httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r490083 - /httpd/httpd/trunk/README
Date Sun, 24 Dec 2006 22:54:50 GMT
Author: fielding
Date: Sun Dec 24 14:54:49 2006
New Revision: 490083

Follow Garrett's example and provide a crypto notice in the README,
with specific details for removing the crypto and for nossl packages.


Modified: httpd/httpd/trunk/README
--- httpd/httpd/trunk/README (original)
+++ httpd/httpd/trunk/README Sun Dec 24 14:54:49 2006
@@ -37,6 +37,56 @@
   Please see the file called LICENSE.
+  Cryptographic Software Notice
+  -----------------------------
+  This distribution may include software that has been designed for use
+  with cryptographic software.  The country in which you currently reside
+  may have restrictions on the import, possession, use, and/or re-export
+  to another country, of encryption software.  BEFORE using any encryption
+  software, please check your country's laws, regulations and policies
+  concerning the import, possession, or use, and re-export of encryption
+  software, to see if this is permitted.  See <>
+  for more information.
+  The U.S. Government Department of Commerce, Bureau of Industry and
+  Security (BIS), has classified this software as Export Commodity 
+  Control Number (ECCN) 5D002.C.1, which includes information security
+  software using or performing cryptographic functions with asymmetric
+  algorithms.  The form and manner of this Apache Software Foundation
+  distribution makes it eligible for export under the License Exception
+  ENC Technology Software Unrestricted (TSU) exception (see the BIS 
+  Export Administration Regulations, Section 740.13) for both object 
+  code and source code.
+  The following provides more details on the included files that
+  may be subject to export controls on cryptographic software:
+    Apache httpd 2.0 and later versions include the mod_ssl module under
+       modules/ssl/
+    for configuring and listening to connections over SSL encrypted
+    network sockets by performing calls to a general-purpose encryption
+    library, such as OpenSSL or the operating system's platform-specific
+    SSL facilities.
+    In addition, some versions of apr-util provide an abstract interface
+    for SSL encrypted network sockets in the files under the directory
+       srclib/apr-util/ssl/
+    that makes use of a general-purpose encryption library, such as
+    OpenSSL or the operating system's platform-specific SSL facilities.
+    Apache httpd currently does not use that apr-util interface.
+    Some object code distributions of Apache httpd, indicated with the
+    word "crypto" in the package name, may include object code for the
+    OpenSSL encryption library as distributed in open source form from
+    <>.
+  The above files are optional and may be removed if the cryptographic
+  functionality is not desired or needs to be excluded from redistribution.
+  Distribution packages of Apache httpd that include the word "nossl"
+  in the package name have been created without the above files and are
+  therefore not subject to this notice.

View raw message