Hi: We are trying to install the Apache SSL on a Solaris 2.6 machine. Our UNIX knowledge is not very good, and we are having problems understanding the installation instructions. We have the Apache-SSL readme file, which is attached below. The first few lines of the installation instructions are:
Installation ------------ 0. !!!APPLY THE ENCLOSED OpenSSL PATCH TO OpenSSL AND REBUILD AND INSTALL IT!!! 1. Get hold of OpenSSL (from the sites mentioned above), and compile it. 2. Get hold of Apache 1.3.12 (from ftp://www.apache.org/apache/dist). 3. Unpack it. What does the 0-th line mean? What is "applying" the pacth to Openssl? How can we apply the patch BEFORE getting hold of OpenSSL? Is there some basic UNIX thing that we probably do not know and therefore getting confused? Regards ------abhi <<Readme.txt>>
README for Apache-SSL/1.3.12 Ben-SSL/1.39 ----------------------------------------- (C) 1995, 1996, 1997, 1998, 1999, 2000 Ben Laurie <[EMAIL PROTECTED]> (https://www.apache-ssl.org/) These patches interface Apache to OpenSSL. For further information on Apache see: http://www.apache.org "Apache: The Definitive Guide" published by O'Reilly (http://www.ora.com). For further information on OpenSSL see: http://www.openssl.org/ REMEMBER export and/or import of crypto software or crypto hooks is illegal in many parts of the world. Prerequisites ------------- Apache 1.3.12 OpenSSL 0.9.2b or later patch 2.1 or 2.5 Files ----- ben.pgp.key.asc My PGP public key EXTRAS.SSL Documentation on extra features LICENCE.SSL A copy of the Apache-SSL licence README.SSL This file SECURITY Some thoughts about SSL and security SSLpatch A patch file to be applied to the Apache source src/modules/ssl/* Extra module for Apache SSLconf/conf/access.conf Empty (required by Apache) SSLconf/conf/httpd.conf Example configuration SSLconf/conf/srm.conf Empty (required by Apache) SSLconf/conf/mime.types A copy of the the sample mime.types (required) md5sums MD5 checksums of all files (using md5sum) md5sums.asc My detached signature of md5sums Installation ------------ 0. !!!APPLY THE ENCLOSED OpenSSL PATCH TO OpenSSL AND REBUILD AND INSTALL IT!!! 1. Get hold of OpenSSL (from the sites mentioned above), and compile it. 2. Get hold of Apache 1.3.12 (from ftp://www.apache.org/apache/dist). 3. Unpack it. 4. do "cd apache_1.3.12" 5. Unpack this distribution. 6. (Optional) Run the FixPatch script to try to fix up the OpenSSL paths in the patch. If you choose not to do this, you'll need to do some extra work in step 8. This step is only optional because its new and I'm waiting for feedback before eliminating the old methods. 7. do "patch -p1 < SSLpatch" (if you chose not to run FixPatch). 8. Proceed with standard Apache configuration. Note that you'll need to set SSL_* in src/Configuration to appropriate values, unless you did step 6. If you point to the SSLeay source tree, then you'll only need to set SSL_BASE. 9. Look at the (very brief) example configuration in SSLconf (yes, access.conf and srm.conf are supposed to be empty). 10. Make yourself a test certificate by doing "cd src; make certificate". 11. Before using this server for anything serious, read the file SECURITY. 12. Have fun! 13. Email any patches/suggestions to the address above PAYING CLOSE ATTENTION TO ANY APPLICABLE EXPORT/IMPORT LAWS. 14. If this software doesn't do what you want, and you can't or won't fix it yourself, I am available for hire. Send me email outlining what you want and I will quote. Starting Apache-SSL ------------------- In general, starting Apache-SSL is just like starting Apache, except the executable is called httpsd instead of httpd. It used to be that you had to add a sleep after firing up Apache-SSL. THIS IS NO LONGER TRUE. If you change a private key file, it is necessary to restart Apache-SSL from scratch - the key caching will otherwise cause the old version to be reused. CGI Environment Variables ------------------------- Name Value Desc ---- _____ ---- HTTPS on HTTPS is being used. HTTPS_CIPHER <string> SSL/TLS cipherspec SSL_CIPHER <string> The same as HTTPS_CIPHER SSL_PROTOCOL_VERSION <string> ? SSL_SSLEAY_VERSION <string> ? HTTPS_KEYSIZE <number> Number of bits in the session key HTTPS_SECRETKEYSIZE <number> Number of bits in the secret key SSL_CLIENT_DN <string> DN in client's certificate SSL_CLIENT_<x509> <string> Component of client's DN SSL_CLIENT_I_DN <string> DN of issuer of client's certificate SSL_CLIENT_I_<x509> <string> Component of client's issuer's DN SSL_SERVER_DN <string> DN in server's certificate SSL_SERVER_<x509> <string> Component of server's DN SSL_SERVER_I_DN <string> DN of issuer of server's certificate SSL_SERVER_I_<x509> <string> Component of server's issuer's DN SSL_CLIENT_CERT <string> Base64 encoding of client cert SSL_CLIENT_CERT_CHAIN_n <string> Base64 encoding of client cert chain where <x509> is a component of an X509 DN. Derived Works ------------- I have been asked what to do about the version string for derived works. The comment above the version string in httpd.h spells it out pretty clearly, but, to reiterate, any derived work's version string should include "Apache/x.y.z" and "Ben-SSL/x.y" in it. Compatibility ------------- This version tested only with Netscape 4.7 on Windows NT. Credits ------- Thanks to The Apache Group and the NCSA, for Apache, to Eric Young and Tim Hudson, for SSLeay, and to Baroness Camilla von Massenbach, for putting up with me. Thanks to Brad Eacker ([EMAIL PROTECTED]) for providing a port from Apache-SSL 1.1.3+1.3 to Apache 1.2b8. Ben Laurie is Technical Director of A.L. Digital Ltd., London, England, who generously support the development of Apache-SSL. See http://www.algroup.co.uk/ Sponsorship ----------- 1.2.5+1.13 was sponsored by Virgin Music Group.
