summaryrefslogtreecommitdiffstats
path: root/debian/perl-framework/t/conf
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 06:33:51 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 06:33:51 +0000
commit4f0770f3df78ecd5dcaefbd214f7a1415366bca6 (patch)
tree72661b8f81594b855bcc967b819263f63fa30e17 /debian/perl-framework/t/conf
parentAdding upstream version 2.4.56. (diff)
downloadapache2-4f0770f3df78ecd5dcaefbd214f7a1415366bca6.tar.xz
apache2-4f0770f3df78ecd5dcaefbd214f7a1415366bca6.zip
Adding debian version 2.4.56-1~deb11u2.debian/2.4.56-1_deb11u2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/perl-framework/t/conf')
-rw-r--r--debian/perl-framework/t/conf/cache.conf.in25
-rw-r--r--debian/perl-framework/t/conf/core.conf.in55
-rw-r--r--debian/perl-framework/t/conf/extra.conf.in1474
-rw-r--r--debian/perl-framework/t/conf/http2.conf.in105
-rw-r--r--debian/perl-framework/t/conf/include-ssi-exec.conf.in499
-rw-r--r--debian/perl-framework/t/conf/include.conf.in82
-rw-r--r--debian/perl-framework/t/conf/proxy.conf.in194
-rw-r--r--debian/perl-framework/t/conf/ssl/README17
-rw-r--r--debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt114
-rw-r--r--debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt393
-rw-r--r--debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL2
-rw-r--r--debian/perl-framework/t/conf/ssl/proxyssl.conf.in124
-rw-r--r--debian/perl-framework/t/conf/ssl/ssl.conf.in289
-rw-r--r--debian/perl-framework/t/conf/vhost_alias.conf.in9
14 files changed, 3382 insertions, 0 deletions
diff --git a/debian/perl-framework/t/conf/cache.conf.in b/debian/perl-framework/t/conf/cache.conf.in
new file mode 100644
index 0000000..fa06db7
--- /dev/null
+++ b/debian/perl-framework/t/conf/cache.conf.in
@@ -0,0 +1,25 @@
+#
+# Config for mod_cache tests
+#
+
+<IfModule mod_cache.c>
+ <VirtualHost mod_cache>
+ <IfModule mod_disk_cache.c>
+
+ CacheEnable disk /cache/
+ CacheRoot @SERVERROOT@/conf/cacheroot/
+ CacheDirLevels 1
+ CacheDirLength 1
+
+ </IfModule>
+ <IfModule mod_cache_disk.c>
+
+ CacheEnable disk /cache/
+ CacheRoot @SERVERROOT@/conf/cacheroot/
+ CacheDirLevels 1
+ CacheDirLength 1
+
+ </IfModule>
+ DocumentRoot @SERVERROOT@/htdocs/modules/cache
+ </VirtualHost>
+</IfModule>
diff --git a/debian/perl-framework/t/conf/core.conf.in b/debian/perl-framework/t/conf/core.conf.in
new file mode 100644
index 0000000..53122a8
--- /dev/null
+++ b/debian/perl-framework/t/conf/core.conf.in
@@ -0,0 +1,55 @@
+# NameVirtualHost sections for :core. All virtual hosts ending in :core
+# will be converted to a set of NVH'es on the same dynamic port, so they
+# are collected here.
+
+MaxMemFree 1
+
+<VirtualHost strict-default:core>
+ ServerName default-strict
+ <IfVersion >= 2.5.1>
+ # StrictHostCheck can only be configure globally or in a "default" vhost
+ StrictHostCheck ON
+ </IfVersion>
+</VirtualHost>
+<VirtualHost strict-nvh:core>
+ ServerName nvh-strict
+ ServerAlias nvh-strict-alias
+ # Implicitly StrictHostCheck ON from default VH above
+</VirtualHost>
+
+# MergeSlashes
+<IfVersion >= 2.4.39>
+ <VirtualHost merge-default:core>
+ ServerName merge-default
+ <Directory @DocumentRoot@/authz_core/>
+ require all granted
+ </Directory>
+ <LocationMatch ^/authz_core/a/b/c/index.html>
+ require all denied
+ </LocationMatch>
+ </virtualHost>
+ <VirtualHost merge-disabled:core>
+ ServerName merge-disabled
+ MergeSlashes OFF
+ <Directory @DocumentRoot@/authz_core/>
+ require all granted
+ </Directory>
+ <LocationMatch ^/authz_core/a/b/c/index.html>
+ require all denied
+ </LocationMatch>
+ <LocationMatch ^/authz_core/a//b/c/index.html>
+ require all denied
+ </LocationMatch>
+ <Location /authz_core/a/b/d>
+ require all denied
+ </Location>
+ <ifModule rewrite_module>
+ <Location /CVE-2020-1927/>
+ RewriteEngine ON
+ RewriteCond %{REQUEST_URI} (.+)/$
+ RewriteRule ^ %1 [L]
+ </Location>
+ </ifModule>
+ </virtualHost>
+</IfVersion>
+
diff --git a/debian/perl-framework/t/conf/extra.conf.in b/debian/perl-framework/t/conf/extra.conf.in
new file mode 100644
index 0000000..a684f76
--- /dev/null
+++ b/debian/perl-framework/t/conf/extra.conf.in
@@ -0,0 +1,1474 @@
+##
+## FileETag test config
+##
+<Directory @SERVERROOT@/htdocs/apache/etags>
+ AllowOverride All
+ Order Deny,Allow
+# Satisfy Any
+</Directory>
+
+##
+## Options override test config
+##
+<Directory @SERVERROOT@/htdocs/apache/htaccess/override>
+ AllowOverride All
+ Options -Includes
+</Directory>
+
+##
+## AcceptPathInfo test config
+##
+<IfDefine APACHE2>
+ <Directory @SERVERROOT@/htdocs/apache/acceptpathinfo>
+ # default is AcceptPathInfo default
+ Order Deny,Allow
+ Allow from all
+ <IfModule @CGI_MODULE@>
+ AddHandler cgi-script .sh
+ Options +ExecCGI +Includes +Indexes
+ </IfModule>
+ <IfModule mod_include.c>
+ DirectoryIndex index.shtml
+ AddOutputFilter INCLUDES shtml
+ </IfModule>
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/apache/acceptpathinfo/on>
+ AcceptPathInfo on
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/apache/acceptpathinfo/off>
+ AcceptPathInfo off
+ </Directory>
+</IfDefine>
+
+##
+## mod_php4/mod_php5 test config
+##
+
+<IfModule @PHP_MODULE@>
+ AddType application/x-httpd-php .php
+ AddType application/x-httpd-php-source .phps
+</IfModule>
+
+<IfDefine APACHE2>
+ <IfModule sapi_apache2.c>
+ AddType application/x-httpd-php .php
+ AddType application/x-httpd-php-source .phps
+ </IfModule>
+</IfDefine>
+
+<IfModule @PHP_MODULE@>
+ # t/htdocs/php/arg.php et al require argc/argv in _SERVER
+ <Directory @SERVERROOT@/htdocs/php>
+ php_admin_flag "register_argc_argv" 1
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/php/multiviews>
+ Options MultiViews
+ </Directory>
+
+</IfModule>
+
+##
+## mod_expires test config
+##
+
+<IfModule mod_expires.c>
+ <Directory @SERVERROOT@/htdocs/modules/expires>
+ ExpiresActive On
+ ExpiresDefault "modification plus \
+ 10 years 6 months 2 weeks \
+ 3 days 12 hours 30 minutes 19 seconds"
+ ExpiresByType text/plain M60
+ ExpiresByType image/gif A120
+ ExpiresByType image/jpeg A86400
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/expires/htaccess>
+ AllowOverride All
+ </Directory>
+</IfModule>
+
+##
+## mod_negotiation test config
+##
+
+<IfModule mod_mime.c>
+ AddLanguage en .en
+ AddLanguage fr .fr
+ AddLanguage de .de
+ AddLanguage fu .fu
+ AddLanguage zh-TW .zh-TW
+ AddHandler type-map .var
+</IfModule>
+
+<IfModule mod_negotiation.c>
+ <IfDefine APACHE1>
+ CacheNegotiatedDocs
+ </IfDefine>
+
+ <IfDefine APACHE2>
+ CacheNegotiatedDocs On
+ </IfDefine>
+
+ <Directory @SERVERROOT@/htdocs/modules/negotiation/en>
+ Options +MultiViews
+ LanguagePriority en fr de fu zh-TW
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/negotiation/de>
+ Options +MultiViews
+ LanguagePriority de en fr fu zh-TW
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/negotiation/fr>
+ Options +MultiViews
+ LanguagePriority fr en de fu zh-TW
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/negotiation/fu>
+ Options +MultiViews
+ LanguagePriority fu fr en de zh-TW
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/negotiation/zh-TW>
+ Options +MultiViews
+ LanguagePriority zh-TW fr fu en de
+ </Directory>
+
+ <IfDefine APACHE2>
+ <IfModule @CGI_MODULE@>
+ <Directory @SERVERROOT@/htdocs/modules/negotiation/query>
+ Options +MultiViews +ExecCGI
+ MultiviewsMatch any
+ AddHandler cgi-script .pl
+ </Directory>
+ </IfModule>
+ </IfDefine>
+
+</IfModule>
+
+##
+## mod_rewrite test config
+##
+
+<IfModule mod_rewrite.c>
+ RewriteEngine On
+ <IfVersion < 2.3.6>
+ RewriteLog @SERVERROOT@/logs/rewrite_log
+ RewriteLogLevel 9
+ </IfVersion>
+ <IfVersion >= 2.3.6>
+ LogLevel rewrite:trace8
+ </IfVersion>
+
+ <IfDefine !APACHE1>
+ <IfVersion < 2.3.4>
+ RewriteLock @SERVERROOT@/logs/rewrite_lock
+ </IfVersion>
+ <IfVersion >= 2.3.4>
+ # mutex created automatically
+ # config needed only if file-based mutexes are used and
+ # default lock file dir is inappropriate
+ # Mutex file:/path/to/lockdir rewrite-map
+ </IfVersion>
+ </IfDefine>
+ <IfDefine APACHE1>
+ RewriteLock @SERVERROOT@/logs/rewrite_lock
+ </IfDefine>
+ RewriteMap numbers-txt txt:@SERVERROOT@/htdocs/modules/rewrite/numbers.txt
+ RewriteMap numbers-rnd rnd:@SERVERROOT@/htdocs/modules/rewrite/numbers.rnd
+ #RewriteMap numbers-dbm dbm:@SERVERROOT@/htdocs/modules/rewrite/numbers.dbm
+ RewriteMap numbers-prg prg:@SERVERROOT@/htdocs/modules/rewrite/numbers.pl
+ RewriteMap lower int:tolower
+
+ <Directory @SERVERROOT@/htdocs/modules/rewrite>
+ RewriteEngine On
+ <IfVersion >= 2.5.0>
+ RewriteOptions inherit LongURLOptimization
+ </IfVersion>
+ <IfVersion < 2.5.0>
+ RewriteOptions inherit
+ </IfVersion>
+
+ RewriteRule ^forbidden$ - [F]
+ RewriteRule ^gone$ - [G]
+ RewriteRule ^perm$ - [R=permanent]
+ RewriteRule ^temp$ - [R]
+ RewriteRule ^test\.blah$ - [T=text/html]
+
+ ## config for testing >=< conditions
+ RewriteCond %{HTTP_ACCEPT} =lucky13
+ RewriteRule ^$ lucky13.html [L]
+
+ RewriteCond %{HTTP_ACCEPT} >6
+ RewriteRule ^$ big.html [L]
+
+ RewriteCond %{HTTP_ACCEPT} <1
+ RewriteRule ^$ zero.html [L]
+
+ ## config for testing rewrite maps
+ RewriteCond %{HTTP_ACCEPT} ^(TXT|RND|DBM|PRG)$
+ RewriteRule ^([1-6])$ - [C,E=MAPTYPE:${lower:%1}]
+ RewriteCond %{ENV:MAPTYPE} =txt
+ RewriteRule ^([1-6])$ ${numbers-txt:$1}.html [S=3]
+ RewriteCond %{ENV:MAPTYPE} =rnd
+ RewriteRule ^([1-6])$ ${numbers-rnd:$1}.html [S=2]
+ RewriteCond %{ENV:MAPTYPE} =dbm
+ RewriteRule ^([1-6])$ ${numbers-dbm:$1}.html [S=1]
+ RewriteCond %{ENV:MAPTYPE} =prg
+ RewriteRule ^([1-6])$ ${numbers-prg:$1}.html [L]
+
+ ## Proxy pass-through
+ RewriteRule ^proxy.html$ http://@SERVERNAME@:@PORT@/modules/rewrite/lucky13.html [L,P]
+
+ ## Query-string append
+ RewriteRule ^qsa.html$ @SERVERROOT@/htdocs/modules/cgi/env.pl?foo=bar [QSA,L]
+
+ ## Proxy and QSA
+ RewriteRule ^proxy-qsa.html$ http://@SERVERNAME@:@PORT@/modules/cgi/env.pl?foo=bar [QSA,L,P]
+
+ ## Redirect, directory context
+ RewriteRule ^redirect-dir.html$ http://@SERVERNAME@:@PORT@/foobar.html [L,R=301]
+
+ # PR 58231: Vary header not added to the response if the RewriteCond/Rule
+ # combination is in a directory context.
+ # Vary:Host header must not also be returned in any case.
+ RewriteCond %{HTTP_HOST} directory-domain
+ RewriteRule vary3.html vary4.html [L]
+
+ RewriteCond %{HTTP_USER_AGENT} directory-agent
+ RewriteRule vary3.html vary4.html [L]
+
+ RewriteCond %{HTTP:Accept} directory-accept [OR]
+ RewriteCond %{HTTP_REFERER} directory-referer
+ RewriteRule vary3.html vary4.html [L]
+ </Directory>
+
+ # PR 58231: Vary:Host header mistakenly added to the response
+ RewriteCond %{HTTP_HOST} test1
+ RewriteRule /modules/rewrite/vary1.html /modules/rewrite/vary2.html [L]
+
+ RewriteCond %{HTTP:Host} test2
+ RewriteRule /modules/rewrite/vary1.html /modules/rewrite/vary2.html [L]
+
+
+ ### Proxy pass-through to env.pl
+ RewriteRule ^/modules/rewrite/proxy2/(.*)$ http://@SERVERNAME@:@PORT@/modules/cgi/$1 [L,P]
+
+ ### Pass-through conditional on QUERY_STRING
+ RewriteCond %{QUERY_STRING} horse=trigger
+ RewriteRule ^/modules/rewrite/proxy3/(.*)$ http://@SERVERNAME@:@PORT@/modules/cgi/$1 [L,P]
+
+ ### Redirect, server context
+ RewriteRule ^/modules/rewrite/redirect.html$ http://@SERVERNAME@:@PORT@/foobar.html [L,R=301]
+
+ RewriteRule ^/modules/rewrite/cookie/$ - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly]
+ RewriteRule ^/modules/rewrite/cookie/0 - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:0]
+ RewriteRule ^/modules/rewrite/cookie/false - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:false]
+ RewriteRule ^/modules/rewrite/cookie/lax - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:lax]
+ RewriteRule ^/modules/rewrite/cookie/none - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:none]
+ RewriteRule ^/modules/rewrite/cookie/foo - [CO=NAME3:VAL:localhost:86400:/0:secure:httponly:foo]
+
+ <VirtualHost cve_2011_3368_rewrite>
+ DocumentRoot @SERVERROOT@/htdocs/modules/proxy
+ RewriteEngine On
+ RewriteRule (.*) http://localhost$1 [P]
+ </VirtualHost>
+
+ # PR60478: pathological rewrite expansion
+ <IfVersion >= 2.4>
+ <Location /modules/rewrite/pr60478-rewrite-loop>
+ # This pair of RewriteRules will loop but should eventually 500 once we
+ # reach LimitRequestLine * 2 bytes. (In this case, @limitrequestline@ * 2 = @limitrequestlinex2@.)
+ RewriteRule ^(.*)X(.*)$ $1x$2
+ # Don't run the test machine out of memory on failure, just stop the loop
+ RewriteCond expr "util_strlen(%{REQUEST_FILENAME}) -le @limitrequestlinex2@"
+ RewriteRule X - [N]
+ </Location>
+ </IfVersion>
+
+</IfModule>
+
+
+<IfModule mod_proxy.c>
+ <VirtualHost proxy_http_reverse>
+ DocumentRoot @SERVERROOT@/htdocs/modules/proxy
+ ProxyPass /reverse/notproxy/ !
+ ProxyPass /reverse/ http://@SERVERNAME@:@PORT@/
+ ProxyPassReverse /reverse/ http://@SERVERNAME@:@PORT@/
+ ProxyPassMatch ^/reverse-match/(.*)$ http://@SERVERNAME@:@PORT@/$1
+ ProxyPassMatch ^/reverse-slash(/.*)?$ http://@SERVERNAME@:@PORT@$1
+ ProxyPassReverseCookieDomain local remote
+ ProxyPassReverseCookiePath /local /remote
+ <IfVersion >= 2.4.7>
+ ProxyPass /uds/ unix:/tmp/test-ptf.sock|http:
+ </IfVersion>
+ <Location /reverse/locproxy/>
+ ProxyPass http://@SERVERNAME@:@PORT@/
+ </Location>
+ <IfModule mod_setenvif.c>
+ SetEnvIf Request_URI "^/reverse/locproxy/index.html$" no-proxy
+ </IfModule>
+ </VirtualHost>
+
+ <VirtualHost proxy_http_nofwd>
+ <IfVersion >= 2.3.10>
+ ProxyAddHeaders off
+ </IfVersion>
+ ProxyPass /reverse/ http://@SERVERNAME@:@PORT@/
+
+ <Proxy "*">
+ # Noop config to trigger merging bug.
+ Require all granted
+ </Proxy>
+ </VirtualHost>
+
+ <IfVersion >= 2.2.5>
+ <VirtualHost cve_2011_3368>
+ DocumentRoot @SERVERROOT@/htdocs/modules/proxy
+ ProxyPassMatch (.*) http://@SERVERNAME@$1
+ </VirtualHost>
+ </IfVersion>
+</IfModule>
+
+##
+## @ACCESS_MODULE@ test config
+##
+
+<IfModule @ACCESS_MODULE@>
+ <Directory @SERVERROOT@/htdocs/modules/access/htaccess>
+ AllowOverride Limit
+ </Directory>
+</IfModule>
+
+##
+## mod_cgi test config
+##
+
+<IfModule @CGI_MODULE@>
+ AddHandler cgi-script .sh
+ AddHandler cgi-script .pl
+ ScriptLog @SERVERROOT@/logs/mod_cgi.log
+ ScriptLogLength 40960
+ ScriptLogBuffer 256
+
+ <Directory @SERVERROOT@/htdocs/modules/cgi>
+ Options +ExecCGI
+
+ <IfDefine APACHE2>
+ <Files acceptpathinfoon.sh>
+ AcceptPathInfo on
+ </Files>
+ <Files acceptpathinfooff.sh>
+ AcceptPathInfo off
+ </Files>
+ <Files acceptpathinfodefault.sh>
+ AcceptPathInfo default
+ </Files>
+ </IfDefine>
+ </Directory>
+
+</IfModule>
+
+##
+## mod_alias test config
+##
+
+<IfModule mod_alias.c>
+ Alias /alias @SERVERROOT@/htdocs/modules/alias
+ Alias /bogu /bogus/path/to/nothing
+
+ AliasMatch /ali([0-9]) @SERVERROOT@/htdocs/modules/alias/$1.html
+
+ Redirect permanent /perm http://@SERVERNAME@:@PORT@/alias
+ Redirect temp /temp http://@SERVERNAME@:@PORT@/alias
+ Redirect seeother /seeother http://@SERVERNAME@:@PORT@/alias
+ Redirect gone /gone
+ Redirect 403 /forbid
+
+ RedirectMatch permanent /p([0-9]) http://@SERVERNAME@:@PORT@/alias/$1.html
+ RedirectMatch temp /t([0-9]) http://@SERVERNAME@:@PORT@/alias/$1.html
+ RedirectMatch seeother /s([0-9]) http://@SERVERNAME@:@PORT@/alias/$1.html
+ RedirectMatch gone /g([0-9])
+ RedirectMatch 403 /f([0-9])
+
+ RedirectTemp /temp2 http://@SERVERNAME@:@PORT@/alias/index.html
+ RedirectPermanent /perm2 http://@SERVERNAME@:@PORT@/alias/index.html
+
+ Redirect permanent /modules/alias/redirect-me http://@SERVERNAME@:@PORT@/modules/alias/5.html
+
+ ScriptAlias /cgi @SERVERROOT@/htdocs/modules/alias
+ ScriptAliasMatch /aliascgi-(.*) @SERVERROOT@/htdocs/modules/alias/$1
+
+ <IfDefine APACHE2>
+ <IfVersion >= 2.4.19>
+ <LocationMatch /expr/ali(?<number>[0-9])>
+ Alias @SERVERROOT@/htdocs/modules/alias/%{env:MATCH_NUMBER}.html
+ </LocationMatch>
+ <LocationMatch /expr/aliascgi-(?<suffix>.*)>
+ ScriptAlias @SERVERROOT@/htdocs/modules/alias/%{env:MATCH_SUFFIX}
+ </LocationMatch>
+ <LocationMatch /expr/p(?<number>[0-9])>
+ Redirect permanent http://@SERVERNAME@:@PORT@/alias/%{env:MATCH_NUMBER}.html
+ </LocationMatch>
+ <LocationMatch /expr/t(?<number>[0-9])>
+ Redirect temp http://@SERVERNAME@:@PORT@/alias/%{env:MATCH_NUMBER}.html
+ </LocationMatch>
+ <LocationMatch /expr/s(?<number>[0-9])>
+ Redirect seeother http://@SERVERNAME@:@PORT@/alias/%{env:MATCH_NUMBER}.html
+ </LocationMatch>
+ <LocationMatch /expr/g([0-9])>
+ Redirect gone
+ </LocationMatch>
+ <LocationMatch /expr/f([0-9])>
+ Redirect 403
+ </LocationMatch>
+ </IfVersion>
+ </IfDefine>
+</IfModule>
+
+
+<IfVersion >= 2.5.1>
+ <Location /redirect_relative/default>
+ Redirect /out-default
+ </Location>
+ <Location /redirect_relative/on>
+ RedirectRelative ON
+ Redirect /out-on
+ </Location>
+ <Location /redirect_relative/off>
+ RedirectRelative OFF
+ Redirect /out-off
+ </Location>
+ <Location /redirect_relative/off/fail>
+ Redirect fail-to-construct-url
+ </Location>
+</IfVersion>
+
+Alias /manual @inherit_documentroot@/manual
+<Location /manual>
+ Order deny,allow
+ Deny from all
+ Allow from @servername@
+</Location>
+
+##
+## mod_asis test config
+##
+
+<IfModule mod_asis.c>
+ <Directory @SERVERROOT@/htdocs/modules/asis>
+ AddHandler send-as-is asis
+ </Directory>
+</IfModule>
+
+##
+## mod_headers test config
+##
+
+<IfModule mod_headers.c>
+ <Directory @SERVERROOT@/htdocs/modules/headers/htaccess>
+ AllowOverride All
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/headers/ssl>
+ AllowOverride All
+ </Directory>
+
+ <VirtualHost mod_headers>
+ <Location /manual>
+ Header add mod_headers_foo bar
+ </Location>
+ </VirtualHost>
+
+ # Should match anything mapped to disk
+ <DirectoryMatch ^>
+ Header append DMMATCH1 1
+ </DirectoryMatch>
+</IfModule>
+
+##
+## mod_dir test config
+##
+
+<IfModule mod_dir.c>
+ <Directory @SERVERROOT@/htdocs/modules/dir/htaccess>
+ DirectorySlash OFF
+ </Directory>
+ <IfVersion >= 2.5.1>
+ <Directory @SERVERROOT@/htdocs/modules/dir/htaccess/sub>
+ DirectorySlash NotFound
+ </Directory>
+ </IfVersion>
+ <Directory @SERVERROOT@/htdocs/modules/dir/htaccess>
+ AllowOverride Indexes
+ </Directory>
+</IfModule>
+
+##
+## mod_env test config
+##
+
+<IfModule mod_env.c>
+ PassEnv APACHE_TEST_HOSTNAME
+ SetEnv ENV_TEST "mod_env test environment variable"
+ SetEnv ENV_TEST_EMPTY
+ UnsetEnv UNSET
+
+ PassEnv APACHE_TEST_HOSTTYPE
+ UnsetEnv APACHE_TEST_HOSTTYPE
+
+ SetEnv NOT_HERE "this will not be here"
+ UnsetEnv NOT_HERE
+
+ <Directory @SERVERROOT@/htdocs/modules/env>
+ Options +Includes
+ </Directory>
+</IfModule>
+
+##
+## mod_setenvif test config
+##
+
+<IfModule mod_setenvif.c>
+ <Directory @SERVERROOT@/htdocs/modules/setenvif/htaccess>
+ Options +Includes
+ AllowOverride All
+ </Directory>
+</IfModule>
+
+##
+## mod_dav test config
+##
+
+<IfModule mod_dav.c>
+ <IfVersion < 2.5.1>
+ DAVLockDB @SERVERROOT@/logs/davlock.db
+ </IfVersion>
+
+ <Directory @SERVERROOT@/htdocs/modules/dav>
+ DAV On
+ </Directory>
+</IfModule>
+
+##
+## mod_autoindex test config
+##
+
+<IfModule mod_autoindex.c>
+ <Directory @SERVERROOT@/htdocs/modules/autoindex/htaccess>
+ Options +Indexes
+ AllowOverride Indexes
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/modules/autoindex2>
+ Options +Indexes
+ AllowOverride All
+ </Directory>
+</IfModule>
+
+##
+## LimitRequest* directive testing
+##
+
+LimitRequestLine @limitrequestline@
+LimitRequestFieldSize 1024
+LimitRequestFields 32
+<Directory @SERVERROOT@/htdocs/apache/limits>
+ LimitRequestBody 65536
+</Directory>
+
+##
+## mod_echo test config
+##
+
+<IfModule mod_echo.c>
+ <VirtualHost mod_echo>
+ ProtocolEcho On
+ </VirtualHost>
+
+ <IfModule @ssl_module@>
+ <VirtualHost mod_echo_ssl>
+ ProtocolEcho On
+ SSLEngine On
+ </VirtualHost>
+ </IfModule>
+</IfModule>
+
+##
+## mod_deflate test config
+##
+<IfDefine APACHE2>
+ <IfModule mod_deflate.c>
+ <Directory @SERVERROOT@/htdocs/modules/deflate>
+ SetOutputFilter DEFLATE
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/deflate/ssi>
+ Options +Includes
+ DirectoryIndex default.html
+ AddOutputFilter INCLUDES shtml
+ SetOutputFilter DEFLATE
+ </Directory>
+
+ <IfModule mod_bucketeer.c>
+ <Directory @SERVERROOT@/htdocs/modules/deflate/bucketeer>
+ SetOutputFilter BUCKETEER;DEFLATE
+ </Directory>
+ </IfModule>
+
+
+ <Location /modules/cgi/not-modified.pl>
+ SetOutputFilter DEFLATE
+ </Location>
+
+ <Location /modules/deflate/echo_post>
+ SetInputFilter DEFLATE
+ SetHandler echo_post
+ </Location>
+ </IfModule>
+</IfDefine>
+
+### pr17629.t
+<IfModule mod_case_filter.c>
+ <Location /modules/cgi/redirect.pl>
+ SetOutputFilter CASEFILTER
+ </Location>
+</IfModule>
+
+
+##
+## Test config for security issues
+##
+<Directory @SERVERROOT@/htdocs/security>
+ Options +Includes
+ AllowOverride All
+ Order allow,deny
+ Allow from all
+
+ # for CVE-2005-3352 test:
+ AddHandler imap-file map
+</Directory>
+
+<Directory @SERVERROOT@/htdocs/security/CAN-2004-0811>
+ Options +Indexes
+</Directory>
+
+<Directory @SERVERROOT@/htdocs/security/CAN-2004-0811/sub>
+ Satisfy Any
+</Directory>
+
+##
+## Digest test config
+##
+<IfDefine APACHE2>
+ <IfModule mod_auth_digest.c>
+ Alias /digest @DocumentRoot@
+ <Location /digest>
+ Require valid-user
+ AuthType Digest
+ AuthName realm1
+ # 2.0
+ <IfModule mod_auth.c>
+ AuthDigestFile @ServerRoot@/realm1
+ </IfModule>
+ # 2.1
+ <IfModule mod_authn_file.c>
+ AuthUserFile realm1
+ </IfModule>
+ </Location>
+ SetEnvIf X-Browser "MSIE" AuthDigestEnableQueryStringHack=On
+ </IfModule>
+</IfDefine>
+
+##
+## authz_core test config: authz by user or by env (modules/aaa.t)
+##
+<IfDefine APACHE2>
+ <IfModule mod_authz_core.c>
+ <IfModule mod_authn_core.c>
+ <IfModule mod_authn_file.c>
+ <IfModule mod_authz_host.c>
+ <IfModule mod_auth_digest.c>
+ Alias /authz/digest @DocumentRoot@
+ <Location /authz/digest>
+ <RequireAny>
+ Require valid-user
+ Require env allowed
+ </RequireAny>
+ AuthType Digest
+ AuthName realm2
+ AuthUserFile realm2
+ </Location>
+ </IfModule>
+ <IfModule mod_auth_basic.c>
+ Alias /authz/basic @DocumentRoot@
+ <Location /authz/basic>
+ <RequireAny>
+ Require valid-user
+ Require env allowed
+ </RequireAny>
+ AuthType Basic
+ AuthName basic1
+ AuthUserFile basic1
+ </Location>
+ </IfModule>
+ <IfVersion >= 2.3.11>
+ <IfModule mod_auth_basic.c>
+ Alias /authz/fail/401 @DocumentRoot@
+ Alias /authz/fail/403 @DocumentRoot@
+ <Location /authz/fail>
+ Require user foo
+ AuthType Basic
+ AuthName basic1
+ AuthUserFile basic1
+ </Location>
+ <Location /authz/fail/403>
+ AuthzSendForbiddenOnFailure On
+ </Location>
+ </IfModule>
+ </IfVersion>
+ <IfModule mod_auth_form.c>
+ <IfModule mod_session_cookie.c>
+ Alias /authz/form @DocumentRoot@
+ <Location /authz/form>
+ AuthFormLoginRequiredLocation http://@SERVERNAME@:@PORT@/authz/login.html
+ AuthFormLoginSuccessLocation http://@SERVERNAME@:@PORT@/authz/form/
+ AuthFormProvider file
+ AuthType Form
+ AuthUserFile form1
+ AuthName form1
+ Session On
+ SessionCookieName session path=/
+ <RequireAny>
+ Require valid-user
+ Require env allowed
+ </RequireAny>
+ </Location>
+ <Location /authz/form/dologin.html>
+ SetHandler form-login-handler
+ Require all granted
+ </Location>
+ </IfModule>
+ </IfModule>
+ SetEnvIf X-Allowed "yes" allowed
+ </IfModule>
+ </IfModule>
+ </IfModule>
+ </IfModule>
+</IfDefine>
+
+##
+## authz_core test config: authz merging (modules/authz_core.t)
+##
+<IfDefine APACHE2>
+ <IfModule mod_authz_core.c>
+ <IfModule mod_authn_core.c>
+ <IfModule mod_authz_host.c>
+ <Directory @DocumentRoot@/authz_core/>
+ AllowOverride all
+ </Directory>
+
+ SetEnvIf X-Allowed1 "yes" allowed1
+ SetEnvIf X-Allowed2 "yes" allowed2
+ SetEnvIf X-Allowed3 "yes" allowed3
+ SetEnvIf X-Allowed4 "yes" allowed4
+ </IfModule>
+ </IfModule>
+ </IfModule>
+</IfDefine>
+
+##
+## Configuration for t/modules/ldap.t.
+##
+<IfDefine LDAP>
+ Alias /modules/ldap/simple @DocumentRoot@
+ Alias /modules/ldap/group @DocumentRoot@
+ Alias /modules/ldap/refer @DocumentRoot@
+
+ # Simple user lookup
+ <Location /modules/ldap/simple>
+ AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
+ AuthLDAPBindDN "cn=httpd,dc=example,dc=com"
+ AuthLDAPBindPassword mod_authnz_ldap
+ AuthType Basic
+ AuthName ldap-simple@httpd.apache.org
+ AuthBasicProvider ldap
+ Require valid-user
+ </Location>
+ # Static group configuration
+ <Location /modules/ldap/group>
+ AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
+ AuthLDAPBindDN "cn=httpd,dc=example,dc=com"
+ AuthLDAPBindPassword mod_authnz_ldap
+ AuthType Basic
+ AuthName ldap-group@httpd.apache.org
+ AuthBasicProvider ldap
+ Require ldap-group cn=Group One,dc=example,dc=com
+ </Location>
+ # Referral configuration -- the second user is only found if
+ # httpd follows the referral.
+ <Location /modules/ldap/refer>
+ AuthLDAPURL "ldap://localhost:8389/dc=example,dc=com?uid"
+ AuthLDAPBindDN "cn=httpd,dc=example,dc=com"
+ AuthLDAPBindPassword mod_authnz_ldap
+ AuthType Basic
+ AuthName ldap-refer@httpd.apache.org
+ AuthBasicProvider ldap
+ Require ldap-group cn=Subgroup,ou=dept,dc=example,dc=com
+ </Location>
+</IfDefine>
+
+##
+## ErrorDocument handling
+## create it's own virtual host so it doesn't interfere
+## with other tests for 404 messages
+##
+<VirtualHost _default_:error_document>
+ ErrorDocument 404 "per-server 404
+
+ <Location /redefine>
+ ErrorDocument 404 "per-dir 404
+ </Location>
+
+ <Location /inherit>
+ # nothing here
+ </Location>
+
+ <Location /bounce>
+ ErrorDocument 404 /modules/expires/expire.html
+ </Location>
+
+ <Location /restore>
+ # special "default" value = restore canned error response
+ ErrorDocument 404 default
+ </Location>
+
+ <Directory @DocumentRoot@/apache>
+ ErrorDocument 404 "testing merge
+ </Directory>
+
+ <Directory @DocumentRoot@/apache/etag>
+ # 404 should be inherited from /apache
+ ErrorDocument 500 "hmph
+ </Directory>
+
+</VirtualHost>
+
+<Directory @DocumentRoot@/modules/filter/byterange/pr61860>
+ Header always set TestDuplicateHeader "shouldnotbeduplicated"
+</Directory>
+
+<IfModule mod_bucketeer.c>
+ <Directory @DocumentRoot@/apache/chunked>
+ SetOutputFilter BUCKETEER
+ </Directory>
+</IfModule>
+
+<IfModule mod_status.c>
+ ExtendedStatus On
+</IfModule>
+
+<IfModule mod_filter.c>
+ <IfModule mod_case_filter.c>
+ <Location /modules/cgi/xother.pl>
+ FilterDeclare xother CONTENT_SET
+ <IfVersion >= 2.3.9>
+ FilterProvider xother CASEFILTER "resp('X-Foo') == 'bar'"
+ </IfVersion>
+ <IfVersion < 2.3.0>
+ FilterProvider xother CASEFILTER resp=X-Foo bar
+ </IfVersion>
+ FilterChain xother
+ </Location>
+ </IfModule>
+
+ <Directory @SERVERROOT@/htdocs/modules/filter/pr49328>
+ Options +Includes
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+
+ <IfModule mod_deflate.c>
+ FilterDeclare pr49328 CONTENT_SET
+ <IfVersion < 2.3.0>
+ FilterProvider pr49328 DEFLATE resp=Content-Type $text/
+ </IfVersion>
+ <IfVersion >= 2.3.0>
+ <IfVersion < 2.3.9>
+ FilterProvider pr49328 DEFLATE "$content-type = /text\//"
+ </IfVersion>
+ </IfVersion>
+ <IfVersion >= 2.3.9>
+ FilterProvider pr49328 DEFLATE "%{CONTENT_TYPE} =~ m!text/!"
+ </IfVersion>
+ FilterChain pr49328
+ </IfModule>
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/modules/filter/bytype>
+ <IfModule mod_deflate.c>
+ AddOutputFilterByType DEFLATE application/xml
+ AddOutputFilterByType DEFLATE text/xml
+ AddOutputFilterByType DEFLATE text/css
+ </IfModule>
+ <IfModule mod_case_filter.c>
+ AddOutputFilterByType CASEFILTER application/xml
+ AddOutputFilterByType CASEFILTER text/xml
+ AddOutputFilterByType CASEFILTER text/plain
+ </IfModule>
+ </Directory>
+</IfModule>
+
+##
+## mod_dumpio configuration
+##
+<IfModule mod_dumpio.c>
+ DumpIOInput on
+ DumpIOOutput on
+ LogLevel dumpio:trace7
+</IfModule>
+
+##
+## LogLevel configuration
+##
+<IfDefine APACHE2>
+ <IfVersion >= 2.3.6>
+ <Directory @SERVERROOT@/htdocs/apache/loglevel/core_crit>
+ LogLevel info core:crit
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/apache/loglevel/core_info>
+ LogLevel crit core:info
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/apache/loglevel/crit>
+ LogLevel crit
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/apache/loglevel/crit/core_info>
+ LogLevel core:info
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/apache/loglevel/crit/core_info/crit>
+ LogLevel crit
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/apache/loglevel/info>
+ LogLevel info
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/apache/loglevel/info/core_crit>
+ LogLevel core:crit
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/apache/loglevel/info/core_crit/info>
+ LogLevel info
+ </Directory>
+ </IfVersion>
+</IfDefine>
+
+<Directory @SERVERROOT@/htdocs/apache/cfg_getline/>
+ AllowOverride All
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+ Options +Includes
+</Directory>
+
+<Directory @SERVERROOT@/htdocs/modules/substitute/>
+ AllowOverride All
+</Directory>
+
+##
+## expression parser test config
+##
+
+<IfVersion >= 2.3.9>
+ <Directory @SERVERROOT@/htdocs/apache/expr/>
+ AllowOverride All
+ <IfModule mod_log_debug.c>
+ AllowOverrideList LogMessage
+ </IfModule>
+ </Directory>
+</IfVersion>
+
+<IfDefine APACHE2>
+ <IfVersion >= 2.3.11>
+ <IfModule mod_headers.c>
+ <IfModule mod_proxy.c>
+ ProxyPass /if_sec/proxy/ http://@SERVERNAME@:@PORT@/
+
+ # Directory context
+ <Directory @SERVERROOT@/htdocs/if_sec/dir/>
+ <If "-n %{REQ:In-If1}">
+ Header merge Out-Trace dir1
+ <If "-n %{REQ:In-If11}">
+ Header merge Out-Trace nested11
+ <If "-n %{REQ:In-If111}">
+ Header merge Out-Trace nested111
+ </If>
+ <Elseif "-n %{REQ:In-If112}">
+ Header merge Out-Trace nested112
+ </Elseif>
+ <Else>
+ Header merge Out-Trace nested113
+ </Else>
+ </If>
+ </If>
+ <If "-n %{REQ:In-If2}">
+ Header merge Out-Trace dir2
+ </If>
+ <Files *.txt>
+ <If "-n %{REQ:In-If1}">
+ Header merge Out-Trace dir_files1
+ </If>
+ </Files>
+ </Directory>
+
+ # Location context
+ <Location /if_sec/proxy/>
+ <If "-n %{REQ:In-If1}">
+ Header merge Out-Trace locp1
+ </If>
+ <If "-n %{REQ:In-If2}">
+ Header merge Out-Trace locp2
+ </If>
+ </Location>
+ <Location /if_sec/loc/>
+ <If "-n %{REQ:In-If1}">
+ Header merge Out-Trace loc1
+ <If "-n %{REQ:In-If11}">
+ Header merge Out-Trace nested11
+ <If "-n %{REQ:In-If111}">
+ Header merge Out-Trace nested111
+ </If>
+ <Elseif "-n %{REQ:In-If112}">
+ Header merge Out-Trace nested112
+ </Elseif>
+ <Else>
+ Header merge Out-Trace nested113
+ </Else>
+ </If>
+ </If>
+ <If "-n %{REQ:In-If2}">
+ Header merge Out-Trace loc2
+ </If>
+ </Location>
+
+ # Files context
+ <Files *.if_test>
+ <If "-n %{REQ:In-If2}">
+ Header merge Out-Trace files2
+ <If "-n %{REQ:In-If11}">
+ Header merge Out-Trace nested11
+ <If "-n %{REQ:In-If111}">
+ Header merge Out-Trace nested111
+ </If>
+ <Elseif "-n %{REQ:In-If112}">
+ Header merge Out-Trace nested112
+ </Elseif>
+ <Else>
+ Header merge Out-Trace nested113
+ </Else>
+ </If>
+ </If>
+ </Files>
+
+ # Global context
+ <If "-n %{REQ:In-If1}">
+ Header merge Out-Trace global1
+ <If "-n %{REQ:In-If11}">
+ Header merge Out-Trace nested11
+ <If "-n %{REQ:In-If111}">
+ Header merge Out-Trace nested111
+ </If>
+ <Elseif "-n %{REQ:In-If112}">
+ Header merge Out-Trace nested112
+ </Elseif>
+ <Else>
+ Header merge Out-Trace nested113
+ </Else>
+ </If>
+ </If>
+ </IfModule>
+ </IfModule>
+ </IfVersion>
+</IfDefine>
+
+<IfDefine APACHE2>
+ <IfVersion >= 2.3.15>
+ <IfModule mod_alias.c>
+ AliasMatch /maxranges/([^/])+/ @SERVERROOT@/htdocs/apache/chunked/byteranges.txt
+ <Location /maxranges/none/>
+ MaxRanges none
+ </Location>
+ <Location /maxranges/default-explicit/>
+ MaxRanges default
+ </Location>
+ <Location /maxranges/1/>
+ MaxRanges 1
+ </Location>
+ <Location /maxranges/2/>
+ MaxRanges 2
+ </Location>
+ <Location /maxranges/1/merge/none/>
+ MaxRanges none
+ </Location>
+ <Location /maxranges/unlimited/>
+ MaxRanges unlimited
+ </Location>
+ </IfModule>
+ </IfVersion>
+ <IfVersion >= 2.2.21>
+ <IfModule mod_alias.c>
+ AliasMatch /maxranges/([^/])+/ @SERVERROOT@/htdocs/apache/chunked/byteranges.txt
+ <Location /maxranges/none/>
+ MaxRanges none
+ </Location>
+ <Location /maxranges/default-explicit/>
+ MaxRanges default
+ </Location>
+ <Location /maxranges/1/>
+ MaxRanges 1
+ </Location>
+ <Location /maxranges/2/>
+ MaxRanges 2
+ </Location>
+ <Location /maxranges/1/merge/none/>
+ MaxRanges none
+ </Location>
+ <Location /maxranges/unlimited/>
+ MaxRanges unlimited
+ </Location>
+ </IfModule>
+ </IfVersion>
+
+</IfDefine>
+
+<IfModule mod_lua.c>
+ AddHandler lua-script .lua
+ LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name
+ <Location /modules/lua/translate-inherit-after>
+ LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name2
+ LuaInherit parent-last
+ </Location>
+ <Location /modules/lua/translate-inherit-before>
+ LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name2
+ LuaInherit parent-first
+ </Location>
+ <Location /modules/lua/translate-inherit-default-before>
+ LuaHookTranslateName @SERVERROOT@/htdocs/modules/lua/translate.lua translate_name2
+ # default: LuaInherit parent-first
+ </Location>
+
+ # Filtering tests
+ LuaOutputFilter LUA_OUTPUT @SERVERROOT@/htdocs/modules/lua/filters.lua output_filter
+ Alias /modules/lua/filtered @DocumentRoot@
+ <Location /modules/lua/filtered/>
+ SetOutputFilter LUA_OUTPUT
+ </Location>
+
+</IfModule>
+
+#
+# Strict HTTP mode test config
+#
+<IfDefine APACHE2>
+ <IfVersion >= 2.2.32>
+ <Directory @SERVERROOT@/htdocs/apache/http_strict>
+ Options +ExecCGI
+ AddHandler cgi-script .pl
+ </Directory>
+ <VirtualHost _default_:http_unsafe>
+ DocumentRoot @SERVERROOT@/htdocs/
+ HttpProtocolOptions Unsafe Allow0.9
+ <IfModule mod_headers.c>
+ <Location /regression-header>
+ # Use two examples to ensure multiple bad headers are caught
+ # Note the vertical tab (^K or 0x0B) embedded in the header value
+ Header always set X-Bad "vertical tab"
+ Header always set X?Bad "badly named header"
+ </Location>
+ </IfModule>
+ </VirtualHost>
+ <VirtualHost _default_:http_strict>
+ DocumentRoot @SERVERROOT@/htdocs/
+ HttpProtocolOptions Strict Require1.0 RegisteredMethods
+ <IfModule mod_headers.c>
+ <Location /regression-header>
+ # Use two examples to ensure multiple bad headers are caught
+ # Note the vertical tab (^K or 0x0B) embedded in the header value
+ Header always set X-Bad "vertical tab"
+ Header always set X?Bad "badly named header"
+ </Location>
+ </IfModule>
+ </VirtualHost>
+ </IfVersion>
+</IfDefine>
+
+#
+# mod_brotli test config
+#
+<IfDefine APACHE2>
+ <IfModule mod_alias.c>
+ <IfModule mod_brotli.c>
+ # Reuse existing data for mod_deflate
+ Alias /only_brotli @SERVERROOT@/htdocs/modules/deflate
+ <Location /only_brotli>
+ SetOutputFilter BROTLI_COMPRESS
+ </Location>
+
+ <IfModule mod_deflate.c>
+ Alias /brotli_and_deflate @SERVERROOT@/htdocs/modules/deflate
+ <Location /brotli_and_deflate>
+ SetOutputFilter BROTLI_COMPRESS;DEFLATE
+ </Location>
+ </IfModule>
+ </IfModule>
+ </IfModule>
+</IfDefine>
+
+#
+# <IfFile> test config (see t/apache/iffile.t)
+#
+<IfDefine APACHE2>
+ <IfVersion >= 2.4.34>
+ <IfModule mod_headers.c>
+
+ <Location /apache/iffile>
+ # First, the IfFiles that should succeed.
+ <IfFile htdocs/apache/iffile/document>
+ Header merge X-Out success1
+ </IfFile>
+ <IfFile !htdocs/apache/iffile/doesnotexist>
+ Header merge X-Out success2
+ </IfFile>
+ <IfFile htdocs/apache/iffile>
+ Header merge X-Out success3
+ </IfFile>
+ <IfFile @SERVERROOT@/htdocs/apache/iffile/document>
+ Header merge X-Out success4
+ </IfFile>
+ <IfFile "htdocs/apache/iffile/document">
+ Header merge X-Out success5
+ </IfFile>
+ # Followed by the IfFiles that should fail.
+ <IfFile !htdocs/apache/iffile/document>
+ Header merge X-Out fail1
+ </IfFile>
+ <IfFile htdocs/apache/iffile/doesnotexist>
+ Header merge X-Out fail2
+ </IfFile>
+ <IfFile !htdocs/apache/iffile>
+ Header merge X-Out fail3
+ </IfFile>
+ <IfFile !@SERVERROOT@/htdocs/apache/iffile/document>
+ Header merge X-Out fail4
+ </IfFile>
+ <IfFile !"htdocs/apache/iffile/document">
+ Header merge X-Out fail5
+ </IfFile>
+ </Location>
+
+ </IfModule>
+ </IfVersion>
+</IfDefine>
+
+
+#
+# t/modules/ext_filter.t test config
+#
+<IfDefine APACHE2>
+ <IfModule mod_ext_filter.c>
+ ExtFilterDefine foo-to-bar mode=output cmd="@SERVERROOT@/htdocs/modules/ext_filter/eval-cmd.pl s,foo,bar,g"
+ ExtFilterDefine ifoo-to-bar mode=input cmd="@SERVERROOT@/htdocs/modules/ext_filter/eval-cmd.pl s,foo,bar,g"
+ ExtFilterDefine sleepy-cat-out mode=output cmd=@SERVERROOT@/htdocs/modules/ext_filter/sleepycat.pl
+ ExtFilterDefine sleepy-cat-in mode=input cmd=@SERVERROOT@/htdocs/modules/ext_filter/sleepycat.pl
+ AliasMatch /apache/extfilter/[^/]+/(.*) @DocumentRoot@/$1
+
+ <Location /apache/extfilter/out-foo>
+ SetOutputFilter foo-to-bar
+ </Location>
+
+ <Location /apache/extfilter/out-slow>
+ SetOutputFilter sleepy-cat-out
+ </Location>
+
+ <Location /apache/extfilter/in-foo>
+ SetInputFilter ifoo-to-bar
+ </Location>
+
+ <Location /apache/extfilter/out-limit>
+ SetOutputFilter foo-to-bar
+ LimitRequestBody 6
+ </Location>
+
+</IfModule>
+</IfDefine>
+
+##
+## mod_ssl_ct configuration
+##
+<IfModule mod_ssl_ct.c>
+ # If mod_ssl_ct is loaded, CTSCTStorage is needed to pass the configtest.
+ CTSCTStorage .
+</IfModule>
+
+##
+## mod_remote_ip configuration
+##
+<IfModule mod_remoteip.c>
+ <VirtualHost remote_ip>
+ DocumentRoot @SERVERROOT@/htdocs/modules/remoteip
+ <IfVersion >= 2.4.30>
+ RemoteIPProxyProtocol On
+ </IfVersion>
+ </VirtualHost>
+</IfModule>
+
+
+<IfModule mod_ratelimit.c>
+ AliasMatch ^/apache/ratelimit/autoindex/$ @SERVERROOT@/htdocs/
+ AliasMatch ^/apache/ratelimit/$ @SERVERROOT@/htdocs/index.html
+ <Location /apache/ratelimit/>
+ Options +Indexes
+ SetOutputFilter RATE_LIMIT
+ <IfModule mod_env.c>
+ SetEnv rate-limit 1024
+ SetEnv rate-initial-burst 512
+ </IfModule>
+ </Location>
+ <Location /apache/ratelimit/chunk>
+ SetHandler random_chunk
+ </Location>
+</IfModule>
+
+<IfModule mod_reflector.c>
+ <Location /apache/reflector_nodeflate/>
+ SetHandler reflector
+ # Do not set any filter
+ ReflectorHeader header2reflect
+ ReflectorHeader header2update header2updateUpdated
+ </Location>
+ <Location /apache/reflector_deflate/>
+ SetHandler reflector
+ SetOutputFilter DEFLATE
+ ReflectorHeader header2reflect
+ ReflectorHeader header2update header2updateUpdated
+ </Location>
+</IfModule>
+
+<IfModule mod_allowmethods.c>
+ <Directory @SERVERROOT@/htdocs/modules/allowmethods>
+ Options +Indexes
+ </Directory>
+ <IfVersion >= 2.5.1>
+ <Directory @SERVERROOT@/htdocs/modules/allowmethods/NoPost>
+ AllowMethods -POST
+ </Directory>
+ </IfVersion>
+ <Directory @SERVERROOT@/htdocs/modules/allowmethods/Get>
+ AllowMethods GET
+ </Directory>
+ <IfVersion >= 2.5.1>
+ <Directory @SERVERROOT@/htdocs/modules/allowmethods/Get/post>
+ AllowMethods +POST
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/modules/allowmethods/Get/none>
+ AllowMethods -GET
+ </Directory>
+ </IfVersion>
+ <Directory @SERVERROOT@/htdocs/modules/allowmethods/Head>
+ AllowMethods HEAD
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/modules/allowmethods/Post>
+ AllowMethods POST
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/modules/allowmethods/Post/reset>
+ AllowMethods reset
+ </Directory>
+</IfModule>
+
+<IfModule mod_buffer.c>
+ <IfModule mod_reflector.c>
+ <Location /apache/buffer_in/>
+ SetHandler reflector
+ SetInputFilter BUFFER
+ </Location>
+ <Location /apache/buffer_out/>
+ SetHandler reflector
+ SetOutputFilter BUFFER
+ </Location>
+ <Location /apache/buffer_in_out/>
+ SetHandler reflector
+ SetInputFilter BUFFER
+ SetOutputFilter BUFFER
+ </Location>
+ </IfModule>
+</IfModule>
+
+<IfModule mod_data.c>
+ <Directory @SERVERROOT@/htdocs/modules/data/>
+ SetOutputFilter DATA
+ </Directory>
+</IfModule>
+
+<IfModule mod_usertrack.c>
+ <Directory @SERVERROOT@/htdocs/modules/usertrack/>
+ CookieTracking on
+ CookieName usertrack_test
+ CookieExpires "60 seconds"
+ </Directory>
+</IfModule>
+
+<IfModule mod_session_cookie.c>
+ <Directory @SERVERROOT@/htdocs/modules/session_cookie>
+ Session On
+ SessionCookieName thisisatest path=/
+ SessionMaxAge 1
+ </Directory>
+</IfModule>
+
+<IfModule mod_speling.c>
+ <Directory @SERVERROOT@/htdocs/modules/speling/nocase/>
+ CheckSpelling on
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/modules/speling/caseonly/>
+ CheckSpelling on
+ CheckCaseOnly on
+ </Directory>
+</IfModule>
+
+<IfModule mod_actions.c>
+ ScriptAlias /cgi_mod_actions @SERVERROOT@/htdocs/modules/cgi
+ <Location /mod_actions>
+ SetHandler my-handler
+ Action my-handler "/cgi_mod_actions/perl_echo.pl" virtual
+ </Location>
+
+ <Directory @SERVERROOT@/htdocs/modules/actions/action>
+ AddHandler my-file-type1 .xyz1
+ Action my-file-type1 "/cgi_mod_actions/perl_echo.pl"
+ AddHandler my-file-type2 .xyz2
+ Action my-file-type2 "/cgi_mod_actions/perl_echo.pl" virtual
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/actions/script>
+ Script GET "/cgi_mod_actions/perl_echo.pl"
+ Script POST "/cgi_mod_actions/perl_post.pl"
+ </Directory>
+</IfModule>
+
+<IfModule mod_heartbeat.c>
+ <IfModule mod_heartmonitor.c>
+ HeartbeatListen 239.0.0.1:27999
+ HeartbeatAddress 239.0.0.1:27999
+ </IfModule>
+</IfModule>
+
+#
+# t/modules/sed.t test config
+#
+<IfModule mod_sed.c>
+ AliasMatch /apache/sed/[^/]+/(.*) @DocumentRoot@/$1
+
+ <Location /apache/sed/>
+ AddOutputFilter sed .html
+ </Location>
+
+ <Location /apache/sed/out-foo>
+ OutputSed "s/foo/bar/g"
+ </Location>
+</IfModule>
+
+
diff --git a/debian/perl-framework/t/conf/http2.conf.in b/debian/perl-framework/t/conf/http2.conf.in
new file mode 100644
index 0000000..2e6ca67
--- /dev/null
+++ b/debian/perl-framework/t/conf/http2.conf.in
@@ -0,0 +1,105 @@
+##
+## mod_http2 test config
+##
+
+<IfDefine APACHE2>
+ <IfModule http2_module>
+
+ LogLevel http2:debug
+
+ <VirtualHost h2c>
+ Protocols h2c http/1.1
+
+ <IfModule @CGI_MODULE@>
+ <Directory @SERVERROOT@/htdocs/modules/h2>
+ Options +ExecCGI
+ AddHandler cgi-script .pl
+
+ </Directory>
+ </IfModule>
+
+ <Location /modules/h2/hello.pl>
+ </Location>
+ <IfModule mod_rewrite.c>
+ RewriteEngine on
+ RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
+ </IfModule>
+
+ </VirtualHost>
+
+ <IfModule @ssl_module@>
+
+ <VirtualHost @SERVERNAME@:h2>
+ Protocols h2 http/1.1
+ H2Direct on
+
+ SSLEngine on
+ SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
+ SSLCACertificatePath @ServerRoot@/conf/ssl
+ SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
+ SSLCARevocationCheck chain
+
+ # taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+ #
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+ SSLProtocol All -SSLv2 -SSLv3
+ SSLOptions +StdEnvVars
+
+ <IfVersion >= 2.4.18>
+ # need this off as long as we ran on old openssl
+ H2ModernTLSOnly off
+ </IfVersion>
+
+ <IfModule @CGI_MODULE@>
+ <Directory @SERVERROOT@/htdocs/modules/h2>
+ Options +ExecCGI
+ AddHandler cgi-script .pl
+ </Directory>
+ </IfModule>
+
+ <Location /modules/h2/hello.pl>
+ </Location>
+ <IfModule mod_rewrite.c>
+ RewriteEngine on
+ RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
+ </IfModule>
+
+ </VirtualHost>
+
+ <VirtualHost noh2.example.org:h2>
+ Protocols http/1.1
+ H2Direct off
+ </VirtualHost>
+
+ <VirtualHost test.example.org:h2>
+ Protocols h2 http/1.1
+ H2Direct on
+
+ SSLEngine on
+ SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
+ SSLCACertificatePath @ServerRoot@/conf/ssl
+ SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
+ SSLCARevocationCheck chain
+
+ # taken from https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+ #
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+ SSLProtocol All -SSLv2 -SSLv3
+ SSLOptions +StdEnvVars
+
+ </VirtualHost>
+
+ <VirtualHost test2.example.org:h2>
+ Protocols http/1.1 h2
+ H2Direct on
+ </VirtualHost>
+
+ <VirtualHost test-ser.example.org:h2>
+ </VirtualHost>
+
+ </ifModule>
+
+ </IfModule>
+
+</IfDefine>
+
diff --git a/debian/perl-framework/t/conf/include-ssi-exec.conf.in b/debian/perl-framework/t/conf/include-ssi-exec.conf.in
new file mode 100644
index 0000000..42b72f9
--- /dev/null
+++ b/debian/perl-framework/t/conf/include-ssi-exec.conf.in
@@ -0,0 +1,499 @@
+# Test cases for Includes options inheritance, see test case
+# t/security/CVE-2009-1195.t
+
+<IfDefine !APACHE1>
+<IfVersion >= 2.1.0>
+<IfModule mod_include.c>
+
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/1">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/2">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/3">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/4">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/5">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/6">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/7">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/8">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/9">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/10">
+ Options None
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/11">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/12">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/13">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/14">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/15">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/16">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/17">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/18">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/19">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/20">
+ Options None
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/21">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/22">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/23">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/24">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/25">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/26">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/27">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/28">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/29">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/30">
+ Options None
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/31">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/32">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/33">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/34">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/35">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/36">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/37">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/38">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/39">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/40">
+ Options None
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/41">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/42">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/43">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/44">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/45">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/46">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/47">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/48">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/49">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/50">
+ Options IncludesNoExec
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/51">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/52">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/53">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/54">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/55">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/56">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/57">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/58">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/59">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/60">
+ Options IncludesNoExec
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/61">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/62">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/63">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/64">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/65">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/66">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/67">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/68">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/69">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/70">
+ Options IncludesNoExec
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/71">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/72">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/73">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/74">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/75">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/76">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/77">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/78">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/79">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/80">
+ Options IncludesNoExec
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/81">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/82">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/83">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/84">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/85">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/86">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/87">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/88">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/89">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/90">
+ Options Includes
+ AllowOverride Options=IncludesNoExec
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/91">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/92">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/93">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/94">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/95">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/96">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/97">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/98">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/99">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/100">
+ Options Includes
+ AllowOverride Options=Includes
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/101">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/102">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/103">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/104">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/105">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/106">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/107">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/108">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/109">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/110">
+ Options Includes
+ AllowOverride All
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/111">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/112">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/113">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/114">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/115">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/116">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/117">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/118">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/119">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/120">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/121">
+ Options Includes
+ AllowOverride None
+</Directory>
+<Directory "@SERVERROOT@/htdocs/modules/include/ssi-exec/120/subdir">
+# Just a dummy directive that is always available to make this a valid block
+ FileETag All
+</Directory>
+
+</IfModule>
+</IfVersion>
+</IfDefine>
diff --git a/debian/perl-framework/t/conf/include.conf.in b/debian/perl-framework/t/conf/include.conf.in
new file mode 100644
index 0000000..349f565
--- /dev/null
+++ b/debian/perl-framework/t/conf/include.conf.in
@@ -0,0 +1,82 @@
+##
+## mod_include test config
+##
+
+<IfModule mod_include.c>
+
+ AddType text/html .shtml
+
+ <IfDefine APACHE1>
+ AddHandler server-parsed .shtml
+ </IfDefine>
+ <IfDefine APACHE2>
+ AddOutputFilter INCLUDES .shtml
+ </IfDefine>
+
+ <Directory @SERVERROOT@/htdocs/modules/include>
+ <IfVersion >= 2.3.13>
+ SSILegacyExprParser on
+ </IfVersion>
+ Options +IncludesNOEXEC
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/include/apexpr>
+ <IfVersion >= 2.3.13>
+ SSILegacyExprParser off
+ </IfVersion>
+ Options +IncludesNOEXEC
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/include/xbithack/on>
+ Options +IncludesNOEXEC
+ XBitHack on
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/include/xbithack/both>
+ Options Includes
+ XBitHack on
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/include/xbithack/full>
+ Options +IncludesNOEXEC
+ XBitHack full
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/include/exec/on>
+ Options Includes
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/modules/include/mod_request>
+ Options Includes
+ KeptBodySize 32
+ </Directory>
+
+ <IfDefine APACHE2>
+ <IfModule mod_bucketeer.c>
+ <Directory @SERVERROOT@/htdocs/modules/include/bucketeer>
+ SetOutputFilter BUCKETEER
+ </Directory>
+ </IfModule>
+ </IfDefine>
+
+ <VirtualHost ssi-default:mod_include>
+ # fallback host
+ </VirtualHost>
+
+ <IfDefine APACHE2>
+ <VirtualHost retagged1:mod_include>
+ SSIStartTag --->
+ SSIEndTag --->
+ </VirtualHost>
+
+ <VirtualHost retagged2:mod_include>
+ SSIStartTag --->
+ SSIEndTag printenw
+ </VirtualHost>
+
+ <VirtualHost echo1:mod_include>
+ SSIUndefinedEcho "<!-- pass undefined echo -->"
+ </VirtualHost>
+ </IfDefine>
+
+</IfModule>
diff --git a/debian/perl-framework/t/conf/proxy.conf.in b/debian/perl-framework/t/conf/proxy.conf.in
new file mode 100644
index 0000000..a199ca8
--- /dev/null
+++ b/debian/perl-framework/t/conf/proxy.conf.in
@@ -0,0 +1,194 @@
+#t/TEST -proxy
+
+<IfModule mod_proxy.c>
+
+ <VirtualHost _default_:mod_proxy>
+ ProxyRequests On
+ </VirtualHost>
+
+ <IfVersion >= 2.4.49>
+ # Test the mapping.
+ ProxyPass /mapping http://@SERVERNAME@:@PORT@/servlet mapping=servlet
+ </IfVersion>
+
+</IfModule>
+
+<IfModule mod_proxy_hcheck.c>
+ # Suppress the error_log spam every 100ms watchdog cycle at trace5
+ LogLevel proxy_hcheck:trace4
+</IfModule>
+
+<IfModule mod_proxy_balancer.c>
+
+ <VirtualHost proxy_http_bal1>
+ DocumentRoot @SERVERROOT@/htdocs
+ </VirtualHost>
+
+ <VirtualHost proxy_http_bal2>
+ DocumentRoot @SERVERROOT@/htdocs
+ </VirtualHost>
+
+ <VirtualHost proxy_http_balancer>
+
+ <IfModule mod_lbmethod_byrequests.c>
+ <Proxy balancer://foo1>
+ BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1
+ BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1
+ </Proxy>
+ ProxySet balancer://foo1 lbmethod=byrequests
+ <Location /baltest1>
+ ProxyPass balancer://foo1/
+ </Location>
+ </IfModule>
+
+ <IfModule mod_lbmethod_bytraffic.c>
+ <Proxy balancer://foo2>
+ BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1
+ BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1
+ </Proxy>
+ ProxySet balancer://foo2 lbmethod=bytraffic
+ <Location /baltest2>
+ ProxyPass balancer://foo2/
+ </Location>
+ </IfModule>
+
+ <IfModule mod_lbmethod_bybusyness.c>
+ <Proxy balancer://foo3>
+ BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1
+ BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1
+ </Proxy>
+ ProxySet balancer://foo3 lbmethod=bybusyness
+ <Location /baltest3>
+ ProxyPass balancer://foo3/
+ </Location>
+ </IfModule>
+
+ <IfModule mod_lbmethod_heartbeat.c>
+ <Proxy balancer://foo4>
+ BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1
+ BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL2_PORT@ loadfactor=1
+ </Proxy>
+ ProxySet balancer://foo4 lbmethod=heartbeat
+ <Location /baltest4>
+ # TODO heartbeat needs additional configuration to have it work
+ ProxyPass balancer://foo4/
+ </Location>
+ </IfModule>
+
+ ## PR 45434 tests
+ <Proxy balancer://pr45434>
+ BalancerMember http://@SERVERNAME@:@PORT@/modules
+ </Proxy>
+
+ ProxyPass /pr45434 balancer://pr45434/alias
+ ProxyPassReverse /pr45434 balancer://pr45434/alias
+
+ <Proxy balancer://failover>
+ BalancerMember http://@SERVERNAME@:@NextAvailablePort@ loadfactor=1 retry=1ms
+ BalancerMember http://@SERVERNAME@:@PROXY_HTTP_BAL1_PORT@ loadfactor=1 status=H
+ </Proxy>
+ ProxyPassMatch ^/baltest_echo_post balancer://failover/echo_post
+
+ ## Test "dynamic balancer
+ <Proxy balancer://dynproxy>
+ ProxySet growth=10
+ </Proxy>
+ <Location /balancer-manager>
+ SetHandler balancer-manager
+ Allow from all
+ </Location>
+ ProxyPass /dynproxy balancer://dynproxy/
+
+ </VirtualHost>
+
+</IfModule>
+
+#
+# Test config for FCGI (see t/modules/proxy_fcgi.t)
+#
+<IfModule mod_proxy_fcgi.c>
+ # XXX we have no way to retrieve the NextAvailablePort from Apache::Test...
+ Define FCGI_PORT @NextAvailablePort@
+
+ <VirtualHost proxy_fcgi>
+ <IfVersion >= 2.4.26>
+ # ProxyFCGISetEnvIf tests
+ <Location /fcgisetenv>
+ SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT}
+
+ ProxyFCGISetEnvIf true QUERY_STRING test_value
+ ProxyFCGISetEnvIf true TEST_EMPTY
+ ProxyFCGISetEnvIf false TEST_NOT_SET
+ ProxyFCGISetEnvIf true TEST_DOCROOT "%{DOCUMENT_ROOT}"
+ ProxyFCGISetEnvIf "reqenv('GATEWAY_INTERFACE') =~ m#CGI/(.\..)#" TEST_CGI_VERSION "v$1"
+ ProxyFCGISetEnvIf true !REMOTE_ADDR
+ </Location>
+ </IfVersion>
+
+ <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi>
+ <FilesMatch \.php$>
+ SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT}
+ </FilesMatch>
+ </Directory>
+
+ <IfVersion >= 2.4.26>
+ <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi-generic>
+ ProxyFCGIBackendType GENERIC
+ <FilesMatch \.php$>
+ SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT}
+ </FilesMatch>
+ </Directory>
+ <Directory @SERVERROOT@/htdocs/php/fpm>
+ ProxyFCGIBackendType FPM
+ </Directory>
+ </IfVersion>
+
+ <IfModule mod_rewrite.c>
+ <IfVersion >= 2.4.26>
+ <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi-generic-rewrite>
+ ProxyFCGIBackendType GENERIC
+ RewriteEngine On
+ RewriteRule ^.*\.php(/.*)?$ fcgi://127.0.0.1:${FCGI_PORT}@SERVERROOT@/htdocs/modules/proxy/fcgi-generic-rewrite/$0 [L,P]
+ </Directory>
+ </IfVersion>
+
+ <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi-rewrite-path-info>
+ RewriteEngine On
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteRule ^.*$ index.php/$0 [L]
+ <Files index.php>
+ SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT}
+ </Files>
+ </Directory>
+ </IfModule>
+
+ <IfModule mod_actions.c>
+ #AddType application/x-php-fpm .php
+ Action application/x-php-fpm /php/fpm/action virtual
+ <Location /php/fpm/action>
+ SetHandler proxy:fcgi://localhost:9001
+ </Location>
+ <Directory @SERVERROOT@/htdocs/modules/proxy/fcgi-action>
+ AddType application/x-fcgi-action .php
+ Action application/x-fcgi-action /fcgi-action-virtual virtual
+ </Directory>
+ <Location /fcgi-action-virtual>
+ SetHandler proxy:fcgi://127.0.0.1:${FCGI_PORT}
+ </Location>
+ Action application/x-php-fpm /php-fpm-pp/
+ ProxyPass /php-fpm-pp/ fcgi://localhost:9001/@SERVERROOT@/htdocs/
+ ProxyPassReverse /php-fpm-pp/ fcgi://localhost:9001/@SERVERROOT@/htdocs/
+ </IfModule>
+
+
+ </VirtualHost>
+
+ ProxyPass /proxy/wsoc ws://@SERVERNAME@:@PORT@/modules/lua/websockets.lua
+
+</IfModule>
+
+<IfModule mod_rewrite.c>
+ <Directory @SERVERROOT@/htdocs/modules/proxy/rewrite>
+ AllowOverride All
+ </Directory>
+</IfModule>
diff --git a/debian/perl-framework/t/conf/ssl/README b/debian/perl-framework/t/conf/ssl/README
new file mode 100644
index 0000000..dc86a58
--- /dev/null
+++ b/debian/perl-framework/t/conf/ssl/README
@@ -0,0 +1,17 @@
+certs/
+ client_revoked.crt - client certificate that has been revoked
+ client_ok.crt - valid client certificate
+ client_snakeoil.crt - valid client certificate (different DN from above)
+ server.crt - the server certificate
+ ca-bundle.crt - the test server CA certificate, used to
+ sign above certs
+
+keys/ - private keys for above certificates
+ client_revoked.pem
+ client_ok.pem
+ client_snakeoil.pem
+ server.pem
+
+crl/
+ ca-bundle.crl - certificate revocation list (client_revoked.crt)
+
diff --git a/debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt b/debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt
new file mode 100644
index 0000000..ca35140
--- /dev/null
+++ b/debian/perl-framework/t/conf/ssl/ca-bundle-duplicates.crt
@@ -0,0 +1,114 @@
+#some duplicates of certs found in mod_ssl-2.x.x-1.3.xx/pkg.sslcfg/ca-bundle.crt
+#to make sure mod_ssl can handle duplicates
+
+ABAecom (sub., Am. Bankers Assn.) Root CA
+=========================================
+MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw
+gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh
+a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy
+dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe
+Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN
+MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT
+D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ
+KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24
+4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp
+mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb
+QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5
+0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v
+xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O
+BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP
+Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5
+m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS
+YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN
+u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD
+Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr
+wo3CbezcE9NGxXl8
+-----END CERTIFICATE-----
+Certificate Ingredients:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com
+ Validity
+ Not Before: Jul 14 16:14:18 1999 GMT
+ Not After : Jul 11 16:14:18 2009 GMT
+ Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c:
+ 8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97:
+ 61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3:
+ ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c:
+ d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2:
+ 29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5:
+ 6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25:
+ 7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e:
+ db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18:
+ a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6:
+ 1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c:
+ db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0:
+ 42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28:
+ bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8:
+ e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b:
+ 0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6:
+ ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c:
+ ee:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
+
+ X509v3 Subject Key Identifier:
+ 08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
+ Signature Algorithm: sha1WithRSAEncryption
+ 5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b:
+ 9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec:
+ d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48:
+ b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c:
+ 18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30:
+ 82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94:
+ 90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2:
+ 52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60:
+ e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97:
+ 16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22:
+ 5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af:
+ 60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed:
+ 5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3:
+ 9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3:
+ 46:c5:79:7c
+
+ANX Network CA by DST
+=====================
+MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL
+ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx
+NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy
+ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G
+CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI
+IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce
+InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04
+JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr
+MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0
+dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL
+BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw
+OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz
+ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD
+AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB
+AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK
+UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY
+gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd
+-----END CERTIFICATE-----
diff --git a/debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt b/debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt
new file mode 100644
index 0000000..85b5f36
--- /dev/null
+++ b/debian/perl-framework/t/conf/ssl/ca-bundle-sample.crt
@@ -0,0 +1,393 @@
+#pkg.sslcfg/ca-bundle.crt is ~250k, so it is not checked into cvs
+#for better test results, copy that file into this directory
+#and leave this one in place
+
+ABAecom (sub., Am. Bankers Assn.) Root CA
+=========================================
+MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw
+gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh
+a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy
+dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe
+Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN
+MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT
+D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ
+KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24
+4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp
+mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb
+QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5
+0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v
+xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O
+BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP
+Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5
+m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS
+YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN
+u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD
+Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr
+wo3CbezcE9NGxXl8
+-----END CERTIFICATE-----
+Certificate Ingredients:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com
+ Validity
+ Not Before: Jul 14 16:14:18 1999 GMT
+ Not After : Jul 11 16:14:18 2009 GMT
+ Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca@digsigtrust.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c:
+ 8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97:
+ 61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3:
+ ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c:
+ d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2:
+ 29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5:
+ 6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25:
+ 7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e:
+ db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18:
+ a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6:
+ 1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c:
+ db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0:
+ 42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28:
+ bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8:
+ e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b:
+ 0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6:
+ ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c:
+ ee:71
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
+
+ X509v3 Subject Key Identifier:
+ 08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
+ Signature Algorithm: sha1WithRSAEncryption
+ 5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b:
+ 9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec:
+ d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48:
+ b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c:
+ 18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30:
+ 82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94:
+ 90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2:
+ 52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60:
+ e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97:
+ 16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22:
+ 5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af:
+ 60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed:
+ 5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3:
+ 9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3:
+ 46:c5:79:7c
+
+ANX Network CA by DST
+=====================
+MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL
+ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx
+NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy
+ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G
+CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI
+IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce
+InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04
+JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr
+MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0
+dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL
+BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw
+OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz
+ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD
+AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB
+AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK
+UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY
+gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd
+-----END CERTIFICATE-----
+Certificate Ingredients:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 913220207 (0x366ea26f)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA
+ Validity
+ Not Before: Dec 9 15:46:48 1998 GMT
+ Not After : Dec 9 16:16:48 2018 GMT
+ Subject: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:b4:48:11:80:58:a0:d5:a5:99:0f:f6:37:2c:44:
+ b6:6e:d1:7c:f3:2a:6b:9e:11:b6:88:23:04:5c:71:
+ 25:9e:6a:12:77:11:6e:bf:68:39:65:a8:f6:b2:f6:
+ a2:18:b2:89:15:a0:67:b7:7a:8c:22:48:6b:f6:84:
+ 34:1f:b6:ca:f7:1b:72:cb:f2:5b:48:d3:87:1e:22:
+ 76:13:04:b4:ac:6c:96:7f:e7:0e:08:c9:32:51:30:
+ 2d:d5:80:e8:21:67:ba:f3:5e:08:24:2c:07:59:9d:
+ 90:1a:ee:46:c9:b5:a4:1e:96:b4:41:91:d4:7f:d2:
+ 8d:38:26:b0:6f:43:6e:09:7d
+ Exponent: 3 (0x3)
+ X509v3 extensions:
+ Netscape Cert Type:
+ SSL CA, S/MIME CA, Object Signing CA
+ X509v3 CRL Distribution Points:
+ DirName:/C=US/O=Digital Signature Trust Co./OU=DST (ANX Network) CA/CN=CRL1
+
+ X509v3 Private Key Usage Period:
+ Not Before: Dec 9 15:46:48 1998 GMT, Not After: Dec 9 15:46:48 2018 GMT
+ X509v3 Key Usage:
+ Certificate Sign, CRL Sign
+ X509v3 Authority Key Identifier:
+ keyid:8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36
+
+ X509v3 Subject Key Identifier:
+ 8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36
+ X509v3 Basic Constraints:
+ CA:TRUE
+ 1.2.840.113533.7.65.0:
+ 0
+..V4.0....
+ Signature Algorithm: sha1WithRSAEncryption
+ 49:25:c9:60:b1:0c:5f:a9:39:10:d3:c5:34:55:7d:cf:79:c3:
+ 29:eb:de:f9:c2:40:f9:e8:56:c5:f0:2f:ec:f4:d9:ec:48:51:
+ b8:63:38:5e:93:6e:18:96:85:b9:ca:50:9c:a4:b8:ea:66:26:
+ 68:93:85:6f:6f:4c:71:d0:be:7a:0b:3c:31:b9:f7:be:69:9e:
+ 10:d7:d1:40:e8:ac:16:71:ab:ae:ab:38:e1:70:b1:ca:92:16:
+ e0:5d:85:a6:18:80:06:00:9c:e1:a6:18:42:51:a7:68:68:59:
+ ef:26:94:5f:ad:31:0c:fe:29:1e:17:01:84:37:5b:e8:12:32:
+ a3:5d
+
+American Express CA
+===================
+MD5 Fingerprint: 1C:D5:8E:82:BE:70:55:8E:39:61:DF:AD:51:DB:6B:A0
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfkCAgCNMA0GCSqGSIb3DQEBBAUAMIGPMQswCQYDVQQGEwJVUzEnMCUG
+A1UEChMeQW1lcmljYW4gRXhwcmVzcyBDb21wYW55LCBJbmMuMSYwJAYDVQQLEx1B
+bWVyaWNhbiBFeHByZXNzIFRlY2hub2xvZ2llczEvMC0GA1UEAxMmQW1lcmljYW4g
+RXhwcmVzcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgwODE0MjIwMTAwWhcN
+MDYwODE0MjM1OTAwWjCBjzELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHkFtZXJpY2Fu
+IEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1lcmljYW4gRXhwcmVz
+cyBUZWNobm9sb2dpZXMxLzAtBgNVBAMTJkFtZXJpY2FuIEV4cHJlc3MgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ8kmS
+hcr9FSm1BrZE7PyIo/KGzv8UTyQckvnCI8HOQ99dNMi4FOzVKnCRSZXXVs2U8amT
+0Ggi3E19oApyKkfqJfCFAF82VGHPC/k3Wmed6R/pZD9wlWGn0DAC3iYopGYDBOkw
++48zB/lvYYeictvzaHhjZlmpybdm4RWySDYs+QIDAQABMA0GCSqGSIb3DQEBBAUA
+A4GBAGgXYrhzi0xs60qlPqvlnS7SzYoHV/PGWZd2Fxf4Uo4nk9hY2Chs9KIEeorC
+diSxArTfKPL386infiNIYYj0EWiuJl32oUtTJWrYKhQCDuCHIG6eGVxzkAsj4jGX
+Iz/VIqLTBnvaN/XXtUFEF3pFAtmFRWbWjsfwegyZYiJpW+3S
+-----END CERTIFICATE-----
+Certificate Ingredients:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 141 (0x8d)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority
+ Validity
+ Not Before: Aug 14 22:01:00 1998 GMT
+ Not After : Aug 14 23:59:00 2006 GMT
+ Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c9:f2:49:92:85:ca:fd:15:29:b5:06:b6:44:ec:
+ fc:88:a3:f2:86:ce:ff:14:4f:24:1c:92:f9:c2:23:
+ c1:ce:43:df:5d:34:c8:b8:14:ec:d5:2a:70:91:49:
+ 95:d7:56:cd:94:f1:a9:93:d0:68:22:dc:4d:7d:a0:
+ 0a:72:2a:47:ea:25:f0:85:00:5f:36:54:61:cf:0b:
+ f9:37:5a:67:9d:e9:1f:e9:64:3f:70:95:61:a7:d0:
+ 30:02:de:26:28:a4:66:03:04:e9:30:fb:8f:33:07:
+ f9:6f:61:87:a2:72:db:f3:68:78:63:66:59:a9:c9:
+ b7:66:e1:15:b2:48:36:2c:f9
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: md5WithRSAEncryption
+ 68:17:62:b8:73:8b:4c:6c:eb:4a:a5:3e:ab:e5:9d:2e:d2:cd:
+ 8a:07:57:f3:c6:59:97:76:17:17:f8:52:8e:27:93:d8:58:d8:
+ 28:6c:f4:a2:04:7a:8a:c2:76:24:b1:02:b4:df:28:f2:f7:f3:
+ a8:a7:7e:23:48:61:88:f4:11:68:ae:26:5d:f6:a1:4b:53:25:
+ 6a:d8:2a:14:02:0e:e0:87:20:6e:9e:19:5c:73:90:0b:23:e2:
+ 31:97:23:3f:d5:22:a2:d3:06:7b:da:37:f5:d7:b5:41:44:17:
+ 7a:45:02:d9:85:45:66:d6:8e:c7:f0:7a:0c:99:62:22:69:5b:
+ ed:d2
+
+American Express Global CA
+==========================
+MD5 Fingerprint: 63:1B:66:93:8C:F3:66:CB:3C:79:57:DC:05:49:EA:DB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEBDCCAuygAwIBAgICAIUwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAlVT
+MScwJQYDVQQKEx5BbWVyaWNhbiBFeHByZXNzIENvbXBhbnksIEluYy4xJjAkBgNV
+BAsTHUFtZXJpY2FuIEV4cHJlc3MgVGVjaG5vbG9naWVzMTYwNAYDVQQDEy1BbWVy
+aWNhbiBFeHByZXNzIEdsb2JhbCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgw
+ODE0MTkwNjAwWhcNMTMwODE0MjM1OTAwWjCBljELMAkGA1UEBhMCVVMxJzAlBgNV
+BAoTHkFtZXJpY2FuIEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1l
+cmljYW4gRXhwcmVzcyBUZWNobm9sb2dpZXMxNjA0BgNVBAMTLUFtZXJpY2FuIEV4
+cHJlc3MgR2xvYmFsIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAPAkJmYu++tKc3FTiUfLJjxTkpRMysKFtQ34w1e9
+Lyofahi3V68MABb6oLaQpvcaoS5mJsdoo4qTaWa1RlYtHYLqkAwKIsKJUI0F89Sr
+c0HwzxKsKLRvFJSWWUuekHWG3+JH6+HpT0N+h8onGGaetcFAZX38YW+tm3LPqV7Y
+8/nabpEQ+ky16n4g3qk5L/WI5IpvNcYgnCuGRjMK/DFVpWusFkDpzTVZbzIEw3u1
+D3t3cPNIuypSgs6vKW3xEW9t5gcAAe+a8yYNpnkTZ6/4qxx1rJG1a75AsN6cDLFp
+hRlxkRNFyt/R/eayypaDedvFuKpbepALeFY+xteflEgR9a0CAwEAAaNaMFgwEgYD
+VR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgoq
+hkiG+Q8KAQUBMBkGA1UdDgQSBBBXRzV7NicRqAj8L0Yl6yRpMA0GCSqGSIb3DQEB
+BQUAA4IBAQDHYUWoinG5vjTpIXshzVYTmNUwY+kYqkuSFb8LHbvskmnFLsNhi+gw
+RcsQRsFzOFyLGdIr80DrfHKzLh4n43WVihybLsSVBYZy0FX0oZJSeVzb9Pjc5dcS
+sUDHPIbkMWVKyjfG3nZXGWlMRmn8Kq0WN3qTrPchSy3766lQy8HRQAjaA2mHpzde
+VcHF7cTjjgwml5tcV0ty4/IDBdACOyYDQJCevgtbSQx48dVMVSng9v1MA6lUAjLR
+V1qFrEPtWzsWX6C/NdtLnnvo/+cNPDuom0lBRvVzTv+SZSGDE1Vx60k8f4gawhIo
+JaFGS0E3l3/sjvHUoZbCILZerakcHhGg
+-----END CERTIFICATE-----
+Certificate Ingredients:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 133 (0x85)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority
+ Validity
+ Not Before: Aug 14 19:06:00 1998 GMT
+ Not After : Aug 14 23:59:00 2013 GMT
+ Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:f0:24:26:66:2e:fb:eb:4a:73:71:53:89:47:cb:
+ 26:3c:53:92:94:4c:ca:c2:85:b5:0d:f8:c3:57:bd:
+ 2f:2a:1f:6a:18:b7:57:af:0c:00:16:fa:a0:b6:90:
+ a6:f7:1a:a1:2e:66:26:c7:68:a3:8a:93:69:66:b5:
+ 46:56:2d:1d:82:ea:90:0c:0a:22:c2:89:50:8d:05:
+ f3:d4:ab:73:41:f0:cf:12:ac:28:b4:6f:14:94:96:
+ 59:4b:9e:90:75:86:df:e2:47:eb:e1:e9:4f:43:7e:
+ 87:ca:27:18:66:9e:b5:c1:40:65:7d:fc:61:6f:ad:
+ 9b:72:cf:a9:5e:d8:f3:f9:da:6e:91:10:fa:4c:b5:
+ ea:7e:20:de:a9:39:2f:f5:88:e4:8a:6f:35:c6:20:
+ 9c:2b:86:46:33:0a:fc:31:55:a5:6b:ac:16:40:e9:
+ cd:35:59:6f:32:04:c3:7b:b5:0f:7b:77:70:f3:48:
+ bb:2a:52:82:ce:af:29:6d:f1:11:6f:6d:e6:07:00:
+ 01:ef:9a:f3:26:0d:a6:79:13:67:af:f8:ab:1c:75:
+ ac:91:b5:6b:be:40:b0:de:9c:0c:b1:69:85:19:71:
+ 91:13:45:ca:df:d1:fd:e6:b2:ca:96:83:79:db:c5:
+ b8:aa:5b:7a:90:0b:78:56:3e:c6:d7:9f:94:48:11:
+ f5:ad
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:5
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Certificate Policies:
+ Policy: 1.2.840.113807.10.1.5.1
+
+ X509v3 Subject Key Identifier:
+ 57:47:35:7B:36:27:11:A8:08:FC:2F:46:25:EB:24:69
+ Signature Algorithm: sha1WithRSAEncryption
+ c7:61:45:a8:8a:71:b9:be:34:e9:21:7b:21:cd:56:13:98:d5:
+ 30:63:e9:18:aa:4b:92:15:bf:0b:1d:bb:ec:92:69:c5:2e:c3:
+ 61:8b:e8:30:45:cb:10:46:c1:73:38:5c:8b:19:d2:2b:f3:40:
+ eb:7c:72:b3:2e:1e:27:e3:75:95:8a:1c:9b:2e:c4:95:05:86:
+ 72:d0:55:f4:a1:92:52:79:5c:db:f4:f8:dc:e5:d7:12:b1:40:
+ c7:3c:86:e4:31:65:4a:ca:37:c6:de:76:57:19:69:4c:46:69:
+ fc:2a:ad:16:37:7a:93:ac:f7:21:4b:2d:fb:eb:a9:50:cb:c1:
+ d1:40:08:da:03:69:87:a7:37:5e:55:c1:c5:ed:c4:e3:8e:0c:
+ 26:97:9b:5c:57:4b:72:e3:f2:03:05:d0:02:3b:26:03:40:90:
+ 9e:be:0b:5b:49:0c:78:f1:d5:4c:55:29:e0:f6:fd:4c:03:a9:
+ 54:02:32:d1:57:5a:85:ac:43:ed:5b:3b:16:5f:a0:bf:35:db:
+ 4b:9e:7b:e8:ff:e7:0d:3c:3b:a8:9b:49:41:46:f5:73:4e:ff:
+ 92:65:21:83:13:55:71:eb:49:3c:7f:88:1a:c2:12:28:25:a1:
+ 46:4b:41:37:97:7f:ec:8e:f1:d4:a1:96:c2:20:b6:5e:ad:a9:
+ 1c:1e:11:a0
+
+BelSign Object Publishing CA
+============================
+MD5 Fingerprint: 8A:02:F8:DF:B8:E1:84:9F:5A:C2:60:24:65:D1:73:FB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAmygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBuzELMAkGA1UEBhMCQkUx
+ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQL
+Ey9CZWxTaWduIE9iamVjdCBQdWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0
+eTElMCMGA1UEAxMcQmVsU2lnbiBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqG
+SIb3DQEJARYUd2VibWFzdGVyQGJlbHNpZ24uYmUwHhcNOTcwOTE5MjIwMzAwWhcN
+MDcwOTE5MjIwMzAwWjCBuzELMAkGA1UEBhMCQkUxETAPBgNVBAcTCEJydXNzZWxz
+MRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQLEy9CZWxTaWduIE9iamVjdCBQ
+dWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGA1UEAxMcQmVsU2ln
+biBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVy
+QGJlbHNpZ24uYmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQuH7a/7oJA
+3fm3LkHVngWxWtAmfGJVA5v8y2HeS+/+6Jn+h7mIz5DaDwk8dt8Xl7bLPyVF/bS8
+WAC+sFq2FIeP7mdkrR2Ig7tnn2VhAFgIgFCfgMkx9iqQHC33SmwQ9iNDXTgJYIhX
+As0WbBj8zfuSKnfQnpOjXYhk0Mj4XVRRAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE
+AwIABzANBgkqhkiG9w0BAQQFAAOBgQBjdhd8lvBTpV0BHFPOKcJ+daxMDaIIc7Rq
+Mf0CBhSZ3FQEpL/IloafMUMyJVf2hfYluze+oXkjyVcGJXFrRU/49AJAFoIir1Tq
+Mij2De6ZuksIUQ9uhiMhTC0liIHELg7xEyw4ipUCJMM6lWPkk45IuwhHcl+u5jpa
+R9Zxxp6aUg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be
+ Validity
+ Not Before: Sep 19 22:03:00 1997 GMT
+ Not After : Sep 19 22:03:00 2007 GMT
+ Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster@belsign.be
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c4:2e:1f:b6:bf:ee:82:40:dd:f9:b7:2e:41:d5:
+ 9e:05:b1:5a:d0:26:7c:62:55:03:9b:fc:cb:61:de:
+ 4b:ef:fe:e8:99:fe:87:b9:88:cf:90:da:0f:09:3c:
+ 76:df:17:97:b6:cb:3f:25:45:fd:b4:bc:58:00:be:
+ b0:5a:b6:14:87:8f:ee:67:64:ad:1d:88:83:bb:67:
+ 9f:65:61:00:58:08:80:50:9f:80:c9:31:f6:2a:90:
+ 1c:2d:f7:4a:6c:10:f6:23:43:5d:38:09:60:88:57:
+ 02:cd:16:6c:18:fc:cd:fb:92:2a:77:d0:9e:93:a3:
+ 5d:88:64:d0:c8:f8:5d:54:51
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ Netscape Cert Type:
+ SSL CA, S/MIME CA, Object Signing CA
+ Signature Algorithm: md5WithRSAEncryption
+ 63:76:17:7c:96:f0:53:a5:5d:01:1c:53:ce:29:c2:7e:75:ac:
+ 4c:0d:a2:08:73:b4:6a:31:fd:02:06:14:99:dc:54:04:a4:bf:
+ c8:96:86:9f:31:43:32:25:57:f6:85:f6:25:bb:37:be:a1:79:
+ 23:c9:57:06:25:71:6b:45:4f:f8:f4:02:40:16:82:22:af:54:
+ ea:32:28:f6:0d:ee:99:ba:4b:08:51:0f:6e:86:23:21:4c:2d:
+ 25:88:81:c4:2e:0e:f1:13:2c:38:8a:95:02:24:c3:3a:95:63:
+ e4:93:8e:48:bb:08:47:72:5f:ae:e6:3a:5a:47:d6:71:c6:9e:
+ 9a:52
+
+BelSign Secure Server CA
+========================
+MD5 Fingerprint: 3D:5E:82:C6:D9:AD:D9:8B:93:6B:0C:10:B9:49:0A:B1
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAlygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBszELMAkGA1UEBhMCQkUx
+ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTQwMgYDVQQL
+EytCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEw
+HwYDVQQDExhCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ0ExIzAhBgkqhkiG9w0BCQEW
+FHdlYm1hc3RlckBiZWxzaWduLmJlMB4XDTk3MDcxNjIyMDA1NFoXDTA3MDcxNjIy
+MDA1NFowgbMxCzAJBgNVBAYTAkJFMREwDwYDVQQHEwhCcnVzc2VsczETMBEGA1UE
+ChMKQmVsU2lnbiBOVjE0MDIGA1UECxMrQmVsU2lnbiBTZWN1cmUgU2VydmVyIENl
+cnRpZmljYXRlIEF1dGhvcml0eTEhMB8GA1UEAxMYQmVsU2lnbiBTZWN1cmUgU2Vy
+dmVyIENBMSMwIQYJKoZIhvcNAQkBFhR3ZWJtYXN0ZXJAYmVsc2lnbi5iZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gESeJL4BEJ/yccig/x8R3AwK0kLPjZA
+kCjaIXODU/LE0RZAwFP/rqbGJLMnbaWzPTl3XagG9ubpvGMRTgZlcAqdk/miQIt/
+SoQOjRax1swIZBIM4ChLyKWEkBf7EUYu1qeFGMsYrmOasFgG9ADP+MQJGjUMofnu
+Sv1t3v4mpTsCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgCgMA0GCSqGSIb3DQEB
+BAUAA4GBAGw9mcMF4h3K5S2qaIWLQDEgZhNo5lg6idCNdbLFYth9go/32TKBd/Y1
+W4UpzmeyubwrGXjP84f9RvGVdbIJVwMwwXrNckdxgMp9ncllPEcRIn36BwsoeKGT
+6AVFSOIyMko96FMcELfHc4wHUOH5yStTQfWDjeUJOUqOA2KqQGOL
+-----END CERTIFICATE-----
diff --git a/debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL b/debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL
new file mode 100644
index 0000000..36eba94
--- /dev/null
+++ b/debian/perl-framework/t/conf/ssl/httpd-passphrase.pl.PL
@@ -0,0 +1,2 @@
+#for testing SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl
+print "httpd\n";
diff --git a/debian/perl-framework/t/conf/ssl/proxyssl.conf.in b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in
new file mode 100644
index 0000000..3c86c13
--- /dev/null
+++ b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in
@@ -0,0 +1,124 @@
+<IfModule @ssl_module@>
+
+<IfModule mod_proxy.c>
+
+ #here we can test http <-> https
+ <VirtualHost proxy_http_https>
+ #these are not on by default in the 1.x based mod_ssl
+ <IfDefine APACHE2>
+ SSLProxyEngine On
+
+ SSLProxyProtocol All
+ SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+ SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
+ #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy
+
+ SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
+ SSLProxyCACertificatePath @ServerRoot@/conf/ssl
+ SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
+ <IfVersion >= 2.3.15>
+ SSLProxyCARevocationCheck chain
+ </IfVersion>
+ SSLProxyVerify on
+ SSLProxyVerifyDepth 10
+ </IfDefine>
+
+
+ ProxyPass / https://@proxyssl_url@/
+ ProxyPassReverse / https://@proxyssl_url@/
+ </VirtualHost>
+
+
+ #here we can test https <-> https
+ <VirtualHost proxy_https_https>
+ SSLEngine on
+
+ #these are not on by default in the 1.x based mod_ssl
+ <IfDefine APACHE2>
+ SSLProxyEngine On
+ # ensure that client_ok.pem is picked first:
+ SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
+ SSLProxyMachineCertificatePath @SSLCA@/asf/proxy
+ SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
+ SSLProxyVerify on
+ SSLProxyCARevocationPath @SSLCA@/asf/crl
+ <IfVersion >= 2.3.15>
+ SSLProxyCARevocationCheck chain
+ </IfVersion>
+ </IfDefine>
+
+
+ ProxyPass / https://@proxyssl_url@/
+ ProxyPassReverse / https://@proxyssl_url@/
+ </VirtualHost>
+
+ #here we can test http <-> https using SSLProxyMachine* inside <Proxy>
+ <VirtualHost proxy_http_https_proxy_section>
+ #these are not on by default in the 1.x based mod_ssl
+ <IfDefine APACHE2>
+ SSLProxyEngine On
+
+ SSLProxyProtocol All
+ SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+ SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
+ SSLProxyCACertificatePath @ServerRoot@/conf/ssl
+ SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
+ <IfVersion >= 2.3.15>
+ SSLProxyCARevocationCheck chain
+ </IfVersion>
+ SSLProxyVerify on
+ SSLProxyVerifyDepth 10
+ </IfDefine>
+
+
+ ProxyPass / https://@proxyssl_url@/
+ ProxyPassReverse / https://@proxyssl_url@/
+ <IfDefine APACHE2>
+ <Proxy https://@proxyssl_url@>
+ SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
+ #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy
+ </Proxy>
+ </IfDefine>
+ </VirtualHost>
+
+
+ #here we can test https <-> https using SSLProxyMachine* inside <Proxy>
+ <VirtualHost proxy_https_https_proxy_section>
+ SSLEngine on
+
+ #these are not on by default in the 1.x based mod_ssl
+ <IfDefine APACHE2>
+ SSLProxyEngine On
+ SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
+ SSLProxyVerify on
+ SSLProxyCARevocationPath @SSLCA@/asf/crl
+ <IfVersion >= 2.3.15>
+ SSLProxyCARevocationCheck chain
+ </IfVersion>
+ </IfDefine>
+
+
+ ProxyPass / https://@proxyssl_url@/
+ ProxyPassReverse / https://@proxyssl_url@/
+ <IfDefine APACHE2>
+ <Proxy https://@proxyssl_url@>
+ # ensure that client_ok.pem is picked first:
+ SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
+ SSLProxyMachineCertificatePath @SSLCA@/asf/proxy
+ </Proxy>
+ </IfDefine>
+ </VirtualHost>
+
+ #here we can test https <-> http
+ <VirtualHost proxy_https_http>
+ SSLEngine on
+
+ ProxyPass / http://@servername@:@port@/
+ ProxyPassReverse / http://@servername@:@port@/
+ </VirtualHost>
+
+</IfModule>
+
+</IfModule>
diff --git a/debian/perl-framework/t/conf/ssl/ssl.conf.in b/debian/perl-framework/t/conf/ssl/ssl.conf.in
new file mode 100644
index 0000000..6fadf33
--- /dev/null
+++ b/debian/perl-framework/t/conf/ssl/ssl.conf.in
@@ -0,0 +1,289 @@
+#test config derived from httpd-2.0/docs/conf/ssl-std.conf -*- text -*-
+
+<IfModule @ssl_module@>
+ #base config that can be used by any SSL enabled VirtualHosts
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl .crl
+
+ <IfDefine TEST_SSL_SESSCACHE>
+ SSLSessionCache ${SSL_SESSCACHE}
+ </IfDefine>
+ <IfDefine !TEST_SSL_SESSCACHE>
+ SSLSessionCache none
+ </IfDefine>
+
+ <IfVersion < 2.3.4>
+ #SSLMutex file:@ServerRoot@/logs/ssl_mutex
+ </IfVersion>
+ <IfVersion >= 2.3.4>
+ # mutex created automatically
+ # config needed only if file-based mutexes are used and
+ # default lock file dir is inappropriate
+ # Mutex file:/path/to/lockdir ssl-cache
+ </IfVersion>
+
+ SSLRandomSeed startup builtin
+ SSLRandomSeed connect builtin
+ #SSLRandomSeed startup file:/dev/random 512
+ #SSLRandomSeed startup file:/dev/urandom 512
+ #SSLRandomSeed connect file:/dev/random 512
+ #SSLRandomSeed connect file:/dev/urandom 512
+
+ SSLProtocol @sslproto@
+
+ <IfModule mod_log_config.c>
+ LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b" ssl
+ CustomLog logs/ssl_request_log ssl
+ </IfModule>
+
+ SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+ <IfDefine TEST_SSL_PASSPHRASE_EXEC>
+ SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl
+ </IfDefine>
+ #else the default is builtin
+ <IfDefine !TEST_SSL_PASSPHRASE_EXEC>
+ SSLPassPhraseDialog builtin
+ </IfDefine>
+
+ <IfDefine TEST_SSL_DES3_KEY>
+ SSLCertificateFile @SSLCA@/asf/certs/server_des3.crt
+
+ SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3.pem
+
+# SSLCertificateFile @SSLCA@/asf/certs/server_des3_dsa.crt
+
+# SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3_dsa.pem
+ </IfDefine>
+ #else the default is an unencrypted key
+ <IfDefine !TEST_SSL_DES3_KEY>
+ SSLCertificateFile @SSLCA@/asf/certs/server.crt
+
+ SSLCertificateKeyFile @SSLCA@/asf/keys/server.pem
+
+# SSLCertificateFile @SSLCA@/asf/certs/server_dsa.crt
+
+# SSLCertificateKeyFile @SSLCA@/asf/keys/server_dsa.pem
+ </IfDefine>
+
+ #SSLCertificateChainFile @SSLCA@/asf/certs/cachain.crt
+
+ SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
+
+ SSLCACertificatePath @ServerRoot@/conf/ssl
+
+ SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
+ <IfVersion >= 2.3.15>
+ SSLCARevocationCheck chain
+ </IfVersion>
+
+ <VirtualHost @ssl_module_name@>
+ SSLEngine on
+
+ #t/ssl/verify.t
+ Alias /verify @DocumentRoot@
+
+ <Location /verify>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ </Location>
+
+ # t/ssl/pha.t
+ <Location /require/small>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+
+ SSLRenegBufferSize 10
+ </Location>
+ Alias /require/small @DocumentRoot@/modules/cgi
+
+ #t/ssl/require.t
+ Alias /require/asf @DocumentRoot@
+ Alias /require/snakeoil @DocumentRoot@
+ Alias /require/certext @DocumentRoot@
+ Alias /require/strcmp @DocumentRoot@
+ Alias /require/intcmp @DocumentRoot@
+ Alias /ssl-fakebasicauth @DocumentRoot@
+ Alias /ssl-fakebasicauth2 @DocumentRoot@
+ Alias /ssl-cgi @DocumentRoot@/modules/cgi
+ Alias /require-ssl-cgi @DocumentRoot@/modules/cgi
+
+ Alias /require-aes128-cgi @DocumentRoot@/modules/cgi
+ Alias /require-aes256-cgi @DocumentRoot@/modules/cgi
+
+ <Location /require/asf>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+ and %{SSL_CLIENT_S_DN_O} eq "ASF" \
+ and %{SSL_CLIENT_S_DN_OU} in \
+ {"httpd-test", "httpd", "modperl"} )
+ </Location>
+
+ <Location /require/snakeoil>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+ and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+ and %{SSL_CLIENT_S_DN_OU} in \
+ {"Staff", "CA", "Dev"} )
+ </Location>
+
+ <Location /require/certext>
+ SSLVerifyClient require
+ <IfVersion > 2.3.0>
+ SSLRequire "Lemons" in PeerExtList("1.3.6.1.4.1.18060.12.0")
+ </IfVersion>
+ <IfVersion < 2.3.0>
+ <IfVersion > 2.1.6>
+ SSLRequire "Lemons" in OID("1.3.6.1.4.1.18060.12.0")
+ </IfVersion>
+ </IfVersion>
+ </Location>
+
+ <Location /require/strcmp>
+ SSLRequire "a" < "b"
+ SSLRequire "a" lt "b"
+ </Location>
+
+ <Location /require/intcmp>
+ SSLRequire 2 < 10
+ SSLRequire 2 lt 10
+ </Location>
+
+ <Location /ssl-cgi>
+ SSLOptions +StdEnvVars
+ </Location>
+
+ <Location /require-ssl-cgi>
+ SSLOptions +StdEnvVars
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ </Location>
+
+ <Location /require-aes128-cgi>
+ SSLCipherSuite AES128-SHA
+ </Location>
+
+ <Location /require-aes256-cgi>
+ SSLCipherSuite AES256-SHA
+ </Location>
+
+ <IfModule @AUTH_MODULE@>
+ <Location /ssl-fakebasicauth>
+ SSLVerifyClient require
+ SSLVerifyDepth 5
+ SSLOptions +FakeBasicAuth
+ AuthName "Snake Oil Authentication"
+ AuthType Basic
+ AuthUserFile @SSLCA@/asf/ssl.htpasswd
+ require valid-user
+ </Location>
+ </IfModule>
+
+ # specific to 2.1
+ <IfModule mod_authn_anon.c>
+ <IfModule mod_auth_basic.c>
+ <Location /ssl-fakebasicauth2>
+ SSLVerifyClient require
+ SSLOptions +FakeBasicAuth +StdEnvVars
+ AuthName "Snake Oil Authentication"
+ AuthType Basic
+ AuthBasicProvider anon
+ Anonymous dummy "*"
+ require valid-user
+ </Location>
+ </IfModule>
+ </IfModule>
+
+ ##
+ ## mod_h2 test config
+ ##
+ <IfModule h2_module>
+ LogLevel h2:debug
+ </IfModule>
+
+ <IfModule @CGI_MODULE@>
+ <Directory @SERVERROOT@/htdocs/modules/h2>
+ Options +ExecCGI
+ AddHandler cgi-script .pl
+
+ </Directory>
+ </IfModule>
+ <Location /modules/h2/hello.pl>
+ SSLOptions +StdEnvVars
+ </Location>
+ <IfModule mod_rewrite.c>
+ RewriteEngine on
+ RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
+ </IfModule>
+
+ </VirtualHost>
+
+ # An SSL vhost which does optional ccert checks at vhost level, to
+ # check for CVE CAN-2005-2700.
+
+ <VirtualHost ssl_optional_cc>
+ SSLEngine on
+
+ SSLVerifyClient optional
+
+ Alias /require/any @DocumentRoot@
+ Alias /require/none @DocumentRoot@
+
+ <Location /require/any>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ </Location>
+ </VirtualHost>
+
+ # An SSL vhost which can be used to trigger PR 33791
+
+ <VirtualHost ssl_pr33791>
+ SSLEngine On
+
+ ErrorDocument 400 /index.html
+
+ <Location />
+ SSLVerifyClient require
+ </Location>
+ </VirtualHost>
+
+ # For t/ssl/ocsp.t --
+ <Location /modules/ssl/ocsp>
+ SetEnv SSL_CA_ROOT @sslca@/asf
+ </Location>
+ Alias /modules/ssl/ocsp @DocumentRoot@/modules/cgi/ocsp.pl
+
+ <VirtualHost ssl_ocsp>
+ SSLEngine on
+
+ # SSLOCSPResponderCertificateFile is available from 2.4.26
+ <IfVersion >= 2.4.26>
+ SSLVerifyClient on
+
+ SSLOCSPEnable on
+ SSLOCSPDefaultResponder http://@SERVERNAME@:@PORT@/modules/ssl/ocsp
+ SSLOCSPResponderCertificateFile @SSLCA@/asf/certs/server.crt
+
+ # Ignore CRL check results
+ SSLCARevocationCheck none
+ </IfVersion>
+ </VirtualHost>
+
+ # For t/ssl/pr43738.t:
+ <IfModule mod_actions.c>
+ Action application/x-pf-action /modules/cgi/action.pl
+
+ AddType application/x-pf-action .pfa
+ </IfModule>
+
+ <Location /modules/ssl/aes128/>
+ SSLCipherSuite AES128-SHA
+ </Location>
+
+ <Location /modules/ssl/aes256/>
+ SSLCipherSuite AES256-SHA
+ </Location>
+
+</IfModule>
diff --git a/debian/perl-framework/t/conf/vhost_alias.conf.in b/debian/perl-framework/t/conf/vhost_alias.conf.in
new file mode 100644
index 0000000..1173886
--- /dev/null
+++ b/debian/perl-framework/t/conf/vhost_alias.conf.in
@@ -0,0 +1,9 @@
+<IfModule mod_vhost_alias.c>
+
+ <VirtualHost _default_:mod_vhost_alias>
+ UseCanonicalName Off
+ VirtualDocumentRoot @SERVERROOT@/htdocs/modules/vhost_alias/%2/%1.4/%-2/%2+
+ VirtualScriptAlias @SERVERROOT@/htdocs/modules/vhost_alias/%0
+ </VirtualHost>
+
+</IfModule>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 00:07:08 +0000