File: ssl_overview.html

package info (click to toggle)
libapache-mod-ssl 2.8.22-1sarge1
links: PTS
area: main
in suites: sarge
size: 3,208 kB
ctags: 1,649
sloc: ansic: 13,070; sh: 3,304; lex: 190; makefile: 99; yacc: 97; perl: 11
file content (476 lines) | stat: -rw-r--r-- 17,576 bytes
parent folder | download | duplicates (2)
<html>
<head>
<title>mod_ssl: Preface</title>

<!--
  Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.

  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions
  are met:

  1. Redistributions of source code must retain the above
     copyright notice, this list of conditions and the following
     disclaimer. 
 
  2. Redistributions in binary form must reproduce the above
     copyright notice, this list of conditions and the following
     disclaimer in the documentation and/or other materials
     provided with the distribution.
 
  3. All advertising materials mentioning features or use of this
     software must display the following acknowledgment: 
     "This product includes software developed by 
      Ralf S. Engelschall <rse@engelschall.com> for use in the
      mod_ssl project (http://www.modssl.org/)."
 
  4. The name "mod_ssl" must not be used to endorse or promote
     products derived from this software without prior written
     permission.  

  5. Redistributions of any form whatsoever must retain the
     following acknowledgment:
     "This product includes software developed by 
      Ralf S. Engelschall <rse@engelschall.com> for use in the
      mod_ssl project (http://www.modssl.org/)."
 
  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<style type="text/css"><!--
A:link {
    text-decoration: none;
    color: #6666cc;
}
A:active {
    text-decoration: none;
    color: #6666cc;
}
A:visited {
    text-decoration: none;
    color: #6666cc;
}
#sf {
    font-family: arial,helvetica;
    font-variant: normal;
    font-style: normal;
}
H1 {
    font-weight: bold;
    font-size: 24pt;
    line-height: 24pt;
    font-family: arial,helvetica;
    font-variant: normal;
    font-style: normal;
}
H2 {
    font-weight: bold;
    font-size: 18pt;
    line-height: 18pt;
    font-family: arial,helvetica;
    font-variant: normal;
    font-style: normal;
}
H3 {
    font-weight: bold;
    font-size: 14pt;
    line-height: 14pt;
    font-family: arial,helvetica;
    font-variant: normal;
    font-style: normal;
}
H4 {
    font-weight: bold;
    font-size: 12pt;
    line-height: 12pt;
    font-family: arial,helvetica;
    font-variant: normal;
    font-style: normal;
}
#H {
}
#D {
    background-color: #f0f0f0;
}
#faq {
    font-weight: bold;
    font-size: 16pt;
    line-height: 16pt;
    font-family: arial,helvetica;
    font-variant: normal;
    font-style: normal;
}
#howto {
    font-weight: bold;
    font-size: 16pt;
    line-height: 16pt;
    font-family: arial,helvetica;
    font-variant: normal;
    font-style: normal;
}
#term {
    font-weight: bold;
    font-size: 16pt;
    line-height: 16pt;
    font-family: arial,helvetica;
    font-variant: normal;
    font-style: normal;
}
--></style>
<script type="text/javascript" language="JavaScript">
<!-- Hiding the code
function ro_imgNormal(imgName) {
    if (document.images) {
        document[imgName].src = eval(imgName + '_n.src');
        self.status = '';
    }
}
function ro_imgOver(imgName, descript) {
    if (document.images) {
        document[imgName].src = eval(imgName + '_o.src');
        self.status = descript;
    }
}
// done hiding -->
</script>
<script type="text/javascript" language="JavaScript">
<!-- Hiding the code
if (document.images) {
    ro_img_prev_top_n = new Image();
    ro_img_prev_top_n.src = 'ssl_template.navbut-prev-n.gif';
    ro_img_prev_top_o = new Image();
    ro_img_prev_top_o.src = 'ssl_template.navbut-prev-s.gif';
}
// done hiding -->
</script>
<script type="text/javascript" language="JavaScript">
<!-- Hiding the code
if (document.images) {
    ro_img_prev_bot_n = new Image();
    ro_img_prev_bot_n.src = 'ssl_template.navbut-prev-n.gif';
    ro_img_prev_bot_o = new Image();
    ro_img_prev_bot_o.src = 'ssl_template.navbut-prev-s.gif';
}
// done hiding -->
</script>
<script type="text/javascript" language="JavaScript">
<!-- Hiding the code
if (document.images) {
    ro_img_next_top_n = new Image();
    ro_img_next_top_n.src = 'ssl_template.navbut-next-n.gif';
    ro_img_next_top_o = new Image();
    ro_img_next_top_o.src = 'ssl_template.navbut-next-s.gif';
}
// done hiding -->
</script>
<script type="text/javascript" language="JavaScript">
<!-- Hiding the code
if (document.images) {
    ro_img_next_bot_n = new Image();
    ro_img_next_bot_n.src = 'ssl_template.navbut-next-n.gif';
    ro_img_next_bot_o = new Image();
    ro_img_next_bot_o.src = 'ssl_template.navbut-next-s.gif';
}
// done hiding -->
</script>
</head>
<body bgcolor="#ffffff" text="#000000" link="#333399" alink="#9999ff" vlink="#000066">
<div align="center">
<table width="600" cellspacing="0" cellpadding="0" border="0" summary="">
<tr>
  <td>
      <img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="600" height="1" align="bottom" border="0"><br>
      <table width="600" cellspacing="0" cellpadding="0" summary="">
      <tr>
        <td>
        <table width="600" summary="">
        <tr>
            <td align="left" valign="bottom">
            <font face="Arial,Helvetica" size="+2"><b>mod_ssl</b></font>
            </td>
            <td align="right">
              <img src="ssl_template.head-chapter.gif" alt="Chapter" width="175" height="94"> <img src="ssl_template.head-num-1.gif" alt="1" width="74" height="89">
            </td>
        </tr>
        </table>
        </td>
      </tr>
      <tr>
        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
      </tr>
      <tr>
        <td>
           <table width="600" border="0" summary="">
           <tr>
            <td valign="top" align="left" width="250">
<a href="index.html" onmouseover="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_top'); return true" onfocus="ro_imgOver('ro_img_prev_top', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_top'); return true"><img name="ro_img_prev_top" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Cover</font>
            </td>
            <td valign="top" align="right" width="250">
<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_next_top', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_top'); return true" onfocus="ro_imgOver('ro_img_next_top', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_top'); return true"><img name="ro_img_next_top" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
            </td>
           </tr>
           </table>
         </td>
      </tr>
      <tr>
        <td>
          <br>
          <img src="ssl_template.title-over.gif" alt="Preface" width="456" height="60">
        </td>
      </tr>
      </table>
<div align="right">
<table cellspacing="0" cellpadding="0" width="300" summary="">
<tr>
<td>
<em>
``Ralf Engelschall has released an
excellent module that integrates
Apache and SSLeay.''
</em>
</td>
</tr>
<tr>
<td align="right">
<font size="-1">
Tim J. Hudson, SSLeay F.A.Q.
</font>
</td>
</tr>
</table>
</div>
<p>
<table cellspacing="0" cellpadding="0" border="0" summary="">
<tr valign="bottom">
<td>
<img src="ssl_overview.gfont000.gif" alt="T" width="34" height="34" border="0" align="left">
his module provides strong cryptography for the <A
HREF="http://www.apache.org/">Apache</A> (v1.3) webserver via the <A
HREF="http://www.netscape.com/newsref/std/SSL.html">Secure Socket Layer</A>
(SSL v2/v3) and <A HREF="http://www.consensus.com/ietf-tls/">Transport Layer
Security</A> (TLS v1) protocols by the help of the excellent SSL/TLS
implementation library <A HREF="http://www.openssl.org/">OpenSSL</A> from <A
HREF="mailto:eay@aus.rsa.com">Eric A. Young</A> and <A
HREF="mailto:tjh@cryptsoft.com">Tim Hudson</A>.
</td>
<td>
&nbsp;&nbsp;
</td>
<td>
<div align="right">
<table cellspacing="0" cellpadding="5" border="0" bgcolor="#ccccff" summary="">
<tr>
<td bgcolor="#333399">
<font face="Arial,Helvetica" color="#ccccff">
<b>Global Table Of Contents</b>
</font>
</td>
</tr>
<tr>
<td>
<font face="Arial,Helvetica" size="-1">
<b>
<a href="ssl_overview.html">Chapter 1: Preface</a><br>
<a href="ssl_intro.html">Chapter 2: Introduction</a><br>
<a href="ssl_reference.html">Chapter 3: Reference</a><br>
<a href="ssl_compat.html">Chapter 4: Compatibility</a><br>
<a href="ssl_howto.html">Chapter 5: HowTo</a><br>
<a href="ssl_faq.html">Chapter 6: F.A.Q. List</a><br>
<a href="ssl_glossary.html">Chapter 7: Glossary</a><br>
</b>
</font>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
<p>
The <A HREF="http://www.modssl.org/">mod_ssl</A> package was
created in April 1998 by <A HREF="mailto:rse@engelschall.com">Ralf S.
Engelschall</A> and was originally derived from the <A
HREF="http://www.apache-ssl.org/">Apache-SSL</A> package developed by <A
HREF="mailto:ben@algroup.co.uk">Ben Laurie</A>. It stays under a BSD-style
license which is equivalent to the license used by <A
HREF="http://www.apache.org/">The Apache Group</a> for the Apache webserver
itself. This means, in short, that you are free to use it both for commercial
and non-commercial purposes as long as you retain the authors' copyright
notices and give the proper credit.
<h2>Legalese</h2>
Although the above conditions also apply to Apache and OpenSSL in general (both
are freely available and useable software packages), you should be aware that
especially the cryptographic algorithms used inside OpenSSL stay under
certain patents and perhaps import/export/use restrictions in some countries
of the world. So whether you can actually use the combination
Apache+mod_ssl+OpenSSL in your country depends mainly on your local state laws.
The authors of neither Apache nor mod_ssl nor OpenSSL are liable for any
violations you make here.
<p>
If you're not sure what law details apply to your country you're strongly
advised to first determine them by consulting an attorney before using this
module. A lot of hints you can find in the <a
href="http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm">International Law
Crypto Survey</a> which is a really comprehensive resource on this topic. At
least two countries with heavy cryptography restrictions are well known:
In the United States (USA) it's not allowed to (re-)export mod_ssl
or OpenSSL And inside France it's not allowed to use any cryptography at all
when keys with more than 40 bits are used.
<p>
<table cellspacing="0" cellpadding="1" bgcolor="#cccccc" border="0" summary="">
<tr>
<td>
<table bgcolor="white" cellspacing="0" cellpadding="10" border="0" summary="">
<tr>
<td>
<font face="Arial,Helvetica">
This software package uses strong cryptography, so while it is created,
maintained and distributed from Germany and Switzerland (where it is legal to
do this), it falls under certain export/import and/or use restrictions in some
other parts of the world.
<p>
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL
DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD.
SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM
THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE
AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO
ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHOR OF MOD_SSL
IS NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFULLY YOURSELF, IT
IS YOUR RESPONSIBILITY.
</font>
<p>
<font face="Arial,Helvetica">
CREDIT INFORMATION:
This product includes software developed by Ben Laurie for use in the
Apache-SSL HTTP server project, software developed by Larry Wall and David
MacKenzie for use in the GNU project of the FSF and software developed by Dr.
Stephen N. Henson as a companion to OpenSSL.
</font>
</td>
</tr>
</table>
</td>
</tr>
</table>
<h2>Module Architecture</h2>
The mod_ssl package consists of the SSL module (part 1 in <a
href="#figure1">Figure 1</a>) and a set of source patches for Apache adding the
Extended API (EAPI) (part 2 in <a href="#figure1">Figure 1</a>) which is an
essential prerequisite in order to use mod_ssl. In other words: you can only
use the mod_ssl module when Apache's core code contains the Extended API. But
because when applying mod_ssl to the Apache source tree the Extended API is
also automatically added you usually don't have to think about this. It's
mainly important for package vendors who want to build separate packages for
Apache and mod_ssl. For more details on how to apply mod_ssl to the Apache
source tree please follow the <code>INSTALL</code> file in the mod_ssl
distribution.
<p>
<div align="center">
<a name="figure1"></a>
<table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
<caption align="bottom" id="sf">Figure 1: Module Architecture</caption>
<tr><td bgcolor="#cccccc">
<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
<tr><td valign="top" align="center" bgcolor="#ffffff">
<img src="ssl_overview_fig1.gif" alt="" width="382" height="281">
</td>
</tr></table>
</td></tr></table>
</div>
<h2>Module Building</h2>
The SSL module (mod_ssl) resides under the <CODE>src/modules/ssl/</CODE>
subdirectory inside the Apache source tree and is a regular Apache module. This
means that you can configure, build and install it like any other Apache module.
Usually this is done by using the APACI command
<blockquote>
<pre>
$ cd apache_1.3.x/
$ SSL_BASE=/path/to/openssl ./configure ... --enable-module=ssl
</pre>
</blockquote>
or by manually editing the <code>SSL_BASE</code> variable,
uncommenting the corresponding <code>AddModule</code> directive inside the
<code>src/Configuration</code> file and using the command
<blockquote>
<pre>
$ cd apache_1.3.x/src
$ ./Configure
</pre>
</blockquote>
for configuring. Additionally you can enable the <a
href="http://www.apache.org/docs/dso.html">Dynamic Shared Object</a> (DSO)
support for mod_ssl by either adding the <code>--enable-shared=ssl</code>
option to the APACI configure command line or by replacing the
<blockquote>
<pre>
AddModule ssl_module modules/ssl/libssl.a
</pre>
</blockquote>
line in <code>src/Configuration</code> with
<blockquote>
<pre>
SharedModule ssl_module modules/ssl/libssl.so
</pre>
</blockquote>
Building mod_ssl as a DSO is especially interesting to achieve more run-time
flexibility, i.e. you can decide whether to use SSL or not at run-time instead
of build-time. But notice that building mod_ssl as a DSO requires that your
OS/compiler supports building DSOs in the first place, and additionally that
they support linking of a DSO against a static library (libssl.a, libcrypo.a).
Not all platform support this.
      <p>
      <br>
      <table summary="">
      <tr>
        <td>
           <table width="600" border="0" summary="">
           <tr>
            <td valign="top" align="left" width="250">
<a href="index.html" onmouseover="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onmouseout="ro_imgNormal('ro_img_prev_bot'); return true" onfocus="ro_imgOver('ro_img_prev_bot', 'previous page'); return true" onblur="ro_imgNormal('ro_img_prev_bot'); return true"><img name="ro_img_prev_bot" src="ssl_template.navbut-prev-n.gif" alt="previous page" width="70" height="18" border="0"></a><br><font color="#000000">Cover</font>
            </td>
            <td valign="top" align="right" width="250">
<a href="ssl_intro.html" onmouseover="ro_imgOver('ro_img_next_bot', 'next page'); return true" onmouseout="ro_imgNormal('ro_img_next_bot'); return true" onfocus="ro_imgOver('ro_img_next_bot', 'next page'); return true" onblur="ro_imgNormal('ro_img_next_bot'); return true"><img name="ro_img_next_bot" src="ssl_template.navbut-next-n.gif" alt="next page" width="70" height="18" border="0"></a><br><font color="#000000">Introduction</font>
            </td>
           </tr>
           </table>
         </td>
      </tr>
      <tr>
        <td><img src="ssl_template.imgdot-1x1-000000.gif" alt="" width="600" height="2" align="bottom" border="0"></td>
      </tr>
      <tr>
        <td><table width="598" summary="">
        <tr>
        <td align="left"><font face="Arial,Helvetica">
        <a href="http://www.modssl.org/">mod_ssl</a> 2.8, User Manual<br>
        The Apache Interface to OpenSSL
        </font>
        </td>
        <td align="right"><font face="Arial,Helvetica">
        Copyright &copy; 1998-2001
        <a href="http://www.engelschall.com/">Ralf S. Engelschall</a><br>
        All Rights Reserved<br>
        </font>
        </td>
        </tr>
        </table>
        </td>
      </tr>
      </table>
  </td>
</tr>
</table>
</div>
</body>
</html>