diff -u -r ../apache_1.3.3/Makefile.tmpl ./Makefile.tmpl
--- ../apache_1.3.3/Makefile.tmpl	Sat Sep 19 12:41:48 1998
+++ ./Makefile.tmpl	Sat Oct 17 20:23:17 1998
@@ -236,8 +236,9 @@
 #   install the server program and optionally corresponding
 #   shared object files.
 install-programs:
-	@echo "===> [programs: Installing Apache httpd program and shared objects]"
-	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/httpd $(root)$(sbindir)/httpd
+	@echo "===> [programs: Installing Apache httpsd program and shared objects]"
+	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/httpsd $(root)$(sbindir)/httpsd
+	$(INSTALL_PROGRAM) $(TOP)/$(SRC)/modules/ssl/gcache $(root)$(sbindir)/gcache
 	-@if [ ".`grep 'SUBTARGET=target_shared' $(TOP)/$(SRC)/Makefile`" != . ]; then \
 		SHLIB_SUFFIX_NAME="`grep '^SHLIB_SUFFIX_NAME=' $(TOP)/$(SRC)/Makefile | sed -e 's:^.*=::'`"; \
 		SHLIB_SUFFIX_LIST="`grep '^SHLIB_SUFFIX_LIST=' $(TOP)/$(SRC)/Makefile | sed -e 's:^.*=::'`"; \
@@ -287,7 +288,7 @@
 	$(INSTALL_DATA) $(TOP)/$(SRC)/support/ab.1 $(root)$(mandir)/man1/ab.1
 	@echo "$(INSTALL_SCRIPT) $(TOP)/$(SRC)/support/apachectl[*] $(root)$(sbindir)/apachectl"; \
 	sed -e 's;PIDFILE=.*;PIDFILE=$(runtimedir)/httpd.pid;' \
-		-e 's;HTTPD=.*;HTTPD=$(sbindir)/httpd;' \
+		-e 's;HTTPD=.*;HTTPD=$(sbindir)/httpsd;' \
 		< $(TOP)/$(SRC)/support/apachectl > $(TOP)/$(SRC)/.apaci.install.tmp && \
 		$(INSTALL_SCRIPT) $(TOP)/$(SRC)/.apaci.install.tmp $(root)$(sbindir)/apachectl
 	$(INSTALL_DATA) $(TOP)/$(SRC)/support/apachectl.1 $(root)$(mandir)/man1/apachectl.1
diff -u -r ../apache_1.3.3/src/Configuration ./src/Configuration
--- ../apache_1.3.3/src/Configuration	Wed Oct  7 09:33:09 1998
+++ ./src/Configuration	Fri Nov 13 16:22:22 1998
@@ -62,6 +62,20 @@
 #OPTIM=
 #RANLIB=
 
+TARGET=httpsd
+
+#
+# SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+# installed version.
+#
+#SSL_BASE=/u/ben/work/scuzzy-ssleay6
+SSL_BASE=/u/ben/apache/SSLeay-0.9.0-ben
+SSL_INCLUDE= -I$(SSL_BASE)/include
+SSL_CFLAGS= -DAPACHE_SSL
+SSL_LIB_DIR= $(SSL_BASE)
+SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+SSL_APP_DIR= $(SSL_BASE)/apps
+
 ################################################################
 # Dynamic Shared Object (DSO) support
 #
@@ -386,3 +400,7 @@
 
 AddModule modules/standard/mod_setenvif.o
 
+## Damn damn damn. Apache inverts the module list. SSL must go first to fake
+## basic authorization (that is, last in this file).
+
+AddModule modules/ssl/apache_ssl.a
diff -u -r ../apache_1.3.3/src/Configuration.tmpl ./src/Configuration.tmpl
--- ../apache_1.3.3/src/Configuration.tmpl	Wed Sep 16 19:38:26 1998
+++ ./src/Configuration.tmpl	Sat Oct 17 20:23:17 1998
@@ -62,6 +62,20 @@
 #OPTIM=
 #RANLIB=
 
+TARGET=httpsd
+
+#
+# SSL Related stuff. N.B. This is set up to use the SSLeay source, NOT an
+# installed version.
+#
+#SSL_BASE=/u/ben/work/scuzzy-ssleay6
+SSL_BASE=/u/ben/apache/SSLeay-0.9.0-ben
+SSL_INCLUDE= -I$(SSL_BASE)/include
+SSL_CFLAGS= -DAPACHE_SSL
+SSL_LIB_DIR= $(SSL_BASE)
+SSL_LIBS= -L$(SSL_LIB_DIR) -lssl -lcrypto
+SSL_APP_DIR= $(SSL_BASE)/apps
+
 ################################################################
 # Dynamic Shared Object (DSO) support
 #
@@ -386,3 +400,7 @@
 
 AddModule modules/standard/mod_setenvif.o
 
+## Damn damn damn. Apache inverts the module list. SSL must go first to fake
+## basic authorization (that is, last in this file).
+
+AddModule modules/ssl/apache_ssl.a
diff -u -r ../apache_1.3.3/src/Configure ./src/Configure
--- ../apache_1.3.3/src/Configure	Wed Oct  7 09:19:30 1998
+++ ./src/Configure	Sat Oct 17 20:23:18 1998
@@ -1712,10 +1712,10 @@
 ## for $LIBS at this point. This implies that anything below
 ## can only alter $LIBS
 ##
-echo "CFLAGS1=$CFLAGS">> Makefile.config
+echo "CFLAGS1=$CFLAGS \$(SSL_CFLAGS)">> Makefile.config
 echo "OSDIR=\$(SRCDIR)/$OSDIR">> Makefile.config
 echo "INCDIR=\$(SRCDIR)/include" >>Makefile.config
-echo "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR)">> Makefile.config
+echo "INCLUDES0=-I\$(OSDIR) -I\$(INCDIR) \$(SSL_INCLUDE)">> Makefile.config
 echo "INCLUDES1=$INCLUDES">> Makefile.config
 echo "LIBS_SHLIB=$LIBS_SHLIB">> Makefile.config
 echo "LDFLAGS1=$LDFLAGS">> Makefile.config
@@ -1785,7 +1785,7 @@
 ####################################################################
 ## Finish creating the Makefile.config file
 ##
-echo "LIBS1=$LIBS">> Makefile.config
+echo "LIBS1=$LIBS \$(SSL_LIBS)">> Makefile.config
 echo "##" >> Makefile.config
 echo "##  (End of automatically generated section)">> Makefile.config
 echo "##" >> Makefile.config
diff -u -r ../apache_1.3.3/src/Makefile.tmpl ./src/Makefile.tmpl
--- ../apache_1.3.3/src/Makefile.tmpl	Thu Sep 17 14:43:21 1998
+++ ./src/Makefile.tmpl	Fri Nov 13 14:40:28 1998
@@ -25,6 +25,13 @@
 
 $(TARGET): $(EXTRA_DEPS) $(SUBTARGET)
 
+certificate:
+	$(SSL_APP_DIR)/ssleay req -config ../SSLconf/conf/ssleay.cnf \
+	-new -x509 -nodes -out ../SSLconf/conf/httpsd.pem \
+	-keyout ../SSLconf/conf/httpsd.pem; \
+	ln -sf httpsd.pem ../SSLconf/conf/`$(SSL_APP_DIR)/ssleay \
+	x509 -noout -hash < ../SSLconf/conf/httpsd.pem`.0
+
 target_static: subdirs modules.o
 	$(CC) -c $(INCLUDES) $(CFLAGS) buildmark.c
 	$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_SHLIB_EXPORT) \
diff -u -r ../apache_1.3.3/src/include/ap_config.h ./src/include/ap_config.h
--- ../apache_1.3.3/src/include/ap_config.h	Sat Oct  3 15:33:35 1998
+++ ./src/include/ap_config.h	Sat Oct 17 20:23:18 1998
@@ -1225,6 +1225,10 @@
 #define ap_wait_t int
 #endif
 
+#ifdef APACHE_SSL
+# define NO_WRITEV
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff -u -r ../apache_1.3.3/src/include/buff.h ./src/include/buff.h
--- ../apache_1.3.3/src/include/buff.h	Sat Jul  4 16:07:25 1998
+++ ./src/include/buff.h	Sat Oct 17 20:23:18 1998
@@ -68,6 +68,19 @@
 
 #include <stdarg.h>
 
+#ifdef APACHE_SSL
+
+# include <stdio.h>
+# include <ssl.h>
+
+# define APACHE_SSL_EXPORT_CERTS	FALSE
+# if APACHE_SSL_EXPORT_CERTS
+/* SSLeay doesn't, so we must! */
+#  define APACHE_SSL_KEEP_CERTS		TRUE
+# endif
+
+#endif
+
 /* Reading is buffered */
 #define B_RD     (1)
 /* Writing is buffered */
@@ -127,6 +140,16 @@
 #ifdef B_SFIO
     Sfio_t *sf_in;
     Sfio_t *sf_out;
+#endif
+
+#ifdef APACHE_SSL
+    /* Add some context for SSL */
+    SSL *ssl;
+    char *szClientX509;
+    int nVerifyError;
+# if APACHE_SSL_KEEP_CERTS
+    table *tableCertChain;
+# endif
 #endif
 };
 
diff -u -r ../apache_1.3.3/src/include/httpd.h ./src/include/httpd.h
--- ../apache_1.3.3/src/include/httpd.h	Wed Oct  7 09:19:06 1998
+++ ./src/include/httpd.h	Thu Nov 12 12:35:09 1998
@@ -66,6 +66,11 @@
  * httpd.h: header for simple (ha! not anymore) http daemon
  */
 
+/* Needed all over the place */
+typedef unsigned int BOOL;
+#define TRUE 		1
+#define FALSE 		0
+
 /* Headers in which EVERYONE has an interest... */
 
 #include "ap_config.h"
@@ -131,8 +136,13 @@
 #define DEFAULT_HTTP_PORT	80
 #define DEFAULT_HTTPS_PORT	443
 #define ap_is_default_port(port,r)	((port) == ap_default_port(r))
-#define ap_http_method(r)	"http"
-#define ap_default_port(r)	DEFAULT_HTTP_PORT
+#ifdef APACHE_SSL
+# define ap_http_method(r)	((r)->connection->client->ssl ? "https" : "http")
+# define ap_default_port(r)	((r)->connection->client->ssl ? DEFAULT_HTTPS_PORT : DEFAULT_HTTP_PORT)
+#else
+# define ap_http_method(r)	"http"
+# define ap_default_port(r)	DEFAULT_HTTP_PORT
+#endif
 
 /* --------- Default user name and group name running standalone ---------- */
 /* --- These may be specified as numbers by placing a # before a number --- */
@@ -410,7 +420,12 @@
  * Example: "Apache/1.1.0 MrWidget/0.1-alpha" 
  */
 
+#ifdef APACHE_SSL
+#define SERVER_BASEVERSION "Apache/1.3.3 Ben-SSL/1.29"	/* SEE COMMENTS ABOVE */
+#else
 #define SERVER_BASEVERSION "Apache/1.3.3"	/* SEE COMMENTS ABOVE */
+#endif
+
 #define SERVER_VERSION  SERVER_BASEVERSION
 enum server_token_type {
     SrvTk_MIN,		/* eg: Apache/1.3.0 */
@@ -813,6 +828,10 @@
 #define DEFAULT_VHOST_ADDR 0xfffffffful
 
 typedef struct server_addr_rec server_addr_rec;
+
+#ifdef APACHE_SSL
+int ApacheSSLSetupConnection(conn_rec *conn);
+#endif
 struct server_addr_rec {
     server_addr_rec *next;
     struct in_addr host_addr;	/* The bound address, for this server */
diff -u -r ../apache_1.3.3/src/main/Makefile.tmpl ./src/main/Makefile.tmpl
--- ../apache_1.3.3/src/main/Makefile.tmpl	Mon Sep  7 06:59:33 1998
+++ ./src/main/Makefile.tmpl	Sat Oct 17 20:23:18 1998
@@ -14,7 +14,7 @@
       md5c.o rfc1413.o
 
 .c.o:
-	$(CC) -c $(INCLUDES) $(CFLAGS) $<
+	$(CC) -c $(INCLUDES) $(CFLAGS) $(SSL_CFLAGS) $<
 
 all: $(HEADERS) $(LIB)
 
diff -u -r ../apache_1.3.3/src/main/buff.c ./src/main/buff.c
--- ../apache_1.3.3/src/main/buff.c	Mon Oct  5 17:48:44 1998
+++ ./src/main/buff.c	Sat Oct 17 20:23:19 1998
@@ -242,6 +242,11 @@
     }
     else
 #endif
+#ifdef APACHE_SSL
+    if(fb->ssl)
+	rv=SSL_read(fb->ssl,buf,nbyte);
+    else
+#endif
 	rv = read(fb->fd_in, buf, nbyte);
     
     return rv;
@@ -277,6 +282,11 @@
     }
     else
 #endif
+#ifdef APACHE_SSL
+    if(fb->ssl)
+	rv=SSL_write(fb->ssl,buf,nbyte);
+    else
+#endif
 #if defined (B_SFIO)
 	rv = sfwrite(fb->sf_out, buf, nbyte);
 #else
@@ -367,6 +377,11 @@
 		       (size_t) SF_UNBOUND, 1, SF_WRITE);
 #endif
 
+#ifdef APACHE_SSL
+    fb->ssl = NULL;
+    fb->szClientX509 = NULL;
+#endif
+
     return fb;
 }
 
@@ -1101,7 +1116,7 @@
 	return write_with_errors(fb, buf, nbyte);
     }
 
-#ifdef NO_WRITEV
+#if defined(NO_WRITEV)
     /* without writev() this has poor performance, too bad */
 
     ap_snprintf(chunksize, sizeof(chunksize), "%x\015\012", nbyte);
diff -u -r ../apache_1.3.3/src/main/http_main.c ./src/main/http_main.c
--- ../apache_1.3.3/src/main/http_main.c	Tue Oct  6 15:41:44 1998
+++ ./src/main/http_main.c	Sat Oct 17 20:23:19 1998
@@ -3807,6 +3807,16 @@
 				          (struct sockaddr_in *) &sa_server,
 				          my_child_num);
 
+#ifdef APACHE_SSL
+	/* 
+	 * This returns false if the connection cannot be setup,
+	 * so maybe we should do something with this here...
+	 * however it also blocks the BUFF connections
+	 * so the next bit should fall out anyway!
+	 */
+	ApacheSSLSetupConnection(current_conn);
+#endif
+
 	/*
 	 * Read and process each request found on our connection
 	 * until no requests are left or we decide to close.
@@ -4601,6 +4611,16 @@
 			          (struct sockaddr_in *) &sa_client,
 			          (struct sockaddr_in *) &sa_server, -1);
 
+#ifdef APACHE_SSL
+      /*
+       * This returns false if the connection cannot be setup,
+       * so maybe we should do something with this here...
+       * however it also blocks the BUFF connections
+       * so the next bit should fall out anyway!
+       */
+      ApacheSSLSetupConnection(conn);
+#endif
+
 	while ((r = ap_read_request(conn)) != NULL) {
 
 	    if (r->status == HTTP_OK)
@@ -4907,6 +4927,17 @@
 				          (struct sockaddr_in *) &sa_client,
 				          (struct sockaddr_in *) &sa_server,
 				          child_num);
+
+
+#ifdef APACHE_SSL
+	/* 
+	 * This returns false if the connection cannot be setup,
+	 * so maybe we should do something with this here...
+	 * however it also blocks the BUFF connections
+	 * so the next bit should fall out anyway!
+	 */
+	ApacheSSLSetupConnection(current_conn);
+#endif
 
 	/*
 	 * Read and process each request found on our connection
diff -u -r ../apache_1.3.3/src/modules/standard/mod_auth.c ./src/modules/standard/mod_auth.c
--- ../apache_1.3.3/src/modules/standard/mod_auth.c	Sat Oct  3 15:11:52 1998
+++ ./src/modules/standard/mod_auth.c	Sat Oct 17 20:23:19 1998
@@ -75,7 +75,13 @@
 #include "http_log.h"
 #include "http_protocol.h"
 #if defined(HAVE_CRYPT_H)
+#if defined(APACHE_SSL)
+#define des_encrypt	BASE_des_encrypt
 #include <crypt.h>
+#undef des_encrypt
+#else
+#include <crypt.h>
+#endif /* APACHE_SSL */
 #endif
 
 typedef struct auth_config_struct {
diff -u -r ../apache_1.3.3/src/modules/standard/mod_log_config.c ./src/modules/standard/mod_log_config.c
--- ../apache_1.3.3/src/modules/standard/mod_log_config.c	Tue Sep 22 09:19:59 1998
+++ ./src/modules/standard/mod_log_config.c	Sat Oct 17 20:23:20 1998
@@ -127,6 +127,15 @@
  * %...l:  remote logname (from identd, if supplied)
  * %...{Foobar}n:  The contents of note "Foobar" from another module.
  * %...{Foobar}o:  The contents of Foobar: header line(s) in the reply.
+ *
+ * Additional SSL directives:
+ *
+ * %...{cipher}c:  cipher used (SSL_get_cipher)
+ * %...{clientcert}c: client certificate information
+ * %...{errcode}c: X509 verify error code
+ * %...{errstr}c: X509 verify error string
+ * %...{version}c: SSL version (SSLeay 0.8.0 and above)
+ *
  * %...p:  the port the request was served to
  * %...P:  the process ID of the child that serviced the request.
  * %...r:  first line of request
@@ -173,6 +182,10 @@
 #include "http_log.h"
 #include <limits.h>
 
+#ifdef APACHE_SSL
+#include <crypto.h>
+#endif
+
 module MODULE_VAR_EXPORT config_log_module;
 
 static int xfer_flags = (O_WRONLY | O_APPEND | O_CREAT);
@@ -420,6 +433,10 @@
     return ap_psprintf(r->pool, "%ld", (long) getpid());
 }
 
+#ifdef APACHE_SSL
+extern char *log_ssl_info(request_rec *r, char *a);
+#endif
+
 /*****************************************************************
  *
  * Parsing the log format string
@@ -485,6 +502,9 @@
     {
         'P', log_child_pid, 0
     },
+#ifdef APACHE_SSL
+    { 'c', log_ssl_info, 0 },
+#endif
     {
         '\0'
     }
@@ -630,6 +650,71 @@
     parse_log_item(p, (log_format_item *) ap_push_array(a), &s);
     return a;
 }
+
+#ifdef APACHE_SSL
+char *log_ssl_info(request_rec *r, char *a)
+    {
+    char str[MAX_STRING_LEN];
+
+    if(!r->connection->client->ssl)
+	return NULL;
+
+    if(!strcmp(a, "cipher"))
+	return SSL_get_cipher(r->connection->client->ssl);
+
+    if(!strcmp(a, "clientcert"))
+	return r->connection->client->szClientX509;
+
+    if(!strcmp(a, "errcode"))
+	if(r->connection->client->nVerifyError)
+	    {
+	    sprintf(str, "%d", r->connection->client->nVerifyError);
+	    return ap_pstrdup(r->pool,str);
+	    }
+	else
+	    return NULL;
+
+    if(!strcmp(a, "errstr"))
+	if(r->connection->client->nVerifyError)
+#if SSLEAY_VERSION_NUMBER < 0x0800
+	    return X509_cert_verify_error_string(r->connection->client->nVerifyError);
+#else
+	    return X509_verify_cert_error_string(r->connection->client->nVerifyError);
+#endif
+	else
+	    return NULL;
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+    if(!strcmp(a, "version"))
+	{
+#if SSLEAY_VERSION_NUMBER >= 0x0900
+	switch(r->connection->client->ssl->session->ssl_version)
+	    {
+	case TLS1_VERSION:
+	    return "TLS1";
+
+	case SSL3_VERSION:
+	    return "SSL3";
+
+	case SSL2_VERSION:
+	    return "SSL2";
+
+	default:
+	    return "?";
+	    }
+#else
+	static char v[2];
+
+	v[0]='0'+r->connection->client->ssl->session->ssl_version;
+	v[1]='\0';
+	return v;
+#endif
+	}
+#endif
+    
+    return NULL;
+}
+#endif
 
 /*****************************************************************
  *
diff -u -r ../apache_1.3.3/src/support/apachectl ./src/support/apachectl
--- ../apache_1.3.3/src/support/apachectl	Mon Sep 14 16:04:18 1998
+++ ./src/support/apachectl	Sat Oct 17 20:23:20 1998
@@ -25,7 +25,7 @@
 PIDFILE=/usr/local/apache/logs/httpd.pid
 #
 # the path to your httpd binary, including options if necessary
-HTTPD='/usr/local/apache/src/httpd'
+HTTPD='/usr/local/apache/src/httpsd'
 #
 # a command that outputs a formatted text version of the HTML at the
 # url given on the command line.  Designed for lynx, however other
diff -u -r ../apache_1.3.3/src/support/suexec.c ./src/support/suexec.c
--- ../apache_1.3.3/src/support/suexec.c	Wed Sep 16 20:51:08 1998
+++ ./src/support/suexec.c	Sat Oct 17 20:23:20 1998
@@ -214,7 +214,8 @@
     cidx++;
 
     for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
-	if (!strncmp(*ep, "HTTP_", 5)) {
+	if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep,"HTTPS",5)
+	    || !strncmp(*ep,"SSL_",4)) {
 	    cleanenv[cidx] = *ep;
 	    cidx++;
 	}
