t/conf/ssl/ssl.conf.in - httpd-tests - Git at Google

 #test config derived from httpd-2.0/docs/conf/ssl-std.conf

 <IfModule @ssl_module@>
     #base config that can be used by any SSL enabled VirtualHosts
     AddType application/x-x509-ca-cert .crt
     AddType application/x-pkcs7-crl    .crl

     SSLSessionCache        none
     #XXX: would be nice to test these
     #SSLSessionCache        shm:@ServerRoot@/logs/ssl_scache(512000)
     #SSLSessionCache        dbm:@ServerRoot@/logs/ssl_scache
     #SSLSessionCacheTimeout  300

     #SSLMutex  file:@ServerRoot@/logs/ssl_mutex

     SSLRandomSeed startup builtin
     SSLRandomSeed connect builtin
     #SSLRandomSeed startup file:/dev/random  512
     #SSLRandomSeed startup file:/dev/urandom 512
     #SSLRandomSeed connect file:/dev/random  512
     #SSLRandomSeed connect file:/dev/urandom 512

     <IfModule mod_log_config.c>
         LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b" ssl
         CustomLog logs/ssl_request_log ssl
     </IfModule>

     SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

     <IfDefine TEST_SSL_PASSPHRASE_EXEC>
         SSLPassPhraseDialog  exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl
     </IfDefine>
     #else the default is builtin
     <IfDefine !TEST_SSL_PASSPHRASE_EXEC>
         SSLPassPhraseDialog  builtin
     </IfDefine>

     <IfDefine TEST_SSL_DES3_KEY>
         SSLCertificateFile @SSLCA@/asf/certs/server_des3.crt

         SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3.pem

 #        SSLCertificateFile @SSLCA@/asf/certs/server_des3_dsa.crt

 #        SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3_dsa.pem
     </IfDefine>
     #else the default is an unencrypted key
     <IfDefine !TEST_SSL_DES3_KEY>
         SSLCertificateFile @SSLCA@/asf/certs/server.crt

         SSLCertificateKeyFile @SSLCA@/asf/keys/server.pem

 #        SSLCertificateFile @SSLCA@/asf/certs/server_dsa.crt

 #        SSLCertificateKeyFile @SSLCA@/asf/keys/server_dsa.pem
     </IfDefine>

     #SSLCertificateChainFile @SSLCA@/asf/certs/cachain.crt

     SSLCACertificateFile @SSLCA@/asf/certs/ca.crt

     SSLCACertificatePath @ServerRoot@/conf/ssl

     SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl

     <VirtualHost @ssl_module_name@>
         SSLEngine on

         #t/ssl/verify.t
         Alias /verify @DocumentRoot@

         <Location /verify>
             SSLVerifyClient require
             SSLVerifyDepth  10
         </Location>

         #t/ssl/require.t
         Alias /require/asf       @DocumentRoot@
         Alias /require/snakeoil  @DocumentRoot@
         Alias /ssl-fakebasicauth @DocumentRoot@
         Alias /ssl-cgi           @DocumentRoot@/modules/cgi
         Alias /require-ssl-cgi   @DocumentRoot@/modules/cgi

         <Location /require/asf>
             SSLVerifyClient require
             SSLVerifyDepth  10
             SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
                         and %{SSL_CLIENT_S_DN_O} eq "ASF" \
                         and %{SSL_CLIENT_S_DN_OU} in \
                              {"httpd-test", "httpd", "modperl"} )
         </Location>

         <Location /require/snakeoil>
             SSLVerifyClient require
             SSLVerifyDepth  10
             SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
                         and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
                         and %{SSL_CLIENT_S_DN_OU} in \
                              {"Staff", "CA", "Dev"} )
         </Location>

         <Location /ssl-cgi>
             SSLOptions +StdEnvVars
         </Location>

         <Location /require-ssl-cgi>
             SSLOptions +StdEnvVars
             SSLVerifyClient require
             SSLVerifyDepth  10
         </Location>

         <IfModule mod_auth.c>
             <Location /ssl-fakebasicauth>
                 SSLVerifyClient      require
                 SSLVerifyDepth       5
                 SSLOptions           +FakeBasicAuth
                 AuthName             "Snake Oil Authentication"
                 AuthType             Basic
                 AuthUserFile         @SSLCA@/asf/ssl.htpasswd
                 require              valid-user
             </Location>
         </IfModule>

     </VirtualHost>
 </IfModule>
	#test config derived from httpd-2.0/docs/conf/ssl-std.conf

	<IfModule @ssl_module@>
	#base config that can be used by any SSL enabled VirtualHosts
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl .crl

	SSLSessionCache none
	#XXX: would be nice to test these
	#SSLSessionCache shm:@ServerRoot@/logs/ssl_scache(512000)
	#SSLSessionCache dbm:@ServerRoot@/logs/ssl_scache
	#SSLSessionCacheTimeout 300

	#SSLMutex file:@ServerRoot@/logs/ssl_mutex

	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	#SSLRandomSeed startup file:/dev/random 512
	#SSLRandomSeed startup file:/dev/urandom 512
	#SSLRandomSeed connect file:/dev/random 512
	#SSLRandomSeed connect file:/dev/urandom 512

	<IfModule mod_log_config.c>
	LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b" ssl
	CustomLog logs/ssl_request_log ssl
	</IfModule>

	SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

	<IfDefine TEST_SSL_PASSPHRASE_EXEC>
	SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl
	</IfDefine>
	#else the default is builtin
	<IfDefine !TEST_SSL_PASSPHRASE_EXEC>
	SSLPassPhraseDialog builtin
	</IfDefine>

	<IfDefine TEST_SSL_DES3_KEY>
	SSLCertificateFile @SSLCA@/asf/certs/server_des3.crt

	SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3.pem

	# SSLCertificateFile @SSLCA@/asf/certs/server_des3_dsa.crt

	# SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3_dsa.pem
	</IfDefine>
	#else the default is an unencrypted key
	<IfDefine !TEST_SSL_DES3_KEY>
	SSLCertificateFile @SSLCA@/asf/certs/server.crt

	SSLCertificateKeyFile @SSLCA@/asf/keys/server.pem

	# SSLCertificateFile @SSLCA@/asf/certs/server_dsa.crt

	# SSLCertificateKeyFile @SSLCA@/asf/keys/server_dsa.pem
	</IfDefine>

	#SSLCertificateChainFile @SSLCA@/asf/certs/cachain.crt

	SSLCACertificateFile @SSLCA@/asf/certs/ca.crt

	SSLCACertificatePath @ServerRoot@/conf/ssl

	SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl

	<VirtualHost @ssl_module_name@>
	SSLEngine on

	#t/ssl/verify.t
	Alias /verify @DocumentRoot@

	<Location /verify>
	SSLVerifyClient require
	SSLVerifyDepth 10
	</Location>

	#t/ssl/require.t
	Alias /require/asf @DocumentRoot@
	Alias /require/snakeoil @DocumentRoot@
	Alias /ssl-fakebasicauth @DocumentRoot@
	Alias /ssl-cgi @DocumentRoot@/modules/cgi
	Alias /require-ssl-cgi @DocumentRoot@/modules/cgi

	<Location /require/asf>
	SSLVerifyClient require
	SSLVerifyDepth 10
	SSLRequire (%{SSL_CIPHER} !~ m/^(EXP\|NULL)-/ \
	and %{SSL_CLIENT_S_DN_O} eq "ASF" \
	and %{SSL_CLIENT_S_DN_OU} in \
	{"httpd-test", "httpd", "modperl"} )
	</Location>

	<Location /require/snakeoil>
	SSLVerifyClient require
	SSLVerifyDepth 10
	SSLRequire (%{SSL_CIPHER} !~ m/^(EXP\|NULL)-/ \
	and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
	and %{SSL_CLIENT_S_DN_OU} in \
	{"Staff", "CA", "Dev"} )
	</Location>

	<Location /ssl-cgi>
	SSLOptions +StdEnvVars
	</Location>

	<Location /require-ssl-cgi>
	SSLOptions +StdEnvVars
	SSLVerifyClient require
	SSLVerifyDepth 10
	</Location>

	<IfModule mod_auth.c>
	<Location /ssl-fakebasicauth>
	SSLVerifyClient require
	SSLVerifyDepth 5
	SSLOptions +FakeBasicAuth
	AuthName "Snake Oil Authentication"
	AuthType Basic
	AuthUserFile @SSLCA@/asf/ssl.htpasswd
	require valid-user
	</Location>
	</IfModule>

	</VirtualHost>
	</IfModule>