add a healthy selection of third-party modules to go along with the great apache rewrite ;)

6 files changed, 545 insertions, 0 deletions

diff --git a/net-www/mod_ssl/ChangeLog b/net-www/mod_ssl/ChangeLog
new file mode 100644
index 000000000000..a1d518931a8a
--- /dev/null
+++ b/net-www/mod_ssl/ChangeLog
@@ -0,0 +1,9 @@
+# ChangeLog for net-www/mod_ssl
+# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_ssl/ChangeLog,v 1.1 2002/04/09 23:57:52 woodchip Exp $
+
+*mod_ssl-2.8.8 (9 Apr 2002)
+
+  9 Apr 2002; Donny Davies <woodchip@gentoo.org> :
+
+  New package to go along with the rewritten apache ebuild.
diff --git a/net-www/mod_ssl/files/digest-mod_ssl-2.8.8 b/net-www/mod_ssl/files/digest-mod_ssl-2.8.8
new file mode 100644
index 000000000000..a66efcbff2ff
--- /dev/null
+++ b/net-www/mod_ssl/files/digest-mod_ssl-2.8.8
@@ -0,0 +1 @@
+MD5 a48e8b5878f221694983747e60973662 mod_ssl-2.8.8-1.3.24.tar.gz 752322
diff --git a/net-www/mod_ssl/files/gentestcrt.sh b/net-www/mod_ssl/files/gentestcrt.sh
new file mode 100644
index 000000000000..d1e9e11facd9
--- /dev/null
+++ b/net-www/mod_ssl/files/gentestcrt.sh
@@ -0,0 +1,242 @@
+#!/bin/sh
+##
+##  gentestcrt -- Create self-signed test certificate
+##  (C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft
+##  Based on cca.sh script by Ralf S. Engelschall
+##
+
+#   external tools
+openssl="/usr/bin/openssl"
+
+#   some optional terminal sequences
+case $TERM in
+    xterm|xterm*|vt220|vt220*)
+        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
+        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
+        ;;
+    vt100|vt100*)
+        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
+        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
+        ;;
+    default)
+        T_MD=''
+        T_ME=''
+        ;;
+esac
+
+#   find some random files
+#   (do not use /dev/random here, because this device 
+#   doesn't work as expected on all platforms)
+randfiles=''
+for file in /var/log/messages /var/adm/messages \
+            /kernel /vmunix /vmlinuz \
+            /etc/hosts /etc/resolv.conf; do
+    if [ -f $file ]; then
+        if [ ".$randfiles" = . ]; then
+            randfiles="$file"
+        else
+            randfiles="${randfiles}:$file"
+        fi
+    fi
+done
+
+
+echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}"
+echo "(C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft"
+echo "Based on cca.sh script by Ralf S. Engelschall"
+echo ""
+
+grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy
+grep -q -s DUMMY server.key && mv server.key server.key.dummy
+
+echo ""
+echo ""
+
+if [ ! -e ./server.crt -a ! -e ./server.key ];then 
+	echo "Will create server.key and server.crt in `pwd`"
+else
+	echo "server.key and server.crt already exist, dying"
+	exit
+fi
+
+echo ""
+
+
+mkdir -p /tmp/tmpssl-$$
+pushd /tmp/tmpssl-$$ > /dev/null
+
+
+    echo "${T_MD}INITIALIZATION${T_ME}"
+
+    echo ""
+    echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}"
+    echo "______________________________________________________________________"
+    echo ""
+    echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}"
+    cp /dev/null ca.rnd
+    echo '01' >ca.ser
+    if [ ".$randfiles" != . ]; then
+        $openssl genrsa -rand $randfiles -out ca.key 1024
+    else
+        $openssl genrsa -out ca.key 1024
+    fi
+    if [ $? -ne 0 ]; then
+        echo "cca:Error: Failed to generate RSA private key" 1>&2
+        exit 1
+    fi
+    echo "______________________________________________________________________"
+    echo ""
+    echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}"
+    cat >.cfg <<EOT
+[ req ]
+default_bits                    = 1024
+distinguished_name              = req_DN
+RANDFILE                        = ca.rnd
+[ req_DN ]
+countryName                     = "1. Country Name             (2 letter code)"
+#countryName_default             = CA
+#countryName_min                 = 2
+countryName_max                 = 2
+stateOrProvinceName             = "2. State or Province Name   (full name)    "
+#stateOrProvinceName_default     = "Quebec"
+localityName                    = "3. Locality Name            (eg, city)     "
+#localityName_default            = "Montreal"
+0.organizationName              = "4. Organization Name        (eg, company)  "
+0.organizationName_default      = "Apache HTTP Server"
+organizationalUnitName          = "5. Organizational Unit Name (eg, section)  "
+organizationalUnitName_default  = "For testing purposes only"
+commonName                      = "6. Common Name              (eg, CA name)  "
+commonName_max                  = 64
+commonName_default              = "localhost"
+emailAddress                    = "7. Email Address            (eg, name@FQDN)"
+emailAddress_max                = 40
+#emailAddress_default            = "root@localhost"
+EOT
+    $openssl req -config .cfg -new -key ca.key -out ca.csr
+    if [ $? -ne 0 ]; then
+        echo "cca:Error: Failed to generate certificate signing request" 1>&2
+        exit 1
+    fi
+    echo "______________________________________________________________________"
+    echo ""
+    echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}"
+    cat >.cfg <<EOT
+#extensions = x509v3
+#[ x509v3 ]
+#subjectAltName   = email:copy
+#basicConstraints = CA:true,pathlen:0
+#nsComment        = "CCA generated custom CA certificate"
+#nsCertType       = sslCA
+EOT
+    $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt
+    if [ $? -ne 0 ]; then
+        echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2
+        exit 1
+    fi
+    echo "______________________________________________________________________"
+    echo ""
+    echo "${T_MD}RESULT:${T_ME}"
+    $openssl verify ca.crt
+    if [ $? -ne 0 ]; then
+        echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
+        exit 1
+    fi
+    $openssl x509 -text -in ca.crt
+    $openssl rsa -text -in ca.key
+
+    echo "${T_MD}CERTIFICATE GENERATION${T_ME}"
+    user="server"
+
+    echo ""
+    echo "${T_MD}Generating custom USER${T_ME} [$user]"
+    echo "______________________________________________________________________"
+    echo ""
+    echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}"
+    if [ ".$randfiles" != . ]; then
+        $openssl genrsa -rand $randfiles -out $user.key 1024
+    else
+        $openssl genrsa -out $user.key 1024
+    fi
+    if [ $? -ne 0 ]; then
+        echo "cca:Error: Failed to generate RSA private key" 1>&2
+        exit 1
+    fi
+    echo "______________________________________________________________________"
+    echo ""
+    echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}"
+    cat >.cfg <<EOT
+[ req ]
+default_bits                    = 1024
+distinguished_name              = req_DN
+RANDFILE                        = ca.rnd
+[ req_DN ]
+countryName                     = "1. Country Name             (2 letter code)"
+#countryName_default             = XY
+#countryName_min                 = 2
+countryName_max                 = 2
+stateOrProvinceName             = "2. State or Province Name   (full name)    "
+#stateOrProvinceName_default     = "Unknown"
+localityName                    = "3. Locality Name            (eg, city)     "
+#localityName_default            = "Server Room"
+0.organizationName              = "4. Organization Name        (eg, company)  "
+0.organizationName_default      = "Apache HTTP Server"
+organizationalUnitName          = "5. Organizational Unit Name (eg, section)  "
+organizationalUnitName_default  = "Test Certificate"
+commonName                      = "6. Common Name              (eg, DOMAIN NAME)  "
+commonName_max                  = 64
+commonName_default              = "localhost"
+emailAddress                    = "7. Email Address            (eg, name@fqdn)"
+emailAddress_max                = 40
+#emailAddress_default            = "root@localhost"
+EOT
+    $openssl req -config .cfg -new -key $user.key -out $user.csr
+    if [ $? -ne 0 ]; then
+        echo "cca:Error: Failed to generate certificate signing request" 1>&2
+        exit 1
+    fi
+    rm -f .cfg
+    echo "______________________________________________________________________"
+    echo ""
+    echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}"
+    cat >.cfg <<EOT
+#extensions = x509v3
+#[ x509v3 ]
+#subjectAltName   = email:copy
+#basicConstraints = CA:false,pathlen:0
+#nsComment        = "CCA generated client certificate"
+#nsCertType       = client
+EOT
+    $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt
+    if [ $? -ne 0 ]; then
+        echo "cca:Error: Failed to generate X.509 certificate" 1>&2
+        exit 1
+    fi
+    caname="`$openssl x509 -noout -text -in ca.crt |\
+             grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
+    username="`$openssl x509 -noout -text -in $user.crt |\
+               grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
+#    echo "Assembling PKCS#12 package"
+#    $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12
+    echo "______________________________________________________________________"
+    echo ""
+    echo "${T_MD}RESULT:${T_ME}"
+    $openssl verify -CAfile ca.crt $user.crt
+    if [ $? -ne 0 ]; then
+        echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
+        exit 1
+    fi
+    $openssl x509 -text -in $user.crt
+    $openssl rsa -text -in $user.key
+
+
+popd >/dev/null
+
+
+rm -f /tmp/tmpssl-$$/*.csr
+rm -f /tmp/tmpssl-$$/ca.*
+chmod 400 /tmp/tmpssl-$$/*
+
+echo "Certificate creation done!"
+cp /tmp/tmpssl-$$/server.* .
+
+rm -rf /tmp/tmpssl-$$
diff --git a/net-www/mod_ssl/files/mod_ssl.conf b/net-www/mod_ssl/files/mod_ssl.conf
new file mode 100644
index 000000000000..90ff9a0219d1
--- /dev/null
+++ b/net-www/mod_ssl/files/mod_ssl.conf
@@ -0,0 +1,69 @@
+<IfModule mod_ssl.c>
+
+##--------------------------------------------------------------------------
+## Add additional SSL configuration directives which provide a
+## robust default configuration: virtual server on port 443
+## which speaks SSL.
+##--------------------------------------------------------------------------
+##
+##  SSL Support
+##
+##  When we also provide SSL we have to listen to the 
+##  standard HTTP port (see above) and to the HTTPS port
+##
+Listen 443
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog  builtin
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First either `none'
+#   or `dbm:/path/to/file' for the mechanism to use and
+#   second the expiring timeout (in seconds).
+#SSLSessionCache        none
+#SSLSessionCache         dbm:logs/ssl_scache
+SSLSessionCache        shm:logs/ssl_scache(512000)
+SSLSessionCacheTimeout  300
+
+#   Semaphore:
+#   Configure the path to the mutual explusion semaphore the
+#   SSL engine uses internally for inter-process synchronization. 
+SSLMutex  sem
+
+#   Pseudo Random Number Generator (PRNG):
+#   Configure one or more sources to seed the PRNG of the 
+#   SSL library. The seed data should be of good random quality.
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#   Logging:
+#   The home of the dedicated SSL protocol logfile. Errors are
+#   additionally duplicated in the general error log file.  Put
+#   this somewhere where it cannot be used for symlink attacks on
+#   a real server (i.e. somewhere where only root can write).
+#   Log levels are (ascending order: higher ones include lower ones):
+#   none, error, warn, info, trace, debug.
+SSLLog      logs/ssl_engine_log
+SSLLogLevel info
+
+</IfModule>
diff --git a/net-www/mod_ssl/files/ssl.default-vhost.conf b/net-www/mod_ssl/files/ssl.default-vhost.conf
new file mode 100644
index 000000000000..3f5edaec28c0
--- /dev/null
+++ b/net-www/mod_ssl/files/ssl.default-vhost.conf
@@ -0,0 +1,151 @@
+<IfModule mod_ssl.c>
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:443>
+
+#  General setup for the virtual host
+DocumentRoot /home/httpd/htdocs
+#ServerName new.host.name
+#ServerAdmin you@your.address
+ErrorLog logs/ssl-error_log
+TransferLog logs/ssl-access_log
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+#   Server Certificate:
+#   Point SSLCertificateFile at a PEM encoded certificate.  If
+#   the certificate is encrypted, then you will be prompted for a
+#   pass phrase.  Note that a kill -HUP will prompt again. A test
+#   certificate can be generated with `make certificate' under
+#   built time.
+SSLCertificateFile conf/ssl/server.crt
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.
+SSLCertificateKeyFile conf/ssl/server.key
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convinience.
+#SSLCertificateChainFile @@ServerRoot@@/conf/ssl/ssl.crt/ca.crt
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#   Note: Inside SSLCACertificatePath you need hash symlinks
+#         to point to the certificate files. Use the provided
+#         Makefile to update the hash symlinks after changes.
+#SSLCACertificatePath @@ServerRoot@@/conf/ssl/ssl.crt
+#SSLCACertificateFile @@ServerRoot@@/conf/sssl/sl.crt/ca-bundle.crt
+
+#   Certificate Revocation Lists (CRL):
+#   Set the CA revocation path where to find CA CRLs for client
+#   authentication or alternatively one huge file containing all
+#   of them (file must be PEM encoded)
+#   Note: Inside SSLCARevocationPath you need hash symlinks
+#         to point to the certificate files. Use the provided
+#         Makefile to update the hash symlinks after changes.
+#SSLCARevocationPath @@ServerRoot@@/conf/ssl/ssl.crl
+#SSLCARevocationFile @@ServerRoot@@/conf/ssl/ssl.crl/ca-bundle.crl
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   CompatEnvVars:
+#     This exports obsolete environment variables for backward compatibility
+#     to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this
+#     to provide compatibility to existing CGI scripts.
+#   StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is send or allowed to received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is send and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+RewriteEngine On
+RewriteOptions inherit
+
+</VirtualHost>                                  
+
+</IfModule>
diff --git a/net-www/mod_ssl/mod_ssl-2.8.8.ebuild b/net-www/mod_ssl/mod_ssl-2.8.8.ebuild
new file mode 100644
index 000000000000..6f30bf4799ac
--- /dev/null
+++ b/net-www/mod_ssl/mod_ssl-2.8.8.ebuild
@@ -0,0 +1,73 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# Maintainer: Donny Davies <woodchip@gentoo.org>
+# $Header: /var/cvsroot/gentoo-x86/net-www/mod_ssl/mod_ssl-2.8.8.ebuild,v 1.1 2002/04/09 23:57:52 woodchip Exp $
+
+MY_P=${P}-1.3.24
+
+DESCRIPTION="An SSL module for the Apache Web server"
+HOMEPAGE="http://www.modssl.org"
+
+S=${WORKDIR}/${MY_P}
+SRC_URI="http://www.modssl.org/source/${MY_P}.tar.gz"
+
+DEPEND="virtual/glibc >=net-www/apache-1.3.24 >=dev-libs/openssl-0.9.6c"
+
+src_unpack() {
+	unpack ${A} ; cd ${S}
+	# proper path to openssl
+	cp pkg.contrib/cca.sh pkg.contrib/cca.sh.orig
+	sed -e 's%^\(openssl=\).*%\1"/usr/bin/openssl"%' \
+		pkg.contrib/cca.sh.orig > pkg.contrib/cca.sh
+}
+
+src_compile() {
+	SSL_BASE=SYSTEM \
+	./configure \
+		--with-apxs=/usr/sbin/apxs || die "bad ./configure"
+	make || die "compile problem"
+}
+
+src_install() {
+	exeinto /usr/lib/apache-extramodules
+	doexe pkg.sslmod/libssl.so
+
+	exeinto /usr/lib/ssl/mod_ssl
+	doexe pkg.contrib/*.sh ${FILESDIR}/gentestcrt.sh
+
+	dodoc ANNOUNCE CHANGES CREDITS LICENSE NEWS README*
+	mkdir -p ${D}/usr/share/doc/${PF}/html
+	cp -a pkg.ssldoc/* ${D}/usr/share/doc/${PF}/html
+
+	insinto /etc/apache/conf/vhosts
+	doins ${FILESDIR}/ssl.default-vhost.conf
+
+	insinto /etc/apache/conf/addon-modules
+	doins ${FILESDIR}/mod_ssl.conf
+}
+
+pkg_postinst() {
+	install -d -o root -g root -m0755 ${ROOT}/etc/apache/conf/ssl
+
+	einfo
+	einfo "Execute ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config"
+	einfo "to have your apache.conf auto-updated for use with this module."
+	einfo "You should then edit your /etc/conf.d/apache file to suit."
+	einfo
+
+	cd ${ROOT}/etc/apache/conf/ssl
+	einfo "Generating self-signed test certificate in /etc/apache/conf/ssl..."
+	einfo "(Ignore any message from the yes command below)"
+	yes "" | ${ROOT}/usr/lib/ssl/mod_ssl/gentestcrt.sh >/dev/null 2>&1
+	einfo
+}
+
+pkg_config() {
+	${ROOT}/usr/sbin/apacheaddmod \
+		${ROOT}/etc/apache/conf/apache.conf \
+		extramodules/libssl.so mod_ssl.c ssl_module \
+		define=SSL addconf=conf/addon-modules/mod_ssl.conf
+
+	echo "Include  conf/vhosts/ssl.default-vhost.conf" \
+		>> ${ROOT}/etc/apache/conf/apache.conf
+}