httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rbo...@apache.org
Subject cvs commit: httpd-2.0/docs/manual/vhosts details.html examples.html fd-limits.html.en footer.html header.html index.html.en ip-based.html mass.html name-based.html.en
Date Thu, 25 Jul 2002 21:46:42 GMT
rbowen      2002/07/25 14:46:42

  Modified:    docs/manual bind.html.en cgi_path.html.en
                        configuring.html.en content-negotiation.html.en
                        custom-error.html.en dns-caveats.html ebcdic.html
                        filter.html.en footer.html glossary.html
                        handler.html.en header.html install.html.en
                        invoking.html.en new_features_2_0.html.en
                        sections.html.en stopping.html.en suexec.html.en
                        upgrading.html.en
               docs/manual/developer API.html debugging.html
                        documenting.html footer.html header.html
                        modules.html.en
               docs/manual/faq footer.html header.html index.html
                        support.html
               docs/manual/howto cgi.html.en footer.html header.html
                        ssi.html.en
               docs/manual/misc custom_errordocs.html descriptors.html
                        fin_wait_2.html footer.html header.html index.html
                        known_client_problems.html perf-tuning.html
                        rewriteguide.html security_tips.html tutorials.html
               docs/manual/mod directive-dict.html.en footer.html
                        header.html
               docs/manual/platform netware.html perf-hp.html
                        win_service.html windows.html
               docs/manual/programs footer.html header.html index.html
                        other.html
               docs/manual/ssl footer.html header.html index.html.en
                        ssl_compat.html ssl_faq.html ssl_glossary.html
                        ssl_howto.html ssl_intro.html
               docs/manual/vhosts details.html examples.html
                        fd-limits.html.en footer.html header.html
                        index.html.en ip-based.html mass.html
                        name-based.html.en
  Log:
  Patch submitted by David Shane Holden to make docs valid xhtml.
  
  Revision  Changes    Path
  1.20      +1 -1      httpd-2.0/docs/manual/bind.html.en
  
  Index: bind.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/bind.html.en,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- bind.html.en	19 Feb 2002 14:29:51 -0000	1.19
  +++ bind.html.en	25 Jul 2002 21:46:37 -0000	1.20
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Setting which addresses and ports Apache
  +    <h1 align="center">Setting which addresses and ports Apache
       uses</h1>
   
       <p>When Apache starts, it connects to some port and address on
  
  
  
  1.9       +1 -1      httpd-2.0/docs/manual/cgi_path.html.en
  
  Index: cgi_path.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/cgi_path.html.en,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- cgi_path.html.en	22 Sep 2001 18:53:20 -0000	1.8
  +++ cgi_path.html.en	25 Jul 2002 21:46:37 -0000	1.9
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">PATH_INFO Changes in the CGI
  +    <h1 align="center">PATH_INFO Changes in the CGI
       Environment</h1>
       <hr />
   
  
  
  
  1.12      +39 -152   httpd-2.0/docs/manual/configuring.html.en
  
  Index: configuring.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/configuring.html.en,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- configuring.html.en	22 Sep 2001 18:53:20 -0000	1.11
  +++ configuring.html.en	25 Jul 2002 21:46:37 -0000	1.12
  @@ -1,62 +1,21 @@
  -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  -    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  +<html xmlns="http://www.w3.org/TR/xhtml1/strict"><head><!-- 
  +          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  +                This file is generated from xml source: DO NOT EDIT
  +          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  +        --><title>Configuration Files- Apache HTTP Server</title><link href="./style/manual.css" type="text/css" rel="stylesheet"/></head><body><blockquote><div align="center"><img src="./images/sub.gif" alt="[APACHE DOCUMENTATION]"/><h3>Apache HTTP Server Version 2.0</h3></div><h1 align="center">Apache Module
  +          Configuration Files</h1>
  +<p>This document describes the files used to configure the Apache
  +HTTP server.</p>
  +<ul><li><a href="#main">Main Configuration Files</a></li><li><a href="#syntax">Syntax of the Configuration Files</a></li><li><a href="#modules">Modules</a></li><li><a href="#scope">Scope of Directives</a></li><li><a href="#htaccess">.htaccess Files</a></li></ul><hr/><h2><a name="main">Main Configuration Files</a></h2>
  +    
  +    <table border="1"><tr><td valign="top"><strong>Related Modules</strong><br/><br/><code><a href="./mod/mod_mime.html">mod_mime</a></code><br/></td><td valign="top"><strong>Related Directives</strong><br/><br/><a href="./mod/core.html#ifdefine" class="directive"><code class="directive">&lt;IfDefine&gt;</code></a><br/><a href="./mod/core.html#include" class="directive"><code class="directive">Include</code></a><br/><a href="./mod/mod_mime.html#typesconfig" class="directive"><code class="directive">TypesConfig</code></a><br/></td></tr></table>
   
  -<html xmlns="http://www.w3.org/1999/xhtml">
  -  <head>
  -    <meta name="generator" content="HTML Tidy, see www.w3.org" />
  -
  -    <title>Configuration Files</title>
  -  </head>
  -  <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
  -
  -  <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
  -  vlink="#000080" alink="#FF0000">
  -    <!--#include virtual="header.html" -->
  -
  -    <h1 align="CENTER">Configuration Files</h1>
  -
  -    <ul>
  -      <li><a href="#main">Main Configuration Files</a></li>
  -
  -      <li><a href="#syntax">Syntax of the Configuration
  -      Files</a></li>
  -
  -      <li><a href="#modules">Modules</a></li>
  -
  -      <li><a href="#scope">Scope of Directives</a></li>
  -
  -      <li><a href="#htaccess">.htaccess Files</a></li>
  -    </ul>
  -    <hr />
  -
  -    <h2><a id="main" name="main">Main Configuration Files</a></h2>
  -
  -    <table border="1">
  -      <tr>
  -        <td valign="top"><strong>Related Modules</strong><br />
  -         <br />
  -         <a href="mod/mod_mime.html">mod_mime</a><br />
  -         </td>
  -
  -        <td valign="top"><strong>Related Directives</strong><br />
  -         <br />
  -         <a
  -        href="mod/core.html#ifdefine">&lt;IfDefine&gt;</a><br />
  -         <a href="mod/core.html#include">Include</a><br />
  -         <a
  -        href="mod/mod_mime.html#typesconfig">TypesConfig</a><br />
  -         </td>
  -      </tr>
  -    </table>
  -
  -    <p>Apache is configured by placing <a
  -    href="mod/directives.html">directives</a> in plain text
  +    <p>Apache is configured by placing <a href="mod/directives.html">directives</a> in plain text
       configuration files. The main configuration file is usually
       called <code>httpd.conf</code>. The location of this file is
       set at compile-time, but may be overridden with the
       <code>-f</code> command line flag. In addition, other
  -    configuration files may be added using the <code><a
  -    href="mod/core.html#include">Include</a></code> directive. Any
  +    configuration files may be added using the <a href="./mod/core.html#include" class="directive"><code class="directive">Include</code></a> directive. Any
       directive may be placed in any of these configuration files.
       Changes to the main configuration files are only recognized by
       Apache when it is started or restarted.</p>
  @@ -72,13 +31,10 @@
       makes automating such processes much easier.</p>
   
       <p>The server also reads a file containing mime document types;
  -    the filename is set by the <a
  -    href="mod/mod_mime.html#typesconfig">TypesConfig</a> directive,
  +    the filename is set by the <a href="./mod/mod_mime.html#typesconfig" class="directive"><code class="directive">TypesConfig</code></a> directive,
       and is <code>mime.types</code> by default.</p>
  -    <hr />
  -
  -    <h2><a id="syntax" name="syntax">Syntax of the Configuration
  -    Files</a></h2>
  +  <h2><a name="syntax">Syntax of the Configuration Files</a></h2>
  +    
   
       <p>Apache configuration files contain one directive per line.
       The back-slash "\" may be used as the last character on a line
  @@ -98,83 +54,35 @@
       without starting the server by using <code>apachectl
       configtest</code> or the <code>-t</code> command line
       option.</p>
  -    <hr />
  -
  -    <h2><a id="modules" name="modules">Modules</a></h2>
  +  <h2><a name="modules">Modules</a></h2>
  +    
   
  -    <table border="1">
  -      <tr>
  -        <td valign="top"><strong>Related Modules</strong><br />
  -         <br />
  -         <a href="mod/mod_so.html">mod_so</a><br />
  -         </td>
  -
  -        <td valign="top"><strong>Related Directives</strong><br />
  -         <br />
  -         <a href="mod/core.html#addmodule">AddModule</a><br />
  -         <a
  -        href="mod/core.html#clearmodulelist">ClearModuleList</a><br />
  -         <a
  -        href="mod/core.html#ifmodule">&lt;IfModule&gt;</a><br />
  -         <a href="mod/mod_so.html#loadmodule">LoadModule</a><br />
  -         </td>
  -      </tr>
  -    </table>
  +    <table border="1"><tr><td valign="top"><strong>Related Modules</strong><br/><br/><code><a href="./mod/mod_so.html">mod_so</a></code><br/></td><td valign="top"><strong>Related Directives</strong><br/><br/><a href="./mod/core.html#addmodule" class="directive"><code class="directive">AddModule</code></a><br/><a href="./mod/core.html#clearmodulelist" class="directive"><code class="directive">ClearModuleList</code></a><br/><a href="./mod/core.html#ifmodule" class="directive"><code class="directive">&lt;IfModule&gt;</code></a><br/><a href="./mod/mod_so.html#loadmodule" class="directive"><code class="directive">LoadModule</code></a><br/></td></tr></table>
   
       <p>Apache is a modular server. This implies that only the most
       basic functionality is included in the core server. Extended
  -    features are available through <a
  -    href="mod/index-bytype.html">modules</a> which can be loaded
  -    into Apache. By default, a <a
  -    href="mod/module-dict.html#Status">base</a> set of modules is
  +    features are available through <a href="mod/index-bytype.html">modules</a> which can be loaded
  +    into Apache. By default, a <a href="mod/module-dict.html#Status">base</a> set of modules is
       included in the server at compile-time. If the server is
       compiled to use <a href="dso.html">dynamically loaded</a>
       modules, then modules can be compiled separately and added at
  -    any time using the <a
  -    href="mod/mod_so.html#loadmodule">LoadModule</a> directive.
  +    any time using the <a href="./mod/mod_so.html#loadmodule" class="directive"><code class="directive">LoadModule</code></a>
  +    directive.
       Otherwise, Apache must be recompiled to add or remove modules.
       Configuration directives may be included conditional on a
  -    presence of a particular module by enclosing them in an <a
  -    href="mod/core.html#ifmodule">&lt;IfModule&gt;</a> block.</p>
  +    presence of a particular module by enclosing them in an<a href="./mod/core.html#ifmodule" class="directive"><code class="directive">&lt;IfModule&gt;</code></a> block.</p>
   
       <p>To see which modules are currently compiled into the server,
       you can use the <code>-l</code> command line option.</p>
  -    <hr />
  +  <h2><a name="scope">Scope of Directives</a></h2>
  +    
   
  -    <h2><a id="scope" name="scope">Scope of Directives</a></h2>
  -
  -    <table border="1">
  -      <tr>
  -        <td valign="top"><strong>Related Directives</strong><br />
  -         <br />
  -         <a
  -        href="mod/core.html#directory">&lt;Directory&gt;</a><br />
  -         <a
  -        href="mod/core.html#directorymatch">&lt;DirectoryMatch&gt;</a><br />
  -         <a href="mod/core.html#files">&lt;Files&gt;</a><br />
  -         <a
  -        href="mod/core.html#filesmatch">&lt;FilesMatch&gt;</a><br />
  -         <a
  -        href="mod/core.html#location">&lt;Location&gt;</a><br />
  -         <a
  -        href="mod/core.html#locationmatch">&lt;LocationMatch&gt;</a><br />
  -         <a
  -        href="mod/core.html#virtualhost">&lt;VirtualHost&gt;</a><br />
  -         </td>
  -      </tr>
  -    </table>
  +    <table border="1"><tr><td valign="top"><strong>Related Modules</strong><br/><br/></td><td valign="top"><strong>Related Directives</strong><br/><br/><a href="./mod/core.html#directory" class="directive"><code class="directive">&lt;Directory&gt;</code></a><br/><a href="./mod/core.html#directorymatch" class="directive"><code class="directive">&lt;DirectoryMatch&gt;</code></a><br/><a href="./mod/core.html#files" class="directive"><code class="directive">&lt;Files&gt;</code></a><br/><a href="./mod/core.html#filesmatch" class="directive"><code class="directive">&lt;FilesMatch&gt;</code></a><br/><a href="./mod/core.html#location" class="directive"><code class="directive">&lt;Location&gt;</code></a><br/><a href="./mod/core.html#locationmatch" class="directive"><code class="directive">&lt;LocationMatch&gt;</code></a><br/><a href="./mod/core.html#virtualhost" class="directive"><code class="directive">&lt;VirtualHost&gt;</code></a><br/></td></tr></table>
   
       <p>Directives placed in the main configuration files apply to
       the entire server. If you wish to change the configuration for
       only a part of the server, you can scope your directives by
  -    placing them in <code><a
  -    href="mod/core.html#directory">&lt;Directory&gt;</a>, <a
  -    href="mod/core.html#directorymatch">&lt;DirectoryMatch&gt;</a>,
  -    <a href="mod/core.html#files">&lt;Files&gt;</a>, <a
  -    href="mod/core.html#filesmatch">&lt;FilesMatch&gt;</a>, <a
  -    href="mod/core.html#location">&lt;Location&gt;</a>,</code> and
  -    <code><a
  -    href="mod/core.html#locationmatch">&lt;LocationMatch&gt;</a></code>
  +    placing them in <a href="./mod/core.html#directory" class="directive"><code class="directive">&lt;Directory&gt;</code></a>, <a href="./mod/core.html#directorymatch" class="directive"><code class="directive">&lt;DirectoryMatch&gt;</code></a>, <a href="./mod/core.html#files" class="directive"><code class="directive">&lt;Files&gt;</code></a>, <a href="./mod/core.html#filesmatch" class="directive"><code class="directive">&lt;FilesMatch&gt;</code></a>, <a href="./mod/core.html#location" class="directive"><code class="directive">&lt;Location&gt;</code></a>, and <a href="./mod/core.html#locationmatch" class="directive"><code class="directive">&lt;LocationMatch&gt;</code></a>
       sections. These sections limit the application of the
       directives which they enclose to particular filesystem
       locations or URLs. They can also be nested, allowing for very
  @@ -183,8 +91,7 @@
       <p>Apache has the capability to serve many different websites
       simultaneously. This is called <a href="vhosts/">Virtual
       Hosting</a>. Directives can also be scoped by placing them
  -    inside <code><a
  -    href="mod/core.html#virtualhost">&lt;VirtualHost&gt;</a></code>
  +    inside <a href="./mod/core.html#virtualhost" class="directive"><code class="directive">&lt;VirtualHost&gt;</code></a>
       sections, so that they will only apply to requests for a
       particular website.</p>
   
  @@ -192,32 +99,18 @@
       sections, some directives do not make sense in some contexts.
       For example, directives controlling process creation can only
       be placed in the main server context. To find which directives
  -    can be placed in which sections, check the <a
  -    href="mod/directive-dict.html#Context">Context</a> of the
  -    directive. For further information, we provide details on <a
  -    href="sections.html">How Directory, Location and Files sections
  +    can be placed in which sections, check the <a href="mod/directive-dict.html#Context">Context</a> of the
  +    directive. For further information, we provide details on <a href="sections.html">How Directory, Location and Files sections
       work</a>.</p>
  -    <hr />
  -
  -    <h2><a id="htaccess" name="htaccess">.htaccess Files</a></h2>
  +  <h2><a name="htaccess">.htaccess Files</a></h2>
  +    
   
  -    <table border="1">
  -      <tr>
  -        <td valign="top"><strong>Related Directives</strong><br />
  -         <br />
  -         <a
  -        href="mod/core.html#accessfilename">AccessFileName</a><br />
  -         <a
  -        href="mod/core.html#allowoverride">AllowOverride</a><br />
  -         </td>
  -      </tr>
  -    </table>
  +    <table border="1"><tr><td valign="top"><strong>Related Modules</strong><br/><br/></td><td valign="top"><strong>Related Directives</strong><br/><br/><a href="./mod/core.html#accessfilename" class="directive"><code class="directive">AccessFileName</code></a><br/><a href="./mod/core.html#allowoverride" class="directive"><code class="directive">AllowOverride</code></a><br/></td></tr></table>
   
       <p>Apache allows for decentralized management of configuration
       via special files placed inside the web tree. The special files
       are usually called <code>.htaccess</code>, but any name can be
  -    specified in the <a
  -    href="mod/core.html#accessfilename"><code>AccessFileName</code></a>
  +    specified in the <a href="./mod/core.html#accessfilename" class="directive"><code class="directive">AccessFileName</code></a>
       directive. Directives placed in <code>.htaccess</code> files
       apply to the directory where you place the file, and all
       sub-directories. The <code>.htaccess</code> files follow the
  @@ -226,19 +119,13 @@
       made in these files take immediate effect.</p>
   
       <p>To find which directives can be placed in
  -    <code>.htaccess</code> files, check the <a
  -    href="mod/directive-dict.html#Context">Context</a> of the
  +    <code>.htaccess</code> files, check the <a href="mod/directive-dict.html#Context">Context</a> of the
       directive. The server administrator further controls what
       directives may be placed in <code>.htaccess</code> files by
  -    configuring the <a
  -    href="mod/core.html#allowoverride"><code>AllowOverride</code></a>
  +    configuring the <a href="./mod/core.html#allowoverride" class="directive"><code class="directive">AllowOverride</code></a>
       directive in the main configuration files.</p>
   
       <p>For more information on <code>.htaccess</code> files, see
  -    Ken Coar's tutorial on <a
  -    href="http://apache-server.com/tutorials/ATusing-htaccess.html">
  +    Ken Coar's tutorial on <a href="http://apache-server.com/tutorials/ATusing-htaccess.html">
       Using .htaccess Files with Apache</a>.</p>
  -    <!--#include virtual="footer.html" -->
  -  </body>
  -</html>
  -
  +  </blockquote><h3 align="center">Apache HTTP Server Version 2.0</h3><a href="./"><img src="./images/index.gif" alt="Index"/></a><a href="./"><img src="./images/home.gif" alt="Home"/></a></body></html>
  \ No newline at end of file
  
  
  
  1.31      +2 -2      httpd-2.0/docs/manual/content-negotiation.html.en
  
  Index: content-negotiation.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/content-negotiation.html.en,v
  retrieving revision 1.30
  retrieving revision 1.31
  diff -u -r1.30 -r1.31
  --- content-negotiation.html.en	11 Jun 2002 10:29:25 -0000	1.30
  +++ content-negotiation.html.en	25 Jul 2002 21:46:37 -0000	1.31
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Content Negotiation</h1>
  +    <h1 align="center">Content Negotiation</h1>
   
       <p>Apache's supports content negotiation as described in
       the HTTP/1.1 specification. It can choose the best
  @@ -606,7 +606,7 @@
       <tt>CacheNegotiatedDocs</tt> can be used to allow caching of
       responses which were subject to negotiation. This directive can
       be given in the server config or virtual host, and takes no
  -    arguments. It has no effect on requests from HTTP/1.1 clients. 
  +    arguments. It has no effect on requests from HTTP/1.1 clients.</p>
   
       <h2>More Information</h2>
   
  
  
  
  1.16      +1 -1      httpd-2.0/docs/manual/custom-error.html.en
  
  Index: custom-error.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/custom-error.html.en,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- custom-error.html.en	22 Sep 2001 18:53:20 -0000	1.15
  +++ custom-error.html.en	25 Jul 2002 21:46:37 -0000	1.16
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Custom error responses</h1>
  +    <h1 align="center">Custom error responses</h1>
   
       <dl>
         <dt>Purpose</dt>
  
  
  
  1.13      +3 -3      httpd-2.0/docs/manual/dns-caveats.html
  
  Index: dns-caveats.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/dns-caveats.html,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- dns-caveats.html	22 Sep 2001 18:53:20 -0000	1.12
  +++ dns-caveats.html	25 Jul 2002 21:46:37 -0000	1.13
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Issues Regarding DNS and Apache</h1>
  +    <h1 align="center">Issues Regarding DNS and Apache</h1>
   
       <p>This page could be summarized with the statement: <em>don't
       require Apache to use DNS for any parsing of the configuration
  @@ -210,8 +210,8 @@
       a webserver has no requirement to do DNS lookups during
       configuration. But as of March 1997 these features have not
       been deployed widely enough to be put into use on critical
  -    webservers. <!--#include virtual="footer.html" -->
  -    </p>
  +    webservers.</p>
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
   
  
  
  
  1.13      +90 -90    httpd-2.0/docs/manual/ebcdic.html
  
  Index: ebcdic.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/ebcdic.html,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- ebcdic.html	24 Jan 2002 23:47:30 -0000	1.12
  +++ ebcdic.html	25 Jul 2002 21:46:38 -0000	1.13
  @@ -20,7 +20,7 @@
         relevant, but please use it with care.
       </blockquote>
   
  -    <h1 align="CENTER">Overview of the Apache EBCDIC Port</h1>
  +    <h1 align="center">Overview of the Apache EBCDIC Port</h1>
   
       <p>Version 1.3 of the Apache HTTP Server is the first version
       which includes a port to a (non-ASCII) mainframe machine which
  @@ -52,7 +52,7 @@
       <p>This document serves as a rationale to describe some of the
       design decisions of the port to this machine.</p>
   
  -    <h2 align="CENTER">Design Goals</h2>
  +    <h2 align="center">Design Goals</h2>
   
       <p>One objective of the EBCDIC port was to maintain enough
       backwards compatibility with the (EBCDIC) CERN server to make
  @@ -68,7 +68,7 @@
       problem by defining an "ebcdic-handler" for all documents which
       must be converted.</p>
   
  -    <h2 align="CENTER">Technical Solution</h2>
  +    <h2 align="center">Technical Solution</h2>
   
       <p>Since all Apache input and output is based upon the BUFF
       data type and its methods, the easiest solution was to add the
  @@ -100,7 +100,7 @@
        <br />
        
   
  -    <h2 align="CENTER">Porting Notes</h2>
  +    <h2 align="center">Porting Notes</h2>
   
       <ol>
         <li>
  @@ -242,9 +242,9 @@
        <br />
        
   
  -    <h2 align="CENTER">Document Storage Notes</h2>
  +    <h2 align="center">Document Storage Notes</h2>
   
  -    <h3 align="CENTER">Binary Files</h3>
  +    <h3 align="center">Binary Files</h3>
   
       <p>All files with a <samp>Content-Type:</samp> which does not
       start with <samp>text/</samp> are regarded as <em>binary
  @@ -258,22 +258,22 @@
       <samp>rcp&nbsp;-b</samp> command from the mainframe host (the
       -b switch is not supported in unix rcp's).</p>
   
  -    <h3 align="CENTER">Text Documents</h3>
  +    <h3 align="center">Text Documents</h3>
   
       <p>The default assumption of the server is that Text Files
       (<em>i.e.</em>, all files whose <samp>Content-Type:</samp>
       starts with <samp>text/</samp>) are stored in the native
       character set of the host, EBCDIC.</p>
   
  -    <h3 align="CENTER">Server Side Included Documents</h3>
  +    <h3 align="center">Server Side Included Documents</h3>
   
       <p>SSI documents must currently be stored in EBCDIC only. No
       provision is made to convert it from ASCII before
       processing.</p>
   
  -    <h2 align="CENTER">Apache Modules' Status</h2>
  +    <h2 align="center">Apache Modules' Status</h2>
   
  -    <table border="1" align="middle">
  +    <table border="1" align="center">
         <tr>
           <th>Module</th>
   
  @@ -283,318 +283,318 @@
         </tr>
   
         <tr>
  -        <td align="LEFT">http_core</td>
  +        <td align="left">http_core</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_access</td>
  +        <td align="left">mod_access</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_actions</td>
  +        <td align="left">mod_actions</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_alias</td>
  +        <td align="left">mod_alias</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_asis</td>
  +        <td align="left">mod_asis</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_auth</td>
  +        <td align="left">mod_auth</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_auth_anon</td>
  +        <td align="left">mod_auth_anon</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_auth_dbm</td>
  +        <td align="left">mod_auth_dbm</td>
   
  -        <td align="CENTER">?</td>
  +        <td align="center">?</td>
   
           <td>with own libdb.a</td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_autoindex</td>
  +        <td align="left">mod_autoindex</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_cern_meta</td>
  +        <td align="left">mod_cern_meta</td>
   
  -        <td align="CENTER">?</td>
  +        <td align="center">?</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_cgi</td>
  +        <td align="left">mod_cgi</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_digest</td>
  +        <td align="left">mod_digest</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_dir</td>
  +        <td align="left">mod_dir</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_so</td>
  +        <td align="left">mod_so</td>
   
  -        <td align="CENTER">-</td>
  +        <td align="center">-</td>
   
           <td>no shared libs</td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_env</td>
  +        <td align="left">mod_env</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_example</td>
  +        <td align="left">mod_example</td>
   
  -        <td align="CENTER">-</td>
  +        <td align="center">-</td>
   
           <td>(test bed only)</td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_expires</td>
  +        <td align="left">mod_expires</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_headers</td>
  +        <td align="left">mod_headers</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_imap</td>
  +        <td align="left">mod_imap</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_include</td>
  +        <td align="left">mod_include</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_info</td>
  +        <td align="left">mod_info</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_log_agent</td>
  +        <td align="left">mod_log_agent</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_log_config</td>
  +        <td align="left">mod_log_config</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_log_referer</td>
  +        <td align="left">mod_log_referer</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_mime</td>
  +        <td align="left">mod_mime</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_mime_magic</td>
  +        <td align="left">mod_mime_magic</td>
   
  -        <td align="CENTER">?</td>
  +        <td align="center">?</td>
   
           <td>not ported yet</td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_negotiation</td>
  +        <td align="left">mod_negotiation</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_proxy</td>
  +        <td align="left">mod_proxy</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_rewrite</td>
  +        <td align="left">mod_rewrite</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>untested</td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_setenvif</td>
  +        <td align="left">mod_setenvif</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_speling</td>
  +        <td align="left">mod_speling</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_status</td>
  +        <td align="left">mod_status</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_unique_id</td>
  +        <td align="left">mod_unique_id</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_userdir</td>
  +        <td align="left">mod_userdir</td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>
           </td>
         </tr>
   
         <tr>
  -        <td align="LEFT">mod_usertrack</td>
  +        <td align="left">mod_usertrack</td>
   
  -        <td align="CENTER">?</td>
  +        <td align="center">?</td>
   
           <td>untested</td>
         </tr>
       </table>
   
  -    <h2 align="CENTER">Third Party Modules' Status</h2>
  +    <h2 align="center">Third Party Modules' Status</h2>
   
  -    <table border="1" align="middle">
  +    <table border="1" align="center">
         <tr>
           <th>Module</th>
   
  @@ -604,40 +604,40 @@
         </tr>
   
         <tr>
  -        <td align="LEFT"><a
  +        <td align="left"><a
           href="http://java.apache.org/">mod_jserv</a> </td>
   
  -        <td align="CENTER">-</td>
  +        <td align="center">-</td>
   
           <td>JAVA still being ported.</td>
         </tr>
   
         <tr>
  -        <td align="LEFT"><a href="http://www.php.net/">mod_php3</a>
  +        <td align="left"><a href="http://www.php.net/">mod_php3</a>
           </td>
   
  -        <td align="CENTER">+</td>
  +        <td align="center">+</td>
   
           <td>mod_php3 runs fine, with LDAP and GD and FreeType
           libraries</td>
         </tr>
   
         <tr>
  -        <td align="LEFT"><a
  +        <td align="left"><a
           href="http://hpwww.ec-lyon.fr/~vincent/apache/mod_put.html">
           mod_put</a> </td>
   
  -        <td align="CENTER">?</td>
  +        <td align="center">?</td>
   
           <td>untested</td>
         </tr>
   
         <tr>
  -        <td align="LEFT"><a
  +        <td align="left"><a
           href="ftp://hachiman.vidya.com/pub/apache/">mod_session</a>
           </td>
   
  -        <td align="CENTER">-</td>
  +        <td align="center">-</td>
   
           <td>untested</td>
         </tr>
  
  
  
  1.9       +1 -1      httpd-2.0/docs/manual/filter.html.en
  
  Index: filter.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/filter.html.en,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- filter.html.en	24 Jun 2002 13:21:35 -0000	1.8
  +++ filter.html.en	25 Jul 2002 21:46:38 -0000	1.9
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Filters</h1>
  +    <h1 align="center">Filters</h1>
   
       <table border="1">
         <tr>
  
  
  
  1.8       +1 -1      httpd-2.0/docs/manual/footer.html
  
  Index: footer.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/footer.html,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- footer.html	15 Jan 2002 01:47:59 -0000	1.7
  +++ footer.html	25 Jul 2002 21:46:38 -0000	1.8
  @@ -1,6 +1,6 @@
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
  +    <h3 align="center">Apache HTTP Server Version 2.0</h3>
       <a href="./"><img src="images/index.gif" alt="Index" /></a>
   
   
  
  
  
  1.2       +8 -8      httpd-2.0/docs/manual/glossary.html
  
  Index: glossary.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/glossary.html,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- glossary.html	21 Jul 2002 18:28:53 -0000	1.1
  +++ glossary.html	25 Jul 2002 21:46:38 -0000	1.2
  @@ -9,7 +9,7 @@
   <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000"> 
   <!--#include virtual="header.html" -->
   
  -<h1 align="CENTER">Glossary</h1>
  +<h1 align="center">Glossary</h1>
   
   
   
  @@ -147,7 +147,7 @@
   resolve to an IP address. For example, <code>www</code> is a hostname,
   <code>whatever.com</code> is a domain name, and
   <code>www.whatever.com</code> is a fully-qualified domain name.<br
  -/><br /></dt>
  +/><br /></dd>
   
   <dt><a name="handler">Handler</a></dt> <dd>An internal Apache
   representation of the action to be performed when a file is
  @@ -238,7 +238,7 @@
   <dd>The unencrypted text.<br /><br /></dd>
   
   <dt><a name="privatekey">Private Key</a></dt> <dd>The secret key in a
  -<a name="#publickeycryptography">Public Key Cryptography</a> system,
  +<a name="publickeycryptography">Public Key Cryptography</a> system,
   used to decrypt incoming messages and sign outgoing ones.<br />
   See: <a href="ssl/">SSL/TLS Encryption</a><br /><br /></dd>
   
  @@ -249,10 +249,10 @@
   client.  If several clients request the same content, the proxy
   can deliver that content from its cache, rather than requesting it
   from the origin server each time, thereby reducing response time.<br />
  -See: <a href="mod/mod_proxy.html">mod_proxy</a><br /><br /></dt>
  +See: <a href="mod/mod_proxy.html">mod_proxy</a><br /><br /></dd>
   
   <dt><a name="publickey">Public Key</a></dt> <dd>The publically
  -available key in a <a name="#publickeycryptography">Public Key
  +available key in a <a name="publickeycryptography">Public Key
   Cryptography</a> system, used to encrypt messages bound for its owner
   and to decrypt signatures made by its owner.<br />
   See: <a href="ssl/">SSL/TLS Encryption</a><br /><br /></dd>
  @@ -279,7 +279,7 @@
   href="#proxy">proxy</a> server that appears to the client as if it is
   an <em>origin server</em>.  This is useful to hide the real origin
   server from the client for security reasons, or to load balance.<br
  -/><br /></dt>
  +/><br /></dd>
   
   <dt><a name="securesocketslayer">Secure Sockets Layer</a> <a
   name="ssl">(SSL)</a></dt> <dd>A protocol created by Netscape
  @@ -341,11 +341,11 @@
   
   <dt><a name="x.509">X.509</a></dt> <dd>An authentication certificate
   scheme recommended by the International Telecommunication Union
  -(ITU-T) which is used for SSL/TLS authentication.<br > See: <a
  +(ITU-T) which is used for SSL/TLS authentication.<br /> See: <a
   href="ssl/">SSL/TLS Encryption</a><br /><br /></dd>
   
   </dl>
   
  -<p><!--#include virtual="footer.html" --> </p>
  +<!--#include virtual="footer.html" -->
     </body>
   </html>
  
  
  
  1.25      +1 -1      httpd-2.0/docs/manual/handler.html.en
  
  Index: handler.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/handler.html.en,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- handler.html.en	7 Jun 2002 01:43:52 -0000	1.24
  +++ handler.html.en	25 Jul 2002 21:46:38 -0000	1.25
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Apache's Handler Use</h1>
  +    <h1 align="center">Apache's Handler Use</h1>
   
       <ul>
         <li><a href="#definition">What is a Handler</a></li>
  
  
  
  1.8       +1 -1      httpd-2.0/docs/manual/header.html
  
  Index: header.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/header.html,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- header.html	15 Jan 2002 01:47:59 -0000	1.7
  +++ header.html	25 Jul 2002 21:46:38 -0000	1.8
  @@ -1,4 +1,4 @@
  -    <div align="CENTER">
  +    <div align="center">
         <img src="images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
   
         <h3>Apache HTTP Server Version 2.0</h3>
  
  
  
  1.41      +1 -1      httpd-2.0/docs/manual/install.html.en
  
  Index: install.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/install.html.en,v
  retrieving revision 1.40
  retrieving revision 1.41
  diff -u -r1.40 -r1.41
  --- install.html.en	29 May 2002 11:01:22 -0000	1.40
  +++ install.html.en	25 Jul 2002 21:46:38 -0000	1.41
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Compiling and Installing</h1>
  +    <h1 align="center">Compiling and Installing</h1>
   
       <p>This document covers compilation and installation of Apache
       on Unix and Unix-like systems only. For compiling and
  
  
  
  1.35      +1 -1      httpd-2.0/docs/manual/invoking.html.en
  
  Index: invoking.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/invoking.html.en,v
  retrieving revision 1.34
  retrieving revision 1.35
  diff -u -r1.34 -r1.35
  --- invoking.html.en	19 Oct 2001 06:05:39 -0000	1.34
  +++ invoking.html.en	25 Jul 2002 21:46:38 -0000	1.35
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Starting Apache</h1>
  +    <h1 align="center">Starting Apache</h1>
   
       <ul>
         <li><a href="#windows">Starting Apache on Windows</a></li>
  
  
  
  1.21      +1 -1      httpd-2.0/docs/manual/new_features_2_0.html.en
  
  Index: new_features_2_0.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/new_features_2_0.html.en,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- new_features_2_0.html.en	22 Feb 2002 14:45:23 -0000	1.20
  +++ new_features_2_0.html.en	25 Jul 2002 21:46:38 -0000	1.21
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Overview of New Features in Apache 2.0</h1>
  +    <h1 align="center">Overview of New Features in Apache 2.0</h1>
   
       <p>Enhancements: <a href="#core">Core</a> | <a
       href="#module">Module</a></p>
  
  
  
  1.14      +1 -1      httpd-2.0/docs/manual/sections.html.en
  
  Index: sections.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/sections.html.en,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- sections.html.en	14 May 2002 06:47:35 -0000	1.13
  +++ sections.html.en	25 Jul 2002 21:46:38 -0000	1.14
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">How Directory, Location and Files sections
  +    <h1 align="center">How Directory, Location and Files sections
       work</h1>
   
       <p>The sections <a
  
  
  
  1.25      +2 -3      httpd-2.0/docs/manual/stopping.html.en
  
  Index: stopping.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/stopping.html.en,v
  retrieving revision 1.24
  retrieving revision 1.25
  diff -u -r1.24 -r1.25
  --- stopping.html.en	9 Jul 2002 11:06:25 -0000	1.24
  +++ stopping.html.en	25 Jul 2002 21:46:38 -0000	1.25
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Stopping and Restarting the Server</h1>
  +    <h1 align="center">Stopping and Restarting the Server</h1>
   
       <p>This document covers stopping and restarting Apache on
       Unix-like systems. Windows users should see <a
  @@ -201,9 +201,8 @@
       timeouts. In practice it doesn't seem to affect anything either
       -- in a test case the server was restarted twenty times per
       second and clients successfully browsed the site without
  -    getting broken images or empty documents. 
  +    getting broken images or empty documents. </p>
       <!--#include virtual="footer.html" -->
  -    </p>
     </body>
   </html>
   
  
  
  
  1.31      +31 -31    httpd-2.0/docs/manual/suexec.html.en
  
  Index: suexec.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/suexec.html.en,v
  retrieving revision 1.30
  retrieving revision 1.31
  diff -u -r1.30 -r1.31
  --- suexec.html.en	22 Jul 2002 17:43:59 -0000	1.30
  +++ suexec.html.en	25 Jul 2002 21:46:38 -0000	1.31
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Apache suEXEC Support</h1>
  +    <h1 align="center">Apache suEXEC Support</h1>
   
       <ol>
         <li><big><strong>CONTENTS</strong></big></li>
  @@ -43,14 +43,14 @@
   
       <h3><a id="what" name="what">What is suEXEC?</a></h3>
   
  -    <p align="LEFT">The <strong>suEXEC</strong> feature provides
  +    <p align="left">The <strong>suEXEC</strong> feature provides
       Apache users the ability
       to run <strong>CGI</strong> and <strong>SSI</strong> programs
       under user IDs different from the user ID of the calling
       web-server. Normally, when a CGI or SSI program executes, it
       runs as the same user who is running the web server.</p>
   
  -    <p align="LEFT">Used properly, this feature can reduce
  +    <p align="left">Used properly, this feature can reduce
       considerably the security risks involved with allowing users to
       develop and run private CGI or SSI programs. However, if suEXEC
       is improperly configured, it can cause any number of problems
  @@ -59,30 +59,30 @@
       security issues they present, we highly recommend that you not
       consider using suEXEC.</p>
   
  -    <p align="CENTER"><strong><a href="suexec.html">BACK TO
  +    <p align="center"><strong><a href="suexec.html">BACK TO
       CONTENTS</a></strong></p>
   
       <h3><a id="before" name="before">Before we begin.</a></h3>
   
  -    <p align="LEFT">Before jumping head-first into this document,
  +    <p align="left">Before jumping head-first into this document,
       you should be aware of the assumptions made on the part of the
       Apache Group and this document.</p>
   
  -    <p align="LEFT">First, it is assumed that you are using a UNIX
  +    <p align="left">First, it is assumed that you are using a UNIX
       derivate operating system that is capable of
       <strong>setuid</strong> and <strong>setgid</strong> operations.
       All command examples are given in this regard. Other platforms,
       if they are capable of supporting suEXEC, may differ in their
       configuration.</p>
   
  -    <p align="LEFT">Second, it is assumed you are familiar with
  +    <p align="left">Second, it is assumed you are familiar with
       some basic concepts of your computer's security and its
       administration. This involves an understanding of
       <strong>setuid/setgid</strong> operations and the various
       effects they may have on your system and its level of
       security.</p>
   
  -    <p align="LEFT">Third, it is assumed that you are using an
  +    <p align="left">Third, it is assumed that you are using an
       <strong>unmodified</strong> version of suEXEC code. All code
       for suEXEC has been carefully scrutinized and tested by the
       developers as well as numerous beta testers. Every precaution
  @@ -93,7 +93,7 @@
       particulars of security programming and are willing to share
       your work with the Apache Group for consideration.</p>
   
  -    <p align="LEFT">Fourth, and last, it has been the decision of
  +    <p align="left">Fourth, and last, it has been the decision of
       the Apache Group to <strong>NOT</strong> make suEXEC part of
       the default installation of Apache. To this end, suEXEC
       configuration requires of the administrator careful attention
  @@ -107,20 +107,20 @@
       installation only to those who are careful and determined
       enough to use it.</p>
   
  -    <p align="LEFT">Still with us? Yes? Good. Let's move on!</p>
  +    <p align="left">Still with us? Yes? Good. Let's move on!</p>
   
  -    <p align="CENTER"><strong><a href="suexec.html">BACK TO
  +    <p align="center"><strong><a href="suexec.html">BACK TO
       CONTENTS</a></strong></p>
   
       <h3><a id="model" name="model">suEXEC Security Model</a></h3>
   
  -    <p align="LEFT">Before we begin configuring and installing
  +    <p align="left">Before we begin configuring and installing
       suEXEC, we will first discuss the security model you are about
       to implement. By doing so, you may better understand what
       exactly is going on inside suEXEC and what precautions are
       taken to ensure your system's security.</p>
   
  -    <p align="LEFT"><strong>suEXEC</strong> is based on a setuid
  +    <p align="left"><strong>suEXEC</strong> is based on a setuid
       "wrapper" program that is called by the main Apache web server.
       This wrapper is called when an HTTP request is made for a CGI
       or SSI program that the administrator has designated to run as
  @@ -129,7 +129,7 @@
       program's name and the user and group IDs under which the
       program is to execute.</p>
   
  -    <p align="LEFT">The wrapper then employs the following process
  +    <p align="left">The wrapper then employs the following process
       to determine success or failure -- if any one of these
       conditions fail, the program logs the failure and exits with an
       error, otherwise it will continue:</p>
  @@ -348,28 +348,28 @@
        <br />
        
   
  -    <p align="LEFT">This is the standard operation of the the
  +    <p align="left">This is the standard operation of the the
       suEXEC wrapper's security model. It is somewhat stringent and
       can impose new limitations and guidelines for CGI/SSI design,
       but it was developed carefully step-by-step with security in
       mind.</p>
   
  -    <p align="LEFT">For more information as to how this security
  +    <p align="left">For more information as to how this security
       model can limit your possibilities in regards to server
       configuration, as well as what security risks can be avoided
       with a proper suEXEC setup, see the <a
       href="#jabberwock">"Beware the Jabberwock"</a> section of this
       document.</p>
   
  -    <p align="CENTER"><strong><a href="suexec.html">BACK TO
  +    <p align="center"><strong><a href="suexec.html">BACK TO
       CONTENTS</a></strong></p>
   
       <h3><a id="install" name="install">Configuring &amp; Installing
       suEXEC</a></h3>
   
  -    <p align="LEFT">Here's where we begin the fun.</p>
  +    <p align="left">Here's where we begin the fun.</p>
   
  -    <p align="LEFT"><strong>suEXEC configuration
  +    <p align="left"><strong>suEXEC configuration
       options</strong><br />
       </p>
   
  @@ -453,7 +453,7 @@
        <br />
        
   
  -    <p align="LEFT"><strong>Checking your suEXEC
  +    <p align="left"><strong>Checking your suEXEC
       setup</strong><br />
        Before you compile and install the suEXEC wrapper you can
       check the configuration with the --layout option.<br />
  @@ -473,7 +473,7 @@
        <br />
        
   
  -    <p align="LEFT"><strong>Compiling and installing the suEXEC
  +    <p align="left"><strong>Compiling and installing the suEXEC
       wrapper</strong><br />
        If you have enabled the suEXEC feature with the
       --enable-suexec option the suexec binary (together with Apache
  @@ -490,13 +490,13 @@
       owner <code><em>root</em></code> and must have the setuserid
       execution bit set for file modes.</p>
   
  -    <p align="CENTER"><strong><a href="suexec.html">BACK TO
  +    <p align="center"><strong><a href="suexec.html">BACK TO
       CONTENTS</a></strong></p>
   
       <h3><a id="enable" name="enable">Enabling &amp; Disabling
       suEXEC</a></h3>
   
  -    <p align="LEFT">Upon startup of Apache, it looks for the file
  +    <p align="left">Upon startup of Apache, it looks for the file
       "suexec" in the "sbin" directory (default is
       "/usr/local/apache/sbin/suexec"). If Apache finds a properly
       configured suEXEC wrapper, it will print the following message
  @@ -517,12 +517,12 @@
        <br />
        
   
  -    <p align="CENTER"><strong><a href="suexec.html">BACK TO
  +    <p align="center"><strong><a href="suexec.html">BACK TO
       CONTENTS</a></strong></p>
   
       <h3><a id="usage" name="usage">Using suEXEC</a></h3>
   
  -    <p align="LEFT"><strong>Virtual Hosts:</strong><br />
  +    <p align="left"><strong>Virtual Hosts:</strong><br />
        One way to use the suEXEC wrapper is through the <a
       href="mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a>
       directive in <a
  @@ -545,30 +545,30 @@
       meet the scrutiny of the <a href="#model">security checks</a>
       above.</p>
   
  -    <p align="CENTER"><strong><a href="suexec.html">BACK TO
  +    <p align="center"><strong><a href="suexec.html">BACK TO
       CONTENTS</a></strong></p>
   
       <h3><a id="debug" name="debug">Debugging suEXEC</a></h3>
   
  -    <p align="LEFT">The suEXEC wrapper will write log information
  +    <p align="left">The suEXEC wrapper will write log information
       to the file defined with the --with-suexec-logfile option as
       indicated above. If you feel you have configured and installed
       the wrapper properly, have a look at this log and the error_log
       for the server to see where you may have gone astray.</p>
   
  -    <p align="CENTER"><strong><a href="suexec.html">BACK TO
  +    <p align="center"><strong><a href="suexec.html">BACK TO
       CONTENTS</a></strong></p>
   
       <h3><a id="jabberwock" name="jabberwock">Beware the Jabberwock:
       Warnings &amp; Examples</a></h3>
   
  -    <p align="LEFT"><strong>NOTE!</strong> This section may not be
  +    <p align="left"><strong>NOTE!</strong> This section may not be
       complete. For the latest revision of this section of the
       documentation, see the Apache Group's <a
       href="http://www.apache.org/docs/suexec.html">Online
       Documentation</a> version.</p>
   
  -    <p align="LEFT">There are a few points of interest regarding
  +    <p align="left">There are a few points of interest regarding
       the wrapper that can cause limitations on server setup. Please
       review these before submitting any "bugs" regarding suEXEC.</p>
   
  @@ -613,7 +613,7 @@
         </li>
       </ul>
   
  -    <p align="CENTER"><strong><a href="suexec.html">BACK TO
  +    <p align="center"><strong><a href="suexec.html">BACK TO
       CONTENTS</a></strong></p>
       <!--#include virtual="footer.html" -->
     </body>
  
  
  
  1.24      +1 -1      httpd-2.0/docs/manual/upgrading.html.en
  
  Index: upgrading.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/upgrading.html.en,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- upgrading.html.en	30 Jun 2002 03:48:13 -0000	1.23
  +++ upgrading.html.en	25 Jul 2002 21:46:38 -0000	1.24
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Upgrading to 2.0 from 1.3</h1>
  +    <h1 align="center">Upgrading to 2.0 from 1.3</h1>
   
       <p>In order to assist folks upgrading, we maintain a document
       describing information critical to existing Apache users. These
  
  
  
  1.21      +1 -1      httpd-2.0/docs/manual/developer/API.html
  
  Index: API.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/developer/API.html,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- API.html	22 Sep 2001 19:12:40 -0000	1.20
  +++ API.html	25 Jul 2002 21:46:39 -0000	1.21
  @@ -20,7 +20,7 @@
         relevant, but please use it with care.
       </blockquote>
   
  -    <h1 align="CENTER">Apache API notes</h1>
  +    <h1 align="center">Apache API notes</h1>
       These are some notes on the Apache API and the data structures
       you have to deal with, <em>etc.</em> They are not yet nearly
       complete, but hopefully, they will help you get your bearings.
  
  
  
  1.7       +1 -1      httpd-2.0/docs/manual/developer/debugging.html
  
  Index: debugging.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/developer/debugging.html,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- debugging.html	22 Sep 2001 19:12:40 -0000	1.6
  +++ debugging.html	25 Jul 2002 21:46:39 -0000	1.7
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Debugging Memory Allocation in APR<br />
  +    <h1 align="center">Debugging Memory Allocation in APR<br />
       </h1>
   
       <p>The allocation mechanism's within APR have a number of
  
  
  
  1.4       +2 -3      httpd-2.0/docs/manual/developer/documenting.html
  
  Index: documenting.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/developer/documenting.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- documenting.html	22 Sep 2001 19:12:40 -0000	1.3
  +++ documenting.html	25 Jul 2002 21:46:39 -0000	1.4
  @@ -61,13 +61,12 @@
    * @package Name of library header
    */
   </pre>
  -<pre>
   <br />
  +<pre>
   ScanDoc uses a new html file for each package.  The html files are named
      {Name_of_library_header}.html, so try to be concise with your names.
  - 
  -<!--#include virtual="footer.html" -->
   </pre>
  +  <!--#include virtual="footer.html" -->
     </body>
   </html>
   
  
  
  
  1.4       +1 -1      httpd-2.0/docs/manual/developer/footer.html
  
  Index: footer.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/developer/footer.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- footer.html	15 Jan 2002 01:48:00 -0000	1.3
  +++ footer.html	25 Jul 2002 21:46:39 -0000	1.4
  @@ -1,6 +1,6 @@
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
  +    <h3 align="center">Apache HTTP Server Version 2.0</h3>
       <a href="./"><img src="../images/index.gif" alt="Index" /></a>
       <a href="../"><img src="../images/home.gif" alt="Home" /></a>
   
  
  
  
  1.4       +1 -1      httpd-2.0/docs/manual/developer/header.html
  
  Index: header.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/developer/header.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- header.html	15 Jan 2002 01:48:00 -0000	1.3
  +++ header.html	25 Jul 2002 21:46:39 -0000	1.4
  @@ -1,4 +1,4 @@
  -    <div align="CENTER">
  +    <div align="center">
         <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
   
         <h3>Apache HTTP Server Version 2.0</h3>
  
  
  
  1.8       +1 -1      httpd-2.0/docs/manual/developer/modules.html.en
  
  Index: modules.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/developer/modules.html.en,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- modules.html.en	9 Jul 2002 11:24:46 -0000	1.7
  +++ modules.html.en	25 Jul 2002 21:46:39 -0000	1.8
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">From Apache 1.3 to Apache 2.0<br />
  +    <h1 align="center">From Apache 1.3 to Apache 2.0<br />
        Modules</h1>
   
       <p>This is a first attempt at writing the lessons I learned
  
  
  
  1.4       +1 -1      httpd-2.0/docs/manual/faq/footer.html
  
  Index: footer.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/faq/footer.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- footer.html	15 Jan 2002 01:48:00 -0000	1.3
  +++ footer.html	25 Jul 2002 21:46:39 -0000	1.4
  @@ -1,6 +1,6 @@
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
  +    <h3 align="center">Apache HTTP Server Version 2.0</h3>
       <a href="./"><img src="../images/index.gif" alt="Index" /></a>
       <a href="../"><img src="../images/home.gif" alt="Home" /></a>
   
  
  
  
  1.4       +1 -1      httpd-2.0/docs/manual/faq/header.html
  
  Index: header.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/faq/header.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- header.html	15 Jan 2002 01:48:00 -0000	1.3
  +++ header.html	25 Jul 2002 21:46:39 -0000	1.4
  @@ -1,4 +1,4 @@
  -    <div align="CENTER">
  +    <div align="center">
         <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
   
         <h3>Apache HTTP Server Version 2.0</h3>
  
  
  
  1.3       +1 -1      httpd-2.0/docs/manual/faq/index.html
  
  Index: index.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/faq/index.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- index.html	22 Sep 2001 19:14:10 -0000	1.2
  +++ index.html	25 Jul 2002 21:46:39 -0000	1.3
  @@ -17,7 +17,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Frequently Asked Questions</h1>
  +    <h1 align="center">Frequently Asked Questions</h1>
   
       <p>The latest version of this FAQ is always available from the
       main Apache web site, at &lt;<a
  
  
  
  1.7       +2 -1      httpd-2.0/docs/manual/faq/support.html
  
  Index: support.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/faq/support.html,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- support.html	26 Nov 2001 05:51:00 -0000	1.6
  +++ support.html	25 Jul 2002 21:46:39 -0000	1.7
  @@ -15,7 +15,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Frequently Asked Questions</h1>
  +    <h1 align="center">Frequently Asked Questions</h1>
       <!--#endif -->
   
       <h2><a id="support.html" name="support.html">Support</a></h2>
  @@ -111,6 +111,7 @@
             href="http://groups.google.com/groups?group=comp.infosystems.www.authoring.cgi">
             google</a>]</li>
           </ul>
  +      </li>
   
         <li>
           <strong>If all else fails, report the problem in the bug
  
  
  
  1.3       +1 -1      httpd-2.0/docs/manual/howto/cgi.html.en
  
  Index: cgi.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/howto/cgi.html.en,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- cgi.html.en	22 Sep 2001 19:18:26 -0000	1.2
  +++ cgi.html.en	25 Jul 2002 21:46:39 -0000	1.3
  @@ -14,7 +14,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Dynamic Content with CGI</h1>
  +    <h1 align="center">Dynamic Content with CGI</h1>
       <a id="__index__" name="__index__"></a> <!-- INDEX BEGIN -->
        
   
  
  
  
  1.4       +1 -1      httpd-2.0/docs/manual/howto/footer.html
  
  Index: footer.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/howto/footer.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- footer.html	15 Jan 2002 01:48:00 -0000	1.3
  +++ footer.html	25 Jul 2002 21:46:39 -0000	1.4
  @@ -1,6 +1,6 @@
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
  +    <h3 align="center">Apache HTTP Server Version 2.0</h3>
       <a href="./"><img src="../images/index.gif" alt="Index" /></a>
       <a href="../"><img src="../images/home.gif" alt="Home" /></a>
   
  
  
  
  1.4       +1 -1      httpd-2.0/docs/manual/howto/header.html
  
  Index: header.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/howto/header.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- header.html	15 Jan 2002 01:48:00 -0000	1.3
  +++ header.html	25 Jul 2002 21:46:39 -0000	1.4
  @@ -1,4 +1,4 @@
  -    <div align="CENTER">
  +    <div align="center">
         <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
   
         <h3>Apache HTTP Server Version 2.0</h3>
  
  
  
  1.13      +3 -3      httpd-2.0/docs/manual/howto/ssi.html.en
  
  Index: ssi.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/howto/ssi.html.en,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- ssi.html.en	9 May 2002 18:53:40 -0000	1.12
  +++ ssi.html.en	25 Jul 2002 21:46:39 -0000	1.13
  @@ -15,7 +15,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Apache Tutorial: Introduction to Server Side
  +    <h1 align="center">Apache Tutorial: Introduction to Server Side
       Includes</h1>
       <a id="__index__" name="__index__"></a> <!-- INDEX BEGIN -->
        
  @@ -34,7 +34,7 @@
           <a href="#basicssidirectives">Basic SSI directives</a> 
   
           <ul>
  -          <li><a href="#today'sdate">Today's date</a></li>
  +          <li><a href="#todaysdate">Today's date</a></li>
   
             <li><a href="#modificationdateofthefile">Modification
             date of the file</a></li>
  @@ -237,7 +237,7 @@
       series. For now, here are some examples of what you can do with
       SSI</p>
   
  -    <h3><a id="today'sdate" name="today'sdate">Today's
  +    <h3><a id="todaysdate" name="todaysdate">Today's
       date</a></h3>
   <pre>
           &lt;!--#echo var="DATE_LOCAL" --&gt;
  
  
  
  1.10      +1 -1      httpd-2.0/docs/manual/misc/custom_errordocs.html
  
  Index: custom_errordocs.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/custom_errordocs.html,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- custom_errordocs.html	22 Sep 2001 19:33:40 -0000	1.9
  +++ custom_errordocs.html	25 Jul 2002 21:46:40 -0000	1.10
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Using XSSI and <samp>ErrorDocument</samp> to
  +    <h1 align="center">Using XSSI and <samp>ErrorDocument</samp> to
       configure customized international server error responses</h1>
   
       <h2>Index</h2>
  
  
  
  1.12      +2 -3      httpd-2.0/docs/manual/misc/descriptors.html
  
  Index: descriptors.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/descriptors.html,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- descriptors.html	24 Sep 2001 01:38:57 -0000	1.11
  +++ descriptors.html	25 Jul 2002 21:46:40 -0000	1.12
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Descriptors and Apache</h1>
  +    <h1 align="center">Descriptors and Apache</h1>
   
       <p>A <em>descriptor</em>, also commonly called a <em>file
       handle</em> is an object that a program uses to read or write
  @@ -189,9 +189,8 @@
       you problems, you can disable it. Add <code>-DNO_SLACK</code>
       to <code>EXTRA_CFLAGS</code> and rebuild. But please report it
       to our <a href="http://httpd.apache.org/bug_report.html">Bug
  -    Report Page</a> so that we can investigate. 
  +    Report Page</a> so that we can investigate. </p>
       <!--#include virtual="footer.html" -->
  -    </p>
     </body>
   </html>
   
  
  
  
  1.21      +2 -2      httpd-2.0/docs/manual/misc/fin_wait_2.html
  
  Index: fin_wait_2.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/fin_wait_2.html,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- fin_wait_2.html	1 Jul 2002 03:11:47 -0000	1.20
  +++ fin_wait_2.html	25 Jul 2002 21:46:40 -0000	1.21
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Connections in the FIN_WAIT_2 state and
  +    <h1 align="center">Connections in the FIN_WAIT_2 state and
       Apache</h1>
   
       <ol>
  @@ -248,7 +248,7 @@
           patch available</a> for adding a timeout to the FIN_WAIT_2
           state; it was originally intended for BSD/OS, but should be
           adaptable to most systems using BSD networking code. You
  -        need kernel source code to be able to use it. 
  +        need kernel source code to be able to use it. </p>
   
           <h3>Compile without using
           <code>lingering_close()</code></h3>
  
  
  
  1.7       +1 -1      httpd-2.0/docs/manual/misc/footer.html
  
  Index: footer.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/footer.html,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- footer.html	15 Jan 2002 01:48:00 -0000	1.6
  +++ footer.html	25 Jul 2002 21:46:40 -0000	1.7
  @@ -1,5 +1,5 @@
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
  +    <h3 align="center">Apache HTTP Server Version 2.0</h3>
       <a href="./"><img src="../images/index.gif" alt="Index" /></a>
       <a href="../"><img src="../images/home.gif" alt="Home" /></a>
  
  
  
  1.7       +1 -1      httpd-2.0/docs/manual/misc/header.html
  
  Index: header.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/header.html,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- header.html	15 Jan 2002 01:48:00 -0000	1.6
  +++ header.html	25 Jul 2002 21:46:40 -0000	1.7
  @@ -1,4 +1,4 @@
  -    <div align="CENTER">
  +    <div align="center">
         <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
   
         <h3>Apache HTTP Server Version 2.0</h3>
  
  
  
  1.19      +1 -1      httpd-2.0/docs/manual/misc/index.html
  
  Index: index.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/index.html,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- index.html	22 Sep 2001 19:33:40 -0000	1.18
  +++ index.html	25 Jul 2002 21:46:40 -0000	1.19
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Apache Miscellaneous Documentation</h1>
  +    <h1 align="center">Apache Miscellaneous Documentation</h1>
   
       <p>Below is a list of additional documentation pages that apply
       to the Apache web server development project.</p>
  
  
  
  1.21      +2 -2      httpd-2.0/docs/manual/misc/known_client_problems.html
  
  Index: known_client_problems.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/known_client_problems.html,v
  retrieving revision 1.20
  retrieving revision 1.21
  diff -u -r1.20 -r1.21
  --- known_client_problems.html	22 Sep 2001 19:33:40 -0000	1.20
  +++ known_client_problems.html	25 Jul 2002 21:46:40 -0000	1.21
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Known Problems in Clients</h1>
  +    <h1 align="center">Known Problems in Clients</h1>
   
       <p>Over time the Apache Group has discovered or been notified
       of problems with various clients which we have had to work
  @@ -149,7 +149,7 @@
       href="http://www.apache.org/dist/httpd/patches/apply_to_1.2.1/msie_4_0b2_fixes.patch">
       patch</a> against 1.2.1. 
   
  -    <h3><a id="257th-byte" name="257th-byte">Boundary problems with
  +    <h3><a id="byte-257" name="byte-257">Boundary problems with
       header parsing</a></h3>
   
       <p>All versions of Navigator from 2.0 through 4.0b2 (and
  
  
  
  1.36      +8 -8      httpd-2.0/docs/manual/misc/perf-tuning.html
  
  Index: perf-tuning.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/perf-tuning.html,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- perf-tuning.html	16 Jun 2002 22:55:11 -0000	1.35
  +++ perf-tuning.html	25 Jul 2002 21:46:40 -0000	1.36
  @@ -706,7 +706,7 @@
       <p>Here is a system call trace of Apache 2.0.38 with the worker MPM
       on Solaris 8.  This trace was collected using:</p>
   <blockquote>
  -<code>truss -l -p <i>httpd_child_pid</i></code>.</code>
  +<code>truss -l -p <i>httpd_child_pid</i></code>.
   </blockquote>
       <p>The <code>-l</code> option tells truss to log the ID of the
       LWP (lightweight process--Solaris's form of kernel-level thread)
  @@ -719,13 +719,14 @@
       <p>In this trace, a client has requested a 10KB static file
       from the httpd.  Traces of non-static requests or requests
       with content negotiation look wildly different (and quite ugly
  -    in some cases).
  +    in some cases).</p>
   
  -    <blockquote>
  +<blockquote>
   <pre>
   /67:    accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...)
   /67:    accept(3, 0x00200BEC, 0x00200C0C, 1)            = 9
   </pre>
  +</blockquote>
   <blockquote>
   <p>In this trace, the listener thread is running within LWP #67.</p>
   <p>Note the lack of accept(2) serialization.  On this particular
  @@ -763,7 +764,7 @@
   <code>apr_bucket_alloc</code>) for most request processing.
   In this trace, the httpd has just been started, so it must
   call malloc(3) to get the blocks of raw memory with which
  -to create the custom memory allocators.
  +to create the custom memory allocators.</p>
   </blockquote>
   <pre>
   /65:    fcntl(9, F_GETFL, 0x00000000)                   = 2
  @@ -795,7 +796,7 @@
   each directory in the path leading up to the requested file, nor
   check for <code>.htaccess</code> files.  It simply calls stat(2) to
   verify that the file: 1) exists, and 2) is a regular file, not a
  -directory.
  +directory.</p>
   </blockquote>
   <pre>
   /65:    sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C)      = 10269
  @@ -836,7 +837,7 @@
   and blocks until the listener assigns it another connection.</p>
   </blockquote>
   <pre>
  -/67:    accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)</pre>
  +/67:    accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)
   </pre>
   <blockquote>
   <p>Meanwhile, the listener thread is able to accept another connection
  @@ -847,8 +848,7 @@
   conditions) occur in parallel with the worker thread's handling of the
   just-accepted connection.</p>
   </blockquote>
  -    </blockquote>
  -
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
   
  
  
  
  1.12      +1 -1      httpd-2.0/docs/manual/misc/rewriteguide.html
  
  Index: rewriteguide.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/rewriteguide.html,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- rewriteguide.html	17 May 2002 17:06:27 -0000	1.11
  +++ rewriteguide.html	25 Jul 2002 21:46:40 -0000	1.12
  @@ -14,7 +14,7 @@
       <blockquote>
         <!--#include virtual="header.html" -->
   
  -      <div align="CENTER">
  +      <div align="center">
           <h1>Apache 1.3<br />
            URL Rewriting Guide<br />
           </h1>
  
  
  
  1.30      +2 -2      httpd-2.0/docs/manual/misc/security_tips.html
  
  Index: security_tips.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/security_tips.html,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -u -r1.29 -r1.30
  --- security_tips.html	12 Jul 2002 17:45:59 -0000	1.29
  +++ security_tips.html	25 Jul 2002 21:46:40 -0000	1.30
  @@ -12,7 +12,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Security Tips for Server Configuration</h1>
  +    <h1 align="center">Security Tips for Server Configuration</h1>
   
       <ul>
         <li><a href="#serverroot">Permissions on ServerRoot
  @@ -342,7 +342,7 @@
       href="http://httpd.apache.org/bug_report.html">please let us
       know</a>.</p>
   
  -    <p><!--#include virtual="footer.html" --></p>
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
   
  
  
  
  1.11      +3 -3      httpd-2.0/docs/manual/misc/tutorials.html
  
  Index: tutorials.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/misc/tutorials.html,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- tutorials.html	2 May 2002 14:28:52 -0000	1.10
  +++ tutorials.html	25 Jul 2002 21:46:40 -0000	1.11
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Apache Tutorials</h1>
  +    <h1 align="center">Apache Tutorials</h1>
   
       <blockquote>
         <strong>Warning:</strong> This document has not been updated
  @@ -204,8 +204,8 @@
       <p>If you have a pointer to an accurate and well-written
       tutorial not included here, please let us know by submitting it
       to the <a href="http://bugs.apache.org/">Apache Bug
  -    Database</a>. <!--#include virtual="footer.html" -->
  -    </p>
  +    Database</a>. </p>
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
   
  
  
  
  1.15      +1 -1      httpd-2.0/docs/manual/mod/directive-dict.html.en
  
  Index: directive-dict.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/directive-dict.html.en,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- directive-dict.html.en	23 May 2002 14:38:48 -0000	1.14
  +++ directive-dict.html.en	25 Jul 2002 21:46:40 -0000	1.15
  @@ -14,7 +14,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Terms Used to Describe Apache
  +    <h1 align="center">Terms Used to Describe Apache
       Directives</h1>
   
       <p>Each Apache configuration directive is described using a
  
  
  
  1.9       +1 -1      httpd-2.0/docs/manual/mod/footer.html
  
  Index: footer.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/footer.html,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- footer.html	23 May 2002 14:38:48 -0000	1.8
  +++ footer.html	25 Jul 2002 21:46:40 -0000	1.9
  @@ -1,6 +1,6 @@
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
  +    <h3 align="center">Apache HTTP Server Version 2.0</h3>
       <a href="./"><img src="../images/index.gif" alt="Index" /></a>
       <a href="../"><img src="../images/home.gif" alt="Home" /></a>
   
  
  
  
  1.9       +1 -1      httpd-2.0/docs/manual/mod/header.html
  
  Index: header.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/header.html,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- header.html	23 May 2002 14:38:48 -0000	1.8
  +++ header.html	25 Jul 2002 21:46:40 -0000	1.9
  @@ -1,4 +1,4 @@
  -    <div align="CENTER">
  +    <div align="center">
         <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
   
         <h3>Apache HTTP Server Version 2.0</h3>
  
  
  
  1.14      +4 -4      httpd-2.0/docs/manual/platform/netware.html
  
  Index: netware.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/platform/netware.html,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- netware.html	9 Jul 2002 15:32:35 -0000	1.13
  +++ netware.html	25 Jul 2002 21:46:41 -0000	1.14
  @@ -13,20 +13,20 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Using Apache With Novell NetWare</h1>
  +    <h1 align="center">Using Apache With Novell NetWare</h1>
   
   	<p>This document explains how to install, configure and run
   	   Apache 2.0 under Novell NetWare 5.x and above. If you find any bugs, 
   	   or wish to contribute in other ways, please
  -	   use our <a HREF="http://httpd.apache.org/bug_report.html">bug reporting
  +	   use our <a href="http://httpd.apache.org/bug_report.html">bug reporting
   	   page.</a></p>
   
   	<p>The bug reporting page and dev-httpd mailing list are <em>not</em> 
   	   provided to answer questions about configuration or running Apache.  
   	   Before you submit a bug report or request, first consult this document, the
  -    <a HREF="faq/index.html">Frequently Asked Questions</a> page and the other 
  +    <a href="faq/index.html">Frequently Asked Questions</a> page and the other 
   	   relevant documentation topics.  If you still have a question or problem, 
  -	   post it to the <a HREF="news://developer-forums.novell.com/novell.devsup.webserver">
  +	   post it to the <a href="news://developer-forums.novell.com/novell.devsup.webserver">
   	   novell.devsup.webserver</a> newsgroup, where many 
   	   Apache users are more than willing to answer new 
   	   and obscure questions about using Apache on NetWare.</p>
  
  
  
  1.7       +2 -2      httpd-2.0/docs/manual/platform/perf-hp.html
  
  Index: perf-hp.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/platform/perf-hp.html,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- perf-hp.html	22 Sep 2001 19:37:51 -0000	1.6
  +++ perf-hp.html	25 Jul 2002 21:46:41 -0000	1.7
  @@ -15,7 +15,7 @@
       <!--#include virtual="header.html" -->
        
   
  -    <h1 align="CENTER">Running a High-Performance Web Server for
  +    <h1 align="center">Running a High-Performance Web Server for
       HPUX</h1>
   <pre>
   Date: Wed, 05 Nov 1997 16:59:34 -0800
  @@ -92,7 +92,7 @@
       href="http://www.cup.hp.com/netperf/NetperfPage.html">http://www.cup.hp.com/netperf/NetperfPage.html</a></p>
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 1.3</h3>
  +    <h3 align="center">Apache HTTP Server Version 1.3</h3>
       <a href="./"><img src="../images/index.gif" alt="Index" /></a>
       <a href="../"><img src="../images/home.gif" alt="Home" /></a>
     </body>
  
  
  
  1.8       +1 -1      httpd-2.0/docs/manual/platform/win_service.html
  
  Index: win_service.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/platform/win_service.html,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- win_service.html	2 Jul 2002 21:51:24 -0000	1.7
  +++ win_service.html	25 Jul 2002 21:46:41 -0000	1.8
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Running Apache for Windows as a Service</h1>
  +    <h1 align="center">Running Apache for Windows as a Service</h1>
   
       <p>Apache can be run as a service on Windows NT/2000. (There is
       also some HIGHLY EXPERIMENTAL support for similar behavior on
  
  
  
  1.49      +1 -1      httpd-2.0/docs/manual/platform/windows.html
  
  Index: windows.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/platform/windows.html,v
  retrieving revision 1.48
  retrieving revision 1.49
  diff -u -r1.48 -r1.49
  --- windows.html	28 May 2002 07:13:48 -0000	1.48
  +++ windows.html	25 Jul 2002 21:46:41 -0000	1.49
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Using Apache with Microsoft Windows</h1>
  +    <h1 align="center">Using Apache with Microsoft Windows</h1>
   
       <p>This document explains how to install, configure and run
       Apache 2.0 under Microsoft Windows. If you find any bugs, or
  
  
  
  1.4       +1 -1      httpd-2.0/docs/manual/programs/footer.html
  
  Index: footer.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/programs/footer.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- footer.html	15 Jan 2002 01:48:00 -0000	1.3
  +++ footer.html	25 Jul 2002 21:46:41 -0000	1.4
  @@ -1,6 +1,6 @@
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
  +    <h3 align="center">Apache HTTP Server Version 2.0</h3>
       <a href="./"><img src="../images/index.gif" alt="Index" /></a>
       <a href="../"><img src="../images/home.gif" alt="Home" /></a>
   
  
  
  
  1.4       +1 -1      httpd-2.0/docs/manual/programs/header.html
  
  Index: header.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/programs/header.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- header.html	15 Jan 2002 01:48:00 -0000	1.3
  +++ header.html	25 Jul 2002 21:46:41 -0000	1.4
  @@ -1,4 +1,4 @@
  -    <div align="CENTER">
  +    <div align="center">
         <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
   
         <h3>Apache HTTP Server Version 2.0</h3>
  
  
  
  1.3       +1 -1      httpd-2.0/docs/manual/programs/index.html
  
  Index: index.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/programs/index.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- index.html	22 Sep 2001 19:38:35 -0000	1.2
  +++ index.html	25 Jul 2002 21:46:41 -0000	1.3
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Server and Supporting Programs</h1>
  +    <h1 align="center">Server and Supporting Programs</h1>
   
       <p>This page documents all the executable programs included
       with the Apache HTTP Server.</p>
  
  
  
  1.3       +1 -1      httpd-2.0/docs/manual/programs/other.html
  
  Index: other.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/programs/other.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- other.html	22 Sep 2001 19:38:35 -0000	1.2
  +++ other.html	25 Jul 2002 21:46:41 -0000	1.3
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Other Programs</h1>
  +    <h1 align="center">Other Programs</h1>
   
       <p>The following programs are simple support programs included
       with the Apache HTTP Server which do not have their own manual
  
  
  
  1.2       +1 -1      httpd-2.0/docs/manual/ssl/footer.html
  
  Index: footer.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/footer.html,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- footer.html	6 Nov 2001 19:09:51 -0000	1.1
  +++ footer.html	25 Jul 2002 21:46:41 -0000	1.2
  @@ -1,6 +1,6 @@
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
  +    <h3 align="center">Apache HTTP Server Version 2.0</h3>
       <a href="./"><img src="../images/index.gif" alt="Index" /></a>
       <a href="../"><img src="../images/home.gif" alt="Home" /></a>
   
  
  
  
  1.2       +1 -1      httpd-2.0/docs/manual/ssl/header.html
  
  Index: header.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/header.html,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- header.html	6 Nov 2001 19:09:51 -0000	1.1
  +++ header.html	25 Jul 2002 21:46:41 -0000	1.2
  @@ -1,4 +1,4 @@
  -    <div align="CENTER">
  +    <div align="center">
         <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
   
         <h3>Apache HTTP Server Version 2.0</h3>
  
  
  
  1.3       +2 -2      httpd-2.0/docs/manual/ssl/index.html.en
  
  Index: index.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/index.html.en,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- index.html.en	6 Nov 2001 19:09:51 -0000	1.2
  +++ index.html.en	25 Jul 2002 21:46:41 -0000	1.3
  @@ -9,7 +9,7 @@
   <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000"> 
   <!--#include virtual="header.html" -->
   
  -<h1 align="CENTER">SSL/TLS Strong Encryption</h1>
  +<h1 align="center">SSL/TLS Strong Encryption</h1>
   
   <p>The Apache HTTP Server module <a href="../mod/mod_ssl.html">mod_ssl</a>
   provides an interface to the <a
  @@ -31,6 +31,6 @@
   href="../mod/mod_ssl.html">mod_ssl reference documentation</a>.</p>
   
   
  -<p><!--#include virtual="footer.html" --> </p>
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
  
  
  
  1.3       +137 -141  httpd-2.0/docs/manual/ssl/ssl_compat.html
  
  Index: ssl_compat.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_compat.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ssl_compat.html	6 Nov 2001 19:09:51 -0000	1.2
  +++ ssl_compat.html	25 Jul 2002 21:46:41 -0000	1.3
  @@ -5,9 +5,9 @@
     <head>
   <title>Apache SSL/TLS Encryption: Compatibility</title>
   <style type="text/css"><!--
  -#H {
  +.H {
   }
  -#D {
  +.D {
       background-color: #f0f0f0;
   }
   --></style>
  @@ -16,7 +16,7 @@
   <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000"> 
   <!--#include virtual="header.html" -->
   
  -<h1 align="CENTER">SSL/TLS Strong Encryption: Compatibility</h1>
  +<h1 align="center">SSL/TLS Strong Encryption: Compatibility</h1>
   
   <div align="right">
   <table cellspacing="0" cellpadding="0" width="200" summary="">
  @@ -56,7 +56,7 @@
   superset of the functionality of all other solutions we can easily provide
   backward compatibility for most of the cases. Actually there are three
   compatibility areas we currently address: configuration directives,
  -environment variables and custom log functions.
  +environment variables and custom log functions.</p>
   
   <ul>
   <li><a href="#ToC1">Configuration Directives</a></li>
  @@ -65,7 +65,7 @@
   </ul>
   
   <h2><a name="ToC1">Configuration Directives</a></h2>
  -For backward compatibility to the configuration directives of other SSL
  +<p>For backward compatibility to the configuration directives of other SSL
   solutions we do an on-the-fly mapping: directives which have a direct
   counterpart in mod_ssl are mapped silently while other directives lead to a
   warning message in the logfiles. The currently implemented directive mapping
  @@ -76,167 +76,164 @@
   provide.</p>
   
   
  -<p>
   <div align="center">
   <a name="table1"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Table 1: Configuration Directive Mapping</caption>
  +<caption align="bottom" >Table 1: Configuration Directive Mapping</caption>
   <tr><td bgcolor="#cccccc">
   <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
   <tr><td valign="top" align="center" bgcolor="#ffffff">
   <table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
  -<tr id="D">
  +<tr class="D">
   <td><strong>Old Directive</strong></td>
   <td><strong>mod_ssl Directive</strong></td>
   <td><strong>Comment</strong></td>
   </tr>
  -<tr id="H"><td colspan="3"><b>Apache-SSL 1.x &amp; mod_ssl 2.0.x compatibility:</b></td></tr>
  -<tr id="D"><td><code>SSLEnable</code></td><td><code>SSLEngine on</code></td><td>compactified</td></tr>
  -<tr id="H"><td><code>SSLDisable</code></td><td><code>SSLEngine off</code></td><td>compactified</td></tr>
  -<tr id="D"><td><code>SSLLogFile</code> <em>file</em></td><td><code>SSLLog</code> <em>file</em></td><td>compactified</td></tr>
  -<tr id="H"><td><code>SSLRequiredCiphers</code> <em>spec</em></td><td><code>SSLCipherSuite</code> <em>spec</em></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSLRequireCipher</code> <em>c1</em> ...</td><td><code>SSLRequire %{SSL_CIPHER} in {"</code><em>c1</em><code>", ...}</code></td><td>generalized</td></tr>
  -<tr id="H"><td><code>SSLBanCipher</code> <em>c1</em> ...</td><td><code>SSLRequire not (%{SSL_CIPHER} in {"</code><em>c1</em><code>", ...})</code></td><td>generalized</td></tr>
  -<tr id="D"><td><code>SSLFakeBasicAuth</td><td><code>SSLOptions +FakeBasicAuth</code></td><td>merged</td></tr>
  -<tr id="H"><td><code>SSLCacheServerPath</code> <em>dir</em></td><td>-</td><td>functionality removed</td></tr>
  -<tr id="D"><td><code>SSLCacheServerPort</code> <em>integer</em></td><td>-</td><td>functionality removed</td></tr>
  -<tr id="H"><td colspan="3"><b>Apache-SSL 1.x compatibility:</b></td></tr>
  -<tr id="D"><td><code>SSLExportClientCertificates</td><td><code>SSLOptions +ExportCertData</code></td><td>merged</td></tr>
  -<tr id="H"><td><code>SSLCacheServerRunDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="D"><td colspan="3"><b>Sioux 1.x compatibility:</b></td></tr>
  -<tr id="H"><td><code>SSL_CertFile</code> <em>file</em></td><td><code>SSLCertificateFile</code> <em>file</em></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_KeyFile</code> <em>file</em></td><td><code>SSLCertificateKeyFile</code> <em>file</em></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CipherSuite</code> <em>arg</em></td><td><code>SSLCipherSuite</code> <em>arg</em></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_X509VerifyDir</code> <em>arg</em></td><td><code>SSLCACertificatePath</code> <em>arg</em></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_Log</code> <em>file</em></td><td><code>SSLLogFile</code> <em>file</em></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_Connect</code> <em>flag</em></td><td><code>SSLEngine</code> <em>flag</em></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_ClientAuth</code> <em>arg</em></td><td><code>SSLVerifyClient</code> <em>arg</em></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_X509VerifyDepth</code> <em>arg</em></td><td><code>SSLVerifyDepth</code> <em>arg</em></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_FetchKeyPhraseFrom</code> <em>arg</em></td><td>-</td><td>not directly mappable; use SSLPassPhraseDialog</td></tr>
  -<tr id="D"><td><code>SSL_SessionDir</code> <em>dir</em></td><td>-</td><td>not directly mappable; use SSLSessionCache</td></tr>
  -<tr id="H"><td><code>SSL_Require</code> <em>expr</em></td><td>-</td><td>not directly mappable; use SSLRequire</td></tr>
  -<tr id="D"><td><code>SSL_CertFileType</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>SSL_KeyFileType</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="D"><td><code>SSL_X509VerifyPolicy</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>SSL_LogX509Attributes</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="D"><td colspan="3"><b>Stronghold 2.x compatibility:</b></td></tr>
  -<tr id="H"><td><code>StrongholdAccelerator</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>StrongholdKey</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>StrongholdLicenseFile</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>SSLFlag</code> <em>flag</em></td><td><code>SSLEngine</code> <em>flag</em></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSLSessionLockFile</code> <em>file</em></td><td><code>SSLMutex</code> <em>file</em></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSLCipherList</code> <em>spec</em></td><td><code>SSLCipherSuite</code> <em>spec</em></td><td>renamed</td></tr>
  -<tr id="D"><td><code>RequireSSL</code></td><td><code>SSLRequireSSL</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSLErrorFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>SSLRoot</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="D"><td><code>SSL_CertificateLogDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>AuthCertDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="D"><td><code>SSL_Group</code> <em>name</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>SSLProxyMachineCertPath</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="D"><td><code>SSLProxyMachineCertFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>SSLProxyCACertificatePath</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="D"><td><code>SSLProxyCACertificateFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="H"><td><code>SSLProxyVerifyDepth</code> <em>number</em></td><td>-</td><td>functionality not supported</td></tr>
  -<tr id="D"><td><code>SSLProxyCipherList</code> <em>spec</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="H"><td colspan="3"><b>Apache-SSL 1.x &amp; mod_ssl 2.0.x compatibility:</b></td></tr>
  +<tr class="D"><td><code>SSLEnable</code></td><td><code>SSLEngine on</code></td><td>compactified</td></tr>
  +<tr class="H"><td><code>SSLDisable</code></td><td><code>SSLEngine off</code></td><td>compactified</td></tr>
  +<tr class="D"><td><code>SSLLogFile</code> <em>file</em></td><td><code>SSLLog</code> <em>file</em></td><td>compactified</td></tr>
  +<tr class="H"><td><code>SSLRequiredCiphers</code> <em>spec</em></td><td><code>SSLCipherSuite</code> <em>spec</em></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSLRequireCipher</code> <em>c1</em> ...</td><td><code>SSLRequire %{SSL_CIPHER} in {"</code><em>c1</em><code>", ...}</code></td><td>generalized</td></tr>
  +<tr class="H"><td><code>SSLBanCipher</code> <em>c1</em> ...</td><td><code>SSLRequire not (%{SSL_CIPHER} in {"</code><em>c1</em><code>", ...})</code></td><td>generalized</td></tr>
  +<tr class="D"><td><code>SSLFakeBasicAuth</code></td><td><code>SSLOptions +FakeBasicAuth</code></td><td>merged</td></tr>
  +<tr class="H"><td><code>SSLCacheServerPath</code> <em>dir</em></td><td>-</td><td>functionality removed</td></tr>
  +<tr class="D"><td><code>SSLCacheServerPort</code> <em>integer</em></td><td>-</td><td>functionality removed</td></tr>
  +<tr class="H"><td colspan="3"><b>Apache-SSL 1.x compatibility:</b></td></tr>
  +<tr class="D"><td><code>SSLExportClientCertificates</code></td><td><code>SSLOptions +ExportCertData</code></td><td>merged</td></tr>
  +<tr class="H"><td><code>SSLCacheServerRunDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td colspan="3"><b>Sioux 1.x compatibility:</b></td></tr>
  +<tr class="H"><td><code>SSL_CertFile</code> <em>file</em></td><td><code>SSLCertificateFile</code> <em>file</em></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_KeyFile</code> <em>file</em></td><td><code>SSLCertificateKeyFile</code> <em>file</em></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CipherSuite</code> <em>arg</em></td><td><code>SSLCipherSuite</code> <em>arg</em></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_X509VerifyDir</code> <em>arg</em></td><td><code>SSLCACertificatePath</code> <em>arg</em></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_Log</code> <em>file</em></td><td><code>SSLLogFile</code> <em>file</em></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_Connect</code> <em>flag</em></td><td><code>SSLEngine</code> <em>flag</em></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_ClientAuth</code> <em>arg</em></td><td><code>SSLVerifyClient</code> <em>arg</em></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_X509VerifyDepth</code> <em>arg</em></td><td><code>SSLVerifyDepth</code> <em>arg</em></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_FetchKeyPhraseFrom</code> <em>arg</em></td><td>-</td><td>not directly mappable; use SSLPassPhraseDialog</td></tr>
  +<tr class="D"><td><code>SSL_SessionDir</code> <em>dir</em></td><td>-</td><td>not directly mappable; use SSLSessionCache</td></tr>
  +<tr class="H"><td><code>SSL_Require</code> <em>expr</em></td><td>-</td><td>not directly mappable; use SSLRequire</td></tr>
  +<tr class="D"><td><code>SSL_CertFileType</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="H"><td><code>SSL_KeyFileType</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td><code>SSL_X509VerifyPolicy</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="H"><td><code>SSL_LogX509Attributes</code> <em>arg</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td colspan="3"><b>Stronghold 2.x compatibility:</b></td></tr>
  +<tr class="H"><td><code>StrongholdAccelerator</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td><code>StrongholdKey</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="H"><td><code>StrongholdLicenseFile</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td><code>SSLFlag</code> <em>flag</em></td><td><code>SSLEngine</code> <em>flag</em></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSLSessionLockFile</code> <em>file</em></td><td><code>SSLMutex</code> <em>file</em></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSLCipherList</code> <em>spec</em></td><td><code>SSLCipherSuite</code> <em>spec</em></td><td>renamed</td></tr>
  +<tr class="H"><td><code>RequireSSL</code></td><td><code>SSLRequireSSL</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSLErrorFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="H"><td><code>SSLRoot</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td><code>SSL_CertificateLogDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="H"><td><code>AuthCertDir</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td><code>SSL_Group</code> <em>name</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="H"><td><code>SSLProxyMachineCertPath</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td><code>SSLProxyMachineCertFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="H"><td><code>SSLProxyCACertificatePath</code> <em>dir</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td><code>SSLProxyCACertificateFile</code> <em>file</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="H"><td><code>SSLProxyVerifyDepth</code> <em>number</em></td><td>-</td><td>functionality not supported</td></tr>
  +<tr class="D"><td><code>SSLProxyCipherList</code> <em>spec</em></td><td>-</td><td>functionality not supported</td></tr>
   </table>
   </td>
   </tr></table>
   </td></tr></table>
   </div>
  -<p>
  -<br>
  +<br />
   <h2><a name="ToC2">Environment Variables</a></h2>
  -When you use ``<code>SSLOptions +CompatEnvVars</code>'' additional environment
  +<p>When you use ``<code>SSLOptions +CompatEnvVars</code>'' additional environment
   variables are generated. They all correspond to existing official mod_ssl
   variables. The currently implemented variable derivation is listed in <a
  -href="#table2">Table 2</a>.
  -<p>
  +href="#table2">Table 2</a>.</p>
   <div align="center">
   <a name="table2"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Table 2: Environment Variable Derivation</caption>
  +<caption align="bottom" >Table 2: Environment Variable Derivation</caption>
   <tr><td bgcolor="#cccccc">
   <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
   <tr><td valign="top" align="center" bgcolor="#ffffff">
   <table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
  -<tr id="D">
  +<tr class="D">
   <td><strong>Old Variable</strong></td>
   <td><strong>mod_ssl Variable</strong></td>
   <td><strong>Comment</strong></td>
   </tr>
  -<tr id="H"><td><code>SSL_PROTOCOL_VERSION</code></td><td><code>SSL_PROTOCOL</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSLEAY_VERSION</code></td><td><code>SSL_VERSION_LIBRARY</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>HTTPS_SECRETKEYSIZE</code></td><td><code>SSL_CIPHER_USEKEYSIZE</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>HTTPS_KEYSIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>HTTPS_CIPHER</code></td><td><code>SSL_CIPHER</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>HTTPS_EXPORT</code></td><td><code>SSL_CIPHER_EXPORT</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_KEY_SIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_CERTIFICATE</code></td><td><code>SSL_SERVER_CERT</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_CERT_START</code></td><td><code>SSL_SERVER_V_START</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_CERT_END</code></td><td><code>SSL_SERVER_V_END</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_CERT_SERIAL</code></td><td><code>SSL_SERVER_M_SERIAL</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_SIGNATURE_ALGORITHM</code></td><td><code>SSL_SERVER_A_SIG</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_DN</code></td><td><code>SSL_SERVER_S_DN</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_CN</code></td><td><code>SSL_SERVER_S_DN_CN</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_EMAIL</code></td><td><code>SSL_SERVER_S_DN_Email</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_O</code></td><td><code>SSL_SERVER_S_DN_O</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_OU</code></td><td><code>SSL_SERVER_S_DN_OU</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_C</code></td><td><code>SSL_SERVER_S_DN_C</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_SP</code></td><td><code>SSL_SERVER_S_DN_SP</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_L</code></td><td><code>SSL_SERVER_S_DN_L</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_IDN</code></td><td><code>SSL_SERVER_I_DN</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_ICN</code></td><td><code>SSL_SERVER_I_DN_CN</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_IEMAIL</code></td><td><code>SSL_SERVER_I_DN_Email</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_IO</code></td><td><code>SSL_SERVER_I_DN_O</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_IOU</code></td><td><code>SSL_SERVER_I_DN_OU</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_IC</code></td><td><code>SSL_SERVER_I_DN_C</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_ISP</code></td><td><code>SSL_SERVER_I_DN_SP</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_IL</code></td><td><code>SSL_SERVER_I_DN_L</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_CERTIFICATE</code></td><td><code>SSL_CLIENT_CERT</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_CERT_START</code></td><td><code>SSL_CLIENT_V_START</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_CERT_END</code></td><td><code>SSL_CLIENT_V_END</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_CERT_SERIAL</code></td><td><code>SSL_CLIENT_M_SERIAL</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_SIGNATURE_ALGORITHM</code></td><td><code>SSL_CLIENT_A_SIG</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_DN</code></td><td><code>SSL_CLIENT_S_DN</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_CN</code></td><td><code>SSL_CLIENT_S_DN_CN</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_EMAIL</code></td><td><code>SSL_CLIENT_S_DN_Email</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_O</code></td><td><code>SSL_CLIENT_S_DN_O</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_OU</code></td><td><code>SSL_CLIENT_S_DN_OU</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_C</code></td><td><code>SSL_CLIENT_S_DN_C</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_SP</code></td><td><code>SSL_CLIENT_S_DN_SP</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_L</code></td><td><code>SSL_CLIENT_S_DN_L</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_IDN</code></td><td><code>SSL_CLIENT_I_DN</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_ICN</code></td><td><code>SSL_CLIENT_I_DN_CN</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_IEMAIL</code></td><td><code>SSL_CLIENT_I_DN_Email</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_IO</code></td><td><code>SSL_CLIENT_I_DN_O</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_IOU</code></td><td><code>SSL_CLIENT_I_DN_OU</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_IC</code></td><td><code>SSL_CLIENT_I_DN_C</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_ISP</code></td><td><code>SSL_CLIENT_I_DN_SP</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_IL</code></td><td><code>SSL_CLIENT_I_DN_L</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_EXPORT</code></td><td><code>SSL_CIPHER_EXPORT</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_KEYSIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SECKEYSIZE</code></td><td><code>SSL_CIPHER_USEKEYSIZE</code></td><td>renamed</td></tr>
  -<tr id="H"><td><code>SSL_SSLEAY_VERSION</code></td><td><code>SSL_VERSION_LIBRARY</code></td><td>renamed</td></tr>
  -<tr id="D"><td><code>SSL_STRONG_CRYPTO</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_KEY_EXP</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_KEY_ALGORITHM</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_KEY_SIZE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_SESSIONDIR</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_CERTIFICATELOGDIR</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_CERTFILE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="D"><td><code>SSL_SERVER_KEYFILE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="H"><td><code>SSL_SERVER_KEYFILETYPE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_KEY_EXP</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="H"><td><code>SSL_CLIENT_KEY_ALGORITHM</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  -<tr id="D"><td><code>SSL_CLIENT_KEY_SIZE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="H"><td><code>SSL_PROTOCOL_VERSION</code></td><td><code>SSL_PROTOCOL</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSLEAY_VERSION</code></td><td><code>SSL_VERSION_LIBRARY</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>HTTPS_SECRETKEYSIZE</code></td><td><code>SSL_CIPHER_USEKEYSIZE</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>HTTPS_KEYSIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>HTTPS_CIPHER</code></td><td><code>SSL_CIPHER</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>HTTPS_EXPORT</code></td><td><code>SSL_CIPHER_EXPORT</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_KEY_SIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_CERTIFICATE</code></td><td><code>SSL_SERVER_CERT</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_CERT_START</code></td><td><code>SSL_SERVER_V_START</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_CERT_END</code></td><td><code>SSL_SERVER_V_END</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_CERT_SERIAL</code></td><td><code>SSL_SERVER_M_SERIAL</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_SIGNATURE_ALGORITHM</code></td><td><code>SSL_SERVER_A_SIG</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_DN</code></td><td><code>SSL_SERVER_S_DN</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_CN</code></td><td><code>SSL_SERVER_S_DN_CN</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_EMAIL</code></td><td><code>SSL_SERVER_S_DN_Email</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_O</code></td><td><code>SSL_SERVER_S_DN_O</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_OU</code></td><td><code>SSL_SERVER_S_DN_OU</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_C</code></td><td><code>SSL_SERVER_S_DN_C</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_SP</code></td><td><code>SSL_SERVER_S_DN_SP</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_L</code></td><td><code>SSL_SERVER_S_DN_L</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_IDN</code></td><td><code>SSL_SERVER_I_DN</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_ICN</code></td><td><code>SSL_SERVER_I_DN_CN</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_IEMAIL</code></td><td><code>SSL_SERVER_I_DN_Email</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_IO</code></td><td><code>SSL_SERVER_I_DN_O</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_IOU</code></td><td><code>SSL_SERVER_I_DN_OU</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_IC</code></td><td><code>SSL_SERVER_I_DN_C</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_ISP</code></td><td><code>SSL_SERVER_I_DN_SP</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_IL</code></td><td><code>SSL_SERVER_I_DN_L</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_CERTIFICATE</code></td><td><code>SSL_CLIENT_CERT</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_CERT_START</code></td><td><code>SSL_CLIENT_V_START</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_CERT_END</code></td><td><code>SSL_CLIENT_V_END</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_CERT_SERIAL</code></td><td><code>SSL_CLIENT_M_SERIAL</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_SIGNATURE_ALGORITHM</code></td><td><code>SSL_CLIENT_A_SIG</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_DN</code></td><td><code>SSL_CLIENT_S_DN</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_CN</code></td><td><code>SSL_CLIENT_S_DN_CN</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_EMAIL</code></td><td><code>SSL_CLIENT_S_DN_Email</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_O</code></td><td><code>SSL_CLIENT_S_DN_O</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_OU</code></td><td><code>SSL_CLIENT_S_DN_OU</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_C</code></td><td><code>SSL_CLIENT_S_DN_C</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_SP</code></td><td><code>SSL_CLIENT_S_DN_SP</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_L</code></td><td><code>SSL_CLIENT_S_DN_L</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_IDN</code></td><td><code>SSL_CLIENT_I_DN</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_ICN</code></td><td><code>SSL_CLIENT_I_DN_CN</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_IEMAIL</code></td><td><code>SSL_CLIENT_I_DN_Email</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_IO</code></td><td><code>SSL_CLIENT_I_DN_O</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_IOU</code></td><td><code>SSL_CLIENT_I_DN_OU</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_IC</code></td><td><code>SSL_CLIENT_I_DN_C</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_ISP</code></td><td><code>SSL_CLIENT_I_DN_SP</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_IL</code></td><td><code>SSL_CLIENT_I_DN_L</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_EXPORT</code></td><td><code>SSL_CIPHER_EXPORT</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_KEYSIZE</code></td><td><code>SSL_CIPHER_ALGKEYSIZE</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_SECKEYSIZE</code></td><td><code>SSL_CIPHER_USEKEYSIZE</code></td><td>renamed</td></tr>
  +<tr class="H"><td><code>SSL_SSLEAY_VERSION</code></td><td><code>SSL_VERSION_LIBRARY</code></td><td>renamed</td></tr>
  +<tr class="D"><td><code>SSL_STRONG_CRYPTO</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_KEY_EXP</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_KEY_ALGORITHM</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_KEY_SIZE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_SESSIONDIR</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_CERTIFICATELOGDIR</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_CERTFILE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="H"><td><code>SSL_SERVER_KEYFILE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="D"><td><code>SSL_SERVER_KEYFILETYPE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_KEY_EXP</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="D"><td><code>SSL_CLIENT_KEY_ALGORITHM</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
  +<tr class="H"><td><code>SSL_CLIENT_KEY_SIZE</code></td><td><code>-</code></td><td>Not supported by mod_ssl</td></tr>
   </table>
   </td>
   </tr></table>
   </td></tr></table>
   </div>
  -<p>
  -<br>
  +<br />
   <h2><a name="ToC3">Custom Log Functions</a></h2>
  +<p>
   When mod_ssl is built into Apache or at least loaded (under DSO situation)
   additional functions exist for the <a
   href="../mod/mod_log_config.html#formats">Custom Log Format</a> of <a
  @@ -246,31 +243,30 @@
   by any module, an additional Cryptography
   ``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
   exists for backward compatibility. The currently implemented function calls
  -are listed in <a href="#table3">Table 3</a>.
  -<p>
  +are listed in <a href="#table3">Table 3</a>.</p>
   <div align="center">
   <a name="table3"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Table 3: Custom Log Cryptography Function</caption>
  +<caption align="bottom" >Table 3: Custom Log Cryptography Function</caption>
   <tr><td bgcolor="#cccccc">
   <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
   <tr><td valign="top" align="center" bgcolor="#ffffff">
   <table border="0" cellspacing="0" cellpadding="2" width="598" summary="">
  -<tr id="H">
  +<tr class="D">
    <td><strong>Function Call</strong></td>
    <td><strong>Description</strong></td>
   </tr>
  -<tr id="D"><td><code>%...{version}c</code></td>   <td>SSL protocol version</td></tr>
  -<tr id="H"><td><code>%...{cipher}c</code></td>    <td>SSL cipher</td></tr>
  -<tr id="D"><td><code>%...{subjectdn}c</code></td> <td>Client Certificate Subject Distinguished Name</td></tr>
  -<tr id="H"><td><code>%...{issuerdn}c</code></td>  <td>Client Certificate Issuer Distinguished Name</td></tr>
  -<tr id="D"><td><code>%...{errcode}c</code></td>   <td>Certificate Verification Error (numerical)</td></tr>
  -<tr id="H"><td><code>%...{errstr}c</code></td>    <td>Certificate Verification Error (string)</td></tr>
  +<tr class="H"><td><code>%...{version}c</code></td>   <td>SSL protocol version</td></tr>
  +<tr class="D"><td><code>%...{cipher}c</code></td>    <td>SSL cipher</td></tr>
  +<tr class="H"><td><code>%...{subjectdn}c</code></td> <td>Client Certificate Subject Distinguished Name</td></tr>
  +<tr class="D"><td><code>%...{issuerdn}c</code></td>  <td>Client Certificate Issuer Distinguished Name</td></tr>
  +<tr class="H"><td><code>%...{errcode}c</code></td>   <td>Certificate Verification Error (numerical)</td></tr>
  +<tr class="D"><td><code>%...{errstr}c</code></td>    <td>Certificate Verification Error (string)</td></tr>
   </table>
   </td>
   </tr></table>
   </td></tr></table>
   </div>
  -<p><!--#include virtual="footer.html" --> </p>
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
  
  
  
  1.6       +543 -556  httpd-2.0/docs/manual/ssl/ssl_faq.html
  
  Index: ssl_faq.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_faq.html,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- ssl_faq.html	16 May 2002 19:05:24 -0000	1.5
  +++ ssl_faq.html	25 Jul 2002 21:46:41 -0000	1.6
  @@ -16,7 +16,7 @@
   <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000"> 
   <!--#include virtual="header.html" -->
   
  -<h1 align="CENTER">SSL/TLS Strong Encryption: FAQ</h1>
  +<h1 align="center">SSL/TLS Strong Encryption: FAQ</h1>
   
   
   <div align="right">
  @@ -47,11 +47,11 @@
   <code>comp.infosystems.www.servers.unix</code></a> or the mod_ssl Support
   Mailing List <a href="mailto:modssl-users@modssl.org">
   <code>modssl-users@modssl.org</code></a>. They are collected at this place
  -to avoid answering the same questions over and over.
  +to avoid answering the same questions over and over.</p>
   <p>
   Please read this chapter at least once when installing mod_ssl or at least
   search for your problem here before submitting a problem report to the
  -author.
  +author.</p>
   
   <ul>
   <li><a href="#ToC1">About the module</a>
  @@ -62,8 +62,12 @@
   <li><a href="#ToC5">mod_ssl/Apache versions?</a></li>
   <li><a href="#ToC6">mod_ssl and Year 2000?</a></li>
   <li><a href="#ToC7">mod_ssl and Wassenaar Arrangement?</a></li>
  -</ul></li>
  -<li><a href="#ToC8">About Installation</a></li>
  +</ul>
  +</li>
  +</ul>
  +
  +<ul>
  +<li><a href="#ToC8">About Installation</a>
   <ul>
   <li><a href="#ToC9">Core dumps for HTTPS requests?</a></li>
   <li><a href="#ToC10">Core dumps for Apache+mod_ssl+PHP3?</a></li>
  @@ -72,8 +76,12 @@
   <li><a href="#ToC13">Shared memory and process size?</a></li>
   <li><a href="#ToC14">Shared memory and pathname?</a></li>
   <li><a href="#ToC15">PRNG and not enough entropy?</a></li>
  -</ul></li>
  -<li><a href="#ToC16">About Configuration</a></li>
  +</ul>
  +</li>
  +</ul>
  +
  +<ul>
  +<li><a href="#ToC16">About Configuration</a>
   <ul>
   <li><a href="#ToC17">HTTP and HTTPS with a single server?</a></li>
   <li><a href="#ToC18">Where is the HTTPS port?</a></li>
  @@ -82,8 +90,12 @@
   <li><a href="#ToC21">Why do I get connection refused?</a></li>
   <li><a href="#ToC22">Why are the SSL_XXX variables missing?</a></li>
   <li><a href="#ToC23">How to switch with relative hyperlinks?</a></li>
  -</ul></li>
  -<li><a href="#ToC24">About Certificates</a></li>
  +</ul>
  +</li>
  +</ul>
  +
  +<ul>
  +<li><a href="#ToC24">About Certificates</a>
   <ul>
   <li><a href="#ToC25">What are Keys, CSRs and Certs?</a></li>
   <li><a href="#ToC26">Difference on startup?</a></li>
  @@ -99,8 +111,12 @@
   <li><a href="#ToC37">Verisign and the magic getca program?</a></li>
   <li><a href="#ToC38">Global IDs or SGC?</a></li>
   <li><a href="#ToC39">Global IDs and Cert Chain?</a></li>
  -</ul></li>
  -<li><a href="#ToC40">About SSL Protocol</a></li>
  +</ul>
  +</li>
  +</ul>
  +
  +<ul>
  +<li><a href="#ToC40">About SSL Protocol</a>
   <ul>
   <li><a href="#ToC41">Random SSL errors under heavy load?</a></li>
   <li><a href="#ToC42">Why has the server a higher load?</a></li>
  @@ -112,29 +128,32 @@
   <li><a href="#ToC48">The lock icon in Netscape locks very late</a></li>
   <li><a href="#ToC49">Why do I get I/O errors with MSIE clients?</a></li>
   <li><a href="#ToC50">Why do I get I/O errors with NS clients?</a></li>
  -</ul></li>
  -<li><a href="#ToC51">About Support</a></li>
  +</ul>
  +</li>
  +</ul>
  +
  +<ul>
  +<li><a href="#ToC51">About Support</a>
   <ul>
   <li><a href="#ToC52">Resources in case of problems?</a></li>
   <li><a href="#ToC53">Support in case of problems?</a></li>
   <li><a href="#ToC54">How to write a problem report?</a></li>
   <li><a href="#ToC55">I got a core dump, can you help me?</a></li>
   <li><a href="#ToC56">How to get a backtrace?</a></li>
  -</ul></li>
  +</ul>
  +</li>
   </ul>
   
   
   <h2><a name="ToC1">About the module</a></h2>
   <ul>
  -<p>
   <li><a name="ToC2"></a>
       <a name="history"></a>
  -    <strong id="faq">
  +    <strong>
   What is the history of mod_ssl?
   </strong>&nbsp;&nbsp;
       [<a href="#history"><b>L</b></a>]
  -    <p>
  -    The mod_ssl v1 package was initially created in April 1998 by <a
  +    <p>The mod_ssl v1 package was initially created in April 1998 by <a
       href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> via porting <a
       href="mailto:ben@algroup.co.uk">Ben Laurie</a>'s <a
       href="http://www.apache-ssl.org/">Apache-SSL</a> 1.17 source patches for
  @@ -143,34 +162,34 @@
       Apache 1.3.0 by merging the old mod_ssl 1.x with the newer Apache-SSL
       1.18. From this point on mod_ssl lived its own life as mod_ssl v2. The
       first publically released version was mod_ssl 2.0.0 from August 10th,
  -    1998. As of this writing (August 1999) the current mod_ssl version is 2.4.0.
  -    <p>
  -    After one year of very active development with over 1000 working hours and
  +    1998. As of this writing (August 1999) the current mod_ssl version 
  +    is 2.4.0.</p>
  +    
  +    <p>After one year of very active development with over 1000 working hours and
       over 40 releases mod_ssl reached its current state. The result is an
       already very clean source base implementing a very rich functionality.
       The code size increased by a factor of 4 to currently a total of over
       10.000 lines of ANSI C consisting of approx. 70% code and 30% code
       documentation. From the original Apache-SSL code currently approx. 5% is
  -    remaining only.
  -    <p>
  -    After the US export restrictions for cryptographic software were
  -    opened, mod_ssl was integrated into the code base of Apache V2 in 2001.
  -<p>
  +    remaining only.</p>
  +    
  +    <p>After the US export restrictions for cryptographic software were
  +    opened, mod_ssl was integrated into the code base of Apache V2 in 2001.</p>
  +</li>
   <li><a name="ToC3"></a>
       <a name="apssl-diff"></a>
  -    <strong id="faq">
  +    <strong>
   What are the functional differences between mod_ssl and Apache-SSL, from which
   it is originally derived?
   </strong>&nbsp;&nbsp;
       [<a href="#apssl-diff"><b>L</b></a>]
  -    <p>
  -    This neither can be answered in short (there were too many code changes)
  +    <p>This neither can be answered in short (there were too many code changes)
       nor can be answered at all by the author (there would immediately be flame
       wars with no reasonable results at the end). But as you easily can guess
       from the 5% of remaining Apache-SSL code, a lot of differences exists,
  -    although user-visible backward compatibility exists for most things.
  -    <p>
  -    When you really want a detailed comparison you have to read the entries in
  +    although user-visible backward compatibility exists for most things.</p>
  +    
  +    <p>When you really want a detailed comparison you have to read the entries in
       the large <code>CHANGES</code> file that is in the mod_ssl
       distribution. Usually this is much too hard-core. So I recommend you to
       either believe in the opinion and recommendations of other users (the
  @@ -179,9 +198,9 @@
       href="http://www.modssl.org/">http://www.modssl.org</a>) and Apache-SSL
       (from <a href="http://www.apache-ssl.org/">http://www.apache-ssl.org</a>),
       install both packages, read their documentation and try them out yourself.
  -    Then choose the one which pleases you most.
  -    <p>
  -    A few final hints to help direct your comparison: quality of documentation
  +    Then choose the one which pleases you most.</p>
  +    
  +    <p>A few final hints to help direct your comparison: quality of documentation
       ("can you easily find answers and are they sufficient?"), quality of
       source code ("is the source code reviewable so you can make sure there
       aren't any trapdoors or inherent security risks because of bad programming
  @@ -195,34 +214,33 @@
       quality of functionality ("is the provided SSL functionality and control
       possibilities sufficient for your situation?"), quality of problem tracing
       ("is it possible for you to easily trace down the problems via logfiles,
  -    etc?"), etc. pp.
  -<p>
  +    etc?"), etc. pp.</p>
  +</li>
   <li><a name="ToC4"></a>
       <a name="apssl-diff"></a>
  -    <strong id="faq">
  +    <strong>
   What are the major differences between mod_ssl and
   the commercial alternatives like Raven or Stronghold?
   </strong>&nbsp;&nbsp;
       [<a href="#apssl-diff"><b>L</b></a>]
  -    <p>
  -    In the past (until September 20th, 2000) the major difference was
  +    <p>In the past (until September 20th, 2000) the major difference was
       the RSA license which one received (very cheaply in contrast to
       a direct licensing from RSA DSI) with the commercial Apache SSL
       products. On the other hand, one needed this license only in the US,
       of course. So for non-US citizens this point was useless. But now
       even for US citizens the situations changed because the RSA patent
       expired on September 20th, 2000 and RSA DSI also placed the RSA
  -    algorithm explicitly into the public domain.
  -    <p>
  -    Second, there is the point that one has guaranteed support from
  +    algorithm explicitly into the public domain.</p>
  +    
  +    <p>Second, there is the point that one has guaranteed support from
       the commercial vendors. On the other hand, if you monitored the
       Open Source quality of mod_ssl and the support activities
       found on <a href="mailto:modssl-users@modssl.org">
       <code>modssl-users@modssl.org</code></a>, you could ask yourself
       whether you are really convinced that you can get better support
  -    from a commercial vendor.
  -    <p>
  -    Third, people often think they would receive perhaps at least a
  +    from a commercial vendor.</p>
  +    
  +    <p>Third, people often think they would receive perhaps at least a
       better technical SSL solution than mod_ssl from the commercial
       vendors. But this is not really true, because all commercial
       alternatives (Raven 1.4.x, Stronghold 3.x, RedHat SWS 2.x, etc.)
  @@ -238,63 +256,60 @@
       it sometimes occurs that a vendor version includes useful changes
       which are not available through the official freely available
       packages. But most vendors play fair and contribute back those
  -    changes to the free software world, of course.
  -    <p>
  -    So, in short: There are lots of commercial versions of the popular
  +    changes to the free software world, of course.</p>
  +    
  +    <p>So, in short: There are lots of commercial versions of the popular
       Apache+mod_ssl+OpenSSL server combination available. Every user
       should decide carefully whether they really need to buy a commercial
       version or whether it would not be sufficient to directly use the
       free and official versions of the Apache, mod_ssl and OpenSSL
  -    packages.
  -<p>
  +    packages.</p>
  +</li>
   <li><a name="ToC5"></a>
       <a name="what-version"></a>
  -    <strong id="faq">
  +    <strong>
   How do I know which mod_ssl version is for which Apache version?
   </strong>&nbsp;&nbsp;
       [<a href="#what-version"><b>L</b></a>]
  -    <p>
  -    That's trivial: mod_ssl uses version strings of the syntax
  +    <p>That's trivial: mod_ssl uses version strings of the syntax
       <em>&lt;mod_ssl-version&gt;</em>-<em>&lt;apache-version&gt;</em>, for
       instance <code>2.4.0-1.3.9</code>. This directly indicates that it's
       mod_ssl version 2.4.0 for Apache version 1.3.9. And this also means you
       <em>only</em> can apply this mod_ssl version to exactly this Apache
       version (unless you use the <code>--force</code> option to mod_ssl's
  -    <code>configure</code> command ;-).
  -<p>
  +    <code>configure</code> command ;-).</p>
  +</li>
   <li><a name="ToC6"></a>
       <a name="y2k"></a>
  -    <strong id="faq">
  +    <strong>
   Is mod_ssl Year 2000 compliant?
   </strong>&nbsp;&nbsp;
       [<a href="#y2k"><b>L</b></a>]
  -    <p>
  -    Yes, mod_ssl is Year 2000 compliant.
  -    <p>
  -    Because first mod_ssl internally never stores years as two digits.
  +    <p>Yes, mod_ssl is Year 2000 compliant.</p>
  +    
  +    <p>Because first mod_ssl internally never stores years as two digits.
       Instead it always uses the ANSI C &amp; POSIX numerical data type
       <code>time_t</code> type, which on almost all Unix platforms at the moment
       is a <code>signed long</code> (usually 32-bits) representing seconds since
       epoch of January 1st, 1970, 00:00 UTC. This signed value overflows in
       early January 2038 and not in the year 2000. Second, date and time
       presentations (for instance the variable ``<code>%{TIME_YEAR}</code>'')
  -    are done with full year value instead of abbreviating to two digits.
  -    <p>
  -    Additionally according to a <a
  +    are done with full year value instead of abbreviating to two digits.</p>
  +    
  +    <p>Additionally according to a <a
       href="http://www.apache.org/docs/misc/FAQ.html#year2000">Year 2000
       statement</a> from the Apache Group, the Apache webserver is Year 2000
       compliant, too. But whether OpenSSL or the underlaying Operating System
       (either a Unix or Win32 platform) is Year 2000 compliant is a different
  -    question which cannot be answered here.
  -<p>
  +    question which cannot be answered here.</p>
  +</li>
   <li><a name="ToC7"></a>
       <a name="wassenaar"></a>
  -    <strong id="faq">
  +    <strong>
   What about mod_ssl and the Wassenaar Arrangement?
   </strong>&nbsp;&nbsp;
       [<a href="#wassenaar"><b>L</b></a>]
  -    <p>
  -    First, let us explain what <i>Wassenaar</i> and its <i>Arrangement on
  +    <p>First, let us explain what <i>Wassenaar</i> and its <i>Arrangement on
       Export Controls for Conventional Arms and Dual-Use Goods and
       Technologies</i> is: This is a international regime, established 1995, to
       control trade in conventional arms and dual-use goods and technology. It
  @@ -305,16 +320,16 @@
       of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden,
       Switzerland, Turkey, Ukraine, United Kingdom and United States. For more
       details look at <a
  -    href="http://www.wassenaar.org/">http://www.wassenaar.org/</a>.
  -    <p>
  -    In short: The aim of the Wassenaar Arrangement is to prevent the build up
  +    href="http://www.wassenaar.org/">http://www.wassenaar.org/</a>.</p>
  +    
  +    <p>In short: The aim of the Wassenaar Arrangement is to prevent the build up
       of military capabilities that threaten regional and international security
       and stability. The Wassenaar Arrangement controls the export of
       cryptography as a dual-use good, i.e., one that has both military and
       civilian applications. However, the Wassenaar Arrangement also provides an
  -    exemption from export controls for mass-market software and free software.
  -    <p>
  -    In the current Wassenaar ``<i>List of Dual Use Goods and Technologies And
  +    exemption from export controls for mass-market software and free software.</p>
  +    
  +    <p>In the current Wassenaar ``<i>List of Dual Use Goods and Technologies And
       Munitions</i>'', under ``<i>GENERAL SOFTWARE NOTE</i>'' (GSN) it says
       ``<i>The Lists do not control "software" which is either: 1. [...] 2. "in
       the public domain".</i>'' And under ``<i>DEFINITIONS OF TERMS USED IN
  @@ -322,13 +337,13 @@
       domain": This means "technology" or "software" which has been made
       available without restrictions upon its further dissemination. N.B.
       Copyright restrictions do not remove "technology" or "software" from being
  -    "in the public domain".</i>''
  -    <p>
  -    So, both mod_ssl and OpenSSL are ``in the public domain'' for the purposes
  +    "in the public domain".</i>''</p>
  +    
  +    <p>So, both mod_ssl and OpenSSL are ``in the public domain'' for the purposes
       of the Wassenaar Agreement and its ``<i>List of Dual Use Goods and
  -    Technologies And Munitions List</i>''.
  -    <p>
  -    Additionally the Wassenaar Agreement itself has no direct consequence for
  +    Technologies And Munitions List</i>''.</p>
  +    
  +    <p>Additionally the Wassenaar Agreement itself has no direct consequence for
       exporting cryptography software. What is actually allowed or forbidden to
       be exported from the countries has still to be defined in the local laws
       of each country. And at least according to official press releases from
  @@ -337,82 +352,76 @@
       Switzerland Bawi (see <a href="http://jya.com/wass-ch.htm">here</a>) there
       will be no forthcoming export restriction for free cryptography software
       for their countries. Remember that mod_ssl is created in Germany and
  -    distributed from Switzerland.
  -    <p>
  -    So, mod_ssl and OpenSSL are not affected by the Wassenaar Agreement.
  +    distributed from Switzerland.</p>
  +    
  +    <p>So, mod_ssl and OpenSSL are not affected by the Wassenaar Agreement.</p>
  +</li>
   </ul>
  -<p>
  -<br>
  +<br />
   <h2><a name="ToC8">About Installation</a></h2>
   <ul>
  -<p>
   <li><a name="ToC9"></a>
       <a name="core-dbm"></a>
  -    <strong id="faq">
  +    <strong>
   When I access my website the first time via HTTPS I get a core dump?
   </strong>&nbsp;&nbsp;
       [<a href="#core-dbm"><b>L</b></a>]
  -    <p>
  -    There can be a lot of reasons why a core dump can occur, of course.
  +    <p>There can be a lot of reasons why a core dump can occur, of course.
       Ranging from buggy third-party modules, over buggy vendor libraries up to
       a buggy mod_ssl version. But the above situation is often caused by old or
       broken vendor DBM libraries. To solve it either build mod_ssl with the
       built-in SDBM library (specify <tt>--enable-rule=SSL_SDBM</tt> at the
       APACI command line) or switch from ``<tt>SSLSessionCache dbm:</tt>'' to the
       newer ``<tt>SSLSessionCache shm:</tt>'' variant (after you have rebuilt
  -    Apache with MM, of course).
  -<p>
  +    Apache with MM, of course).</p>
  +</li>
   <li><a name="ToC10"></a>
       <a name="core-php3"></a>
  -    <strong id="faq">
  +    <strong>
   My Apache dumps core when I add both mod_ssl and PHP3?
   </strong>&nbsp;&nbsp;
       [<a href="#core-php3"><b>L</b></a>]
  -    <p>
  -    Make sure you add mod_ssl to the Apache source tree first and then do a
  +    <p>Make sure you add mod_ssl to the Apache source tree first and then do a
       fresh configuration and installation of PHP3. For SSL support EAPI patches
       are required which have to change internal Apache structures. PHP3 needs
       to know about these in order to work correctly. Always make sure that
  -    <tt>-DEAPI</tt> is contained in the compiler flags when PHP3 is built.
  -<p>
  +    <tt>-DEAPI</tt> is contained in the compiler flags when PHP3 is built.</p>
  +</li>
   <li><a name="ToC11"></a>
       <a name="dso-sym"></a>
  -    <strong id="faq">
  +    <strong>
   When I startup Apache I get errors about undefined symbols like ap_global_ctx?
   </strong>&nbsp;&nbsp;
       [<a href="#dso-sym"><b>L</b></a>]
  -    <p>
  -    This actually means you installed mod_ssl as a DSO, but without rebuilding
  +    <p>This actually means you installed mod_ssl as a DSO, but without rebuilding
       Apache with EAPI. Because EAPI is a requirement for mod_ssl, you need an
       extra patched Apache (containing the EAPI patches) and you have to build
       this Apache with EAPI enabled (explicitly specify
  -    <tt>--enable-rule=EAPI</tt> at the APACI command line).
  -<p>
  +    <tt>--enable-rule=EAPI</tt> at the APACI command line).</p>
  +</li>
   <li><a name="ToC12"></a>
       <a name="mutex-perm"></a>
  -    <strong id="faq">
  +    <strong>
   When I startup Apache I get permission errors related to SSLMutex?
   </strong>&nbsp;&nbsp;
       [<a href="#mutex-perm"><b>L</b></a>]
  -    <p>
  -    When you receive entries like ``<code>mod_ssl: Child could not open
  +    <p>When you receive entries like ``<code>mod_ssl: Child could not open
       SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows)
       [...] System: Permission denied (errno: 13)</code>'' this is usually
       caused by to restrictive permissions on the <i>parent</i> directories.
       Make sure that all parent directories (here <code>/opt</code>,
       <code>/opt/apache</code> and <code>/opt/apache/logs</code>) have the x-bit
       set at least for the UID under which Apache's children are running (see
  -    the <code>User</code> directive of Apache).
  -<p>
  +    the <code>User</code> directive of Apache).</p>
  +</li>
   <li><a name="ToC13"></a>
       <a name="mm"></a>
  -    <strong id="faq">
  +    <strong>
   When I use the MM library and the shared memory cache each process grows
   1.5MB according to `top' although I specified 512000 as the cache size?
   </strong>&nbsp;&nbsp;
       [<a href="#mm"><b>L</b></a>]
  -    <p>
  -    The additional 1MB are caused by the global shared memory pool EAPI
  +    <p>The additional 1MB are caused by the global shared memory pool EAPI
       allocates for all modules and which is not used by mod_ssl for
       various reasons. So the actually allocated shared memory is always
       1MB more than what you specify on <code>SSLSessionCache</code>.
  @@ -420,32 +429,30 @@
       indicates that <i>each</i> process grow, this is not reality, of
       course. Instead the additional memory consumption is shared by
       all processes, i.e. the 1.5MB are allocated only once per Apache
  -    instance and not once per Apache server process.
  -<p>
  +    instance and not once per Apache server process.</p>
  +</li>
   <li><a name="ToC14"></a>
       <a name="mmpath"></a>
  -    <strong id="faq">
  +    <strong>
   Apache creates files in a directory declared by the internal
   EAPI_MM_CORE_PATH define. Is there a way to override the path using a
   configuration directive?
   </strong>&nbsp;&nbsp;
       [<a href="#mmpath"><b>L</b></a>]
  -    <p>
  -    No, there is not configuration directive, because for technical
  +    <p>No, there is not configuration directive, because for technical
       bootstrapping reasons, a directive not possible at all. Instead
       use ``<code>CFLAGS='-DEAPI_MM_CORE_PATH="/path/to/wherever/"'
       ./configure ...</code>'' when building Apache or use option
  -    <b>-d</b> when starting <code>httpd</code>.
  -<p>
  +    <b>-d</b> when starting <code>httpd</code>.</p>
  +</li>
   <li><a name="ToC15"></a>
       <a name="entropy"></a>
  -    <strong id="faq">
  +    <strong>
   When I fire up the server, mod_ssl stops with the error
   "Failed to generate temporary 512 bit RSA private key", why?
   </strong>&nbsp;&nbsp;
       [<a href="#entropy"><b>L</b></a>]
  -    <p>
  -    Cryptographic software needs a source of unpredictable data
  +    <p>Cryptographic software needs a source of unpredictable data
       to work correctly. Many open source operating systems provide
       a "randomness device" that serves this purpose (usually named
       <code>/dev/random</code>). On other systems, applications have to
  @@ -455,124 +462,116 @@
       randomness report an error if the PRNG has not been seeded with
       at least 128 bits of randomness. So mod_ssl has to provide enough
       entropy to the PRNG to work correctly.  For this one has to use the
  -    <code>SSLRandomSeed</code> directives.
  +    <code>SSLRandomSeed</code> directives.</p>
  +</li>
   </ul>
  -<p>
  -<br>
  +<br />
   <h2><a name="ToC16">About Configuration</a></h2>
   <ul>
  -<p>
   <li><a name="ToC17"></a>
       <a name="https-parallel"></a>
  -    <strong id="faq">
  -Is it possible to provide HTTP and HTTPS with a single server?</strong>
  +    <strong>
  +Is it possible to provide HTTP and HTTPS with a single server?
   </strong>&nbsp;&nbsp;
       [<a href="#https-parallel"><b>L</b></a>]
  -    <p>
  -    Yes, HTTP and HTTPS use different server ports, so there is no direct
  +    <p>Yes, HTTP and HTTPS use different server ports, so there is no direct
       conflict between them. Either run two separate server instances (one binds
       to port 80, the other to port 443) or even use Apache's elegant virtual
       hosting facility where you can easily create two virtual servers which
       Apache dispatches: one responding to port 80 and speaking HTTP and one
  -    responding to port 443 speaking HTTPS.
  -<p>
  +    responding to port 443 speaking HTTPS.</p>
  +</li>
   <li><a name="ToC18"></a>
       <a name="https-port"></a>
  -    <strong id="faq">
  +    <strong>
   I know that HTTP is on port 80, but where is HTTPS?
   </strong>&nbsp;&nbsp;
       [<a href="#https-port"><b>L</b></a>]
  -    <p>
  -    You can run HTTPS on any port, but the standards specify port 443, which
  +    <p>You can run HTTPS on any port, but the standards specify port 443, which
       is where any HTTPS compliant browser will look by default. You can force
       your browser to look on a different port by specifying it in the URL like
  -    this (for port 666): <code>https://secure.server.dom:666/</code>
  -<p>
  +    this (for port 666): <code>https://secure.server.dom:666/</code></p>
  +</li>
   <li><a name="ToC19"></a>
       <a name="https-test"></a>
  -    <strong id="faq">
  +    <strong>
   How can I speak HTTPS manually for testing purposes?
   </strong>&nbsp;&nbsp;
       [<a href="#https-test"><b>L</b></a>]
  -    <p>
  -    While you usually just use
  -    <p>
  -    <code><b>$ telnet localhost 80</b></code><br>
  -    <code><b>GET / HTTP/1.0</b></code>
  -    <p>
  -    for simple testing the HTTP protocol of Apache, it's not so easy for
  +    <p>While you usually just use</p>
  +    
  +    <p><code><b>$ telnet localhost 80</b></code><br />
  +    <code><b>GET / HTTP/1.0</b></code></p>
  +    
  +    <p>for simple testing the HTTP protocol of Apache, it's not so easy for
       HTTPS because of the SSL protocol between TCP and HTTP. But with the
       help of OpenSSL's <code>s_client</code> command you can do a similar
  -    check even for HTTPS:
  -    <p>
  -    <code><b>$ openssl s_client -connect localhost:443 -state -debug</b></code><br>
  -    <code><b>GET / HTTP/1.0</b></code>
  -    <p>
  -    Before the actual HTTP response you receive detailed information about the
  +    check even for HTTPS:</p>
  +    
  +    <p><code><b>$ openssl s_client -connect localhost:443 -state -debug</b></code><br />
  +    <code><b>GET / HTTP/1.0</b></code></p>
  +    
  +    <p>Before the actual HTTP response you receive detailed information about the
       SSL handshake. For a more general command line client which directly
       understands both the HTTP and HTTPS scheme, can perform GET and POST
       methods, can use a proxy, supports byte ranges, etc. you should have a
       look at nifty <a href="http://curl.haxx.nu/">cURL</a>
       tool. With it you can directly check if your Apache is running fine on
  -    Port 80 and 443 as following:
  -    <p>
  -    <code><b>$ curl http://localhost/</b></code><br>
  -    <code><b>$ curl https://localhost/</b></code><br>
  -<p>
  +    Port 80 and 443 as following:</p>
  +    
  +    <p><code><b>$ curl http://localhost/</b></code><br />
  +    <code><b>$ curl https://localhost/</b></code><br /></p>
  +</li>
   <li><a name="ToC20"></a>
       <a name="hang"></a>
  -    <strong id="faq">
  +    <strong>
   Why does the connection hang when I connect to my SSL-aware Apache server?
   </strong>&nbsp;&nbsp;
       [<a href="#hang"><b>L</b></a>]
  -    <p>
  -    Because you connected with HTTP to the HTTPS port, i.e. you used an URL of
  +    <p>Because you connected with HTTP to the HTTPS port, i.e. you used an URL of
       the form ``<code>http://</code>'' instead of ``<code>https://</code>''.
       This also happens the other way round when you connect via HTTPS to a HTTP
       port, i.e. when you try to use ``<code>https://</code>'' on a server that
       doesn't support SSL (on this port). Make sure you are connecting to a
       virtual server that supports SSL, which is probably the IP associated with
  -    your hostname, not localhost (127.0.0.1).
  -<p>
  +    your hostname, not localhost (127.0.0.1).</p>
  +</li>
   <li><a name="ToC21"></a>
       <a name="hang"></a>
  -    <strong id="faq">
  +    <strong>
   Why do I get ``Connection Refused'' messages when trying to access my freshly
   installed Apache+mod_ssl server via HTTPS?
   </strong>&nbsp;&nbsp;
       [<a href="#hang"><b>L</b></a>]
  -    <p>
  -    There can be various reasons. Some of the common mistakes is that people
  +    <p>There can be various reasons. Some of the common mistakes is that people
       start Apache with just ``<tt>apachectl start</tt>'' (or
       ``<tt>httpd</tt>'') instead of ``<tt>apachectl startssl</tt>'' (or
       ``<tt>httpd -DSSL</tt>''. Or you're configuration is not correct. At
       least make sure that your ``<tt>Listen</tt>'' directives match your
       ``<tt>&lt;VirtualHost&gt;</tt>'' directives. And if all fails, please do
       yourself a favor and start over with the default configuration mod_ssl
  -    provides you.
  -<p>
  +    provides you.</p>
  +</li>
   <li><a name="ToC22"></a>
       <a name="env-vars"></a>
  -    <strong id="faq">
  +    <strong>
   In my CGI programs and SSI scripts the various documented
   <code>SSL_XXX</code> variables do not exist. Why?
   </strong>&nbsp;&nbsp;
       [<a href="#env-vars"><b>L</b></a>]
  -    <p>
  -    Just make sure you have ``<code>SSLOptions +StdEnvVars</code>''
  -    enabled for the context of your CGI/SSI requests.
  -<p>
  +    <p>Just make sure you have ``<code>SSLOptions +StdEnvVars</code>''
  +    enabled for the context of your CGI/SSI requests.</p>
  +</li>
   <li><a name="ToC23"></a>
       <a name="relative-links"></a>
  -    <strong id="faq">
  +    <strong>
   How can I use relative hyperlinks to switch between HTTP and HTTPS?
   </strong>&nbsp;&nbsp;
       [<a href="#relative-links"><b>L</b></a>]
  -    <p>
  -    Usually you have to use fully-qualified hyperlinks because
  +    <p>Usually you have to use fully-qualified hyperlinks because
       you have to change the URL scheme. But with the help of some URL
       manipulations through mod_rewrite you can achieve the same effect while
  -    you still can use relative URLs:
  +    you still can use relative URLs:</p>
       <pre>
       RewriteEngine on
       RewriteRule   ^/(.*):SSL$   https://%{SERVER_NAME}/$1 [R,L]
  @@ -580,22 +579,20 @@
       </pre>
       This rewrite ruleset lets you use hyperlinks of the form
       <pre>
  -    &lt;a href="document.html:SSL"&gt
  +    &lt;a href="document.html:SSL"&gt;
       </pre>
  +</li>
   </ul>
  -<p>
  -<br>
  +<br />
   <h2><a name="ToC24">About Certificates</a></h2>
   <ul>
  -<p>
   <li><a name="ToC25"></a>
       <a name="what-is"></a>
  -    <strong id="faq">
  -What are RSA Private Keys, CSRs and Certificates?</strong>
  +    <strong>
  +What are RSA Private Keys, CSRs and Certificates?
   </strong>&nbsp;&nbsp;
       [<a href="#what-is"><b>L</b></a>]
  -    <p>
  -    The RSA private key file is a digital file that you can use to decrypt
  +    <p>The RSA private key file is a digital file that you can use to decrypt
       messages sent to you. It has a public component which you distribute (via
       your Certificate file) which allows people to encrypt those messages to
       you. A Certificate Signing Request (CSR) is a digital file which contains
  @@ -606,71 +603,72 @@
       Certificate, thereby obtaining your RSA public key. That enables them to
       send messages which only you can decrypt.
       See the <a href="ssl_intro.html">Introduction</a> chapter for a general
  -    description of the SSL protocol.
  -<p>
  +    description of the SSL protocol.</p>
  +</li>
   <li><a name="ToC26"></a>
       <a name="startup"></a>
  -    <strong id="faq">
  +    <strong>
   Seems like there is a difference on startup between the original Apache and an SSL-aware Apache?
   </strong>&nbsp;&nbsp;
       [<a href="#startup"><b>L</b></a>]
  -    <p>
  -    Yes, in general, starting Apache with a built-in mod_ssl is just like
  +    <p>Yes, in general, starting Apache with a built-in mod_ssl is just like
       starting an unencumbered Apache, except for the fact that when you have a
       pass phrase on your SSL private key file. Then a startup dialog pops up
  -    asking you to enter the pass phrase.
  -    <p>
  -    To type in the pass phrase manually when starting the server can be
  +    asking you to enter the pass phrase.</p>
  +    
  +    <p>To type in the pass phrase manually when starting the server can be
       problematic, for instance when starting the server from the system boot
       scripts. As an alternative to this situation you can follow the steps
       below under ``How can I get rid of the pass-phrase dialog at Apache
  -    startup time?''.
  -<p>
  +    startup time?''.</p>
  +</li>
   <li><a name="ToC28"></a>
       <a name="cert-real"></a>
  -    <strong id="faq">
  +    <strong>
   Ok, I've got my server installed and want to create a real SSL
   server Certificate for it. How do I do it?
   </strong>&nbsp;&nbsp;
       [<a href="#cert-real"><b>L</b></a>]
  -    <p>
  -    Here is a step-by-step description:
  -    <p>
  +    <p>Here is a step-by-step description:</p>
  +    
       <ol>
       <li>Make sure OpenSSL is really installed and in your <code>PATH</code>.
           But some commands even work ok when you just run the
           ``<code>openssl</code>'' program from within the OpenSSL source tree as
  -        ``<code>./apps/openssl</code>''.
  -    <p>
  +        ``<code>./apps/openssl</code>''.<br />
  +        <br />
  +    </li>
       <li>Create a RSA private key for your Apache server
  -       (will be Triple-DES encrypted and PEM formatted):
  -       <p>
  -       <code><strong>$ openssl genrsa -des3 -out server.key 1024</strong></code>
  -       <p>
  +       (will be Triple-DES encrypted and PEM formatted):<br />
  +       <br />
  +       <code><strong>$ openssl genrsa -des3 -out server.key 1024</strong></code><br />
  +       <br />
          Please backup this <code>server.key</code> file and remember the
          pass-phrase you had to enter at a secure location.
  -       You can see the details of this RSA private key via the command:
  -       <p>
  -       <code><strong>$ openssl rsa -noout -text -in server.key</strong></code>
  -       <p>
  +       You can see the details of this RSA private key via the command:<br />
  +       <br />
  +       <code><strong>$ openssl rsa -noout -text -in server.key</strong></code><br />
  +       <br />
          And you could create a decrypted PEM version (not recommended)
  -       of this RSA private key via:
  -       <p>
  -       <code><strong>$ openssl rsa -in server.key -out server.key.unsecure</strong></code>
  -    <p>
  +       of this RSA private key via:<br />
  +       <br />
  +       <code><strong>$ openssl rsa -in server.key -out server.key.unsecure</strong></code><br />
  +       <br />
  +    </li>
       <li>Create a Certificate Signing Request (CSR) with the server RSA private
  -       key (output will be PEM formatted):
  -       <p>
  -       <code><strong>$ openssl req -new -key server.key -out server.csr</strong></code>
  -       <p>
  +       key (output will be PEM formatted):<br />
  +       <br />
  +       <code><strong>$ openssl req -new -key server.key -out server.csr</strong></code><br />
  +       <br />
          Make sure you enter the FQDN ("Fully Qualified Domain Name") of the
          server when OpenSSL prompts you for the "CommonName", i.e. when you
          generate a CSR for a website which will be later accessed via
          <code>https://www.foo.dom/</code>, enter "www.foo.dom" here.
  -       You can see the details of this CSR via the command
  -       <p>
  -       <code><strong>$ openssl req -noout -text -in server.csr</strong></code>
  -    <p>
  +       You can see the details of this CSR via the command<br />
  +       <br />
  +       <code><strong>$ openssl req -noout -text -in server.csr</strong></code><br />
  +       <br />
  +    </li>
       <li>You now have to send this Certificate Signing Request (CSR) to
          a Certifying Authority (CA) for signing. The result is then a real
          Certificate which can be used for Apache. Here you have two options:
  @@ -678,42 +676,48 @@
          Thawte. Then you usually have to post the CSR into a web form, pay for
          the signing and await the signed Certificate you then can store into a
          server.crt file. For more information about commercial CAs have a look
  -       at the following locations:
  -       <p>
  -       <ul>
  -       <li>  Verisign<br>
  +       at the following locations:<br />
  +       <br />
  +       <ol>
  +       <li>  Verisign<br />
                <a href="http://digitalid.verisign.com/server/apacheNotice.htm">
                http://digitalid.verisign.com/server/apacheNotice.htm
                </a>
  -       <li>  Thawte Consulting<br>
  +       </li>
  +       <li>  Thawte Consulting<br />
                <a href="http://www.thawte.com/certs/server/request.html">
                http://www.thawte.com/certs/server/request.html
                </a>
  -       <li>  CertiSign Certificadora Digital Ltda.<br>
  +       </li>
  +       <li>  CertiSign Certificadora Digital Ltda.<br />
                <a href="http://www.certisign.com.br">
                http://www.certisign.com.br
                </a>
  -       <li>  IKS GmbH<br>
  +       </li>
  +       <li>  IKS GmbH<br />
                <a href="http://www.iks-jena.de/produkte/ca/">
                http://www.iks-jena.de/produkte/ca/
                </a>
  -       <li>  Uptime Commerce Ltd.<br>
  +       </li>
  +       <li>  Uptime Commerce Ltd.<br />
                <a href="http://www.uptimecommerce.com">
                http://www.uptimecommerce.com
                </a>
  -       <li>  BelSign NV/SA<br>
  +       </li>
  +       <li>  BelSign NV/SA<br />
                <a href="http://www.belsign.be">
                http://www.belsign.be
                </a>
  -       </ul>
  -       <p>
  +       </li>
  +       </ol>
  +       <br />
          Second you can use your own CA and now have to sign the CSR yourself by
          this CA. Read the next answer in this FAQ on how to sign a CSR with
          your CA yourself.
  -       You can see the details of the received Certificate via the command:
  -       <p>
  -       <code><strong>$ openssl x509 -noout -text -in server.crt</strong></code>
  -    <p>
  +       You can see the details of the received Certificate via the command:<br />
  +       <br />
  +       <code><strong>$ openssl x509 -noout -text -in server.crt</strong></code><br />
  +    </li>
       <li>Now you have two files: <code>server.key</code> and
       <code>server.crt</code>. These now can be used as following inside your
       Apache's <code>httpd.conf</code> file:
  @@ -722,213 +726,210 @@
          SSLCertificateKeyFile /path/to/this/server.key
          </pre>
          The <code>server.csr</code> file is no longer needed.
  +    </li>
       </ol>
  -<p>
  +</li>
   <li><a name="ToC29"></a>
       <a name="cert-ownca"></a>
  -    <strong id="faq">
  +    <strong>
   How can I create and use my own Certificate Authority (CA)?
   </strong>&nbsp;&nbsp;
       [<a href="#cert-ownca"><b>L</b></a>]
  -    <p>
  -    The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code>
  -    script provided by OpenSSL. The long and manual answer is this:
  -    <p>
  +    <p>The short answer is to use the <code>CA.sh</code> or <code>CA.pl</code>
  +    script provided by OpenSSL. The long and manual answer is this:</p>
  +    
       <ol>
       <li>Create a RSA private key for your CA
  -       (will be Triple-DES encrypted and PEM formatted):
  -       <p>
  -       <code><strong>$ openssl genrsa -des3 -out ca.key 1024</strong></code>
  -       <p>
  +       (will be Triple-DES encrypted and PEM formatted):<br />
  +       <br />
  +       <code><strong>$ openssl genrsa -des3 -out ca.key 1024</strong></code><br />
  +       <br />
          Please backup this <code>ca.key</code> file and remember the
          pass-phrase you currently entered at a secure location.
  -       You can see the details of this RSA private key via the command
  -       <p>
  -       <code><strong>$ openssl rsa -noout -text -in ca.key</strong></code>
  -       <p>
  +       You can see the details of this RSA private key via the command<br />
  +       <br />
  +       <code><strong>$ openssl rsa -noout -text -in ca.key</strong></code><br />
  +       <br />
          And you can create a decrypted PEM version (not recommended) of this
  -       private key via:
  -       <p>
  -       <code><strong>$ openssl rsa -in ca.key -out ca.key.unsecure</strong></code>
  -    <p>
  +       private key via:<br />
  +       <br />
  +       <code><strong>$ openssl rsa -in ca.key -out ca.key.unsecure</strong></code><br />
  +       <br />
  +    </li>
       <li>Create a self-signed CA Certificate (X509 structure)
  -       with the RSA key of the CA (output will be PEM formatted):
  -       <p>
  -       <code><strong>$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt</strong></code>
  -       <p>
  -       You can see the details of this Certificate via the command:
  -       <p>
  -       <code><strong>$ openssl x509 -noout -text -in ca.crt</strong></code>
  -    <p>
  +       with the RSA key of the CA (output will be PEM formatted):<br />
  +       <br />
  +       <code><strong>$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt</strong></code><br />
  +       <br />
  +       You can see the details of this Certificate via the command:<br />
  +       <br />
  +       <code><strong>$ openssl x509 -noout -text -in ca.crt</strong></code><br />
  +       <br />
  +    </li>
       <li>Prepare a script for signing which is needed because
          the ``<code>openssl ca</code>'' command has some strange requirements
          and the default OpenSSL config doesn't allow one easily to use
          ``<code>openssl ca</code>'' directly. So a script named
          <code>sign.sh</code> is distributed with the mod_ssl distribution
          (subdir <code>pkg.contrib/</code>). Use this script for signing.
  -    <p>
  +    </li>
       <li>Now you can use this CA to sign server CSR's in order to create real
          SSL Certificates for use inside an Apache webserver (assuming
  -       you already have a <code>server.csr</code> at hand):
  -       <p>
  -       <code><strong>$ ./sign.sh server.csr</strong></code>
  -       <p>
  -       This signs the server CSR and results in a <code>server.crt</code> file.
  +       you already have a <code>server.csr</code> at hand):<br />
  +       <br />
  +       <code><strong>$ ./sign.sh server.csr</strong></code><br />
  +       <br />
  +       This signs the server CSR and results in a <code>server.crt</code> file.<br />
  +    </li>
       </ol>
  -<p>
  +</li>
   <li><a name="ToC30"></a>
       <a name="change-passphrase"></a>
  -    <strong id="faq">
  +    <strong>
   How can I change the pass-phrase on my private key file?
   </strong>&nbsp;&nbsp;
       [<a href="#change-passphrase"><b>L</b></a>]
  -    <p>
  -    You simply have to read it with the old pass-phrase and write it again
  +    <p>You simply have to read it with the old pass-phrase and write it again
       by specifying the new pass-phrase. You can accomplish this with the following
  -    commands:
  -    <p>
  -    <code><strong>$ openssl rsa -des3 -in server.key -out server.key.new</strong></code><br>
  -    <code><strong>$ mv server.key.new server.key</strong></code><br>
  -    <p>
  -    Here you're asked two times for a PEM pass-phrase. At the first
  +    commands:</p>
  +    
  +    <p><code><strong>$ openssl rsa -des3 -in server.key -out server.key.new</strong></code><br />
  +    <code><strong>$ mv server.key.new server.key</strong></code><br /></p>
  +    
  +    <p>Here you're asked two times for a PEM pass-phrase. At the first
       prompt enter the old pass-phrase and at the second prompt
  -    enter the new pass-phrase.
  -<p>
  +    enter the new pass-phrase.</p>
  +</li>
   <li><a name="ToC31"></a>
       <a name="remove-passphrase"></a>
  -    <strong id="faq">
  +    <strong>
   How can I get rid of the pass-phrase dialog at Apache startup time?
   </strong>&nbsp;&nbsp;
       [<a href="#remove-passphrase"><b>L</b></a>]
  -    <p>
  -    The reason why this dialog pops up at startup and every re-start
  +    <p>The reason why this dialog pops up at startup and every re-start
       is that the RSA private key inside your server.key file is stored in
       encrypted format for security reasons. The pass-phrase is needed to be
       able to read and parse this file. When you can be sure that your server is
  -    secure enough you perform two steps:
  -    <p>
  +    secure enough you perform two steps:</p>
  +    
       <ol>
       <li>Remove the encryption from the RSA private key (while
  -       preserving the original file):
  -       <p>
  -       <code><strong>$ cp server.key server.key.org</strong></code><br>
  -       <code><strong>$ openssl rsa -in server.key.org -out server.key</strong></code>
  -    <p>
  -    <li>Make sure the server.key file is now only readable by root:
  -       <p>
  -       <code><strong>$ chmod 400 server.key</strong></code>
  +       preserving the original file):<br />
  +       <br />
  +       <code><strong>$ cp server.key server.key.org</strong></code><br />
  +       <code><strong>$ openssl rsa -in server.key.org -out server.key</strong></code><br />
  +       <br />
  +    </li>
  +    <li>Make sure the server.key file is now only readable by root:<br />
  +       <br />
  +       <code><strong>$ chmod 400 server.key</strong></code><br />
  +       <br />
  +    </li>
       </ol>
  -    <p>
  -    Now <code>server.key</code> will contain an unencrypted copy of the key.
  +    <p>Now <code>server.key</code> will contain an unencrypted copy of the key.
       If you point your server at this file it will not prompt you for a
       pass-phrase. HOWEVER, if anyone gets this key they will be able to
       impersonate you on the net. PLEASE make sure that the permissions on that
       file are really such that only root or the web server user can read it
       (preferably get your web server to start as root but run as another
  -    server, and have the key readable only by root).
  -    <p>
  -    As an alternative approach you can use the ``<code>SSLPassPhraseDialog
  +    server, and have the key readable only by root).</p>
  +    
  +    <p>As an alternative approach you can use the ``<code>SSLPassPhraseDialog
       exec:/path/to/program</code>'' facility. But keep in mind that this is
  -    neither more nor less secure, of course.
  -<p>
  +    neither more nor less secure, of course.</p>
  +</li>
   <li><a name="ToC32"></a>
       <a name="verify-key"></a>
  -    <strong id="faq">
  +    <strong>
   How do I verify that a private key matches its Certificate?
   </strong>&nbsp;&nbsp;
       [<a href="#verify-key"><b>L</b></a>]
  -    <p>
  -    The private key contains a series of numbers. Two of those numbers form
  +    <p>The private key contains a series of numbers. Two of those numbers form
       the "public key", the others are part of your "private key". The "public
       key" bits are also embedded in your Certificate (we get them from your
       CSR). To check that the public key in your cert matches the public
       portion of your private key, you need to view the cert and the key and
       compare the numbers. To view the Certificate and the key run the
  -    commands:
  -    <p>
  -    <code><strong>$ openssl x509 -noout -text -in server.crt</strong></code><br>
  -    <code><strong>$ openssl rsa -noout -text -in server.key</strong></code>
  -    <p>
  -    The `modulus' and the `public exponent' portions in the key and the
  +    commands:</p>
  +    
  +    <p><code><strong>$ openssl x509 -noout -text -in server.crt</strong></code><br />
  +    <code><strong>$ openssl rsa -noout -text -in server.key</strong></code></p>
  +    
  +    <p>The `modulus' and the `public exponent' portions in the key and the
       Certificate must match. But since the public exponent is usually 65537
       and it's bothering comparing long modulus you can use the following
  -    approach:
  -    <p>
  -    <code><strong>$ openssl x509 -noout -modulus -in server.crt | openssl md5</strong></code><br>
  -    <code><strong>$ openssl rsa -noout -modulus -in server.key | openssl md5</strong></code>
  -    <p>
  -    And then compare these really shorter numbers. With overwhelming
  +    approach:</p>
  +    
  +    <p><code><strong>$ openssl x509 -noout -modulus -in server.crt | openssl md5</strong></code><br />
  +    <code><strong>$ openssl rsa -noout -modulus -in server.key | openssl md5</strong></code></p>
  +    
  +    <p>And then compare these really shorter numbers. With overwhelming
       probability they will differ if the keys are different. BTW, if I want to
  -    check to which key or certificate a particular CSR belongs you can compute
  -    <p>
  -    <code><strong>$ openssl req -noout -modulus -in server.csr | openssl md5</strong></code>
  -<p>
  +    check to which key or certificate a particular CSR belongs you can compute</p>
  +    
  +    <p><code><strong>$ openssl req -noout -modulus -in server.csr | openssl md5</strong></code></p>
  +</li>
   <li><a name="ToC33"></a>
       <a name="keysize1"></a>
  -    <strong id="faq">
  +    <strong>
   What does it mean when my connections fail with an "alert bad certificate"
   error?
   </strong>&nbsp;&nbsp;
       [<a href="#keysize1"><b>L</b></a>]
  -    <p>
  -    Usually when you see errors like ``<tt>OpenSSL: error:14094412: SSL
  +    <p>Usually when you see errors like ``<tt>OpenSSL: error:14094412: SSL
       routines:SSL3_READ_BYTES:sslv3 alert bad certificate</tt>'' in the SSL
       logfile, this means that the browser was unable to handle the server
       certificate/private-key which perhaps contain a RSA-key not equal to 1024
  -    bits. For instance Netscape Navigator 3.x is one of those browsers.
  -<p>
  +    bits. For instance Netscape Navigator 3.x is one of those browsers.</p>
  +</li>
   <li><a name="ToC34"></a>
       <a name="keysize2"></a>
  -    <strong id="faq">
  +    <strong>
   Why does my 2048-bit private key not work?
   </strong>&nbsp;&nbsp;
       [<a href="#keysize2"><b>L</b></a>]
  -    <p>
  -    The private key sizes for SSL must be either 512 or 1024 for compatibility
  +    <p>The private key sizes for SSL must be either 512 or 1024 for compatibility
       with certain web browsers. A keysize of 1024 bits is recommended because
       keys larger than 1024 bits are incompatible with some versions of Netscape
       Navigator and Microsoft Internet Explorer, and with other browsers that
  -    use RSA's BSAFE cryptography toolkit.
  -<p>
  +    use RSA's BSAFE cryptography toolkit.</p>
  +</li>
   <li><a name="ToC35"></a>
       <a name="hash-symlinks"></a>
  -    <strong id="faq">
  +    <strong>
   Why is client authentication broken after upgrading from
   SSLeay version 0.8 to 0.9?
   </strong>&nbsp;&nbsp;
       [<a href="#hash-symlinks"><b>L</b></a>]
  -    <p>
  -    The CA certificates under the path you configured with
  +    <p>The CA certificates under the path you configured with
       <code>SSLCACertificatePath</code> are found by SSLeay through hash
       symlinks. These hash values are generated by the `<code>openssl x509 -noout
       -hash</code>' command. But the algorithm used to calculate the hash for a
       certificate has changed between SSLeay 0.8 and 0.9. So you have to remove
       all old hash symlinks and re-create new ones after upgrading. Use the
  -    <code>Makefile</code> mod_ssl placed into this directory.
  -<p>
  +    <code>Makefile</code> mod_ssl placed into this directory.</p>
  +</li>
   <li><a name="ToC36"></a>
       <a name="pem-to-der"></a>
  -    <strong id="faq">
  +    <strong>
   How can I convert a certificate from PEM to DER format?
   </strong>&nbsp;&nbsp;
       [<a href="#pem-to-der"><b>L</b></a>]
  -    <p>
  -    The default certificate format for SSLeay/OpenSSL is PEM, which actually
  +    <p>The default certificate format for SSLeay/OpenSSL is PEM, which actually
       is Base64 encoded DER with header and footer lines. For some applications
       (e.g. Microsoft Internet Explorer) you need the certificate in plain DER
       format. You can convert a PEM file <code>cert.pem</code> into the
       corresponding DER file <code>cert.der</code> with the following command:
  -    <code><strong>$ openssl x509 -in cert.pem -out cert.der -outform DER</strong></code>
  -<p>
  +    <code><strong>$ openssl x509 -in cert.pem -out cert.der -outform DER</strong></code></p>
  +</li>
   <li><a name="ToC37"></a>
       <a name="verisign-getca"></a>
  -    <strong id="faq">
  +    <strong>
   I try to install a Verisign certificate. Why can't I find neither the
   <code>getca</code> nor <code>getverisign</code> programs Verisign mentions?
   </strong>&nbsp;&nbsp;
       [<a href="#verisign-getca"><b>L</b></a>]
  -    <p>
  -    This is because Verisign has never provided specific instructions
  +    <p>This is because Verisign has never provided specific instructions
       for Apache+mod_ssl. Rather they tell you what you should do
       if you were using C2Net's Stronghold (a commercial Apache
       based server with SSL support). The only thing you have to do
  @@ -938,132 +939,122 @@
       <code>SSLCertificateKeyFile</code> directive). For a better
       CA-related overview on SSL certificate fiddling you can look at <a
       href="http://www.thawte.com/certs/server/keygen/mod_ssl.html">
  -    Thawte's mod_ssl instructions</a>.
  -<p>
  +    Thawte's mod_ssl instructions</a>.</p>
  +</li>
   <li><a name="ToC38"></a>
       <a name="gid"></a>
  -    <strong id="faq">
  +    <strong>
   Can I use the Server Gated Cryptography (SGC) facility (aka Verisign Global
   ID) also with mod_ssl?
   </strong>&nbsp;&nbsp;
       [<a href="#gid"><b>L</b></a>]
  -    <p>
  -    Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have
  +    <p>Yes, mod_ssl since version 2.1 supports the SGC facility. You don't have
       to configure anything special for this, just use a Global ID as your
       server certificate. The <i>step up</i> of the clients are then
       automatically handled by mod_ssl under run-time. For details please read
  -    the <tt>README.GlobalID</tt> document in the mod_ssl distribution.
  -<p>
  +    the <tt>README.GlobalID</tt> document in the mod_ssl distribution.</p>
  +</li>
   <li><a name="ToC39"></a>
       <a name="gid"></a>
  -    <strong id="faq">
  +    <strong>
   After I have installed my new Verisign Global ID server certificate, the
   browsers complain that they cannot verify the server certificate?
   </strong>&nbsp;&nbsp;
       [<a href="#gid"><b>L</b></a>]
  -    <p>
  -    That is because Verisign uses an intermediate CA certificate between
  +    <p>That is because Verisign uses an intermediate CA certificate between
       the root CA certificate (which is installed in the browsers) and
       the server certificate (which you installed in the server). You
       should have received this additional CA certificate from Verisign.
       If not, complain to them. Then configure this certificate with the
       <code>SSLCertificateChainFile</code> directive in the server. This
       makes sure the intermediate CA certificate is send to the browser
  -    and this way fills the gap in the certificate chain.
  +    and this way fills the gap in the certificate chain.</p>
  +</li>
   </ul>
  -<p>
  -<br>
  +<br />
   <h2><a name="ToC40">About SSL Protocol</a></h2>
   <ul>
  -<p>
   <li><a name="ToC41"></a>
       <a name="random-errors"></a>
  -    <strong id="faq">
  +    <strong>
   Why do I get lots of random SSL protocol errors under heavy server load?
   </strong>&nbsp;&nbsp;
       [<a href="#random-errors"><b>L</b></a>]
  -    <p>
  -    There can be a number of reasons for this, but the main one
  +    <p>There can be a number of reasons for this, but the main one
       is problems with the SSL session Cache specified by the
       <tt>SSLSessionCache</tt> directive. The DBM session cache is most
       likely the source of the problem, so trying the SHM session cache or
  -    no cache at all may help.
  -<p>
  +    no cache at all may help.</p>
  +</li>
   <li><a name="ToC42"></a>
       <a name="load"></a>
  -    <strong id="faq">
  +    <strong>
   Why has my webserver a higher load now that I run SSL there?
   </strong>&nbsp;&nbsp;
       [<a href="#load"><b>L</b></a>]
  -    <p>
  -    Because SSL uses strong cryptographic encryption and this needs a lot of
  +    <p>Because SSL uses strong cryptographic encryption and this needs a lot of
       number crunching. And because when you request a webpage via HTTPS even
       the images are transfered encrypted. So, when you have a lot of HTTPS
  -    traffic the load increases.
  -<p>
  +    traffic the load increases.</p>
  +</li>
   <li><a name="ToC43"></a>
       <a name="random"></a>
  -    <strong id="faq">
  +    <strong>
   Often HTTPS connections to my server require up to 30 seconds for establishing
   the connection, although sometimes it works faster?
   </strong>&nbsp;&nbsp;
       [<a href="#random"><b>L</b></a>]
  -    <p>
  -    Usually this is caused by using a <code>/dev/random</code> device for
  +    <p>Usually this is caused by using a <code>/dev/random</code> device for
       <code>SSLRandomSeed</code> which is blocking in read(2) calls if not
       enough entropy is available. Read more about this problem in the refernce
  -    chapter under <code>SSLRandomSeed</code>.
  -<p>
  +    chapter under <code>SSLRandomSeed</code>.</p>
  +</li>
   <li><a name="ToC44"></a>
       <a name="ciphers"></a>
  -    <strong id="faq">
  +    <strong>
   What SSL Ciphers are supported by mod_ssl?
   </strong>&nbsp;&nbsp;
       [<a href="#ciphers"><b>L</b></a>]
  -    <p>
  -    Usually just all SSL ciphers which are supported by the
  +    <p>Usually just all SSL ciphers which are supported by the
       version of OpenSSL in use (can depend on the way you built
  -    OpenSSL). Typically this at least includes the following:
  -    <p>
  -    <ul>
  -    <li>RC4 with MD5
  -    <li>RC4 with MD5 (export version restricted to 40-bit key)
  -    <li>RC2 with MD5
  -    <li>RC2 with MD5 (export version restricted to 40-bit key)
  -    <li>IDEA with MD5
  -    <li>DES with MD5
  -    <li>Triple-DES with MD5
  -    </ul>
  -    <p>
  -    To determine the actual list of supported ciphers you can
  -    run the following command:
  -    <p>
  -    <code><strong>$ openssl ciphers -v</strong></code><br>
  -<p>
  +    OpenSSL). Typically this at least includes the following:</p>
  +    
  +    <ol>
  +    <li>RC4 with MD5</li>
  +    <li>RC4 with MD5 (export version restricted to 40-bit key)</li>
  +    <li>RC2 with MD5</li>
  +    <li>RC2 with MD5 (export version restricted to 40-bit key)</li>
  +    <li>IDEA with MD5</li>
  +    <li>DES with MD5</li>
  +    <li>Triple-DES with MD5</li>
  +    </ol>
  +    
  +    <p>To determine the actual list of supported ciphers you can
  +    run the following command:</p>
  +    <code><strong>$ openssl ciphers -v</strong></code><br />
  +</li>
   <li><a name="ToC45"></a>
       <a name="cipher-adh"></a>
  -    <strong id="faq">
  +    <strong>
   I want to use Anonymous Diffie-Hellman (ADH) ciphers, but I always get ``no
   shared cipher'' errors?
   </strong>&nbsp;&nbsp;
       [<a href="#cipher-adh"><b>L</b></a>]
  -    <p>
  -    In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough
  +    <p>In order to use Anonymous Diffie-Hellman (ADH) ciphers, it is not enough
       to just put ``<code>ADH</code>'' into your <code>SSLCipherSuite</code>.
       Additionally you have to build OpenSSL with
       ``<code>-DSSL_ALLOW_ADH</code>''. Because per default OpenSSL does not
       allow ADH ciphers for security reasons. So if you are actually enabling
  -    these ciphers make sure you are informed about the side-effects.
  -<p>
  +    these ciphers make sure you are informed about the side-effects.</p>
  +</li>
   <li><a name="ToC46"></a>
       <a name="cipher-shared"></a>
  -    <strong id="faq">
  +    <strong>
   I always just get a 'no shared ciphers' error if
   I try to connect to my freshly installed server?
   </strong>&nbsp;&nbsp;
       [<a href="#cipher-shared"><b>L</b></a>]
  -    <p>
  -    Either you have messed up your <code>SSLCipherSuite</code>
  +    <p>Either you have messed up your <code>SSLCipherSuite</code>
       directive (compare it with the pre-configured example in
       <code>httpd.conf-dist</code>) or you have choosen the DSA/DH
       algorithms instead of RSA when you generated your private key
  @@ -1073,16 +1064,15 @@
       certificate/key pair). But current browsers like NS or IE only speak
       RSA ciphers. The result is the "no shared ciphers" error. To fix
       this, regenerate your server certificate/key pair and this time
  -    choose the RSA algorithm.
  -<p>
  +    choose the RSA algorithm.</p>
  +</li>
   <li><a name="ToC47"></a>
       <a name="vhosts"></a>
  -    <strong id="faq">
  +    <strong>
   Why can't I use SSL with name-based/non-IP-based virtual hosts?
   </strong>&nbsp;&nbsp;
       [<a href="#vhosts"><b>L</b></a>]
  -    <p>
  -    The reason is very technical. Actually it's some sort of a chicken and
  +    <p>The reason is very technical. Actually it's some sort of a chicken and
       egg problem: The SSL protocol layer stays below the HTTP protocol layer
       and encapsulates HTTP. When an SSL connection (HTTPS) is established
       Apache/mod_ssl has to negotiate the SSL protocol parameters with the
  @@ -1092,18 +1082,17 @@
       Apache has to know the <code>Host</code> HTTP header field. For this the
       HTTP request header has to be read. This cannot be done before the SSL
       handshake is finished. But the information is already needed at the SSL
  -    handshake phase. Bingo!
  -<p>
  +    handshake phase. Bingo!</p>
  +</li>
   <li><a name="ToC48"></a>
       <a name="lock-icon"></a>
  -    <strong id="faq">
  +    <strong>
   When I use Basic Authentication over HTTPS the lock icon in Netscape browsers
   still shows the unlocked state when the dialog pops up. Does this mean the
   username/password is still transmitted unencrypted?
   </strong>&nbsp;&nbsp;
       [<a href="#lock-icon"><b>L</b></a>]
  -    <p>
  -    No, the username/password is already transmitted encrypted. The icon in
  +    <p>No, the username/password is already transmitted encrypted. The icon in
       Netscape browsers is just not really synchronized with the SSL/TLS layer
       (it toggles to the locked state when the first part of the actual webpage
       data is transferred which is not quite correct) and this way confuses
  @@ -1111,29 +1100,28 @@
       this layer is above the SSL/TLS layer in HTTPS. And before any HTTP data
       communication takes place in HTTPS the SSL/TLS layer has already done the
       handshake phase and switched to encrypted communication. So, don't get
  -    confused by this icon.
  -<p>
  +    confused by this icon.</p>
  +</li>
   <li><a name="ToC49"></a>
       <a name="io-ie"></a>
  -    <strong id="faq">
  +    <strong>
   When I connect via HTTPS to an Apache+mod_ssl+OpenSSL server with Microsoft Internet
   Explorer (MSIE) I get various I/O errors. What is the reason?
   </strong>&nbsp;&nbsp;
       [<a href="#io-ie"><b>L</b></a>]
  -    <p>
  -    The first reason is that the SSL implementation in some MSIE versions has
  +    <p>The first reason is that the SSL implementation in some MSIE versions has
       some subtle bugs related to the HTTP keep-alive facility and the SSL close
       notify alerts on socket connection close. Additionally the interaction
       between SSL and HTTP/1.1 features are problematic with some MSIE versions,
       too. You've to work-around these problems by forcing
       Apache+mod_ssl+OpenSSL to not use HTTP/1.1, keep-alive connections or
       sending the SSL close notify messages to MSIE clients. This can be done by
  -    using the following directive in your SSL-aware virtual host section:
  +    using the following directive in your SSL-aware virtual host section:</p>
       <pre>
       SetEnvIf User-Agent ".*MSIE.*" \
                <b>nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0</b></pre>
  -    Additionally it is known some MSIE versions have also problems
  +    <p>Additionally it is known some MSIE versions have also problems
       with particular ciphers. Unfortunately one cannot workaround these
       bugs only for those MSIE particular clients, because the ciphers
       are already used in the SSL handshake phase. So a MSIE-specific
  @@ -1141,41 +1129,41 @@
       has to do more drastic adjustments to the global parameters. But
       before you decide to do this, make sure your clients really have
       problems. If not, do not do this, because it affects all(!) your
  -    clients, i.e., also your non-MSIE clients.
  -    <p>
  -    The next problem is that 56bit export versions of MSIE 5.x browsers have a
  +    clients, i.e., also your non-MSIE clients.</p>
  +    
  +    <p>The next problem is that 56bit export versions of MSIE 5.x browsers have a
       broken SSLv3 implementation which badly interacts with OpenSSL versions
       greater than 0.9.4. You can either accept this and force your clients to
       upgrade their browsers, or you downgrade to OpenSSL 0.9.4 (hmmm), or you
       can decide to workaround it by accepting the drawback that your workaround
  -    will horribly affect also other browsers:
  +    will horribly affect also other browsers:</p>
       <pre>
       SSLProtocol all <b>-SSLv3</b></pre>
  -    This completely disables the SSLv3 protocol and lets those browsers work.
  +    <p>This completely disables the SSLv3 protocol and lets those browsers work.
       But usually this is an even less acceptable workaround. A more reasonable
       workaround is to address the problem more closely and disable only the
  -    ciphers which cause trouble.
  +    ciphers which cause trouble.</p>
       <pre>
       SSLCipherSuite ALL:!ADH:<b>!EXPORT56</b>:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</pre>
  -    This also lets the broken MSIE versions work, but only removes the
  -    newer 56bit TLS ciphers.
  -    <p>
  -    Another problem with MSIE 5.x clients is that they refuse to connect to
  +    <p>This also lets the broken MSIE versions work, but only removes the
  +    newer 56bit TLS ciphers.</p>
  +    
  +    <p>Another problem with MSIE 5.x clients is that they refuse to connect to
       URLs of the form <tt>https://12.34.56.78/</tt> (IP-addresses are used
       instead of the hostname), if the server is using the Server Gated
       Cryptography (SGC) facility. This can only be avoided by using the fully
       qualified domain name (FQDN) of the website in hyperlinks instead, because
  -    MSIE 5.x has an error in the way it handles the SGC negotiation.
  -    <p>
  -    And finally there are versions of MSIE which seem to require that
  +    MSIE 5.x has an error in the way it handles the SGC negotiation.</p>
  +    
  +    <p>And finally there are versions of MSIE which seem to require that
       an SSL session can be reused (a totally non standard-conforming
       behaviour, of course). Connection with those MSIE versions only work
       if a SSL session cache is used. So, as a work-around, make sure you
  -    are using a session cache (see <tt>SSLSessionCache</tt> directive).
  -<p>
  +    are using a session cache (see <tt>SSLSessionCache</tt> directive).</p>
  +</li>
   <li><a name="ToC50"></a>
       <a name="io-ns"></a>
  -    <strong id="faq">
  +    <strong>
   When I connect via HTTPS to an Apache+mod_ssl server with Netscape Navigator I
   get I/O errors and the message "Netscape has encountered bad data from the
   server" What's the reason?
  @@ -1187,168 +1175,167 @@
       server certificate. Once you clear the entry in your browser for the old
       certificate, everything usually will work fine. Netscape's SSL
       implementation is correct, so when you encounter I/O errors with Netscape
  -    Navigator it is most of the time caused by the configured certificates.
  +    Navigator it is most of the time caused by the configured certificates.</p>
  +</li>
   </ul>
  -<p>
  -<br>
  +<br />
   <h2><a name="ToC51">About Support</a></h2>
   <ul>
  -<p>
   <li><a name="ToC52"></a>
       <a name="resources"></a>
  -    <strong id="faq">
  +    <strong>
   What information resources are available in case of mod_ssl problems?
   </strong>&nbsp;&nbsp;
       [<a href="#resources"><b>L</b></a>]
  -    <p>
  -The following information resources are available.
  -In case of problems you should search here first.
  -<p>
  -<ol>
  -<li><em>Answers in the User Manual's F.A.Q. List (this)</em><br>
  -    <a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html">
  -    http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html</a><br>
  -    First look inside the F.A.Q. (this text), perhaps your problem is such
  -    popular that it was already answered a lot of times in the past.
  -<p>
  -<li><em>Postings from the modssl-users Support Mailing List</em>
  -    <a href="http://www.modssl.org/support/">
  -    http://www.modssl.org/support/</a><br>
  -    Second search for your problem in one of the existing archives of the
  -    modssl-users mailing list. Perhaps your problem popped up at least once for
  -    another user, too.
  -<p>
  -<li><em>Problem Reports in the Bug Database</em>
  -    <a href="http://www.modssl.org/support/bugdb/">
  -    http://www.modssl.org/support/bugdb/</a><br>
  -    Third look inside the mod_ssl Bug Database. Perhaps
  -    someone else already has reported the problem.
  -</ol>
  -<p>
  +    <p>The following information resources are available.
  +    In case of problems you should search here first.</p>
  +
  +    <ol>
  +    <li><em>Answers in the User Manual's F.A.Q. List (this)</em><br />
  +        <a href="http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html">
  +        http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html</a><br />
  +        First look inside the F.A.Q. (this text), perhaps your problem is such
  +        popular that it was already answered a lot of times in the past.
  +    </li>
  +    <li><em>Postings from the modssl-users Support Mailing List</em>
  +        <a href="http://www.modssl.org/support/">
  +        http://www.modssl.org/support/</a><br />
  +        Second search for your problem in one of the existing archives of the
  +        modssl-users mailing list. Perhaps your problem popped up at least once for
  +        another user, too.
  +    </li>
  +    <li><em>Problem Reports in the Bug Database</em>
  +        <a href="http://www.modssl.org/support/bugdb/">
  +        http://www.modssl.org/support/bugdb/</a><br />
  +        Third look inside the mod_ssl Bug Database. Perhaps
  +        someone else already has reported the problem.
  +    </li>
  +    </ol>
  +</li>
   <li><a name="ToC53"></a>
       <a name="contact"></a>
  -    <strong id="faq">
  +    <strong>
   What support contacts are available in case of mod_ssl problems?
   </strong>&nbsp;&nbsp;
       [<a href="#contact"><b>L</b></a>]
  -    <p>
  -The following lists all support possibilities for mod_ssl, in order of
  -preference, i.e. start in this order and do not pick the support possibility
  -you just like most, please.
  -<p>
  -<ol>
  -<li><em>Write a Problem Report into the Bug Database</em><br>
  -    <a href="http://www.modssl.org/support/bugdb/">
  -    http://www.modssl.org/support/bugdb/</a><br>
  -    This is the preferred way of submitting your problem report, because this
  -    way it gets filed into the bug database (it cannot be lost) <em>and</em>
  -    send to the modssl-users mailing list (others see the current problems and
  -    learn from answers).
  -<p>
  -<li><em>Write a Problem Report to the modssl-users Support Mailing List</em><br>
  -    <a href="mailto:modssl-users@modssl.org">
  -    modssl-users&nbsp;@&nbsp;modssl.org</a><br>
  -    This is the second way of submitting your problem report. You have to
  -    subscribe to the list first, but then you can easily discuss your problem
  -    with both the author and the whole mod_ssl user community.
  -<p>
  -<li><em>Write a Problem Report to the author</em><br>
  -    <a href="mailto:rse@engelschall.com">
  -    rse&nbsp;@&nbsp;engelschall.com</a><br>
  -    This is the last way of submitting your problem report. Please avoid this
  -    in your own interest because the author is really a very busy men. Your
  -    mail will always be filed to one of his various mail-folders and is
  -    usually not processed as fast as a posting on modssl-users.
  -</ol>
  -<p>
  +    <p>The following lists all support possibilities for mod_ssl, in order of
  +    preference, i.e. start in this order and do not pick the support possibility
  +    you just like most, please.</p>
  +
  +    <ol>
  +    <li><em>Write a Problem Report into the Bug Database</em><br />
  +        <a href="http://www.modssl.org/support/bugdb/">
  +        http://www.modssl.org/support/bugdb/</a><br />
  +        This is the preferred way of submitting your problem report, because this
  +        way it gets filed into the bug database (it cannot be lost) <em>and</em>
  +        send to the modssl-users mailing list (others see the current problems and
  +        learn from answers).
  +    </li>
  +    <li><em>Write a Problem Report to the modssl-users Support Mailing List</em><br />
  +        <a href="mailto:modssl-users@modssl.org">
  +        modssl-users&nbsp;@&nbsp;modssl.org</a><br />
  +        This is the second way of submitting your problem report. You have to
  +        subscribe to the list first, but then you can easily discuss your problem
  +        with both the author and the whole mod_ssl user community.
  +    </li>
  +    <li><em>Write a Problem Report to the author</em><br />
  +        <a href="mailto:rse@engelschall.com">
  +        rse&nbsp;@&nbsp;engelschall.com</a><br />
  +        This is the last way of submitting your problem report. Please avoid this
  +        in your own interest because the author is really a very busy men. Your
  +        mail will always be filed to one of his various mail-folders and is
  +        usually not processed as fast as a posting on modssl-users.
  +    </li>
  +    </ol>
  +</li>
   <li><a name="ToC54"></a>
       <a name="report-details"></a>
  -    <strong id="faq">
  +    <strong>
   What information and details I've to provide to
   the author when writing a bug report?
   </strong>&nbsp;&nbsp;
       [<a href="#report-details"><b>L</b></a>]
  -    <p>
  -You have to at least always provide the following information:
  -<p>
  -<ul>
  -<li><em>Apache, mod_ssl and OpenSSL version information</em><br>
  -    The mod_ssl version you should really know. For instance, it's the version
  -    number in the distribution tarball. The Apache version can be determined
  -    by running ``<code>httpd -v</code>''. The OpenSSL version can be
  -    determined by running ``<code>openssl version</code>''. Alternatively when
  -    you have Lynx installed you can run the command ``<code>lynx -mime_header
  -    http://localhost/ | grep Server</code>'' to determine all information in a
  -    single step.
  -<p>
  -<li><em>The details on how you built and installed Apache+mod_ssl+OpenSSL</em><br>
  -    For this you can provide a logfile of your terminal session which shows
  -    the configuration and install steps. Alternatively you can at least
  -    provide the author with the APACI `<code>configure</code>'' command line
  -    you used (assuming you used APACI, of course).
  -<p>
  -<li><em>In case of core dumps please include a Backtrace</em><br>
  -    In case your Apache+mod_ssl+OpenSSL should really dumped core please attach
  -    a stack-frame ``backtrace'' (see the next question on how to get it).
  -    Without this information the reason for your core dump cannot be found.
  -    So you have to provide the backtrace, please.
  -<p>
  -<li><em>A detailed description of your problem</em><br>
  -    Don't laugh, I'm totally serious. I already got a lot of problem reports
  -    where the people not really said what's the actual problem is. So, in your
  -    own interest (you want the problem be solved, don't you?) include as much
  -    details as possible, please. But start with the essentials first, of
  -    course.
  -</ul>
  -<p>
  +    <p>You have to at least always provide the following information:</p>
  +
  +    <ol>
  +    <li><em>Apache, mod_ssl and OpenSSL version information</em><br />
  +        The mod_ssl version you should really know. For instance, it's the version
  +        number in the distribution tarball. The Apache version can be determined
  +        by running ``<code>httpd -v</code>''. The OpenSSL version can be
  +        determined by running ``<code>openssl version</code>''. Alternatively when
  +        you have Lynx installed you can run the command ``<code>lynx -mime_header
  +        http://localhost/ | grep Server</code>'' to determine all information in a
  +        single step.
  +    </li>
  +    <li><em>The details on how you built and installed Apache+mod_ssl+OpenSSL</em><br />
  +        For this you can provide a logfile of your terminal session which shows
  +        the configuration and install steps. Alternatively you can at least
  +        provide the author with the APACI `<code>configure</code>'' command line
  +        you used (assuming you used APACI, of course).
  +    </li>
  +    <li><em>In case of core dumps please include a Backtrace</em><br />
  +        In case your Apache+mod_ssl+OpenSSL should really dumped core please attach
  +        a stack-frame ``backtrace'' (see the next question on how to get it).
  +        Without this information the reason for your core dump cannot be found.
  +        So you have to provide the backtrace, please.
  +    </li>
  +    <li><em>A detailed description of your problem</em><br />
  +        Don't laugh, I'm totally serious. I already got a lot of problem reports
  +        where the people not really said what's the actual problem is. So, in your
  +        own interest (you want the problem be solved, don't you?) include as much
  +        details as possible, please. But start with the essentials first, of
  +        course.
  +    </li>
  +    </ol>
  +</li>
   <li><a name="ToC55"></a>
       <a name="core-dumped"></a>
  -    <strong id="faq">
  +    <strong>
   I got a core dump, can you help me?
   </strong>&nbsp;&nbsp;
       [<a href="#core-dumped"><b>L</b></a>]
  -    <p>
  -    In general no, at least not unless you provide more details about the code
  +    <p>In general no, at least not unless you provide more details about the code
       location where Apache dumped core. What is usually always required in
       order to help you is a backtrace (see next question). Without this
       information it is mostly impossible to find the problem and help you in
  -    fixing it.
  -<p>
  +    fixing it.</p>
  +</li>
   <li><a name="ToC56"></a>
       <a name="report-backtrace"></a>
  -    <strong id="faq">
  +    <strong>
   Ok, I got a core dump but how do I get a backtrace to find out the reason for it?
   </strong>&nbsp;&nbsp;
       [<a href="#report-backtrace"><b>L</b></a>]
  -    <p>
  -Follow the following steps:
  -<p>
  -<ol>
  -<li>Make sure you have debugging symbols available in at least
  -    Apache and mod_ssl. On platforms where you use GCC/GDB you have to build
  -    Apache+mod_ssl with ``<code>OPTIM="-g -ggdb3"</code>'' to achieve this. On
  -    other platforms at least ``<code>OPTIM="-g"</code>'' is needed.
  -<p>
  -<li>Startup the server and try to produce the core-dump. For this you perhaps
  -    want to use a directive like ``<code>CoreDumpDirectory /tmp</code>'' to
  -    make sure that the core-dump file can be written. You then should get a
  -    <code>/tmp/core</code> or <code>/tmp/httpd.core</code> file. When you
  -    don't get this, try to run your server under an UID != 0 (root), because
  -    most "current" kernels do not allow a process to dump core after it has
  -    done a <code>setuid()</code> (unless it does an <code>exec()</code>) for
  -    security reasons (there can be privileged information left over in
  -    memory). Additionally you can run ``<code>/path/to/httpd -X</code>''
  -    manually to force Apache to not fork.
  -<p>
  -<li>Analyze the core-dump. For this run ``<code>gdb /path/to/httpd
  -    /tmp/httpd.core</code>'' or a similar command has to run. In GDB you then
  -    just have to enter the ``<code>bt</code>'' command and, voila, you get the
  -    backtrace. For other debuggers consult your local debugger manual. Send
  -    this backtrace to the author.
  -</ol>
  +    <p>Follow the following steps:</p>
  +
  +    <ol>
  +    <li>Make sure you have debugging symbols available in at least
  +        Apache and mod_ssl. On platforms where you use GCC/GDB you have to build
  +        Apache+mod_ssl with ``<code>OPTIM="-g -ggdb3"</code>'' to achieve this. On
  +        other platforms at least ``<code>OPTIM="-g"</code>'' is needed.
  +    </li>
  +    <li>Startup the server and try to produce the core-dump. For this you perhaps
  +        want to use a directive like ``<code>CoreDumpDirectory /tmp</code>'' to
  +        make sure that the core-dump file can be written. You then should get a
  +        <code>/tmp/core</code> or <code>/tmp/httpd.core</code> file. When you
  +        don't get this, try to run your server under an UID != 0 (root), because
  +        most "current" kernels do not allow a process to dump core after it has
  +        done a <code>setuid()</code> (unless it does an <code>exec()</code>) for
  +        security reasons (there can be privileged information left over in
  +        memory). Additionally you can run ``<code>/path/to/httpd -X</code>''
  +        manually to force Apache to not fork.
  +    </li>
  +    <li>Analyze the core-dump. For this run ``<code>gdb /path/to/httpd
  +        /tmp/httpd.core</code>'' or a similar command has to run. In GDB you then
  +        just have to enter the ``<code>bt</code>'' command and, voila, you get the
  +        backtrace. For other debuggers consult your local debugger manual. Send
  +        this backtrace to the author.
  +    </li>
  +    </ol>
  +</li>
   </ul>
   
   
  -<p><!--#include virtual="footer.html" --> </p>
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
  
  
  
  1.3       +144 -59   httpd-2.0/docs/manual/ssl/ssl_glossary.html
  
  Index: ssl_glossary.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_glossary.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ssl_glossary.html	6 Nov 2001 19:09:51 -0000	1.2
  +++ ssl_glossary.html	25 Jul 2002 21:46:41 -0000	1.3
  @@ -16,7 +16,7 @@
   <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000"> 
   <!--#include virtual="header.html" -->
   
  -<h1 align="CENTER">SSL/TLS Strong Encryption: Glossary</h1>
  +<h1 align="center">SSL/TLS Strong Encryption: Glossary</h1>
   
   <div align="right">
   <table cellspacing="0" cellpadding="0" width="300" summary="">
  @@ -39,146 +39,231 @@
   </div>
   
   <dl>
  -<dt><div id="term">Authentication</div>
  +<dt>Authentication</dt>
   <dd>The positive identification of a network entity such as a server, a
       client, or a user. In SSL context the server and client
       <em>Certificate</em> verification process.
  -<p>
  -<dt><div id="term">Access Control</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Access Control</dt>
   <dd>The restriction of access to network realms. In Apache context
       usually the restriction of access to certain <em>URLs</em>.
  -<p>
  -<dt><div id="term">Algorithm</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Algorithm</dt>
   <dd>An unambiguous formula or set of rules for solving a problem in a finite
       number of steps. Algorithms for encryption are usually called <em>Ciphers</em>.
  -<p>
  -<dt><div id="term">Certificate</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Certificate</dt>
   <dd>A data record used for authenticating network entities such
       as a server or a client. A certificate contains X.509 information pieces
       about its owner (called the subject) and the signing <em>Certificate
       Authority</em> (called the issuer), plus the owner's public key and the
       signature made by the CA. Network entities verify these signatures using
       CA certificates.
  -<p>
  -<dt><div id="term">Certification Authority (CA)</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Certification Authority (CA)</dt>
   <dd>A trusted third party whose purpose is to sign certificates for network
       entities it has authenticated using secure means. Other network entities
       can check the signature to verify that a CA has authenticated the bearer
       of a certificate.
  -<p>
  -<dt><div id="term">Certificate Signing Request (CSR)</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Certificate Signing Request (CSR)</dt>
   <dd>An unsigned certificate for submission to a <em>Certification Authority</em>,
       which signs it with the <em>Private Key</em> of their CA <em>Certificate</em>. Once
       the CSR is signed, it becomes a real certificate.
  -<p>
  -<dt><div id="term">Cipher</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Cipher</dt>
   <dd>An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc.
  -<p>
  -<dt><div id="term">Ciphertext</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Ciphertext</dt>
   <dd>The result after a <em>Plaintext</em> passed a <em>Cipher</em>.
  -<p>
  -<dt><div id="term">Configuration Directive</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Configuration Directive</dt>
   <dd>A configuration command that controls one or more aspects of a program's
       behavior. In Apache context these are all the command names in the first
       column of the configuration files.
  -<p>
  -<dt><div id="term">CONNECT</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>CONNECT</dt>
   <dd>A HTTP command for proxying raw data channels over HTTP. It can be used to
       encapsulate other protocols, such as the SSL protocol.
  -<p>
  -<dt><div id="term">Digital Signature</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Digital Signature</dt>
   <dd>An encrypted text block that validates a certificate or other file. A
       <em>Certification Authority</em> creates a signature by generating a
       hash of the <em>Public Key</em> embedded in a <em>Certificate</em>, then
       encrypting the hash with its own <em>Private Key</em>. Only the CA's
       public key can decrypt the signature, verifying that the CA has
       authenticated the network entity that owns the <em>Certificate</em>.
  -<p>
  -<dt><div id="term">Export-Crippled</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Export-Crippled</dt>
   <dd>Diminished in cryptographic strength (and security) in order to comply
       with the United States' Export Administration Regulations (EAR).
       Export-crippled cryptographic software is limited to a small key size,
       resulting in <em>Ciphertext</em> which usually can be decrypted by brute
       force.
  -<p>
  -<dt><div id="term">Fully-Qualified Domain-Name (FQDN)</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Fully-Qualified Domain-Name (FQDN)</dt>
   <dd>The unique name of a network entity, consisting of a hostname and a domain
       name that can resolve to an IP address. For example, <code>www</code> is a
       hostname, <code>whatever.com</code> is a domain name, and
       <code>www.whatever.com</code> is a fully-qualified domain name.
  -<p>
  -<dt><div id="term">HyperText Transfer Protocol (HTTP)</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>HyperText Transfer Protocol (HTTP)</dt>
   <dd>The HyperText Transport Protocol is the standard transmission protocol used
       on the World Wide Web.
  -<p>
  -<dt><div id="term">HTTPS</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>HTTPS</dt>
   <dd>The HyperText Transport Protocol (Secure), the standard encrypted
       communication mechanism on the World Wide Web. This is actually just HTTP
       over SSL.
  -<p>
  -<dt><div id="term">Message Digest</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Message Digest</dt>
   <dd>A hash of a message, which can be used to verify that the contents of
       the message have not been altered in transit.
  -<p>
  -<dt><div id="term">OpenSSL</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>OpenSSL</dt>
   <dd>The Open Source toolkit for SSL/TLS;
       see <a href="http://www.openssl.org/">http://www.openssl.org/</a>
  -<p>
  -<dt><div id="term">Pass Phrase</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Pass Phrase</dt>
   <dd>The word or phrase that protects private key files.
       It prevents unauthorized users from encrypting them. Usually it's just
       the secret encryption/decryption key used for <em>Ciphers</em>.
  -<p>
  -<dt><div id="term">Plaintext</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Plaintext</dt>
   <dd>The unencrypted text.
  -<p>
  -<dt><div id="term">Private Key</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Private Key</dt>
   <dd>The secret key in a <em>Public Key Cryptography</em> system, used to
       decrypt incoming messages and sign outgoing ones.
  -<p>
  -<dt><div id="term">Public Key</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Public Key</dt>
   <dd>The publically available key in a <em>Public Key Cryptography</em> system, used to
       encrypt messages bound for its owner and to decrypt signatures made by its
       owner.
  -<p>
  -<dt><div id="term">Public Key Cryptography</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Public Key Cryptography</dt>
   <dd>The study and application of asymmetric encryption systems, which use one
       key for encryption and another for decryption. A corresponding pair of
       such keys constitutes a key pair. Also called Asymmetric Crypography.
  -<p>
  -<dt><div id="term">Secure Sockets Layer (SSL)</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Secure Sockets Layer (SSL)</dt>
   <dd>A protocol created by Netscape Communications Corporation for
       general communication authentication and encryption over TCP/IP networks.
       The most popular usage is <em>HTTPS</em>, i.e. the HyperText Transfer
       Protocol (HTTP) over SSL.
  -<p>
  -<dt><div id="term">Session</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Session</dt>
   <dd>The context information of an SSL communication.
  -<p>
  -<dt><div id="term">SSLeay</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>SSLeay</dt>
   <dd>The original SSL/TLS implementation library developed by
       Eric A. Young &lt;eay@aus.rsa.com&gt;;
       see <a href="http://www.ssleay.org/">http://www.ssleay.org/</a>
  -<p>
  -<dt><div id="term">Symmetric Cryptography</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Symmetric Cryptography</dt>
   <dd>The study and application of <em>Ciphers</em> that use a single secret key
       for both encryption and decryption operations.
  -<p>
  -<dt><div id="term">Transport Layer Security (TLS)</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Transport Layer Security (TLS)</dt>
   <dd>The successor protocol to SSL, created by the Internet Engineering Task
       Force (IETF) for general communication authentication and encryption over
       TCP/IP networks. TLS version 1 and is nearly identical with SSL version 3.
  -<p>
  -<dt><div id="term">Uniform Resource Locator (URL)</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>Uniform Resource Locator (URL)</dt>
   <dd>The formal identifier to locate various resources on the World Wide Web.
       The most popular URL scheme is <code>http</code>. SSL uses the
       scheme <code>https</code>
  -<p>
  -<dt><div id="term">X.509</div>
  +</dd>
  +</dl>
  +
  +<dl>
  +<dt>X.509</dt>
   <dd>An authentication certificate scheme recommended by the International
       Telecommunication Union (ITU-T) which is used for SSL/TLS authentication.
  +</dd>
   </dl>
   
  -<p><!--#include virtual="footer.html" --> </p>
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
  
  
  
  1.5       +521 -538  httpd-2.0/docs/manual/ssl/ssl_howto.html
  
  Index: ssl_howto.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_howto.html,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- ssl_howto.html	17 Jan 2002 10:59:46 -0000	1.4
  +++ ssl_howto.html	25 Jul 2002 21:46:41 -0000	1.5
  @@ -16,7 +16,7 @@
   <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000"> 
   <!--#include virtual="header.html" -->
   
  -<h1 align="CENTER">SSL/TLS Strong Encryption: How-To</h1>
  +<h1 align="center">SSL/TLS Strong Encryption: How-To</h1>
   
   
   <div align="right">
  @@ -39,14 +39,13 @@
   </table>
   </div>
   
  -<p>
  -How to solve particular security constraints for an SSL-aware webserver
  +<p>How to solve particular security constraints for an SSL-aware webserver
   is not always obvious because of the coherences between SSL, HTTP and Apache's
   way of processing requests. This chapter gives instructions on how to solve
   such typical situations. Treat is as a first step to find out the final
   solution, but always try to understand the stuff before you use it. Nothing is
   worse than using a security solution without knowing its restrictions and
  -coherences.
  +coherences.</p>
   
   <ul>
   <li><a href="#ToC1">Cipher Suites and Enforced Strong Security</a></li>
  @@ -63,593 +62,577 @@
   
   <h2><a name="ToC1">Cipher Suites and Enforced Strong Security</a></h2>
   <ul>
  -<p>
   <li><a name="ToC2"></a>
       <a name="cipher-sslv2"></a>
  -    <strong id="howto">
  +    <strong>
   How can I create a real SSLv2-only server?
   </strong>&nbsp;&nbsp;
       [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#cipher-sslv2"><b>L</b></a>]
  -    <p>
  -The following creates an SSL server which speaks only the SSLv2 protocol and
  -its ciphers.
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -SSLProtocol -all +SSLv2
  -SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  -<p>
  +    <p>The following creates an SSL server which speaks only the SSLv2 protocol and
  +    its ciphers.</p>
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    SSLProtocol -all +SSLv2
  +    SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +</li>
   <li><a name="ToC3"></a>
       <a name="cipher-strong"></a>
  -    <strong id="howto">
  +    <strong>
   How can I create an SSL server which accepts strong encryption only?
   </strong>&nbsp;&nbsp;
       [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#cipher-strong"><b>L</b></a>]
  -    <p>
  -The following enables only the seven strongest ciphers:
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -SSLProtocol all
  -SSLCipherSuite HIGH:MEDIUM
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  -<p>
  +    <p>The following enables only the seven strongest ciphers:</p>
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    SSLProtocol all
  +    SSLCipherSuite HIGH:MEDIUM
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +</li>
   <li><a name="ToC4"></a>
       <a name="cipher-sgc"></a>
  -    <strong id="howto">
  +    <strong>
   How can I create an SSL server which accepts strong encryption only,
   but allows export browsers to upgrade to stronger encryption?
   </strong>&nbsp;&nbsp;
       [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#cipher-sgc"><b>L</b></a>]
  -    <p>
  -This facility is called Server Gated Cryptography (SGC) and details you can
  -find in the <code>README.GlobalID</code> document in the mod_ssl distribution.
  -In short: The server has a Global ID server certificate, signed by a special
  -CA certificate from Verisign which enables strong encryption in export
  -browsers. This works as following: The browser connects with an export cipher,
  -the server sends its Global ID certificate, the browser verifies it and
  -subsequently upgrades the cipher suite before any HTTP communication takes
  -place. The question now is: How can we allow this upgrade, but enforce strong
  -encryption. Or in other words: Browser either have to initially connect with
  -strong encryption or have to upgrade to strong encryption, but are not allowed
  -to keep the export ciphers. The following does the trick:
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -#   allow all ciphers for the inital handshake,
  -#   so export browsers can upgrade via SGC facility
  -SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  -&lt;Directory /usr/local/apache/htdocs&gt;
  -#   but finally deny all browsers which haven't upgraded
  -SSLRequire %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
  -&lt;/Directory&gt;
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  -<p>
  +    <p>This facility is called Server Gated Cryptography (SGC) and details you can
  +    find in the <code>README.GlobalID</code> document in the mod_ssl distribution.
  +    In short: The server has a Global ID server certificate, signed by a special
  +    CA certificate from Verisign which enables strong encryption in export
  +    browsers. This works as following: The browser connects with an export cipher,
  +    the server sends its Global ID certificate, the browser verifies it and
  +    subsequently upgrades the cipher suite before any HTTP communication takes
  +    place. The question now is: How can we allow this upgrade, but enforce strong
  +    encryption. Or in other words: Browser either have to initially connect with
  +    strong encryption or have to upgrade to strong encryption, but are not allowed
  +    to keep the export ciphers. The following does the trick:</p>
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    #   allow all ciphers for the inital handshake,
  +    #   so export browsers can upgrade via SGC facility
  +    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  +    &lt;Directory /usr/local/apache/htdocs&gt;
  +    #   but finally deny all browsers which haven't upgraded
  +    SSLRequire %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
  +    &lt;/Directory&gt;
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +</li>
   <li><a name="ToC5"></a>
       <a name="cipher-perdir"></a>
  -    <strong id="howto">
  +    <strong>
   How can I create an SSL server which accepts all types of ciphers in general,
   but requires a strong ciphers for access to a particular URL?
   </strong>&nbsp;&nbsp;
       [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#cipher-perdir"><b>L</b></a>]
  -    <p>
  -Obviously you cannot just use a server-wide <code>SSLCipherSuite</code> which
  -restricts the ciphers to the strong variants. But mod_ssl allows you to
  -reconfigure the cipher suite in per-directory context and automatically forces
  -a renegotiation of the SSL parameters to meet the new configuration. So, the
  -solution is:
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -#   be liberal in general
  -SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  -&lt;Location /strong/area&gt;
  -#   but https://hostname/strong/area/ and below requires strong ciphers
  -SSLCipherSuite HIGH:MEDIUM
  -&lt;/Location&gt;
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  +    <p>Obviously you cannot just use a server-wide <code>SSLCipherSuite</code> which
  +    restricts the ciphers to the strong variants. But mod_ssl allows you to
  +    reconfigure the cipher suite in per-directory context and automatically forces
  +    a renegotiation of the SSL parameters to meet the new configuration. So, the
  +    solution is:</p>
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    #   be liberal in general
  +    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  +    &lt;Location /strong/area&gt;
  +    #   but https://hostname/strong/area/ and below requires strong ciphers
  +    SSLCipherSuite HIGH:MEDIUM
  +    &lt;/Location&gt;
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +</li>
   </ul>
   <h2><a name="ToC6">Client Authentication and Access Control</a></h2>
   <ul>
  -<p>
   <li><a name="ToC7"></a>
       <a name="auth-simple"></a>
  -    <strong id="howto">
  +    <strong>
   How can I authenticate clients based on certificates when I know all my
   clients?
   </strong>&nbsp;&nbsp;
       [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#auth-simple"><b>L</b></a>]
  -    <p>
  -When you know your user community (i.e. a closed user group situation), as
  -it's the case for instance in an Intranet, you can use plain certificate
  -authentication. All you have to do is to create client certificates signed by
  -your own CA certificate <code>ca.crt</code> and then verifiy the clients
  -against this certificate.
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -#   require a client certificate which has to be directly
  -#   signed by our CA certificate in ca.crt
  -SSLVerifyClient require
  -SSLVerifyDepth 1
  -SSLCACertificateFile conf/ssl.crt/ca.crt
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  -<p>
  +    <p>When you know your user community (i.e. a closed user group situation), as
  +    it's the case for instance in an Intranet, you can use plain certificate
  +    authentication. All you have to do is to create client certificates signed by
  +    your own CA certificate <code>ca.crt</code> and then verifiy the clients
  +    against this certificate.</p>
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    #   require a client certificate which has to be directly
  +    #   signed by our CA certificate in ca.crt
  +    SSLVerifyClient require
  +    SSLVerifyDepth 1
  +    SSLCACertificateFile conf/ssl.crt/ca.crt
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +</li>
   <li><a name="ToC8"></a>
       <a name="auth-selective"></a>
  -    <strong id="howto">
  +    <strong>
   How can I authenticate my clients for a particular URL based on certificates
   but still allow arbitrary clients to access the remaining parts of the server?
   </strong>&nbsp;&nbsp;
       [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#auth-selective"><b>L</b></a>]
  -    <p>
  -For this we again use the per-directory reconfiguration feature of mod_ssl:
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -SSLVerifyClient none
  -SSLCACertificateFile conf/ssl.crt/ca.crt
  -&lt;Location /secure/area&gt;
  -SSLVerifyClient require
  -SSLVerifyDepth 1
  -&lt;/Location&gt;
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  -<p>
  +    <p>For this we again use the per-directory reconfiguration feature of mod_ssl:</p>
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    SSLVerifyClient none
  +    SSLCACertificateFile conf/ssl.crt/ca.crt
  +    &lt;Location /secure/area&gt;
  +    SSLVerifyClient require
  +    SSLVerifyDepth 1
  +    &lt;/Location&gt;
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +</li>
   <li><a name="ToC9"></a>
       <a name="auth-particular"></a>
  -    <strong id="howto">
  +    <strong>
   How can I authenticate only particular clients for a some URLs based
   on certificates but still allow arbitrary clients to access the remaining
   parts of the server?
   </strong>&nbsp;&nbsp;
       [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#auth-particular"><b>L</b></a>]
  -    <p>
  -The key is to check for various ingredients of the client certficate. Usually
  -this means to check the whole or part of the Distinguished Name (DN) of the
  -Subject. For this two methods exists: The <code>mod_auth</code> based variant
  -and the <code>SSLRequire</code> variant. The first method is good when the
  -clients are of totally different type, i.e. when their DNs have no common
  -fields (usually the organisation, etc.). In this case you've to establish a
  -password database containing <em>all</em> clients. The second method is better
  -when your clients are all part of a common hierarchy which is encoded into the
  -DN. Then you can match them more easily.
  -<p>
  -The first method:
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -SSLVerifyClient      none
  -&lt;Directory /usr/local/apache/htdocs/secure/area&gt;
  -SSLVerifyClient      require
  -SSLVerifyDepth       5
  -SSLCACertificateFile conf/ssl.crt/ca.crt
  -SSLCACertificatePath conf/ssl.crt
  -SSLOptions           +FakeBasicAuth
  -SSLRequireSSL
  -AuthName             "Snake Oil Authentication"
  -AuthType             Basic
  -AuthUserFile         /usr/local/apache/conf/httpd.passwd
  -require              valid-user
  -&lt;/Directory&gt;
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.passwd</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -/C=DE/L=Munich/O=Snake Oil, Ltd./OU=Staff/CN=Foo:xxj31ZMTZzkVA
  -/C=US/L=S.F./O=Snake Oil, Ltd./OU=CA/CN=Bar:xxj31ZMTZzkVA
  -/C=US/L=L.A./O=Snake Oil, Ltd./OU=Dev/CN=Quux:xxj31ZMTZzkVA
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  -<p>
  -The second method:
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -SSLVerifyClient      none
  -&lt;Directory /usr/local/apache/htdocs/secure/area&gt;
  -SSLVerifyClient      require
  -SSLVerifyDepth       5
  -SSLCACertificateFile conf/ssl.crt/ca.crt
  -SSLCACertificatePath conf/ssl.crt
  -SSLOptions           +FakeBasicAuth
  -SSLRequireSSL
  -SSLRequire           %{SSL_CLIENT_S_DN_O}  eq "Snake Oil, Ltd." and \
  -                     %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}
  -&lt;/Directory&gt;
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  -<p>
  +    <p>The key is to check for various ingredients of the client certficate. Usually
  +    this means to check the whole or part of the Distinguished Name (DN) of the
  +    Subject. For this two methods exists: The <code>mod_auth</code> based variant
  +    and the <code>SSLRequire</code> variant. The first method is good when the
  +    clients are of totally different type, i.e. when their DNs have no common
  +    fields (usually the organisation, etc.). In this case you've to establish a
  +    password database containing <em>all</em> clients. The second method is better
  +    when your clients are all part of a common hierarchy which is encoded into the
  +    DN. Then you can match them more easily.</p>
  +    
  +    <p>The first method:</p>
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    SSLVerifyClient      none
  +    &lt;Directory /usr/local/apache/htdocs/secure/area&gt;
  +    SSLVerifyClient      require
  +    SSLVerifyDepth       5
  +    SSLCACertificateFile conf/ssl.crt/ca.crt
  +    SSLCACertificatePath conf/ssl.crt
  +    SSLOptions           +FakeBasicAuth
  +    SSLRequireSSL
  +    AuthName             "Snake Oil Authentication"
  +    AuthType             Basic
  +    AuthUserFile         /usr/local/apache/conf/httpd.passwd
  +    require              valid-user
  +    &lt;/Directory&gt;
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +<br />
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.passwd</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    /C=DE/L=Munich/O=Snake Oil, Ltd./OU=Staff/CN=Foo:xxj31ZMTZzkVA
  +    /C=US/L=S.F./O=Snake Oil, Ltd./OU=CA/CN=Bar:xxj31ZMTZzkVA
  +    /C=US/L=L.A./O=Snake Oil, Ltd./OU=Dev/CN=Quux:xxj31ZMTZzkVA
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +
  +    <p>The second method:</p>
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    SSLVerifyClient      none
  +    &lt;Directory /usr/local/apache/htdocs/secure/area&gt;
  +    SSLVerifyClient      require
  +    SSLVerifyDepth       5
  +    SSLCACertificateFile conf/ssl.crt/ca.crt
  +    SSLCACertificatePath conf/ssl.crt
  +    SSLOptions           +FakeBasicAuth
  +    SSLRequireSSL
  +    SSLRequire           %{SSL_CLIENT_S_DN_O}  eq "Snake Oil, Ltd." and \
  +                         %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"}
  +    &lt;/Directory&gt;
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +</li>
   <li><a name="ToC10"></a>
       <a name="auth-intranet"></a>
  -    <strong id="howto"> How can
  +    <strong> How can
   I require HTTPS with strong ciphers and either basic authentication or client
   certificates for access to a subarea on the Intranet website for clients
   coming from the Internet but still allow plain HTTP access for clients on the
   Intranet?
   </strong>&nbsp;&nbsp;
       [<a href="http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html#auth-intranet"><b>L</b></a>]
  -    <p>
  -Let us assume the Intranet can be distinguished through the IP network
  -192.160.1.0/24 and the subarea on the Intranet website has the URL
  -<tt>/subarea</tt>. Then configure the following outside your HTTPS virtual
  -host (so it applies to both HTTPS and HTTP):
  -<p>
  -<table border="0" cellpadding="0" cellspacing="0" summary="">
  -    <tr>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0"></td>
  -        <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  -        <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -        <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0"></td>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -         <td colspan="3" bgcolor="#ffffff">
  -             <table border="0" cellspacing="4" summary="">
  -                 <tr>
  -                     <td>
  -<pre>
  -
  -SSLCACertificateFile conf/ssl.crt/company-ca.crt
  -
  -&lt;Directory /usr/local/apache/htdocs&gt;
  -#   Outside the subarea only Intranet access is granted
  -Order                deny,allow
  -Deny                 from all
  -Allow                from 192.168.1.0/24
  -&lt;/Directory&gt;
  -
  -&lt;Directory /usr/local/apache/htdocs/subarea&gt;
  -#   Inside the subarea any Intranet access is allowed
  -#   but from the Internet only HTTPS + Strong-Cipher + Password
  -#   or the alternative HTTPS + Strong-Cipher + Client-Certificate
  -
  -#   If HTTPS is used, make sure a strong cipher is used.
  -#   Additionally allow client certs as alternative to basic auth.
  -SSLVerifyClient      optional
  -SSLVerifyDepth       1
  -SSLOptions           +FakeBasicAuth +StrictRequire
  -SSLRequire           %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
  -
  -#   Force clients from the Internet to use HTTPS
  -RewriteEngine        on
  -RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
  -RewriteCond          %{HTTPS} !=on
  -RewriteRule          .* - [F]
  -
  -#   Allow Network Access and/or Basic Auth
  -Satisfy              any
  -
  -#   Network Access Control
  -Order                deny,allow
  -Deny                 from all
  -Allow                192.168.1.0/24
  -
  -#   HTTP Basic Authentication
  -AuthType             basic
  -AuthName             "Protected Intranet Area"
  -AuthUserFile         conf/protected.passwd
  -Require              valid-user
  -&lt;/Directory&gt;
  -
  -</pre>
  -</td>
  -                 </tr>
  -             </table>
  -         </td>
  -
  -         <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -    <tr>
  -         <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0"></td>
  -    </tr>
  -</table>
  +    <p>Let us assume the Intranet can be distinguished through the IP network
  +    192.160.1.0/24 and the subarea on the Intranet website has the URL
  +    <tt>/subarea</tt>. Then configure the following outside your HTTPS virtual
  +    host (so it applies to both HTTPS and HTTP):</p>
  +
  +    <table border="0" cellpadding="0" cellspacing="0" summary="">
  +        <tr>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="8" align="bottom" border="0" /></td>
  +            <td rowspan="3">&nbsp;&nbsp;<font face="Arial,Helvetica" color="#999999">httpd.conf</font>&nbsp;&nbsp;</td>
  +            <td colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +            <td bgcolor="#cccccc" colspan="2"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="40" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#ffffff"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="300" height="1" align="bottom" border="0" /></td>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="5" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +             <td colspan="3" bgcolor="#ffffff">
  +                 <table border="0" cellspacing="4" summary="">
  +                     <tr>
  +                         <td>
  +    <pre>
  +
  +    SSLCACertificateFile conf/ssl.crt/company-ca.crt
  +
  +    &lt;Directory /usr/local/apache/htdocs&gt;
  +    #   Outside the subarea only Intranet access is granted
  +    Order                deny,allow
  +    Deny                 from all
  +    Allow                from 192.168.1.0/24
  +    &lt;/Directory&gt;
  +
  +    &lt;Directory /usr/local/apache/htdocs/subarea&gt;
  +    #   Inside the subarea any Intranet access is allowed
  +    #   but from the Internet only HTTPS + Strong-Cipher + Password
  +    #   or the alternative HTTPS + Strong-Cipher + Client-Certificate
  +
  +    #   If HTTPS is used, make sure a strong cipher is used.
  +    #   Additionally allow client certs as alternative to basic auth.
  +    SSLVerifyClient      optional
  +    SSLVerifyDepth       1
  +    SSLOptions           +FakeBasicAuth +StrictRequire
  +    SSLRequire           %{SSL_CIPHER_USEKEYSIZE} &gt;= 128
  +
  +    #   Force clients from the Internet to use HTTPS
  +    RewriteEngine        on
  +    RewriteCond          %{REMOTE_ADDR} !^192\.168\.1\.[0-9]+$
  +    RewriteCond          %{HTTPS} !=on
  +    RewriteRule          .* - [F]
  +
  +    #   Allow Network Access and/or Basic Auth
  +    Satisfy              any
  +
  +    #   Network Access Control
  +    Order                deny,allow
  +    Deny                 from all
  +    Allow                192.168.1.0/24
  +
  +    #   HTTP Basic Authentication
  +    AuthType             basic
  +    AuthName             "Protected Intranet Area"
  +    AuthUserFile         conf/protected.passwd
  +    Require              valid-user
  +    &lt;/Directory&gt;
  +
  +    </pre>
  +    </td>
  +                     </tr>
  +                 </table>
  +             </td>
  +
  +             <td bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +        <tr>
  +             <td colspan="5" bgcolor="#cccccc"><img src="ssl_template.imgdot-1x1-transp.gif" alt="" width="1" height="1" align="bottom" border="0" /></td>
  +        </tr>
  +    </table>
  +</li>
   </ul>
   
  -<p><!--#include virtual="footer.html" --> </p>
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
  
  
  
  1.3       +307 -262  httpd-2.0/docs/manual/ssl/ssl_intro.html
  
  Index: ssl_intro.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/ssl/ssl_intro.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ssl_intro.html	6 Nov 2001 19:09:51 -0000	1.2
  +++ ssl_intro.html	25 Jul 2002 21:46:41 -0000	1.3
  @@ -16,7 +16,7 @@
   <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#000080" alink="#FF0000"> 
   <!--#include virtual="header.html" -->
   
  -<h1 align="CENTER">SSL/TLS Strong Encryption: An Introduction</h1>
  +<h1 align="center">SSL/TLS Strong Encryption: An Introduction</h1>
   
   <div align="right">
   <table cellspacing="0" cellpadding="0" width="400" summary="">
  @@ -38,17 +38,16 @@
   </tr>
   </table>
   </div>
  -<p>
  -As an introduction this chapter is aimed at readers who are familiar
  +<p>As an introduction this chapter is aimed at readers who are familiar
   with the Web, HTTP, and Apache, but are not security experts. It is not
   intended to be a definitive guide to the SSL protocol, nor does it discuss
   specific techniques for managing certificates in an organization, or the
   important legal issues of patents and import and export restrictions. Rather,
   it is intended to provide a common background to mod_ssl users by pulling
   together various concepts, definitions, and examples as a starting point for
  -further exploration.
  -<p>
  -The presented content is mainly derived, with permission by the author, from
  +further exploration.</p>
  +
  +<p>The presented content is mainly derived, with permission by the author, from
   the article <a
   href="http://www.ultranet.com/~fhirsch/Papers/wwwj/index.html"><em>Introducing SSL
   and Certificates using SSLeay</em></a> from <a
  @@ -60,12 +59,7 @@
   href="mailto:fjh@alum.mit.edu">Frederick Hirsch</a> (the original
   article author) and all negative feedback to <a
   href="mailto:rse@engelschall.com">Ralf S. Engelschall</a> (the mod_ssl
  -author).
  -</td>
  -<td>
  -&nbsp;&nbsp;
  -</td>
  -<td>
  +author).</p>
   
   <ul>
   <li><a href="#ToC1">Cryptographic Techniques</a></li>
  @@ -90,13 +84,13 @@
   </ul>
   
   <h2><a name="ToC1">Cryptographic Techniques</a></h2>
  -Understanding SSL requires an understanding of cryptographic algorithms,
  +<p>Understanding SSL requires an understanding of cryptographic algorithms,
   message digest functions (aka. one-way or hash functions), and digital
   signatures. These techniques are the subject of entire books (see for instance
   [<a href="#AC96">AC96</a>]) and provide the basis for privacy, integrity, and
  -authentication.
  +authentication.</p>
   <h3><a name="ToC2">Cryptographic Algorithms</a></h3>
  -Suppose Alice wants to send a message to her bank to transfer some money.
  +<p>Suppose Alice wants to send a message to her bank to transfer some money.
   Alice would like the message to be private, since it will include information
   such as her account number and transfer amount. One solution is to use a
   cryptographic algorithm, a technique that would transform her message into an
  @@ -104,10 +98,9 @@
   form, the message may only be interpreted through the use of a secret key.
   Without the key the message is useless: good cryptographic algorithms make it
   so difficult for intruders to decode the original text that it isn't worth
  -their effort.
  -<p>
  -There are two categories of cryptographic algorithms:
  -conventional and public key.
  +their effort.</p>
  +<p>There are two categories of cryptographic algorithms:
  +conventional and public key.</p>
   <ul>
   <li><em>Conventional cryptography</em>, also known as symmetric
   cryptography, requires the sender and receiver to share a key: a secret
  @@ -115,151 +108,191 @@
   If this key is secret, then nobody other than the sender or receiver may
   read the message. If Alice and the bank know a secret key, then they
   may send each other private messages. The task of privately choosing a key
  -before communicating, however, can be problematic.
  -<p>
  +before communicating, however, can be problematic.<br />
  +<br />
  +</li>
   <li><em>Public key cryptography</em>, also known as asymmetric cryptography,
   solves the key exchange problem by defining an algorithm which uses two keys,
   each of which may be used to encrypt a message. If one key is used to encrypt
   a message then the other must be used to decrypt it. This makes it possible
   to receive secure messages by simply publishing one key (the public key) and
   keeping the other secret (the private key).
  -<p>
  -Anyone may encrypt a message using the public key, but only the owner of the
  +</li>
  +</ul>
  +<p>Anyone may encrypt a message using the public key, but only the owner of the
   private key will be able to read it. In this way, Alice may send private
   messages to the owner of a key-pair (the bank), by encrypting it using their
  -public key. Only the bank will be able to decrypt it.
  -</ul>
  +public key. Only the bank will be able to decrypt it.</p>
  +
   <h3><a name="ToC3">Message Digests</a></h3>
  -Although Alice may encrypt her message to make it private, there is still a
  +<p>Although Alice may encrypt her message to make it private, there is still a
   concern that someone might modify her original message or substitute
   it with a different one, in order to transfer the money to themselves, for
   instance. One way of guaranteeing the integrity of Alice's message is to
   create a concise summary of her message and send this to the bank as well.
   Upon receipt of the message, the bank creates its own summary and compares it
  -with the one Alice sent. If they agree then the message was received intact.
  -<p>
  -A summary such as this is called a <em>message digest</em>, <em>one-way
  +with the one Alice sent. If they agree then the message was received intact.</p>
  +<p>A summary such as this is called a <em>message digest</em>, <em>one-way
   function</em> or <em>hash function</em>. Message digests are used to create
   short, fixed-length representations of longer, variable-length messages.
   Digest algorithms are designed to produce unique digests for different
   messages. Message digests are designed to make it too difficult to determine
   the message from the digest, and also impossible to find two different
   messages which create the same digest -- thus eliminating the possibility of
  -substituting one message for another while maintaining the same digest.
  -<p>
  -Another challenge that Alice faces is finding a way to send the digest to the
  +substituting one message for another while maintaining the same digest.</p>
  +<p>Another challenge that Alice faces is finding a way to send the digest to the
   bank securely; when this is achieved, the integrity of the associated message
   is assured. One way to to this is to include the digest in a digital
  -signature.
  +signature.</p>
   <h3><a name="ToC4">Digital Signatures</a></h3>
  -When Alice sends a message to the bank, the bank needs to ensure that the
  +<p>When Alice sends a message to the bank, the bank needs to ensure that the
   message is really from her, so an intruder does not request a transaction
   involving her account. A <em>digital signature</em>, created by Alice and
  -included with the message, serves this purpose.
  -<p>
  -Digital signatures are created by encrypting a digest of the message,
  +included with the message, serves this purpose.</p>
  +<p>Digital signatures are created by encrypting a digest of the message,
   and other information (such as a sequence number) with the sender's
   private key. Though anyone may <em>decrypt</em> the signature using the public
   key, only the signer knows the private key. This means that only they may
   have signed it. Including the digest in the signature means the signature is
   only good for that message; it also ensures the integrity of the message since
  -no one can change the digest and still sign it.
  -<p>
  -To guard against interception and reuse of the signature by an intruder at a
  +no one can change the digest and still sign it.</p>
  +<p>To guard against interception and reuse of the signature by an intruder at a
   later date, the signature contains a unique sequence number. This protects
   the bank from a fraudulent claim from Alice that she did not send the message
  --- only she could have signed it (non-repudiation).
  +-- only she could have signed it (non-repudiation).</p>
   <h2><a name="ToC5">Certificates</a></h2>
  -Although Alice could have sent a private message to the bank, signed it, and
  +<p>Although Alice could have sent a private message to the bank, signed it, and
   ensured the integrity of the message, she still needs to be sure that she is
   really communicating with the bank. This means that she needs to be sure that
   the public key she is using corresponds to the bank's private key. Similarly,
   the bank also needs to verify that the message signature really corresponds to
  -Alice's signature.
  -<p>
  -If each party has a certificate which validates the other's identity, confirms
  +Alice's signature.</p>
  +<p>If each party has a certificate which validates the other's identity, confirms
   the public key, and is signed by a trusted agency, then they both will be
   assured that they are communicating with whom they think they are. Such a
   trusted agency is called a <em>Certificate Authority</em>, and certificates are
  -used for authentication.
  +used for authentication.</p>
   <h3><a name="ToC6">Certificate Contents</a></h3>
  -A certificate associates a public key with the real identity of an individual,
  +<p>A certificate associates a public key with the real identity of an individual,
   server, or other entity, known as the subject. As shown in <a
   href="#table1">Table 1</a>, information about the subject includes identifying
   information (the distinguished name), and the public key. It also includes
   the identification and signature of the Certificate Authority that issued the
   certificate, and the period of time during which the certificate is valid. It
   may have additional information (or extensions) as well as administrative
  -information for the Certificate Authority's use, such as a serial number.
  -<p>
  +information for the Certificate Authority's use, such as a serial number.</p>
   <div align="center">
   <a name="table1"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Table 1: Certificate Information</caption>
  -<tr><td bgcolor="#cccccc">
  -<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  -<tr><td valign="top" align="center" bgcolor="#ffffff">
  -<table summary="">
  -<tr valign="top"><td><b>Subject:</b></td>
  -<td>Distinguished Name, Public Key</td></tr>
  -<tr valign="top"><td><b>Issuer:</b></td>
  -<td>Distinguished Name, Signature</td></tr>
  -<tr><td><b>Period of Validity:</b></td>
  -<td>Not Before Date, Not After Date</td></tr>
  -<tr><td><b>Administrative Information:</b></td>
  -<td>Version, Serial Number</td></TR>
  -<tr><td><b>Extended Information:</b></td>
  -<td>Basic Contraints, Netscape Flags, etc.</td></TR>
  +  <caption align="bottom">Table 1: Certificate Information</caption>
  +  <tr>
  +    <td bgcolor="#cccccc">
  +      <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  +        <tr>
  +          <td valign="top" align="center" bgcolor="#ffffff">
  +            <table summary="">
  +              <tr valign="top">
  +                <td><b>Subject:</b></td>
  +                <td>Distinguished Name, Public Key</td>
  +              </tr>
  +              <tr valign="top">
  +                <td><b>Issuer:</b></td>
  +                <td>Distinguished Name, Signature</td>
  +              </tr>
  +              <tr>
  +                <td><b>Period of Validity:</b></td>
  +                <td>Not Before Date, Not After Date</td>
  +              </tr>
  +              <tr>
  +                <td><b>Administrative Information:</b></td>
  +                <td>Version, Serial Number</td>
  +              </tr>
  +              <tr>
  +                <td><b>Extended Information:</b></td>
  +                <td>Basic Contraints, Netscape Flags, etc.</td>
  +              </tr>
  +            </table>
  +          </td>
  +        </tr>
  +      </table>
  +    </td>
  +  </tr>
   </table>
  -</td>
  -</tr></table>
  -</td></tr></table>
   </div>
  -<p>
  -A distinguished name is used to provide an identity in a specific context --
  +<p>A distinguished name is used to provide an identity in a specific context --
   for instance, an individual might have a personal certificate as well as one
   for their identity as an employee. Distinguished names are defined by the
  -X.509 standard [<a href="#X509">X509</A>], which defines the fields, field
  +X.509 standard [<a href="#X509">X509</a>], which defines the fields, field
   names, and abbreviations used to refer to the fields
  -(see <a href="#table2">Table 2</a>).
  -<p>
  +(see <a href="#table2">Table 2</a>).</p>
  +
   <div align="center">
   <a name="table2"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Table 2: Distinguished Name Information</caption>
  -<tr><td bgcolor="#cccccc">
  -<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  -<tr><td valign="top" align="center" bgcolor="#ffffff">
  -<table summary="">
  -<tr valign="top"><td><b>DN Field:</b></td><td><b>Abbrev.:</b></td><td><b>Description:</b></td>
  -<td><b>Example:</b></td>
  -</t>
  -<tr valign="top"><td>Common Name</td><td>CN</td>
  -<td>Name being certified</td><td>CN=Joe Average</td></tr>
  -<tr valign="top"><td>Organization or Company</td><td>O</td>
  -<td>Name is associated with this<br>organization</td><td>O=Snake Oil, Ltd.</td></tr>
  -<tr valign="top"><td>Organizational Unit</td><td>OU</td>
  -<td>Name is associated with this <br>organization unit, such as a department</td><td>OU=Research Institute</td></tr>
  -<tr valign="top"><td>City/Locality</td><td>L</td>
  -<td>Name is located in this City</td><td>L=Snake City</td></tr>
  -<tr valign="top"><td>State/Province</td><td>ST</td>
  -<td>Name is located in this State/Province</td><td>ST=Desert</td></tr>
  -<tr valign="top"><td>Country</td><td>C</td>
  -<td>Name is located in this Country (ISO code)</td><td>C=XZ</td></tr>
  +  <caption align="bottom">Table 2: Distinguished Name Information</caption>
  +  <tr>
  +    <td bgcolor="#cccccc">
  +      <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  +        <tr>
  +          <td valign="top" align="center" bgcolor="#ffffff">
  +            <table summary="">
  +              <tr valign="top">
  +                <td><b>DN Field:</b></td>
  +                <td><b>Abbrev.:</b></td>
  +                <td><b>Description:</b></td>
  +                <td><b>Example:</b></td>
  +              </tr>
  +              <tr valign="top">
  +                <td>Common Name</td>
  +                <td>CN</td>
  +                <td>Name being certified</td>
  +                <td>CN=Joe Average</td>
  +              </tr>
  +              <tr valign="top">
  +                <td>Organization or Company</td>
  +                <td>O</td>
  +                <td>Name is associated with this<br />organization</td>
  +                <td>O=Snake Oil, Ltd.</td>
  +              </tr>
  +              <tr valign="top">
  +                <td>Organizational Unit</td>
  +                <td>OU</td>
  +                <td>Name is associated with this <br />organization unit, such as a department</td>
  +                <td>OU=Research Institute</td>
  +              </tr>
  +              <tr valign="top">
  +                <td>City/Locality</td>
  +                <td>L</td>
  +                <td>Name is located in this City</td>
  +                <td>L=Snake City</td>
  +              </tr>
  +              <tr valign="top">
  +                <td>State/Province</td>
  +                <td>ST</td>
  +                <td>Name is located in this State/Province</td>
  +                <td>ST=Desert</td>
  +              </tr>
  +              <tr valign="top">
  +                <td>Country</td>
  +                <td>C</td>
  +                <td>Name is located in this Country (ISO code)</td>
  +                <td>C=XZ</td>
  +              </tr>
  +            </table>
  +          </td>
  +        </tr>
  +      </table>
  +    </td>
  +  </tr>
   </table>
  -</td>
  -</tr></table>
  -</td></tr></table>
   </div>
  -<p>
  -A Certificate Authority may define a policy specifying which distinguished
  +<p>A Certificate Authority may define a policy specifying which distinguished
   field names are optional, and which are required. It may also place
   requirements upon the field contents, as may users of certificates. As an
   example, a Netscape browser requires that the Common Name for a certificate
   representing a server has a name which matches a wildcard pattern for the
  -domain name of that server, such as <code>*.snakeoil.com</code>.
  -<p>
  -The binary format of a certificate is defined using the ASN.1 notation [ <a
  +domain name of that server, such as <code>*.snakeoil.com</code>.</p>
  +<p>The binary format of a certificate is defined using the ASN.1 notation [ <a
   href="#X208">X208</a>] [<a href="#PKCS">PKCS</a>]. This notation defines how to
   specify the contents, and encoding rules define how this information is
   translated into binary form. The binary encoding of the certificate is
  @@ -268,12 +301,12 @@
   handle binary, the binary form may be translated into an ASCII form by using
   Base64 encoding [<a href="#MIME">MIME</a>]. This encoded version is called PEM
   encoded (the name comes from "Privacy Enhanced Mail"), when placed between
  -begin and end delimiter lines as illustrated in <a href="#table3">Table 3</a>.
  -<p>
  +begin and end delimiter lines as illustrated in <a href="#table3">Table 3</a>.</p>
  +
   <div align="center">
   <a name="table3"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Table 3: Example of a PEM-encoded certificate (snakeoil.crt)</caption>
  +<caption align="bottom">Table 3: Example of a PEM-encoded certificate (snakeoil.crt)</caption>
   <tr><td bgcolor="#cccccc">
   <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
   <tr><td valign="top" align="center" bgcolor="#ffffff">
  @@ -303,20 +336,20 @@
   </td></tr></table>
   </div>
   <h3><a name="ToC7">Certificate Authorities</a></h3>
  -By first verifying the information in a certificate request before granting
  +<p>By first verifying the information in a certificate request before granting
   the certificate, the Certificate Authority assures the identity of the private
   key owner of a key-pair. For instance, if Alice requests a personal
   certificate, the Certificate Authority must first make sure that Alice really
  -is the person the certificate request claims.
  +is the person the certificate request claims.</p>
   <h4><a name="ToC8">Certificate Chains</a></h4>
  -A Certificate Authority may also issue a certificate for another Certificate
  +<p>A Certificate Authority may also issue a certificate for another Certificate
   Authority. When examining a certificate, Alice may need to examine the
   certificate of the issuer, for each parent Certificate Authority, until
   reaching one which she has confidence in. She may decide to trust only
   certificates with a limited chain of issuers, to reduce her risk of a "bad"
  -certificate in the chain.
  +certificate in the chain.</p>
   <h4><a name="ToC9">Creating a Root-Level CA</a></h4>
  -As noted earlier, each certificate requires an issuer to assert the validity
  +<p>As noted earlier, each certificate requires an issuer to assert the validity
   of the identity of the certificate subject, up to the top-level Certificate
   Authority (CA). This presents a problem: Since this is who vouches for the
   certificate of the top-level authority, which has no issuer?
  @@ -325,22 +358,20 @@
   care in trusting a self-signed certificate. The wide publication of a public
   key by the root authority reduces the risk in trusting this key -- it would be
   obvious if someone else publicized a key claiming to be the authority.
  -Browsers are preconfigured to trust well-known certificate authorities.
  -<p>
  -A number of companies, such as <a href="http://www.thawte.com/">Thawte</a> and
  +Browsers are preconfigured to trust well-known certificate authorities.</p>
  +<p>A number of companies, such as <a href="http://www.thawte.com/">Thawte</a> and
   <a href="http://www.verisign.com/">VeriSign</a> have established themselves as
  -Certificate Authorities. These companies provide the following services:
  +Certificate Authorities. These companies provide the following services:</p>
   <ul>
  -<li>Verifying certificate requests
  -<li>Processing certificate requests
  -<li>Issuing and managing certificates
  +<li>Verifying certificate requests</li>
  +<li>Processing certificate requests</li>
  +<li>Issuing and managing certificates</li>
   </ul>
  -<p>
  -It is also possible to create your own Certificate Authority. Although risky
  +<p>It is also possible to create your own Certificate Authority. Although risky
   in the Internet environment, it may be useful within an Intranet where the
  -organization can easily verify the identities of individuals and servers.
  +organization can easily verify the identities of individuals and servers.</p>
   <h4><a name="ToC10">Certificate Management</a></h4>
  -Establishing a Certificate Authority is a responsibility which requires a
  +<p>Establishing a Certificate Authority is a responsibility which requires a
   solid administrative, technical, and management framework.
   Certificate Authorities not only issue certificates, they also manage them --
   that is, they determine how long certificates are valid, they renew them, and
  @@ -352,295 +383,309 @@
   the certificate alone that it has been revoked.
   When examining certificates for validity, therefore, it is necessary to
   contact the issuing Certificate Authority to check CRLs -- this is not usually
  -an automated part of the process.
  -<p>
  -<div align="center"><B>Note:</B></div>
  -If you use a Certificate Authority that is not configured into browsers by
  +an automated part of the process.</p>
  +<div align="center"><b>Note:</b></div>
  +<p>If you use a Certificate Authority that is not configured into browsers by
   default, it is necessary to load the Certificate Authority certificate into
   the browser, enabling the browser to validate server certificates signed by
   that Certificate Authority. Doing so may be dangerous, since once loaded, the
  -browser will accept all certificates signed by that Certificate Authority.
  +browser will accept all certificates signed by that Certificate Authority.</p>
   <h2><a name="ToC11">Secure Sockets Layer (SSL)</a></h2>
  -The Secure Sockets Layer protocol is a protocol layer which may be placed
  +<p>The Secure Sockets Layer protocol is a protocol layer which may be placed
   between a reliable connection-oriented network layer protocol (e.g. TCP/IP)
   and the application protocol layer (e.g. HTTP). SSL provides for secure
   communication between client and server by allowing mutual authentication, the
  -use of digital signatures for integrity, and encryption for privacy.
  -<p>
  -The protocol is designed to support a range of choices for specific algorithms
  +use of digital signatures for integrity, and encryption for privacy.</p>
  +<p>The protocol is designed to support a range of choices for specific algorithms
   used for cryptography, digests, and signatures. This allows algorithm
   selection for specific servers to be made based on legal, export or other
   concerns, and also enables the protocol to take advantage of new algorithms.
   Choices are negotiated between client and server at the start of establishing
  -a protocol session.
  -<p>
  +a protocol session.</p>
   <div align="center">
   <a name="table4"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Table 4: Versions of the SSL protocol</caption>
  -<tr><td bgcolor="#cccccc">
  -<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  -<tr><td valign="top" align="center" bgcolor="#ffffff">
  -<table summary="">
  -<tr valign="top">
  -<td><b>Version:</b></td>
  -<td><b>Source:</b></td>
  -<td><b>Description:</b></td>
  -<td><b>Browser Support:</b></td>
  -</tr>
  -<tr valign="top">
  -<td>SSL v2.0</td>
  -<td>Vendor Standard (from Netscape Corp.) [<a href="#SSL2">SSL2</a>]</td>
  -<td>First SSL protocol for which implementations exists</td>
  -<td>- NS Navigator 1.x/2.x<br>
  -    - MS IE 3.x<br>
  -    - Lynx/2.8+OpenSSL
  -</td>
  -</tr>
  -<tr valign="top">
  -<td>SSL v3.0</td>
  -<td>Expired Internet Draft (from Netscape Corp.) [<a href="#SSL3">SSL3</a>]</td>
  -<td>Revisions to prevent specific security attacks, add non-RSA ciphers, and support for certificate chains</td>
  -<td>- NS Navigator 2.x/3.x/4.x<br>
  -    - MS IE 3.x/4.x<br>
  -    - Lynx/2.8+OpenSSL
  -</td>
  -</tr>
  -<tr valign="top">
  -<td>TLS v1.0</td>
  -<td>Proposed Internet Standard (from IETF) [<a href="#TLS1">TLS1</a>]</td>
  -<td>Revision of SSL 3.0 to update the MAC layer to HMAC, add block padding for
  -    block ciphers, message order standardization and more alert messages.
  -</td>
  -<td>- Lynx/2.8+OpenSSL</td>
  +  <caption align="bottom">Table 4: Versions of the SSL protocol</caption>
  +  <tr>
  +    <td bgcolor="#cccccc">
  +      <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  +        <tr>
  +          <td valign="top" align="center" bgcolor="#ffffff">
  +            <table summary="">
  +              <tr valign="top">
  +                <td><b>Version:</b></td>
  +                <td><b>Source:</b></td>
  +                <td><b>Description:</b></td>
  +                <td><b>Browser Support:</b></td>
  +              </tr>
  +              <tr valign="top">
  +                <td>SSL v2.0</td>
  +                <td>Vendor Standard (from Netscape Corp.) [<a href="#SSL2">SSL2</a>]</td>
  +                <td>First SSL protocol for which implementations exists</td>
  +                <td>- NS Navigator 1.x/2.x<br />
  +                    - MS IE 3.x<br />
  +                    - Lynx/2.8+OpenSSL
  +                </td>
  +              </tr>
  +              <tr valign="top">
  +                <td>SSL v3.0</td>
  +                <td>Expired Internet Draft (from Netscape Corp.) [<a href="#SSL3">SSL3</a>]</td>
  +                <td>Revisions to prevent specific security attacks, add non-RSA ciphers, and support for certificate chains</td>
  +                <td>- NS Navigator 2.x/3.x/4.x<br />
  +                    - MS IE 3.x/4.x<br />
  +                    - Lynx/2.8+OpenSSL
  +                </td>
  +              </tr>
  +              <tr valign="top">
  +                <td>TLS v1.0</td>
  +                <td>Proposed Internet Standard (from IETF) [<a href="#TLS1">TLS1</a>]</td>
  +                <td>Revision of SSL 3.0 to update the MAC layer to HMAC, add block padding for
  +                    block ciphers, message order standardization and more alert messages.
  +                </td>
  +                <td>- Lynx/2.8+OpenSSL</td>
  +              </tr>
  +            </table>
  +          </td>
  +        </tr>
  +      </table>
  +    </td>
  +  </tr>
   </table>
  -</td>
  -</tr></table>
  -</td></tr></table>
   </div>
  -<p>
  -There are a number of versions of the SSL protocol, as shown in <a
  +<p>There are a number of versions of the SSL protocol, as shown in <a
   href="#table4">Table 4</a>. As noted there, one of the benefits in SSL 3.0 is
   that it adds support of certificate chain loading. This feature allows a
   server to pass a server certificate along with issuer certificates to the
   browser. Chain loading also permits the browser to validate the server
   certificate, even if Certificate Authority certificates are not installed for
   the intermediate issuers, since they are included in the certificate chain.
  -SSL 3.0 is the basis for the Transport Layer Security [<A
  -HREF="#TLS1">TLS</A>] protocol standard, currently in development by the
  -Internet Engineering Task Force (IETF).
  +SSL 3.0 is the basis for the Transport Layer Security [<a
  +href="#TLS1">TLS</a>] protocol standard, currently in development by the
  +Internet Engineering Task Force (IETF).</p>
   <h3><a name="ToC12">Session Establishment</a></h3>
  -The SSL session is established by following a <I>handshake sequence</I>
  +<p>The SSL session is established by following a <a>handshake sequence</a>
   between client and server, as shown in <a href="#figure1">Figure 1</a>. This
   sequence may vary, depending on whether the server is configured to provide a
   server certificate or request a client certificate. Though cases exist where
   additional handshake steps are required for management of cipher information,
   this article summarizes one common scenario: see the SSL specification for the
  -full range of possibilities.
  -<p>
  +full range of possibilities.</p>
   <div align="center"><b>Note</b></div>
  -Once an SSL session has been established it may be reused, thus avoiding the
  +<p>Once an SSL session has been established it may be reused, thus avoiding the
   performance penalty of repeating the many steps needed to start a session.
   For this the server assigns each SSL session a unique session identifier which
   is cached in the server and which the client can use on forthcoming
   connections to reduce the handshake (until the session identifer expires in
  -the cache of the server).
  -<p>
  +the cache of the server).</p>
   <div align="center">
   <a name="figure1"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Figure 1: Simplified SSL Handshake Sequence</caption>
  -<tr><td bgcolor="#cccccc">
  -<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  -<tr><td valign="top" align="center" bgcolor="#ffffff">
  -<img src="ssl_intro_fig1.gif" alt="" width="423" height="327">
  -</td>
  -</tr></table>
  -</td></tr></table>
  +  <caption align="bottom">Figure 1: Simplified SSL Handshake Sequence</caption>
  +    <tr>
  +      <td bgcolor="#cccccc">
  +        <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  +          <tr>
  +            <td valign="top" align="center" bgcolor="#ffffff">
  +              <img src="ssl_intro_fig1.gif" alt="" width="423" height="327" />
  +            </td>
  +          </tr>
  +        </table>
  +      </td>
  +    </tr>
  +  </table>
   </div>
  -<p>
  -The elements of the handshake sequence, as used by the client and server, are
  -listed below:
  +<p>The elements of the handshake sequence, as used by the client and server, are
  +listed below:</p>
   <ol>
  -<li>Negotiate the Cipher Suite to be used during data transfer
  -<li>Establish and share a session key between client and server
  -<li>Optionally authenticate the server to the client
  -<li>Optionally authenticate the client to the server
  +<li>Negotiate the Cipher Suite to be used during data transfer</li>
  +<li>Establish and share a session key between client and server</li>
  +<li>Optionally authenticate the server to the client</li>
  +<li>Optionally authenticate the client to the server</li>
   </ol>
  -<p>
  -The first step, Cipher Suite Negotiation, allows the client and server to
  +<p>The first step, Cipher Suite Negotiation, allows the client and server to
   choose a Cipher Suite supportable by both of them. The SSL3.0 protocol
   specification defines 31 Cipher Suites. A Cipher Suite is defined by the
  -following components:
  +following components:</p>
   <ul>
  -<li>Key Exchange Method
  -<li>Cipher for Data Transfer
  -<li>Message Digest for creating the Message Authentication Code (MAC)
  +<li>Key Exchange Method</li>
  +<li>Cipher for Data Transfer</li>
  +<li>Message Digest for creating the Message Authentication Code (MAC)</li>
   </ul>
  -These three elements are described in the sections that follow.
  +<p>These three elements are described in the sections that follow.</p>
   <h3><a name="ToC13">Key Exchange Method</a></h3>
  -The key exchange method defines how the shared secret symmetric cryptography
  +<p>The key exchange method defines how the shared secret symmetric cryptography
   key used for application data transfer will be agreed upon by client and
   server. SSL 2.0 uses RSA key exchange only, while SSL 3.0 supports a choice of
   key exchange algorithms including the RSA key exchange when certificates are
   used, and Diffie-Hellman key exchange for exchanging keys without certificates
  -and without prior communication between client and server.
  -<p>
  -One variable in the choice of key exchange methods is digital signatures --
  +and without prior communication between client and server.</p>
  +<p>One variable in the choice of key exchange methods is digital signatures --
   whether or not to use them, and if so, what kind of signatures to use.
   Signing with a private key provides assurance against a
   man-in-the-middle-attack during the information exchange used in generating
  -the shared key [<a href="#AC96">AC96</a>, p516].
  +the shared key [<a href="#AC96">AC96</a>, p516].</p>
   <h3><a name="ToC14">Cipher for Data Transfer</a></h3>
  -SSL uses the conventional cryptography algorithm (symmetric cryptography)
  +<p>SSL uses the conventional cryptography algorithm (symmetric cryptography)
   described earlier for encrypting messages in a session. There are nine
  -choices, including the choice to perform no encryption:
  +choices, including the choice to perform no encryption:</p>
   <ul>
  -<li>No encryption
  +<li>No encryption</li>
   <li>Stream Ciphers
       <ul>
  -    <li>RC4 with 40-bit keys
  -    <li>RC4 with 128-bit keys
  +    <li>RC4 with 40-bit keys</li>
  +    <li>RC4 with 128-bit keys</li>
       </ul>
  +</li>
   <li>CBC Block Ciphers
       <ul>
  -    <li>RC2 with 40 bit key
  -    <li>DES with 40 bit key
  -    <li>DES with 56 bit key
  -    <li>Triple-DES with 168 bit key
  -    <li>Idea (128 bit key)
  -    <li>Fortezza (96 bit key)
  +    <li>RC2 with 40 bit key</li>
  +    <li>DES with 40 bit key</li>
  +    <li>DES with 56 bit key</li>
  +    <li>Triple-DES with 168 bit key</li>
  +    <li>Idea (128 bit key)</li>
  +    <li>Fortezza (96 bit key)</li>
       </ul>
  +</li>
   </ul>
  -Here "CBC" refers to Cipher Block Chaining, which means that a portion of the
  +<p>Here "CBC" refers to Cipher Block Chaining, which means that a portion of the
   previously encrypted cipher text is used in the encryption of the current
   block. "DES" refers to the Data Encryption Standard [<a href="#AC96">AC96</a>,
   ch12], which has a number of variants (including DES40 and 3DES_EDE). "Idea"
   is one of the best and cryptographically strongest available algorithms, and
   "RC2" is a proprietary algorithm from RSA DSI [<a href="#AC96">AC96</a>,
  -ch13].
  +ch13].</p>
   <h3><a name="ToC15">Digest Function</a></h3>
  -The choice of digest function determines how a digest is created from a record
  -unit. SSL supports the following:
  +<p>The choice of digest function determines how a digest is created from a record
  +unit. SSL supports the following:</p>
   <ul>
  -<li>No digest (Null choice)
  -<li>MD5, a 128-bit hash
  -<li>Secure Hash Algorithm (SHA-1), a 160-bit hash
  +<li>No digest (Null choice)</li>
  +<li>MD5, a 128-bit hash</li>
  +<li>Secure Hash Algorithm (SHA-1), a 160-bit hash</li>
   </ul>
  -The message digest is used to create a Message Authentication Code (MAC) which
  +<p>The message digest is used to create a Message Authentication Code (MAC) which
   is encrypted with the message to provide integrity and to prevent against
  -replay attacks.
  +replay attacks.</p>
   <h3><a name="ToC16">Handshake Sequence Protocol</a></h3>
  -The handshake sequence uses three protocols:
  +<p>The handshake sequence uses three protocols:</p>
   <ul>
   <li>The <em>SSL Handshake Protocol</em>
       for performing the client and server SSL session establishment.
  +</li>
   <li>The <em>SSL Change Cipher Spec Protocol</em> for actually establishing agreement
       on the Cipher Suite for the session.
  +</li>
   <li>The <em>SSL Alert Protocol</em> for
       conveying SSL error messages between client and server.
  +</li>
   </ul>
   These protocols, as well as application protocol data, are encapsulated in the
   <em>SSL Record Protocol</em>, as shown in <a href="#figure2">Figure 2</a>. An
   encapsulated protocol is transferred as data by the lower layer protocol,
   which does not examine the data. The encapsulated protocol has no knowledge of
   the underlying protocol.
  -<p>
   <div align="center">
   <a name="figure2"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Figure 2: SSL Protocol Stack</caption>
  -<tr><td bgcolor="#cccccc">
  -<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  -<tr><td valign="top" align="center" bgcolor="#ffffff">
  -<img src="ssl_intro_fig2.gif" alt="" width="428" height="217">
  -</td>
  -</tr></table>
  -</td></tr></table>
  +  <caption align="bottom">Figure 2: SSL Protocol Stack</caption>
  +  <tr>
  +    <td bgcolor="#cccccc">
  +      <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  +        <tr>
  +          <td valign="top" align="center" bgcolor="#ffffff">
  +            <img src="ssl_intro_fig2.gif" alt="" width="428" height="217" />
  +          </td>
  +        </tr>
  +      </table>
  +    </td>
  +  </tr>
  +</table>
   </div>
  -<p>
  -The encapsulation of SSL control protocols by the record protocol means that
  +<p>The encapsulation of SSL control protocols by the record protocol means that
   if an active session is renegotiated the control protocols will be transmitted
   securely. If there were no session before, then the Null cipher suite is
   used, which means there is no encryption and messages have no integrity
  -digests until the session has been established.
  +digests until the session has been established.</p>
   <h3><a name="ToC17">Data Transfer</a></h3>
  -The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>, is used to
  +<p>The SSL Record Protocol, shown in <a href="#figure3">Figure 3</a>, is used to
   transfer application and SSL Control data between the client and server,
   possibly fragmenting this data into smaller units, or combining multiple
   higher level protocol data messages into single units. It may compress, attach
   digest signatures, and encrypt these units before transmitting them using the
   underlying reliable transport protocol (Note: currently all major SSL
  -implementations lack support for compression).
  -<p>
  +implementations lack support for compression).</p>
   <div align="center">
   <a name="figure3"></a>
   <table width="600" cellspacing="0" cellpadding="1" border="0" summary="">
  -<caption align="bottom" id="sf">Figure 3: SSL Record Protocol</caption>
  -<tr><td bgcolor="#cccccc">
  -<table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  -<tr><td valign="top" align="center" bgcolor="#ffffff">
  -<img src="ssl_intro_fig3.gif" alt="" width="423" height="323">
  -</td>
  -</tr></table>
  -</td></tr></table>
  +  <caption align="bottom">Figure 3: SSL Record Protocol</caption>
  +  <tr>
  +    <td bgcolor="#cccccc">
  +      <table width="598" cellpadding="5" cellspacing="0" border="0" summary="">
  +        <tr>
  +          <td valign="top" align="center" bgcolor="#ffffff">
  +            <img src="ssl_intro_fig3.gif" alt="" width="423" height="323" />
  +          </td>
  +        </tr>
  +      </table>
  +    </td>
  +  </tr>
  +</table>
   </div>
   <h3><a name="ToC18">Securing HTTP Communication</a></h3>
  -One common use of SSL is to secure Web HTTP communication between a browser
  +<p>One common use of SSL is to secure Web HTTP communication between a browser
   and a webserver. This case does not preclude the use of non-secured HTTP. The
   secure version is mainly plain HTTP over SSL (named HTTPS), but with one major
   difference: it uses the URL scheme <code>https</code> rather than
   <code>http</code> and a different server port (by default 443). This mainly
  -is what mod_ssl provides to you for the Apache webserver...
  +is what mod_ssl provides to you for the Apache webserver...</p>
   <h2><a name="ToC19">References</a></h2>
   <ul>
  -<p>
   <li><a name="AC96"></a>
   [AC96] Bruce Schneier, <em>Applied Cryptography</em>, 2nd Edition, Wiley,
          1996. See <a href="http://www.counterpane.com/">http://www.counterpane.com/</a> for
          various other materials by Bruce Schneier.
  -<p>
  +</li>
   <li><a name="X208"></a>
   [X208] ITU-T Recommendation X.208, <em>Specification of Abstract Syntax Notation
          One (ASN.1)</em>, 1988. See for instance <a
          href="ftp://ftp.neda.com/pub/itu/x.series/x208.ps">
          ftp://ftp.neda.com/pub/itu/x.series/x208.ps</a>.
  -<p>
  +</li>
   <li><a name="X509"></a>
   [X509] ITU-T Recommendation X.509, <em>The Directory - Authentication
          Framework</em>, 1988. See for instance <a
          href="ftp://ftp.bull.com/pub/OSIdirectory/ITUnov96/X.509/97x509final.doc">
          ftp://ftp.bull.com/pub/OSIdirectory/ITUnov96/X.509/97x509final.doc</a>.
  -<p>
  +</li>
   <li><a name="PKCS"></a>
   [PKCS] Kaliski, Burton S., Jr., <em>An Overview of the PKCS Standards</em>, An RSA
        Laboratories Technical Note, revised November 1, 1993.
        See <a href="http://www.rsa.com/rsalabs/pubs/PKCS/">
        http://www.rsa.com/rsalabs/pubs/PKCS/</a>.
  -<p>
  +</li>
   <li><a name="MIME"></a>
   [MIME] N. Freed, N. Borenstein, <em>Multipurpose Internet Mail Extensions
          (MIME) Part One: Format of Internet Message Bodies</em>, RFC2045.
          See for instance <a href="ftp://ftp.isi.edu/in-notes/rfc2045.txt">
          ftp://ftp.isi.edu/in-notes/rfc2045.txt</a>.
  -<p>
  +</li>
   <li><a name="SSL2"></a>
   [SSL2] Kipp E.B. Hickman, <em>The SSL Protocol</em>, 1995.
          See <a href="http://www.netscape.com/eng/security/SSL_2.html">
          http://www.netscape.com/eng/security/SSL_2.html</a>.
  -<p>
  +</li>
   <li><a name="SSL3"></a>
   [SSL3] Alan O. Freier, Philip Karlton, Paul C. Kocher, <em>The SSL Protocol
          Version 3.0</em>, 1996. See <a
          href="http://www.netscape.com/eng/ssl3/draft302.txt">
          http://www.netscape.com/eng/ssl3/draft302.txt</a>.
  -<p>
  +</li>
   <li><a name="TLS1"></a>
   [TLS1] Tim Dierks, Christopher Allen, <em>The TLS Protocol Version 1.0</em>,
          1997. See <a
          href="ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt">
          ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-protocol-06.txt</a>.
  +</li>
   </ul>
  -<p><!--#include virtual="footer.html" --> </p>
  +    <!--#include virtual="footer.html" -->
     </body>
   </html>
  
  
  
  1.15      +1 -1      httpd-2.0/docs/manual/vhosts/details.html
  
  Index: details.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/vhosts/details.html,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- details.html	19 Oct 2001 05:47:07 -0000	1.14
  +++ details.html	25 Jul 2002 21:46:41 -0000	1.15
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">An In-Depth Discussion of Virtual Host
  +    <h1 align="center">An In-Depth Discussion of Virtual Host
       Matching</h1>
   
       <p>The virtual host code was completely rewritten in
  
  
  
  1.14      +2 -2      httpd-2.0/docs/manual/vhosts/examples.html
  
  Index: examples.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/vhosts/examples.html,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- examples.html	26 Jun 2002 02:31:47 -0000	1.13
  +++ examples.html	25 Jul 2002 21:46:41 -0000	1.14
  @@ -13,7 +13,7 @@
     alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Virtual Host examples for common setups</h1>
  +    <h1 align="center">Virtual Host examples for common setups</h1>
   
       <p>This document attempts to answer the commonly-asked questions about
       setting up virtual hosts. These scenarios are those involving multiple
  @@ -399,7 +399,7 @@
       there is one.</p>
       <hr />
   
  -    <h3><a id="#ipport" name="#ipport">Mixed port-based and ip-based
  +    <h3><a id="ipport" name="ipport">Mixed port-based and ip-based
       virtual hosts</a></h3>
   
       <p><strong>Setup:</strong></p>
  
  
  
  1.8       +2 -2      httpd-2.0/docs/manual/vhosts/fd-limits.html.en
  
  Index: fd-limits.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/vhosts/fd-limits.html.en,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- fd-limits.html.en	12 Jul 2002 11:11:40 -0000	1.7
  +++ fd-limits.html.en	25 Jul 2002 21:46:41 -0000	1.8
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">File Descriptor Limits</h1>
  +    <h1 align="center">File Descriptor Limits</h1>
   
       <p>When using a large number of Virtual Hosts, Apache may run
       out of available file descriptors (sometimes called <cite>file
  @@ -85,7 +85,7 @@
   of your log format string:</p>
   
   <blockquote><table cellpadding="10"><tr><td bgcolor="#eeeeee"><code>
  - LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost<br>
  + LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost<br />
    CustomLog logs/multiple_vhost_log vhost
   </code></td></tr></table></blockquote>
   
  
  
  
  1.7       +1 -1      httpd-2.0/docs/manual/vhosts/footer.html
  
  Index: footer.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/vhosts/footer.html,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- footer.html	15 Jan 2002 01:48:00 -0000	1.6
  +++ footer.html	25 Jul 2002 21:46:41 -0000	1.7
  @@ -1,5 +1,5 @@
       <hr />
   
  -    <h3 align="CENTER">Apache HTTP Server Version 2.0</h3>
  +    <h3 align="center">Apache HTTP Server Version 2.0</h3>
       <a href="./"><img src="../images/index.gif" alt="Index" /></a>
       <a href="../"><img src="../images/home.gif" alt="Home" /></a>
  
  
  
  1.6       +1 -1      httpd-2.0/docs/manual/vhosts/header.html
  
  Index: header.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/vhosts/header.html,v
  retrieving revision 1.5
  retrieving revision 1.6
  diff -u -r1.5 -r1.6
  --- header.html	15 Jan 2002 01:48:00 -0000	1.5
  +++ header.html	25 Jul 2002 21:46:41 -0000	1.6
  @@ -1,4 +1,4 @@
  -    <div align="CENTER">
  +    <div align="center">
         <img src="../images/sub.gif" alt="[APACHE DOCUMENTATION]" /> 
   
         <h3>Apache HTTP Server Version 2.0</h3>
  
  
  
  1.13      +2 -2      httpd-2.0/docs/manual/vhosts/index.html.en
  
  Index: index.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/vhosts/index.html.en,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- index.html.en	26 Jun 2002 02:33:12 -0000	1.12
  +++ index.html.en	25 Jul 2002 21:46:42 -0000	1.13
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Apache Virtual Host documentation</h1>
  +    <h1 align="center">Apache Virtual Host documentation</h1>
   
       <p>The term <cite>Virtual Host</cite> refers to the practice of
       running more than one web site (such as
  @@ -74,7 +74,7 @@
         <li><a href="../mod/core.html#serverpath">ServerPath</a></li>
   
         <li><b>See also</b> <a 
  -      href="../mod/mod_vhost_alias.html">mod_vhost_alias</a>
  +      href="../mod/mod_vhost_alias.html">mod_vhost_alias</a></li>
       </ul>
   
       <p>If you are trying to debug your virtual host configuration, you
  
  
  
  1.10      +1 -1      httpd-2.0/docs/manual/vhosts/ip-based.html
  
  Index: ip-based.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/vhosts/ip-based.html,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- ip-based.html	14 Oct 2001 15:35:04 -0000	1.9
  +++ ip-based.html	25 Jul 2002 21:46:42 -0000	1.10
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Apache IP-based Virtual Host Support</h1>
  +    <h1 align="center">Apache IP-based Virtual Host Support</h1>
       <strong>See also:</strong> <a href="name-based.html">Name-based
       Virtual Hosts Support</a> 
       <hr />
  
  
  
  1.7       +1 -1      httpd-2.0/docs/manual/vhosts/mass.html
  
  Index: mass.html
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/vhosts/mass.html,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- mass.html	22 Sep 2001 19:39:26 -0000	1.6
  +++ mass.html	25 Jul 2002 21:46:42 -0000	1.7
  @@ -13,7 +13,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Dynamically configured mass virtual
  +    <h1 align="center">Dynamically configured mass virtual
       hosting</h1>
   
       <p>This document describes how to efficiently serve an
  
  
  
  1.17      +3 -3      httpd-2.0/docs/manual/vhosts/name-based.html.en
  
  Index: name-based.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/vhosts/name-based.html.en,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- name-based.html.en	27 Oct 2001 22:22:00 -0000	1.16
  +++ name-based.html.en	25 Jul 2002 21:46:42 -0000	1.17
  @@ -11,7 +11,7 @@
     vlink="#000080" alink="#FF0000">
       <!--#include virtual="header.html" -->
   
  -    <h1 align="CENTER">Name-based Virtual Host Support</h1>
  +    <h1 align="center">Name-based Virtual Host Support</h1>
   
   <p>This document describes when and how to use name-based virtual hosts.</p>
   
  @@ -69,8 +69,8 @@
   <h2><a name="using">Using Name-based Virtual Hosts</a></h2>
   
   <table border="1">
  -<tr><td align="top">
  -<strong>Related Directives</strong><br><br>
  +<tr><td valign="top">
  +<strong>Related Directives</strong><br /><br />
   
   <a href="../mod/core.html#documentroot">DocumentRoot</a><br />
   <a href="../mod/core.html#namevirtualhost">NameVirtualHost</a><br />
  
  
  

Mime
View raw message