diff options
author | Luca Longinotti <chtekk@gentoo.org> | 2007-01-14 20:38:54 +0000 |
---|---|---|
committer | Luca Longinotti <chtekk@gentoo.org> | 2007-01-14 20:38:54 +0000 |
commit | e82b0a614cf2bfbfb29b47038f4f4d727ba6e90f (patch) | |
tree | 29bdd1a7aa823cd374b159eed92f4de52c61258f /net-www | |
parent | Cleanup. (diff) | |
download | gentoo-2-e82b0a614cf2bfbfb29b47038f4f4d727ba6e90f.tar.gz gentoo-2-e82b0a614cf2bfbfb29b47038f4f4d727ba6e90f.tar.bz2 gentoo-2-e82b0a614cf2bfbfb29b47038f4f4d727ba6e90f.zip |
Cleanup.
(Portage version: 2.1.2_rc4-r8)
(Unsigned Manifest commit)
Diffstat (limited to 'net-www')
-rw-r--r-- | net-www/mod_ssl/Manifest | 32 | ||||
-rw-r--r-- | net-www/mod_ssl/files/mod_ssl.conf | 70 | ||||
-rw-r--r-- | net-www/mod_ssl/files/ssl.default-vhost.conf | 156 |
3 files changed, 12 insertions, 246 deletions
diff --git a/net-www/mod_ssl/Manifest b/net-www/mod_ssl/Manifest index 70380fb84065..9a4711f639e1 100644 --- a/net-www/mod_ssl/Manifest +++ b/net-www/mod_ssl/Manifest @@ -10,28 +10,20 @@ AUX gentestcrt.sh 8801 RMD160 dc36b929ba0ee4b1640a3f9f2f3848d0c55a07d9 SHA1 2580 MD5 dd92adba34e6b36ef6fd2750869e1a18 files/gentestcrt.sh 8801 RMD160 dc36b929ba0ee4b1640a3f9f2f3848d0c55a07d9 files/gentestcrt.sh 8801 SHA256 e528d3aae1aae6d66b5df72c845ec63926bcf9bbdcb1e8f0796e7c47de4f6ceb files/gentestcrt.sh 8801 -AUX mod_ssl.conf 2460 RMD160 cf42008d13641d1c329b274c07d980062760fb91 SHA1 0597d9199589bba786f27489601d123d4d6c6dec SHA256 3296bab5ab13851e329341c605690e4e611f835dd1d4d9170c42640fb7d6ce08 -MD5 71ac46d211c8aa42c7a5e51c6165862a files/mod_ssl.conf 2460 -RMD160 cf42008d13641d1c329b274c07d980062760fb91 files/mod_ssl.conf 2460 -SHA256 3296bab5ab13851e329341c605690e4e611f835dd1d4d9170c42640fb7d6ce08 files/mod_ssl.conf 2460 -AUX ssl.default-vhost.conf 6985 RMD160 23e360bdc622ce0be9ba6b0883898939a15754c6 SHA1 a214bf1f607c393a6a83a3928892f263d20998d1 SHA256 dcd22e060c930c9473a3c6824295cfb8312f785e0e91d5cc10d40cc2c1a04206 -MD5 8270779f233bc311118f53ebce7338e7 files/ssl.default-vhost.conf 6985 -RMD160 23e360bdc622ce0be9ba6b0883898939a15754c6 files/ssl.default-vhost.conf 6985 -SHA256 dcd22e060c930c9473a3c6824295cfb8312f785e0e91d5cc10d40cc2c1a04206 files/ssl.default-vhost.conf 6985 DIST mod_ssl-2.8.25-1.3.34.tar.gz 820352 RMD160 90a3913d30c7f4d194907463125c90101005837a SHA1 150f726539d74c0d2af02e482be78bbcdb811395 SHA256 832b240157666efdbdfc1a2fd593ee4eebbc9441ec48ece8276660092b974d07 DIST mod_ssl-2.8.28-1.3.37.tar.gz 820417 RMD160 6b12c0a52fe0fbb7b91221d1cb37f93fbe59bb11 SHA1 9db2a7240e499da2b99d0df9c1a6fbae0580ba0b SHA256 76437105b5b5593a7dbd8ee45af417233897dcaf910cbc337a68b0db24e35489 -EBUILD mod_ssl-2.8.25-r10.ebuild 1804 RMD160 98a99519de9f3591275d04174e40839f0c3d1bab SHA1 cb7a00894c20e03ca8c26bf08c3ab05ec9dfd214 SHA256 3f2ddd0e141856ddb290626a5374f2d066723dbebc2b51016232f9c75aec736d -MD5 112b2cedb23d664f191c2905b782ec76 mod_ssl-2.8.25-r10.ebuild 1804 -RMD160 98a99519de9f3591275d04174e40839f0c3d1bab mod_ssl-2.8.25-r10.ebuild 1804 -SHA256 3f2ddd0e141856ddb290626a5374f2d066723dbebc2b51016232f9c75aec736d mod_ssl-2.8.25-r10.ebuild 1804 -EBUILD mod_ssl-2.8.28.ebuild 1809 RMD160 1cd15668ee958dfd281d05cdb7c6372529508a12 SHA1 9ec493085b0499e9eed06f8d8a59dc0981fe9c25 SHA256 720bac437c4d44cba76ef94e7772aaa63e791e8f6aaf093e944d20f13c40aa9f -MD5 aeb8bf01b30e22e3da4c3fefd79caa82 mod_ssl-2.8.28.ebuild 1809 -RMD160 1cd15668ee958dfd281d05cdb7c6372529508a12 mod_ssl-2.8.28.ebuild 1809 -SHA256 720bac437c4d44cba76ef94e7772aaa63e791e8f6aaf093e944d20f13c40aa9f mod_ssl-2.8.28.ebuild 1809 -MISC ChangeLog 13496 RMD160 7e08ef6e6abd0331b13067b3944036af410e1d00 SHA1 7e9c379e39463d09c8f0e35a104505d62930d9bd SHA256 5b000145594b95776aa09f396245f07ed7da314bf9e793f7b3cffb7b9078e693 -MD5 0cd0bc8460be4fbf1729f9c136461f23 ChangeLog 13496 -RMD160 7e08ef6e6abd0331b13067b3944036af410e1d00 ChangeLog 13496 -SHA256 5b000145594b95776aa09f396245f07ed7da314bf9e793f7b3cffb7b9078e693 ChangeLog 13496 +EBUILD mod_ssl-2.8.25-r10.ebuild 1862 RMD160 d9ec405145ef927fd0f9895de70bf7db8819adb7 SHA1 aa58ce89b4f8aadbe3ef3fd7b6a4c28ba0f6d682 SHA256 5f5efae413bdc37c1431a11a7d2bbd79cd9597516d206e8a2bfb57e679065367 +MD5 46bc17fb0fb84c0c6c1bb31b58b65d20 mod_ssl-2.8.25-r10.ebuild 1862 +RMD160 d9ec405145ef927fd0f9895de70bf7db8819adb7 mod_ssl-2.8.25-r10.ebuild 1862 +SHA256 5f5efae413bdc37c1431a11a7d2bbd79cd9597516d206e8a2bfb57e679065367 mod_ssl-2.8.25-r10.ebuild 1862 +EBUILD mod_ssl-2.8.28.ebuild 1868 RMD160 f6d621f86d0e68a36aa2b2d6143790b9ea8748f8 SHA1 80f4b420c9187d2d8722a4cd636c4729e50da6a9 SHA256 da39f566ac073ec7917e884789dd1ae88462a64cda43639420b8b2a41d758bb2 +MD5 167e5c715db2ee05d65a6133a5e1473c mod_ssl-2.8.28.ebuild 1868 +RMD160 f6d621f86d0e68a36aa2b2d6143790b9ea8748f8 mod_ssl-2.8.28.ebuild 1868 +SHA256 da39f566ac073ec7917e884789dd1ae88462a64cda43639420b8b2a41d758bb2 mod_ssl-2.8.28.ebuild 1868 +MISC ChangeLog 13665 RMD160 f51bdd2e315f718a6bcf0a7ff26110ca3d0d18b5 SHA1 c6eeed532477a061585c9821e77d06bb97685262 SHA256 c5aea03bd55975221066c16087de94b0ff4e0f2c3e441b2ad48fd4a3ef2120b4 +MD5 0008c7ba631e25f2b7cc56943246711e ChangeLog 13665 +RMD160 f51bdd2e315f718a6bcf0a7ff26110ca3d0d18b5 ChangeLog 13665 +SHA256 c5aea03bd55975221066c16087de94b0ff4e0f2c3e441b2ad48fd4a3ef2120b4 ChangeLog 13665 MISC metadata.xml 226 RMD160 d11ce73e47adf4b3d91309ec6489fded2f4d4e0e SHA1 fe9f7ce6f2281683065abb3255c8b731665c82ac SHA256 376a327f91f69eb96f0c1b05cc1481dd7017a0570f631a03b1f6d14d58215ca8 MD5 7272d8b6d09e3e301b6a08aa9c912eb0 metadata.xml 226 RMD160 d11ce73e47adf4b3d91309ec6489fded2f4d4e0e metadata.xml 226 diff --git a/net-www/mod_ssl/files/mod_ssl.conf b/net-www/mod_ssl/files/mod_ssl.conf deleted file mode 100644 index 454258c51a10..000000000000 --- a/net-www/mod_ssl/files/mod_ssl.conf +++ /dev/null @@ -1,70 +0,0 @@ -# $Header: /var/cvsroot/gentoo-x86/net-www/mod_ssl/files/mod_ssl.conf,v 1.4 2004/11/09 14:18:21 urilith Exp $ -<IfModule mod_ssl.c> - -##-------------------------------------------------------------------------- -## Add additional SSL configuration directives which provide a -## robust default configuration: virtual server on port 443 -## which speaks SSL. -##-------------------------------------------------------------------------- -## -## SSL Support -## -## When we also provide SSL we have to listen to the -## standard HTTP port (see above) and to the HTTPS port -## -Listen 443 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First either `none' -# or `dbm:/path/to/file' for the mechanism to use and -# second the expiring timeout (in seconds). -#SSLSessionCache none -#SSLSessionCache dbm:logs/ssl_scache -SSLSessionCache shm:/var/cache/apache/ssl_scache(512000) -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual explusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex sem - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# Logging: -# The home of the dedicated SSL protocol logfile. Errors are -# additionally duplicated in the general error log file. Put -# this somewhere where it cannot be used for symlink attacks on -# a real server (i.e. somewhere where only root can write). -# Log levels are (ascending order: higher ones include lower ones): -# none, error, warn, info, trace, debug. -SSLLog logs/ssl_engine_log -SSLLogLevel info - -</IfModule> diff --git a/net-www/mod_ssl/files/ssl.default-vhost.conf b/net-www/mod_ssl/files/ssl.default-vhost.conf deleted file mode 100644 index c66734650cc1..000000000000 --- a/net-www/mod_ssl/files/ssl.default-vhost.conf +++ /dev/null @@ -1,156 +0,0 @@ -# $Header: /var/cvsroot/gentoo-x86/net-www/mod_ssl/files/ssl.default-vhost.conf,v 1.6 2004/07/18 04:25:08 dragonheart Exp $ -<IfModule mod_ssl.c> - -<VirtualHost _default_:80> - SSLEngine off -</VirtualHost> - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:443> - -# General setup for the virtual host -DocumentRoot /var/www/localhost/htdocs -#ServerName new.host.name -#ServerAdmin you@your.address -ErrorLog logs/ssl-error_log -TransferLog logs/ssl-access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A test -# certificate can be generated with `make certificate' under -# built time. -SSLCertificateFile conf/ssl/server.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. -SSLCertificateKeyFile conf/ssl/server.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -#SSLCertificateChainFile @@ServerRoot@@/conf/ssl/ssl.crt/ca.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -# Note: Inside SSLCACertificatePath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCACertificatePath @@ServerRoot@@/conf/ssl/ssl.crt -#SSLCACertificateFile @@ServerRoot@@/conf/sssl/sl.crt/ca-bundle.crt - -# Certificate Revocation Lists (CRL): -# Set the CA revocation path where to find CA CRLs for client -# authentication or alternatively one huge file containing all -# of them (file must be PEM encoded) -# Note: Inside SSLCARevocationPath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCARevocationPath @@ServerRoot@@/conf/ssl/ssl.crl -#SSLCARevocationFile @@ServerRoot@@/conf/ssl/ssl.crl/ca-bundle.crl - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# CompatEnvVars: -# This exports obsolete environment variables for backward compatibility -# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this -# to provide compatibility to existing CGI scripts. -# StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog logs/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -RewriteEngine On -RewriteOptions inherit - -</VirtualHost> - -</IfModule> |