-Here we talk about backward compatibility to other SSL solutions. As you -perhaps know, mod_ssl is not the only existing SSL solution for Apache. -Actually there are four additional major products available on the market: Ben -Laurie's freely available Apache-SSL -(from where mod_ssl were originally derived in 1998), Red Hat's commercial Secure Web -Server (which is based on mod_ssl), Covalent's commercial Raven SSL Module (also based on mod_ssl) -and finally C2Net's commercial product Stronghold (based on a -different evolution branch named Sioux up to Stronghold 2.x and based on -mod_ssl since Stronghold 3.x).

-The idea in mod_ssl is mainly the following: because mod_ssl provides mostly a -superset of the functionality of all other solutions we can easily provide -backward compatibility for most of the cases. Actually there are three -compatibility areas we currently address: configuration directives, -environment variables and custom log functions.

Configuration Directives
Environment Variables

Configuration Directives

For backward compatibility to the configuration directives of other SSL -solutions we do an on-the-fly mapping: directives which have a direct -counterpart in mod_ssl are mapped silently while other directives lead to a -warning message in the logfiles. The currently implemented directive mapping -is listed in Table 1. Currently full backward -compatibility is provided only for Apache-SSL 1.x and mod_ssl 2.0.x. -Compatibility to Sioux 1.x and Stronghold 2.x is only partial because of -special functionality in these interfaces which mod_ssl (still) doesn't -provide.

The mapping between configuration directives used by Apache-SSL +1.x and mod_ssl 2.0.x is given in Table +1. The mapping from Sioux 1.x and Stronghold 2.x is only partial +because of special functionality in these interfaces which mod_ssl +doesn't provide.

Table 1: Configuration Directive Mapping

@@ -98,9 +96,9 @@ SSL_X509VerifyPolicy arg-functionality not supported SSL_LogX509Attributes arg-functionality not supported Stronghold 2.x compatibility: -StrongholdAccelerator dir-functionality not supported -StrongholdKey dir-functionality not supported -StrongholdLicenseFile dir-functionality not supported +StrongholdAccelerator engineSSLCryptoDevice enginerenamed +StrongholdKey dir-functionality not needed +StrongholdLicenseFile dir-functionality not needed SSLFlag flagSSLEngine flagrenamed SSLSessionLockFile fileSSLMutex filerenamed SSLCipherList specSSLCipherSuite specrenamed @@ -110,20 +108,17 @@ SSL_CertificateLogDir dir-functionality not supported AuthCertDir dir-functionality not supported SSL_Group name-functionality not supported -SSLProxyMachineCertPath dir-functionality not supported -SSLProxyMachineCertFile file-functionality not supported -SSLProxyCACertificatePath dir-functionality not supported -SSLProxyCACertificateFile file-functionality not supported -SSLProxyVerifyDepth number-functionality not supported -SSLProxyCipherList spec-functionality not supported +SSLProxyMachineCertPath dirSSLProxyMachineCertificatePath dirrenamed +SSLProxyMachineCertFile fileSSLProxyMachineCertificateFile filerenamed +SSLProxyCipherList specSSLProxyCipherSpec specrenamed

Environment Variables

When you use ``SSLOptions +CompatEnvVars'' additional environment -variables are generated. They all correspond to existing official mod_ssl -variables. The currently implemented variable derivation is listed in Table 2.

+ +

The mapping between environment variable names used by the older +SSL solutions and the names used by mod_ssl is given in Table 2.

Table 2: Environment Variable Derivation

@@ -199,8 +194,7 @@

Custom Log Functions

-When mod_ssl is built into Apache or at least loaded (under DSO situation) -additional functions exist for the Custom Log Format of +When mod_ssl is enabled, additional functions exist for the Custom Log Format of mod_log_config as documented in the Reference Chapter. Beside the ``%{varname}x'' eXtension format function which can be used to expand any variables provided