index 0b16017f12b..00000000000
--- a/usr.sbin/httpd/src/os/unix/os.h
+++ /dev/null
@@ -1,126 +0,0 @@
-/* $OpenBSD: os.h,v 1.9 2005/03/28 14:01:14 niallo Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-#ifndef APACHE_OS_H
-#define APACHE_OS_H
-
-#include "ap_config.h"
-
-#ifndef PLATFORM
-#define PLATFORM "Unix"
-#endif
-
-/*
- * This file in included in all Apache source code. It contains definitions
- * of facilities available on _this_ operating system (HAVE_* macros),
- * and prototypes of OS specific functions defined in os.c or os-inline.c
- */
-
-#if !defined(INLINE) && defined(USE_GNU_INLINE)
-/* Compiler supports inline, so include the inlineable functions as
- * part of the header
- */
-#define INLINE extern ap_inline
-
-INLINE int ap_os_is_path_absolute(const char *file);
-
-#include "os-inline.c"
-
-#else
-
-/* Compiler does not support inline, so prototype the inlineable functions
- * as normal
- */
-extern int ap_os_is_path_absolute(const char *file);
-#endif
-
-/* Other ap_os_ routines not used by this platform */
-
-#define ap_os_is_filename_valid(f)          (1)
-#define ap_os_kill(pid, sig)                kill(pid, sig)
-
-/*
- *  Abstraction layer for loading
- *  Apache modules under run-time via 
- *  dynamic shared object (DSO) mechanism
- */
-
-#include 
-
-/* probably on an older system that doesn't support RTLD_NOW or RTLD_LAZY.
- * The below define is a lie since we are really doing RTLD_LAZY since the
- * system doesn't support RTLD_NOW.
- */
-#ifndef RTLD_NOW
-#define RTLD_NOW 1
-#endif
-
-#ifndef RTLD_GLOBAL
-#define RTLD_GLOBAL 0
-#endif
-
-#define     ap_os_dso_handle_t  void *
-void        ap_os_dso_init(void);
-void *      ap_os_dso_load(const char *);
-void        ap_os_dso_unload(void *);
-void *      ap_os_dso_sym(void *, const char *);
-const char *ap_os_dso_error(void);
-
-#endif	/* !APACHE_OS_H */
diff --git a/usr.sbin/httpd/src/support/.indent.pro b/usr.sbin/httpd/src/support/.indent.pro
deleted file mode 100644
index a9fbe9f9a1f..00000000000
--- a/usr.sbin/httpd/src/support/.indent.pro
+++ /dev/null
@@ -1,54 +0,0 @@
--i4 -npsl -di0 -br -nce -d0 -cli0 -npcs -nfc1
--TBUFF
--TFILE
--TTRANS
--TUINT4
--T_trans
--Tallow_options_t
--Tapache_sfio
--Tarray_header
--Tbool_int
--Tbuf_area
--Tbuff_struct
--Tbuffy
--Tcmd_how
--Tcmd_parms
--Tcommand_rec
--Tcommand_struct
--Tconn_rec
--Tcore_dir_config
--Tcore_server_config
--Tdir_maker_func
--Tevent
--Tglobals_s
--Thandler_func
--Thandler_rec
--Tjoblist_s
--Tlisten_rec
--Tmerger_func
--Tmode_t
--Tmodule
--Tmodule_struct
--Tmutex
--Tn_long
--Tother_child_rec
--Toverrides_t
--Tparent_score
--Tpid_t
--Tpiped_log
--Tpool
--Trequest_rec
--Trequire_line
--Trlim_t
--Tscoreboard
--Tsemaphore
--Tserver_addr_rec
--Tserver_rec
--Tserver_rec_chain
--Tshort_score
--Ttable
--Ttable_entry
--Tthread
--Tu_wide_int
--Tvtime_t
--Twide_int
diff --git a/usr.sbin/httpd/src/support/Makefile.tmpl b/usr.sbin/httpd/src/support/Makefile.tmpl
deleted file mode 100644
index d145b1db795..00000000000
--- a/usr.sbin/httpd/src/support/Makefile.tmpl
+++ /dev/null
@@ -1,76 +0,0 @@
-CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS) -DUSE_SETUSERCONTEXT
-LIBS=-lm -lap -los $(EXTRA_LIBS) $(LIBS1)
-INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
-LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS) -L$(OSDIR) -L$(SRCDIR)/ap
-
-TARGETS=htpasswd htdigest rotatelogs logresolve apxs checkgid
-
-OBJS=htpasswd.o htdigest.o rotatelogs.o logresolve.o checkgid.o
-
-.c.o: 
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
-
-all: $(TARGETS)
-
-htpasswd: htpasswd.o
-	$(CC) $(CFLAGS) -o htpasswd $(LDFLAGS) htpasswd.o $(LIBS)
-
-htdigest: htdigest.o
-	$(CC) $(CFLAGS) -o htdigest $(LDFLAGS) htdigest.o $(LIBS)
-
-rotatelogs: rotatelogs.o
-	$(CC) $(CFLAGS) -o rotatelogs $(LDFLAGS) rotatelogs.o $(LIBS)
-
-logresolve: logresolve.o
-	$(CC) $(CFLAGS) -o logresolve $(LDFLAGS) logresolve.o $(LIBS)
-
-checkgid: checkgid.o
-	$(CC) $(CFLAGS) -o checkgid $(LDFLAGS) checkgid.o $(LIBS)
-
-apxs: apxs.pl Makefile
-	sed apxs \
-	    -e 's%@TARGET@%$(TARGET)%g' \
-	    -e 's%@CC@%$(CC)%g' \
-	    -e 's%@CFLAGS@%$(CFLAGS)%g' \
-	    -e 's%@CFLAGS_SHLIB@%$(CFLAGS_SHLIB)%g' \
-	    -e 's%@LD_SHLIB@%$(LD_SHLIB)%g' \
-	    -e 's%@LDFLAGS_MOD_SHLIB@%$(LDFLAGS_MOD_SHLIB)%g' \
-	    -e 's%@LIBS_SHLIB@%$(LIBS_SHLIB)%g' && chmod a+x apxs
-
-suexec: suexec.o
-	$(CC) $(CFLAGS) -o suexec $(LDFLAGS) suexec.o $(LIBS)
-
-clean:
-	rm -f $(TARGETS) *.o
-
-distclean: clean
-	-rm -f Makefile
-
-# We really don't expect end users to use this rule.  It works only with
-# gcc, and rebuilds Makefile.tmpl.  You have to re-run Configure after
-# using it.
-depend:
-	cp Makefile.tmpl Makefile.tmpl.bak \
-	    && sed -ne '1,/^# DO NOT REMOVE/p' Makefile.tmpl > Makefile.new \
-	    && gcc -MM $(INCLUDES) $(CFLAGS) *.c >> Makefile.new \
-	    && sed -e '1,$$s: $(INCDIR)/: $$(INCDIR)/:g' \
-	           -e '1,$$s: $(OSDIR)/: $$(OSDIR)/:g' Makefile.new \
-		> Makefile.tmpl \
-	    && rm Makefile.new
-
-#Dependencies
-
-$(OBJS): Makefile
-
-# DO NOT REMOVE
-htdigest.o: htdigest.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h \
- $(INCDIR)/ap_md5.h
-htpasswd.o: htpasswd.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h
-logresolve.o: logresolve.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h
-rotatelogs.o: rotatelogs.c $(INCDIR)/ap_config.h \
- $(INCDIR)/ap_config_auto.h $(OSDIR)/os.h $(INCDIR)/ap_ctype.h
-suexec.o: suexec.c $(INCDIR)/ap_config.h $(INCDIR)/ap_config_auto.h \
- $(OSDIR)/os.h $(INCDIR)/ap_ctype.h suexec.h
diff --git a/usr.sbin/httpd/src/support/README b/usr.sbin/httpd/src/support/README
deleted file mode 100644
index eb93fff03a4..00000000000
--- a/usr.sbin/httpd/src/support/README
+++ /dev/null
@@ -1,72 +0,0 @@
-Support files:
-
-ab
-	ABuse your server with this benchmarker. Rudimentary
-	command line testing tool.
-
-	To compile with SSL support; specify the compile
-	time flag 'USE_SSL'. E.g. during configure do:
-	
-	CFLAGS="-I/usr/local/ssl/include -DUSE_SSL " \
-		LIBS="-L/usr/local/ssl/lib -lssl -lcrypt" 
-		./configure ...
-
-	SSL support is even more rudimentary and experimental
-	than ab itself :-).
-
-apachectl
-	Apache run-time Control script. To facilitate the
-	administrator and/or your rc.d scripts to control the 
-	functioning of the Apache httpd daemon.
-
-apxs
-	APache eXtenSion tool. Eases building and installing
-	DSO style modules.
-
-dbmmanage
-	Create and update user authentication files in the faster
-	DBM format used by mod_auth_db.
-
-htdigest
-	Create and update user authentication files used in
-	DIGEST authentification. See mod_auth_digest.
-
-htpasswd 
-	Create and update user authentication files used in
-	BASIC authentification. I.e. the htpasswd files.
-	See mod_auth.
-
-httpd.8
-	General apache man page.
-
-log_server_status
-	This script is designed to be run at a frequent interval by something
-	like cron.  It connects to the server and downloads the status
-	information.  It reformats the information to a single line and logs
-	it to a file. 
-
-logresolve
-	resolve hostnames for IP-addresses in Apache logfiles
-
-phf_abuse_log.cgi
-	This script can be used to detect people trying to abuse an ancient
-	and long plugged security hole which existed in a CGI script distributed
-	with Apache 1.0.3 and earlier versions.
-
-rotatelogs
-	rotate Apache logs without having to kill the server.
-
-split-logfile
-	This script will take a combined virtual hosts access
-	log file and break its contents into separate files.
-
-suexec
-	Switch User For Exec. Used internally by apache, 
-        see  the  document  `Apache  suEXEC  Support'
-	under http://www.apache.org/docs/suexec.html .
-
-SHA1
-	This directory includes some utilities to allow Apache 1.3.6 to 
-	recognize passwords in SHA1 format, as used by Netscape web 
-	servers. It is not installed by default.
-
diff --git a/usr.sbin/httpd/src/support/SHA1/README.sha1 b/usr.sbin/httpd/src/support/SHA1/README.sha1
deleted file mode 100644
index 3998e1fdd91..00000000000
--- a/usr.sbin/httpd/src/support/SHA1/README.sha1
+++ /dev/null
@@ -1,34 +0,0 @@
-This directory includes some utilities to allow Apache 1.3.6 to 
-recognize passwords in SHA1 format, as used by Netscape web servers.  
-
-From Netscape's admin interface, export the password database to an 
-ldif file and then use convert.pl in this distribution to generate 
-apache style password files.  
-
-Note: SHA1 support is useful for migration purposes, but is less
-      secure than Apache's password format, since Apache's (MD5)
-      password format uses a random eight character salt to generate
-      one of many possible hashes for the same password.  Netscape
-      uses plain SHA1 without a salt, so the same password
-      will always generate the same hash, making it easier
-      to break since the search space is smaller.
-
-This code was contributed by Clinton Wong .
-
-README.sha1 
-	this file
-
-convert-sha1.pl 
-	takes an ldif dump from Netscape's web server on
-        standard in, outputs apache htpasswd format on standard out.
-
-        Usage: convert.pl < ldif > passwords
-
-htpasswd-sha1.pl
-	perl script to generate entries in apache htpasswd format.
-
-       	Usage: htpasswd-sha1.pl some_user some_password
-
-ldif-sha1.example
-	sample ldif dump with one sha1 password and one crypt password.
-
diff --git a/usr.sbin/httpd/src/support/SHA1/convert-sha1.pl b/usr.sbin/httpd/src/support/SHA1/convert-sha1.pl
deleted file mode 100644
index 35228022a08..00000000000
--- a/usr.sbin/httpd/src/support/SHA1/convert-sha1.pl
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/perl -w
-use strict;
-
-# This is public domain code.  Do whatever you want with it.
-# It was originally included in Clinton Wong's Apache 1.3.6 SHA1/ldif
-# patch distribution as sample code for converting accounts from
-# ldif format (as used by Netscape web servers) to Apache password format.
-
-my $uid='';
-my $passwd='';
-
-while (my $line = <>) {
-  chomp $line;
-  if ( $line =~ /uid:\s*(.+)/) { $uid = $1 }
-  if ( $line =~ /userpassword:\s*(\{\w+\}.+)/) {
-    $passwd = $1;
-    $passwd =~ s/^\{crypt\}//i;  # Apache stores crypt without a magic string
-  }
-
-  if (length($line)==0) {
-
-    if (length $uid and length $passwd) {
-      print $uid, ':', $passwd, "\n";
-    } # output if we have something to print
-
-    $uid = '';
-    $passwd = '';
-
-  } # if newline
-} # while something to read
-
-# handle last entry if there isn't a newline before EOF
-    if (length $uid and length $passwd) {
-  print $uid, ':', $passwd, "\n";
-}
-
diff --git a/usr.sbin/httpd/src/support/SHA1/htpasswd-sha1.pl b/usr.sbin/httpd/src/support/SHA1/htpasswd-sha1.pl
deleted file mode 100644
index ad624d1101f..00000000000
--- a/usr.sbin/httpd/src/support/SHA1/htpasswd-sha1.pl
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/perl -w
-use strict;
-#
-# Utility which takes a username and password
-# on the command line and generates a username
-# sha1-encrytped password on the stdout.
-# 
-# Typical useage:
-# 	./htpasswd-sha1.pl dirkx MySecret >> sha1-passwd
-#
-# This is public domain code.  Do whatever you want with it.
-# It was originally included in Clinton Wong's Apache 1.3.6 SHA1/ldif
-# patch distribution as sample code for generating entries for
-# Apache password files using SHA1.
-
-use MIME::Base64;  # http://www.cpan.org/modules/by-module/MIME/
-use Digest::SHA1;  # http://www.cpan.org/modules/by-module/MD5/
-
-if ($#ARGV!=1) { die "Usage $0: user password\n" }
-
-print $ARGV[0], ':{SHA}', encode_base64( Digest::SHA1::sha1($ARGV[1]) );
-
diff --git a/usr.sbin/httpd/src/support/SHA1/ldif-sha1.example b/usr.sbin/httpd/src/support/SHA1/ldif-sha1.example
deleted file mode 100644
index b8fe917eaf3..00000000000
--- a/usr.sbin/httpd/src/support/SHA1/ldif-sha1.example
+++ /dev/null
@@ -1,19 +0,0 @@
-dn: cn=someuser
-cn: someuser
-sn: someuser
-objectclass: top
-objectclass: person
-objectclass: organizationalPerson
-objectclass: inetOrgPerson
-uid: someuser
-userpassword: {SHA}GvF+c3IdvgxAARuC7Uuxp9vjzik=
-
-dn: cn=anotheruser
-cn: anotheruser
-sn: anotheruser
-objectclass: top
-objectclass: person
-objectclass: organizationalPerson
-objectclass: inetOrgPerson
-uid: anotheruser
-userpassword: {crypt}eFnp.4sz5XnH6
diff --git a/usr.sbin/httpd/src/support/apachectl b/usr.sbin/httpd/src/support/apachectl
deleted file mode 100644
index bb36fea20ab..00000000000
--- a/usr.sbin/httpd/src/support/apachectl
+++ /dev/null
@@ -1,253 +0,0 @@
-#!/bin/sh
-#
-# Apache control script designed to allow an easy command line interface
-# to controlling Apache.  Written by Marc Slemko, 1997/08/23
-# 
-# The exit codes returned are:
-#	0 - operation completed successfully
-#	1 - 
-#	2 - usage error
-#	3 - httpd could not be started
-#	4 - httpd could not be stopped
-#	5 - httpd could not be started during a restart
-#	6 - httpd could not be restarted during a restart
-#	7 - httpd could not be restarted during a graceful restart
-#	8 - configuration syntax error
-#
-# When multiple arguments are given, only the error from the _last_
-# one is reported.  Run "apachectl help" for usage info
-#
-#
-# |||||||||||||||||||| START CONFIGURATION SECTION  ||||||||||||||||||||
-# --------------------                              --------------------
-# 
-# the path to your PID file
-PIDFILE=/usr/local/apache/logs/httpd.pid
-#
-# the path to your httpd binary, including options if necessary
-HTTPD='/usr/local/apache/src/httpd'
-#
-# a command that outputs a formatted text version of the HTML at the
-# url given on the command line.  Designed for lynx, however other
-# programs may work.  
-LYNX="lynx -dump"
-#
-# the URL to your server's mod_status status page.  If you do not
-# have one, then status and fullstatus will not work.
-STATUSURL="http://localhost/server-status"
-#
-# --------------------                              --------------------
-# ||||||||||||||||||||   END CONFIGURATION SECTION  ||||||||||||||||||||
-
-ERROR=0
-ARGV="$@"
-if [ "x$ARGV" = "x" ] ; then 
-    ARGS="help"
-fi
-
-RCFLAGS=""
-. /etc/rc.conf
-if [ "X${httpd_flags}" != X"NO"  ]; then
-	RCFLAGS="${httpd_flags}"
-fi
-
-for ARG in $@ $ARGS
-do
-    # check for pidfile
-    if [ -f $PIDFILE ] ; then
-	PID=`cat $PIDFILE`
-	if [ "x$PID" != "x" ] && kill -0 $PID 2>/dev/null ; then
-	    STATUS="httpd (pid $PID) running"
-	    RUNNING=1
-	else
-	    STATUS="httpd (pid $PID?) not running"
-	    RUNNING=0
-	fi
-    else
-	STATUS="httpd (no pid file) not running"
-	RUNNING=0
-    fi
-
-    case $ARG in
-    start)
-	if [ $RUNNING -eq 1 ]; then
-	    echo "$0 $ARG: httpd (pid $PID) already running"
-	    continue
-	fi
-	if $HTTPD $RCFLAGS ; then
-	    echo "$0 $ARG: httpd started"
-	else
-	    echo "$0 $ARG: httpd could not be started"
-	    ERROR=3
-	fi
-	;;
-    startssl|sslstart|start-SSL)
-	if [ $RUNNING -eq 1 ]; then
-	    echo "$0 $ARG: httpd (pid $PID) already running"
-	    continue
-	fi
-	if $HTTPD $RCFLAGS -DSSL; then
-	    echo "$0 $ARG: httpd started"
-	else
-	    echo "$0 $ARG: httpd could not be started"
-	    ERROR=3
-	fi
-	;;
-    stop)
-	if [ $RUNNING -eq 0 ]; then
-	    echo "$0 $ARG: $STATUS"
-	    continue
-	fi
-	if kill $PID ; then
-	    echo "$0 $ARG: httpd stopped"
-	else
-	    echo "$0 $ARG: httpd could not be stopped"
-	    ERROR=4
-	fi
-	;;
-    restart)
-	if [ $RUNNING -eq 0 ]; then
-	    echo "$0 $ARG: httpd not running, trying to start"
-	    if $HTTPD $RCFLAGS; then
-		echo "$0 $ARG: httpd started"
-	    else
-		echo "$0 $ARG: httpd could not be started"
-		ERROR=5
-	    fi
-	else
-	    if $HTTPD $RCFLAGS -t >/dev/null 2>&1; then
-		if kill -HUP $PID ; then
-		    echo "$0 $ARG: httpd restarted"
-		else
-		    echo "$0 $ARG: httpd could not be restarted"
-		    ERROR=6
-		fi
-	    else
-		echo "$0 $ARG: configuration broken, ignoring restart"
-		echo "$0 $ARG: (run 'apachectl configtest' for details)"
-		ERROR=6
-	    fi
-	fi
-	;;
-    graceful)
-	if [ $RUNNING -eq 0 ]; then
-	    echo "$0 $ARG: httpd not running, trying to start"
-	    if $HTTPD $RCFLAGS; then
-		echo "$0 $ARG: httpd started"
-	    else
-		echo "$0 $ARG: httpd could not be started"
-		ERROR=5
-	    fi
-	else
-	    if $HTTPD $RCFLAGS -t >/dev/null 2>&1; then
-		if kill -USR1 $PID ; then
-		    echo "$0 $ARG: httpd gracefully restarted"
-		else
-		    echo "$0 $ARG: httpd could not be restarted"
-		    ERROR=7
-		fi
-	    else
-		echo "$0 $ARG: configuration broken, ignoring restart"
-		echo "$0 $ARG: (run 'apachectl configtest' for details)"
-		ERROR=7
-	    fi
-	fi
-	;;
-    status)
-	$LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
-	;;
-    fullstatus)
-	$LYNX $STATUSURL
-	;;
-    configtest)
-	if $HTTPD $RCFLAGS -t; then
-	    :
-	else
-	    ERROR=8
-	fi
-	;;
-    *)
-	BNAME=`basename $0`
-	echo "usage: $BNAME [ start | startssl | stop | restart | graceful | "
-	echo "                   status | fullstatus | configtest | help ]"
-	cat <.
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-# 
diff --git a/usr.sbin/httpd/src/support/apachectl.8 b/usr.sbin/httpd/src/support/apachectl.8
deleted file mode 100644
index 3982af777af..00000000000
--- a/usr.sbin/httpd/src/support/apachectl.8
+++ /dev/null
@@ -1,185 +0,0 @@
-.\"	$OpenBSD: apachectl.8,v 1.10 2010/09/03 11:22:36 jmc Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" .
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: September 3 2010 $
-.Dt APACHECTL 8
-.Os
-.Sh NAME
-.Nm apachectl
-.Nd Apache HTTP server control interface
-.Sh SYNOPSIS
-.Nm
-.Ar command
-.Op Ar ...
-.Sh DESCRIPTION
-.Nm
-is a front end to the Apache HyperText Transfer Protocol (HTTP) server.
-It is designed to help the administrator control the
-functioning of the Apache
-.Xr httpd 8
-daemon.
-.Pp
-.Ar command
-can be any one or more of the following options:
-.Bl -tag -width "configtestXX"
-.It Ic configtest
-Run a configuration file syntax test.
-It parses the configuration files and either reports
-.Dq Syntax OK
-or detailed information about the particular syntax error.
-.It Ic fullstatus
-Display a full status report from
-.Dq mod_status .
-For this to work, you need to have mod_status enabled on your server
-and a text-based browser such as
-.Xr lynx 1
-available on your system.
-The URL used to access the status report can be set by editing the
-.Dv STATUSURL
-variable in the
-.Nm
-script.
-.It Ic graceful
-Gracefully restart
-.Xr httpd 8
-by sending it a
-.Dv SIGUSR1 .
-If the daemon is not running, it is started.
-This differs from a normal restart
-in that currently open connections are not aborted.
-A side effect is that old log files will not be closed immediately.
-This means that if used in a log rotation script,
-a substantial delay may be necessary to ensure that
-the old log files are closed before processing them.
-This command automatically checks the configuration files via
-.Ic configtest
-before initiating the restart to make sure httpd doesn't die.
-.It Ic help
-Display a short help message.
-.It Ic restart
-Restart
-.Xr httpd 8
-by sending it a
-.Dv SIGHUP .
-If the daemon is not running, it is started.
-This command automatically checks the configuration files via
-.Ic configtest
-before initiating the restart to make sure
-.Xr httpd 8
-doesn't die.
-If httpd runs chrooted
-(default in
-.Ox )
-and 3rd party modules are loaded,
-restart may fail due to path inconsistency.
-Completely stop and start the daemon instead.
-.It Ic start
-Start
-.Xr httpd 8 .
-If the daemon is already running,
-a warning is given and no action is taken.
-.It Ic startssl
-Start
-.Xr httpd 8
-with SSL enabled;
-see
-.Xr ssl 8
-for more information.
-If the daemon is already running,
-a warning is given and no action is taken.
-.It Ic status
-Display a brief status report.
-Similar to the
-.Ic fullstatus
-option,
-except that the list of requests currently being served is omitted.
-.It Ic stop
-Stop
-.Xr httpd 8 .
-.El
-.Sh EXIT STATUS
-The exit codes returned are:
-.Pp
-.Bl -tag -width "XXX" -offset indent -compact
-.It 0
-operation completed successfully
-.It 2
-usage error
-.It 3
-httpd could not be started
-.It 4
-httpd could not be stopped
-.It 5
-httpd could not be started during a restart
-.It 6
-httpd could not be restarted during a restart
-.It 7
-httpd could not be restarted during a graceful restart
-.It 8
-configuration syntax error
-.El
-.Pp
-When multiple arguments are given,
-only the error from the last one is reported.
-.Sh SEE ALSO
-.Xr httpd 8 ,
-.Xr ssl 8
-.Pp
-Full documentation for httpd can be found at
-.Pa /usr/share/doc/html/httpd/ .
diff --git a/usr.sbin/httpd/src/support/apxs.8 b/usr.sbin/httpd/src/support/apxs.8
deleted file mode 100644
index 6d44192dfdb..00000000000
--- a/usr.sbin/httpd/src/support/apxs.8
+++ /dev/null
@@ -1,433 +0,0 @@
-.\"	$OpenBSD: apxs.8,v 1.15 2007/05/31 19:20:24 jmc Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" .
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: May 31 2007 $
-.Dt APXS 8
-.Os
-.Sh NAME
-.Nm apxs
-.Nd APache eXtenSion tool
-.Sh SYNOPSIS
-.Nm
-.Bk -words
-.Fl c
-.Xo
-.Oo Fl D
-.Ar variable Ns Oo = Ns Ar value Oc Oc
-.Xc
-.Op Fl I Ar incdir
-.Op Fl L Ar libdir
-.Op Fl l Ar libname
-.No \ \&\ \& Op Fl o Ar dsofile
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Op Fl Wc , Ns Ar compiler-flags
-.No \ \&\ \& Op Fl Wl , Ns Ar linker-flags
-.Ar file ...
-.Ek
-.Nm
-.Fl e
-.Op Fl Aa
-.Op Fl n Ar name
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Ar dsofile ...
-.Nm
-.Fl g
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Fl n Ar name
-.Nm
-.Fl i
-.Op Fl Aa
-.Op Fl n Ar name
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Ar dsofile ...
-.Nm
-.Fl q
-.Xo
-.Oo Fl S
-.Ar variable Ns = Ns Ar value Oc
-.Xc
-.Ar query ...
-.Sh DESCRIPTION
-.Nm
-is a tool for building and installing extension modules for the
-Apache HyperText Transfer Protocol (HTTP) server,
-.Xr httpd 8 .
-This is achieved by building a
-Dynamic Shared Object (DSO)
-from one or more source or object files
-which can then be loaded into httpd at runtime via the
-.Ic LoadModule
-directive from
-.Ic mod_so .
-To use this extension mechanism,
-your platform has to support the DSO feature
-and the httpd binary has to be built with the
-.Ic mod_so
-module.
-The
-.Nm
-tool automatically complains if this is not the case.
-Check by manually running the following command:
-.Pp
-.Dl $ httpd -l
-.Pp
-The module
-.Ic mod_so
-should be part of the displayed list.
-If these requirements are fulfilled,
-httpd's functionality can be extended by
-installing modules with the DSO mechanism,
-with the help of the
-.Nm
-tool:
-.Bd -literal -offset indent
-# apxs -i -a -c mod_foo.c
-cc -O2 -pipe -DDEV_RANDOM=/dev/arandom -DMOD_SSL=208116 -DEAPI -DUSE_EXPAT -I../lib/expat-lite -DUSE_SETUSERCONTEXT -fPIC -DSHARED_MODULE -I/usr/lib/apache/include  -c mod_foo.c
-[activating module `foo' in /var/www/conf/httpd.conf]
-cp mod_foo.so /usr/lib/apache/modules/mod_foo.so
-chmod 755 /usr/lib/apache/modules/mod_foo.so
-cp /var/www/conf/httpd.conf /var/www/conf/httpd.conf.bak
-cp /var/www/conf/httpd.conf.new /var/www/conf/httpd.conf
-rm /var/www/conf/httpd.conf.new
-# apachectl restart
-/usr/sbin/apachectl restart: httpd not running, trying to start
-/usr/sbin/apachectl restart: httpd started
-.Ed
-.Pp
-The argument
-.Ar file
-can be any C source file (.c),
-an object file (.o),
-or even a library archive (.a).
-The
-.Nm
-tool automatically recognizes these extensions and automatically uses the C
-source files for compilation,
-whereas it just uses the object and archive files for the linking phase.
-But when using such pre-compiled objects,
-make sure they are compiled for Position Independent Code (PIC)
-to be able to use them for a DSO.
-For instance, with
-.Xr cc 1
-just use
-.Fl fpic .
-For other
-C compilers, please consult their manual pages or watch for the flags
-.Nm
-uses to compile the object files.
-.Pp
-For more details about DSO support in Apache,
-first read the background information about DSO in
-.Pa htdocs/manual/dso.html ,
-then read the documentation of
-.Ic mod_so .
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl A
-Same as the
-.Fl a
-option but the created
-.Ic LoadModule
-directive is prefixed with a hash sign (#),
-i.e. the module is just prepared for later activation but initially disabled.
-.It Fl a
-This activates the module by automatically adding a corresponding
-.Ic LoadModule
-line to Apache's httpd.conf configuration file,
-or by enabling it if it already exists.
-.It Fl c
-Compile.
-This option first compiles the C source files (.c) of
-.Ar file ...\&
-into corresponding object files (.o) and then builds a DSO in
-.Ar dsofile
-by linking these object files plus the remaining object files (.o and .a) of
-.Ar file ...
-If no
-.Fl o
-option is specified,
-the output file is guessed from the first filename in
-.Ar file ...\&
-and thus usually defaults to
-.No mod_ Ns Ar name Ns \&.so
-.It Xo
-.Fl D
-.Ar variable Ns Op = Ns Ar value
-.Xc
-This option is directly passed through to the compilation command(s).
-Use this to add your own defines to the build process.
-.It Fl e
-Edit.
-This option can be used with the
-.Fl a
-and
-.Fl A
-options to edit the
-configuration file,
-.Pa /var/www/conf/httpd.conf ,
-without attempting to install the module.
-.It Fl g
-Template generation.
-This option generates a subdirectory
-.Ar name
-(see the
-.Fl n
-option)
-and two files:
-a sample module source file named
-.No mod_ Ns Ar name Ns \&.c ,
-which can be used as a template for creating your own modules or
-as a quick start for playing with the
-.Nm
-mechanism,
-and a corresponding
-.Pa Makefile
-for even easier building and installing of this module.
-.It Fl I Ar incdir
-This option is directly passed through to the compilation command(s).
-Use this to add your own include directories to search to the build process.
-.It Fl i
-Install.
-This option installs one or more DSOs into the server's
-.Ar libexec
-directory.
-.It Fl L Ar libdir
-This option is directly passed through to the linker command.
-Use this to add your own library directories to search to the build process.
-.It Fl l Ar libname
-This option is directly passed through to the linker command.
-Use this to add your own libraries to search to the build process.
-.It Fl n Ar name
-This explicitly sets the module name for the
-.Fl i
-(install)
-and
-.Fl g
-(template generation) option.
-Use this to explicitly specify the module name.
-For option
-.Fl g
-this is required;
-for option
-.Fl i ,
-.Nm
-tries to determine the name from the source or (as a fallback) at least
-by guessing it from the filename.
-.It Fl o Ar dsofile
-Explicitly specifies the filename of the created DSO file.
-If not specified and the name cannot be guessed from the
-.Ar file ...\&
-list,
-the fallback name
-.Ar mod_unknown.so
-is used.
-.It Fl q
-Query.
-This option performs a query for
-.Nm apxs Ns 's
-knowledge about certain settings.
-The
-.Ar query
-parameters can be one or more of the following variable names:
-.Bd -literal -offset indent
-CC              TARGET
-CFLAGS          SBINDIR
-CFLAGS_SHLIB    INCLUDEDIR
-LD_SHLIB        LIBEXECDIR
-LDFLAGS_SHLIB   SYSCONFDIR
-LIBS_SHLIB      PREFIX
-.Ed
-.Pp
-Use this for manually determining settings.
-For instance,
-use the following inside your own Makefiles if you need manual access
-to Apache's C header files:
-.Pp
-.Dl INC=-I`apxs -q INCLUDEDIR`
-.It Fl S Ar variable Ns = Ns Ar value
-This option changes the
-.Nm
-settings described above.
-.It Fl Wc , Ns Ar compiler-flags
-This option passes
-.Ar compiler-flags
-as additional flags to the compiler command.
-Use this to add local compiler-specific options.
-This option may be specified multiple times
-in order to pass multiple flags.
-.It Fl Wl , Ns Ar linker-flags
-This option passes
-.Ar linker-flags
-as additional flags to the linker command.
-Use this to add local linker-specific options.
-This option may be specified multiple times
-in order to pass multiple flags.
-.El
-.Sh EXAMPLES
-Assume you have a module named
-.Dq mod_foo.c
-available which should extend httpd's functionality.
-To accomplish this,
-first compile the C source into a DSO
-suitable for loading into httpd at runtime via the following command:
-.Bd -literal -offset indent
-# apxs -c mod_foo.c
-cc -O2 -pipe -DDEV_RANDOM=/dev/arandom -DMOD_SSL=208116 -DEAPI -DUSE_EXPAT -I../lib/expat-lite -DUSE_SETUSERCONTEXT -fPIC -DSHARED_MODULE -I/usr/lib/apache/include  -c mod_foo.c
-cc -shared -fPIC -DSHARED_MODULE -o mod_foo.so mod_foo.o
-.Ed
-.Pp
-Then a
-.Ic LoadModule
-directive has to be added to httpd's configuration file to load the DSO.
-To simplify this step,
-.Nm
-provides an automatic way to install the DSO in the
-.Dq libexec
-directory and update the httpd.conf file accordingly.
-This can be achieved by running the following:
-.Bd -literal -offset indent
-$ apxs -i -a mod_foo.so
-[activating module `foo' in /var/www/conf/httpd.conf]
-cp mod_foo.so /usr/lib/apache/modules/mod_foo.so
-chmod 755 /usr/lib/apache/modules/mod_foo.so
-cp /var/www/conf/httpd.conf /var/www/conf/httpd.conf.bak
-cp /var/www/conf/httpd.conf.new /var/www/conf/httpd.conf
-rm /var/www/conf/httpd.conf.new
-.Ed
-.Pp
-This way a line such as the following
-is added to the configuration file:
-.Pp
-.Dl LoadModule foo_module /usr/lib/apache/modules/mod_foo.so
-.Pp
-If you want the module added to the configuration file
-without it being enabled,
-use the
-.Fl A
-option instead:
-.Pp
-.Dl $ apxs -i -A mod_foo.so
-.Pp
-For a quick test of the
-.Nm
-mechanism,
-create a sample module template plus a corresponding
-.Ar Makefile
-via:
-.Bd -literal -offset indent
-# apxs -g -n foo
-Creating [DIR]  foo
-Creating [FILE] foo/Makefile
-Creating [FILE] foo/mod_foo.c
-.Ed
-.Pp
-The sample module can then be immediately compiled into a DSO
-and loaded into the httpd server:
-.Bd -literal -offset indent
-$ cd foo
-$ make all reload
-apxs -c    mod_foo.c
-cc -O2 -pipe -DDEV_RANDOM=/dev/arandom -DMOD_SSL=208116 -DEAPI -DUSE_EXPAT -I../lib/expat-lite -DUSE_SETUSERCONTEXT -fPIC -DSHARED_MODULE -I/usr/lib/apache/include  -c mod_foo.c
-cc -shared -fPIC -DSHARED_MODULE -o mod_foo.so mod_foo.o
-apxs -i -a -n 'foo' mod_foo.so
-[activating module `foo' in /var/www/conf/httpd.conf]
-cp mod_foo.so /usr/lib/apache/modules/mod_foo.so
-chmod 755 /usr/lib/apache/modules/mod_foo.so
-cp /var/www/conf/httpd.conf /var/www/conf/httpd.conf.bak
-cp /var/www/conf/httpd.conf.new /var/www/conf/httpd.conf
-rm /var/www/conf/httpd.conf.new
-apachectl restart
-/usr/sbin/apachectl restart: httpd not running, trying to start
-/usr/sbin/apachectl restart: httpd started
-.Ed
-.Pp
-.Nm
-can even be used to compile complex modules
-outside the httpd source tree,
-like PHP3,
-because
-.Nm
-automatically recognizes C source files and object files.
-.Bd -literal -offset indent
-$ cd php3
-$ ./configure --with-shared-apache=../apache-1.3
-$ apxs -c -o libphp3.so mod_php3.c libmodphp3-so.a
-gcc -fpic -DSHARED_MODULE -I/tmp/apache/include  -c mod_php3.c
-ld -Bshareable -o libphp3.so mod_php3.o libmodphp3-so.a
-.Ed
-.Pp
-Only C source files are compiled,
-while remaining object files are used for the linking phase.
-.Sh SEE ALSO
-.Xr cc 1 ,
-.Xr apachectl 8 ,
-.Xr httpd 8
diff --git a/usr.sbin/httpd/src/support/apxs.pl b/usr.sbin/httpd/src/support/apxs.pl
deleted file mode 100644
index 6bafb0a24d5..00000000000
--- a/usr.sbin/httpd/src/support/apxs.pl
+++ /dev/null
@@ -1,805 +0,0 @@
-#!/usr/local/bin/perl
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## .
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-##
-
-##
-##  apxs -- APache eXtenSion tool
-##  Written by Ralf S. Engelschall 
-##
-
-require 5.003;
-use strict;
-package apxs;
-
-##
-##  Configuration
-##
-
-my $CFG_TARGET        = q(@TARGET@);            # substituted via Makefile.tmpl 
-my $CFG_CC            = q(@CC@);                # substituted via Makefile.tmpl
-my $CFG_CFLAGS        = q(@CFLAGS@);            # substituted via Makefile.tmpl
-my $CFG_CFLAGS_SHLIB  = q(@CFLAGS_SHLIB@);      # substituted via Makefile.tmpl
-my $CFG_LD_SHLIB      = q(@LD_SHLIB@);          # substituted via Makefile.tmpl
-my $CFG_LDFLAGS_SHLIB = q(@LDFLAGS_MOD_SHLIB@); # substituted via Makefile.tmpl 
-my $CFG_LIBS_SHLIB    = q(@LIBS_SHLIB@);        # substituted via Makefile.tmpl 
-my $CFG_PREFIX        = q(@prefix@);            # substituted via APACI install
-my $CFG_SBINDIR       = q(@sbindir@);           # substituted via APACI install
-my $CFG_INCLUDEDIR    = q(@includedir@);        # substituted via APACI install
-my $CFG_LIBEXECDIR    = q(@libexecdir@);        # substituted via APACI install
-my $CFG_SYSCONFDIR    = q(@sysconfdir@);        # substituted via APACI install
-
-##
-##  Cleanup the above stuff
-##
-$CFG_CFLAGS =~ s|^\s+||;
-$CFG_CFLAGS =~ s|\s+$||;
-$CFG_CFLAGS =~ s|\s+`.+apaci`||;
-
-##
-##  parse argument line
-##
-
-#   defaults for parameters
-my $opt_n = '';
-my $opt_g = '';
-my $opt_c = 0;
-my $opt_o = '';
-my @opt_D = ();
-my @opt_I = ();
-my @opt_L = ();
-my @opt_l = ();
-my @opt_W = ();
-my @opt_S = ();
-my $opt_e = 0;
-my $opt_i = 0;
-my $opt_a = 0;
-my $opt_A = 0;
-my $opt_q = 0;
-
-#   default for DSO file extension 
-my $dso_ext = "so";
-if ($^O eq "cygwin") {
-    $dso_ext = "dll";
-}
-
-#   this subroutine is derived from Perl's getopts.pl with the enhancement of
-#   the "+" metacharater at the format string to allow a list to be build by
-#   subsequent occurance of the same option.
-sub Getopts {
-    my ($argumentative, @ARGV) = @_;
-    my (@args, $first, $rest, $pos);
-    my ($errs) = 0;
-    local ($_);
-
-    @args = split( / */, $argumentative);
-    while(@ARGV && ($_ = $ARGV[0]) =~ /^-(.)(.*)/) {
-        ($first, $rest) = ($1,$2);
-        if ($_ =~ m|^--$|) {
-            shift(@ARGV);
-            last;
-        }
-        $pos = index($argumentative,$first);
-        if ($pos >= $[) {
-            if ($args[$pos+1] eq ':') {
-                shift(@ARGV);
-                if ($rest eq '') {
-                    unless (@ARGV) {
-                        print STDERR "apxs:Error: Incomplete option: $first (needs an argument)\n";
-                        ++$errs;
-                    }
-                    $rest = shift(@ARGV);
-                }
-                eval "\$opt_$first = \$rest;";
-            }
-            elsif ($args[$pos+1] eq '+') {
-                shift(@ARGV);
-                if ($rest eq '') {
-                    unless (@ARGV) {
-                        print STDERR "apxs:Error: Incomplete option: $first (needs an argument)\n";
-                        ++$errs;
-                    }
-                    $rest = shift(@ARGV);
-                }
-                eval "push(\@opt_$first, \$rest);";
-            }
-            else {
-                eval "\$opt_$first = 1";
-                if ($rest eq '') {
-                    shift(@ARGV);
-                }
-                else {
-                    $ARGV[0] = "-$rest";
-                }
-            }
-        }
-        else {
-            print STDERR "apxs:Error: Unknown option: $first\n";
-            ++$errs;
-            if ($rest ne '') {
-                $ARGV[0] = "-$rest";
-            }
-            else {
-                shift(@ARGV);
-            }
-        }
-    }
-    return ($errs == 0, @ARGV);
-}
-
-sub usage {
-    print STDERR "Usage: apxs -c [-D variable[=value]] [-I incdir] [-L libdir] [-l libname]\n";
-    print STDERR "               [-o dsofile] [-S variable=value] [-Wc,compiler-flags]\n";
-    print STDERR "               [-Wl,linker-flags] file ...\n";
-    print STDERR "       apxs -e [-Aa] [-n name] [-S variable=value] dsofile ...\n";
-    print STDERR "       apxs -g [-S variable=value] -n name\n";
-    print STDERR "       apxs -i [-Aa] [-n name] [-S variable=value] dsofile ...\n";
-    print STDERR "       apxs -q [-S variable=value] query ...\n";
-    exit(1);
-}
-
-#   option handling
-my $rc;
-($rc, @ARGV) = &Getopts("qn:gco:I+D+L+l+W+S+eiaA", @ARGV);
-&usage if ($rc == 0);
-&usage if ($#ARGV == -1 and not $opt_g);
-&usage if (not $opt_q and not ($opt_g and $opt_n) and not $opt_i and not $opt_c and not $opt_e);
-
-#   argument handling
-my @args = @ARGV;
-my $name = 'unknown';
-$name = $opt_n if ($opt_n ne '');
-
-#   overriding of configuration variables
-if (@opt_S) {
-    my ($opt_S);
-    foreach $opt_S (@opt_S) {
-        if ($opt_S =~ m/^([^=]+)=(.*)$/) {
-            my ($var, $val) = ($1, $2);
-            my $oldval = eval "\$CFG_$var";
-            unless ($var and $oldval) {
-                print STDERR "apxs:Error: no config variable $var\n";
-                &usage;
-            }
-	    $val=~s/"/\\"/g;
-            eval "\$CFG_${var}=\"${val}\"";
-        } else {
-            print STDERR "apxs:Error: malformatted -S option\n";
-            &usage;
-        }       
-    }
-}
-
-##
-##  Initial DSO support check
-##
-if ($^O ne "MSWin32") {
-if (not -x "$CFG_SBINDIR/$CFG_TARGET") {
-    print STDERR "apxs:Error: $CFG_SBINDIR/$CFG_TARGET not found or not executable\n";
-    exit(1);
-}
-if (not grep(/mod_so/, `$CFG_SBINDIR/$CFG_TARGET -l`)) {
-    print STDERR "apxs:Error: Sorry, no DSO support for Apache available\n";
-    print STDERR "apxs:Error: under your platform. Make sure the Apache\n";
-    print STDERR "apxs:Error: module mod_so is compiled into your server\n";
-    print STDERR "apxs:Error: binary `$CFG_SBINDIR/$CFG_TARGET'.\n";
-    exit(1);
-}
-}
-
-##
-##  Operation
-##
-
-#   helper function for executing a list of
-#   system command with return code checks
-sub execute_cmds {
-    my (@cmds) = @_;
-    my ($cmd, $rc);
-
-    foreach $cmd (@cmds) {
-        print STDERR "$cmd\n";
-        $rc = system("$cmd");
-        if ($rc != 0) {
-            printf(STDERR "apxs:Break: Command failed with rc=%d\n", $rc >> 8);
-            exit(1);
-        }
-    }
-}
-
-if ($opt_g) {
-    ##
-    ##  SAMPLE MODULE SOURCE GENERATION
-    ##
-
-    if (-d $name) {
-        print STDERR "apxs:Error: Directory `$name' already exists. Remove it first\n";
-        exit(1);
-    }
-
-    my $data = join('', );
-    $data =~ s|%NAME%|$name|sg;
-    $data =~ s|%TARGET%|$CFG_TARGET|sg;
-    $data =~ s|%DSO_EXT%|$dso_ext|sg;
-
-    my ($mkf, $src) = ($data =~ m|^(.+)-=#=-\n(.+)|s);
-
-    print STDERR "Creating [DIR]  $name\n";
-    system("mkdir $name");
-    print STDERR "Creating [FILE] $name/Makefile\n";
-    open(FP, ">${name}/Makefile") || die;
-    print FP $mkf;
-    close(FP);
-    print STDERR "Creating [FILE] $name/mod_$name.c\n";
-    open(FP, ">${name}/mod_${name}.c") || die;
-    print FP $src;
-    close(FP);
-
-    exit(0);
-}
-
-if ($opt_q) {
-    ##
-    ##  QUERY INFORMATION 
-    ##
-
-    my $result = '';
-    my $arg;
-    foreach $arg (@args) {
-        my $ok = 0;
-        my $name;
-        foreach $name (qw(
-            TARGET CC CFLAGS CFLAGS_SHLIB LD_SHLIB LDFLAGS_SHLIB LIBS_SHLIB
-            PREFIX SBINDIR INCLUDEDIR LIBEXECDIR SYSCONFDIR
-        )) {
-            if ($arg eq $name or $arg eq lc($name)) {
-                my $val = eval "\$CFG_$name";
-                $result .= "${val}##";
-                $ok = 1;
-            }
-        }
-        if (not $ok) {
-            printf(STDERR "apxs:Error: Invalid query string `%s'\n", $arg);
-            exit(1);
-        }
-    }
-    $result =~ s|##$||;
-    $result =~ s|##| |g;
-    print $result;
-}
-
-if ($opt_c) {
-    ##
-    ##  DSO COMPILATION
-    ##
-
-    #   split files into sources and objects
-    my @srcs = ();
-    my @objs = ();
-    my $f;
-    foreach $f (@args) {
-        if ($f =~ m|\.c$|) {
-            push(@srcs, $f);
-        }
-        else {
-            push(@objs, $f);
-        }
-    }
-
-    #   determine output file
-    my $dso_file;
-    if ($opt_o eq '') {
-        if ($#srcs > -1) {
-            $dso_file = $srcs[0];
-            $dso_file =~ s|\.[^.]+$|.$dso_ext|;
-        }
-        elsif ($#objs > -1) {
-            $dso_file = $objs[0];
-            $dso_file =~ s|\.[^.]+$|.$dso_ext|;
-        }
-        else {
-            $dso_file = "mod_unknown.$dso_ext";
-        }
-    }
-    else {
-        $dso_file = $opt_o;
-    }
-
-    #   create compilation commands
-    my @cmds = ();
-    my $opt = '';
-    my ($opt_Wc, $opt_I, $opt_D);
-    foreach $opt_Wc (@opt_W) {
-        $opt .= "$1 " if ($opt_Wc =~ m|^\s*c,(.*)$|);
-    }
-    foreach $opt_I (@opt_I) {
-        $opt_I = '"' . $opt_I . '"' if ($opt_I =~ m|\s|);
-        $opt .= "-I$opt_I ";
-    }
-    foreach $opt_D (@opt_D) {
-        $opt .= "-D$opt_D ";
-    }
-    my $cflags = "$CFG_CFLAGS $CFG_CFLAGS_SHLIB";
-    if ($^O eq "MSWin32") {
-        my $d = $dso_file;
-        $d =~ s|\.so$||;
-        $d = '"' . $d . '"' if ($d =~ m|\s|);
-        $opt .= "-Fd$d ";
-    }
-    my $s;
-    foreach $s (@srcs) {
-        my $o = $s;
-        $s = '"' . $s . '"' if ($s =~ m|\s|);
-        if ($^O ne "MSWin32") {
-            $o =~ s|\.c$|.o|;
-            $o =~ s|^.*/||;
-            $o = '"' . $o . '"' if ($o =~ m|\s|);
-            push(@cmds, "$CFG_CC $cflags -I$CFG_INCLUDEDIR $opt -c $s");
-        } else {
-            $o =~ s|\.c$|.obj|;
-            $o =~ s|^.*/||;
-            $o = '"' . $o . '"' if ($o =~ m|\s|);
-            push(@cmds, "$CFG_CC $cflags -I\"$CFG_INCLUDEDIR\" $opt -c $s -Fo$o");
-        }
-        unshift(@objs, $o);
-    }
-
-    #   create link command
-    my $cmd;
-    if ($^O ne "MSWin32") {
-        $cmd = "$CFG_LD_SHLIB $CFG_LDFLAGS_SHLIB -o $dso_file";
-    } else {
-        $cmd = "$CFG_LD_SHLIB $CFG_LDFLAGS_SHLIB -out:\"$dso_file\"";
-    }
-    my $o;
-    foreach $o (@objs) {
-        $cmd .= " $o";
-    }
-    $opt = '';
-    my ($opt_Wl, $opt_L, $opt_l);
-    foreach $opt_Wl (@opt_W) {
-        if ($CFG_LD_SHLIB !~ m/gcc$/) {
-            $opt .= " $1" if ($opt_Wl =~ m|^\s*l,(.*)$|);
-        } else {
-            $opt .= " -W$opt_Wl";
-        }
-    }
-    foreach $opt_L (@opt_L) {
-        if ($^O ne "MSWin32") {
-            $opt .= " -L$opt_L";
-        } else {
-            $opt .= " -libpath:\"$opt_L\"";
-        }
-    }
-    foreach $opt_l (@opt_l) {
-        if ($^O ne "MSWin32") {
-            $opt .= " -l$opt_l";
-        } else {
-            $opt .= " $opt_l";
-        }
-    }
-    $cmd .= $opt;
-    $cmd .= " $CFG_LIBS_SHLIB";
-    push(@cmds, $cmd);
-
-    #   execute the commands
-    &execute_cmds(@cmds);
-
-    #   allow one-step compilation and installation
-    if ($opt_i or $opt_e) {
-        @args = ($dso_file);
-    }
-}
-
-if ($opt_i or $opt_e) {
-    ##
-    ##  DSO INSTALLATION
-    ##
-
-    #   determine installation commands
-    #   and corresponding LoadModule/AddModule directives
-    my @lmd = ();
-    my @amd = ();
-    my @cmds = ();
-    my $f;
-    foreach $f (@args) {
-        if ($f !~ m|\.$dso_ext$|) {
-            print STDERR "apxs:Error: file $f is not a DSO\n";
-            exit(1);
-        }
-        my $t = $f;
-        if ($^O ne "MSWin32") {
-            $t =~ s|^.+/([^/]+)$|$1|;
-            if ($opt_i) {
-                push(@cmds, "cp $f $CFG_LIBEXECDIR/$t");
-                push(@cmds, "chmod 755 $CFG_LIBEXECDIR/$t");
-            }
-        }
-	else {
-            $t =~ s|^.+[/\\]([^/\\]+)$|$1|;
-            if ($opt_i) {
-                push(@cmds, "copy \"$f\" \"$CFG_LIBEXECDIR/$t\"");
-            }
-        }
-        
-        #   determine module symbolname and filename
-        my $filename = '';
-        if ($name eq 'unknown') {
-            $name = '';
-            my $base = $f;
-            $base =~ s|\.[^.]+$||;
-            if (-f "$base.c") {
-                open(FP, "<$base.c");
-                my $content = join('', );
-                close(FP);
-                if ($content =~ m|.*module\s+(?:MODULE_VAR_EXPORT\s+)?([a-zA-Z0-9_]+)_module\s*=\s*.*|s) {
-                    $name = "$1";
-                    $filename = "$base.c";
-                    $filename =~ s|^.+/||;
-                    $filename =~ s|^.+\\|| if ($^O eq "MSWin32");
-                }
-            }
-            if ($name eq '') {
-                if ($base =~ m|.*mod_([a-zA-Z0-9_]+)\..+|) {
-                    $name = "$1";
-                    $filename = $base;
-                    $filename =~ s|^.+/||;
-                    $filename =~ s|^.+\\|| if ($^O eq "MSWin32");
-                }
-            }
-            if ($name eq '') {
-                print STDERR "apxs:Error: Sorry, cannot determine bootstrap symbol name.\n";
-                print STDERR "apxs:Error: Please specify one with option `-n'.\n";
-                exit(1);
-            }
-        }
-        if ($filename eq '') {
-            $filename = "mod_${name}.c";
-        }
-        my $dir = $CFG_LIBEXECDIR;
-        $dir =~ s|^$CFG_PREFIX/?||;
-        $dir =~ s|(.)$|$1/|;
-        push(@lmd, sprintf("LoadModule %-18s %s", "${name}_module", "$dir$t"));
-        push(@amd, sprintf("AddModule %s", $filename));
-    }
-
-    #   activate module via LoadModule/AddModule directive
-    if ($opt_a or $opt_A) {
-        my $cfgbase = "$CFG_SYSCONFDIR/$CFG_TARGET";
-        if (not -f "$cfgbase.conf") {
-            print STDERR "apxs:Error: Config file $cfgbase.conf not found\n";
-            exit(1);
-        }
-
-        open(FP, "<$cfgbase.conf") || die;
-        my $content = join('', );
-        close(FP);
-
-        if ($content !~ m|\n#?\s*LoadModule\s+|) {
-            print STDERR "apxs:Error: Activation failed for custom $cfgbase.conf file.\n";
-            print STDERR "apxs:Error: At least one `LoadModule' directive already has to exist.\n";
-            exit(1);
-        }
-
-        my $lmd;
-        my $c = '';
-        $c = '#' if ($opt_A);
-        foreach $lmd (@lmd) {
-            my $what = $opt_A ? "preparing" : "activating";
-            if ($content !~ m|\n#?\s*$lmd|) {
-                # check for open , so that the new LoadModule
-                # directive always appears *outside* of an .
-
-                my $before = ($content =~ m|^(.*\n)#?\s*LoadModule\s+[^\n]+\n|s)[0];
-
-                # the '()=' trick forces list context and the scalar
-                # assignment counts the number of list members (aka number
-                # of matches) then
-                my $cntopen = () = ($before =~ m|^\s*<[^/].*$|mg);
-                my $cntclose = () = ($before =~ m|^\s* etc. see above for explanations.
-
-                my $before = ($content =~ m|^(.*\n)#?\s*AddModule\s+[^\n]+\n|s)[0];
-                my $cntopen = () = ($before =~ m|^\s*<[^/].*$|mg);
-                my $cntclose = () = ($before =~ m|^\s*$cfgbase.conf.new")) {
-                print FP $content;
-                close(FP);
-                if ($^O ne "MSWin32") {
-                    push(@cmds, "cp $cfgbase.conf $cfgbase.conf.bak");
-                    push(@cmds, "cp $cfgbase.conf.new $cfgbase.conf");
-                    push(@cmds, "rm $cfgbase.conf.new");
-                } else {
-                    $cfgbase =~ s|/|\\|g;
-                    push(@cmds, "copy \"$cfgbase.conf\" \"$cfgbase.conf.bak\"");
-                    push(@cmds, "copy \"$cfgbase.conf.new\" \"$cfgbase.conf\"");
-                    push(@cmds, "del \"$cfgbase.conf.new\"");
-                }
-            } else {
-                print STDERR "apxs:Error: unable to open configuration file\n";
-            }
-        }
-    }
-
-    #   execute the commands
-    &execute_cmds(@cmds);
-}
-
-##EOF##
-__DATA__
-##
-##  Makefile -- Build procedure for sample %NAME% Apache module
-##  Autogenerated via ``apxs -n %NAME% -g''.
-##
-
-#   the used tools
-APXS=apxs
-APACHECTL=apachectl
-
-#   additional user defines, includes and libraries
-#DEF=-Dmy_define=my_value
-#INC=-Imy/include/dir
-#LIB=-Lmy/lib/dir -lmylib
-
-#   the default target
-all: mod_%NAME%.%DSO_EXT%
-
-#   compile the DSO file
-mod_%NAME%.%DSO_EXT%: mod_%NAME%.c
-	$(APXS) -c $(DEF) $(INC) $(LIB) mod_%NAME%.c
-
-#   install the DSO file into the Apache installation
-#   and activate it in the Apache configuration
-install: all
-	$(APXS) -i -a -n '%NAME%' mod_%NAME%.%DSO_EXT%
-
-#   cleanup
-clean:
-	-rm -f mod_%NAME%.o mod_%NAME%.%DSO_EXT%
-
-#   simple test
-test: reload
-	lynx -mime_header http://localhost/%NAME%
-
-#   reload the module by installing and restarting Apache
-reload: install restart
-
-#   the general Apache start/restart/stop procedures
-start:
-	$(APACHECTL) start
-restart:
-	$(APACHECTL) restart
-stop:
-	$(APACHECTL) stop
-
--=#=-
-/* 
-**  mod_%NAME%.c -- Apache sample %NAME% module
-**  [Autogenerated via ``apxs -n %NAME% -g'']
-**
-**  To play with this sample module, first compile it into a
-**  DSO file and install it into Apache's libexec directory 
-**  by running:
-**
-**    $ apxs -c -i mod_%NAME%.c
-**
-**  Then activate it in Apache's %TARGET%.conf file, for instance
-**  for the URL /%NAME%, as follows:
-**
-**    #   %TARGET%.conf
-**    LoadModule %NAME%_module libexec/mod_%NAME%.%DSO_EXT%
-**    
-**    SetHandler %NAME%
-**    
-**
-**  Then after restarting Apache via
-**
-**    $ apachectl restart
-**
-**  you immediately can request the URL /%NAME and watch for the
-**  output of this module. This can be achieved for instance via:
-**
-**    $ lynx -mime_header http://localhost/%NAME% 
-**
-**  The output should be similar to the following one:
-**
-**    HTTP/1.1 200 OK
-**    Date: Tue, 31 Mar 1998 14:42:22 GMT
-**    Server: Apache/1.3.4 (Unix)
-**    Connection: close
-**    Content-Type: text/html
-**  
-**    The sample page from mod_%NAME%.c
-*/ 
-
-#include "httpd.h"
-#include "http_config.h"
-#include "http_protocol.h"
-#include "ap_config.h"
-
-/* The sample content handler */
-static int %NAME%_handler(request_rec *r)
-{
-    r->content_type = "text/html";      
-    ap_send_http_header(r);
-    if (!r->header_only)
-        ap_rputs("The sample page from mod_%NAME%.c\n", r);
-    return OK;
-}
-
-/* Dispatch list of content handlers */
-static const handler_rec %NAME%_handlers[] = { 
-    { "%NAME%", %NAME%_handler }, 
-    { NULL, NULL }
-};
-
-/* Dispatch list for API hooks */
-module MODULE_VAR_EXPORT %NAME%_module = {
-    STANDARD_MODULE_STUFF, 
-    NULL,                  /* module initializer                  */
-    NULL,                  /* create per-dir    config structures */
-    NULL,                  /* merge  per-dir    config structures */
-    NULL,                  /* create per-server config structures */
-    NULL,                  /* merge  per-server config structures */
-    NULL,                  /* table of config file commands       */
-    %NAME%_handlers,       /* [#8] MIME-typed-dispatched handlers */
-    NULL,                  /* [#1] URI to filename translation    */
-    NULL,                  /* [#4] validate user id from request  */
-    NULL,                  /* [#5] check if the user is ok _here_ */
-    NULL,                  /* [#3] check access by host address   */
-    NULL,                  /* [#6] determine MIME type            */
-    NULL,                  /* [#7] pre-run fixups                 */
-    NULL,                  /* [#9] log a transaction              */
-    NULL,                  /* [#2] header parser                  */
-    NULL,                  /* child_init                          */
-    NULL,                  /* child_exit                          */
-    NULL                   /* [#0] post read-request              */
-#ifdef EAPI
-   ,NULL,                  /* EAPI: add_module                    */
-    NULL,                  /* EAPI: remove_module                 */
-    NULL,                  /* EAPI: rewrite_command               */
-    NULL                   /* EAPI: new_connection                */
-#endif
-};
-
diff --git a/usr.sbin/httpd/src/support/checkgid.c b/usr.sbin/httpd/src/support/checkgid.c
deleted file mode 100644
index 7ed596562db..00000000000
--- a/usr.sbin/httpd/src/support/checkgid.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/*	$OpenBSD: checkgid.c,v 1.4 2008/05/23 12:12:01 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- */
-
-/*
- * Given one or more group identifers on the command line (e.g.,
- * "httpd" or "#-1"), figure out whether they'll be valid for
- * the server to use at run-time.
- *
- * If a groupname isn't found, or we can't setgid() to it, return
- * -1.  If all groups are valid, return 0.
- *
- * This may need to be run as the superuser for the setgid() to
- * succeed; running it as any other user may result in a false
- * negative.
- */
-
-#include 
-
-#include "httpd.h"
-#include "http_conf_globals.h"
-
-int
-main(int argc, char *argv[])
-{
-	int i;
-	int result;
-	gid_t gid;
-	struct group *grent;
-	struct group fake_grent;
-
-	/*
-	* Assume success. :-)
-	*/
-	result = 0;
-	for (i = 1; i < argc; ++i) {
-		char *arg;
-		arg = argv[i];
-
-		/*
-		 * If it's from a 'Group #-1' statement, get the numeric value
-		 * and skip the group lookup stuff.
-		 */
-		if (*arg == '#') {
-			gid = atoi(&arg[1]);
-			fake_grent.gr_gid = gid;
-			grent = &fake_grent;
-		} else
-			grent = getgrnam(arg);
-
-		/*
-		 * A NULL return means no such group was found, so we're done
-		 * with this one.
-		 */
-		if (grent == NULL) {
-			fprintf(stderr, "%s: group '%s' not found\n", argv[0],
-			    arg);
-			result = -1;
-		} else {
-			int check;
-
-			/*
-			 * See if we can switch to the numeric GID we have. If
-			 * so, all well and good; if not, well..
-			 */
-			gid = grent->gr_gid;
-			check = setgid(gid);
-			if (check != 0) {
-				fprintf(stderr, "%s: invalid group '%s'\n",
-				    argv[0], arg);
-				perror(argv[0]);
-				result = -1;
-			}
-		}
-	}
-	/* Worst-case return value. */
-	return result;
-}
diff --git a/usr.sbin/httpd/src/support/dbmmanage b/usr.sbin/httpd/src/support/dbmmanage
deleted file mode 100644
index 2ca1250714d..00000000000
--- a/usr.sbin/httpd/src/support/dbmmanage
+++ /dev/null
@@ -1,356 +0,0 @@
-#!/usr/local/bin/perl
-
-# ====================================================================
-# The Apache Software License, Version 1.1
-#
-# Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-# reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# 3. The end-user documentation included with the redistribution,
-#    if any, must include the following acknowledgment:
-#       "This product includes software developed by the
-#        Apache Software Foundation (http://www.apache.org/)."
-#    Alternately, this acknowledgment may appear in the software itself,
-#    if and wherever such third-party acknowledgments normally appear.
-#
-# 4. The names "Apache" and "Apache Software Foundation" must
-#    not be used to endorse or promote products derived from this
-#    software without prior written permission. For written
-#    permission, please contact apache@apache.org.
-#
-# 5. Products derived from this software may not be called "Apache",
-#    nor may "Apache" appear in their name, without prior written
-#    permission of the Apache Software Foundation.
-#
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-# ====================================================================
-# ====================================================================
-#
-# This software consists of voluntary contributions made by many
-# individuals on behalf of the Apache Software Foundation.  For more
-# information on the Apache Software Foundation, please see
-# .
-#
-# Portions of this software are based upon public domain software
-# originally written at the National Center for Supercomputing Applications,
-# University of Illinois, Urbana-Champaign.
-#
-
-#for more functionality see the HTTPD::UserAdmin module:
-# http://www.perl.com/CPAN/modules/by-module/HTTPD/HTTPD-Tools-x.xx.tar.gz
-#
-# usage: dbmmanage      
-
-package dbmmanage;
-#                               -ldb    -lndbm    -lgdbm    -lsdbm
-BEGIN { @AnyDBM_File::ISA = qw(DB_File NDBM_File GDBM_File SDBM_File) }
-use strict;
-use Fcntl;
-use AnyDBM_File ();
-
-sub usage {
-    my $cmds = join "|", sort keys %dbmc::;
-    die <$command();
-untie %DB;
-
-
-my $x;
-sub genseed {
-    my $psf;
-    if ($not_unix) {
-	srand (time ^ $$ or time ^ ($$ + ($$ << 15)));
-    }
-    else {
-        for (qw(xlwwa -le)) { 
-	    `ps $_ 2>/dev/null`;
-            $psf = $_, last unless $?;
-        }
-        srand (time ^ $$ ^ unpack("%L*", `ps $psf | gzip -f`));
-    }
-    @range = (qw(. /), '0'..'9','a'..'z','A'..'Z');
-    $x = int scalar @range;
-}
-
-sub randchar { 
-    join '', map $range[rand $x], 1..shift||1;
-}
-
-sub saltpw_crypt {
-    genseed() unless @range; 
-    return $newstyle_salt ? 
-	join '', "_", randchar, "a..", randchar(4) :
-        randchar(2);
-}
-
-sub cryptpw_crypt {
-    my ($pw, $salt) = @_;
-    $salt = saltpw_crypt unless $salt;
-    crypt $pw, $salt;
-}
-
-sub saltpw_md5 {
-    genseed() unless @range; 
-    randchar(8);
-}
-
-sub cryptpw_md5 {
-    my($pw, $salt) = @_;
-    $salt = saltpw_md5 unless $salt;
-    Crypt::PasswdMD5::apache_md5_crypt($pw, $salt);
-}
-
-sub cryptpw_sha1 {
-    my($pw, $salt) = @_;
-    '{SHA}' . Digest::SHA1::sha1_base64($pw) . "=";
-}
-
-sub cryptpw {
-    if ($crypt_method eq "md5") {
-        return cryptpw_md5(@_);
-    } elsif ($crypt_method eq "sha1") {
-        return cryptpw_sha1(@_);
-    } elsif ($crypt_method eq "crypt") {
-        return cryptpw_crypt(@_);
-    }
-    @_[0]; # otherwise return plaintext
-}
-
-sub getpass {
-    my $prompt = shift || "Enter password:";
-
-    unless($not_unix) { 
-	open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
-	system "stty -echo;";
-    }
-
-    my($c,$pwd);
-    print STDERR $prompt;
-    while (($c = getc(STDIN)) ne '' and $c ne "\n" and $c ne "\r") {
-	$pwd .= $c;
-    }
-
-    system "stty echo" unless $not_unix;
-    print STDERR "\n";
-    die "Can't use empty password!\n" unless length $pwd;
-    return $pwd;
-}
-
-sub dbmc::update {
-    die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
-    $crypted_pwd = (split /:/, $DB{$key}, 3)[0] if $crypted_pwd eq '.';
-    $groups = (split /:/, $DB{$key}, 3)[1] if !$groups || $groups eq '.';
-    $comment = (split /:/, $DB{$key}, 3)[2] if !$comment || $comment eq '.';
-    if (!$crypted_pwd || $crypted_pwd eq '-') {
-        dbmc->adduser;
-    }
-    else {
-        dbmc->add;
-    }
-}
-
-sub dbmc::add {
-    die "Can't use empty password!\n" unless $crypted_pwd;
-    unless($is_update) {
-	die "Sorry, user `$key' already exists!\n" if $DB{$key};
-    }
-    $groups = '' if $groups eq '-';
-    $comment = '' if $comment eq '-';
-    $groups .= ":" . $comment if $comment;
-    $crypted_pwd .= ":" . $groups if $groups;
-    $DB{$key} = $crypted_pwd;
-    my $action = $is_update ? "updated" : "added";
-    print "User $key $action with password encrypted to $DB{$key} using $crypt_method\n";
-}
-
-sub dbmc::adduser {
-    my $value = getpass "New password:";
-    die "They don't match, sorry.\n" unless getpass("Re-type new password:") eq $value;
-    $crypted_pwd = cryptpw $value;
-    dbmc->add;
-}
-
-sub dbmc::delete {
-    die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
-    delete $DB{$key}, print "`$key' deleted\n";
-}
-
-sub dbmc::view {
-    print $key ? "$key:$DB{$key}\n" : map { "$_:$DB{$_}\n" if $DB{$_} } keys %DB;
-}
-
-sub dbmc::check {
-    die "Sorry, user `$key' doesn't exist!\n" unless $DB{$key};
-    my $chkpass = (split /:/, $DB{$key}, 3)[0];
-    my $testpass = getpass();
-    if (substr($chkpass, 0, 6) eq '$apr1$') {
-        need_md5_crypt;
-        $crypt_method = "md5";
-    } elsif (substr($chkpass, 0, 5) eq '{SHA}') {
-        need_sha1_crypt;
-        $crypt_method = "sha1";
-    } elsif (length($chkpass) == 13 && $chkpass ne $testpass) {
-        $crypt_method = "crypt";
-    } else {
-        $crypt_method = "plain";
-    }
-    print $crypt_method . (cryptpw($testpass, $chkpass) eq $chkpass 
-                           ? " password ok\n" : " password mismatch\n");
-}
-
-sub dbmc::import {
-    while(defined($_ = ) and chomp) {
-	($key,$crypted_pwd,$groups,$comment) = split /:/, $_, 4;
-	dbmc->add;
-    }
-}
-
diff --git a/usr.sbin/httpd/src/support/dbmmanage.1 b/usr.sbin/httpd/src/support/dbmmanage.1
deleted file mode 100644
index 4ed4d947adc..00000000000
--- a/usr.sbin/httpd/src/support/dbmmanage.1
+++ /dev/null
@@ -1,198 +0,0 @@
-.\"	$OpenBSD: dbmmanage.1,v 1.11 2008/06/07 01:59:36 jdixon Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" .
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: June 7 2008 $
-.Dt DBMMANAGE 1
-.Os
-.Sh NAME
-.Nm dbmmanage
-.Nd create and update user authentication files in DBM format
-.Sh SYNOPSIS
-.Nm
-.Ar filename
-.Op Ar command
-.Op Ar username Op Ar encpassword
-.Sh DESCRIPTION
-.Nm
-is used to create and update the DBM format files used to store
-usernames and passwords for basic authentication of HTTP users.
-Resources available from the
-.Xr httpd 8
-Apache web server can be restricted to just the users listed
-in the files created by
-.Nm .
-This program can only be used when the usernames are stored in a DBM file.
-To use a flat-file database see
-.Xr htpasswd 1 .
-.Pp
-This manual page only lists the command line arguments.
-For details of the directives necessary to configure user authentication in
-.Xr httpd 8 ,
-see
-the Apache manual, which can be found in
-.Pa /usr/share/doc/html/httpd/ .
-.Pp
-The options are as follows:
-.Bl -tag -width "encpasswordXX"
-.It Ar command
-This selects the operation to perform:
-.Bl -tag -width "adduserXX"
-.It Ic add
-Add an entry for
-.Ar username
-to
-.Ar filename
-using the encrypted password
-.Ar encpassword .
-.It Ic adduser
-Ask for a password and then add an entry for
-.Ar username
-to
-.Ar filename .
-.It Ic check
-Ask for a password and then check if
-.Ar username
-is in
-.Ar filename
-and if its password matches the specified one.
-.It Ic delete
-Delete the
-.Ar username
-entry from
-.Ar filename .
-.It Ic import
-Read username:password entries (one per line) from stdin and add them to
-.Ar filename .
-The password already has to be encrypted.
-.It Ic update
-Same as the
-.Ic adduser
-command, except that it makes sure
-.Ar username
-already exists in
-.Ar filename .
-.It Ic view
-Just display the complete contents of the DBM file.
-.El
-.It Ar encpassword
-The password to be encrypted.
-.It Ar filename
-The filename of the DBM format file.
-Usually without the extension .db, .pag, or .dir.
-.It Ar username
-The user for which the update operation is performed.
-.El
-.Sh SEE ALSO
-.Xr htdigest 1 ,
-.Xr htpasswd 1 ,
-.Xr httpd 8
-.Sh BUGS
-One should be aware that there are a number of different DBM file
-formats in existence, and with all likelihood, libraries for more than
-one format may exist on your system.
-The three primary examples are NDBM, the GNU project's GDBM,
-and Berkeley DB 2.
-Unfortunately, all these libraries use different file formats,
-and you must make sure that the file format used by
-.Ar filename
-is the same format that
-.Nm
-expects to see.
-.Nm
-currently has no way of determining what type of DBM file it is
-looking at.
-If used against the wrong format,
-.Nm
-will simply return nothing, or may create a different DBM file with a
-different name, or at worst, it may corrupt the DBM file if you were
-attempting to write to it.
-.Pp
-.Nm
-has a list of DBM format preferences, defined by the
-.Dq @AnyDBM::ISA
-array near the beginning of the program.
-Since we prefer the Berkeley DB 2 file format, the order in which
-.Nm
-will look for system libraries is Berkeley DB 2, then NDBM, and then GDBM.
-The first library found will be the library
-.Nm
-will attempt to use for all DBM file transactions.
-This ordering is slightly different than the standard
-.Dq @AnyDBM::ISA
-ordering in
-.Xr perl 1 ,
-as well as the ordering used by the simple
-.Fn dbmopen
-call in perl,
-so if you use any other utilities to manage your DBM files,
-they must also follow this preference ordering.
-Similar care must be taken if using programs in other languages,
-like C,
-to access these files.
-.Pp
-.Xr httpd 8 Ns 's
-.Pa mod_auth_db.c
-module corresponds to the Berkeley DB 2 library, while
-.Pa mod_auth_dbm.c
-corresponds to the NDBM library.
-Also, one can usually use the
-.Xr file 1
-program supplied with most
-.Ux
-systems to see what format a DBM file is in.
diff --git a/usr.sbin/httpd/src/support/htdigest.1 b/usr.sbin/httpd/src/support/htdigest.1
deleted file mode 100644
index cd2b519d258..00000000000
--- a/usr.sbin/httpd/src/support/htdigest.1
+++ /dev/null
@@ -1,120 +0,0 @@
-.\"	$OpenBSD: htdigest.1,v 1.10 2008/06/07 01:59:36 jdixon Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" .
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: June 7 2008 $
-.Dt HTDIGEST 1
-.Os
-.Sh NAME
-.Nm htdigest
-.Nd create and update user authentication files
-.Sh SYNOPSIS
-.Nm
-.Op Fl c
-.Ar passwordfile
-.Ar realm
-.Ar username
-.Sh DESCRIPTION
-.Nm
-is used to create and update the flat-files used to store
-usernames, realms, and passwords for digest authentication of HTTP users.
-Resources available from the
-.Xr httpd 8
-Apache web server can be restricted to just the users listed
-in the files created by
-.Nm .
-.Pp
-This manual page only lists the command line arguments.
-For details of the directives necessary to
-configure digest authentication in
-.Xr httpd 8 ,
-see the Apache manual, which can be found at
-.Pa /usr/share/doc/html/httpd/ .
-.Pp
-The options are as follows:
-.Bl -tag -width "passwordfileXX"
-.It Fl c
-Create the
-.Ar passwordfile .
-If
-.Ar passwordfile
-already exists,
-it is deleted first.
-.It Ar passwordfile
-Name of the file to contain the username, realm, and password.
-If
-.Fl c
-is specified,
-this file is created if it does not already exist,
-or deleted and recreated if it does exist.
-.It Ar realm
-The realm name to which the username belongs.
-.It Ar username
-The username to create or update in
-.Ar passwordfile .
-If
-.Ar username
-does not exist in this file,
-an entry is added.
-If it does exist,
-the password is changed.
-.El
-.Sh SEE ALSO
-.Xr dbmmanage 1 ,
-.Xr htpasswd 1 ,
-.Xr httpd 8
diff --git a/usr.sbin/httpd/src/support/htdigest.c b/usr.sbin/httpd/src/support/htdigest.c
deleted file mode 100644
index 9fc243a8309..00000000000
--- a/usr.sbin/httpd/src/support/htdigest.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/*	$OpenBSD: htdigest.c,v 1.13 2012/03/04 04:05:15 fgsch Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-/******************************************************************************
- ******************************************************************************
- * NOTE! This program is not safe as a setuid executable!  Do not make it
- * setuid!
- ******************************************************************************
- *****************************************************************************/
-/*
- * htdigest.c: simple program for manipulating digest passwd file for Apache
- *
- * by Alexei Kosut, based on htpasswd.c, by Rob McCool
- */
-
-#include 
-#include 
-
-#include "ap_config.h"
-#include "ap.h"
-#include "ap_md5.h"
-
-#define LF 10
-#define CR 13
-
-#define MAX_STRING_LEN 256
-
-#define INTR_MSG "\nInterrupted.\n"
-
-static char tn[MAX_STRING_LEN];
-
-static void
-getword(char *word, char *line, char stop)
-{
-	int x = 0, y;
-
-	for (x = 0; ((line[x]) && (line[x] != stop)); x++)
-		word[x] = line[x];
-
-	word[x] = '\0';
-	if (line[x])
-		++x;
-	y = 0;
-
-	while ((line[y++] = line[x++]));
-}
-
-static int
-get_line(char *s, int n, FILE *f)
-{
-	int i = 0;
-
-	while (1) {
-		s[i] = (char) fgetc(f);
-
-		if (s[i] == CR)
-			s[i] = fgetc(f);
-
-		if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) {
-			s[i] = '\0';
-			return (feof(f) ? 1 : 0);
-		}
-		++i;
-	}
-}
-
-static void
-putline(FILE *f, char *l)
-{
-	int x;
-
-	for (x = 0; l[x]; x++)
-		fputc(l[x], f);
-	fputc('\n', f);
-}
-
-
-static void
-add_password(char *user, char *realm, FILE *f)
-{
-	char *pw;
-	AP_MD5_CTX context;
-	unsigned char digest[16];
-	char string[MAX_STRING_LEN];
-	char pwin[MAX_STRING_LEN];
-	char pwv[MAX_STRING_LEN];
-	unsigned int i;
-
-	if (ap_getpass("New password: ", pwin, sizeof(pwin)) != 0) {
-		fprintf(stderr, "password too long");
-		exit(5);
-	}
-	ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
-	if (strcmp(pwin, pwv) != 0) {
-		fprintf(stderr, "They don't match, sorry.\n");
-		if (tn[0] != '\0')
-			unlink(tn);
-
-		exit(1);
-	}
-	pw = pwin;
-	fprintf(f, "%s:%s:", user, realm);
-
-	/* Do MD5 stuff */
-	snprintf(string, sizeof(string), "%s:%s:%s", user, realm, pw);
-
-	ap_MD5Init(&context);
-	ap_MD5Update(&context, (unsigned char *) string, strlen(string));
-	ap_MD5Final(digest, &context);
-
-	for (i = 0; i < 16; i++)
-		fprintf(f, "%02x", digest[i]);
-
-	fprintf(f, "\n");
-}
-
-static void
-usage(void)
-{
-	fprintf(stderr, "Usage: htdigest [-c] passwordfile realm username\n");
-	fprintf(stderr, "The -c flag creates a new file.\n");
-	exit(1);
-}
-
-static void
-interrupted(void)
-{
-	write(STDERR_FILENO, INTR_MSG, sizeof(INTR_MSG) - 1);
-	if (tn[0] != '\0')
-		unlink(tn);
-	_exit(1);
-}
-
-
-
-int main(int argc, char *argv[])
-{
-    FILE *tfp, *f;
-    char user[MAX_STRING_LEN];
-    char realm[MAX_STRING_LEN];
-    char line[MAX_STRING_LEN];
-    char l[MAX_STRING_LEN];
-    char w[MAX_STRING_LEN];
-    char x[MAX_STRING_LEN];
-    char command[MAX_STRING_LEN];
-    int found;
-    int tfd;
-
-    signal(SIGINT, (void (*)(int)) interrupted);
-    if (argc == 5) {
-	if (strcmp(argv[1], "-c"))
-	    usage();
-	if (!(tfp = fopen(argv[2], "w"))) {
-	    fprintf(stderr, "Could not open passwd file %s for writing.\n",
-		    argv[2]);
-	    perror("fopen");
-	    exit(1);
-	}
-	printf("Adding password for %s in realm %s.\n", argv[4], argv[3]);
-	add_password(argv[4], argv[3], tfp);
-	fclose(tfp);
-	exit(0);
-    }
-    else if (argc != 4)
-	usage();
-
-    strlcpy(tn, "/tmp/htdigest-XXXXXXXXXX", sizeof(tn));
-    tfd = mkstemp(tn);
-    if (tfd == -1 || (tfp = fdopen(tfd, "w")) == NULL) {
-	fprintf(stderr, "Could not create temp file.\n");
-	exit(1);
-    }
-
-    if (!(f = fopen(argv[1], "r"))) {
-	fprintf(stderr,
-		"Could not open passwd file %s for reading.\n", argv[1]);
-	fprintf(stderr, "Use -c option to create new one.\n");
-	exit(1);
-    }
-    ap_cpystrn(user, argv[3], sizeof(user));
-    ap_cpystrn(realm, argv[2], sizeof(realm));
-
-    found = 0;
-    while (!(get_line(line, MAX_STRING_LEN, f))) {
-	if (found || (line[0] == '#') || (!line[0])) {
-	    putline(tfp, line);
-	    continue;
-	}
-	strlcpy(l, line, sizeof(l));
-	getword(w, l, ':');
-	getword(x, l, ':');
-	if (strcmp(user, w) || strcmp(realm, x)) {
-	    putline(tfp, line);
-	    continue;
-	}
-	else {
-	    printf("Changing password for user %s in realm %s\n", user, realm);
-	    add_password(user, realm, tfp);
-	    found = 1;
-	}
-    }
-    if (!found) {
-	printf("Adding user %s in realm %s\n", user, realm);
-	add_password(user, realm, tfp);
-    }   
-    fclose(f);
-    fclose(tfp);
-    snprintf(command, sizeof(command), "cp %s %s", tn, argv[1]);
-    system(command);
-    unlink(tn);
-    return 0;
-}
diff --git a/usr.sbin/httpd/src/support/htpasswd.1 b/usr.sbin/httpd/src/support/htpasswd.1
deleted file mode 100644
index 663de03d237..00000000000
--- a/usr.sbin/httpd/src/support/htpasswd.1
+++ /dev/null
@@ -1,292 +0,0 @@
-.\"	$OpenBSD: htpasswd.1,v 1.17 2010/09/03 11:22:36 jmc Exp $
-.\"
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" .
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: September 3 2010 $
-.Dt HTPASSWD 1
-.Os
-.Sh NAME
-.Nm htpasswd
-.Nd create and update user authentication files
-.Sh SYNOPSIS
-.Nm
-.Op Fl c
-.Oo
-.Fl d | l | m | p | s
-.Oc
-.Ar passwordfile
-.Ar username
-.Nm
-.Fl b
-.Op Fl c
-.Oo
-.Fl d | l | m | p | s
-.Oc
-.Ar passwordfile
-.Ar username
-.Ar password
-.Nm
-.Fl n
-.Oo
-.Fl d | l | m | p | s
-.Oc
-.Ar username
-.Nm
-.Fl bn
-.Oo
-.Fl d | l | m | p | s
-.Oc
-.Ar username
-.Ar password
-.Sh DESCRIPTION
-.Nm
-is used to create and update the flat-files used to store
-usernames and password for basic authentication of HTTP users.
-If
-.Nm
-cannot access a file, such as not being able to write to the output
-file or not being able to read the file in order to update it,
-it returns an error status and makes no changes.
-.Pp
-Resources available from the
-.Xr httpd 8
-Apache web server can be restricted to just the users listed
-in the files created by
-.Nm .
-This program can only manage usernames and passwords
-stored in a flat-file.
-It can encrypt and display password information
-for use in other types of data stores, though.
-To use a DBM database see
-.Xr dbmmanage 1 .
-.Pp
-.Nm
-encrypts passwords using either a version of MD5 modified for Apache,
-the system's
-.Xr crypt 3
-routine
-(the default),
-or SHA encryption.
-Files managed by
-.Nm
-may contain all types of passwords e.g.\&
-some user records may have MD5-encrypted passwords
-while others in the same file have passwords encrypted with
-.Xr crypt 3 .
-.Pp
-This manual page only lists the command line arguments.
-For details of the directives necessary to configure user authentication in
-.Xr httpd 8 ,
-see
-the Apache manual, which can be found in
-.Pa /usr/share/doc/html/httpd/ .
-.Pp
-The options are as follows:
-.Bl -tag -width "passwordfileXX"
-.It Fl b
-Use batch mode
-i.e. get the password from the command line rather than prompting for it.
-.Bf -symbolic
-This option should not be used,
-since the password is clearly visible on the command line.
-.Ef
-.It Fl c
-Create the
-.Ar passwordfile .
-If
-.Ar passwordfile
-already exists,
-it is rewritten and truncated.
-This option cannot be combined with the
-.Fl n
-option.
-.It Fl d
-Use DES-based
-.Xr crypt 3
-encryption for passwords.
-.It Fl l
-Use Blowfish-based
-.Xr crypt 3
-encryption for passwords.
-This is the default.
-.It Fl m
-Use Apache's modified MD5 algorithm for passwords.
-Passwords encrypted with this algorithm are transportable to any platform
-(Windows, Unix, BeOS, et cetera)
-running Apache 1.3.9 or later.
-.It Fl n
-Display the results on standard output rather than updating a file.
-This is useful for generating password records acceptable to Apache
-for inclusion in non-text data stores.
-This option changes the syntax of the command line,
-since the
-.Ar passwdfile
-argument
-(usually the first one)
-is omitted.
-It cannot be combined with the
-.Fl c
-option.
-.It Fl p
-Use plaintext passwords.
-Although
-.Nm
-supports the creation of plaintext passwords,
-.Xr httpd 8
-will not accept plaintext passwords on
-.Ox .
-.It Fl s
-Use SHA encryption for passwords.
-Facilitates migration from/to Netscape servers using the
-LDAP Directory Interchange Format (LDIF).
-.It Ar password
-The plaintext password to be encrypted and stored in the file.
-Only used with the
-.Fl b
-flag.
-.It Ar passwordfile
-Name of the file to contain the username and password.
-If
-.Fl c
-is given, this file is created if it does not already exist,
-or rewritten and truncated if it does exist.
-.It Ar username
-The
-.Ar username
-to create or update in
-.Ar passwordfile .
-If
-.Ar username
-does not exist in this file,
-an entry is added.
-If it does exist,
-the password is changed.
-.El
-.Pp
-Web password files such as those managed by
-.Nm
-should
-.Em not
-be within the Web server's URI space \(em that is,
-although the password files
-.Em must
-be contained within
-.Dq ServerRoot ,
-they should not be located in
-.Dq DocumentRoot .
-.Sh EXIT STATUS
-The exit codes returned are:
-.Pp
-.Bl -tag -width "XXX" -offset indent -compact
-.It 0
-operation completed successfully
-.It 1
-problem accessing files
-.It 2
-syntax problem with the command line
-.It 3
-the password was entered interactively
-and the verification entry didn't match
-.It 4
-the operation was interrupted
-.It 5
-a value is too long
-(username, filename, password, or final computed record)
-.It 6
-the username contains illegal characters
-(see the
-.Sx CAVEATS
-section, below)
-.El
-.Sh EXAMPLES
-Add or modify the password for user
-.Dq jsmith .
-The user is prompted for the password.
-If the file does not exist,
-.Nm
-will do nothing except return an error:
-.Pp
-.Dl # htpasswd /var/www/conf/.htpasswd-users jsmith
-.Pp
-Create a new file and store a record in it for user
-.Dq jane ,
-using the MD5 algorithm.
-The user is prompted for the password.
-If the file exists and cannot be read, or cannot be written,
-it is not altered and
-.Nm
-will display a message and return an error status:
-.Pp
-.Dl # htpasswd -cm /var/www/conf/.htpasswd jane
-.Sh SEE ALSO
-.Xr dbmmanage 1 ,
-.Xr htdigest 1 ,
-.Xr crypt 3 ,
-.Xr httpd 8
-.Pp
-The scripts in
-.Pa support/SHA1/
-which come with the distribution.
-.Sh CAVEATS
-The MD5 algorithm used by
-.Nm
-is specific to Apache software:
-passwords encrypted using it will not be usable with other Web servers.
-.Pp
-Usernames are limited to 255 bytes and may not include the character
-.Sq :\& .
diff --git a/usr.sbin/httpd/src/support/htpasswd.c b/usr.sbin/httpd/src/support/htpasswd.c
deleted file mode 100644
index 6d0ca084f17..00000000000
--- a/usr.sbin/httpd/src/support/htpasswd.c
+++ /dev/null
@@ -1,567 +0,0 @@
-/*	$OpenBSD: htpasswd.c,v 1.19 2012/03/04 04:05:15 fgsch Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/******************************************************************************
- ******************************************************************************
- * NOTE! This program is not safe as a setuid executable!  Do not make it
- * setuid!
- ******************************************************************************
- *****************************************************************************/
-/*
- * htpasswd.c: simple program for manipulating password file for
- * the Apache HTTP server
- * 
- * Originally by Rob McCool
- *
- * Exit values:
- *  0: Success
- *  1: Failure; file access/permission problem
- *  2: Failure; command line syntax problem (usage message issued)
- *  3: Failure; password verification failure
- *  4: Failure; operation interrupted (such as with CTRL/C)
- *  5: Failure; buffer would overflow (username, filename, or computed
- *     record too long)
- *  6: Failure; username contains illegal or reserved characters
- */
-
-#include "ap_config.h"
-#include 
-#include 
-#include 
-#include "ap.h"
-#include "ap_md5.h"
-#include "ap_sha1.h"
-
-#define LF 10
-#define CR 13
-
-#define MAX_STRING_LEN 256
-#define ALG_PLAIN 0
-#define ALG_CRYPT 1
-#define ALG_APMD5 2
-#define ALG_APSHA 3 
-#define ALG_APBLF 4
-
-#define INTR_MSG "\nInterrupted.\n"
-
-#define ERR_FILEPERM 1
-#define ERR_SYNTAX 2
-#define ERR_PWMISMATCH 3
-#define ERR_INTERRUPTED 4
-#define ERR_OVERFLOW 5
-#define ERR_BADUSER 6
-
-/*
- * This needs to be declared statically so the signal handler can
- * access it.
- */
-static char tempfilename[MAX_STRING_LEN];
-/*
- * If our platform knows about the tmpnam() external buffer size, create
- * a buffer to pass in.  This is needed in a threaded environment, or
- * one that thinks it is (like HP-UX).
- */
-#ifdef L_tmpnam
-static char tname_buf[L_tmpnam];
-#else
-static char *tname_buf = NULL;
-#endif
-
-/*
- * Get a line of input from the user, not including any terminating
- * newline.
- */
-static int
-get_line(char *s, int n, FILE *f)
-{
-	int i = 0;
-
-	while (1) {
-		s[i] = (char) fgetc(f);
-
-		if (s[i] == CR)
-			s[i] = fgetc(f);
-
-		if ((s[i] == 0x4) || (s[i] == LF) || (i == (n - 1))) {
-			s[i] = '\0';
-			return (feof(f) ? 1 : 0);
-		}
-		++i;
-	}
-}
-
-static void
-putline(FILE *f, char *l)
-{
-	int x;
-
-	for (x = 0; l[x]; x++)
-		fputc(l[x], f);
-
-	fputc('\n', f);
-}
-
-/*
- * Make a password record from the given information.  A zero return
- * indicates success; failure means that the output buffer contains an
- * error message instead.
- */
-static int
-mkrecord(char *user, char *record, size_t rlen, char *passwd, int alg)
-{
-	char *pw;
-	char cpw[120];
-	char pwin[MAX_STRING_LEN];
-	char pwv[MAX_STRING_LEN];
-	char salt[33];
-
-	if (passwd != NULL)
-		pw = passwd;
-	else {
-		if (ap_getpass("New password: ", pwin, sizeof(pwin)) != 0) {
-			ap_snprintf(record, (rlen - 1), "password too long "
-			    "(>%lu)", (unsigned long)(sizeof(pwin) - 1));
-			return ERR_OVERFLOW;
-		}
-		ap_getpass("Re-type new password: ", pwv, sizeof(pwv));
-		if (strcmp(pwin, pwv) != 0) {
-			ap_cpystrn(record, "password verification error",
-			    (rlen - 1));
-			return ERR_PWMISMATCH;
-		}
-		pw = pwin;
-		memset(pwv, '\0', sizeof(pwin));
-	}
-	switch (alg) {
-	case ALG_APSHA:
-		/* XXX cpw >= 28 + strlen(sha1) chars - fixed len SHA */
-		ap_sha1_base64(pw, strlen(pw), cpw);
-		break;
-	case ALG_APMD5: 
-		ap_to64(&salt[0], arc4random(), 8);
-		salt[8] = '\0';
-
-		ap_MD5Encode((const unsigned char *)pw,
-		    (const unsigned char *)salt, cpw, sizeof(cpw));
-		break;
-	case ALG_PLAIN:
-		/* XXX this len limitation is not in sync with any HTTPd len. */
-		ap_cpystrn(cpw ,pw, sizeof(cpw));
-		break;
-	case ALG_CRYPT:
-		ap_to64(&salt[0], arc4random(), 8);
-		salt[8] = '\0';
-
-		ap_cpystrn(cpw, (char *)crypt(pw, salt), sizeof(cpw) - 1);
-		break;
-	case ALG_APBLF:
-	default:
-		strlcpy(salt, bcrypt_gensalt(6), sizeof(salt));
-		strlcpy(cpw, (char *)crypt(pw, salt), sizeof(cpw));
-		break;
-	}
-	memset(pw, '\0', strlen(pw));
-
-	/*
-	 * Check to see if the buffer is large enough to hold the username,
-	 * hash, and delimiters.
-	 */
-	if ((strlen(user) + 1 + strlen(cpw)) > (rlen - 1)) {
-		ap_cpystrn(record, "resultant record too long", (rlen - 1));
-		return ERR_OVERFLOW;
-	}
-	snprintf(record, rlen, "%s:%s", user, cpw);
-	return 0;
-}
-
-static int
-usage(void)
-{
-	fprintf(stderr, "Usage:\thtpasswd [-c] [-d | -l | -m | -p | -s ] "
-	    "passwordfile username\n");
-	fprintf(stderr, "\thtpasswd -b [-c] [-d | -l | -m | -p | -s] "
-	    "passwordfile username password\n");
-	fprintf(stderr, "\thtpasswd -n [-d | -l | -m | -p | -s] username\n");
-	fprintf(stderr, "\thtpasswd -bn [-d | -l | -m | -p | -s] username "
-	    "password\n");
-	return ERR_SYNTAX;
-}
-
-static void
-interrupted(void)
-{
-	write(STDERR_FILENO, INTR_MSG, sizeof(INTR_MSG) - 1);
-	if (tempfilename[0] != '\0')
-		unlink(tempfilename);
-
-	_exit(ERR_INTERRUPTED);
-}
-
-/*
- * Check to see if the specified file can be opened for the given
- * access.
- */
-static int
-accessible(char *fname, char *mode)
-{
-	FILE *s;
-
-	s = fopen(fname, mode);
-	if (s == NULL)
-		return 0;
-
-	fclose(s);
-	return 1;
-}
-
-/* Return true if a file is readable. */
-static int
-readable(char *fname)
-{
-	return accessible(fname, "r");
-}
-
-/* Return true if the specified file can be opened for write access. */
-static int
-writable(char *fname)
-{
-	return accessible(fname, "a");
-}
-
-/* Return true if the named file exists, regardless of permissions. */
-static int
-exists(char *fname)
-{
-	struct stat sbuf;
-	int check;
-
-	check = stat(fname, &sbuf);
-	return ((check == -1) && (errno == ENOENT)) ? 0 : 1;
-}
-
-/*
- * Copy from the current position of one file to the current position
- * of another.
- */
-static void
-copy_file(FILE *target, FILE *source)
-{
-	static char line[MAX_STRING_LEN];
-
-	while (fgets(line, sizeof(line), source) != NULL)
-		fputs(line, target);
-}
-
-/*
- * Let's do it.  We end up doing a lot of file opening and closing,
- * but what do we care?  This application isn't run constantly.
- */
-int
-main(int argc, char *argv[])
-{
-	FILE *ftemp = NULL;
-	FILE *fpw = NULL;
-	char user[MAX_STRING_LEN];
-	char password[MAX_STRING_LEN];
-	char record[MAX_STRING_LEN];
-	char line[MAX_STRING_LEN];
-	char pwfilename[MAX_STRING_LEN];
-	char *arg;
-	int found = 0;
-	int alg = ALG_APBLF;
-	int newfile = 0;
-	int nofile = 0;
-	int noninteractive = 0;
-	int i;
-	int args_left = 2;
-	int tfd;
-	int ch;
-
-	signal(SIGINT, (void (*)(int)) interrupted);
-
-	/*
-	 * Preliminary check to make sure they provided at least
-	 * three arguments, we'll do better argument checking as 
-	 * we parse the command line.
-	 */
-	if (argc < 3)
-		return usage();
-
-	/*
-	* Go through the argument list and pick out any options.  They
-	* have to precede any other arguments.
-	*/
-	while ((ch = getopt(argc, argv, "bcdlnmsp")) != -1) {
-		switch (ch) {
-		case 'b':
-			noninteractive++;
-			args_left++;
-			break;
-		case 'c':
-			newfile++;
-			break;
-		case 'd':
-			alg = ALG_CRYPT;
-			break;
-		case 'l':
-			alg = ALG_APBLF;
-			break;
-		case 'n':
-			nofile++;
-			args_left--;
-			break;
-		case 'm':
-			alg = ALG_APMD5;
-			break;
-		case 's':
-			alg = ALG_APSHA;
-			break;
-		case 'p':
-			alg = ALG_PLAIN;
-			break;
-		default:
-			usage();
-		}
-	}
-	argc -= optind;
-	argv += optind;
-
-	i = argc - args_left;
-
-	/*
-	 * Make sure we still have exactly the right number of arguments left
-	 * (the filename, the username, and possibly the password if -b was
-	 * specified).
-	 */
-	if (argc != args_left)
-		return usage();
-
-	if (newfile && nofile) {
-		fprintf(stderr, "%s: -c and -n options conflict\n", argv[0]);
-		return ERR_SYNTAX;
-	}
-	if (nofile)
-		i--;
-	else {
-		if (strlen(argv[i]) > (sizeof(pwfilename) - 1)) {
-			fprintf(stderr, "%s: filename too long\n", argv[0]);
-			return ERR_OVERFLOW;
-		}
-		strlcpy(pwfilename, argv[i], sizeof(pwfilename));
-		if (strlen(argv[i + 1]) > (sizeof(user) - 1)) {
-			fprintf(stderr, "%s: username too long (>%lu)\n",
-			    argv[0], (unsigned long)(sizeof(user) - 1));
-			return ERR_OVERFLOW;
-		}
-	}
-	strlcpy(user, argv[i + 1], sizeof(user));
-	if ((arg = strchr(user, ':')) != NULL) {
-		fprintf(stderr, "%s: username contains illegal character '%c'"
-		    "\n", argv[0], *arg);
-		return ERR_BADUSER;
-	}
-	if (noninteractive) {
-		if (strlen(argv[i + 2]) > (sizeof(password) - 1)) {
-			fprintf(stderr, "%s: password too long (>%lu)\n",
-			    argv[0], (unsigned long)(sizeof(password) - 1));
-			return ERR_OVERFLOW;
-		}
-		strlcpy(password, argv[i + 2], sizeof(password));
-	}
-
-	if (alg == ALG_PLAIN) {
-		fprintf(stderr,"Warning: storing passwords as plain text might "
-		    "just not work on this platform.\n");
-	}
-	if (!nofile) {
-		/*
-		 * Only do the file checks if we're supposed to frob it.
-		 *
-		 * Verify that the file exists if -c was omitted.  We give a
-		 * special message if it doesn't.
-		 */
-		if ((!newfile) && (!exists(pwfilename))) {
-			fprintf(stderr, "%s: cannot modify file %s; use '-c' "
-			    "to create it\n", argv[0], pwfilename);
-			perror("fopen");
-			exit(ERR_FILEPERM);
-		}
-		/*
-		 * Verify that we can read the existing file in the case of an
-		 * update to it (rather than creation of a new one).
-		 */
-		if ((! newfile) && (! readable(pwfilename))) {
-			fprintf(stderr, "%s: cannot open file %s for read "
-			    "access\n", argv[0], pwfilename);
-			perror("fopen");
-			exit(ERR_FILEPERM);
-		}
-		/*
-		 * Now check to see if we can preserve an existing file in case
-		 * of password verification errors on a -c operation.
-		 */
-		if (newfile && exists(pwfilename) && (! readable(pwfilename))) {
-			fprintf(stderr, "%s: cannot open file %s for read "
-			    "access\n%s: existing auth data would be lost on "
-			    "password mismatch", argv[0], pwfilename, argv[0]);
-			perror("fopen");
-			exit(ERR_FILEPERM);
-		}
-		/* Now verify that the file is writable! */
-		if (! writable(pwfilename)) {
-			fprintf(stderr, "%s: cannot open file %s for write "
-			    "access\n",	argv[0], pwfilename);
-			perror("fopen");
-			exit(ERR_FILEPERM);
-		}
-	}
-
-	/*
-	 * All the file access checks (if any) have been made.  Time to go to
-	 * work; try to create the record for the username in question.  If
-	 * that fails, there's no need to waste any time on file manipulations.
-	 * Any error message text is returned in the record buffer, since
-	 * the mkrecord() routine doesn't have access to argv[].
-	 */
-	i = mkrecord(user, record, sizeof(record) - 1,
-	    noninteractive ? password : NULL, alg);
-	if (i != 0) {
-		fprintf(stderr, "%s: %s\n", argv[0], record);
-		exit(i);
-	}
-	if (nofile) {
-		printf("%s\n", record);
-		exit(0);
-	}
-
-	/*
-	 * We can access the files the right way, and we have a record
-	 * to add or update.  Let's do it..
-	 */
-	errno = 0;
-	strlcpy(tempfilename, "/tmp/htpasswd-XXXXXXXXXX", sizeof(tempfilename));
-	tfd = mkstemp(tempfilename);
-	if (tfd == -1 || (ftemp = fdopen(tfd, "w+")) == NULL) {
-		fprintf(stderr, "%s: unable to create temporary file '%s'\n",
-		    argv[0], tempfilename);
-		perror("open");
-		exit(ERR_FILEPERM);
-	}
-	/*
-	 * If we're not creating a new file, copy records from the existing
-	 * one to the temporary file until we find the specified user.
-	 */
-	if (! newfile) {
-		char scratch[MAX_STRING_LEN];
-
-		fpw = fopen(pwfilename, "r");
-		while (! (get_line(line, sizeof(line), fpw))) {
-			char *colon;
-
-			if ((line[0] == '#') || (line[0] == '\0')) {
-				putline(ftemp, line);
-				continue;
-			}
-			strlcpy(scratch, line, sizeof(scratch));
-			/* See if this is our user. */
-			colon = strchr(scratch, ':');
-			if (colon != NULL)
-				*colon = '\0';
-
-			if (strcmp(user, scratch) != 0) {
-				putline(ftemp, line);
-				continue;
-			}
-			found++;
-			break;
-		}
-	}
-	if (found)
-		fprintf(stderr, "Updating ");
-	else
-		fprintf(stderr, "Adding ");
-	fprintf(stderr, "password for user %s\n", user);
-	/*
-	 * Now add the user record we created.
-	 */
-	putline(ftemp, record);
-	/*
-	 * If we're updating an existing file, there may be additional
-	 * records beyond the one we're updating, so copy them.
-	 */
-	if (! newfile) {
-		copy_file(ftemp, fpw);
-		fclose(fpw);
-	}
-	/*
-	 * The temporary file now contains the information that should be
-	 * in the actual password file.  Close the open files, re-open them
-	 * in the appropriate mode, and copy them file to the real one.
-	 */
-	fclose(ftemp);
-	fpw = fopen(pwfilename, "w+");
-	ftemp = fopen(tempfilename, "r");
-	copy_file(fpw, ftemp);
-	fclose(fpw);
-	fclose(ftemp);
-	unlink(tempfilename);
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/support/httpd.exp b/usr.sbin/httpd/src/support/httpd.exp
deleted file mode 100644
index 50ea5a5b7ce..00000000000
--- a/usr.sbin/httpd/src/support/httpd.exp
+++ /dev/null
@@ -1,491 +0,0 @@
-#! .
-ap_MD5Encode
-ap_MD5Final
-ap_MD5Init
-ap_MD5Update
-ap_SHA1Final
-ap_SHA1Init
-ap_SHA1Update_binary
-ap_SHA1Update
-ap_add_cgi_vars
-ap_add_common_vars
-ap_add_file_conf
-ap_add_module
-ap_add_named_module
-ap_add_per_dir_conf
-ap_add_per_url_conf
-ap_add_version_component
-ap_allow_options
-ap_allow_overrides
-ap_append_arrays
-ap_array_cat
-ap_array_pstrcat
-ap_auth_name
-ap_auth_type
-ap_base64encode
-ap_base64encode_binary
-ap_base64encode_len
-ap_base64decode
-ap_base64decode_binary
-ap_base64decode_len
-ap_basic_http_header
-ap_bclose
-ap_bcreate
-ap_bfilbuf
-ap_bfileno
-ap_bflsbuf
-ap_bflush
-ap_bgetopt
-ap_bgets
-ap_bhalfduplex
-ap_bind_address
-ap_block_alarms
-ap_blookc
-ap_bnonblock
-ap_bonerror
-ap_bprintf
-ap_bpushfd
-ap_bputs
-ap_bread
-ap_bsetflag
-ap_bsetopt
-ap_bskiplf
-ap_bspawn_child
-ap_bvputs
-ap_bwrite
-ap_bytes_in_free_blocks
-ap_bytes_in_pool
-ap_call_exec
-ap_can_exec
-ap_cfg_closefile
-ap_cfg_getc
-ap_cfg_getline
-ap_chdir_file
-ap_check_access
-ap_check_auth
-ap_check_cmd_context
-ap_check_user_id
-ap_checkmask
-ap_child_exit_modules
-ap_child_init_modules
-ap_child_terminate
-ap_cleanup_for_exec
-ap_clear_module_list
-ap_clear_pool
-ap_clear_table
-ap_close_piped_log
-ap_configtestonly
-ap_construct_server
-ap_construct_url
-ap_content_type_tolower
-ap_copy_array
-ap_copy_array_hdr
-ap_copy_table
-ap_core_reorder_directories
-ap_coredump_dir
-ap_count_dirs
-ap_cpystrn
-ap_create_environment
-ap_create_per_dir_config
-ap_create_request_config
-ap_custom_response
-ap_daemons_limit
-ap_daemons_max_free
-ap_daemons_min_free
-ap_daemons_to_start
-ap_day_snames
-ap_default_port_for_request
-ap_default_port_for_scheme
-ap_default_type
-ap_destroy_pool
-ap_destroy_sub_req
-ap_die
-ap_discard_request_body
-ap_document_root
-ap_dummy_mutex
-ap_each_byterange
-ap_error_log2stderr
-ap_escape_html
-ap_escape_logitem
-ap_escape_path_segment
-ap_escape_quotes
-ap_escape_shell_cmd
-ap_excess_requests_per_child
-ap_exists_config_define
-ap_exists_scoreboard_image
-ap_extended_status
-ap_field_noparam
-ap_finalize_request_protocol
-ap_finalize_sub_req_protocol
-ap_find_command
-ap_find_command_in_modules
-ap_find_last_token
-ap_find_linked_module
-ap_find_list_item
-ap_find_module_name
-ap_find_path_info
-ap_find_token
-ap_find_types
-ap_fini_vhost_config
-ap_fnmatch
-ap_force_library_loading
-ap_get_basic_auth_pw
-ap_get_chunk_size
-ap_get_client_block
-ap_get_gmtoff
-ap_get_list_item
-ap_get_local_host
-ap_get_remote_host
-ap_get_remote_logname
-ap_get_server_built
-ap_get_server_name
-ap_get_server_port
-ap_get_server_version
-ap_get_time
-ap_get_token
-ap_get_virthost_addr
-ap_getline
-ap_getparents
-ap_getword
-ap_getword_conf
-ap_getword_conf_nc
-ap_getword_nc
-ap_getword_nulls
-ap_getword_nulls_nc
-ap_getword_white
-ap_getword_white_nc
-ap_gm_timestr_822
-ap_gname2id
-ap_group_id
-ap_handle_command
-ap_hard_timeout
-ap_header_parse
-ap_ht_time
-ap_ind
-ap_index_of_response
-ap_init_alloc
-ap_init_modules
-ap_init_vhost_config
-ap_init_virtual_host
-ap_internal_redirect
-ap_internal_redirect_handler
-ap_invoke_handler
-ap_is_directory
-ap_is_fnmatch
-ap_is_initial_req
-ap_is_matchexp
-ap_is_rdirectory
-ap_is_url
-ap_keepalive_timeout
-ap_kill_cleanup
-ap_kill_cleanups_for_fd
-ap_kill_cleanups_for_socket
-ap_kill_timeout
-ap_limit_section
-ap_listenbacklog
-ap_listeners
-ap_lock_fname
-ap_log_assert
-ap_log_error
-ap_log_error_old
-ap_log_pid
-ap_log_printf
-ap_log_reason
-ap_log_rerror
-ap_log_transaction
-ap_log_unixerr
-ap_make_array
-ap_make_dirstr
-ap_make_dirstr_parent
-ap_make_dirstr_prefix
-ap_make_etag
-ap_make_full_path
-ap_make_sub_pool
-ap_make_table
-ap_matches_request_vhost
-ap_max_requests_per_child
-ap_max_cpu_per_child
-ap_max_data_per_child
-ap_max_nofile_per_child
-ap_max_rss_per_child
-ap_max_stack_per_child
-ap_md5
-ap_md5contextTo64
-ap_md5digest
-ap_meets_conditions
-ap_merge_per_dir_configs
-ap_method_number_of
-ap_month_snames
-ap_my_generation
-ap_no2slash
-ap_note_auth_failure
-ap_note_basic_auth_failure
-ap_note_cleanups_for_fd
-ap_note_cleanups_for_file
-ap_note_cleanups_for_socket
-ap_note_digest_auth_failure
-ap_note_subprocess
-ap_null_cleanup
-ap_open_logs
-ap_open_piped_log
-ap_os_escape_path
-ap_os_is_path_absolute
-ap_overlay_tables
-ap_overlap_tables
-ap_palloc
-ap_parseHTTPdate
-ap_parse_hostinfo_components
-ap_parse_htaccess
-ap_parse_uri
-ap_parse_uri_components
-ap_parse_vhost_addrs
-ap_pbase64decode
-ap_pbase64encode
-ap_pcalloc
-ap_pcfg_open_custom
-ap_pcfg_openfile
-ap_pclosedir
-ap_pclosef
-ap_pclosesocket
-ap_pduphostent
-ap_pfclose
-ap_pfdopen
-ap_pfopen
-ap_pgethostbyname
-ap_pid_fname
-ap_popendir
-ap_popenf
-ap_popenf_ex
-ap_pregcomp
-ap_pregfree
-ap_pregsub
-ap_prelinked_modules
-ap_preloaded_modules
-ap_process_request
-ap_process_resource_config
-ap_psignature
-ap_psocket
-ap_psocket_ex
-ap_psprintf
-ap_pstrcat
-ap_pstrdup
-ap_pstrndup
-ap_push_array
-ap_pvsprintf
-ap_rationalize_mtime
-ap_read_config
-ap_read_request
-ap_regerror
-ap_regexec
-ap_register_cleanup
-ap_register_other_child
-ap_remove_module
-ap_remove_spaces
-ap_requires
-ap_reset_timeout
-ap_response_code_string
-ap_restart_time
-ap_rfc1413
-ap_rfc1413_timeout
-ap_rflush
-ap_rind
-ap_rprintf
-ap_rputc
-ap_rputs
-ap_run_cleanup
-ap_run_fixups
-ap_run_post_read_request
-ap_run_sub_req
-ap_rvputs
-ap_rwrite
-ap_satisfies
-ap_scan_script_header_err
-ap_scan_script_header_err_buff
-ap_scan_script_header_err_strs
-ap_scoreboard_fname
-ap_scoreboard_image
-ap_send_error_response
-ap_send_fb
-ap_send_fb_length
-ap_send_fd
-ap_send_fd_length
-ap_send_header_field
-ap_send_http_header
-ap_send_http_options
-ap_send_http_trace
-ap_send_mmap
-ap_send_size
-ap_server_argv0
-ap_server_config_defines
-ap_server_confname
-ap_server_post_read_config
-ap_server_pre_read_config
-ap_server_root
-ap_server_root_relative
-ap_set_byterange
-ap_set_callback_and_alarm
-ap_set_config_vectors
-ap_set_content_length
-ap_set_etag
-ap_set_file_slot
-ap_set_flag_slot
-ap_set_keepalive
-ap_set_last_modified
-ap_set_name_virtual_host
-ap_set_string_slot
-ap_set_string_slot_lower
-ap_set_sub_req_protocol
-ap_setup_client_block
-ap_setup_prelinked_modules
-ap_sha1_base64
-ap_should_client_block
-ap_show_directives
-ap_show_modules
-ap_signal
-ap_single_module_configure
-ap_size_list_item
-ap_slack
-ap_snprintf
-ap_soft_timeout
-ap_some_auth_required
-ap_spawn_child
-ap_srm_command_loop
-ap_standalone
-ap_start_restart
-ap_start_shutdown
-ap_str_tolower
-ap_strcasecmp_match
-ap_strcasestr
-ap_strcmp_match
-ap_stripprefix
-ap_strtol
-ap_sub_req_lookup_file
-ap_sub_req_lookup_uri
-ap_sub_req_method_uri
-ap_suexec_enabled
-ap_sys_siglist
-ap_table_add
-ap_table_addn
-ap_table_do
-ap_table_get
-ap_table_merge
-ap_table_mergen
-ap_table_set
-ap_table_setn
-ap_table_unset
-ap_threads_per_child
-ap_tm2sec
-ap_to64
-ap_translate_name
-ap_uname2id
-ap_unblock_alarms
-ap_unescape_url
-ap_unparse_uri_components
-ap_unregister_other_child
-ap_update_child_status
-ap_update_mtime
-ap_update_vhost_from_headers
-ap_update_vhost_given_ip
-ap_user_id
-ap_user_name
-ap_util_init
-ap_util_uri_init
-ap_uudecode
-ap_uuencode
-ap_validate_password
-ap_vbprintf
-ap_vformatter
-ap_vrprintf
-ap_vsnprintf
-core_module
-top_module
-XML_DefaultCurrent
-XML_ErrorString
-XML_ExternalEntityParserCreate
-XML_GetBase
-XML_GetBuffer
-XML_GetCurrentByteCount
-XML_GetCurrentByteIndex
-XML_GetCurrentColumnNumber
-XML_GetCurrentLineNumber
-XML_GetErrorCode
-XML_GetSpecifiedAttributeCount
-XML_Parse
-XML_ParseBuffer
-XML_ParserCreate
-XML_ParserCreateNS
-XML_ParserFree
-XML_SetBase
-XML_SetCdataSectionHandler
-XML_SetCharacterDataHandler
-XML_SetCommentHandler
-XML_SetDefaultHandler
-XML_SetDefaultHandlerExpand
-XML_SetElementHandler
-XML_SetEncoding
-XML_SetExternalEntityRefHandler
-XML_SetExternalEntityRefHandlerArg
-XML_SetNamespaceDeclHandler
-XML_SetNotStandaloneHandler
-XML_SetNotationDeclHandler
-XML_SetProcessingInstructionHandler
-XML_SetUnknownEncodingHandler
-XML_SetUnparsedEntityDeclHandler
-XML_SetUserData
-XML_UseParserAsHandlerArg
-ap_add_config_define
-ap_make_shared_sub_pool
-ap_global_ctx
-ap_ctx_new
-ap_ctx_get
-ap_ctx_set
-ap_hook_init
-ap_hook_kill
-ap_hook_configure
-ap_hook_register_I
-ap_hook_unregister_I
-ap_hook_status
-ap_hook_use
-ap_hook_call
-ap_mm_useable
-ap_MM_create
-ap_MM_permission
-ap_MM_destroy
-ap_MM_lock
-ap_MM_unlock
-ap_MM_malloc
-ap_MM_realloc
-ap_MM_free
-ap_MM_calloc
-ap_MM_strdup
-ap_MM_sizeof
-ap_MM_maxsize
-ap_MM_available
-ap_MM_error
-ap_mm_create
-ap_mm_permission
-ap_mm_destroy
-ap_mm_lock
-ap_mm_unlock
-ap_mm_malloc
-ap_mm_realloc
-ap_mm_free
-ap_mm_calloc
-ap_mm_strdup
-ap_mm_sizeof
-ap_mm_maxsize
-ap_mm_available
-ap_mm_error
-ap_mm_display_info
-ap_mm_core_create
-ap_mm_core_permission
-ap_mm_core_delete
-ap_mm_core_size
-ap_mm_core_lock
-ap_mm_core_unlock
-ap_mm_core_maxsegsize
-ap_mm_core_align2page
-ap_mm_core_align2word
-ap_mm_lib_error_set
-ap_mm_lib_error_get
-ap_mm_lib_version
diff --git a/usr.sbin/httpd/src/support/log_server_status b/usr.sbin/httpd/src/support/log_server_status
deleted file mode 100644
index 573e3aa2911..00000000000
--- a/usr.sbin/httpd/src/support/log_server_status
+++ /dev/null
@@ -1,121 +0,0 @@
-#!/usr/local/bin/perl
-
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## .
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-
-
-# Log Server Status
-# Mark J Cox, UK Web Ltd 1996, mark@ukweb.com
-#
-# This script is designed to be run at a frequent interval by something
-# like cron.  It connects to the server and downloads the status
-# information.  It reformats the information to a single line and logs
-# it to a file.  Make sure the directory $wherelog is writable by the
-# user who runs this script.
-#
-require 'sys/socket.ph';
-
-$wherelog = "/var/log/graph/";  # Logs will be like "/var/log/graph/19960312"
-$server = "localhost";          # Name of server, could be "www.foo.com"
-$port = "80";                   # Port on server
-$request = "/status/?auto";     # Request to send
-
-sub tcp_connect
-{
-	local($host,$port) =@_;
-        $sockaddr='S n a4 x8';
-        chop($hostname=`hostname`);
-        $port=(getservbyname($port, 'tcp'))[2]  unless $port =~ /^\d+$/;
-        $me=pack($sockaddr,&AF_INET,0,(gethostbyname($hostname))[4]);
-        $them=pack($sockaddr,&AF_INET,$port,(gethostbyname($host))[4]);
-        socket(S,&PF_INET,&SOCK_STREAM,(getprotobyname('tcp'))[2]) || 
-		die "socket: $!";
-        bind(S,$me) || return "bind: $!";
-        connect(S,$them) || return "connect: $!";
-        select(S); 
-	$| = 1; 
-	select(stdout);
-	return "";
-}
-
-### Main
-
-{
-        $year=`date +%y`;
-	chomp($year);
-	$year += ($year < 70) ? 2000 : 1900;
-	$date = $year . `date +%m%d:%H%M%S`;
-	chomp($date);
-	($day,$time)=split(/:/,$date);
-	$res=&tcp_connect($server,$port);
-	open(OUT,">>$wherelog$day");
-	if ($res) {
-		print OUT "$time:-1:-1:-1:-1:$res\n";
-		exit 1;
-	}
-	print S "GET $request\n";
-	while () {
-		$requests=$1 if ( m|^BusyServers:\ (\S+)|);
-		$idle=$1 if ( m|^IdleServers:\ (\S+)|);
-		$number=$1 if ( m|sses:\ (\S+)|);
-		$cpu=$1 if (m|^CPULoad:\ (\S+)|);
-	}
-	print OUT "$time:$requests:$idle:$number:$cpu\n";
-}
-
-
diff --git a/usr.sbin/httpd/src/support/logresolve.8 b/usr.sbin/httpd/src/support/logresolve.8
deleted file mode 100644
index c82b971925a..00000000000
--- a/usr.sbin/httpd/src/support/logresolve.8
+++ /dev/null
@@ -1,100 +0,0 @@
-.\"	$OpenBSD: logresolve.8,v 1.10 2007/05/31 19:20:24 jmc Exp $
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" .
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: May 31 2007 $
-.Dt LOGRESOLVE 8
-.Os
-.Sh NAME
-.Nm logresolve
-.Nd resolve hostnames for IP addresses in Apache logfiles
-.Sh SYNOPSIS
-.Nm logresolve
-.Op Fl c
-.Op Fl s Ar filename
-\*(Lt
-.Ar access_log
-\*(Gt
-.Ar access_log.new
-.Sh DESCRIPTION
-.Nm
-is a post-processing program to resolve IP addresses in
-.Xr httpd 8 Ns 's
-access logfiles.
-To minimize impact on the nameserver,
-.Nm
-has its very own internal hash-table cache.
-This means that each IP number will only be looked up the first time it
-is found in the log file.
-.Pp
-The following options are supported:
-.Bl -tag -width "-s filenameXX"
-.It Fl c
-This causes
-.Nm
-to apply some DNS checks:
-after finding the hostname from the IP address, it looks up the IP
-addresses for the hostname and checks that one of them matches the
-original address.
-.It Fl s Ar filename
-Specifies the
-.Ar filename
-to record statistics.
-.El
-.Sh SEE ALSO
-.Xr httpd 8 ,
-.Xr rotatelogs 8
diff --git a/usr.sbin/httpd/src/support/logresolve.c b/usr.sbin/httpd/src/support/logresolve.c
deleted file mode 100644
index 09da8474dae..00000000000
--- a/usr.sbin/httpd/src/support/logresolve.c
+++ /dev/null
@@ -1,357 +0,0 @@
-/*	$OpenBSD: logresolve.c,v 1.16 2012/03/04 04:05:15 fgsch Exp $	*/
-
-/*
- * logresolve 1.1
- *
- * Tom Rathborne - tomr@aceldama.com - http://www.aceldama.com/~tomr/
- * UUNET Canada, April 16, 1995
- *
- * Rewritten by David Robinson. (drtr@ast.cam.ac.uk)
- *
- * usage: logresolve [-c] [-s filename] < access_log > access_log.new
- *
- * Arguments:
- *    -s filename     name of a file to record statistics
- *    -c              check the DNS for a matching A record for the host.
- *
- * Notes:
- *
- * To generate meaningful statistics from an HTTPD log file, it's good
- * to have the domain name of each machine that accessed your site, but
- * doing this on the fly can slow HTTPD down.
- *
- * Compiling NCSA HTTPD with the -DMINIMAL_DNS flag turns IP#->hostname
- * resolution off. Before running your stats program, just run your log
- * file through this program (logresolve) and all of your IP numbers will
- * be resolved into hostnames (where possible).
- *
- * logresolve takes an HTTPD access log (in the COMMON log file format,
- * or any other format that has the IP number/domain name as the first
- * field for that matter), and outputs the same file with all of the
- * domain names looked up. Where no domain name can be found, the IP
- * number is left in.
- *
- * To minimize impact on your nameserver, logresolve has its very own
- * internal hash-table cache. This means that each IP number will only
- * be looked up the first time it is found in the log file.
- *
- * The -c option causes logresolve to apply the same check as httpd
- * compiled with -DMAXIMUM_DNS; after finding the hostname from the IP
- * address, it looks up the IP addresses for the hostname and checks
- * that one of these matches the original address.
- */
-
-#include "ap_config.h"
-#include 
-
-#include 
-
-#include 
-
-static void cgethost(struct sockaddr *sa, char *string, int check);
-static int get_line(char *s, int n);
-static void stats(FILE *output);
-static void usage(void);
-
-
-/* maximum line length */
-#define MAXLINE 1024
-
-/* maximum length of a domain name */
-#ifndef MAXDNAME
-#define MAXDNAME 256
-#endif
-
-/* number of buckets in cache hash table */
-#define BUCKETS 256
-
-/*
- * struct nsrec - record of nameservice for cache linked list
- * 
- * ipnum - IP number hostname - hostname noname - nonzero if IP number has no
- * hostname, i.e. hostname=IP number
- */
-struct nsrec {
-	struct sockaddr_storage	 addr;
-	char			*hostname;
-	int			 noname;
-	struct nsrec		*next;
-} *nscache[BUCKETS];
-
-/* statistics - obvious */
-
-#if !defined(h_errno)
-extern int h_errno; /* some machines don't have this in their headers */
-#endif
-
-/* largest value for h_errno */
-#define MAX_ERR (NO_ADDRESS)
-#define UNKNOWN_ERR (MAX_ERR+1)
-#define NO_REVERSE  (MAX_ERR+2)
-
-static int cachehits = 0;
-static int cachesize = 0;
-static int entries = 0;
-static int resolves = 0;
-static int withname = 0;
-static int errors[MAX_ERR + 3];
-
-/*
- * cgethost - gets hostname by IP address, caching, and adding unresolvable
- * IP numbers with their IP number as hostname, setting noname flag
- */
-static void
-cgethost(struct sockaddr *sa, char *string, int check)
-{
-	uint32_t hashval;
-	struct sockaddr_in *sin;
-	struct sockaddr_in6 *sin6;
-	struct nsrec **current, *new;
-	char *name;
-	char hostnamebuf[MAXHOSTNAMELEN];
-
-	switch (sa->sa_family) {
-	case AF_INET:
-		hashval = ((struct sockaddr_in *)sa)->sin_addr.s_addr;
-		break;
-	case AF_INET6:
-		hashval = *(uint32_t *)&(
-		    (struct sockaddr_in6 *)sa)->sin6_addr.s6_addr[12];
-		break;
-	default:
-		hashval = 0;
-		break;
-	}
-
-	current = &nscache[((hashval + (hashval >> 8) +
-	    (hashval >> 16) + (hashval >> 24)) % BUCKETS)];
-
-	while (*current) {
-		if (sa->sa_len == (*current)->addr.ss_len
-		    && memcmp(sa, &(*current)->addr, sa->sa_len) == 0)
-			break;
-
-		current = &(*current)->next;
-	}
-
-	if (*current == NULL) {
-		cachesize++;
-		new = (struct nsrec *)malloc(sizeof(struct nsrec));
-		if (new == NULL) {
-			perror("malloc");
-			fprintf(stderr, "Insufficient memory\n");
-			exit(1);
-		}
-		*current = new;
-		new->next = NULL;
-
-		memcpy(&new->addr, sa, sa->sa_len);
-
-		new->noname = getnameinfo(sa, sa->sa_len, hostnamebuf,
-		    sizeof(hostnamebuf), NULL, 0, 0);
-		name = strdup(hostnamebuf);
-		if (check) {
-			struct addrinfo hints, *res;
-			int error;
-			memset(&hints, 0, sizeof(hints));
-			hints.ai_family = PF_UNSPEC;
-			error = getaddrinfo(hostnamebuf, NULL, &hints, &res);
-			if (!error) {
-				while (res) {
-					if (sa->sa_len == res->ai_addrlen
-					    && memcmp(sa, res->ai_addr,
-					    sa->sa_len) == 0)
-						break;
-
-					res = res->ai_next;
-				}
-				if (!res)
-					error++;
-			}
-			if (error) {
-				getnameinfo(sa,	sa->sa_len, hostnamebuf,
-				    sizeof(hostnamebuf), NULL, 0,
-				    NI_NUMERICHOST);
-				fprintf(stderr, "Bad host: %s != %s\n", name,
-				    hostnamebuf);
-				new->noname = NO_REVERSE;
-				free(name);
-				name = strdup(hostnamebuf);
-			}
-		}
-		new->hostname = name;
-		if (new->hostname == NULL) {
-			perror("strdup");
-			fprintf(stderr, "Insufficient memory\n");
-			exit(1);
-		}
-	}
-	else
-		cachehits++;
-
-	/* size of string == MAXDNAME +1 */
-	strncpy(string, (*current)->hostname, MAXDNAME);
-	string[MAXDNAME] = '\0';
-}
-
-/* prints various statistics to output */
-static void
-stats(FILE *output)
-{
-	int i;
-	char *ipstring;
-	struct nsrec *current;
-	char *errstring[MAX_ERR + 3];
-	char hostnamebuf[MAXHOSTNAMELEN];
-
-	for (i = 0; i < MAX_ERR + 3; i++)
-		errstring[i] = "Unknown error";
-	errstring[HOST_NOT_FOUND] = "Host not found";
-	errstring[TRY_AGAIN] = "Try again";
-	errstring[NO_RECOVERY] = "Non recoverable error";
-	errstring[NO_DATA] = "No data record";
-	errstring[NO_ADDRESS] = "No address";
-	errstring[NO_REVERSE] = "No reverse entry";
-
-	fprintf(output, "logresolve Statistics:\n");
-
-	fprintf(output, "Entries: %d\n", entries);
-	fprintf(output, "    With name   : %d\n", withname);
-	fprintf(output, "    Resolves    : %d\n", resolves);
-	if (errors[HOST_NOT_FOUND])
-		fprintf(output, "    - Not found : %d\n",
-		    errors[HOST_NOT_FOUND]);
-	if (errors[TRY_AGAIN])
-		fprintf(output, "    - Try again : %d\n", errors[TRY_AGAIN]);
-	if (errors[NO_DATA])
-		fprintf(output, "    - No data   : %d\n", errors[NO_DATA]);
-	if (errors[NO_ADDRESS])
-		fprintf(output, "    - No address: %d\n", errors[NO_ADDRESS]);
-	if (errors[NO_REVERSE])
-		fprintf(output, "    - No reverse: %d\n", errors[NO_REVERSE]);
-	fprintf(output, "Cache hits      : %d\n", cachehits);
-	fprintf(output, "Cache size      : %d\n", cachesize);
-	fprintf(output, "Cache buckets   :     IP number * hostname\n");
-
-	for (i = 0; i < BUCKETS; i++)
-		for (current = nscache[i]; current != NULL;
-		    current = current->next) {
-			getnameinfo((struct sockaddr *)¤t->addr,
-			    current->addr.ss_len, hostnamebuf,
-			    sizeof(hostnamebuf), NULL, 0, NI_NUMERICHOST);
-			ipstring = hostnamebuf;
-			if (current->noname == 0)
-				fprintf(output, "  %3d  %15s - %s\n", i,
-				    ipstring, current->hostname);
-			else {
-				if (current->noname > MAX_ERR + 2)
-					fprintf(output, "  %3d  %15s : Unknown "
-					    "error\n", i, ipstring);
-				else
-					fprintf(output, "  %3d  %15s : %s\n",
-					    i, ipstring,
-				errstring[current->noname]);
-			}
-		}
-}
-
-
-/*gets a line from stdin */
-static int
-get_line(char *s, int n)
-{
-	if (!fgets(s, n, stdin))
-		return (0);
-	s[strcspn(s, "\n")] = '\0';
-	return (1);
-}
-
-static void
-usage(void)
-{
-	fprintf(stderr, "usage: logresolve [-c] [-s filename] < access_log "
-	    "> access_log.new\n");
-	exit(1);
-}
-
-int main
-(int argc, char *argv[])
-{
-	char *bar, hoststring[MAXDNAME + 1], line[MAXLINE], *statfile;
-	int i, check;
-	struct addrinfo hints, *res;
-	int error;
-	int ch;
-
-	check = 0;
-	statfile = NULL;
-	while ((ch = getopt(argc, argv, "s:c")) != -1) {
-		switch (ch) {
-		case 'c':
-			check = 1;
-			break;
-		case 's':
-			statfile = optarg;
-			break;
-		default:
-			usage();
-		}
-	}
-
-	argc -= optind;
-	argv += optind;
-	if (argc > 0)
-		usage();
-
-	for (i = 0; i < BUCKETS; i++)
-		nscache[i] = NULL;
-	for (i = 0; i < MAX_ERR + 2; i++)
-		errors[i] = 0;
-
-	while (get_line(line, MAXLINE)) {
-		if (line[0] == '\0')
-			continue;
-		entries++;
-		if (!isdigit((int)line[0])) {	/* short cut */
-			puts(line);
-			withname++;
-			continue;
-		}
-		bar = strchr(line, ' ');
-		if (bar != NULL)
-			*bar = '\0';
-		memset(&hints, 0, sizeof(hints));
-		hints.ai_family = PF_UNSPEC;
-		error = getaddrinfo(line, NULL, &hints, &res);
-		if (error) {
-			if (bar != NULL)
-			*bar = ' ';
-			puts(line);
-			withname++;
-			continue;
-		}
-
-		resolves++;
-
-		cgethost(res->ai_addr, hoststring, check);
-		if (bar != NULL)
-			printf("%s %s\n", hoststring, bar + 1);
-		else
-			puts(hoststring);
-		freeaddrinfo(res);
-	}
-
-	if (statfile != NULL) {
-		FILE *fp;
-		fp = fopen(statfile, "w");
-		if (fp == NULL) {
-			fprintf(stderr, "logresolve: could not open statistics "
-			    "file '%s'\n", statfile);
-			exit(1);
-		}
-		stats(fp);
-		fclose(fp);
-	}
-
-	return (0);
-}
diff --git a/usr.sbin/httpd/src/support/logresolve.pl b/usr.sbin/httpd/src/support/logresolve.pl
deleted file mode 100644
index 53d0736aee6..00000000000
--- a/usr.sbin/httpd/src/support/logresolve.pl
+++ /dev/null
@@ -1,267 +0,0 @@
-#!/usr/local/bin/perl
-
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## .
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-
-# logresolve.pl
-#
-# v 1.2 by robh @ imdb.com
-# 
-# usage: logresolve.pl outfile
-#
-# input = Apache/NCSA/.. logfile with IP numbers at start of lines
-# output = same logfile with IP addresses resolved to hostnames where
-#  name lookups succeeded.
-#
-# this differs from the C based 'logresolve' in that this script
-# spawns a number ($CHILDREN) of subprocesses to resolve addresses
-# concurrently and sets a short timeout ($TIMEOUT) for each lookup in
-# order to keep things moving quickly.
-#
-# the parent process handles caching of IP->hostnames using a Perl hash
-# it also avoids sending the same IP to multiple child processes to be
-# resolved multiple times concurrently.
-#
-# Depending on the settings of $CHILDREN and $TIMEOUT you should see
-# significant reductions in the overall time taken to resolve your
-# logfiles. With $CHILDREN=40 and $TIMEOUT=5 I've seen 200,000 - 300,000
-# logfile lines processed per hour compared to ~45,000 per hour
-# with 'logresolve'.
-#
-# I haven't yet seen any noticable reduction in the percentage of IPs
-# that fail to get resolved. Your mileage will no doubt vary. 5s is long
-# enough to wait IMO.
-#
-# Known to work with FreeBSD 2.2
-# Known to have problems with Solaris
-#
-# 980417 - use 'sockaddr_un' for bind/connect to make the script work
-#  with linux. Fix from Luuk de Boer 
-
-require 5.004;
-
-$|=1;
-
-use FileHandle;
-use Socket;
-
-use strict;
-no strict 'refs';
-
-use vars qw($PROTOCOL);
-$PROTOCOL = 0;
-
-my $CHILDREN = 40;
-my $TIMEOUT  = 5;
-
-my $filename;
-my %hash = ();
-my $parent = $$;
-
-my @children = ();
-for (my $child = 1; $child <=$CHILDREN; $child++) {
-	my $f = fork();	
-	if (!$f) {
-		$filename = "./.socket.$parent.$child";
-		if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";}
-		&child($child);
-		exit(0);
-	}
-	push(@children, $f);
-}
-
-&parent;
-&cleanup;
-
-## remove all temporary files before shutting down
-sub cleanup {
-	 # die kiddies, die
-	kill(15, @children);
-	for (my $child = 1; $child <=$CHILDREN; $child++) {
-		if (-e "./.socket.$parent.$child") {
-			unlink("./.socket.$parent.$child")
-				|| warn ".socket.$parent.$child $!";
-		}
-	}
-}
-	
-sub parent {
-	# Trap some possible signals to trigger temp file cleanup
-	$SIG{'KILL'} = $SIG{'INT'} = $SIG{'PIPE'} = \&cleanup;
-
-	my %CHILDSOCK;
-	my $filename;
- 
-	 ## fork child processes. Each child will create a socket connection
-	 ## to this parent and use an unique temp filename to do so.
-	for (my $child = 1; $child <=$CHILDREN; $child++) {
-		$CHILDSOCK{$child}= FileHandle->new;
-
-		if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) {
-			warn "parent socket to child failed $!";
-		}
-		$filename = "./.socket.$parent.$child";
-		my $response;
-		do {
-			$response = connect($CHILDSOCK{$child}, sockaddr_un($filename));
-			if ($response != 1) {
-				sleep(1);
-			}                       
-		} while ($response != 1);
-		$CHILDSOCK{$child}->autoflush;
-	}
-	## All child processes should now be ready or at worst warming up 
-
-	my (@buffer, $child, $ip, $rest, $hostname, $response);
-	 ## read the logfile lines from STDIN
-	while() {
-		@buffer = ();	# empty the logfile line buffer array.
-		$child = 1;		# children are numbered 1..N, start with #1
-
-		# while we have a child to talk to and data to give it..
-		do {
-			push(@buffer, $_);					# buffer the line
-			($ip, $rest) = split(/ /, $_, 2);	# separate IP form rest
-
-			unless ($hash{$ip}) {				# resolve if unseen IP
-				$CHILDSOCK{$child}->print("$ip\n"); # pass IP to next child
-				$hash{$ip} = $ip;				# don't look it up again.
-				$child++;
-			}
-		} while (($child < ($CHILDREN-1)) and ($_ = ));
-
-		 ## now poll each child for a response
-		while (--$child > 0) { 
-			$response = $CHILDSOCK{$child}->getline;
-			chomp($response);
-			 # child sends us back both the IP and HOSTNAME, no need for us
-			 # to remember what child received any given IP, and no worries
-			 # what order we talk to the children
-			($ip, $hostname) = split(/\|/, $response, 2);
-			$hash{$ip} = $hostname;
-		}
-
-		 # resolve all the logfiles lines held in the log buffer array..
-		for (my $line = 0; $line <=$#buffer; $line++) {
-			 # get next buffered line
-			($ip, $rest) = split(/ /, $buffer[$line], 2);
-			 # separate IP from rest and replace with cached hostname
-			printf STDOUT ("%s %s", $hash{$ip}, $rest);
-		}
-	}
-}
-
-########################################
-
-sub child {
-	 # arg = numeric ID - how the parent refers to me
-	my $me = shift;
-
-	 # add trap for alarm signals.
-	$SIG{'ALRM'} = sub { die "alarmed"; };
-
-	 # create a socket to communicate with parent
-	socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL)
-		|| die "Error with Socket: !$\n";
-	$filename = "./.socket.$parent.$me";
-	bind(INBOUND, sockaddr_un($filename))
-		|| die "Error Binding $filename: $!\n";
-	listen(INBOUND, 5) || die "Error Listening: $!\n";
-
-	my ($ip, $send_back);
-	my $talk = FileHandle->new;
-
-	 # accept a connection from the parent process. We only ever have
-	 # have one connection where we exchange 1 line of info with the
-	 # parent.. 1 line in (IP address), 1 line out (IP + hostname).
-	accept($talk, INBOUND) || die "Error Accepting: $!\n";
-	 # disable I/O buffering just in case
-	$talk->autoflush;
-	 # while the parent keeps sending data, we keep responding..
-	while(($ip = $talk->getline)) {
-		chomp($ip);
-		 # resolve the IP if time permits and send back what we found..
-		$send_back = sprintf("%s|%s", $ip, &nslookup($ip));
-		$talk->print($send_back."\n");
-	}
-}
-
-# perform a time restricted hostname lookup.
-sub nslookup {
-	 # get the IP as an arg
-	my $ip = shift;
-	my $hostname = undef;
-
-	 # do the hostname lookup inside an eval. The eval will use the
-	 # already configured SIGnal handler and drop out of the {} block
-	 # regardless of whether the alarm occured or not.
-	eval {
-		alarm($TIMEOUT);
-		$hostname = gethostbyaddr(gethostbyname($ip), AF_INET);
-		alarm(0);
-	};
-	if ($@ =~ /alarm/) {
-		 # useful for debugging perhaps..
-		# print "alarming, isn't it? ($ip)";
-	}
-
-	 # return the hostname or the IP address itself if there is no hostname
-	$hostname ne "" ? $hostname : $ip;
-}
-
-
diff --git a/usr.sbin/httpd/src/support/mkcert.sh b/usr.sbin/httpd/src/support/mkcert.sh
deleted file mode 100644
index a9d3c8599f5..00000000000
--- a/usr.sbin/httpd/src/support/mkcert.sh
+++ /dev/null
@@ -1,855 +0,0 @@
-#!/bin/sh
-##
-##  mkcert.sh -- SSL Certificate Generation Utility
-##  Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved. 
-##
-
-#   parameters
-make="$1"
-mflags="$2"
-openssl="$3"
-support="$4"
-type="$5"
-algo="$6"
-crt="$7"
-key="$8"
-view="$9"
-
-#   we can operate only inside the Apache 1.3 source
-#   tree and only when mod_ssl+OpenSSL is actually configured.
-if [ ! -f "../README.configure" ]; then
-    echo "mkcert.sh:Error: Cannot operate outside the Apache 1.3 source tree." 1>&2
-    echo "mkcert.sh:Hint:  You have to stay inside apache_1.3.x/src." 1>&2
-    exit 1
-fi
-if [ ".$openssl" = . ]; then
-    echo "mkcert.sh:Error: mod_ssl/OpenSSL has to be configured before using this utility." 1>&2
-    echo "mkcert.sh:Hint:  Configure mod_ssl with --enable-module=ssl in APACI, first." 1>&2
-    exit 1
-fi
-
-#   configuration
-#   WE ARE CALLED FROM THE PARENT DIR!
-sslcrtdir="../conf/ssl.crt"
-sslcsrdir="../conf/ssl.csr"
-sslkeydir="../conf/ssl.key"
-sslprmdir="../conf/ssl.prm"
-
-#   some optional terminal sequences
-case $TERM in
-    xterm|xterm*|vt220|vt220*)
-        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
-        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
-        ;;
-    vt100|vt100*)
-        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
-        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
-        ;;
-    default)
-        T_MD=''
-        T_ME=''
-        ;;
-esac
-
-#   display header
-echo "${T_MD}SSL Certificate Generation Utility${T_ME} (mkcert.sh)"
-echo "Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved."
-
-#   on request view certificates only
-if [ ".$view" != . ]; then
-    if [ -f "$sslcrtdir/ca.crt" -a -f "$sslkeydir/ca.key" ]; then
-        echo ""
-        echo "${T_MD}CA X.509 Certificate${T_ME} [ca.crt]"
-        echo "______________________________________________________________________"
-        $openssl x509 -noout -text -in $sslcrtdir/ca.crt
-        echo ""
-        if [ ".`$openssl x509 -noout -text -in $sslcrtdir/ca.crt | grep 'Signature Algorithm' | grep -i RSA`" != . ]; then
-            echo "${T_MD}CA RSA Private Key${T_ME} [ca.key]"
-            echo "______________________________________________________________________"
-            $openssl rsa -noout -text -in $sslkeydir/ca.key
-        else
-            echo "${T_MD}CA DSA Private Key${T_ME} [ca.key]"
-            echo "______________________________________________________________________"
-            $openssl dsa -noout -text -in $sslkeydir/ca.key
-        fi
-    fi
-    if [ -f "$sslcrtdir/server.crt" -a -f "$sslkeydir/server.key" ]; then
-        echo ""
-        echo "${T_MD}Server X.509 Certificate${T_ME} [server.crt]"
-        echo "______________________________________________________________________"
-        $openssl x509 -noout -text -in $sslcrtdir/server.crt
-        echo ""
-        if [ ".`$openssl x509 -noout -text -in $sslcrtdir/server.crt | grep 'Signature Algorithm' | grep -i RSA`" != . ]; then
-            echo "${T_MD}Server RSA Private Key${T_ME} [server.key]"
-            echo "______________________________________________________________________"
-            $openssl rsa -noout -text -in $sslkeydir/server.key
-        else
-            echo "${T_MD}Server DSA Private Key${T_ME} [server.key]"
-            echo "______________________________________________________________________"
-            $openssl dsa -noout -text -in $sslkeydir/server.key
-        fi
-    fi
-    exit 0
-fi
-
-#   find some random files
-#   (do not use /dev/random here, because this device 
-#   doesn't work as expected on all platforms)
-randfiles=''
-for file in /var/log/messages /var/adm/messages /var/log/system.log /var/wtmp \
-            /kernel /kernel/genunix /vmunix /vmlinuz /mach \
-            /etc/hosts /etc/group /etc/resolv.conf /bin/ls; do
-    if [ -r $file ]; then
-        if [ ".$randfiles" = . ]; then
-            randfiles="$file"
-        else
-            randfiles="${randfiles}:$file"
-        fi
-    fi
-done
-
-#   initialize random file
-if [ -f $HOME/.rnd ]; then
-    RANDFILE="$HOME/.rnd"
-else
-    RANDFILE=".mkcert.rnd"
-    (ps; date) >$RANDFILE
-fi
-export RANDFILE
-
-#   canonicalize parameters
-case "x$type" in
-    x ) type=test ;;
-esac
-case "x$algo" in
-    xRSA|xrsa ) 
-        algo=RSA
-        ;;
-    xDSA|xdsa ) 
-        algo=DSA 
-        ;;
-    x ) 
-        algo=choose
-        ;;
-    * ) echo "Unknown algorithm \'$algo' (use RSA or DSA!)" 1>&2
-        exit 1
-        ;;
-esac
-
-#   processing
-case $type in
-
-    dummy)
-        echo ""
-        echo "${T_MD}Generating self-signed Snake Oil certificate [DUMMY]${T_ME}"
-        echo "______________________________________________________________________"
-        echo ""
-        if [ ".$algo" = .choose ]; then
-            algo=RSA
-        fi
-        if [ ".$algo" = .RSA ]; then
-            cp $sslcrtdir/snakeoil-rsa.crt $sslcrtdir/server.crt
-            (umask 077; cp $sslkeydir/snakeoil-rsa.key $sslkeydir/server.key)
-        else
-            cp $sslcrtdir/snakeoil-dsa.crt $sslcrtdir/server.crt
-            (umask 077; cp $sslkeydir/snakeoil-dsa.key $sslkeydir/server.key)
-        fi
-        echo "${T_MD}RESULT: Server Certification Files${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/server.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file which you configure"
-        echo "   with the 'SSLCertificateKeyFile' directive (automatically done"
-        echo "   when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/server.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file which you configure"
-        echo "   with the 'SSLCertificateFile' directive (automatically done"
-        echo "   when you install via APACI)."
-        echo ""
-        echo "WARNING: Do not use this for real-life/production systems"
-        echo ""
-        ;;
-
-    test)
-        echo ""
-        echo "${T_MD}Generating test certificate signed by Snake Oil CA [TEST]${T_ME}"
-        echo "WARNING: Do not use this for real-life/production systems"
-        if [ ".$algo" = .choose ]; then
-            echo "______________________________________________________________________"
-            echo ""
-            echo "${T_MD}STEP 0: Decide the signature algorithm used for certificate${T_ME}"
-            echo "The generated X.509 CA certificate can contain either"
-            echo "RSA or DSA based ingredients. Select the one you want to use."
-            def1=R def2=r def=RSA
-            prompt="Signature Algorithm ((R)SA or (D)SA) [$def1]:"
-            while [ 1 ]; do
-                echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-                read algo
-                if [ ".$algo" = ".$def1" -o ".$algo" = ".$def2" -o ".$algo" = . ]; then
-                    algo=$def
-                    break
-                elif [ ".$algo" = ".R" -o ".$algo" = ".r" ]; then
-                    algo=RSA
-                    break
-                elif [ ".$algo" = ".D" -o ".$algo" = ".d" ]; then
-                    algo=DSA
-                    break
-                else
-                    echo "mkcert.sh:Warning: Invalid selection" 1>&2
-                fi
-            done
-        fi
-        if [ ".$algo" = ".DSA" ]; then
-            echo ""
-            echo "${T_MD}WARNING!${T_ME} You're generating a DSA based certificate/key pair."
-            echo "         This implies that RSA based ciphers won't be available later,"
-            echo "         which for your web server currently still means that mostly all"
-            echo "         popular web browsers cannot connect to it. At least not until"
-            echo "         you also generate an additional RSA based certificate/key pair"
-            echo "         and configure them in parallel."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 1: Generating $algo private key (1024 bit) [server.key]${T_ME}"
-        if [ ".$algo" = .RSA ]; then
-            if [ ".$randfiles" != . ]; then
-                $openssl genrsa -rand $randfiles -out $sslkeydir/server.key 1024
-            else
-                $openssl genrsa -out $sslkeydir/server.key 1024
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate RSA private key" 1>&2
-                exit 1
-            fi
-        else
-            echo "Generating DSA private key via SnakeOil CA DSA parameters"
-            if [ ".$randfiles" != . ]; then
-                (umask 077
-                 $openssl gendsa -rand $randfiles \
-                                 -out $sslkeydir/server.key \
-                                 $sslprmdir/snakeoil-ca-dsa.prm)
-            else
-                (umask 077
-                 $openssl gendsa -out $sslkeydir/server.key \
-                                 $sslprmdir/snakeoil-ca-dsa.prm)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate DSA private key" 1>&2
-                exit 1
-            fi
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 2: Generating X.509 certificate signing request [server.csr]${T_ME}"
-        cat >.mkcert.cfg <&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        prompt="8. Certificate Validity     (days)          [365]:"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-        read days
-        if [ ".$days" = . ]; then
-            days=365
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]${T_ME}"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=Certificate Version (1 or 3) [3]:"
-        read certversion
-        extfile=""
-        if [ ".$certversion" = .3 -o ".$certversion" = . ]; then
-            extfile="-extfile .mkcert.cfg"
-            cat >.mkcert.cfg <.mkcert.serial
-        fi
-        if [ ".$algo" = .RSA ]; then
-            $openssl x509 $extfile \
-                          -days $days \
-                          -CAserial .mkcert.serial \
-                          -CA $sslcrtdir/snakeoil-ca-rsa.crt \
-                          -CAkey $sslkeydir/snakeoil-ca-rsa.key \
-                          -in $sslcsrdir/server.csr -req \
-                          -out $sslcrtdir/server.crt
-        else
-            $openssl x509 $extfile \
-                          -days $days \
-                          -CAserial .mkcert.serial \
-                          -CA $sslcrtdir/snakeoil-ca-dsa.crt \
-                          -CAkey $sslkeydir/snakeoil-ca-dsa.key \
-                          -in $sslcsrdir/server.csr -req \
-                          -out $sslcrtdir/server.crt
-        fi
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to generate X.509 certificate" 1>&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        echo "Verify: matching certificate & key modulus"
-        modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/server.crt | sed -e 's;.*Modulus=;;'`
-        if [ ".$algo" = .RSA ]; then
-            modkey=`$openssl rsa -noout -modulus -in $sslkeydir/server.key | sed -e 's;.*Modulus=;;'`
-        else
-            modkey=`$openssl dsa -noout -modulus -in $sslkeydir/server.key | sed -e 's;.*Key=;;'`
-        fi
-        if [ ".$modcrt" != ".$modkey" ]; then
-            echo "mkcert.sh:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "Verify: matching certificate signature"
-        if [ ".$algo" = .RSA ]; then
-            $openssl verify -CAfile $sslcrtdir/snakeoil-ca-rsa.crt $sslcrtdir/server.crt
-        else
-            $openssl verify -CAfile $sslcrtdir/snakeoil-ca-dsa.crt $sslcrtdir/server.crt
-        fi
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to verify signature on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 4: Enrypting $algo private key with a pass phrase for security [server.key]${T_ME}"
-        echo "The contents of the server.key file (the generated private key) has to be"
-        echo "kept secret. So we strongly recommend you to encrypt the server.key file"
-        echo "with a Triple-DES cipher and a Pass Phrase."
-        while [ 1 ]; do
-            echo dummy | awk '{ printf("Encrypt the private key now? [Y/n]: "); }'
-            read rc
-            if [ ".$rc" = .n -o  ".$rc" = .N ]; then
-                rc="n"
-                break
-            fi
-            if [ ".$rc" = .y -o  ".$rc" = .Y -o ".$rc" = . ]; then
-                rc="y"
-                break
-            fi
-        done
-        if [ ".$rc" = .y ]; then
-            if [ ".$algo" = .RSA ]; then
-                (umask 077
-                 $openssl rsa -des3 \
-                              -in  $sslkeydir/server.key \
-                              -out $sslkeydir/server.key.crypt)
-            else
-                (umask 077
-                 $openssl dsa -des3 \
-                              -in  $sslkeydir/server.key \
-                              -out $sslkeydir/server.key.crypt)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to encrypt $algo private key" 1>&2
-                exit 1
-            fi
-            (umask 077; cp $sslkeydir/server.key.crypt $sslkeydir/server.key)
-            rm -f $sslkeydir/server.key.crypt
-            echo "Fine, you're using an encrypted $algo private key."
-        else
-            echo "Warning, you're using an unencrypted $algo private key."
-            echo "Please notice this fact and do this on your own risk."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}RESULT: Server Certification Files${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/server.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file which you configure"
-        echo "   with the 'SSLCertificateKeyFile' directive (automatically done"
-        echo "   when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/server.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file which you configure"
-        echo "   with the 'SSLCertificateFile' directive (automatically done"
-        echo "   when you install via APACI)."
-        echo ""
-        echo "o  ${T_MD}conf/ssl.csr/server.csr${T_ME}"
-        echo "   The PEM-encoded X.509 certificate signing request file which" 
-        echo "   you can send to an official Certificate Authority (CA) in order"
-        echo "   to request a real server certificate (signed by this CA instead"
-        echo "   of our demonstration-only Snake Oil CA) which later can replace"
-        echo "   the conf/ssl.crt/server.crt file."
-        echo ""
-        echo "WARNING: Do not use this for real-life/production systems"
-        echo ""
-        ;;
-
-    custom)
-        echo ""
-        echo "${T_MD}Generating custom certificate signed by own CA [CUSTOM]${T_ME}"
-        if [ ".$algo" = .choose ]; then
-            echo "______________________________________________________________________"
-            echo ""
-            echo "${T_MD}STEP 0: Decide the signature algorithm used for certificates${T_ME}"
-            echo "The generated X.509 certificates can contain either"
-            echo "RSA or DSA based ingredients. Select the one you want to use."
-            def1=R def2=r def=RSA
-            prompt="Signature Algorithm ((R)SA or (D)SA) [$def1]:"
-            while [ 1 ]; do
-                echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-                read algo
-                if [ ".$algo" = ".$def1" -o ".$algo" = ".$def2" -o ".$algo" = . ]; then
-                    algo=$def
-                    break
-                elif [ ".$algo" = ".R" -o ".$algo" = ".r" ]; then
-                    algo=RSA
-                    break
-                elif [ ".$algo" = ".D" -o ".$algo" = ".d" ]; then
-                    algo=DSA
-                    break
-                else
-                    echo "mkcert.sh:Warning: Invalid selection" 1>&2
-                fi
-            done
-        fi
-        if [ ".$algo" = ".DSA" ]; then
-            echo ""
-            echo "${T_MD}WARNING!${T_ME} You're generating DSA based certificate/key pairs."
-            echo "         This implies that RSA based ciphers won't be available later,"
-            echo "         which for your web server currently still means that mostly all"
-            echo "         popular web browsers cannot connect to it. At least not until"
-            echo "         you also generate an additional RSA based certificate/key pair"
-            echo "         and configure them in parallel."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 1: Generating $algo private key for CA (1024 bit) [ca.key]${T_ME}"
-        if [ ".$algo" = .RSA ]; then
-            if [ ".$randfiles" != . ]; then
-                $openssl genrsa -rand $randfiles -out $sslkeydir/ca.key 1024
-            else
-                $openssl genrsa -out $sslkeydir/ca.key 1024
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate RSA private key" 1>&2
-                exit 1
-            fi
-        else
-            if [ ".$randfiles" != . ]; then
-                $openssl dsaparam -rand $randfiles -out $sslprmdir/ca.prm 1024
-                echo "Generating DSA private key:"
-                (umask 077
-                 $openssl gendsa -rand $randfiles -out $sslkeydir/ca.key $sslprmdir/ca.prm)
-            else
-                $openssl dsaparam -out $sslprmdir/ca.prm 1024
-                echo "Generating DSA private key:"
-                (umask 077
-                 $openssl gendsa -out $sslkeydir/ca.key $sslprmdir/ca.prm)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate DSA private key" 1>&2
-                exit 1
-            fi
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA [ca.csr]${T_ME}"
-        cat >.mkcert.cfg <&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        prompt="8. Certificate Validity     (days)          [365]:"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-        read days
-        if [ ".$days" = . ]; then
-            days=365
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself [ca.crt]${T_ME}"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=Certificate Version (1 or 3) [3]:"
-        read certversion
-        extfile=""
-        if [ ".$certversion" = .3 -o ".$certversion" = . ]; then
-            extfile="-extfile .mkcert.cfg"
-            cat >.mkcert.cfg <&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        echo "Verify: matching certificate & key modulus"
-        modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/ca.crt | sed -e 's;.*Modulus=;;'`
-        if [ ".$algo" = .RSA ]; then
-            modkey=`$openssl rsa -noout -modulus -in $sslkeydir/ca.key | sed -e 's;.*Modulus=;;'`
-        else
-            modkey=`$openssl dsa -noout -modulus -in $sslkeydir/ca.key | sed -e 's;.*Key=;;'`
-        fi
-        if [ ".$modcrt" != ".$modkey" ]; then
-            echo "mkcert.sh:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "Verify: matching certificate signature"
-        $openssl verify $sslcrtdir/ca.crt
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to verify signature on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 4: Generating $algo private key for SERVER (1024 bit) [server.key]${T_ME}"
-        if [ ".$algo" = .RSA ]; then
-            if [ ".$randfiles" != . ]; then
-                $openssl genrsa -rand $randfiles -out $sslkeydir/server.key 1024
-            else
-                $openssl genrsa -out $sslkeydir/server.key 1024
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate RSA private key" 1>&2
-                exit 1
-            fi
-        else
-            if [ ".$randfiles" != . ]; then
-                (umask 077
-                 $openssl gendsa -rand $randfiles \
-                                 -out $sslkeydir/server.key $sslprmdir/ca.prm)
-            else
-                (umask 077
-                 $openssl gendsa -out $sslkeydir/server.key $sslprmdir/ca.prm)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to generate DSA private key" 1>&2
-                exit 1
-            fi
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 5: Generating X.509 certificate signing request for SERVER [server.csr]${T_ME}"
-        cat >.mkcert.cfg <&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        prompt="8. Certificate Validity     (days)          [365]:"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
-        read days
-        if [ ".$days" = . ]; then
-            days=365
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 6: Generating X.509 certificate signed by own CA [server.crt]${T_ME}"
-        echo dummy | awk '{ printf("%s", prompt); }' "prompt=Certificate Version (1 or 3) [3]:"
-        read certversion
-        extfile=""
-        if [ ".$certversion" = .3 -o ".$certversion" = . ]; then
-            extfile="-extfile .mkcert.cfg"
-            cat >.mkcert.cfg <.mkcert.serial
-        fi
-        $openssl x509 $extfile \
-                      -days $days \
-                      -CAserial .mkcert.serial \
-                      -CA    $sslcrtdir/ca.crt \
-                      -CAkey $sslkeydir/ca.key \
-                      -in    $sslcsrdir/server.csr -req \
-                      -out   $sslcrtdir/server.crt
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to generate X.509 certificate" 1>&2
-            exit 1
-        fi
-        rm -f .mkcert.cfg
-        echo "Verify: matching certificate & key modulus"
-        modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/server.crt | sed -e 's;.*Modulus=;;'`
-        if [ ".$algo" = .RSA ]; then
-            modkey=`$openssl rsa -noout -modulus -in $sslkeydir/server.key | sed -e 's;.*Modulus=;;'`
-        else
-            modkey=`$openssl dsa -noout -modulus -in $sslkeydir/server.key | sed -e 's;.*Key=;;'`
-        fi
-        if [ ".$modcrt" != ".$modkey" ]; then
-            echo "mkcert.sh:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "Verify: matching certificate signature"
-        $openssl verify -CAfile $sslcrtdir/ca.crt $sslcrtdir/server.crt
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to verify signature on resulting X.509 certificate" 1>&2
-            exit 1
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 7: Enrypting $algo private key of CA with a pass phrase for security [ca.key]${T_ME}"
-        echo "The contents of the ca.key file (the generated private key) has to be"
-        echo "kept secret. So we strongly recommend you to encrypt the server.key file"
-        echo "with a Triple-DES cipher and a Pass Phrase."
-        while [ 1 ]; do
-            echo dummy | awk '{ printf("Encrypt the private key now? [Y/n]: "); }'
-            read rc
-            if [ ".$rc" = .n -o  ".$rc" = .N ]; then
-                rc="n"
-                break
-            fi
-            if [ ".$rc" = .y -o  ".$rc" = .Y -o ".$rc" = . ]; then
-                rc="y"
-                break
-            fi
-        done
-        if [ ".$rc" = .y ]; then
-            if [ ".$algo" = .RSA ]; then
-                (umask 077
-                 $openssl rsa -des3 \
-                              -in  $sslkeydir/ca.key \
-                              -out $sslkeydir/ca.key.crypt)
-            else
-                (umask 077
-                 $openssl dsa -des3 \
-                              -in  $sslkeydir/ca.key \
-                              -out $sslkeydir/ca.key.crypt)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to encrypt $algo private key" 1>&2
-                exit 1
-            fi
-            (umask 077; cp $sslkeydir/ca.key.crypt $sslkeydir/ca.key)
-            rm -f $sslkeydir/ca.key.crypt
-            echo "Fine, you're using an encrypted private key."
-        else
-            echo "Warning, you're using an unencrypted private key."
-            echo "Please notice this fact and do this on your own risk."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}STEP 8: Enrypting $algo private key of SERVER with a pass phrase for security [server.key]${T_ME}"
-        echo "The contents of the server.key file (the generated private key) has to be"
-        echo "kept secret. So we strongly recommend you to encrypt the server.key file"
-        echo "with a Triple-DES cipher and a Pass Phrase."
-        while [ 1 ]; do
-            echo dummy | awk '{ printf("Encrypt the private key now? [Y/n]: "); }'
-            read rc
-            if [ ".$rc" = .n -o  ".$rc" = .N ]; then
-                rc="n"
-                break
-            fi
-            if [ ".$rc" = .y -o  ".$rc" = .Y -o ".$rc" = . ]; then
-                rc="y"
-                break
-            fi
-        done
-        if [ ".$rc" = .y ]; then
-            if [ ".$algo" = .RSA ]; then
-                (umask 077
-                 $openssl rsa -des3 \
-                              -in  $sslkeydir/server.key \
-                              -out $sslkeydir/server.key.crypt)
-            else
-                (umask 077
-                 $openssl dsa -des3 \
-                              -in  $sslkeydir/server.key \
-                              -out $sslkeydir/server.key.crypt)
-            fi
-            if [ $? -ne 0 ]; then
-                echo "mkcert.sh:Error: Failed to encrypt $algo private key" 1>&2
-                exit 1
-            fi
-            (umask 077; cp $sslkeydir/server.key.crypt $sslkeydir/server.key)
-            rm -f $sslkeydir/server.key.crypt
-            echo "Fine, you're using an encrypted $algo private key."
-        else
-            echo "Warning, you're using an unencrypted $algo private key."
-            echo "Please notice this fact and do this on your own risk."
-        fi
-        echo "______________________________________________________________________"
-        echo ""
-        echo "${T_MD}RESULT: CA and Server Certification Files${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/ca.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file of the CA which you can"
-        echo "   use to sign other servers or clients. ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/ca.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file of the CA which you use to"
-        echo "   sign other servers or clients. When you sign clients with it (for"
-        echo "   SSL client authentication) you can configure this file with the"
-        echo "   'SSLCACertificateFile' directive."
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/server.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file of the server which you configure"
-        echo "   with the 'SSLCertificateKeyFile' directive (automatically done"
-        echo "   when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/server.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file of the server which you configure"
-        echo "   with the 'SSLCertificateFile' directive (automatically done"
-        echo "   when you install via APACI)."
-        echo ""
-        echo "o  ${T_MD}conf/ssl.csr/server.csr${T_ME}"
-        echo "   The PEM-encoded X.509 certificate signing request of the server file which" 
-        echo "   you can send to an official Certificate Authority (CA) in order"
-        echo "   to request a real server certificate (signed by this CA instead"
-        echo "   of our own CA) which later can replace the conf/ssl.crt/server.crt"
-        echo "   file."
-        echo ""
-        echo "Congratulations that you establish your server with real certificates."
-        echo ""
-        ;;
-
-    existing)
-        echo ""
-        echo "${T_MD}Using existing custom certificate [EXISTING]${T_ME}"
-        echo "______________________________________________________________________"
-        echo ""
-        if [ ".$crt" = . ]; then
-            echo "mkcert.sh: No certificate file given" 1>&2
-            exit 1
-        fi
-        if [ ! -f "$crt" ]; then
-            echo "mkcert.sh: Cannot find certificate file: $crt" 1>&2
-            exit 1
-        fi
-        if [ ".$key" != . ]; then
-            if [ ! -f "$key" ]; then
-                echo "mkcert.sh: Cannot find private key file: $key" 1>&2
-                exit 1
-            fi
-            cp $crt $sslcrtdir/server.crt
-            (umask 077; cp $key $sslkeydir/server.key)
-        else
-            key=$crt
-            umask 077
-            touch $sslkeydir/server.key
-            sed -e '/-----BEGIN CERTIFICATE/,/-----END CERTIFICATE/p' -e '/.*/d' \
-                <$crt >$sslcrtdir/server.crt
-            sed -e '/-----BEGIN ... PRIVATE KEY/,/-----END ... PRIVATE KEY/p' -e '/.*/d' \
-                <$key >$sslkeydir/server.key
-        fi
-        $openssl x509 -noout -in $sslcrtdir/server.crt
-        if [ $? -ne 0 ]; then
-            echo "mkcert.sh:Error: Failed to check certificate contents: $crt" 1>&2
-            exit 1
-        fi
-        if [ ".`grep 'PRIVATE KEY' $sslkeydir/server.key | grep RSA`" != . ]; then
-            algo=RSA
-        else
-            algo=DSA
-        fi
-        echo "${T_MD}RESULT: Server Certification Files${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.key/server.key${T_ME}"
-        echo "   The PEM-encoded $algo private key file which you configure"
-        echo "   with the 'SSLCertificateKeyFile' directive (automatically done"
-        echo "   when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
-        echo ""
-        echo "o  ${T_MD}conf/ssl.crt/server.crt${T_ME}"
-        echo "   The PEM-encoded X.509 certificate file which you configure"
-        echo "   with the 'SSLCertificateFile' directive (automatically done"
-        echo "   when you install via APACI)."
-        echo ""
-        echo "Congratulations that you establish your server with real certificates."
-        echo ""
-        ;;
-
-esac
-
-##EOF##
diff --git a/usr.sbin/httpd/src/support/phf_abuse_log.cgi b/usr.sbin/httpd/src/support/phf_abuse_log.cgi
deleted file mode 100644
index 9ce2749c571..00000000000
--- a/usr.sbin/httpd/src/support/phf_abuse_log.cgi
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/usr/local/bin/perl
-
-# This script can be used to detect people trying to abuse the security hole which
-# existed in A CGI script direstributed with Apache 1.0.3 and earlier versions.
-# You can redirect them to here using the "" suggestion in
-# httpd.conf.  
-#
-# The format logged to is "[date] remote_addr remote_host [date] referrer user_agent".
-
-$LOG = "/var/log/phf_log";
-
-require "ctime.pl";
-$when = &ctime(time);
-$when =~ s/\n//go;
-$ENV{HTTP_USER_AGENT} .= " via $ENV{HTTP_VIA}" if($ENV{HTTP_VIA});
-
-open(LOG, ">>$LOG") || die "boo hoo, phf_log $!";
-print LOG "[$when] $ENV{REMOTE_ADDR} $ENV{REMOTE_HOST} $ENV{$HTTP_REFERER} $ENV{HTTP_USER_AGENT}\n";
-close(LOG);
-
-print "Content-type: text/html\r\n\r\nSmile, you're on Candid Camera.\n";
diff --git a/usr.sbin/httpd/src/support/rotatelogs.8 b/usr.sbin/httpd/src/support/rotatelogs.8
deleted file mode 100644
index 99531d5bedd..00000000000
--- a/usr.sbin/httpd/src/support/rotatelogs.8
+++ /dev/null
@@ -1,113 +0,0 @@
-.\"	$OpenBSD: rotatelogs.8,v 1.9 2007/05/31 19:20:24 jmc Exp $
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" .
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: May 31 2007 $
-.Dt ROTATELOGS 8
-.Os
-.Sh NAME
-.Nm rotatelogs
-.Nd rotate Apache logs without having to kill the server
-.Sh SYNOPSIS
-.Nm rotatelogs
-.Ar logfile rotationtime Op Ar offset
-.Sh DESCRIPTION
-.Nm
-is a simple program for use in conjunction with
-.Xr httpd 8 Ns 's
-piped logfile feature which can be used like this:
-.Bd -literal -offset indent
-TransferLog "| rotatelogs /path/to/logs/access_log 86400"
-.Ed
-.Pp
-This creates the files
-.Pa /path/to/logs/access_log.nnnn
-where
-.Em nnnn
-is the system time at which the log nominally starts (this time will
-always be a multiple of the rotation time, so you can synchronize
-.Xr cron 8
-scripts with it).
-At the end of each rotation time (here, after 24 hours), a new log is
-started.
-.Pp
-The arguments are as follows:
-.Bl -tag -width rotationtime
-.It Ar logfile
-The path plus basename of the logfile.
-If
-.Ar logfile
-includes any percent characters
-.Pq Sq % ,
-it is treated as a format string for
-.Xr strftime 3 .
-Otherwise, the suffix
-.Em .nnnn
-is automatically added and is the time at which the logfile was created.
-.It Ar rotationtime
-The rotation time in seconds.
-.It Ar offset
-The number of minutes offset from UTC.
-If omitted, zero is assumed and UTC is used.
-For example, to use local time in the zone UTC \-5 hours, specify a
-value of \-300 for this argument.
-.El
-.Sh SEE ALSO
-.Xr strftime 3 ,
-.Xr cron 8 ,
-.Xr httpd 8 ,
-.Xr logresolve 8
diff --git a/usr.sbin/httpd/src/support/rotatelogs.c b/usr.sbin/httpd/src/support/rotatelogs.c
deleted file mode 100644
index 023f822aa7c..00000000000
--- a/usr.sbin/httpd/src/support/rotatelogs.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/*	$OpenBSD: rotatelogs.c,v 1.10 2008/10/06 20:50:18 mbalmer Exp $ */
-
-/*
- * Simple program to rotate Apache logs without having to kill the server.
- *
- * Contributed by Ben Laurie 
- *
- * 12 Mar 1996
- */
-
-#include 
-#include 
-#include 
-
-#include "ap_config.h"
-
-#define BUFSIZE        65536
-#define ERRMSGSZ       82
-#ifndef MAX_PATH
-#define MAX_PATH       1024
-#endif
-
-int
-main(int argc, char *argv[])
-{
-	char buf[BUFSIZE], buf2[MAX_PATH], errbuf[ERRMSGSZ];
-	time_t tLogEnd = 0, tRotation;
-	int nLogFD = -1, nLogFDprev = -1, nMessCount = 0, nRead, nWrite;
-	int utc_offset = 0;
-	int use_strftime = 0;
-	time_t now;
-	char *szLogRoot;
-
-	if (argc < 3) {
-		fprintf(stderr, "usage: %s logfile rotationtime [offset]\n\n",
-		    argv[0]);
-		fprintf(stderr, "Add this:\n\nTransferLog \"|%s /some/where "
-		    "86400\"\n\n", argv[0]);
-		fprintf(stderr,
-		    "to httpd.conf. The generated name will be /some/where.nnnn"
-		    " where nnnn is the\nsystem time at which the log nominally"
-		    " starts (N.B. this time will always be a\nmultiple of the "
-		    "rotation time, so you can synchronize cron scripts with "
-		    "it).\nAt the end of each rotation time a new log is "
-		    "started.\n");
-		exit(1);
-	}
-
-	szLogRoot = argv[1];
-	if (argc >= 4)
-		utc_offset = atoi(argv[3]) * 60;
-
-	tRotation = atoi(argv[2]);
-	if (tRotation <= 0) {
-		fprintf(stderr, "Rotation time must be > 0\n");
-		exit(6);
-	}
-
-	use_strftime = (strstr(szLogRoot, "%") != NULL);
-	for (;;) {
-		nRead = read(0, buf, sizeof buf);
-		now = time(NULL) + utc_offset;
-		if (nRead == 0)
-			exit(3);
-		if (nRead < 0)
-			if (errno != EINTR)
-				exit(4);
-		if (nLogFD >= 0 && (now >= tLogEnd || nRead < 0)) {
-			nLogFDprev = nLogFD;
-			nLogFD = -1;
-		}
-		if (nLogFD < 0) {
-			time_t tLogStart = (now / tRotation) * tRotation;
-			if (use_strftime) {
-				struct tm *tm_now;
-				tm_now = gmtime(&tLogStart);
-				strftime(buf2, sizeof(buf2), szLogRoot, tm_now);
-			} else
-				snprintf(buf2, sizeof(buf2), "%s.%010d",
-				    szLogRoot, (int)tLogStart);
-
-			tLogEnd = tLogStart + tRotation;
-			do {
-				nLogFD = open(buf2, O_WRONLY | O_CREAT |
-				    O_APPEND, 0666);
-				if (nLogFD < 0 && nLogFDprev == -1) {
-					fprintf(stderr, "rotatelogs: can't "
-					    "open %s for writing: %s\n", buf2,
-					    strerror(errno));
-					sleep(2);
-				}
-			} while (nLogFD < 0 && nLogFDprev == -1);
-			if (nLogFD < 0) {
-				/*
-				 * Uh-oh. Failed to open the new log file. Try
-				 * to clear the previous log file, note the
-				 * lost log entries, and keep on truckin'.
-				 */
-				nLogFD = nLogFDprev;
-				snprintf(errbuf, sizeof(errbuf),
-				    "Resetting log file due to error opening "
-				    "new log file. %10d messages lost.\n",
-				    nMessCount); 
-				nWrite = strlen(errbuf);
-				ftruncate(nLogFD, 0);
-				write(nLogFD, errbuf, nWrite);
-			} else
-				close(nLogFDprev);
-			nMessCount = 0;
-		}
-		do {
-			nWrite = write(nLogFD, buf, nRead);
-		} while (nWrite < 0 && errno == EINTR);
-		if (nWrite != nRead) {
-			nMessCount++;
-			snprintf(errbuf, sizeof(errbuf),
-			    "Error writing to log file. "
-			    "%10d messages lost.\n", nMessCount);
-			nWrite = strlen(errbuf);
-			ftruncate(nLogFD, 0);
-			write (nLogFD, errbuf, nWrite);
-		} else
-			nMessCount++; 
-	}
-
-	/* We never get here, but suppress the compile warning */
-	return 0;
-}
diff --git a/usr.sbin/httpd/src/support/split-logfile b/usr.sbin/httpd/src/support/split-logfile
deleted file mode 100644
index 93b918e7f37..00000000000
--- a/usr.sbin/httpd/src/support/split-logfile
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/usr/local/bin/perl
-#
-## ====================================================================
-## The Apache Software License, Version 1.1
-##
-## Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-## reserved.
-##
-## Redistribution and use in source and binary forms, with or without
-## modification, are permitted provided that the following conditions
-## are met:
-##
-## 1. Redistributions of source code must retain the above copyright
-##    notice, this list of conditions and the following disclaimer.
-##
-## 2. Redistributions in binary form must reproduce the above copyright
-##    notice, this list of conditions and the following disclaimer in
-##    the documentation and/or other materials provided with the
-##    distribution.
-##
-## 3. The end-user documentation included with the redistribution,
-##    if any, must include the following acknowledgment:
-##       "This product includes software developed by the
-##        Apache Software Foundation (http://www.apache.org/)."
-##    Alternately, this acknowledgment may appear in the software itself,
-##    if and wherever such third-party acknowledgments normally appear.
-##
-## 4. The names "Apache" and "Apache Software Foundation" must
-##    not be used to endorse or promote products derived from this
-##    software without prior written permission. For written
-##    permission, please contact apache@apache.org.
-##
-## 5. Products derived from this software may not be called "Apache",
-##    nor may "Apache" appear in their name, without prior written
-##    permission of the Apache Software Foundation.
-##
-## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-## DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-## ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-## SUCH DAMAGE.
-## ====================================================================
-##
-## This software consists of voluntary contributions made by many
-## individuals on behalf of the Apache Software Foundation.  For more
-## information on the Apache Software Foundation, please see
-## .
-##
-## Portions of this software are based upon public domain software
-## originally written at the National Center for Supercomputing Applications,
-## University of Illinois, Urbana-Champaign.
-##
-##
-
-#
-# This script will take a combined Web server access
-# log file and break its contents into separate files.
-# It assumes that the first field of each line is the
-# virtual host identity (put there by "%v"), and that
-# the logfiles should be named that+".log" in the current
-# directory.
-#
-# The combined log file is read from stdin. Records read
-# will be appended to any existing log files.
-#
-%is_open = ();
-
-while ($log_line = ) {
-    #
-    # Get the first token from the log record; it's the
-    # identity of the virtual host to which the record
-    # applies.
-    #
-    ($vhost) = split (/\s/, $log_line);
-    #
-    # Normalize the virtual host name to all lowercase.
-    # If it's blank, the request was handled by the default
-    # server, so supply a default name.  This shouldn't
-    # happen, but caution rocks.
-    #
-    $vhost = lc ($vhost) or "access";
-    #
-    # if the vhost contains a "/" or "\", it is illegal so just use 
-    # the default log to avoid any security issues due if it is interprted
-    # as a directory separator.
-    if ($vhost =~ m#[/\\]#) { $vhost = "access" }
-    #
-    # If the log file for this virtual host isn't opened
-    # yet, do it now.
-    #
-    if (! $is_open{$vhost}) {
-        open $vhost, ">>${vhost}.log"
-            or die ("Can't open ${vhost}.log");
-        $is_open{$vhost} = 1;
-    }
-    #
-    # Strip off the first token (which may be null in the
-    # case of the default server), and write the edited
-    # record to the current log file.
-    #
-    $log_line =~ s/^\S*\s+//;
-    printf $vhost "%s", $log_line;
-}
-exit 0;
diff --git a/usr.sbin/httpd/src/support/suexec.8 b/usr.sbin/httpd/src/support/suexec.8
deleted file mode 100644
index 770ca9f05fe..00000000000
--- a/usr.sbin/httpd/src/support/suexec.8
+++ /dev/null
@@ -1,111 +0,0 @@
-.\"	$OpenBSD: suexec.8,v 1.14 2008/06/07 01:59:36 jdixon Exp $
-.\" ====================================================================
-.\" The Apache Software License, Version 1.1
-.\"
-.\" Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
-.\" reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. The end-user documentation included with the redistribution,
-.\"    if any, must include the following acknowledgment:
-.\"       "This product includes software developed by the
-.\"        Apache Software Foundation (http://www.apache.org/)."
-.\"    Alternately, this acknowledgment may appear in the software itself,
-.\"    if and wherever such third-party acknowledgments normally appear.
-.\"
-.\" 4. The names "Apache" and "Apache Software Foundation" must
-.\"    not be used to endorse or promote products derived from this
-.\"    software without prior written permission. For written
-.\"    permission, please contact apache@apache.org.
-.\"
-.\" 5. Products derived from this software may not be called "Apache",
-.\"    nor may "Apache" appear in their name, without prior written
-.\"    permission of the Apache Software Foundation.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
-.\" WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This software consists of voluntary contributions made by many
-.\" individuals on behalf of the Apache Software Foundation.  For more
-.\" information on the Apache Software Foundation, please see
-.\" .
-.\"
-.\" Portions of this software are based upon public domain software
-.\" originally written at the National Center for Supercomputing Applications,
-.\" University of Illinois, Urbana-Champaign.
-.\"
-.Dd $Mdocdate: June 7 2008 $
-.Dt SUEXEC 8
-.Os
-.Sh NAME
-.Nm suexec
-.Nd switch user for Apache CGI execution
-.Sh SYNOPSIS
-.Nm suexec
-.Fl V
-.Sh DESCRIPTION
-.Nm
-is the
-.Dq wrapper
-support program for the
-.Em suexec
-behaviour for the Apache
-.Xr httpd 8
-server.
-It is run from within the server automatically to switch the user when
-an external program has to be run under a different user.
-.Pp
-The options are as follows:
-.Bl -tag -width indent
-.It Fl V
-Display the list of compile-time settings used when
-.Nm
-was built.
-No other action is taken.
-.El
-.Pp
-Because this program is only used internally by
-.Xr httpd 8 ,
-there are no other ways to directly invoke
-.Nm .
-.Pp
-In order to work correctly,
-the
-.Nm
-binary should be owned by
-.Dq root
-and have the SETUID execution bit set.
-.Ox
-currently does not install
-.Nm
-with the SETUID bit set,
-so a change of file mode is necessary to enable it:
-.Pp
-.Dl # chmod u+s /usr/sbin/suexec
-.Sh SEE ALSO
-.Xr httpd 8
-.Pp
-Apache suEXEC Support:
-.Pa /usr/share/doc/html/httpd/suexec.html
diff --git a/usr.sbin/httpd/src/support/suexec.c b/usr.sbin/httpd/src/support/suexec.c
deleted file mode 100644
index 63a7919f371..00000000000
--- a/usr.sbin/httpd/src/support/suexec.c
+++ /dev/null
@@ -1,576 +0,0 @@
-/*	$OpenBSD: suexec.c,v 1.13 2008/05/23 12:12:01 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * suexec.c -- "Wrapper" support program for suEXEC behaviour for Apache
- *
- ***********************************************************************
- *
- * NOTE! : DO NOT edit this code!!!  Unless you know what you are doing,
- *         editing this code might open up your system in unexpected 
- *         ways to would-be crackers.  Every precaution has been taken 
- *         to make this code as safe as possible; alter it at your own
- *         risk.
- *
- ***********************************************************************
- *
- *
- * Error messages in the suexec logfile are prefixed with severity values
- * similar to those used by the main server:
- *
- *  Sev     Meaning
- * emerg:  Failure of some basic system function
- * alert:  Bug in the way Apache is communicating with suexec
- * crit:   Basic information is missing, invalid, or incorrect
- * error:  Script permission/configuration error
- * warn:   
- * notice: Some issue of which the sysadmin/webmaster ought to be aware
- * info:   Normal activity message
- * debug:  Self-explanatory
- */
-
-#include "ap_config.h"
-#include 
-#include 
-#include 
-
-#include 
-
-#if defined(USE_SETUSERCONTEXT)
-#include 
-#endif
-
-#include "suexec.h"
-
-#if defined(PATH_MAX)
-#define AP_MAXPATH PATH_MAX
-#elif defined(MAXPATHLEN)
-#define AP_MAXPATH MAXPATHLEN
-#else
-#define AP_MAXPATH 8192
-#endif
-
-#define AP_ENVBUF 256
-
-extern char **environ;
-static FILE *log = NULL;
-
-char *safe_env_lst[] =
-{
-	/* variable name starts with */
-	"HTTP_",
-#ifdef MOD_SSL
-	"HTTPS=",
-	"HTTPS_",
-	"SSL_",
-#endif
-
-	/* variable name is */
-	"AUTH_TYPE=",
-	"CONTENT_LENGTH=",
-	"CONTENT_TYPE=",
-	"DATE_GMT=",
-	"DATE_LOCAL=",
-	"DOCUMENT_NAME=",
-	"DOCUMENT_PATH_INFO=",
-	"DOCUMENT_ROOT=",
-	"DOCUMENT_URI=",
-	"FILEPATH_INFO=",
-	"GATEWAY_INTERFACE=",
-	"LAST_MODIFIED=",
-	"PATH_INFO=",
-	"PATH_TRANSLATED=",
-	"QUERY_STRING=",
-	"QUERY_STRING_UNESCAPED=",
-	"REMOTE_ADDR=",
-	"REMOTE_HOST=",
-	"REMOTE_IDENT=",
-	"REMOTE_PORT=",
-	"REMOTE_USER=",
-	"REDIRECT_QUERY_STRING=",
-	"REDIRECT_STATUS=",
-	"REDIRECT_URL=",
-	"REQUEST_METHOD=",
-	"REQUEST_URI=",
-	"SCRIPT_FILENAME=",
-	"SCRIPT_NAME=",
-	"SCRIPT_URI=",
-	"SCRIPT_URL=",
-	"SERVER_ADMIN=",
-	"SERVER_NAME=",
-	"SERVER_ADDR=",
-	"SERVER_PORT=",
-	"SERVER_PROTOCOL=",
-	"SERVER_SOFTWARE=",
-	"UNIQUE_ID=",
-	"USER_NAME=",
-	"TZ=",
-	NULL
-};
-
-
-static void
-err_output(const char *fmt, va_list ap)
-{
-#ifdef LOG_EXEC
-	time_t timevar;
-	struct tm *lt;
-
-	if (!log) {
-		if ((log = fopen(LOG_EXEC, "a")) == NULL) {
-			fprintf(stderr, "failed to open log file\n");
-			perror("fopen");
-			exit(1);
-		}
-	}
-
-	time(&timevar);
-	lt = localtime(&timevar);
-
-	fprintf(log, "[%d-%.2d-%.2d %.2d:%.2d:%.2d]: ",
-	lt->tm_year + 1900, lt->tm_mon + 1, lt->tm_mday,
-	lt->tm_hour, lt->tm_min, lt->tm_sec);
-
-	vfprintf(log, fmt, ap);
-
-	fflush(log);
-#endif /* LOG_EXEC */
-	return;
-}
-
-static void
-log_err(const char *fmt,...)
-{
-#ifdef LOG_EXEC
-	va_list ap;
-
-	va_start(ap, fmt);
-	err_output(fmt, ap);
-	va_end(ap);
-#endif /* LOG_EXEC */
-	return;
-}
-
-static void
-clean_env(void)
-{
-	char pathbuf[512];
-	char **cleanenv;
-	char **ep;
-	int cidx = 0;
-	int idx;
-
-	/*
-	 *While cleaning the environment, the environment should be clean.
-	 * (e.g. malloc() may get the name of a file for writing debugging info.
-	 * Bad news if MALLOC_DEBUG_FILE is set to /etc/passwd.  Sprintf()
-	 * may be susceptible to bad locale settings....)
-	 * (from Apache 1.3 PR 2790)
-	 */
-	char **envp = environ;
-	char *empty_ptr = NULL;
-
-	environ = &empty_ptr; /* VERY safe environment */
-
-	if ((cleanenv = (char **)calloc(AP_ENVBUF, sizeof(char *))) == NULL) {
-		log_err("emerg: failed to malloc memory for environment\n");
-		exit(120);
-	}
-
-	snprintf(pathbuf, sizeof(pathbuf), "PATH=%s", SAFE_PATH);
-	cleanenv[cidx] = strdup(pathbuf);
-	cidx++;
-
-	for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
-		for (idx = 0; safe_env_lst[idx]; idx++) {
-			if (!strncmp(*ep, safe_env_lst[idx],
-			    strlen(safe_env_lst[idx]))) {
-				cleanenv[cidx] = *ep;
-				cidx++;
-				break;
-			}
-		}
-	}
-
-	cleanenv[cidx] = NULL;
-
-	environ = cleanenv;
-}
-
-int
-main(int argc, char *argv[])
-{
-	int userdir = 0;	/* ~userdir flag             */
-	uid_t uid;		/* user information          */
-	gid_t gid;		/* target group placeholder  */
-	char *target_uname;	/* target user name          */
-	char *target_gname;	/* target group name         */
-	char *target_homedir;	/* target home directory     */
-	char *actual_uname;	/* actual user name          */
-	char *actual_gname;	/* actual group name         */
-	char *prog;		/* name of this program      */
-	char *cmd;		/* command to be executed    */
-	char cwd[AP_MAXPATH];	/* current working directory */
-	char dwd[AP_MAXPATH];	/* docroot working directory */
-	struct passwd *pw;	/* password entry holder     */
-	struct group *gr;	/* group entry holder        */
-	struct stat dir_info;	/* directory info holder     */
-	struct stat prg_info;	/* program info holder       */
-
-	/* Start with a "clean" environment */
-	clean_env();
-
-	prog = argv[0];
-	/*
-	 * Check existence/validity of the UID of the user
-	 * running this program.  Error out if invalid.
-	 */
-	uid = getuid();
-	if ((pw = getpwuid(uid)) == NULL) {
-		log_err("crit: invalid uid: (%u)\n", uid);
-		exit(102);
-	}
-	/*
-	 * See if this is a 'how were you compiled' request, and
-	 * comply if so.
-	 */
-	if ((argc > 1) && (! strcmp(argv[1], "-V")) && ((uid == 0)
-	    || (! strcmp(HTTPD_USER, pw->pw_name)))) {
-#ifdef DOC_ROOT
-		fprintf(stderr, " -D DOC_ROOT=\"%s\"\n", DOC_ROOT);
-#endif
-#ifdef GID_MIN
-		fprintf(stderr, " -D GID_MIN=%d\n", GID_MIN);
-#endif
-#ifdef HTTPD_USER
-		fprintf(stderr, " -D HTTPD_USER=\"%s\"\n", HTTPD_USER);
-#endif
-#ifdef LOG_EXEC
-		fprintf(stderr, " -D LOG_EXEC=\"%s\"\n", LOG_EXEC);
-#endif
-#ifdef SAFE_PATH
-		fprintf(stderr, " -D SAFE_PATH=\"%s\"\n", SAFE_PATH);
-#endif
-#ifdef SUEXEC_UMASK
-		fprintf(stderr, " -D SUEXEC_UMASK=%03o\n", SUEXEC_UMASK);
-#endif
-#ifdef UID_MIN
-		fprintf(stderr, " -D UID_MIN=%d\n", UID_MIN);
-#endif
-#ifdef USERDIR_SUFFIX
-		fprintf(stderr, " -D USERDIR_SUFFIX=\"%s\"\n", USERDIR_SUFFIX);
-#endif
-		exit(0);
-	}
-	/*
-	 * If there are a proper number of arguments, set
-	 * all of them to variables.  Otherwise, error out.
-	 */
-	if (argc < 4) {
-		log_err("alert: too few arguments\n");
-		exit(101);
-	}
-	target_uname = argv[1];
-	target_gname = argv[2];
-	cmd = argv[3];
-
-	/*
-	 * Check to see if the user running this program
-	 * is the user allowed to do so as defined in
-	 * suexec.h.  If not the allowed user, error out.
-	 */
-	if (strcmp(HTTPD_USER, pw->pw_name)) {
-		log_err("crit: calling user mismatch (%s instead of %s)\n",
-		    pw->pw_name, HTTPD_USER);
-		exit(103);
-	}
-
-	/*
-	 * Check for a leading '/' (absolute path) in the command to be
-	 * executed, or attempts to back up out of the current directory,
-	 * to protect against attacks.  If any are
-	 * found, error out.  Naughty naughty crackers.
-	 */
-	if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3))
-	    || (strstr(cmd, "/../") != NULL)) {
-		log_err("error: invalid command (%s)\n", cmd);
-		exit(104);
-	}
-
-	/*
-	 * Check to see if this is a ~userdir request.  If
-	 * so, set the flag, and remove the '~' from the
-	 * target username.
-	 */
-	if (!strncmp("~", target_uname, 1)) {
-		target_uname++;
-		userdir = 1;
-	}
-
-	/* Error out if the target username is invalid.	*/
-	if ((pw = getpwnam(target_uname)) == NULL) {
-		log_err("crit: invalid target user name: (%s)\n", target_uname);
-		exit(105);
-	}
-
-	/* Error out if the target group name is invalid. */
-	if (strspn(target_gname, "1234567890") != strlen(target_gname)) {
-		if ((gr = getgrnam(target_gname)) == NULL) {
-			log_err("crit: invalid target group name: (%s)\n",
-			    target_gname);
-			exit(106);
-		}
-		gid = gr->gr_gid;
-		actual_gname = strdup(gr->gr_name);
-	} else {
-		gid = atoi(target_gname);
-		actual_gname = strdup(target_gname);
-	}
-
-
-	/* Save these for later since initgroups will hose the struct */
-	uid = pw->pw_uid;
-	actual_uname = strdup(pw->pw_name);
-	target_homedir = strdup(pw->pw_dir);
-
-	/*
-	 * Log the transaction here to be sure we have an open log 
-	 * before we setuid().
-	 */
-	log_err("info: (target/actual) uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
-	    target_uname, actual_uname,	target_gname, actual_gname, cmd);
-
-	/*
-	 * Error out if attempt is made to execute as root or as
-	 * a UID less than UID_MIN.  Tsk tsk.
-	 */
-	if ((uid == 0) || (uid < UID_MIN)) {
-		log_err("crit: cannot run as forbidden uid (%u/%s)\n", uid,
-		    cmd);
-		exit(107);
-	}
-
-	/*
-	 * Error out if attempt is made to execute as root group
-	 * or as a GID less than GID_MIN.  Tsk tsk.
-	 */
-	if ((gid == 0) || (gid < GID_MIN)) {
-		log_err("crit: cannot run as forbidden gid (%u/%s)\n", gid,
-		    cmd);
-		exit(108);
-	}
-
-#if defined(USE_SETUSERCONTEXT)
-	if (setusercontext(NULL, pw, uid,
-	    LOGIN_SETALL & ~(LOGIN_SETLOGIN | LOGIN_SETPATH)) != 0) {
-		log_err("emerg: failed to setusercontext (%u: %s)\n", uid, cmd);
-		exit(110);
-	}
-#else
-	/*
-	 * Change UID/GID here so that the following tests work over NFS.
-	 *
-	 * Initialize the group access list for the target user,
-	 * and setgid() to the target group. If unsuccessful, error out.
-	 */
-	if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) {
-		log_err("emerg: failed to setgid (%u: %s)\n", gid, cmd);
-		exit(109);
-	}
-
-	/* setuid() to the target user.  Error out on fail. */
-	if ((setuid(uid)) != 0) {
-		log_err("emerg: failed to setuid (%u: %s)\n", uid, cmd);
-		exit(110);
-	}
-#endif
-
-	/*
-	 * Get the current working directory, as well as the proper
-	 * document root (dependant upon whether or not it is a
-	 * ~userdir request).  Error out if we cannot get either one,
-	 * or if the current working directory is not in the docroot.
-	 * Use chdir()s and getcwd()s to avoid problems with symlinked
-	 * directories.  Yuck.
-	 */
-	if (getcwd(cwd, AP_MAXPATH) == NULL) {
-		log_err("emerg: cannot get current working directory\n");
-		exit(111);
-	}
-
-	if (userdir) {
-		if (((chdir(target_homedir)) != 0) ||
-		    ((chdir(USERDIR_SUFFIX)) != 0) ||
-		    ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
-		    ((chdir(cwd)) != 0)) {
-			log_err("emerg: cannot get docroot information (%s)\n",
-			    target_homedir);
-			exit(112);
-		}
-	} else {
-		if (((chdir(DOC_ROOT)) != 0) ||
-		    ((getcwd(dwd, AP_MAXPATH)) == NULL) ||
-		    ((chdir(cwd)) != 0)) {
-			log_err("emerg: cannot get docroot information (%s)\n",
-			    DOC_ROOT);
-			exit(113);
-		}
-	}
-
-	if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
-		log_err("error: command not in docroot (%s/%s)\n", cwd, cmd);
-		exit(114);
-	}
-
-	/* Stat the cwd and verify it is a directory, or error out. */
-	if (((lstat(cwd, &dir_info)) != 0) || !(S_ISDIR(dir_info.st_mode))) {
-		log_err("error: cannot stat directory: (%s)\n", cwd);
-		exit(115);
-	}
-
-	/* Error out if cwd is writable by others. */
-	if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) {
-		log_err("error: directory is writable by others: (%s)\n", cwd);
-		exit(116);
-	}
-
-	/* Error out if we cannot stat the program. */
-	if (((lstat(cmd, &prg_info)) != 0) || (S_ISLNK(prg_info.st_mode))) {
-		log_err("error: cannot stat program: (%s)\n", cmd);
-		exit(117);
-	}
-
-	/* Error out if the program is writable by others. */
-	if ((prg_info.st_mode & S_IWOTH) || (prg_info.st_mode & S_IWGRP)) {
-		log_err("error: file is writable by others: (%s/%s)\n", cwd,
-		    cmd);
-		exit(118);
-	}
-
-	/* Error out if the file is setuid or setgid. */
-	if ((prg_info.st_mode & S_ISUID) || (prg_info.st_mode & S_ISGID)) {
-		log_err("error: file is either setuid or setgid: (%s/%s)\n",
-		    cwd, cmd);
-		exit(119);
-	}
-
-	/*
-	 * Error out if the target name/group is different from
-	 * the name/group of the cwd or the program.
-	 */
-	if ((uid != dir_info.st_uid) ||
-	    (gid != dir_info.st_gid) ||
-	    (uid != prg_info.st_uid) ||
-	    (gid != prg_info.st_gid)) {
-		log_err("error: target uid/gid (%u/%u) mismatch "
-		    "with directory (%u/%u) or program (%u/%u)\n",
-		    uid, gid,
-		    dir_info.st_uid, dir_info.st_gid,
-		    prg_info.st_uid, prg_info.st_gid);
-		exit(120);
-	}
-	/*
-	 * Error out if the program is not executable for the user.
-	 * Otherwise, she won't find any error in the logs except for
-	 * "[error] Premature end of script headers: ..."
-	 */
-	if (!(prg_info.st_mode & S_IXUSR)) {
-		log_err("error: file has no execute permission: (%s/%s)\n",
-		    cwd, cmd);
-		exit(121);
-	}
-
-#ifdef SUEXEC_UMASK
-	/* umask() uses inverse logic; bits are CLEAR for allowed access. */
-	if ((~SUEXEC_UMASK) & 0022)
-		log_err("notice: SUEXEC_UMASK of %03o allows "
-		    "write permission to group and/or other\n", SUEXEC_UMASK);
-	umask(SUEXEC_UMASK);
-#endif /* SUEXEC_UMASK */
-
-	/* 
-	 * Be sure to close the log file so the CGI can't
-	 * mess with it.  If the exec fails, it will be reopened 
-	 * automatically when log_err is called.  Note that the log
-	 * might not actually be open if LOG_EXEC isn't defined.
-	 * However, the "log" cell isn't ifdef'd so let's be defensive
-	 * and assume someone might have done something with it
-	 * outside an ifdef'd LOG_EXEC block.
-	 */
-	if (log != NULL) {
-		fclose(log);
-		log = NULL;
-	}
-
-	/* Execute the command, replacing our image with its own. */
-	execv(cmd, &argv[3]);
-
-	/*
-	 * (I can't help myself...sorry.)
-	 *
-	 * Uh oh.  Still here.  Where's the kaboom?  There was supposed to be an
-	 * EARTH-shattering kaboom!
-	 *
-	 * Oh well, log the failure and error out.
-	 */
-	log_err("emerg: (%d)%s: exec failed (%s)\n", errno, strerror(errno),
-	    cmd);
-	exit(255);
-}
diff --git a/usr.sbin/httpd/src/support/suexec.h b/usr.sbin/httpd/src/support/suexec.h
deleted file mode 100644
index 8647309944d..00000000000
--- a/usr.sbin/httpd/src/support/suexec.h
+++ /dev/null
@@ -1,146 +0,0 @@
-/*	$OpenBSD: suexec.h,v 1.8 2008/05/23 12:12:01 mbalmer Exp $ */
-
-/* ====================================================================
- * The Apache Software License, Version 1.1
- *
- * Copyright (c) 2000-2003 The Apache Software Foundation.  All rights
- * reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- *    if any, must include the following acknowledgment:
- *       "This product includes software developed by the
- *        Apache Software Foundation (http://www.apache.org/)."
- *    Alternately, this acknowledgment may appear in the software itself,
- *    if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- *    not be used to endorse or promote products derived from this
- *    software without prior written permission. For written
- *    permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- *    nor may "Apache" appear in their name, without prior written
- *    permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation.  For more
- * information on the Apache Software Foundation, please see
- * .
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
- */
-
-/*
- * suexec.h -- user-definable variables for the suexec wrapper code.
- *             (See README.configure on how to customize these variables.)
- */
-
-
-#ifndef _SUEXEC_H
-#define _SUEXEC_H
-
-/*
- * HTTPD_USER -- Define as the username under which Apache normally
- *               runs.  This is the only user allowed to execute
- *               this program.
- */
-#ifndef HTTPD_USER
-#define HTTPD_USER "www"
-#endif
-
-/*
- * UID_MIN -- Define this as the lowest UID allowed to be a target user
- *            for suEXEC.  For most systems, 500 or 100 is common.
- */
-#ifndef UID_MIN
-#define UID_MIN 100
-#endif
-
-/*
- * GID_MIN -- Define this as the lowest GID allowed to be a target group
- *            for suEXEC.  For most systems, 100 is common.
- */
-#ifndef GID_MIN
-#define GID_MIN 100
-#endif
-
-/*
- * USERDIR_SUFFIX -- Define to be the subdirectory under users' 
- *                   home directories where suEXEC access should
- *                   be allowed.  All executables under this directory
- *                   will be executable by suEXEC as the user so 
- *                   they should be "safe" programs.  If you are 
- *                   using a "simple" UserDir directive (ie. one 
- *                   without a "*" in it) this should be set to 
- *                   the same value.  suEXEC will not work properly
- *                   in cases where the UserDir directive points to 
- *                   a location that is not the same as the user's
- *                   home directory as referenced in the passwd file.
- *
- *                   If you have VirtualHosts with a different
- *                   UserDir for each, you will need to define them to
- *                   all reside in one parent directory; then name that
- *                   parent directory here.  IF THIS IS NOT DEFINED
- *                   PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK!
- *                   See the suEXEC documentation for more detailed
- *                   information.
- */
-#ifndef USERDIR_SUFFIX
-#define USERDIR_SUFFIX "public_html"
-#endif
-
-/*
- * LOG_EXEC -- Define this as a filename if you want all suEXEC
- *             transactions and errors logged for auditing and
- *             debugging purposes.
- */
-#ifndef LOG_EXEC
-#define LOG_EXEC "/usr/local/apache/logs/cgi.log"	/* Need me? */
-#endif
-
-/*
- * DOC_ROOT -- Define as the DocumentRoot set for Apache.  This
- *             will be the only hierarchy (aside from UserDirs)
- *             that can be used for suEXEC behavior.
- */
-#ifndef DOC_ROOT
-#define DOC_ROOT "/usr/local/apache/htdocs"
-#endif
-
-/*
- * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
- *
- */
-#ifndef SAFE_PATH
-#define SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
-#endif
-
-#endif /* _SUEXEC_H */
-- 
2.20.1