| #test config derived from httpd-2.0/docs/conf/ssl-std.conf |
| |
| <IfModule @ssl_module@> |
| #base config that can be used by any SSL enabled VirtualHosts |
| AddType application/x-x509-ca-cert .crt |
| AddType application/x-pkcs7-crl .crl |
| |
| SSLSessionCache none |
| #XXX: would be nice to test these |
| #SSLSessionCache shm:@ServerRoot@/logs/ssl_scache(512000) |
| #SSLSessionCache dbm:@ServerRoot@/logs/ssl_scache |
| #SSLSessionCacheTimeout 300 |
| |
| #SSLMutex file:@ServerRoot@/logs/ssl_mutex |
| |
| SSLRandomSeed startup builtin |
| SSLRandomSeed connect builtin |
| #SSLRandomSeed startup file:/dev/random 512 |
| #SSLRandomSeed startup file:/dev/urandom 512 |
| #SSLRandomSeed connect file:/dev/random 512 |
| #SSLRandomSeed connect file:/dev/urandom 512 |
| |
| <IfModule mod_log_config.c> |
| LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b" ssl |
| CustomLog logs/ssl_request_log ssl |
| </IfModule> |
| |
| SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL |
| |
| <IfDefine TEST_SSL_PASSPHRASE_EXEC> |
| SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl |
| </IfDefine> |
| #else the default is builtin |
| <IfDefine !TEST_SSL_PASSPHRASE_EXEC> |
| SSLPassPhraseDialog builtin |
| </IfDefine> |
| |
| <IfDefine TEST_SSL_DES3_KEY> |
| SSLCertificateFile @SSLCA@/asf/certs/server_des3.crt |
| |
| SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3.pem |
| |
| # SSLCertificateFile @SSLCA@/asf/certs/server_des3_dsa.crt |
| |
| # SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3_dsa.pem |
| </IfDefine> |
| #else the default is an unencrypted key |
| <IfDefine !TEST_SSL_DES3_KEY> |
| SSLCertificateFile @SSLCA@/asf/certs/server.crt |
| |
| SSLCertificateKeyFile @SSLCA@/asf/keys/server.pem |
| |
| # SSLCertificateFile @SSLCA@/asf/certs/server_dsa.crt |
| |
| # SSLCertificateKeyFile @SSLCA@/asf/keys/server_dsa.pem |
| </IfDefine> |
| |
| #SSLCertificateChainFile @SSLCA@/asf/certs/cachain.crt |
| |
| SSLCACertificateFile @SSLCA@/asf/certs/ca.crt |
| |
| SSLCACertificatePath @ServerRoot@/conf/ssl |
| |
| SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl |
| |
| <VirtualHost @ssl_module_name@> |
| SSLEngine on |
| |
| #t/ssl/verify.t |
| Alias /verify @DocumentRoot@ |
| |
| <Location /verify> |
| SSLVerifyClient require |
| SSLVerifyDepth 10 |
| </Location> |
| |
| #t/ssl/require.t |
| Alias /require/asf @DocumentRoot@ |
| Alias /require/snakeoil @DocumentRoot@ |
| Alias /ssl-fakebasicauth @DocumentRoot@ |
| Alias /ssl-cgi @DocumentRoot@/modules/cgi |
| Alias /require-ssl-cgi @DocumentRoot@/modules/cgi |
| |
| <Location /require/asf> |
| SSLVerifyClient require |
| SSLVerifyDepth 10 |
| SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ |
| and %{SSL_CLIENT_S_DN_O} eq "ASF" \ |
| and %{SSL_CLIENT_S_DN_OU} in \ |
| {"httpd-test", "httpd", "modperl"} ) |
| </Location> |
| |
| <Location /require/snakeoil> |
| SSLVerifyClient require |
| SSLVerifyDepth 10 |
| SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ |
| and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ |
| and %{SSL_CLIENT_S_DN_OU} in \ |
| {"Staff", "CA", "Dev"} ) |
| </Location> |
| |
| <Location /ssl-cgi> |
| SSLOptions +StdEnvVars |
| </Location> |
| |
| <Location /require-ssl-cgi> |
| SSLOptions +StdEnvVars |
| SSLVerifyClient require |
| SSLVerifyDepth 10 |
| </Location> |
| |
| <IfModule mod_auth.c> |
| <Location /ssl-fakebasicauth> |
| SSLVerifyClient require |
| SSLVerifyDepth 5 |
| SSLOptions +FakeBasicAuth |
| AuthName "Snake Oil Authentication" |
| AuthType Basic |
| AuthUserFile @SSLCA@/asf/ssl.htpasswd |
| require valid-user |
| </Location> |
| </IfModule> |
| |
| </VirtualHost> |
| </IfModule> |