summaryrefslogtreecommitdiffstats
path: root/debian/perl-framework/t/conf/ssl/ssl.conf.in
diff options
context:
space:
mode:
Diffstat (limited to 'debian/perl-framework/t/conf/ssl/ssl.conf.in')
-rw-r--r--debian/perl-framework/t/conf/ssl/ssl.conf.in289
1 files changed, 289 insertions, 0 deletions
diff --git a/debian/perl-framework/t/conf/ssl/ssl.conf.in b/debian/perl-framework/t/conf/ssl/ssl.conf.in
new file mode 100644
index 0000000..6fadf33
--- /dev/null
+++ b/debian/perl-framework/t/conf/ssl/ssl.conf.in
@@ -0,0 +1,289 @@
+#test config derived from httpd-2.0/docs/conf/ssl-std.conf -*- text -*-
+
+<IfModule @ssl_module@>
+ #base config that can be used by any SSL enabled VirtualHosts
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl .crl
+
+ <IfDefine TEST_SSL_SESSCACHE>
+ SSLSessionCache ${SSL_SESSCACHE}
+ </IfDefine>
+ <IfDefine !TEST_SSL_SESSCACHE>
+ SSLSessionCache none
+ </IfDefine>
+
+ <IfVersion < 2.3.4>
+ #SSLMutex file:@ServerRoot@/logs/ssl_mutex
+ </IfVersion>
+ <IfVersion >= 2.3.4>
+ # mutex created automatically
+ # config needed only if file-based mutexes are used and
+ # default lock file dir is inappropriate
+ # Mutex file:/path/to/lockdir ssl-cache
+ </IfVersion>
+
+ SSLRandomSeed startup builtin
+ SSLRandomSeed connect builtin
+ #SSLRandomSeed startup file:/dev/random 512
+ #SSLRandomSeed startup file:/dev/urandom 512
+ #SSLRandomSeed connect file:/dev/random 512
+ #SSLRandomSeed connect file:/dev/urandom 512
+
+ SSLProtocol @sslproto@
+
+ <IfModule mod_log_config.c>
+ LogFormat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b" ssl
+ CustomLog logs/ssl_request_log ssl
+ </IfModule>
+
+ SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+ <IfDefine TEST_SSL_PASSPHRASE_EXEC>
+ SSLPassPhraseDialog exec:@ServerRoot@/conf/ssl/httpd-passphrase.pl
+ </IfDefine>
+ #else the default is builtin
+ <IfDefine !TEST_SSL_PASSPHRASE_EXEC>
+ SSLPassPhraseDialog builtin
+ </IfDefine>
+
+ <IfDefine TEST_SSL_DES3_KEY>
+ SSLCertificateFile @SSLCA@/asf/certs/server_des3.crt
+
+ SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3.pem
+
+# SSLCertificateFile @SSLCA@/asf/certs/server_des3_dsa.crt
+
+# SSLCertificateKeyFile @SSLCA@/asf/keys/server_des3_dsa.pem
+ </IfDefine>
+ #else the default is an unencrypted key
+ <IfDefine !TEST_SSL_DES3_KEY>
+ SSLCertificateFile @SSLCA@/asf/certs/server.crt
+
+ SSLCertificateKeyFile @SSLCA@/asf/keys/server.pem
+
+# SSLCertificateFile @SSLCA@/asf/certs/server_dsa.crt
+
+# SSLCertificateKeyFile @SSLCA@/asf/keys/server_dsa.pem
+ </IfDefine>
+
+ #SSLCertificateChainFile @SSLCA@/asf/certs/cachain.crt
+
+ SSLCACertificateFile @SSLCA@/asf/certs/ca.crt
+
+ SSLCACertificatePath @ServerRoot@/conf/ssl
+
+ SSLCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
+ <IfVersion >= 2.3.15>
+ SSLCARevocationCheck chain
+ </IfVersion>
+
+ <VirtualHost @ssl_module_name@>
+ SSLEngine on
+
+ #t/ssl/verify.t
+ Alias /verify @DocumentRoot@
+
+ <Location /verify>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ </Location>
+
+ # t/ssl/pha.t
+ <Location /require/small>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+
+ SSLRenegBufferSize 10
+ </Location>
+ Alias /require/small @DocumentRoot@/modules/cgi
+
+ #t/ssl/require.t
+ Alias /require/asf @DocumentRoot@
+ Alias /require/snakeoil @DocumentRoot@
+ Alias /require/certext @DocumentRoot@
+ Alias /require/strcmp @DocumentRoot@
+ Alias /require/intcmp @DocumentRoot@
+ Alias /ssl-fakebasicauth @DocumentRoot@
+ Alias /ssl-fakebasicauth2 @DocumentRoot@
+ Alias /ssl-cgi @DocumentRoot@/modules/cgi
+ Alias /require-ssl-cgi @DocumentRoot@/modules/cgi
+
+ Alias /require-aes128-cgi @DocumentRoot@/modules/cgi
+ Alias /require-aes256-cgi @DocumentRoot@/modules/cgi
+
+ <Location /require/asf>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+ and %{SSL_CLIENT_S_DN_O} eq "ASF" \
+ and %{SSL_CLIENT_S_DN_OU} in \
+ {"httpd-test", "httpd", "modperl"} )
+ </Location>
+
+ <Location /require/snakeoil>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+ and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+ and %{SSL_CLIENT_S_DN_OU} in \
+ {"Staff", "CA", "Dev"} )
+ </Location>
+
+ <Location /require/certext>
+ SSLVerifyClient require
+ <IfVersion > 2.3.0>
+ SSLRequire "Lemons" in PeerExtList("1.3.6.1.4.1.18060.12.0")
+ </IfVersion>
+ <IfVersion < 2.3.0>
+ <IfVersion > 2.1.6>
+ SSLRequire "Lemons" in OID("1.3.6.1.4.1.18060.12.0")
+ </IfVersion>
+ </IfVersion>
+ </Location>
+
+ <Location /require/strcmp>
+ SSLRequire "a" < "b"
+ SSLRequire "a" lt "b"
+ </Location>
+
+ <Location /require/intcmp>
+ SSLRequire 2 < 10
+ SSLRequire 2 lt 10
+ </Location>
+
+ <Location /ssl-cgi>
+ SSLOptions +StdEnvVars
+ </Location>
+
+ <Location /require-ssl-cgi>
+ SSLOptions +StdEnvVars
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ </Location>
+
+ <Location /require-aes128-cgi>
+ SSLCipherSuite AES128-SHA
+ </Location>
+
+ <Location /require-aes256-cgi>
+ SSLCipherSuite AES256-SHA
+ </Location>
+
+ <IfModule @AUTH_MODULE@>
+ <Location /ssl-fakebasicauth>
+ SSLVerifyClient require
+ SSLVerifyDepth 5
+ SSLOptions +FakeBasicAuth
+ AuthName "Snake Oil Authentication"
+ AuthType Basic
+ AuthUserFile @SSLCA@/asf/ssl.htpasswd
+ require valid-user
+ </Location>
+ </IfModule>
+
+ # specific to 2.1
+ <IfModule mod_authn_anon.c>
+ <IfModule mod_auth_basic.c>
+ <Location /ssl-fakebasicauth2>
+ SSLVerifyClient require
+ SSLOptions +FakeBasicAuth +StdEnvVars
+ AuthName "Snake Oil Authentication"
+ AuthType Basic
+ AuthBasicProvider anon
+ Anonymous dummy "*"
+ require valid-user
+ </Location>
+ </IfModule>
+ </IfModule>
+
+ ##
+ ## mod_h2 test config
+ ##
+ <IfModule h2_module>
+ LogLevel h2:debug
+ </IfModule>
+
+ <IfModule @CGI_MODULE@>
+ <Directory @SERVERROOT@/htdocs/modules/h2>
+ Options +ExecCGI
+ AddHandler cgi-script .pl
+
+ </Directory>
+ </IfModule>
+ <Location /modules/h2/hello.pl>
+ SSLOptions +StdEnvVars
+ </Location>
+ <IfModule mod_rewrite.c>
+ RewriteEngine on
+ RewriteRule ^/modules/h2/latest.tar.gz$ /modules/h2/xxx-1.0.2a.tar.gz [R=302,NC]
+ </IfModule>
+
+ </VirtualHost>
+
+ # An SSL vhost which does optional ccert checks at vhost level, to
+ # check for CVE CAN-2005-2700.
+
+ <VirtualHost ssl_optional_cc>
+ SSLEngine on
+
+ SSLVerifyClient optional
+
+ Alias /require/any @DocumentRoot@
+ Alias /require/none @DocumentRoot@
+
+ <Location /require/any>
+ SSLVerifyClient require
+ SSLVerifyDepth 10
+ </Location>
+ </VirtualHost>
+
+ # An SSL vhost which can be used to trigger PR 33791
+
+ <VirtualHost ssl_pr33791>
+ SSLEngine On
+
+ ErrorDocument 400 /index.html
+
+ <Location />
+ SSLVerifyClient require
+ </Location>
+ </VirtualHost>
+
+ # For t/ssl/ocsp.t --
+ <Location /modules/ssl/ocsp>
+ SetEnv SSL_CA_ROOT @sslca@/asf
+ </Location>
+ Alias /modules/ssl/ocsp @DocumentRoot@/modules/cgi/ocsp.pl
+
+ <VirtualHost ssl_ocsp>
+ SSLEngine on
+
+ # SSLOCSPResponderCertificateFile is available from 2.4.26
+ <IfVersion >= 2.4.26>
+ SSLVerifyClient on
+
+ SSLOCSPEnable on
+ SSLOCSPDefaultResponder http://@SERVERNAME@:@PORT@/modules/ssl/ocsp
+ SSLOCSPResponderCertificateFile @SSLCA@/asf/certs/server.crt
+
+ # Ignore CRL check results
+ SSLCARevocationCheck none
+ </IfVersion>
+ </VirtualHost>
+
+ # For t/ssl/pr43738.t:
+ <IfModule mod_actions.c>
+ Action application/x-pf-action /modules/cgi/action.pl
+
+ AddType application/x-pf-action .pfa
+ </IfModule>
+
+ <Location /modules/ssl/aes128/>
+ SSLCipherSuite AES128-SHA
+ </Location>
+
+ <Location /modules/ssl/aes256/>
+ SSLCipherSuite AES256-SHA
+ </Location>
+
+</IfModule>
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-05 21:18:15 +0000