diff -u -r ../apache_1.3.6/configure ./configure
--- ../apache_1.3.6/configure	Wed Mar 10 11:53:02 1999
+++ ./configure	Sat Mar 27 11:11:15 1999
@@ -699,7 +699,9 @@
                        max ) 
                            OIFS="$IFS" IFS=':'
                            for module in $modules; do
-                               eval "shared_${module}=yes" 
+			       if [ $module != apache_ssl ]; then
+				   eval "shared_${module}=yes"
+			       fi
                            done
                            IFS="$OIFS"
                            shared_so=no        # because of bootstrapping
@@ -938,7 +940,7 @@
 if [ "x$TARGET" != "x" ]; then
     thetarget=$TARGET
 else
-    thetarget=httpd
+    thetarget=httpsd
 fi
 
 ##
diff -u -r ../apache_1.3.6/src/Configuration ./src/Configuration
--- ../apache_1.3.6/src/Configuration	Tue Mar 23 00:17:07 1999
+++ ./src/Configuration	Sat Mar 27 18:02:26 1999
@@ -62,6 +62,21 @@
 #OPTIM=
 #RANLIB=
 
+TARGET=httpsd
+
+#
+# SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+# installed version.
+#
+#SSL_BASE=/u/ben/work/scuzzy-ssleay6
+SSL_BASE=/usr/home/ben/work/openssl
+SSL_INCLUDE= -I$(SSL_BASE)/include
+SSL_CFLAGS= -DAPACHE_SSL
+SSL_LIB_DIR= $(SSL_BASE)
+SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+SSL_APP_DIR= $(SSL_BASE)/apps
+SSL_APP=/usr/home/ben/work/openssl/apps/openssl
+
 ################################################################
 # Name of the installed Apache HTTP webserver.
 #
@@ -391,3 +406,7 @@
 
 AddModule modules/standard/mod_setenvif.o
 
+## Damn damn damn. Apache inverts the module list. SSL must go first to fake
+## basic authorization (that is, last in this file).
+
+AddModule modules/ssl/apache_ssl.a
diff -u -r ../apache_1.3.6/src/Configuration.tmpl ./src/Configuration.tmpl
--- ../apache_1.3.6/src/Configuration.tmpl	Tue Dec  1 23:59:53 1998
+++ ./src/Configuration.tmpl	Sat Mar 27 11:11:15 1999
@@ -62,6 +62,21 @@
 #OPTIM=
 #RANLIB=
 
+TARGET=httpsd
+
+#
+# SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+# installed version.
+#
+#SSL_BASE=/u/ben/work/scuzzy-ssleay6
+SSL_BASE=/usr/home/ben/work/openssl
+SSL_INCLUDE= -I$(SSL_BASE)/include
+SSL_CFLAGS= -DAPACHE_SSL
+SSL_LIB_DIR= $(SSL_BASE)
+SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+SSL_APP_DIR= $(SSL_BASE)/apps
+SSL_APP=/usr/home/ben/work/openssl/apps/openssl
+
 ################################################################
 # Name of the installed Apache HTTP webserver.
 #
@@ -391,3 +406,7 @@
 
 AddModule modules/standard/mod_setenvif.o
 
+## Damn damn damn. Apache inverts the module list. SSL must go first to fake
+## basic authorization (that is, last in this file).
+
+AddModule modules/ssl/apache_ssl.a
diff -u -r ../apache_1.3.6/src/Configure ./src/Configure
--- ../apache_1.3.6/src/Configure	Sun Mar 21 05:07:24 1999
+++ ./src/Configure	Sat Mar 27 11:11:15 1999
@@ -776,7 +776,7 @@
 ##
 echo >>Makefile.config "OSDIR=\$(SRCDIR)/$OSDIR"
 echo >>Makefile.config "INCDIR=\$(SRCDIR)/include"
-echo >>Makefile.config "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR)"
+echo >>Makefile.config "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR) \$(SSL_INCLUDE)"
 echo >>Makefile.config "SHELL=$SHELL"
 
 ####################################################################
@@ -1766,7 +1766,7 @@
 ## for $LIBS at this point. This implies that anything below
 ## can only alter $LIBS
 ##
-echo "CFLAGS1=$CFLAGS" >>Makefile.config
+echo "CFLAGS1=$CFLAGS \$(SSL_CFLAGS)" >>Makefile.config
 echo "INCLUDES1=$INCLUDES" >>Makefile.config
 echo "LIBS_SHLIB=$LIBS_SHLIB" >>Makefile.config
 echo "LDFLAGS1=$LDFLAGS" >>Makefile.config
@@ -1849,7 +1849,7 @@
 ####################################################################
 ## Finish creating the Makefile.config file
 ##
-echo "LIBS1=$LIBS">> Makefile.config
+echo "LIBS1=$LIBS \$(SSL_LIBS)">> Makefile.config
 echo "##" >> Makefile.config
 echo "##  (End of automatically generated section)">> Makefile.config
 echo "##" >> Makefile.config
diff -u -r ../apache_1.3.6/src/Makefile.tmpl ./src/Makefile.tmpl
--- ../apache_1.3.6/src/Makefile.tmpl	Tue Mar 16 21:37:02 1999
+++ ./src/Makefile.tmpl	Sat Mar 27 11:11:16 1999
@@ -25,6 +25,13 @@
 
 $(TARGET): $(EXTRA_DEPS) $(SUBTARGET)
 
+certificate:
+	$(SSL_APP) req -config ../SSLconf/conf/ssleay.cnf \
+	-new -x509 -nodes -out ../SSLconf/conf/httpsd.pem \
+	-keyout ../SSLconf/conf/httpsd.pem; \
+	ln -sf httpsd.pem ../SSLconf/conf/`$(SSL_APP) \
+	x509 -noout -hash < ../SSLconf/conf/httpsd.pem`.0
+
 target_static: subdirs modules.o
 	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
 	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
diff -u -r ../apache_1.3.6/src/include/ap_config.h ./src/include/ap_config.h
--- ../apache_1.3.6/src/include/ap_config.h	Tue Mar 16 16:16:07 1999
+++ ./src/include/ap_config.h	Sat Mar 27 11:15:41 1999
@@ -439,7 +439,17 @@
  * all glibc based systems need crypt.h
  */
 #if defined(__GNU_LIBRARY__) && __GNU_LIBRARY__ > 1
-#include <crypt.h>
+
+# ifdef APACHE_SSL
+#  define des_encrypt BASE_des_encrypt
+# endif
+
+# include <crypt.h>
+
+# ifdef APACHE_SSL
+#  undef des_encrypt
+# endif
+
 #endif
 
 /* glibc 2.0.0 through 2.0.4 need size_t * here, where 2.0.5 needs socklen_t *
@@ -1284,6 +1294,10 @@
 
 #ifndef ap_wait_t
 #define ap_wait_t int
+#endif
+
+#ifdef APACHE_SSL
+# define NO_WRITEV
 #endif
 
 #ifdef __cplusplus
diff -u -r ../apache_1.3.6/src/include/buff.h ./src/include/buff.h
--- ../apache_1.3.6/src/include/buff.h	Fri Jan  1 19:04:39 1999
+++ ./src/include/buff.h	Sat Mar 27 11:11:16 1999
@@ -61,13 +61,26 @@
 #ifdef __cplusplus
 extern "C" {
 #endif
-
 #ifdef B_SFIO
+
 #include "sfio.h"
 #endif
 
 #include <stdarg.h>
 
+#ifdef APACHE_SSL
+
+# include <stdio.h>
+# include <ssl.h>
+
+# define APACHE_SSL_EXPORT_CERTS	TRUE
+# if APACHE_SSL_EXPORT_CERTS
+/* SSLeay doesn't, so we must! */
+#  define APACHE_SSL_KEEP_CERTS		TRUE
+# endif
+
+#endif
+
 /* Reading is buffered */
 #define B_RD     (1)
 /* Writing is buffered */
@@ -127,6 +140,16 @@
 #ifdef B_SFIO
     Sfio_t *sf_in;
     Sfio_t *sf_out;
+#endif
+
+#ifdef APACHE_SSL
+    /* Add some context for SSL */
+    SSL *ssl;
+    char *szClientX509;
+    int nVerifyError;
+# if APACHE_SSL_KEEP_CERTS
+    table *tableCertChain;
+# endif
 #endif
 };
 
diff -u -r ../apache_1.3.6/src/include/http_main.h ./src/include/http_main.h
--- ../apache_1.3.6/src/include/http_main.h	Fri Jan  1 19:04:40 1999
+++ ./src/include/http_main.h	Sat Mar 27 11:11:16 1999
@@ -115,6 +115,7 @@
 void ap_start_shutdown(void);
 void ap_start_restart(int);
 API_EXPORT(void) ap_hard_timeout(char *, request_rec *);
+void ap_conn_timeout(char *name,conn_rec *conn);
 void ap_keepalive_timeout(char *, request_rec *);
 API_EXPORT(void) ap_soft_timeout(char *, request_rec *);
 API_EXPORT(void) ap_kill_timeout(request_rec *);
diff -u -r ../apache_1.3.6/src/include/httpd.h ./src/include/httpd.h
--- ../apache_1.3.6/src/include/httpd.h	Tue Mar 23 00:10:59 1999
+++ ./src/include/httpd.h	Sat Mar 27 11:16:22 1999
@@ -66,6 +66,11 @@
  * httpd.h: header for simple (ha! not anymore) http daemon
  */
 
+/* Needed all over the place */
+typedef unsigned int BOOL;
+#define TRUE 		1
+#define FALSE 		0
+
 /* Headers in which EVERYONE has an interest... */
 
 #include "ap_config.h"
@@ -136,8 +141,13 @@
 #define DEFAULT_HTTP_PORT	80
 #define DEFAULT_HTTPS_PORT	443
 #define ap_is_default_port(port,r)	((port) == ap_default_port(r))
-#define ap_http_method(r)	"http"
-#define ap_default_port(r)	DEFAULT_HTTP_PORT
+#ifdef APACHE_SSL
+# define ap_http_method(r)	((r)->connection->client->ssl ? "https" : "http")
+# define ap_default_port(r)	((r)->connection->client->ssl ? DEFAULT_HTTPS_PORT : DEFAULT_HTTP_PORT)
+#else
+# define ap_http_method(r)	"http"
+# define ap_default_port(r)	DEFAULT_HTTP_PORT
+#endif
 
 /* --------- Default user name and group name running standalone ---------- */
 /* --- These may be specified as numbers by placing a # before a number --- */
@@ -413,7 +423,11 @@
  * Example: "Apache/1.1.0 MrWidget/0.1-alpha" 
  */
 
+#ifdef APACHE_SSL
+#define SERVER_BASEVERSION "Apache/1.3.6 Ben-SSL/1.32"       /* SEE COMMENTS ABOVE */
+#else
 #define SERVER_BASEVERSION "Apache/1.3.6"	/* SEE COMMENTS ABOVE */
+#endif
 #define SERVER_VERSION  SERVER_BASEVERSION
 enum server_token_type {
     SrvTk_MIN,		/* eg: Apache/1.3.0 */
@@ -832,6 +846,10 @@
 #define DEFAULT_VHOST_ADDR 0xfffffffful
 
 typedef struct server_addr_rec server_addr_rec;
+
+#ifdef APACHE_SSL
+int ApacheSSLSetupConnection(conn_rec *conn);
+#endif
 struct server_addr_rec {
     server_addr_rec *next;
     struct in_addr host_addr;	/* The bound address, for this server */
diff -u -r ../apache_1.3.6/src/main/Makefile.tmpl ./src/main/Makefile.tmpl
--- ../apache_1.3.6/src/main/Makefile.tmpl	Tue Jan 12 15:47:00 1999
+++ ./src/main/Makefile.tmpl	Sat Mar 27 11:11:16 1999
@@ -14,7 +14,7 @@
       rfc1413.o
 
 .c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
+	$(CC) -c $(INCLUDES) $(CFLAGS) $(SSL_CFLAGS) $<
 
 all: $(HEADERS) $(LIB)
 
diff -u -r ../apache_1.3.6/src/main/buff.c ./src/main/buff.c
--- ../apache_1.3.6/src/main/buff.c	Sat Feb 20 18:12:34 1999
+++ ./src/main/buff.c	Sat Mar 27 11:11:17 1999
@@ -72,6 +72,10 @@
 #include <bstring.h>		/* for IRIX, FD_SET calls bzero() */
 #endif
 
+#ifdef APACHE_SSL
+# include <err.h>
+#endif
+
 #ifndef DEFAULT_BUFSIZE
 #define DEFAULT_BUFSIZE (4096)
 #endif
@@ -242,6 +246,27 @@
     }
     else
 #endif
+#ifdef APACHE_SSL
+    if(fb->ssl)
+	{
+	rv=SSL_read(fb->ssl,buf,nbyte);
+
+	if(rv < 0)
+	    {
+	    int l;
+
+	    while((l=ERR_get_error()))
+		{
+		char buf[MAX_STRING_LEN];
+
+		ERR_error_string(l,buf);
+		ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,NULL,"%s",
+			     buf);
+		}
+	    }
+	}
+    else
+#endif
 	rv = read(fb->fd_in, buf, nbyte);
     
     return rv;
@@ -280,6 +305,7 @@
 #else
     rv = ap_read(fb, buf, nbyte);
 #endif /* WIN32 */
+
     return rv;
 }
 
@@ -295,12 +321,33 @@
     }
     else
 #endif
+#ifdef APACHE_SSL
+    if(fb->ssl)
+	{
+	rv=SSL_write(fb->ssl,buf,nbyte);
+
+	if(rv < 0)
+	    {
+	    int l;
+
+	    while((l=ERR_get_error()))
+		{
+		char buf[MAX_STRING_LEN];
+
+		ERR_error_string(l,buf);
+		ap_log_error(APLOG_MARK,APLOG_DEBUG|APLOG_NOERRNO,NULL,"%s",
+			     buf);
+		}
+	    }
+	}
+    else
+#endif
 #if defined (B_SFIO)
 	rv = sfwrite(fb->sf_out, buf, nbyte);
 #else
 	rv = write(fb->fd, buf, nbyte);
 #endif
-    
+
     return rv;
 }
 
@@ -385,6 +432,11 @@
 		       (size_t) SF_UNBOUND, 1, SF_WRITE);
 #endif
 
+#ifdef APACHE_SSL
+    fb->ssl = NULL;
+    fb->szClientX509 = NULL;
+#endif
+
     return fb;
 }
 
@@ -1119,7 +1171,7 @@
 	return write_with_errors(fb, buf, nbyte);
     }
 
-#ifdef NO_WRITEV
+#if defined(NO_WRITEV)
     /* without writev() this has poor performance, too bad */
 
     ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte);
diff -u -r ../apache_1.3.6/src/main/http_main.c ./src/main/http_main.c
--- ../apache_1.3.6/src/main/http_main.c	Wed Mar 17 23:05:43 1999
+++ ./src/main/http_main.c	Sat Mar 27 11:11:17 1999
@@ -1216,8 +1216,21 @@
     }
 }
 
+/* Essentially the same as ap_keepalive_timeout, but used if you have no
+   request_rec */
+void ap_conn_timeout(char *name,conn_rec *conn)
+    {
+    unsigned int to;
 
+    timeout_req=NULL;
+    timeout_name=name;
 
+    if(conn->keptalive)
+	to=conn->server->keep_alive_timeout;
+    else
+	to=conn->server->timeout;
+    ap_set_callback_and_alarm(timeout, to);
+    }
 
 void ap_keepalive_timeout(char *name, request_rec *r)
 {
@@ -3832,6 +3845,16 @@
 				          (struct sockaddr_in *) &sa_server,
 				          my_child_num);
 
+#ifdef APACHE_SSL
+	/* 
+	 * This returns false if the connection cannot be setup,
+	 * so maybe we should do something with this here...
+	 * however it also blocks the BUFF connections
+	 * so the next bit should fall out anyway!
+	 */
+	ApacheSSLSetupConnection(current_conn);
+#endif
+
 	/*
 	 * Read and process each request found on our connection
 	 * until no requests are left or we decide to close.
@@ -4673,6 +4696,16 @@
 			          (struct sockaddr_in *) &sa_client,
 			          (struct sockaddr_in *) &sa_server, -1);
 
+#ifdef APACHE_SSL
+      /*
+       * This returns false if the connection cannot be setup,
+       * so maybe we should do something with this here...
+       * however it also blocks the BUFF connections
+       * so the next bit should fall out anyway!
+       */
+      ApacheSSLSetupConnection(conn);
+#endif
+
 	while ((r = ap_read_request(conn)) != NULL) {
 
 	    if (r->status == HTTP_OK)
@@ -4979,6 +5012,17 @@
 				          (struct sockaddr_in *) &sa_client,
 				          (struct sockaddr_in *) &sa_server,
 				          child_num);
+
+
+#ifdef APACHE_SSL
+	/* 
+	 * This returns false if the connection cannot be setup,
+	 * so maybe we should do something with this here...
+	 * however it also blocks the BUFF connections
+	 * so the next bit should fall out anyway!
+	 */
+	ApacheSSLSetupConnection(current_conn);
+#endif
 
 	/*
 	 * Read and process each request found on our connection
diff -u -r ../apache_1.3.6/src/modules/standard/mod_log_config.c ./src/modules/standard/mod_log_config.c
--- ../apache_1.3.6/src/modules/standard/mod_log_config.c	Thu Mar  4 19:28:40 1999
+++ ./src/modules/standard/mod_log_config.c	Sat Mar 27 11:11:17 1999
@@ -127,6 +127,15 @@
  * %...l:  remote logname (from identd, if supplied)
  * %...{Foobar}n:  The contents of note "Foobar" from another module.
  * %...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
+ *
+ * Additional SSL directives:
+ *
+ * %...{cipher}c:  cipher used (SSL_get_cipher)
+ * %...{clientcert}c: client certificate information
+ * %...{errcode}c: X509 verify error code
+ * %...{errstr}c: X509 verify error string
+ * %...{version}c: SSL version (SSLeay 0.8.0 and above)
+ *
  * %...p:  the port the request was served to
  * %...P:  the process ID of the child that serviced the request.
  * %...r:  first line of request
@@ -174,6 +183,10 @@
 #include "http_log.h"
 #include <limits.h>
 
+#ifdef APACHE_SSL
+#include <crypto.h>
+#endif
+
 module MODULE_VAR_EXPORT config_log_module;
 
 static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
@@ -431,6 +444,10 @@
     return ap_psprintf(r->pool, "%ld", (long) getpid());
 }
 
+#ifdef APACHE_SSL
+extern char *log_ssl_info(request_rec *r, char *a);
+#endif
+
 /*****************************************************************
  *
  * Parsing the log format string
@@ -499,6 +516,9 @@
     {
         'P', log_child_pid, 0
     },
+#ifdef APACHE_SSL
+    { 'c', log_ssl_info, 0 },
+#endif
     {
         '\0'
     }
@@ -675,6 +695,71 @@
     parse_log_item(p, (log_format_item *) ap_push_array(a), &s);
     return a;
 }
+
+#ifdef APACHE_SSL
+char *log_ssl_info(request_rec *r, char *a)
+    {
+    char str[MAX_STRING_LEN];
+
+    if(!r->connection->client->ssl)
+	return NULL;
+
+    if(!strcmp(a, "cipher"))
+	return SSL_get_cipher(r->connection->client->ssl);
+
+    if(!strcmp(a, "clientcert"))
+	return r->connection->client->szClientX509;
+
+    if(!strcmp(a, "errcode"))
+	if(r->connection->client->nVerifyError)
+	    {
+	    sprintf(str, "%d", r->connection->client->nVerifyError);
+	    return ap_pstrdup(r->pool,str);
+	    }
+	else
+	    return NULL;
+
+    if(!strcmp(a, "errstr"))
+	if(r->connection->client->nVerifyError)
+#if SSLEAY_VERSION_NUMBER < 0x0800
+	    return X509_cert_verify_error_string(r->connection->client->nVerifyError);
+#else
+	    return X509_verify_cert_error_string(r->connection->client->nVerifyError);
+#endif
+	else
+	    return NULL;
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+    if(!strcmp(a, "version"))
+	{
+#if SSLEAY_VERSION_NUMBER >= 0x0900
+	switch(r->connection->client->ssl->session->ssl_version)
+	    {
+	case TLS1_VERSION:
+	    return "TLS1";
+
+	case SSL3_VERSION:
+	    return "SSL3";
+
+	case SSL2_VERSION:
+	    return "SSL2";
+
+	default:
+	    return "?";
+	    }
+#else
+	static char v[2];
+
+	v[0]='0'+r->connection->client->ssl->session->ssl_version;
+	v[1]='\0';
+	return v;
+#endif
+	}
+#endif
+    
+    return NULL;
+}
+#endif
 
 /*****************************************************************
  *
diff -u -r ../apache_1.3.6/src/support/apachectl ./src/support/apachectl
--- ../apache_1.3.6/src/support/apachectl	Tue Feb  9 18:00:34 1999
+++ ./src/support/apachectl	Sat Mar 27 11:11:18 1999
@@ -25,7 +25,7 @@
 PIDFILE=/usr/local/apache/logs/httpd.pid
 #
 # the path to your httpd binary, including options if necessary
-HTTPD='/usr/local/apache/src/httpd'
+HTTPD='/usr/local/apache/src/httpsd'
 #
 # a command that outputs a formatted text version of the HTML at the
 # url given on the command line.  Designed for lynx, however other
diff -u -r ../apache_1.3.6/src/support/suexec.c ./src/support/suexec.c
--- ../apache_1.3.6/src/support/suexec.c	Sun Feb 21 20:36:44 1999
+++ ./src/support/suexec.c	Sat Mar 27 11:11:18 1999
@@ -214,7 +214,8 @@
     cidx++;
 
     for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
-	if (!strncmp(*ep, "HTTP_", 5)) {
+	if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep,"HTTPS",5)
+	    || !strncmp(*ep,"SSL_",4)) {
 	    cleanenv[cidx] = *ep;
 	    cidx++;
 	}
